From cvs at cvs.gnupg.org  Fri Apr  1 11:27:37 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Fri, 01 Apr 2016 11:27:37 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-110-ge7171f5
Message-ID: <E1alvMI-00081a-Bv@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  e7171f559590422cc52dbcb8d78d94569b31012f (commit)
       via  8be9dab2dd2f83ca922c01542c63b404e34bdfd9 (commit)
      from  e2c5781788f765815532410a77077ddbb72513e9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e7171f559590422cc52dbcb8d78d94569b31012f
Author: Justus Winter <justus at g10code.com>
Date:   Thu Mar 31 17:51:39 2016 +0200

    speedo,w32: Build libsqlite3.
    
    * build-aux/speedo.mk (speedo_spkgs): Add libsqlite3 on w32.
    (libsqlite3_ver): New variable.
    (speedo_pkg_libsqlite3_tar): Likewise.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 5dde0fe..52d6871 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -172,7 +172,7 @@ speedo_spkgs  = \
 
 ifeq ($(TARGETOS),w32)
 speedo_spkgs += \
-	zlib bzip2 adns libiconv
+	zlib bzip2 adns libiconv libsqlite3
 ifeq ($(WITH_GUI),1)
 speedo_spkgs += gettext
 endif
@@ -324,6 +324,7 @@ endif
 # Version number for external packages
 pkg_config_ver = 0.23
 libiconv_ver = 1.14
+libsqlite3_ver = 3120000
 gettext_ver = 0.18.2.1
 libffi_ver = 3.0.13
 glib_ver = 2.34.3
@@ -414,6 +415,7 @@ speedo_pkg_zlib_tar       = $(pkgrep)/zlib/zlib-$(zlib_ver).tar.gz
 speedo_pkg_bzip2_tar      = $(pkgrep)/bzip2/bzip2-$(bzip2_ver).tar.gz
 speedo_pkg_adns_tar       = $(pkg10rep)/adns/adns-$(adns_ver).tar.bz2
 speedo_pkg_libiconv_tar   = $(pkg2rep)/libiconv-$(libiconv_ver).tar.gz
+speedo_pkg_libsqlite3_tar = $(pkg2rep)/sqlite-autoconf-$(libsqlite3_ver).tar.gz
 speedo_pkg_gettext_tar    = $(pkg2rep)/gettext-$(gettext_ver).tar.gz
 speedo_pkg_libffi_tar     = $(pkg2rep)/libffi-$(libffi_ver).tar.gz
 speedo_pkg_glib_tar       = $(pkg2rep)/glib-$(glib_ver).tar.xz

commit 8be9dab2dd2f83ca922c01542c63b404e34bdfd9
Author: Justus Winter <justus at g10code.com>
Date:   Thu Mar 31 17:23:31 2016 +0200

    g10: Use gpg-error abstraction of sched_yield.
    
    * g10/tofu.c (begin_transaction): Use 'gpgrt_yield'.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index baa2ac2..5f381b0 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -28,7 +28,6 @@
 #include <sys/stat.h>
 #include <assert.h>
 #include <stdarg.h>
-#include <sched.h>
 #include <sqlite3.h>
 
 #include "gpg.h"
@@ -240,7 +239,7 @@ begin_transaction (struct db *db, int only_batch)
       batch_update_started = gnupg_get_time ();
 
       /* Yield to allow another process a chance to run.  */
-      sched_yield ();
+      gpgrt_yield ();
     }
 
   /* XXX: In split mode, this can end in deadlock.

-----------------------------------------------------------------------

Summary of changes:
 build-aux/speedo.mk | 4 +++-
 g10/tofu.c          | 3 +--
 2 files changed, 4 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr  1 13:59:10 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 01 Apr 2016 13:59:10 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-371-g862cf19
Message-ID: <E1alxiv-0004Qv-TA@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  862cf19a119427dd7ee7959a36c72d905f5ea5ca (commit)
      from  fcce0cb6e8af70b134c6ecc3f56afa07a7d31f27 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 862cf19a119427dd7ee7959a36c72d905f5ea5ca
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 1 13:42:01 2016 +0200

    mpi: Explicitly limit the allowed input length for gcry_mpi_scan.
    
    * mpi/mpicoder.c (MAX_EXTERN_SCAN_BYTES): New.
    (mpi_fromstr): Check against this limit.
    (_gcry_mpi_scan): Ditto.
    * tests/mpitests.c (test_maxsize): New.
    (main): Cal that test.
    --
    
    A too large buffer length may lead to an unsigned integer overflow on
    systems where size_t > unsigned int (ie. 64 bit systems).  The
    computation of the required number of nlimbs may also be affected by
    this.  However this is not a real world case because any processing
    which has allocated such a long buffer from an external source would
    be prone to other DoS attacks: The required buffer length to exhibit
    this overflow is at least 2^32 - 8 bytes.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 437dddb..c710765 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -4526,7 +4526,8 @@ representation of an MPI and the internal one of Libgcrypt.
 Convert the external representation of an integer stored in @var{buffer}
 with a length of @var{buflen} into a newly created MPI returned which
 will be stored at the address of @var{r_mpi}.  For certain formats the
-length argument is not required and should be passed as @code{0}.  After a
+length argument is not required and should be passed as @code{0}. A
+ at var{buflen} larger than 16 MiByte will be rejected.  After a
 successful operation the variable @var{nscanned} receives the number of
 bytes actually scanned unless @var{nscanned} was given as
 @code{NULL}. @var{format} describes the format of the MPI as stored in
@@ -4540,6 +4541,7 @@ bytes actually scanned unless @var{nscanned} was given as
 @item GCRYMPI_FMT_PGP
 As used by OpenPGP (only defined as unsigned). This is basically
 @code{GCRYMPI_FMT_STD} with a 2 byte big endian length header.
+A length header indicating a length of more than 16384 is not allowed.
 
 @item GCRYMPI_FMT_SSH
 As used in the Secure Shell protocol.  This is @code{GCRYMPI_FMT_STD}
diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c
index 896dda1..e315576 100644
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@@ -27,8 +27,21 @@
 #include "mpi-internal.h"
 #include "g10lib.h"
 
+/* The maximum length we support in the functions converting an
+ * external representation to an MPI.  This limit is used to catch
+ * programming errors and to avoid DoS due to insane long allocations.
+ * The 16 MiB limit is actually ridiculous large but some of those PQC
+ * algorithms use quite large keys and they might end up using MPIs
+ * for that.  */
+#define MAX_EXTERN_SCAN_BYTES (16*1024*1024)
+
+/* The maximum length (in bits) we support for OpenPGP MPIs.  Note
+ * that OpenPGP's MPI format uses only two bytes and thus would be
+ * limited to 64k anyway.  Note that this limit matches that used by
+ * GnuPG.  */
 #define MAX_EXTERN_MPI_BITS 16384
 
+
 /* Helper used to scan PGP style MPIs.  Returns NULL on failure. */
 static gcry_mpi_t
 mpi_read_from_buffer (const unsigned char *buffer, unsigned *ret_nread,
@@ -104,7 +117,13 @@ mpi_fromstr (gcry_mpi_t val, const char *str)
   if ( *str == '0' && str[1] == 'x' )
     str += 2;
 
-  nbits = 4 * strlen (str);
+  nbits = strlen (str);
+  if (nbits > MAX_EXTERN_SCAN_BYTES)
+    {
+      mpi_clear (val);
+      return 1;  /* Error.  */
+    }
+  nbits *= 4;
   if ((nbits % 8))
     prepend_zero = 1;
 
@@ -438,9 +457,9 @@ twocompl (unsigned char *p, unsigned int n)
 
 
 /* Convert the external representation of an integer stored in BUFFER
-   with a length of BUFLEN into a newly create MPI returned in
-   RET_MPI.  If NBYTES is not NULL, it will receive the number of
-   bytes actually scanned after a successful operation.  */
+ * with a length of BUFLEN into a newly create MPI returned in
+ * RET_MPI.  If NSCANNED is not NULL, it will receive the number of
+ * bytes actually scanned after a successful operation.  */
 gcry_err_code_t
 _gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
                 const void *buffer_arg, size_t buflen, size_t *nscanned)
@@ -450,6 +469,13 @@ _gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
   unsigned int len;
   int secure = (buffer && _gcry_is_secure (buffer));
 
+  if (buflen > MAX_EXTERN_SCAN_BYTES)
+    {
+      if (nscanned)
+        *nscanned = 0;
+      return GPG_ERR_INV_OBJ;
+    }
+
   if (format == GCRYMPI_FMT_SSH)
     len = 0;
   else
diff --git a/tests/mpitests.c b/tests/mpitests.c
index e6f8525..b663029 100644
--- a/tests/mpitests.c
+++ b/tests/mpitests.c
@@ -237,6 +237,42 @@ test_opaque (void)
 
 
 static void
+test_maxsize (void)
+{
+  gpg_error_t err;
+  gcry_mpi_t a;
+  char buffer[2+2048]; /* For PGP: 2 length bytes and 16384 bits.  */
+
+  memset (buffer, 0x55, sizeof buffer);
+
+  /* We use a short buffer but a give a too large length to simulate a
+   * programming error.  In case this test fails (i.e. die() is
+   * called) the scan function may have access data outside of BUFFER
+   * which may result in a segv but we ignore that to avoid actually
+   * allocating such a long buffer.  */
+  err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, buffer, 16*1024*1024 +1, NULL);
+  if (gpg_err_code (err) != GPG_ERR_INV_OBJ)
+    die ("gcry_mpi_scan does not detect its generic input limit\n");
+
+  /* Now test the PGP limit.  The scan code check the two length bytes
+   * from the buffer and thus it is sufficient to fake them.  */
+  buffer[0] = (16385 >> 8);
+  buffer[1] = (16385 & 0xff);
+  err = gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buffer, sizeof buffer, NULL);
+  if (gpg_err_code (err) != GPG_ERR_INV_OBJ)
+    die ("gcry_mpi_scan does not detect the PGP input limit\n");
+
+  buffer[0] = (16384 >> 8);
+  buffer[1] = (16384 & 0xff);
+
+  err = gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buffer, sizeof buffer, NULL);
+  if (err)
+    die ("gcry_mpi_scan did not parse a large PGP: %s\n", gpg_strerror (err));
+  gcry_mpi_release (a);
+}
+
+
+static void
 test_cmp (void)
 {
   gpg_error_t rc;
@@ -569,6 +605,7 @@ main (int argc, char* argv[])
 
   test_const_and_immutable ();
   test_opaque ();
+  test_maxsize ();
   test_cmp ();
   test_add ();
   test_sub ();

-----------------------------------------------------------------------

Summary of changes:
 doc/gcrypt.texi  |  4 +++-
 mpi/mpicoder.c   | 34 ++++++++++++++++++++++++++++++----
 tests/mpitests.c | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr  1 15:04:24 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Fri, 01 Apr 2016 15:04:24 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-112-g6060ea8
Message-ID: <E1alyk4-0006bH-BC@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  6060ea898fda499211c9d5030fff41d58f899fb0 (commit)
       via  b74185b6eaeaae4754726ff203e11977777f568c (commit)
      from  e7171f559590422cc52dbcb8d78d94569b31012f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6060ea898fda499211c9d5030fff41d58f899fb0
Author: Justus Winter <justus at g10code.com>
Date:   Fri Apr 1 14:53:48 2016 +0200

    build: Check for conflicting trust model options.
    
    * configure.ac: Disable TOFU if configured without trust models, and
    check for conflicting options.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/configure.ac b/configure.ac
index 003e509..0163dde 100644
--- a/configure.ac
+++ b/configure.ac
@@ -263,8 +263,11 @@ AC_MSG_CHECKING([whether to enable TOFU])
 AC_ARG_ENABLE(tofu,
                 AC_HELP_STRING([--disable-tofu],
                                [disable the TOFU trust model]),
-              use_tofu=$enableval, use_tofu=yes)
+              use_tofu=$enableval, use_tofu=$use_trust_models)
 AC_MSG_RESULT($use_tofu)
+if test "$use_trust_models" = no && test "$use_tofu" = yes; then
+    AC_MSG_ERROR([both --disable-trust-models and --enable-tofu given])
+fi
 
 
 

commit b74185b6eaeaae4754726ff203e11977777f568c
Author: Justus Winter <justus at g10code.com>
Date:   Fri Apr 1 14:51:56 2016 +0200

    g10: Remove option --always-trust if compiled without trust models.
    
    * g10/gpg.c (opts): Remove option --always-trust if compiled without
    trust models.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/g10/gpg.c b/g10/gpg.c
index 330d5a3..b9d69a7 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -681,7 +681,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
   ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
   ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
+#ifndef NO_TRUST_MODELS
   ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
+#endif
   ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
   ARGPARSE_s_s (oTOFUDefaultPolicy, "tofu-default-policy", "@"),
   ARGPARSE_s_s (oTOFUDBFormat, "tofu-db-format", "@"),

-----------------------------------------------------------------------

Summary of changes:
 configure.ac | 5 ++++-
 g10/gpg.c    | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr  1 16:43:10 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Fri, 01 Apr 2016 16:43:10 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-113-g42d4c27
Message-ID: <E1am0Hd-0001Ga-SZ@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  42d4c2762f7ae5b009b62963e6595bdec9df6859 (commit)
      from  6060ea898fda499211c9d5030fff41d58f899fb0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 42d4c2762f7ae5b009b62963e6595bdec9df6859
Author: Justus Winter <justus at g10code.com>
Date:   Fri Apr 1 16:38:24 2016 +0200

    po: Fix misleading german translation.
    
    --
    GnuPG-bug-id: 2239
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/po/de.po b/po/de.po
index 3dad2a2..a27e4a7 100644
--- a/po/de.po
+++ b/po/de.po
@@ -3381,8 +3381,7 @@ msgstr "Der folgende Schl?ssel wurde am %s von %s Schl?ssel %s widerrufen\n"
 
 #, c-format
 msgid "This key may be revoked by %s key %s"
-msgstr ""
-"Dieser Schl?ssel k?nnte durch %s mit Schl?ssel %s  widerrufen worden sein"
+msgstr "Dieser Schl?ssel kann von %s-Schl?ssel %s widerrufen werden"
 
 msgid "(sensitive)"
 msgstr "(empfindlich)"

-----------------------------------------------------------------------

Summary of changes:
 po/de.po | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr  1 17:41:24 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Fri, 01 Apr 2016 17:41:24 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 81797afe93a8130ae7c9db861696a8d6d8463bd5
Message-ID: <E1am1Bz-0002xZ-Nt@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  81797afe93a8130ae7c9db861696a8d6d8463bd5 (commit)
      from  e644e6a19bac81bbc8bfb03a204123ea2bcafd69 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 81797afe93a8130ae7c9db861696a8d6d8463bd5
Author: Justus Winter <justus at gnupg.org>
Date:   Fri Apr 1 17:37:56 2016 +0200

    card-howto: Add missing files.
    
    --
    GnuPG-bug-id: 1767
    Signed-off-by: Justus Winter <justus at gnupg.org>

diff --git a/misc/howtos.gnupg.org/card-howto/en/ch02s03.html b/misc/howtos.gnupg.org/card-howto/en/ch02s03.html
index d95cfc9..7feaf68 100644
--- a/misc/howtos.gnupg.org/card-howto/en/ch02s03.html
+++ b/misc/howtos.gnupg.org/card-howto/en/ch02s03.html
@@ -57,12 +57,12 @@
             <ul type="disc">
               <li>
                 <p>
-                  <a href="http://www.fsfe.org/en/content/download/17665/125518/file/gnupg-ccid.rules" target="_top">gnupg-ccid.rules</a>
+                  <a href="gnupg-ccid.rules" target="_top">gnupg-ccid.rules</a>
                 </p>
               </li>
               <li>
                 <p>
-                  <a href="" target="_top">gnupg-ccid</a>
+                  <a href="gnupg-ccid" target="_top">gnupg-ccid</a>
                 </p>
               </li>
             </ul>
diff --git a/misc/howtos.gnupg.org/card-howto/en/gnupg-ccid b/misc/howtos.gnupg.org/card-howto/en/gnupg-ccid
new file mode 100644
index 0000000..be06bec
--- /dev/null
+++ b/misc/howtos.gnupg.org/card-howto/en/gnupg-ccid
@@ -0,0 +1,30 @@
+#!/bin/bash
+#
+# taken from libgphoto2
+#
+# Sets up newly plugged in card reader so that only members of the
+# group can access it
+
+GROUP=scard
+
+# can access it from user space. (Replace scard with the name of the
+# group you want to have access to the card reader.)
+#
+# Note that for this script to work, you'll need all of the following:
+# a) a line in the file /etc/hotplug/gnupg-ccid.usermap that corresponds
+#    to the card reader you are using.
+# b) a group "scard" where all users allowed access to the
+#    card reader are listed
+# c) a Linux kernel supporting hotplug and usbdevfs
+# d) the hotplug package (http://linux-hotplug.sourceforge.net/)
+#
+# In the usermap file, the first field "usb module" should be named
+# "gnupg-ccid" like this script.
+#
+
+if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ]
+then
+    chmod o-rwx "${DEVICE}"
+    chgrp "${GROUP}" "${DEVICE}"
+    chmod g+rw "${DEVICE}"
+fi
diff --git a/misc/howtos.gnupg.org/card-howto/en/gnupg-ccid.rules b/misc/howtos.gnupg.org/card-howto/en/gnupg-ccid.rules
new file mode 100644
index 0000000..a04c022
--- /dev/null
+++ b/misc/howtos.gnupg.org/card-howto/en/gnupg-ccid.rules
@@ -0,0 +1,5 @@
+# GPG SmartCard Reader Support
+#
+
+ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/e003/*", RUN+="/etc/udev/scripts/gnupg-ccid"
+ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/5115/*", RUN+="/etc/udev/scripts/gnupg-ccid"
diff --git a/misc/howtos.gnupg.org/card-howto/en/smartcard-howto-single.html b/misc/howtos.gnupg.org/card-howto/en/smartcard-howto-single.html
index 7024fb5..dea3cde 100644
--- a/misc/howtos.gnupg.org/card-howto/en/smartcard-howto-single.html
+++ b/misc/howtos.gnupg.org/card-howto/en/smartcard-howto-single.html
@@ -51,7 +51,7 @@
                   edges a bit.  This is in particular important so
                   that you are able to remove the card using the tiny
                   blue lever.
-                </p></div></div></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2503642"></a>2.3.?Installation of Card Reader</h2></div></div></div><p>Two standard protocols are used by GnuPG to access card readers. </p><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id2503652"></a>2.3.1.?CCID (Chip Card Interface Description)</h3></div></div></div><p>The driver to access CCID cards is built into GnuPG.  This driver will be used by default.</p><p>To use this driver follow the instructions and make sure you have sufficient permission (see below) to access the USB device for reading and writing.</p><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="id2503669"></a>With udev (preferred installation)</h4></div></div></div><p>First of all, you will need to download two files for udev and copy them to the udev configuration directories, in order to let it identify your card reader:</p><div class="itemizedlist"><ul type="disc"><li><p><a href="http://www.fsfe.org/en/content/download/17665/125518/file/gnupg-ccid.rules" target="_top">gnupg-ccid.rules</a></p></li><li><p><a href="" target="_top">gnupg-ccid</a></p></li></ul></div><p>Now, open a terminal and become root (you will be asked for your root password):</p><pre class="screen">
+                </p></div></div></div><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2503642"></a>2.3.?Installation of Card Reader</h2></div></div></div><p>Two standard protocols are used by GnuPG to access card readers. </p><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id2503652"></a>2.3.1.?CCID (Chip Card Interface Description)</h3></div></div></div><p>The driver to access CCID cards is built into GnuPG.  This driver will be used by default.</p><p>To use this driver follow the instructions and make sure you have sufficient permission (see below) to access the USB device for reading and writing.</p><div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h4 class="title"><a id="id2503669"></a>With udev (preferred installation)</h4></div></div></div><p>First of all, you will need to download two files for udev and copy them to the udev configuration directories, in order to let it identify your card reader:</p><div class="itemizedlist"><ul type="disc"><li><p><a href="gnupg-ccid.rules" target="_top">gnupg-ccid.rules</a></p></li><li><p><a href="gnupg-ccid" target="_top">gnupg-ccid</a></p></li></ul></div><p>Now, open a terminal and become root (you will be asked for your root password):</p><pre class="screen">
 archi at foobar:~ &gt; su -
                 </pre><p>On Ubuntu systems, you should run (and then you will be asked for the user password):</p><pre class="screen">
 archi at foobar:~ &gt; sudo su -

-----------------------------------------------------------------------

Summary of changes:
 misc/howtos.gnupg.org/card-howto/en/ch02s03.html   |  4 +--
 misc/howtos.gnupg.org/card-howto/en/gnupg-ccid     | 30 ++++++++++++++++++++++
 .../card-howto/en/gnupg-ccid.rules                 |  5 ++++
 .../card-howto/en/smartcard-howto-single.html      |  2 +-
 4 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 misc/howtos.gnupg.org/card-howto/en/gnupg-ccid
 create mode 100644 misc/howtos.gnupg.org/card-howto/en/gnupg-ccid.rules


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr  1 17:44:46 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 01 Apr 2016 17:44:46 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 5295904c3a87661bbadc567fa504e96ed7448a94
Message-ID: <E1am1FF-00035e-3T@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  5295904c3a87661bbadc567fa504e96ed7448a94 (commit)
      from  81797afe93a8130ae7c9db861696a8d6d8463bd5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5295904c3a87661bbadc567fa504e96ed7448a94
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 1 17:35:18 2016 +0200

    web: Add facebook logo to the kudos page.
    
    Logo received from Melanie Ensign
    on Tue, 22 Mar 2016 20:28:30 +0000
    and scaled down to match the other logos.

diff --git a/web/donate/kudos.org b/web/donate/kudos.org
index 9fbf8ac..d279954 100644
--- a/web/donate/kudos.org
+++ b/web/donate/kudos.org
@@ -71,6 +71,7 @@ The [[https://gnupg.org/blog/20140512-rewards-sent.html][Goteo crowdfunding]] ca
 #+HTML: <div class="logobox">
   [[http://eof.eu.org][file:logos/eof.eu.org-logo.png]]
   [[https://www.wauland.de][file:logos/whs-logo.png]]
+  [[https://facebook.com][file:logos/facebook-06-2015-blue_x.png]]
 #+HTML: </div>
 
 * Hardware and service donations
diff --git a/web/donate/logos/facebook-06-2015-blue_x.png b/web/donate/logos/facebook-06-2015-blue_x.png
new file mode 100644
index 0000000..e95ede1
Binary files /dev/null and b/web/donate/logos/facebook-06-2015-blue_x.png differ

-----------------------------------------------------------------------

Summary of changes:
 web/donate/kudos.org                         |   1 +
 web/donate/logos/facebook-06-2015-blue_x.png | Bin 0 -> 2465 bytes
 2 files changed, 1 insertion(+)
 create mode 100644 web/donate/logos/facebook-06-2015-blue_x.png


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sat Apr  2 18:08:53 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Sat, 02 Apr 2016 18:08:53 +0200
Subject: [git] GPGME - branch, gpgmepp, updated. gpgme-1.6.0-26-ga440050
Message-ID: <E1amO67-0003z3-45@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, gpgmepp has been updated
       via  a440050fc2c11e4867da9d4707616fa23ac52141 (commit)
      from  226e51052ae73efa8d9f30729b28de68d35231af (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a440050fc2c11e4867da9d4707616fa23ac52141
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Sat Apr 2 08:06:45 2016 -0800

    Add missing files to QGpgME
    
    * lang/qt/src/gpgme_backend_debug.cpp,
     lang/qt/src/gpgme_backend_debug.h,
     lang/qt/src/predicates.h,
     lang/qt/src/stl_util.h: New.

diff --git a/lang/qt/src/gpgme_backend_debug.cpp b/lang/qt/src/gpgme_backend_debug.cpp
new file mode 100644
index 0000000..6dfb313
--- /dev/null
+++ b/lang/qt/src/gpgme_backend_debug.cpp
@@ -0,0 +1,10 @@
+// This file is autogenerated by CMake: DO NOT EDIT
+
+#include "gpgme_backend_debug.h"
+
+
+#if QT_VERSION >= QT_VERSION_CHECK(5, 4, 0)
+Q_LOGGING_CATEGORY(GPGPME_BACKEND_LOG, "log_gpgme_backend", QtWarningMsg)
+#else
+Q_LOGGING_CATEGORY(GPGPME_BACKEND_LOG, "log_gpgme_backend")
+#endif
diff --git a/lang/qt/src/gpgme_backend_debug.h b/lang/qt/src/gpgme_backend_debug.h
new file mode 100644
index 0000000..5ac93db
--- /dev/null
+++ b/lang/qt/src/gpgme_backend_debug.h
@@ -0,0 +1,11 @@
+// This file is autogenerated by CMake: DO NOT EDIT
+
+#ifndef GPGPME_BACKEND_LOG_H
+#define GPGPME_BACKEND_LOG_H
+
+#include <QLoggingCategory>
+
+Q_DECLARE_LOGGING_CATEGORY(GPGPME_BACKEND_LOG)
+
+
+#endif
diff --git a/lang/qt/src/predicates.h b/lang/qt/src/predicates.h
new file mode 100644
index 0000000..74bbe3d
--- /dev/null
+++ b/lang/qt/src/predicates.h
@@ -0,0 +1,205 @@
+/* -*- mode: c++; c-basic-offset:4 -*-
+    models/predicates.h
+
+    This file is part of Kleopatra, the KDE keymanager
+    Copyright (c) 2007 Klar?lvdalens Datakonsult AB
+    Copyright (c) 2016 Intevation GmbH
+
+    Kleopatra is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    Kleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __QGPGME_PREDICATES_H__
+#define __QGPGME_PREDICATES_H__
+
+#include <stl_util.h>
+
+#include <string>
+
+#ifdef BUILDING_QGPGME
+# include "global.h"
+#else
+# include <gpgme++/key.h>
+#endif
+
+#include <boost/bind.hpp>
+
+#include <cstring>
+#include <algorithm>
+#include <iterator>
+
+namespace QGpgME
+{
+namespace _detail
+{
+
+inline int mystrcmp(const char *s1, const char *s2)
+{
+    using namespace std;
+    return s1 ? s2 ? strcmp(s1, s2) : 1 : s2 ? -1 : 0;
+}
+
+#define make_comparator_str_impl( Name, expr, cmp )                     \
+    template <template <typename U> class Op>                           \
+    struct Name {                                                       \
+        typedef bool result_type;                                       \
+        \
+        bool operator()( const char * lhs, const char * rhs ) const {   \
+            return Op<int>()( cmp, 0 );                                 \
+        }                                                               \
+        \
+        bool operator()( const std::string & lhs, const std::string & rhs ) const { \
+            return operator()( lhs.c_str(), rhs.c_str() );              \
+        }                                                               \
+        bool operator()( const char * lhs, const std::string & rhs ) const { \
+            return operator()( lhs, rhs.c_str() );                      \
+        }                                                               \
+        bool operator()( const std::string & lhs, const char * rhs ) const { \
+            return operator()( lhs.c_str(), rhs );                      \
+        }                                                               \
+        \
+        template <typename T>                                           \
+        bool operator()( const T & lhs, const T & rhs ) const {         \
+            return operator()( (lhs expr), (rhs expr) );                \
+        }                                                               \
+        template <typename T>                                           \
+        bool operator()( const T & lhs, const char * rhs ) const {      \
+            return operator()( (lhs expr), rhs );                       \
+        }                                                               \
+        template <typename T>                                           \
+        bool operator()( const char * lhs, const T & rhs ) const {      \
+            return operator()( lhs, (rhs expr) );                       \
+        }                                                               \
+        template <typename T>                                           \
+        bool operator()( const T & lhs, const std::string & rhs ) const { \
+            return operator()( (lhs expr), rhs );                       \
+        }                                                               \
+        template <typename T>                                           \
+        bool operator()( const std::string & lhs, const T & rhs ) const {    \
+            return operator()( lhs, (rhs expr) );                       \
+        }                                                               \
+    }
+
+#define make_comparator_str_fast( Name, expr )                          \
+    make_comparator_str_impl( Name, expr, _detail::mystrcmp( lhs, rhs ) )
+#define make_comparator_str( Name, expr )                               \
+    make_comparator_str_impl( Name, expr, qstricmp( lhs, rhs ) )
+
+make_comparator_str_fast(ByFingerprint, .primaryFingerprint());
+make_comparator_str_fast(ByKeyID, .keyID());
+make_comparator_str_fast(ByShortKeyID, .shortKeyID());
+make_comparator_str_fast(ByChainID, .chainID());
+
+template <typename T>
+void sort_by_fpr(T &t)
+{
+    std::sort(t.begin(), t.end(), ByFingerprint<std::less>());
+}
+
+template <typename T>
+void remove_duplicates_by_fpr(T &t)
+{
+    t.erase(std::unique(t.begin(), t.end(), ByFingerprint<std::equal_to>()), t.end());
+}
+
+template <typename T>
+T union_by_fpr(const T &t1, const T &t2)
+{
+    T result;
+    result.reserve(t1.size() + t2.size());
+    std::set_union(t1.begin(), t1.end(),
+                   t2.begin(), t2.end(),
+                   std::back_inserter(result),
+                   ByFingerprint<std::less>());
+    return result;
+}
+
+template <typename T>
+T union_by_fpr_dirty(const T &t1, const T &t2)
+{
+    T cleaned(t1);
+    sort_by_fpr(cleaned);
+    remove_duplicates_by_fpr(cleaned);
+    return union_by_fpr(cleaned, t2);
+}
+
+template <typename T>
+void grep_protocol(T &t, GpgME::Protocol proto)
+{
+    t.erase(std::remove_if(t.begin(), t.end(), boost::bind(&GpgME::Key::protocol, _1) != proto), t.end());
+}
+
+template <typename T>
+bool any_protocol(const T &t, GpgME::Protocol proto)
+{
+    return kdtools::any(t, boost::bind(&GpgME::Key::protocol, _1) == proto);
+}
+
+template <typename T>
+bool all_protocol(const T &t, GpgME::Protocol proto)
+{
+    return kdtools::all(t, boost::bind(&GpgME::Key::protocol, _1) == proto);
+}
+
+template <typename T>
+bool none_of_protocol(const T &t, GpgME::Protocol proto)
+{
+    return kdtools::none_of(t, boost::bind(&GpgME::Key::protocol, _1) == proto);
+}
+
+template <typename T>
+void grep_secret(T &t)
+{
+    t.erase(std::remove_if(t.begin(), t.end(), boost::mem_fn(&GpgME::Key::hasSecret)), t.end());
+}
+
+template <typename T>
+bool any_secret(const T &t)
+{
+    return kdtools::any(t, boost::mem_fn(&GpgME::Key::hasSecret));
+}
+
+template <typename T>
+bool all_secret(const T &t)
+{
+    return kdtools::all(t, boost::mem_fn(&GpgME::Key::hasSecret));
+}
+
+template <typename T>
+bool none_of_secret(const T &t)
+{
+    return kdtools::none_of(t, boost::mem_fn(&GpgME::Key::hasSecret));
+}
+
+template <typename T>
+void grep_can_encrypt(T &t)
+{
+    t.erase(std::remove_if(t.begin(), t.end(), !boost::bind(&GpgME::Key::canEncrypt, _1)), t.end());
+}
+
+}
+}
+
+#endif /* __QGPGME_PREDICATES_H__ */
diff --git a/lang/qt/src/stl_util.h b/lang/qt/src/stl_util.h
new file mode 100644
index 0000000..5a5841b
--- /dev/null
+++ b/lang/qt/src/stl_util.h
@@ -0,0 +1,631 @@
+/****************************************************************************
+** Copyright (C) 2001-2007 Klar?lvdalens Datakonsult AB
+    Copyright (c) 2016 Intevation GmbH.  All rights reserved.
+**
+** This file is part of the KD Tools library.
+**
+** This file may be distributed and/or modified under the terms of the
+** GNU General Public License version 2 as published by the Free Software
+** Foundation and appearing in the file LICENSE.GPL included in the
+** packaging of this file.
+**
+** Licensees holding valid commercial KD Tools licenses may use this file in
+** accordance with the KD Tools Commercial License Agreement provided with
+** the Software.
+**
+** This file is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE
+** WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+**
+** Contact info at klaralvdalens-datakonsult.se if any conditions of this
+** licensing are not clear to you.
+**
+**********************************************************************/
+#ifndef __KDTOOLSCORE_STL_UTIL_H__
+#define __KDTOOLSCORE_STL_UTIL_H__
+
+#include <boost/range.hpp>
+#include <boost/iterator/filter_iterator.hpp>
+#include <boost/iterator/transform_iterator.hpp>
+#include <boost/call_traits.hpp>
+#include <boost/version.hpp>
+
+#include <algorithm>
+#include <numeric>
+#include <utility>
+#include <iterator>
+#include <functional>
+
+namespace kdtools
+{
+
+struct nodelete {
+    template <typename T>
+    void operator()(const T *) const {}
+};
+
+struct identity {
+    template <typename T>
+    T *operator()(T *t) const
+    {
+        return t;
+    }
+    template <typename T>
+    const T *operator()(const T *t) const
+    {
+        return t;
+    }
+    template <typename T>
+    T &operator()(T &t) const
+    {
+        return t;
+    }
+    template <typename T>
+    const T &operator()(const T &t) const
+    {
+        return t;
+    }
+};
+
+template <typename Pair>
+struct select1st;
+
+template <typename U, typename V>
+struct select1st< std::pair<U, V> >
+    : std::unary_function<std::pair<U, V>, U> {
+    typename boost::call_traits<U>::param_type
+    operator()(const std::pair<U, V> &pair) const
+    {
+        return pair.first;
+    }
+};
+
+template <typename Pair>
+struct select2nd;
+
+template <typename U, typename V>
+struct select2nd< std::pair<U, V> >
+    : std::unary_function<std::pair<U, V>, V> {
+    typename boost::call_traits<V>::param_type
+    operator()(const std::pair<U, V> &pair) const
+    {
+        return pair.second;
+    }
+};
+
+template <typename InputIterator, typename OutputIterator, typename UnaryPredicate>
+OutputIterator copy_if(InputIterator first, InputIterator last, OutputIterator dest, UnaryPredicate pred)
+{
+    while (first != last) {
+        if (pred(*first)) {
+            *dest = *first;
+            ++dest;
+        }
+        ++first;
+    }
+    return dest;
+}
+
+template <typename OutputIterator, typename InputIterator, typename UnaryFunction, typename UnaryPredicate>
+OutputIterator transform_if(InputIterator first, InputIterator last, OutputIterator dest, UnaryPredicate pred, UnaryFunction filter)
+{
+    return std::transform(boost::make_filter_iterator(filter, first, last),
+                          boost::make_filter_iterator(filter, last,  last),
+                          dest, pred);
+}
+
+template <typename InputIterator, typename OutputIterator>
+OutputIterator copy_1st(InputIterator first, InputIterator last, OutputIterator dest)
+{
+    return std::copy(boost::make_transform_iterator(first, select1st<typename std::iterator_traits<InputIterator>::value_type>()),
+                     boost::make_transform_iterator(last,  select1st<typename std::iterator_traits<InputIterator>::value_type>()),
+                     dest);
+}
+
+template <typename InputIterator, typename OutputIterator>
+OutputIterator copy_2nd(InputIterator first, InputIterator last, OutputIterator dest)
+{
+    return std::copy(boost::make_transform_iterator(first, select2nd<typename std::iterator_traits<InputIterator>::value_type>()),
+                     boost::make_transform_iterator(last,  select2nd<typename std::iterator_traits<InputIterator>::value_type>()),
+                     dest);
+}
+
+template <typename InputIterator, typename OutputIterator, typename Predicate>
+OutputIterator copy_1st_if(InputIterator first, InputIterator last, OutputIterator dest, Predicate pred)
+{
+    return kdtools::copy_if(boost::make_transform_iterator(first, select1st<typename std::iterator_traits<InputIterator>::value_type>()),
+                            boost::make_transform_iterator(last,  select1st<typename std::iterator_traits<InputIterator>::value_type>()),
+                            dest, pred);
+}
+
+template <typename InputIterator, typename OutputIterator, typename Predicate>
+OutputIterator copy_2nd_if(InputIterator first, InputIterator last, OutputIterator dest, Predicate pred)
+{
+    return kdtools::copy_if(boost::make_transform_iterator(first, select2nd<typename std::iterator_traits<InputIterator>::value_type>()),
+                            boost::make_transform_iterator(last,  select2nd<typename std::iterator_traits<InputIterator>::value_type>()),
+                            dest, pred);
+}
+
+template <typename OutputIterator, typename InputIterator, typename UnaryFunction>
+OutputIterator transform_1st(InputIterator first, InputIterator last, OutputIterator dest, UnaryFunction func)
+{
+    return std::transform(boost::make_transform_iterator(first, select1st<typename std::iterator_traits<InputIterator>::value_type>()),
+                          boost::make_transform_iterator(last,  select1st<typename std::iterator_traits<InputIterator>::value_type>()),
+                          dest, func);
+}
+
+template <typename OutputIterator, typename InputIterator, typename UnaryFunction>
+OutputIterator transform_2nd(InputIterator first, InputIterator last, OutputIterator dest, UnaryFunction func)
+{
+    return std::transform(boost::make_transform_iterator(first, select2nd<typename std::iterator_traits<InputIterator>::value_type>()),
+                          boost::make_transform_iterator(last,  select2nd<typename std::iterator_traits<InputIterator>::value_type>()),
+                          dest, func);
+}
+
+template <typename Value, typename InputIterator, typename UnaryPredicate>
+Value accumulate_if(InputIterator first, InputIterator last, UnaryPredicate filter, const Value &value = Value())
+{
+    return std::accumulate(boost::make_filter_iterator(filter, first, last),
+                           boost::make_filter_iterator(filter, last,  last), value);
+}
+
+template <typename Value, typename InputIterator, typename UnaryPredicate, typename BinaryOperation>
+Value accumulate_if(InputIterator first, InputIterator last, UnaryPredicate filter, const Value &value, BinaryOperation op)
+{
+    return std::accumulate(boost::make_filter_iterator(filter, first, last),
+                           boost::make_filter_iterator(filter, last,  last), value, op);
+}
+
+template <typename Value, typename InputIterator, typename UnaryFunction>
+Value accumulate_transform(InputIterator first, InputIterator last, UnaryFunction map, const Value &value = Value())
+{
+    return std::accumulate(boost::make_transform_iterator(first, map),
+                           boost::make_transform_iterator(last, map), value);
+}
+
+template <typename Value, typename InputIterator, typename UnaryFunction, typename BinaryOperation>
+Value accumulate_transform(InputIterator first, InputIterator last, UnaryFunction map, const Value &value, BinaryOperation op)
+{
+    return std::accumulate(boost::make_transform_iterator(first, map),
+                           boost::make_transform_iterator(last, map), value, op);
+}
+
+template <typename Value, typename InputIterator, typename UnaryFunction, typename UnaryPredicate>
+Value accumulate_transform_if(InputIterator first, InputIterator last, UnaryFunction map, UnaryPredicate pred, const Value &value = Value())
+{
+    return std::accumulate(boost::make_transform_iterator(first, map),
+                           boost::make_transform_iterator(last, map), value);
+}
+
+template <typename Value, typename InputIterator, typename UnaryFunction, typename UnaryPredicate, typename BinaryOperation>
+Value accumulate_transform_if(InputIterator first, InputIterator last, UnaryFunction map, UnaryPredicate filter, const Value &value, BinaryOperation op)
+{
+    return std::accumulate(boost::make_transform_iterator(boost::make_filter_iterator(filter, first, last), map),
+                           boost::make_transform_iterator(boost::make_filter_iterator(filter, last, last), map), value, op);
+}
+
+template <typename InputIterator, typename OutputIterator1, typename OutputIterator2, typename UnaryPredicate>
+std::pair<OutputIterator1, OutputIterator2> separate_if(InputIterator first, InputIterator last, OutputIterator1 dest1, OutputIterator2 dest2, UnaryPredicate pred)
+{
+    while (first != last) {
+        if (pred(*first)) {
+            *dest1 = *first;
+            ++dest1;
+        } else {
+            *dest2 = *first;
+            ++dest2;
+        }
+        ++first;
+    }
+    return std::make_pair(dest1, dest2);
+}
+
+template <typename InputIterator>
+bool any(InputIterator first, InputIterator last)
+{
+    while (first != last)
+        if (*first) {
+            return true;
+        } else {
+            ++first;
+        }
+    return false;
+}
+
+template <typename InputIterator, typename UnaryPredicate>
+bool any(InputIterator first, InputIterator last, UnaryPredicate pred)
+{
+    while (first != last)
+        if (pred(*first)) {
+            return true;
+        } else {
+            ++first;
+        }
+    return false;
+}
+
+template <typename InputIterator>
+bool all(InputIterator first, InputIterator last)
+{
+    while (first != last)
+        if (*first) {
+            ++first;
+        } else {
+            return false;
+        }
+    return true;
+}
+
+template <typename InputIterator, typename UnaryPredicate>
+bool all(InputIterator first, InputIterator last, UnaryPredicate pred)
+{
+    while (first != last)
+        if (pred(*first)) {
+            ++first;
+        } else {
+            return false;
+        }
+    return true;
+}
+
+template <typename InputIterator>
+bool none_of(InputIterator first, InputIterator last)
+{
+    return !any(first, last);
+}
+
+template <typename InputIterator, typename UnaryPredicate>
+bool none_of(InputIterator first, InputIterator last, UnaryPredicate pred)
+{
+    return !any(first, last, pred);
+}
+
+template <typename InputIterator, typename BinaryOperation>
+BinaryOperation for_each_adjacent_pair(InputIterator first, InputIterator last, BinaryOperation op)
+{
+    typedef typename std::iterator_traits<InputIterator>::value_type ValueType;
+    if (first == last) {
+        return op;
+    }
+    ValueType value = *first;
+    while (++first != last) {
+        ValueType tmp = *first;
+        op(value, tmp);
+        value = tmp;
+    }
+    return op;
+}
+
+template <typename ForwardIterator, typename UnaryPredicate, typename UnaryFunction>
+UnaryFunction for_each_if(ForwardIterator first, ForwardIterator last, UnaryPredicate pred, UnaryFunction func)
+{
+    return std::for_each(boost::make_filter_iterator(pred, first, last),
+                         boost::make_filter_iterator(pred, last, last),
+                         func);
+}
+
+//@{
+/**
+   Versions of std::set_intersection optimized for ForwardIterator's
+*/
+template <typename ForwardIterator, typename ForwardIterator2, typename OutputIterator, typename BinaryPredicate>
+OutputIterator set_intersection(ForwardIterator first1, ForwardIterator last1, ForwardIterator2 first2, ForwardIterator2 last2, OutputIterator result)
+{
+    while (first1 != last1 && first2 != last2) {
+        if (*first1 < *first2) {
+            first1 = std::lower_bound(++first1, last1, *first2);
+        } else if (*first2 < *first1) {
+            first2 = std::lower_bound(++first2, last2, *first1);
+        } else {
+            *result = *first1;
+            ++first1;
+            ++first2;
+            ++result;
+        }
+    }
+    return result;
+}
+
+template <typename ForwardIterator, typename ForwardIterator2, typename OutputIterator, typename BinaryPredicate>
+OutputIterator set_intersection(ForwardIterator first1, ForwardIterator last1, ForwardIterator2 first2, ForwardIterator2 last2, OutputIterator result, BinaryPredicate pred)
+{
+    while (first1 != last1 && first2 != last2) {
+        if (pred(*first1, *first2)) {
+            first1 = std::lower_bound(++first1, last1, *first2, pred);
+        } else if (pred(*first2, *first1)) {
+            first2 = std::lower_bound(++first2, last2, *first1, pred);
+        } else {
+            *result = *first1;
+            ++first1;
+            ++first2;
+            ++result;
+        }
+    }
+    return result;
+}
+//@}
+
+template <typename ForwardIterator, typename ForwardIterator2, typename BinaryPredicate>
+bool set_intersects(ForwardIterator first1,  ForwardIterator last1,
+                    ForwardIterator2 first2, ForwardIterator2 last2,
+                    BinaryPredicate pred)
+{
+    while (first1 != last1 && first2 != last2) {
+        if (pred(*first1, *first2)) {
+            first1 = std::lower_bound(++first1, last1, *first2, pred);
+        } else if (pred(*first2, *first1)) {
+            first2 = std::lower_bound(++first2, last2, *first1, pred);
+        } else {
+            return true;
+        }
+    }
+    return false;
+}
+
+//@{
+/*! Versions of std algorithms that take ranges */
+
+template <typename C, typename V>
+typename boost::range_iterator<C>::type
+find(C &c, const V &v)
+{
+    return std::find(boost::begin(c), boost::end(c), v);
+}
+
+#if BOOST_VERSION < 103500
+template <typename C, typename V>
+typename boost::range_const_iterator<C>::type
+find(const C &c, const V &v)
+{
+    return std::find(boost::begin(c), boost::end(c), v);
+}
+#endif
+
+template <typename C, typename P>
+typename boost::range_iterator<C>::type
+find_if(C &c, P p)
+{
+    return std::find_if(boost::begin(c), boost::end(c), p);
+}
+
+#if BOOST_VERSION < 103500
+template <typename C, typename P>
+typename boost::range_const_iterator<C>::type
+find_if(const C &c, P p)
+{
+    return std::find_if(boost::begin(c), boost::end(c), p);
+}
+#endif
+
+template <typename C, typename V>
+bool contains(const C &c, const V &v)
+{
+    return find(c, v) != boost::end(c);
+}
+
+template <typename C, typename P>
+bool contains_if(const C &c, P p)
+{
+    return find_if(c, p) != boost::end(c);
+}
+
+template <typename C, typename V>
+bool binary_search(const C &c, const V &v)
+{
+    return std::binary_search(boost::begin(c), boost::end(c), v);
+}
+
+template <typename C, typename V>
+size_t count(const C &c, const V &v)
+{
+    return std::count(boost::begin(c), boost::end(c), v);
+}
+
+template <typename C, typename P>
+size_t count_if(const C &c, P p)
+{
+    return std::count_if(boost::begin(c), boost::end(c), p);
+}
+
+template <typename O, typename I, typename P>
+O transform(const I &i, P p)
+{
+    O o;
+    std::transform(boost::begin(i), boost::end(i),
+                   std::back_inserter(o), p);
+    return o;
+}
+
+template <typename I, typename OutputIterator, typename P>
+OutputIterator transform(const I &i, OutputIterator out, P p)
+{
+    return std::transform(boost::begin(i), boost::end(i), out, p);
+}
+
+template <typename O, typename I, typename P, typename F>
+O transform_if(const I &i, P p, F f)
+{
+    O o;
+    transform_if(boost::begin(i), boost::end(i),
+                 std::back_inserter(o), p, f);
+    return o;
+}
+
+template <typename V, typename I, typename F>
+V accumulate_if(const I &i, F f, V v = V())
+{
+    return accumulate_if(boost::begin(i), boost::end(i), f, v);
+}
+
+template <typename V, typename I, typename F, typename B>
+V accumulate_if(const I &i, F f, V v, B b)
+{
+    return accumulate_if(boost::begin(i), boost::end(i), f, v, b);
+}
+
+template <typename V, typename I, typename F>
+V accumulate_transform(const I &i, F f, V v = V())
+{
+    return accumulate_transform(boost::begin(i), boost::end(i), f, v);
+}
+
+template <typename V, typename I, typename F, typename B>
+V accumulate_transform(const I &i, F f, V v, B b)
+{
+    return accumulate_transform(boost::begin(i), boost::end(i), f, v, b);
+}
+
+template <typename V, typename I, typename F, typename P>
+V accumulate_transform_if(const I &i, F f, P p, V v = V())
+{
+    return accumulate_transform_if(boost::begin(i), boost::end(i), f, p, v);
+}
+
+template <typename V, typename I, typename F, typename P, typename B>
+V accumulate_transform_if(const I &i, F f, P p, V v, B b)
+{
+    return accumulate_transform_if(boost::begin(i), boost::end(i), f, p, v, b);
+}
+
+template <typename O, typename I>
+O copy(const I &i)
+{
+    O o;
+    std::copy(boost::begin(i), boost::end(i), std::back_inserter(o));
+    return o;
+}
+
+template <typename O, typename I, typename P>
+O copy_if(const I &i, P p)
+{
+    O o;
+    kdtools::copy_if(boost::begin(i), boost::end(i), std::back_inserter(o), p);
+    return o;
+}
+
+template <typename I, typename P>
+P for_each(const I &i, P p)
+{
+    return std::for_each(boost::begin(i), boost::end(i), p);
+}
+
+template <typename I, typename P>
+P for_each(I &i, P p)
+{
+    return std::for_each(boost::begin(i), boost::end(i), p);
+}
+
+template <typename C1, typename C2>
+bool equal(const C1 &c1, const C2 &c2)
+{
+    return boost::size(c1) == boost::size(c2)
+           && std::equal(boost::begin(c1), boost::end(c1),
+                         boost::begin(c2));
+}
+
+template <typename C1, typename C2, typename P>
+bool equal(const C1 &c1, const C2 &c2, P p)
+{
+    return boost::size(c1) == boost::size(c2)
+           && std::equal(boost::begin(c1), boost::end(c1),
+                         boost::begin(c2), p);
+}
+
+template <typename C, typename O1, typename O2, typename P>
+std::pair<O1, O2> separate_if(const C &c, O1 o1, O2 o2, P p)
+{
+    return separate_if(boost::begin(c), boost::end(c), o1, o2, p);
+}
+
+//@}
+
+template <typename C>
+bool any(const C &c)
+{
+    return any(boost::begin(c), boost::end(c));
+}
+
+template <typename C, typename P>
+bool any(const C &c, P p)
+{
+    return any(boost::begin(c), boost::end(c), p);
+}
+
+template <typename C>
+bool all(const C &c)
+{
+    return all(boost::begin(c), boost::end(c));
+}
+
+template <typename C, typename P>
+bool all(const C &c, P p)
+{
+    return all(boost::begin(c), boost::end(c), p);
+}
+
+template <typename C>
+bool none_of(const C &c)
+{
+    return none_of(boost::begin(c), boost::end(c));
+}
+
+template <typename C, typename P>
+bool none_of(const C &c, P p)
+{
+    return kdtools::none_of(boost::begin(c), boost::end(c), p);
+}
+
+template <typename C, typename B>
+B for_each_adjacent_pair(const C &c, B b)
+{
+    return for_each_adjacent_pair(boost::begin(c), boost::end(c), b);
+}
+
+template <typename C, typename B>
+B for_each_adjacent_pair(C &c, B b)
+{
+    return for_each_adjacent_pair(boost::begin(c), boost::end(c), b);
+}
+
+template <typename C, typename P, typename F>
+P for_each_if(const C &c, P p, F f)
+{
+    return for_each_if(boost::begin(c), boost::end(c), p, f);
+}
+
+template <typename C, typename P, typename F>
+P for_each_if(C &c, P p, F f)
+{
+    return for_each_if(boost::begin(c), boost::end(c), p, f);
+}
+
+template <typename C>
+void sort(C &c)
+{
+    return std::sort(boost::begin(c), boost::end(c));
+}
+
+template <typename C, typename P>
+void sort(C &c, P p)
+{
+    return std::sort(boost::begin(c), boost::end(c), p);
+}
+
+template <typename C>
+C sorted(const C &c)
+{
+    C copy(c);
+    kdtools::sort(copy);
+    return copy;
+}
+
+template <typename C, typename P>
+C sorted(const C &c, P p)
+{
+    C copy(c);
+    kdtools::sort(copy, p);
+    return copy;
+}
+
+}
+
+#endif /* __KDTOOLSCORE_STL_UTIL_H__ */

-----------------------------------------------------------------------

Summary of changes:
 lang/qt/src/gpgme_backend_debug.cpp |  10 +
 lang/qt/src/gpgme_backend_debug.h   |  11 +
 lang/qt/src/predicates.h            | 205 ++++++++++++
 lang/qt/src/stl_util.h              | 631 ++++++++++++++++++++++++++++++++++++
 4 files changed, 857 insertions(+)
 create mode 100644 lang/qt/src/gpgme_backend_debug.cpp
 create mode 100644 lang/qt/src/gpgme_backend_debug.h
 create mode 100644 lang/qt/src/predicates.h
 create mode 100644 lang/qt/src/stl_util.h


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Apr  3 11:51:27 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Sun, 03 Apr 2016 11:51:27 +0200
Subject: [git] GPGME - branch, gpgmepp, updated. gpgme-1.6.0-33-gfaf987d
Message-ID: <E1amegO-000054-An@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, gpgmepp has been updated
       via  faf987dd62893955251378a2a715edd2892a540c (commit)
       via  b7b9e38399a572cb61a297db552026eac5b2a5e1 (commit)
       via  0cc9006dbc59d87c6bcda88b36d59dcb69ac35cb (commit)
       via  3e38cc6fc67c420dec3e9e8afd072b4c8a157c85 (commit)
       via  7071b2a9c00b85d434d01b6166269ebf48b01b81 (commit)
       via  63c115b067400e1b02c7d849c99f54dc9f394d68 (commit)
       via  576be46f34b42e896a5e3be65560a4b518a758be (commit)
      from  a440050fc2c11e4867da9d4707616fa23ac52141 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit faf987dd62893955251378a2a715edd2892a540c
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Sun Apr 3 01:48:46 2016 -0800

    Qt: Add a unit test for qgpgme
    
    * configure.ac: Configure test Makefile.
    * m4/qt.m4: Look up Qt5Test flags.
    * lang/qt/tests/t-keylist.cpp: New. Simple keylist check.
    * lang/qt/tests/Makefile.am: New. General test framework.
    
    --
    This test mostly checks that it basically compiles / works and
    adds a test framework.

diff --git a/configure.ac b/configure.ac
index 9dd02e6..8580be7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -678,6 +678,7 @@ AC_CONFIG_FILES(lang/cpp/src/GpgmeppConfigVersion.cmake)
 AC_CONFIG_FILES(lang/qt/Makefile lang/qt/src/Makefile)
 AC_CONFIG_FILES(lang/qt/src/QGpgmeConfig.cmake.in)
 AC_CONFIG_FILES(lang/qt/src/QGpgmeConfigVersion.cmake)
+AC_CONFIG_FILES(lang/qt/tests/Makefile)
 AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpgme.asd])
 AC_OUTPUT
 
diff --git a/lang/qt/Makefile.am b/lang/qt/Makefile.am
index 7fbaca8..48f568a 100644
--- a/lang/qt/Makefile.am
+++ b/lang/qt/Makefile.am
@@ -18,6 +18,6 @@
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 # 02111-1307, USA
 
-SUBDIRS = src
+SUBDIRS = src tests
 
 EXTRA_DIST = README
diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am
new file mode 100644
index 0000000..3b483fe
--- /dev/null
+++ b/lang/qt/tests/Makefile.am
@@ -0,0 +1,66 @@
+# Makefile.am - Makefile for GPGME Qt tests.
+# Copyright (C) 2016 Intevation GmbH
+#
+# This file is part of GPGME.
+#
+# GPGME is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of the
+# License, or (at your option) any later version.
+#
+# GPGME is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General
+# Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+## Process this file with automake to produce Makefile.in
+
+GPG = gpg
+
+TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir)
+
+TESTS = t-keylist
+
+moc_files = t-keylist.moc
+
+AM_LDFLAGS = -no-install
+
+LDADD = ../../cpp/src/libgpgmepp.la ../src/libqgpgme.la \
+        ../../../src/libgpgme.la @GPGME_QT_LIBS@ @GPG_ERROR_LIBS@ \
+        @GPGME_QTTEST_LIBS@
+
+AM_CPPFLAGS = -I$(top_builddir)/src @GPG_ERROR_CFLAGS@ \
+              @GPGME_QT_CFLAGS@ @GPG_ERROR_CFLAGS@ @LIBASSUAN_CFLAGS@ \
+              @GPGME_QTTEST_CFLAGS@ \
+              -I$(top_srcdir)/lang/cpp/src -I$(top_srcdir)/lang/qt/src \
+              -DTOP_SRCDIR="$(top_srcdir)"
+
+check-local: ./t-keylist ./pubring-stamp
+
+t_keylist_SOURCES = t-keylist.cpp t-keylist.h
+
+nodist_t_keylist_SOURCES = $(moc_files)
+
+BUILT_SOURCES = $(moc_files)
+
+noinst_PROGRAMS = t-keylist
+
+CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \
+	gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \
+	random_seed S.gpg-agent .gpg-v21-migrated pubring-stamp $(moc_files)
+
+export GNUPGHOME := $(abs_builddir)
+
+./pubring-stamp: $(top_srcdir)/tests/gpg/pubdemo.asc \
+	             $(top_srcdir)/tests/gpg/secdemo.asc
+	$(GPG) --no-permission-warning \
+           --import $(top_srcdir)/tests/gpg/pubdemo.asc
+	-$(GPG) --no-permission-warning \
+            --import $(top_srcdir)/tests/gpg/secdemo.asc
+	touch ./pubring-stamp
+
+.cpp.moc:
+	$(MOC) `test -f '$<' || echo '$(srcdir)/'`$< -o $@
diff --git a/lang/qt/tests/t-keylist.cpp b/lang/qt/tests/t-keylist.cpp
new file mode 100644
index 0000000..67ace7f
--- /dev/null
+++ b/lang/qt/tests/t-keylist.cpp
@@ -0,0 +1,31 @@
+#include <QDebug>
+#include <QTest>
+#include "keylistjob.h"
+#include "qgpgmebackend.h"
+#include "keylistresult.h"
+
+using namespace QGpgME;
+
+class KeyListTest : public QObject
+{
+    Q_OBJECT
+
+private Q_SLOTS:
+
+    void testSingleKeyListSync()
+    {
+        QGpgMEBackend backend;
+        KeyListJob *job = backend.openpgp()->keyListJob(false, false, false);
+        std::vector<GpgME::Key> keys;
+        GpgME::KeyListResult result = job->exec(QStringList() << QStringLiteral("alfa at example.net"),
+                                                false, keys);
+        Q_ASSERT (!result.error());
+        Q_ASSERT (keys.size() == 1);
+        const QString kId = QLatin1String(keys.front().keyID());
+        Q_ASSERT (kId == QStringLiteral("2D727CC768697734"));
+    }
+};
+
+QTEST_MAIN(KeyListTest)
+
+#include "t-keylist.moc"
diff --git a/m4/qt.m4 b/m4/qt.m4
index 80e2245..d3be7f8 100644
--- a/m4/qt.m4
+++ b/m4/qt.m4
@@ -18,6 +18,11 @@ AC_DEFUN([FIND_QT],
                     [have_qt5_libs="yes"],
                     [have_qt5_libs="no"])
 
+  PKG_CHECK_MODULES(GPGME_QTTEST,
+                    Qt5Test >= 5.0.0,
+                    [have_qt5test_libs="yes"],
+                    [have_qt5test_libs="no"])
+
   if "$PKG_CONFIG" --variable qt_config Qt5Core | grep -q "reduce_relocations"; then
     GPGME_QT_CFLAGS="$GPGME_QT_CFLAGS -fpic"
   fi

commit b7b9e38399a572cb61a297db552026eac5b2a5e1
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Sun Apr 3 01:33:52 2016 -0800

    Qt: Add missing MOC includes
    
    * qgpgmeadduseridjob.cpp,
     qgpgmechangeexpiryjob.cpp,
     qgpgmechangeownertrustjob.cpp,
     qgpgmechangepasswdjob.cpp,
     qgpgmedecryptjob.cpp,
     qgpgmedecryptverifyjob.cpp,
     qgpgmedeletejob.cpp,
     qgpgmedownloadjob.cpp,
     qgpgmeencryptjob.cpp,
     qgpgmeexportjob.cpp,
     qgpgmeimportfromkeyserverjob.cpp,
     qgpgmeimportjob.cpp,
     qgpgmekeygenerationjob.cpp,
     qgpgmekeylistjob.cpp,
     qgpgmelistallkeysjob.cpp,
     qgpgmerefreshkeysjob.cpp,
     qgpgmesecretkeyexportjob.cpp,
     qgpgmesignencryptjob.cpp,
     qgpgmesignjob.cpp,
     qgpgmesignkeyjob.cpp,
     qgpgmeverifydetachedjob.cpp,
     qgpgmeverifyopaquejob.cpp: Add missing MOC includes.
    
    --
    In the CMake world this was handled by cmake automoc
    suppport and not neccessary.

diff --git a/lang/qt/src/qgpgmeadduseridjob.cpp b/lang/qt/src/qgpgmeadduseridjob.cpp
index 19127a8..03e8f20 100644
--- a/lang/qt/src/qgpgmeadduseridjob.cpp
+++ b/lang/qt/src/qgpgmeadduseridjob.cpp
@@ -80,3 +80,4 @@ Error QGpgMEAddUserIDJob::start(const Key &key, const QString &name, const QStri
     run(bind(&add_user_id, _1, key, name, email, comment));
     return Error();
 }
+#include "qgpgmeadduseridjob.moc"
diff --git a/lang/qt/src/qgpgmechangeexpiryjob.cpp b/lang/qt/src/qgpgmechangeexpiryjob.cpp
index ac06d8d..41fe8c3 100644
--- a/lang/qt/src/qgpgmechangeexpiryjob.cpp
+++ b/lang/qt/src/qgpgmechangeexpiryjob.cpp
@@ -79,3 +79,4 @@ Error QGpgMEChangeExpiryJob::start(const Key &key, const QDateTime &expiry)
     run(bind(&change_expiry, _1, key, expiry));
     return Error();
 }
+#include "qgpgmechangeexpiryjob.moc"
diff --git a/lang/qt/src/qgpgmechangeownertrustjob.cpp b/lang/qt/src/qgpgmechangeownertrustjob.cpp
index 3e4144d..09b9539 100644
--- a/lang/qt/src/qgpgmechangeownertrustjob.cpp
+++ b/lang/qt/src/qgpgmechangeownertrustjob.cpp
@@ -75,3 +75,4 @@ Error QGpgMEChangeOwnerTrustJob::start(const Key &key, Key::OwnerTrust trust)
     run(bind(&change_ownertrust, _1, key, trust));
     return Error();
 }
+#include "qgpgmechangeownertrustjob.moc"
diff --git a/lang/qt/src/qgpgmechangepasswdjob.cpp b/lang/qt/src/qgpgmechangepasswdjob.cpp
index 4e5f6e3..a182214 100644
--- a/lang/qt/src/qgpgmechangepasswdjob.cpp
+++ b/lang/qt/src/qgpgmechangepasswdjob.cpp
@@ -76,3 +76,5 @@ Error QGpgMEChangePasswdJob::start(const Key &key)
     run(bind(&change_passwd, _1, key));
     return Error();
 }
+
+#include "qgpgmechangepasswdjob.moc"
diff --git a/lang/qt/src/qgpgmedecryptjob.cpp b/lang/qt/src/qgpgmedecryptjob.cpp
index f084e2a..9ce4181 100644
--- a/lang/qt/src/qgpgmedecryptjob.cpp
+++ b/lang/qt/src/qgpgmedecryptjob.cpp
@@ -125,3 +125,5 @@ void QGpgMEDecryptJob::resultHook(const result_type &tuple)
 {
     mResult = get<0>(tuple);
 }
+
+#include "qgpgmedecryptjob.moc"
diff --git a/lang/qt/src/qgpgmedecryptverifyjob.cpp b/lang/qt/src/qgpgmedecryptverifyjob.cpp
index 635511e..7e6c4b5 100644
--- a/lang/qt/src/qgpgmedecryptverifyjob.cpp
+++ b/lang/qt/src/qgpgmedecryptverifyjob.cpp
@@ -133,3 +133,4 @@ void QGpgMEDecryptVerifyJob::resultHook(const result_type &tuple)
 {
     mResult = std::make_pair(get<0>(tuple), get<1>(tuple));
 }
+#include "qgpgmedecryptverifyjob.moc"
diff --git a/lang/qt/src/qgpgmedeletejob.cpp b/lang/qt/src/qgpgmedeletejob.cpp
index c5f5253..8ec4f0a 100644
--- a/lang/qt/src/qgpgmedeletejob.cpp
+++ b/lang/qt/src/qgpgmedeletejob.cpp
@@ -63,3 +63,4 @@ Error QGpgMEDeleteJob::start(const Key &key, bool allowSecretKeyDeletion)
     run(bind(&delete_key, _1, key, allowSecretKeyDeletion));
     return Error();
 }
+#include "qgpgmedeletejob.moc"
diff --git a/lang/qt/src/qgpgmedownloadjob.cpp b/lang/qt/src/qgpgmedownloadjob.cpp
index 3baa629..f46f428 100644
--- a/lang/qt/src/qgpgmedownloadjob.cpp
+++ b/lang/qt/src/qgpgmedownloadjob.cpp
@@ -100,3 +100,4 @@ Error QGpgMEDownloadJob::start(const QByteArray &fpr, const boost::shared_ptr<QI
     run(bind(&download, _1, _2, fpr, _3), keyData);
     return Error();
 }
+#include "qgpgmedownloadjob.moc"
diff --git a/lang/qt/src/qgpgmeencryptjob.cpp b/lang/qt/src/qgpgmeencryptjob.cpp
index 4618e4a..97406dd 100644
--- a/lang/qt/src/qgpgmeencryptjob.cpp
+++ b/lang/qt/src/qgpgmeencryptjob.cpp
@@ -159,3 +159,4 @@ void QGpgMEEncryptJob::showErrorDialog(QWidget *parent, const QString &caption)
     }
 }
 #endif
+#include "qgpgmeencryptjob.moc"
diff --git a/lang/qt/src/qgpgmeexportjob.cpp b/lang/qt/src/qgpgmeexportjob.cpp
index 12bbfd2..d3a390e 100644
--- a/lang/qt/src/qgpgmeexportjob.cpp
+++ b/lang/qt/src/qgpgmeexportjob.cpp
@@ -74,3 +74,4 @@ Error QGpgMEExportJob::start(const QStringList &patterns)
     run(bind(&export_qba, _1, patterns));
     return Error();
 }
+#include "qgpgmeexportjob.moc"
diff --git a/lang/qt/src/qgpgmeimportfromkeyserverjob.cpp b/lang/qt/src/qgpgmeimportfromkeyserverjob.cpp
index 846ebee..ecf7879 100644
--- a/lang/qt/src/qgpgmeimportfromkeyserverjob.cpp
+++ b/lang/qt/src/qgpgmeimportfromkeyserverjob.cpp
@@ -80,3 +80,4 @@ void QGpgME::QGpgMEImportFromKeyserverJob::resultHook(const result_type &tuple)
 {
     mResult = get<0>(tuple);
 }
+#include "qgpgmeimportfromkeyserverjob.moc"
diff --git a/lang/qt/src/qgpgmeimportjob.cpp b/lang/qt/src/qgpgmeimportjob.cpp
index 973a0bf..0e44cbe 100644
--- a/lang/qt/src/qgpgmeimportjob.cpp
+++ b/lang/qt/src/qgpgmeimportjob.cpp
@@ -83,3 +83,4 @@ void QGpgME::QGpgMEImportJob::resultHook(const result_type &tuple)
 {
     mResult = get<0>(tuple);
 }
+#include "qgpgmeimportjob.moc"
diff --git a/lang/qt/src/qgpgmekeygenerationjob.cpp b/lang/qt/src/qgpgmekeygenerationjob.cpp
index 56323c9..fc7cf15 100644
--- a/lang/qt/src/qgpgmekeygenerationjob.cpp
+++ b/lang/qt/src/qgpgmekeygenerationjob.cpp
@@ -69,3 +69,4 @@ Error QGpgMEKeyGenerationJob::start(const QString &parameters)
     run(bind(&generate_key, _1, parameters));
     return Error();
 }
+#include "qgpgmekeygenerationjob.moc"
diff --git a/lang/qt/src/qgpgmekeylistjob.cpp b/lang/qt/src/qgpgmekeylistjob.cpp
index 6059941..2af45fe 100644
--- a/lang/qt/src/qgpgmekeylistjob.cpp
+++ b/lang/qt/src/qgpgmekeylistjob.cpp
@@ -165,3 +165,4 @@ void QGpgMEKeyListJob::showErrorDialog(QWidget *parent, const QString &caption)
     KMessageBox::error(parent, msg, caption);
 }
 #endif
+#include "qgpgmekeylistjob.moc"
diff --git a/lang/qt/src/qgpgmelistallkeysjob.cpp b/lang/qt/src/qgpgmelistallkeysjob.cpp
index a51231f..4f98d34 100644
--- a/lang/qt/src/qgpgmelistallkeysjob.cpp
+++ b/lang/qt/src/qgpgmelistallkeysjob.cpp
@@ -168,3 +168,4 @@ void QGpgMEListAllKeysJob::showErrorDialog(QWidget *parent, const QString &capti
     KMessageBox::error(parent, msg, caption);
 }
 #endif
+#include "qgpgmelistallkeysjob.moc"
diff --git a/lang/qt/src/qgpgmerefreshkeysjob.cpp b/lang/qt/src/qgpgmerefreshkeysjob.cpp
index 2a35b23..67b0a14 100644
--- a/lang/qt/src/qgpgmerefreshkeysjob.cpp
+++ b/lang/qt/src/qgpgmerefreshkeysjob.cpp
@@ -222,3 +222,4 @@ void QGpgME::QGpgMERefreshKeysJob::slotProcessExited(int exitCode, QProcess::Exi
     Q_EMIT result(mError);
     deleteLater();
 }
+#include "qgpgmerefreshkeysjob.moc"
diff --git a/lang/qt/src/qgpgmesecretkeyexportjob.cpp b/lang/qt/src/qgpgmesecretkeyexportjob.cpp
index 9fd3ffe..3c330b0 100644
--- a/lang/qt/src/qgpgmesecretkeyexportjob.cpp
+++ b/lang/qt/src/qgpgmesecretkeyexportjob.cpp
@@ -139,3 +139,4 @@ void QGpgME::QGpgMESecretKeyExportJob::slotProcessExited(int exitCode, QProcess:
     Q_EMIT result(mError, mKeyData);
     deleteLater();
 }
+#include "qgpgmesecretkeyexportjob.moc"
diff --git a/lang/qt/src/qgpgmesignencryptjob.cpp b/lang/qt/src/qgpgmesignencryptjob.cpp
index 1712b38..7c184c6 100644
--- a/lang/qt/src/qgpgmesignencryptjob.cpp
+++ b/lang/qt/src/qgpgmesignencryptjob.cpp
@@ -158,3 +158,4 @@ void QGpgMESignEncryptJob::resultHook(const result_type &tuple)
 {
     mResult = std::make_pair(get<0>(tuple), get<1>(tuple));
 }
+#include "qgpgmesignencryptjob.moc"
diff --git a/lang/qt/src/qgpgmesignjob.cpp b/lang/qt/src/qgpgmesignjob.cpp
index 5d8ae85..3fdf3e6 100644
--- a/lang/qt/src/qgpgmesignjob.cpp
+++ b/lang/qt/src/qgpgmesignjob.cpp
@@ -162,3 +162,4 @@ void QGpgMESignJob::showErrorDialog(QWidget *parent, const QString &caption) con
     }
 }
 #endif
+#include "qgpgmesignjob.moc"
diff --git a/lang/qt/src/qgpgmesignkeyjob.cpp b/lang/qt/src/qgpgmesignkeyjob.cpp
index c6bbe2c..d683e53 100644
--- a/lang/qt/src/qgpgmesignkeyjob.cpp
+++ b/lang/qt/src/qgpgmesignkeyjob.cpp
@@ -125,3 +125,4 @@ void QGpgMESignKeyJob::setNonRevocable(bool nonRevocable)
     assert(!m_started);
     m_nonRevocable = nonRevocable;
 }
+#include "qgpgmesignkeyjob.moc"
diff --git a/lang/qt/src/qgpgmeverifydetachedjob.cpp b/lang/qt/src/qgpgmeverifydetachedjob.cpp
index 5122835..3d65242 100644
--- a/lang/qt/src/qgpgmeverifydetachedjob.cpp
+++ b/lang/qt/src/qgpgmeverifydetachedjob.cpp
@@ -117,3 +117,4 @@ void QGpgME::QGpgMEVerifyDetachedJob::resultHook(const result_type &tuple)
 {
     mResult = get<0>(tuple);
 }
+#include "qgpgmeverifydetachedjob.moc"
diff --git a/lang/qt/src/qgpgmeverifyopaquejob.cpp b/lang/qt/src/qgpgmeverifyopaquejob.cpp
index fd5b708..fc5c1f2 100644
--- a/lang/qt/src/qgpgmeverifyopaquejob.cpp
+++ b/lang/qt/src/qgpgmeverifyopaquejob.cpp
@@ -124,3 +124,4 @@ void QGpgME::QGpgMEVerifyOpaqueJob::resultHook(const result_type &tuple)
 {
     mResult = get<0>(tuple);
 }
+#include "qgpgmeverifyopaquejob.moc"

commit 0cc9006dbc59d87c6bcda88b36d59dcb69ac35cb
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Sun Apr 3 01:30:57 2016 -0800

    Qt: Declare pure virtuals as such
    
    * lang/qt/src/qgpgmebackend.h (Protocol): Make all functions
     pure virtual.
    
    --
    Fixes errors when linking with QGpgME.

diff --git a/lang/qt/src/qgpgmebackend.h b/lang/qt/src/qgpgmebackend.h
index 962a4d9..d442fa5 100644
--- a/lang/qt/src/qgpgmebackend.h
+++ b/lang/qt/src/qgpgmebackend.h
@@ -139,11 +139,11 @@ public:
     virtual SignEncryptJob       *signEncryptJob(bool armor = false, bool textMode = false) const = 0;
     virtual DecryptVerifyJob     *decryptVerifyJob(bool textmode = false) const = 0;
     virtual RefreshKeysJob       *refreshKeysJob() const = 0;
-    virtual ChangeExpiryJob      *changeExpiryJob() const;
-    virtual ChangeOwnerTrustJob *changeOwnerTrustJob() const;
-    virtual ChangePasswdJob      *changePasswdJob() const;
-    virtual SignKeyJob           *signKeyJob() const;
-    virtual AddUserIDJob         *addUserIDJob() const;
+    virtual ChangeExpiryJob      *changeExpiryJob() const = 0;
+    virtual SignKeyJob           *signKeyJob() const = 0;
+    virtual ChangePasswdJob      *changePasswdJob() const = 0;
+    virtual ChangeOwnerTrustJob  *changeOwnerTrustJob() const = 0;
+    virtual AddUserIDJob         *addUserIDJob() const = 0;
     virtual SpecialJob           *specialJob(const char *type, const QMap<QString, QVariant> &args) const = 0;
 };
 

commit 3e38cc6fc67c420dec3e9e8afd072b4c8a157c85
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Sun Apr 3 01:27:58 2016 -0800

    Qt: Don't declare showErrorDialog anymore
    
    * cpp/qt/src/job.h: Remove showErrorDialog.
    
    --
    If additional error handling is neccessary emitting
    signals to a gui application would be better API for qgpgme.

diff --git a/lang/qt/src/job.h b/lang/qt/src/job.h
index caa840b..0882539 100644
--- a/lang/qt/src/job.h
+++ b/lang/qt/src/job.h
@@ -75,8 +75,6 @@ protected:
 public:
     ~Job();
 
-    virtual void showErrorDialog(QWidget *parent = Q_NULLPTR, const QString &caption = QString()) const;
-
     virtual QString auditLogAsHtml() const;
     virtual GpgME::Error auditLogError() const;
     bool isAuditLogSupported() const;

commit 7071b2a9c00b85d434d01b6166269ebf48b01b81
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Sun Apr 3 01:22:19 2016 -0800

    Qt: Only use GpgME based config class
    
    * lang/qt/src/qgpgmecryptoconfig.cpp,
     lang/qt/src/qgpgmecryptoconfig.h: Removed.
    * lang/qt/src/qgpgmebackend.cpp: Return newcryptoconfig.
    
    --
    The GpgME based config class is the way forward and the
    old class was using KDE Code. Probably needs some bugfixes
    as previously the new class was only used for Windows CE

diff --git a/lang/qt/src/qgpgmebackend.cpp b/lang/qt/src/qgpgmebackend.cpp
index ac77124..1167dae 100644
--- a/lang/qt/src/qgpgmebackend.cpp
+++ b/lang/qt/src/qgpgmebackend.cpp
@@ -33,7 +33,6 @@
 
 #include "qgpgmebackend.h"
 
-#include "qgpgmecryptoconfig.h"
 #include "qgpgmenewcryptoconfig.h"
 
 #include "qgpgmekeygenerationjob.h"
@@ -408,14 +407,9 @@ QString QGpgME::QGpgMEBackend::displayName() const
 QGpgME::CryptoConfig *QGpgME::QGpgMEBackend::config() const
 {
     if (!mCryptoConfig) {
-#ifdef _WIN32_WCE // for now...
         if (GpgME::hasFeature(GpgME::GpgConfEngineFeature, 0)) {
             mCryptoConfig = new QGpgMENewCryptoConfig;
-        } else
-#endif
-            if (!QGpgMECryptoConfig::gpgConfPath().isEmpty()) {
-                mCryptoConfig = new QGpgMECryptoConfig();
-            }
+        }
     }
     return mCryptoConfig;
 }
diff --git a/lang/qt/src/qgpgmecryptoconfig.cpp b/lang/qt/src/qgpgmecryptoconfig.cpp
deleted file mode 100644
index fe3e54f..0000000
--- a/lang/qt/src/qgpgmecryptoconfig.cpp
+++ /dev/null
@@ -1,948 +0,0 @@
-/*
-    qgpgmecryptoconfig.cpp
-
-    This file is part of qgpgme, the Qt API binding for gpgme
-    Copyright (c) 2004 Klar?lvdalens Datakonsult AB
-    Copyright (c) 2016 Intevation GmbH
-
-    Libkleopatra is free software; you can redistribute it and/or
-    modify it under the terms of the GNU General Public License as
-    published by the Free Software Foundation; either version 2 of the
-    License, or (at your option) any later version.
-
-    Libkleopatra is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-    General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-    In addition, as a special exception, the copyright holders give
-    permission to link the code of this program with any edition of
-    the Qt library by Trolltech AS, Norway (or with modified versions
-    of Qt that use the same license as Qt), and distribute linked
-    combinations including the two.  You must obey the GNU General
-    Public License in all respects for all of the code used other than
-    Qt.  If you modify this file, you may extend this exception to
-    your version of the file, but you are not obligated to do so.  If
-    you do not wish to do so, delete this exception statement from
-    your version.
-*/
-
-#include "qgpgmecryptoconfig.h"
-
-#include <QList>
-#include <QByteArray>
-#include <errno.h>
-#include "gpgme_backend_debug.h"
-
-#include "engineinfo.h"
-#include "global.h"
-
-#include <cassert>
-#include <QTemporaryFile>
-#include <QFile>
-#include <cstdlib>
-#include <iterator>
-#include <QStandardPaths>
-
-// Just for the Q_ASSERT in the dtor. Not thread-safe, but who would
-// have 2 threads talking to gpgconf anyway? :)
-static bool s_duringClear = false;
-
-static const int GPGCONF_FLAG_GROUP = 1;
-static const int GPGCONF_FLAG_OPTIONAL = 2;
-static const int GPGCONF_FLAG_LIST = 4;
-static const int GPGCONF_FLAG_RUNTIME = 8;
-static const int GPGCONF_FLAG_DEFAULT = 16; // fixed default value available
-//static const int GPGCONF_FLAG_DEFAULT_DESC = 32; // runtime default value available
-//static const int GPGCONF_FLAG_NOARG_DESC = 64; // option with optional arg; special meaning if no arg set
-static const int GPGCONF_FLAG_NO_CHANGE = 128; // readonly
-// Change size of mFlags bitfield if adding new values here
-
-QString QGpgMECryptoConfig::gpgConfPath()
-{
-    const GpgME::EngineInfo info = GpgME::engineInfo(GpgME::GpgConfEngine);
-    return info.fileName() ? QFile::decodeName(info.fileName()) : QStandardPaths::findExecutable(QStringLiteral("gpgconf"));
-}
-
-QGpgMECryptoConfig::QGpgMECryptoConfig()
-    :  mParsed(false)
-{
-}
-
-QGpgMECryptoConfig::~QGpgMECryptoConfig()
-{
-    clear();
-}
-
-void QGpgMECryptoConfig::runGpgConf(bool showErrors)
-{
-    // Run gpgconf --list-components to make the list of components
-    KProcess process;
-
-    process << gpgConfPath();
-    process << QStringLiteral("--list-components");
-
-    connect(&process, &KProcess::readyReadStandardOutput, this, &QGpgMECryptoConfig::slotCollectStdOut);
-
-    // run the process:
-    int rc = 0;
-    process.setOutputChannelMode(KProcess::OnlyStdoutChannel);
-    process.start();
-    if (!process.waitForFinished()) {
-        rc = -2;
-    } else if (process.exitStatus() == QProcess::NormalExit) {
-        rc = process.exitCode();
-    } else {
-        rc = -1;
-    }
-
-    // handle errors, if any (and if requested)
-    if (showErrors && rc != 0) {
-        QString reason;
-        if (rc == -1) {
-            reason = i18n("program terminated unexpectedly");
-        } else if (rc == -2) {
-            reason = i18n("program not found or cannot be started");
-        } else {
-            reason = QString::fromLocal8Bit(strerror(rc));    // XXX errno as an exit code?
-        }
-        QString wmsg = i18n("<qt>Failed to execute gpgconf:<p>%1</p></qt>", reason);
-        qCWarning(GPGPME_BACKEND_LOG) << wmsg; // to see it from test_cryptoconfig.cpp
-        KMessageBox::error(0, wmsg);
-    }
-    mParsed = true;
-}
-
-void QGpgMECryptoConfig::slotCollectStdOut()
-{
-    assert(qobject_cast<KProcess *>(QObject::sender()));
-    KProcess *const proc = static_cast<KProcess *>(QObject::sender());
-    while (proc->canReadLine()) {
-        QString line = QString::fromUtf8(proc->readLine());
-        if (line.endsWith(QLatin1Char('\n'))) {
-            line.chop(1);
-        }
-        if (line.endsWith(QLatin1Char('\r'))) {
-            line.chop(1);
-        }
-        //qCDebug(GPGPME_BACKEND_LOG) <<"GOT LINE:" << line;
-        // Format: NAME:DESCRIPTION
-        const QStringList lst = line.split(QLatin1Char(':'));
-        if (lst.count() >= 2) {
-            const std::pair<QString, QGpgMECryptoConfigComponent *> pair(lst[0], new QGpgMECryptoConfigComponent(this, lst[0], lst[1]));
-            mComponentsNaturalOrder.push_back(pair);
-            mComponentsByName[pair.first] = pair.second;
-        } else {
-            qCWarning(GPGPME_BACKEND_LOG) << "Parse error on gpgconf --list-components output:" << line;
-        }
-    }
-}
-
-namespace
-{
-struct Select1St {
-    template <typename U, typename V>
-    const U &operator()(const std::pair<U, V> &p) const
-    {
-        return p.first;
-    }
-    template <typename U, typename V>
-    const U &operator()(const QPair<U, V> &p) const
-    {
-        return p.first;
-    }
-};
-}
-
-QStringList QGpgMECryptoConfig::componentList() const
-{
-    if (!mParsed) {
-        const_cast<QGpgMECryptoConfig *>(this)->runGpgConf(true);
-    }
-    QStringList result;
-    std::transform(mComponentsNaturalOrder.begin(), mComponentsNaturalOrder.end(),
-                   std::back_inserter(result), Select1St());
-    return result;
-}
-
-QGpgME::CryptoConfigComponent *QGpgMECryptoConfig::component(const QString &name) const
-{
-    if (!mParsed) {
-        const_cast<QGpgMECryptoConfig *>(this)->runGpgConf(false);
-    }
-    return mComponentsByName.value(name);
-}
-
-void QGpgMECryptoConfig::sync(bool runtime)
-{
-    Q_FOREACH (QGpgMECryptoConfigComponent *it, mComponentsByName) {
-        it->sync(runtime);
-    }
-}
-
-void QGpgMECryptoConfig::clear()
-{
-    s_duringClear = true;
-    mComponentsNaturalOrder.clear();
-    qDeleteAll(mComponentsByName);
-    mComponentsByName.clear();
-    s_duringClear = false;
-    mParsed = false; // next call to componentList/component will need to run gpgconf again
-}
-
-////
-
-QGpgMECryptoConfigComponent::QGpgMECryptoConfigComponent(QGpgMECryptoConfig *, const QString &name, const QString &description)
-    : mName(name), mDescription(description)
-{
-    runGpgConf();
-}
-
-QGpgMECryptoConfigComponent::~QGpgMECryptoConfigComponent()
-{
-    mGroupsNaturalOrder.clear();
-    qDeleteAll(mGroupsByName);
-    mGroupsByName.clear();
-}
-
-void QGpgMECryptoConfigComponent::runGpgConf()
-{
-    const QString gpgconf = QGpgMECryptoConfig::gpgConfPath();
-    if (gpgconf.isEmpty()) {
-        qCWarning(GPGPME_BACKEND_LOG) << "Can't get path to gpgconf executable...";
-        return;
-    }
-
-    // Run gpgconf --list-options <component>, and create all groups and entries for that component
-    KProcess proc;
-    proc << gpgconf;
-    proc << QStringLiteral("--list-options");
-    proc << mName;
-
-    //qCDebug(GPGPME_BACKEND_LOG) <<"Running gpgconf --list-options" << mName;
-
-    connect(&proc, &KProcess::readyReadStandardOutput, this, &QGpgMECryptoConfigComponent::slotCollectStdOut);
-    mCurrentGroup = 0;
-
-    // run the process:
-    int rc = 0;
-    proc.setOutputChannelMode(KProcess::OnlyStdoutChannel);
-    proc.start();
-    if (!proc.waitForFinished()) {
-        rc = -2;
-    } else if (proc.exitStatus() == QProcess::NormalExit) {
-        rc = proc.exitCode();
-    } else {
-        rc = -1;
-    }
-
-    if (rc != 0) { // can happen when using the wrong version of gpg...
-        qCWarning(GPGPME_BACKEND_LOG) << "Running 'gpgconf --list-options" << mName << "' failed." << strerror(rc) << ", but try that command to see the real output";
-    } else {
-        if (mCurrentGroup && !mCurrentGroup->mEntriesNaturalOrder.empty()) {   // only add non-empty groups
-            mGroupsByName.insert(mCurrentGroupName, mCurrentGroup);
-            mGroupsNaturalOrder.push_back(std::make_pair(mCurrentGroupName, mCurrentGroup));
-        }
-    }
-}
-
-void QGpgMECryptoConfigComponent::slotCollectStdOut()
-{
-    assert(qobject_cast<KProcess *>(QObject::sender()));
-    KProcess *const proc = static_cast<KProcess *>(QObject::sender());
-    while (proc->canReadLine()) {
-        QString line = QString::fromUtf8(proc->readLine());
-        if (line.endsWith(QLatin1Char('\n'))) {
-            line.chop(1);
-        }
-        if (line.endsWith(QLatin1Char('\r'))) {
-            line.chop(1);
-        }
-        //qCDebug(GPGPME_BACKEND_LOG) <<"GOT LINE:" << line;
-        // Format: NAME:FLAGS:LEVEL:DESCRIPTION:TYPE:ALT-TYPE:ARGNAME:DEFAULT:ARGDEF:VALUE
-        const QStringList lst = line.split(QLatin1Char(':'));
-        if (lst.count() >= 10) {
-            const int flags = lst[1].toInt();
-            const int level = lst[2].toInt();
-            if (level > 2) { // invisible or internal -> skip it;
-                continue;
-            }
-            if (flags & GPGCONF_FLAG_GROUP) {
-                if (mCurrentGroup && !mCurrentGroup->mEntriesNaturalOrder.empty()) {   // only add non-empty groups
-                    mGroupsByName.insert(mCurrentGroupName, mCurrentGroup);
-                    mGroupsNaturalOrder.push_back(std::make_pair(mCurrentGroupName, mCurrentGroup));
-                }
-                //else
-                //  qCDebug(GPGPME_BACKEND_LOG) <<"Discarding empty group" << mCurrentGroupName;
-                mCurrentGroup = new QGpgMECryptoConfigGroup(this, lst[0], lst[3], level);
-                mCurrentGroupName = lst[0];
-            } else {
-                // normal entry
-                if (!mCurrentGroup) {    // first toplevel entry -> create toplevel group
-                    mCurrentGroup = new QGpgMECryptoConfigGroup(this, QStringLiteral("<nogroup>"), QString(), 0);
-                    mCurrentGroupName = QStringLiteral("<nogroup>");
-                }
-                const QString &name = lst[0];
-                QGpgMECryptoConfigEntry *value = new QGpgMECryptoConfigEntry(mCurrentGroup, lst);
-                mCurrentGroup->mEntriesByName.insert(name, value);
-                mCurrentGroup->mEntriesNaturalOrder.push_back(std::make_pair(name, value));
-            }
-        } else {
-            // This happens on lines like
-            // dirmngr[31465]: error opening `/home/dfaure/.gnupg/dirmngr_ldapservers.conf': No such file or directory
-            // so let's not bother the user with it.
-            //qCWarning(GPGPME_BACKEND_LOG) <<"Parse error on gpgconf --list-options output:" << line;
-        }
-    }
-}
-
-QStringList QGpgMECryptoConfigComponent::groupList() const
-{
-    QStringList result;
-    std::transform(mGroupsNaturalOrder.begin(), mGroupsNaturalOrder.end(),
-                   std::back_inserter(result), Select1St());
-    return result;
-}
-
-QGpgME::CryptoConfigGroup *QGpgMECryptoConfigComponent::group(const QString &name) const
-{
-    return mGroupsByName.value(name);
-}
-
-void QGpgMECryptoConfigComponent::sync(bool runtime)
-{
-    QTemporaryFile tmpFile;
-    tmpFile.open();
-
-    QList<QGpgMECryptoConfigEntry *> dirtyEntries;
-
-    // Collect all dirty entries
-    const QList<QString> keylist = mGroupsByName.uniqueKeys();
-    Q_FOREACH (const QString &key, keylist) {
-        const QHash<QString, QGpgMECryptoConfigEntry *> entry = mGroupsByName[key]->mEntriesByName;
-        const QList<QString> keylistentry = entry.uniqueKeys();
-        Q_FOREACH (const QString &keyentry, keylistentry) {
-            if (entry[keyentry]->isDirty()) {
-                // OK, we can set it.currentKey() to it.current()->outputString()
-                QString line = keyentry;
-                if (entry[keyentry]->isSet()) {   // set option
-                    line += QLatin1String(":0:");
-                    line += entry[keyentry]->outputString();
-                } else {                       // unset option
-                    line += QLatin1String(":16:");
-                }
-#ifdef Q_OS_WIN
-                line += QLatin1Char('\r');
-#endif
-                line += QLatin1Char('\n');
-                const QByteArray line8bit = line.toUtf8(); // encode with utf8, and K3ProcIO uses utf8 when reading.
-                tmpFile.write(line8bit);
-                dirtyEntries.append(entry[keyentry]);
-
-            }
-        }
-    }
-
-    tmpFile.flush();
-    if (dirtyEntries.isEmpty()) {
-        return;
-    }
-
-    // Call gpgconf --change-options <component>
-    const QString gpgconf = QGpgMECryptoConfig::gpgConfPath();
-    QString commandLine = gpgconf.isEmpty()
-                          ? QStringLiteral("gpgconf")
-                          : KShell::quoteArg(gpgconf);
-    if (runtime) {
-        commandLine += QLatin1String(" --runtime");
-    }
-    commandLine += QLatin1String(" --change-options ");
-    commandLine += KShell::quoteArg(mName);
-    commandLine += QLatin1String(" < ");
-    commandLine += KShell::quoteArg(tmpFile.fileName());
-
-    //qCDebug(GPGPME_BACKEND_LOG) << commandLine;
-    //system( QCString( "cat " ) + tmpFile.name().toLatin1() ); // DEBUG
-
-    KProcess proc;
-    proc.setShellCommand(commandLine);
-
-    // run the process:
-    int rc = proc.execute();
-
-    if (rc == -2) {
-        QString wmsg = i18n("Could not start gpgconf.\nCheck that gpgconf is in the PATH and that it can be started.");
-        qCWarning(GPGPME_BACKEND_LOG) << wmsg;
-        KMessageBox::error(0, wmsg);
-    } else if (rc != 0) { // Happens due to bugs in gpgconf (e.g. issues 104/115)
-        QString wmsg = i18n("Error from gpgconf while saving configuration: %1", QString::fromLocal8Bit(strerror(rc)));
-        qCWarning(GPGPME_BACKEND_LOG) << ":" << strerror(rc);
-        KMessageBox::error(0, wmsg);
-    } else {
-        QList<QGpgMECryptoConfigEntry *>::const_iterator it = dirtyEntries.constBegin();
-        for (; it != dirtyEntries.constEnd(); ++it) {
-            (*it)->setDirty(false);
-        }
-    }
-}
-
-////
-
-QGpgMECryptoConfigGroup::QGpgMECryptoConfigGroup(QGpgMECryptoConfigComponent *comp, const QString &name, const QString &description, int level)
-    :
-    mComponent(comp),
-    mName(name),
-    mDescription(description),
-    mLevel(static_cast<QGpgME::CryptoConfigEntry::Level>(level))
-{
-}
-
-QGpgMECryptoConfigGroup::~QGpgMECryptoConfigGroup()
-{
-    mEntriesNaturalOrder.clear();
-    qDeleteAll(mEntriesByName);
-    mEntriesByName.clear();
-}
-
-QStringList QGpgMECryptoConfigGroup::entryList() const
-{
-    QStringList result;
-    std::transform(mEntriesNaturalOrder.begin(), mEntriesNaturalOrder.end(),
-                   std::back_inserter(result), Select1St());
-    return result;
-}
-
-QGpgME::CryptoConfigEntry *QGpgMECryptoConfigGroup::entry(const QString &name) const
-{
-    return mEntriesByName.value(name);
-}
-
-////
-
-static QString gpgconf_unescape(const QString &str, bool handleComma = true)
-{
-    /* See gpgconf_escape */
-    QString dec(str);
-    dec.replace(QStringLiteral("%25"), QStringLiteral("%"));
-    dec.replace(QStringLiteral("%3a"), QStringLiteral(":"));
-    if (handleComma) {
-        dec.replace(QStringLiteral("%2c"), QStringLiteral(","));
-    }
-    return dec;
-}
-
-static QString gpgconf_escape(const QString &str, bool handleComma = true)
-{
-    /* Gpgconf does not really percent encode. It just
-     * encodes , % and : characters. It expects all other
-     * chars to be UTF-8 encoded.
-     * Except in the Base-DN part where a , may not be percent
-     * escaped.
-     */
-    QString esc(str);
-    esc.replace(QLatin1Char('%'), QStringLiteral("%25"));
-    esc.replace(QLatin1Char(':'), QStringLiteral("%3a"));
-    if (handleComma) {
-        esc.replace(QLatin1Char(','), QStringLiteral("%2c"));
-    }
-    return esc;
-}
-
-static QString urlpart_escape(const QString &str)
-{
-    /* We need to double escape here, as a username or password
-     * or an LDAP Base-DN may contain : or , and in that
-     * case we would break gpgconf's format if we only escaped
-     * the : once. As an escaped : is used internaly to split
-     * the parts of an url. */
-
-    return gpgconf_escape(gpgconf_escape(str, false), false);
-}
-
-static QString urlpart_unescape(const QString &str)
-{
-    /* See urlpart_escape */
-    return gpgconf_unescape(gpgconf_unescape(str, false), false);
-}
-
-// gpgconf arg type number -> CryptoConfigEntry arg type enum mapping
-static QGpgME::CryptoConfigEntry::ArgType knownArgType(int argType, bool &ok)
-{
-    ok = true;
-    switch (argType) {
-    case 0: // none
-        return QGpgME::CryptoConfigEntry::ArgType_None;
-    case 1: // string
-        return QGpgME::CryptoConfigEntry::ArgType_String;
-    case 2: // int32
-        return QGpgME::CryptoConfigEntry::ArgType_Int;
-    case 3: // uint32
-        return QGpgME::CryptoConfigEntry::ArgType_UInt;
-    case 32: // pathname
-        return QGpgME::CryptoConfigEntry::ArgType_Path;
-    case 33: // ldap server
-        return QGpgME::CryptoConfigEntry::ArgType_LDAPURL;
-    default:
-        ok = false;
-        return QGpgME::CryptoConfigEntry::ArgType_None;
-    }
-}
-
-QGpgMECryptoConfigEntry::QGpgMECryptoConfigEntry(QGpgMECryptoConfigGroup *group, const QStringList &parsedLine)
-    : mGroup(group)
-{
-    // Format: NAME:FLAGS:LEVEL:DESCRIPTION:TYPE:ALT-TYPE:ARGNAME:DEFAULT:ARGDEF:VALUE
-    assert(parsedLine.count() >= 10);   // called checked for it already
-    QStringList::const_iterator it = parsedLine.constBegin();
-    mName = *it++;
-    mFlags = (*it++).toInt();
-    mLevel = (*it++).toInt();
-    mDescription = *it++;
-    bool ok;
-    // we keep the real (int) arg type, since it influences the parsing (e.g. for ldap urls)
-    mRealArgType = (*it++).toInt();
-    mArgType = knownArgType(mRealArgType, ok);
-    if (!ok && !(*it).isEmpty()) {
-        // use ALT-TYPE
-        mRealArgType = (*it).toInt();
-        mArgType = knownArgType(mRealArgType, ok);
-    }
-    if (!ok) {
-        qCWarning(GPGPME_BACKEND_LOG) << "Unsupported datatype:" << parsedLine[4] << " :" << *it << " for" << parsedLine[0];
-    }
-    ++it; // done with alt-type
-    ++it; // skip argname (not useful in GUIs)
-
-    mSet = false;
-    QString value;
-    if (mFlags & GPGCONF_FLAG_DEFAULT) {
-        value = *it; // get default value
-        mDefaultValue = stringToValue(value, true);
-    }
-    ++it; // done with DEFAULT
-    ++it; // ### skip ARGDEF for now. It's only for options with an "optional arg"
-    //qCDebug(GPGPME_BACKEND_LOG) <<"Entry" << parsedLine[0] <<" val=" << *it;
-
-    if (!(*it).isEmpty()) {    // a real value was set
-        mSet = true;
-        value = *it;
-        mValue = stringToValue(value, true);
-    } else {
-        mValue = mDefaultValue;
-    }
-
-    mDirty = false;
-}
-
-QVariant QGpgMECryptoConfigEntry::stringToValue(const QString &str, bool unescape) const
-{
-    const bool isString = isStringType();
-
-    if (isList()) {
-        if (argType() == ArgType_None) {
-            bool ok = true;
-            const QVariant v = str.isEmpty() ? 0U : str.toUInt(&ok);
-            if (!ok) {
-                qCWarning(GPGPME_BACKEND_LOG) << "list-of-none should have an unsigned int as value:" << str;
-            }
-            return v;
-        }
-        QList<QVariant> lst;
-        QStringList items = str.split(QLatin1Char(','), QString::SkipEmptyParts);
-        for (QStringList::const_iterator valit = items.constBegin(); valit != items.constEnd(); ++valit) {
-            QString val = *valit;
-            if (isString) {
-                if (val.isEmpty()) {
-                    lst << QVariant(QString());
-                    continue;
-                } else if (unescape) {
-                    if (val[0] != QLatin1Char('"')) { // see README.gpgconf
-                        qCWarning(GPGPME_BACKEND_LOG) << "String value should start with '\"' :" << val;
-                    }
-                    val = val.mid(1);
-                }
-            }
-            lst << QVariant(unescape ? gpgconf_unescape(val) : val);
-        }
-        return lst;
-    } else { // not a list
-        QString val(str);
-        if (isString) {
-            if (val.isEmpty()) {
-                return QVariant(QString());    // not set  [ok with lists too?]
-            } else if (unescape) {
-                if (val[0] != QLatin1Char('"')) { // see README.gpgconf
-                    qCWarning(GPGPME_BACKEND_LOG) << "String value should start with '\"' :" << val;
-                }
-                val = val.mid(1);
-            }
-        }
-        return QVariant(unescape ? gpgconf_unescape(val) : val);
-    }
-}
-
-QGpgMECryptoConfigEntry::~QGpgMECryptoConfigEntry()
-{
-#ifndef NDEBUG
-    if (!s_duringClear && mDirty)
-        qCWarning(GPGPME_BACKEND_LOG) << "Deleting a QGpgMECryptoConfigEntry that was modified (" << mDescription << ")"
-                                      << "You forgot to call sync() (to commit) or clear() (to discard)";
-#endif
-}
-
-bool QGpgMECryptoConfigEntry::isOptional() const
-{
-    return mFlags & GPGCONF_FLAG_OPTIONAL;
-}
-
-bool QGpgMECryptoConfigEntry::isReadOnly() const
-{
-    return mFlags & GPGCONF_FLAG_NO_CHANGE;
-}
-
-bool QGpgMECryptoConfigEntry::isList() const
-{
-    return mFlags & GPGCONF_FLAG_LIST;
-}
-
-bool QGpgMECryptoConfigEntry::isRuntime() const
-{
-    return mFlags & GPGCONF_FLAG_RUNTIME;
-}
-
-bool QGpgMECryptoConfigEntry::isSet() const
-{
-    return mSet;
-}
-
-bool QGpgMECryptoConfigEntry::boolValue() const
-{
-    Q_ASSERT(mArgType == ArgType_None);
-    Q_ASSERT(!isList());
-    return mValue.toBool();
-}
-
-QString QGpgMECryptoConfigEntry::stringValue() const
-{
-    return toString(false);
-}
-
-int QGpgMECryptoConfigEntry::intValue() const
-{
-    Q_ASSERT(mArgType == ArgType_Int);
-    Q_ASSERT(!isList());
-    return mValue.toInt();
-}
-
-unsigned int QGpgMECryptoConfigEntry::uintValue() const
-{
-    Q_ASSERT(mArgType == ArgType_UInt);
-    Q_ASSERT(!isList());
-    return mValue.toUInt();
-}
-
-static QUrl parseURL(int mRealArgType, const QString &str)
-{
-    if (mRealArgType == 33) {   // LDAP server
-        // The format is HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN
-        QStringList items = str.split(QLatin1Char(':'));
-        if (items.count() == 5) {
-            QStringList::const_iterator it = items.constBegin();
-            QUrl url;
-            url.setScheme(QStringLiteral("ldap"));
-            url.setHost(gpgconf_unescape(*it++));
-
-            bool ok;
-            const int port = (*it++).toInt(&ok);
-            if (ok) {
-                url.setPort(port);
-            } else if (!it->isEmpty()) {
-                qCWarning(GPGPME_BACKEND_LOG) << "parseURL: malformed LDAP server port, ignoring: \"" << *it << "\"";
-            }
-
-            const QString userName = urlpart_unescape(*it++);
-            if (!userName.isEmpty()) {
-                url.setUserName(userName);
-            }
-            const QString passWord = urlpart_unescape(*it++);
-            if (!passWord.isEmpty()) {
-                url.setPassword(passWord);
-            }
-            url.setQuery(urlpart_unescape(*it));
-            return url;
-        } else {
-            qCWarning(GPGPME_BACKEND_LOG) << "parseURL: malformed LDAP server:" << str;
-        }
-    }
-    // other URLs : assume wellformed URL syntax.
-    return QUrl(str);
-}
-
-// The opposite of parseURL
-static QString splitURL(int mRealArgType, const QUrl &url)
-{
-    if (mRealArgType == 33) {   // LDAP server
-        // The format is HOSTNAME:PORT:USERNAME:PASSWORD:BASE_DN
-        Q_ASSERT(url.scheme() == QLatin1String("ldap"));
-        return gpgconf_escape(url.host()) + QLatin1Char(':') +
-               (url.port() != -1 ? QString::number(url.port()) : QString()) + QLatin1Char(':') +     // -1 is used for default ports, omit
-               urlpart_escape(url.userName()) + QLatin1Char(':') +
-               urlpart_escape(url.password()) + QLatin1Char(':') +
-               urlpart_escape(url.query());
-    }
-    return url.path();
-}
-
-QUrl QGpgMECryptoConfigEntry::urlValue() const
-{
-    Q_ASSERT(mArgType == ArgType_Path || mArgType == ArgType_LDAPURL);
-    Q_ASSERT(!isList());
-    QString str = mValue.toString();
-    if (mArgType == ArgType_Path) {
-        QUrl url = QUrl::fromUserInput(str, QString(), QUrl::AssumeLocalFile);
-        return url;
-    }
-    return parseURL(mRealArgType, str);
-}
-
-unsigned int QGpgMECryptoConfigEntry::numberOfTimesSet() const
-{
-    Q_ASSERT(mArgType == ArgType_None);
-    Q_ASSERT(isList());
-    return mValue.toUInt();
-}
-
-std::vector<int> QGpgMECryptoConfigEntry::intValueList() const
-{
-    Q_ASSERT(mArgType == ArgType_Int);
-    Q_ASSERT(isList());
-    std::vector<int> ret;
-    QList<QVariant> lst = mValue.toList();
-    ret.reserve(lst.size());
-    for (QList<QVariant>::const_iterator it = lst.constBegin(); it != lst.constEnd(); ++it) {
-        ret.push_back((*it).toInt());
-    }
-    return ret;
-}
-
-std::vector<unsigned int> QGpgMECryptoConfigEntry::uintValueList() const
-{
-    Q_ASSERT(mArgType == ArgType_UInt);
-    Q_ASSERT(isList());
-    std::vector<unsigned int> ret;
-    QList<QVariant> lst = mValue.toList();
-    ret.reserve(lst.size());
-    for (QList<QVariant>::const_iterator it = lst.constBegin(); it != lst.constEnd(); ++it) {
-        ret.push_back((*it).toUInt());
-    }
-    return ret;
-}
-
-QList<QUrl> QGpgMECryptoConfigEntry::urlValueList() const
-{
-    Q_ASSERT(mArgType == ArgType_Path || mArgType == ArgType_LDAPURL);
-    Q_ASSERT(isList());
-    QStringList lst = mValue.toStringList();
-
-    QList<QUrl> ret;
-    for (QStringList::const_iterator it = lst.constBegin(); it != lst.constEnd(); ++it) {
-        if (mArgType == ArgType_Path) {
-            QUrl url = QUrl::fromUserInput(*it, QString(), QUrl::AssumeLocalFile);
-        } else {
-            ret << parseURL(mRealArgType, *it);
-        }
-    }
-    return ret;
-}
-
-void QGpgMECryptoConfigEntry::resetToDefault()
-{
-    mSet = false;
-    mDirty = true;
-    if (mFlags & GPGCONF_FLAG_DEFAULT) {
-        mValue = mDefaultValue;
-    } else if (mArgType == ArgType_None) {
-        if (isList()) {
-            mValue = 0U;
-        } else {
-            mValue = false;
-        }
-    }
-}
-
-void QGpgMECryptoConfigEntry::setBoolValue(bool b)
-{
-    Q_ASSERT(mArgType == ArgType_None);
-    Q_ASSERT(!isList());
-    // A "no arg" option is either set or not set.
-    // Being set means mSet==true + mValue==true, being unset means resetToDefault(), i.e. both false
-    mValue = b;
-    mSet = b;
-    mDirty = true;
-}
-
-void QGpgMECryptoConfigEntry::setStringValue(const QString &str)
-{
-    mValue = stringToValue(str, false);
-    // When setting a string to empty (and there's no default), we need to act like resetToDefault
-    // Otherwise we try e.g. "ocsp-responder:0:" and gpgconf answers:
-    // "gpgconf: argument required for option ocsp-responder"
-    if (str.isEmpty() && !isOptional()) {
-        mSet = false;
-    } else {
-        mSet = true;
-    }
-    mDirty = true;
-}
-
-void QGpgMECryptoConfigEntry::setIntValue(int i)
-{
-    Q_ASSERT(mArgType == ArgType_Int);
-    Q_ASSERT(!isList());
-    mValue = i;
-    mSet = true;
-    mDirty = true;
-}
-
-void QGpgMECryptoConfigEntry::setUIntValue(unsigned int i)
-{
-    mValue = i;
-    mSet = true;
-    mDirty = true;
-}
-
-void QGpgMECryptoConfigEntry::setURLValue(const QUrl &url)
-{
-    QString str = splitURL(mRealArgType, url);
-    if (str.isEmpty() && !isOptional()) {
-        mSet = false;
-    } else {
-        mSet = true;
-    }
-    mValue = str;
-    mDirty = true;
-}
-
-void QGpgMECryptoConfigEntry::setNumberOfTimesSet(unsigned int i)
-{
-    Q_ASSERT(mArgType == ArgType_None);
-    Q_ASSERT(isList());
-    mValue = i;
-    mSet = i > 0;
-    mDirty = true;
-}
-
-void QGpgMECryptoConfigEntry::setIntValueList(const std::vector<int> &lst)
-{
-    QList<QVariant> ret;
-    for (std::vector<int>::const_iterator it = lst.begin(); it != lst.end(); ++it) {
-        ret << QVariant(*it);
-    }
-    mValue = ret;
-    if (ret.isEmpty() && !isOptional()) {
-        mSet = false;
-    } else {
-        mSet = true;
-    }
-    mDirty = true;
-}
-
-void QGpgMECryptoConfigEntry::setUIntValueList(const std::vector<unsigned int> &lst)
-{
-    QList<QVariant> ret;
-    for (std::vector<unsigned int>::const_iterator it = lst.begin(); it != lst.end(); ++it) {
-        ret << QVariant(*it);
-    }
-    if (ret.isEmpty() && !isOptional()) {
-        mSet = false;
-    } else {
-        mSet = true;
-    }
-    mValue = ret;
-    mDirty = true;
-}
-
-void QGpgMECryptoConfigEntry::setURLValueList(const QList<QUrl> &urls)
-{
-    QStringList lst;
-    for (QList<QUrl>::const_iterator it = urls.constBegin(); it != urls.constEnd(); ++it) {
-        lst << splitURL(mRealArgType, *it);
-    }
-    mValue = lst;
-    if (lst.isEmpty() && !isOptional()) {
-        mSet = false;
-    } else {
-        mSet = true;
-    }
-    mDirty = true;
-}
-
-QString QGpgMECryptoConfigEntry::toString(bool escape) const
-{
-    // Basically the opposite of stringToValue
-    if (isStringType()) {
-        if (mValue.isNull()) {
-            return QString();
-        } else if (isList()) { // string list
-            QStringList lst = mValue.toStringList();
-            if (escape) {
-                for (QStringList::iterator it = lst.begin(); it != lst.end(); ++it) {
-                    if (!(*it).isNull()) {
-                        *it = gpgconf_escape(*it).prepend(QLatin1String("\""));
-                    }
-                }
-            }
-            const QString res = lst.join(QStringLiteral(","));
-            //qCDebug(GPGPME_BACKEND_LOG) <<"toString:" << res;
-            return res;
-        } else { // normal string
-            QString res = mValue.toString();
-            if (escape) {
-                res = gpgconf_escape(res).prepend(QLatin1String("\""));
-            }
-            return res;
-        }
-    }
-    if (!isList()) { // non-list non-string
-        if (mArgType == ArgType_None) {
-            return mValue.toBool() ? QStringLiteral("1") : QString();
-        } else { // some int
-            Q_ASSERT(mArgType == ArgType_Int || mArgType == ArgType_UInt);
-            return mValue.toString(); // int to string conversion
-        }
-    }
-
-    // Lists (of other types than strings)
-    if (mArgType == ArgType_None) {
-        return QString::number(numberOfTimesSet());
-    }
-
-    QStringList ret;
-    QList<QVariant> lst = mValue.toList();
-    for (QList<QVariant>::const_iterator it = lst.constBegin(); it != lst.constEnd(); ++it) {
-        ret << (*it).toString(); // QVariant does the conversion
-    }
-    return ret.join(QStringLiteral(","));
-}
-
-QString QGpgMECryptoConfigEntry::outputString() const
-{
-    Q_ASSERT(mSet);
-    return toString(true);
-}
-
-bool QGpgMECryptoConfigEntry::isStringType() const
-{
-    return (mArgType == QGpgME::CryptoConfigEntry::ArgType_String
-            || mArgType == QGpgME::CryptoConfigEntry::ArgType_Path
-            || mArgType == QGpgME::CryptoConfigEntry::ArgType_LDAPURL);
-}
-
-void QGpgMECryptoConfigEntry::setDirty(bool b)
-{
-    mDirty = b;
-}
diff --git a/lang/qt/src/qgpgmecryptoconfig.h b/lang/qt/src/qgpgmecryptoconfig.h
deleted file mode 100644
index b4af1e6..0000000
--- a/lang/qt/src/qgpgmecryptoconfig.h
+++ /dev/null
@@ -1,245 +0,0 @@
-/*
-    qgpgmecryptoconfig.h
-
-    This file is part of qgpgme, the Qt API binding for gpgme
-    Copyright (c) 2004 Klar?lvdalens Datakonsult AB
-    Copyright (c) 2016 Intevation GmbH
-
-    Libkleopatra is free software; you can redistribute it and/or
-    modify it under the terms of the GNU General Public License as
-    published by the Free Software Foundation; either version 2 of the
-    License, or (at your option) any later version.
-
-    Libkleopatra is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-    General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-    In addition, as a special exception, the copyright holders give
-    permission to link the code of this program with any edition of
-    the Qt library by Trolltech AS, Norway (or with modified versions
-    of Qt that use the same license as Qt), and distribute linked
-    combinations including the two.  You must obey the GNU General
-    Public License in all respects for all of the code used other than
-    Qt.  If you modify this file, you may extend this exception to
-    your version of the file, but you are not obligated to do so.  If
-    you do not wish to do so, delete this exception statement from
-    your version.
-*/
-
-#ifndef QGPGME_QGPGMECRYPTOCONFIG_H
-#define QGPGME_QGPGMECRYPTOCONFIG_H
-
-#include "qgpgme_export.h"
-#include "cryptoconfig.h"
-
-#include <QHash>
-#include <QStringList>
-#include <QObject>
-#include <QVariant>
-#include <QPointer>
-
-#include <vector>
-#include <utility>
-
-class QGpgMECryptoConfigComponent;
-class QGpgMECryptoConfigEntry;
-/**
- * CryptoConfig implementation around the gpgconf command-line tool
- * For method docu, see kleo/cryptoconfig.h
- */
-class QGPGME_EXPORT QGpgMECryptoConfig : public QObject, public QGpgME::CryptoConfig
-{
-
-    Q_OBJECT
-public:
-
-    static QString gpgConfPath();
-    /**
-     * Constructor
-     */
-    QGpgMECryptoConfig();
-    virtual ~QGpgMECryptoConfig();
-
-    QStringList componentList() const Q_DECL_OVERRIDE;
-
-    QGpgME::CryptoConfigComponent *component(const QString &name) const Q_DECL_OVERRIDE;
-
-    void clear() Q_DECL_OVERRIDE;
-    void sync(bool runtime) Q_DECL_OVERRIDE;
-
-private Q_SLOTS:
-    void slotCollectStdOut();
-private:
-    /// @param showErrors if true, a messagebox will be shown if e.g. gpgconf wasn't found
-    void runGpgConf(bool showErrors);
-
-private:
-    std::vector<std::pair<QString, QGpgMECryptoConfigComponent *> > mComponentsNaturalOrder;
-    QHash<QString, QGpgMECryptoConfigComponent *> mComponentsByName;
-    bool mParsed;
-};
-
-class QGpgMECryptoConfigGroup;
-
-/// For docu, see kleo/cryptoconfig.h
-class QGpgMECryptoConfigComponent : public QObject, public QGpgME::CryptoConfigComponent
-{
-
-    Q_OBJECT
-public:
-    QGpgMECryptoConfigComponent(QGpgMECryptoConfig *, const QString &name, const QString &description);
-    ~QGpgMECryptoConfigComponent();
-
-    QString name() const Q_DECL_OVERRIDE
-    {
-        return mName;
-    }
-    QString iconName() const Q_DECL_OVERRIDE
-    {
-        return mName;
-    }
-    QString description() const Q_DECL_OVERRIDE
-    {
-        return mDescription;
-    }
-    QStringList groupList() const Q_DECL_OVERRIDE;
-    QGpgME::CryptoConfigGroup *group(const QString &name) const Q_DECL_OVERRIDE;
-
-    void sync(bool runtime);
-
-private Q_SLOTS:
-    void slotCollectStdOut();
-private:
-    void runGpgConf();
-
-private:
-    std::vector< std::pair<QString, QGpgMECryptoConfigGroup *> > mGroupsNaturalOrder;
-    QHash<QString, QGpgMECryptoConfigGroup *> mGroupsByName;
-    QString mName;
-    QString mDescription;
-    QGpgMECryptoConfigGroup *mCurrentGroup; // during parsing
-    QString mCurrentGroupName; // during parsing
-};
-
-class QGpgMECryptoConfigGroup : public QGpgME::CryptoConfigGroup
-{
-
-public:
-    QGpgMECryptoConfigGroup(QGpgMECryptoConfigComponent *comp, const QString &name, const QString &description, int level);
-    ~QGpgMECryptoConfigGroup();
-
-    QString name() const Q_DECL_OVERRIDE
-    {
-        return mName;
-    }
-    QString iconName() const Q_DECL_OVERRIDE
-    {
-        return QString();
-    }
-    QString description() const Q_DECL_OVERRIDE
-    {
-        return mDescription;
-    }
-    QString path() const Q_DECL_OVERRIDE
-    {
-        return mComponent->name() + QLatin1Char('/') + mName;
-    }
-    QGpgME::CryptoConfigEntry::Level level() const Q_DECL_OVERRIDE
-    {
-        return mLevel;
-    }
-    QStringList entryList() const Q_DECL_OVERRIDE;
-    QGpgME::CryptoConfigEntry *entry(const QString &name) const Q_DECL_OVERRIDE;
-
-private:
-    friend class QGpgMECryptoConfigComponent; // it adds the entries
-    QPointer<QGpgMECryptoConfigComponent> mComponent;
-    std::vector< std::pair<QString, QGpgMECryptoConfigEntry *> > mEntriesNaturalOrder;
-    QHash<QString, QGpgMECryptoConfigEntry *> mEntriesByName;
-    QString mName;
-    QString mDescription;
-    QGpgME::CryptoConfigEntry::Level mLevel;
-};
-
-class QGpgMECryptoConfigEntry : public QGpgME::CryptoConfigEntry
-{
-public:
-    QGpgMECryptoConfigEntry(QGpgMECryptoConfigGroup *group, const QStringList &parsedLine);
-    ~QGpgMECryptoConfigEntry();
-
-    QString name() const Q_DECL_OVERRIDE
-    {
-        return mName;
-    }
-    QString description() const Q_DECL_OVERRIDE
-    {
-        return mDescription;
-    }
-    QString path() const Q_DECL_OVERRIDE
-    {
-        return mGroup->path() + QLatin1Char('/') + mName;
-    }
-    bool isOptional() const Q_DECL_OVERRIDE;
-    bool isReadOnly() const Q_DECL_OVERRIDE;
-    bool isList() const Q_DECL_OVERRIDE;
-    bool isRuntime() const Q_DECL_OVERRIDE;
-    Level level() const Q_DECL_OVERRIDE
-    {
-        return static_cast<Level>(mLevel);
-    }
-    ArgType argType() const Q_DECL_OVERRIDE
-    {
-        return static_cast<ArgType>(mArgType);
-    }
-    bool isSet() const Q_DECL_OVERRIDE;
-    bool boolValue() const Q_DECL_OVERRIDE;
-    QString stringValue() const Q_DECL_OVERRIDE;
-    int intValue() const Q_DECL_OVERRIDE;
-    unsigned int uintValue() const Q_DECL_OVERRIDE;
-    QUrl urlValue() const Q_DECL_OVERRIDE;
-    unsigned int numberOfTimesSet() const Q_DECL_OVERRIDE;
-    std::vector<int> intValueList() const Q_DECL_OVERRIDE;
-    std::vector<unsigned int> uintValueList() const Q_DECL_OVERRIDE;
-    QList<QUrl> urlValueList() const Q_DECL_OVERRIDE;
-    void resetToDefault() Q_DECL_OVERRIDE;
-    void setBoolValue(bool) Q_DECL_OVERRIDE;
-    void setStringValue(const QString &) Q_DECL_OVERRIDE;
-    void setIntValue(int) Q_DECL_OVERRIDE;
-    void setUIntValue(unsigned int) Q_DECL_OVERRIDE;
-    void setURLValue(const QUrl &) Q_DECL_OVERRIDE;
-    void setNumberOfTimesSet(unsigned int) Q_DECL_OVERRIDE;
-    void setIntValueList(const std::vector<int> &) Q_DECL_OVERRIDE;
-    void setUIntValueList(const std::vector<unsigned int> &) Q_DECL_OVERRIDE;
-    void setURLValueList(const QList<QUrl> &) Q_DECL_OVERRIDE;
-    bool isDirty() const Q_DECL_OVERRIDE
-    {
-        return mDirty;
-    }
-
-    void setDirty(bool b);
-    QString outputString() const;
-
-protected:
-    bool isStringType() const;
-    QVariant stringToValue(const QString &value, bool unescape) const;
-    QString toString(bool escape) const;
-private:
-    QGpgMECryptoConfigGroup *mGroup;
-    QString mName;
-    QString mDescription;
-    QVariant mDefaultValue;
-    QVariant mValue;
-    uint mFlags : 8; // bitfield with 8 bits
-    uint mLevel : 3; // max is 4 (2, in fact) -> 3 bits
-    uint mRealArgType : 6; // max is 33 -> 6 bits
-    uint mArgType : 3; // max is 6 (ArgType enum) -> 3 bits;
-    uint mDirty : 1;
-    uint mSet : 1;
-};
-
-#endif /* QGPGME_QGPGMECRYPTOCONFIG_H */

commit 63c115b067400e1b02c7d849c99f54dc9f394d68
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Sat Apr 2 09:14:10 2016 -0800

    Add additional include path in config files
    
    * lang/cpp/src/GpgmeppConfig.cmake.in.in
     lang/qt/src/QGpgmeConfig.cmake.in.in: Include directory above headers.
    
    --
    This ensures that code using #inlcude <gpgme++/header.h> still works.

diff --git a/lang/cpp/src/GpgmeppConfig.cmake.in.in b/lang/cpp/src/GpgmeppConfig.cmake.in.in
index 51218c6..a61ba32 100644
--- a/lang/cpp/src/GpgmeppConfig.cmake.in.in
+++ b/lang/cpp/src/GpgmeppConfig.cmake.in.in
@@ -68,7 +68,7 @@ get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH)
 add_library(Gpgmepp SHARED IMPORTED)
 
 set_target_properties(Gpgmepp PROPERTIES
-  INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include/gpgme++"
+  INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include;${_IMPORT_PREFIX}/include/gpgme++"
   INTERFACE_LINK_LIBRARIES "@resolved_libdir@/libgpgme at libsuffix@;@LIBASSUAN_LIBS@;@GPG_ERROR_LIBS@"
   IMPORTED_LOCATION "@resolved_libdir@/libgpgmepp at libsuffix@"
 )
diff --git a/lang/qt/src/QGpgmeConfig.cmake.in.in b/lang/qt/src/QGpgmeConfig.cmake.in.in
index 36ee920..3d19696 100644
--- a/lang/qt/src/QGpgmeConfig.cmake.in.in
+++ b/lang/qt/src/QGpgmeConfig.cmake.in.in
@@ -68,7 +68,7 @@ get_filename_component(_IMPORT_PREFIX "${_IMPORT_PREFIX}" PATH)
 add_library(QGpgme SHARED IMPORTED)
 
 set_target_properties(QGpgme PROPERTIES
-  INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include/qgpgme"
+  INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include;${_IMPORT_PREFIX}/include/qgpgme"
   INTERFACE_LINK_LIBRARIES "Gpgmepp;Qt5::Core"
   IMPORTED_LOCATION "@resolved_libdir@/libqgpgme at libsuffix@"
 )

commit 576be46f34b42e896a5e3be65560a4b518a758be
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Sat Apr 2 09:12:23 2016 -0800

    Qt: Fix library name in nodist variable
    
    * lang/qt/Makefile.am (nodist_qgpgme_SOURCES): Change to real name.

diff --git a/lang/qt/src/Makefile.am b/lang/qt/src/Makefile.am
index a3f99a0..6435983 100644
--- a/lang/qt/src/Makefile.am
+++ b/lang/qt/src/Makefile.am
@@ -185,7 +185,7 @@ BUILT_SOURCES = $(qgpgme_moc_sources)
 
 CLEANFILES = $(qgpgme_moc_sources)
 
-nodist_qgpgme_SOURCES = $(qgpgme_moc_sources)
+nodist_libqgpgme_la_SOURCES = $(qgpgme_moc_sources)
 
 .h.moc:
 	$(MOC) `test -f '$<' || echo '$(srcdir)/'`$< -o $@

-----------------------------------------------------------------------

Summary of changes:
 configure.ac                                 |   1 +
 lang/cpp/src/GpgmeppConfig.cmake.in.in       |   2 +-
 lang/qt/Makefile.am                          |   2 +-
 lang/qt/src/Makefile.am                      |   2 +-
 lang/qt/src/QGpgmeConfig.cmake.in.in         |   2 +-
 lang/qt/src/job.h                            |   2 -
 lang/qt/src/qgpgmeadduseridjob.cpp           |   1 +
 lang/qt/src/qgpgmebackend.cpp                |   8 +-
 lang/qt/src/qgpgmebackend.h                  |  10 +-
 lang/qt/src/qgpgmechangeexpiryjob.cpp        |   1 +
 lang/qt/src/qgpgmechangeownertrustjob.cpp    |   1 +
 lang/qt/src/qgpgmechangepasswdjob.cpp        |   2 +
 lang/qt/src/qgpgmecryptoconfig.cpp           | 948 ---------------------------
 lang/qt/src/qgpgmecryptoconfig.h             | 245 -------
 lang/qt/src/qgpgmedecryptjob.cpp             |   2 +
 lang/qt/src/qgpgmedecryptverifyjob.cpp       |   1 +
 lang/qt/src/qgpgmedeletejob.cpp              |   1 +
 lang/qt/src/qgpgmedownloadjob.cpp            |   1 +
 lang/qt/src/qgpgmeencryptjob.cpp             |   1 +
 lang/qt/src/qgpgmeexportjob.cpp              |   1 +
 lang/qt/src/qgpgmeimportfromkeyserverjob.cpp |   1 +
 lang/qt/src/qgpgmeimportjob.cpp              |   1 +
 lang/qt/src/qgpgmekeygenerationjob.cpp       |   1 +
 lang/qt/src/qgpgmekeylistjob.cpp             |   1 +
 lang/qt/src/qgpgmelistallkeysjob.cpp         |   1 +
 lang/qt/src/qgpgmerefreshkeysjob.cpp         |   1 +
 lang/qt/src/qgpgmesecretkeyexportjob.cpp     |   1 +
 lang/qt/src/qgpgmesignencryptjob.cpp         |   1 +
 lang/qt/src/qgpgmesignjob.cpp                |   1 +
 lang/qt/src/qgpgmesignkeyjob.cpp             |   1 +
 lang/qt/src/qgpgmeverifydetachedjob.cpp      |   1 +
 lang/qt/src/qgpgmeverifyopaquejob.cpp        |   1 +
 lang/qt/tests/Makefile.am                    |  66 ++
 lang/qt/tests/t-keylist.cpp                  |  31 +
 m4/qt.m4                                     |   5 +
 35 files changed, 137 insertions(+), 1211 deletions(-)
 delete mode 100644 lang/qt/src/qgpgmecryptoconfig.cpp
 delete mode 100644 lang/qt/src/qgpgmecryptoconfig.h
 create mode 100644 lang/qt/tests/Makefile.am
 create mode 100644 lang/qt/tests/t-keylist.cpp


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Apr  3 12:31:52 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Sun, 03 Apr 2016 12:31:52 +0200
Subject: [git] GPGME - branch, gpgmepp, updated. gpgme-1.6.0-34-g0991485
Message-ID: <E1amfJU-0001Yy-Ec@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, gpgmepp has been updated
       via  0991485170ca4ef90fd566540522027d0fc59a72 (commit)
      from  faf987dd62893955251378a2a715edd2892a540c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0991485170ca4ef90fd566540522027d0fc59a72
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Sun Apr 3 02:29:14 2016 -0800

    Qt: Add static factor methods for protocol
    
    * lang/qt/src/qgpgmebackend.cpp (QGpgME::openpgp, QGpgME::smime): New.
    * lang/qt/src/qgpgmebackend.h: Declare.
    * lang/qt/tests/t-keylist.cpp (KeyListTest::testSingleKeyListSync):
      Use new functions.
    
    --
    This replaces the cryptobackendfactory functionality from libkleo.

diff --git a/lang/qt/src/qgpgmebackend.cpp b/lang/qt/src/qgpgmebackend.cpp
index 1167dae..abecde2 100644
--- a/lang/qt/src/qgpgmebackend.cpp
+++ b/lang/qt/src/qgpgmebackend.cpp
@@ -507,3 +507,21 @@ const char *QGpgME::QGpgMEBackend::enumerateProtocols(int i) const
     default: return 0;
     }
 }
+
+static QGpgME::QGpgMEBackend *gpgmeBackend;
+
+QGpgME::Protocol *QGpgME::openpgp()
+{
+    if (!gpgmeBackend) {
+        gpgmeBackend = new QGpgME::QGpgMEBackend();
+    }
+    return gpgmeBackend->openpgp();
+}
+
+QGpgME::Protocol *QGpgME::smime()
+{
+    if (!gpgmeBackend) {
+        gpgmeBackend = new QGpgME::QGpgMEBackend();
+    }
+    return gpgmeBackend->smime();
+}
diff --git a/lang/qt/src/qgpgmebackend.h b/lang/qt/src/qgpgmebackend.h
index d442fa5..16b70cf 100644
--- a/lang/qt/src/qgpgmebackend.h
+++ b/lang/qt/src/qgpgmebackend.h
@@ -72,6 +72,20 @@ namespace QGpgME
 class CryptoConfig;
 class Protocol;
 
+/** Obtain a reference to the OpenPGP Protocol.
+ *
+ * The reference is to a static object.
+ * @returns Refrence to the OpenPGP Protocol.
+ */
+Protocol *openpgp();
+
+/** Obtain a reference to the smime Protocol.
+ *
+ * The reference is to a static object.
+ * @returns Refrence to the smime Protocol.
+ */
+Protocol *smime();
+
 class QGpgMEBackend
 {
 public:
diff --git a/lang/qt/tests/t-keylist.cpp b/lang/qt/tests/t-keylist.cpp
index 67ace7f..626d0a7 100644
--- a/lang/qt/tests/t-keylist.cpp
+++ b/lang/qt/tests/t-keylist.cpp
@@ -14,8 +14,7 @@ private Q_SLOTS:
 
     void testSingleKeyListSync()
     {
-        QGpgMEBackend backend;
-        KeyListJob *job = backend.openpgp()->keyListJob(false, false, false);
+        KeyListJob *job = openpgp()->keyListJob(false, false, false);
         std::vector<GpgME::Key> keys;
         GpgME::KeyListResult result = job->exec(QStringList() << QStringLiteral("alfa at example.net"),
                                                 false, keys);

-----------------------------------------------------------------------

Summary of changes:
 lang/qt/src/qgpgmebackend.cpp | 18 ++++++++++++++++++
 lang/qt/src/qgpgmebackend.h   | 14 ++++++++++++++
 lang/qt/tests/t-keylist.cpp   |  3 +--
 3 files changed, 33 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr  4 11:04:58 2016
From: cvs at cvs.gnupg.org (by Jussi Kivilinna)
Date: Mon, 04 Apr 2016 11:04:58 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH,
 updated. libgcrypt-1.6.5-8-gfe9f6e3
Message-ID: <E1an0Qv-0006Qd-99@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1-6-BRANCH has been updated
       via  fe9f6e3670d0095467c7234bed420ac42c065e70 (commit)
      from  a6855de9fedc16a05f68e3fdda2f6fdaab2388fb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fe9f6e3670d0095467c7234bed420ac42c065e70
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date:   Thu Dec 3 21:06:50 2015 +0200

    salsa20: fix alignment of self-test context
    
    * cipher/salsa20.c (selftest): Ensure 16-byte alignment for salsa20
    context structure.
    --
    
    Reported-by: Carlos J Puga Medina <cpm at fbsd.es>
    Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
    (cherry picked from commit 2cba0dbda462237f55438d4199eccd10c5e3f6ca)

diff --git a/cipher/salsa20.c b/cipher/salsa20.c
index d75fe51..b2d113f 100644
--- a/cipher/salsa20.c
+++ b/cipher/salsa20.c
@@ -485,7 +485,8 @@ salsa20r12_encrypt_stream (void *context,
 static const char*
 selftest (void)
 {
-  SALSA20_context_t ctx;
+  byte ctxbuf[sizeof(SALSA20_context_t) + 15];
+  SALSA20_context_t *ctx;
   byte scratch[8+1];
   byte buf[256+64+4];
   int i;
@@ -502,32 +503,35 @@ selftest (void)
   static const byte ciphertext_1[] =
     { 0xE3, 0xBE, 0x8F, 0xDD, 0x8B, 0xEC, 0xA2, 0xE3};
 
-  salsa20_setkey (&ctx, key_1, sizeof key_1);
-  salsa20_setiv  (&ctx, nonce_1, sizeof nonce_1);
+  /* 16-byte alignment required for amd64 implementation. */
+  ctx = (SALSA20_context_t *)((uintptr_t)(ctxbuf + 15) & ~(uintptr_t)15);
+
+  salsa20_setkey (ctx, key_1, sizeof key_1);
+  salsa20_setiv  (ctx, nonce_1, sizeof nonce_1);
   scratch[8] = 0;
-  salsa20_encrypt_stream (&ctx, scratch, plaintext_1, sizeof plaintext_1);
+  salsa20_encrypt_stream (ctx, scratch, plaintext_1, sizeof plaintext_1);
   if (memcmp (scratch, ciphertext_1, sizeof ciphertext_1))
     return "Salsa20 encryption test 1 failed.";
   if (scratch[8])
     return "Salsa20 wrote too much.";
-  salsa20_setkey( &ctx, key_1, sizeof(key_1));
-  salsa20_setiv  (&ctx, nonce_1, sizeof nonce_1);
-  salsa20_encrypt_stream (&ctx, scratch, scratch, sizeof plaintext_1);
+  salsa20_setkey( ctx, key_1, sizeof(key_1));
+  salsa20_setiv  (ctx, nonce_1, sizeof nonce_1);
+  salsa20_encrypt_stream (ctx, scratch, scratch, sizeof plaintext_1);
   if (memcmp (scratch, plaintext_1, sizeof plaintext_1))
     return "Salsa20 decryption test 1 failed.";
 
   for (i = 0; i < sizeof buf; i++)
     buf[i] = i;
-  salsa20_setkey (&ctx, key_1, sizeof key_1);
-  salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
+  salsa20_setkey (ctx, key_1, sizeof key_1);
+  salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
   /*encrypt*/
-  salsa20_encrypt_stream (&ctx, buf, buf, sizeof buf);
+  salsa20_encrypt_stream (ctx, buf, buf, sizeof buf);
   /*decrypt*/
-  salsa20_setkey (&ctx, key_1, sizeof key_1);
-  salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
-  salsa20_encrypt_stream (&ctx, buf, buf, 1);
-  salsa20_encrypt_stream (&ctx, buf+1, buf+1, (sizeof buf)-1-1);
-  salsa20_encrypt_stream (&ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1);
+  salsa20_setkey (ctx, key_1, sizeof key_1);
+  salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
+  salsa20_encrypt_stream (ctx, buf, buf, 1);
+  salsa20_encrypt_stream (ctx, buf+1, buf+1, (sizeof buf)-1-1);
+  salsa20_encrypt_stream (ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1);
   for (i = 0; i < sizeof buf; i++)
     if (buf[i] != (byte)i)
       return "Salsa20 encryption test 2 failed.";

-----------------------------------------------------------------------

Summary of changes:
 cipher/salsa20.c | 34 +++++++++++++++++++---------------
 1 file changed, 19 insertions(+), 15 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr  4 13:12:03 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Mon, 04 Apr 2016 13:12:03 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-114-gdd5902c
Message-ID: <E1an2Pv-0002Lc-Ei@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  dd5902cc45bae7582f8a0bc91a0a7f4d8ae45d8c (commit)
      from  42d4c2762f7ae5b009b62963e6595bdec9df6859 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dd5902cc45bae7582f8a0bc91a0a7f4d8ae45d8c
Author: Justus Winter <justus at g10code.com>
Date:   Mon Apr 4 13:10:28 2016 +0200

    tests: Fix default key test.
    
    * tests/openpgp/default-key.test: Avoid using the option
    '--trust-model' unconditionally.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/tests/openpgp/default-key.test b/tests/openpgp/default-key.test
index 567f38d..83e4f79 100755
--- a/tests/openpgp/default-key.test
+++ b/tests/openpgp/default-key.test
@@ -55,13 +55,13 @@ do
     #
     # Note: it doesn't matter whether we specify the primary key or
     # a subkey: the newest encryption subkey will be used.
-    if ! echo | $GPG --trust-model=always \
+    if ! echo | $GPG ${opt_always} \
                      --default-key "$x" --encrypt-to-default-key \
                      -r 439F02CA -e \
             | $GPG --list-packets \
             | grep "keyid[ ][A-F0-9]*45117079" >/dev/null
     then
-        echo | $GPG --trust-model=always \
+        echo | $GPG ${opt_always} \
                     --default-key "$x" --encrypt-to-default-key \
                     -r 439F02CA -e \
             | $GPG --list-packets 1>&2

-----------------------------------------------------------------------

Summary of changes:
 tests/openpgp/default-key.test | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr  4 17:55:12 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Mon, 04 Apr 2016 17:55:12 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-115-gabb352d
Message-ID: <E1an6pv-0004NN-1Z@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  abb352de51bc964c06007fce43ed6f6caea87c15 (commit)
      from  dd5902cc45bae7582f8a0bc91a0a7f4d8ae45d8c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit abb352de51bc964c06007fce43ed6f6caea87c15
Author: Justus Winter <justus at g10code.com>
Date:   Mon Apr 4 17:05:50 2016 +0200

    g10: Support armored keyrings in gpgv.
    
    * doc/gpgv.texi: Document the feature.
    * g10/Makefile.am (gpgv2_SOURCES): Add dearmor.c.
    * g10/dearmor.c (dearmor_file): Add sink argument.
    * g10/gpg.c (main): Adapt accordingly.
    * g10/gpgv.c (make_temp_dir): New function.
    (main): De-armor keyrings.
    * g10/main.h (dearmor_file): Adapt prototype.
    
    GnuPG-bug-id: 2290
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/doc/gpgv.texi b/doc/gpgv.texi
index 280966b..fcaffbc 100644
--- a/doc/gpgv.texi
+++ b/doc/gpgv.texi
@@ -100,6 +100,9 @@ are replaced by the HOME directory. If the filename
 does not contain a slash, it is assumed to be in the
 home-directory ("~/.gnupg" if --homedir is not used).
 
+If @var{file} ends in @code{.asc} then it is assumed to be an armored
+keyring produced e.g. by @code{gpg --export}.
+
 @item --status-fd @var{n}
 @opindex status-fd
 Write special status strings to the file descriptor @var{n}.  See the
diff --git a/g10/Makefile.am b/g10/Makefile.am
index 473a3ac..a30bc01 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -140,7 +140,8 @@ gpg2_SOURCES  = gpg.c \
 gpgcompose_SOURCES  = gpgcompose.c  $(gpg_sources)
 gpgv2_SOURCES = gpgv.c           \
 	      $(common_source)  \
-	      verify.c
+	      verify.c \
+	      dearmor.c
 
 #gpgd_SOURCES = gpgd.c \
 #	       ks-proto.h \
diff --git a/g10/dearmor.c b/g10/dearmor.c
index 3fdd57d..3f1976f 100644
--- a/g10/dearmor.c
+++ b/g10/dearmor.c
@@ -35,10 +35,11 @@
 #include "i18n.h"
 
 /****************
- * Take an armor file and write it out without armor
+ * Take an armor file and write it out without armor.  If outfd is not
+ * -1, the output will be written to the given file descriptor.
  */
 int
-dearmor_file( const char *fname )
+dearmor_file( const char *fname, int outfd )
 {
     armor_filter_context_t *afx;
     IOBUF inp = NULL, out = NULL;
@@ -64,7 +65,7 @@ dearmor_file( const char *fname )
 
     push_armor_filter ( afx, inp );
 
-    if( (rc = open_outfile (-1, fname, 0, 0, &out)) )
+    if( (rc = open_outfile (outfd, fname, 0, 0, &out)) )
 	goto leave;
 
     while( (c = iobuf_get(inp)) != -1 )
diff --git a/g10/gpg.c b/g10/gpg.c
index b9d69a7..bb5e847 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -4285,7 +4285,7 @@ main (int argc, char **argv)
       case aDeArmor:
 	if( argc > 1 )
 	    wrong_args("--dearmor [file]");
-	rc = dearmor_file( argc? *argv: NULL );
+	rc = dearmor_file( argc? *argv: NULL, -1 );
 	if( rc )
           {
             write_status_failure ("dearmor", rc);
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 19a2ff6..de6529b 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -25,9 +25,7 @@
 #include <string.h>
 #include <ctype.h>
 #include <unistd.h>
-#ifdef HAVE_DOSISH_SYSTEM
-#include <fcntl.h> /* for setmode() */
-#endif
+#include <fcntl.h>
 #ifdef HAVE_LIBREADLINE
 #define GNUPG_LIBREADLINE_H_INCLUDED
 #include <readline/readline.h>
@@ -135,6 +133,66 @@ my_strusage( int level )
 }
 
 
+static char *
+make_temp_dir (void)
+{
+  char *result;
+  char *tmp;
+#if defined (_WIN32)
+  int err;
+
+  tmp = xmalloc (MAX_PATH+2);
+  err = GetTempPath (MAX_PATH + 1, tmp);
+  if (err == 0 || err > MAX_PATH + 1)
+    strcpy (tmp, "c:\\windows\\temp");
+  else
+    {
+      int len = strlen (tmp);
+
+      /* GetTempPath may return with \ on the end */
+      while (len > 0 && tmp[len-1] == '\\')
+        {
+          tmp[len-1] = '\0';
+          len--;
+        }
+    }
+#else /* More unixish systems */
+  tmp = getenv ("TMPDIR");
+  if (tmp == NULL)
+    {
+      tmp = getenv ("TMP");
+      if (tmp == NULL)
+        {
+#ifdef __riscos__
+          tmp = "<Wimp$ScrapDir>.GnuPG";
+          mkdir (tmp, 0700); /* Error checks occur later on */
+#else
+          tmp = "/tmp";
+#endif
+        }
+    }
+#endif
+
+  result = xasprintf ("%s" DIRSEP_S "gpg-XXXXXX", tmp);
+
+#if defined (_WIN32)
+  xfree(tmp);
+#endif
+
+  if (result == NULL)
+    return NULL;
+
+  if (! gnupg_mkdtemp (result))
+    {
+      log_error (_("can't create directory '%s': %s\n"),
+                 result, strerror (errno));
+      xfree (result);
+      return NULL;
+    }
+
+  return result;
+}
+
 
 int
 main( int argc, char **argv )
@@ -143,6 +201,7 @@ main( int argc, char **argv )
   int rc=0;
   strlist_t sl;
   strlist_t nrings = NULL;
+  strlist_t tmprings = NULL;
   unsigned configlineno;
   ctrl_t ctrl;
 
@@ -216,8 +275,63 @@ main( int argc, char **argv )
                         (KEYDB_RESOURCE_FLAG_READONLY
                          |KEYDB_RESOURCE_FLAG_GPGVDEF));
   for (sl = nrings; sl; sl = sl->next)
-    keydb_add_resource (sl->d, KEYDB_RESOURCE_FLAG_READONLY);
+    {
+      char *name = sl->d;
+      if (strlen (name) >= 4
+          && strcmp (&name[strlen (name) - 4], ".asc") == 0)
+        {
+          /* The file is an armored keyring.  Dearmor it.  */
+          char *tmpdir = NULL, *tmpname = NULL;
+          int fd = -1, success;
 
+          tmpdir = make_temp_dir ();
+          if (tmpdir == NULL)
+            goto cleanup;
+
+          tmpname = xasprintf ("%s" DIRSEP_S "key", tmpdir);
+          if (tmpname == NULL)
+            goto cleanup;
+
+          if (! add_to_strlist_try (&tmprings, tmpname))
+            goto cleanup;
+
+#ifndef O_BINARY
+#define O_BINARY	0
+#endif
+          fd = open (tmpname, O_WRONLY|O_CREAT|O_BINARY, S_IRUSR);
+          if (fd == -1)
+            goto cleanup;
+
+          rc = dearmor_file (name, fd);
+          close (fd);
+          fd = -2;
+          if (rc)
+            goto cleanup;
+
+          keydb_add_resource (tmpname, KEYDB_RESOURCE_FLAG_READONLY);
+
+        cleanup:
+          success = tmpdir && tmpname && fd != -1;
+          if (fd >= 0)
+            close (fd);
+          if (tmpname)
+            {
+              if (! success)
+                unlink (tmpname);
+              xfree (tmpname);
+            }
+          if (tmpdir)
+            {
+              if (! success)
+                rmdir (tmpdir);
+              xfree (tmpdir);
+            }
+          if (! success)
+            g10_exit (1);
+        }
+      else
+        keydb_add_resource (name, KEYDB_RESOURCE_FLAG_READONLY);
+    }
   FREE_STRLIST (nrings);
 
   ctrl = xcalloc (1, sizeof *ctrl);
@@ -227,6 +341,14 @@ main( int argc, char **argv )
 
   xfree (ctrl);
 
+  for (sl = tmprings; sl; sl = sl->next)
+    {
+      unlink (sl->d);
+      sl->d[strlen (sl->d) - 4] = 0;
+      rmdir (sl->d);
+    }
+  FREE_STRLIST (tmprings);
+
   /* cleanup */
   g10_exit (0);
   return 8; /*NOTREACHED*/
diff --git a/g10/main.h b/g10/main.h
index 5b5947e..766c53f 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -389,7 +389,7 @@ gpg_error_t receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
 gpg_error_t export_ssh_key (ctrl_t ctrl, const char *userid);
 
 /*-- dearmor.c --*/
-int dearmor_file( const char *fname );
+int dearmor_file( const char *fname, int outfd );
 int enarmor_file( const char *fname );
 
 /*-- revoke.c --*/

-----------------------------------------------------------------------

Summary of changes:
 doc/gpgv.texi   |   3 ++
 g10/Makefile.am |   3 +-
 g10/dearmor.c   |   7 +--
 g10/gpg.c       |   2 +-
 g10/gpgv.c      | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 g10/main.h      |   2 +-
 6 files changed, 137 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr  4 18:05:57 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Mon, 04 Apr 2016 18:05:57 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
 updated. gnupg-2.0.30-2-g7597147
Message-ID: <E1an70K-0004mM-6P@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  7597147e0f41e11276632a28d03ef90d2d9b1006 (commit)
      from  55dabfeae2f37137f233a59676f523884a800553 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7597147e0f41e11276632a28d03ef90d2d9b1006
Author: Justus Winter <justus at g10code.com>
Date:   Fri Apr 1 16:38:24 2016 +0200

    po: Fix misleading german translation.
    
    --
    GnuPG-bug-id: 2239
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/po/de.po b/po/de.po
index 3d330a8..17821d4 100644
--- a/po/de.po
+++ b/po/de.po
@@ -3167,8 +3167,7 @@ msgstr "Der folgende Schl?ssel wurde am %s von %s Schl?ssel %s widerrufen\n"
 
 #, c-format
 msgid "This key may be revoked by %s key %s"
-msgstr ""
-"Dieser Schl?ssel k?nnte durch %s mit Schl?ssel %s  widerrufen worden sein"
+msgstr "Dieser Schl?ssel kann von %s-Schl?ssel %s widerrufen werden"
 
 msgid "(sensitive)"
 msgstr "(empfindlich)"

-----------------------------------------------------------------------

Summary of changes:
 po/de.po | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr  4 18:08:05 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Mon, 04 Apr 2016 18:08:05 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
 updated. gnupg-1.4.20-8-g6a9e8e9
Message-ID: <E1an72N-0004ob-Fr@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  6a9e8e9161941266b9365def3fa74aca9352daa7 (commit)
      from  d957e4388f72581b1ec801613b5629b5ea3f586d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6a9e8e9161941266b9365def3fa74aca9352daa7
Author: Justus Winter <justus at g10code.com>
Date:   Fri Apr 1 16:38:24 2016 +0200

    po: Fix misleading german translation.
    
    --
    GnuPG-bug-id: 2239
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/po/de.po b/po/de.po
index 971887c..760627e 100644
--- a/po/de.po
+++ b/po/de.po
@@ -2836,8 +2836,7 @@ msgstr "Dieser Schl?ssel wurde am %s von %s Schl?ssel %s widerrufen\n"
 
 #, c-format
 msgid "This key may be revoked by %s key %s"
-msgstr ""
-"Dieser Schl?ssel k?nnte durch %s mit Schl?ssel %s  widerrufen worden sein"
+msgstr "Dieser Schl?ssel kann von %s-Schl?ssel %s widerrufen werden"
 
 msgid "(sensitive)"
 msgstr "(empfindlich)"

-----------------------------------------------------------------------

Summary of changes:
 po/de.po | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr  4 18:40:39 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 04 Apr 2016 18:40:39 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-117-g96bcd42
Message-ID: <E1an7Xv-0005zo-52@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  96bcd4220f1f1313afe12097d8dc62342ac8de0d (commit)
       via  c6ed863491ec3a1e0fcf9cbe2c93c87468306c29 (commit)
      from  abb352de51bc964c06007fce43ed6f6caea87c15 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 96bcd4220f1f1313afe12097d8dc62342ac8de0d
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 4 17:42:24 2016 +0200

    Now build "gpg" binary but install as "gpg2"
    
    * configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
    * common/homedir.c (gnupg_module_name): Replace use of macro
    NAME_OF_INSTALLED_GPG.
    * g10/keygen.c (generate_keypair): Ditto.
    * g10/Makefile.am (bin_PROGRAMS): Remove.
    (noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
    (gpg2_hack_list): New.
    (use_gpg2_hack): New.
    (gpg2_SOURCES): Rename to gpg_SOURCES.
    (gpgv2_SOURCES): Rename to gpgv_SOURCES.
    (gpg2_LDADD): Rename to gpg_LDADD.
    (gpgv2_LDADD): Rename to gpgv_LDADD.
    (gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
    (gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
    (install-exec-hook): Remove WinCE specific rules and add new rules.
    (uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
    * tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
    * tests/openpgp/defs.inc: Ditto.
    * tests/openpgp/gpgtar.test: Ditto.
    * tests/openpgp/mkdemodirs: Ditto.
    * tests/openpgp/signdemokey: Ditto.
    
    * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
    --enable-mailto, add --enable-gpg2-is-gpg.
    --
    
    Although we need to duplicate some automake generated code this method
    allows to easily switch the name of the installed target using the
    configure option "--enable-gpg2-is-gpg".
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/Makefile.am b/Makefile.am
index 19f13fe..5527e24 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,7 +19,8 @@
 ## Process this file with automake to produce Makefile.in
 
 ACLOCAL_AMFLAGS = -I m4
-DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto --enable-g13
+DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-g13 \
+  --enable-gpg2-is-gpg
 
 GITLOG_TO_CHANGELOG=gitlog-to-changelog
 
diff --git a/common/homedir.c b/common/homedir.c
index e0a88fa..5bf5173 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -729,7 +729,11 @@ gnupg_module_name (int which)
       X(bindir, "gpgsm");
 
     case GNUPG_MODULE_NAME_GPG:
-      X(bindir, NAME_OF_INSTALLED_GPG);
+#if USE_GPG2_HACK
+      X(bindir, GPG_NAME "2");
+#else
+      X(bindir, GPG_NAME);
+#endif
 
     case GNUPG_MODULE_NAME_CONNECT_AGENT:
       X(bindir, "gpg-connect-agent");
diff --git a/configure.ac b/configure.ac
index 0163dde..70c1d14 100644
--- a/configure.ac
+++ b/configure.ac
@@ -215,13 +215,10 @@ test -n "$GNUPG_DIRMNGR_LDAP_PGM" \
 AC_ARG_ENABLE(gpg2-is-gpg,
     AC_HELP_STRING([--enable-gpg2-is-gpg],[Set installed name of gpg2 to gpg]),
     gpg2_is_gpg=$enableval)
-if test "$gpg2_is_gpg" = "yes"; then
-   name_of_installed_gpg=gpg
-else
-   name_of_installed_gpg=gpg2
+if test "$gpg2_is_gpg" != "yes"; then
+   AC_DEFINE(USE_GPG2_HACK, 1, [Define to install gpg as gpg2])
 fi
-AC_DEFINE_UNQUOTED(NAME_OF_INSTALLED_GPG, "$name_of_installed_gpg",
-                   [The name of the installed GPG tool])
+AM_CONDITIONAL(USE_GPG2_HACK, test "$gpg2_is_gpg" != "yes")
 
 
 # SELinux support includes tracking of sensitive files to avoid
diff --git a/g10/Makefile.am b/g10/Makefile.am
index a30bc01..1b52e64 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -32,11 +32,24 @@ AM_CFLAGS = $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS) \
 
 needed_libs = ../kbx/libkeybox.a $(libcommon)
 
-bin_PROGRAMS = gpg2
+# Because there are no program specific transform macros we need to
+# work around that to allow installaing gpg as gpg2.
+gpg2_hack_list = gpg gpgv
+if USE_GPG2_HACK
+gpg2_hack_uninst = gpg2 gpgv2
+use_gpg2_hack = yes
+else
+gpg2_hack_uninst = $(gpg2_hack_list)
+use_gpg2_hack = no
+endif
+
+# NB: We use noinst_ for gpg and gpgv so that we can install them with
+# the install-hook target under the name gpg2/gpgv2.
+noinst_PROGRAMS = gpg
 if !HAVE_W32CE_SYSTEM
-bin_PROGRAMS += gpgv2
+noinst_PROGRAMS += gpgv
 endif
-noinst_PROGRAMS = gpgcompose $(module_tests)
+noinst_PROGRAMS += gpgcompose $(module_tests)
 TESTS = $(module_tests)
 
 if ENABLE_BZIP2_SUPPORT
@@ -133,12 +146,12 @@ gpg_sources = server.c          \
 	      $(card_source) \
 	      exec.c exec.h
 
-gpg2_SOURCES  = gpg.c \
+gpg_SOURCES  = gpg.c \
 	keyedit.c 	\
 	$(gpg_sources)
 
 gpgcompose_SOURCES  = gpgcompose.c  $(gpg_sources)
-gpgv2_SOURCES = gpgv.c           \
+gpgv_SOURCES = gpgv.c           \
 	      $(common_source)  \
 	      verify.c \
 	      dearmor.c
@@ -152,14 +165,14 @@ gpgv2_SOURCES = gpgv.c           \
 
 LDADD =  $(needed_libs) ../common/libgpgrl.a \
          $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS)
-gpg2_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
+gpg_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
              $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
 	     $(LIBICONV) $(resource_objs) $(extra_sys_libs)
-gpg2_LDFLAGS = $(extra_bin_ldflags)
-gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
+gpg_LDFLAGS = $(extra_bin_ldflags)
+gpgv_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
               $(GPG_ERROR_LIBS) \
 	      $(LIBICONV) $(resource_objs) $(extra_sys_libs)
-gpgv2_LDFLAGS = $(extra_bin_ldflags)
+gpgv_LDFLAGS = $(extra_bin_ldflags)
 
 gpgcompose_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
              $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
@@ -185,6 +198,42 @@ t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
 
 $(PROGRAMS): $(needed_libs) ../common/libgpgrl.a
 
+# NB: To install gpg and gpgv we use this -hook.  This code has to
+# duplicate most of the automake generated install-binPROGRAMS target
+# so that directories are created and the transform feature works.
+install-exec-hook:
+	@echo "running install-exec-hook"; \
+        echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+        $(MKDIR_P) "$(DESTDIR)$(bindir)"; \
+	for p in $(gpg2_hack_list); do \
+          echo "$$p$(EXEEXT) $$p$(EXEEXT)"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p \
+	  ; then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' \
+	    -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    for f in $$files; do \
+	       if test $(use_gpg2_hack) = yes ; \
+		 then f2=`echo "$${f}" | sed 's/$(EXEEXT)$$//'`2$(EXEEXT); \
+	         else f2="$${f}" ;\
+	       fi ; \
+	       echo "$(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) \
+                     $${f} '$(DESTDIR)$(bindir)/$${f2}'"; \
+	       $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) \
+                     $${f} "$(DESTDIR)$(bindir)/$${f2}"; \
+	    done; \
+	done
+
+
 install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)
 	$(INSTALL_DATA) $(srcdir)/options.skel \
@@ -194,15 +243,15 @@ install-data-local:
 	$(INSTALL_DATA) $(srcdir)/distsigkey.gpg \
 				$(DESTDIR)$(pkgdatadir)/distsigkey.gpg
 
+# NB: For uninstalling gpg and gpgv we use -local because there is
+# no need for a specific order the targets need to be run.
 uninstall-local:
 	- at rm $(DESTDIR)$(pkgdatadir)/gpg-conf.skel
 	- at rm $(DESTDIR)$(pkgdatadir)/dirmngr-conf.skel
 	- at rm $(DESTDIR)$(pkgdatadir)/distsigkey.gpg
-
-
-# There has never been a gpg for WindowsCE, thus we don't need a gpg2 here
-if HAVE_W32CE_SYSTEM
-install-exec-hook:
-	mv -f $(DESTDIR)$(bindir)/gpg2$(EXEEXT) \
-              $(DESTDIR)$(bindir)/gpg$(EXEEXT)
-endif
+	- at files=`for p in $(gpg2_hack_uninst); do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' \
+	`; \
+	echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(bindir)" && rm -f $$files
diff --git a/g10/keygen.c b/g10/keygen.c
index a7d7d27..06710eb 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -3779,7 +3779,12 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
     {
       tty_printf ( _("Note: Use \"%s %s\""
                      " for a full featured key generation dialog.\n"),
-                   NAME_OF_INSTALLED_GPG, "--full-gen-key" );
+#if USE_GPG2_HACK
+                   GPG_NAME "2"
+#else
+                   GPG_NAME
+#endif
+                   , "--full-gen-key" );
       para = quickgen_set_para (para, 0,
                                 DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
                                 DEFAULT_STD_CURVE);
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 4e09c23..bab0b7d 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -20,7 +20,7 @@
 
 
 # Programs required before we can run these tests.
-required_pgms = ../../g10/gpg2$(EXEEXT) ../../agent/gpg-agent$(EXEEXT) \
+required_pgms = ../../g10/gpg$(EXEEXT) ../../agent/gpg-agent$(EXEEXT) \
                 ../../tools/gpg-connect-agent$(EXEEXT) \
 		../../tools/mk-tdata$(EXEEXT)
 
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index 8f969db..ea86c69 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -215,7 +215,7 @@ fi
 unset GPG_AGENT_INFO
 
 # (--no-permission-warning makes only sense on the commandline)
-GPG="../../g10/gpg2 --no-permission-warning "
+GPG="../../g10/gpg --no-permission-warning "
 # (We may not use a relative name for gpg-agent.)
 GPG_AGENT="$(cd ../../agent && /bin/pwd)/gpg-agent"
 GPG_CONNECT_AGENT="../../tools/gpg-connect-agent"
diff --git a/tests/openpgp/gpgtar.test b/tests/openpgp/gpgtar.test
index daba514..63bed70 100755
--- a/tests/openpgp/gpgtar.test
+++ b/tests/openpgp/gpgtar.test
@@ -27,7 +27,7 @@ FILELIST="${TESTDIR}/filelist"
 PPFILE="${TESTDIR}/passphrase"
 PPFLAGS="--gpg-args --passphrase-file=$PPFILE"
 
-GPG=../../g10/gpg2
+GPG=../../g10/gpg
 GPGARGS="$opt_always --no-permission-warning"
 
 GPGTAR="../../tools/gpgtar"
diff --git a/tests/openpgp/mkdemodirs b/tests/openpgp/mkdemodirs
index a381681..fd8a741 100755
--- a/tests/openpgp/mkdemodirs
+++ b/tests/openpgp/mkdemodirs
@@ -4,7 +4,7 @@ set -e
 
 # We need to use --no-options so that a gpg.conf from an older version
 # of gpg is not used.
-GPG="../../g10/gpg2 --no-options --batch --quiet
+GPG="../../g10/gpg --no-options --batch --quiet
      --no-secmem-warning --allow-secret-key-import"
 
 NAMES='Alpha Bravo Charlie Delta Echo Foxtrot Golf Hotel India
diff --git a/tests/openpgp/signdemokey b/tests/openpgp/signdemokey
index 9a1257c..13c5784 100755
--- a/tests/openpgp/signdemokey
+++ b/tests/openpgp/signdemokey
@@ -10,7 +10,7 @@ name="$1"
 user_id="$2"
 user_id_no="$3"
 
-echo "abc" | ../g10/gpg2 --options ./gpg.conf --homedir $name \
+echo "abc" | ../g10/gpg --options ./gpg.conf --homedir $name \
 		--sign-key --batch --yes --passphrase-fd 0 $user_id \
 		$user_id_no sign save
 

commit c6ed863491ec3a1e0fcf9cbe2c93c87468306c29
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 4 18:38:53 2016 +0200

    tests: Add missing file.
    
    * tests/openpgp/Makefile.am (TEST_FILES): Add plain-largeo.asc.
    --
    
    Fixes-commit: 785a7f463ec4e937304ce1263c5e6a46e8079137

diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 0181386..4e09c23 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -62,6 +62,7 @@ TESTS = version.test mds.test \
 
 TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
 	     plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \
+	     plain-largeo.asc \
 	     pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
              gpg.conf.tmpl gpg-agent.conf.tmpl \
 	     bug537-test.data.asc bug894-test.asc \

-----------------------------------------------------------------------

Summary of changes:
 Makefile.am               |  3 +-
 common/homedir.c          |  6 +++-
 configure.ac              |  9 ++---
 g10/Makefile.am           | 83 +++++++++++++++++++++++++++++++++++++----------
 g10/keygen.c              |  7 +++-
 tests/openpgp/Makefile.am |  3 +-
 tests/openpgp/defs.inc    |  2 +-
 tests/openpgp/gpgtar.test |  2 +-
 tests/openpgp/mkdemodirs  |  2 +-
 tests/openpgp/signdemokey |  2 +-
 10 files changed, 88 insertions(+), 31 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr  5 11:19:24 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 05 Apr 2016 11:19:24 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-119-g4b5341d
Message-ID: <E1anN8R-0008WP-2R@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  4b5341dc333983a15f649601fdddc42ba9161433 (commit)
       via  7b58a1118d98543ed6854447d7b403877638ba54 (commit)
      from  96bcd4220f1f1313afe12097d8dc62342ac8de0d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4b5341dc333983a15f649601fdddc42ba9161433
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 5 11:18:45 2016 +0200

    build: Build gpgcompose only in maintainer mode
    
    * g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose only in maintainer
    mode.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/Makefile.am b/g10/Makefile.am
index 1b52e64..d6fbe92 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -49,7 +49,9 @@ noinst_PROGRAMS = gpg
 if !HAVE_W32CE_SYSTEM
 noinst_PROGRAMS += gpgv
 endif
+if MAINTAINER_MODE
 noinst_PROGRAMS += gpgcompose $(module_tests)
+endif
 TESTS = $(module_tests)
 
 if ENABLE_BZIP2_SUPPORT
diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
index 7bb0e04..d6f0307 100644
--- a/g10/gpgcompose.c
+++ b/g10/gpgcompose.c
@@ -1,4 +1,4 @@
-/* gpgcompose.c - Create OpenPGP messages by hand.
+/* gpgcompose.c - Maintainer tool to create OpenPGP messages by hand.
  * Copyright (C) 2016 g10 Code GmbH
  *
  * This file is part of GnuPG.

commit 7b58a1118d98543ed6854447d7b403877638ba54
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 5 11:10:09 2016 +0200

    gpg: Replace use of "gpg2" by GPG_NAME
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
index 55d3ae2..7bb0e04 100644
--- a/g10/gpgcompose.c
+++ b/g10/gpgcompose.c
@@ -553,7 +553,7 @@ static struct option user_id_options[] = {
     "\"Name (comment) <email at example.org>\"" },
   { NULL, NULL,
     "Example:\n\n"
-    "  $ gpgcompose --user-id \"USERID\" | gpg2 --list-packets" }
+    "  $ gpgcompose --user-id \"USERID\" | " GPG_NAME " --list-packets" }
 };
 
 static int
@@ -662,7 +662,7 @@ static struct option pk_options[] = {
   { NULL, NULL,
     "Example:\n\n"
     "  $ gpgcompose --public-key $KEYID --user-id \"USERID\" \\\n"
-    "  | gpg2 --list-packets" }
+    "  | " GPG_NAME " --list-packets" }
 };
 
 static int
@@ -1554,7 +1554,7 @@ static struct option sig_options[] = {
     "Example:\n\n"
     "  $ gpgcompose --public-key $KEYID --user-id USERID \\\n"
     "  --signature --class 0x10 --issuer $KEYID --issuer-keyid self \\\n"
-    "  | gpg2 --list-packets"}
+    "  | " GPG_NAME " --list-packets"}
 };
 
 static int
@@ -2146,12 +2146,12 @@ static struct option sk_esk_options[] = {
     "password.  The session key may be prefaced with an integer and a colon "
     "to indicate the cipher to use for the SED packet (making --sed-cipher "
     "unnecessary and allowing the direct use of the result of "
-    "\"gpg2 --show-session-key\")." },
+    "\"" GPG_NAME " --show-session-key\")." },
   { "", sk_esk_password, "The password." },
   { NULL, NULL,
     "Example:\n\n"
     "  $ gpgcompose --sk-esk foobar --encrypted \\\n"
-    "  --literal --value foo | gpg2 --list-packets" }
+    "  --literal --value foo | " GPG_NAME " --list-packets" }
 };
 
 static int
@@ -2388,14 +2388,14 @@ static struct option pk_esk_options[] = {
     "then a new session key is generated.  The session key may be "
     "prefaced with an integer and a colon to indicate the cipher to use "
     "for the SED packet (making --sed-cipher unnecessary and allowing the "
-    "direct use of the result of \"gpg2 --show-session-key\")." },
+    "direct use of the result of \"" GPG_NAME " --show-session-key\")." },
   { "--throw-keyid", pk_esk_throw_keyid,
     "Throw the keyid." },
   { "", pk_esk_keyid, "The key id." },
   { NULL, NULL,
     "Example:\n\n"
     "  $ gpgcompose --pk-esk $KEYID --encrypted --literal --value foo \\\n"
-    "  | gpg2 --list-packets"}
+    "  | " GPG_NAME " --list-packets"}
 };
 
 static int
@@ -2494,14 +2494,14 @@ static struct option encrypted_options[] = {
     "string.  If this is not given or is \"auto\", then the last session key "
     "is used.  If there was none, then an error is raised.  The session key "
     "must be prefaced with an integer and a colon to indicate the cipher "
-    "to use (this is format used by \"gpg2 --show-session-key\")." },
+    "to use (this is format used by \"" GPG_NAME " --show-session-key\")." },
   { NULL, NULL,
     "After creating the packet, this command clears the current "
     "session key.\n\n"
     "Example: nested encryption packets:\n\n"
     "  $ gpgcompose --sk-esk foo --encrypted-mdc \\\n"
     "  --sk-esk bar --encrypted-mdc \\\n"
-    "  --literal --value 123 --encrypted-pop --encrypted-pop | gpg2 -d" }
+    "  --literal --value 123 --encrypted-pop --encrypted-pop | " GPG_NAME" -d" }
 };
 
 static int
@@ -2743,7 +2743,7 @@ static struct option literal_options[] = {
     "The literal's name." },
   { NULL, NULL,
     "Example:\n\n"
-    "  $ gpgcompose --literal --value foobar | gpg2 -d"}
+    "  $ gpgcompose --literal --value foobar | " GPG_NAME " -d"}
 };
 
 static int
diff --git a/g10/t-stutter.c b/g10/t-stutter.c
index 8bdfb07..9576027 100644
--- a/g10/t-stutter.c
+++ b/g10/t-stutter.c
@@ -37,12 +37,13 @@
  *
  * How to generate a test message:
  *
- *   $ echo 0123456789abcdefghijklmnopqrstuvwxyz | gpg2 --disable-mdc -z 0 -c  > msg.asc
- *   $ gpg2 --list-packets msg.asc
+ *   $ echo 0123456789abcdefghijklmnopqrstuvwxyz | \
+ *         gpg --disable-mdc -z 0 -c  > msg.asc
+ *   $ gpg --list-packets msg.asc
  *   # Make sure the encryption packet contains a literal packet (without
  *   # any nesting).
  *   $ gpgsplit msg.asc
- *   $ gpg2 --show-session-key -d msg.asc
+ *   $ gpg --show-session-key -d msg.asc
  *   $ ./t-stutter --debug SESSION_KEY 000002-009.encrypted
  */
 
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 1837596..c7d09da 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -421,13 +421,13 @@ how_to_fix_the_trustdb ()
 
   log_info (_("You may try to re-create the trustdb using the commands:\n"));
   log_info ("  cd %s\n", default_homedir ());
-  log_info ("  gpg2 --export-ownertrust > otrust.tmp\n");
+  log_info ("  %s --export-ownertrust > otrust.tmp\n", GPG_NAME);
 #ifdef HAVE_W32_SYSTEM
   log_info ("  del %s\n", name);
 #else
   log_info ("  rm %s\n", name);
 #endif
-  log_info ("  gpg2 --import-ownertrust < otrust.tmp\n");
+  log_info ("  %s --import-ownertrust < otrust.tmp\n", GPG_NAME);
   log_info (_("If that does not work, please consult the manual\n"));
 }
 

-----------------------------------------------------------------------

Summary of changes:
 g10/Makefile.am  |  2 ++
 g10/gpgcompose.c | 22 +++++++++++-----------
 g10/t-stutter.c  |  7 ++++---
 g10/trustdb.c    |  4 ++--
 4 files changed, 19 insertions(+), 16 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr  5 15:32:36 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 05 Apr 2016 15:32:36 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-121-gf45ed07
Message-ID: <E1anR5S-00018H-Od@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  f45ed07a0fffa3adbc75b9d5726108a066927599 (commit)
       via  4dc4fb1c14b3096bb1cdc5923c0d1eb419036805 (commit)
      from  4b5341dc333983a15f649601fdddc42ba9161433 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f45ed07a0fffa3adbc75b9d5726108a066927599
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 5 15:24:56 2016 +0200

    build: Fix for: Build gpgcompose only in maintainer mode
    
    * g10/Makefile.am (noinst_PROGRAMS): Always add module_tests.
    --
    
    Fixes-commit: 4b5341d

diff --git a/g10/Makefile.am b/g10/Makefile.am
index d6fbe92..c901198 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -50,8 +50,9 @@ if !HAVE_W32CE_SYSTEM
 noinst_PROGRAMS += gpgv
 endif
 if MAINTAINER_MODE
-noinst_PROGRAMS += gpgcompose $(module_tests)
+noinst_PROGRAMS += gpgcompose
 endif
+noinst_PROGRAMS += $(module_tests)
 TESTS = $(module_tests)
 
 if ENABLE_BZIP2_SUPPORT

commit 4dc4fb1c14b3096bb1cdc5923c0d1eb419036805
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 5 15:15:28 2016 +0200

    doc: Install gpg and gpgv man pages under the correct name.
    
    * doc/mkdefsinc.c (main): Add double include guard.  Set variable
    gpgtwohack. Define macros gpgname and gpgvname.
    * doc/gpg.texi: Remove macro definition for gpgname.  Use Texinfo var
    gpgtwohack to prepare the man pages.  Use @gpgname everywhere.
    * doc/gpgv.texi: Likewise.
    * doc/Makefile.am (myman_pages): Remove gpg2.1 and gpgv2.1 but add
    them depending on USE_GPG2_HACK.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/Makefile.am b/doc/Makefile.am
index c270283..bc06cd5 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -78,11 +78,16 @@ YAT2M_OPTIONS = -I $(srcdir) \
 
 myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
 	        dirmngr.texi scdaemon.texi tools.texi
-myman_pages   = gpg2.1 gpgsm.1 gpg-agent.1 dirmngr.8 scdaemon.1 gpgv2.1 \
+myman_pages   = gpgsm.1 gpg-agent.1 dirmngr.8 scdaemon.1 \
                 watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
 		gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
 		applygnupgdefaults.8 \
 		dirmngr-client.1
+if USE_GPG2_HACK
+myman_pages += gpg2.1 gpgv2.1
+else
+myman_pages += gpg.1 gpgv.1
+endif
 
 man_MANS = $(myman_pages) gnupg.7
 
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 89e098d..0e91d8c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -11,9 +11,31 @@
 @cindex command options
 @cindex options, GPG command
 
- at macro gpgname
-gpg2
- at end macro
+
+ at c Begin standard stuff
+ at ifclear gpgtwohack
+ at manpage gpg.1
+ at ifset manverb
+.B gpg
+\- OpenPGP encryption and signing tool
+ at end ifset
+
+ at mansect synopsis
+ at ifset manverb
+.B  gpg
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]
+.I command
+.RI [ args ]
+ at end ifset
+ at end ifclear
+ at c End standard stuff
+
+ at c Begin gpg2 hack stuff
+ at ifset gpgtwohack
 @manpage gpg2.1
 @ifset manverb
 .B gpg2
@@ -31,6 +53,8 @@ gpg2
 .I command
 .RI [ args ]
 @end ifset
+ at end ifset
+ at c End gpg2 hack stuff
 
 
 @mansect description
@@ -40,17 +64,21 @@ OpenPGP standard. @command{@gpgname} features complete key management and
 all bells and whistles you can expect from a decent OpenPGP
 implementation.
 
+ at ifclear gpgtwohack
+Note that this version of GnuPG features all modern algorithms and
+should thus be preferred over older GnuPG versions.  If you are
+looking for version 1 of GnuPG, you may find that version installed
+under the name @command{gpg1}.
+ at end ifclear
+ at ifset gpgtwohack
 In contrast to the standalone command gpg from GnuPG 1.x, which
 might be better suited for server and embedded platforms, the 2.x
-version is commonly installed under the name @command{gpg2} and
+version is commonly installed under the name @command{@gpgname} and
 targeted to the desktop as it requires several other modules to be
 installed.
+ at end ifset
 
 @manpause
-The old 1.x version will be kept maintained and it is possible to
-install both versions on the same system.  Documentation for the old
-GnuPG 1.x command is available as a man page and at
- at inforef{Top,GnuPG 1,gpg}.
 
 @xref{Option Index}, for an index to @command{@gpgname}'s commands and options.
 @mancont
@@ -1777,7 +1805,7 @@ This is dummy option. @command{@gpgname} always requires the agent.
 
 @item --gpg-agent-info
 @opindex gpg-agent-info
-This is dummy option. It has no effect when used with @command{gpg2}.
+This is dummy option. It has no effect when used with @command{@gpgname}.
 
 
 @item --agent-program @var{file}
@@ -3394,7 +3422,7 @@ for @samp{Subkey-Type}.
 
 @item Key-Length: @var{nbits}
 The requested length of the generated key in bits.  The default is
-returned by running the command @samp{gpg2 --gpgconf-list}.
+returned by running the command @samp{@gpgname --gpgconf-list}.
 
 @item Key-Grip: @var{hexstring}
 This is optional and used to generate a CSR or certificate for an
@@ -3417,7 +3445,7 @@ can be handled.  See also @samp{Key-Type} above.
 
 @item Subkey-Length: @var{nbits}
 Length of the secondary key (subkey) in bits.  The default is returned
-by running the command @samp{gpg2 --gpgconf-list}".
+by running the command @samp{@gpgname --gpgconf-list}".
 
 @item Subkey-Usage: @var{usage-list}
 Key usage lists for a subkey; similar to @samp{Key-Usage}.
@@ -3496,9 +3524,9 @@ $ cat >foo <<EOF
      %commit
      %echo done
 EOF
-$ gpg2 --batch --gen-key foo
+$ @gpgname --batch --gen-key foo
  [...]
-$ gpg2 --no-default-keyring --secret-keyring ./foo.sec \
+$ @gpgname --no-default-keyring --secret-keyring ./foo.sec \
        --keyring ./foo.pub --list-secret-keys
 /home/wk/work/gnupg-stable/scratch/foo.sec
 ------------------------------------------
diff --git a/doc/gpgv.texi b/doc/gpgv.texi
index fcaffbc..214fb99 100644
--- a/doc/gpgv.texi
+++ b/doc/gpgv.texi
@@ -8,11 +8,8 @@
 
 @include defs.inc
 
- at c Begin GnuPG 1.x specific stuff
- at ifset gpgone
- at macro gpgvname
-gpgv
- at end macro
+ at c Begin standard stuff
+ at ifclear gpgtwohack
 @manpage gpgv.1
 @node gpgv
 @section Verify OpenPGP signatures
@@ -27,14 +24,11 @@ gpgv
 .RI [ options ]
 .I signed_files
 @end ifset
- at end ifset
- at c End GnuPG 1.x specific stuff
+ at end ifclear
+ at c End standard stuff
 
- at c Begin GnuPG 2 specific stuff
- at ifclear gpgone
- at macro gpgvname
-gpgv2
- at end macro
+ at c Begin gpg2 hack stuff
+ at ifset gpgtwohack
 @manpage gpgv2.1
 @node gpgv
 @section Verify OpenPGP signatures
@@ -49,10 +43,8 @@ gpgv2
 .RI [ options ]
 .I signed_files
 @end ifset
- at end ifclear
- at c End GnuPG 2 specific stuff
-
-
+ at end ifset
+ at c End gpg2 hack stuff
 
 @mansect description
 @code{@gpgvname} is an OpenPGP signature verification tool.
diff --git a/doc/mkdefsinc.c b/doc/mkdefsinc.c
index 6495585..f3e2f35 100644
--- a/doc/mkdefsinc.c
+++ b/doc/mkdefsinc.c
@@ -49,6 +49,13 @@
 #endif /*HAVE_W32_SYSTEM*/
 
 
+#if USE_GPG2_HACK
+# define gpg2_suffix "2"
+#else
+# define gpg2_suffix ""
+#endif
+
+
 static int verbose;
 
 
@@ -267,7 +274,17 @@ main (int argc, char **argv)
 
   fputs ("@c defs.inc                         -*- texinfo -*-\n"
          "@c Common and build specific constants for the manuals.\n"
-         "@c This file has been created by " PGM ".\n", stdout);
+         "@c This file has been created by " PGM ".\n\n", stdout);
+
+  fputs ("@ifclear defsincincluded\n"
+         "@set defsincincluded 1\n\n", stdout);
+
+
+  fputs ("\n at c Flags\n\n", stdout);
+
+#if USE_GPG2_HACK
+  fputs ("@set gpgtwohack 1\n\n", stdout);
+#endif
 
   fputs ("\n at c Directories\n\n", stdout);
 
@@ -306,8 +323,16 @@ main (int argc, char **argv)
   /* Fixme: Use a config.h macro here:  */
   fputs ("@set GPGSYMENCALGO AES-128\n", stdout);
 
+  fputs ("\n at c Macros\n\n", stdout);
+
+  printf ("@macro gpgname\n%s%s\n at end macro\n", GPG_NAME, gpg2_suffix);
+  printf ("@macro gpgvname\n%sv%s\n at end macro\n", GPG_NAME, gpg2_suffix);
+
 
+  /* Trailer.  */
   fputs ("\n"
+         "@end ifclear\n"
+         "\n"
          "@c Loc" "al Variables:\n"
          "@c buffer-read-only: t\n"
          "@c End:\n", stdout);

-----------------------------------------------------------------------

Summary of changes:
 doc/Makefile.am |  7 ++++++-
 doc/gpg.texi    | 54 +++++++++++++++++++++++++++++++++++++++++-------------
 doc/gpgv.texi   | 24 ++++++++----------------
 doc/mkdefsinc.c | 27 ++++++++++++++++++++++++++-
 g10/Makefile.am |  3 ++-
 5 files changed, 83 insertions(+), 32 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr  5 15:45:10 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 05 Apr 2016 15:45:10 +0200
Subject: [git] GPG-ERROR - branch, master,
 updated. libgpg-error-1.21-20-g4354720
Message-ID: <E1anRHb-0001P6-Oc@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".

The branch, master has been updated
       via  4354720ab3631dfd2811d881566b10a72c8f2165 (commit)
       via  5d1adaa5fd12f65f49abeb99e5ae7226ec27ba0e (commit)
       via  de0618d5c64e02b9b3a568fc859d9edcb4ab35ba (commit)
      from  b7a06ad63371316bad5da6b981894ef07cd8b7da (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4354720ab3631dfd2811d881566b10a72c8f2165
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 5 15:43:26 2016 +0200

    estream,w32: Temporary fix for gpgrt_poll.
    
    * src/estream.c (_gpgrt_poll) [W32]: Do not use FD_ISSET.
    --
    
    gpgrt_poll return an error on Windows anyway and thus it does not make
    sense to use a possible undefined macro here.
    
    Reported-by: Andre Heinecke
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/estream.c b/src/estream.c
index a593acd..499cc75 100644
--- a/src/estream.c
+++ b/src/estream.c
@@ -4832,6 +4832,9 @@ _gpgrt_poll (gpgrt_poll_t *fds, unsigned int nfds, int timeout)
           item->got_hup = 1;
           any = 1;
         }
+#ifndef _WIN32
+      /* NB.: We can't use FD_ISSET under windows - but we don't have
+       * support for it anyway.  */
       if (item->want_read && FD_ISSET (fd, &readfds))
         {
           item->got_read = 1;
@@ -4847,6 +4850,7 @@ _gpgrt_poll (gpgrt_poll_t *fds, unsigned int nfds, int timeout)
           item->got_oob = 1;
           any = 1;
         }
+#endif /*!_WIN32*/
 
       if (any)
         count++;

commit 5d1adaa5fd12f65f49abeb99e5ae7226ec27ba0e
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Mar 29 18:45:15 2016 +0200

    estream: Prepare for new mode flag "sysopen".
    
    * src/estream.c (parse_mode): Add arg "sysopen".  Adjust all callers.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/estream.c b/src/estream.c
index 5721d8c..a593acd 100644
--- a/src/estream.c
+++ b/src/estream.c
@@ -1590,7 +1590,7 @@ static gpgrt_cookie_io_functions_t estream_functions_fp =
  * Implementation of file name based I/O.
  *
  * Note that only a create function is required because the other
- * operationsares handled by file descriptor based I/O.
+ * operations ares handled by file descriptor based I/O.
  */
 
 /* Create function for objects identified by a file name.  */
@@ -1669,18 +1669,26 @@ func_file_create (void **cookie, int *filedes,
  *    The object is opened in non-blocking mode.  This is the same as
  *    calling gpgrt_set_nonblock on the file.
  *
+ * sysopen
+ *
+ *    The object is opened in sysmode.  On POSIX this is a NOP but
+ *    under Windows the direct W32 API functions (HANDLE) are used
+ *    instead of their libc counterparts (fd).
+ *
  * Note: R_CMODE is optional because is only required by functions
  * which are able to creat a file.
  */
 static int
 parse_mode (const char *modestr,
-            unsigned int *modeflags, int *samethread,
+            unsigned int *modeflags, int *samethread, int *sysopen,
             unsigned int *r_cmode)
 {
   unsigned int omode, oflags, cmode;
   int got_cmode = 0;
 
   *samethread = 0;
+  if (sysopen)
+    *sysopen = 0;
 
   switch (*modestr)
     {
@@ -1774,6 +1782,17 @@ parse_mode (const char *modestr,
             }
           oflags |= O_NONBLOCK;
         }
+      else if (!strncmp (modestr, "sysopen", 7))
+        {
+          modestr += 8;
+          if (*modestr && !strchr (" \t,", *modestr))
+            {
+              _set_errno (EINVAL);
+              return -1;
+            }
+          if (sysopen)
+            *sysopen = 1;
+        }
     }
   if (!got_cmode)
     cmode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH);
@@ -2994,7 +3013,7 @@ _gpgrt_fopen (const char *_GPGRT__RESTRICT path,
               const char *_GPGRT__RESTRICT mode)
 {
   unsigned int modeflags, cmode;
-  int samethread, create_called;
+  int samethread, sysopen, create_called;
   estream_t stream;
   void *cookie;
   int err;
@@ -3005,7 +3024,7 @@ _gpgrt_fopen (const char *_GPGRT__RESTRICT path,
   cookie = NULL;
   create_called = 0;
 
-  err = parse_mode (mode, &modeflags, &samethread, &cmode);
+  err = parse_mode (mode, &modeflags, &samethread, &sysopen, &cmode);
   if (err)
     goto out;
 
@@ -3015,7 +3034,6 @@ _gpgrt_fopen (const char *_GPGRT__RESTRICT path,
 
   syshd.type = ES_SYSHD_FD;
   syshd.u.fd = fd;
-
   create_called = 1;
   err = es_create (&stream, cookie, &syshd, estream_functions_fd, modeflags,
                    samethread, 0);
@@ -3063,7 +3081,7 @@ _gpgrt_mopen (void *_GPGRT__RESTRICT data, size_t data_n, size_t data_len,
   int err;
   es_syshd_t syshd;
 
-  err = parse_mode (mode, &modeflags, &samethread, NULL);
+  err = parse_mode (mode, &modeflags, &samethread, NULL, NULL);
   if (err)
     goto out;
 
@@ -3099,7 +3117,7 @@ _gpgrt_fopenmem (size_t memlimit, const char *_GPGRT__RESTRICT mode)
 
   /* Memory streams are always read/write.  We use MODE only to get
      the append flag.  */
-  if (parse_mode (mode, &modeflags, &samethread, NULL))
+  if (parse_mode (mode, &modeflags, &samethread, NULL, NULL))
     return NULL;
   modeflags |= O_RDWR;
 
@@ -3170,7 +3188,7 @@ _gpgrt_fopencookie (void *_GPGRT__RESTRICT cookie,
   stream = NULL;
   modeflags = 0;
 
-  err = parse_mode (mode, &modeflags, &samethread, NULL);
+  err = parse_mode (mode, &modeflags, &samethread, NULL, NULL);
   if (err)
     goto out;
 
@@ -3190,7 +3208,7 @@ static estream_t
 do_fdopen (int filedes, const char *mode, int no_close, int with_locked_list)
 {
   unsigned int modeflags;
-  int samethread, create_called;
+  int samethread, sysopen, create_called;
   estream_t stream;
   void *cookie;
   int err;
@@ -3200,9 +3218,16 @@ do_fdopen (int filedes, const char *mode, int no_close, int with_locked_list)
   cookie = NULL;
   create_called = 0;
 
-  err = parse_mode (mode, &modeflags, &samethread, NULL);
+  err = parse_mode (mode, &modeflags, &samethread, &sysopen, NULL);
   if (err)
     goto out;
+  if (sysopen)
+    {
+      /* Not allowed for fdopen.  */
+      _set_errno (EINVAL);
+      err = -1;
+      goto out;
+    }
 
   err = func_fd_create (&cookie, filedes, modeflags, no_close);
   if (err)
@@ -3247,7 +3272,7 @@ static estream_t
 do_fpopen (FILE *fp, const char *mode, int no_close, int with_locked_list)
 {
   unsigned int modeflags, cmode;
-  int samethread, create_called;
+  int samethread, sysopen, create_called;
   estream_t stream;
   void *cookie;
   int err;
@@ -3257,9 +3282,16 @@ do_fpopen (FILE *fp, const char *mode, int no_close, int with_locked_list)
   cookie = NULL;
   create_called = 0;
 
-  err = parse_mode (mode, &modeflags, &samethread, &cmode);
+  err = parse_mode (mode, &modeflags, &samethread, &sysopen, &cmode);
   if (err)
     goto out;
+  if (sysopen)
+    {
+      /* Not allowed for fpopen.  */
+      _set_errno (EINVAL);
+      err = -1;
+      goto out;
+    }
 
   if (fp)
     fflush (fp);
@@ -3319,7 +3351,8 @@ do_w32open (HANDLE hd, const char *mode,
   int err;
   es_syshd_t syshd;
 
-  err = parse_mode (mode, &modeflags, &samethread, &cmode);
+  /* For obvious reasons we ignore sysmode here.  */
+  err = parse_mode (mode, &modeflags, &samethread, NULL, &cmode);
   if (err)
     goto leave;
 
@@ -3497,7 +3530,7 @@ _gpgrt_freopen (const char *_GPGRT__RESTRICT path,
 
       es_deinitialize (stream);
 
-      err = parse_mode (mode, &modeflags, &dummy, &cmode);
+      err = parse_mode (mode, &modeflags, &dummy, NULL, &cmode);
       if (err)
 	goto leave;
       (void)dummy;

commit de0618d5c64e02b9b3a568fc859d9edcb4ab35ba
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Mar 29 18:48:37 2016 +0200

    estream: Use simpler names for static functions.
    
    * src/estream.c: Replace all es_func_* to just func_*.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/estream.c b/src/estream.c
index 737f9a5..5721d8c 100644
--- a/src/estream.c
+++ b/src/estream.c
@@ -667,7 +667,7 @@ func_mem_create (void *_GPGRT__RESTRICT *_GPGRT__RESTRICT cookie,
  * Read function for memory objects.
  */
 static gpgrt_ssize_t
-es_func_mem_read (void *cookie, void *buffer, size_t size)
+func_mem_read (void *cookie, void *buffer, size_t size)
 {
   estream_cookie_mem_t mem_cookie = cookie;
   gpgrt_ssize_t ret;
@@ -693,7 +693,7 @@ es_func_mem_read (void *cookie, void *buffer, size_t size)
  * Write function for memory objects.
  */
 static gpgrt_ssize_t
-es_func_mem_write (void *cookie, const void *buffer, size_t size)
+func_mem_write (void *cookie, const void *buffer, size_t size)
 {
   estream_cookie_mem_t mem_cookie = cookie;
   gpgrt_ssize_t ret;
@@ -781,7 +781,7 @@ es_func_mem_write (void *cookie, const void *buffer, size_t size)
  * Seek function for memory objects.
  */
 static int
-es_func_mem_seek (void *cookie, gpgrt_off_t *offset, int whence)
+func_mem_seek (void *cookie, gpgrt_off_t *offset, int whence)
 {
   estream_cookie_mem_t mem_cookie = cookie;
   gpgrt_off_t pos_new;
@@ -859,7 +859,7 @@ es_func_mem_seek (void *cookie, gpgrt_off_t *offset, int whence)
  * The IOCTL function for memory objects.
  */
 static int
-es_func_mem_ioctl (void *cookie, int cmd, void *ptr, size_t *len)
+func_mem_ioctl (void *cookie, int cmd, void *ptr, size_t *len)
 {
   estream_cookie_mem_t mem_cookie = cookie;
   int ret;
@@ -889,7 +889,7 @@ es_func_mem_ioctl (void *cookie, int cmd, void *ptr, size_t *len)
  * The destroy function for memory objects.
  */
 static int
-es_func_mem_destroy (void *cookie)
+func_mem_destroy (void *cookie)
 {
   estream_cookie_mem_t mem_cookie = cookie;
 
@@ -906,10 +906,10 @@ es_func_mem_destroy (void *cookie)
  */
 static gpgrt_cookie_io_functions_t estream_functions_mem =
   {
-    es_func_mem_read,
-    es_func_mem_write,
-    es_func_mem_seek,
-    es_func_mem_destroy
+    func_mem_read,
+    func_mem_write,
+    func_mem_seek,
+    func_mem_destroy
   };
 
 
@@ -961,7 +961,7 @@ func_fd_create (void **cookie, int fd, unsigned int modeflags, int no_close)
  * Read function for fd objects.
  */
 static gpgrt_ssize_t
-es_func_fd_read (void *cookie, void *buffer, size_t size)
+func_fd_read (void *cookie, void *buffer, size_t size)
 
 {
   estream_cookie_fd_t file_cookie = cookie;
@@ -995,7 +995,7 @@ es_func_fd_read (void *cookie, void *buffer, size_t size)
  * Write function for fd objects.
  */
 static gpgrt_ssize_t
-es_func_fd_write (void *cookie, const void *buffer, size_t size)
+func_fd_write (void *cookie, const void *buffer, size_t size)
 {
   estream_cookie_fd_t file_cookie = cookie;
   gpgrt_ssize_t bytes_written;
@@ -1028,7 +1028,7 @@ es_func_fd_write (void *cookie, const void *buffer, size_t size)
  * Seek function for fd objects.
  */
 static int
-es_func_fd_seek (void *cookie, gpgrt_off_t *offset, int whence)
+func_fd_seek (void *cookie, gpgrt_off_t *offset, int whence)
 {
   estream_cookie_fd_t file_cookie = cookie;
   gpgrt_off_t offset_new;
@@ -1063,7 +1063,7 @@ es_func_fd_seek (void *cookie, gpgrt_off_t *offset, int whence)
  * The IOCTL function for fd objects.
  */
 static int
-es_func_fd_ioctl (void *cookie, int cmd, void *ptr, size_t *len)
+func_fd_ioctl (void *cookie, int cmd, void *ptr, size_t *len)
 {
   estream_cookie_fd_t fd_cookie = cookie;
   int ret;
@@ -1106,7 +1106,7 @@ es_func_fd_ioctl (void *cookie, int cmd, void *ptr, size_t *len)
  * The destroy function for fd objects.
  */
 static int
-es_func_fd_destroy (void *cookie)
+func_fd_destroy (void *cookie)
 {
   estream_cookie_fd_t fd_cookie = cookie;
   int err;
@@ -1131,10 +1131,10 @@ es_func_fd_destroy (void *cookie)
  */
 static gpgrt_cookie_io_functions_t estream_functions_fd =
   {
-    es_func_fd_read,
-    es_func_fd_write,
-    es_func_fd_seek,
-    es_func_fd_destroy
+    func_fd_read,
+    func_fd_write,
+    func_fd_seek,
+    func_fd_destroy
   };
 
 
@@ -1157,7 +1157,7 @@ typedef struct estream_cookie_w32
  * Create function for w32 handle objects.
  */
 static int
-es_func_w32_create (void **cookie, HANDLE hd,
+func_w32_create (void **cookie, HANDLE hd,
                     unsigned int modeflags, int no_close)
 {
   estream_cookie_w32_t w32_cookie;
@@ -1186,7 +1186,7 @@ es_func_w32_create (void **cookie, HANDLE hd,
  * Read function for W32 handle objects.
  */
 static gpgrt_ssize_t
-es_func_w32_read (void *cookie, void *buffer, size_t size)
+func_w32_read (void *cookie, void *buffer, size_t size)
 {
   estream_cookie_w32_t w32_cookie = cookie;
   gpgrt_ssize_t bytes_read;
@@ -1233,7 +1233,7 @@ es_func_w32_read (void *cookie, void *buffer, size_t size)
  * Write function for W32 handle objects.
  */
 static gpgrt_ssize_t
-es_func_w32_write (void *cookie, const void *buffer, size_t size)
+func_w32_write (void *cookie, const void *buffer, size_t size)
 {
   estream_cookie_w32_t w32_cookie = cookie;
   gpgrt_ssize_t bytes_written;
@@ -1274,7 +1274,7 @@ es_func_w32_write (void *cookie, const void *buffer, size_t size)
  * Seek function for W32 handle objects.
  */
 static int
-es_func_w32_seek (void *cookie, gpgrt_off_t *offset, int whence)
+func_w32_seek (void *cookie, gpgrt_off_t *offset, int whence)
 {
   estream_cookie_w32_t w32_cookie = cookie;
   DWORD method;
@@ -1331,7 +1331,7 @@ es_func_w32_seek (void *cookie, gpgrt_off_t *offset, int whence)
  * Destroy function for W32 handle objects.
  */
 static int
-es_func_w32_destroy (void *cookie)
+func_w32_destroy (void *cookie)
 {
   estream_cookie_w32_t w32_cookie = cookie;
   int err;
@@ -1366,10 +1366,10 @@ es_func_w32_destroy (void *cookie)
  */
 static gpgrt_cookie_io_functions_t estream_functions_w32 =
   {
-    es_func_w32_read,
-    es_func_w32_write,
-    es_func_w32_seek,
-    es_func_w32_destroy
+    func_w32_read,
+    func_w32_write,
+    func_w32_seek,
+    func_w32_destroy
   };
 #endif /*HAVE_W32_SYSTEM*/
 
@@ -1424,7 +1424,7 @@ func_fp_create (void **cookie, FILE *fp,
  * Read function for stdio based objects.
  */
 static gpgrt_ssize_t
-es_func_fp_read (void *cookie, void *buffer, size_t size)
+func_fp_read (void *cookie, void *buffer, size_t size)
 
 {
   estream_cookie_fp_t file_cookie = cookie;
@@ -1453,7 +1453,7 @@ es_func_fp_read (void *cookie, void *buffer, size_t size)
  * Write function for stdio bases objects.
  */
 static gpgrt_ssize_t
-es_func_fp_write (void *cookie, const void *buffer, size_t size)
+func_fp_write (void *cookie, const void *buffer, size_t size)
 {
   estream_cookie_fp_t file_cookie = cookie;
   size_t bytes_written;
@@ -1505,7 +1505,7 @@ es_func_fp_write (void *cookie, const void *buffer, size_t size)
  * Seek function for stdio based objects.
  */
 static int
-es_func_fp_seek (void *cookie, gpgrt_off_t *offset, int whence)
+func_fp_seek (void *cookie, gpgrt_off_t *offset, int whence)
 {
   estream_cookie_fp_t file_cookie = cookie;
   long int offset_new;
@@ -1545,7 +1545,7 @@ es_func_fp_seek (void *cookie, gpgrt_off_t *offset, int whence)
  * Destroy function for stdio based objects.
  */
 static int
-es_func_fp_destroy (void *cookie)
+func_fp_destroy (void *cookie)
 {
   estream_cookie_fp_t fp_cookie = cookie;
   int err;
@@ -1577,10 +1577,10 @@ es_func_fp_destroy (void *cookie)
  */
 static gpgrt_cookie_io_functions_t estream_functions_fp =
   {
-    es_func_fp_read,
-    es_func_fp_write,
-    es_func_fp_seek,
-    es_func_fp_destroy
+    func_fp_read,
+    func_fp_write,
+    func_fp_seek,
+    func_fp_destroy
   };
 
 
@@ -2856,7 +2856,7 @@ doreadline (estream_t _GPGRT__RESTRICT stream, size_t max_length,
   if (line_stream)
     do_close (line_stream, 0);
   else if (line_stream_cookie)
-    es_func_mem_destroy (line_stream_cookie);
+    func_mem_destroy (line_stream_cookie);
 
   if (err)
     {
@@ -3115,7 +3115,7 @@ _gpgrt_fopenmem (size_t memlimit, const char *_GPGRT__RESTRICT mode)
     (*estream_functions_mem.func_close) (cookie);
 
   if (stream)
-    stream->intern->func_ioctl = es_func_mem_ioctl;
+    stream->intern->func_ioctl = func_mem_ioctl;
 
   return stream;
 }
@@ -3216,9 +3216,9 @@ do_fdopen (int filedes, const char *mode, int no_close, int with_locked_list)
 
   if (!err && stream)
     {
-      stream->intern->func_ioctl = es_func_fd_ioctl;
+      stream->intern->func_ioctl = func_fd_ioctl;
       if ((modeflags & O_NONBLOCK))
-        err = es_func_fd_ioctl (cookie, COOKIE_IOCTL_NONBLOCK, "", NULL);
+        err = func_fd_ioctl (cookie, COOKIE_IOCTL_NONBLOCK, "", NULL);
     }
 
  out:
@@ -3323,7 +3323,7 @@ do_w32open (HANDLE hd, const char *mode,
   if (err)
     goto leave;
 
-  err = es_func_w32_create (&cookie, hd, modeflags, no_close);
+  err = func_w32_create (&cookie, hd, modeflags, no_close);
   if (err)
     goto leave;
 
@@ -3517,7 +3517,7 @@ _gpgrt_freopen (const char *_GPGRT__RESTRICT path,
       if (err)
 	{
 	  if (create_called)
-	    es_func_fd_destroy (cookie);
+	    func_fd_destroy (cookie);
 
 	  do_close (stream, 0);
 	  stream = NULL;
@@ -4510,7 +4510,7 @@ _gpgrt_tmpfile (void)
   if (err)
     {
       if (create_called)
-	es_func_fd_destroy (cookie);
+	func_fd_destroy (cookie);
       else if (fd != -1)
 	close (fd);
       stream = NULL;
@@ -4555,14 +4555,14 @@ _gpgrt_set_binary (estream_t stream)
     {
       stream->intern->modeflags |= O_BINARY;
 #ifdef HAVE_DOSISH_SYSTEM
-      if (stream->intern->func_read == es_func_fd_read)
+      if (stream->intern->func_read == func_fd_read)
         {
           estream_cookie_fd_t fd_cookie = stream->intern->cookie;
 
           if (!IS_INVALID_FD (fd_cookie->fd))
             setmode (fd_cookie->fd, O_BINARY);
         }
-      else if (stream->intern->func_read == es_func_fp_read)
+      else if (stream->intern->func_read == func_fp_read)
         {
           estream_cookie_fp_t fp_cookie = stream->intern->cookie;
 

-----------------------------------------------------------------------

Summary of changes:
 src/estream.c | 153 ++++++++++++++++++++++++++++++++++++----------------------
 1 file changed, 95 insertions(+), 58 deletions(-)


hooks/post-receive
-- 
Error codes used by GnuPG et al.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr  5 16:12:05 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Tue, 05 Apr 2016 16:12:05 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-122-g9354293
Message-ID: <E1anRhf-0002ZQ-07@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  9354293b8c9f234939bc04182f15e2fe512e914e (commit)
      from  f45ed07a0fffa3adbc75b9d5726108a066927599 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9354293b8c9f234939bc04182f15e2fe512e914e
Author: Justus Winter <justus at g10code.com>
Date:   Tue Apr 5 16:01:05 2016 +0200

    dirmngr: Autodetect PEM format in dirmngr-client.
    
    * dirmngr/dirmngr-client.c (init_asctobin): New function.
    (main): Move the initialization code to the new function.
    (read_pem_certificate): Initialize base64 table.
    (read_certificate): Try to decode certificates given in files as PEM
    first.
    
    GnuPG-bug-id: 1844
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/dirmngr/dirmngr-client.c b/dirmngr/dirmngr-client.c
index 02920d6..c6a33d7 100644
--- a/dirmngr/dirmngr-client.c
+++ b/dirmngr/dirmngr-client.c
@@ -116,6 +116,25 @@ static unsigned char bintoasc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
 static unsigned char asctobin[256]; /* runtime initialized */
 
 
+/* Build the helptable for radix64 to bin conversion. */
+static void
+init_asctobin (void)
+{
+  static int initialized;
+  int i;
+  unsigned char *s;
+
+  if (initialized)
+    return;
+  initialized = 1;
+
+  for (i=0; i < 256; i++ )
+    asctobin[i] = 255; /* Used to detect invalid characters. */
+  for (s=bintoasc, i=0; *s; s++, i++)
+    asctobin[*s] = i;
+}
+
+
 /* Prototypes.  */
 static gpg_error_t read_certificate (const char *fname,
                                      unsigned char **rbuf, size_t *rbuflen);
@@ -234,19 +253,6 @@ main (int argc, char **argv )
   if (log_get_errorcount (0))
     exit (2);
 
-  /* Build the helptable for radix64 to bin conversion. */
-  if (opt.pem)
-    {
-      int i;
-      unsigned char *s;
-
-      for (i=0; i < 256; i++ )
-        asctobin[i] = 255; /* Used to detect invalid characters. */
-      for (s=bintoasc, i=0; *s; s++, i++)
-        asctobin[*s] = i;
-    }
-
-
   if (cmd_ping)
     err = 0;
   else if (cmd_lookup || cmd_loadcrl)
@@ -461,6 +467,8 @@ read_pem_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
     s_waitend
   } state = s_init;
 
+  init_asctobin ();
+
   fp = fname? fopen (fname, "r") : stdin;
   if (!fp)
     return gpg_error_from_errno (errno);
@@ -612,6 +620,15 @@ read_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
 
   if (opt.pem)
     return read_pem_certificate (fname, rbuf, rbuflen);
+  else if (fname)
+    {
+      /* A filename has been given.  Let's just assume it is in PEM
+         format and decode it, and fall back to interpreting it as
+         binary certificate if that fails.  */
+      err = read_pem_certificate (fname, rbuf, rbuflen);
+      if (! err)
+        return 0;
+    }
 
   fp = fname? fopen (fname, "rb") : stdin;
   if (!fp)

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/dirmngr-client.c | 43 ++++++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr  5 18:16:27 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 05 Apr 2016 18:16:27 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. eacec0987269da5e86ae5d938a21d44dfc545301
Message-ID: <E1anTe0-0007z7-Dw@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  eacec0987269da5e86ae5d938a21d44dfc545301 (commit)
      from  5295904c3a87661bbadc567fa504e96ed7448a94 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit eacec0987269da5e86ae5d938a21d44dfc545301
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 5 18:16:13 2016 +0200

    web: Change "mail address" to "e-mail address".
    
    Non-hackers seem to think that "mail" means "snail" and try to enter
    their snail address which then leads to an error.  Do them and us a
    favor and use e-mail - yes even with the dash.

diff --git a/web/donate/index.org b/web/donate/index.org
index 9b2412b..27e9cdf 100644
--- a/web/donate/index.org
+++ b/web/donate/index.org
@@ -133,11 +133,11 @@
       <td></td>
       <td>
           In case of payment problems we may want to contact you, thus please
-          enter your mail address.
+          enter your e-mail address.
       </td>
     </tr>
     <tr>
-      <td align="right"><label for="f_mail">Mail:</label></td>
+      <td align="right"><label for="f_mail">E-mail:</label></td>
       <td>
           <input id="f_mail" type="text" size="40" style="width:200px"
                  name="mail"

-----------------------------------------------------------------------

Summary of changes:
 web/donate/index.org | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr  6 11:18:06 2016
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 06 Apr 2016 11:18:06 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-372-g6f386ce
Message-ID: <E1anjah-0000Th-BD@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  6f386ceae86a058e26294f744750f1ed2a95e604 (commit)
      from  862cf19a119427dd7ee7959a36c72d905f5ea5ca (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6f386ceae86a058e26294f744750f1ed2a95e604
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Apr 6 18:05:38 2016 +0900

    ecc: Positive values in computation.
    
    * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make sure
    coefficients A and B are positive.
    * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): For negation, do
    "P - T" instead of "-T", so that the result will be positive.
    (_gcry_ecc_eddsa_verify): Likewise.
    * cipher/ecc.c (ecc_check_secret_key): Use _gcry_ecc_fill_in_curve
    instead of _gcry_ecc_update_curve_param.
    * mpi/ec.c (ec_subm): Make sure the result will be positive.
    (dup_point_edwards, sub_points_edwards, _gcry_mpi_ec_curve_point): Use
    mpi_sub instead of mpi_neg.
    (add_points_edwards): Simply use ec_addm.
    * tests/t-mpi-point.c (test_curve): Define curves with positive
    coefficients.
    
    --
    
    We keep the coefficients of domain_parms in ecc-curves.c, so that
    keygrip computations won't change.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 91f29cc..3488ed3 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -560,9 +560,17 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
       if (!curve->p)
         curve->p = scanval (domain_parms[idx].p);
       if (!curve->a)
-        curve->a = scanval (domain_parms[idx].a);
+        {
+          curve->a = scanval (domain_parms[idx].a);
+          if (curve->a->sign)
+            mpi_add (curve->a, curve->p, curve->a);
+        }
       if (!curve->b)
-        curve->b = scanval (domain_parms[idx].b);
+        {
+          curve->b = scanval (domain_parms[idx].b);
+          if (curve->b->sign)
+            mpi_add (curve->b, curve->p, curve->b);
+        }
       if (!curve->n)
         curve->n = scanval (domain_parms[idx].n);
       if (!curve->h)
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
index 2a52b78..f91f848 100644
--- a/cipher/ecc-eddsa.c
+++ b/cipher/ecc-eddsa.c
@@ -251,7 +251,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec)
   mpi_mulm (t, x, x, ec->p);
   mpi_mulm (t, t, v, ec->p);
   /* -t == u ? x = x * sqrt(-1) */
-  mpi_neg (t, t);
+  mpi_sub (t, ec->p, t);
   if (!mpi_cmp (t, u))
     {
       static gcry_mpi_t m1;  /* Fixme: this is not thread-safe.  */
@@ -263,7 +263,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec)
       mpi_mulm (t, x, x, ec->p);
       mpi_mulm (t, t, v, ec->p);
       /* -t == u ? x = x * sqrt(-1) */
-      mpi_neg (t, t);
+      mpi_sub (t, ec->p, t);
       if (!mpi_cmp (t, u))
         rc = GPG_ERR_INV_OBJ;
     }
@@ -835,7 +835,7 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, ECC_public_key *pkey,
 
   _gcry_mpi_ec_mul_point (&Ia, s, &pkey->E.G, ctx);
   _gcry_mpi_ec_mul_point (&Ib, h, &Q, ctx);
-  _gcry_mpi_neg (Ib.x, Ib.x);
+  _gcry_mpi_sub (Ib.x, ctx->p, Ib.x);
   _gcry_mpi_ec_add_points (&Ia, &Ia, &Ib, ctx);
   rc = _gcry_ecc_eddsa_encodepoint (&Ia, ctx, s, h, 0, &tbuf, &tlen);
   if (rc)
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 8dbf5bd..759ca42 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -783,10 +783,7 @@ ecc_check_secret_key (gcry_sexp_t keyparms)
       curvename = sexp_nth_string (l1, 1);
       if (curvename)
         {
-          rc = _gcry_ecc_update_curve_param (curvename,
-                                             &sk.E.model, &sk.E.dialect,
-                                             &sk.E.p, &sk.E.a, &sk.E.b,
-                                             &mpi_g, &sk.E.n, &sk.E.h);
+          rc = _gcry_ecc_fill_in_curve (0, curvename, &sk.E, NULL);
           if (rc)
             goto leave;
         }
diff --git a/mpi/ec.c b/mpi/ec.c
index f0b8374..26dd947 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -275,8 +275,9 @@ ec_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
 static void
 ec_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ec)
 {
-  (void)ec;
   mpi_sub (w, u, v);
+  while (w->sign)
+    mpi_add (w, w, ec->p);
   /*ec_mod (w, ec);*/
 }
 
@@ -811,10 +812,7 @@ dup_point_edwards (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
 
   /* E = aC */
   if (ctx->dialect == ECC_DIALECT_ED25519)
-    {
-      mpi_set (E, C);
-      _gcry_mpi_neg (E, E);
-    }
+    mpi_sub (E, ctx->p, C);
   else
     ec_mulm (E, ctx->a, C, ctx);
 
@@ -1092,11 +1090,7 @@ add_points_edwards (mpi_point_t result,
   /* Y_3 = A ? G ? (D - aC) */
   if (ctx->dialect == ECC_DIALECT_ED25519)
     {
-      /* Using ec_addm (Y3, D, C, ctx) is possible but a litte bit
-         slower because a subm does currently skip the mod step.  */
-      mpi_set (Y3, C);
-      _gcry_mpi_neg (Y3, Y3);
-      ec_subm (Y3, D, Y3, ctx);
+      ec_addm (Y3, D, C, ctx);
     }
   else
     {
@@ -1218,7 +1212,7 @@ sub_points_edwards (mpi_point_t result,
 {
   mpi_point_t p2i = _gcry_mpi_point_new (0);
   point_set (p2i, p2);
-  _gcry_mpi_neg (p2i->x, p2i->x);
+  mpi_sub (p2i->x, ctx->p, p2i->x);
   add_points_edwards (result, p1, p2i, ctx);
   _gcry_mpi_point_release (p2i);
 }
@@ -1538,10 +1532,7 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx)
         ec_pow2 (x, x, ctx);
         ec_pow2 (y, y, ctx);
         if (ctx->dialect == ECC_DIALECT_ED25519)
-          {
-            mpi_set (w, x);
-            _gcry_mpi_neg (w, w);
-          }
+          mpi_sub (w, ctx->p, x);
         else
           ec_mulm (w, ctx->a, x, ctx);
         ec_addm (w, w, y, ctx);
diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c
index 55c6b66..84da7cc 100644
--- a/tests/t-mpi-point.c
+++ b/tests/t-mpi-point.c
@@ -130,8 +130,8 @@ static struct
     {
       "Ed25519",
       "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
-      "-0x01",
-      "-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A",
+      "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC",
+      "0x52036CEE2B6FFE738CC740797779E89800700A4D4141D8AB75EB4DCA135978A3",
       "0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
       "0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
       "0x6666666666666666666666666666666666666666666666666666666666666658",

-----------------------------------------------------------------------

Summary of changes:
 cipher/ecc-curves.c | 12 ++++++++++--
 cipher/ecc-eddsa.c  |  6 +++---
 cipher/ecc.c        |  5 +----
 mpi/ec.c            | 21 ++++++---------------
 tests/t-mpi-point.c |  4 ++--
 5 files changed, 22 insertions(+), 26 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr  6 11:34:53 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Wed, 06 Apr 2016 11:34:53 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-123-g76ca869
Message-ID: <E1anjqx-0000yv-19@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  76ca869197e304daa5a8dd96ea43113ec7b28354 (commit)
      from  9354293b8c9f234939bc04182f15e2fe512e914e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 76ca869197e304daa5a8dd96ea43113ec7b28354
Author: Justus Winter <justus at g10code.com>
Date:   Wed Apr 6 11:34:11 2016 +0200

    Revert "g10: Support armored keyrings in gpgv."
    
    This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15.

diff --git a/doc/gpgv.texi b/doc/gpgv.texi
index 214fb99..1d9a81e 100644
--- a/doc/gpgv.texi
+++ b/doc/gpgv.texi
@@ -92,9 +92,6 @@ are replaced by the HOME directory. If the filename
 does not contain a slash, it is assumed to be in the
 home-directory ("~/.gnupg" if --homedir is not used).
 
-If @var{file} ends in @code{.asc} then it is assumed to be an armored
-keyring produced e.g. by @code{gpg --export}.
-
 @item --status-fd @var{n}
 @opindex status-fd
 Write special status strings to the file descriptor @var{n}.  See the
diff --git a/g10/Makefile.am b/g10/Makefile.am
index c901198..cd1d157 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -156,8 +156,7 @@ gpg_SOURCES  = gpg.c \
 gpgcompose_SOURCES  = gpgcompose.c  $(gpg_sources)
 gpgv_SOURCES = gpgv.c           \
 	      $(common_source)  \
-	      verify.c \
-	      dearmor.c
+	      verify.c
 
 #gpgd_SOURCES = gpgd.c \
 #	       ks-proto.h \
diff --git a/g10/dearmor.c b/g10/dearmor.c
index 3f1976f..3fdd57d 100644
--- a/g10/dearmor.c
+++ b/g10/dearmor.c
@@ -35,11 +35,10 @@
 #include "i18n.h"
 
 /****************
- * Take an armor file and write it out without armor.  If outfd is not
- * -1, the output will be written to the given file descriptor.
+ * Take an armor file and write it out without armor
  */
 int
-dearmor_file( const char *fname, int outfd )
+dearmor_file( const char *fname )
 {
     armor_filter_context_t *afx;
     IOBUF inp = NULL, out = NULL;
@@ -65,7 +64,7 @@ dearmor_file( const char *fname, int outfd )
 
     push_armor_filter ( afx, inp );
 
-    if( (rc = open_outfile (outfd, fname, 0, 0, &out)) )
+    if( (rc = open_outfile (-1, fname, 0, 0, &out)) )
 	goto leave;
 
     while( (c = iobuf_get(inp)) != -1 )
diff --git a/g10/gpg.c b/g10/gpg.c
index bb5e847..b9d69a7 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -4285,7 +4285,7 @@ main (int argc, char **argv)
       case aDeArmor:
 	if( argc > 1 )
 	    wrong_args("--dearmor [file]");
-	rc = dearmor_file( argc? *argv: NULL, -1 );
+	rc = dearmor_file( argc? *argv: NULL );
 	if( rc )
           {
             write_status_failure ("dearmor", rc);
diff --git a/g10/gpgv.c b/g10/gpgv.c
index de6529b..19a2ff6 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -25,7 +25,9 @@
 #include <string.h>
 #include <ctype.h>
 #include <unistd.h>
-#include <fcntl.h>
+#ifdef HAVE_DOSISH_SYSTEM
+#include <fcntl.h> /* for setmode() */
+#endif
 #ifdef HAVE_LIBREADLINE
 #define GNUPG_LIBREADLINE_H_INCLUDED
 #include <readline/readline.h>
@@ -133,66 +135,6 @@ my_strusage( int level )
 }
 
 
-static char *
-make_temp_dir (void)
-{
-  char *result;
-  char *tmp;
-#if defined (_WIN32)
-  int err;
-
-  tmp = xmalloc (MAX_PATH+2);
-  err = GetTempPath (MAX_PATH + 1, tmp);
-  if (err == 0 || err > MAX_PATH + 1)
-    strcpy (tmp, "c:\\windows\\temp");
-  else
-    {
-      int len = strlen (tmp);
-
-      /* GetTempPath may return with \ on the end */
-      while (len > 0 && tmp[len-1] == '\\')
-        {
-          tmp[len-1] = '\0';
-          len--;
-        }
-    }
-#else /* More unixish systems */
-  tmp = getenv ("TMPDIR");
-  if (tmp == NULL)
-    {
-      tmp = getenv ("TMP");
-      if (tmp == NULL)
-        {
-#ifdef __riscos__
-          tmp = "<Wimp$ScrapDir>.GnuPG";
-          mkdir (tmp, 0700); /* Error checks occur later on */
-#else
-          tmp = "/tmp";
-#endif
-        }
-    }
-#endif
-
-  result = xasprintf ("%s" DIRSEP_S "gpg-XXXXXX", tmp);
-
-#if defined (_WIN32)
-  xfree(tmp);
-#endif
-
-  if (result == NULL)
-    return NULL;
-
-  if (! gnupg_mkdtemp (result))
-    {
-      log_error (_("can't create directory '%s': %s\n"),
-                 result, strerror (errno));
-      xfree (result);
-      return NULL;
-    }
-
-  return result;
-}
-
 
 int
 main( int argc, char **argv )
@@ -201,7 +143,6 @@ main( int argc, char **argv )
   int rc=0;
   strlist_t sl;
   strlist_t nrings = NULL;
-  strlist_t tmprings = NULL;
   unsigned configlineno;
   ctrl_t ctrl;
 
@@ -275,63 +216,8 @@ main( int argc, char **argv )
                         (KEYDB_RESOURCE_FLAG_READONLY
                          |KEYDB_RESOURCE_FLAG_GPGVDEF));
   for (sl = nrings; sl; sl = sl->next)
-    {
-      char *name = sl->d;
-      if (strlen (name) >= 4
-          && strcmp (&name[strlen (name) - 4], ".asc") == 0)
-        {
-          /* The file is an armored keyring.  Dearmor it.  */
-          char *tmpdir = NULL, *tmpname = NULL;
-          int fd = -1, success;
+    keydb_add_resource (sl->d, KEYDB_RESOURCE_FLAG_READONLY);
 
-          tmpdir = make_temp_dir ();
-          if (tmpdir == NULL)
-            goto cleanup;
-
-          tmpname = xasprintf ("%s" DIRSEP_S "key", tmpdir);
-          if (tmpname == NULL)
-            goto cleanup;
-
-          if (! add_to_strlist_try (&tmprings, tmpname))
-            goto cleanup;
-
-#ifndef O_BINARY
-#define O_BINARY	0
-#endif
-          fd = open (tmpname, O_WRONLY|O_CREAT|O_BINARY, S_IRUSR);
-          if (fd == -1)
-            goto cleanup;
-
-          rc = dearmor_file (name, fd);
-          close (fd);
-          fd = -2;
-          if (rc)
-            goto cleanup;
-
-          keydb_add_resource (tmpname, KEYDB_RESOURCE_FLAG_READONLY);
-
-        cleanup:
-          success = tmpdir && tmpname && fd != -1;
-          if (fd >= 0)
-            close (fd);
-          if (tmpname)
-            {
-              if (! success)
-                unlink (tmpname);
-              xfree (tmpname);
-            }
-          if (tmpdir)
-            {
-              if (! success)
-                rmdir (tmpdir);
-              xfree (tmpdir);
-            }
-          if (! success)
-            g10_exit (1);
-        }
-      else
-        keydb_add_resource (name, KEYDB_RESOURCE_FLAG_READONLY);
-    }
   FREE_STRLIST (nrings);
 
   ctrl = xcalloc (1, sizeof *ctrl);
@@ -341,14 +227,6 @@ main( int argc, char **argv )
 
   xfree (ctrl);
 
-  for (sl = tmprings; sl; sl = sl->next)
-    {
-      unlink (sl->d);
-      sl->d[strlen (sl->d) - 4] = 0;
-      rmdir (sl->d);
-    }
-  FREE_STRLIST (tmprings);
-
   /* cleanup */
   g10_exit (0);
   return 8; /*NOTREACHED*/
diff --git a/g10/main.h b/g10/main.h
index 766c53f..5b5947e 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -389,7 +389,7 @@ gpg_error_t receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
 gpg_error_t export_ssh_key (ctrl_t ctrl, const char *userid);
 
 /*-- dearmor.c --*/
-int dearmor_file( const char *fname, int outfd );
+int dearmor_file( const char *fname );
 int enarmor_file( const char *fname );
 
 /*-- revoke.c --*/

-----------------------------------------------------------------------

Summary of changes:
 doc/gpgv.texi   |   3 --
 g10/Makefile.am |   3 +-
 g10/dearmor.c   |   7 ++-
 g10/gpg.c       |   2 +-
 g10/gpgv.c      | 130 ++------------------------------------------------------
 g10/main.h      |   2 +-
 6 files changed, 10 insertions(+), 137 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr  6 18:45:24 2016
From: cvs at cvs.gnupg.org (by Ineiev)
Date: Wed, 06 Apr 2016 18:45:24 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-124-g02ef6bb
Message-ID: <E1anqZY-0007Ec-PS@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  02ef6bb105bb2793115ea5e7868d722bf0aea0a1 (commit)
      from  76ca869197e304daa5a8dd96ea43113ec7b28354 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 02ef6bb105bb2793115ea5e7868d722bf0aea0a1
Author: Ineiev <ineiev at gnu.org>
Date:   Wed Apr 6 18:42:31 2016 +0200

    doc: Update help.ru.txt
    
    --

diff --git a/doc/help.ru.txt b/doc/help.ru.txt
index bd4ae14..5a98cb3 100644
--- a/doc/help.ru.txt
+++ b/doc/help.ru.txt
@@ -1,5 +1,6 @@
-# help.ru.txt - ru GnuPG online help
+# help.ru.txt - Russian GnuPG online help
 # Copyright (C) 2007 Free Software Foundation, Inc.
+# Copyright (C) 2016 Ineiev <ineiev at gnu.org> (translation)
 #
 # This file is part of GnuPG.
 #
@@ -7,244 +8,362 @@
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-# 
+#
 # GnuPG is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see <http://www.gnu.org/licenses/>.
 
+# The translated revision was taken from HEAD b8bb16c6c08d3c2947f1ff67
+# which is the same as the revision from STABLE-BRANCH-2-0 776bee6d370
+
+.#pinentry.qualitybar.tooltip
+# [remove the hash mark from the key to enable this text]
+# This entry is just an example on how to customize the tooltip shown
+# when hovering over the quality bar of the pinentry.  We don't
+# install this text so that the hardcoded translation takes
+# precedence.  An administrator should write up a short help to tell
+# the users about the configured passphrase constraints and save that
+# to /etc/gnupg/help.txt.  The help text should not be longer than
+# about 800 characters.
+???? ????????? ?????????? ???????? ????????? ???? ?????-??????.
+
+???? ????????? ???????, GnuPG ??????? ?????-?????? ??????????? ??????.
+???????? ? ?????? ?????????????? ???????? ?????????? ? ?????-??????.
+.
+
+
+.gnupg.agent-problem
+# There was a problem accessing or starting the agent.
+? ??????????? Gpg-Agent ???? ?????????? ????????????, ???? ????????
+???????? ?????????? ? ???.
+
+??????? ?????????? ??????? ??????? ??? ????????? Gpg-Agent
+??? ????????? ????????? ?????? ? ??????? ????-???????. ?????? ???????
+??????????? ??? ????? ???????????? ? ??????? ? ????????, ????
+???????????? ?? ??????. ???? ??????? ??????????, ??????? ????????
+????????? ??? ?? ????, ?? ??????? ???? ?????? ????????? ??????????,
+??? ????? ???????? ? ????????? ?????????.
+
+????????, ??? ??????? ???????? ????? ?????????? ? ??????????????.
+? ???????? ????????? ???? ????? ????? ? ????? ????? ? ???????;
+????? ????, ??? ???????. ? ????? ?????? ???????? ?? ????
+??????????????, ?????? ??? ??? ????????? ?? ??????? ? ?????????.
+.
+
+
+.gnupg.dirmngr-problem
+# There was a problen accessing the dirmngr.
+? ??????????? Dirmngr ???? ?????????? ????????????, ???? ????????
+???????? ?????????? ? ???.
+
+??? ????????? ??????? ?????? ???????????? ?? ????? ????????
+???????????? ? ??? ?????? ?????? ?? ????????? ???????? ???????
+?????????? ??????? ????????? ?????????? Dirmngr. ?????? ??? ????????
+??? ????????? ?????? (?????) ? ?? ????????? ? ?????-???? ?????????
+?? ??????? ????????????. ? ?????? ??????? ??????? ????? ?????????
+????? ????? Dirmngr ?? ??????? ???????; ??? ???????? ???????
+? ??????????? ????????????????.
+
+???? ?? ??????????? ? ???? ?????????, ?????????? ? ??????????
+??????????????. ? ???????? ?????????? ??????? ????? ???????????
+????????? ???????? ??????? ?????? ???????????? ? ?????????? gpgsm.
+.
+
 
 .gpg.edit_ownertrust.value
-?? ?????? ?????? ????? ????????; ??? ??????? ?? ????? ??????????????
-??????? ???????.  ??? ?????????? ??? ?????????? ???? ???????;
-? ?? ????? ?????? ?????? ? (?????? ?????????) ????? ????????????.
+# The help identies prefixed with "gpg." used to be hard coded in gpg
+# but may now be overridden by help texts from this file.
+???? ??????, ????????? ????? ????????; ??? ??????? ?? ????? ??????????
+??? ??????? ??????. ??? ??? ????? ??? ?????????? ???? ???????; ???
+????? ?? ??????? ? (?????? ???????????) ????? ????????????.
 .
 
 .gpg.edit_ownertrust.set_ultimate.okay
-??? ?????????? ???? ???????, GnuPG ?????? ?????, ? ????? ??????
-??????? ?????????? ??????? - ?????? ??? ????? ??? ??????? ? ??? ????
-????????? ????.  ???????? "yes" ??? ?????????? ??????????? ???????
-??????? ?????
+??? ?????????? ???? ??????? GnuPG ????? ?????, ????? ?????? ????????
+????????? - ?????? ??? ?????, ????????? ????? ??????? ? ??? ????.
+????? "??" ????????? ?????? ??????? ????? ?????.
 
-.
 
 .gpg.untrusted_key.override
-???? ?????? ???????????? ?????? ???????????? ???? - ???????? "yes".
+???? ?? ?????? ??? ????? ???????????? ???? ???????????? ??????,
+???????? "??".
 .
 
 .gpg.pklist.user_id.enter
-??????? User ID ????????, ???????? ?????? ????????? ?????????.
+??????? ID ???????????? - ?????????? ?????? ?????????.
 .
 
 .gpg.keygen.algo
 ???????? ????????.
 
-DSA (aka DSS) - Digital Signature Algorithm ????? ??????????????
-?????? ??? ????????.
+DSA (?? ?? DSS) ????? ????????? ?????? ??? ????????.
 
-Elgamal - ???????? ???????????? ?????? ??? ??????????.
+Elgamal - ???????? ?????? ??? ??????????.
 
-RSA ????? ?????????????? ? ??? ???????, ? ??? ??????????.
+RSA ????? ????????? ??? ?????????? ??? ????????.
 
-?????? (?? ?? ???????) ???? ?????? ?????? ???? ?????????????.
+?????? (?????????) ???? ?????? ?????? ???? ???????? ??? ????????.
 .
 
+
 .gpg.keygen.algo.rsa_se
-?????? ?? ????????????? ???????????? ???? ???? ? ??? ???????, ? ??? ??????????.
-?????? ???????? ??????? ???????????? ?????? ? ????????? ???????.
-??????????????????? ? ????? ????????? ?? ???????????? ????? ???,
-??? ???????????? ?????? ????.
+? ????? ????????? ???????????? ????? ? ??? ?? ?????? ? ??? ???????,
+? ??? ??????????. ??? ????? ???? ??????? ?????? ? ????????????
+???????. ??????????????????? ?? ????? ????????? ?? ????????????.
+.
+
+
+.gpg.keygen.flags
+???????? ??????? ?????.
+
+??????????? ????? ?????? ???????, ????????? ??? ??????????
+?????????.
+
+??? ??????? ????????? ????? ???? ???????????? ??????? ??????? '=',
+? ?? ??? ?????? ????, ???????? ????? ???????: '1' - ???????, '2' -
+??????????, '3' - ??????????????. ???????????? ????? ? ???????
+?? ???????????. ????? ????? ???????? ????? ??? ??????? ???????????.
 .
 
+
 .gpg.keygen.size
-??????? ?????? ?????
+??????? ?????? ?????.
+
+???????????? ???????? ?????? ?????? ????????.
+
+???? ??? ????? ???? ???????? ???????, ????????, 4096 ???, ?????????,
+????????????? ?? ??? ??? ??? ????? ?????. ??. ?????? ?? ????????
+http://www.xkcd.com/538/ .
 .
 
 .gpg.keygen.size.huge.okay
-???????? "yes" ??? "no"
+????????? "??" ??? "???".
 .
 
+
 .gpg.keygen.size.large.okay
-???????? "yes" ??? "no"
+????????? "??" ??? "???".
 .
 
+
 .gpg.keygen.valid
-??????? ????????? ????????, ??? ???????? ? ?????????.
-????? ?????? ???? ? ISO ??????? (YYYY-MM-DD), ?? ?? ?? ????????
-??????????? ??? ?????? ? ??????? - ?????? ????? ??????? ?????????
-???????????????? ????????? ???????? ??? ????????.
+??????? ?????? ????????, ??? ???????? ? ???????????.
+????? ?????? ???? ??? (????-??-??), ?? ????????? ?? ??????? ?????
+????????????????: ??????? ???????? ???????????????? ?????? ????????
+??? ????????.
 .
 
 .gpg.keygen.valid.okay
-???????? "yes" ??? "no"
+????????? "??" ??? "???".
 .
 
+
 .gpg.keygen.name
-??????? ??? ????????? ?????
+??????? ??? ????????? ?????.
+??????? "<" ? ">" ???????????.
+??????: ???? ??????
 .
 
+
 .gpg.keygen.email
-??????? ??????????????, ?? ????? ????????????? email ?????
+???????, ??????????, ????? ??????????? ????? (?????????????,
+?? ????? ?????????????).
+??????: vp at test.ru
 .
 
 .gpg.keygen.comment
-??????? ?????????????? ???????????
+???????, ??????????, ?????????????? ??????????.
+??????? "(" ? ")" ???????????.
+? ????? ? ????? ??? ?? ?????.
 .
 
+
 .gpg.keygen.userid.cmd
-N  ???????? ???.
-C  ???????? ???????????.
-E  ???????? email ?????.
+# (Keep a leading empty line)
+
+N  ??????? ???.
+C  ??????? ??????????.
+E  ??????? ?????.
 O  ?????????? ???????? ?????.
-Q  ????? ? ???????? ???????? ?????.
+Q  ?????????? ???????? ?????.
 .
 
 .gpg.keygen.sub.okay
-???????? "yes" (??? ?????? "y"), ???? ?????? ????????? ???????.
+??????? "??" (??? "y"), ????? ????????? ???????? ?????.
 .
 
 .gpg.sign_uid.okay
-???????? "yes" ??? "no"
+????????? "??" ??? "???".
 .
 
 .gpg.sign_uid.class
-????? ????????????? User ID ?????, ??????? ?????? ??????????????, ???
-???? ????????????? ??????????? ???????? ?????????? ? User ID. ??? ????? ?????
-??? ???, ??? ????????? ??? ?????? ?? ?????????? ????????????? User ID.
+????? ?? ???????????? ????????????? ???????????? ? ?????, ????? ???????
+??????????????, ??? ???? ??????????? ?????????? ? ?????????????? ????.
+?????? ??????? ?????, ????????? ????????? ?? ??? ?????????.
 
-"0" ????????, ??? ?? ?? ?????? ???????, ??? ?????? ?? ????????? ????.
-"1" ????????, ??? ?? ?????????, ??? ???? ??????????? ????????, ???????
-    ?????? ? ???, ?? ?? ?? ????? ??? ?? ????????? ???????? ????? ??????.
-    ??? ???????, ????? ?? ???????????? ???? ? ??????????? ????????.
+"0" ??????, ??? ?? ?? ??????????, ????????? ????????? ?? ????????? ????.
 
-"2" ????????, ??? ?? ?????? ???????????? ???????? ?????.  ????????, ??? ?????
-    ????????, ??? ?? ????????? ????????? ????? ? ????????? User ID ??
-    ????? ?? ????????? ???? ID.
+"1" ??????, ??? ?? ????????, ??? ???? ??????????? ??????????? ????, ?? ??
+    ?? ????? ????????? ??? ?? ????????? ????. ??? ??????? ??? ????????
+    "?????????", ????? ?? ???????????? ???? ? ???????????.
 
-"3" ????????, ??? ?? ????????? ???????????? ???????? ?????.  ????????, ??? ?????
-    ????????, ??? ?? ??????? ????????? ????? ? ?????????? ????? ?????
-    ? ??? ?? ??????? ??? ??????????? ???????????????????? ????????? ?
-    ??????????? (????? ??? ???????), ??? ??? ????????? ????? ????????? ?
-    ?????? ? User ID ????? ? ???????, ??? ?? ????????? (??????? ????????????
-    ????????), ??? email ????? ?? ????? ??????????? ????????? ?????.
+"2" ??????, ??? ?? ??????? ????????? ???????? ?????. ????????, ?????????
+    ????????? ????? ? ????????????? ???????????? ?? ?????
+    ?? ??????????????????.
 
-??????, ??? ??????? ?????? ??? ??????? 2 ? 3 - ?????? ???????.
-? ???????? ?????, ??? ??????, ??? ???????????????? "???????????" ? "???????????",
-??? ???????????? ????? ??????.
+"3" ??????, ??? ?? ??????? ?????????? ???????? ?????. ????????,
+    ?? ????????? ????????? ?????, ? ????? ????????? ?? ?????????????
+    ???????? (?????? ??? ???????), ??? ??? ????????? ????? ?????????
+    ? ?????? ????????, ?????????? ? ?????????????? ???????????? ?????;
+    ???????, ?? ?????????????? (??????????? ??????????? ??????), ???
+    ????? ??????????? ????? ??????????? ????????? ?????.
 
-???? ?? ?? ?????? ???????????? ? ?????????? ???????, ???????? "0".
+?????? ? ????, ??? ???????, ?????? ??? ??????? 2 ? 3 - ??? *??????*
+???????. ? ???????? ????? ?? ???? ???????, ??? ?????? "?????????"
+? "??????????" ????????, ????? ?? ???????????? ?????? ?????.
+
+???? ????????????? ? ???????, ????????? "0".
 .
 
 .gpg.change_passwd.empty.okay
-???????? "yes" ??? "no"
+????????? "??" ??? "???".
 .
 
+
 .gpg.keyedit.save.okay
-???????? "yes" ??? "no"
+????????? "??" ??? "???".
 .
 
+
 .gpg.keyedit.cancel.okay
-???????? "yes" ??? "no"
+????????? "??" ??? "???".
 .
 
 .gpg.keyedit.sign_all.okay
-???????? "yes", ???? ?????? ????????? ??? User ID
+???????? "??", ???? ?????? ????????? ??? ?????????????? ????????????.
 .
 
 .gpg.keyedit.remove.uid.okay
-???????? "yes", ???? ????????????? ?????? ??????? ?????? User ID.
-??? ??????????? ????? ????? ????????!
+???????? "??", ???? ????????????? ?????? ??????? ???? ?????????????
+????????????.
+??? ??????????? ????? ????? ???????!
 .
 
 .gpg.keyedit.remove.subkey.okay
-???????? "yes", ???? ?????? ??????? ???????
+???????? "??", ???? ??????? ????? ???????.
 .
 
+
 .gpg.keyedit.delsig.valid
-??? ?????????????? ??????? ?? ?????; ?????? ?? ??????????
-??????? ????? ???????, ??????, ??? ??? ????? ???? ????? ??? ????????????
-????????????? ????? ??? ?????? ?????? ??????????? ?????? ??????.
+??? ?????? ??????? ?????; ??? ???????, ?? ?? ????? ???????,
+????????? ????? ???? ????? ?????????? ????????? ??????? ?????
+???? ?????? ? ??????? ???????.
 .
 
 .gpg.keyedit.delsig.unknown
-?????? ??????? ?? ????? ???? ????????? ??????, ??? ?? ?? ??????
-???????????????? ?????.  ?????? ???????? ?? ????????, ???? ??
-???????, ????? ???? ??? ???????????, ?.?. ??? ??????? ?????
-????????????? ????????????? ????? ?????? ??? ?????????????? ?????.
+??? ??????? ?????? ?????????, ????????? ??????????? ???????????????
+????. ???????? ?? ????? ???????? ?? ??? ???, ???? ?? ??????
+????????, ????? ?? ?????? ??? ???????????, ??? ??? ???????
+????? ????? ????? ?? ?????????? ????????? ??????? ?????
+??????, ??? ????????????????? ????.
 .
 
 .gpg.keyedit.delsig.invalid
-??????? ???????????????.  ??? ???? ????????? ??????? ?? ??
-?????? ??????.
+??????? ???????????????. ????? ????? ??????? ?? ?? ????? ???????
+??????.
 .
 
 .gpg.keyedit.delsig.selfsig
-?????? ??????? ???????? ???????????? ? ??????????? User ID ? ?????.
-?????? ??? ?????? ???? ??????? ????? ???????.  ?? ????? ????
-GnuPG ????? ?? ????????? ???????????? ????? ???? ?????.
-??????? ??? ?????? ???? ?????? ??????????? ?? ????????????? ??
-?????-???? ???????? ? ?????????? ????????? ??????.
+??? ??????? ????????? ????????????? ???????????? ? ??????. ??????
+??????? ????? ??????? ?? ???????. ??? ????? ??????? ???? ???????????
+??? ??????????? ? GnuPG. ??? ??? ??????? ??? ?????? ???? ???
+??????????? ?? ?????-?? ??????? ??????????????? ? ???? ??????.
 .
 
 .gpg.keyedit.updpref.okay
-????????? ???????????? ??? ???? User ID (??? ?????? ??? ?????????)
-?? ??????? ?????? ????????????.  ??????? ??????? ?? ???? ??????????
-???????????? ????? ????????? ?? ???? ???????.
-
+???????? ???????????? ??? ???? ??????????????? ???????????? (???
+?????? ??? ?????????) ?? ??????? ?????? ????????????. ???? ????
+????????????, ??????? ??? ????????, ????? ???????? ??????
+?? ???? ???????.
 .
 
+
 .gpg.passphrase.enter
-??????? ?????-?????? (??? ????????? ??????) 
+# (keep a leading empty line)
 
+???????, ??????????, ?????-?????? (????????? ???????????).
 .
 
+
 .gpg.passphrase.repeat
-????????? ?????-??????, ????? ????????? ? ???, ??? ??? ??????? ?????????.
+????????? ????????? ?????-??????, ????? ?????????, ??? ?? ?? ????????.
 .
 
 .gpg.detached_signature.filename
-??????? ??? ?????, ? ???????? ????????? ?????? ???????
+??????? ??? ?????, ??????? ?????????????.
 .
 
 .gpg.openfile.overwrite.okay
-???????? "yes", ???? ?????? ???????????? ????
+# openfile.c (overwrite_filep)
+???????? "??", ???? ???? ????? ????????????.
 .
 
 .gpg.openfile.askoutname
-??????? ????? ??? ?????. ???? ??????? ?????? RETURN ????? ???????????
-?? ????????? ??? ????, ??????? ??????? ? ?????????? ???????.
+# openfile.c (ask_outfile_name)
+??????? ????? ??? ?????. ???? ?????? ?????? "Enter", ?????
+??????????? ???? ?? ????????? (?????? ? ???????).
 .
 
 .gpg.ask_revocation_reason.code
-?????? ??????? ??????? ??????? ?????? ?????.  ??????????? ?? 
-????????? ?????? - ?????? ??????? ???? ?? ????????? ?????????:
-  "???? ??? ????????????????"
-      ????????, ???? ?????????????, ??? ??????????? ???????
-      ??????? ?????? ? ?????? ?????????? ?????.
+# revoke.c (ask_revocation_reason)
+????? ??????? ??????? ??????. ????? ??????? ?? ??????:
+  "???? ??? ???????"
+      ???? ????????? ????????, ??? ?????-?? ???? ????????
+      ??????????????????? ?????? ? ?????????? ?????.
   "???? ??????? ??????"
-      ????????, ???? ????????? ?????? ???? ?? ??????.
+      ?? ???????? ???? ?? ?????.
   "???? ?????? ?? ????????????"
-      ????????, ???? ????????????? ?? ????????????? ??????? ?????.
-  "User ID ?????? ?? ????????????"
-      ????????, ???? ?????? ?? ??????????? ???????????? ?????? User ID.
-      ?????? ????????????, ??? ????????, ??? ?????? e-mail ??????
-      ?? ????????????
-
+      ?? ???? ????? ????????.
+  "ID ???????????? ?????? ?? ????????????"
+      ID ???????????? ?????? ?? ?????? ?????????????; ?????? ??? ??????,
+      ??? ????? ??????????? ????? ??????????????.
 .
 
 .gpg.ask_revocation_reason.text
-??? ????????????? ????? ????? ????????????????? ???????
-???????? ??????????? ??????.  ?????? ??????.
-??? ?????????? ??????? ?????? ??????.
-
+# revoke.c (ask_revocation_reason)
+???? ??????, ?????? ?????? ?????, ?????????? ???????, ?? ???????
+??????? ???? ?????????? ??????. ???????????, ??????????, ????.
+????? ????????????? ?????? ???????.
 .
 
 
 
+
+.gpgsm.root-cert-not-trusted
+# This text gets displayed by the audit log if
+# a root certificates was not trusted.
+??? ??????? ? ????????? ???????????. ? ??????????? ?? ????????
+??? ????? ?????????? ???????? ???? ???????? ?????????? ??? ??????????
+??? ??????? ??????? GnuPG, ??? ????? ??????????? ????? ????????.
+?????????? ??????????? ???????? ? ????? trustlist.txt ? ????????
+???????? GnuPG. ???? ????????????, ???????? ?????? ??????????
+??????????????, ??????? ?? ??? ???????? ????? ???????????.
+
+
+.gpgsm.crl-problem
+# This tex is displayed by the audit log for problems with
+# the CRL or OCSP checking.
+? ??????????? ?? ???????? ???????? ???????? ? ????????? ??????
+?????????? ???????????? ??? ? ?????????? ???????? ?? ?????????
+OCSP. ??? ????? ????????? ?? ????? ?????? ????????. ??????????
+? ???????????? ?? ?????????? ?????????.
+
+
 # Local variables:
-# mode: fundamental
+# mode: default-generic
 # coding: utf-8
 # End:

-----------------------------------------------------------------------

Summary of changes:
 doc/help.ru.txt | 333 ++++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 226 insertions(+), 107 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr  6 20:19:15 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 06 Apr 2016 20:19:15 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-373-g65c6314
Message-ID: <E1ans2M-0002Pm-Vp@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  65c63144b66392f40b991684789b8b793248e3ba (commit)
      from  6f386ceae86a058e26294f744750f1ed2a95e604 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 65c63144b66392f40b991684789b8b793248e3ba
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Apr 6 20:16:19 2016 +0200

    Allow building with configure option --enable-hmac-binary-check.
    
    * src/Makefile.am (mpicalc_LDADD): Add DL_LIBS.
    * src/fips.c (check_binary_integrity): Allow use of hmac256 output.
    * src/hmac256.c (main): Add option --stdkey
    --
    
    Note that when using that configure option "make check" won't work in
    one go.  Instead use
    
      make
      cd src/.libs
      ../hmac256  --stdkey '' libgcrypt.so.20 >.libgcrypt.so.20.hmac
      cd ../..
      make check
    
    Reported-by: Burt Silverman
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/Makefile.am b/src/Makefile.am
index aee2828..3cc4a55 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -131,7 +131,7 @@ dumpsexp_LDADD = $(arch_gpg_error_libs)
 
 mpicalc_SOURCES = mpicalc.c
 mpicalc_CFLAGS = $(GPG_ERROR_CFLAGS)
-mpicalc_LDADD = libgcrypt.la $(GPG_ERROR_LIBS)
+mpicalc_LDADD = libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
 
 hmac256_SOURCES = hmac256.c
 hmac256_CFLAGS = -DSTANDALONE $(arch_gpg_error_cflags)
diff --git a/src/fips.c b/src/fips.c
index 3311ba2..af3fe2c 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -637,11 +637,15 @@ check_binary_integrity (void)
                   int n;
 
                   /* The HMAC files consists of lowercase hex digits
-                     only with an optional trailing linefeed.  Fail if
-                     there is any garbage.  */
+                     with an optional trailing linefeed or optional
+                     with two trailing spaces.  The latter format
+                     allows the use of the usual sha1sum format.  Fail
+                     if there is any garbage.  */
                   err = gpg_error (GPG_ERR_SELFTEST_FAILED);
                   n = fread (buffer, 1, sizeof buffer, fp);
-                  if (n == 64 || (n == 65 && buffer[64] == '\n'))
+                  if (n == 64
+                      || (n == 65 && buffer[64] == '\n')
+                      || (n == 66 && buffer[64] == ' ' && buffer[65] == ' '))
                     {
                       buffer[64] = 0;
                       for (n=0, s= buffer;
diff --git a/src/hmac256.c b/src/hmac256.c
index 6b62ed3..ca1eb75 100644
--- a/src/hmac256.c
+++ b/src/hmac256.c
@@ -646,6 +646,7 @@ main (int argc, char **argv)
   size_t n, dlen, idx;
   int use_stdin = 0;
   int use_binary = 0;
+  int use_stdkey = 0;
 
   assert (sizeof (u32) == 4);
 #ifdef __WIN32
@@ -689,11 +690,16 @@ main (int argc, char **argv)
           argc--; argv++;
           use_binary = 1;
         }
+      else if (!strcmp (*argv, "--stdkey"))
+        {
+          argc--; argv++;
+          use_stdkey = 1;
+        }
     }
 
   if (argc < 1)
     {
-      fprintf (stderr, "usage: %s [--binary] key [filename]\n", pgm);
+      fprintf (stderr, "usage: %s [--binary] [--stdkey] key [filename]\n", pgm);
       exit (1);
     }
 
@@ -702,7 +708,7 @@ main (int argc, char **argv)
     setmode (fileno (stdout), O_BINARY);
 #endif
 
-  key = *argv;
+  key = use_stdkey? "What am I, a doctor or a moonshuttle conductor?" : *argv;
   argc--, argv++;
   keylen = strlen (key);
   use_stdin = !argc;

-----------------------------------------------------------------------

Summary of changes:
 src/Makefile.am |  2 +-
 src/fips.c      | 10 +++++++---
 src/hmac256.c   | 10 ++++++++--
 3 files changed, 16 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr  7 14:22:08 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Thu, 07 Apr 2016 14:22:08 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-126-g02cf135
Message-ID: <E1ao8wK-0004Ek-1l@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  02cf1357dd5ee34a57371f55b9d312b8b9e3a7e8 (commit)
       via  71040f48ef6bf88e88cb05c2aee8a77d682b2a33 (commit)
      from  02ef6bb105bb2793115ea5e7868d722bf0aea0a1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 02cf1357dd5ee34a57371f55b9d312b8b9e3a7e8
Author: Justus Winter <justus at g10code.com>
Date:   Thu Apr 7 13:55:42 2016 +0200

    g10: Fix exporting secret keys of certain sizes.
    
    * g10/build-packet.c (do_key): Do not use the header length specified
    by the public key packet from the keyring, but let 'write_header2'
    compute the required length.
    --
    Specifically exporting RSA keys of length 1024 failed, as the encoded
    public key packet requires 141 bytes a length that fits into one byte,
    but the secret key is significantly larger, making the export fail.
    
    GnuPG-bug-id: 2307
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/g10/build-packet.c b/g10/build-packet.c
index 40c466b..e244bda 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -486,7 +486,7 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
       /* Build the header of the packet - which we must do after
          writing all the other stuff, so that we know the length of
          the packet */
-      write_header2 (out, ctb, iobuf_get_temp_length(a), pk->hdrbytes);
+      write_header2 (out, ctb, iobuf_get_temp_length(a), 0);
        /* And finally write it out to the real stream. */
       err = iobuf_write_temp (out, a);
     }

commit 71040f48ef6bf88e88cb05c2aee8a77d682b2a33
Author: Justus Winter <justus at g10code.com>
Date:   Thu Apr 7 13:51:26 2016 +0200

    g10: Fix typo.
    
    --
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/g10/packet.h b/g10/packet.h
index c1aaedb..194c134 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -327,7 +327,7 @@ struct seckey_info
 /****************
  * The in-memory representation of a public key (RFC 4880, Section
  * 5.5).  Note: this structure contains significantly more information
- * thatn is contained in an OpenPGP public key packet.  This
+ * than is contained in an OpenPGP public key packet.  This
  * information is derived from the self-signed signatures (by
  * merge_keys_and_selfsig()) and is ignored when serializing the
  * packet.  The fields that are actually written out when serializing

-----------------------------------------------------------------------

Summary of changes:
 g10/build-packet.c | 2 +-
 g10/packet.h       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr  7 17:24:33 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 07 Apr 2016 17:24:33 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-374-g5e5d3b9
Message-ID: <E1aoBmp-0001rZ-8b@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  5e5d3b90e22a3caa6b48af3b5582d800a9fb73ad (commit)
      from  65c63144b66392f40b991684789b8b793248e3ba (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5e5d3b90e22a3caa6b48af3b5582d800a9fb73ad
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 7 09:21:44 2016 +0200

    Silence warning about missing HMAC-SHA3 selftests.
    
    --
    
    We do not have a reliable source for test vectors.

diff --git a/cipher/hmac-tests.c b/cipher/hmac-tests.c
index 46e1b22..8c04708 100644
--- a/cipher/hmac-tests.c
+++ b/cipher/hmac-tests.c
@@ -707,8 +707,8 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
     case GCRY_MD_SHA3_384:
     case GCRY_MD_SHA3_512:
       ec = 0;  /* FIXME: Add selftests.  */
-#ifdef __GNUC__
-# warning Please add the self text functions
+#if defined(__GNUC__) && defined(IS_DEVELOPMENT_VERSION)
+# warning Please add self test functions for HMAC-SHA3
 #endif
       break;
 

-----------------------------------------------------------------------

Summary of changes:
 cipher/hmac-tests.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr  7 17:25:52 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 07 Apr 2016 17:25:52 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH,
 created. libgcrypt-1.6.0-374-g5e5d3b9
Message-ID: <E1aoBo6-0001w8-Bp@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1-7-BRANCH has been created
        at  5e5d3b90e22a3caa6b48af3b5582d800a9fb73ad (commit)

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr  8 08:31:10 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 08 Apr 2016 08:31:10 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
 updated. gnupg-2.0.30-3-gd877528
Message-ID: <E1aoPwB-0003Kk-9c@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  d8775285e94b23f8e56a2997f9491dc486d74d79 (commit)
      from  7597147e0f41e11276632a28d03ef90d2d9b1006 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d8775285e94b23f8e56a2997f9491dc486d74d79
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 8 08:30:14 2016 +0200

    doc: Remove description of --faked-system-time from gpg.texi
    
    --
    
    This option is only available in 2.1.

diff --git a/doc/gpg.texi b/doc/gpg.texi
index ee31d75..23636e9 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2448,20 +2448,6 @@ be given in C syntax (e.g. 0x0042).
 @opindex debug-all
 Set all useful debugging flags.
 
- at ifset gpgone
- at item --debug-ccid-driver
- at opindex debug-ccid-driver
-Enable debug output from the included CCID driver for smartcards.
-Note that this option is only available on some system.
- at end ifset
-
- at item --faked-system-time @var{epoch}
- at opindex faked-system-time
-This option is only useful for testing; it sets the system time back or
-forth to @var{epoch} which is the number of seconds elapsed since the year
-1970.  Alternatively @var{epoch} may be given as a full ISO time string
-(e.g. "20070924T154812").
-
 @item --enable-progress-filter
 @opindex enable-progress-filter
 Enable certain PROGRESS status outputs. This option allows frontends

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi | 14 --------------
 1 file changed, 14 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr 11 18:24:27 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Mon, 11 Apr 2016 18:24:27 +0200
Subject: [git] GPGME - branch, gpgmepp, updated. gpgme-1.6.0-46-g8e7074d
Message-ID: <E1apect-0007Yh-0J@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, gpgmepp has been updated
       via  8e7074dbb8093cc342e330bcd6b172b4f769a0c6 (commit)
      from  d2b55101195efe9702e855a48fc6e21839fb98cc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8e7074dbb8093cc342e330bcd6b172b4f769a0c6
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Apr 11 18:21:26 2016 +0200

    Qt/Cpp: Bump so version to 6.
    
    * configure.ac (LIBGPGMEPP_LT_CURRENT, LIBQGPGME_LT_CURRENT): Bump.
    
    --
    While the KDE Frameworks versions had a different name increasing
    the number avoids a conflict with KDE4 versions and is generally
    more consistent.

diff --git a/configure.ac b/configure.ac
index bba3260..6f1640d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -61,11 +61,11 @@ LIBGPGME_LT_CURRENT=25
 LIBGPGME_LT_AGE=14
 LIBGPGME_LT_REVISION=0
 
-LIBGPGMEPP_LT_CURRENT=3
+LIBGPGMEPP_LT_CURRENT=6
 LIBGPGMEPP_LT_AGE=0
 LIBGPGMEPP_LT_REVISION=0
 
-LIBQGPGME_LT_CURRENT=1
+LIBQGPGME_LT_CURRENT=6
 LIBQGPGME_LT_AGE=0
 LIBQGPGME_LT_REVISION=0
 

-----------------------------------------------------------------------

Summary of changes:
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr 12 03:12:08 2016
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 12 Apr 2016 03:12:08 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-376-gee7e1a0
Message-ID: <E1apmrY-0005l3-2v@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  ee7e1a0e835f8ffcfbcba2a44abab8632db8fed5 (commit)
       via  7fbdb99b8c56360adfd1fb4e7f4c95e0f8aa34de (commit)
      from  5e5d3b90e22a3caa6b48af3b5582d800a9fb73ad (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ee7e1a0e835f8ffcfbcba2a44abab8632db8fed5
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Apr 12 09:58:12 2016 +0900

    ecc: Fix X25519 computation on Curve25519.
    
    * cipher/ecc.c (ecc_encrypt_raw): Tweak of bits when
    PUBKEY_FLAG_DJB_TWEAK is enabled.
    (ecc_decrypt_raw): Return 0 when PUBKEY_FLAG_DJB_TWEAK is enabled.
    * tests/t-cv25519.c (test_cv): Update by using gcry_pk_encrypt.
    
    --
    
    X25519 function is not a plain scalar multiplication, but does
    two things; the scalar bits are tweaked before applying scalar
    multiplication and X0 function is applied to the result of
    scalar multiplication.
    
    In libgcrypt, _gcry_mpi_ec_mul_point is a plain scalar multiplication
    and those two things are done in functions for ECDH with X25519.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/cipher/ecc.c b/cipher/ecc.c
index 7ab7244..f6b2b69 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1282,15 +1282,12 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
   rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx);
   if (rc)
     goto leave;
-  if (DBG_CIPHER)
-    log_mpidump ("ecc_encrypt data", data);
   if (mpi_is_opaque (data))
     {
       rc = GPG_ERR_INV_DATA;
       goto leave;
     }
 
-
   /*
    * Extract the key.
    */
@@ -1327,6 +1324,21 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
       pk.E.dialect = ECC_DIALECT_STANDARD;
     }
 
+  /*
+   * Tweak the scalar bits by cofactor and number of bits of the field.
+   * It assumes the cofactor is a power of 2.
+   */
+  if ((flags & PUBKEY_FLAG_DJB_TWEAK))
+    {
+      int i;
+
+      for (i = 0; i < mpi_get_nbits (pk.E.h) - 1; i++)
+        mpi_clear_bit (data, i);
+      mpi_set_highbit (data, mpi_get_nbits (pk.E.p) - 1);
+    }
+  if (DBG_CIPHER)
+    log_mpidump ("ecc_encrypt data", data);
+
   if (DBG_CIPHER)
     {
       log_debug ("ecc_encrypt info: %s/%s\n",
@@ -1607,7 +1619,13 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
     else
       y = mpi_new (0);
 
-    if (_gcry_mpi_ec_get_affine (x, y, &R, ec))
+    /*
+     * Here, x is 0.  In the X25519 computation on Curve25519, X0
+     * function maps infinity to zero.  So, when PUBKEY_FLAG_DJB_TWEAK
+     * is enabled, we can just skip the check to get the result of 0.
+     */
+    if (_gcry_mpi_ec_get_affine (x, y, &R, ec)
+        && !(flags & PUBKEY_FLAG_DJB_TWEAK))
       log_fatal ("ecdh: Failed to get affine coordinates\n");
 
     if (y)
diff --git a/tests/t-cv25519.c b/tests/t-cv25519.c
index 69aa005..7e551c2 100644
--- a/tests/t-cv25519.c
+++ b/tests/t-cv25519.c
@@ -192,8 +192,8 @@ test_cv (int testno, const char *k_str, const char *u_str,
   gpg_error_t err;
   void *buffer = NULL;
   size_t buflen;
-  unsigned char *p;
-  gcry_sexp_t s_sk = NULL;
+  gcry_sexp_t s_pk = NULL;
+  gcry_mpi_t mpi_k = NULL;
   gcry_sexp_t s_data = NULL;
   gcry_sexp_t s_result = NULL;
   gcry_sexp_t s_tmp = NULL;
@@ -210,29 +210,22 @@ test_cv (int testno, const char *k_str, const char *u_str,
       goto leave;
     }
 
-  /*
-   * Do what decodeScalar25519 does.
-   */
-  p = (unsigned char *)buffer;
-  p[0] &= 248;
-  p[31] &= 127;
-  p[31] |= 64;
   reverse_buffer (buffer, buflen);
+  if ((err = gcry_mpi_scan (&mpi_k, GCRYMPI_FMT_USG, buffer, buflen, NULL)))
+    {
+      fail ("error converting MPI for test %d: %s", testno, gpg_strerror (err));
+      goto leave;
+    }
 
-  if ((err = gcry_sexp_build (&s_sk, NULL,
-                              "(private-key"
-                              " (ecc"
-                              "  (curve \"Curve25519\")"
-                              "  (flags djb-tweak)"
-                              "  (d %b)))", (int)buflen, buffer)))
+  if ((err = gcry_sexp_build (&s_data, NULL, "%m", mpi_k)))
     {
       fail ("error building s-exp for test %d, %s: %s",
-            testno, "sk", gpg_strerror (err));
+            testno, "data", gpg_strerror (err));
       goto leave;
     }
 
   xfree (buffer);
-  if (!(buffer = hex2buffer (u_str, &buflen)))
+  if (!(buffer = hex2buffer (u_str, &buflen)) || buflen != 32)
     {
       fail ("error building s-exp for test %d, %s: %s",
             testno, "u", "invalid hex string");
@@ -247,26 +240,28 @@ test_cv (int testno, const char *k_str, const char *u_str,
    * We could add the prefix 0x40, but libgcrypt also supports
    * format with no prefix.  So, it is OK not to put the prefix.
    */
-  if ((err = gcry_sexp_build (&s_data, NULL,
-                              "(enc-val"
-                              " (ecdh"
-                              "  (e %b)))", (int)buflen, buffer)))
+  if ((err = gcry_sexp_build (&s_pk, NULL,
+                              "(public-key"
+                              " (ecc"
+                              "  (curve \"Curve25519\")"
+                              "  (flags djb-tweak)"
+                              "  (q%b)))", (int)buflen, buffer)))
     {
       fail ("error building s-exp for test %d, %s: %s",
-            testno, "data", gpg_strerror (err));
+            testno, "pk", gpg_strerror (err));
       goto leave;
     }
 
   xfree (buffer);
   buffer = NULL;
 
-  if ((err = gcry_pk_decrypt (&s_result, s_data, s_sk)))
-    fail ("gcry_pk_decrypt failed for test %d: %s", testno,
+  if ((err = gcry_pk_encrypt (&s_result, s_data, s_pk)))
+    fail ("gcry_pk_encrypt failed for test %d: %s", testno,
           gpg_strerror (err));
 
-  s_tmp = gcry_sexp_find_token (s_result, "value", 0);
+  s_tmp = gcry_sexp_find_token (s_result, "s", 0);
   if (!s_tmp || !(res = gcry_sexp_nth_buffer (s_tmp, 1, &res_len)))
-    fail ("gcry_pk_decrypt failed for test %d: %s", testno, "missing value");
+    fail ("gcry_pk_encrypt failed for test %d: %s", testno, "missing value");
   else
     {
       char *r, *r0;
@@ -275,16 +270,16 @@ test_cv (int testno, const char *k_str, const char *u_str,
       /* To skip the prefix 0x40, for-loop start with i=1 */
       r0 = r = xmalloc (2*(res_len)+1);
       if (!r0)
-	{
-	  fail ("memory allocation", testno);
-	  goto leave;
-	}
+        {
+          fail ("memory allocation", testno);
+          goto leave;
+        }
 
       for (i=1; i < res_len; i++, r += 2)
         snprintf (r, 3, "%02x", res[i]);
       if (strcmp (result_str, r0))
         {
-          fail ("gcry_pk_decrypt failed for test %d: %s",
+          fail ("gcry_pk_encrypt failed for test %d: %s",
                 testno, "wrong value returned");
           show ("  expected: '%s'", result_str);
           show ("       got: '%s'", r0);
@@ -294,10 +289,11 @@ test_cv (int testno, const char *k_str, const char *u_str,
 
  leave:
   xfree (res);
+  gcry_mpi_release (mpi_k);
   gcry_sexp_release (s_tmp);
   gcry_sexp_release (s_result);
   gcry_sexp_release (s_data);
-  gcry_sexp_release (s_sk);
+  gcry_sexp_release (s_pk);
   xfree (buffer);
 }
 
@@ -370,7 +366,7 @@ test_it (int testno, const char *k_str, int iter, const char *result_str)
       gcry_mpi_ec_get_affine (mpi_k, NULL, Q, ctx);
 
       if (debug)
-	print_mpi ("k", mpi_k);
+        print_mpi ("k", mpi_k);
     }
 
   {
@@ -383,8 +379,8 @@ test_it (int testno, const char *k_str, int iter, const char *result_str)
     r0 = r = xmalloc (65);
     if (!r0)
       {
-	fail ("memory allocation", testno);
-	goto leave;
+        fail ("memory allocation", testno);
+        goto leave;
       }
 
     for (i=0; i < 32; i++, r += 2)
@@ -395,7 +391,7 @@ test_it (int testno, const char *k_str, int iter, const char *result_str)
         fail ("curv25519 failed for test %d: %s",
               testno, "wrong value returned");
         show ("  expected: '%s'", result_str);
-	show ("       got: '%s'", r0);
+        show ("       got: '%s'", r0);
       }
     xfree (r0);
   }

commit 7fbdb99b8c56360adfd1fb4e7f4c95e0f8aa34de
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Apr 12 09:19:32 2016 +0900

    ecc: Fix initialization of EC context.
    
    * cipher/ecc.c (test_ecdh_only_keys, ecc_generate)
    (ecc_check_secret_key, ecc_encrypt_raw, ecc_decrypt_raw): Initialize
    by _gcry_mpi_ec_p_internal_new should carry FLAGS.
    
    --
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/cipher/ecc.c b/cipher/ecc.c
index 759ca42..7ab7244 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -356,7 +356,7 @@ test_ecdh_only_keys (ECC_secret_key *sk, unsigned int nbits, int flags)
       _gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM);
     }
 
-  ec = _gcry_mpi_ec_p_internal_new (pk.E.model, pk.E.dialect, 0,
+  ec = _gcry_mpi_ec_p_internal_new (pk.E.model, pk.E.dialect, flags,
                                     pk.E.p, pk.E.a, pk.E.b);
   x0 = mpi_new (0);
   x1 = mpi_new (0);
@@ -592,7 +592,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
       log_printpnt ("ecgen curve G", &E.G, NULL);
     }
 
-  ctx = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, 0, E.p, E.a, E.b);
+  ctx = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, flags, E.p, E.a, E.b);
 
   if (E.model == MPI_EC_MONTGOMERY)
     rc = nist_generate_key (&sk, &E, ctx, flags, nbits, &Qx, NULL);
@@ -830,7 +830,7 @@ ecc_check_secret_key (gcry_sexp_t keyparms)
       goto leave;
     }
 
-  ec = _gcry_mpi_ec_p_internal_new (sk.E.model, sk.E.dialect, 0,
+  ec = _gcry_mpi_ec_p_internal_new (sk.E.model, sk.E.dialect, flags,
                                     sk.E.p, sk.E.a, sk.E.b);
 
   if (mpi_q)
@@ -1349,7 +1349,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
     }
 
   /* Compute the encrypted value.  */
-  ec = _gcry_mpi_ec_p_internal_new (pk.E.model, pk.E.dialect, 0,
+  ec = _gcry_mpi_ec_p_internal_new (pk.E.model, pk.E.dialect, flags,
                                     pk.E.p, pk.E.a, pk.E.b);
 
   /* Convert the public key.  */
@@ -1570,7 +1570,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
     }
 
 
-  ec = _gcry_mpi_ec_p_internal_new (sk.E.model, sk.E.dialect, 0,
+  ec = _gcry_mpi_ec_p_internal_new (sk.E.model, sk.E.dialect, flags,
                                     sk.E.p, sk.E.a, sk.E.b);
 
   /*

-----------------------------------------------------------------------

Summary of changes:
 cipher/ecc.c      | 36 +++++++++++++++++++++--------
 tests/t-cv25519.c | 68 ++++++++++++++++++++++++++-----------------------------
 2 files changed, 59 insertions(+), 45 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr 12 09:43:53 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Tue, 12 Apr 2016 09:43:53 +0200
Subject: [git] GPGME - branch, gpgmepp, updated. gpgme-1.6.0-47-g6dba47c
Message-ID: <E1apsye-0001oY-Fr@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, gpgmepp has been updated
       via  6dba47c3a2c32d7c1e1d91a96030f99f606433ea (commit)
      from  8e7074dbb8093cc342e330bcd6b172b4f769a0c6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6dba47c3a2c32d7c1e1d91a96030f99f606433ea
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Apr 12 09:42:36 2016 +0200

    Fix configuration without Qt language
    
    * configure.ac: Define HAVE_DOXYGEN also if qt should not be built.

diff --git a/configure.ac b/configure.ac
index 6f1640d..2dcec49 100644
--- a/configure.ac
+++ b/configure.ac
@@ -291,13 +291,13 @@ if test "$found" = "1"; then
    if test -z "$DOXYGEN";
        then AC_MSG_WARN([Doxygen not found - Qt binding doc will not be built.])
    fi
-   AM_CONDITIONAL([HAVE_DOXYGEN],
-                  [test -n "$DOXYGEN"])
-
    # Make sure that qt comes after cpp
    enabled_languages=`echo $enabled_languages | sed 's/qt//'`
    enabled_languages=`echo $enabled_languages qt`
 fi
+AM_CONDITIONAL([HAVE_DOXYGEN],
+               [test -n "$DOXYGEN"])
+
 AC_SUBST(ENABLED_LANGUAGES, $enabled_languages)
 
 #

-----------------------------------------------------------------------

Summary of changes:
 configure.ac | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr 12 11:15:56 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 12 Apr 2016 11:15:56 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-377-gb6d2a25
Message-ID: <E1apuPj-0004n8-EZ@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  b6d2a25a275a35ec4dbd53ecaa9ea0ed7aa99c7b (commit)
      from  ee7e1a0e835f8ffcfbcba2a44abab8632db8fed5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b6d2a25a275a35ec4dbd53ecaa9ea0ed7aa99c7b
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 12 11:11:35 2016 +0200

    cipher: Buffer data from gcry_cipher_authenticate in OCB mode.
    
    * cipher/cipher-internal.h (gcry_cipher_handle): Add fields
    aad_leftover and aad_nleftover to u_mode.ocb.
    * cipher/cipher-ocb.c (_gcry_cipher_ocb_set_nonce): Clear
    aad_nleftover.
    (_gcry_cipher_ocb_authenticate): Add buffering and facor some code out
    to ...
    (ocb_aad_finalize): new.
    (compute_tag_if_needed): Call new function.
    * tests/basic.c (check_ocb_cipher_splitaad): New.
    (check_ocb_cipher): Call new function.
    (main): Also call check_cipher_modes with --ciper-modes.
    --
    
    It is more convenient to not require full blocks for
    gcry_cipher_authenticate.  Other modes than OCB do this as well.
    
    Note that the size of the context structure is not increased because
    other modes require more context data.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h
index 80e7c09..9fd1d91 100644
--- a/cipher/cipher-internal.h
+++ b/cipher/cipher-internal.h
@@ -274,10 +274,16 @@ struct gcry_cipher_handle
          checksum of the data.  */
       unsigned char aad_sum[OCB_BLOCK_LEN];
 
+      /* A buffer to store AAD data not yet processed.  */
+      unsigned char aad_leftover[OCB_BLOCK_LEN];
+
       /* Number of data/aad blocks processed so far.  */
       u64 data_nblocks;
       u64 aad_nblocks;
 
+      /* Number of valid bytes in AAD_LEFTOVER.  */
+      unsigned char aad_nleftover;
+
       /* Length of the tag.  Fixed for now but may eventually be
          specified using a set of gcry_cipher_flags.  */
       unsigned char taglen;
diff --git a/cipher/cipher-ocb.c b/cipher/cipher-ocb.c
index 6db1db3..92260d2 100644
--- a/cipher/cipher-ocb.c
+++ b/cipher/cipher-ocb.c
@@ -1,5 +1,5 @@
 /* cipher-ocb.c -  OCB cipher mode
- * Copyright (C) 2015 g10 Code GmbH
+ * Copyright (C) 2015, 2016 g10 Code GmbH
  *
  * This file is part of Libgcrypt.
  *
@@ -211,6 +211,7 @@ _gcry_cipher_ocb_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce,
   c->marks.finalize = 0;
   c->u_mode.ocb.data_nblocks = 0;
   c->u_mode.ocb.aad_nblocks = 0;
+  c->u_mode.ocb.aad_nleftover = 0;
   c->u_mode.ocb.data_finalized = 0;
   c->u_mode.ocb.aad_finalized = 0;
 
@@ -235,10 +236,7 @@ _gcry_cipher_ocb_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce,
 
 /* Process additional authentication data.  This implementation allows
    to add additional authentication data at any time before the final
-   gcry_cipher_gettag.  The size of the data provided in
-   (ABUF,ABUFLEN) must be a multiple of the blocksize.  If a
-   non-multiple of the blocksize is used no further data may be passed
-   to this function.  */
+   gcry_cipher_gettag.  */
 gcry_err_code_t
 _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf,
                                size_t abuflen)
@@ -254,6 +252,32 @@ _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf,
   /* Check correct usage and arguments.  */
   if (c->spec->blocksize != OCB_BLOCK_LEN)
     return GPG_ERR_CIPHER_ALGO;
+
+  /* Process remaining data from the last call first.  */
+  if (c->u_mode.ocb.aad_nleftover)
+    {
+      for (; abuflen && c->u_mode.ocb.aad_nleftover < OCB_BLOCK_LEN;
+           abuf++, abuflen--)
+        c->u_mode.ocb.aad_leftover[c->u_mode.ocb.aad_nleftover++] = *abuf;
+
+      if (c->u_mode.ocb.aad_nleftover == OCB_BLOCK_LEN)
+        {
+          c->u_mode.ocb.aad_nblocks++;
+
+          /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+          buf_xor_1 (c->u_mode.ocb.aad_offset,
+                     ocb_get_l (c, l_tmp, c->u_mode.ocb.aad_nblocks),
+                     OCB_BLOCK_LEN);
+          /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i)  */
+          buf_xor (l_tmp, c->u_mode.ocb.aad_offset,
+                   c->u_mode.ocb.aad_leftover, OCB_BLOCK_LEN);
+          c->spec->encrypt (&c->context.c, l_tmp, l_tmp);
+          buf_xor_1 (c->u_mode.ocb.aad_sum, l_tmp, OCB_BLOCK_LEN);
+
+          c->u_mode.ocb.aad_nleftover = 0;
+        }
+    }
+
   if (!abuflen)
     return 0;
 
@@ -291,31 +315,56 @@ _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf,
       abuflen -= OCB_BLOCK_LEN;
     }
 
-  /* Hash final partial block.  Note that we expect ABUFLEN to be
-     shorter than OCB_BLOCK_LEN.  */
-  if (abuflen)
+  /* Store away the remaining data.  */
+  for (; abuflen && c->u_mode.ocb.aad_nleftover < OCB_BLOCK_LEN;
+       abuf++, abuflen--)
+    c->u_mode.ocb.aad_leftover[c->u_mode.ocb.aad_nleftover++] = *abuf;
+  gcry_assert (!abuflen);
+
+  return 0;
+}
+
+
+/* Hash final partial AAD block.  */
+static void
+ocb_aad_finalize (gcry_cipher_hd_t c)
+{
+  unsigned char l_tmp[OCB_BLOCK_LEN];
+
+  /* Check that a nonce and thus a key has been set and that we have
+     not yet computed the tag.  We also skip this if the aad has been
+     finalized.  */
+  if (!c->marks.iv || c->marks.tag || c->u_mode.ocb.aad_finalized)
+    return;
+  if (c->spec->blocksize != OCB_BLOCK_LEN)
+    return;  /* Ooops.  */
+
+  /* Hash final partial block if any.  */
+  if (c->u_mode.ocb.aad_nleftover)
     {
       /* Offset_* = Offset_m xor L_*  */
       buf_xor_1 (c->u_mode.ocb.aad_offset,
                  c->u_mode.ocb.L_star, OCB_BLOCK_LEN);
       /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_*  */
-      buf_cpy (l_tmp, abuf, abuflen);
-      memset (l_tmp + abuflen, 0, OCB_BLOCK_LEN - abuflen);
-      l_tmp[abuflen] = 0x80;
+      buf_cpy (l_tmp, c->u_mode.ocb.aad_leftover, c->u_mode.ocb.aad_nleftover);
+      memset (l_tmp + c->u_mode.ocb.aad_nleftover, 0,
+              OCB_BLOCK_LEN - c->u_mode.ocb.aad_nleftover);
+      l_tmp[c->u_mode.ocb.aad_nleftover] = 0x80;
       buf_xor_1 (l_tmp, c->u_mode.ocb.aad_offset, OCB_BLOCK_LEN);
       /* Sum = Sum_m xor ENCIPHER(K, CipherInput)  */
       c->spec->encrypt (&c->context.c, l_tmp, l_tmp);
       buf_xor_1 (c->u_mode.ocb.aad_sum, l_tmp, OCB_BLOCK_LEN);
 
-      /* Mark AAD as finalized to avoid accidentally calling this
-         function again after a non-full block has been processed.  */
-      c->u_mode.ocb.aad_finalized = 1;
+      c->u_mode.ocb.aad_nleftover = 0;
     }
 
-  return 0;
+  /* Mark AAD as finalized so that gcry_cipher_ocb_authenticate can
+   * return an erro when called again.  */
+  c->u_mode.ocb.aad_finalized = 1;
 }
 
 
+
 /* Checksumming for encrypt and decrypt.  */
 static void
 ocb_checksum (unsigned char *chksum, const unsigned char *plainbuf,
@@ -507,6 +556,7 @@ compute_tag_if_needed (gcry_cipher_hd_t c)
 {
   if (!c->marks.tag)
     {
+      ocb_aad_finalize (c);
       buf_xor_1 (c->u_mode.ocb.tag, c->u_mode.ocb.aad_sum, OCB_BLOCK_LEN);
       c->marks.tag = 1;
     }
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index c710765..a78c5fd 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -1883,7 +1883,7 @@ the end of the input data. This is done with:
 Set a flag in the context to tell the encrypt and decrypt functions
 that their next call will provide the last chunk of data.  Only the
 first call to this function has an effect and only for modes which
-support it.  Checking the error in in general not necessary.  This is
+support it.  Checking the error is in general not necessary.  This is
 implemented as a macro.
 @end deftypefun
 
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index c269621..bd25d1b 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1065,7 +1065,7 @@ gcry_error_t gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag,
                                                      (oid), 0);
 
 /* Indicate to the encrypt and decrypt functions that the next call
-   provides the final data.  Only used with some modes. e */
+   provides the final data.  Only used with some modes.  */
 #define gcry_cipher_final(a) \
             gcry_cipher_ctl ((a), GCRYCTL_FINALIZE, NULL, 0)
 
diff --git a/tests/basic.c b/tests/basic.c
index 1a7d3cb..4940f6a 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -3596,6 +3596,236 @@ check_ocb_cipher_largebuf (int algo, int keylen, const char *tagexpect)
 
 
 static void
+check_ocb_cipher_splitaad (void)
+{
+  const char t_nonce[] = ("BBAA9988776655443322110D");
+  const char t_plain[] = ("000102030405060708090A0B0C0D0E0F1011121314151617"
+                          "18191A1B1C1D1E1F2021222324252627");
+  const char t_ciph[]  = ("D5CA91748410C1751FF8A2F618255B68A0A12E093FF45460"
+                          "6E59F9C1D0DDC54B65E8628E568BAD7AED07BA06A4A69483"
+                          "A7035490C5769E60");
+  struct {
+    const char *aad0;
+    const char *aad1;
+    const char *aad2;
+    const char *aad3;
+  } tv[] = {
+    {
+      "000102030405060708090A0B0C0D0E0F"
+      "101112131415161718191A1B1C1D1E1F2021222324252627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "101112131415161718191A1B1C1D1E1F",
+      "2021222324252627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "1011121314151617",
+      "18191A1B1C1D1E1F",
+      "2021222324252627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "101112131415161718191A1B1C1D1E1F",
+      "20",
+      "21222324252627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "101112131415161718191A1B1C1D1E1F",
+      "2021",
+      "222324252627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "101112131415161718191A1B1C1D1E1F",
+      "202122",
+      "2324252627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "101112131415161718191A1B1C1D1E1F",
+      "20212223",
+      "24252627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "101112131415161718191A1B1C1D1E1F",
+      "2021222324",
+      "252627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "101112131415161718191A1B1C1D1E1F",
+      "202122232425",
+      "2627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "101112131415161718191A1B1C1D1E1F",
+      "20212223242526"
+      "27"
+    },
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "1011121314151617",
+      "18191A1B1C1D1E1F2021222324252627"
+    },
+    {
+      "00",
+      "0102030405060708090A0B0C0D0E0F",
+      "1011121314151617",
+      "18191A1B1C1D1E1F2021222324252627"
+    },
+    {
+      "0001",
+      "02030405060708090A0B0C0D0E0F",
+      "1011121314151617",
+      "18191A1B1C1D1E1F2021222324252627"
+    },
+    {
+      "000102030405060708090A0B0C0D",
+      "0E0F",
+      "1011121314151617",
+      "18191A1B1C1D1E1F2021222324252627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E",
+      "0F",
+      "1011121314151617",
+      "18191A1B1C1D1E1F2021222324252627"
+    },
+    {
+      "000102030405060708090A0B0C0D0E",
+      "0F101112131415161718191A1B1C1D1E1F20212223242526",
+      "27"
+    }
+  };
+
+  gpg_error_t err = 0;
+  gcry_cipher_hd_t hde;
+  unsigned char out[MAX_DATA_LEN];
+  unsigned char tag[16];
+  int tidx;
+  char *key, *nonce, *ciph, *plain;
+  size_t keylen, noncelen, ciphlen, plainlen;
+  int i;
+
+  /* Convert to hex strings to binary.  */
+  key   = hex2buffer ("000102030405060708090A0B0C0D0E0F", &keylen);
+  nonce = hex2buffer (t_nonce, &noncelen);
+  plain = hex2buffer (t_plain, &plainlen);
+  ciph  = hex2buffer (t_ciph, &ciphlen);
+
+  /* Check that our test vectors are sane.  */
+  assert (plainlen <= sizeof out);
+  assert (16 <= ciphlen);
+  assert (16 <= sizeof tag);
+
+  for (tidx = 0; tidx < DIM (tv); tidx++)
+    {
+      char *aad[4];
+      size_t aadlen[4];
+
+      if (verbose)
+        fprintf (stderr, "    checking OCB aad split (tv %d)\n", tidx);
+
+      aad[0] = tv[tidx].aad0? hex2buffer (tv[tidx].aad0, aadlen+0) : NULL;
+      aad[1] = tv[tidx].aad1? hex2buffer (tv[tidx].aad1, aadlen+1) : NULL;
+      aad[2] = tv[tidx].aad2? hex2buffer (tv[tidx].aad2, aadlen+2) : NULL;
+      aad[3] = tv[tidx].aad3? hex2buffer (tv[tidx].aad3, aadlen+3) : NULL;
+
+      err = gcry_cipher_open (&hde, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OCB, 0);
+      if (err)
+        {
+          fail ("cipher-ocb-splitadd, gcry_cipher_open failed: %s\n",
+                gpg_strerror (err));
+          return;
+        }
+
+      err = gcry_cipher_setkey (hde, key, keylen);
+      if (err)
+        {
+          fail ("cipher-ocb-splitaad, gcry_cipher_setkey failed: %s\n",
+                gpg_strerror (err));
+          gcry_cipher_close (hde);
+          return;
+        }
+
+      err = gcry_cipher_setiv (hde, nonce, noncelen);
+      if (err)
+        {
+          fail ("cipher-ocb-splitaad, gcry_cipher_setiv failed: %s\n",
+                gpg_strerror (err));
+          gcry_cipher_close (hde);
+          return;
+        }
+
+      for (i=0; i < DIM (aad); i++)
+        {
+          if (!aad[i])
+            continue;
+          err = gcry_cipher_authenticate (hde, aad[i], aadlen[i]);
+          if (err)
+            {
+              fail ("cipher-ocb-splitaad,"
+                    " gcry_cipher_authenticate failed (tv=%d,i=%d): %s\n",
+                    tidx, i, gpg_strerror (err));
+              gcry_cipher_close (hde);
+              return;
+            }
+        }
+
+      err = gcry_cipher_final (hde);
+      if (!err)
+        err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, plain, plainlen);
+      if (err)
+        {
+          fail ("cipher-ocb-splitaad, gcry_cipher_encrypt failed: %s\n",
+                gpg_strerror (err));
+          gcry_cipher_close (hde);
+          return;
+        }
+
+      /* Check that the encrypt output matches the expected cipher
+         text without the tag (i.e. at the length of plaintext).  */
+      if (memcmp (ciph, out, plainlen))
+        {
+          mismatch (ciph, plainlen, out, plainlen);
+          fail ("cipher-ocb-splitaad, encrypt data mismatch\n");
+        }
+
+      /* Check that the tag matches TAGLEN bytes from the end of the
+         expected ciphertext.  */
+      err = gcry_cipher_gettag (hde, tag, 16);
+      if (err)
+        {
+          fail ("cipher-ocb-splitaad, gcry_cipher_gettag failed: %s\n",
+                gpg_strerror (err));
+        }
+      if (memcmp (ciph + ciphlen - 16, tag, 16))
+        {
+          mismatch (ciph + ciphlen - 16, 16, tag, 16);
+          fail ("cipher-ocb-splitaad, encrypt tag mismatch\n");
+        }
+
+
+      gcry_cipher_close (hde);
+      xfree (aad[0]);
+      xfree (aad[1]);
+      xfree (aad[2]);
+      xfree (aad[3]);
+    }
+
+  xfree (nonce);
+  xfree (ciph);
+  xfree (plain);
+  xfree (key);
+}
+
+
+static void
 check_ocb_cipher (void)
 {
   /* Check OCB cipher with separate destination and source buffers for
@@ -3636,6 +3866,9 @@ check_ocb_cipher (void)
   check_ocb_cipher_largebuf(GCRY_CIPHER_SERPENT256, 32,
 			    "\xe7\x8b\xe6\xd4\x2f\x7a\x36\x4c"
 			    "\xba\xee\x20\xe2\x68\xf4\xcb\xcc");
+
+  /* Check that the AAD data is correctly buffered.  */
+  check_ocb_cipher_splitaad ();
 }
 
 
@@ -9128,7 +9361,10 @@ main (int argc, char **argv)
       if (pubkey_only)
         check_pubkey ();
       else if (cipher_modes_only)
-        check_ciphers ();
+        {
+          check_ciphers ();
+          check_cipher_modes ();
+        }
       else if (!selftest_only)
         {
           check_ciphers ();

-----------------------------------------------------------------------

Summary of changes:
 cipher/cipher-internal.h |   6 ++
 cipher/cipher-ocb.c      |  80 +++++++++++++---
 doc/gcrypt.texi          |   2 +-
 src/gcrypt.h.in          |   2 +-
 tests/basic.c            | 238 ++++++++++++++++++++++++++++++++++++++++++++++-
 5 files changed, 310 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr 12 14:40:15 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 12 Apr 2016 14:40:15 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-130-g4159567
Message-ID: <E1apxbV-0003WG-Qe@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  4159567f7ed7a1139fdc3a6c92988e1648ad84ab (commit)
       via  100b413d7f69f6f091fd98185df4d579ce6ce0ce (commit)
       via  7faf131c8b8710419df3dc13a1228d1977c55f53 (commit)
       via  22b869adca877ff0826707109e7f7b391eb44441 (commit)
      from  02cf1357dd5ee34a57371f55b9d312b8b9e3a7e8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 12 14:37:26 2016 +0200

    agent: Implement new protection mode openpgp-s2k3-ocb-aes.
    
    * agent/protect.c (agent_protect): Add arg use_ocb.  Change all caller
    to pass -1 for default.
    * agent/protect-tool.c: New option --debug-use-ocb.
    (oDebugUseOCB): New.
    (opt_debug_use_ocb): New.
    (main): Set option.
    (read_and_protect): Implement option.
    
    * agent/protect.c (OCB_MODE_SUPPORTED): New macro.
    (PROT_DEFAULT_TO_OCB): New macro.
    (do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
    and timestamp_exp_len.  Implement OCB.
    (agent_protect): Change to support OCB.
    (do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
    Implement OCB.
    (merge_lists): Allow NULL for sha1hash.
    (agent_unprotect): Change to support OCB.
    (agent_private_key_type): Remove debug output.
    --
    
    Instead of using the old OpenPGP way of appending a hash of the
    plaintext and encrypt that along with the plaintext, the new scheme
    uses a proper authenticated encryption mode.  See keyformat.txt for a
    description.  Libgcrypt 1.7 is required.
    
    This mode is not yet enabled because there would be no way to return
    to an older GnuPG version.  To test the new scheme use
    gpg-protect-tool:
    
     ./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key
     ./gpg-protect-tool -av -P abc -u <prot.key
    
    Any key from the private key storage should work.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/agent.h b/agent/agent.h
index c2726bb..0dcb201 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -471,7 +471,7 @@ unsigned long get_standard_s2k_count (void);
 unsigned char get_standard_s2k_count_rfc4880 (void);
 int agent_protect (const unsigned char *plainkey, const char *passphrase,
                    unsigned char **result, size_t *resultlen,
-		   unsigned long s2k_count);
+		   unsigned long s2k_count, int use_ocb);
 int agent_unprotect (ctrl_t ctrl,
                      const unsigned char *protectedkey, const char *passphrase,
                      gnupg_isotime_t protected_at,
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 6e809f6..0e1d9fc 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3125,7 +3125,7 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase,
   gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n);
   /* FIXME: guarantee?  */
 
-  err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0);
+  err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0, -1);
 
  out:
 
diff --git a/agent/command.c b/agent/command.c
index dfe292d..c94fdd3 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2140,7 +2140,7 @@ cmd_import_key (assuan_context_t ctx, char *line)
   if (passphrase)
     {
       err = agent_protect (key, passphrase, &finalkey, &finalkeylen,
-                           ctrl->s2k_count);
+                           ctrl->s2k_count, -1);
       if (!err)
         err = agent_write_private_key (grip, finalkey, finalkeylen, force);
     }
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 8df6b8e..40d9a3e 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -1066,7 +1066,7 @@ convert_from_openpgp_native (ctrl_t ctrl,
 
           if (!agent_protect (*r_key, passphrase,
                               &protectedkey, &protectedkeylen,
-                              ctrl->s2k_count))
+                              ctrl->s2k_count, -1))
             agent_write_private_key (grip, protectedkey, protectedkeylen, 1);
           xfree (protectedkey);
         }
diff --git a/agent/genkey.c b/agent/genkey.c
index 2eec974..12c3e34 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -58,7 +58,7 @@ store_key (gcry_sexp_t private, const char *passphrase, int force,
     {
       unsigned char *p;
 
-      rc = agent_protect (buf, passphrase, &p, &len, s2k_count);
+      rc = agent_protect (buf, passphrase, &p, &len, s2k_count, -1);
       if (rc)
         {
           xfree (buf);
diff --git a/agent/keyformat.txt b/agent/keyformat.txt
index 150ea7c..e760412 100644
--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@@ -43,23 +43,6 @@ optional but required for some operations to calculate the fingerprint
 of the key.  This timestamp should be a string with the number of
 seconds since Epoch or an ISO time string (yyyymmddThhmmss).
 
-Actually this form should not be used for regular purposes and only
-accepted by gpg-agent with the configuration option:
---allow-non-canonical-key-format.  The regular way to represent the
-keys is in canonical representation[3]:
-
-(private-key
-   (rsa
-    (n #00e0ce9..[some bytes not shown]..51#)
-    (e #010001#)
-    (d #046129F..[some bytes not shown]..81#)
-    (p #00e861b..[some bytes not shown]..f1#)
-    (q #00f7a7c..[some bytes not shown]..61#)
-    (u #304559a..[some bytes not shown]..9b#)
-   )
-   (uri http://foo.bar x-foo:whatever_you_want)
-)
-
 
 Protected Private Key Format
 ==============================
@@ -90,7 +73,7 @@ The currently defined protection modes are:
 
   This describes an algorithm using using AES in CBC mode for
   encryption, SHA-1 for integrity protection and the String to Key
-  algorithm 3 from OpenPGP (rfc2440).
+  algorithm 3 from OpenPGP (rfc4880).
 
   Example:
 
@@ -116,7 +99,7 @@ The currently defined protection modes are:
   easily be stripped by looking for the end of the list.
 
   The hash is calculated on the concatenation of the public key and
-  secret key parameter lists: i.e it is required to hash the
+  secret key parameter lists: i.e. it is required to hash the
   concatenation of these 6 canonical encoded lists for RSA, including
   the parenthesis, the algorithm keyword and (if used) the protected-at
   list.
@@ -135,7 +118,46 @@ The currently defined protection modes are:
   the stored one - If they don't match the integrity of the key is not
   given.
 
-2. openpgp-native
+2. openpgp-s2k3-ocb-aes
+
+  This describes an algorithm using using AES-128 in OCB mode, a nonce
+  of 96 bit, a taglen of 128 bit, and the String to Key algorithm 3
+  from OpenPGP (rfc4880).
+
+  Example:
+
+  (protected openpgp-s2k3-ocb-aes
+    ((sha1 16byte_salt no_of_iterations) 12byte_nonce)
+    encrypted_octet_string
+  )
+
+  The encrypted_octet string should yield this S-Exp (in canonical
+  representation) after decryption:
+
+  (
+   (
+    (d #046129F..[some bytes not shown]..81#)
+    (p #00e861b..[some bytes not shown]..f1#)
+    (q #00f7a7c..[some bytes not shown]..61#)
+    (u #304559a..[some bytes not shown]..9b#)
+   )
+  )
+
+  For padding reasons, random bytes may be appended to this list -
+  they can easily be stripped by looking for the end of the list.
+
+  The associated data required for this protection mode is the list
+  formiing the public key parameters.  For the above example this is
+  is this canonical encoded S-expression:
+
+  (rsa
+   (n #00e0ce9..[some bytes not shown]..51#)
+   (e #010001#)
+   (protected-at "18950523T000000")
+  )
+
+
+3. openpgp-native
 
   This is a wrapper around the OpenPGP Private Key Transport format
   which resembles the standard OpenPGP format and allows the use of an
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index 03dbda9..1871ac7 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -69,6 +69,7 @@ enum cmd_and_opt_values
   oHomedir,
   oPrompt,
   oStatusMsg,
+  oDebugUseOCB,
 
   oAgentProgram
 };
@@ -96,6 +97,7 @@ static const char *opt_passphrase;
 static char *opt_prompt;
 static int opt_status_msg;
 static const char *opt_agent_program;
+static int opt_debug_use_ocb;
 
 static char *get_passphrase (int promptno);
 static void release_passphrase (char *pw);
@@ -132,6 +134,8 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
 
+  ARGPARSE_s_n (oDebugUseOCB,  "debug-use-ocb", "@"), /* For hacking only.  */
+
   ARGPARSE_end ()
 };
 
@@ -333,7 +337,8 @@ read_and_protect (const char *fname)
     return;
 
   pw = get_passphrase (1);
-  rc = agent_protect (key, pw, &result, &resultlen, 0);
+  rc = agent_protect (key, pw, &result, &resultlen, 0,
+                      opt_debug_use_ocb? 1 : -1);
   release_passphrase (pw);
   xfree (key);
   if (rc)
@@ -598,6 +603,7 @@ main (int argc, char **argv )
         case oHaveCert: opt_have_cert = 1; break;
         case oPrompt: opt_prompt = pargs.r.ret_str; break;
         case oStatusMsg: opt_status_msg = 1; break;
+        case oDebugUseOCB: opt_debug_use_ocb = 1; break;
 
         default: pargs.err = ARGPARSE_PRINT_ERROR; break;
 	}
diff --git a/agent/protect.c b/agent/protect.c
index f037703..a78d5a5 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -41,6 +41,18 @@
 #include "cvt-openpgp.h"
 #include "sexp-parse.h"
 
+
+#if GCRYPT_VERSION_NUMBER < 0x010700
+# define OCB_MODE_SUPPORTED 0
+#else
+# define OCB_MODE_SUPPORTED 1
+#endif
+
+/* To use the openpgp-s2k3-ocb-aes scheme by default set the value of
+ * this macro to 1.  Note that the caller of agent_protect may
+ * override this default.  */
+#define PROT_DEFAULT_TO_OCB 0
+
 /* The protection mode for encryption.  The supported modes for
    decryption are listed in agent_unprotect().  */
 #define PROT_CIPHER        GCRY_CIPHER_AES128
@@ -87,6 +99,7 @@ hash_passphrase (const char *passphrase, int hashalgo,
                  unsigned char *key, size_t keylen);
 
 
+
 

 /* Get the process time and store it in DATA.  */
 static void
@@ -302,70 +315,108 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
    encrypted block in RESULT or return with an error code.  SHA1HASH
    is the 20 byte SHA-1 hash required for the integrity code.
 
-   The parameter block is expected to be an incomplete S-Expression of
-   the form (example in advanced format):
+   The parameter block is expected to be an incomplete canonical
+   encoded S-Expression of the form (example in advanced format):
 
      (d #046129F..[some bytes not shown]..81#)
      (p #00e861b..[some bytes not shown]..f1#)
      (q #00f7a7c..[some bytes not shown]..61#)
      (u #304559a..[some bytes not shown]..9b#)
 
-   the returned block is the S-Expression:
+     the returned block is the S-Expression:
 
-    (protected mode (parms) encrypted_octet_string)
+     (protected mode (parms) encrypted_octet_string)
 
 */
 static int
-do_encryption (const unsigned char *protbegin, size_t protlen,
-               const char *passphrase,  const unsigned char *sha1hash,
+do_encryption (const unsigned char *hashbegin, size_t hashlen,
+               const unsigned char *protbegin, size_t protlen,
+               const char *passphrase,
+               const char *timestamp_exp, size_t timestamp_exp_len,
                unsigned char **result, size_t *resultlen,
-	       unsigned long s2k_count)
+	       unsigned long s2k_count, int use_ocb)
 {
   gcry_cipher_hd_t hd;
-  const char *modestr = "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc";
+  const char *modestr;
+  unsigned char hashvalue[20];
   int blklen, enclen, outlen;
   unsigned char *iv = NULL;
+  unsigned int ivsize;  /* Size of the buffer allocated for IV.  */
+  const unsigned char *s2ksalt; /* Points into IV.  */
   int rc;
   char *outbuf = NULL;
   char *p;
   int saltpos, ivpos, encpos;
 
+  s2ksalt = iv;  /* Silence compiler warning.  */
+
   *resultlen = 0;
   *result = NULL;
 
-  rc = gcry_cipher_open (&hd, PROT_CIPHER, GCRY_CIPHER_MODE_CBC,
+  if (use_ocb && !OCB_MODE_SUPPORTED)
+    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
+
+  modestr = (use_ocb? "openpgp-s2k3-ocb-aes"
+             /*   */: "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc");
+
+  rc = gcry_cipher_open (&hd, PROT_CIPHER,
+#if OCB_MODE_SUPPORTED
+                         use_ocb? GCRY_CIPHER_MODE_OCB :
+#endif
+                         GCRY_CIPHER_MODE_CBC,
                          GCRY_CIPHER_SECURE);
   if (rc)
     return rc;
 
-
   /* We need to work on a copy of the data because this makes it
-     easier to add the trailer and the padding and more important we
-     have to prefix the text with 2 parenthesis, so we have to
-     allocate enough space for:
-
-     ((<parameter_list>)(4:hash4:sha120:<hashvalue>)) + padding
-
-     We always append a full block of random bytes as padding but
-     encrypt only what is needed for a full blocksize.  */
+   * easier to add the trailer and the padding and more important we
+   * have to prefix the text with 2 parenthesis.  In CBC mode we
+   * have to allocate enough space for:
+   *
+   *   ((<parameter_list>)(4:hash4:sha120:<hashvalue>)) + padding
+   *
+   * we always append a full block of random bytes as padding but
+   * encrypt only what is needed for a full blocksize.  In OCB mode we
+   * have to allocate enough space for just:
+   *
+   *   ((<parameter_list>))
+   */
   blklen = gcry_cipher_get_algo_blklen (PROT_CIPHER);
-  outlen = 2 + protlen + 2 + 6 + 6 + 23 + 2 + blklen;
-  enclen = outlen/blklen * blklen;
-  outbuf = gcry_malloc_secure (outlen);
+  if (use_ocb)
+    {
+      /*       ((            )) */
+      outlen = 2 + protlen + 2 ;
+      enclen = outlen + 16 /* taglen */;
+      outbuf = gcry_malloc_secure (enclen);
+    }
+  else
+    {
+      /*       ((            )( 4:hash 4:sha1 20:<hash> ))  <padding>  */
+      outlen = 2 + protlen + 2 + 6   + 6    + 23      + 2 + blklen;
+      enclen = outlen/blklen * blklen;
+      outbuf = gcry_malloc_secure (outlen);
+    }
   if (!outbuf)
     rc = out_of_core ();
+
+  /* Allocate a buffer for the nonce and the salt.  */
   if (!rc)
     {
-      /* Allocate random bytes to be used as IV, padding and s2k salt. */
-      iv = xtrymalloc (blklen*2+8);
+      /* Allocate random bytes to be used as IV, padding and s2k salt
+       * or in OCB mode for a nonce and the s2k salt.  The IV/nonce is
+       * set later because for OCB we need to set the key first.  */
+      ivsize = (use_ocb? 12 : (blklen*2)) + 8;
+      iv = xtrymalloc (ivsize);
       if (!iv)
-        rc = gpg_error (GPG_ERR_ENOMEM);
+        rc = gpg_error_from_syserror ();
       else
         {
-          gcry_create_nonce (iv, blklen*2+8);
-          rc = gcry_cipher_setiv (hd, iv, blklen);
+          gcry_create_nonce (iv, ivsize);
+          s2ksalt = iv + ivsize - 8;
         }
     }
+
+  /* Hash the passphrase and set the key.  */
   if (!rc)
     {
       unsigned char *key;
@@ -377,14 +428,52 @@ do_encryption (const unsigned char *protbegin, size_t protlen,
       else
         {
           rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
-                                3, iv+2*blklen,
-				s2k_count ? s2k_count : get_standard_s2k_count(),
+                                3, s2ksalt,
+				s2k_count? s2k_count:get_standard_s2k_count(),
 				key, keylen);
           if (!rc)
             rc = gcry_cipher_setkey (hd, key, keylen);
           xfree (key);
         }
     }
+
+  /* Set the IV/nonce.  */
+  if (!rc)
+    {
+      rc = gcry_cipher_setiv (hd, iv, use_ocb? 12 : blklen);
+    }
+
+  if (use_ocb)
+    {
+      /* In OCB Mode we use only the public key parameters as AAD.  */
+      rc = gcry_cipher_authenticate (hd, hashbegin, protbegin - hashbegin);
+      if (!rc)
+        rc = gcry_cipher_authenticate (hd, timestamp_exp, timestamp_exp_len);
+      if (!rc)
+        rc = gcry_cipher_authenticate
+          (hd, protbegin+protlen, hashlen - (protbegin+protlen - hashbegin));
+
+    }
+  else
+    {
+      /* Hash the entire expression for CBC mode.  Because
+       * TIMESTAMP_EXP won't get protected, we can't simply hash a
+       * continuous buffer but need to call md_write several times.  */
+      gcry_md_hd_t md;
+
+      rc = gcry_md_open (&md, GCRY_MD_SHA1, 0 );
+      if (!rc)
+        {
+          gcry_md_write (md, hashbegin, hashlen);
+          gcry_md_write (md, timestamp_exp, timestamp_exp_len);
+          gcry_md_write (md, ")", 1);
+          memcpy (hashvalue, gcry_md_read (md, GCRY_MD_SHA1), 20);
+          gcry_md_close (md);
+        }
+    }
+
+
+  /* Encrypt.  */
   if (!rc)
     {
       p = outbuf;
@@ -392,17 +481,42 @@ do_encryption (const unsigned char *protbegin, size_t protlen,
       *p++ = '(';
       memcpy (p, protbegin, protlen);
       p += protlen;
-      memcpy (p, ")(4:hash4:sha120:", 17);
-      p += 17;
-      memcpy (p, sha1hash, 20);
-      p += 20;
-      *p++ = ')';
-      *p++ = ')';
-      memcpy (p, iv+blklen, blklen);
-      p += blklen;
+      if (use_ocb)
+        {
+          *p++ = ')';
+          *p++ = ')';
+        }
+      else
+        {
+          memcpy (p, ")(4:hash4:sha120:", 17);
+          p += 17;
+          memcpy (p, hashvalue, 20);
+          p += 20;
+          *p++ = ')';
+          *p++ = ')';
+          memcpy (p, iv+blklen, blklen); /* Add padding.  */
+          p += blklen;
+        }
       assert ( p - outbuf == outlen);
-      rc = gcry_cipher_encrypt (hd, outbuf, enclen, NULL, 0);
+#if OCB_MODE_SUPPORTED
+      if (use_ocb)
+        {
+          gcry_cipher_final (hd);
+          rc = gcry_cipher_encrypt (hd, outbuf, outlen, NULL, 0);
+          if (!rc)
+            {
+              log_assert (outlen + 16 == enclen);
+              rc = gcry_cipher_gettag (hd, outbuf + outlen, 16);
+            }
+        }
+      else
+#endif /*OCB_MODE_SUPPORTED*/
+        {
+          rc = gcry_cipher_encrypt (hd, outbuf, enclen, NULL, 0);
+        }
     }
+
+  /* Release cipher handle and check for errors.  */
   gcry_cipher_close (hd);
   if (rc)
     {
@@ -429,7 +543,7 @@ do_encryption (const unsigned char *protbegin, size_t protlen,
        (int)strlen (modestr), modestr,
        &saltpos,
        (unsigned int)strlen (countbuf), countbuf,
-       blklen, &ivpos, blklen, "",
+       use_ocb? 12 : blklen, &ivpos, use_ocb? 12 : blklen, "",
        enclen, &encpos, enclen, "");
     if (!p)
       {
@@ -438,11 +552,12 @@ do_encryption (const unsigned char *protbegin, size_t protlen,
         xfree (outbuf);
         return tmperr;
       }
+
   }
   *resultlen = strlen (p);
   *result = (unsigned char*)p;
-  memcpy (p+saltpos, iv+2*blklen, 8);
-  memcpy (p+ivpos, iv, blklen);
+  memcpy (p+saltpos, s2ksalt, 8);
+  memcpy (p+ivpos, iv, use_ocb? 12 : blklen);
   memcpy (p+encpos, outbuf, enclen);
   xfree (iv);
   xfree (outbuf);
@@ -452,11 +567,13 @@ do_encryption (const unsigned char *protbegin, size_t protlen,
 
 
 /* Protect the key encoded in canonical format in PLAINKEY.  We assume
-   a valid S-Exp here. */
+   a valid S-Exp here.  With USE_UCB set to -1 the default scheme is
+   used (ie. either CBC or OCB), set to 0 the old CBC mode is used,
+   and set to 1 OCB is used. */
 int
 agent_protect (const unsigned char *plainkey, const char *passphrase,
                unsigned char **result, size_t *resultlen,
-	       unsigned long s2k_count)
+	       unsigned long s2k_count, int use_ocb)
 {
   int rc;
   const char *parmlist;
@@ -466,15 +583,16 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
   const unsigned char *prot_begin, *prot_end, *real_end;
   size_t n;
   int c, infidx, i;
-  unsigned char hashvalue[20];
   char timestamp_exp[35];
   unsigned char *protected;
   size_t protectedlen;
   int depth = 0;
   unsigned char *p;
-  gcry_md_hd_t md;
   int have_curve = 0;
 
+  if (use_ocb == -1)
+    use_ocb = PROT_DEFAULT_TO_OCB;
+
   /* Create an S-expression with the protected-at timestamp.  */
   memcpy (timestamp_exp, "(12:protected-at15:", 19);
   gnupg_get_isotime (timestamp_exp+19);
@@ -575,21 +693,10 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
   assert (!depth);
   real_end = s-1;
 
-  /* Hash the stuff.  Because the timestamp_exp won't get protected,
-     we can't simply hash a continuous buffer but need to use several
-     md_writes.  */
-  rc = gcry_md_open (&md, GCRY_MD_SHA1, 0 );
-  if (rc)
-    return rc;
-  gcry_md_write (md, hash_begin, hash_end - hash_begin);
-  gcry_md_write (md, timestamp_exp, 35);
-  gcry_md_write (md, ")", 1);
-  memcpy (hashvalue, gcry_md_read (md, GCRY_MD_SHA1), 20);
-  gcry_md_close (md);
-
-  rc = do_encryption (prot_begin, prot_end - prot_begin + 1,
-                      passphrase,  hashvalue,
-                      &protected, &protectedlen, s2k_count);
+  rc = do_encryption (hash_begin, hash_end - hash_begin + 1,
+                      prot_begin, prot_end - prot_begin + 1,
+                      passphrase, timestamp_exp, sizeof (timestamp_exp),
+                      &protected, &protectedlen, s2k_count, use_ocb);
   if (rc)
     return rc;
 
@@ -631,11 +738,13 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
 

 /* Do the actual decryption and check the return list for consistency.  */
 static int
-do_decryption (const unsigned char *protected, size_t protectedlen,
+do_decryption (const unsigned char *aad_begin, size_t aad_len,
+               const unsigned char *aadhole_begin, size_t aadhole_len,
+               const unsigned char *protected, size_t protectedlen,
                const char *passphrase,
                const unsigned char *s2ksalt, unsigned long s2kcount,
                const unsigned char *iv, size_t ivlen,
-               int prot_cipher, int prot_cipher_keylen,
+               int prot_cipher, int prot_cipher_keylen, int is_ocb,
                unsigned char **result)
 {
   int rc = 0;
@@ -644,11 +753,29 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
   unsigned char *outbuf;
   size_t reallen;
 
+  if (is_ocb && !OCB_MODE_SUPPORTED)
+    return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
+
   blklen = gcry_cipher_get_algo_blklen (prot_cipher);
-  if (protectedlen < 4 || (protectedlen%blklen))
-    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+  if (is_ocb)
+    {
+      /* OCB does not require a multiple of the block length but we
+       * check that it is long enough for the 128 bit tag and that we
+       * have the 96 bit nonce.  */
+      if (protectedlen < (4 + 16) || ivlen != 12)
+        return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+    }
+  else
+    {
+      if (protectedlen < 4 || (protectedlen%blklen))
+        return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+    }
 
-  rc = gcry_cipher_open (&hd, prot_cipher, GCRY_CIPHER_MODE_CBC,
+  rc = gcry_cipher_open (&hd, prot_cipher,
+#if OCB_MODE_SUPPORTED
+                         is_ocb? GCRY_CIPHER_MODE_OCB :
+#endif
+                         GCRY_CIPHER_MODE_CBC,
                          GCRY_CIPHER_SECURE);
   if (rc)
     return rc;
@@ -656,8 +783,8 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
   outbuf = gcry_malloc_secure (protectedlen);
   if (!outbuf)
     rc = out_of_core ();
-  if (!rc)
-    rc = gcry_cipher_setiv (hd, iv, ivlen);
+
+  /* Hash the passphrase and set the key.  */
   if (!rc)
     {
       unsigned char *key;
@@ -674,21 +801,60 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
           xfree (key);
         }
     }
+
+  /* Set the IV/nonce.  */
   if (!rc)
-    rc = gcry_cipher_decrypt (hd, outbuf, protectedlen,
-                              protected, protectedlen);
+    {
+      rc = gcry_cipher_setiv (hd, iv, ivlen);
+    }
+
+  /* Decrypt.  */
+  if (!rc)
+    {
+#if OCB_MODE_SUPPORTED
+      if (is_ocb)
+        {
+          rc = gcry_cipher_authenticate (hd, aad_begin,
+                                         aadhole_begin - aad_begin);
+          if (!rc)
+            rc = gcry_cipher_authenticate
+              (hd, aadhole_begin + aadhole_len,
+               aad_len - (aadhole_begin+aadhole_len - aad_begin));
+
+          if (!rc)
+            {
+              gcry_cipher_final (hd);
+              rc = gcry_cipher_decrypt (hd, outbuf, protectedlen - 16,
+                                        protected, protectedlen - 16);
+            }
+          if (!rc)
+            rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16);
+        }
+      else
+#endif /*OCB_MODE_SUPPORTED*/
+        {
+          rc = gcry_cipher_decrypt (hd, outbuf, protectedlen,
+                                    protected, protectedlen);
+        }
+    }
+
+  /* Release cipher handle and check for errors.  */
   gcry_cipher_close (hd);
   if (rc)
     {
       xfree (outbuf);
       return rc;
     }
-  /* Do a quick check first. */
+
+  /* Do a quick check on the data structure. */
   if (*outbuf != '(' && outbuf[1] != '(')
     {
+      /* Note that in OCB mode this is actually invalid _encrypted_
+       * data and not a bad passphrase.  */
       xfree (outbuf);
       return gpg_error (GPG_ERR_BAD_PASSPHRASE);
     }
+
   /* Check that we have a consistent S-Exp. */
   reallen = gcry_sexp_canon_len (outbuf, protectedlen, NULL, NULL);
   if (!reallen || (reallen + blklen < protectedlen) )
@@ -702,11 +868,12 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
 
 
 /* Merge the parameter list contained in CLEARTEXT with the original
-   protect lists PROTECTEDKEY by replacing the list at REPLACEPOS.
-   Return the new list in RESULT and the MIC value in the 20 byte
-   buffer SHA1HASH.  CUTOFF and CUTLEN will receive the offset and the
-   length of the resulting list which should go into the MIC
-   calculation but then be removed.  */
+ * protect lists PROTECTEDKEY by replacing the list at REPLACEPOS.
+ * Return the new list in RESULT and the MIC value in the 20 byte
+ * buffer SHA1HASH; if SHA1HASH is NULL no MIC will be computed.
+ * CUTOFF and CUTLEN will receive the offset and the length of the
+ * resulting list which should go into the MIC calculation but then be
+ * removed.  */
 static int
 merge_lists (const unsigned char *protectedkey,
              size_t replacepos,
@@ -730,7 +897,7 @@ merge_lists (const unsigned char *protectedkey,
     return gpg_error (GPG_ERR_BUG);
 
   /* Estimate the required size of the resulting list.  We have a large
-     safety margin of >20 bytes (MIC hash from CLEARTEXT and the
+     safety margin of >20 bytes (FIXME: MIC hash from CLEARTEXT and the
      removed "protected-" */
   newlistlen = gcry_sexp_canon_len (protectedkey, 0, NULL, NULL);
   if (!newlistlen)
@@ -749,7 +916,7 @@ merge_lists (const unsigned char *protectedkey,
   memcpy (p, protectedkey+15+10, replacepos-15-10);
   p += replacepos-15-10;
 
-  /* copy the cleartext */
+  /* Copy the cleartext.  */
   s = cleartext;
   if (*s != '(' && s[1] != '(')
     return gpg_error (GPG_ERR_BUG);  /*we already checked this */
@@ -774,26 +941,29 @@ merge_lists (const unsigned char *protectedkey,
     goto invalid_sexp;
   endpos = s;
   s++;
-  /* Intermezzo: Get the MIC */
-  if (*s != '(')
-    goto invalid_sexp;
-  s++;
-  n = snext (&s);
-  if (!smatch (&s, n, "hash"))
-    goto invalid_sexp;
-  n = snext (&s);
-  if (!smatch (&s, n, "sha1"))
-    goto invalid_sexp;
-  n = snext (&s);
-  if (n != 20)
-    goto invalid_sexp;
-  memcpy (sha1hash, s, 20);
-  s += n;
-  if (*s != ')')
-    goto invalid_sexp;
-  /* End intermezzo */
 
-  /* append the parameter list */
+  /* Intermezzo: Get the MIC if requested.  */
+  if (sha1hash)
+    {
+      if (*s != '(')
+        goto invalid_sexp;
+      s++;
+      n = snext (&s);
+      if (!smatch (&s, n, "hash"))
+        goto invalid_sexp;
+      n = snext (&s);
+      if (!smatch (&s, n, "sha1"))
+        goto invalid_sexp;
+      n = snext (&s);
+      if (n != 20)
+        goto invalid_sexp;
+      memcpy (sha1hash, s, 20);
+      s += n;
+      if (*s != ')')
+        goto invalid_sexp;
+    }
+
+  /* Append the parameter list.  */
   memcpy (p, startpos, endpos - startpos);
   p += endpos - startpos;
 
@@ -867,9 +1037,11 @@ agent_unprotect (ctrl_t ctrl,
     const char *name; /* Name of the protection method. */
     int algo;         /* (A zero indicates the "openpgp-native" hack.)  */
     int keylen;       /* Used key length in bytes.  */
+    unsigned int is_ocb:1;
   } algotable[] = {
     { "openpgp-s2k3-sha1-aes-cbc",    GCRY_CIPHER_AES128, (128/8)},
     { "openpgp-s2k3-sha1-aes256-cbc", GCRY_CIPHER_AES256, (256/8)},
+    { "openpgp-s2k3-ocb-aes",         GCRY_CIPHER_AES128, (128/8), 1},
     { "openpgp-native", 0, 0 }
   };
   int rc;
@@ -882,6 +1054,8 @@ agent_unprotect (ctrl_t ctrl,
   unsigned long s2kcount;
   const unsigned char *iv;
   int prot_cipher, prot_cipher_keylen;
+  int is_ocb;
+  const unsigned char *aad_begin, *aad_end, *aadhole_begin, *aadhole_end;
   const unsigned char *prot_begin;
   unsigned char *cleartext;
   unsigned char *final;
@@ -902,6 +1076,15 @@ agent_unprotect (ctrl_t ctrl,
     return gpg_error (GPG_ERR_UNKNOWN_SEXP);
   if (*s != '(')
     return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+  {
+    aad_begin = aad_end = s;
+    aad_end++;
+    i = 1;
+    rc = sskip (&aad_end, &i);
+    if (rc)
+      return rc;
+  }
+
   s++;
   n = snext (&s);
   if (!n)
@@ -913,7 +1096,6 @@ agent_unprotect (ctrl_t ctrl,
   if (!protect_info[infidx].algo)
     return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
 
-
   /* See wether we have a protected-at timestamp.  */
   protect_list = s;  /* Save for later.  */
   if (protected_at)
@@ -969,6 +1151,14 @@ agent_unprotect (ctrl_t ctrl,
         return rc;
     }
   /* found */
+  {
+    aadhole_begin = aadhole_end = prot_begin;
+    aadhole_end++;
+    i = 1;
+    rc = sskip (&aadhole_end, &i);
+    if (rc)
+      return rc;
+  }
   n = snext (&s);
   if (!n)
     return gpg_error (GPG_ERR_INV_SEXP);
@@ -976,14 +1166,17 @@ agent_unprotect (ctrl_t ctrl,
   /* Lookup the protection algo.  */
   prot_cipher = 0;        /* (avoid gcc warning) */
   prot_cipher_keylen = 0; /* (avoid gcc warning) */
-  for (i= 0; i < DIM (algotable); i++)
+  is_ocb = 0;
+  for (i=0; i < DIM (algotable); i++)
     if (smatch (&s, n, algotable[i].name))
       {
         prot_cipher = algotable[i].algo;
         prot_cipher_keylen = algotable[i].keylen;
+        is_ocb = algotable[i].is_ocb;
         break;
       }
-  if (i == DIM (algotable))
+  if (i == DIM (algotable)
+      || (is_ocb && !OCB_MODE_SUPPORTED))
     return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
 
   if (!prot_cipher)  /* This is "openpgp-native".  */
@@ -1048,8 +1241,16 @@ agent_unprotect (ctrl_t ctrl,
   s++; /* skip list end */
 
   n = snext (&s);
-  if (n != 16) /* Wrong blocksize for IV (we support only 128 bit). */
-    return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+  if (is_ocb)
+    {
+      if (n != 12) /* Wrong size of the nonce. */
+        return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+    }
+  else
+    {
+      if (n != 16) /* Wrong blocksize for IV (we support only 128 bit). */
+        return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+    }
   iv = s;
   s += n;
   if (*s != ')' )
@@ -1060,15 +1261,19 @@ agent_unprotect (ctrl_t ctrl,
     return gpg_error (GPG_ERR_INV_SEXP);
 
   cleartext = NULL; /* Avoid cc warning. */
-  rc = do_decryption (s, n,
+  rc = do_decryption (aad_begin, aad_end - aad_begin,
+                      aadhole_begin, aadhole_end - aadhole_begin,
+                      s, n,
                       passphrase, s2ksalt, s2kcount,
-                      iv, 16, prot_cipher, prot_cipher_keylen,
+                      iv, is_ocb? 12:16,
+                      prot_cipher, prot_cipher_keylen, is_ocb,
                       &cleartext);
   if (rc)
     return rc;
 
   rc = merge_lists (protectedkey, prot_begin-protectedkey, cleartext,
-                    sha1hash, &final, &finallen, &cutoff, &cutlen);
+                    is_ocb? NULL : sha1hash,
+                    &final, &finallen, &cutoff, &cutlen);
   /* Albeit cleartext has been allocated in secure memory and thus
      xfree will wipe it out, we do an extra wipe just in case
      somethings goes badly wrong. */
@@ -1077,15 +1282,19 @@ agent_unprotect (ctrl_t ctrl,
   if (rc)
     return rc;
 
-  rc = calculate_mic (final, sha1hash2);
-  if (!rc && memcmp (sha1hash, sha1hash2, 20))
-    rc = gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
-  if (rc)
+  if (!is_ocb)
     {
-      wipememory (final, finallen);
-      xfree (final);
-      return rc;
+      rc = calculate_mic (final, sha1hash2);
+      if (!rc && memcmp (sha1hash, sha1hash2, 20))
+        rc = gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
+      if (rc)
+        {
+          wipememory (final, finallen);
+          xfree (final);
+          return rc;
+        }
     }
+
   /* Now remove the part which is included in the MIC but should not
      go into the final thing.  */
   if (cutlen)
@@ -1184,7 +1393,6 @@ agent_private_key_type (const unsigned char *privatekey)
           n = snext (&s);
           if (!n)
             return PRIVATE_KEY_UNKNOWN; /* Invalid sexp.  */
-          log_debug ("openpgp-native protection '%.*s'\n", (int)n, s);
           if (smatch (&s, n, "none"))
             return PRIVATE_KEY_OPENPGP_NONE;  /* Yes.  */
         }
diff --git a/agent/t-protect.c b/agent/t-protect.c
index 9096cb2..431eccf 100644
--- a/agent/t-protect.c
+++ b/agent/t-protect.c
@@ -195,7 +195,7 @@ test_agent_protect (void)
     {
       ret = agent_protect ((const unsigned char*)specs[i].key,
                            specs[i].passphrase,
-			   &specs[i].result, &specs[i].resultlen, 0);
+			   &specs[i].result, &specs[i].resultlen, 0, -1);
       if (gpg_err_code (ret) != specs[i].ret_expected)
 	{
 	  printf ("agent_protect(%d) returned '%i/%s'; expected '%i/%s'\n",

commit 100b413d7f69f6f091fd98185df4d579ce6ce0ce
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 12 14:20:53 2016 +0200

    doc: Note that the persistant passphrase format is unimplemented.
    
    --

diff --git a/agent/keyformat.txt b/agent/keyformat.txt
index 42c4b1f..150ea7c 100644
--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@@ -240,6 +240,8 @@ This format is used to transfer keys between gpg and gpg-agent.
 Persistent Passphrase Format
 ============================
 
+Note: That this has not yet been implemented.
+
 To allow persistent storage of cached passphrases we use a scheme
 similar to the private-key storage format.  This is a master
 passphrase format where each file may protect several secrets under
diff --git a/common/sexp-parse.h b/common/sexp-parse.h
index f68c552..442d106 100644
--- a/common/sexp-parse.h
+++ b/common/sexp-parse.h
@@ -49,7 +49,7 @@ snext (unsigned char const **buf)
 }
 
 /* Skip over the S-Expression BUF points to and update BUF to point to
-   the chacter right behind.  DEPTH gives the initial number of open
+   the character right behind.  DEPTH gives the initial number of open
    lists and may be passed as a positive number to skip over the
    remainder of an S-Expression if the current position is somewhere
    in an S-Expression.  The function may return an error code if it

commit 7faf131c8b8710419df3dc13a1228d1977c55f53
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 11 10:24:15 2016 +0200

    indent: Help Emacs not to get confused by conditional compilation.
    
    * agent/protect.c (calibrate_get_time) [W32]: Use separate function
    calls for W32 and W32CE.
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/protect.c b/agent/protect.c
index cdb39fd..f037703 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -95,11 +95,13 @@ calibrate_get_time (struct calibrate_time_s *data)
 #ifdef HAVE_W32_SYSTEM
 # ifdef HAVE_W32CE_SYSTEM
   GetThreadTimes (GetCurrentThread (),
+                  &data->creation_time, &data->exit_time,
+                  &data->kernel_time, &data->user_time);
 # else
   GetProcessTimes (GetCurrentProcess (),
-# endif
                    &data->creation_time, &data->exit_time,
                    &data->kernel_time, &data->user_time);
+# endif
 #else
   struct tms tmp;
 
diff --git a/doc/HACKING b/doc/HACKING
index 2f3dd43..11ae53b 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -51,6 +51,7 @@ are
  - build   :: Changes to the build system
  - speedo  :: Speedo build system specific changes
  - doc     :: Documentation changes
+ - indent  :: Indentation and similar changes
 
 Typo fixes and documentation updates don't need a ChangeLog entry;
 thus you would use a commit message like

commit 22b869adca877ff0826707109e7f7b391eb44441
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 8 09:49:15 2016 +0200

    doc: Point to RFC-4880 for keyedit subcommand "tsign".
    
    --
    
    GnuPG-bug-id: 2283

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 0e91d8c..5994d9f 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -694,7 +694,8 @@ line.
   Make a trust signature. This is a signature that combines the notions
   of certification (like a regular signature), and trust (like the
   "trust" command). It is generally only useful in distinct communities
-  or groups.
+  or groups.  For more information please read the sections
+  ``Trust Signature'' and ``Regular Expression'' in RFC-4880.
 @end table
 
 @c man:.RS

-----------------------------------------------------------------------

Summary of changes:
 agent/agent.h        |   2 +-
 agent/command-ssh.c  |   2 +-
 agent/command.c      |   2 +-
 agent/cvt-openpgp.c  |   2 +-
 agent/genkey.c       |   2 +-
 agent/keyformat.txt  |  64 +++++---
 agent/protect-tool.c |   8 +-
 agent/protect.c      | 434 ++++++++++++++++++++++++++++++++++++++-------------
 agent/t-protect.c    |   2 +-
 common/sexp-parse.h  |   2 +-
 doc/HACKING          |   1 +
 doc/gpg.texi         |   3 +-
 12 files changed, 383 insertions(+), 141 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr 12 16:09:51 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Tue, 12 Apr 2016 16:09:51 +0200
Subject: [git] GPGME - branch, gpgmepp, updated. gpgme-1.6.0-49-g5489532
Message-ID: <E1apz0A-0006Qr-06@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, gpgmepp has been updated
       via  5489532ad6ccf3a9b59405686b8a17352f1ecf06 (commit)
       via  d949d711dc1d944a9d627d39a89af74943a5a8c1 (commit)
      from  6dba47c3a2c32d7c1e1d91a96030f99f606433ea (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5489532ad6ccf3a9b59405686b8a17352f1ecf06
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Apr 12 16:08:10 2016 +0200

    Cpp: Add support for pubkey_algo_name
    
    * lang/cpp/src/key.cpp (Subkey::algoName): New.
    * lang/cpp/src/key.h: Declare.

diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp
index d8b3c29..55eb058 100644
--- a/lang/cpp/src/key.cpp
+++ b/lang/cpp/src/key.cpp
@@ -383,6 +383,17 @@ const char *Subkey::publicKeyAlgorithmAsString() const
     return gpgme_pubkey_algo_name(subkey ? subkey->pubkey_algo : (gpgme_pubkey_algo_t)0);
 }
 
+std::string Subkey::algoName() const
+{
+    char *gpgmeStr;
+    if (subkey && (gpgmeStr = gpgme_pubkey_algo_string(subkey))) {
+        std::string ret = std::string(gpgmeStr);
+        gpgme_free(gpgmeStr);
+        return ret;
+    }
+    return std::string();
+}
+
 bool Subkey::canEncrypt() const
 {
     return subkey && subkey->can_encrypt;
diff --git a/lang/cpp/src/key.h b/lang/cpp/src/key.h
index 30badea..7322f65 100644
--- a/lang/cpp/src/key.h
+++ b/lang/cpp/src/key.h
@@ -206,8 +206,27 @@ public:
     bool isSecret() const;
 
     unsigned int publicKeyAlgorithm() const;
+
+    /**
+      @brief Get the public key algorithm name.
+
+      This only works for the pre 2.1 algorithms for ECC NULL is returned.
+
+      @returns a statically allocated string with the name of the public
+               key algorithm, or NULL if that name is not known.
+    */
     const char *publicKeyAlgorithmAsString() const;
 
+    /**
+       @brief Get the key algo string like GnuPG 2.1 prints it.
+
+       This returns combinations of size and algorithm. Like
+       bp512 or rsa2048
+
+       @returns the key algorithm as string. Empty string on error.
+    */
+    std::string algoName() const;
+
     unsigned int length() const;
 
     const char *cardSerialNumber() const;

commit d949d711dc1d944a9d627d39a89af74943a5a8c1
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Apr 12 16:05:31 2016 +0200

    Cpp: Add support for gpgme_data_identify
    
    * lang/cpp/src/data.cpp (Data::type): New.
    * lang/cpp/src/data.h (Data::Type): New enum mapping.

diff --git a/lang/cpp/src/data.cpp b/lang/cpp/src/data.cpp
index b07406c..bf9a629 100644
--- a/lang/cpp/src/data.cpp
+++ b/lang/cpp/src/data.cpp
@@ -162,6 +162,26 @@ GpgME::Error GpgME::Data::setEncoding(Encoding enc)
     return Error(gpgme_data_set_encoding(d->data, ge));
 }
 
+GpgME::Data::Type GpgME::Data::type() const
+{
+    if (isNull()) {
+        return Invalid;
+    }
+    switch (gpgme_data_identify(d->data, 0)) {
+    case GPGME_DATA_TYPE_INVALID:       return Invalid;
+    case GPGME_DATA_TYPE_UNKNOWN:       return Unknown;
+    case GPGME_DATA_TYPE_PGP_SIGNED:    return PGPSigned;
+    case GPGME_DATA_TYPE_PGP_OTHER:     return PGPOther;
+    case GPGME_DATA_TYPE_PGP_KEY:       return PGPKey;
+    case GPGME_DATA_TYPE_CMS_SIGNED:    return CMSSigned;
+    case GPGME_DATA_TYPE_CMS_ENCRYPTED: return CMSEncrypted;
+    case GPGME_DATA_TYPE_CMS_OTHER:     return CMSOther;
+    case GPGME_DATA_TYPE_X509_CERT:     return X509Cert;
+    case GPGME_DATA_TYPE_PKCS12:        return PKCS12;
+    }
+    return Invalid;
+}
+
 char *GpgME::Data::fileName() const
 {
     return gpgme_data_get_file_name(d->data);
diff --git a/lang/cpp/src/data.h b/lang/cpp/src/data.h
index 97e4202..efb1e79 100644
--- a/lang/cpp/src/data.h
+++ b/lang/cpp/src/data.h
@@ -82,6 +82,20 @@ public:
     Encoding encoding() const;
     Error setEncoding(Encoding encoding);
 
+    enum Type {
+        Invalid,
+        Unknown,
+        PGPSigned,
+        PGPOther,
+        PGPKey,
+        CMSSigned,
+        CMSEncrypted,
+        CMSOther,
+        X509Cert,
+        PKCS12
+    };
+    Type type() const;
+
     char *fileName() const;
     Error setFileName(const char *name);
 

-----------------------------------------------------------------------

Summary of changes:
 lang/cpp/src/data.cpp | 20 ++++++++++++++++++++
 lang/cpp/src/data.h   | 14 ++++++++++++++
 lang/cpp/src/key.cpp  | 11 +++++++++++
 lang/cpp/src/key.h    | 19 +++++++++++++++++++
 4 files changed, 64 insertions(+)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr 13 03:33:39 2016
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 13 Apr 2016 03:33:39 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-378-g8472b71
Message-ID: <E1aq9ft-0002Is-2y@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  8472b71812e71c69d66e2fcc02a6e21b66755f8b (commit)
      from  b6d2a25a275a35ec4dbd53ecaa9ea0ed7aa99c7b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8472b71812e71c69d66e2fcc02a6e21b66755f8b
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Apr 13 10:10:53 2016 +0900

    ecc: Fix corner cases for X25519.
    
    * cipher/ecc.c (ecc_encrypt_raw): For invalid input, returns
    GPG_ERR_INV_DATA instead of aborting with log_fatal.  For X25519,
    it's not an error, thus, let it return 0.
    (ecc_decrypt_raw): Use the flag PUBKEY_FLAG_DJB_TWEAK to distinguish
    X25519, not by the name of the curve.
    (ecc_decrypt_raw): For invalid input, returns GPG_ERR_INV_DATA instead
    of aborting with log_fatal.  For X25519, it's not an error by its
    definition, but we deliberately let it return the error to detect
    looks-like-encrypted-message.
    * tests/t-cv25519.c: Add points to record the issue.
    
    --
    
    For X25519 ECDH, this change introduces incompatibility to
    crypto_scalarmult with the input which makes shared secret to be 0.
    For crypto_scalarmult, the result is 0.  In libgcrypt, it's an error
    of GPG_ERR_INV_DATA (we consider the input is invalid).
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/cipher/ecc.c b/cipher/ecc.c
index f6b2b69..a437a1f 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1395,7 +1395,23 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
     _gcry_mpi_ec_mul_point (&R, data, &pk.Q, ec);
 
     if (_gcry_mpi_ec_get_affine (x, y, &R, ec))
-      log_fatal ("ecdh: Failed to get affine coordinates for kdG\n");
+      {
+        /*
+         * Here, X is 0.  In the X25519 computation on Curve25519, X0
+         * function maps infinity to zero.  So, when PUBKEY_FLAG_DJB_TWEAK
+         * is enabled, return the result of 0 not raising an error.
+         *
+         * This is a corner case.  It never occurs with properly
+         * generated public keys, but it might happen with blindly
+         * imported public key which might not follow the key
+         * generation procedure.
+         */
+        if (!(flags & PUBKEY_FLAG_DJB_TWEAK))
+          { /* It's not for X25519, then, the input data was simply wrong.  */
+            rc = GPG_ERR_INV_DATA;
+            goto leave;
+          }
+      }
     if (y)
       mpi_s = _gcry_ecc_ec2os (x, y, pk.E.p);
     else
@@ -1416,7 +1432,10 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
     _gcry_mpi_ec_mul_point (&R, data, &pk.E.G, ec);
 
     if (_gcry_mpi_ec_get_affine (x, y, &R, ec))
-      log_fatal ("ecdh: Failed to get affine coordinates for kG\n");
+      {
+        rc = GPG_ERR_INV_DATA;
+        goto leave;
+      }
     if (y)
       mpi_e = _gcry_ecc_ec2os (x, y, pk.E.p);
     else
@@ -1598,8 +1617,8 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
   if (DBG_CIPHER)
     log_printpnt ("ecc_decrypt    kG", &kG, NULL);
 
-  if (!(curvename && !strcmp (curvename, "Curve25519"))
-      /* For Curve25519, by its definition, validation should not be done.  */
+  if (!(flags & PUBKEY_FLAG_DJB_TWEAK)
+      /* For X25519, by its definition, validation should not be done.  */
       && !_gcry_mpi_ec_curve_point (&kG, ec))
     {
       rc = GPG_ERR_INV_DATA;
@@ -1619,14 +1638,32 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
     else
       y = mpi_new (0);
 
-    /*
-     * Here, x is 0.  In the X25519 computation on Curve25519, X0
-     * function maps infinity to zero.  So, when PUBKEY_FLAG_DJB_TWEAK
-     * is enabled, we can just skip the check to get the result of 0.
-     */
-    if (_gcry_mpi_ec_get_affine (x, y, &R, ec)
-        && !(flags & PUBKEY_FLAG_DJB_TWEAK))
-      log_fatal ("ecdh: Failed to get affine coordinates\n");
+    if (_gcry_mpi_ec_get_affine (x, y, &R, ec))
+      {
+        rc = GPG_ERR_INV_DATA;
+        goto leave;
+        /*
+         * Note for X25519.
+         *
+         * By the definition of X25519, this is the case where X25519
+         * returns 0, mapping infinity to zero.  However, we
+         * deliberately let it return an error.
+         *
+         * For X25519 ECDH, comming here means that it might be
+         * decrypted by anyone with the shared secret of 0 (the result
+         * of this function could be always 0 by other scalar values,
+         * other than the private key of SK.D).
+         *
+         * So, it looks like an encrypted message but it can be
+         * decrypted by anyone, or at least something wrong
+         * happens.  Recipient should not proceed as if it were
+         * properly encrypted message.
+         *
+         * This handling is needed for our major usage of GnuPG,
+         * where it does the One-Pass Diffie-Hellman method,
+         * C(1, 1, ECC CDH), with an ephemeral key.
+         */
+      }
 
     if (y)
       r = _gcry_ecc_ec2os (x, y, sk.E.p);
diff --git a/tests/t-cv25519.c b/tests/t-cv25519.c
index 7e551c2..098c66a 100644
--- a/tests/t-cv25519.c
+++ b/tests/t-cv25519.c
@@ -32,7 +32,7 @@
 #include "stopwatch.h"
 
 #define PGM "t-cv25519"
-#define N_TESTS 6
+#define N_TESTS 18
 
 #define my_isascii(c) (!((c) & 0x80))
 #define digitp(p)   (*(p) >= '0' && *(p) <= '9')
@@ -499,6 +499,80 @@ check_cv25519 (void)
            "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742");
   ntests++;
 
+  /* Seven tests which results 0. */
+  test_cv (7,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "0000000000000000000000000000000000000000000000000000000000000000",
+           "0000000000000000000000000000000000000000000000000000000000000000");
+  ntests++;
+
+  test_cv (8,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "0100000000000000000000000000000000000000000000000000000000000000",
+           "0000000000000000000000000000000000000000000000000000000000000000");
+  ntests++;
+
+  test_cv (9,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800",
+           "0000000000000000000000000000000000000000000000000000000000000000");
+  ntests++;
+
+  test_cv (10,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157",
+           "0000000000000000000000000000000000000000000000000000000000000000");
+  ntests++;
+
+  test_cv (11,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+           "0000000000000000000000000000000000000000000000000000000000000000");
+  ntests++;
+
+  test_cv (12,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+           "0000000000000000000000000000000000000000000000000000000000000000");
+  ntests++;
+
+  test_cv (13,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+           "0000000000000000000000000000000000000000000000000000000000000000");
+  ntests++;
+
+  /* Five tests which resulted 0 if decodeUCoordinate didn't change MSB. */
+  test_cv (14,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "cdeb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880",
+           "7ce548bc4919008436244d2da7a9906528fe3a6d278047654bd32d8acde9707b");
+  ntests++;
+
+  test_cv (15,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "4c9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7",
+           "e17902e989a034acdf7248260e2c94cdaf2fe1e72aaac7024a128058b6189939");
+  ntests++;
+
+  test_cv (16,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "d9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+           "ea6e6ddf0685c31e152d5818441ac9ac8db1a01f3d6cb5041b07443a901e7145");
+  ntests++;
+
+  test_cv (17,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+           "845ddce7b3a9b3ee01a2f1fd4282ad293310f7a232cbc5459fb35d94bccc9d05");
+  ntests++;
+
+  test_cv (18,
+           "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+           "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+           "6989e2cb1cea159acf121b0af6bf77493189c9bd32c2dac71669b540f9488247");
+  ntests++;
+
   if (ntests != N_TESTS)
     fail ("did %d tests but expected %d", ntests, N_TESTS);
   else if ((ntests % 256))

-----------------------------------------------------------------------

Summary of changes:
 cipher/ecc.c      | 61 +++++++++++++++++++++++++++++++++++---------
 tests/t-cv25519.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 124 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 14 12:12:11 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 14 Apr 2016 12:12:11 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-7-g04115b3
Message-ID: <E1aqeFD-0001Tw-Dz@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  04115b3289dcc9b02044f88c08580618c055a571 (commit)
       via  c6b43bd147186deee84dcccbc14f5763db67a0f3 (commit)
       via  8d801fe2c74041f2f8c563785ed7cba73f47500e (commit)
      from  30aa1046afe9a745c918fc1311c1f598c91bf913 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 04115b3289dcc9b02044f88c08580618c055a571
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Apr 14 12:00:51 2016 +0200

    Qt: Implement repeat and improve grabbing
    
    The keyboard is now only grabbed if an edit has input focus.
    
    * qt/main.cpp (qt_cmd_handler): Parse repeat values. Set repeat_okay.
    * qt/pinentrydialog.cpp (PinentryDialog::PinentryDialog): Update
     layout. Add repeat label and edit. Connect focusChanged.
     (PinEntryDialog::hideEvent): Remove grabbing hack.
     (PinEntryDialog::focusChanged): New. Properly handle grabbing.
     (PinEntryDialog::checkRepeat): New. Enable Ok if repeat matches.
     (PinEntryDialog::repeatedPin): New. Getter for repeated pin.
     (PinEntryDialog::setRepeatErrorText): Setter for error.
    * qt/pinentrydialog.h: Update accordingly.
    
    --
    Adding repeat mode made it neccessary to fix the grabbing
    which globally grabbed the keyboard for the line edit
    as long as the window was shown.
    
    Now we only grab when a line edit has focus. This has the
    advantage that you can still work with other windows while
    pinentry is open but not focused.
    
    The new grabbing should improve security a bit as it reduces
    the need for a global no-grab setting. I've verified with xev
    that keyboard grabbing still works when one of the lineedits
    in pinentry has focus.

diff --git a/qt/main.cpp b/qt/main.cpp
index 9065588..3c653ee 100644
--- a/qt/main.cpp
+++ b/qt/main.cpp
@@ -163,13 +163,21 @@ qt_cmd_handler(pinentry_t pe)
     const QString title =
         pe->title ? from_utf8(pe->title) :
         /* else */  QLatin1String("pinentry-qt") ;
+    const QString repeatError =
+        pe->repeat_error_string ? from_utf8(pe->repeat_error_string) :
+                                  QLatin1String("Passphrases do not match");
+    const QString repeatString =
+        pe->repeat_passphrase ? from_utf8(pe->repeat_passphrase) :
+                                QString();
 
     if (want_pass) {
-        PinEntryDialog pinentry(parent, 0, pe->timeout, true, !!pe->quality_bar);
+        PinEntryDialog pinentry(parent, 0, pe->timeout, true, !!pe->quality_bar,
+                                repeatString);
 
         pinentry.setPinentryInfo(pe);
         pinentry.setPrompt(escape_accel(from_utf8(pe->prompt)));
         pinentry.setDescription(from_utf8(pe->description));
+        pinentry.setRepeatErrorText(repeatError);
         if (pe->title) {
             pinentry.setWindowTitle(from_utf8(pe->title));
         }
@@ -194,7 +202,15 @@ qt_cmd_handler(pinentry_t pe)
             return -1;
         }
 
-        QByteArray pin = pinentry.pin().toUtf8();
+        const QString pinStr = pinentry.pin();
+        QByteArray pin = pinStr.toUtf8();
+
+        if (!!pe->repeat_passphrase) {
+            /* Should not have been possible to accept
+               the dialog in that case but we do a safety
+               check here */
+            pe->repeat_okay = (pinStr == pinentry.repeatedPin());
+        }
 
         int len = strlen(pin.constData());
         if (len >= 0) {
diff --git a/qt/pinentrydialog.cpp b/qt/pinentrydialog.cpp
index 91d5adb..aca3a52 100644
--- a/qt/pinentrydialog.cpp
+++ b/qt/pinentrydialog.cpp
@@ -2,8 +2,10 @@
 
    Copyright (C) 2002, 2008 Klar??lvdalens Datakonsult AB (KDAB)
    Copyright 2007 Ingo Kl??cker
+   Copyright 2016 Intevation GmbH
 
    Written by Steffen Hansen <steffen at klaralvdalens-datakonsult.se>.
+   Modified by Andre Heinecke <aheinecke at intevation.de>
 
    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public License as
@@ -109,8 +111,9 @@ void PinEntryDialog::slotTimeout()
 }
 
 PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
-                               int timeout, bool modal, bool enable_quality_bar)
-    : QDialog(parent, Qt::WindowStaysOnTopHint), _grabbed(false)
+                               int timeout, bool modal, bool enable_quality_bar,
+                               const QString &repeatString)
+    : QDialog(parent, Qt::WindowStaysOnTopHint), mRepeat(NULL), _grabbed(false)
 {
     setWindowFlags(windowFlags() & ~Qt::WindowContextHelpButtonHint);
 
@@ -179,28 +182,40 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
     _edit->setFocus();
 
     QGridLayout *const grid = new QGridLayout(this);
-    grid->addWidget(_icon, 0, 0, 5, 1, Qt::AlignTop | Qt::AlignLeft);
-    grid->addWidget(_error, 1, 1, 1, 2);
-    grid->addWidget(_desc,  2, 1, 1, 2);
+    int row = 1;
+    grid->addWidget(_error, row++, 1, 1, 2);
+    grid->addWidget(_desc,  row++, 1, 1, 2);
     //grid->addItem( new QSpacerItem( 0, _edit->height() / 10, QSizePolicy::Minimum, QSizePolicy::Fixed ), 1, 1 );
-    grid->addWidget(_prompt, 3, 1);
-    grid->addWidget(_edit, 3, 2);
     if (enable_quality_bar) {
-        grid->addWidget(_quality_bar_label, 4, 1);
-        grid->addWidget(_quality_bar, 4, 2);
+        grid->addWidget(_quality_bar_label, row, 1);
+        grid->addWidget(_quality_bar, row++, 2);
     }
-    grid->addWidget(buttons, 5, 0, 1, 3);
+    grid->addWidget(_prompt, row, 1);
+    grid->addWidget(_edit, row++, 2);
+    if (!repeatString.isNull()) {
+        mRepeat = new QLineEdit;
+        mRepeat->setMaxLength(256);
+        mRepeat->setEchoMode(QLineEdit::Password);
+        connect(mRepeat, SIGNAL(textChanged(QString)),
+                this, SLOT(checkRepeat(QString)));
+        connect(_edit, SIGNAL(textChanged(QString)),
+                this, SLOT(checkRepeat(QString)));
+        QLabel *repeatLabel = new QLabel(repeatString);
+        repeatLabel->setBuddy(mRepeat);
+        grid->addWidget(repeatLabel, row, 1);
+        grid->addWidget(mRepeat, row++, 2);
+        setTabOrder(_edit, mRepeat);
+        setTabOrder(mRepeat, _ok);
+    }
+    row += 2;
+    grid->addWidget(buttons, row, 0, 1, 3);
+
+    grid->addWidget(_icon, 0, 0, row - 1, 1, Qt::AlignVCenter | Qt::AlignLeft);
 
     grid->setSizeConstraint(QLayout::SetFixedSize);
-}
 
-void PinEntryDialog::hideEvent(QHideEvent *ev)
-{
-    if (!_pinentry_info || _pinentry_info->grab) {
-        _edit->releaseKeyboard();
-    }
-    _grabbed = false;
-    QDialog::hideEvent(ev);
+    connect(qApp, SIGNAL(focusChanged(QWidget *, QWidget *)),
+            this, SLOT(focusChanged(QWidget *, QWidget *)));
 }
 
 void PinEntryDialog::showEvent(QShowEvent *event)
@@ -335,16 +350,44 @@ void PinEntryDialog::setPinentryInfo(pinentry_t peinfo)
     _pinentry_info = peinfo;
 }
 
-void PinEntryDialog::paintEvent(QPaintEvent *event)
+void PinEntryDialog::focusChanged(QWidget *old, QWidget *now)
 {
     // Grab keyboard. It might be a little weird to do it here, but it works!
     // Previously this code was in showEvent, but that did not work in Qt4.
-    QDialog::paintEvent(event);
-    if (!_grabbed && (!_pinentry_info || _pinentry_info->grab)) {
-        _edit->grabKeyboard();
-        _grabbed = true;
+    if (!_pinentry_info || _pinentry_info->grab) {
+        if (_grabbed && old && (old == _edit || old == mRepeat)) {
+            old->releaseKeyboard();
+            _grabbed = false;
+        }
+        if (!_grabbed && now && (now == _edit || now == mRepeat)) {
+            now->grabKeyboard();
+            _grabbed = true;
+        }
+    }
+
+}
+
+void PinEntryDialog::checkRepeat(const QString &repPin)
+{
+    if (mRepeat->text() == _edit->text()) {
+        _ok->setEnabled(true);
+        _ok->setToolTip(QString());
+    } else {
+        _ok->setEnabled(false);
+        _ok->setToolTip(mRepeatError);
     }
+}
 
+QString PinEntryDialog::repeatedPin() const
+{
+    if (mRepeat) {
+        return mRepeat->text();
+    }
+    return QString();
 }
 
+void PinEntryDialog::setRepeatErrorText(const QString &err)
+{
+    mRepeatError = err;
+}
 #include "pinentrydialog.moc"
diff --git a/qt/pinentrydialog.h b/qt/pinentrydialog.h
index 217213b..1713412 100644
--- a/qt/pinentrydialog.h
+++ b/qt/pinentrydialog.h
@@ -2,8 +2,10 @@
 
    Copyright (C) 2002, 2008 Klar??lvdalens Datakonsult AB (KDAB)
    Copyright 2007 Ingo Kl??cker
+   Copyright 2016 Intevation GmbH
 
    Written by Steffen Hansen <steffen at klaralvdalens-datakonsult.se>.
+   Modified by Andre Heinecke <aheinecke at intevation.de>
 
    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public License as
@@ -48,8 +50,10 @@ class PinEntryDialog : public QDialog
     Q_PROPERTY(QString pin READ pin WRITE setPin)
     Q_PROPERTY(QString prompt READ prompt WRITE setPrompt)
 public:
-    friend class PinEntryController; // TODO: remove when assuan lets me use Qt eventloop.
-    explicit PinEntryDialog(QWidget *parent = 0, const char *name = 0, int timeout = 0, bool modal = false, bool enable_quality_bar = false);
+    explicit PinEntryDialog(QWidget *parent = 0, const char *name = 0,
+                            int timeout = 0, bool modal = false,
+                            bool enable_quality_bar = false,
+                            const QString &repeatString = QString());
 
     void setDescription(const QString &);
     QString description() const;
@@ -60,6 +64,9 @@ public:
     void setPin(const QString &);
     QString pin() const;
 
+    QString repeatedPin() const;
+    void setRepeatErrorText(const QString &);
+
     void setPrompt(const QString &);
     QString prompt() const;
 
@@ -71,14 +78,14 @@ public:
 
     void setPinentryInfo(pinentry_t);
 
-public slots:
+protected slots:
     void updateQuality(const QString &);
     void slotTimeout();
+    void checkRepeat(const QString &);
+    void focusChanged(QWidget *old, QWidget *now);
 
 protected:
     /* reimp */ void showEvent(QShowEvent *event);
-    /* reimp */ void hideEvent(QHideEvent *);
-    /* reimp */ void paintEvent(QPaintEvent *event);
 
 private:
     QLabel    *_icon;
@@ -88,12 +95,14 @@ private:
     QLabel    *_quality_bar_label;
     QProgressBar *_quality_bar;
     QLineEdit *_edit;
+    QLineEdit *mRepeat;
     QPushButton *_ok;
     QPushButton *_cancel;
     bool       _grabbed;
     bool       _have_quality_bar;
     pinentry_t _pinentry_info;
     QTimer    *_timer;
+    QString    mRepeatError;
 };
 
 #endif // __PINENTRYDIALOG_H__

commit c6b43bd147186deee84dcccbc14f5763db67a0f3
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Apr 14 09:53:37 2016 +0200

    Qt: Respect icon themes and only fallback to own
    
    * m4/qt.m4: Raise version requirement.
    * qt/main.cpp (main): Use QIcon::fromTheme to get the icon.

diff --git a/m4/qt.m4 b/m4/qt.m4
index 8e5a557..093f428 100644
--- a/m4/qt.m4
+++ b/m4/qt.m4
@@ -75,7 +75,7 @@ AC_DEFUN([FIND_QT],
   fi
   if test "$have_qt5_libs" != "yes"; then
     PKG_CHECK_MODULES(PINENTRY_QT,
-                      QtCore >= 4.4.0 QtGui >= 4.4.0,
+                      QtCore >= 4.6.0 QtGui >= 4.6.0,
                       [have_qt4_libs="yes"],
                       [have_qt4_libs="no"])
     if test "$have_qt4_libs" = "yes"; then
diff --git a/qt/main.cpp b/qt/main.cpp
index 4d648b6..9065588 100644
--- a/qt/main.cpp
+++ b/qt/main.cpp
@@ -318,7 +318,9 @@ main(int argc, char *argv[])
            window anymore.  */
         i = argc;
         app.reset(new QApplication(i, new_argv));
-        const QIcon icon(QLatin1String(":/document-encrypt.png"));
+        const QIcon fallback = QIcon(QLatin1String(":/document-encrypt.png"));
+        const QIcon icon = QIcon::fromTheme(QLatin1String("document-encrypt"),
+                                            fallback);
         app->setWindowIcon(icon);
     }
 

commit 8d801fe2c74041f2f8c563785ed7cba73f47500e
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Apr 14 09:32:21 2016 +0200

    Qt: Unify coding style and encoding
    
    * qt/main.cpp, qt/pinentryconfirm.cpp, qt/pinentryconfirm.h,
      qt/pinentrydialog.cpp, qt/pinentrydialog.h: Use KDE coding style.
      Encode as UTF-8.
    
    --
    Code reformatted using kde-dev-scripts/astyle-kdelibs.
    Use git blame -w to show authorship as it was before this commit.

diff --git a/qt/main.cpp b/qt/main.cpp
index c7518fa..4d648b6 100644
--- a/qt/main.cpp
+++ b/qt/main.cpp
@@ -1,7 +1,6 @@
-/*
-   main.cpp - A Qt dialog for PIN entry.
+/* main.cpp - A Qt dialog for PIN entry.
 
-   Copyright (C) 2002, 2008 Klar?lvdalens Datakonsult AB (KDAB)
+   Copyright (C) 2002, 2008 Klar??lvdalens Datakonsult AB (KDAB)
    Copyright (C) 2003 g10 Code GmbH
    Copyright 2007 Ingo Kl??cker
 
@@ -63,267 +62,267 @@
   #endif
 #endif
 
-static QString escape_accel( const QString & s ) {
+static QString escape_accel(const QString &s)
+{
 
-  QString result;
-  result.reserve( s.size() );
+    QString result;
+    result.reserve(s.size());
+
+    bool afterUnderscore = false;
+
+    for (unsigned int i = 0, end = s.size() ; i != end ; ++i) {
+        const QChar ch = s[i];
+        if (ch == QLatin1Char('_')) {
+            if (afterUnderscore) { // escaped _
+                result += QLatin1Char('_');
+                afterUnderscore = false;
+            } else { // accel
+                afterUnderscore = true;
+            }
+        } else {
+            if (afterUnderscore ||  // accel
+                    ch == QLatin1Char('&')) {  // escape & from being interpreted by Qt
+                result += QLatin1Char('&');
+            }
+            result += ch;
+            afterUnderscore = false;
+        }
+    }
 
-  bool afterUnderscore = false;
+    if (afterUnderscore)
+        // trailing single underscore: shouldn't happen, but deal with it robustly:
+    {
+        result += QLatin1Char('_');
+    }
 
-  for ( unsigned int i = 0, end = s.size() ; i != end ; ++i ) {
-    const QChar ch = s[i];
-    if ( ch == QLatin1Char( '_' ) )
-      {
-        if ( afterUnderscore ) // escaped _
-          {
-            result += QLatin1Char( '_' );
-            afterUnderscore = false;
-          }
-        else // accel
-          {
-            afterUnderscore = true;
-          }
-      }
-    else
-      {
-        if ( afterUnderscore || // accel
-             ch == QLatin1Char( '&' ) ) // escape & from being interpreted by Qt
-          result += QLatin1Char( '&' );
-        result += ch;
-        afterUnderscore = false;
-      }
-  }
-
-  if ( afterUnderscore )
-    // trailing single underscore: shouldn't happen, but deal with it robustly:
-    result += QLatin1Char( '_' );
-
-  return result;
+    return result;
 }
 
 /* Hack for creating a QWidget with a "foreign" window ID */
 class ForeignWidget : public QWidget
 {
 public:
-  explicit ForeignWidget( WId wid ) : QWidget( 0 )
-  {
-    QWidget::destroy();
-    create( wid, false, false );
-  }
-
-  ~ForeignWidget()
-  {
-    destroy( false, false );
-  }
+    explicit ForeignWidget(WId wid) : QWidget(0)
+    {
+        QWidget::destroy();
+        create(wid, false, false);
+    }
+
+    ~ForeignWidget()
+    {
+        destroy(false, false);
+    }
 };
 
-namespace {
-    class InvalidUtf8 : public std::invalid_argument {
-    public:
-        InvalidUtf8() : std::invalid_argument( "invalid utf8" ) {}
-        ~InvalidUtf8() throw() {}
-    };
+namespace
+{
+class InvalidUtf8 : public std::invalid_argument
+{
+public:
+    InvalidUtf8() : std::invalid_argument("invalid utf8") {}
+    ~InvalidUtf8() throw() {}
+};
 }
 
 static const bool GPG_AGENT_IS_PORTED_TO_ONLY_SEND_UTF8 = false;
 
-static QString from_utf8( const char * s ) {
-    const QString result = QString::fromUtf8( s );
-    if ( result.contains( QChar::ReplacementCharacter ) )
-      {
-        if ( GPG_AGENT_IS_PORTED_TO_ONLY_SEND_UTF8 )
+static QString from_utf8(const char *s)
+{
+    const QString result = QString::fromUtf8(s);
+    if (result.contains(QChar::ReplacementCharacter)) {
+        if (GPG_AGENT_IS_PORTED_TO_ONLY_SEND_UTF8) {
             throw InvalidUtf8();
-        else
-            return QString::fromLocal8Bit( s );
-      }
+        } else {
+            return QString::fromLocal8Bit(s);
+        }
+    }
 
     return result;
 }
 
 static int
-qt_cmd_handler (pinentry_t pe)
+qt_cmd_handler(pinentry_t pe)
 {
-  QWidget *parent = 0;
+    QWidget *parent = 0;
 
-  /* FIXME: Add parent window ID to pinentry and GTK.  */
-  if (pe->parent_wid)
-    parent = new ForeignWidget ((WId) pe->parent_wid);
+    /* FIXME: Add parent window ID to pinentry and GTK.  */
+    if (pe->parent_wid) {
+        parent = new ForeignWidget((WId) pe->parent_wid);
+    }
 
-  int want_pass = !!pe->pin;
+    int want_pass = !!pe->pin;
+
+    const QString ok =
+        pe->ok             ? escape_accel(from_utf8(pe->ok)) :
+        pe->default_ok     ? escape_accel(from_utf8(pe->default_ok)) :
+        /* else */           QLatin1String("&OK") ;
+    const QString cancel =
+        pe->cancel         ? escape_accel(from_utf8(pe->cancel)) :
+        pe->default_cancel ? escape_accel(from_utf8(pe->default_cancel)) :
+        /* else */           QLatin1String("&Cancel") ;
+    const QString title =
+        pe->title ? from_utf8(pe->title) :
+        /* else */  QLatin1String("pinentry-qt") ;
+
+    if (want_pass) {
+        PinEntryDialog pinentry(parent, 0, pe->timeout, true, !!pe->quality_bar);
+
+        pinentry.setPinentryInfo(pe);
+        pinentry.setPrompt(escape_accel(from_utf8(pe->prompt)));
+        pinentry.setDescription(from_utf8(pe->description));
+        if (pe->title) {
+            pinentry.setWindowTitle(from_utf8(pe->title));
+        }
 
-  const QString ok =
-      pe->ok             ? escape_accel( from_utf8( pe->ok ) ) :
-      pe->default_ok     ? escape_accel( from_utf8( pe->default_ok ) ) :
-      /* else */           QLatin1String( "&OK" ) ;
-  const QString cancel =
-      pe->cancel         ? escape_accel( from_utf8( pe->cancel ) ) :
-      pe->default_cancel ? escape_accel( from_utf8( pe->default_cancel ) ) :
-      /* else */           QLatin1String( "&Cancel" ) ;
-  const QString title =
-      pe->title ? from_utf8( pe->title ) :
-      /* else */  QLatin1String( "pinentry-qt" ) ;
+        /* If we reuse the same dialog window.  */
+        pinentry.setPin(QString());
 
+        pinentry.setOkText(ok);
+        pinentry.setCancelText(cancel);
+        if (pe->error) {
+            pinentry.setError(from_utf8(pe->error));
+        }
+        if (pe->quality_bar) {
+            pinentry.setQualityBar(from_utf8(pe->quality_bar));
+        }
+        if (pe->quality_bar_tt) {
+            pinentry.setQualityBarTT(from_utf8(pe->quality_bar_tt));
+        }
 
-  if (want_pass)
-    {
-      PinEntryDialog pinentry (parent, 0, pe->timeout, true, !!pe->quality_bar);
-
-      pinentry.setPinentryInfo (pe);
-      pinentry.setPrompt (escape_accel (from_utf8 (pe->prompt)) );
-      pinentry.setDescription (from_utf8 (pe->description));
-      if ( pe->title )
-          pinentry.setWindowTitle( from_utf8( pe->title ) );
-
-      /* If we reuse the same dialog window.  */
-      pinentry.setPin (QString());
-
-      pinentry.setOkText (ok);
-      pinentry.setCancelText (cancel);
-      if (pe->error)
-	pinentry.setError (from_utf8 (pe->error));
-      if (pe->quality_bar)
-	pinentry.setQualityBar (from_utf8 (pe->quality_bar));
-      if (pe->quality_bar_tt)
-	pinentry.setQualityBarTT (from_utf8 (pe->quality_bar_tt));
-
-      bool ret = pinentry.exec ();
-      if (!ret)
-	return -1;
-
-      QByteArray pin = pinentry.pin().toUtf8 ();
-
-      int len = strlen (pin.constData ());
-      if (len >= 0)
-	{
-	  pinentry_setbufferlen (pe, len + 1);
-	  if (pe->pin)
-	    {
-	      strcpy (pe->pin, pin.constData ());
-	      return len;
-	    }
-	}
-      return -1;
-    }
-  else
-    {
-      const QString desc  = pe->description ? from_utf8 ( pe->description ) : QString();
-      const QString notok = pe->notok       ? escape_accel (from_utf8 ( pe->notok )) : QString();
-
-      const QMessageBox::StandardButtons buttons =
-          pe->one_button ? QMessageBox::Ok :
-          pe->notok      ? QMessageBox::Yes|QMessageBox::No|QMessageBox::Cancel :
-          /* else */       QMessageBox::Ok|QMessageBox::Cancel ;
-
-      PinentryConfirm box( QMessageBox::Information, pe->timeout, title, desc, buttons, parent );
-
-      const struct {
-          QMessageBox::StandardButton button;
-          QString label;
-      } buttonLabels[] = {
-          { QMessageBox::Ok,     ok     },
-          { QMessageBox::Yes,    ok     },
-          { QMessageBox::No,     notok  },
-          { QMessageBox::Cancel, cancel },
-      };
-
-      for ( size_t i = 0 ; i < sizeof buttonLabels / sizeof *buttonLabels ; ++i )
-        if ( (buttons & buttonLabels[i].button) && !buttonLabels[i].label.isEmpty() ) {
-            box.button( buttonLabels[i].button )->setText( buttonLabels[i].label );
+        bool ret = pinentry.exec();
+        if (!ret) {
+            return -1;
+        }
+
+        QByteArray pin = pinentry.pin().toUtf8();
+
+        int len = strlen(pin.constData());
+        if (len >= 0) {
+            pinentry_setbufferlen(pe, len + 1);
+            if (pe->pin) {
+                strcpy(pe->pin, pin.constData());
+                return len;
+            }
+        }
+        return -1;
+    } else {
+        const QString desc  = pe->description ? from_utf8(pe->description) : QString();
+        const QString notok = pe->notok       ? escape_accel(from_utf8(pe->notok)) : QString();
+
+        const QMessageBox::StandardButtons buttons =
+            pe->one_button ? QMessageBox::Ok :
+            pe->notok      ? QMessageBox::Yes | QMessageBox::No | QMessageBox::Cancel :
+            /* else */       QMessageBox::Ok | QMessageBox::Cancel ;
+
+        PinentryConfirm box(QMessageBox::Information, pe->timeout, title, desc, buttons, parent);
+
+        const struct {
+            QMessageBox::StandardButton button;
+            QString label;
+        } buttonLabels[] = {
+            { QMessageBox::Ok,     ok     },
+            { QMessageBox::Yes,    ok     },
+            { QMessageBox::No,     notok  },
+            { QMessageBox::Cancel, cancel },
+        };
+
+        for (size_t i = 0 ; i < sizeof buttonLabels / sizeof * buttonLabels ; ++i)
+            if ((buttons & buttonLabels[i].button) && !buttonLabels[i].label.isEmpty()) {
+                box.button(buttonLabels[i].button)->setText(buttonLabels[i].label);
 #ifndef QT_NO_ACCESSIBILITY
-            box.button( buttonLabels[i].button )->setAccessibleDescription ( buttonLabels[i].label );
+                box.button(buttonLabels[i].button)->setAccessibleDescription(buttonLabels[i].label);
 #endif
-        }
+            }
 
-      box.setIconPixmap( icon() );
+        box.setIconPixmap(icon());
 
-      if ( !pe->one_button )
-        box.setDefaultButton( QMessageBox::Cancel );
+        if (!pe->one_button) {
+            box.setDefaultButton(QMessageBox::Cancel);
+        }
 
-      box.show();
-      raiseWindow( &box );
+        box.show();
+        raiseWindow(&box);
 
-      const int rc = box.exec();
+        const int rc = box.exec();
 
-      if ( rc == QMessageBox::Cancel )
-        pe->canceled = true;
+        if (rc == QMessageBox::Cancel) {
+            pe->canceled = true;
+        }
 
-      return rc == QMessageBox::Ok || rc == QMessageBox::Yes ;
+        return rc == QMessageBox::Ok || rc == QMessageBox::Yes ;
 
     }
 }
 
 static int
-qt_cmd_handler_ex (pinentry_t pe)
+qt_cmd_handler_ex(pinentry_t pe)
 {
-  try {
-    return qt_cmd_handler (pe);
-  } catch ( const InvalidUtf8 & ) {
-    pe->locale_err = true;
-    return pe->pin ? -1 : false ;
-  } catch ( ... ) {
-    pe->canceled = true;
-    return pe->pin ? -1 : false ;
-  }
+    try {
+        return qt_cmd_handler(pe);
+    } catch (const InvalidUtf8 &) {
+        pe->locale_err = true;
+        return pe->pin ? -1 : false ;
+    } catch (...) {
+        pe->canceled = true;
+        return pe->pin ? -1 : false ;
+    }
 }
 
 pinentry_cmd_handler_t pinentry_cmd_handler = qt_cmd_handler_ex;
 
 int
-main (int argc, char *argv[])
+main(int argc, char *argv[])
 {
-  pinentry_init ("pinentry-qt");
+    pinentry_init("pinentry-qt");
 
-  std::auto_ptr<QApplication> app;
+    std::auto_ptr<QApplication> app;
 
 #ifdef FALLBACK_CURSES
-  if (!pinentry_have_display (argc, argv))
-    pinentry_cmd_handler = curses_cmd_handler;
-  else
+    if (!pinentry_have_display(argc, argv)) {
+        pinentry_cmd_handler = curses_cmd_handler;
+    } else
 #endif
     {
-      /* Qt does only understand -display but not --display; thus we
-         are fixing that here.  The code is pretty simply and may get
-         confused if an argument is called "--display". */
-      char **new_argv, *p;
-      size_t n;
-      int i, done;
-
-      for (n=0,i=0; i < argc; i++)
-        n += strlen (argv[i])+1;
-      n++;
-      new_argv = (char**)calloc (argc+1, sizeof *new_argv);
-      if (new_argv)
-        *new_argv = (char*)malloc (n);
-      if (!new_argv || !*new_argv)
-        {
-          fprintf (stderr, "pinentry-qt: can't fixup argument list: %s\n",
-                   strerror (errno));
-          exit (EXIT_FAILURE);
+        /* Qt does only understand -display but not --display; thus we
+           are fixing that here.  The code is pretty simply and may get
+           confused if an argument is called "--display". */
+        char **new_argv, *p;
+        size_t n;
+        int i, done;
+
+        for (n = 0, i = 0; i < argc; i++) {
+            n += strlen(argv[i]) + 1;
+        }
+        n++;
+        new_argv = (char **)calloc(argc + 1, sizeof * new_argv);
+        if (new_argv) {
+            *new_argv = (char *)malloc(n);
+        }
+        if (!new_argv || !*new_argv) {
+            fprintf(stderr, "pinentry-qt: can't fixup argument list: %s\n",
+                    strerror(errno));
+            exit(EXIT_FAILURE);
 
         }
-      for (done=0,p=*new_argv,i=0; i < argc; i++)
-        if (!done && !strcmp (argv[i], "--display"))
-          {
-            new_argv[i] = strcpy (p, argv[i]+1);
-            p += strlen (argv[i]+1) + 1;
-            done = 1;
-          }
-        else
-          {
-            new_argv[i] = strcpy (p, argv[i]);
-            p += strlen (argv[i]) + 1;
-          }
-
-      /* We use a modal dialog window, so we don't need the application
-         window anymore.  */
-      i = argc;
-      app.reset (new QApplication (i, new_argv));
-      const QIcon icon( QLatin1String( ":/document-encrypt.png" ) );
-      app->setWindowIcon( icon );
+        for (done = 0, p = *new_argv, i = 0; i < argc; i++)
+            if (!done && !strcmp(argv[i], "--display")) {
+                new_argv[i] = strcpy(p, argv[i] + 1);
+                p += strlen(argv[i] + 1) + 1;
+                done = 1;
+            } else {
+                new_argv[i] = strcpy(p, argv[i]);
+                p += strlen(argv[i]) + 1;
+            }
+
+        /* We use a modal dialog window, so we don't need the application
+           window anymore.  */
+        i = argc;
+        app.reset(new QApplication(i, new_argv));
+        const QIcon icon(QLatin1String(":/document-encrypt.png"));
+        app->setWindowIcon(icon);
     }
 
+    pinentry_parse_opts(argc, argv);
 
-  pinentry_parse_opts (argc, argv);
-
-  return pinentry_loop () ? EXIT_FAILURE : EXIT_SUCCESS ;
+    return pinentry_loop() ? EXIT_FAILURE : EXIT_SUCCESS ;
 }
diff --git a/qt/pinentryconfirm.cpp b/qt/pinentryconfirm.cpp
index 6b3d545..e81b188 100644
--- a/qt/pinentryconfirm.cpp
+++ b/qt/pinentryconfirm.cpp
@@ -1,5 +1,4 @@
-/*
-   pinentryconfirm.cpp - A QMessageBox with a timeout
+/* pinentryconfirm.cpp - A QMessageBox with a timeout
 
    Copyright (C) 2011 Ben Kibbey <bjk at luxsci.net>
 
@@ -22,33 +21,34 @@
 #include <QAbstractButton>
 
 PinentryConfirm::PinentryConfirm(Icon icon, int timeout, const QString &title,
-	const QString &desc, StandardButtons buttons, QWidget *parent) :
+                                 const QString &desc, StandardButtons buttons, QWidget *parent) :
     QMessageBox(icon, title, desc, buttons, parent)
 {
     if (timeout > 0) {
-	_timer = new QTimer(this);
-	connect(_timer, SIGNAL(timeout()), this, SLOT(slotTimeout()));
-	_timer->start(timeout*1000);
+        _timer = new QTimer(this);
+        connect(_timer, SIGNAL(timeout()), this, SLOT(slotTimeout()));
+        _timer->start(timeout * 1000);
     }
 #ifndef QT_NO_ACCESSIBILITY
-    setAccessibleDescription (desc);
-    setAccessibleName (title);
+    setAccessibleDescription(desc);
+    setAccessibleName(title);
 #endif
-    raiseWindow (this);
+    raiseWindow(this);
 }
 
-void PinentryConfirm::showEvent( QShowEvent* event )
+void PinentryConfirm::showEvent(QShowEvent *event)
 {
-    QDialog::showEvent( event );
-    raiseWindow( this );
+    QDialog::showEvent(event);
+    raiseWindow(this);
 }
 
 void PinentryConfirm::slotTimeout()
 {
     QAbstractButton *b = button(QMessageBox::Cancel);
 
-    if (b)
-	b->animateClick(0);
+    if (b) {
+        b->animateClick(0);
+    }
 }
 
 #include "pinentryconfirm.moc"
diff --git a/qt/pinentryconfirm.h b/qt/pinentryconfirm.h
index 44fb3ae..23e05dc 100644
--- a/qt/pinentryconfirm.h
+++ b/qt/pinentryconfirm.h
@@ -1,5 +1,4 @@
-/*
-   pinentryconfirm.h - A QMessageBox with a timeout
+/* pinentryconfirm.h - A QMessageBox with a timeout
 
    Copyright (C) 2011 Ben Kibbey <bjk at luxsci.net>
 
@@ -26,19 +25,19 @@
 class PinentryConfirm : public QMessageBox
 {
     Q_OBJECT
-    public:
-	PinentryConfirm(Icon, int timeout, const QString &title,
-		const QString &desc, StandardButtons buttons,
-		QWidget *parent);
+public:
+    PinentryConfirm(Icon, int timeout, const QString &title,
+                    const QString &desc, StandardButtons buttons,
+                    QWidget *parent);
 
-    private slots:
-	void slotTimeout();
+private slots:
+    void slotTimeout();
 
-    private:
-	QTimer *_timer;
+private:
+    QTimer *_timer;
 
-    protected:
-    /* reimp */ void showEvent( QShowEvent* event );
+protected:
+    /* reimp */ void showEvent(QShowEvent *event);
 };
 
 #endif
diff --git a/qt/pinentrydialog.cpp b/qt/pinentrydialog.cpp
index 1b0d276..91d5adb 100644
--- a/qt/pinentrydialog.cpp
+++ b/qt/pinentrydialog.cpp
@@ -1,7 +1,6 @@
-/*
-   pinentrydialog.cpp - A (not yet) secure Qt 4 dialog for PIN entry.
+/* pinentrydialog.cpp - A (not yet) secure Qt 4 dialog for PIN entry.
 
-   Copyright (C) 2002, 2008 Klar?lvdalens Datakonsult AB (KDAB)
+   Copyright (C) 2002, 2008 Klar??lvdalens Datakonsult AB (KDAB)
    Copyright 2007 Ingo Kl??cker
 
    Written by Steffen Hansen <steffen at klaralvdalens-datakonsult.se>.
@@ -52,53 +51,53 @@
    has not expired.
    */
 #ifdef Q_OS_WIN
-WINBOOL SetForegroundWindowEx( HWND hWnd )
+WINBOOL SetForegroundWindowEx(HWND hWnd)
 {
-   //Attach foreground window thread to our thread
-   const DWORD ForeGroundID = GetWindowThreadProcessId(::GetForegroundWindow(),NULL);
-   const DWORD CurrentID   = GetCurrentThreadId();
-   WINBOOL retval;
-
-   AttachThreadInput ( ForeGroundID, CurrentID, TRUE );
-   //Do our stuff here
-   HWND hLastActivePopupWnd = GetLastActivePopup( hWnd );
-   retval = SetForegroundWindow( hLastActivePopupWnd );
-
-   //Detach the attached thread
-   AttachThreadInput ( ForeGroundID, CurrentID, FALSE );
-   return retval;
+    //Attach foreground window thread to our thread
+    const DWORD ForeGroundID = GetWindowThreadProcessId(::GetForegroundWindow(), NULL);
+    const DWORD CurrentID   = GetCurrentThreadId();
+    WINBOOL retval;
+
+    AttachThreadInput(ForeGroundID, CurrentID, TRUE);
+    //Do our stuff here
+    HWND hLastActivePopupWnd = GetLastActivePopup(hWnd);
+    retval = SetForegroundWindow(hLastActivePopupWnd);
+
+    //Detach the attached thread
+    AttachThreadInput(ForeGroundID, CurrentID, FALSE);
+    return retval;
 }// End SetForegroundWindowEx
 #endif
 
-void raiseWindow( QWidget* w )
+void raiseWindow(QWidget *w)
 {
     /* Maybe Qt will become agressive enough one day that
      * this is enough on windows too*/
     w->raise();
 #ifdef Q_OS_WIN
     /* In the meantime we do our own attention grabbing */
-    if (!SetForegroundWindow ((HWND)w->winId()) &&
-            !SetForegroundWindowEx ((HWND)w->winId()))  {
+    if (!SetForegroundWindow((HWND)w->winId()) &&
+            !SetForegroundWindowEx((HWND)w->winId()))  {
         OutputDebugString("SetForegroundWindow (ex) failed");
         /* Yet another fallback which will not work on some
          * versions and is not recommended by msdn */
-        if (!ShowWindow ((HWND)w->winId(), SW_SHOWNORMAL)) {
-            OutputDebugString ("ShowWindow failed.");
+        if (!ShowWindow((HWND)w->winId(), SW_SHOWNORMAL)) {
+            OutputDebugString("ShowWindow failed.");
         }
     }
 #endif
 }
 
-QPixmap icon( QStyle::StandardPixmap which )
+QPixmap icon(QStyle::StandardPixmap which)
 {
-    QPixmap pm = qApp->windowIcon().pixmap( 48, 48 );
+    QPixmap pm = qApp->windowIcon().pixmap(48, 48);
 
-    if ( which != QStyle::SP_CustomBase ) {
-        const QIcon ic = qApp->style()->standardIcon( which );
-        QPainter painter( &pm );
+    if (which != QStyle::SP_CustomBase) {
+        const QIcon ic = qApp->style()->standardIcon(which);
+        QPainter painter(&pm);
         const int emblemSize = 22;
-        painter.drawPixmap( pm.width()-emblemSize, 0,
-                            ic.pixmap( emblemSize, emblemSize ) );
+        painter.drawPixmap(pm.width() - emblemSize, 0,
+                           ic.pixmap(emblemSize, emblemSize));
     }
 
     return pm;
@@ -109,143 +108,143 @@ void PinEntryDialog::slotTimeout()
     reject();
 }
 
-PinEntryDialog::PinEntryDialog( QWidget* parent, const char* name,
-	int timeout, bool modal, bool enable_quality_bar )
-  : QDialog( parent, Qt::WindowStaysOnTopHint ), _grabbed( false )
+PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
+                               int timeout, bool modal, bool enable_quality_bar)
+    : QDialog(parent, Qt::WindowStaysOnTopHint), _grabbed(false)
 {
-  setWindowFlags( windowFlags() & ~Qt::WindowContextHelpButtonHint );
-
-  if ( modal ) {
-    setWindowModality( Qt::ApplicationModal );
-  }
-
-  _icon = new QLabel( this );
-  _icon->setPixmap( icon() );
-
-  _error = new QLabel( this );
-  _error->setWordWrap(true);
-  QPalette pal;
-  pal.setColor( QPalette::WindowText, Qt::red );
-  _error->setPalette( pal );
-  _error->hide();
-
-  _desc = new QLabel( this );
-  _desc->setWordWrap(true);
-  _desc->hide();
-
-  _prompt = new QLabel( this );
-  _prompt->hide();
-
-  _edit = new QLineEdit( this );
-  _edit->setMaxLength( 256 );
-  _edit->setEchoMode( QLineEdit::Password );
-
-  _prompt->setBuddy( _edit );
-
-  if (enable_quality_bar)
-  {
-    _quality_bar_label = new QLabel( this );
-    _quality_bar_label->setAlignment( Qt::AlignRight | Qt::AlignVCenter );
-    _quality_bar = new QProgressBar( this );
-    _quality_bar->setAlignment( Qt::AlignCenter );
-    _have_quality_bar = true;
-  }
-  else
-    _have_quality_bar = false;
-
-  QDialogButtonBox* const buttons = new QDialogButtonBox( this );
-  buttons->setStandardButtons( QDialogButtonBox::Ok | QDialogButtonBox::Cancel );
-  _ok = buttons->button( QDialogButtonBox::Ok );
-  _cancel = buttons->button( QDialogButtonBox::Cancel );
-
-  _ok->setDefault(true);
-
-  if ( style()->styleHint( QStyle::SH_DialogButtonBox_ButtonsHaveIcons ) )
-    {
-      _ok->setIcon( style()->standardIcon( QStyle::SP_DialogOkButton ) );
-      _cancel->setIcon( style()->standardIcon( QStyle::SP_DialogCancelButton ) );
+    setWindowFlags(windowFlags() & ~Qt::WindowContextHelpButtonHint);
+
+    if (modal) {
+        setWindowModality(Qt::ApplicationModal);
+    }
+
+    _icon = new QLabel(this);
+    _icon->setPixmap(icon());
+
+    _error = new QLabel(this);
+    _error->setWordWrap(true);
+    QPalette pal;
+    pal.setColor(QPalette::WindowText, Qt::red);
+    _error->setPalette(pal);
+    _error->hide();
+
+    _desc = new QLabel(this);
+    _desc->setWordWrap(true);
+    _desc->hide();
+
+    _prompt = new QLabel(this);
+    _prompt->hide();
+
+    _edit = new QLineEdit(this);
+    _edit->setMaxLength(256);
+    _edit->setEchoMode(QLineEdit::Password);
+
+    _prompt->setBuddy(_edit);
+
+    if (enable_quality_bar) {
+        _quality_bar_label = new QLabel(this);
+        _quality_bar_label->setAlignment(Qt::AlignRight | Qt::AlignVCenter);
+        _quality_bar = new QProgressBar(this);
+        _quality_bar->setAlignment(Qt::AlignCenter);
+        _have_quality_bar = true;
+    } else {
+        _have_quality_bar = false;
+    }
+
+    QDialogButtonBox *const buttons = new QDialogButtonBox(this);
+    buttons->setStandardButtons(QDialogButtonBox::Ok | QDialogButtonBox::Cancel);
+    _ok = buttons->button(QDialogButtonBox::Ok);
+    _cancel = buttons->button(QDialogButtonBox::Cancel);
+
+    _ok->setDefault(true);
+
+    if (style()->styleHint(QStyle::SH_DialogButtonBox_ButtonsHaveIcons)) {
+        _ok->setIcon(style()->standardIcon(QStyle::SP_DialogOkButton));
+        _cancel->setIcon(style()->standardIcon(QStyle::SP_DialogCancelButton));
+    }
+
+    if (timeout > 0) {
+        _timer = new QTimer(this);
+        connect(_timer, SIGNAL(timeout()), this, SLOT(slotTimeout()));
+        _timer->start(timeout * 1000);
+    } else {
+        _timer = NULL;
+    }
+
+    connect(buttons, SIGNAL(accepted()), this, SLOT(accept()));
+    connect(buttons, SIGNAL(rejected()), this, SLOT(reject()));
+    connect(_edit, SIGNAL(textChanged(QString)),
+            this, SLOT(updateQuality(QString)));
+
+    _edit->setFocus();
+
+    QGridLayout *const grid = new QGridLayout(this);
+    grid->addWidget(_icon, 0, 0, 5, 1, Qt::AlignTop | Qt::AlignLeft);
+    grid->addWidget(_error, 1, 1, 1, 2);
+    grid->addWidget(_desc,  2, 1, 1, 2);
+    //grid->addItem( new QSpacerItem( 0, _edit->height() / 10, QSizePolicy::Minimum, QSizePolicy::Fixed ), 1, 1 );
+    grid->addWidget(_prompt, 3, 1);
+    grid->addWidget(_edit, 3, 2);
+    if (enable_quality_bar) {
+        grid->addWidget(_quality_bar_label, 4, 1);
+        grid->addWidget(_quality_bar, 4, 2);
     }
+    grid->addWidget(buttons, 5, 0, 1, 3);
 
-  if (timeout > 0) {
-      _timer = new QTimer(this);
-      connect(_timer, SIGNAL(timeout()), this, SLOT(slotTimeout()));
-      _timer->start(timeout*1000);
-  }
-  else
-    _timer = NULL;
-
-  connect( buttons, SIGNAL(accepted()), this, SLOT(accept()) );
-  connect( buttons, SIGNAL(rejected()), this, SLOT(reject()) );
-  connect( _edit, SIGNAL( textChanged(QString) ),
-	   this, SLOT( updateQuality(QString) ) );
-
-  _edit->setFocus();
-
-  QGridLayout* const grid = new QGridLayout( this );
-  grid->addWidget( _icon, 0, 0, 5, 1, Qt::AlignTop|Qt::AlignLeft );
-  grid->addWidget( _error, 1, 1, 1, 2 );
-  grid->addWidget( _desc,  2, 1, 1, 2 );
-  //grid->addItem( new QSpacerItem( 0, _edit->height() / 10, QSizePolicy::Minimum, QSizePolicy::Fixed ), 1, 1 );
-  grid->addWidget( _prompt, 3, 1 );
-  grid->addWidget( _edit, 3, 2 );
-  if( enable_quality_bar )
-  {
-    grid->addWidget( _quality_bar_label, 4, 1 );
-    grid->addWidget( _quality_bar, 4, 2 );
-  }
-  grid->addWidget( buttons, 5, 0, 1, 3 );
-
-  grid->setSizeConstraint( QLayout::SetFixedSize );
+    grid->setSizeConstraint(QLayout::SetFixedSize);
 }
 
-void PinEntryDialog::hideEvent( QHideEvent* ev )
+void PinEntryDialog::hideEvent(QHideEvent *ev)
 {
-  if ( !_pinentry_info || _pinentry_info->grab )
-    _edit->releaseKeyboard();
-  _grabbed = false;
-  QDialog::hideEvent( ev );
+    if (!_pinentry_info || _pinentry_info->grab) {
+        _edit->releaseKeyboard();
+    }
+    _grabbed = false;
+    QDialog::hideEvent(ev);
 }
 
-void PinEntryDialog::showEvent( QShowEvent* event )
+void PinEntryDialog::showEvent(QShowEvent *event)
 {
-    QDialog::showEvent( event );
-    raiseWindow( this );
+    QDialog::showEvent(event);
+    raiseWindow(this);
 }
 
-void PinEntryDialog::setDescription( const QString& txt )
+void PinEntryDialog::setDescription(const QString &txt)
 {
-  _desc->setVisible( !txt.isEmpty() );
-  _desc->setText( txt );
+    _desc->setVisible(!txt.isEmpty());
+    _desc->setText(txt);
 #ifndef QT_NO_ACCESSIBILITY
-  _desc->setAccessibleDescription ( txt );
+    _desc->setAccessibleDescription(txt);
 #endif
-  _icon->setPixmap( icon() );
-  setError( QString::null );
+    _icon->setPixmap(icon());
+    setError(QString::null);
 }
 
 QString PinEntryDialog::description() const
 {
-  return _desc->text();
+    return _desc->text();
 }
 
-void PinEntryDialog::setError( const QString& txt )
+void PinEntryDialog::setError(const QString &txt)
 {
-  if( !txt.isNull() )_icon->setPixmap( icon( QStyle::SP_MessageBoxCritical ) );
-  _error->setText( txt );
+    if (!txt.isNull()) {
+        _icon->setPixmap(icon(QStyle::SP_MessageBoxCritical));
+    }
+    _error->setText(txt);
 #ifndef QT_NO_ACCESSIBILITY
-  _error->setAccessibleDescription ( txt );
+    _error->setAccessibleDescription(txt);
 #endif
-  _error->setVisible( !txt.isEmpty() );
+    _error->setVisible(!txt.isEmpty());
 }
 
 QString PinEntryDialog::error() const
 {
-  return _error->text();
+    return _error->text();
 }
 
-void PinEntryDialog::setPin( const QString & txt )
+void PinEntryDialog::setPin(const QString &txt)
 {
-    _edit->setText( txt );
+    _edit->setText(txt);
 }
 
 QString PinEntryDialog::pin() const
@@ -253,84 +252,81 @@ QString PinEntryDialog::pin() const
     return _edit->text();
 }
 
-void PinEntryDialog::setPrompt( const QString& txt )
+void PinEntryDialog::setPrompt(const QString &txt)
 {
-  _prompt->setText( txt );
-  _prompt->setVisible( !txt.isEmpty() );
+    _prompt->setText(txt);
+    _prompt->setVisible(!txt.isEmpty());
 }
 
 QString PinEntryDialog::prompt() const
 {
-  return _prompt->text();
+    return _prompt->text();
 }
 
-void PinEntryDialog::setOkText( const QString& txt )
+void PinEntryDialog::setOkText(const QString &txt)
 {
-  _ok->setText( txt );
+    _ok->setText(txt);
 #ifndef QT_NO_ACCESSIBILITY
-  _ok->setAccessibleDescription ( txt );
+    _ok->setAccessibleDescription(txt);
 #endif
-  _ok->setVisible( !txt.isEmpty() );
+    _ok->setVisible(!txt.isEmpty());
 }
 
-void PinEntryDialog::setCancelText( const QString& txt )
+void PinEntryDialog::setCancelText(const QString &txt)
 {
-  _cancel->setText( txt );
+    _cancel->setText(txt);
 #ifndef QT_NO_ACCESSIBILITY
-  _cancel->setAccessibleDescription ( txt );
+    _cancel->setAccessibleDescription(txt);
 #endif
-  _cancel->setVisible( !txt.isEmpty() );
+    _cancel->setVisible(!txt.isEmpty());
 }
 
-void PinEntryDialog::setQualityBar( const QString& txt )
+void PinEntryDialog::setQualityBar(const QString &txt)
 {
-  if (_have_quality_bar) {
-    _quality_bar_label->setText( txt );
+    if (_have_quality_bar) {
+        _quality_bar_label->setText(txt);
 #ifndef QT_NO_ACCESSIBILITY
-    _quality_bar_label->setAccessibleDescription ( txt );
+        _quality_bar_label->setAccessibleDescription(txt);
 #endif
-  }
+    }
 }
 
-void PinEntryDialog::setQualityBarTT( const QString& txt )
+void PinEntryDialog::setQualityBarTT(const QString &txt)
 {
-  if (_have_quality_bar)
-    _quality_bar->setToolTip( txt );
+    if (_have_quality_bar) {
+        _quality_bar->setToolTip(txt);
+    }
 }
 
-void PinEntryDialog::updateQuality(const QString & txt )
+void PinEntryDialog::updateQuality(const QString &txt)
 {
-  int length;
-  int percent;
-  QPalette pal;
-
-  if (_timer)
-    _timer->stop();
-
-  if (!_have_quality_bar || !_pinentry_info)
-    return;
-  const QByteArray utf8_pin = txt.toUtf8 ();
-  const char* pin = utf8_pin.constData ();
-  length = strlen (pin);
-  percent = length? pinentry_inq_quality (_pinentry_info, pin, length) : 0;
-  if (!length)
-    {
-      _quality_bar->reset ();
+    int length;
+    int percent;
+    QPalette pal;
+
+    if (_timer) {
+        _timer->stop();
     }
-  else
-    {
-      pal = _quality_bar->palette ();
-      if (percent < 0)
-        {
-          pal.setColor (QPalette::Highlight, QColor("red"));
-          percent = -percent;
-        }
-      else
-        {
-          pal.setColor (QPalette::Highlight, QColor("green"));
+
+    if (!_have_quality_bar || !_pinentry_info) {
+        return;
+    }
+    const QByteArray utf8_pin = txt.toUtf8();
+    const char *pin = utf8_pin.constData();
+    length = strlen(pin);
+    percent = length ? pinentry_inq_quality(_pinentry_info, pin, length) : 0;
+    if (!length) {
+        _quality_bar->reset();
+    } else {
+        pal = _quality_bar->palette();
+        if (percent < 0) {
+            pal.setColor(QPalette::Highlight, QColor("red"));
+            percent = -percent;
+        } else {
+            pal.setColor(QPalette::Highlight, QColor("green"));
         }
-      _quality_bar->setPalette (pal);
-      _quality_bar->setValue (percent);
+        _quality_bar->setPalette(pal);
+        _quality_bar->setValue(percent);
     }
 }
 
@@ -339,15 +335,15 @@ void PinEntryDialog::setPinentryInfo(pinentry_t peinfo)
     _pinentry_info = peinfo;
 }
 
-void PinEntryDialog::paintEvent( QPaintEvent* event )
+void PinEntryDialog::paintEvent(QPaintEvent *event)
 {
-  // Grab keyboard. It might be a little weird to do it here, but it works!
-  // Previously this code was in showEvent, but that did not work in Qt4.
-  QDialog::paintEvent( event );
-  if ( !_grabbed && ( !_pinentry_info || _pinentry_info->grab ) ) {
-    _edit->grabKeyboard();
-    _grabbed = true;
-  }
+    // Grab keyboard. It might be a little weird to do it here, but it works!
+    // Previously this code was in showEvent, but that did not work in Qt4.
+    QDialog::paintEvent(event);
+    if (!_grabbed && (!_pinentry_info || _pinentry_info->grab)) {
+        _edit->grabKeyboard();
+        _grabbed = true;
+    }
 
 }
 
diff --git a/qt/pinentrydialog.h b/qt/pinentrydialog.h
index 82755cd..217213b 100644
--- a/qt/pinentrydialog.h
+++ b/qt/pinentrydialog.h
@@ -1,7 +1,6 @@
-/*
-   pinentrydialog.h - A (not yet) secure Qt 4 dialog for PIN entry.
+/* pinentrydialog.h - A (not yet) secure Qt 4 dialog for PIN entry.
 
-   Copyright (C) 2002, 2008 Klar?lvdalens Datakonsult AB (KDAB)
+   Copyright (C) 2002, 2008 Klar??lvdalens Datakonsult AB (KDAB)
    Copyright 2007 Ingo Kl??cker
 
    Written by Steffen Hansen <steffen at klaralvdalens-datakonsult.se>.
@@ -36,64 +35,65 @@ class QLineEdit;
 class QString;
 class QProgressBar;
 
-QPixmap icon( QStyle::StandardPixmap which = QStyle::SP_CustomBase );
+QPixmap icon(QStyle::StandardPixmap which = QStyle::SP_CustomBase);
 
-void raiseWindow( QWidget* w );
+void raiseWindow(QWidget *w);
 
-class PinEntryDialog : public QDialog {
-  Q_OBJECT
+class PinEntryDialog : public QDialog
+{
+    Q_OBJECT
 
-  Q_PROPERTY( QString description READ description WRITE setDescription )
-  Q_PROPERTY( QString error READ error WRITE setError )
-  Q_PROPERTY( QString pin READ pin WRITE setPin )
-  Q_PROPERTY( QString prompt READ prompt WRITE setPrompt )
+    Q_PROPERTY(QString description READ description WRITE setDescription)
+    Q_PROPERTY(QString error READ error WRITE setError)
+    Q_PROPERTY(QString pin READ pin WRITE setPin)
+    Q_PROPERTY(QString prompt READ prompt WRITE setPrompt)
 public:
-  friend class PinEntryController; // TODO: remove when assuan lets me use Qt eventloop.
-  explicit PinEntryDialog( QWidget* parent = 0, const char* name = 0, int timeout = 0, bool modal = false, bool enable_quality_bar = false );
+    friend class PinEntryController; // TODO: remove when assuan lets me use Qt eventloop.
+    explicit PinEntryDialog(QWidget *parent = 0, const char *name = 0, int timeout = 0, bool modal = false, bool enable_quality_bar = false);
 
-  void setDescription( const QString& );
-  QString description() const;
+    void setDescription(const QString &);
+    QString description() const;
 
-  void setError( const QString& );
-  QString error() const;
+    void setError(const QString &);
+    QString error() const;
 
-  void setPin( const QString & );
-  QString pin() const;
+    void setPin(const QString &);
+    QString pin() const;
 
-  void setPrompt( const QString& );
-  QString prompt() const;
+    void setPrompt(const QString &);
+    QString prompt() const;
 
-  void setOkText( const QString& );
-  void setCancelText( const QString& );
+    void setOkText(const QString &);
+    void setCancelText(const QString &);
 
-  void setQualityBar( const QString& );
-  void setQualityBarTT( const QString& );
+    void setQualityBar(const QString &);
+    void setQualityBarTT(const QString &);
 
-  void setPinentryInfo (pinentry_t);
+    void setPinentryInfo(pinentry_t);
 
 public slots:
-  void updateQuality(const QString&);
-  void slotTimeout();
+    void updateQuality(const QString &);
+    void slotTimeout();
 
 protected:
-  /* reimp */ void showEvent( QShowEvent* event );
-  /* reimp */ void hideEvent( QHideEvent* );
-  /* reimp */ void paintEvent( QPaintEvent* event );
+    /* reimp */ void showEvent(QShowEvent *event);
+    /* reimp */ void hideEvent(QHideEvent *);
+    /* reimp */ void paintEvent(QPaintEvent *event);
 
 private:
-  QLabel*    _icon;
-  QLabel*    _desc;
-  QLabel*    _error;
-  QLabel*    _prompt;
-  QLabel*    _quality_bar_label;
-  QProgressBar* _quality_bar;
-  QLineEdit* _edit;
-  QPushButton* _ok;
-  QPushButton* _cancel;
-  bool       _grabbed;
-  bool       _have_quality_bar;
-  pinentry_t _pinentry_info;
-  QTimer*    _timer;
+    QLabel    *_icon;
+    QLabel    *_desc;
+    QLabel    *_error;
+    QLabel    *_prompt;
+    QLabel    *_quality_bar_label;
+    QProgressBar *_quality_bar;
+    QLineEdit *_edit;
+    QPushButton *_ok;
+    QPushButton *_cancel;
+    bool       _grabbed;
+    bool       _have_quality_bar;
+    pinentry_t _pinentry_info;
+    QTimer    *_timer;
 };
 
 #endif // __PINENTRYDIALOG_H__

-----------------------------------------------------------------------

Summary of changes:
 m4/qt.m4               |   2 +-
 qt/main.cpp            | 435 +++++++++++++++++++++++++------------------------
 qt/pinentryconfirm.cpp |  28 ++--
 qt/pinentryconfirm.h   |  23 ++-
 qt/pinentrydialog.cpp  | 431 ++++++++++++++++++++++++++----------------------
 qt/pinentrydialog.h    |  99 ++++++-----
 6 files changed, 541 insertions(+), 477 deletions(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 14 12:33:13 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 14 Apr 2016 12:33:13 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-133-g8c3fb23
Message-ID: <E1aqeZa-0002Bt-In@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  8c3fb2360f154a971d2a390e4937acb22a44a8c2 (commit)
       via  6df75ec70afeb1a5ad9a00557e1245e1514c37b5 (commit)
       via  94504b3d5af126abb591dedda1ca0f0970822f55 (commit)
      from  4159567f7ed7a1139fdc3a6c92988e1648ad84ab (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8c3fb2360f154a971d2a390e4937acb22a44a8c2
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 14 12:16:51 2016 +0200

    agent: Fix regression due to recent commit 4159567.
    
    * agent/protect.c (do_encryption): Fix CBC hashing.
    --
    
    The buggy code included an extra closing parenthesis before
    the (protected-at) term in the CBC hashing.  We now do it by
    explicitly hashing the protected stuff and append the rest of the
    expression instead of a fixed closing parenthesis.  Note that the OCB
    hashing only differs that it does no include the protected part.
    
    Fixes-commit: 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/protect.c b/agent/protect.c
index a78d5a5..ee08e57 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -464,9 +464,11 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
       rc = gcry_md_open (&md, GCRY_MD_SHA1, 0 );
       if (!rc)
         {
-          gcry_md_write (md, hashbegin, hashlen);
+          gcry_md_write (md, hashbegin, protbegin - hashbegin);
+          gcry_md_write (md, protbegin, protlen);
           gcry_md_write (md, timestamp_exp, timestamp_exp_len);
-          gcry_md_write (md, ")", 1);
+          gcry_md_write (md, protbegin+protlen,
+                         hashlen - (protbegin+protlen - hashbegin));
           memcpy (hashvalue, gcry_md_read (md, GCRY_MD_SHA1), 20);
           gcry_md_close (md);
         }

commit 6df75ec70afeb1a5ad9a00557e1245e1514c37b5
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 14 12:28:48 2016 +0200

    agent: Allow gpg-protect-tool to handle openpgp-native protection.
    
    * agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
    agent_unprotect.
    (main): Allocate a simple CTRL object and pass it to
    read_and_unprotect.
    (convert_from_openpgp_native): Remove stub.
    (agent_key_available, agent_get_cache): New stubs.
    (agent_askpin): New emulation for the one in call-pinentry.c.
    (agent_write_private_key): New to dump key.
    * agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/Makefile.am b/agent/Makefile.am
index b33593d..4be9090 100644
--- a/agent/Makefile.am
+++ b/agent/Makefile.am
@@ -74,7 +74,7 @@ gpg_agent_DEPENDENCIES = $(resource_objs)
 
 gpg_protect_tool_SOURCES = \
 	protect-tool.c \
-	protect.c
+	protect.c cvt-openpgp.c
 
 gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
 gpg_protect_tool_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) \
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index 1871ac7..ad036ee 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -363,7 +363,7 @@ read_and_protect (const char *fname)
 
 
 static void
-read_and_unprotect (const char *fname)
+read_and_unprotect (ctrl_t ctrl, const char *fname)
 {
   int  rc;
   unsigned char *key;
@@ -376,7 +376,7 @@ read_and_unprotect (const char *fname)
   if (!key)
     return;
 
-  rc = agent_unprotect (NULL, key, (pw=get_passphrase (1)),
+  rc = agent_unprotect (ctrl, key, (pw=get_passphrase (1)),
                         protected_at, &result, &resultlen);
   release_passphrase (pw);
   xfree (key);
@@ -388,10 +388,14 @@ read_and_unprotect (const char *fname)
       return;
     }
   if (opt.verbose)
-    log_info ("key protection done at %.4s-%.2s-%.2s %.2s:%.2s:%s\n",
-              protected_at, protected_at+4, protected_at+6,
-              protected_at+9, protected_at+11, protected_at+13);
-
+    {
+      if (*protected_at)
+        log_info ("key protection done at %.4s-%.2s-%.2s %.2s:%.2s:%s\n",
+                  protected_at, protected_at+4, protected_at+6,
+                  protected_at+9, protected_at+11, protected_at+13);
+      else
+        log_info ("key protection done at [unknown]\n");
+    }
 
   if (opt_armor)
     {
@@ -552,6 +556,7 @@ main (int argc, char **argv )
   ARGPARSE_ARGS pargs;
   int cmd = 0;
   const char *fname;
+  ctrl_t ctrl;
 
   early_system_init ();
   set_strusage (my_strusage);
@@ -617,6 +622,15 @@ main (int argc, char **argv )
   else if (argc > 1)
     usage (1);
 
+  /* Allocate an CTRL object.  An empty object should sufficent.  */
+  ctrl = xtrycalloc (1, sizeof *ctrl);
+  if (!ctrl)
+    {
+      log_error ("error allocating connection control data: %s\n",
+                 strerror (errno));
+      agent_exit (1);
+    }
+
   /* Set the information which can't be taken from envvars.  */
   gnupg_prepare_get_passphrase (GPG_ERR_SOURCE_DEFAULT,
                                 opt.verbose,
@@ -630,7 +644,7 @@ main (int argc, char **argv )
   if (cmd == oProtect)
     read_and_protect (fname);
   else if (cmd == oUnprotect)
-    read_and_unprotect (fname);
+    read_and_unprotect (ctrl, fname);
   else if (cmd == oShadow)
     read_and_shadow (fname);
   else if (cmd == oShowShadowInfo)
@@ -646,6 +660,8 @@ main (int argc, char **argv )
   else
     show_file (fname);
 
+  xfree (ctrl);
+
   agent_exit (0);
   return 8; /*NOTREACHED*/
 }
@@ -737,12 +753,79 @@ release_passphrase (char *pw)
 
 
 /* Stub function.  */
+int
+agent_key_available (const unsigned char *grip)
+{
+  (void)grip;
+  return -1;  /* Not available.  */
+}
+
+char *
+agent_get_cache (const char *key, cache_mode_t cache_mode)
+{
+  (void)key;
+  (void)cache_mode;
+  return NULL;
+}
+
 gpg_error_t
-convert_from_openpgp_native (gcry_sexp_t s_pgp, const char *passphrase,
-                             unsigned char **r_key)
+agent_askpin (ctrl_t ctrl,
+              const char *desc_text, const char *prompt_text,
+              const char *initial_errtext,
+              struct pin_entry_info_s *pininfo,
+              const char *keyinfo, cache_mode_t cache_mode)
 {
-  (void)s_pgp;
-  (void)passphrase;
-  (void)r_key;
-  return gpg_error (GPG_ERR_BUG);
+  gpg_error_t err;
+  unsigned char *passphrase;
+  size_t size;
+
+  (void)ctrl;
+  (void)desc_text;
+  (void)prompt_text;
+  (void)initial_errtext;
+  (void)keyinfo;
+  (void)cache_mode;
+
+  *pininfo->pin = 0; /* Reset the PIN. */
+  passphrase = get_passphrase (0);
+  size = strlen (passphrase);
+  if (size >= pininfo->max_length)
+    return gpg_error (GPG_ERR_TOO_LARGE);
+
+  memcpy (&pininfo->pin, passphrase, size);
+  xfree (passphrase);
+  pininfo->pin[size] = 0;
+  if (pininfo->check_cb)
+    {
+      /* More checks by utilizing the optional callback. */
+      pininfo->cb_errtext = NULL;
+      err = pininfo->check_cb (pininfo);
+    }
+  else
+    err = 0;
+  return err;
+}
+
+/* Replacement for the function in findkey.c.  Here we write the key
+ * to stdout. */
+int
+agent_write_private_key (const unsigned char *grip,
+                         const void *buffer, size_t length, int force)
+{
+  char hexgrip[40+4+1];
+  char *p;
+
+  (void)force;
+
+  bin2hex (grip, 20, hexgrip);
+  strcpy (hexgrip+40, ".key");
+  p = make_advanced (buffer, length);
+  if (p)
+    {
+      printf ("# Begin dump of %s\n%s%s# End dump of %s\n",
+              hexgrip, p, (*p && p[strlen(p)-1] == '\n')? "":"\n", hexgrip);
+      xfree (p);
+    }
+
+  return 0;
 }

commit 94504b3d5af126abb591dedda1ca0f0970822f55
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 14 09:08:50 2016 +0200

    tests: Set fake-pinentry's stdout and stdin to _IOLBF.
    
    * tests/openpgp/fake-pinentry.c (main): Call setvbuf.  Show passphrase
    at startup.  Increase buffer.
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tests/openpgp/fake-pinentry.c b/tests/openpgp/fake-pinentry.c
index c906370..b8aa848 100644
--- a/tests/openpgp/fake-pinentry.c
+++ b/tests/openpgp/fake-pinentry.c
@@ -25,19 +25,36 @@
 int
 main (int argc, char **argv)
 {
+  static char *passphrase;
+  char *p;
+
   (void) argc, (void) argv;
 
+  setvbuf (stdin, NULL, _IOLBF, BUFSIZ);
+  setvbuf (stdout, NULL, _IOLBF, BUFSIZ);
+
+  if (!passphrase)
+    {
+      passphrase = getenv ("PINENTRY_USER_DATA");
+      if (!passphrase)
+        passphrase = "";
+      for (p=passphrase; *p; p++)
+        if (*p == '\r' || *p == '\n')
+          *p = '.';
+      printf ("# Passphrase='%s'\n", passphrase);
+    }
+
   printf ("OK - what's up?\n");
 
   while (! feof (stdin))
     {
-      char buffer[128];
+      char buffer[1024];
 
       if (fgets (buffer, sizeof buffer, stdin) == NULL)
 	break;
 
       if (strncmp (buffer, "GETPIN", 6) == 0)
-	printf ("D %s\nOK\n", getenv ("PINENTRY_USER_DATA") ?: "");
+	printf ("D %s\nOK\n", passphrase);
       else if (strncmp (buffer, "BYE", 3) == 0)
 	{
 	  printf ("OK\n");

-----------------------------------------------------------------------

Summary of changes:
 agent/Makefile.am             |   2 +-
 agent/protect-tool.c          | 109 +++++++++++++++++++++++++++++++++++++-----
 agent/protect.c               |   6 ++-
 tests/openpgp/fake-pinentry.c |  21 +++++++-
 4 files changed, 120 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 14 14:42:37 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 14 Apr 2016 14:42:37 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-380-g47c6a1f
Message-ID: <E1aqgan-0005sg-2F@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  47c6a1f88eb763e9baa394e34d873b761abcebbe (commit)
       via  88c6b98350193abbdcfb227754979b0c097ee09c (commit)
      from  8472b71812e71c69d66e2fcc02a6e21b66755f8b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 47c6a1f88eb763e9baa394e34d873b761abcebbe
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 14 14:39:31 2016 +0200

    cipher: Add constant for 8 bit CFB mode.
    
    * src/gcrypt.h.in (GCRY_CIPHER_MODE_CFB8): New.
    * tests/basic.c (check_cfb_cipher): Prepare for CFB-8 tests.
    --
    
    Note that there is no implementation for the 8 bit CFB mode yet.  We
    will add that as a bug fix after the release of 1.7.0.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/NEWS b/NEWS
index 9cb5e36..7b53c1a 100644
--- a/NEWS
+++ b/NEWS
@@ -68,6 +68,7 @@ Noteworthy changes in version 1.7.0 (unreleased)
  gcry_mpi_ec_decode_point        NEW.
  GCRY_CIPHER_MODE_POLY1305       NEW.
  GCRY_CIPHER_MODE_OCB            NEW.
+ GCRY_CIPHER_MODE_CFB8           NEW constant.
  GCRYCTL_SET_TAGLEN              NEW.
  GCRYCTL_GET_TAGLEN              NEW.
  gcry_cipher_final               NEW macro.
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index a78c5fd..0171cd6 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -1598,9 +1598,12 @@ set, this mode may be used to bypass the actual encryption.
 Electronic Codebook mode.
 
 @item GCRY_CIPHER_MODE_CFB
+ at item GCRY_CIPHER_MODE_CFB8
 @cindex CFB, Cipher Feedback mode
-Cipher Feedback mode.  The shift size equals the block size of the
-cipher (e.g. for AES it is CFB-128).
+Cipher Feedback mode.  For GCRY_CIPHER_MODE_CFB the shift size equals
+the block size of the cipher (e.g. for AES it is CFB-128).  For
+GCRY_CIPHER_MODE_CFB8 the shift size is 8 bit but that variant is not
+yet available.
 
 @item  GCRY_CIPHER_MODE_CBC
 @cindex CBC, Cipher Block Chaining mode
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index bd25d1b..96d742a 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -961,7 +961,8 @@ enum gcry_cipher_modes
     GCRY_CIPHER_MODE_CCM      = 8,   /* Counter with CBC-MAC.  */
     GCRY_CIPHER_MODE_GCM      = 9,   /* Galois Counter Mode. */
     GCRY_CIPHER_MODE_POLY1305 = 10,  /* Poly1305 based AEAD mode. */
-    GCRY_CIPHER_MODE_OCB      = 11   /* OCB3 mode.  */
+    GCRY_CIPHER_MODE_OCB      = 11,  /* OCB3 mode.  */
+    GCRY_CIPHER_MODE_CFB8     = 12   /* Cipher feedback (8 bit mode). */
   };
 
 /* Flags used with the open function. */
diff --git a/tests/basic.c b/tests/basic.c
index 4940f6a..96fb4cb 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -873,6 +873,7 @@ check_cfb_cipher (void)
   static const struct tv
   {
     int algo;
+    int cfb8;
     char key[MAX_DATA_LEN];
     char iv[MAX_DATA_LEN];
     struct data
@@ -885,7 +886,7 @@ check_cfb_cipher (void)
   } tv[] =
     {
       /* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */
-      { GCRY_CIPHER_AES,
+      { GCRY_CIPHER_AES, 0,
         "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
         "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
         { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
@@ -902,7 +903,7 @@ check_cfb_cipher (void)
             "\xc0\x4b\x05\x35\x7c\x5d\x1c\x0e\xea\xc4\xc6\x6f\x9f\xf7\xf2\xe6" },
         }
       },
-      { GCRY_CIPHER_AES192,
+      { GCRY_CIPHER_AES192, 0,
         "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b"
         "\x80\x90\x79\xe5\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
         "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
@@ -920,7 +921,7 @@ check_cfb_cipher (void)
             "\xc0\x5f\x9f\x9c\xa9\x83\x4f\xa0\x42\xae\x8f\xba\x58\x4b\x09\xff" },
         }
       },
-      { GCRY_CIPHER_AES256,
+      { GCRY_CIPHER_AES256, 0,
         "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
         "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
         "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
@@ -941,7 +942,7 @@ check_cfb_cipher (void)
     };
   gcry_cipher_hd_t hde, hdd;
   unsigned char out[MAX_DATA_LEN];
-  int i, j, keylen, blklen;
+  int i, j, keylen, blklen, mode;
   gcry_error_t err = 0;
 
   if (verbose)
@@ -957,13 +958,15 @@ check_cfb_cipher (void)
           continue;
         }
 
+      mode = tv[i].cfb8? GCRY_CIPHER_MODE_CFB8 : GCRY_CIPHER_MODE_CFB;
+
       if (verbose)
         fprintf (stderr, "    checking CFB mode for %s [%i]\n",
 		 gcry_cipher_algo_name (tv[i].algo),
 		 tv[i].algo);
-      err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CFB, 0);
+      err = gcry_cipher_open (&hde, tv[i].algo, mode, 0);
       if (!err)
-        err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CFB, 0);
+        err = gcry_cipher_open (&hdd, tv[i].algo, mode, 0);
       if (err)
         {
           fail ("aes-cfb, gcry_cipher_open failed: %s\n", gpg_strerror (err));

commit 88c6b98350193abbdcfb227754979b0c097ee09c
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 14 13:26:55 2016 +0200

    tests: Add a new test for S-expressions.
    
    * tests/t-sexp.c (compare_to_canon): New.
    (back_and_forth_one): Add another test.
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tests/t-sexp.c b/tests/t-sexp.c
index 4785b17..33a58ff 100644
--- a/tests/t-sexp.c
+++ b/tests/t-sexp.c
@@ -387,11 +387,46 @@ canon_len (void)
 }
 
 
+/* Compare SE to the canonical formatted expression in
+ * (CANON,CANONLEN).  This is done by a converting SE to canonical
+ * format and doing a byte compare.  Returns 0 if they match.  */
+static int
+compare_to_canon (gcry_sexp_t se, const unsigned char *canon, size_t canonlen)
+{
+  size_t n, n1;
+  char *p1;
+
+  n1 = gcry_sexp_sprint (se, GCRYSEXP_FMT_CANON, NULL, 0);
+  if (!n1)
+    {
+      fail ("get required length in compare_to_canon failed\n");
+      return -1;
+    }
+  p1 = gcry_xmalloc (n1);
+  n = gcry_sexp_sprint (se, GCRYSEXP_FMT_CANON, p1, n1);
+  if (n1 != n+1)
+    {
+      fail ("length mismatch in compare_to_canon detected\n");
+      xfree (p1);
+      return -1;
+    }
+  if (n1 != canonlen || memcmp (p1, canon, canonlen))
+    {
+      xfree (p1);
+      return -1;
+    }
+  xfree (p1);
+  return 0;
+}
+
+
 static void
 back_and_forth_one (int testno, const char *buffer, size_t length)
 {
   gcry_error_t rc;
   gcry_sexp_t se, se1;
+  unsigned char *canon;
+  size_t canonlen;  /* Including the hidden nul suffix.  */
   size_t n, n1;
   char *p1;
 
@@ -409,11 +444,14 @@ back_and_forth_one (int testno, const char *buffer, size_t length)
     }
   p1 = gcry_xmalloc (n1);
   n = gcry_sexp_sprint (se, GCRYSEXP_FMT_CANON, p1, n1);
-  if (n1 != n+1) /* sprints adds an extra 0 but dies not return it */
+  if (n1 != n+1) /* sprints adds an extra 0 but does not return it. */
     {
       fail ("baf %d: length mismatch for canon\n", testno);
       return;
     }
+  canonlen = n1;
+  canon = gcry_malloc (canonlen);
+  memcpy (canon, p1, canonlen);
   rc = gcry_sexp_create (&se1, p1, n, 0, gcry_free);
   if (rc)
     {
@@ -449,9 +487,40 @@ back_and_forth_one (int testno, const char *buffer, size_t length)
     fail ("baf %d: memory corrupted (3)\n", testno);
   gcry_free (p1);
 
+  /* Check converting to advanced format.  */
+  n1 = gcry_sexp_sprint (se, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+  if (!n1)
+    {
+      fail ("baf %d: get required length for advanced failed\n", testno);
+      return;
+    }
+  p1 = gcry_xmalloc (n1);
+  n = gcry_sexp_sprint (se, GCRYSEXP_FMT_ADVANCED, p1, n1);
+  if (n1 != n+1) /* sprints adds an extra 0 but does not return it */
+    {
+      fail ("baf %d: length mismatch for advanced\n", testno);
+      return;
+    }
+  rc = gcry_sexp_create (&se1, p1, n, 0, gcry_free);
+  if (rc)
+    {
+      fail ("baf %d: gcry_sexp_create failed: %s\n",
+            testno, gpg_strerror (rc));
+      return;
+    }
+  if (compare_to_canon (se1, canon, canonlen))
+    {
+      fail ("baf %d: converting to advanced failed.\n",
+            testno, gpg_strerror (rc));
+      return;
+    }
+  gcry_sexp_release (se1);
+
+
   /* FIXME: we need a lot more tests */
 
   gcry_sexp_release (se);
+  xfree (canon);
 }
 
 
@@ -474,6 +543,13 @@ back_and_forth (void)
 "   #F7B0B535F8F8E22F4F3DA031224070303F82F9207D42952F1ACF21A4AB1C50304EBB25527992C7B265A9E9FF702826FB88759BDD55E4759E9FCA6C879538C9D043A9C60A326CB6681090BAA731289BD880A7D5774D9999F026E5E7963BFC8C0BDC9F061393CB734B4F259725C0A0A0B15BA39C39146EF6A1B3DC4DF30A22EBE09FD05AE6CB0C8C6532951A925F354F4E26A51964F5BBA50081690C421C8385C4074E9BAB9297D081B857756607EAE652415275A741C89E815558A50AC638EDC5F5030210B4395E3E1A40FF38DCCCB333A19EA88EFE7E4D51B54128C6DF27395646836679AC21B1B25C1DA6F0A7CE9F9BE078EFC7934FA9AE202CBB0AA06C20DFAF9A66FAB7E9073FBE96B9A7F25C3BA45EC3EECA65796AEE313BA148DE5314F30345B452B50B17C4D841A7F27397126E8C10BD0CE3B50A82C0425AAEE7798031671407B681F52916256F78CAF92A477AC27BCBE26DAFD1BCE386A853E2A036F8314BB2E8E5BB1F196434232EFB0288331C2AB16DBC5457CC295EB966CAC5CE73D5DA5D566E469F0EFA82F9A12B8693E0#)\n"
 "  )\n"
 " )\n", 0 },
+    { "((sha1 #8B98CBF4A9823CA7# \"2097\") #3B6FC9#)", 0 },
+    { "((4:sha18:\x8B\x98\xCB\xF4\xA9\x82\x3C\xA7""4:2097)3:\x3B\x6F\xC9)", 0},
+    { "((4:sha18:\x8B\x98\xCB\x22\xA9\x82\x3C\xA7""4:2097)3:\x3B\x6F\xC9)", 0},
+    { "((sha1 #64652267686970C9# \"2097\") #3B6FC9#)", 0 },
+    { "((4:sha18:\x64\x65\x22\x67\x68\xc3\xa4\x71""4:2097)3:\x3B\x6F\xC9)", 0},
+    { "((sha1 \"defgh?q\" \"2097\") #3B6FC9#)", 0 },
+    { "((sha1 \"de\\\"gh?q\" \"2097\") #3B6FC9#)", 0 },
     { NULL, 0 }
   };
   int idx;

-----------------------------------------------------------------------

Summary of changes:
 NEWS            |  1 +
 doc/gcrypt.texi |  7 ++++--
 src/gcrypt.h.in |  3 ++-
 tests/basic.c   | 15 ++++++-----
 tests/t-sexp.c  | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 5 files changed, 94 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 14 15:29:48 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 14 Apr 2016 15:29:48 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-10-g287d40e
Message-ID: <E1aqhKR-0007TI-P6@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  287d40e879f767dbcb3d19b3629b872c08d39cf4 (commit)
       via  49a7ac5209aa54f3b91209acc899463e8097f808 (commit)
       via  15685a9c1471eb01066e0bbdb7d6b929a8fcc314 (commit)
      from  04115b3289dcc9b02044f88c08580618c055a571 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 287d40e879f767dbcb3d19b3629b872c08d39cf4
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Apr 14 15:21:13 2016 +0200

    Qt: Restrict list of icon themes to try
    
    * qt/main.cpp (main): Only search in select icon themes.
    
    --
    Gnome Icon theme does not use a lock for document-encrypt icon
    and this looks strange. Mainly the goal is not to show the Oxygen
    Icon built into pinentry on a breeze Desktop.

diff --git a/qt/main.cpp b/qt/main.cpp
index a051240..bc7796f 100644
--- a/qt/main.cpp
+++ b/qt/main.cpp
@@ -341,9 +341,19 @@ main(int argc, char *argv[])
         i = argc;
         app.reset(new QApplication(i, new_argv));
         const QIcon fallback = QIcon(QLatin1String(":/document-encrypt.png"));
-        const QIcon icon = QIcon::fromTheme(QLatin1String("document-encrypt"),
-                                            fallback);
-        app->setWindowIcon(icon);
+        const QString themeName = QIcon::themeName().toLower();
+        /* Some themes dont have an lock representation for document-encrypt
+           we need to filter out these. */
+        const QStringList okThemes = QStringList() << QLatin1String("breeze")
+                                                   << QLatin1String("breeze-dark")
+                                                   << QLatin1String("oxygen")
+                                                   << QLatin1String("mono");
+        if (okThemes.contains(themeName)) {
+            app->setWindowIcon(QIcon::fromTheme(QLatin1String("document-encrypt"),
+                                                fallback));
+        } else {
+            app->setWindowIcon(fallback);
+        }
     }
 
     pinentry_parse_opts(argc, argv);

commit 49a7ac5209aa54f3b91209acc899463e8097f808
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Apr 14 15:01:47 2016 +0200

    Qt: Add actions to make passphrase visible
    
    * qt/main.cpp (qt_cmd_handler): Support visibility tooltips.
    * qt/pinentrydialog.cpp (PinEntryDialog::PinEntryDialog):
     Add a checkbox or line actions.
     (PinEntryDialog::checkRepeat): Renabed to textChanged.
     (PinEntryDialog::toggleVisibility): New. Toggle echo mode.
    * qt/pinentrydialog.h: Update accordingly.
    
    --
    The Action comes in two flavors to avoid having to include new
    icons in pinentry (and thus have a text-only fallback) and also
    because Qt4 does not support direct line edit actions and I don't
    want to raise the requirement to Qt 5.2 yet.
    
    GnuPG-Bug-ID: 2139

diff --git a/qt/main.cpp b/qt/main.cpp
index 3c653ee..a051240 100644
--- a/qt/main.cpp
+++ b/qt/main.cpp
@@ -169,10 +169,17 @@ qt_cmd_handler(pinentry_t pe)
     const QString repeatString =
         pe->repeat_passphrase ? from_utf8(pe->repeat_passphrase) :
                                 QString();
+    const QString visibilityTT =
+        pe->default_tt_visi ? from_utf8(pe->default_tt_visi) :
+                              QLatin1String("Show passphrase");
+    const QString hideTT =
+        pe->default_tt_hide ? from_utf8(pe->default_tt_hide) :
+                              QLatin1String("Hide passphrase");
+
 
     if (want_pass) {
         PinEntryDialog pinentry(parent, 0, pe->timeout, true, !!pe->quality_bar,
-                                repeatString);
+                                repeatString, visibilityTT, hideTT);
 
         pinentry.setPinentryInfo(pe);
         pinentry.setPrompt(escape_accel(from_utf8(pe->prompt)));
@@ -196,7 +203,6 @@ qt_cmd_handler(pinentry_t pe)
         if (pe->quality_bar_tt) {
             pinentry.setQualityBarTT(from_utf8(pe->quality_bar_tt));
         }
-
         bool ret = pinentry.exec();
         if (!ret) {
             return -1;
diff --git a/qt/pinentrydialog.cpp b/qt/pinentrydialog.cpp
index aca3a52..44a3a9f 100644
--- a/qt/pinentrydialog.cpp
+++ b/qt/pinentrydialog.cpp
@@ -35,6 +35,8 @@
 #include <QLabel>
 #include <QPalette>
 #include <QLineEdit>
+#include <QAction>
+#include <QCheckBox>
 
 #ifdef Q_OS_WIN
 #include <windows.h>
@@ -112,8 +114,17 @@ void PinEntryDialog::slotTimeout()
 
 PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
                                int timeout, bool modal, bool enable_quality_bar,
-                               const QString &repeatString)
-    : QDialog(parent, Qt::WindowStaysOnTopHint), mRepeat(NULL), _grabbed(false)
+                               const QString &repeatString,
+                               const QString &visibilityTT,
+                               const QString &hideTT)
+    : QDialog(parent, Qt::WindowStaysOnTopHint),
+      mRepeat(NULL),
+      _grabbed(false),
+      mVisibilityTT(visibilityTT),
+      mHideTT(hideTT),
+      mVisiActionEdit(NULL),
+      mVisiActionRepeat(NULL),
+      mVisiCB(NULL)
 {
     setWindowFlags(windowFlags() & ~Qt::WindowContextHelpButtonHint);
 
@@ -178,6 +189,8 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
     connect(buttons, SIGNAL(rejected()), this, SLOT(reject()));
     connect(_edit, SIGNAL(textChanged(QString)),
             this, SLOT(updateQuality(QString)));
+    connect(_edit, SIGNAL(textChanged(QString)),
+            this, SLOT(textChanged(QString)));
 
     _edit->setFocus();
 
@@ -197,9 +210,7 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
         mRepeat->setMaxLength(256);
         mRepeat->setEchoMode(QLineEdit::Password);
         connect(mRepeat, SIGNAL(textChanged(QString)),
-                this, SLOT(checkRepeat(QString)));
-        connect(_edit, SIGNAL(textChanged(QString)),
-                this, SLOT(checkRepeat(QString)));
+                this, SLOT(textChanged(QString)));
         QLabel *repeatLabel = new QLabel(repeatString);
         repeatLabel->setBuddy(mRepeat);
         grid->addWidget(repeatLabel, row, 1);
@@ -207,13 +218,37 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
         setTabOrder(_edit, mRepeat);
         setTabOrder(mRepeat, _ok);
     }
-    row += 2;
-    grid->addWidget(buttons, row, 0, 1, 3);
+    /* Set up the show password action */
+    const QIcon visibilityIcon = QIcon::fromTheme(QLatin1String("visibility"));
+    const QIcon hideIcon = QIcon::fromTheme(QLatin1String("hint"));
+#if QT_VERSION >= 0x050200
+    if (!visibilityIcon.isNull() && !hideIcon.isNull()) {
+        mVisiActionEdit = _edit->addAction(visibilityIcon, QLineEdit::TrailingPosition);
+        mVisiActionEdit->setVisible(false);
+        mVisiActionEdit->setToolTip(mVisibilityTT);
+        if (mRepeat) {
+            mVisiActionRepeat = mRepeat->addAction(visibilityIcon, QLineEdit::TrailingPosition);
+            mVisiActionRepeat->setVisible(false);
+            mVisiActionRepeat->setToolTip(mVisibilityTT);
+            connect(mVisiActionRepeat, SIGNAL(triggered()), this, SLOT(toggleVisibility()));
+        }
+        connect(mVisiActionEdit, SIGNAL(triggered()), this, SLOT(toggleVisibility()));
+    } else
+#endif
+    {
+        if (!mVisibilityTT.isNull()) {
+            mVisiCB = new QCheckBox(mVisibilityTT);
+            connect(mVisiCB, SIGNAL(toggled(bool)), this, SLOT(toggleVisibility()));
+            grid->addWidget(mVisiCB, row++, 1, 1, 2, Qt::AlignLeft);
+        }
+    }
+    grid->addWidget(buttons, ++row, 0, 1, 3);
 
     grid->addWidget(_icon, 0, 0, row - 1, 1, Qt::AlignVCenter | Qt::AlignLeft);
 
     grid->setSizeConstraint(QLayout::SetFixedSize);
 
+
     connect(qApp, SIGNAL(focusChanged(QWidget *, QWidget *)),
             this, SLOT(focusChanged(QWidget *, QWidget *)));
 }
@@ -367,15 +402,62 @@ void PinEntryDialog::focusChanged(QWidget *old, QWidget *now)
 
 }
 
-void PinEntryDialog::checkRepeat(const QString &repPin)
+void PinEntryDialog::textChanged(const QString &text)
 {
-    if (mRepeat->text() == _edit->text()) {
+    Q_UNUSED(text);
+    if (mRepeat && mRepeat->text() == _edit->text()) {
         _ok->setEnabled(true);
         _ok->setToolTip(QString());
-    } else {
+    } else if (mRepeat) {
         _ok->setEnabled(false);
         _ok->setToolTip(mRepeatError);
     }
+
+    if (mVisiActionEdit && sender() == _edit) {
+        mVisiActionEdit->setVisible(!_edit->text().isEmpty());
+    }
+    if (mVisiActionRepeat && sender() == mRepeat) {
+        mVisiActionRepeat->setVisible(!mRepeat->text().isEmpty());
+    }
+}
+
+void PinEntryDialog::toggleVisibility()
+{
+    if (sender() == mVisiActionEdit) {
+        if (_edit->echoMode() == QLineEdit::Password) {
+            mVisiActionEdit->setIcon(QIcon::fromTheme(QLatin1String("hint")));
+            mVisiActionEdit->setToolTip(mHideTT);
+            _edit->setEchoMode(QLineEdit::Normal);
+        } else {
+            mVisiActionEdit->setIcon(QIcon::fromTheme(QLatin1String("visibility")));
+            mVisiActionEdit->setToolTip(mVisibilityTT);
+            _edit->setEchoMode(QLineEdit::Password);
+        }
+    }
+    if (sender() == mVisiActionRepeat) {
+        if (mRepeat->echoMode() == QLineEdit::Password) {
+            mVisiActionRepeat->setIcon(QIcon::fromTheme(QLatin1String("hint")));
+            mVisiActionRepeat->setToolTip(mHideTT);
+            mRepeat->setEchoMode(QLineEdit::Normal);
+        } else {
+            mVisiActionRepeat->setIcon(QIcon::fromTheme(QLatin1String("visibility")));
+            mVisiActionRepeat->setToolTip(mVisibilityTT);
+            mRepeat->setEchoMode(QLineEdit::Password);
+        }
+    }
+    if (sender() == mVisiCB) {
+        if (mVisiCB->isChecked()) {
+            if (mRepeat) {
+                mRepeat->setEchoMode(QLineEdit::Normal);
+            }
+            _edit->setEchoMode(QLineEdit::Normal);
+        } else {
+            if (mRepeat) {
+                mRepeat->setEchoMode(QLineEdit::Password);
+            }
+            _edit->setEchoMode(QLineEdit::Password);
+        }
+    }
 }
 
 QString PinEntryDialog::repeatedPin() const
diff --git a/qt/pinentrydialog.h b/qt/pinentrydialog.h
index 1713412..4c1241c 100644
--- a/qt/pinentrydialog.h
+++ b/qt/pinentrydialog.h
@@ -36,6 +36,8 @@ class QPushButton;
 class QLineEdit;
 class QString;
 class QProgressBar;
+class QCheckBox;
+class QAction;
 
 QPixmap icon(QStyle::StandardPixmap which = QStyle::SP_CustomBase);
 
@@ -53,7 +55,9 @@ public:
     explicit PinEntryDialog(QWidget *parent = 0, const char *name = 0,
                             int timeout = 0, bool modal = false,
                             bool enable_quality_bar = false,
-                            const QString &repeatString = QString());
+                            const QString &repeatString = QString(),
+                            const QString &visibiltyTT = QString(),
+                            const QString &hideTT = QString());
 
     void setDescription(const QString &);
     QString description() const;
@@ -81,8 +85,9 @@ public:
 protected slots:
     void updateQuality(const QString &);
     void slotTimeout();
-    void checkRepeat(const QString &);
+    void textChanged(const QString &);
     void focusChanged(QWidget *old, QWidget *now);
+    void toggleVisibility();
 
 protected:
     /* reimp */ void showEvent(QShowEvent *event);
@@ -102,7 +107,12 @@ private:
     bool       _have_quality_bar;
     pinentry_t _pinentry_info;
     QTimer    *_timer;
-    QString    mRepeatError;
+    QString    mRepeatError,
+               mVisibilityTT,
+               mHideTT;
+    QAction   *mVisiActionEdit,
+              *mVisiActionRepeat;
+    QCheckBox *mVisiCB;
 };
 
 #endif // __PINENTRYDIALOG_H__

commit 15685a9c1471eb01066e0bbdb7d6b929a8fcc314
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Apr 14 14:58:46 2016 +0200

    Add support for visibility string options
    
    * doc/pinentry.texi: Note new values.
    * pinentry/pinentry.c (pinentry): Add default_cf_visi,
     default_tt_visi and default_tt_hide.
     (option_handler): Parse new values.
    * pinentry/pinentry.h (pinentry_t): Add new values.

diff --git a/doc/pinentry.texi b/doc/pinentry.texi
index fd1d624..dcff886 100644
--- a/doc/pinentry.texi
+++ b/doc/pinentry.texi
@@ -690,6 +690,17 @@ above condition is true and @code{tried_password_cache} is false, then
 a check box with the specified string should be displayed.  The check
 box must default to off.
 
+ at item @code{default-cf-visi}
+The string to show with a question if you want to confirm that
+the user wants to change the visibility of the password.
+
+ at item @code{default-tt-visi}
+Tooltip for an action that would reveal the entered password.
+
+ at item @code{default-tt-hide}
+Tooltip for an action that would hide the password revealed
+by the action labeld with @code{default-tt-visi}
+
 @end table
 
 When the handler is done, it should store the passphrase in
diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c
index ef2b1fb..0c87271 100644
--- a/pinentry/pinentry.c
+++ b/pinentry/pinentry.c
@@ -79,6 +79,9 @@ pinentry_reset (int use_defaults)
   char *default_cancel = pinentry.default_cancel;
   char *default_prompt = pinentry.default_prompt;
   char *default_pwmngr = pinentry.default_pwmngr;
+  char *default_cf_visi = pinentry.default_cf_visi;
+  char *default_tt_visi = pinentry.default_tt_visi;
+  char *default_tt_hide = pinentry.default_tt_hide;
   char *touch_file = pinentry.touch_file;
 
   /* These options are set from the command line.  Don't reset
@@ -109,6 +112,9 @@ pinentry_reset (int use_defaults)
       free (pinentry.default_cancel);
       free (pinentry.default_prompt);
       free (pinentry.default_pwmngr);
+      free (pinentry.default_cf_visi);
+      free (pinentry.default_tt_visi);
+      free (pinentry.default_tt_hide);
       free (pinentry.touch_file);
       free (pinentry.display);
     }
@@ -162,6 +168,9 @@ pinentry_reset (int use_defaults)
       pinentry.default_cancel = default_cancel;
       pinentry.default_prompt = default_prompt;
       pinentry.default_pwmngr = default_pwmngr;
+      pinentry.default_cf_visi = default_cf_visi;
+      pinentry.default_tt_visi = default_tt_visi;
+      pinentry.default_tt_hide = default_tt_hide;
       pinentry.touch_file = touch_file;
 
       pinentry.debug = debug;
@@ -873,6 +882,24 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
       if (!pinentry.default_pwmngr)
 	return gpg_error_from_syserror ();
     }
+  else if (!strcmp (key, "default-cf-visi"))
+    {
+      pinentry.default_cf_visi = strdup (value);
+      if (!pinentry.default_cf_visi)
+	return gpg_error_from_syserror ();
+    }
+  else if (!strcmp (key, "default-tt-visi"))
+    {
+      pinentry.default_tt_visi = strdup (value);
+      if (!pinentry.default_tt_visi)
+	return gpg_error_from_syserror ();
+    }
+  else if (!strcmp (key, "default-tt-hide"))
+    {
+      pinentry.default_tt_hide = strdup (value);
+      if (!pinentry.default_tt_hide)
+	return gpg_error_from_syserror ();
+    }
   else if (!strcmp (key, "allow-external-password-cache") && !*value)
     {
       pinentry.allow_external_password_cache = 1;
diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h
index 47a5567..b203cfe 100644
--- a/pinentry/pinentry.h
+++ b/pinentry/pinentry.h
@@ -171,6 +171,15 @@ struct pinentry
   /* (Assuan: "OPTION default-pwmngr
      SAVE_PASSWORD_WITH_PASSWORD_MANAGER?").  */
   char *default_pwmngr;
+  /* (Assuan: "OPTION default-cf-visi
+     Do you really want to make your passphrase visible?").  */
+  char *default_cf_visi;
+  /* (Assuan: "OPTION default-tt-visi
+     Make passphrase visible?").  */
+  char *default_tt_visi;
+  /* (Assuan: "OPTION default-tt-hide
+     Hide passphrase").  */
+  char *default_tt_hide;
 
   /* Whether we are allowed to read the password from an external
      cache.  (Assuan: "OPTION allow-external-password-cache")  */

-----------------------------------------------------------------------

Summary of changes:
 doc/pinentry.texi     |  11 ++++++
 pinentry/pinentry.c   |  27 +++++++++++++
 pinentry/pinentry.h   |   9 +++++
 qt/main.cpp           |  26 ++++++++++---
 qt/pinentrydialog.cpp | 102 +++++++++++++++++++++++++++++++++++++++++++++-----
 qt/pinentrydialog.h   |  16 ++++++--
 6 files changed, 173 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 14 16:01:46 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 14 Apr 2016 16:01:46 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-11-g71b51e0
Message-ID: <E1aqhpN-0000Iz-GF@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  71b51e02cf20174ba7144765e985f7e889eaa429 (commit)
      from  287d40e879f767dbcb3d19b3629b872c08d39cf4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 71b51e02cf20174ba7144765e985f7e889eaa429
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Apr 14 15:56:09 2016 +0200

    GTK: Add visibility toggle button
    
    * gtk+-2/pinentry-gtk-2.c (create_window): Create checkbox.
     (show_passphrase_toggled): New. Do the toggling.
    
    --
    GnuPG-Bug-ID: 2139

diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c
index 5ebdd64..ed6c677 100644
--- a/gtk+-2/pinentry-gtk-2.c
+++ b/gtk+-2/pinentry-gtk-2.c
@@ -356,6 +356,20 @@ may_save_passphrase_toggled (GtkWidget *widget, gpointer data)
 #endif
 
 
+static void
+show_passphrase_toggled (GtkWidget *widget, gpointer data)
+{
+  GtkToggleButton *button = GTK_TOGGLE_BUTTON (widget);
+  gtk_entry_set_visibility (GTK_ENTRY (entry),
+                            gtk_toggle_button_get_active (button));
+  if (repeat_entry)
+    {
+      gtk_entry_set_visibility (GTK_ENTRY (repeat_entry),
+                                gtk_toggle_button_get_active (button));
+    }
+}
+
+
 static gboolean
 timeout_cb (gpointer data)
 {
@@ -606,6 +620,25 @@ create_window (pinentry_t ctx)
 			(gpointer) ctx);
     }
 #endif
+  /* Add the show visibile toggle button */
+  if (pinentry->default_tt_visi)
+    {
+      msg = pinentry_utf8_validate (pinentry->default_tt_visi);
+      w = gtk_check_button_new_with_mnemonic (msg);
+      g_free (msg);
+    }
+  else
+    w = gtk_check_button_new_with_label ("Show passphrase");
+
+  /* Make sure it is off by default.  */
+  gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (w), FALSE);
+
+  gtk_box_pack_start (GTK_BOX (box), w, TRUE, FALSE, 0);
+  gtk_widget_show (w);
+
+  g_signal_connect (G_OBJECT (w), "toggled",
+                    G_CALLBACK (show_passphrase_toggled),
+                    NULL);
 
   if (!pinentry->one_button)
     {

-----------------------------------------------------------------------

Summary of changes:
 gtk+-2/pinentry-gtk-2.c | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 14 16:36:27 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Thu, 14 Apr 2016 16:36:27 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-381-g491586b
Message-ID: <E1aqiMw-0001V5-Rq@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  491586bc7f7b9edc6b78331a77e653543983c9e4 (commit)
      from  47c6a1f88eb763e9baa394e34d873b761abcebbe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 491586bc7f7b9edc6b78331a77e653543983c9e4
Author: Justus Winter <justus at g10code.com>
Date:   Thu Apr 14 13:53:55 2016 +0200

    src: Improve S-expression parsing.
    
    * src/sexp.c (do_vsexp_sscan): Return an error if a closing
    parenthesis is encountered with no matching opening parenthesis.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/src/sexp.c b/src/sexp.c
index 636f922..6077bab 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -1592,6 +1592,13 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
 	      err = GPG_ERR_SEXP_UNMATCHED_DH;
               goto leave;
 	    }
+
+	  if (level == 0)
+	    {
+	      *erroff = p - buffer;
+	      err = GPG_ERR_SEXP_UNMATCHED_PAREN;
+	      goto leave;
+	    }
 	  MAKE_SPACE (0);
 	  *c.pos++ = ST_CLOSE;
 	  level--;

-----------------------------------------------------------------------

Summary of changes:
 src/sexp.c | 7 +++++++
 1 file changed, 7 insertions(+)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 09:42:43 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 15 Apr 2016 09:42:43 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-382-g1737c54
Message-ID: <E1aqyO6-0005ON-1s@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  1737c546dc7268fa9edcd4a23b7439c56d37ee4f (commit)
      from  491586bc7f7b9edc6b78331a77e653543983c9e4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1737c546dc7268fa9edcd4a23b7439c56d37ee4f
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 14 16:32:04 2016 +0200

    tests: Add test vectors for 256 GiB test of SHA3-256.
    
    * tests/hashtest.c: Add new test vectros.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tests/hashtest.c b/tests/hashtest.c
index e2178aa..33907fb 100644
--- a/tests/hashtest.c
+++ b/tests/hashtest.c
@@ -102,6 +102,22 @@ static struct {
     "49920704ea9d6ee19f0742d6c868110fa3eda8ac09f026e9ef22cc731af53020"
     "de40eedef66cb1afd94c61e285fa9327e01336e804903740a9145ab1f065c2d5" },
 
+  { GCRY_MD_SHA3_512, 256, -64,
+    "c6e082b3db996dbe5f2c5709818a7f325ef4febd883d7e9c545c06bfa7225198"
+    "1ecf40103788913cd5a5bdf13246b952ded6651043684b24197eb23544882a97" },
+  { GCRY_MD_SHA3_512, 256,  -1,
+    "d7bf28e8216bf7d3d0d3969e34078e94b98598e17b6f21f256379389e4eba8ee"
+    "74eb288774797263fec00bdfd357d132cea9e408be36b982f5a60ab56ad01613" },
+  { GCRY_MD_SHA3_512, 256,  +0,
+    "c1270852ba7b1e1a3eaa777969b8a65be28c3894537c61eb8cd22b1df6af703d"
+    "b59939f6adadeb64317faece8167d4817e73daf73e28a5ccd26bebee0a35c322" },
+  { GCRY_MD_SHA3_512, 256,  +1,
+    "8bdfeb3a1a9a1cdcef21172cbc5bb3b87c0d8f7111df0aaf7f1bc03ad4775bd6"
+    "a03e0a875c4e7d02d2230c213562c6a57be28d92eaf6e4bea4bc24690454c8ef" },
+  { GCRY_MD_SHA3_512, 256, +64,
+    "0c91b91665ceaf7af5102e0ed31aa4f050668ab3c57b1f4763946d567efe66b3"
+    "ab9a2016cf238dee5b44eae9f0cdfbf7b7a6eb1e759986273243dc35894706b6" },
+
   { 0 }
 };
 

-----------------------------------------------------------------------

Summary of changes:
 tests/hashtest.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 10:06:27 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 15 Apr 2016 10:06:27 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-13-gf4b5049
Message-ID: <E1aqyl3-0006LT-NU@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  f4b5049c68a79d5e4faba06447db5440936cefeb (commit)
       via  3a10a0beddc059ce4b0d75bacf6d7f4e3148fcff (commit)
      from  71b51e02cf20174ba7144765e985f7e889eaa429 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f4b5049c68a79d5e4faba06447db5440936cefeb
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Apr 15 09:51:24 2016 +0200

    gtk2: Add a button to show/hide the passphrase.
    
    * gtk+-2/pinentry-gtk-2.c (HIG_TINY): New.
     (confirm_unhiding): New.
     (show_hide_button_toggled): New.
     (create_show_hide_button): New.
     (create_window): Add a show/hide button.
    
    --
    This is an alternative implementation to the checkbox
    reverted with rev. 71b51e0.
    The patch is based on a patch by Werner Koch <wk at gnupg.org>
    modifications done by aheinecke are:
    - Use of strings provided by the gpg-agent
    - Switching the visibility state of the edit.
    - Using a monospace font for the label to avoid size
      changes when toggling the button.
    - Use of a default button label for cancel in the confirm dialog
      as the agent only sends a string that is useful for show.

diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c
index 5ebdd64..28b4fdc 100644
--- a/gtk+-2/pinentry-gtk-2.c
+++ b/gtk+-2/pinentry-gtk-2.c
@@ -64,6 +64,7 @@ static int passphrase_ok;
 typedef enum { CONFIRM_CANCEL, CONFIRM_OK, CONFIRM_NOTOK } confirm_value_t;
 static confirm_value_t confirm_value;
 
+static GtkWindow *mainwindow;
 static GtkWidget *entry;
 static GtkWidget *repeat_entry;
 static GtkWidget *error_label;
@@ -76,6 +77,7 @@ static guint timeout_source;
 static int confirm_mode;
 
 /* Gnome hig small and large space in pixels.  */
+#define HIG_TINY       2
 #define HIG_SMALL      6
 #define HIG_LARGE     12
 
@@ -356,6 +358,94 @@ may_save_passphrase_toggled (GtkWidget *widget, gpointer data)
 #endif
 
 
+/* Return TRUE if it is okay to unhide the entry.  */
+static int
+confirm_unhiding (void)
+{
+  const char *s;
+  GtkWidget *dialog;
+  int result;
+  char *message, *show_btn_label;
+
+  s = gtk_entry_get_text (GTK_ENTRY (entry));
+  if (!s || !*s)
+    return TRUE;  /* Nothing entered - go ahead an unhide.  */
+
+  message = pinentry_utf8_validate (pinentry->default_cf_visi);
+  if (!message)
+    {
+      message = g_strdup ("Do you really want to make "
+                          "your passphrase visible on the screen?");
+    }
+
+  show_btn_label = pinentry_utf8_validate (pinentry->default_tt_visi);
+  if (!show_btn_label)
+    {
+      show_btn_label = g_strdup ("Make passphrase visible");
+    }
+
+  dialog = gtk_message_dialog_new
+    (GTK_WINDOW (mainwindow),
+     GTK_DIALOG_MODAL,
+     GTK_MESSAGE_WARNING,
+     GTK_BUTTONS_NONE,
+     message);
+  gtk_dialog_add_buttons (GTK_DIALOG (dialog),
+                          GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL,
+                          show_btn_label, GTK_RESPONSE_OK,
+                          NULL);
+  result = (gtk_dialog_run (GTK_DIALOG (dialog)) == GTK_RESPONSE_OK);
+  gtk_widget_destroy (dialog);
+  g_free (message);
+  g_free (show_btn_label);
+
+  return result;
+}
+
+
+static void
+show_hide_button_toggled (GtkWidget *widget, gpointer data)
+{
+  GtkToggleButton *button = GTK_TOGGLE_BUTTON (widget);
+  GtkWidget *label = data;
+  const char *text;
+  char *tooltip;
+  gboolean reveal;
+
+  if (!gtk_toggle_button_get_active (button) || !confirm_unhiding ())
+    {
+      text = "<span font=\"Monospace\" size=\"xx-small\">abc</span>";
+      tooltip = pinentry_utf8_validate (pinentry->default_tt_visi);
+      if (!tooltip)
+        {
+          tooltip = g_strdup ("Make the passphrase visible");
+        }
+      gtk_toggle_button_set_active (button, FALSE);
+      reveal = FALSE;
+    }
+  else
+    {
+      text = "<span font=\"Monospace\" size=\"xx-small\">***</span>";
+      tooltip = pinentry_utf8_validate (pinentry->default_tt_hide);
+      if (!tooltip)
+        {
+          tooltip = g_strdup ("Hide the passphrase");
+        }
+      reveal = TRUE;
+    }
+
+  gtk_entry_set_visibility (GTK_ENTRY (entry), reveal);
+  if (repeat_entry)
+    {
+      gtk_entry_set_visibility (GTK_ENTRY (repeat_entry), reveal);
+    }
+
+  gtk_label_set_markup (GTK_LABEL(label), text);
+  gtk_widget_set_tooltip_text (GTK_WIDGET(button), tooltip);
+  g_free (tooltip);
+}
+
+
 static gboolean
 timeout_cb (gpointer data)
 {
@@ -370,6 +460,23 @@ timeout_cb (gpointer data)
 
 
 static GtkWidget *
+create_show_hide_button (void)
+{
+  GtkWidget *button, *label;
+
+  label = gtk_label_new (NULL);
+  button = gtk_toggle_button_new ();
+  show_hide_button_toggled (button, label);
+  gtk_container_add (GTK_CONTAINER (button), label);
+  g_signal_connect (G_OBJECT (button), "toggled",
+                    G_CALLBACK (show_hide_button_toggled),
+                    label);
+
+  return button;
+}
+
+
+static GtkWidget *
 create_window (pinentry_t ctx)
 {
   GtkWidget *w;
@@ -387,6 +494,7 @@ create_window (pinentry_t ctx)
   /* FIXME: check the grabbing code against the one we used with the
      old gpg-agent */
   win = gtk_window_new (GTK_WINDOW_TOPLEVEL);
+  mainwindow = GTK_WINDOW (win);
   acc = gtk_accel_group_new ();
 
   g_signal_connect (G_OBJECT (win), "delete_event",
@@ -474,7 +582,7 @@ create_window (pinentry_t ctx)
   if (!confirm_mode)
     {
       int nrow;
-      GtkWidget* table;
+      GtkWidget *table, *hbox;
 
       nrow = 1;
       if (pinentry->quality_bar)
@@ -515,7 +623,14 @@ create_window (pinentry_t ctx)
       gtk_widget_set_size_request (entry, 200, -1);
       g_signal_connect (G_OBJECT (entry), "changed",
                         G_CALLBACK (changed_text_handler), entry);
-      gtk_table_attach (GTK_TABLE (table), entry, 1, 2, nrow, nrow+1,
+      hbox = gtk_hbox_new (FALSE, HIG_TINY);
+      gtk_box_pack_start (GTK_BOX (hbox), entry, TRUE, TRUE, 0);
+      /* There was a wish in issue #2139 that this button should not
+         be part of the tab order (focus_order).
+         This should still be added. */
+      w = create_show_hide_button ();
+      gtk_box_pack_end (GTK_BOX (hbox), w, FALSE, FALSE, 0);
+      gtk_table_attach (GTK_TABLE (table), hbox, 1, 2, nrow, nrow+1,
                         GTK_EXPAND|GTK_FILL, GTK_EXPAND|GTK_FILL, 0, 0);
       gtk_widget_show (entry);
       nrow++;

commit 3a10a0beddc059ce4b0d75bacf6d7f4e3148fcff
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Apr 14 16:34:36 2016 +0200

    Revert "GTK: Add visibility toggle button"
    
    This reverts commit 71b51e02cf20174ba7144765e985f7e889eaa429.

diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c
index ed6c677..5ebdd64 100644
--- a/gtk+-2/pinentry-gtk-2.c
+++ b/gtk+-2/pinentry-gtk-2.c
@@ -356,20 +356,6 @@ may_save_passphrase_toggled (GtkWidget *widget, gpointer data)
 #endif
 
 
-static void
-show_passphrase_toggled (GtkWidget *widget, gpointer data)
-{
-  GtkToggleButton *button = GTK_TOGGLE_BUTTON (widget);
-  gtk_entry_set_visibility (GTK_ENTRY (entry),
-                            gtk_toggle_button_get_active (button));
-  if (repeat_entry)
-    {
-      gtk_entry_set_visibility (GTK_ENTRY (repeat_entry),
-                                gtk_toggle_button_get_active (button));
-    }
-}
-
-
 static gboolean
 timeout_cb (gpointer data)
 {
@@ -620,25 +606,6 @@ create_window (pinentry_t ctx)
 			(gpointer) ctx);
     }
 #endif
-  /* Add the show visibile toggle button */
-  if (pinentry->default_tt_visi)
-    {
-      msg = pinentry_utf8_validate (pinentry->default_tt_visi);
-      w = gtk_check_button_new_with_mnemonic (msg);
-      g_free (msg);
-    }
-  else
-    w = gtk_check_button_new_with_label ("Show passphrase");
-
-  /* Make sure it is off by default.  */
-  gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (w), FALSE);
-
-  gtk_box_pack_start (GTK_BOX (box), w, TRUE, FALSE, 0);
-  gtk_widget_show (w);
-
-  g_signal_connect (G_OBJECT (w), "toggled",
-                    G_CALLBACK (show_passphrase_toggled),
-                    NULL);
 
   if (!pinentry->one_button)
     {

-----------------------------------------------------------------------

Summary of changes:
 gtk+-2/pinentry-gtk-2.c | 134 ++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 108 insertions(+), 26 deletions(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 10:37:11 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 15 Apr 2016 10:37:11 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-14-ge925e89
Message-ID: <E1aqzEn-0007DE-Aa@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  e925e8955b0a82f1a0e3c697704007c503a5f8b7 (commit)
      from  f4b5049c68a79d5e4faba06447db5440936cefeb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e925e8955b0a82f1a0e3c697704007c503a5f8b7
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Apr 15 10:32:06 2016 +0200

    Qt: Change qualitybar position back to below
    
    * qt/pinentrydialog.cpp (PinEntryDialog::PinEntryDialog): Change
    position back to below the entry. Fix label alignment.
    
    --
    While I find it more pleasing to have it at the top
    the string for the tooltip mentions that the quality bar is
    related to "above" entry.

diff --git a/qt/pinentrydialog.cpp b/qt/pinentrydialog.cpp
index 44a3a9f..292d46f 100644
--- a/qt/pinentrydialog.cpp
+++ b/qt/pinentrydialog.cpp
@@ -157,7 +157,7 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
 
     if (enable_quality_bar) {
         _quality_bar_label = new QLabel(this);
-        _quality_bar_label->setAlignment(Qt::AlignRight | Qt::AlignVCenter);
+        _quality_bar_label->setAlignment(Qt::AlignVCenter);
         _quality_bar = new QProgressBar(this);
         _quality_bar->setAlignment(Qt::AlignCenter);
         _have_quality_bar = true;
@@ -199,12 +199,12 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
     grid->addWidget(_error, row++, 1, 1, 2);
     grid->addWidget(_desc,  row++, 1, 1, 2);
     //grid->addItem( new QSpacerItem( 0, _edit->height() / 10, QSizePolicy::Minimum, QSizePolicy::Fixed ), 1, 1 );
+    grid->addWidget(_prompt, row, 1);
+    grid->addWidget(_edit, row++, 2);
     if (enable_quality_bar) {
         grid->addWidget(_quality_bar_label, row, 1);
         grid->addWidget(_quality_bar, row++, 2);
     }
-    grid->addWidget(_prompt, row, 1);
-    grid->addWidget(_edit, row++, 2);
     if (!repeatString.isNull()) {
         mRepeat = new QLineEdit;
         mRepeat->setMaxLength(256);

-----------------------------------------------------------------------

Summary of changes:
 qt/pinentrydialog.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 11:46:50 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 15 Apr 2016 11:46:50 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-134-gd1507b4
Message-ID: <E1ar0KD-0001IQ-IP@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d1507b4f95eb7bb2478f7549510ddcb114e6f285 (commit)
      from  8c3fb2360f154a971d2a390e4937acb22a44a8c2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d1507b4f95eb7bb2478f7549510ddcb114e6f285
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 15 11:46:10 2016 +0200

    po: Fix a string in de.po.
    
    --
    
    With commit b3378b3a56fc90ba8ae38e6298b23a378305af32 from July 2014 we
    use strconcat instead of sprintf for the string and thus we need to
    remove one level of percent escaping.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/po/de.po b/po/de.po
index a27e4a7..749c3ca 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-2.1.0\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2016-01-26 13:18+0100\n"
+"PO-Revision-Date: 2016-04-15 11:41+0200\n"
 "Last-Translator: Werner Koch <wk at gnupg.org>\n"
 "Language-Team: German <de at li.org>\n"
 "Language: de\n"
@@ -298,8 +298,7 @@ msgstr ""
 "Regeln aufgebaut sein."
 
 msgid "Warning: You have entered an insecure passphrase."
-msgstr ""
-"WARNUNG:  Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben."
+msgstr "WARNUNG:  Sie haben eine offensichtlich unsichere%0APassphrase eingegeben."
 
 #, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"

-----------------------------------------------------------------------

Summary of changes:
 po/de.po | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 16:06:41 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 15 Apr 2016 16:06:41 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH,
 updated. libgcrypt-1.6.0-384-geecc081
Message-ID: <E1ar4Nf-0005Av-3n@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1-7-BRANCH has been updated
       via  eecc081f8ae02c43454abaee4a4f72efaee42745 (commit)
       via  795f9cb090c776658a0e3117996e3fb7e2ebd94a (commit)
       via  1737c546dc7268fa9edcd4a23b7439c56d37ee4f (commit)
       via  491586bc7f7b9edc6b78331a77e653543983c9e4 (commit)
       via  47c6a1f88eb763e9baa394e34d873b761abcebbe (commit)
       via  88c6b98350193abbdcfb227754979b0c097ee09c (commit)
       via  8472b71812e71c69d66e2fcc02a6e21b66755f8b (commit)
       via  b6d2a25a275a35ec4dbd53ecaa9ea0ed7aa99c7b (commit)
       via  ee7e1a0e835f8ffcfbcba2a44abab8632db8fed5 (commit)
       via  7fbdb99b8c56360adfd1fb4e7f4c95e0f8aa34de (commit)
      from  5e5d3b90e22a3caa6b48af3b5582d800a9fb73ad (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit eecc081f8ae02c43454abaee4a4f72efaee42745
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 15 16:06:04 2016 +0200

    Post release updates.
    
    --

diff --git a/NEWS b/NEWS
index 254b205..777c1e5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.7.1 (unreleased)  [C21/A1/R_]
+------------------------------------------------
+
+
 Noteworthy changes in version 1.7.0 (2016-04-15)  [C21/A1/R0]
 ------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index f683e21..5f9f711 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,7 +30,7 @@ min_automake_version="1.14"
 # for the LT versions.
 m4_define(mym4_version_major, [1])
 m4_define(mym4_version_minor, [7])
-m4_define(mym4_version_micro, [0])
+m4_define(mym4_version_micro, [1])
 
 # Below is m4 magic to extract and compute the revision number, the
 # decimalized short revision number, a beta version string, and a flag

commit 795f9cb090c776658a0e3117996e3fb7e2ebd94a
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 15 15:48:24 2016 +0200

    Release 1.7.0
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/AUTHORS b/AUTHORS
index b19612b..f89d585 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,6 +1,7 @@
 Library: Libgcrypt
-Homepage: http://www.gnu.org/software/libgcrypt/
-Download: ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+Homepage: https://www.gnupg.org/related_software/libgcrypt/
+Download: https://ftp.gnupg.org/ftp/gcrypt/libgcrypt/
+          ftp://ftp.gnupg.org/gcrypt/libgcrypt/
 Repository: git://git.gnupg.org/libgcrypt.git
 Maintainer: Werner Koch <wk at gnupg.org>
 Bug reports: https://bugs.gnupg.org
@@ -8,6 +9,7 @@ Security related bug reports: <security at gnupg.org>
 License (library): LGPLv2.1+
 License (manual and tools): GPLv2+
 
+
 Libgcrypt is free software.  See the files COPYING.LIB and COPYING for
 copying conditions, and LICENSES for notices about a few contributions
 that require these additional notices to be distributed.  License
@@ -19,7 +21,7 @@ year that would otherwise be listed individually.
 List of Copyright holders
 =========================
 
-  Copyright (C) 1989,1991-2012 Free Software Foundation, Inc.
+  Copyright (C) 1989,1991-2016 Free Software Foundation, Inc.
   Copyright (C) 1994 X Consortium
   Copyright (C) 1996 L. Peter Deutsch
   Copyright (C) 1997 Werner Koch
@@ -28,12 +30,13 @@ List of Copyright holders
   Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett
   Copyright (C) 2003 Nikos Mavroyanopoulos
   Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation)
-  Copyright (C) 2012-2013 g10 Code GmbH
+  Copyright (C) 2012-2016 g10 Code GmbH
   Copyright (C) 2012 Simon Josefsson, Niels M??ller
   Copyright (c) 2012 Intel Corporation
   Copyright (C) 2013 Christian Grothoff
-  Copyright (C) 2013 Jussi Kivilinna
-  Copyright (C) 2013 Dmitry Eremin-Solenikov
+  Copyright (C) 2013-2016 Jussi Kivilinna
+  Copyright (C) 2013-2014 Dmitry Eremin-Solenikov
+  Copyright (C) 2014 Stephan Mueller
 
 
 Authors with a FSF copyright assignment
@@ -193,10 +196,6 @@ More credits
 Libgcrypt used to be part of GnuPG but has been taken out into its own
 package on 2000-12-21.
 
-The ATH implementation (src/ath*) has been taken from GPGME and
-relicensed to the LGPL by the copyright holder of GPGME (g10 Code
-GmbH); it is now considered to be a part of Libgcrypt.
-
 Most of the stuff in mpi has been taken from an old GMP library
 version by Torbjorn Granlund <tege at noisy.tmg.se>.
 
diff --git a/NEWS b/NEWS
index 7b53c1a..254b205 100644
--- a/NEWS
+++ b/NEWS
@@ -1,81 +1,168 @@
-Noteworthy changes in version 1.7.0 (unreleased)
+Noteworthy changes in version 1.7.0 (2016-04-15)  [C21/A1/R0]
 ------------------------------------------------
 
- * Added emulation for broken Whirlpool code prior to 1.6.0.
+ * New algorithms and modes:
 
- * Added support for curve sec256k1.
+   - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
 
- * Added support for curves GOST R 34.10-2001 and GOST R 34.10-2012.
+   - SHAKE128 and SHAKE256 extendable-output hash algorithms.
 
- * Improved performance of KDF functions.
+   - ChaCha20 stream cipher.
 
- * Improved ECDSA compliance.
+   - Poly1305 message authentication algorithm
 
- * Moved locking out to libgpg-error.
+   - ChaCha20-Poly1305 Authenticated Encryption with Associated Data
+     mode.
 
- * Fixed message digest lookup by OID (regression in 1.6.0).
+   - OCB mode.
 
- * Fixed a build problem on NetBSD.
+   - HMAC-MD2 for use by legacy applications.
 
- * Fixed memory leaks in ECC code.
+ * New curves for ECC:
 
- * Fixed some asm build problems and feature detection bugs.
+   - Curve25519.
 
- * Added OCB mode.
+   - sec256k1.
 
- * Added support for the SHA3-224, SHA3-256, SHA3-384 and SHA3-512
-   hash algorithms.
+   - GOST R 34.10-2001 and GOST R 34.10-2012.
+
+ * Performance:
+
+   - Improved performance of KDF functions.
+
+   - Assembler optimized implementations of Blowfish and Serpent on
+     ARM.
+
+   - Assembler optimized implementation of 3DES on x86.
+
+   - Improved AES using the SSSE3 based vector permutation method by
+     Mike Hamburg.
+
+   - AVX/BMI is used for SHA-1 and SHA-256 on x86.  This is for SHA-1
+     about 20% faster than SSSE3 and more than 100% faster than the
+     generic C implementation.
+
+   - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
+
+   - 60-90% speedup for Whirlpool on x86.
+
+   - 300% speedup for RIPE MD-160.
+
+   - Up to 11 times speedup for CRC functions on x86.
+
+ * Other features:
+
+   - Improved ECDSA and FIPS 186-4 compliance.
+
+   - Support for Montgomery curves.
+
+   - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
+     algorithm.
+
+   - gcry_mpi_ec_sub to subtract two points on a curve.
+
+   - gcry_mpi_ec_decode_point to decode an MPI into a point object.
+
+   - Emulation for broken Whirlpool code prior to 1.6.0.  [from 1.6.1]
 
- * Added support for the SHAKE128 and SHAKE256 extendable-output
-   function algorithms.
+   - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
+     hash part.
 
- * Added support for the ChaCha20 stream cipher.
+   - Parameter "saltlen" to set a non-default salt length for RSA PSS.
 
- * Added support for the Poly1305 message authentication algorithm and
-   ChaCha20-Poly1305 Authenticated Encryption with Associated Data
-   mode.
+   - A SP800-90A conforming DRNG replaces the former X9.31 alternative
+     random number generator.
 
- * New flag "no-keytest" for ECC key generation.  Due to a bug in the
-   parser that flag will also be accepted but ignored by older version
-   of Libgcrypt.
+   - Map deprecated RSA algo number to the RSA algo number for better
+     backward compatibility. [from 1.6.2]
+
+   - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
+     See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
+     [from 1.6.3]
+
+   - Fixed data-dependent timing variations in modular exponentiation
+     [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
+      are Practical]. [from 1.6.3]
+
+   - Flag "no-keytest" for ECC key generation.  Due to a bug in
+     the parser that flag will also be accepted but ignored by older
+     version of Libgcrypt. [from 1.6.4]
+
+   - Speed up the random number generator by requiring less extra
+     seeding. [from 1.6.4]
+
+   - Always verify a created RSA signature to avoid private key leaks
+     due to hardware failures. [from 1.6.4]
+
+   - Mitigate side-channel attack on ECDH with Weierstrass curves
+     [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
+     details. [from 1.6.5]
+
+ * Internal changes:
+
+   - Moved locking out to libgpg-error.
+
+   - Support of the SYSROOT envvar in the build system.
+
+   - Refactor some code.
+
+   - The availability of a 64 bit integer type is now mandatory.
+
+ * Bug fixes:
+
+   - Fixed message digest lookup by OID (regression in 1.6.0).
+
+   - Fixed a build problem on NetBSD
+
+   - Fixed memory leaks in ECC code.
+
+   - Fixed some asm build problems and feature detection bugs.
 
  * Interface changes relative to the 1.6.0 release:
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- gcry_mac_get_algo               NEW.
- gcry_md_extract                 NEW.
- GCRY_MAC_HMAC_MD2               NEW.
- GCRY_MD_FLAG_BUGEMU1            NEW.
- GCRYCTL_SET_SBOX                NEW.
- gcry_cipher_set_sbox            NEW macro.
- GCRY_MD_GOSTR3411_CP            NEW.
- GCRY_MD_SHA3_224                NEW.
- GCRY_MD_SHA3_256                NEW.
- GCRY_MD_SHA3_384                NEW.
- GCRY_MD_SHA3_512                NEW.
- GCRY_MD_SHAKE128                NEW.
- GCRY_MD_SHAKE256                NEW.
- GCRY_MAC_HMAC_SHA3_224          NEW.
- GCRY_MAC_HMAC_SHA3_256          NEW.
- GCRY_MAC_HMAC_SHA3_384          NEW.
- GCRY_MAC_HMAC_SHA3_512          NEW.
- GCRY_MAC_POLY1305               NEW.
- GCRY_MAC_POLY1305_AES           NEW.
- GCRY_MAC_POLY1305_CAMELLIA      NEW.
- GCRY_MAC_POLY1305_TWOFISH       NEW.
- GCRY_MAC_POLY1305_SERPENT       NEW.
- GCRY_MAC_POLY1305_SEED          NEW.
- gcry_mpi_ec_sub                 NEW.
- gcry_mpi_ec_decode_point        NEW.
- GCRY_CIPHER_MODE_POLY1305       NEW.
- GCRY_CIPHER_MODE_OCB            NEW.
- GCRY_CIPHER_MODE_CFB8           NEW constant.
- GCRYCTL_SET_TAGLEN              NEW.
- GCRYCTL_GET_TAGLEN              NEW.
- gcry_cipher_final               NEW macro.
- GCRY_PK_EDDSA                   NEW constant.
-
-
-Noteworthy changes in version 1.6.0 (2013-12-16)
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+   gcry_cipher_final               NEW macro.
+   GCRY_CIPHER_MODE_CFB8           NEW constant.
+   GCRY_CIPHER_MODE_OCB            NEW.
+   GCRY_CIPHER_MODE_POLY1305       NEW.
+   gcry_cipher_set_sbox            NEW macro.
+   gcry_mac_get_algo               NEW.
+   GCRY_MAC_HMAC_MD2               NEW.
+   GCRY_MAC_HMAC_SHA3_224          NEW.
+   GCRY_MAC_HMAC_SHA3_256          NEW.
+   GCRY_MAC_HMAC_SHA3_384          NEW.
+   GCRY_MAC_HMAC_SHA3_512          NEW.
+   GCRY_MAC_POLY1305               NEW.
+   GCRY_MAC_POLY1305_AES           NEW.
+   GCRY_MAC_POLY1305_CAMELLIA      NEW.
+   GCRY_MAC_POLY1305_SEED          NEW.
+   GCRY_MAC_POLY1305_SERPENT       NEW.
+   GCRY_MAC_POLY1305_TWOFISH       NEW.
+   gcry_md_extract                 NEW.
+   GCRY_MD_FLAG_BUGEMU1            NEW [from 1.6.1].
+   GCRY_MD_GOSTR3411_CP            NEW.
+   GCRY_MD_SHA3_224                NEW.
+   GCRY_MD_SHA3_256                NEW.
+   GCRY_MD_SHA3_384                NEW.
+   GCRY_MD_SHA3_512                NEW.
+   GCRY_MD_SHAKE128                NEW.
+   GCRY_MD_SHAKE256                NEW.
+   gcry_mpi_ec_decode_point        NEW.
+   gcry_mpi_ec_sub                 NEW.
+   GCRY_PK_EDDSA                   NEW constant.
+   GCRYCTL_GET_TAGLEN              NEW.
+   GCRYCTL_SET_SBOX                NEW.
+   GCRYCTL_SET_TAGLEN              NEW.
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+
+Version 1.6.5 (2016-02-09) [C20/A0/R5]
+Version 1.6.4 (2015-09-08) [C20/A0/R4]
+Version 1.6.3 (2015-02-27) [C20/A0/R3]
+Version 1.6.2 (2014-08-21) [C20/A0/R2]
+Version 1.6.1 (2014-01-29) [C20/A0/R1]
+
+
+Noteworthy changes in version 1.6.0 (2013-12-16) [C20/A0/R0]
 ------------------------------------------------
 
  * Removed the long deprecated gcry_ac interface.  Thus Libgcrypt is
diff --git a/README b/README
index 938c6c6..f9f49b5 100644
--- a/README
+++ b/README
@@ -2,11 +2,9 @@
 		   ------------------------------------
                              Version 1.7
 
-     ====  THIS IS A DEVELOPMENT VERSION - NOT FOR REAL USE ====
-
-       Copyright (C) 1989,1991-2012 Free Software Foundation, Inc.
-       Copyright (C) 2012-2013 g10 Code GmbH
-       Copyright (C) 2013 Jussi Kivilinna
+       Copyright (C) 1989,1991-2016 Free Software Foundation, Inc.
+       Copyright (C) 2012-2016 g10 Code GmbH
+       Copyright (C) 2013-2016 Jussi Kivilinna
 
     Libgcrypt is free software.  See the file AUTHORS for full copying
     notices, and LICENSES for notices about contributions that require
@@ -76,7 +74,7 @@
     You may want to join the developer's mailing list
     gcrypt-devel at gnupg.org by sending mail with a subject of
     "subscribe" to gcrypt-devel-request at gnupg.org.  An archive of this
-    list is available at http://lists.gnupg.org .
+    list is available at https://lists.gnupg.org .
 
 
     Configure options
@@ -238,26 +236,14 @@
 
     The library is distributed under the terms of the GNU Lesser
     General Public License (LGPL); see the file COPYING.LIB for the
-    actual terms.  The helper programs (e.g. gcryptrnd and getrandom)
-    as well as the documentation are distributed under the terms of
-    the GNU General Public License (GPL); see the file COPYING for the
-    actual terms.  The file LICENSES has notices about contributions
-    that require these additional notices are distributed.
-
-    This library used to be available under the GPL - this was changed
-    with version 1.1.7 with the rationale that there are now many free
-    crypto libraries available and many of them come with capabilities
-    similar to Libcrypt.  We decided that to foster the use of
-    cryptography in Free Software an LGPLed library would make more
-    sense because it avoids problems due to license incompatibilities
-    between some Free Software licenses and the GPL.
-
-    Please note that in many cases it is better for a library to be
-    licensed under the GPL, so that it provides an advantage for free
-    software projects.  The Lesser GPL is so named because it does
-    less to protect the freedom of the users of the code that it
-    covers.  See http://www.gnu.org/philosophy/why-not-lgpl.html for
-    more explanation.
+    actual terms.
+
+    The helper programs as well as the documentation are distributed
+    under the terms of the GNU General Public License (GPL); see the
+    file COPYING for the actual terms.
+
+    The file LICENSES has notices about contributions that require
+    that these additional notices are distributed.
 
 
     Contact
@@ -265,16 +251,14 @@
 
     See the file AUTHORS.
 
-    Commercial grade support for Libgcrypt is available; please see
-    http://www.gnupg.org/service.html .
-
     Commercial grade support for Libgcrypt is available; for a listing
-    of offers see http://www.gnupg.org/service.html .  The driving
-    force behind the development of Libgcrypt is the company of its
-    principal author, Werner Koch.  Maintenance and improvement of
-    Libgcrypt takes up a lot resources.  To allow him to continue his
-    work, he asks to either purchase a support contract, engage them
-    for custom enhancements, or to donate money.  See http://g10code.com .
+    of offers see https://www.gnupg.org/service.html .
+
+    Maintenance and development of Libgcrypt is mostly financed by
+    donations.  We currently employ 3 full-time developers, one
+    part-timer, and one contractor.  They all work on GnuPG and
+    closely related software like Libgcrypt.  Please visit
+    https://gnupg.org/donate/ to see out how you can help.
 
 
   This file is Free Software; as a special exception the authors gives
diff --git a/compat/compat.c b/compat/compat.c
index 39d6498..96b3e2e 100644
--- a/compat/compat.c
+++ b/compat/compat.c
@@ -30,9 +30,9 @@ _gcry_compat_identification (void)
   static const char blurb[] =
     "\n\n"
     "This is Libgcrypt " PACKAGE_VERSION " - The GNU Crypto Library\n"
-    "Copyright (C) 2000-2012 Free Software Foundation, Inc.\n"
-    "Copyright (C) 2012-2014 g10 Code GmbH\n"
-    "Copyright (C) 2013-2014 Jussi Kivilinna\n"
+    "Copyright (C) 2000-2016 Free Software Foundation, Inc.\n"
+    "Copyright (C) 2012-2016 g10 Code GmbH\n"
+    "Copyright (C) 2013-2016 Jussi Kivilinna\n"
     "\n"
     "(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n"
     "\n\n";
diff --git a/configure.ac b/configure.ac
index 716c6ec..f683e21 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
 # Configure.ac script for Libgcrypt
 # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006,
 #               2007, 2008, 2009, 2011 Free Software Foundation, Inc.
-# Copyright (C) 2012, 2013, 2014, 2015  g10 Code GmbH
+# Copyright (C) 2012, 2013, 2014, 2015, 2016  g10 Code GmbH
 #
 # This file is part of Libgcrypt.
 #
@@ -51,7 +51,6 @@ m4_define([mym4_full_version],[mym4_version[]mym4_betastring])
 AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org])
 
 # LT Version numbers, remember to change them just *before* a release.
-# ====== NOTE: Already bumped to 21/1/0 for the 1.7.0 release. ====
 #   (Interfaces removed:    CURRENT++, AGE=0, REVISION=0)
 #   (Interfaces added:      CURRENT++, AGE++, REVISION=0)
 #   (No interfaces changed:                   REVISION++)
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 96d742a..02b8772 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1,8 +1,6 @@
 /* gcrypt.h -  GNU Cryptographic Library Interface              -*- c -*-
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- *               2006, 2007, 2008, 2009, 2010, 2011,
- *               2012  Free Software Foundation, Inc.
- * Copyright (C) 2012, 2013  g10 Code GmbH
+ * Copyright (C) 1998-2016 Free Software Foundation, Inc.
+ * Copyright (C) 2012-2016 g10 Code GmbH
  *
  * This file is part of Libgcrypt.
  *
diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in
index 3199521..1adb4e9 100644
--- a/src/versioninfo.rc.in
+++ b/src/versioninfo.rc.in
@@ -39,7 +39,7 @@ BEGIN
             VALUE "FileDescription", "Libgcrypt - The GNU Crypto Library\0"
             VALUE "FileVersion", "@LIBGCRYPT_LT_CURRENT at .@LIBGCRYPT_LT_AGE at .@LIBGCRYPT_LT_REVISION at .@BUILD_REVISION@\0"
             VALUE "InternalName", "libgcrypt\0"
-            VALUE "LegalCopyright", "Copyright ? 2012 Free Software Foundation, Inc.\0"
+            VALUE "LegalCopyright", "Copyright ? 2016 Free Software Foundation, Inc.\0"
             VALUE "LegalTrademarks", "\0"
             VALUE "OriginalFilename", "libgcrypt.dll\0"
             VALUE "PrivateBuild", "\0"

-----------------------------------------------------------------------

Summary of changes:
 AUTHORS                  |  19 ++--
 NEWS                     | 208 +++++++++++++++++++++++++++-----------
 README                   |  54 ++++------
 cipher/cipher-internal.h |   6 ++
 cipher/cipher-ocb.c      |  80 ++++++++++++---
 cipher/ecc.c             |  81 ++++++++++++---
 compat/compat.c          |   6 +-
 configure.ac             |   5 +-
 doc/gcrypt.texi          |   9 +-
 src/gcrypt.h.in          |  11 +--
 src/sexp.c               |   7 ++
 src/versioninfo.rc.in    |   2 +-
 tests/basic.c            | 253 +++++++++++++++++++++++++++++++++++++++++++++--
 tests/hashtest.c         |  16 +++
 tests/t-cv25519.c        | 144 ++++++++++++++++++++-------
 tests/t-sexp.c           |  78 ++++++++++++++-
 16 files changed, 787 insertions(+), 192 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 16:07:31 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 15 Apr 2016 16:07:31 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-1-geecc081
Message-ID: <E1ar4OS-0005FP-KV@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  eecc081f8ae02c43454abaee4a4f72efaee42745 (commit)
       via  795f9cb090c776658a0e3117996e3fb7e2ebd94a (commit)
      from  1737c546dc7268fa9edcd4a23b7439c56d37ee4f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 AUTHORS               |  19 +++--
 NEWS                  | 209 ++++++++++++++++++++++++++++++++++++--------------
 README                |  54 +++++--------
 compat/compat.c       |   6 +-
 configure.ac          |   5 +-
 src/gcrypt.h.in       |   6 +-
 src/versioninfo.rc.in |   2 +-
 7 files changed, 186 insertions(+), 115 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 16:10:10 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 15 Apr 2016 16:10:10 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH,
 updated. libgcrypt-1.6.5-10-g16a4ec6
Message-ID: <E1ar4R2-0005Ow-DX@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1-6-BRANCH has been updated
       via  16a4ec65a636a00a0a234900c3a29b23a918c72f (commit)
       via  11c655fbe6299394571272831c67240305fbd277 (commit)
      from  fe9f6e3670d0095467c7234bed420ac42c065e70 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 16a4ec65a636a00a0a234900c3a29b23a918c72f
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 15 16:09:41 2016 +0200

    Set end-of-life for 1.6 to 2017-06-30
    
    --

diff --git a/AUTHORS b/AUTHORS
index a8f62ce..672a8d0 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -3,6 +3,7 @@ Homepage: https://www.gnu.org/software/libgcrypt/
 Maintainer: Werner Koch <wk at gnupg.org>
 Bug reports: http://bugs.gnupg.org
 Security related bug reports: <security at gnupg.org>
+End-of-life: 2017-06-30
 License (library): LGPLv2.1+
 License (manual and tools): GPLv2+
 

commit 11c655fbe6299394571272831c67240305fbd277
Author: Justus Winter <justus at g10code.com>
Date:   Thu Apr 14 13:53:55 2016 +0200

    src: Improve S-expression parsing.
    
    * src/sexp.c (do_vsexp_sscan): Return an error if a closing
    parenthesis is encountered with no matching opening parenthesis.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/src/sexp.c b/src/sexp.c
index f1bbffa..470160e 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -1592,6 +1592,13 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
 	      err = GPG_ERR_SEXP_UNMATCHED_DH;
               goto leave;
 	    }
+
+	  if (level == 0)
+	    {
+	      *erroff = p - buffer;
+	      err = GPG_ERR_SEXP_UNMATCHED_PAREN;
+	      goto leave;
+	    }
 	  MAKE_SPACE (0);
 	  *c.pos++ = ST_CLOSE;
 	  level--;

-----------------------------------------------------------------------

Summary of changes:
 AUTHORS    | 1 +
 src/sexp.c | 7 +++++++
 2 files changed, 8 insertions(+)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 16:10:43 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Fri, 15 Apr 2016 16:10:43 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH,
 updated. libgcrypt-1.5.5-2-g74504ac
Message-ID: <E1ar4RZ-0005QA-IR@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1-5-BRANCH has been updated
       via  74504ac9b0af567fe5b8f6ac5c7e7a9e59f0b348 (commit)
      from  3128e444aa9c9eaca15ba696d5056da7a61e7cb3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 74504ac9b0af567fe5b8f6ac5c7e7a9e59f0b348
Author: Justus Winter <justus at g10code.com>
Date:   Thu Apr 14 13:53:55 2016 +0200

    src: Improve S-expression parsing.
    
    * src/sexp.c (do_vsexp_sscan): Return an error if a closing
    parenthesis is encountered with no matching opening parenthesis.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/src/sexp.c b/src/sexp.c
index 78013fd..baca5a5 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -1472,6 +1472,13 @@ vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
 	      err = GPG_ERR_SEXP_UNMATCHED_DH;
               goto leave;
 	    }
+
+	  if (level == 0)
+	    {
+	      *erroff = p - buffer;
+	      err = GPG_ERR_SEXP_UNMATCHED_PAREN;
+	      goto leave;
+	    }
 	  MAKE_SPACE (0);
 	  *c.pos++ = ST_CLOSE;
 	  level--;

-----------------------------------------------------------------------

Summary of changes:
 src/sexp.c | 7 +++++++
 1 file changed, 7 insertions(+)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 17:32:10 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 15 Apr 2016 17:32:10 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-135-ga064285
Message-ID: <E1ar5iO-0008PB-JU@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  a0642856b25622c81d3464979c47ff2a30af58fa (commit)
      from  d1507b4f95eb7bb2478f7549510ddcb114e6f285 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a0642856b25622c81d3464979c47ff2a30af58fa
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Apr 15 17:19:40 2016 +0200

    dirmngr: Fix https incorrectly reported in help
    
    * dirmngr/ks-engine-http.c (ks_hkp_help): Only print https if tls
    is supported.
    
    --
    Wrong reporting was pointed out by K_F. Check is the same as
    in ks-engine-hkp.c

diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index c51c0ce..882777e 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -38,7 +38,9 @@ ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
   const char const data[] =
     "Handler for HTTP URLs:\n"
     "  http://\n"
+#if  HTTP_USE_GNUTLS || HTTP_USE_NTBTLS
     "  https://\n"
+#endif
     "Supported methods: fetch\n";
   gpg_error_t err;
 

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/ks-engine-http.c | 2 ++
 1 file changed, 2 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 17:52:17 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 15 Apr 2016 17:52:17 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-136-g6272f24
Message-ID: <E1ar61r-0000li-Gd@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  6272f24312f2efe8707a7712858c85cd5a42e6fa (commit)
      from  a0642856b25622c81d3464979c47ff2a30af58fa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6272f24312f2efe8707a7712858c85cd5a42e6fa
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Apr 15 17:50:07 2016 +0200

    dirmngr: Fix https never reported in general help
    
    * dirmngr/ks-engine-http.c (ks_hkp_help): Also print https
    when supported and no uri provided.
    
    --
    Wrong reporting was pointed out by K_F, again.

diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index 882777e..8232313 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -44,8 +44,14 @@ ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
     "Supported methods: fetch\n";
   gpg_error_t err;
 
+#if  HTTP_USE_GNUTLS || HTTP_USE_NTBTLS
+  const char data2[] = "  http\n  https";
+#else
+  const char data2[] = "  http";
+#endif
+
   if (!uri)
-    err = ks_print_help (ctrl, "  http");
+    err = ks_print_help (ctrl, data2);
   else if (uri->is_http && strcmp (uri->scheme, "hkp"))
     err = ks_print_help (ctrl, data);
   else

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/ks-engine-http.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 15 18:29:38 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 15 Apr 2016 18:29:38 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 82c123f285b73635d3f764f39734b5b2c7de9f2a
Message-ID: <E1ar6c0-00024g-1G@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  82c123f285b73635d3f764f39734b5b2c7de9f2a (commit)
      from  eacec0987269da5e86ae5d938a21d44dfc545301 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 82c123f285b73635d3f764f39734b5b2c7de9f2a
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 15 18:19:23 2016 +0200

    swdb,web: Libgcrypt 1.7.0 add new Libgcrypt web page.

diff --git a/web/download/index.org b/web/download/index.org
index 8d0177e..522c70a 100644
--- a/web/download/index.org
+++ b/web/download/index.org
@@ -48,7 +48,7 @@
    | GnuPG classic | {{{gnupg1_ver}}}       | {{{gnupg1_date}}}       |       {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}}                     | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}}                     |
    |---------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------|
    | [[../related_software/libgpg-error/index.org][Libgpg-error]]  | {{{libgpg_error_ver}}} | {{{libgpg_error_date}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} |
-   | [[../related_software/libraries.en.html#lib-libgcrypt][Libgcrypt]]     | {{{libgcrypt_ver}}}    | {{{libgcrypt_date}}}    |    {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}}          | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}}          |
+   | [[../related_software/libgcrypt/index.org][Libgcrypt]]     | {{{libgcrypt_ver}}}    | {{{libgcrypt_date}}}    |    {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}}          | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}}          |
    | [[../related_software/libksba/index.org][Libksba]]       | {{{libksba_ver}}}      | {{{libksba_date}}}      |      {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}}                | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}}                |
    | [[../related_software/libassuan/index.org][Libassuan]]     | {{{libassuan_ver}}}    | {{{libassuan_date}}}    |    {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}}          | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}}          |
    |---------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------|
diff --git a/web/index.org b/web/index.org
index 3e952f7..ee27755 100644
--- a/web/index.org
+++ b/web/index.org
@@ -64,6 +64,13 @@ The latest release news:\\
 # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed.  Just
 # point or paste the [[news.en.rss][RSS file]] into your aggregator.
 
+** Libgcrypt 1.7.0 released (2016-04-15)
+
+We are pleased to announce the availability of Libgcrypt version
+1.7.0.  This is a new stable version of [[file:related_software/libgcrypt/index.org][Libgcrypt]] with full API and
+ABI compatibiliy to the 1.6 series.  Its main features are new
+algorithms, curves, and performance improvements.  [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000386.html][{more}]]
+
 ** GnuPG 2.0.30 released (2016-03-31)
 
 GnuPG 2.0.30 is now available.  This release fixes a few minor bugs;
diff --git a/web/related_software/libgcrypt/index.org b/web/related_software/libgcrypt/index.org
new file mode 100644
index 0000000..366c4a3
--- /dev/null
+++ b/web/related_software/libgcrypt/index.org
@@ -0,0 +1,56 @@
+#+STARTUP: showall
+#+SETUPFILE: "../../share/setup.inc"
+
+* Libgcrypt
+
+  /Libgcrypt/ is a general purpose cryptographic library originally
+  based on code from GnuPG.  It provides functions for all
+  cryptograhic building blocks: symmetric cipher algorithms
+  (AES,
+  Arcfour,
+  Blowfish,
+  [[http://info.isl.ntt.co.jp/crypt/eng/camellia/][Camellia]],
+  CAST5,
+  ChaCha20
+  DES,
+  GOST28147,
+  Salsa20,
+  [[http://tools.ietf.org/html/rfc4269][SEED]],
+  Serpent,
+  Twofish)
+  and modes (ECB,CFB,CBC,OFB,CTR,CCM,GCM,OCB,POLY1305,AESWRAP),
+  hash algorithms
+  (MD2, MD4, MD5, GOST R 34.11, RIPE-MD160, SHA-1, SHA2-224,
+   SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3-256, SHA3-384,
+   SHA3-512, SHAKE-128, SHAKE-256, TIGER-192, Whirlpool),
+  MACs (HMAC for
+   all hash algorithms, CMAC for all cipher algorithms, GMAC-AES,
+   GMAC-CAMELLIA, GMAC-TWOFISH, GMAC-SERPENT, GMAC-SEED, Poly1305,
+   Poly1305-AES, Poly1305-CAMELLIA, Poly1305-TWOFISH,
+   Poly1305-SERPENT, Poly1305-SEED),
+   public key algorithms (RSA, Elgamal, DSA, ECDSA, EdDSA, ECDH),
+   large integer functions, random numbers and a lot of
+   supporting functions.
+
+  Libgcrypt works on most POSIX systems and many pre-POSIX systems.
+  It can also be built using a cross-compiler system for Microsoft
+  Windows.
+
+** Availibility
+
+   Due to former U.S. export restrictions on cryptographic software,
+   the software is not distributed via the standard GNU archives but
+   from the European based GnuPG server.
+
+   The current stable version is {{{libgcrypt_ver}}} which was
+   released on {{{libgcrypt_date}}}.  See the [[../../download/index.org::libgcrypt][download]] section for the
+   latest tarball.
+
+** Copying
+
+   Libgcrypt is distributed under the terms of the GNU Lesser General
+   Public License (LGPLv2.1+).  The helper programs as well as the
+   documentation are distributed under the terms of the GNU General
+   Public License (GPLv2+).  The file LICENSES has notices about
+   contributions that require that these additional notices are
+   distributed.
diff --git a/web/swdb.mac b/web/swdb.mac
index 0583aa3..d591e31 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -82,10 +82,11 @@
 #
 # LIBGCRYPT
 #
-#+macro: libgcrypt_ver  1.6.5
-#+macro: libgcrypt_date 2016-02-09
-#+macro: libgcrypt_size 2490k
-#+macro: libgcrypt_sha1 c3a5a13e717f7b3e3895650afc1b6e0d3fe9c726
+#+macro: libgcrypt_ver  1.7.0
+#+macro: libgcrypt_date 2016-04-15
+#+macro: libgcrypt_size 2774k
+#+macro: libgcrypt_sha1 f840b737faafded451a084ae143285ad68bbfb01
+#+macro: libgcrypt_sha2 b0e67ea74474939913c4d9d9ef4ef5ec378efbe2bebe36389dee319c79bffa92
 
 
 #

-----------------------------------------------------------------------

Summary of changes:
 web/download/index.org                   |  2 +-
 web/index.org                            |  7 ++++
 web/related_software/libgcrypt/index.org | 56 ++++++++++++++++++++++++++++++++
 web/swdb.mac                             |  9 ++---
 4 files changed, 69 insertions(+), 5 deletions(-)
 create mode 100644 web/related_software/libgcrypt/index.org


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr 19 10:58:45 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 19 Apr 2016 10:58:45 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. ce0eed04a6e14f6553eafcf22e2bfdd89a2c48d9
Message-ID: <E1asRTl-0003nv-TB@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  ce0eed04a6e14f6553eafcf22e2bfdd89a2c48d9 (commit)
      from  82c123f285b73635d3f764f39734b5b2c7de9f2a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ce0eed04a6e14f6553eafcf22e2bfdd89a2c48d9
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 19 10:58:15 2016 +0200

    web: Add new Windows GUI WinGPG.

diff --git a/web/related_software/frontends.org b/web/related_software/frontends.org
index a31bfe3..e99834e 100644
--- a/web/related_software/frontends.org
+++ b/web/related_software/frontends.org
@@ -29,6 +29,7 @@
    - [[file:swlist.org::#kgpg][KGpg]]
    - [[file:swlist.org::#seahorse][Seahorse]]
    - [[file:swlist.org::#wija][wija]]
+   - [[file:swlist.org::#wingpg][WinGPG]]
    - [[file:swlist.org::#xap][XAP]]
 
 ** MUA frontends
diff --git a/web/related_software/swlist.org b/web/related_software/swlist.org
index 65a9c9d..d6b9efd 100644
--- a/web/related_software/swlist.org
+++ b/web/related_software/swlist.org
@@ -478,6 +478,16 @@ allow users to encrypt chat and multi-user chat as well as
 encrypting/signing messages and signing presence of the user. It is
 multilingual and runs on GNU/Linux, Mac OS X and Windows.
 
+** [[http://wingpg.com][WinGPG]] [Windows] GUI
+   :PROPERTIES:
+   :CUSTOM_ID: wingpg
+   :END:
+
+WinGPG is a tray-based classical Windows application, Windows NT
+Explorer shell extension, and a classic GPGv2 distribution (it uses
+the cryptography from the official site without making any
+modifications).
+
 ** [[http://freshmeat.net/projects/xap/][XAP]] [Unix] GUI
    :PROPERTIES:
    :CUSTOM_ID: xap

-----------------------------------------------------------------------

Summary of changes:
 web/related_software/frontends.org |  1 +
 web/related_software/swlist.org    | 10 ++++++++++
 2 files changed, 11 insertions(+)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr 19 17:58:07 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 19 Apr 2016 17:58:07 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-138-gd02de6c
Message-ID: <E1asY1c-0005sy-Of@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d02de6c0a4a55a2720cfa5caddcbfc4ce988a2ec (commit)
       via  085b19fc9aa7f2f9b82a97824b117e71390964ec (commit)
      from  6272f24312f2efe8707a7712858c85cd5a42e6fa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d02de6c0a4a55a2720cfa5caddcbfc4ce988a2ec
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 19 17:47:24 2016 +0200

    gpg: Improve UID selction of --quick-sign-key.
    
    * g10/keyedit.c (keyedit_quick_sign): Improve UID selection and print
    error for non-found userids.
    --
    
    GnuPG-bug-id: 2315

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 5994d9f..781a188 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -973,9 +973,12 @@ Directly sign a key from the passphrase without any further user
 interaction.  The @code{fpr} must be the verified primary fingerprint
 of a key in the local keyring. If no @code{names} are given, all
 useful user ids are signed; with given [@code{names}] only useful user
-ids matching one of theses names are signed.  The command
- at option{--quick-lsign-key} marks the signatures as non-exportable.  If
-such a non-exportable signature already exists the
+ids matching one of theses names are signed.  By default, or if a name
+is prefixed with a '*', a case insensitive substring match is used.
+If a name is prefixed with a '=' a case sensitive exact match is done.
+
+The command @option{--quick-lsign-key} marks the signatures as
+non-exportable.  If such a non-exportable signature already exists the
 @option{--quick-sign-key} turns it into a exportable signature.
 
 This command uses reasonable defaults and thus does not provide the
diff --git a/g10/keyedit.c b/g10/keyedit.c
index cd89325..84f0431 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2927,12 +2927,11 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
 
 
 /* Unattended key signing function.  If the key specifified by FPR is
-   availabale and FPR is the primary fingerprint all user ids of the
-   user ids of the key are signed using the default signing key.  If
-   UIDS is an empty list all usable UIDs are signed, if it is not
-   empty, only those user ids matching one of the entries of the loist
-   are signed.  With LOCAL being true kthe signatures are marked as
-   non-exportable.  */
+   available and FPR is the primary fingerprint all user ids of the
+   key are signed using the default signing key.  If UIDS is an empty
+   list all usable UIDs are signed, if it is not empty, only those
+   user ids matching one of the entries of the list are signed.  With
+   LOCAL being true the signatures are marked as non-exportable.  */
 void
 keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids,
                     strlist_t locusr, int local)
@@ -3025,27 +3024,72 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids,
   menu_select_uid (keyblock, 0);   /* Better clear the flags first. */
   for (sl=uids; sl; sl = sl->next)
     {
+      const char *name = sl->d;
+      int count = 0;
+
+      sl->flags &= ~(1|2);  /* Clear flags used for error reporting.  */
+
       for (node = keyblock; node; node = node->next)
         {
           if (node->pkt->pkttype == PKT_USER_ID)
             {
               PKT_user_id *uid = node->pkt->pkt.user_id;
 
-              if (!uid->attrib_data
-                  && ascii_memistr (uid->name, uid->len, sl->d))
+              if (uid->attrib_data)
+                ;
+              else if (*name == '='
+                       && strlen (name+1) == uid->len
+                       && !memcmp (uid->name, name + 1, uid->len))
+                { /* Exact match - we don't do a check for ambiguity
+                   * in this case.  */
+                  node->flag |= NODFLG_SELUID;
+                  if (any != -1)
+                    {
+                      sl->flags |= 1;  /* Report as found.  */
+                      any = 1;
+                    }
+                }
+              else if (ascii_memistr (uid->name, uid->len,
+                                      *name == '*'? name+1:name))
                 {
                   node->flag |= NODFLG_SELUID;
-                  any = 1;
+                  if (any != -1)
+                    {
+                      sl->flags |= 1;  /* Report as found.  */
+                      any = 1;
+                    }
+                  count++;
                 }
             }
         }
+
+      if (count > 1)
+        {
+          any = -1;        /* Force failure at end.  */
+          sl->flags |= 2;  /* Report as ambiguous.  */
+        }
     }
 
-  if (uids && !any)
+  /* Check whether all given user ids were found.  */
+  for (sl=uids; sl; sl = sl->next)
+    if (!(sl->flags & 1))
+      any = -1;  /* That user id was not found.  */
+
+  /* Print an error if there was a problem with the user ids.  */
+  if (uids && any < 1)
     {
       if (!opt.verbose)
         show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
       es_fflush (es_stdout);
+      for (sl=uids; sl; sl = sl->next)
+        {
+          if ((sl->flags & 2))
+            log_info (_("Invalid user ID '%s': %s\n"),
+                      sl->d, gpg_strerror (GPG_ERR_AMBIGUOUS_NAME));
+          else if (!(sl->flags & 1))
+            log_info (_("Invalid user ID '%s': %s\n"),
+                      sl->d, gpg_strerror (GPG_ERR_NOT_FOUND));
+        }
       log_error ("%s  %s", _("No matching user IDs."), _("Nothing to sign.\n"));
       goto leave;
     }

commit 085b19fc9aa7f2f9b82a97824b117e71390964ec
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 19 17:45:27 2016 +0200

    gpg: Avoid debug like output at start of --edit-key.
    
    * g10/keyedit.c (check_all_keysigs): Print info only after something
    has been modified.
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/keyedit.c b/g10/keyedit.c
index e138efa..cd89325 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -752,7 +752,9 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
                 else
                   last_printed_component = current_component;
 
-                if (last_printed_component->pkt->pkttype == PKT_USER_ID)
+                if (!modified)
+                  ;
+                else if (last_printed_component->pkt->pkttype == PKT_USER_ID)
                   {
                     tty_printf ("uid  ");
                     tty_print_utf8_string (last_printed_component
@@ -770,13 +772,17 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
                               pk_keyid_str (last_printed_component
                                             ->pkt->pkt.public_key));
 
-                if (is_reordered)
-                  tty_printf (_(" (reordered signatures follow)"));
-                tty_printf ("\n");
+                if (modified)
+                  {
+                    if (is_reordered)
+                      tty_printf (_(" (reordered signatures follow)"));
+                    tty_printf ("\n");
+                  }
               }
 
-            print_one_sig (rc, kb, n, NULL, NULL, NULL, has_selfsig,
-                           0, only_selfsigs);
+            if (modified)
+              print_one_sig (rc, kb, n, NULL, NULL, NULL, has_selfsig,
+                             0, only_selfsigs);
           }
 
           if (dump_sig_params)

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi  |  9 ++++---
 g10/keyedit.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++------------
 2 files changed, 72 insertions(+), 19 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr 19 20:06:48 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 19 Apr 2016 20:06:48 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-2-g4545372
Message-ID: <E1asa27-0001nK-HX@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  4545372c0f8dd35aef2a7abc12b588ed1a4a0363 (commit)
      from  eecc081f8ae02c43454abaee4a4f72efaee42745 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4545372c0f8dd35aef2a7abc12b588ed1a4a0363
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 19 20:05:07 2016 +0200

    asm fix for older gcc versions.
    
    * cipher/crc-intel-pclmul.c: Remove extra trailing colon from
    asm statements.
    --
    
    gcc 4.2 is not able to grok a third colon without clobber
    expressions.  Reported for FreeBSD 9.
    
    GnuPG-bug-id: 2326
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/crc-intel-pclmul.c b/cipher/crc-intel-pclmul.c
index 5002f80..c034e2e 100644
--- a/cipher/crc-intel-pclmul.c
+++ b/cipher/crc-intel-pclmul.c
@@ -143,7 +143,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [inbuf_2] "m" (inbuf[2 * 16]),
 		      [inbuf_3] "m" (inbuf[3 * 16]),
 		      [crc] "m" (*pcrc)
-		    : );
+		    );
 
       inbuf += 4 * 16;
       inlen -= 4 * 16;
@@ -151,7 +151,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
       asm volatile ("movdqa %[k1k2], %%xmm4\n\t"
 		    :
 		    : [k1k2] "m" (consts->k[1 - 1])
-		    : );
+		    );
 
       /* Fold by 4. */
       while (inlen >= 4 * 16)
@@ -188,7 +188,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 			  [inbuf_1] "m" (inbuf[1 * 16]),
 			  [inbuf_2] "m" (inbuf[2 * 16]),
 			  [inbuf_3] "m" (inbuf[3 * 16])
-			: );
+			);
 
 	  inbuf += 4 * 16;
 	  inlen -= 4 * 16;
@@ -199,7 +199,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    :
 		    : [k3k4] "m" (consts->k[3 - 1]),
 		      [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       /* Fold 4 to 1. */
 
@@ -222,7 +222,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    "pxor %%xmm4, %%xmm0\n\t"
 		    :
 		    :
-		    : );
+		    );
     }
   else
     {
@@ -236,7 +236,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [crc] "m" (*pcrc),
 		      [k3k4] "m" (consts->k[3 - 1]),
 		      [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       inbuf += 16;
       inlen -= 16;
@@ -256,7 +256,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 			"pxor %%xmm1, %%xmm0\n\t"
 			:
 			: [inbuf] "m" (*inbuf)
-			: );
+			);
 
 	  inbuf += 16;
 	  inlen -= 16;
@@ -288,7 +288,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [mask] "m" (crc32_partial_fold_input_mask[inlen]),
 		      [shl_shuf] "m" (crc32_refl_shuf_shift[inlen]),
 		      [shr_shuf] "m" (crc32_refl_shuf_shift[inlen + 16])
-		    : );
+		    );
 
       inbuf += inlen;
       inlen -= inlen;
@@ -318,7 +318,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		"pextrd $2, %%xmm0, %[out]\n\t"
 		: [out] "=m" (*pcrc)
 		: [k5] "m" (consts->k[5 - 1])
-	        : );
+	        );
 }
 
 static inline void
@@ -333,7 +333,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
       asm volatile ("movdqa %[my_p], %%xmm5\n\t"
 		    :
 		    : [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       if (inlen == 1)
 	{
@@ -372,7 +372,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    : [out] "=m" (*pcrc)
 		    : [in] "rm" (data),
 		      [crc] "rm" (crc)
-		    : );
+		    );
     }
   else if (inlen == 4)
     {
@@ -391,7 +391,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    : [in] "m" (*inbuf),
 		      [crc] "m" (*pcrc),
 		      [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
     }
   else
     {
@@ -404,14 +404,14 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [crc] "m" (*pcrc),
 		      [my_p] "m" (consts->my_p[0]),
 		      [k3k4] "m" (consts->k[3 - 1])
-		    : );
+		    );
 
       if (inlen >= 8)
 	{
 	  asm volatile ("movq %[inbuf], %%xmm0\n\t"
 			:
 			: [inbuf] "m" (*inbuf)
-			: );
+			);
 	  if (inlen > 8)
 	    {
 	      asm volatile (/*"pinsrq $1, %[inbuf_tail], %%xmm0\n\t"*/
@@ -422,7 +422,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 			    : [inbuf_tail] "m" (inbuf[inlen - 8]),
 			      [merge_shuf] "m"
 				(*crc32_merge9to15_shuf[inlen - 9])
-			    : );
+			    );
 	    }
 	}
       else
@@ -435,7 +435,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 			  [inbuf_tail] "m" (inbuf[inlen - 4]),
 			  [merge_shuf] "m"
 			    (*crc32_merge5to7_shuf[inlen - 5])
-			: );
+			);
 	}
 
       /* Final fold. */
@@ -465,7 +465,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    "pextrd $2, %%xmm0, %[out]\n\t"
 		    : [out] "=m" (*pcrc)
 		    : [k5] "m" (consts->k[5 - 1])
-		    : );
+		    );
     }
 }
 
@@ -477,7 +477,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
   asm volatile ("movdqa %[bswap], %%xmm7\n\t"
 		:
 		: [bswap] "m" (*crc32_bswap_shuf)
-		: );
+		);
 
   if (inlen >= 8 * 16)
     {
@@ -497,7 +497,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [inbuf_2] "m" (inbuf[2 * 16]),
 		      [inbuf_3] "m" (inbuf[3 * 16]),
 		      [crc] "m" (*pcrc)
-		    : );
+		    );
 
       inbuf += 4 * 16;
       inlen -= 4 * 16;
@@ -505,7 +505,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
       asm volatile ("movdqa %[k1k2], %%xmm4\n\t"
 		    :
 		    : [k1k2] "m" (consts->k[1 - 1])
-		    : );
+		    );
 
       /* Fold by 4. */
       while (inlen >= 4 * 16)
@@ -546,7 +546,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 			  [inbuf_1] "m" (inbuf[1 * 16]),
 			  [inbuf_2] "m" (inbuf[2 * 16]),
 			  [inbuf_3] "m" (inbuf[3 * 16])
-			: );
+			);
 
 	  inbuf += 4 * 16;
 	  inlen -= 4 * 16;
@@ -557,7 +557,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    :
 		    : [k3k4] "m" (consts->k[3 - 1]),
 		      [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       /* Fold 4 to 1. */
 
@@ -580,7 +580,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    "pxor %%xmm4, %%xmm0\n\t"
 		    :
 		    :
-		    : );
+		    );
     }
   else
     {
@@ -595,7 +595,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [crc] "m" (*pcrc),
 		      [k3k4] "m" (consts->k[3 - 1]),
 		      [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       inbuf += 16;
       inlen -= 16;
@@ -616,7 +616,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 			"pxor %%xmm1, %%xmm0\n\t"
 			:
 			: [inbuf] "m" (*inbuf)
-			: );
+			);
 
 	  inbuf += 16;
 	  inlen -= 16;
@@ -650,7 +650,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [mask] "m" (crc32_partial_fold_input_mask[inlen]),
 		      [shl_shuf] "m" (crc32_refl_shuf_shift[32 - inlen]),
 		      [shr_shuf] "m" (crc32_shuf_shift[inlen + 16])
-		    : );
+		    );
 
       inbuf += inlen;
       inlen -= inlen;
@@ -697,7 +697,7 @@ crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
       asm volatile ("movdqa %[my_p], %%xmm5\n\t"
 		    :
 		    : [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       if (inlen == 1)
 	{
@@ -774,14 +774,14 @@ crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [crc] "m" (*pcrc),
 		      [my_p] "m" (consts->my_p[0]),
 		      [k3k4] "m" (consts->k[3 - 1])
-		    : );
+		    );
 
       if (inlen >= 8)
 	{
 	  asm volatile ("movq %[inbuf], %%xmm0\n\t"
 			:
 			: [inbuf] "m" (*inbuf)
-			: );
+			);
 	  if (inlen > 8)
 	    {
 	      asm volatile (/*"pinsrq $1, %[inbuf_tail], %%xmm0\n\t"*/
@@ -792,7 +792,7 @@ crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 			    : [inbuf_tail] "m" (inbuf[inlen - 8]),
 			      [merge_shuf] "m"
 				(*crc32_merge9to15_shuf[inlen - 9])
-			    : );
+			    );
 	    }
 	}
       else
@@ -805,7 +805,7 @@ crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 			  [inbuf_tail] "m" (inbuf[inlen - 4]),
 			  [merge_shuf] "m"
 			    (*crc32_merge5to7_shuf[inlen - 5])
-			: );
+			);
 	}
 
       /* Final fold. */

-----------------------------------------------------------------------

Summary of changes:
 cipher/crc-intel-pclmul.c | 62 +++++++++++++++++++++++------------------------
 1 file changed, 31 insertions(+), 31 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr 19 20:13:11 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 19 Apr 2016 20:13:11 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH,
 updated. libgcrypt-1.7.0-2-gcaa9d14
Message-ID: <E1asa8J-0001xa-7b@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1-7-BRANCH has been updated
       via  caa9d14c914bf6116ec3f773a322a94e2be0c0fb (commit)
      from  eecc081f8ae02c43454abaee4a4f72efaee42745 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit caa9d14c914bf6116ec3f773a322a94e2be0c0fb
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 19 20:05:07 2016 +0200

    asm fix for older gcc versions.
    
    * cipher/crc-intel-pclmul.c: Remove extra trailing colon from
    asm statements.
    --
    
    gcc 4.2 is not able to grok a third colon without clobber
    expressions.  Reported for FreeBSD 9.
    
    GnuPG-bug-id: 2326
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/crc-intel-pclmul.c b/cipher/crc-intel-pclmul.c
index 5002f80..c034e2e 100644
--- a/cipher/crc-intel-pclmul.c
+++ b/cipher/crc-intel-pclmul.c
@@ -143,7 +143,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [inbuf_2] "m" (inbuf[2 * 16]),
 		      [inbuf_3] "m" (inbuf[3 * 16]),
 		      [crc] "m" (*pcrc)
-		    : );
+		    );
 
       inbuf += 4 * 16;
       inlen -= 4 * 16;
@@ -151,7 +151,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
       asm volatile ("movdqa %[k1k2], %%xmm4\n\t"
 		    :
 		    : [k1k2] "m" (consts->k[1 - 1])
-		    : );
+		    );
 
       /* Fold by 4. */
       while (inlen >= 4 * 16)
@@ -188,7 +188,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 			  [inbuf_1] "m" (inbuf[1 * 16]),
 			  [inbuf_2] "m" (inbuf[2 * 16]),
 			  [inbuf_3] "m" (inbuf[3 * 16])
-			: );
+			);
 
 	  inbuf += 4 * 16;
 	  inlen -= 4 * 16;
@@ -199,7 +199,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    :
 		    : [k3k4] "m" (consts->k[3 - 1]),
 		      [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       /* Fold 4 to 1. */
 
@@ -222,7 +222,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    "pxor %%xmm4, %%xmm0\n\t"
 		    :
 		    :
-		    : );
+		    );
     }
   else
     {
@@ -236,7 +236,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [crc] "m" (*pcrc),
 		      [k3k4] "m" (consts->k[3 - 1]),
 		      [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       inbuf += 16;
       inlen -= 16;
@@ -256,7 +256,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 			"pxor %%xmm1, %%xmm0\n\t"
 			:
 			: [inbuf] "m" (*inbuf)
-			: );
+			);
 
 	  inbuf += 16;
 	  inlen -= 16;
@@ -288,7 +288,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [mask] "m" (crc32_partial_fold_input_mask[inlen]),
 		      [shl_shuf] "m" (crc32_refl_shuf_shift[inlen]),
 		      [shr_shuf] "m" (crc32_refl_shuf_shift[inlen + 16])
-		    : );
+		    );
 
       inbuf += inlen;
       inlen -= inlen;
@@ -318,7 +318,7 @@ crc32_reflected_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		"pextrd $2, %%xmm0, %[out]\n\t"
 		: [out] "=m" (*pcrc)
 		: [k5] "m" (consts->k[5 - 1])
-	        : );
+	        );
 }
 
 static inline void
@@ -333,7 +333,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
       asm volatile ("movdqa %[my_p], %%xmm5\n\t"
 		    :
 		    : [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       if (inlen == 1)
 	{
@@ -372,7 +372,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    : [out] "=m" (*pcrc)
 		    : [in] "rm" (data),
 		      [crc] "rm" (crc)
-		    : );
+		    );
     }
   else if (inlen == 4)
     {
@@ -391,7 +391,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    : [in] "m" (*inbuf),
 		      [crc] "m" (*pcrc),
 		      [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
     }
   else
     {
@@ -404,14 +404,14 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [crc] "m" (*pcrc),
 		      [my_p] "m" (consts->my_p[0]),
 		      [k3k4] "m" (consts->k[3 - 1])
-		    : );
+		    );
 
       if (inlen >= 8)
 	{
 	  asm volatile ("movq %[inbuf], %%xmm0\n\t"
 			:
 			: [inbuf] "m" (*inbuf)
-			: );
+			);
 	  if (inlen > 8)
 	    {
 	      asm volatile (/*"pinsrq $1, %[inbuf_tail], %%xmm0\n\t"*/
@@ -422,7 +422,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 			    : [inbuf_tail] "m" (inbuf[inlen - 8]),
 			      [merge_shuf] "m"
 				(*crc32_merge9to15_shuf[inlen - 9])
-			    : );
+			    );
 	    }
 	}
       else
@@ -435,7 +435,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 			  [inbuf_tail] "m" (inbuf[inlen - 4]),
 			  [merge_shuf] "m"
 			    (*crc32_merge5to7_shuf[inlen - 5])
-			: );
+			);
 	}
 
       /* Final fold. */
@@ -465,7 +465,7 @@ crc32_reflected_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    "pextrd $2, %%xmm0, %[out]\n\t"
 		    : [out] "=m" (*pcrc)
 		    : [k5] "m" (consts->k[5 - 1])
-		    : );
+		    );
     }
 }
 
@@ -477,7 +477,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
   asm volatile ("movdqa %[bswap], %%xmm7\n\t"
 		:
 		: [bswap] "m" (*crc32_bswap_shuf)
-		: );
+		);
 
   if (inlen >= 8 * 16)
     {
@@ -497,7 +497,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [inbuf_2] "m" (inbuf[2 * 16]),
 		      [inbuf_3] "m" (inbuf[3 * 16]),
 		      [crc] "m" (*pcrc)
-		    : );
+		    );
 
       inbuf += 4 * 16;
       inlen -= 4 * 16;
@@ -505,7 +505,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
       asm volatile ("movdqa %[k1k2], %%xmm4\n\t"
 		    :
 		    : [k1k2] "m" (consts->k[1 - 1])
-		    : );
+		    );
 
       /* Fold by 4. */
       while (inlen >= 4 * 16)
@@ -546,7 +546,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 			  [inbuf_1] "m" (inbuf[1 * 16]),
 			  [inbuf_2] "m" (inbuf[2 * 16]),
 			  [inbuf_3] "m" (inbuf[3 * 16])
-			: );
+			);
 
 	  inbuf += 4 * 16;
 	  inlen -= 4 * 16;
@@ -557,7 +557,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    :
 		    : [k3k4] "m" (consts->k[3 - 1]),
 		      [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       /* Fold 4 to 1. */
 
@@ -580,7 +580,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		    "pxor %%xmm4, %%xmm0\n\t"
 		    :
 		    :
-		    : );
+		    );
     }
   else
     {
@@ -595,7 +595,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [crc] "m" (*pcrc),
 		      [k3k4] "m" (consts->k[3 - 1]),
 		      [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       inbuf += 16;
       inlen -= 16;
@@ -616,7 +616,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 			"pxor %%xmm1, %%xmm0\n\t"
 			:
 			: [inbuf] "m" (*inbuf)
-			: );
+			);
 
 	  inbuf += 16;
 	  inlen -= 16;
@@ -650,7 +650,7 @@ crc32_bulk (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [mask] "m" (crc32_partial_fold_input_mask[inlen]),
 		      [shl_shuf] "m" (crc32_refl_shuf_shift[32 - inlen]),
 		      [shr_shuf] "m" (crc32_shuf_shift[inlen + 16])
-		    : );
+		    );
 
       inbuf += inlen;
       inlen -= inlen;
@@ -697,7 +697,7 @@ crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
       asm volatile ("movdqa %[my_p], %%xmm5\n\t"
 		    :
 		    : [my_p] "m" (consts->my_p[0])
-		    : );
+		    );
 
       if (inlen == 1)
 	{
@@ -774,14 +774,14 @@ crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 		      [crc] "m" (*pcrc),
 		      [my_p] "m" (consts->my_p[0]),
 		      [k3k4] "m" (consts->k[3 - 1])
-		    : );
+		    );
 
       if (inlen >= 8)
 	{
 	  asm volatile ("movq %[inbuf], %%xmm0\n\t"
 			:
 			: [inbuf] "m" (*inbuf)
-			: );
+			);
 	  if (inlen > 8)
 	    {
 	      asm volatile (/*"pinsrq $1, %[inbuf_tail], %%xmm0\n\t"*/
@@ -792,7 +792,7 @@ crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 			    : [inbuf_tail] "m" (inbuf[inlen - 8]),
 			      [merge_shuf] "m"
 				(*crc32_merge9to15_shuf[inlen - 9])
-			    : );
+			    );
 	    }
 	}
       else
@@ -805,7 +805,7 @@ crc32_less_than_16 (u32 *pcrc, const byte *inbuf, size_t inlen,
 			  [inbuf_tail] "m" (inbuf[inlen - 4]),
 			  [merge_shuf] "m"
 			    (*crc32_merge5to7_shuf[inlen - 5])
-			: );
+			);
 	}
 
       /* Final fold. */

-----------------------------------------------------------------------

Summary of changes:
 cipher/crc-intel-pclmul.c | 62 +++++++++++++++++++++++------------------------
 1 file changed, 31 insertions(+), 31 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr 20 12:22:53 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 20 Apr 2016 12:22:53 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-139-g2385b9f
Message-ID: <E1aspGj-0003p5-H5@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  2385b9f1ddc4938e45c01a12a804f4b77d253305 (commit)
      from  d02de6c0a4a55a2720cfa5caddcbfc4ce988a2ec (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2385b9f1ddc4938e45c01a12a804f4b77d253305
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Apr 20 11:02:39 2016 +0200

    speedo: Use swdb.lst to define the SQLite version.
    
    * build-aux/speedo.mk: Change sqlite to use our mirror and the
    swdb.lst file.
    * build-aux/speedo/w32/inst.nsi: gpg is now build and installed as
    gpg.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 52d6871..7b29025 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -172,7 +172,7 @@ speedo_spkgs  = \
 
 ifeq ($(TARGETOS),w32)
 speedo_spkgs += \
-	zlib bzip2 adns libiconv libsqlite3
+	zlib bzip2 adns sqlite libiconv
 ifeq ($(WITH_GUI),1)
 speedo_spkgs += gettext
 endif
@@ -306,6 +306,11 @@ adns_ver  := $(shell awk '$$1=="adns_ver" {print $$2}' swdb.lst)
 adns_sha1 := $(shell awk '$$1=="adns_sha1" {print $$2}' swdb.lst)
 adns_sha2 := $(shell awk '$$1=="adns_sha2" {print $$2}' swdb.lst)
 
+sqlite_ver  := $(shell awk '$$1=="sqlite_ver" {print $$2}' swdb.lst)
+sqlite_sha1 := $(shell awk '$$1=="sqlite_sha1_gz" {print $$2}' swdb.lst)
+sqlite_sha2 := $(shell awk '$$1=="sqlite_sha2_gz" {print $$2}' swdb.lst)
+
+
 $(info Information from the version database)
 $(info GnuPG ..........: $(gnupg_ver) (building $(gnupg_ver_this)))
 $(info Libgpg-error ...: $(libgpg_error_ver))
@@ -315,6 +320,7 @@ $(info Libassuan ......: $(libassuan_ver))
 $(info Zlib ...........: $(zlib_ver))
 $(info Bzip2 ..........: $(bzip2_ver))
 $(info ADNS ...........: $(adns_ver))
+$(info SQLite .........: $(sqlite_ver))
 $(info GPGME ..........: $(gpgme_ver))
 $(info Pinentry .......: $(pinentry_ver))
 $(info GPA ............: $(gpa_ver))
@@ -324,7 +330,6 @@ endif
 # Version number for external packages
 pkg_config_ver = 0.23
 libiconv_ver = 1.14
-libsqlite3_ver = 3120000
 gettext_ver = 0.18.2.1
 libffi_ver = 3.0.13
 glib_ver = 2.34.3
@@ -413,9 +418,9 @@ endif
 speedo_pkg_pkg_config_tar = $(pkg2rep)/pkg-config-$(pkg_config_ver).tar.gz
 speedo_pkg_zlib_tar       = $(pkgrep)/zlib/zlib-$(zlib_ver).tar.gz
 speedo_pkg_bzip2_tar      = $(pkgrep)/bzip2/bzip2-$(bzip2_ver).tar.gz
+speedo_pkg_sqlite_tar     = $(pkgrep)/sqlite/sqlite-autoconf-$(sqlite_ver).tar.gz
 speedo_pkg_adns_tar       = $(pkg10rep)/adns/adns-$(adns_ver).tar.bz2
 speedo_pkg_libiconv_tar   = $(pkg2rep)/libiconv-$(libiconv_ver).tar.gz
-speedo_pkg_libsqlite3_tar = $(pkg2rep)/sqlite-autoconf-$(libsqlite3_ver).tar.gz
 speedo_pkg_gettext_tar    = $(pkg2rep)/gettext-$(gettext_ver).tar.gz
 speedo_pkg_libffi_tar     = $(pkg2rep)/libffi-$(libffi_ver).tar.gz
 speedo_pkg_glib_tar       = $(pkg2rep)/glib-$(glib_ver).tar.xz
diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index cb73e91..a695d99 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -573,8 +573,8 @@ Section "GnuPG" SEC_gnupg
   SectionIn RO
 
   SetOutPath "$INSTDIR\bin"
-  File /oname=gpg.exe "bin/gpg2.exe"
-  File /oname=gpgv.exe "bin/gpgv2.exe"
+  File "bin/gpg.exe"
+  File "bin/gpgv.exe"
   File "bin/gpgsm.exe"
   File "bin/gpgconf.exe"
   File "bin/gpg-connect-agent.exe"
diff --git a/build-aux/speedo/w32/pkg-copyright.txt b/build-aux/speedo/w32/pkg-copyright.txt
index 4cc4dc9..9495bcd 100644
--- a/build-aux/speedo/w32/pkg-copyright.txt
+++ b/build-aux/speedo/w32/pkg-copyright.txt
@@ -1,11 +1,11 @@
 Here is a list with collected copyright notices. For details see the
-description of each individual package.  [Compiled by wk FIXME]
+description of each individual package.  [Compiled by wk 2016-04-20]
 
 GnuPG is
 
-  Copyright (C) 1997-2015 Werner Koch
-  Copyright (C) 1994-2015 Free Software Foundation, Inc.
-  Copyright (C) 2003-2015 g10 Code GmbH
+  Copyright (C) 1997-2016 Werner Koch
+  Copyright (C) 1994-2016 Free Software Foundation, Inc.
+  Copyright (C) 2003-2016 g10 Code GmbH
   Copyright (C) 2002 Klar?lvdalens Datakonsult AB
   Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper <drepper at gnu.ai.mit.edu>
   Copyright (C) 1994 X Consortium
@@ -102,3 +102,21 @@ NSIS is
 
   [It is distributed along with NSIS and the same conditions as stated
    above apply]
+
+
+ADNS is
+
+  Copyright (C) 1997-2000,2003,2006 Ian Jackson
+  Copyright (C) 1999-2000,2003,2006 Tony Finch
+  Copyright (C) 1991 Massachusetts Institute of Technology
+
+
+SQLite has
+
+  been put into the public-domain by its author D. Richard Hipp:
+  The author disclaims copyright to this source code.  In place of
+  a legal notice, here is a blessing:
+
+      May you do good and not evil.
+      May you find forgiveness for yourself and forgive others.
+      May you share freely, never taking more than you give.

-----------------------------------------------------------------------

Summary of changes:
 build-aux/speedo.mk                    | 11 ++++++++---
 build-aux/speedo/w32/inst.nsi          |  4 ++--
 build-aux/speedo/w32/pkg-copyright.txt | 26 ++++++++++++++++++++++----
 3 files changed, 32 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr 20 12:25:27 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 20 Apr 2016 12:25:27 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 9d51e0f771fd275b4377493e75c4349a8209a631
Message-ID: <E1aspJB-0003qS-8u@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  9d51e0f771fd275b4377493e75c4349a8209a631 (commit)
      from  ce0eed04a6e14f6553eafcf22e2bfdd89a2c48d9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9d51e0f771fd275b4377493e75c4349a8209a631
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Apr 20 12:24:56 2016 +0200

    swdb: Add entry for SQLite
    
    This way we do not need to change GnuPG's speedo.mk to rebuild the
    Windows version with a newer SQlite version.

diff --git a/web/swdb.mac b/web/swdb.mac
index d591e31..d7cdabd 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -172,5 +172,11 @@
 #+macro: bzip2_ver     1.0.6-g10
 #+macro: bzip2_sha1_gz 6e38be3377340a21a1f13ff84b5e6adce97cd1d4
 
+#
+# SQLite (mirrored at our server)
+#
+#+macro: sqlite_ver     3120200
+#+macro: sqlite_sha1_gz b43c2e7238e54c50b95fbbd85c48792f4f39af8c
+
 
 # --- end of swdb.mac ---

-----------------------------------------------------------------------

Summary of changes:
 web/swdb.mac | 6 ++++++
 1 file changed, 6 insertions(+)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr 20 15:04:48 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Wed, 20 Apr 2016 15:04:48 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-141-gf8adf1a
Message-ID: <E1asrnP-0000b8-De@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  f8adf1a3234655877a4f985d627d98567507002c (commit)
       via  defbc70b4a16264e067daf76678ecfb9d030dee4 (commit)
      from  2385b9f1ddc4938e45c01a12a804f4b77d253305 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f8adf1a3234655877a4f985d627d98567507002c
Author: Justus Winter <justus at g10code.com>
Date:   Wed Apr 20 14:55:45 2016 +0200

    agent: Sanitize permissions of the private key directory.
    
    * agent/gpg-agent.c (create_private_keys_directory): Set permissions.
    * common/sysutils.c (modestr_to_mode): New function.
    (gnupg_mkdir): Use new function.
    (gnupg_chmod): New function.
    * common/sysutils.h (gnupg_chmod): New prototype.
    * tests/migrations/from-classic.test: Test migration with existing
    directory.
    
    GnuPG-bug-id: 2312
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 8aab2b9..a87052a 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1908,9 +1908,13 @@ create_private_keys_directory (const char *home)
       else if (!opt.quiet)
         log_info (_("directory '%s' created\n"), fname);
     }
+  if (gnupg_chmod (fname, "-rwx"))
+    log_error (_("can't set permissions of '%s': %s\n"),
+               fname, strerror (errno));
   xfree (fname);
 }
 
+
 /* Create the directory only if the supplied directory name is the
    same as the default one.  This way we avoid to create arbitrary
    directories when a non-default home directory is used.  To cope
diff --git a/common/sysutils.c b/common/sysutils.c
index ccd3542..18625d0 100644
--- a/common/sysutils.c
+++ b/common/sysutils.c
@@ -554,6 +554,40 @@ gnupg_remove (const char *fname)
 }
 
 
+#ifndef HAVE_W32_SYSTEM
+static mode_t
+modestr_to_mode (const char *modestr)
+{
+  mode_t mode = 0;
+
+  if (modestr && *modestr)
+    {
+      modestr++;
+      if (*modestr && *modestr++ == 'r')
+        mode |= S_IRUSR;
+      if (*modestr && *modestr++ == 'w')
+        mode |= S_IWUSR;
+      if (*modestr && *modestr++ == 'x')
+        mode |= S_IXUSR;
+      if (*modestr && *modestr++ == 'r')
+        mode |= S_IRGRP;
+      if (*modestr && *modestr++ == 'w')
+        mode |= S_IWGRP;
+      if (*modestr && *modestr++ == 'x')
+        mode |= S_IXGRP;
+      if (*modestr && *modestr++ == 'r')
+        mode |= S_IROTH;
+      if (*modestr && *modestr++ == 'w')
+        mode |= S_IWOTH;
+      if (*modestr && *modestr++ == 'x')
+        mode |= S_IXOTH;
+    }
+
+  return mode;
+}
+#endif
+
+
 /* A wrapper around mkdir which takes a string for the mode argument.
    This makes it easier to handle the mode argument which is not
    defined on all systems.  The format of the modestring is
@@ -589,31 +623,22 @@ gnupg_mkdir (const char *name, const char *modestr)
      because this sets ERRNO.  */
   return mkdir (name);
 #else
-  mode_t mode = 0;
+  return mkdir (name, modestr_to_mode (modestr));
+#endif
+}
 
-  if (modestr && *modestr)
-    {
-      modestr++;
-      if (*modestr && *modestr++ == 'r')
-        mode |= S_IRUSR;
-      if (*modestr && *modestr++ == 'w')
-        mode |= S_IWUSR;
-      if (*modestr && *modestr++ == 'x')
-        mode |= S_IXUSR;
-      if (*modestr && *modestr++ == 'r')
-        mode |= S_IRGRP;
-      if (*modestr && *modestr++ == 'w')
-        mode |= S_IWGRP;
-      if (*modestr && *modestr++ == 'x')
-        mode |= S_IXGRP;
-      if (*modestr && *modestr++ == 'r')
-        mode |= S_IROTH;
-      if (*modestr && *modestr++ == 'w')
-        mode |= S_IWOTH;
-      if (*modestr && *modestr++ == 'x')
-        mode |= S_IXOTH;
-    }
-  return mkdir (name, mode);
+
+/* A wrapper around mkdir which takes a string for the mode argument.
+   This makes it easier to handle the mode argument which is not
+   defined on all systems.  The format of the modestring is the same
+   as for gnupg_mkdir.  */
+int
+gnupg_chmod (const char *name, const char *modestr)
+{
+#ifdef HAVE_W32_SYSTEM
+  return 0;
+#else
+  return chmod (name, modestr_to_mode (modestr));
 #endif
 }
 
diff --git a/common/sysutils.h b/common/sysutils.h
index 95276de..ba66ce6 100644
--- a/common/sysutils.h
+++ b/common/sysutils.h
@@ -61,6 +61,7 @@ void gnupg_reopen_std (const char *pgmname);
 void gnupg_allow_set_foregound_window (pid_t pid);
 int  gnupg_remove (const char *fname);
 int  gnupg_mkdir (const char *name, const char *modestr);
+int gnupg_chmod (const char *name, const char *modestr);
 char *gnupg_mkdtemp (char *template);
 int  gnupg_setenv (const char *name, const char *value, int overwrite);
 int  gnupg_unsetenv (const char *name);
diff --git a/tests/migrations/from-classic.test b/tests/migrations/from-classic.test
index 4ee3b61..a61a5c3 100755
--- a/tests/migrations/from-classic.test
+++ b/tests/migrations/from-classic.test
@@ -50,3 +50,18 @@ assert_migrated()
 setup_home
 trigger_migration
 assert_migrated
+
+# Test with an existing private-keys-v1.d.
+setup_home
+mkdir "$GNUPGHOME/private-keys-v1.d"
+trigger_migration
+assert_migrated
+
+# Test with an existing private-keys-v1.d with weird permissions.
+setup_home
+mkdir "$GNUPGHOME/private-keys-v1.d"
+chmod 0 "$GNUPGHOME/private-keys-v1.d"
+trigger_migration
+assert_migrated
+
+# XXX Check a case where the migration fails.

commit defbc70b4a16264e067daf76678ecfb9d030dee4
Author: Justus Winter <justus at g10code.com>
Date:   Wed Apr 20 14:48:12 2016 +0200

    tests: Test the migration from a classic GnuPG home directory.
    
    * configure.ac: Add new directory.
    * tests/Makefile.am (SUBDIRS): Likewise.
    * tests/migrations/Makefile.am: New file.
    * tests/migrations/from-classic.gpghome/pubring.gpg.asc: Likewise.
    * tests/migrations/from-classic.gpghome/secring.gpg.asc: Likewise.
    * tests/migrations/from-classic.gpghome/trustdb.gpg.asc: Likewise.
    * tests/migrations/from-classic.test: Likewise.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/configure.ac b/configure.ac
index 70c1d14..d959fc5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1897,6 +1897,7 @@ tools/Makefile
 doc/Makefile
 tests/Makefile
 tests/openpgp/Makefile
+tests/migrations/Makefile
 tests/pkits/Makefile
 g10/gpg.w32-manifest
 ])
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 307d829..f3a2d16 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -25,7 +25,7 @@ else
 openpgp =
 endif
 
-SUBDIRS = ${openpgp} . pkits
+SUBDIRS = ${openpgp} . migrations pkits
 
 GPGSM = ../sm/gpgsm
 
diff --git a/tests/migrations/Makefile.am b/tests/migrations/Makefile.am
new file mode 100644
index 0000000..a592bdd
--- /dev/null
+++ b/tests/migrations/Makefile.am
@@ -0,0 +1,51 @@
+# Makefile.am - For tests/openpgp
+# Copyright (C) 2016 g10 Code GmbH
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+# Process this file with automake to create Makefile.in
+
+
+# Programs required before we can run these tests.
+required_pgms = ../../g10/gpg$(EXEEXT) ../../agent/gpg-agent$(EXEEXT)
+
+AM_CPPFLAGS = -I$(top_srcdir)/common
+include $(top_srcdir)/am/cmacros.am
+
+AM_CFLAGS =
+
+TESTS_ENVIRONMENT = GPG_AGENT_INFO= LC_ALL=C
+
+TESTS = from-classic.test
+
+TEST_FILES = from-classic.gpghome/pubring.gpg.asc \
+	     from-classic.gpghome/secring.gpg.asc \
+	     from-classic.gpghome/trustdb.gpg.asc
+
+EXTRA_DIST = $(TESTS) $(TEST_FILES)
+
+CLEANFILES = prepared.stamp x y yy z out err  $(data_files) \
+	     plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
+	     *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
+	     pubring.gpg pubring.gpg~ pubring.kbx pubring.kbx~ \
+	     secring.gpg pubring.pkr secring.skr \
+	     gnupg-test.stop random_seed gpg-agent.log tofu.db
+
+clean-local:
+	-rm -rf from-classic.gpghome/*.gpg
+
+# We need to depend on a couple of programs so that the tests don't
+# start before all programs are built.
+all-local: $(required_pgms)
diff --git a/tests/migrations/from-classic.gpghome/pubring.gpg.asc b/tests/migrations/from-classic.gpghome/pubring.gpg.asc
new file mode 100644
index 0000000..ecdfddc
--- /dev/null
+++ b/tests/migrations/from-classic.gpghome/pubring.gpg.asc
@@ -0,0 +1,54 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v2
+Comment: Use "gpg --dearmor" for unpacking
+
+mQGiBD/yNQgRBAC/KSfe6uVfDgA3BrGpNLhVxT/ytwXMpBI8pEdTiY0jWnYrb/Yu
+8wtCeZ9GAux/ZA/ted+7pdibHXfX5PzDfgUTZwrIJa57OUpWwI878AzZxNsnVv1I
+P6ufGyESKME4PUQO5heKhwAb0gQwFwArS3v4oeYrEljhJ79kpt319JEAEwCg+hTk
+nylYwYGT/PEVQ4JlLPoWmqUEAJn1HX1Od5tyoK4OEAM5G+wHz3SBj4FMonZNWs1I
+t03JKHoM5ulQ2FgEWmBVIPTKSDm/jQXPYApz5DpxpoGYbTCaEo6zfE32AEzoXDmG
+AZE90Xhq/wcEN+JcHpHytAA/n+hYaR3sYegQ52mWMR+vdd99KO0V0jLRcckgBA7Z
+2jlFA/98cyy2nYt0QI5Tf+t/d4WBeib2yNWVtZH/j7XpDqHLZDgVAYkazCA6ZF7B
+vLddBEqVAh1X5tqua4AXX9L4SGYb7B0LRV72alhYiWWHez126KjVgwRTUxtEJ4En
+HmYJRReLlXosPIRhXSz7HFAqalPXJ0DvC9kzTQnnjPOylyMPTbQjVGVzdCBvbmUg
+KHBwPWRlZikgPG9uZUBleGFtcGxlLmNvbT6IWgQTEQIAGgUCP/I1CAIbAwILAgMV
+AgMDFgIBAh4BAheAAAoJEA73cJbXTF8iUO4AnA8wHb3erMrfWV3ij0d/cEiSJAYF
+AJ9fcbShgTXDN1dIVZvLSW5E93TfC7ACAAOIWgQTEQIAGgUCP/I1CAIbAwILAgMV
+AgMDFgIBAh4BAheAAAoJEA73cJbXTF8iUO4An3DqZUvcr92tYI+Ewj4jcmzFrNKM
+AJ4yYTZj75t4d7WhUv1WjtDgJkkAm7ACAAO5AQ0EP/I1DRAEAOgCS1p47zcdec0U
+vVC0phewalHUU6f7mulWr0j0ZY1RU0IOP18HAeT7INcwPcUaUvC9KYenXmYbvO1i
+7sNNUCOsKUamwg+oSNMcbM3AwNwxlggTyJS1N6WzIX7MjRLUlUqtbLRhPDGlCltt
+6yeAjS0pZT646TANaBDiRIgk94ADAAMFA/9Gh2X1Sy+4Ip/RtMJDPZOY+Y6sWUN7
+OiM2BkdUmCLOmaOVfgrsEevKdSBBj0oVWN81U02i7jQzhhAI3tZMFJmP/hlF7AlS
+5HSaLj2+t1nHAKKy70QhskINR41CCv9sHAc5gN1WrY5NDpeI12GmqsWMPQVPUHsT
+Te0QsT6XbHzvC4hJBBgRAgAJBQI/8jUNAhsMAAoJEA73cJbXTF8icHgAoMoPkG6U
+dFdvTjKc/phZ6XojaDd9AKCokQkuhQ1wgXe2naMXaMGvzRaYzbACAAOZAaIEP/JS
+axEEAKxxqlg9Kz9DZ/3N52BC0w+JtYKke39vpdWVDHR3MHmMJ/31Y2iSpm0fvRs3
+h1j9/fBVmLOZglNQyH62SxdJyZwCelkZzfUy/qLm9Qaqi7wpg0p4EbmWdoFF/A1Z
+g/MU7D5w5xu+EA1J77Z6QyALN9rIOXZ7rLLa64lw/MV4LdIPAKC449htJbbp5rkJ
+HvBDs4YxEIkk5wP/X4hPGlIw5PlHrsG7hdahhTudV5hRGlvosnwsrYJXvKAQLAV1
+EV26SIYUH5pM/ycXrG25dqVoG56uQqnhBdUqo4iSnsxY3ZMA46D14REc9P//CGvJ
+/j2Z41gw8u8oB7rS50djvoaWb5myj7bhacTBdfah3U8dVXcIi1ZFvtiaGAYD+gIF
+7eNIdpaYiB0427un4ggc26+Y9nkF93DaMnZEaYSeum6g/g7D1vwINFgQkMYEWi4D
+K3W+uH0E/n8o20wS2wvMrbeYaQm5v6ucd001wwFDY6AdwpwP7UCLQcu6qqvwNHdx
+WYK6+gIsSufLmeMGrsvC0WQqYeu1GfGpHIMCZJlZtCJUZXN0IHR3byAobm8gcHAp
+IDx0d29AZXhhbXBsZS5jb20+iF8EExECAB8FAj/yUmsCGwMHCwkIBwMCAQMVAgMD
+FgIBAh4BAheAAAoJEJc9UOHED97PgEMAn0F8RGDrnmXv7rqM2+pic2oDz1kpAJ0S
+WPHxdjJHWzoGMrHqocAy/3wFi7ACAAO5AQ0EP/JSbxAEAMzYsfnax02AjMUvDYlG
+TaVUxp1n8zI8QqlcmWLfQhJuwOCXH0m4EVKaairp8K3rg5pjRhXNVvpU9aC37yWg
+4v6EP6Lm4CHKtBGeYDlMnWo/etT1d5bTZmmlEmbCeo0cWmtBQdXIMehFQfPIEeiQ
+eJgDOClfgrf3/UMz79kzEvKrAAMGA/43c6bZ7IidduMk1uXsIb1FaZgxrk/QrgN4
+IFuuW4zoX62r1+a3xzAlyz1zDVxYKQNNdr4IVcLp/3pJI+/68WqWZpRNvGKUg4/D
+8J/5ZKjQI8uOujMvsFHqAoIO5hIP++YrNqICs8dS+dp2suwRpn0uNeZuwQY1h7Il
+AOikbRV7dYhJBBgRAgAJBQI/8lJvAhsMAAoJEJc9UOHED97PLL4AoJlnKVcL7Qzd
+5wFU9XTBU7ws9IX8AKCOFbMyQXrBv/Bsi1vnthPi4kF1arACAAOYjAQ/8lO9AQQA
+qFJWduzk11/m0Ac/K/mab0kzzr3UUor1bkxh4vcxJHOTZF3a9Y6t1WUpwlOXeCNk
+Y98tRYUg6A40wFgkKz/4jdOaiDtHW2bOqrvJmJ/wH/5zdmDpthu53JEgXUKP/+j2
+dfrvYTZYxy2m11DA68QK9iPSBmksglFMQE2IJatwEAEACQEBtCZUZXN0IHRocmVl
+IChubyBwcCkgPHRocmVlQGV4YW1wbGUuY29tPoi1BBMBAgAfBQI/8lO9AhsDBwsJ
+CAcDAgEDFQIDAxYCAQIeAQIXgAAKCRDRILYm7Kv1HWpDA/9sINfVYaTW7TOQolYn
+9Vee4feOTpl6+S4dkgLCOWoDG/V17k/cl7Jr/iQ+YRBOi0S/fFwMBn72kEvdOtmi
+UAqHGQFnTyXhBLLvqTJ/yEHR6hnZK+zsusY8EmvoIdfSTIOJqkeACEEpCr0aE0qk
+gBm4voMrZ05pAO2hFJbaIHWHibACAAM=
+=fphx
+-----END PGP ARMORED FILE-----
diff --git a/tests/migrations/from-classic.gpghome/secring.gpg.asc b/tests/migrations/from-classic.gpghome/secring.gpg.asc
new file mode 100644
index 0000000..6aa367a
--- /dev/null
+++ b/tests/migrations/from-classic.gpghome/secring.gpg.asc
@@ -0,0 +1,68 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v2
+Comment: Use "gpg --dearmor" for unpacking
+
+lQHpBD/yNQgRBAC/KSfe6uVfDgA3BrGpNLhVxT/ytwXMpBI8pEdTiY0jWnYrb/Yu
+8wtCeZ9GAux/ZA/ted+7pdibHXfX5PzDfgUTZwrIJa57OUpWwI878AzZxNsnVv1I
+P6ufGyESKME4PUQO5heKhwAb0gQwFwArS3v4oeYrEljhJ79kpt319JEAEwCg+hTk
+nylYwYGT/PEVQ4JlLPoWmqUEAJn1HX1Od5tyoK4OEAM5G+wHz3SBj4FMonZNWs1I
+t03JKHoM5ulQ2FgEWmBVIPTKSDm/jQXPYApz5DpxpoGYbTCaEo6zfE32AEzoXDmG
+AZE90Xhq/wcEN+JcHpHytAA/n+hYaR3sYegQ52mWMR+vdd99KO0V0jLRcckgBA7Z
+2jlFA/98cyy2nYt0QI5Tf+t/d4WBeib2yNWVtZH/j7XpDqHLZDgVAYkazCA6ZF7B
+vLddBEqVAh1X5tqua4AXX9L4SGYb7B0LRV72alhYiWWHez126KjVgwRTUxtEJ4En
+HmYJRReLlXosPIRhXSz7HFAqalPXJ0DvC9kzTQnnjPOylyMPTf4HAwI+6Mr+dvBp
+XtZVHbBd1xUPHQl/+cIIBV6w3EFQuR6w7OorCYE6OHrHfEsFwCi3PNG5WUsMYIj2
+eddOuyRWtFR/QsaltCNUZXN0IG9uZSAocHA9ZGVmKSA8b25lQGV4YW1wbGUuY29t
+PohaBBMRAgAaBQI/8jUIAhsDAgsCAxUCAwMWAgECHgECF4AACgkQDvdwltdMXyJQ
+7gCcDzAdvd6syt9ZXeKPR39wSJIkBgUAn19xtKGBNcM3V0hVm8tJbkT3dN8LsAIA
+AIhaBBMRAgAaBQI/8jUIAhsDAgsCAxUCAwMWAgECHgECF4AACgkQDvdwltdMXyJQ
+7gCfcOplS9yv3a1gj4TCPiNybMWs0owAnjJhNmPvm3h3taFS/VaO0OAmSQCbsAIA
+AJ0BXwQ/8jUNEAQA6AJLWnjvNx15zRS9ULSmF7BqUdRTp/ua6VavSPRljVFTQg4/
+XwcB5Psg1zA9xRpS8L0ph6deZhu87WLuw01QI6wpRqbCD6hI0xxszcDA3DGWCBPI
+lLU3pbMhfsyNEtSVSq1stGE8MaUKW23rJ4CNLSllPrjpMA1oEOJEiCT3gAMAAwUD
+/0aHZfVLL7gin9G0wkM9k5j5jqxZQ3s6IzYGR1SYIs6Zo5V+CuwR68p1IEGPShVY
+3zVTTaLuNDOGEAje1kwUmY/+GUXsCVLkdJouPb63WccAorLvRCGyQg1HjUIK/2wc
+BzmA3Vatjk0Ol4jXYaaqxYw9BU9QexNN7RCxPpdsfO8L/gcDArbUVjowJlNA1rny
+wPbRkyAfJDY8m6+s1oM56PICi8N/E3TM/0A2fOESbsTfW6eKCmrIB3VDnURtVUTv
+WS71OKAqhddkD8tUtVQWdKXL5YhJBBgRAgAJBQI/8jUNAhsMAAoJEA73cJbXTF8i
+cHgAoMoPkG6UdFdvTjKc/phZ6XojaDd9AKCokQkuhQ1wgXe2naMXaMGvzRaYzbAC
+AACVAekEP/JSaxEEAKxxqlg9Kz9DZ/3N52BC0w+JtYKke39vpdWVDHR3MHmMJ/31
+Y2iSpm0fvRs3h1j9/fBVmLOZglNQyH62SxdJyZwCelkZzfUy/qLm9Qaqi7wpg0p4
+EbmWdoFF/A1Zg/MU7D5w5xu+EA1J77Z6QyALN9rIOXZ7rLLa64lw/MV4LdIPAKC4
+49htJbbp5rkJHvBDs4YxEIkk5wP/X4hPGlIw5PlHrsG7hdahhTudV5hRGlvosnws
+rYJXvKAQLAV1EV26SIYUH5pM/ycXrG25dqVoG56uQqnhBdUqo4iSnsxY3ZMA46D1
+4REc9P//CGvJ/j2Z41gw8u8oB7rS50djvoaWb5myj7bhacTBdfah3U8dVXcIi1ZF
+vtiaGAYD+gIF7eNIdpaYiB0427un4ggc26+Y9nkF93DaMnZEaYSeum6g/g7D1vwI
+NFgQkMYEWi4DK3W+uH0E/n8o20wS2wvMrbeYaQm5v6ucd001wwFDY6AdwpwP7UCL
+Qcu6qqvwNHdxWYK6+gIsSufLmeMGrsvC0WQqYeu1GfGpHIMCZJlZ/gcDAt0kdqtP
+lKPG1udCj4rXVf+JWEOsbdSsnimRh7rcSE5ksh/JzinsE9rm9FRY112AWfzPaj99
+0JAuaDOzn4d/6tPUnHa0IlRlc3QgdHdvIChubyBwcCkgPHR3b0BleGFtcGxlLmNv
+bT6IXwQTEQIAHwUCP/JSawIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQlz1Q
+4cQP3s+AQwCfQXxEYOueZe/uuozb6mJzagPPWSkAnRJY8fF2MkdbOgYyseqhwDL/
+fAWLsAIAAJ0BXwQ/8lJvEAQAzNix+drHTYCMxS8NiUZNpVTGnWfzMjxCqVyZYt9C
+Em7A4JcfSbgRUppqKunwreuDmmNGFc1W+lT1oLfvJaDi/oQ/oubgIcq0EZ5gOUyd
+aj961PV3ltNmaaUSZsJ6jRxaa0FB1cgx6EVB88gR6JB4mAM4KV+Ct/f9QzPv2TMS
+8qsAAwYD/jdzptnsiJ124yTW5ewhvUVpmDGuT9CuA3ggW65bjOhfravX5rfHMCXL
+PXMNXFgpA012vghVwun/ekkj7/rxapZmlE28YpSDj8Pwn/lkqNAjy466My+wUeoC
+gg7mEg/75is2ogKzx1L52nay7BGmfS415m7BBjWHsiUA6KRtFXt1/gcDAp6cJdVh
+287E1o1bCCplLBBjGAPRdWYlnZoJXXn7OUTHTSvMQkEZhAgDOKIiiwC88Drlk+bS
+m9MngTW7YnBsrRfIGhpSxLcYSeMk2xu8m4hJBBgRAgAJBQI/8lJvAhsMAAoJEJc9
+UOHED97PLL4AoJlnKVcL7Qzd5wFU9XTBU7ws9IX8AKCOFbMyQXrBv/Bsi1vnthPi
+4kF1arACAACVAgQEP/JTvQEEAKhSVnbs5Ndf5tAHPyv5mm9JM8691FKK9W5MYeL3
+MSRzk2Rd2vWOrdVlKcJTl3gjZGPfLUWFIOgONMBYJCs/+I3Tmog7R1tmzqq7yZif
+8B/+c3Zg6bYbudyRIF1Cj//o9nX672E2WMctptdQwOvECvYj0gZpLIJRTEBNiCWr
+cBABAAkBAf4HAwL3+6VQeHRq3tZqCOiuxPcuaSlTpURzbLJBa70QpeAbLZjOIjbm
+dQuNBzmxYZNe5V8mf33q2gn/P9vjki0Z/k96qJOXBgLSJkyK4FPi2dtqKkrOonkx
+rFv2AZ6Gt3zGp6dN3meYvG8GIiIvFiZmKYOrt4/XsAnPhXetbN23vO3dJxquD9sw
+O8phwR2u6ii789nbXjD6vOyyv7WcogUVQTHC9pJQrOkDX9aMxiVWHvvv2o2FOU/n
+JanwL/QN4J0sL36ytLoqhsUnayhhHbAP5TA+Vbk9JWvwO+6n8KDiUOkyaIzDaOgr
+BvU1eMSv89MiYH8JiNU9nO9ungT0hxJMn9OwFcrXGCXZ6xXct9yN4nlVV0r16032
+DE7m0JQuwoLm4S7OkQEBHlvtfs/WZzMWkFbduOarPr1uzf92BaSjpQLEAKCFgX1/
+zBPnmqDOnOdL4AIZcYR+q+vWvQLI1RoYSCiodfNQt7iq2IRF8j4qis88QC/JMb60
+JlRlc3QgdGhyZWUgKG5vIHBwKSA8dGhyZWVAZXhhbXBsZS5jb20+iLUEEwECAB8F
+Aj/yU70CGwMHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJENEgtibsq/UdakMD/2wg
+19VhpNbtM5CiVif1V57h945OmXr5Lh2SAsI5agMb9XXuT9yXsmv+JD5hEE6LRL98
+XAwGfvaQS9062aJQCocZAWdPJeEEsu+pMn/IQdHqGdkr7Oy6xjwSa+gh19JMg4mq
+R4AIQSkKvRoTSqSAGbi+gytnTmkA7aEUltogdYeJsAIAAA==
+=QqWQ
+-----END PGP ARMORED FILE-----
diff --git a/tests/migrations/from-classic.gpghome/trustdb.gpg.asc b/tests/migrations/from-classic.gpghome/trustdb.gpg.asc
new file mode 100644
index 0000000..d4ab65d
--- /dev/null
+++ b/tests/migrations/from-classic.gpghome/trustdb.gpg.asc
@@ -0,0 +1,31 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v2
+Comment: Use "gpg --dearmor" for unpacking
+
+AWdwZwMDAQUBAgAAVxdnIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQoAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+=XUWW
+-----END PGP ARMORED FILE-----
diff --git a/tests/migrations/from-classic.test b/tests/migrations/from-classic.test
new file mode 100755
index 0000000..4ee3b61
--- /dev/null
+++ b/tests/migrations/from-classic.test
@@ -0,0 +1,52 @@
+#!/bin/sh
+# Copyright 2016 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.  This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+if [ -z "$srcdir" ]; then
+   echo "not called from make" >&2
+   exit 1
+fi
+
+set -e
+
+# (We may not use a relative name for gpg-agent.)
+GPG_AGENT="$(cd ../../agent && /bin/pwd)/gpg-agent"
+GPG="../../g10/gpg --no-permission-warning --no-greeting --no-secmem-warning
+--batch --agent-program=${GPG_AGENT}|--debug-quick-random"
+
+export GNUPGHOME="from-classic.gpghome"
+
+setup_home()
+{
+    rm -rf -- "$GNUPGHOME"
+    mkdir "$GNUPGHOME"
+    for F in $srcdir/$GNUPGHOME/*.asc
+    do
+	$GPG --dearmor <"$F" >"$GNUPGHOME/`echo $F | sed -e 's/....$//'`"
+    done
+    chmod go-rwx $GNUPGHOME/*
+}
+
+trigger_migration()
+{
+    $GPG --list-secret-keys >/dev/null
+}
+
+assert_migrated()
+{
+    test -f $GNUPGHOME/.gpg-v21-migrated
+
+    for KEY in D74C5F22 C40FDECF ECABF51D; do
+	$GPG --list-secret-keys $KEY >/dev/null
+    done
+}
+
+setup_home
+trigger_migration
+assert_migrated

-----------------------------------------------------------------------

Summary of changes:
 agent/gpg-agent.c                                  |  4 ++
 common/sysutils.c                                  | 73 +++++++++++++++-------
 common/sysutils.h                                  |  1 +
 configure.ac                                       |  1 +
 tests/Makefile.am                                  |  2 +-
 tests/migrations/Makefile.am                       | 51 +++++++++++++++
 .../from-classic.gpghome/pubring.gpg.asc           | 54 ++++++++++++++++
 .../from-classic.gpghome/secring.gpg.asc           | 68 ++++++++++++++++++++
 .../from-classic.gpghome/trustdb.gpg.asc           | 31 +++++++++
 tests/migrations/from-classic.test                 | 67 ++++++++++++++++++++
 10 files changed, 327 insertions(+), 25 deletions(-)
 create mode 100644 tests/migrations/Makefile.am
 create mode 100644 tests/migrations/from-classic.gpghome/pubring.gpg.asc
 create mode 100644 tests/migrations/from-classic.gpghome/secring.gpg.asc
 create mode 100644 tests/migrations/from-classic.gpghome/trustdb.gpg.asc
 create mode 100755 tests/migrations/from-classic.test


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 21 09:53:06 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 21 Apr 2016 09:53:06 +0200
Subject: [git] GPG-ERROR - branch, master,
 updated. libgpg-error-1.21-22-g1cd1ddb
Message-ID: <E1at9PI-0002Oa-4m@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".

The branch, master has been updated
       via  1cd1ddb4ac2c13223a073f6d77696bcd6253e2ff (commit)
       via  3a8d6df937e771ec51b375f1d5cd7cfa3f141442 (commit)
      from  4354720ab3631dfd2811d881566b10a72c8f2165 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1cd1ddb4ac2c13223a073f6d77696bcd6253e2ff
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 21 09:51:45 2016 +0200

    w32: Add iconv functions.
    
    * src/w32-add.h (gpgrt_w32_iconv_t): New.
    (gpgrt_w32_iconv_open, gpgrt_w32_iconv_close, gpgrt_w32_iconv): New.
    ( GPGRT_ENABLE_W32_ICONV_MACROS): New
    * src/w32-iconv.c: Change license to LGPLv2.1+.  Dispable mlang
    feature.  Remove external DLL loading.  Simplify iconv functions.  Use
    cleaner context struct pattern.  Use gpgrt namespace.
    * src/gpg-error.def.in: Add new functions.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/NEWS b/NEWS
index d1d21fa..b736ad2 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,10 @@ Noteworthy changes in version 1.22 (unreleased) [C17/A17/R_)
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  GPG_ERR_DB_CORRUPTED             NEW.
  gpgrt_annotate_leaked_object     NEW inline func.
+ GPGRT_ENABLE_W32_ICONV_MACROS    NEW.
+ gpgrt_w32_iconv_open             NEW.
+ gpgrt_w32_iconv_close            NEW.
+ gpgrt_w32_iconv                  NEW.
 
 
 Noteworthy changes in version 1.21 (2015-12-12) [C17/A17/R0]
diff --git a/src/Makefile.am b/src/Makefile.am
index 2458431..1d88608 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -105,7 +105,7 @@ CLEANFILES = err-sources.h err-codes.h code-to-errno.h code-from-errno.h \
 # {{{ Begin Windows part
 #
 if HAVE_W32_SYSTEM
-arch_sources = w32-gettext.c w32-lock.c w32-lock-obj.h w32-thread.c
+arch_sources = w32-gettext.c w32-lock.c w32-lock-obj.h w32-thread.c w32-iconv.c
 RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
             -DLOCALEDIR=\"$(localedir)\" $(AM_CPPFLAGS) $(CPPFLAGS)
 LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE)
diff --git a/src/gpg-error.def.in b/src/gpg-error.def.in
index f8b9ebc..1fa8866 100644
--- a/src/gpg-error.def.in
+++ b/src/gpg-error.def.in
@@ -144,4 +144,10 @@ EXPORTS
  gpgrt_get_nonblock           @107
  gpgrt_poll                   @108
 
+#ifdef HAVE_W32_SYSTEM
+ gpgrt_w32_iconv_open         @109
+ gpgrt_w32_iconv_close        @110
+ gpgrt_w32_iconv              @111
+#endif
+
 ;; end of file with public symbols for Windows.
diff --git a/src/w32-add.h b/src/w32-add.h
index 02848ac..5db6500 100644
--- a/src/w32-add.h
+++ b/src/w32-add.h
@@ -38,3 +38,21 @@ int _gpg_w32_gettext_use_utf8 (int value);
 #endif /*GPG_ERR_ENABLE_GETTEXT_MACROS*/
 
 
+/* A simple iconv implementation w/o the need for an extra DLL.  */
+struct _gpgrt_w32_iconv_s;
+typedef struct _gpgrt_w32_iconv_s *gpgrt_w32_iconv_t;
+
+gpgrt_w32_iconv_t gpgrt_w32_iconv_open (const char *tocode,
+                                        const char *fromcode);
+int     gpgrt_w32_iconv_close (gpgrt_w32_iconv_t cd);
+size_t  gpgrt_w32_iconv (gpgrt_w32_iconv_t cd,
+                         const char **inbuf, size_t *inbytesleft,
+                         char **outbuf, size_t *outbytesleft);
+
+#ifdef GPGRT_ENABLE_W32_ICONV_MACROS
+# define ICONV_CONST const
+# define iconv_t gpgrt_w32_iconv_t
+# define iconv_open(a,b)  gpgrt_w32_iconv_open ((a), (b))
+# define iconv_close(a)   gpgrt_w32_iconv_close ((a))
+# define iconv(a,b,c,d,e) gpgrt_w32_iconv ((a),(b),(c),(d),(e))
+#endif /*GPGRT_ENABLE_W32_ICONV_MACROS*/
diff --git a/src/w32-iconv.c b/src/w32-iconv.c
index 20aa8e1..47a06b2 100644
--- a/src/w32-iconv.c
+++ b/src/w32-iconv.c
@@ -1,4 +1,21 @@
 /* w32-iconv.c - iconv implementation for Windows.
+ * Copyright (C) 2016 g10 Code GmbH
+ *
+ * This file is part of libgpg-error.
+ *
+ * libgpg-error is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * libgpg-error is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <https://www.gnu.org/licenses/>.
+ *
  **************************************************************
  * This code code is based on the file win_iconv.c as found
  * at https://github.com/win-iconv/win-iconv with the commit id
@@ -12,37 +29,26 @@
  *---------------------------------------------------
  */
 
+#if HAVE_CONFIG_H
+#include <config.h>
+#endif
+#if !defined (_WIN32) && !defined (__CYGWIN32__)
+#  error This module may only be build for Windows or Cygwin32
+#endif
+
 /* for WC_NO_BEST_FIT_CHARS */
 #ifndef WINVER
 # define WINVER 0x0500
 #endif
 
-#define STRICT
 #include <windows.h>
 #include <errno.h>
 #include <string.h>
 #include <stdlib.h>
 
-#ifdef __GNUC__
-#define UNUSED __attribute__((unused))
-#else
-#define UNUSED
-#endif
+#include "gpgrt-int.h"
 
-/* WORKAROUND: */
-#ifndef UNDER_CE
-#define GetProcAddressA GetProcAddress
-#endif
-
-#if 0
-# define MAKE_EXE
-# define MAKE_DLL
-# define USE_LIBICONV_DLL
-#endif
-
-#if !defined(DEFAULT_LIBICONV_DLL)
-# define DEFAULT_LIBICONV_DLL ""
-#endif
+#undef USE_MLANG_DLL
 
 #define MB_CHAR_MAX 16
 
@@ -57,29 +63,9 @@ typedef unsigned char uchar;
 typedef unsigned short ushort;
 typedef unsigned int uint;
 
-typedef void* iconv_t;
-
-iconv_t iconv_open(const char *tocode, const char *fromcode);
-int iconv_close(iconv_t cd);
-size_t iconv(iconv_t cd, const char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft);
-
-/* libiconv interface for vim */
-#if defined(MAKE_DLL)
-int
-iconvctl (iconv_t cd, int request, void* argument)
-{
-    /* not supported */
-    return 0;
-}
-#endif
-
 typedef struct compat_t compat_t;
 typedef struct csconv_t csconv_t;
-typedef struct rec_iconv_t rec_iconv_t;
 
-typedef iconv_t (*f_iconv_open)(const char *tocode, const char *fromcode);
-typedef int (*f_iconv_close)(iconv_t cd);
-typedef size_t (*f_iconv)(iconv_t cd, const char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft);
 typedef int* (*f_errno)(void);
 typedef int (*f_mbtowc)(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
 typedef int (*f_wctomb)(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
@@ -107,23 +93,16 @@ struct csconv_t {
     compat_t *compat;
 };
 
-struct rec_iconv_t {
-    iconv_t cd;
-    f_iconv_close iconv_close;
-    f_iconv iconv;
+struct _gpgrt_w32_iconv_s {
     f_errno _errno;
     csconv_t from;
     csconv_t to;
-#if defined(USE_LIBICONV_DLL)
-    HMODULE hlibiconv;
-#endif
 };
 
-static int win_iconv_open(rec_iconv_t *cd, const char *tocode, const char *fromcode);
-static int win_iconv_close(iconv_t cd);
-static size_t win_iconv(iconv_t cd, const char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft);
-
+#if USE_MLANG_DLL
 static int load_mlang(void);
+#endif /*USE_MLANG_DLL*/
+
 static int make_csconv(const char *name, csconv_t *cv);
 static int name_to_codepage(const char *name);
 static uint utf16_to_ucs4(const ushort *wbuf);
@@ -134,31 +113,32 @@ static char *strrstr(const char *str, const char *token);
 static char *xstrndup(const char *s, size_t n);
 static int seterror(int err);
 
-#if defined(USE_LIBICONV_DLL)
-static int libiconv_iconv_open(rec_iconv_t *cd, const char *tocode, const char *fromcode);
-static PVOID MyImageDirectoryEntryToData(LPVOID Base, BOOLEAN MappedAsImage, USHORT DirectoryEntry, PULONG Size);
-static FARPROC find_imported_function(HMODULE hModule, const char *funcname);
-
-static HMODULE hwiniconv;
-#endif
-
 static int sbcs_mblen(csconv_t *cv, const uchar *buf, int bufsize);
 static int dbcs_mblen(csconv_t *cv, const uchar *buf, int bufsize);
 static int mbcs_mblen(csconv_t *cv, const uchar *buf, int bufsize);
 static int utf8_mblen(csconv_t *cv, const uchar *buf, int bufsize);
+#if USE_MLANG_DLL
 static int eucjp_mblen(csconv_t *cv, const uchar *buf, int bufsize);
+#endif /*USE_MLANG_DLL*/
 
 static int kernel_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
 static int kernel_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
+
+#if USE_MLANG_DLL
 static int mlang_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
 static int mlang_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
+#endif /*USE_MLANG_DLL*/
+
 static int utf16_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
 static int utf16_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
 static int utf32_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
 static int utf32_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
+
+#if USE_MLANG_DLL
 static int iso2022jp_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
 static int iso2022jp_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
 static int iso2022jp_flush(csconv_t *cv, uchar *buf, int bufsize);
+#endif /*USE_MLANG_DLL*/
 
 static struct {
     int codepage;
@@ -194,7 +174,6 @@ static struct {
     {12001, "UCS4BE"},
     {12001, "UCS-4BE"},
 
-#ifndef GLIB_COMPILATION
     /*
      * Default is big endian.
      * See rfc2781 4.3 Interpreting text labelled as UTF-16.
@@ -207,17 +186,6 @@ static struct {
     {12001, "UTF-32"},
     {12001, "UCS-4"},
     {12001, "UCS4"},
-#else
-    /* Default is little endian, because the platform is */
-    {1200, "UTF16"},
-    {1200, "UTF-16"},
-    {1200, "UCS2"},
-    {1200, "UCS-2"},
-    {12000, "UTF32"},
-    {12000, "UTF-32"},
-    {12000, "UCS4"},
-    {12000, "UCS-4"},
-#endif
 
     /* copy from libiconv `iconv -l` */
     /* !IsValidCodePage(367) */
@@ -663,6 +631,7 @@ static compat_t *cp51932_compat = cp932_compat;
 /* cp20932_compat for kernel.  cp932_compat for mlang. */
 static compat_t *cp5022x_compat = cp932_compat;
 
+#if USE_MLANG_DLL
 typedef HRESULT (WINAPI *CONVERTINETSTRING)(
     LPDWORD lpdwMode,
     DWORD dwSrcEncoding,
@@ -716,7 +685,9 @@ static CONVERTINETUNICODETOMULTIBYTE ConvertINetUnicodeToMultiByte;
 static ISCONVERTINETSTRINGAVAILABLE IsConvertINetStringAvailable;
 static LCIDTORFC1766A LcidToRfc1766A;
 static RFC1766TOLCIDA Rfc1766ToLcidA;
+#endif /*USE_MLANG_DLL*/
 
+#if USE_MLANG_DLL
 static int
 load_mlang(void)
 {
@@ -734,79 +705,23 @@ load_mlang(void)
     Rfc1766ToLcidA = (RFC1766TOLCIDA)GetProcAddressA(h, "Rfc1766ToLcidA");
     return TRUE;
 }
-
-iconv_t
-iconv_open(const char *tocode, const char *fromcode)
-{
-    rec_iconv_t *cd;
-
-    cd = (rec_iconv_t *)calloc(1, sizeof(rec_iconv_t));
-    if (cd == NULL)
-        return (iconv_t)(-1);
-
-#if defined(USE_LIBICONV_DLL)
-    errno = 0;
-    if (libiconv_iconv_open(cd, tocode, fromcode))
-        return (iconv_t)cd;
 #endif
 
-    /* reset the errno to prevent reporting wrong error code.
-     * 0 for unsorted error. */
-    errno = 0;
-    if (win_iconv_open(cd, tocode, fromcode))
-        return (iconv_t)cd;
-
-    free(cd);
-
-    return (iconv_t)(-1);
-}
-
-int
-iconv_close(iconv_t _cd)
-{
-    rec_iconv_t *cd = (rec_iconv_t *)_cd;
-    int r = cd->iconv_close(cd->cd);
-    int e = *(cd->_errno());
-#if defined(USE_LIBICONV_DLL)
-    if (cd->hlibiconv != NULL)
-        FreeLibrary(cd->hlibiconv);
-#endif
-    free(cd);
-    errno = e;
-    return r;
-}
-
-size_t
-iconv(iconv_t _cd, const char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft)
-{
-    rec_iconv_t *cd = (rec_iconv_t *)_cd;
-    size_t r = cd->iconv(cd->cd, inbuf, inbytesleft, outbuf, outbytesleft);
-    errno = *(cd->_errno());
-    return r;
-}
 
 static int
-win_iconv_open(rec_iconv_t *cd, const char *tocode, const char *fromcode)
+win_iconv_open(gpgrt_w32_iconv_t cd, const char *tocode, const char *fromcode)
 {
     if (!make_csconv(fromcode, &cd->from) || !make_csconv(tocode, &cd->to))
         return FALSE;
-    cd->iconv_close = win_iconv_close;
-    cd->iconv = win_iconv;
     cd->_errno = _errno;
-    cd->cd = (iconv_t)cd;
     return TRUE;
 }
 
-static int
-win_iconv_close(iconv_t cd UNUSED)
-{
-    return 0;
-}
-
 static size_t
-win_iconv(iconv_t _cd, const char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft)
+win_iconv (gpgrt_w32_iconv_t cd,
+           const char **inbuf, size_t *inbytesleft,
+           char **outbuf, size_t *outbytesleft)
 {
-    rec_iconv_t *cd = (rec_iconv_t *)_cd;
     ushort wbuf[MB_CHAR_MAX]; /* enough room for one character */
     int insize;
     int outsize;
@@ -979,6 +894,7 @@ make_csconv(const char *_name, csconv_t *cv)
         cv->wctomb = kernel_wctomb;
         cv->mblen = utf8_mblen;
     }
+#if USE_MLANG_DLL
     else if ((cv->codepage == 50220 || cv->codepage == 50221 || cv->codepage == 50222) && load_mlang())
     {
         cv->mbtowc = iso2022jp_mbtowc;
@@ -991,6 +907,7 @@ make_csconv(const char *_name, csconv_t *cv)
         cv->wctomb = mlang_wctomb;
         cv->mblen = eucjp_mblen;
     }
+#endif /*USE_MLANG_DLL*/
     else if (IsValidCodePage(cv->codepage)
 	     && GetCPInfo(cv->codepage, &cpinfo) != 0)
     {
@@ -1148,150 +1065,18 @@ xstrndup(const char *s, size_t n)
 static int
 seterror(int err)
 {
-    errno = err;
+    _gpg_err_set_errno (err);
     return -1;
 }
 
-#if defined(USE_LIBICONV_DLL)
-static int
-libiconv_iconv_open(rec_iconv_t *cd, const char *tocode, const char *fromcode)
-{
-    HMODULE hlibiconv = NULL;
-    char *dllname;
-    const char *p;
-    const char *e;
-    f_iconv_open _iconv_open;
-
-    /*
-     * always try to load dll, so that we can switch dll in runtime.
-     */
-
-    /* XXX: getenv() can't get variable set by SetEnvironmentVariable() */
-    p = getenv("WINICONV_LIBICONV_DLL");
-    if (p == NULL)
-        p = DEFAULT_LIBICONV_DLL;
-    /* parse comma separated value */
-    for ( ; *p != 0; p = (*e == ',') ? e + 1 : e)
-    {
-        e = strchr(p, ',');
-        if (p == e)
-            continue;
-        else if (e == NULL)
-            e = p + strlen(p);
-        dllname = xstrndup(p, e - p);
-        if (dllname == NULL)
-            return FALSE;
-        hlibiconv = LoadLibraryA(dllname);
-        free(dllname);
-        if (hlibiconv != NULL)
-        {
-            if (hlibiconv == hwiniconv)
-            {
-                FreeLibrary(hlibiconv);
-                hlibiconv = NULL;
-                continue;
-            }
-            break;
-        }
-    }
-
-    if (hlibiconv == NULL)
-        goto failed;
-
-    _iconv_open = (f_iconv_open)GetProcAddressA(hlibiconv, "libiconv_open");
-    if (_iconv_open == NULL)
-        _iconv_open = (f_iconv_open)GetProcAddressA(hlibiconv, "iconv_open");
-    cd->iconv_close = (f_iconv_close)GetProcAddressA(hlibiconv, "libiconv_close");
-    if (cd->iconv_close == NULL)
-        cd->iconv_close = (f_iconv_close)GetProcAddressA(hlibiconv, "iconv_close");
-    cd->iconv = (f_iconv)GetProcAddressA(hlibiconv, "libiconv");
-    if (cd->iconv == NULL)
-        cd->iconv = (f_iconv)GetProcAddressA(hlibiconv, "iconv");
-    cd->_errno = (f_errno)find_imported_function(hlibiconv, "_errno");
-    if (_iconv_open == NULL || cd->iconv_close == NULL
-            || cd->iconv == NULL || cd->_errno == NULL)
-        goto failed;
-
-    cd->cd = _iconv_open(tocode, fromcode);
-    if (cd->cd == (iconv_t)(-1))
-        goto failed;
-
-    cd->hlibiconv = hlibiconv;
-    return TRUE;
-
-failed:
-    if (hlibiconv != NULL)
-        FreeLibrary(hlibiconv);
-    return FALSE;
-}
-
-/*
- * Reference:
- * http://forums.belution.com/ja/vc/000/234/78s.shtml
- * http://nienie.com/~masapico/api_ImageDirectoryEntryToData.html
- *
- * The formal way is
- *   imagehlp.h or dbghelp.h
- *   imagehlp.lib or dbghelp.lib
- *   ImageDirectoryEntryToData()
- */
-#define TO_DOS_HEADER(base) ((PIMAGE_DOS_HEADER)(base))
-#define TO_NT_HEADERS(base) ((PIMAGE_NT_HEADERS)((LPBYTE)(base) + TO_DOS_HEADER(base)->e_lfanew))
-static PVOID
-MyImageDirectoryEntryToData(LPVOID Base, BOOLEAN MappedAsImage, USHORT DirectoryEntry, PULONG Size)
-{
-    /* TODO: MappedAsImage? */
-    PIMAGE_DATA_DIRECTORY p;
-    p = TO_NT_HEADERS(Base)->OptionalHeader.DataDirectory + DirectoryEntry;
-    if (p->VirtualAddress == 0) {
-      *Size = 0;
-      return NULL;
-    }
-    *Size = p->Size;
-    return (PVOID)((LPBYTE)Base + p->VirtualAddress);
-}
-
-static FARPROC
-find_imported_function(HMODULE hModule, const char *funcname)
-{
-    DWORD_PTR Base;
-    ULONG Size;
-    PIMAGE_IMPORT_DESCRIPTOR Imp;
-    PIMAGE_THUNK_DATA Address;      /* Import Address Table */
-    PIMAGE_THUNK_DATA Name;         /* Import Name Table */
-    PIMAGE_IMPORT_BY_NAME ImpName;
-
-    Base = (DWORD_PTR)hModule;
-    Imp = (PIMAGE_IMPORT_DESCRIPTOR)MyImageDirectoryEntryToData(
-            (LPVOID)Base,
-            TRUE,
-            IMAGE_DIRECTORY_ENTRY_IMPORT,
-            &Size);
-    if (Imp == NULL)
-        return NULL;
-    for ( ; Imp->OriginalFirstThunk != 0; ++Imp)
-    {
-        Address = (PIMAGE_THUNK_DATA)(Base + Imp->FirstThunk);
-        Name = (PIMAGE_THUNK_DATA)(Base + Imp->OriginalFirstThunk);
-        for ( ; Name->u1.Ordinal != 0; ++Name, ++Address)
-        {
-            if (!IMAGE_SNAP_BY_ORDINAL(Name->u1.Ordinal))
-            {
-                ImpName = (PIMAGE_IMPORT_BY_NAME)
-                    (Base + (DWORD_PTR)Name->u1.AddressOfData);
-                if (strcmp((char *)ImpName->Name, funcname) == 0)
-                    return (FARPROC)Address->u1.Function;
-            }
-        }
-    }
-    return NULL;
-}
-#endif
 
 static int
-sbcs_mblen(csconv_t *cv UNUSED, const uchar *buf UNUSED, int bufsize UNUSED)
+sbcs_mblen(csconv_t *cv, const uchar *buf, int bufsize)
 {
-    return 1;
+  (void)cv;
+  (void)buf;
+  (void)bufsize;
+  return 1;
 }
 
 static int
@@ -1326,10 +1111,12 @@ mbcs_mblen(csconv_t *cv, const uchar *buf, int bufsize)
 }
 
 static int
-utf8_mblen(csconv_t *cv UNUSED, const uchar *buf, int bufsize)
+utf8_mblen(csconv_t *cv, const uchar *buf, int bufsize)
 {
     int len = 0;
 
+    (void) cv;
+
     if (buf[0] < 0x80) len = 1;
     else if ((buf[0] & 0xE0) == 0xC0) len = 2;
     else if ((buf[0] & 0xF0) == 0xE0) len = 3;
@@ -1344,9 +1131,12 @@ utf8_mblen(csconv_t *cv UNUSED, const uchar *buf, int bufsize)
     return len;
 }
 
+#if USE_MLANG_DLL
 static int
-eucjp_mblen(csconv_t *cv UNUSED, const uchar *buf, int bufsize)
+eucjp_mblen(csconv_t *cv, const uchar *buf, int bufsize)
 {
+    (void) cv;
+
     if (buf[0] < 0x80) /* ASCII */
         return 1;
     else if (buf[0] == 0x8E) /* JIS X 0201 */
@@ -1376,6 +1166,7 @@ eucjp_mblen(csconv_t *cv UNUSED, const uchar *buf, int bufsize)
         return 2;
     }
 }
+#endif /*USE_MLANG_DLL*/
 
 static int
 kernel_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize)
@@ -1439,6 +1230,7 @@ kernel_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize)
  * "C42C" is same for each convert session.
  * It should be: ((codepage-1)<<16)|state
  */
+#if USE_MLANG_DLL
 static int
 mlang_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize)
 {
@@ -1476,6 +1268,7 @@ mlang_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize)
     memcpy(buf, tmpbuf, tmpsize);
     return tmpsize;
 }
+#endif /*USE_MLANG_DLL*/
 
 static int
 utf16_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize)
@@ -1702,6 +1495,7 @@ struct iso2022_esc_t {
 #define ISO2022JP_CS_JISX0208_1983    4
 #define ISO2022JP_CS_JISX0212         5
 
+#if USE_MLANG_DLL
 static iso2022_esc_t iso2022jp_esc[] = {
     {"\x1B\x28\x42", 3, 1, ISO2022JP_CS_ASCII},
     {"\x1B\x28\x4A", 3, 1, ISO2022JP_CS_JISX0201_ROMAN},
@@ -1711,9 +1505,12 @@ static iso2022_esc_t iso2022jp_esc[] = {
     {"\x1B\x24\x28\x44", 4, 2, ISO2022JP_CS_JISX0212},
     {NULL, 0, 0, 0}
 };
+#endif /*USE_MLANG_DLL*/
 
+#if USE_MLANG_DLL
 static int
-iso2022jp_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize)
+iso2022jp_mbtowc(csconv_t *cv, const uchar *buf, int bufsize,
+                 ushort *wbuf, int *wbufsize)
 {
     iso2022_esc_t *iesc = iso2022jp_esc;
     char tmp[MB_CHAR_MAX];
@@ -1815,7 +1612,10 @@ iso2022jp_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int
 
     return len;
 }
+#endif /*USE_MLANG_DLL*/
 
+
+#if USE_MLANG_DLL
 static int
 iso2022jp_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize)
 {
@@ -1911,7 +1711,9 @@ iso2022jp_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsi
     cv->mode = ISO2022_MODE(cs, shift);
     return len + esc_len;
 }
+#endif /*USE_MLANG_DLL*/
 
+#if USE_MLANG_DLL
 static int
 iso2022jp_flush(csconv_t *cv, uchar *buf, int bufsize)
 {
@@ -1944,143 +1746,48 @@ iso2022jp_flush(csconv_t *cv, uchar *buf, int bufsize)
     }
     return 0;
 }
+#endif /*USE_MLANG_DLL*/
 
-#if defined(MAKE_DLL) && defined(USE_LIBICONV_DLL)
-BOOL WINAPI
-DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
-{
-    switch( fdwReason )
-    {
-    case DLL_PROCESS_ATTACH:
-        hwiniconv = (HMODULE)hinstDLL;
-        break;
-    case DLL_THREAD_ATTACH:
-    case DLL_THREAD_DETACH:
-    case DLL_PROCESS_DETACH:
-        break;
-    }
-    return TRUE;
-}
-#endif
 
-#if defined(MAKE_EXE)
-#include <stdio.h>
-#include <fcntl.h>
-#include <io.h>
-int
-main(int argc, char **argv)
+gpgrt_w32_iconv_t
+gpgrt_w32_iconv_open (const char *tocode, const char *fromcode)
 {
-    char *fromcode = NULL;
-    char *tocode = NULL;
-    int i;
-    char inbuf[BUFSIZ];
-    char outbuf[BUFSIZ];
-    const char *pin;
-    char *pout;
-    size_t inbytesleft;
-    size_t outbytesleft;
-    size_t rest = 0;
-    iconv_t cd;
-    size_t r;
-    FILE *in = stdin;
-    FILE *out = stdout;
-    int ignore = 0;
-    char *p;
+    gpgrt_w32_iconv_t cd;
 
-    _setmode(_fileno(stdin), _O_BINARY);
-    _setmode(_fileno(stdout), _O_BINARY);
+    cd = calloc(1, sizeof *cd);
+    if (!cd)
+         return (gpgrt_w32_iconv_t)(-1);
 
-    for (i = 1; i < argc; ++i)
-    {
-        if (strcmp(argv[i], "-l") == 0)
-        {
-            for (i = 0; codepage_alias[i].name != NULL; ++i)
-                printf("%s\n", codepage_alias[i].name);
-            return 0;
-        }
-
-        if (strcmp(argv[i], "-f") == 0)
-            fromcode = argv[++i];
-        else if (strcmp(argv[i], "-t") == 0)
-            tocode = argv[++i];
-        else if (strcmp(argv[i], "-c") == 0)
-            ignore = 1;
-        else if (strcmp(argv[i], "--output") == 0)
-        {
-            out = fopen(argv[++i], "wb");
-            if(out == NULL)
-            {
-                fprintf(stderr, "cannot open %s\n", argv[i]);
-                return 1;
-            }
-        }
-        else
-        {
-            in = fopen(argv[i], "rb");
-            if (in == NULL)
-            {
-                fprintf(stderr, "cannot open %s\n", argv[i]);
-                return 1;
-            }
-            break;
-        }
-    }
+    /* reset the errno to prevent reporting wrong error code.
+     * 0 for unsorted error. */
+    _gpg_err_set_errno (0);
+    if (win_iconv_open(cd, tocode, fromcode))
+        return cd;
 
-    if (fromcode == NULL || tocode == NULL)
-    {
-        printf("usage: %s [-c] -f from-enc -t to-enc [file]\n", argv[0]);
-        return 0;
-    }
+    free(cd);
 
-    if (ignore)
-    {
-        p = tocode;
-        tocode = (char *)malloc(strlen(p) + strlen("//IGNORE") + 1);
-        if (tocode == NULL)
-        {
-            perror("fatal error");
-            return 1;
-        }
-        strcpy(tocode, p);
-        strcat(tocode, "//IGNORE");
-    }
+    return (gpgrt_w32_iconv_t)(-1);
+}
 
-    cd = iconv_open(tocode, fromcode);
-    if (cd == (iconv_t)(-1))
+int
+gpgrt_w32_iconv_close (gpgrt_w32_iconv_t cd)
+{
+    if (cd)
     {
-        perror("iconv_open error");
-        return 1;
+         free (cd);
     }
 
-    while ((inbytesleft = fread(inbuf + rest, 1, sizeof(inbuf) - rest, in)) != 0
-            || rest != 0)
-    {
-        inbytesleft += rest;
-        pin = inbuf;
-        pout = outbuf;
-        outbytesleft = sizeof(outbuf);
-        r = iconv(cd, &pin, &inbytesleft, &pout, &outbytesleft);
-        fwrite(outbuf, 1, sizeof(outbuf) - outbytesleft, out);
-        if (r == (size_t)(-1) && errno != E2BIG && (errno != EINVAL || feof(in)))
-        {
-            perror("conversion error");
-            return 1;
-        }
-        memmove(inbuf, pin, inbytesleft);
-        rest = inbytesleft;
-    }
-    pout = outbuf;
-    outbytesleft = sizeof(outbuf);
-    r = iconv(cd, NULL, NULL, &pout, &outbytesleft);
-    fwrite(outbuf, 1, sizeof(outbuf) - outbytesleft, out);
-    if (r == (size_t)(-1))
-    {
-        perror("conversion error");
-        return 1;
-    }
+    return 0;
+}
 
-    iconv_close(cd);
+size_t
+gpgrt_w32_iconv (gpgrt_w32_iconv_t cd,
+                  const char **inbuf, size_t *inbytesleft,
+                  char **outbuf, size_t *outbytesleft)
+{
+     size_t r;
 
-    return 0;
+     r = win_iconv (cd, inbuf, inbytesleft, outbuf, outbytesleft);
+     _gpg_err_set_errno (*(cd->_errno()));
+     return r;
 }
-#endif

commit 3a8d6df937e771ec51b375f1d5cd7cfa3f141442
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Apr 20 16:59:18 2016 +0200

    Add file w32-iconv.c
    
    --

diff --git a/src/w32-iconv.c b/src/w32-iconv.c
new file mode 100644
index 0000000..20aa8e1
--- /dev/null
+++ b/src/w32-iconv.c
@@ -0,0 +1,2086 @@
+/* w32-iconv.c - iconv implementation for Windows.
+ **************************************************************
+ * This code code is based on the file win_iconv.c as found
+ * at https://github.com/win-iconv/win-iconv with the commit id
+ * 8c23784e35327c9d85d22810b9e4a2cbd06ffe90, dated 2016-03-18.
+ * Yukihiro Nakadaira <yukihiro.nakadaira at gmail.com> is the
+ * original author.  The file win_iconv.c carried this notice:
+ *--------------------------------------------------------------
+ * iconv implementation using Win32 API to convert.
+ *
+ * This file is placed in the public domain.
+ *---------------------------------------------------
+ */
+
+/* for WC_NO_BEST_FIT_CHARS */
+#ifndef WINVER
+# define WINVER 0x0500
+#endif
+
+#define STRICT
+#include <windows.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef __GNUC__
+#define UNUSED __attribute__((unused))
+#else
+#define UNUSED
+#endif
+
+/* WORKAROUND: */
+#ifndef UNDER_CE
+#define GetProcAddressA GetProcAddress
+#endif
+
+#if 0
+# define MAKE_EXE
+# define MAKE_DLL
+# define USE_LIBICONV_DLL
+#endif
+
+#if !defined(DEFAULT_LIBICONV_DLL)
+# define DEFAULT_LIBICONV_DLL ""
+#endif
+
+#define MB_CHAR_MAX 16
+
+#define UNICODE_MODE_BOM_DONE   1
+#define UNICODE_MODE_SWAPPED    2
+
+#define FLAG_USE_BOM            1
+#define FLAG_TRANSLIT           2 /* //TRANSLIT */
+#define FLAG_IGNORE             4 /* //IGNORE */
+
+typedef unsigned char uchar;
+typedef unsigned short ushort;
+typedef unsigned int uint;
+
+typedef void* iconv_t;
+
+iconv_t iconv_open(const char *tocode, const char *fromcode);
+int iconv_close(iconv_t cd);
+size_t iconv(iconv_t cd, const char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft);
+
+/* libiconv interface for vim */
+#if defined(MAKE_DLL)
+int
+iconvctl (iconv_t cd, int request, void* argument)
+{
+    /* not supported */
+    return 0;
+}
+#endif
+
+typedef struct compat_t compat_t;
+typedef struct csconv_t csconv_t;
+typedef struct rec_iconv_t rec_iconv_t;
+
+typedef iconv_t (*f_iconv_open)(const char *tocode, const char *fromcode);
+typedef int (*f_iconv_close)(iconv_t cd);
+typedef size_t (*f_iconv)(iconv_t cd, const char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft);
+typedef int* (*f_errno)(void);
+typedef int (*f_mbtowc)(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
+typedef int (*f_wctomb)(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
+typedef int (*f_mblen)(csconv_t *cv, const uchar *buf, int bufsize);
+typedef int (*f_flush)(csconv_t *cv, uchar *buf, int bufsize);
+
+#define COMPAT_IN   1
+#define COMPAT_OUT  2
+
+/* unicode mapping for compatibility with other conversion table. */
+struct compat_t {
+    uint in;
+    uint out;
+    uint flag;
+};
+
+struct csconv_t {
+    int codepage;
+    int flags;
+    f_mbtowc mbtowc;
+    f_wctomb wctomb;
+    f_mblen mblen;
+    f_flush flush;
+    DWORD mode;
+    compat_t *compat;
+};
+
+struct rec_iconv_t {
+    iconv_t cd;
+    f_iconv_close iconv_close;
+    f_iconv iconv;
+    f_errno _errno;
+    csconv_t from;
+    csconv_t to;
+#if defined(USE_LIBICONV_DLL)
+    HMODULE hlibiconv;
+#endif
+};
+
+static int win_iconv_open(rec_iconv_t *cd, const char *tocode, const char *fromcode);
+static int win_iconv_close(iconv_t cd);
+static size_t win_iconv(iconv_t cd, const char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft);
+
+static int load_mlang(void);
+static int make_csconv(const char *name, csconv_t *cv);
+static int name_to_codepage(const char *name);
+static uint utf16_to_ucs4(const ushort *wbuf);
+static void ucs4_to_utf16(uint wc, ushort *wbuf, int *wbufsize);
+static int mbtowc_flags(int codepage);
+static int must_use_null_useddefaultchar(int codepage);
+static char *strrstr(const char *str, const char *token);
+static char *xstrndup(const char *s, size_t n);
+static int seterror(int err);
+
+#if defined(USE_LIBICONV_DLL)
+static int libiconv_iconv_open(rec_iconv_t *cd, const char *tocode, const char *fromcode);
+static PVOID MyImageDirectoryEntryToData(LPVOID Base, BOOLEAN MappedAsImage, USHORT DirectoryEntry, PULONG Size);
+static FARPROC find_imported_function(HMODULE hModule, const char *funcname);
+
+static HMODULE hwiniconv;
+#endif
+
+static int sbcs_mblen(csconv_t *cv, const uchar *buf, int bufsize);
+static int dbcs_mblen(csconv_t *cv, const uchar *buf, int bufsize);
+static int mbcs_mblen(csconv_t *cv, const uchar *buf, int bufsize);
+static int utf8_mblen(csconv_t *cv, const uchar *buf, int bufsize);
+static int eucjp_mblen(csconv_t *cv, const uchar *buf, int bufsize);
+
+static int kernel_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
+static int kernel_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
+static int mlang_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
+static int mlang_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
+static int utf16_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
+static int utf16_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
+static int utf32_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
+static int utf32_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
+static int iso2022jp_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize);
+static int iso2022jp_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize);
+static int iso2022jp_flush(csconv_t *cv, uchar *buf, int bufsize);
+
+static struct {
+    int codepage;
+    const char *name;
+} codepage_alias[] = {
+    {65001, "CP65001"},
+    {65001, "UTF8"},
+    {65001, "UTF-8"},
+
+    {1200, "CP1200"},
+    {1200, "UTF16LE"},
+    {1200, "UTF-16LE"},
+    {1200, "UCS2LE"},
+    {1200, "UCS-2LE"},
+    {1200, "UCS-2-INTERNAL"},
+
+    {1201, "CP1201"},
+    {1201, "UTF16BE"},
+    {1201, "UTF-16BE"},
+    {1201, "UCS2BE"},
+    {1201, "UCS-2BE"},
+    {1201, "unicodeFFFE"},
+
+    {12000, "CP12000"},
+    {12000, "UTF32LE"},
+    {12000, "UTF-32LE"},
+    {12000, "UCS4LE"},
+    {12000, "UCS-4LE"},
+
+    {12001, "CP12001"},
+    {12001, "UTF32BE"},
+    {12001, "UTF-32BE"},
+    {12001, "UCS4BE"},
+    {12001, "UCS-4BE"},
+
+#ifndef GLIB_COMPILATION
+    /*
+     * Default is big endian.
+     * See rfc2781 4.3 Interpreting text labelled as UTF-16.
+     */
+    {1201, "UTF16"},
+    {1201, "UTF-16"},
+    {1201, "UCS2"},
+    {1201, "UCS-2"},
+    {12001, "UTF32"},
+    {12001, "UTF-32"},
+    {12001, "UCS-4"},
+    {12001, "UCS4"},
+#else
+    /* Default is little endian, because the platform is */
+    {1200, "UTF16"},
+    {1200, "UTF-16"},
+    {1200, "UCS2"},
+    {1200, "UCS-2"},
+    {12000, "UTF32"},
+    {12000, "UTF-32"},
+    {12000, "UCS4"},
+    {12000, "UCS-4"},
+#endif
+
+    /* copy from libiconv `iconv -l` */
+    /* !IsValidCodePage(367) */
+    {20127, "ANSI_X3.4-1968"},
+    {20127, "ANSI_X3.4-1986"},
+    {20127, "ASCII"},
+    {20127, "CP367"},
+    {20127, "IBM367"},
+    {20127, "ISO-IR-6"},
+    {20127, "ISO646-US"},
+    {20127, "ISO_646.IRV:1991"},
+    {20127, "US"},
+    {20127, "US-ASCII"},
+    {20127, "CSASCII"},
+
+    /* !IsValidCodePage(819) */
+    {1252, "CP819"},
+    {1252, "IBM819"},
+    {28591, "ISO-8859-1"},
+    {28591, "ISO-IR-100"},
+    {28591, "ISO8859-1"},
+    {28591, "ISO_8859-1"},
+    {28591, "ISO_8859-1:1987"},
+    {28591, "L1"},
+    {28591, "LATIN1"},
+    {28591, "CSISOLATIN1"},
+
+    {1250, "CP1250"},
+    {1250, "MS-EE"},
+    {1250, "WINDOWS-1250"},
+
+    {1251, "CP1251"},
+    {1251, "MS-CYRL"},
+    {1251, "WINDOWS-1251"},
+
+    {1252, "CP1252"},
+    {1252, "MS-ANSI"},
+    {1252, "WINDOWS-1252"},
+
+    {1253, "CP1253"},
+    {1253, "MS-GREEK"},
+    {1253, "WINDOWS-1253"},
+
+    {1254, "CP1254"},
+    {1254, "MS-TURK"},
+    {1254, "WINDOWS-1254"},
+
+    {1255, "CP1255"},
+    {1255, "MS-HEBR"},
+    {1255, "WINDOWS-1255"},
+
+    {1256, "CP1256"},
+    {1256, "MS-ARAB"},
+    {1256, "WINDOWS-1256"},
+
+    {1257, "CP1257"},
+    {1257, "WINBALTRIM"},
+    {1257, "WINDOWS-1257"},
+
+    {1258, "CP1258"},
+    {1258, "WINDOWS-1258"},
+
+    {850, "850"},
+    {850, "CP850"},
+    {850, "IBM850"},
+    {850, "CSPC850MULTILINGUAL"},
+
+    /* !IsValidCodePage(862) */
+    {862, "862"},
+    {862, "CP862"},
+    {862, "IBM862"},
+    {862, "CSPC862LATINHEBREW"},
+
+    {866, "866"},
+    {866, "CP866"},
+    {866, "IBM866"},
+    {866, "CSIBM866"},
+
+    /* !IsValidCodePage(154) */
+    {154, "CP154"},
+    {154, "CYRILLIC-ASIAN"},
+    {154, "PT154"},
+    {154, "PTCP154"},
+    {154, "CSPTCP154"},
+
+    /* !IsValidCodePage(1133) */
+    {1133, "CP1133"},
+    {1133, "IBM-CP1133"},
+
+    {874, "CP874"},
+    {874, "WINDOWS-874"},
+
+    /* !IsValidCodePage(51932) */
+    {51932, "CP51932"},
+    {51932, "MS51932"},
+    {51932, "WINDOWS-51932"},
+    {51932, "EUC-JP"},
+
+    {932, "CP932"},
+    {932, "MS932"},
+    {932, "SHIFFT_JIS"},
+    {932, "SHIFFT_JIS-MS"},
+    {932, "SJIS"},
+    {932, "SJIS-MS"},
+    {932, "SJIS-OPEN"},
+    {932, "SJIS-WIN"},
+    {932, "WINDOWS-31J"},
+    {932, "WINDOWS-932"},
+    {932, "CSWINDOWS31J"},
+
+    {50221, "CP50221"},
+    {50221, "ISO-2022-JP"},
+    {50221, "ISO-2022-JP-MS"},
+    {50221, "ISO2022-JP"},
+    {50221, "ISO2022-JP-MS"},
+    {50221, "MS50221"},
+    {50221, "WINDOWS-50221"},
+
+    {936, "CP936"},
+    {936, "GBK"},
+    {936, "MS936"},
+    {936, "WINDOWS-936"},
+
+    {950, "CP950"},
+    {950, "BIG5"},
+    {950, "BIG5HKSCS"},
+    {950, "BIG5-HKSCS"},
+
+    {949, "CP949"},
+    {949, "UHC"},
+    {949, "EUC-KR"},
+
+    {1361, "CP1361"},
+    {1361, "JOHAB"},
+
+    {437, "437"},
+    {437, "CP437"},
+    {437, "IBM437"},
+    {437, "CSPC8CODEPAGE437"},
+
+    {737, "CP737"},
+
+    {775, "CP775"},
+    {775, "IBM775"},
+    {775, "CSPC775BALTIC"},
+
+    {852, "852"},
+    {852, "CP852"},
+    {852, "IBM852"},
+    {852, "CSPCP852"},
+
+    /* !IsValidCodePage(853) */
+    {853, "CP853"},
+
+    {855, "855"},
+    {855, "CP855"},
+    {855, "IBM855"},
+    {855, "CSIBM855"},
+
+    {857, "857"},
+    {857, "CP857"},
+    {857, "IBM857"},
+    {857, "CSIBM857"},
+
+    /* !IsValidCodePage(858) */
+    {858, "CP858"},
+
+    {860, "860"},
+    {860, "CP860"},
+    {860, "IBM860"},
+    {860, "CSIBM860"},
+
+    {861, "861"},
+    {861, "CP-IS"},
+    {861, "CP861"},
+    {861, "IBM861"},
+    {861, "CSIBM861"},
+
+    {863, "863"},
+    {863, "CP863"},
+    {863, "IBM863"},
+    {863, "CSIBM863"},
+
+    {864, "CP864"},
+    {864, "IBM864"},
+    {864, "CSIBM864"},
+
+    {865, "865"},
+    {865, "CP865"},
+    {865, "IBM865"},
+    {865, "CSIBM865"},
+
+    {869, "869"},
+    {869, "CP-GR"},
+    {869, "CP869"},
+    {869, "IBM869"},
+    {869, "CSIBM869"},
+
+    /* !IsValidCodePage(1152) */
+    {1125, "CP1125"},
+
+    /*
+     * Code Page Identifiers
+     * http://msdn2.microsoft.com/en-us/library/ms776446.aspx
+     */
+    {37, "IBM037"}, /* IBM EBCDIC US-Canada */
+    {437, "IBM437"}, /* OEM United States */
+    {500, "IBM500"}, /* IBM EBCDIC International */
+    {708, "ASMO-708"}, /* Arabic (ASMO 708) */
+    /* 709 		Arabic (ASMO-449+, BCON V4) */
+    /* 710 		Arabic - Transparent Arabic */
+    {720, "DOS-720"}, /* Arabic (Transparent ASMO); Arabic (DOS) */
+    {737, "ibm737"}, /* OEM Greek (formerly 437G); Greek (DOS) */
+    {775, "ibm775"}, /* OEM Baltic; Baltic (DOS) */
+    {850, "ibm850"}, /* OEM Multilingual Latin 1; Western European (DOS) */
+    {852, "ibm852"}, /* OEM Latin 2; Central European (DOS) */
+    {855, "IBM855"}, /* OEM Cyrillic (primarily Russian) */
+    {857, "ibm857"}, /* OEM Turkish; Turkish (DOS) */
+    {858, "IBM00858"}, /* OEM Multilingual Latin 1 + Euro symbol */
+    {860, "IBM860"}, /* OEM Portuguese; Portuguese (DOS) */
+    {861, "ibm861"}, /* OEM Icelandic; Icelandic (DOS) */
+    {862, "DOS-862"}, /* OEM Hebrew; Hebrew (DOS) */
+    {863, "IBM863"}, /* OEM French Canadian; French Canadian (DOS) */
+    {864, "IBM864"}, /* OEM Arabic; Arabic (864) */
+    {865, "IBM865"}, /* OEM Nordic; Nordic (DOS) */
+    {866, "cp866"}, /* OEM Russian; Cyrillic (DOS) */
+    {869, "ibm869"}, /* OEM Modern Greek; Greek, Modern (DOS) */
+    {870, "IBM870"}, /* IBM EBCDIC Multilingual/ROECE (Latin 2); IBM EBCDIC Multilingual Latin 2 */
+    {874, "windows-874"}, /* ANSI/OEM Thai (same as 28605, ISO 8859-15); Thai (Windows) */
+    {875, "cp875"}, /* IBM EBCDIC Greek Modern */
+    {932, "shift_jis"}, /* ANSI/OEM Japanese; Japanese (Shift-JIS) */
+    {932, "shift-jis"}, /* alternative name for it */
+    {936, "gb2312"}, /* ANSI/OEM Simplified Chinese (PRC, Singapore); Chinese Simplified (GB2312) */
+    {949, "ks_c_5601-1987"}, /* ANSI/OEM Korean (Unified Hangul Code) */
+    {950, "big5"}, /* ANSI/OEM Traditional Chinese (Taiwan; Hong Kong SAR, PRC); Chinese Traditional (Big5) */
+    {950, "big5hkscs"}, /* ANSI/OEM Traditional Chinese (Hong Kong SAR); Chinese Traditional (Big5-HKSCS) */
+    {950, "big5-hkscs"}, /* alternative name for it */
+    {1026, "IBM1026"}, /* IBM EBCDIC Turkish (Latin 5) */
+    {1047, "IBM01047"}, /* IBM EBCDIC Latin 1/Open System */
+    {1140, "IBM01140"}, /* IBM EBCDIC US-Canada (037 + Euro symbol); IBM EBCDIC (US-Canada-Euro) */
+    {1141, "IBM01141"}, /* IBM EBCDIC Germany (20273 + Euro symbol); IBM EBCDIC (Germany-Euro) */
+    {1142, "IBM01142"}, /* IBM EBCDIC Denmark-Norway (20277 + Euro symbol); IBM EBCDIC (Denmark-Norway-Euro) */
+    {1143, "IBM01143"}, /* IBM EBCDIC Finland-Sweden (20278 + Euro symbol); IBM EBCDIC (Finland-Sweden-Euro) */
+    {1144, "IBM01144"}, /* IBM EBCDIC Italy (20280 + Euro symbol); IBM EBCDIC (Italy-Euro) */
+    {1145, "IBM01145"}, /* IBM EBCDIC Latin America-Spain (20284 + Euro symbol); IBM EBCDIC (Spain-Euro) */
+    {1146, "IBM01146"}, /* IBM EBCDIC United Kingdom (20285 + Euro symbol); IBM EBCDIC (UK-Euro) */
+    {1147, "IBM01147"}, /* IBM EBCDIC France (20297 + Euro symbol); IBM EBCDIC (France-Euro) */
+    {1148, "IBM01148"}, /* IBM EBCDIC International (500 + Euro symbol); IBM EBCDIC (International-Euro) */
+    {1149, "IBM01149"}, /* IBM EBCDIC Icelandic (20871 + Euro symbol); IBM EBCDIC (Icelandic-Euro) */
+    {1250, "windows-1250"}, /* ANSI Central European; Central European (Windows) */
+    {1251, "windows-1251"}, /* ANSI Cyrillic; Cyrillic (Windows) */
+    {1252, "windows-1252"}, /* ANSI Latin 1; Western European (Windows) */
+    {1253, "windows-1253"}, /* ANSI Greek; Greek (Windows) */
+    {1254, "windows-1254"}, /* ANSI Turkish; Turkish (Windows) */
+    {1255, "windows-1255"}, /* ANSI Hebrew; Hebrew (Windows) */
+    {1256, "windows-1256"}, /* ANSI Arabic; Arabic (Windows) */
+    {1257, "windows-1257"}, /* ANSI Baltic; Baltic (Windows) */
+    {1258, "windows-1258"}, /* ANSI/OEM Vietnamese; Vietnamese (Windows) */
+    {1361, "Johab"}, /* Korean (Johab) */
+    {10000, "macintosh"}, /* MAC Roman; Western European (Mac) */
+    {10001, "x-mac-japanese"}, /* Japanese (Mac) */
+    {10002, "x-mac-chinesetrad"}, /* MAC Traditional Chinese (Big5); Chinese Traditional (Mac) */
+    {10003, "x-mac-korean"}, /* Korean (Mac) */
+    {10004, "x-mac-arabic"}, /* Arabic (Mac) */
+    {10005, "x-mac-hebrew"}, /* Hebrew (Mac) */
+    {10006, "x-mac-greek"}, /* Greek (Mac) */
+    {10007, "x-mac-cyrillic"}, /* Cyrillic (Mac) */
+    {10008, "x-mac-chinesesimp"}, /* MAC Simplified Chinese (GB 2312); Chinese Simplified (Mac) */
+    {10010, "x-mac-romanian"}, /* Romanian (Mac) */
+    {10017, "x-mac-ukrainian"}, /* Ukrainian (Mac) */
+    {10021, "x-mac-thai"}, /* Thai (Mac) */
+    {10029, "x-mac-ce"}, /* MAC Latin 2; Central European (Mac) */
+    {10079, "x-mac-icelandic"}, /* Icelandic (Mac) */
+    {10081, "x-mac-turkish"}, /* Turkish (Mac) */
+    {10082, "x-mac-croatian"}, /* Croatian (Mac) */
+    {20000, "x-Chinese_CNS"}, /* CNS Taiwan; Chinese Traditional (CNS) */
+    {20001, "x-cp20001"}, /* TCA Taiwan */
+    {20002, "x_Chinese-Eten"}, /* Eten Taiwan; Chinese Traditional (Eten) */
+    {20003, "x-cp20003"}, /* IBM5550 Taiwan */
+    {20004, "x-cp20004"}, /* TeleText Taiwan */
+    {20005, "x-cp20005"}, /* Wang Taiwan */
+    {20105, "x-IA5"}, /* IA5 (IRV International Alphabet No. 5, 7-bit); Western European (IA5) */
+    {20106, "x-IA5-German"}, /* IA5 German (7-bit) */
+    {20107, "x-IA5-Swedish"}, /* IA5 Swedish (7-bit) */
+    {20108, "x-IA5-Norwegian"}, /* IA5 Norwegian (7-bit) */
+    {20127, "us-ascii"}, /* US-ASCII (7-bit) */
+    {20261, "x-cp20261"}, /* T.61 */
+    {20269, "x-cp20269"}, /* ISO 6937 Non-Spacing Accent */
+    {20273, "IBM273"}, /* IBM EBCDIC Germany */
+    {20277, "IBM277"}, /* IBM EBCDIC Denmark-Norway */
+    {20278, "IBM278"}, /* IBM EBCDIC Finland-Sweden */
+    {20280, "IBM280"}, /* IBM EBCDIC Italy */
+    {20284, "IBM284"}, /* IBM EBCDIC Latin America-Spain */
+    {20285, "IBM285"}, /* IBM EBCDIC United Kingdom */
+    {20290, "IBM290"}, /* IBM EBCDIC Japanese Katakana Extended */
+    {20297, "IBM297"}, /* IBM EBCDIC France */
+    {20420, "IBM420"}, /* IBM EBCDIC Arabic */
+    {20423, "IBM423"}, /* IBM EBCDIC Greek */
+    {20424, "IBM424"}, /* IBM EBCDIC Hebrew */
+    {20833, "x-EBCDIC-KoreanExtended"}, /* IBM EBCDIC Korean Extended */
+    {20838, "IBM-Thai"}, /* IBM EBCDIC Thai */
+    {20866, "koi8-r"}, /* Russian (KOI8-R); Cyrillic (KOI8-R) */
+    {20871, "IBM871"}, /* IBM EBCDIC Icelandic */
+    {20880, "IBM880"}, /* IBM EBCDIC Cyrillic Russian */
+    {20905, "IBM905"}, /* IBM EBCDIC Turkish */
+    {20924, "IBM00924"}, /* IBM EBCDIC Latin 1/Open System (1047 + Euro symbol) */
+    {20932, "EUC-JP"}, /* Japanese (JIS 0208-1990 and 0121-1990) */
+    {20936, "x-cp20936"}, /* Simplified Chinese (GB2312); Chinese Simplified (GB2312-80) */
+    {20949, "x-cp20949"}, /* Korean Wansung */
+    {21025, "cp1025"}, /* IBM EBCDIC Cyrillic Serbian-Bulgarian */
+    /* 21027 		(deprecated) */
+    {21866, "koi8-u"}, /* Ukrainian (KOI8-U); Cyrillic (KOI8-U) */
+    {28591, "iso-8859-1"}, /* ISO 8859-1 Latin 1; Western European (ISO) */
+    {28591, "iso8859-1"}, /* ISO 8859-1 Latin 1; Western European (ISO) */
+    {28591, "iso_8859-1"},
+    {28591, "iso_8859_1"},
+    {28592, "iso-8859-2"}, /* ISO 8859-2 Central European; Central European (ISO) */
+    {28592, "iso8859-2"}, /* ISO 8859-2 Central European; Central European (ISO) */
+    {28592, "iso_8859-2"},
+    {28592, "iso_8859_2"},
+    {28593, "iso-8859-3"}, /* ISO 8859-3 Latin 3 */
+    {28593, "iso8859-3"}, /* ISO 8859-3 Latin 3 */
+    {28593, "iso_8859-3"},
+    {28593, "iso_8859_3"},
+    {28594, "iso-8859-4"}, /* ISO 8859-4 Baltic */
+    {28594, "iso8859-4"}, /* ISO 8859-4 Baltic */
+    {28594, "iso_8859-4"},
+    {28594, "iso_8859_4"},
+    {28595, "iso-8859-5"}, /* ISO 8859-5 Cyrillic */
+    {28595, "iso8859-5"}, /* ISO 8859-5 Cyrillic */
+    {28595, "iso_8859-5"},
+    {28595, "iso_8859_5"},
+    {28596, "iso-8859-6"}, /* ISO 8859-6 Arabic */
+    {28596, "iso8859-6"}, /* ISO 8859-6 Arabic */
+    {28596, "iso_8859-6"},
+    {28596, "iso_8859_6"},
+    {28597, "iso-8859-7"}, /* ISO 8859-7 Greek */
+    {28597, "iso8859-7"}, /* ISO 8859-7 Greek */
+    {28597, "iso_8859-7"},
+    {28597, "iso_8859_7"},
+    {28598, "iso-8859-8"}, /* ISO 8859-8 Hebrew; Hebrew (ISO-Visual) */
+    {28598, "iso8859-8"}, /* ISO 8859-8 Hebrew; Hebrew (ISO-Visual) */
+    {28598, "iso_8859-8"},
+    {28598, "iso_8859_8"},
+    {28599, "iso-8859-9"}, /* ISO 8859-9 Turkish */
+    {28599, "iso8859-9"}, /* ISO 8859-9 Turkish */
+    {28599, "iso_8859-9"},
+    {28599, "iso_8859_9"},
+    {28603, "iso-8859-13"}, /* ISO 8859-13 Estonian */
+    {28603, "iso8859-13"}, /* ISO 8859-13 Estonian */
+    {28603, "iso_8859-13"},
+    {28603, "iso_8859_13"},
+    {28605, "iso-8859-15"}, /* ISO 8859-15 Latin 9 */
+    {28605, "iso8859-15"}, /* ISO 8859-15 Latin 9 */
+    {28605, "iso_8859-15"},
+    {28605, "iso_8859_15"},
+    {29001, "x-Europa"}, /* Europa 3 */
+    {38598, "iso-8859-8-i"}, /* ISO 8859-8 Hebrew; Hebrew (ISO-Logical) */
+    {38598, "iso8859-8-i"}, /* ISO 8859-8 Hebrew; Hebrew (ISO-Logical) */
+    {38598, "iso_8859-8-i"},
+    {38598, "iso_8859_8-i"},
+    {50220, "iso-2022-jp"}, /* ISO 2022 Japanese with no halfwidth Katakana; Japanese (JIS) */
+    {50221, "csISO2022JP"}, /* ISO 2022 Japanese with halfwidth Katakana; Japanese (JIS-Allow 1 byte Kana) */
+    {50222, "iso-2022-jp"}, /* ISO 2022 Japanese JIS X 0201-1989; Japanese (JIS-Allow 1 byte Kana - SO/SI) */
+    {50225, "iso-2022-kr"}, /* ISO 2022 Korean */
+    {50225, "iso2022-kr"}, /* ISO 2022 Korean */
+    {50227, "x-cp50227"}, /* ISO 2022 Simplified Chinese; Chinese Simplified (ISO 2022) */
+    /* 50229 		ISO 2022 Traditional Chinese */
+    /* 50930 		EBCDIC Japanese (Katakana) Extended */
+    /* 50931 		EBCDIC US-Canada and Japanese */
+    /* 50933 		EBCDIC Korean Extended and Korean */
+    /* 50935 		EBCDIC Simplified Chinese Extended and Simplified Chinese */
+    /* 50936 		EBCDIC Simplified Chinese */
+    /* 50937 		EBCDIC US-Canada and Traditional Chinese */
+    /* 50939 		EBCDIC Japanese (Latin) Extended and Japanese */
+    {51932, "euc-jp"}, /* EUC Japanese */
+    {51936, "EUC-CN"}, /* EUC Simplified Chinese; Chinese Simplified (EUC) */
+    {51949, "euc-kr"}, /* EUC Korean */
+    /* 51950 		EUC Traditional Chinese */
+    {52936, "hz-gb-2312"}, /* HZ-GB2312 Simplified Chinese; Chinese Simplified (HZ) */
+    {54936, "GB18030"}, /* Windows XP and later: GB18030 Simplified Chinese (4 byte); Chinese Simplified (GB18030) */
+    {57002, "x-iscii-de"}, /* ISCII Devanagari */
+    {57003, "x-iscii-be"}, /* ISCII Bengali */
+    {57004, "x-iscii-ta"}, /* ISCII Tamil */
+    {57005, "x-iscii-te"}, /* ISCII Telugu */
+    {57006, "x-iscii-as"}, /* ISCII Assamese */
+    {57007, "x-iscii-or"}, /* ISCII Oriya */
+    {57008, "x-iscii-ka"}, /* ISCII Kannada */
+    {57009, "x-iscii-ma"}, /* ISCII Malayalam */
+    {57010, "x-iscii-gu"}, /* ISCII Gujarati */
+    {57011, "x-iscii-pa"}, /* ISCII Punjabi */
+
+    {0, NULL}
+};
+
+/*
+ * SJIS SHIFTJIS table              CP932 table
+ * ---- --------------------------- --------------------------------
+ *   5C U+00A5 YEN SIGN             U+005C REVERSE SOLIDUS
+ *   7E U+203E OVERLINE             U+007E TILDE
+ * 815C U+2014 EM DASH              U+2015 HORIZONTAL BAR
+ * 815F U+005C REVERSE SOLIDUS      U+FF3C FULLWIDTH REVERSE SOLIDUS
+ * 8160 U+301C WAVE DASH            U+FF5E FULLWIDTH TILDE
+ * 8161 U+2016 DOUBLE VERTICAL LINE U+2225 PARALLEL TO
+ * 817C U+2212 MINUS SIGN           U+FF0D FULLWIDTH HYPHEN-MINUS
+ * 8191 U+00A2 CENT SIGN            U+FFE0 FULLWIDTH CENT SIGN
+ * 8192 U+00A3 POUND SIGN           U+FFE1 FULLWIDTH POUND SIGN
+ * 81CA U+00AC NOT SIGN             U+FFE2 FULLWIDTH NOT SIGN
+ *
+ * EUC-JP and ISO-2022-JP should be compatible with CP932.
+ *
+ * Kernel and MLang have different Unicode mapping table.  Make sure
+ * which API is used.
+ */
+static compat_t cp932_compat[] = {
+    {0x00A5, 0x005C, COMPAT_OUT},
+    {0x203E, 0x007E, COMPAT_OUT},
+    {0x2014, 0x2015, COMPAT_OUT},
+    {0x301C, 0xFF5E, COMPAT_OUT},
+    {0x2016, 0x2225, COMPAT_OUT},
+    {0x2212, 0xFF0D, COMPAT_OUT},
+    {0x00A2, 0xFFE0, COMPAT_OUT},
+    {0x00A3, 0xFFE1, COMPAT_OUT},
+    {0x00AC, 0xFFE2, COMPAT_OUT},
+    {0, 0, 0}
+};
+
+static compat_t cp20932_compat[] = {
+    {0x00A5, 0x005C, COMPAT_OUT},
+    {0x203E, 0x007E, COMPAT_OUT},
+    {0x2014, 0x2015, COMPAT_OUT},
+    {0xFF5E, 0x301C, COMPAT_OUT|COMPAT_IN},
+    {0x2225, 0x2016, COMPAT_OUT|COMPAT_IN},
+    {0xFF0D, 0x2212, COMPAT_OUT|COMPAT_IN},
+    {0xFFE0, 0x00A2, COMPAT_OUT|COMPAT_IN},
+    {0xFFE1, 0x00A3, COMPAT_OUT|COMPAT_IN},
+    {0xFFE2, 0x00AC, COMPAT_OUT|COMPAT_IN},
+    {0, 0, 0}
+};
+
+static compat_t *cp51932_compat = cp932_compat;
+
+/* cp20932_compat for kernel.  cp932_compat for mlang. */
+static compat_t *cp5022x_compat = cp932_compat;
+
+typedef HRESULT (WINAPI *CONVERTINETSTRING)(
+    LPDWORD lpdwMode,
+    DWORD dwSrcEncoding,
+    DWORD dwDstEncoding,
+    LPCSTR lpSrcStr,
+    LPINT lpnSrcSize,
+    LPBYTE lpDstStr,
+    LPINT lpnDstSize
+);
+typedef HRESULT (WINAPI *CONVERTINETMULTIBYTETOUNICODE)(
+    LPDWORD lpdwMode,
+    DWORD dwSrcEncoding,
+    LPCSTR lpSrcStr,
+    LPINT lpnMultiCharCount,
+    LPWSTR lpDstStr,
+    LPINT lpnWideCharCount
+);
+typedef HRESULT (WINAPI *CONVERTINETUNICODETOMULTIBYTE)(
+    LPDWORD lpdwMode,
+    DWORD dwEncoding,
+    LPCWSTR lpSrcStr,
+    LPINT lpnWideCharCount,
+    LPSTR lpDstStr,
+    LPINT lpnMultiCharCount
+);
+typedef HRESULT (WINAPI *ISCONVERTINETSTRINGAVAILABLE)(
+    DWORD dwSrcEncoding,
+    DWORD dwDstEncoding
+);
+typedef HRESULT (WINAPI *LCIDTORFC1766A)(
+    LCID Locale,
+    LPSTR pszRfc1766,
+    int nChar
+);
+typedef HRESULT (WINAPI *LCIDTORFC1766W)(
+    LCID Locale,
+    LPWSTR pszRfc1766,
+    int nChar
+);
+typedef HRESULT (WINAPI *RFC1766TOLCIDA)(
+    LCID *pLocale,
+    LPSTR pszRfc1766
+);
+typedef HRESULT (WINAPI *RFC1766TOLCIDW)(
+    LCID *pLocale,
+    LPWSTR pszRfc1766
+);
+static CONVERTINETSTRING ConvertINetString;
+static CONVERTINETMULTIBYTETOUNICODE ConvertINetMultiByteToUnicode;
+static CONVERTINETUNICODETOMULTIBYTE ConvertINetUnicodeToMultiByte;
+static ISCONVERTINETSTRINGAVAILABLE IsConvertINetStringAvailable;
+static LCIDTORFC1766A LcidToRfc1766A;
+static RFC1766TOLCIDA Rfc1766ToLcidA;
+
+static int
+load_mlang(void)
+{
+    HMODULE h;
+    if (ConvertINetString != NULL)
+        return TRUE;
+    h = LoadLibrary(TEXT("mlang.dll"));
+    if (!h)
+        return FALSE;
+    ConvertINetString = (CONVERTINETSTRING)GetProcAddressA(h, "ConvertINetString");
+    ConvertINetMultiByteToUnicode = (CONVERTINETMULTIBYTETOUNICODE)GetProcAddressA(h, "ConvertINetMultiByteToUnicode");
+    ConvertINetUnicodeToMultiByte = (CONVERTINETUNICODETOMULTIBYTE)GetProcAddressA(h, "ConvertINetUnicodeToMultiByte");
+    IsConvertINetStringAvailable = (ISCONVERTINETSTRINGAVAILABLE)GetProcAddressA(h, "IsConvertINetStringAvailable");
+    LcidToRfc1766A = (LCIDTORFC1766A)GetProcAddressA(h, "LcidToRfc1766A");
+    Rfc1766ToLcidA = (RFC1766TOLCIDA)GetProcAddressA(h, "Rfc1766ToLcidA");
+    return TRUE;
+}
+
+iconv_t
+iconv_open(const char *tocode, const char *fromcode)
+{
+    rec_iconv_t *cd;
+
+    cd = (rec_iconv_t *)calloc(1, sizeof(rec_iconv_t));
+    if (cd == NULL)
+        return (iconv_t)(-1);
+
+#if defined(USE_LIBICONV_DLL)
+    errno = 0;
+    if (libiconv_iconv_open(cd, tocode, fromcode))
+        return (iconv_t)cd;
+#endif
+
+    /* reset the errno to prevent reporting wrong error code.
+     * 0 for unsorted error. */
+    errno = 0;
+    if (win_iconv_open(cd, tocode, fromcode))
+        return (iconv_t)cd;
+
+    free(cd);
+
+    return (iconv_t)(-1);
+}
+
+int
+iconv_close(iconv_t _cd)
+{
+    rec_iconv_t *cd = (rec_iconv_t *)_cd;
+    int r = cd->iconv_close(cd->cd);
+    int e = *(cd->_errno());
+#if defined(USE_LIBICONV_DLL)
+    if (cd->hlibiconv != NULL)
+        FreeLibrary(cd->hlibiconv);
+#endif
+    free(cd);
+    errno = e;
+    return r;
+}
+
+size_t
+iconv(iconv_t _cd, const char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft)
+{
+    rec_iconv_t *cd = (rec_iconv_t *)_cd;
+    size_t r = cd->iconv(cd->cd, inbuf, inbytesleft, outbuf, outbytesleft);
+    errno = *(cd->_errno());
+    return r;
+}
+
+static int
+win_iconv_open(rec_iconv_t *cd, const char *tocode, const char *fromcode)
+{
+    if (!make_csconv(fromcode, &cd->from) || !make_csconv(tocode, &cd->to))
+        return FALSE;
+    cd->iconv_close = win_iconv_close;
+    cd->iconv = win_iconv;
+    cd->_errno = _errno;
+    cd->cd = (iconv_t)cd;
+    return TRUE;
+}
+
+static int
+win_iconv_close(iconv_t cd UNUSED)
+{
+    return 0;
+}
+
+static size_t
+win_iconv(iconv_t _cd, const char **inbuf, size_t *inbytesleft, char **outbuf, size_t *outbytesleft)
+{
+    rec_iconv_t *cd = (rec_iconv_t *)_cd;
+    ushort wbuf[MB_CHAR_MAX]; /* enough room for one character */
+    int insize;
+    int outsize;
+    int wsize;
+    DWORD frommode;
+    DWORD tomode;
+    uint wc;
+    compat_t *cp;
+    int i;
+
+    if (inbuf == NULL || *inbuf == NULL)
+    {
+        if (outbuf != NULL && *outbuf != NULL && cd->to.flush != NULL)
+        {
+            tomode = cd->to.mode;
+            outsize = cd->to.flush(&cd->to, (uchar *)*outbuf, *outbytesleft);
+            if (outsize == -1)
+            {
+                if ((cd->to.flags & FLAG_IGNORE) && errno != E2BIG)
+                {
+                    outsize = 0;
+                }
+                else
+                {
+                    cd->to.mode = tomode;
+                    return (size_t)(-1);
+                }
+            }
+            *outbuf += outsize;
+            *outbytesleft -= outsize;
+        }
+        cd->from.mode = 0;
+        cd->to.mode = 0;
+        return 0;
+    }
+
+    while (*inbytesleft != 0)
+    {
+        frommode = cd->from.mode;
+        tomode = cd->to.mode;
+        wsize = MB_CHAR_MAX;
+
+        insize = cd->from.mbtowc(&cd->from, (const uchar *)*inbuf, *inbytesleft, wbuf, &wsize);
+        if (insize == -1)
+        {
+            if (cd->to.flags & FLAG_IGNORE)
+            {
+                cd->from.mode = frommode;
+                insize = 1;
+                wsize = 0;
+            }
+            else
+            {
+                cd->from.mode = frommode;
+                return (size_t)(-1);
+            }
+        }
+
+        if (wsize == 0)
+        {
+            *inbuf += insize;
+            *inbytesleft -= insize;
+            continue;
+        }
+
+        if (cd->from.compat != NULL)
+        {
+            wc = utf16_to_ucs4(wbuf);
+            cp = cd->from.compat;
+            for (i = 0; cp[i].in != 0; ++i)
+            {
+                if ((cp[i].flag & COMPAT_IN) && cp[i].out == wc)
+                {
+                    ucs4_to_utf16(cp[i].in, wbuf, &wsize);
+                    break;
+                }
+            }
+        }
+
+        if (cd->to.compat != NULL)
+        {
+            wc = utf16_to_ucs4(wbuf);
+            cp = cd->to.compat;
+            for (i = 0; cp[i].in != 0; ++i)
+            {
+                if ((cp[i].flag & COMPAT_OUT) && cp[i].in == wc)
+                {
+                    ucs4_to_utf16(cp[i].out, wbuf, &wsize);
+                    break;
+                }
+            }
+        }
+
+        outsize = cd->to.wctomb(&cd->to, wbuf, wsize, (uchar *)*outbuf, *outbytesleft);
+        if (outsize == -1)
+        {
+            if ((cd->to.flags & FLAG_IGNORE) && errno != E2BIG)
+            {
+                cd->to.mode = tomode;
+                outsize = 0;
+            }
+            else
+            {
+                cd->from.mode = frommode;
+                cd->to.mode = tomode;
+                return (size_t)(-1);
+            }
+        }
+
+        *inbuf += insize;
+        *outbuf += outsize;
+        *inbytesleft -= insize;
+        *outbytesleft -= outsize;
+    }
+
+    return 0;
+}
+
+static int
+make_csconv(const char *_name, csconv_t *cv)
+{
+    CPINFO cpinfo;
+    int use_compat = TRUE;
+    int flag = 0;
+    char *name;
+    char *p;
+
+    name = xstrndup(_name, strlen(_name));
+    if (name == NULL)
+        return FALSE;
+
+    /* check for option "enc_name//opt1//opt2" */
+    while ((p = strrstr(name, "//")) != NULL)
+    {
+        if (_stricmp(p + 2, "nocompat") == 0)
+            use_compat = FALSE;
+        else if (_stricmp(p + 2, "translit") == 0)
+            flag |= FLAG_TRANSLIT;
+        else if (_stricmp(p + 2, "ignore") == 0)
+            flag |= FLAG_IGNORE;
+        *p = 0;
+    }
+
+    cv->mode = 0;
+    cv->flags = flag;
+    cv->mblen = NULL;
+    cv->flush = NULL;
+    cv->compat = NULL;
+    cv->codepage = name_to_codepage(name);
+    if (cv->codepage == 1200 || cv->codepage == 1201)
+    {
+        cv->mbtowc = utf16_mbtowc;
+        cv->wctomb = utf16_wctomb;
+        if (_stricmp(name, "UTF-16") == 0 || _stricmp(name, "UTF16") == 0 ||
+          _stricmp(name, "UCS-2") == 0 || _stricmp(name, "UCS2") == 0 ||
+	  _stricmp(name,"UCS-2-INTERNAL") == 0)
+            cv->flags |= FLAG_USE_BOM;
+    }
+    else if (cv->codepage == 12000 || cv->codepage == 12001)
+    {
+        cv->mbtowc = utf32_mbtowc;
+        cv->wctomb = utf32_wctomb;
+        if (_stricmp(name, "UTF-32") == 0 || _stricmp(name, "UTF32") == 0 ||
+          _stricmp(name, "UCS-4") == 0 || _stricmp(name, "UCS4") == 0)
+            cv->flags |= FLAG_USE_BOM;
+    }
+    else if (cv->codepage == 65001)
+    {
+        cv->mbtowc = kernel_mbtowc;
+        cv->wctomb = kernel_wctomb;
+        cv->mblen = utf8_mblen;
+    }
+    else if ((cv->codepage == 50220 || cv->codepage == 50221 || cv->codepage == 50222) && load_mlang())
+    {
+        cv->mbtowc = iso2022jp_mbtowc;
+        cv->wctomb = iso2022jp_wctomb;
+        cv->flush = iso2022jp_flush;
+    }
+    else if (cv->codepage == 51932 && load_mlang())
+    {
+        cv->mbtowc = mlang_mbtowc;
+        cv->wctomb = mlang_wctomb;
+        cv->mblen = eucjp_mblen;
+    }
+    else if (IsValidCodePage(cv->codepage)
+	     && GetCPInfo(cv->codepage, &cpinfo) != 0)
+    {
+        cv->mbtowc = kernel_mbtowc;
+        cv->wctomb = kernel_wctomb;
+        if (cpinfo.MaxCharSize == 1)
+            cv->mblen = sbcs_mblen;
+        else if (cpinfo.MaxCharSize == 2)
+            cv->mblen = dbcs_mblen;
+        else
+	    cv->mblen = mbcs_mblen;
+    }
+    else
+    {
+        /* not supported */
+        free(name);
+        errno = EINVAL;
+        return FALSE;
+    }
+
+    if (use_compat)
+    {
+        switch (cv->codepage)
+        {
+        case 932: cv->compat = cp932_compat; break;
+        case 20932: cv->compat = cp20932_compat; break;
+        case 51932: cv->compat = cp51932_compat; break;
+        case 50220: case 50221: case 50222: cv->compat = cp5022x_compat; break;
+        }
+    }
+
+    free(name);
+
+    return TRUE;
+}
+
+static int
+name_to_codepage(const char *name)
+{
+    int i;
+
+    if (*name == '\0' ||
+	strcmp(name, "char") == 0)
+        return GetACP();
+    else if (strcmp(name, "wchar_t") == 0)
+        return 1200;
+    else if (_strnicmp(name, "cp", 2) == 0)
+        return atoi(name + 2); /* CP123 */
+    else if ('0' <= name[0] && name[0] <= '9')
+        return atoi(name);     /* 123 */
+    else if (_strnicmp(name, "xx", 2) == 0)
+        return atoi(name + 2); /* XX123 for debug */
+
+    for (i = 0; codepage_alias[i].name != NULL; ++i)
+        if (_stricmp(name, codepage_alias[i].name) == 0)
+            return codepage_alias[i].codepage;
+    return -1;
+}
+
+/*
+ * http://www.faqs.org/rfcs/rfc2781.html
+ */
+static uint
+utf16_to_ucs4(const ushort *wbuf)
+{
+    uint wc = wbuf[0];
+    if (0xD800 <= wbuf[0] && wbuf[0] <= 0xDBFF)
+        wc = ((wbuf[0] & 0x3FF) << 10) + (wbuf[1] & 0x3FF) + 0x10000;
+    return wc;
+}
+
+static void
+ucs4_to_utf16(uint wc, ushort *wbuf, int *wbufsize)
+{
+    if (wc < 0x10000)
+    {
+        wbuf[0] = wc;
+        *wbufsize = 1;
+    }
+    else
+    {
+        wc -= 0x10000;
+        wbuf[0] = 0xD800 | ((wc >> 10) & 0x3FF);
+        wbuf[1] = 0xDC00 | (wc & 0x3FF);
+        *wbufsize = 2;
+    }
+}
+
+/*
+ * Check if codepage is one of those for which the dwFlags parameter
+ * to MultiByteToWideChar() must be zero. Return zero or
+ * MB_ERR_INVALID_CHARS.  The docs in Platform SDK for Windows
+ * Server 2003 R2 claims that also codepage 65001 is one of these, but
+ * that doesn't seem to be the case. The MSDN docs for MSVS2008 leave
+ * out 65001 (UTF-8), and that indeed seems to be the case on XP, it
+ * works fine to pass MB_ERR_INVALID_CHARS in dwFlags when converting
+ * from UTF-8.
+ */
+static int
+mbtowc_flags(int codepage)
+{
+    return (codepage == 50220 || codepage == 50221 ||
+	    codepage == 50222 || codepage == 50225 ||
+	    codepage == 50227 || codepage == 50229 ||
+	    codepage == 52936 || codepage == 54936 ||
+	    (codepage >= 57002 && codepage <= 57011) ||
+	    codepage == 65000 || codepage == 42) ? 0 : MB_ERR_INVALID_CHARS;
+}
+
+/*
+ * Check if codepage is one those for which the lpUsedDefaultChar
+ * parameter to WideCharToMultiByte() must be NULL.  The docs in
+ * Platform SDK for Windows Server 2003 R2 claims that this is the
+ * list below, while the MSDN docs for MSVS2008 claim that it is only
+ * for 65000 (UTF-7) and 65001 (UTF-8). This time the earlier Platform
+ * SDK seems to be correct, at least for XP.
+ */
+static int
+must_use_null_useddefaultchar(int codepage)
+{
+    return (codepage == 65000 || codepage == 65001 ||
+            codepage == 50220 || codepage == 50221 ||
+            codepage == 50222 || codepage == 50225 ||
+            codepage == 50227 || codepage == 50229 ||
+            codepage == 52936 || codepage == 54936 ||
+            (codepage >= 57002 && codepage <= 57011) ||
+            codepage == 42);
+}
+
+static char *
+strrstr(const char *str, const char *token)
+{
+    int len = strlen(token);
+    const char *p = str + strlen(str);
+
+    while (str <= --p)
+        if (p[0] == token[0] && strncmp(p, token, len) == 0)
+            return (char *)p;
+    return NULL;
+}
+
+static char *
+xstrndup(const char *s, size_t n)
+{
+    char *p;
+
+    p = (char *)malloc(n + 1);
+    if (p == NULL)
+        return NULL;
+    memcpy(p, s, n);
+    p[n] = '\0';
+    return p;
+}
+
+static int
+seterror(int err)
+{
+    errno = err;
+    return -1;
+}
+
+#if defined(USE_LIBICONV_DLL)
+static int
+libiconv_iconv_open(rec_iconv_t *cd, const char *tocode, const char *fromcode)
+{
+    HMODULE hlibiconv = NULL;
+    char *dllname;
+    const char *p;
+    const char *e;
+    f_iconv_open _iconv_open;
+
+    /*
+     * always try to load dll, so that we can switch dll in runtime.
+     */
+
+    /* XXX: getenv() can't get variable set by SetEnvironmentVariable() */
+    p = getenv("WINICONV_LIBICONV_DLL");
+    if (p == NULL)
+        p = DEFAULT_LIBICONV_DLL;
+    /* parse comma separated value */
+    for ( ; *p != 0; p = (*e == ',') ? e + 1 : e)
+    {
+        e = strchr(p, ',');
+        if (p == e)
+            continue;
+        else if (e == NULL)
+            e = p + strlen(p);
+        dllname = xstrndup(p, e - p);
+        if (dllname == NULL)
+            return FALSE;
+        hlibiconv = LoadLibraryA(dllname);
+        free(dllname);
+        if (hlibiconv != NULL)
+        {
+            if (hlibiconv == hwiniconv)
+            {
+                FreeLibrary(hlibiconv);
+                hlibiconv = NULL;
+                continue;
+            }
+            break;
+        }
+    }
+
+    if (hlibiconv == NULL)
+        goto failed;
+
+    _iconv_open = (f_iconv_open)GetProcAddressA(hlibiconv, "libiconv_open");
+    if (_iconv_open == NULL)
+        _iconv_open = (f_iconv_open)GetProcAddressA(hlibiconv, "iconv_open");
+    cd->iconv_close = (f_iconv_close)GetProcAddressA(hlibiconv, "libiconv_close");
+    if (cd->iconv_close == NULL)
+        cd->iconv_close = (f_iconv_close)GetProcAddressA(hlibiconv, "iconv_close");
+    cd->iconv = (f_iconv)GetProcAddressA(hlibiconv, "libiconv");
+    if (cd->iconv == NULL)
+        cd->iconv = (f_iconv)GetProcAddressA(hlibiconv, "iconv");
+    cd->_errno = (f_errno)find_imported_function(hlibiconv, "_errno");
+    if (_iconv_open == NULL || cd->iconv_close == NULL
+            || cd->iconv == NULL || cd->_errno == NULL)
+        goto failed;
+
+    cd->cd = _iconv_open(tocode, fromcode);
+    if (cd->cd == (iconv_t)(-1))
+        goto failed;
+
+    cd->hlibiconv = hlibiconv;
+    return TRUE;
+
+failed:
+    if (hlibiconv != NULL)
+        FreeLibrary(hlibiconv);
+    return FALSE;
+}
+
+/*
+ * Reference:
+ * http://forums.belution.com/ja/vc/000/234/78s.shtml
+ * http://nienie.com/~masapico/api_ImageDirectoryEntryToData.html
+ *
+ * The formal way is
+ *   imagehlp.h or dbghelp.h
+ *   imagehlp.lib or dbghelp.lib
+ *   ImageDirectoryEntryToData()
+ */
+#define TO_DOS_HEADER(base) ((PIMAGE_DOS_HEADER)(base))
+#define TO_NT_HEADERS(base) ((PIMAGE_NT_HEADERS)((LPBYTE)(base) + TO_DOS_HEADER(base)->e_lfanew))
+static PVOID
+MyImageDirectoryEntryToData(LPVOID Base, BOOLEAN MappedAsImage, USHORT DirectoryEntry, PULONG Size)
+{
+    /* TODO: MappedAsImage? */
+    PIMAGE_DATA_DIRECTORY p;
+    p = TO_NT_HEADERS(Base)->OptionalHeader.DataDirectory + DirectoryEntry;
+    if (p->VirtualAddress == 0) {
+      *Size = 0;
+      return NULL;
+    }
+    *Size = p->Size;
+    return (PVOID)((LPBYTE)Base + p->VirtualAddress);
+}
+
+static FARPROC
+find_imported_function(HMODULE hModule, const char *funcname)
+{
+    DWORD_PTR Base;
+    ULONG Size;
+    PIMAGE_IMPORT_DESCRIPTOR Imp;
+    PIMAGE_THUNK_DATA Address;      /* Import Address Table */
+    PIMAGE_THUNK_DATA Name;         /* Import Name Table */
+    PIMAGE_IMPORT_BY_NAME ImpName;
+
+    Base = (DWORD_PTR)hModule;
+    Imp = (PIMAGE_IMPORT_DESCRIPTOR)MyImageDirectoryEntryToData(
+            (LPVOID)Base,
+            TRUE,
+            IMAGE_DIRECTORY_ENTRY_IMPORT,
+            &Size);
+    if (Imp == NULL)
+        return NULL;
+    for ( ; Imp->OriginalFirstThunk != 0; ++Imp)
+    {
+        Address = (PIMAGE_THUNK_DATA)(Base + Imp->FirstThunk);
+        Name = (PIMAGE_THUNK_DATA)(Base + Imp->OriginalFirstThunk);
+        for ( ; Name->u1.Ordinal != 0; ++Name, ++Address)
+        {
+            if (!IMAGE_SNAP_BY_ORDINAL(Name->u1.Ordinal))
+            {
+                ImpName = (PIMAGE_IMPORT_BY_NAME)
+                    (Base + (DWORD_PTR)Name->u1.AddressOfData);
+                if (strcmp((char *)ImpName->Name, funcname) == 0)
+                    return (FARPROC)Address->u1.Function;
+            }
+        }
+    }
+    return NULL;
+}
+#endif
+
+static int
+sbcs_mblen(csconv_t *cv UNUSED, const uchar *buf UNUSED, int bufsize UNUSED)
+{
+    return 1;
+}
+
+static int
+dbcs_mblen(csconv_t *cv, const uchar *buf, int bufsize)
+{
+    int len = IsDBCSLeadByteEx(cv->codepage, buf[0]) ? 2 : 1;
+    if (bufsize < len)
+        return seterror(EINVAL);
+    return len;
+}
+
+static int
+mbcs_mblen(csconv_t *cv, const uchar *buf, int bufsize)
+{
+    int len = 0;
+
+    if (cv->codepage == 54936) {
+	if (buf[0] <= 0x7F) len = 1;
+	else if (buf[0] >= 0x81 && buf[0] <= 0xFE &&
+		 bufsize >= 2 &&
+		 ((buf[1] >= 0x40 && buf[1] <= 0x7E) ||
+		  (buf[1] >= 0x80 && buf[1] <= 0xFE))) len = 2;
+	else if (buf[0] >= 0x81 && buf[0] <= 0xFE &&
+		 bufsize >= 4 &&
+		 buf[1] >= 0x30 && buf[1] <= 0x39) len = 4;
+	else
+	    return seterror(EINVAL);
+	return len;
+    }
+    else
+	return seterror(EINVAL);
+}
+
+static int
+utf8_mblen(csconv_t *cv UNUSED, const uchar *buf, int bufsize)
+{
+    int len = 0;
+
+    if (buf[0] < 0x80) len = 1;
+    else if ((buf[0] & 0xE0) == 0xC0) len = 2;
+    else if ((buf[0] & 0xF0) == 0xE0) len = 3;
+    else if ((buf[0] & 0xF8) == 0xF0) len = 4;
+    else if ((buf[0] & 0xFC) == 0xF8) len = 5;
+    else if ((buf[0] & 0xFE) == 0xFC) len = 6;
+
+    if (len == 0)
+        return seterror(EILSEQ);
+    else if (bufsize < len)
+        return seterror(EINVAL);
+    return len;
+}
+
+static int
+eucjp_mblen(csconv_t *cv UNUSED, const uchar *buf, int bufsize)
+{
+    if (buf[0] < 0x80) /* ASCII */
+        return 1;
+    else if (buf[0] == 0x8E) /* JIS X 0201 */
+    {
+        if (bufsize < 2)
+            return seterror(EINVAL);
+        else if (!(0xA1 <= buf[1] && buf[1] <= 0xDF))
+            return seterror(EILSEQ);
+        return 2;
+    }
+    else if (buf[0] == 0x8F) /* JIS X 0212 */
+    {
+        if (bufsize < 3)
+            return seterror(EINVAL);
+        else if (!(0xA1 <= buf[1] && buf[1] <= 0xFE)
+                || !(0xA1 <= buf[2] && buf[2] <= 0xFE))
+            return seterror(EILSEQ);
+        return 3;
+    }
+    else /* JIS X 0208 */
+    {
+        if (bufsize < 2)
+            return seterror(EINVAL);
+        else if (!(0xA1 <= buf[0] && buf[0] <= 0xFE)
+                || !(0xA1 <= buf[1] && buf[1] <= 0xFE))
+            return seterror(EILSEQ);
+        return 2;
+    }
+}
+
+static int
+kernel_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize)
+{
+    int len;
+
+    len = cv->mblen(cv, buf, bufsize);
+    if (len == -1)
+        return -1;
+    /* If converting from ASCII, reject 8bit
+     * chars. MultiByteToWideChar() doesn't. Note that for ASCII we
+     * know that the mblen function is sbcs_mblen() so len is 1.
+     */
+    if (cv->codepage == 20127 && buf[0] >= 0x80)
+        return seterror(EILSEQ);
+    *wbufsize = MultiByteToWideChar(cv->codepage, mbtowc_flags (cv->codepage),
+            (const char *)buf, len, (wchar_t *)wbuf, *wbufsize);
+    if (*wbufsize == 0)
+        return seterror(EILSEQ);
+    return len;
+}
+
+static int
+kernel_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize)
+{
+    BOOL usedDefaultChar = 0;
+    BOOL *p = NULL;
+    int flags = 0;
+    int len;
+
+    if (bufsize == 0)
+        return seterror(E2BIG);
+    if (!must_use_null_useddefaultchar(cv->codepage))
+    {
+        p = &usedDefaultChar;
+#ifdef WC_NO_BEST_FIT_CHARS
+        if (!(cv->flags & FLAG_TRANSLIT))
+            flags |= WC_NO_BEST_FIT_CHARS;
+#endif
+    }
+    len = WideCharToMultiByte(cv->codepage, flags,
+            (const wchar_t *)wbuf, wbufsize, (char *)buf, bufsize, NULL, p);
+    if (len == 0)
+    {
+        if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
+            return seterror(E2BIG);
+        return seterror(EILSEQ);
+    }
+    else if (usedDefaultChar && !(cv->flags & FLAG_TRANSLIT))
+        return seterror(EILSEQ);
+    else if (cv->mblen(cv, buf, len) != len) /* validate result */
+        return seterror(EILSEQ);
+    return len;
+}
+
+/*
+ * It seems that the mode (cv->mode) is fixnum.
+ * For example, when converting iso-2022-jp(cp50221) to unicode:
+ *      in ascii sequence: mode=0xC42C0000
+ *   in jisx0208 sequence: mode=0xC42C0001
+ * "C42C" is same for each convert session.
+ * It should be: ((codepage-1)<<16)|state
+ */
+static int
+mlang_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize)
+{
+    int len;
+    int insize;
+    HRESULT hr;
+
+    len = cv->mblen(cv, buf, bufsize);
+    if (len == -1)
+        return -1;
+    insize = len;
+    hr = ConvertINetMultiByteToUnicode(&cv->mode, cv->codepage,
+            (const char *)buf, &insize, (wchar_t *)wbuf, wbufsize);
+    if (hr != S_OK || insize != len)
+        return seterror(EILSEQ);
+    return len;
+}
+
+static int
+mlang_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize)
+{
+    char tmpbuf[MB_CHAR_MAX]; /* enough room for one character */
+    int tmpsize = MB_CHAR_MAX;
+    int insize = wbufsize;
+    HRESULT hr;
+
+    hr = ConvertINetUnicodeToMultiByte(&cv->mode, cv->codepage,
+            (const wchar_t *)wbuf, &wbufsize, tmpbuf, &tmpsize);
+    if (hr != S_OK || insize != wbufsize)
+        return seterror(EILSEQ);
+    else if (bufsize < tmpsize)
+        return seterror(E2BIG);
+    else if (cv->mblen(cv, (uchar *)tmpbuf, tmpsize) != tmpsize)
+        return seterror(EILSEQ);
+    memcpy(buf, tmpbuf, tmpsize);
+    return tmpsize;
+}
+
+static int
+utf16_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize)
+{
+    int codepage = cv->codepage;
+
+    /* swap endian: 1200 <-> 1201 */
+    if (cv->mode & UNICODE_MODE_SWAPPED)
+        codepage ^= 1;
+
+    if (bufsize < 2)
+        return seterror(EINVAL);
+    if (codepage == 1200) /* little endian */
+        wbuf[0] = (buf[1] << 8) | buf[0];
+    else if (codepage == 1201) /* big endian */
+        wbuf[0] = (buf[0] << 8) | buf[1];
+
+    if ((cv->flags & FLAG_USE_BOM) && !(cv->mode & UNICODE_MODE_BOM_DONE))
+    {
+        cv->mode |= UNICODE_MODE_BOM_DONE;
+        if (wbuf[0] == 0xFFFE)
+        {
+            cv->mode |= UNICODE_MODE_SWAPPED;
+            *wbufsize = 0;
+            return 2;
+        }
+        else if (wbuf[0] == 0xFEFF)
+        {
+            *wbufsize = 0;
+            return 2;
+        }
+    }
+
+    if (0xDC00 <= wbuf[0] && wbuf[0] <= 0xDFFF)
+        return seterror(EILSEQ);
+    if (0xD800 <= wbuf[0] && wbuf[0] <= 0xDBFF)
+    {
+        if (bufsize < 4)
+            return seterror(EINVAL);
+        if (codepage == 1200) /* little endian */
+            wbuf[1] = (buf[3] << 8) | buf[2];
+        else if (codepage == 1201) /* big endian */
+            wbuf[1] = (buf[2] << 8) | buf[3];
+        if (!(0xDC00 <= wbuf[1] && wbuf[1] <= 0xDFFF))
+            return seterror(EILSEQ);
+        *wbufsize = 2;
+        return 4;
+    }
+    *wbufsize = 1;
+    return 2;
+}
+
+static int
+utf16_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize)
+{
+    if ((cv->flags & FLAG_USE_BOM) && !(cv->mode & UNICODE_MODE_BOM_DONE))
+    {
+        int r;
+
+        cv->mode |= UNICODE_MODE_BOM_DONE;
+        if (bufsize < 2)
+            return seterror(E2BIG);
+        if (cv->codepage == 1200) /* little endian */
+            memcpy(buf, "\xFF\xFE", 2);
+        else if (cv->codepage == 1201) /* big endian */
+            memcpy(buf, "\xFE\xFF", 2);
+
+        r = utf16_wctomb(cv, wbuf, wbufsize, buf + 2, bufsize - 2);
+        if (r == -1)
+            return -1;
+        return r + 2;
+    }
+
+    if (bufsize < 2)
+        return seterror(E2BIG);
+    if (cv->codepage == 1200) /* little endian */
+    {
+        buf[0] = (wbuf[0] & 0x00FF);
+        buf[1] = (wbuf[0] & 0xFF00) >> 8;
+    }
+    else if (cv->codepage == 1201) /* big endian */
+    {
+        buf[0] = (wbuf[0] & 0xFF00) >> 8;
+        buf[1] = (wbuf[0] & 0x00FF);
+    }
+    if (0xD800 <= wbuf[0] && wbuf[0] <= 0xDBFF)
+    {
+        if (bufsize < 4)
+            return seterror(E2BIG);
+        if (cv->codepage == 1200) /* little endian */
+        {
+            buf[2] = (wbuf[1] & 0x00FF);
+            buf[3] = (wbuf[1] & 0xFF00) >> 8;
+        }
+        else if (cv->codepage == 1201) /* big endian */
+        {
+            buf[2] = (wbuf[1] & 0xFF00) >> 8;
+            buf[3] = (wbuf[1] & 0x00FF);
+        }
+        return 4;
+    }
+    return 2;
+}
+
+static int
+utf32_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize)
+{
+    int codepage = cv->codepage;
+    uint wc = 0xD800;
+
+    /* swap endian: 12000 <-> 12001 */
+    if (cv->mode & UNICODE_MODE_SWAPPED)
+        codepage ^= 1;
+
+    if (bufsize < 4)
+        return seterror(EINVAL);
+    if (codepage == 12000) /* little endian */
+        wc = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0];
+    else if (codepage == 12001) /* big endian */
+        wc = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
+
+    if ((cv->flags & FLAG_USE_BOM) && !(cv->mode & UNICODE_MODE_BOM_DONE))
+    {
+        cv->mode |= UNICODE_MODE_BOM_DONE;
+        if (wc == 0xFFFE0000)
+        {
+            cv->mode |= UNICODE_MODE_SWAPPED;
+            *wbufsize = 0;
+            return 4;
+        }
+        else if (wc == 0x0000FEFF)
+        {
+            *wbufsize = 0;
+            return 4;
+        }
+    }
+
+    if ((0xD800 <= wc && wc <= 0xDFFF) || 0x10FFFF < wc)
+        return seterror(EILSEQ);
+    ucs4_to_utf16(wc, wbuf, wbufsize);
+    return 4;
+}
+
+static int
+utf32_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize)
+{
+    uint wc;
+
+    if ((cv->flags & FLAG_USE_BOM) && !(cv->mode & UNICODE_MODE_BOM_DONE))
+    {
+        int r;
+
+        cv->mode |= UNICODE_MODE_BOM_DONE;
+        if (bufsize < 4)
+            return seterror(E2BIG);
+        if (cv->codepage == 12000) /* little endian */
+            memcpy(buf, "\xFF\xFE\x00\x00", 4);
+        else if (cv->codepage == 12001) /* big endian */
+            memcpy(buf, "\x00\x00\xFE\xFF", 4);
+
+        r = utf32_wctomb(cv, wbuf, wbufsize, buf + 4, bufsize - 4);
+        if (r == -1)
+            return -1;
+        return r + 4;
+    }
+
+    if (bufsize < 4)
+        return seterror(E2BIG);
+    wc = utf16_to_ucs4(wbuf);
+    if (cv->codepage == 12000) /* little endian */
+    {
+        buf[0] = wc & 0x000000FF;
+        buf[1] = (wc & 0x0000FF00) >> 8;
+        buf[2] = (wc & 0x00FF0000) >> 16;
+        buf[3] = (wc & 0xFF000000) >> 24;
+    }
+    else if (cv->codepage == 12001) /* big endian */
+    {
+        buf[0] = (wc & 0xFF000000) >> 24;
+        buf[1] = (wc & 0x00FF0000) >> 16;
+        buf[2] = (wc & 0x0000FF00) >> 8;
+        buf[3] = wc & 0x000000FF;
+    }
+    return 4;
+}
+
+/*
+ * 50220: ISO 2022 Japanese with no halfwidth Katakana; Japanese (JIS)
+ * 50221: ISO 2022 Japanese with halfwidth Katakana; Japanese (JIS-Allow
+ *        1 byte Kana)
+ * 50222: ISO 2022 Japanese JIS X 0201-1989; Japanese (JIS-Allow 1 byte
+ *        Kana - SO/SI)
+ *
+ * MultiByteToWideChar() and WideCharToMultiByte() behave differently
+ * depending on Windows version.  On XP, WideCharToMultiByte() doesn't
+ * terminate result sequence with ascii escape.  But Vista does.
+ * Use MLang instead.
+ */
+
+#define ISO2022_MODE(cs, shift) (((cs) << 8) | (shift))
+#define ISO2022_MODE_CS(mode) (((mode) >> 8) & 0xFF)
+#define ISO2022_MODE_SHIFT(mode) ((mode) & 0xFF)
+
+#define ISO2022_SI  0
+#define ISO2022_SO  1
+
+/* shift in */
+static const char iso2022_SI_seq[] = "\x0F";
+/* shift out */
+static const char iso2022_SO_seq[] = "\x0E";
+
+typedef struct iso2022_esc_t iso2022_esc_t;
+struct iso2022_esc_t {
+    const char *esc;
+    int esc_len;
+    int len;
+    int cs;
+};
+
+#define ISO2022JP_CS_ASCII            0
+#define ISO2022JP_CS_JISX0201_ROMAN   1
+#define ISO2022JP_CS_JISX0201_KANA    2
+#define ISO2022JP_CS_JISX0208_1978    3
+#define ISO2022JP_CS_JISX0208_1983    4
+#define ISO2022JP_CS_JISX0212         5
+
+static iso2022_esc_t iso2022jp_esc[] = {
+    {"\x1B\x28\x42", 3, 1, ISO2022JP_CS_ASCII},
+    {"\x1B\x28\x4A", 3, 1, ISO2022JP_CS_JISX0201_ROMAN},
+    {"\x1B\x28\x49", 3, 1, ISO2022JP_CS_JISX0201_KANA},
+    {"\x1B\x24\x40", 3, 2, ISO2022JP_CS_JISX0208_1983}, /* unify 1978 with 1983 */
+    {"\x1B\x24\x42", 3, 2, ISO2022JP_CS_JISX0208_1983},
+    {"\x1B\x24\x28\x44", 4, 2, ISO2022JP_CS_JISX0212},
+    {NULL, 0, 0, 0}
+};
+
+static int
+iso2022jp_mbtowc(csconv_t *cv, const uchar *buf, int bufsize, ushort *wbuf, int *wbufsize)
+{
+    iso2022_esc_t *iesc = iso2022jp_esc;
+    char tmp[MB_CHAR_MAX];
+    int insize;
+    HRESULT hr;
+    DWORD dummy = 0;
+    int len;
+    int esc_len;
+    int cs;
+    int shift;
+    int i;
+
+    if (buf[0] == 0x1B)
+    {
+        for (i = 0; iesc[i].esc != NULL; ++i)
+        {
+            esc_len = iesc[i].esc_len;
+            if (bufsize < esc_len)
+            {
+                if (strncmp((char *)buf, iesc[i].esc, bufsize) == 0)
+                    return seterror(EINVAL);
+            }
+            else
+            {
+                if (strncmp((char *)buf, iesc[i].esc, esc_len) == 0)
+                {
+                    cv->mode = ISO2022_MODE(iesc[i].cs, ISO2022_SI);
+                    *wbufsize = 0;
+                    return esc_len;
+                }
+            }
+        }
+        /* not supported escape sequence */
+        return seterror(EILSEQ);
+    }
+    else if (buf[0] == iso2022_SO_seq[0])
+    {
+        cv->mode = ISO2022_MODE(ISO2022_MODE_CS(cv->mode), ISO2022_SO);
+        *wbufsize = 0;
+        return 1;
+    }
+    else if (buf[0] == iso2022_SI_seq[0])
+    {
+        cv->mode = ISO2022_MODE(ISO2022_MODE_CS(cv->mode), ISO2022_SI);
+        *wbufsize = 0;
+        return 1;
+    }
+
+    cs = ISO2022_MODE_CS(cv->mode);
+    shift = ISO2022_MODE_SHIFT(cv->mode);
+
+    /* reset the mode for informal sequence */
+    if (buf[0] < 0x20)
+    {
+        cs = ISO2022JP_CS_ASCII;
+        shift = ISO2022_SI;
+    }
+
+    len = iesc[cs].len;
+    if (bufsize < len)
+        return seterror(EINVAL);
+    for (i = 0; i < len; ++i)
+        if (!(buf[i] < 0x80))
+            return seterror(EILSEQ);
+    esc_len = iesc[cs].esc_len;
+    memcpy(tmp, iesc[cs].esc, esc_len);
+    if (shift == ISO2022_SO)
+    {
+        memcpy(tmp + esc_len, iso2022_SO_seq, 1);
+        esc_len += 1;
+    }
+    memcpy(tmp + esc_len, buf, len);
+
+    if ((cv->codepage == 50220 || cv->codepage == 50221
+                || cv->codepage == 50222) && shift == ISO2022_SO)
+    {
+        /* XXX: shift-out cannot be used for mbtowc (both kernel and
+         * mlang) */
+        esc_len = iesc[ISO2022JP_CS_JISX0201_KANA].esc_len;
+        memcpy(tmp, iesc[ISO2022JP_CS_JISX0201_KANA].esc, esc_len);
+        memcpy(tmp + esc_len, buf, len);
+    }
+
+    insize = len + esc_len;
+    hr = ConvertINetMultiByteToUnicode(&dummy, cv->codepage,
+            (const char *)tmp, &insize, (wchar_t *)wbuf, wbufsize);
+    if (hr != S_OK || insize != len + esc_len)
+        return seterror(EILSEQ);
+
+    /* Check for conversion error.  Assuming defaultChar is 0x3F. */
+    /* ascii should be converted from ascii */
+    if (wbuf[0] == buf[0]
+            && cv->mode != ISO2022_MODE(ISO2022JP_CS_ASCII, ISO2022_SI))
+        return seterror(EILSEQ);
+
+    /* reset the mode for informal sequence */
+    if (cv->mode != ISO2022_MODE(cs, shift))
+        cv->mode = ISO2022_MODE(cs, shift);
+
+    return len;
+}
+
+static int
+iso2022jp_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize)
+{
+    iso2022_esc_t *iesc = iso2022jp_esc;
+    char tmp[MB_CHAR_MAX];
+    int tmpsize = MB_CHAR_MAX;
+    int insize = wbufsize;
+    HRESULT hr;
+    DWORD dummy = 0;
+    int len;
+    int esc_len;
+    int cs;
+    int shift;
+    int i;
+
+    /*
+     * MultiByte = [escape sequence] + character + [escape sequence]
+     *
+     * Whether trailing escape sequence is added depends on which API is
+     * used (kernel or MLang, and its version).
+     */
+    hr = ConvertINetUnicodeToMultiByte(&dummy, cv->codepage,
+            (const wchar_t *)wbuf, &wbufsize, tmp, &tmpsize);
+    if (hr != S_OK || insize != wbufsize)
+        return seterror(EILSEQ);
+    else if (bufsize < tmpsize)
+        return seterror(E2BIG);
+
+    if (tmpsize == 1)
+    {
+        cs = ISO2022JP_CS_ASCII;
+        esc_len = 0;
+    }
+    else
+    {
+        for (i = 1; iesc[i].esc != NULL; ++i)
+        {
+            esc_len = iesc[i].esc_len;
+            if (strncmp(tmp, iesc[i].esc, esc_len) == 0)
+            {
+                cs = iesc[i].cs;
+                break;
+            }
+        }
+        if (iesc[i].esc == NULL)
+            /* not supported escape sequence */
+            return seterror(EILSEQ);
+    }
+
+    shift = ISO2022_SI;
+    if (tmp[esc_len] == iso2022_SO_seq[0])
+    {
+        shift = ISO2022_SO;
+        esc_len += 1;
+    }
+
+    len = iesc[cs].len;
+
+    /* Check for converting error.  Assuming defaultChar is 0x3F. */
+    /* ascii should be converted from ascii */
+    if (cs == ISO2022JP_CS_ASCII && !(wbuf[0] < 0x80))
+        return seterror(EILSEQ);
+    else if (tmpsize < esc_len + len)
+        return seterror(EILSEQ);
+
+    if (cv->mode == ISO2022_MODE(cs, shift))
+    {
+        /* remove escape sequence */
+        if (esc_len != 0)
+            memmove(tmp, tmp + esc_len, len);
+        esc_len = 0;
+    }
+    else
+    {
+        if (cs == ISO2022JP_CS_ASCII)
+        {
+            esc_len = iesc[ISO2022JP_CS_ASCII].esc_len;
+            memmove(tmp + esc_len, tmp, len);
+            memcpy(tmp, iesc[ISO2022JP_CS_ASCII].esc, esc_len);
+        }
+        if (ISO2022_MODE_SHIFT(cv->mode) == ISO2022_SO)
+        {
+            /* shift-in before changing to other mode */
+            memmove(tmp + 1, tmp, len + esc_len);
+            memcpy(tmp, iso2022_SI_seq, 1);
+            esc_len += 1;
+        }
+    }
+
+    if (bufsize < len + esc_len)
+        return seterror(E2BIG);
+    memcpy(buf, tmp, len + esc_len);
+    cv->mode = ISO2022_MODE(cs, shift);
+    return len + esc_len;
+}
+
+static int
+iso2022jp_flush(csconv_t *cv, uchar *buf, int bufsize)
+{
+    iso2022_esc_t *iesc = iso2022jp_esc;
+    int esc_len;
+
+    if (cv->mode != ISO2022_MODE(ISO2022JP_CS_ASCII, ISO2022_SI))
+    {
+        esc_len = 0;
+        if (ISO2022_MODE_SHIFT(cv->mode) != ISO2022_SI)
+            esc_len += 1;
+        if (ISO2022_MODE_CS(cv->mode) != ISO2022JP_CS_ASCII)
+            esc_len += iesc[ISO2022JP_CS_ASCII].esc_len;
+        if (bufsize < esc_len)
+            return seterror(E2BIG);
+
+        esc_len = 0;
+        if (ISO2022_MODE_SHIFT(cv->mode) != ISO2022_SI)
+        {
+            memcpy(buf, iso2022_SI_seq, 1);
+            esc_len += 1;
+        }
+        if (ISO2022_MODE_CS(cv->mode) != ISO2022JP_CS_ASCII)
+        {
+            memcpy(buf + esc_len, iesc[ISO2022JP_CS_ASCII].esc,
+                    iesc[ISO2022JP_CS_ASCII].esc_len);
+            esc_len += iesc[ISO2022JP_CS_ASCII].esc_len;
+        }
+        return esc_len;
+    }
+    return 0;
+}
+
+#if defined(MAKE_DLL) && defined(USE_LIBICONV_DLL)
+BOOL WINAPI
+DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
+{
+    switch( fdwReason )
+    {
+    case DLL_PROCESS_ATTACH:
+        hwiniconv = (HMODULE)hinstDLL;
+        break;
+    case DLL_THREAD_ATTACH:
+    case DLL_THREAD_DETACH:
+    case DLL_PROCESS_DETACH:
+        break;
+    }
+    return TRUE;
+}
+#endif
+
+#if defined(MAKE_EXE)
+#include <stdio.h>
+#include <fcntl.h>
+#include <io.h>
+int
+main(int argc, char **argv)
+{
+    char *fromcode = NULL;
+    char *tocode = NULL;
+    int i;
+    char inbuf[BUFSIZ];
+    char outbuf[BUFSIZ];
+    const char *pin;
+    char *pout;
+    size_t inbytesleft;
+    size_t outbytesleft;
+    size_t rest = 0;
+    iconv_t cd;
+    size_t r;
+    FILE *in = stdin;
+    FILE *out = stdout;
+    int ignore = 0;
+    char *p;
+
+    _setmode(_fileno(stdin), _O_BINARY);
+    _setmode(_fileno(stdout), _O_BINARY);
+
+    for (i = 1; i < argc; ++i)
+    {
+        if (strcmp(argv[i], "-l") == 0)
+        {
+            for (i = 0; codepage_alias[i].name != NULL; ++i)
+                printf("%s\n", codepage_alias[i].name);
+            return 0;
+        }
+
+        if (strcmp(argv[i], "-f") == 0)
+            fromcode = argv[++i];
+        else if (strcmp(argv[i], "-t") == 0)
+            tocode = argv[++i];
+        else if (strcmp(argv[i], "-c") == 0)
+            ignore = 1;
+        else if (strcmp(argv[i], "--output") == 0)
+        {
+            out = fopen(argv[++i], "wb");
+            if(out == NULL)
+            {
+                fprintf(stderr, "cannot open %s\n", argv[i]);
+                return 1;
+            }
+        }
+        else
+        {
+            in = fopen(argv[i], "rb");
+            if (in == NULL)
+            {
+                fprintf(stderr, "cannot open %s\n", argv[i]);
+                return 1;
+            }
+            break;
+        }
+    }
+
+    if (fromcode == NULL || tocode == NULL)
+    {
+        printf("usage: %s [-c] -f from-enc -t to-enc [file]\n", argv[0]);
+        return 0;
+    }
+
+    if (ignore)
+    {
+        p = tocode;
+        tocode = (char *)malloc(strlen(p) + strlen("//IGNORE") + 1);
+        if (tocode == NULL)
+        {
+            perror("fatal error");
+            return 1;
+        }
+        strcpy(tocode, p);
+        strcat(tocode, "//IGNORE");
+    }
+
+    cd = iconv_open(tocode, fromcode);
+    if (cd == (iconv_t)(-1))
+    {
+        perror("iconv_open error");
+        return 1;
+    }
+
+    while ((inbytesleft = fread(inbuf + rest, 1, sizeof(inbuf) - rest, in)) != 0
+            || rest != 0)
+    {
+        inbytesleft += rest;
+        pin = inbuf;
+        pout = outbuf;
+        outbytesleft = sizeof(outbuf);
+        r = iconv(cd, &pin, &inbytesleft, &pout, &outbytesleft);
+        fwrite(outbuf, 1, sizeof(outbuf) - outbytesleft, out);
+        if (r == (size_t)(-1) && errno != E2BIG && (errno != EINVAL || feof(in)))
+        {
+            perror("conversion error");
+            return 1;
+        }
+        memmove(inbuf, pin, inbytesleft);
+        rest = inbytesleft;
+    }
+    pout = outbuf;
+    outbytesleft = sizeof(outbuf);
+    r = iconv(cd, NULL, NULL, &pout, &outbytesleft);
+    fwrite(outbuf, 1, sizeof(outbuf) - outbytesleft, out);
+    if (r == (size_t)(-1))
+    {
+        perror("conversion error");
+        return 1;
+    }
+
+    iconv_close(cd);
+
+    return 0;
+}
+#endif

-----------------------------------------------------------------------

Summary of changes:
 NEWS                 |    4 +
 src/Makefile.am      |    2 +-
 src/gpg-error.def.in |    6 +
 src/w32-add.h        |   18 +
 src/w32-iconv.c      | 1793 ++++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 1822 insertions(+), 1 deletion(-)
 create mode 100644 src/w32-iconv.c


hooks/post-receive
-- 
Error codes used by GnuPG et al.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 21 09:57:37 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 21 Apr 2016 09:57:37 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-143-gd81de22
Message-ID: <E1at9Tf-0002Sa-1i@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d81de224ecd542922dda649a492dd9550509d7bc (commit)
       via  bd4d65615b3a5360d455b99e77bd113ad90f1539 (commit)
      from  f8adf1a3234655877a4f985d627d98567507002c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d81de224ecd542922dda649a492dd9550509d7bc
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 21 09:18:10 2016 +0200

    w32: Use --enable-gpg2-is-gpg by default.
    
    * autogen.rc: Add option also for plain Windows.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/autogen.rc b/autogen.rc
index 832d6c4..8cb7eed 100644
--- a/autogen.rc
+++ b/autogen.rc
@@ -8,7 +8,7 @@ case "$myhost:$myhostsub" in
     extraoptions="$extraoptions --disable-zip --enable-gpg2-is-gpg"
     ;;
   w32:)
-    extraoptions="--enable-gpgtar"
+    extraoptions="--enable-gpgtar --enable-gpg2-is-gpg"
     ;;
 esac
 
diff --git a/g10/Makefile.am b/g10/Makefile.am
index cd1d157..18a1b69 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -33,7 +33,7 @@ AM_CFLAGS = $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS) \
 needed_libs = ../kbx/libkeybox.a $(libcommon)
 
 # Because there are no program specific transform macros we need to
-# work around that to allow installaing gpg as gpg2.
+# work around that to allow installing gpg as gpg2.
 gpg2_hack_list = gpg gpgv
 if USE_GPG2_HACK
 gpg2_hack_uninst = gpg2 gpgv2

commit bd4d65615b3a5360d455b99e77bd113ad90f1539
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 21 09:17:11 2016 +0200

    w32: Replace libiconv DLL by iconv feature of libgpg-error.
    
    * configure.ac: Do nor require libiconv for W32.
    * common/utf8conv.c [W32]: Do not incluce iconv.h.  Request
    libgpg-error iconv macros.
    (jnlib_iconv): Use ICONV_CONST macro.
    * build-aux/speedo/w32/inst.nsi [!WITH_GUI]: Do not install libiconv.
    * build-aux/speedo.mk (speedo_spkgs) [!WITH_GUI]: Likewise.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 7b29025..2812773 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -172,9 +172,9 @@ speedo_spkgs  = \
 
 ifeq ($(TARGETOS),w32)
 speedo_spkgs += \
-	zlib bzip2 adns sqlite libiconv
+	zlib bzip2 adns sqlite
 ifeq ($(WITH_GUI),1)
-speedo_spkgs += gettext
+speedo_spkgs += gettext libiconv
 endif
 endif
 
diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index a695d99..3a2d582 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -633,11 +633,6 @@ Section "-libgpg-error" SEC_libgpg_error
   File include/gpg-error.h
 SectionEnd
 
-Section "-libiconv" SEC_libiconv
-  SetOutPath "$INSTDIR\bin"
-  File bin/libiconv-2.dll
-SectionEnd
-
 Section "-zlib" SEC_zlib
   SetOutPath "$INSTDIR\bin"
   File bin/zlib1.dll
@@ -701,6 +696,11 @@ Section "-gpgme" SEC_gpgme
 SectionEnd
 
 !ifdef WITH_GUI
+Section "-libiconv" SEC_libiconv
+  SetOutPath "$INSTDIR\bin"
+  File bin/libiconv-2.dll
+SectionEnd
+
 Section "-gettext" SEC_gettext
   SetOutPath "$INSTDIR\bin"
   File bin/libintl-8.dll
@@ -1054,6 +1054,10 @@ Section "-un.gettext"
   Delete "$INSTDIR\bin\libintl-8.dll"
 SectionEnd
 
+Section "-un.libiconv"
+  Delete "$INSTDIR\bin\libiconv-2.dll"
+SectionEnd
+
 Section "-un.gpgme"
   Delete "$INSTDIR\bin\libgpgme-11.dll"
   Delete "$INSTDIR\bin\libgpgme-glib-11.dll"
@@ -1097,10 +1101,6 @@ Section "-un.zlib"
   Delete "$INSTDIR\bin\zlib1.dll"
 SectionEnd
 
-Section "-un.libiconv"
-  Delete "$INSTDIR\bin\libiconv-2.dll"
-SectionEnd
-
 Section "-un.libgpg-error"
   Delete "$INSTDIR\bin\libgpg-error-0.dll"
   Delete "$INSTDIR\lib\libgpg-error.imp"
diff --git a/common/utf8conv.c b/common/utf8conv.c
index 8a2cf8a..83e6eae 100644
--- a/common/utf8conv.c
+++ b/common/utf8conv.c
@@ -38,10 +38,17 @@
 #include <langinfo.h>
 #endif
 #include <errno.h>
-#ifndef HAVE_ANDROID_SYSTEM
+
+#if HAVE_W32_SYSTEM
+# /* Tell libgpg-error to provide the iconv macros.  */
+# define GPGRT_ENABLE_W32_ICONV_MACROS 1
+#elif HAVE_ANDROID_SYSTEM
+# /* No iconv support.  */
+#else
 # include <iconv.h>
 #endif
 
+
 #include "util.h"
 #include "common-defs.h"
 #include "i18n.h"
@@ -244,8 +251,8 @@ set_native_charset (const char *newset)
      as Latin-1.  This makes sense because many Unix system don't have
      their locale set up properly and thus would get annoying error
      messages and we have to handle all the "bug" reports. Latin-1 has
-     always been the character set used for 8 bit characters on Unix
-     systems. */
+     traditionally been the character set used for 8 bit characters on
+     Unix systems. */
   if ( !*newset
        || !ascii_strcasecmp (newset, "8859-1" )
        || !ascii_strcasecmp (newset, "646" )
@@ -700,7 +707,8 @@ jnlib_iconv (jnlib_iconv_t cd,
              const char **inbuf, size_t *inbytesleft,
              char **outbuf, size_t *outbytesleft)
 {
-  return iconv ((iconv_t)cd, (char**)inbuf, inbytesleft, outbuf, outbytesleft);
+  return iconv ((iconv_t)cd, (ICONV_CONST char**)inbuf, inbytesleft,
+                outbuf, outbytesleft);
 }
 
 /* Wrapper function for iconv_close, required for W32 as we dlopen that
diff --git a/configure.ac b/configure.ac
index d959fc5..6bbb41f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -47,8 +47,9 @@ m4_define([mym4_version],      m4_argn(4, mym4_verslist))
 m4_define([mym4_revision],     m4_argn(7, mym4_verslist))
 m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
 m4_esyscmd([echo ]mym4_version[>VERSION])
-AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org])
+AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org])
 
+# Note that for Windows we require version 1.22
 NEED_GPG_ERROR_VERSION=1.21
 
 NEED_LIBGCRYPT_API=1
@@ -639,6 +640,7 @@ case "${host}" in
                    we use a simplified version of gettext])
         have_dosish_system=yes
         have_w32_system=yes
+        require_iconv=no
         run_tests=no
         use_ldapwrapper=no  # Fixme: Do this only for CE.
         case "${host}" in

-----------------------------------------------------------------------

Summary of changes:
 autogen.rc                    |  2 +-
 build-aux/speedo.mk           |  4 ++--
 build-aux/speedo/w32/inst.nsi | 18 +++++++++---------
 common/utf8conv.c             | 16 ++++++++++++----
 configure.ac                  |  4 +++-
 g10/Makefile.am               |  2 +-
 6 files changed, 28 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 21 11:21:12 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 21 Apr 2016 11:21:12 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. ba5964408061004447822beef59c968ca1ec6fb4
Message-ID: <E1atAmX-00052F-84@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  ba5964408061004447822beef59c968ca1ec6fb4 (commit)
      from  9d51e0f771fd275b4377493e75c4349a8209a631 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ba5964408061004447822beef59c968ca1ec6fb4
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 21 11:20:42 2016 +0200

    web: Update roadmap

diff --git a/web/index.org b/web/index.org
index ee27755..575d010 100644
--- a/web/index.org
+++ b/web/index.org
@@ -25,7 +25,7 @@ GnuPG comes in three flavours:
 
  - {{{gnupg_ver}}} is the /stable/ version suggested for most users,
 
- - {{{gnupg21_ver}}} is the brand-new /modern/ version with support
+ - {{{gnupg21_ver}}} is the /modern/ version with support
    for [[https://en.wikipedia.org/wiki/Elliptic_curve_cryptography][ECC]] and many other new features,
 
  - and {{{gnupg1_ver}}} is the /classic/ portable version.
diff --git a/web/roadmap.org b/web/roadmap.org
index ffd7067..573dd2b 100644
--- a/web/roadmap.org
+++ b/web/roadmap.org
@@ -12,9 +12,7 @@
   guaranteed milestones or with fixed release dates.  This page should
   better be viewed as a scratchpad with notes of GnuPG developers.
 
-  The next GnuPG /modern/ release will be 2.1.11 and is planned for
-  early January but may be released sooner in case 2.1.10 shows too
-  many problems.
+  The next GnuPG /modern/ release will be 2.1.12 and it is long overdue.
 
 
 ** All things to do for 2.1
@@ -34,7 +32,7 @@
 
  - Add a status-fd interface for the new Tofu system
 
- - Release Libgcrypt 1.7 so that Curve25519 ECDH will work (see below)
+ - +Release Libgcrypt 1.7 so that Curve25519 ECDH will work (see below)+
 
  - Finish NTBTLS to allow for TLS access to LDAP and HKP on Windows.
 
@@ -53,7 +51,8 @@
 
 ** RFC work
 
- - Push RFC-2440bis forward
+ - The OpenPGP is slowly working on RFC-2440bis.  See
+   git://git.gnupg.org/people/wk/rfc4880.git
 
 
 * Libgcrypt Roadmap
@@ -67,11 +66,10 @@
 
 ** Things to be done for Libgcrypt 1.7
 
-   The next release will be 1.7 with a lot of performance improvements
-   and a few new features. Here are the things we want to have before
-   the 1.7.0 release:
+   The current stable release is 1.7 with a lot of performance improvements
+   and a few new features over 1.6.  Here are the things we have not
+   achieved for 1.7.0:
 
- - +Add OCB mode+
  - Update of the Windows entropy gatherer (rndw32.c)
 
 
@@ -94,6 +92,7 @@
    assumption is that we have more concurrent users which slows all
    things down.
 
+
 ** Hardware
 
  - We need more disk space for Thrithemius and best also more RAM.

-----------------------------------------------------------------------

Summary of changes:
 web/index.org   |  2 +-
 web/roadmap.org | 17 ++++++++---------
 2 files changed, 9 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 21 14:45:20 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Thu, 21 Apr 2016 14:45:20 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-148-g12af263
Message-ID: <E1atDy7-0002eS-IU@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  12af2630cf4d1a39179179925fac8f2cce7504ff (commit)
       via  c6d1f2f08c68efe7e80887219064a8ce6365128f (commit)
       via  95303ee11df12f284e98d02dba993eda9e425383 (commit)
       via  342cc488890241b41e49f50886617115342721d6 (commit)
       via  0c35e09278514f1e3377a4b0a9b1f44dd39b1bf4 (commit)
      from  d81de224ecd542922dda649a492dd9550509d7bc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 12af2630cf4d1a39179179925fac8f2cce7504ff
Author: Justus Winter <justus at g10code.com>
Date:   Fri Apr 8 19:21:12 2016 +0200

    common: Add support for the new extended private key format.
    
    * agent/findkey.c (write_extended_private_key): New function.
    (agent_write_private_key): Detect if an existing file is in extended
    format and update the key within if it is.
    (read_key_file): Handle the new format.
    * agent/keyformat.txt: Document the new format.
    * common/Makefile.am: Add the new files.
    * common/private-keys.c: New file.
    * common/private-keys.h: Likewise.
    * common/t-private-keys.c: Likewise.
    * common/util.h (alphap, alnump): New macros.
    * tests/migrations: Add test demonstrating that we can cope with the
    new format.
    
    --
    GnuPG 2.3+ will use a new format to store private keys that is both
    more flexible and easier to read and edit by human beings.  The new
    format stores name,value-pairs using the common mail and http header
    convention.
    
    This patch adds the parser and support code and prepares GnuPG 2.1 for
    the new format.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/agent/findkey.c b/agent/findkey.c
index 3cf8d0c..a78709c 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -35,6 +35,7 @@
 #include "agent.h"
 #include "i18n.h"
 #include "../common/ssh-utils.h"
+#include "../common/private-keys.h"
 
 #ifndef O_BINARY
 #define O_BINARY 0
@@ -51,6 +52,75 @@ struct try_unprotect_arg_s
 };
 
 
+static gpg_error_t
+write_extended_private_key (char *fname, estream_t fp,
+                            const void *buf, size_t len)
+{
+  gpg_error_t err;
+  pkc_t pk = NULL;
+  gcry_sexp_t key = NULL;
+  int remove = 0;
+  int line;
+
+  err = pkc_parse (&pk, &line, fp);
+  if (err)
+    {
+      log_error ("error parsing '%s' line %d: %s\n",
+                 fname, line, gpg_strerror (err));
+      goto leave;
+    }
+
+  err = gcry_sexp_sscan (&key, NULL, buf, len);
+  if (err)
+    goto leave;
+
+  err = pkc_set_private_key (pk, key);
+  if (err)
+    goto leave;
+
+  err = es_fseek (fp, 0, SEEK_SET);
+  if (err)
+    goto leave;
+
+  err = pkc_write (pk, fp);
+  if (err)
+    {
+      log_error ("error writing '%s': %s\n", fname, gpg_strerror (err));
+      remove = 1;
+      goto leave;
+    }
+
+  if (ftruncate (es_fileno (fp), es_ftello (fp)))
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error truncating '%s': %s\n", fname, gpg_strerror (err));
+      remove = 1;
+      goto leave;
+    }
+
+  if (es_fclose (fp))
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error closing '%s': %s\n", fname, gpg_strerror (err));
+      remove = 1;
+      goto leave;
+    }
+  else
+    fp = NULL;
+
+  bump_key_eventcounter ();
+
+ leave:
+  if (fp)
+    es_fclose (fp);
+  if (remove)
+    gnupg_remove (fname);
+  xfree (fname);
+  gcry_sexp_release (key);
+  pkc_release (pk);
+  return err;
+}
+
 /* Write an S-expression formatted key to our key storage.  With FORCE
    passed as true an existing key with the given GRIP will get
    overwritten.  */
@@ -77,7 +147,7 @@ agent_write_private_key (const unsigned char *grip,
       return gpg_error (GPG_ERR_EEXIST);
     }
 
-  fp = es_fopen (fname, force? "wb,mode=-rw" : "wbx,mode=-rw");
+  fp = es_fopen (fname, force? "rb+,mode=-rw" : "wbx,mode=-rw");
   if (!fp)
     {
       gpg_error_t tmperr = gpg_error_from_syserror ();
@@ -86,6 +156,38 @@ agent_write_private_key (const unsigned char *grip,
       return tmperr;
     }
 
+  /* See if an existing key is in extended format.  */
+  if (force)
+    {
+      gpg_error_t rc;
+      char first;
+
+      if (es_fread (&first, 1, 1, fp) != 1)
+        {
+          rc = gpg_error_from_syserror ();
+          log_error ("error reading first byte from '%s': %s\n",
+                     fname, strerror (errno));
+          xfree (fname);
+          es_fclose (fp);
+          return rc;
+        }
+
+      rc = es_fseek (fp, 0, SEEK_SET);
+      if (rc)
+        {
+          log_error ("error seeking in '%s': %s\n", fname, strerror (errno));
+          xfree (fname);
+          es_fclose (fp);
+          return rc;
+        }
+
+      if (first != '(')
+        {
+          /* Key is in extended format.  */
+          return write_extended_private_key (fname, fp, buffer, length);
+        }
+    }
+
   if (es_fwrite (buffer, length, 1, fp) != 1)
     {
       gpg_error_t tmperr = gpg_error_from_syserror ();
@@ -95,6 +197,18 @@ agent_write_private_key (const unsigned char *grip,
       xfree (fname);
       return tmperr;
     }
+
+  /* When force is given, the file might have to be truncated.  */
+  if (force && ftruncate (es_fileno (fp), es_ftello (fp)))
+    {
+      gpg_error_t tmperr = gpg_error_from_syserror ();
+      log_error ("error truncating '%s': %s\n", fname, gpg_strerror (tmperr));
+      es_fclose (fp);
+      gnupg_remove (fname);
+      xfree (fname);
+      return tmperr;
+    }
+
   if (es_fclose (fp))
     {
       gpg_error_t tmperr = gpg_error_from_syserror ();
@@ -531,6 +645,7 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result)
   size_t buflen, erroff;
   gcry_sexp_t s_skey;
   char hexgrip[40+4+1];
+  char first;
 
   *result = NULL;
 
@@ -548,6 +663,50 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result)
       return rc;
     }
 
+  if (es_fread (&first, 1, 1, fp) != 1)
+    {
+      rc = gpg_error_from_syserror ();
+      log_error ("error reading first byte from '%s': %s\n",
+                 fname, strerror (errno));
+      xfree (fname);
+      es_fclose (fp);
+      return rc;
+    }
+
+  rc = es_fseek (fp, 0, SEEK_SET);
+  if (rc)
+    {
+      log_error ("error seeking in '%s': %s\n", fname, strerror (errno));
+      xfree (fname);
+      es_fclose (fp);
+      return rc;
+    }
+
+  if (first != '(')
+    {
+      /* Key is in extended format.  */
+      pkc_t pk;
+      int line;
+
+      rc = pkc_parse (&pk, &line, fp);
+      es_fclose (fp);
+
+      if (rc)
+        log_error ("error parsing '%s' line %d: %s\n",
+                   fname, line, gpg_strerror (rc));
+      else
+        {
+          rc = pkc_get_private_key (pk, result);
+          pkc_release (pk);
+          if (rc)
+            log_error ("error getting private key from '%s': %s\n",
+                       fname, gpg_strerror (rc));
+        }
+
+      xfree (fname);
+      return rc;
+    }
+
   if (fstat (es_fileno (fp), &st))
     {
       rc = gpg_error_from_syserror ();
diff --git a/agent/keyformat.txt b/agent/keyformat.txt
index 5e15ecf..c1a59ce 100644
--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@@ -16,7 +16,71 @@ and should have permissions 700.
 The secret keys are stored in files with a name matching the
 hexadecimal representation of the keygrip[2] and suffixed with ".key".
 
-* Unprotected Private Key Format
+* Extended Private Key Format
+
+GnuPG 2.3+ will use a new format to store private keys that is both
+more flexible and easier to read and edit by human beings.  The new
+format stores name,value-pairs using the common mail and http header
+convention.  Example (here indented with two spaces):
+
+  Description: Key to sign all GnuPG released tarballs.
+    The key is actually stored on a smart card.
+  Use-for-ssh: yes
+  OpenSSH-cert: long base64 encoded string wrapped so that this
+    key file can be easily edited with a standard editor.
+  Key: (shadowed-private-key
+    (rsa
+    (n #00AA1AD2A55FD8C8FDE9E1941772D9CC903FA43B268CB1B5A1BAFDC900
+    2961D8AEA153424DC851EF13B83AC64FBE365C59DC1BD3E83017C90D4365B4
+    83E02859FC13DB5842A00E969480DB96CE6F7D1C03600392B8E08EF0C01FC7
+    19F9F9086B25AD39B4F1C2A2DF3E2BE317110CFFF21D4A11455508FE407997
+    601260816C8422297C0637BB291C3A079B9CB38A92CE9E551F80AA0EBF4F0E
+    72C3F250461E4D31F23A7087857FC8438324A013634563D34EFDDCBF2EA80D
+    F9662C9CCD4BEF2522D8BDFED24CEF78DC6B309317407EAC576D889F88ADA0
+    8C4FFB480981FB68C5C6CA27503381D41018E6CDC52AAAE46B166BDC10637A
+    E186A02BA2497FDC5D1221#)
+    (e #00010001#)
+    (shadowed t1-v1
+     (#D2760001240102000005000011730000# OPENPGP.1)
+    )))
+
+GnuPG 2.2 is able to read and update keys using the new format, but
+will not create new files using the new format.  Furthermore, it only
+makes use of the value stored under the name 'Key:'.
+
+Keys in the extended format can be recognized by looking at the first
+byte of the file.  If it starts with a '(' it is a naked S-expression,
+otherwise it is a key in extended format.
+
+** Names
+
+A name must start with a letter and end with a colon.  Valid
+characters are all ASCII letters, numbers and the hyphen.  Comparison
+of names is done case insensitively.  Names may be used several times
+to represent an array of values.
+
+The name "Key:" is special in that it may occur only once and the
+associated value holds the actual S-expression with the cryptographic
+key.  The S-expression is formatted using the 'Advanced Format'
+(GCRYSEXP_FMT_ADVANCED) that avoids non-printable characters so that
+the file can be easily inspected and edited.  See section 'Private Key
+Format' below for details.
+
+** Values
+
+Values are UTF-8 encoded strings.  Values can be wrapped at any point,
+and continued in the next line indicated by leading whitespace.  A
+continuation line with one leading space does not introduce a blank so
+that the lines can be effectively concatenated.  A blank line as part
+of a continuation line encodes a newline.
+
+** Comments
+
+Lines containing only whitespace, and lines starting with whitespace
+followed by '#' are considered to be comments and are ignored.
+
+* Private Key Format
+** Unprotected Private Key Format
 
 The content of the file is an S-Expression like the ones used with
 Libgcrypt.  Here is an example of an unprotected file:
@@ -42,7 +106,7 @@ optional but required for some operations to calculate the fingerprint
 of the key.  This timestamp should be a string with the number of
 seconds since Epoch or an ISO time string (yyyymmddThhmmss).
 
-* Protected Private Key Format
+** Protected Private Key Format
 
 A protected key is like this:
 
@@ -67,7 +131,7 @@ optional; the isotimestamp is 15 bytes long (e.g. "19610711T172000").
 
 The currently defined protection modes are:
 
-** openpgp-s2k3-sha1-aes-cbc
+*** openpgp-s2k3-sha1-aes-cbc
 
   This describes an algorithm using using AES in CBC mode for
   encryption, SHA-1 for integrity protection and the String to Key
@@ -116,7 +180,7 @@ The currently defined protection modes are:
   the stored one - If they don't match the integrity of the key is not
   given.
 
-** openpgp-s2k3-ocb-aes
+*** openpgp-s2k3-ocb-aes
 
   This describes an algorithm using using AES-128 in OCB mode, a nonce
   of 96 bit, a taglen of 128 bit, and the String to Key algorithm 3
@@ -154,7 +218,7 @@ The currently defined protection modes are:
    (protected-at "18950523T000000")
   )
 
-** openpgp-native
+*** openpgp-native
 
   This is a wrapper around the OpenPGP Private Key Transport format
   which resembles the standard OpenPGP format and allows the use of an
@@ -191,7 +255,7 @@ The currently defined protection modes are:
    (uri http://foo.bar x-foo:whatever_you_want)
    (comment whatever))
 
-* Shadowed Private Key Format
+** Shadowed Private Key Format
 
 To keep track of keys stored on IC cards we use a third format for
 private kyes which are called shadow keys as they are only a reference
@@ -219,7 +283,7 @@ readers don't allow passing a variable length PIN.
 
 More items may be added to the list.
 
-* OpenPGP Private Key Transfer Format
+** OpenPGP Private Key Transfer Format
 
 This format is used to transfer keys between gpg and gpg-agent.
 
@@ -251,7 +315,7 @@ This format is used to transfer keys between gpg and gpg-agent.
  * S2KSALT is the 8 byte salt
  * S2KCOUNT is the count value from RFC-4880.
 
-* Persistent Passphrase Format
+** Persistent Passphrase Format
 
 Note: That this has not yet been implemented.
 
diff --git a/common/Makefile.am b/common/Makefile.am
index de6a4a8..4a35f64 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -89,7 +89,8 @@ common_sources = \
 	strlist.c strlist.h \
 	call-gpg.c call-gpg.h \
 	exectool.c exectool.h \
-	server-help.c server-help.h
+	server-help.c server-help.h \
+	private-keys.c private-keys.h
 
 if HAVE_W32_SYSTEM
 common_sources += w32-reg.c w32-afunix.c w32-afunix.h
@@ -154,7 +155,8 @@ endif
 module_tests = t-stringhelp t-timestuff \
                t-convert t-percent t-gettime t-sysutils t-sexputil \
 	       t-session-env t-openpgp-oid t-ssh-utils \
-	       t-mapstrings t-zb32 t-mbox-util t-iobuf t-strlist
+	       t-mapstrings t-zb32 t-mbox-util t-iobuf t-strlist \
+	       t-private-keys
 if !HAVE_W32CE_SYSTEM
 module_tests += t-exechelp
 endif
@@ -203,6 +205,7 @@ t_zb32_LDADD = $(t_common_ldadd)
 t_mbox_util_LDADD = $(t_common_ldadd)
 t_iobuf_LDADD = $(t_common_ldadd)
 t_strlist_LDADD = $(t_common_ldadd)
+t_private_keys_LDADD = $(t_common_ldadd)
 
 # System specific test
 if HAVE_W32_SYSTEM
diff --git a/common/private-keys.c b/common/private-keys.c
new file mode 100644
index 0000000..d77ce16
--- /dev/null
+++ b/common/private-keys.c
@@ -0,0 +1,740 @@
+/* private-keys.c - Parser and writer for the extended private key format.
+ *	Copyright (C) 2016 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ *   - the GNU Lesser General Public License as published by the Free
+ *     Software Foundation; either version 3 of the License, or (at
+ *     your option) any later version.
+ *
+ * or
+ *
+ *   - the GNU General Public License as published by the Free
+ *     Software Foundation; either version 2 of the License, or (at
+ *     your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <assert.h>
+#include <gcrypt.h>
+#include <gpg-error.h>
+#include <string.h>
+
+#include "private-keys.h"
+#include "mischelp.h"
+#include "strlist.h"
+#include "util.h"
+
+struct private_key_container
+{
+  struct private_key_entry *first;
+  struct private_key_entry *last;
+};
+
+
+struct private_key_entry
+{
+  struct private_key_entry *prev;
+  struct private_key_entry *next;
+
+  /* The name.  Comments and blank lines have NAME set to NULL.  */
+  char *name;
+
+  /* The value as stored in the file.  We store it when when we parse
+     a file so that we can reproduce it.  */
+  strlist_t raw_value;
+
+  /* The decoded value.  */
+  char *value;
+};
+
+

+
+/* Allocation and deallocation.  */
+
+/* Allocate a private key container structure.  */
+pkc_t
+pkc_new (void)
+{
+  return xtrycalloc (1, sizeof (struct private_key_container));
+}
+
+
+static void
+pke_release (pke_t entry)
+{
+  if (entry == NULL)
+    return;
+
+  xfree (entry->name);
+  if (entry->value)
+    wipememory (entry->value, strlen (entry->value));
+  xfree (entry->value);
+  free_strlist_wipe (entry->raw_value);
+  xfree (entry);
+}
+
+
+/* Release a private key container structure.  */
+void
+pkc_release (pkc_t pk)
+{
+  pke_t e, next;
+
+  if (pk == NULL)
+    return;
+
+  for (e = pk->first; e; e = next)
+    {
+      next = e->next;
+      pke_release (e);
+    }
+
+  xfree (pk);
+}
+
+

+
+/* Dealing with names and values.  */
+
+/* Check whether the given name is valid.  Valid names start with a
+   letter, end with a colon, and contain only alphanumeric characters
+   and the hyphen.  */
+static int
+valid_name (const char *name)
+{
+  size_t i, len = strlen (name);
+
+  if (! alphap (name) || len == 0 || name[len - 1] != ':')
+    return 0;
+
+  for (i = 1; i < len - 1; i++)
+    if (! alnump (&name[i]) && name[i] != '-')
+      return 0;
+
+  return 1;
+}
+
+
+/* Makes sure that ENTRY has a RAW_VALUE.  */
+static gpg_error_t
+assert_raw_value (pke_t entry)
+{
+  gpg_error_t err = 0;
+  size_t len, offset;
+#define LINELEN	70
+  char buf[LINELEN+3];
+
+  if (entry->raw_value)
+    return 0;
+
+  len = strlen (entry->value);
+  offset = 0;
+  while (len)
+    {
+      size_t amount, linelen = LINELEN;
+
+      /* On the first line we need to subtract space for the name.  */
+      if (entry->raw_value == NULL && strlen (entry->name) < linelen)
+	linelen -= strlen (entry->name);
+
+      /* See if the rest of the value fits in this line.  */
+      if (len <= linelen)
+	amount = len;
+      else
+	{
+	  size_t i;
+
+	  /* Find a suitable space to break on.  */
+	  for (i = linelen - 1; linelen - i < 30 && linelen - i > offset; i--)
+	    if (ascii_isspace (entry->value[i]))
+	      break;
+
+	  if (ascii_isspace (entry->value[i]))
+	    {
+	      /* Found one.  */
+	      amount = i;
+	    }
+	  else
+	    {
+	      /* Just induce a hard break.  */
+	      amount = linelen;
+	    }
+	}
+
+      snprintf (buf, sizeof buf, " %.*s\n", (int) amount,
+		&entry->value[offset]);
+      if (append_to_strlist_try (&entry->raw_value, buf) == NULL)
+	{
+	  err = gpg_error_from_syserror ();
+	  goto leave;
+	}
+
+      offset += amount;
+      len -= amount;
+    }
+
+ leave:
+  if (err)
+    {
+      free_strlist_wipe (entry->raw_value);
+      entry->raw_value = NULL;
+    }
+
+  return err;
+#undef LINELEN
+}
+
+
+/* Computes the length of the value encoded as continuation.  If
+   *SWALLOW_WS is set, all whitespace at the beginning of S is
+   swallowed.  If START is given, a pointer to the beginning of the
+   value is stored there.  */
+static size_t
+continuation_length (const char *s, int *swallow_ws, const char **start)
+{
+  size_t len;
+
+  if (*swallow_ws)
+    {
+      /* The previous line was a blank line and we inserted a newline.
+	 Swallow all whitespace at the beginning of this line.  */
+      while (ascii_isspace (*s))
+	s++;
+    }
+  else
+    {
+      /* Iff a continuation starts with more than one space, it
+	 encodes a space.  */
+      if (ascii_isspace (*s))
+	s++;
+    }
+
+  /* Strip whitespace at the end.  */
+  len = strlen (s);
+  while (len > 0 && ascii_isspace (s[len-1]))
+    len--;
+
+  if (len == 0)
+    {
+      /* Blank lines encode newlines.  */
+      len = 1;
+      s = "\n";
+      *swallow_ws = 1;
+    }
+  else
+    *swallow_ws = 0;
+
+  if (start)
+    *start = s;
+
+  return len;
+}
+
+
+/* Makes sure that ENTRY has a VALUE.  */
+static gpg_error_t
+assert_value (pke_t entry)
+{
+  size_t len;
+  int swallow_ws;
+  strlist_t s;
+  char *p;
+
+  if (entry->value)
+    return 0;
+
+  len = 0;
+  swallow_ws = 0;
+  for (s = entry->raw_value; s; s = s->next)
+    len += continuation_length (s->d, &swallow_ws, NULL);
+
+  /* Add one for the terminating zero.  */
+  len += 1;
+
+  entry->value = p = xtrymalloc (len);
+  if (entry->value == NULL)
+    return gpg_error_from_syserror ();
+
+  swallow_ws = 0;
+  for (s = entry->raw_value; s; s = s->next)
+    {
+      const char *start;
+      size_t l = continuation_length (s->d, &swallow_ws, &start);
+
+      memcpy (p, start, l);
+      p += l;
+    }
+
+  *p++ = 0;
+  assert (p - entry->value == len);
+
+  return 0;
+}
+
+
+/* Get the name.  */
+char *
+pke_name (pke_t pke)
+{
+  return pke->name;
+}
+
+
+/* Get the value.  */
+char *
+pke_value (pke_t pke)
+{
+  if (assert_value (pke))
+    return NULL;
+  return pke->value;
+}
+
+

+
+/* Adding and modifying values.  */
+
+/* Add (NAME, VALUE, RAW_VALUE) to PK.  NAME may be NULL for comments
+   and blank lines.  At least one of VALUE and RAW_VALUE must be
+   given.  If PRESERVE_ORDER is not given, entries with the same name
+   are grouped.  NAME, VALUE and RAW_VALUE is consumed.  */
+static gpg_error_t
+_pkc_add (pkc_t pk, char *name, char *value, strlist_t raw_value,
+	  int preserve_order)
+{
+  gpg_error_t err = 0;
+  pke_t e;
+
+  assert (value || raw_value);
+
+  if (name && ! valid_name (name))
+    {
+      err = gpg_error (GPG_ERR_INV_NAME);
+      goto leave;
+    }
+
+  if (name && strcasecmp (name, "Key:") == 0 && pkc_lookup (pk, "Key:"))
+    {
+      err = gpg_error (GPG_ERR_INV_NAME);
+      goto leave;
+    }
+
+  e = xtrycalloc (1, sizeof *e);
+  if (e == NULL)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  e->name = name;
+  e->value = value;
+  e->raw_value = raw_value;
+
+  if (pk->first)
+    {
+      pke_t last;
+
+      if (preserve_order)
+	last = pk->last;
+      else
+	{
+	  /* See if there is already an entry with NAME.  */
+	  last = pkc_lookup (pk, name);
+
+	  /* If so, find the last in that block.  */
+	  if (last)
+	    while (last->next)
+	      {
+		pke_t next = last->next;
+
+		if (next->name && strcasecmp (next->name, name) == 0)
+		  last = next;
+		else
+		  break;
+	      }
+	  /* Otherwise, just find the last entry.  */
+	  else
+	    last = pk->last;
+	}
+
+      if (last->next)
+	{
+	  e->prev = last;
+	  e->next = last->next;
+	  last->next = e;
+	  e->next->prev = e;
+	}
+      else
+	{
+	  e->prev = last;
+	  last->next = e;
+	  pk->last = e;
+	}
+    }
+  else
+    pk->first = pk->last = e;
+
+ leave:
+  if (err)
+    {
+      xfree (name);
+      if (value)
+	wipememory (value, strlen (value));
+      xfree (value);
+      free_strlist_wipe (raw_value);
+    }
+
+  return err;
+}
+
+
+/* Add (NAME, VALUE) to PK.  If an entry with NAME already exists, it
+   is not updated but the new entry is appended.  */
+gpg_error_t
+pkc_add (pkc_t pk, const char *name, const char *value)
+{
+  char *k, *v;
+
+  k = xtrystrdup (name);
+  if (k == NULL)
+    return gpg_error_from_syserror ();
+
+  v = xtrystrdup (value);
+  if (v == NULL)
+    {
+      xfree (k);
+      return gpg_error_from_syserror ();
+    }
+
+  return _pkc_add (pk, k, v, NULL, 0);
+}
+
+
+/* Add (NAME, VALUE) to PK.  If an entry with NAME already exists, it
+   is updated with VALUE.  If multiple entries with NAME exist, the
+   first entry is updated.  */
+gpg_error_t
+pkc_set (pkc_t pk, const char *name, const char *value)
+{
+  pke_t e;
+
+  if (! valid_name (name))
+    return GPG_ERR_INV_NAME;
+
+  e = pkc_lookup (pk, name);
+  if (e)
+    {
+      char *v;
+
+      v = xtrystrdup (value);
+      if (v == NULL)
+	return gpg_error_from_syserror ();
+
+      free_strlist_wipe (e->raw_value);
+      e->raw_value = NULL;
+      if (e->value)
+	wipememory (e->value, strlen (e->value));
+      xfree (e->value);
+      e->value = v;
+
+      return 0;
+    }
+  else
+    return pkc_add (pk, name, value);
+}
+
+
+/* Delete the given entry from PK.  */
+void
+pkc_delete (pkc_t pk, pke_t entry)
+{
+  if (entry->prev)
+    entry->prev->next = entry->next;
+  else
+    pk->first = entry->next;
+
+  if (entry->next)
+    entry->next->prev = entry->prev;
+  else
+    pk->last = entry->prev;
+
+  pke_release (entry);
+}
+
+

+
+/* Lookup and iteration.  */
+
+/* Get the first non-comment entry.  */
+pke_t
+pkc_first (pkc_t pk)
+{
+  pke_t entry;
+  for (entry = pk->first; entry; entry = entry->next)
+    if (entry->name)
+      return entry;
+  return NULL;
+}
+
+
+/* Get the first entry with the given name.  */
+pke_t
+pkc_lookup (pkc_t pk, const char *name)
+{
+  pke_t entry;
+  for (entry = pk->first; entry; entry = entry->next)
+    if (entry->name && strcasecmp (entry->name, name) == 0)
+      return entry;
+  return NULL;
+}
+
+
+/* Get the next non-comment entry.  */
+pke_t
+pke_next (pke_t entry)
+{
+  for (entry = entry->next; entry; entry = entry->next)
+    if (entry->name)
+      return entry;
+  return NULL;
+}
+
+
+/* Get the next entry with the given name.  */
+pke_t
+pke_next_value (pke_t entry, const char *name)
+{
+  for (entry = entry->next; entry; entry = entry->next)
+    if (entry->name && strcasecmp (entry->name, name) == 0)
+      return entry;
+  return NULL;
+}
+
+

+
+/* Private key handling.  */
+
+/* Get the private key.  */
+gpg_error_t
+pkc_get_private_key (pkc_t pk, gcry_sexp_t *retsexp)
+{
+  gpg_error_t err;
+  pke_t e;
+
+  e = pkc_lookup (pk, "Key:");
+  if (e == NULL)
+    return gpg_error (GPG_ERR_MISSING_KEY);
+
+  err = assert_value (e);
+  if (err)
+    return err;
+
+  return gcry_sexp_sscan (retsexp, NULL, e->value, strlen (e->value));
+}
+
+
+/* Set the private key.  */
+gpg_error_t
+pkc_set_private_key (pkc_t pk, gcry_sexp_t sexp)
+{
+  gpg_error_t err;
+  char *raw, *clean, *p;
+  size_t len, i;
+
+  len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+
+  raw = xtrymalloc (len);
+  if (raw == NULL)
+    return gpg_error_from_syserror ();
+
+  clean = xtrymalloc (len);
+  if (clean == NULL)
+    {
+      xfree (raw);
+      return gpg_error_from_syserror ();
+    }
+
+  gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, raw, len);
+
+  /* Strip any whitespace at the end.  */
+  i = strlen (raw) - 1;
+  while (i && ascii_isspace (raw[i]))
+    {
+      raw[i] = 0;
+      i--;
+    }
+
+  /* Replace any newlines with spaces, remove superfluous whitespace.  */
+  len = strlen (raw);
+  for (p = clean, i = 0; i < len; i++)
+    {
+      char c = raw[i];
+
+      /* Collapse contiguous and superfluous spaces.  */
+      if (ascii_isspace (c) && i > 0
+	  && (ascii_isspace (raw[i-1]) || raw[i-1] == '(' || raw[i-1] == ')'))
+	continue;
+
+      if (c == '\n')
+	c = ' ';
+
+      *p++ = c;
+    }
+  *p = 0;
+
+  err = pkc_set (pk, "Key:", clean);
+  xfree (raw);
+  xfree (clean);
+  return err;
+}
+
+

+
+/* Parsing and serialization.  */
+
+/* Parse STREAM and return a newly allocated private key container
+   structure in RESULT.  If ERRLINEP is given, the line number the
+   parser was last considering is stored there.  */
+gpg_error_t
+pkc_parse (pkc_t *result, int *errlinep, estream_t stream)
+{
+  gpg_error_t err = 0;
+  gpgrt_ssize_t len;
+  char *buf = NULL;
+  size_t buf_len = 0;
+  char *name = NULL;
+  strlist_t raw_value = NULL;
+
+
+  *result = pkc_new ();
+  if (*result == NULL)
+    return gpg_error_from_syserror ();
+
+  if (errlinep)
+    *errlinep = 0;
+  while ((len = es_read_line (stream, &buf, &buf_len, NULL)))
+    {
+      char *p;
+      if (errlinep)
+	*errlinep += 1;
+
+      /* Skip any whitespace.  */
+      for (p = buf; *p && ascii_isspace (*p); p++)
+	/* Do nothing.  */;
+
+      if (name && (spacep (buf) || *p == 0))
+	{
+	  /* A continuation.  */
+	  if (append_to_strlist_try (&raw_value, buf) == NULL)
+	    {
+	      err = gpg_error_from_syserror ();
+	      goto leave;
+	    }
+	  continue;
+	}
+
+      /* No continuation.  Add the current entry if any.  */
+      if (raw_value)
+	{
+	  err = _pkc_add (*result, name, NULL, raw_value, 1);
+	  if (err)
+	    goto leave;
+	}
+
+      /* And prepare for the next one.  */
+      name = NULL;
+      raw_value = NULL;
+
+      if (*p != 0 && *p != '#')
+	{
+	  char *colon, *value, tmp;
+
+	  colon = strchr (buf, ':');
+	  if (colon == NULL)
+	    {
+	      err = gpg_error (GPG_ERR_INV_VALUE);
+	      goto leave;
+	    }
+
+	  value = colon + 1;
+	  tmp = *value;
+	  *value = 0;
+	  name = xstrdup (p);
+	  *value = tmp;
+
+	  if (name == NULL)
+	    {
+	      err = gpg_error_from_syserror ();
+	      goto leave;
+	    }
+
+	  if (append_to_strlist (&raw_value, value) == NULL)
+	    {
+	      err = gpg_error_from_syserror ();
+	      goto leave;
+	    }
+	  continue;
+	}
+
+      if (append_to_strlist (&raw_value, buf) == NULL)
+	{
+	  err = gpg_error_from_syserror ();
+	  goto leave;
+	}
+    }
+
+  /* Add the final entry.  */
+  if (raw_value)
+    err = _pkc_add (*result, name, NULL, raw_value, 1);
+
+ leave:
+  gpgrt_free (buf);
+  if (err)
+    {
+      pkc_release (*result);
+      *result = NULL;
+    }
+
+  return err;
+}
+
+
+/* Write a representation of PK to STREAM.  */
+gpg_error_t
+pkc_write (pkc_t pk, estream_t stream)
+{
+  gpg_error_t err;
+  pke_t entry;
+  strlist_t s;
+
+  for (entry = pk->first; entry; entry = entry->next)
+    {
+      if (entry->name)
+	es_fputs (entry->name, stream);
+
+      err = assert_raw_value (entry);
+      if (err)
+	return err;
+
+      for (s = entry->raw_value; s; s = s->next)
+	es_fputs (s->d, stream);
+
+      if (es_ferror (stream))
+	return gpg_error_from_syserror ();
+    }
+
+  return 0;
+}
diff --git a/common/private-keys.h b/common/private-keys.h
new file mode 100644
index 0000000..d21e94f
--- /dev/null
+++ b/common/private-keys.h
@@ -0,0 +1,109 @@
+/* private-keys.h - Parser and writer for the extended private key format.
+ *	Copyright (C) 2016 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ *   - the GNU Lesser General Public License as published by the Free
+ *     Software Foundation; either version 3 of the License, or (at
+ *     your option) any later version.
+ *
+ * or
+ *
+ *   - the GNU General Public License as published by the Free
+ *     Software Foundation; either version 2 of the License, or (at
+ *     your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_PRIVATE_KEYS_H
+#define GNUPG_COMMON_PRIVATE_KEYS_H
+
+struct private_key_container;
+typedef struct private_key_container *pkc_t;
+
+struct private_key_entry;
+typedef struct private_key_entry *pke_t;
+
+

+
+/* Memory management, and dealing with entries.  */
+
+/* Allocate a private key container structure.  */
+pkc_t pkc_new (void);
+
+/* Release a private key container structure.  */
+void pkc_release (pkc_t pk);
+
+/* Get the name.  */
+char *pke_name (pke_t pke);
+
+/* Get the value.  */
+char *pke_value (pke_t pke);
+
+

+
+/* Lookup and iteration.  */
+
+/* Get the first non-comment entry.  */
+pke_t pkc_first (pkc_t pk);
+
+/* Get the first entry with the given name.  */
+pke_t pkc_lookup (pkc_t pk, const char *name);
+
+/* Get the next non-comment entry.  */
+pke_t pke_next (pke_t entry);
+
+/* Get the next entry with the given name.  */
+pke_t pke_next_value (pke_t entry, const char *name);
+
+

+
+/* Adding and modifying values.  */
+
+/* Add (NAME, VALUE) to PK.  If an entry with NAME already exists, it
+   is not updated but the new entry is appended.  */
+gpg_error_t pkc_add (pkc_t pk, const char *name, const char *value);
+
+/* Add (NAME, VALUE) to PK.  If an entry with NAME already exists, it
+   is updated with VALUE.  If multiple entries with NAME exist, the
+   first entry is updated.  */
+gpg_error_t pkc_set (pkc_t pk, const char *name, const char *value);
+
+/* Delete the given entry from PK.  */
+void pkc_delete (pkc_t pk, pke_t pke);
+
+

+
+/* Private key handling.  */
+
+/* Get the private key.  */
+gpg_error_t pkc_get_private_key (pkc_t pk, gcry_sexp_t *retsexp);
+
+/* Set the private key.  */
+gpg_error_t pkc_set_private_key (pkc_t pk, gcry_sexp_t sexp);
+
+

+
+/* Parsing and serialization.  */
+
+/* Parse STREAM and return a newly allocated private key container
+   structure in RESULT.  If ERRLINEP is given, the line number the
+   parser was last considering is stored there.  */
+gpg_error_t pkc_parse (pkc_t *result, int *errlinep, estream_t stream);
+
+/* Write a representation of PK to STREAM.  */
+gpg_error_t pkc_write (pkc_t pk, estream_t stream);
+
+#endif /* GNUPG_COMMON_PRIVATE_KEYS_H */
diff --git a/common/t-private-keys.c b/common/t-private-keys.c
new file mode 100644
index 0000000..06415a1
--- /dev/null
+++ b/common/t-private-keys.c
@@ -0,0 +1,543 @@
+/* t-private-keys.c - Module test for private-keys.c
+ *	Copyright (C) 2016 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <assert.h>
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "util.h"
+#include "private-keys.h"
+
+static int verbose;
+
+void
+test_getting_values (pkc_t pk)
+{
+  pke_t e;
+
+  e = pkc_lookup (pk, "Comment:");
+  assert (e);
+
+  /* Names are case-insensitive.  */
+  e = pkc_lookup (pk, "comment:");
+  assert (e);
+  e = pkc_lookup (pk, "COMMENT:");
+  assert (e);
+
+  e = pkc_lookup (pk, "SomeOtherName:");
+  assert (e);
+}
+
+
+void
+test_key_extraction (pkc_t pk)
+{
+  gpg_error_t err;
+  gcry_sexp_t key;
+
+  err = pkc_get_private_key (pk, &key);
+  assert (err == 0);
+  assert (key);
+
+  if (verbose)
+    gcry_sexp_dump (key);
+
+  gcry_sexp_release (key);
+}
+
+
+void
+test_iteration (pkc_t pk)
+{
+  int i;
+  pke_t e;
+
+  i = 0;
+  for (e = pkc_first (pk); e; e = pke_next (e))
+    i++;
+  assert (i == 4);
+
+  i = 0;
+  for (e = pkc_lookup (pk, "Comment:");
+       e;
+       e = pke_next_value (e, "Comment:"))
+    i++;
+  assert (i == 3);
+}
+
+
+void
+test_whitespace (pkc_t pk)
+{
+  pke_t e;
+
+  e = pkc_lookup (pk, "One:");
+  assert (e);
+  assert (strcmp (pke_value (e), "WithoutWhitespace") == 0);
+
+  e = pkc_lookup (pk, "Two:");
+  assert (e);
+  assert (strcmp (pke_value (e), "With Whitespace") == 0);
+
+  e = pkc_lookup (pk, "Three:");
+  assert (e);
+  assert (strcmp (pke_value (e),
+                  "Blank lines in continuations encode newlines.\n"
+                  "Next paragraph.") == 0);
+}
+
+
+struct
+{
+  char *value;
+  void (*test_func) (pkc_t);
+} tests[] =
+  {
+    {
+      "# This is a comment followed by an empty line\n"
+      "\n",
+      NULL,
+    },
+    {
+      "# This is a comment followed by two empty lines, Windows style\r\n"
+      "\r\n"
+      "\r\n",
+      NULL,
+    },
+    {
+      "# Some name,value pairs\n"
+      "Comment: Some comment.\n"
+      "SomeOtherName: Some value.\n",
+      test_getting_values,
+    },
+    {
+      "  # Whitespace is preserved as much as possible\r\n"
+      "Comment:Some comment.\n"
+      "SomeOtherName: Some value.   \n",
+      test_getting_values,
+    },
+    {
+      "# Values may be continued in the next line as indicated by leading\n"
+      "# space\n"
+      "Comment: Some rather long\n"
+      "  comment that is continued in the next line.\n"
+      "\n"
+      "  Blank lines with or without whitespace are allowed within\n"
+      "  continuations to allow paragraphs.\n"
+      "SomeOtherName: Some value.\n",
+      test_getting_values,
+    },
+    {
+      "# Names may be given multiple times forming an array of values\n"
+      "Comment: Some comment, element 0.\n"
+      "Comment: Some comment, element 1.\n"
+      "Comment: Some comment, element 2.\n"
+      "SomeOtherName: Some value.\n",
+      test_iteration,
+    },
+    {
+      "# One whitespace at the beginning of a continuation is swallowed.\n"
+      "One: Without\n"
+      " Whitespace\n"
+      "Two: With\n"
+      "  Whitespace\n"
+      "Three: Blank lines in continuations encode newlines.\n"
+      "\n"
+      "  Next paragraph.\n",
+      test_whitespace,
+    },
+    {
+      "Description: Key to sign all GnuPG released tarballs.\n"
+      "  The key is actually stored on a smart card.\n"
+      "Use-for-ssh: yes\n"
+      "OpenSSH-cert: long base64 encoded string wrapped so that this\n"
+      "  key file can be easily edited with a standard editor.\n"
+      "Key: (shadowed-private-key\n"
+      "  (rsa\n"
+      "  (n #00AA1AD2A55FD8C8FDE9E1941772D9CC903FA43B268CB1B5A1BAFDC900\n"
+      "  2961D8AEA153424DC851EF13B83AC64FBE365C59DC1BD3E83017C90D4365B4\n"
+      "  83E02859FC13DB5842A00E969480DB96CE6F7D1C03600392B8E08EF0C01FC7\n"
+      "  19F9F9086B25AD39B4F1C2A2DF3E2BE317110CFFF21D4A11455508FE407997\n"
+      "  601260816C8422297C0637BB291C3A079B9CB38A92CE9E551F80AA0EBF4F0E\n"
+      "  72C3F250461E4D31F23A7087857FC8438324A013634563D34EFDDCBF2EA80D\n"
+      "  F9662C9CCD4BEF2522D8BDFED24CEF78DC6B309317407EAC576D889F88ADA0\n"
+      "  8C4FFB480981FB68C5C6CA27503381D41018E6CDC52AAAE46B166BDC10637A\n"
+      "  E186A02BA2497FDC5D1221#)\n"
+      "  (e #00010001#)\n"
+      "  (shadowed t1-v1\n"
+      "   (#D2760001240102000005000011730000# OPENPGP.1)\n"
+      "    )))\n",
+      test_key_extraction,
+    },
+  };
+
+
+static char *
+pkc_to_string (pkc_t pk)
+{
+  gpg_error_t err;
+  char *buf;
+  size_t len;
+  estream_t sink;
+
+  sink = es_fopenmem (0, "rw");
+  assert (sink);
+
+  err = pkc_write (pk, sink);
+  assert (err == 0);
+
+  len = es_ftell (sink);
+  buf = xmalloc (len+1);
+  assert (buf);
+
+  es_fseek (sink, 0, SEEK_SET);
+  es_read (sink, buf, len, NULL);
+  buf[len] = 0;
+
+  es_fclose (sink);
+  return buf;
+}
+
+
+void dummy_free (void *p) { (void) p; }
+void *dummy_realloc (void *p, size_t s) { (void) s; return p; }
+
+void
+run_tests (void)
+{
+  gpg_error_t err;
+  pkc_t pk;
+
+  int i;
+  for (i = 0; i < DIM (tests); i++)
+    {
+      estream_t source;
+      char *buf;
+      size_t len;
+
+      len = strlen (tests[i].value);
+      source = es_mopen (tests[i].value, len, len,
+			 0, dummy_realloc, dummy_free, "r");
+      assert (source);
+
+      err = pkc_parse (&pk, NULL, source);
+      assert (err == 0);
+      assert (pk);
+
+      if (verbose)
+	{
+	  err = pkc_write (pk, es_stderr);
+	  assert (err == 0);
+	}
+
+      buf = pkc_to_string (pk);
+      assert (memcmp (tests[i].value, buf, len) == 0);
+
+      es_fclose (source);
+      xfree (buf);
+
+      if (tests[i].test_func)
+	tests[i].test_func (pk);
+
+      pkc_release (pk);
+    }
+}
+
+
+void
+run_modification_tests (void)
+{
+  gpg_error_t err;
+  pkc_t pk;
+  pke_t e;
+  gcry_sexp_t key;
+  char *buf;
+
+  pk = pkc_new ();
+  assert (pk);
+
+  pkc_set (pk, "Foo:", "Bar");
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: Bar\n") == 0);
+  xfree (buf);
+
+  pkc_set (pk, "Foo:", "Baz");
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: Baz\n") == 0);
+  xfree (buf);
+
+  pkc_set (pk, "Bar:", "Bazzel");
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: Baz\nBar: Bazzel\n") == 0);
+  xfree (buf);
+
+  pkc_add (pk, "Foo:", "Bar");
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: Baz\nFoo: Bar\nBar: Bazzel\n") == 0);
+  xfree (buf);
+
+  pkc_add (pk, "DontExistYet:", "Bar");
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: Baz\nFoo: Bar\nBar: Bazzel\nDontExistYet: Bar\n")
+	  == 0);
+  xfree (buf);
+
+  pkc_delete (pk, pkc_lookup (pk, "DontExistYet:"));
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: Baz\nFoo: Bar\nBar: Bazzel\n") == 0);
+  xfree (buf);
+
+  pkc_delete (pk, pke_next_value (pkc_lookup (pk, "Foo:"), "Foo:"));
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: Baz\nBar: Bazzel\n") == 0);
+  xfree (buf);
+
+  pkc_delete (pk, pkc_lookup (pk, "Foo:"));
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Bar: Bazzel\n") == 0);
+  xfree (buf);
+
+  pkc_delete (pk, pkc_first (pk));
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "") == 0);
+  xfree (buf);
+
+  pkc_set (pk, "Foo:", "A really long value spanning across multiple lines"
+	   " that has to be wrapped at a convenient space.");
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: A really long value spanning across multiple"
+		  " lines that has to be\n  wrapped at a convenient space.\n")
+	  == 0);
+  xfree (buf);
+
+  pkc_set (pk, "Foo:", "XA really long value spanning across multiple lines"
+	   " that has to be wrapped at a convenient space.");
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: XA really long value spanning across multiple"
+		  " lines that has to\n  be wrapped at a convenient space.\n")
+	  == 0);
+  xfree (buf);
+
+  pkc_set (pk, "Foo:", "XXXXA really long value spanning across multiple lines"
+	   " that has to be wrapped at a convenient space.");
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: XXXXA really long value spanning across multiple"
+		  " lines that has\n  to be wrapped at a convenient space.\n")
+	  == 0);
+  xfree (buf);
+
+  pkc_set (pk, "Foo:", "Areallylongvaluespanningacrossmultiplelines"
+	   "thathastobewrappedataconvenientspacethatisnotthere.");
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Foo: Areallylongvaluespanningacrossmultiplelinesthat"
+		  "hastobewrappedataco\n nvenientspacethatisnotthere.\n")
+	  == 0);
+  xfree (buf);
+  pkc_release (pk);
+
+  pk = pkc_new ();
+  assert (pk);
+
+  err = gcry_sexp_build (&key, NULL, "(hello world)");
+  assert (err == 0);
+  assert (key);
+
+  err = pkc_set_private_key (pk, key);
+  gcry_sexp_release (key);
+  assert (err == 0);
+  buf = pkc_to_string (pk);
+  assert (strcmp (buf, "Key: (hello world)\n") == 0);
+  xfree (buf);
+  pkc_release (pk);
+}
+
+
+void
+convert (const char *fname)
+{
+  gpg_error_t err;
+  estream_t source;
+  gcry_sexp_t key;
+  char *buf;
+  size_t buflen;
+  gpgrt_ssize_t nread;
+  struct stat st;
+  pkc_t pk;
+
+  source = es_fopen (fname, "rb");
+  if (source == NULL)
+    goto leave;
+
+  if (fstat (es_fileno (source), &st))
+    goto leave;
+
+  buflen = st.st_size;
+  buf = xtrymalloc (buflen+1);
+  assert (buf);
+
+  if (es_fread (buf, buflen, 1, source) != 1)
+    goto leave;
+
+  err = gcry_sexp_sscan (&key, NULL, buf, buflen);
+  if (err)
+    {
+      fprintf (stderr, "malformed s-expression in %s\n", fname);
+      exit (1);
+    }
+
+  pk = pkc_new ();
+  assert (pk);
+
+  err = pkc_set_private_key (pk, key);
+  assert (err == 0);
+
+  err = pkc_write (pk, es_stdout);
+  assert (err == 0);
+
+  return;
+
+ leave:
+  perror (fname);
+  exit (1);
+}
+
+
+void
+parse (const char *fname)
+{
+  gpg_error_t err;
+  estream_t source;
+  char *buf;
+  pkc_t pk_a, pk_b;
+  pke_t e;
+  int line;
+
+  source = es_fopen (fname, "rb");
+  if (source == NULL)
+    {
+      perror (fname);
+      exit (1);
+    }
+
+  err = pkc_parse (&pk_a, &line, source);
+  if (err)
+    {
+      fprintf (stderr, "failed to parse %s line %d: %s\n",
+	       fname, line, gpg_strerror (err));
+      exit (1);
+    }
+
+  buf = pkc_to_string (pk_a);
+  xfree (buf);
+
+  pk_b = pkc_new ();
+  assert (pk_b);
+
+  for (e = pkc_first (pk_a); e; e = pke_next (e))
+    {
+      gcry_sexp_t key = NULL;
+
+      if (strcasecmp (pke_name (e), "Key:") == 0)
+	{
+	  err = pkc_get_private_key (pk_a, &key);
+	  if (err)
+	    key = NULL;
+	}
+
+      if (key)
+	{
+	  err = pkc_set_private_key (pk_b, key);
+	  assert (err == 0);
+	}
+      else
+	{
+	  err = pkc_add (pk_b, pke_name (e), pke_value (e));
+	  assert (err == 0);
+	}
+    }
+
+    buf = pkc_to_string (pk_b);
+    if (verbose)
+      fprintf (stdout, "%s", buf);
+    xfree (buf);
+}
+
+
+void
+print_usage (void)
+{
+  fprintf (stderr,
+	   "usage: t-private-keys [--verbose]"
+	   " [--convert <private-key-file>"
+	   " || --parse <extended-private-key-file>]\n");
+  exit (2);
+}
+
+
+int
+main (int argc, char **argv)
+{
+  enum { TEST, CONVERT, PARSE } command = TEST;
+
+  if (argc)
+    { argc--; argv++; }
+  if (argc && !strcmp (argv[0], "--verbose"))
+    {
+      verbose = 1;
+      argc--; argv++;
+    }
+
+  if (argc && !strcmp (argv[0], "--convert"))
+    {
+      command = CONVERT;
+      argc--; argv++;
+      if (argc != 1)
+	print_usage ();
+    }
+
+  if (argc && !strcmp (argv[0], "--parse"))
+    {
+      command = PARSE;
+      argc--; argv++;
+      if (argc != 1)
+	print_usage ();
+    }
+
+  switch (command)
+    {
+    case TEST:
+      run_tests ();
+      run_modification_tests ();
+      break;
+
+    case CONVERT:
+      convert (*argv);
+      break;
+
+    case PARSE:
+      parse (*argv);
+      break;
+    }
+
+  return 0;
+}
diff --git a/common/util.h b/common/util.h
index 6410b11..466c519 100644
--- a/common/util.h
+++ b/common/util.h
@@ -333,6 +333,9 @@ int _gnupg_isatty (int fd);
 /*-- Macros to replace ctype ones to avoid locale problems. --*/
 #define spacep(p)   (*(p) == ' ' || *(p) == '\t')
 #define digitp(p)   (*(p) >= '0' && *(p) <= '9')
+#define alphap(p)   ((*(p) >= 'A' && *(p) <= 'Z')       \
+                     || (*(p) >= 'a' && *(p) <= 'z'))
+#define alnump(p)   (alphap (p) || digitp (p))
 #define hexdigitp(a) (digitp (a)                     \
                       || (*(a) >= 'A' && *(a) <= 'F')  \
                       || (*(a) >= 'a' && *(a) <= 'f'))
diff --git a/tests/migrations/Makefile.am b/tests/migrations/Makefile.am
index a592bdd..0f581c2 100644
--- a/tests/migrations/Makefile.am
+++ b/tests/migrations/Makefile.am
@@ -28,11 +28,17 @@ AM_CFLAGS =
 
 TESTS_ENVIRONMENT = GPG_AGENT_INFO= LC_ALL=C
 
-TESTS = from-classic.test
+TESTS = from-classic.test \
+	extended-private-key-format.test
 
 TEST_FILES = from-classic.gpghome/pubring.gpg.asc \
 	     from-classic.gpghome/secring.gpg.asc \
-	     from-classic.gpghome/trustdb.gpg.asc
+	     from-classic.gpghome/trustdb.gpg.asc \
+	     extended-private-key-format.gpghome/trustdb.gpg.asc \
+	     extended-private-key-format.gpghome/pubring.kbx.asc \
+	     extended-private-key-format.gpghome/private-keys-v1.d/13FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc \
+	     extended-private-key-format.gpghome/private-keys-v1.d/343D8AF79796EE107D645A2787A9D9252F924E6F.key.asc \
+	     extended-private-key-format.gpghome/private-keys-v1.d/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc
 
 EXTRA_DIST = $(TESTS) $(TEST_FILES)
 
diff --git a/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/13FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc b/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/13FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc
new file mode 100644
index 0000000..d9192b1
--- /dev/null
+++ b/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/13FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc
@@ -0,0 +1,27 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v2
+Comment: Use "gpg --dearmor" for unpacking
+
+S2V5OiAocHJpdmF0ZS1rZXkgKHJzYSAobiAjMDBBODUyNTY3NkVDRTRENzVGRTZE
+MDA3M0YyQkY5OUE2RjQ5MzNDRUJERDQKIDUyOEFGNTZFNEM2MUUyRjczMTI0NzM5
+MzY0NUREQUY1OEVBREQ1NjUyOUMyNTM5Nzc4MjM2NDYzREYyRDQ1ODUyMEU4MEUK
+IDM0QzA1ODI0MkIzRkY4OEREMzlBODgzQjQ3NUI2NkNFQUFCQkM5OTg5RkYwMUZG
+RTczNzY2MEU5QjYxQkI5REM5MTIwNUQKIDQyOEZGRkU4RjY3NUZBRUY2MTM2NThD
+NzJEQTZENzUwQzBFQkM0MEFGNjIzRDIwNjY5MkM4MjUxNEM0MDREODgyNUFCNzAK
+IDEwMDEjKShlICMwMTAxIykoZCAjMDBCQ0EwMDE0NDg1RkI3NkQ1MEU5QjZDQkE1
+NzIxQUMxMTIxMzkwRjg2MDhENDA4NEIKIEQwNDVBODc2REYzODEwRjExNEJDMkQ2
+OEVCNTUyRTYxQjAxRURCQzI0ODFGMDhDODI4MzJFMDBFMjc5RDY3QTg1MzA1NUQK
+IENBRTVDMjM1Njg1MUNCRTM2RDYxMEM0RDJBQjQzRkE2NTU5ODVDNDQ2OUQxRDkx
+MUUxQUZEODE3RUFBNUZFRTBGRjI2NTcKIDRDMzU5RTE3NTI4NzA1MjE5NDUzQjUx
+QUVDMTBEQkY3NTYyQjA2MUQ1QzY2QzM1QkIzRjlGMEIyMjJCOUQxOTZCOSMpKHAK
+ICAjMDBDMzNDNTgwNjM5OTZCRDU5NzUyQUFCREZEQUNEQUE3QjRCNjZBQTE3NTRF
+RTBEODlCNzc5NEYwREU4RkY3MjRDNTQKIDlGRjExMkEzMzI5MkJCOUQ3QkNFRTc5
+NEYwODAyNEMzRTU1RkQ4MjMzRjUwNzlFRDQ5OTFDNERGMjYxOEQ5IykocSAjMDAK
+IERDQjU5NDVGMDBGMUFGNDM4QkQ0QzMxMUI4QkFDQTNEOURCMEFEMTY1MTk4NjUz
+NDIwMzBGMURGMzA1N0U1NTMyQzQ3RjUKIDhEMzMwM0NCQTNDOEEyOTgxNEY2MTdC
+N0IzREVFOThGQUFBQUVFODExQjQ5OEZBQUYyMTc3Qjc3NjkjKSh1ICMyOUZCMkQK
+IEY2OUIyMzVBNDlBOTA2QjEwRUY3RDhGODFBQUVBOEFEODFFN0NEREUxRjRBNzlD
+RTI0NEJGOEZDRTZERDVFQjE4MTFCMEIKIEQ1RTUxNjVCOTU3MDg1MDM2OTAxREQy
+ODVBNjI4QzI5N0E3ODJEQTgxNTczQTQzRDFDMDkjKSkpCg==
+=laTh
+-----END PGP ARMORED FILE-----
diff --git a/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/343D8AF79796EE107D645A2787A9D9252F924E6F.key.asc b/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/343D8AF79796EE107D645A2787A9D9252F924E6F.key.asc
new file mode 100644
index 0000000..1eede1c
--- /dev/null
+++ b/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/343D8AF79796EE107D645A2787A9D9252F924E6F.key.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v2
+Comment: Use "gpg --dearmor" for unpacking
+
+KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDEyOToArHGqWD0rP0Nn/c3nYELTD4m1
+gqR7f2+l1ZUMdHcweYwn/fVjaJKmbR+9GzeHWP398FWYs5mCU1DIfrZLF0nJnAJ6
+WRnN9TL+oub1BqqLvCmDSngRuZZ2gUX8DVmD8xTsPnDnG74QDUnvtnpDIAs32sg5
+dnusstrriXD8xXgt0g8pKDE6cTIxOgC449htJbbp5rkJHvBDs4YxEIkk5ykoMTpn
+MTI4Ol+ITxpSMOT5R67Bu4XWoYU7nVeYURpb6LJ8LK2CV7ygECwFdRFdukiGFB+a
+TP8nF6xtuXalaBuerkKp4QXVKqOIkp7MWN2TAOOg9eERHPT//whryf49meNYMPLv
+KAe60udHY76Glm+Zso+24WnEwXX2od1PHVV3CItWRb7YmhgGKSgxOnkxMjg6AgXt
+40h2lpiIHTjbu6fiCBzbr5j2eQX3cNoydkRphJ66bqD+DsPW/Ag0WBCQxgRaLgMr
+db64fQT+fyjbTBLbC8ytt5hpCbm/q5x3TTXDAUNjoB3CnA/tQItBy7qqq/A0d3FZ
+grr6AixK58uZ4wauy8LRZCph67UZ8akcgwJkmVkpKDE6eDIwOn/Y1rjZASGMK9IG
+b1y/ZDKT0zkTKSkp
+=muRa
+-----END PGP ARMORED FILE-----
diff --git a/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc b/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc
new file mode 100644
index 0000000..7083673
--- /dev/null
+++ b/tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc
@@ -0,0 +1,20 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v2
+Comment: Use "gpg --dearmor" for unpacking
+
+S2V5OiAocHJpdmF0ZS1rZXkgKGVsZyAocCAjMDBDQ0Q4QjFGOURBQzc0RDgwOEND
+NTJGMEQ4OTQ2NERBNTU0QzY5RDY3RjMKIDMyM0M0MkE5NUM5OTYyREY0MjEyNkVD
+MEUwOTcxRjQ5QjgxMTUyOUE2QTJBRTlGMEFERUI4MzlBNjM0NjE1Q0Q1NkZBNTQK
+IEY1QTBCN0VGMjVBMEUyRkU4NDNGQTJFNkUwMjFDQUI0MTE5RTYwMzk0QzlENkEz
+RjdBRDRGNTc3OTZEMzY2NjlBNTEyNjYKIEMyN0E4RDFDNUE2QjQxNDFENUM4MzFF
+ODQ1NDFGM0M4MTFFODkwNzg5ODAzMzgyOTVGODJCN0Y3RkQ0MzMzRUZEOTMzMTIK
+IEYyQUIjKShnICMwNiMpKHkgIzM3NzNBNkQ5RUM4ODlENzZFMzI0RDZFNUVDMjFC
+RDQ1Njk5ODMxQUU0RkQwQUUwMzc4MjAKIDVCQUU1QjhDRTg1RkFEQUJEN0U2QjdD
+NzMwMjVDQjNENzMwRDVDNTgyOTAzNEQ3NkJFMDg1NUMyRTlGRjdBNDkyM0VGRkEK
+IEYxNkE5NjY2OTQ0REJDNjI5NDgzOEZDM0YwOUZGOTY0QThEMDIzQ0I4RUJBMzMy
+RkIwNTFFQTAyODIwRUU2MTIwRkZCRTYKIDJCMzZBMjAyQjNDNzUyRjlEQTc2QjJF
+QzExQTY3RDJFMzVFNjZFQzEwNjM1ODdCMjI1MDBFOEE0NkQxNTdCNzUjKSh4ICMK
+IDY5MTVDNkNFRDI1ODE0M0Y4OTM3QjEzMzVGNDg4N0YwMDQyQjdDNjMwMDUzOThG
+OTM5NkJCODUzMjM4Q0I2IykpKQo=
+=6fkh
+-----END PGP ARMORED FILE-----
diff --git a/tests/migrations/extended-private-key-format.gpghome/pubring.kbx.asc b/tests/migrations/extended-private-key-format.gpghome/pubring.kbx.asc
new file mode 100644
index 0000000..5012371
--- /dev/null
+++ b/tests/migrations/extended-private-key-format.gpghome/pubring.kbx.asc
@@ -0,0 +1,39 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v2
+Comment: Use "gpg --dearmor" for unpacking
+
+AAAAIAEBAAJLQlhmAAAAAFcYtiNXGLYjAAAAAAAAAAAAAAQXAgEAAAAAAH4AAAOF
+AAIAHMHeuzTqi3EAnq+kdJc9UOHED97PAAAAIAAAAADNPQ9XAcv8rLKkkHMFo3iH
+snkHqgAAADwAAAAAAAAAAQAMAAACJQAAACIAAAAAAAIABP//////////AAAAAAAA
+AAAAAAAAVxi2IwAAAACZAaIEP/JSaxEEAKxxqlg9Kz9DZ/3N52BC0w+JtYKke39v
+pdWVDHR3MHmMJ/31Y2iSpm0fvRs3h1j9/fBVmLOZglNQyH62SxdJyZwCelkZzfUy
+/qLm9Qaqi7wpg0p4EbmWdoFF/A1Zg/MU7D5w5xu+EA1J77Z6QyALN9rIOXZ7rLLa
+64lw/MV4LdIPAKC449htJbbp5rkJHvBDs4YxEIkk5wP/X4hPGlIw5PlHrsG7hdah
+hTudV5hRGlvosnwsrYJXvKAQLAV1EV26SIYUH5pM/ycXrG25dqVoG56uQqnhBdUq
+o4iSnsxY3ZMA46D14REc9P//CGvJ/j2Z41gw8u8oB7rS50djvoaWb5myj7bhacTB
+dfah3U8dVXcIi1ZFvtiaGAYD+gIF7eNIdpaYiB0427un4ggc26+Y9nkF93DaMnZE
+aYSeum6g/g7D1vwINFgQkMYEWi4DK3W+uH0E/n8o20wS2wvMrbeYaQm5v6ucd001
+wwFDY6AdwpwP7UCLQcu6qqvwNHdxWYK6+gIsSufLmeMGrsvC0WQqYeu1GfGpHIMC
+ZJlZtCJUZXN0IHR3byAobm8gcHApIDx0d29AZXhhbXBsZS5jb20+iF8EExECAB8F
+Aj/yUmsCGwMHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJEJc9UOHED97PgEMAn0F8
+RGDrnmXv7rqM2+pic2oDz1kpAJ0SWPHxdjJHWzoGMrHqocAy/3wFi7kBDQQ/8lJv
+EAQAzNix+drHTYCMxS8NiUZNpVTGnWfzMjxCqVyZYt9CEm7A4JcfSbgRUppqKunw
+reuDmmNGFc1W+lT1oLfvJaDi/oQ/oubgIcq0EZ5gOUydaj961PV3ltNmaaUSZsJ6
+jRxaa0FB1cgx6EVB88gR6JB4mAM4KV+Ct/f9QzPv2TMS8qsAAwYD/jdzptnsiJ12
+4yTW5ewhvUVpmDGuT9CuA3ggW65bjOhfravX5rfHMCXLPXMNXFgpA012vghVwun/
+ekkj7/rxapZmlE28YpSDj8Pwn/lkqNAjy466My+wUeoCgg7mEg/75is2ogKzx1L5
+2nay7BGmfS415m7BBjWHsiUA6KRtFXt1iEkEGBECAAkFAj/yUm8CGwwACgkQlz1Q
+4cQP3s8svgCgmWcpVwvtDN3nAVT1dMFTvCz0hfwAoI4VszJBesG/8GyLW+e2E+Li
+QXVqciq2GGJ3Ap2KvoCwCL/DhCAfcGsAAAHgAgEAAAAAAF4AAAFuAAEAHM8jSQsP
+eLhQu7xzadEgtibsq/UdAAAAIAAAAAAAAAABAAwAAADvAAAAJgAAAAAAAQAE////
+/wAAAAAAAAAAAAAAAFcYtkkAAAAAmQCMBD/yU70BBACoUlZ27OTXX+bQBz8r+Zpv
+STPOvdRSivVuTGHi9zEkc5NkXdr1jq3VZSnCU5d4I2Rj3y1FhSDoDjTAWCQrP/iN
+05qIO0dbZs6qu8mYn/Af/nN2YOm2G7nckSBdQo//6PZ1+u9hNljHLabXUMDrxAr2
+I9IGaSyCUUxATYglq3AQAQAJAQG0JlRlc3QgdGhyZWUgKG5vIHBwKSA8dGhyZWVA
+ZXhhbXBsZS5jb20+iLUEEwECAB8FAj/yU70CGwMHCwkIBwMCAQMVAgMDFgIBAh4B
+AheAAAoJENEgtibsq/UdakMD/2wg19VhpNbtM5CiVif1V57h945OmXr5Lh2SAsI5
+agMb9XXuT9yXsmv+JD5hEE6LRL98XAwGfvaQS9062aJQCocZAWdPJeEEsu+pMn/I
+QdHqGdkr7Oy6xjwSa+gh19JMg4mqR4AIQSkKvRoTSqSAGbi+gytnTmkA7aEUltog
+dYeJLGB5MYPnSPwADYVfNtLxsKZESLA=
+=tULv
+-----END PGP ARMORED FILE-----
diff --git a/tests/migrations/extended-private-key-format.gpghome/trustdb.gpg.asc b/tests/migrations/extended-private-key-format.gpghome/trustdb.gpg.asc
new file mode 100644
index 0000000..f4d354d
--- /dev/null
+++ b/tests/migrations/extended-private-key-format.gpghome/trustdb.gpg.asc
@@ -0,0 +1,31 @@
+-----BEGIN PGP ARMORED FILE-----
+Version: GnuPG v2
+Comment: Use "gpg --dearmor" for unpacking
+
+AWdwZwMDAQUBAgAAVxi2IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQoAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+=eBUi
+-----END PGP ARMORED FILE-----
diff --git a/tests/migrations/extended-private-key-format.test b/tests/migrations/extended-private-key-format.test
new file mode 100755
index 0000000..9c373e8
--- /dev/null
+++ b/tests/migrations/extended-private-key-format.test
@@ -0,0 +1,57 @@
+#!/bin/sh
+# Copyright 2016 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.  This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+if [ -z "$srcdir" ]; then
+   echo "not called from make" >&2
+   exit 1
+fi
+
+unset GNUPGHOME
+set -e
+
+# (We may not use a relative name for gpg-agent.)
+GPG_AGENT="$(cd ../../agent && /bin/pwd)/gpg-agent"
+GPG="../../g10/gpg --no-permission-warning --no-greeting --no-secmem-warning
+--batch --agent-program=${GPG_AGENT}|--debug-quick-random"
+
+TEST="extended-private-key-format"
+
+setup_home()
+{
+    XGNUPGHOME="`mktemp -d`"
+    mkdir -p "$XGNUPGHOME/private-keys-v1.d"
+    for F in $srcdir/$TEST.gpghome/*.asc; do
+	$GPG --dearmor <"$F" >"$XGNUPGHOME/`basename $F .asc`"
+    done
+    for F in $srcdir/$TEST.gpghome/private-keys-v1.d/*.asc; do
+	$GPG --dearmor <"$F" >"$XGNUPGHOME/private-keys-v1.d/`basename $F .asc`"
+    done
+    chmod go-rwx $XGNUPGHOME/* $XGNUPGHOME/*/*
+    export GNUPGHOME="$XGNUPGHOME"
+}
+
+cleanup_home()
+{
+    rm -rf -- "$XGNUPGHOME"
+}
+
+assert_keys_usable()
+{
+    for KEY in C40FDECF ECABF51D; do
+	$GPG --list-secret-keys $KEY >/dev/null
+    done
+}
+
+setup_home
+assert_keys_usable
+cleanup_home
+
+
+# XXX try changing a key, and check that the format is not changed.

commit c6d1f2f08c68efe7e80887219064a8ce6365128f
Author: Justus Winter <justus at g10code.com>
Date:   Thu Apr 21 12:59:59 2016 +0200

    common: Add 'free_strlist_wipe' which wipes memory.
    
    * common/strlist.c (free_strlist_wipe): New function.
    * common/strlist.h (free_strlist_wipe): New prototype.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/common/strlist.c b/common/strlist.c
index 2ba0209..319d034 100644
--- a/common/strlist.c
+++ b/common/strlist.c
@@ -39,6 +39,7 @@
 #include "common-defs.h"
 #include "strlist.h"
 #include "utf8conv.h"
+#include "mischelp.h"
 
 void
 free_strlist( strlist_t sl )
@@ -52,6 +53,19 @@ free_strlist( strlist_t sl )
 }
 
 
+void
+free_strlist_wipe (strlist_t sl)
+{
+    strlist_t sl2;
+
+    for(; sl; sl = sl2 ) {
+	sl2 = sl->next;
+        wipememory (sl, sizeof *sl + strlen (sl->d));
+	xfree(sl);
+    }
+}
+
+
 /* Add STRING to the LIST at the front.  This function terminates the
    process on memory shortage.  */
 strlist_t
diff --git a/common/strlist.h b/common/strlist.h
index 94dd32f..45f5543 100644
--- a/common/strlist.h
+++ b/common/strlist.h
@@ -40,6 +40,8 @@ struct string_list
 typedef struct string_list *strlist_t;
 
 void    free_strlist (strlist_t sl);
+void	free_strlist_wipe (strlist_t sl);
+
 strlist_t add_to_strlist (strlist_t *list, const char *string);
 strlist_t add_to_strlist_try (strlist_t *list, const char *string);
 

commit 95303ee11df12f284e98d02dba993eda9e425383
Author: Justus Winter <justus at g10code.com>
Date:   Thu Apr 21 12:36:04 2016 +0200

    common: Add 'append_to_strlist_try' which can fail.
    
    * common/strlist.c (append_to_strlist): Use the new function.
    (append_to_strlist_try): New function.
    * common/strlist.h (append_to_strlist_try): New prototype.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/common/strlist.c b/common/strlist.c
index 760a460..2ba0209 100644
--- a/common/strlist.c
+++ b/common/strlist.c
@@ -112,9 +112,24 @@ add_to_strlist2( strlist_t *list, const char *string, int is_utf8 )
 strlist_t
 append_to_strlist( strlist_t *list, const char *string )
 {
+  strlist_t sl;
+  sl = append_to_strlist_try (list, string);
+  if (sl == NULL)
+    abort ();
+  return sl;
+}
+
+
+/* Add STRING to the LIST at the end.  */
+strlist_t
+append_to_strlist_try (strlist_t *list, const char *string)
+{
     strlist_t r, sl;
 
     sl = xmalloc( sizeof *sl + strlen(string));
+    if (sl == NULL)
+      return NULL;
+
     sl->flags = 0;
     strcpy(sl->d, string);
     sl->next = NULL;
diff --git a/common/strlist.h b/common/strlist.h
index acb92f7..94dd32f 100644
--- a/common/strlist.h
+++ b/common/strlist.h
@@ -46,6 +46,7 @@ strlist_t add_to_strlist_try (strlist_t *list, const char *string);
 strlist_t add_to_strlist2( strlist_t *list, const char *string, int is_utf8);
 
 strlist_t append_to_strlist (strlist_t *list, const char *string);
+strlist_t append_to_strlist_try (strlist_t *list, const char *string);
 strlist_t append_to_strlist2 (strlist_t *list, const char *string,
                               int is_utf8);
 

commit 342cc488890241b41e49f50886617115342721d6
Author: Justus Winter <justus at g10code.com>
Date:   Wed Apr 13 14:25:30 2016 +0200

    agent: Convert key format document to org.
    
    * agent/keyformat.txt: Convert to org mode.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/agent/keyformat.txt b/agent/keyformat.txt
index e760412..5e15ecf 100644
--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@@ -1,11 +1,11 @@
-keyformat.txt (wk 2001-12-18)
------------------------------
+keyformat.txt               emacs, please switch to -*- org -*- mode
+-------------
 
 
 Some notes on the format of the secret keys used with gpg-agent.
 
-Location of keys
-================
+* Location of keys
+
 The secret keys[1] are stored on a per file basis in a directory below
 the ~/.gnupg home directory.  This directory is named
 
@@ -16,9 +16,8 @@ and should have permissions 700.
 The secret keys are stored in files with a name matching the
 hexadecimal representation of the keygrip[2] and suffixed with ".key".
 
+* Unprotected Private Key Format
 
-Unprotected Private Key Format
-==============================
 The content of the file is an S-Expression like the ones used with
 Libgcrypt.  Here is an example of an unprotected file:
 
@@ -43,9 +42,8 @@ optional but required for some operations to calculate the fingerprint
 of the key.  This timestamp should be a string with the number of
 seconds since Epoch or an ISO time string (yyyymmddThhmmss).
 
+* Protected Private Key Format
 
-Protected Private Key Format
-==============================
 A protected key is like this:
 
 (protected-private-key
@@ -69,7 +67,7 @@ optional; the isotimestamp is 15 bytes long (e.g. "19610711T172000").
 
 The currently defined protection modes are:
 
-1. openpgp-s2k3-sha1-aes-cbc
+** openpgp-s2k3-sha1-aes-cbc
 
   This describes an algorithm using using AES in CBC mode for
   encryption, SHA-1 for integrity protection and the String to Key
@@ -118,7 +116,7 @@ The currently defined protection modes are:
   the stored one - If they don't match the integrity of the key is not
   given.
 
-2. openpgp-s2k3-ocb-aes
+** openpgp-s2k3-ocb-aes
 
   This describes an algorithm using using AES-128 in OCB mode, a nonce
   of 96 bit, a taglen of 128 bit, and the String to Key algorithm 3
@@ -156,8 +154,7 @@ The currently defined protection modes are:
    (protected-at "18950523T000000")
   )
 
-
-3. openpgp-native
+** openpgp-native
 
   This is a wrapper around the OpenPGP Private Key Transport format
   which resembles the standard OpenPGP format and allows the use of an
@@ -194,10 +191,8 @@ The currently defined protection modes are:
    (uri http://foo.bar x-foo:whatever_you_want)
    (comment whatever))
 
+* Shadowed Private Key Format
 
-
-Shadowed Private Key Format
-============================
 To keep track of keys stored on IC cards we use a third format for
 private kyes which are called shadow keys as they are only a reference
 to keys stored on a token:
@@ -224,9 +219,7 @@ readers don't allow passing a variable length PIN.
 
 More items may be added to the list.
 
-
-OpenPGP Private Key Transfer Format
-===================================
+* OpenPGP Private Key Transfer Format
 
 This format is used to transfer keys between gpg and gpg-agent.
 
@@ -239,28 +232,26 @@ This format is used to transfer keys between gpg and gpg-agent.
   (protection PROTTYPE PROTALGO IV S2KMODE S2KHASH S2KSALT S2KCOUNT))
 
 
-* V is the packet version number (3 or 4).
-* PUBKEYALGO is a Libgcrypt algo name
-* CURVENAME is the name of the curve - only used with ECC.
-* P1 .. PN are the parameters; the public parameters are never encrypted
-  the secrect key parameters are encrypted if the "protection" list is
-  given.  To make this more explicit each parameter is preceded by a
-  flag "_" for cleartext or "e" for encrypted text.
-* CSUM is the deprecated 16 bit checksum as defined by OpenPGP.  This
-  is an optional element.
-* If PROTTYPE is "sha1" the new style SHA1 checksum is used if it is "sum"
-  the old 16 bit checksum (above) is used and if it is "none" no
-  protection at all is used.
-* PROTALGO is a Libgcrypt style cipher algorithm name
-* IV is the initialization verctor.
-* S2KMODE is the value from RFC-4880.
-* S2KHASH is a a libgcrypt style hash algorithm identifier.
-* S2KSALT is the 8 byte salt
-* S2KCOUNT is the count value from RFC-4880.
-
-
-Persistent Passphrase Format
-============================
+ * V is the packet version number (3 or 4).
+ * PUBKEYALGO is a Libgcrypt algo name
+ * CURVENAME is the name of the curve - only used with ECC.
+ * P1 .. PN are the parameters; the public parameters are never encrypted
+   the secrect key parameters are encrypted if the "protection" list is
+   given.  To make this more explicit each parameter is preceded by a
+   flag "_" for cleartext or "e" for encrypted text.
+ * CSUM is the deprecated 16 bit checksum as defined by OpenPGP.  This
+   is an optional element.
+ * If PROTTYPE is "sha1" the new style SHA1 checksum is used if it is "sum"
+   the old 16 bit checksum (above) is used and if it is "none" no
+   protection at all is used.
+ * PROTALGO is a Libgcrypt style cipher algorithm name
+ * IV is the initialization verctor.
+ * S2KMODE is the value from RFC-4880.
+ * S2KHASH is a a libgcrypt style hash algorithm identifier.
+ * S2KSALT is the 8 byte salt
+ * S2KCOUNT is the count value from RFC-4880.
+
+* Persistent Passphrase Format
 
 Note: That this has not yet been implemented.
 
@@ -355,14 +346,8 @@ hashed:
     (protected-at "20100915T111722")
    )
 
+* Notes
 
-
-
-
-
-
-Notes:
-======
 [1] I usually use the terms private and secret key exchangeable but prefer the
 term secret key because it can be visually be better distinguished
 from the term public key.

commit 0c35e09278514f1e3377a4b0a9b1f44dd39b1bf4
Author: Justus Winter <justus at g10code.com>
Date:   Thu Apr 21 14:36:21 2016 +0200

    tests: Make migration test more robust and silent.
    
    * tests/migrations/from-classic.test: Fix in-tree build, silence test.
    
    Fixes-commit: defbc70b
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/tests/migrations/from-classic.test b/tests/migrations/from-classic.test
index a61a5c3..9b81d45 100755
--- a/tests/migrations/from-classic.test
+++ b/tests/migrations/from-classic.test
@@ -13,6 +13,7 @@ if [ -z "$srcdir" ]; then
    exit 1
 fi
 
+unset GNUPGHOME
 set -e
 
 # (We may not use a relative name for gpg-agent.)
@@ -20,22 +21,28 @@ GPG_AGENT="$(cd ../../agent && /bin/pwd)/gpg-agent"
 GPG="../../g10/gpg --no-permission-warning --no-greeting --no-secmem-warning
 --batch --agent-program=${GPG_AGENT}|--debug-quick-random"
 
-export GNUPGHOME="from-classic.gpghome"
+TEST="from-classic"
 
 setup_home()
 {
-    rm -rf -- "$GNUPGHOME"
-    mkdir "$GNUPGHOME"
-    for F in $srcdir/$GNUPGHOME/*.asc
-    do
-	$GPG --dearmor <"$F" >"$GNUPGHOME/`echo $F | sed -e 's/....$//'`"
+    XGNUPGHOME="`mktemp -d`"
+    rm -rf -- scratch
+    mkdir -p "$XGNUPGHOME"
+    for F in $srcdir/$TEST.gpghome/*.asc; do
+	$GPG --dearmor <"$F" >"$XGNUPGHOME/`basename $F .asc`"
     done
-    chmod go-rwx $GNUPGHOME/*
+    chmod go-rwx $XGNUPGHOME/*
+    export GNUPGHOME="$XGNUPGHOME"
+}
+
+cleanup_home()
+{
+    rm -rf -- "$XGNUPGHOME"
 }
 
 trigger_migration()
 {
-    $GPG --list-secret-keys >/dev/null
+    $GPG --list-secret-keys >/dev/null 2>&1
 }
 
 assert_migrated()
@@ -50,12 +57,14 @@ assert_migrated()
 setup_home
 trigger_migration
 assert_migrated
+cleanup_home
 
 # Test with an existing private-keys-v1.d.
 setup_home
 mkdir "$GNUPGHOME/private-keys-v1.d"
 trigger_migration
 assert_migrated
+cleanup_home
 
 # Test with an existing private-keys-v1.d with weird permissions.
 setup_home
@@ -63,5 +72,6 @@ mkdir "$GNUPGHOME/private-keys-v1.d"
 chmod 0 "$GNUPGHOME/private-keys-v1.d"
 trigger_migration
 assert_migrated
+cleanup_home
 
 # XXX Check a case where the migration fails.

-----------------------------------------------------------------------

Summary of changes:
 agent/findkey.c                                    | 161 ++++-
 agent/keyformat.txt                                | 143 ++--
 common/Makefile.am                                 |   7 +-
 common/private-keys.c                              | 740 +++++++++++++++++++++
 common/private-keys.h                              | 109 +++
 common/strlist.c                                   |  29 +
 common/strlist.h                                   |   3 +
 common/t-private-keys.c                            | 543 +++++++++++++++
 common/util.h                                      |   3 +
 tests/migrations/Makefile.am                       |  10 +-
 ...3FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc |  27 +
 ...3D8AF79796EE107D645A2787A9D9252F924E6F.key.asc} |   2 +-
 ...B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc |  20 +
 .../pubring.kbx.asc                                |  39 ++
 .../trustdb.gpg.asc                                |   4 +-
 ...assic.test => extended-private-key-format.test} |  46 +-
 tests/migrations/from-classic.test                 |  26 +-
 17 files changed, 1821 insertions(+), 91 deletions(-)
 create mode 100644 common/private-keys.c
 create mode 100644 common/private-keys.h
 create mode 100644 common/t-private-keys.c
 create mode 100644 tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/13FDB8809B17C5547779F9D205C45F47CE0217CE.key.asc
 copy tests/{openpgp/privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc => migrations/extended-private-key-format.gpghome/private-keys-v1.d/343D8AF79796EE107D645A2787A9D9252F924E6F.key.asc} (95%)
 create mode 100644 tests/migrations/extended-private-key-format.gpghome/private-keys-v1.d/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.key.asc
 create mode 100644 tests/migrations/extended-private-key-format.gpghome/pubring.kbx.asc
 copy tests/migrations/{from-classic.gpghome => extended-private-key-format.gpghome}/trustdb.gpg.asc (96%)
 copy tests/migrations/{from-classic.test => extended-private-key-format.test} (52%)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 21 15:09:04 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 21 Apr 2016 15:09:04 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 51018e6290d9b95b0fac99ba86ab993e2c4d916a
Message-ID: <E1atEL3-0003Zt-8U@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  51018e6290d9b95b0fac99ba86ab993e2c4d916a (commit)
      from  ba5964408061004447822beef59c968ca1ec6fb4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 51018e6290d9b95b0fac99ba86ab993e2c4d916a
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 21 14:52:35 2016 +0200

    blog: Add financial Results for 2015

diff --git a/misc/blog.gnupg.org/20160421-financial-results-2015.org b/misc/blog.gnupg.org/20160421-financial-results-2015.org
new file mode 100644
index 0000000..e8b208e
--- /dev/null
+++ b/misc/blog.gnupg.org/20160421-financial-results-2015.org
@@ -0,0 +1,145 @@
+# Financial Results for 2015
+#+STARTUP: showall
+#+AUTHOR: Werner
+#+DATE: April 21, 2016
+#+Keywords:
+
+** Financial Results for 2015
+
+Having prepared the annual accounts for g10^code GmbH, the legal
+entity employing some of the GnuPG hackers, I can now share a financial
+report.  Please read on if you are interested in how well the donation
+campaign last year worked and how we spend your money.
+
+*** Balance Sheet as of 2015-12-31
+
+    Let us start by looking at the balance sheet, which describes
+    our financial status.  The following table shows the actual
+    [[file:data/g10code-bilanz-2015-pub.pdf][balance sheet]] with a few accounts pooled up.  Note that for
+    display purposes all values have been rounded to a full Euro, and
+    thus there are minor mismatches in the Sums.
+
+    |                           |    <r> |     <r> |       <r> |     <r> |
+    |                           |  Asset |  (2014) | Liability |  (2014) |
+    |---------------------------+--------+---------+-----------+---------|
+    | Tangible assets           |   3880 |   (791) |           |         |
+    | Stock of goods            |      0 |   (122) |           |         |
+    | Cash balance              |    360 |   (469) |           |         |
+    | Bank balance KSD          | 207453 | (34522) |           |         |
+    | PayPal and others balance |   3842 |   (711) |           |         |
+    | Accounts receivable       |   4774 |     (0) |           |         |
+    | Accounts receivable other |    497 | (18408) |           |         |
+    | Common capital stock      |        |         |     25000 | (25000) |
+    | Loss carried forward      |      0 | (23019) |           |         |
+    | Profit carried forward    |        |         |     11338 |     (0) |
+    | Net profit                |        |         |    115350 | (34357) |
+    | Shareholder loans         |        |         |         0 | (10000) |
+    | Accounts payable          |        |         |         0 |  (3510) |
+    | Accounts payable other    |        |         |     27974 |     (0) |
+    | GnuPG development fund    |        |         |        72 |    (72) |
+    | Provision for taxes       |        |         |     41070 |  (5103) |
+    |---------------------------+--------+---------+-----------+---------|
+    | Sums                      | 220804 | (78042) |  (220804) | (78042) |
+
+
+    The /Bank balance KSD/ is the money that we had at the end of the year
+    in our accounts at the local savings bank.  The /PayPal/ row gives
+    the amount of money in the PayPal account and in a Gandi prepaid
+    account.  /Accounts receivable/ are mostly outstanding demands
+    from the Linux Foundation for work done in December.
+
+    From the /Common capital stock/ of 25000 Euro 50% are held by
+    Walter Koch and 50% by Werner Koch, the owners of g10^code.  The
+    /Net profit/ gained in 2014 was back then used to make up for the
+    /Loss carried forward/ in 2014 and the remaining 11000 Euro are
+    set as /Profit carried forward/ to 2015.
+
+    The major part of the /Accounts payable other/ is due to my profit
+    sharing bonus.  The /GnuPG development fund/ is the rest of a
+    campaign which collected prize money for the GnuPG logo.
+
+*** Profit and Loss from 2015-01-01 to 2015-12-31
+
+    Now let us see how much money we earned and how we spent it.  The
+    following table shows the actual [[file:data/g10code-bilanz-2015-pub.pdf][profit and loss sheet]] with a few
+    accounts pooled up.  As above, the values have again been rounded
+    to the nearest Euro.
+
+    |                          |    <r> |     <r> |    <r> |     <r> |
+    |                          |  Debit |  (2014) | Credit |  (2014) |
+    |--------------------------+--------+---------+--------+---------|
+    | Revenues                 |        |         |  57251 | (80435) |
+    | Revenues from donations  |        |         | 283538 |     (0) |
+    | Revenues other           |        |         |    218 |   (163) |
+    | Salaries                 | 108719 | (31800) |        |         |
+    | Social insurance         |  18060 |     (0) |        |         |
+    | Contractors              |  33165 |     (0) |        |         |
+    | Write-offs               |   1532 |  (1656) |        |         |
+    | Connectivity and hosting |   2012 |  (2874) |        |         |
+    | Rents                    |   2681 |  (2653) |        |         |
+    | Interest expenses        |    550 |     (0) |        |         |
+    | Travel expenses          |   3499 |  (1014) |        |         |
+    | Other expenses           |   5169 |  (6244) |        |         |
+    | Donations                |   5100 |     (1) |        |         |
+    | Taxes                    |  45171 |     (0) |        |         |
+    | Net profit               | 115350 | (34357) |        |         |
+    |--------------------------+--------+---------+--------+---------|
+    | Sums                     | 341007 | (80597) | 341007 | (80597) |
+
+# Other expenses are:
+#    | Fachliteratur         |   634 |  664 |
+#    | Stromkosten           |   452 |  592 |
+#    | B?rokosten            |   432 |   84 |
+#    | Porto                 |    29 |      |
+#    | Bankkosten            |   577 |  136 |
+#    | Werbekosten           |  1111 | 3943 |
+#    | Beitr?ge              |   128 |  128 |
+#    | Instandsetzungskosten |     0 |  250 |
+#    | Konferenzkosten       |   919 |  118 |
+#    | Rechtskosten          |   433 |   33 |
+#    | Sonstige Kosten       |   320 |  238 |
+#    | Forderungsverluste    |   134 |   58 |
+
+    The /Revenues/ are mainly due to funding from the Linux Foundation
+    for 60,000 USD (54,000 EUR).  The /Revenues from donations/ are
+    mainly made up of 100,000 USD from Stripe and Facebook (89,000
+    EUR), 113,000 EUR received via PayPal, and 80,000 EUR via Stripe
+    (credit cards).  Note that in 2014 we posted all donations to the
+    /Revenues/ account and not to a separate donations account.
+
+    As with almost all software companies, the majority of expenses
+    are staff costs (we've hired three programmers).  Not counting
+    taxes, which are due to the annual profit, we have total costs of
+    180,000 EUR with 160,000 spent on /Salaries/, /Social insurance/,
+    and /Contractors/.  My share is 47,400 EUR regular salary of which
+    I need to pay social insurances myself plus a profit sharing bonus
+    of 25000 EUR.  That bonus is exceptionally high due to the huge
+    net profit that we made in 2015; it is very unlikely that a bonus
+    will be due this or next year.
+
+    The /Rents/ are for the room used as an office in my house.  The
+    /Interest/ was paid for a loan that I gave to g10^code in 2012 and
+    which was redeemed in 2015.  /Other expenses/ sums up money spent
+    for magazines, power, office supplies, advertising, conference
+    fees, legal costs, etc.
+
+    Having received a lot of donations I considered it to be fair to
+    put some money (5100 EUR) to support [[https://netzpolitik.org][Netzpolitik.org]], [[https://fsfe.org][FSFE]],
+    [[https://www.kindernothilfe.de][Kindernothilfe]], [[http://www.freundeskreis-fluechtlinge-erkrath.de/][Freundeskreis f?r Fl?chtlinge in Erkrath]],
+    [[https://wikimedia.de][Wikimedia]], and [[https://openmusiccontest.org][OpenMusicContest]].
+
+    Because g10^code GmbH is still not tax exempted we will need to
+    pay about 45,000 /Taxes/ in 2015 on the 115,000 Euro of /Net
+    profit/.  Due to the net loss that we expect for 2016, a tax refund can
+    be expected in 2017.
+
+*** Planning 2016 and 2017
+
+    Along with the paid projects we are currently working on, the two
+    large donations that we are expecting (from Facebook and Stripe),
+    the Linux Foundation grant, and a small stream of individual
+    donations, g10^code will be able to operate with its current staff
+    until the end of 2017.  Obviously, we need a longer term plan.
+    Things are a bit delayed, because the original plan to turn
+    g10^code into a charitable company did not worked out and we need
+    to look into other options before starting a new campaign.
diff --git a/misc/blog.gnupg.org/data/g10code-bilanz-2015-pub.pdf b/misc/blog.gnupg.org/data/g10code-bilanz-2015-pub.pdf
new file mode 100644
index 0000000..7f1645d
Binary files /dev/null and b/misc/blog.gnupg.org/data/g10code-bilanz-2015-pub.pdf differ

-----------------------------------------------------------------------

Summary of changes:
 .../20160421-financial-results-2015.org            | 145 +++++++++++++++++++++
 .../data/g10code-bilanz-2015-pub.pdf               | Bin 0 -> 58247 bytes
 2 files changed, 145 insertions(+)
 create mode 100644 misc/blog.gnupg.org/20160421-financial-results-2015.org
 create mode 100644 misc/blog.gnupg.org/data/g10code-bilanz-2015-pub.pdf


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 21 15:39:48 2016
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Thu, 21 Apr 2016 15:39:48 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-149-gb8cb097
Message-ID: <E1atEon-0004go-1c@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b8cb0973bcbe201a1e32a326dd97c3e72778b9d8 (commit)
      from  12af2630cf4d1a39179179925fac8f2cce7504ff (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b8cb0973bcbe201a1e32a326dd97c3e72778b9d8
Author: Justus Winter <justus at g10code.com>
Date:   Thu Apr 21 15:23:04 2016 +0200

    common: Drop unused variables, fix warnings.
    
    --
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/common/private-keys.c b/common/private-keys.c
index d77ce16..a3c06f9 100644
--- a/common/private-keys.c
+++ b/common/private-keys.c
@@ -347,7 +347,7 @@ _pkc_add (pkc_t pk, char *name, char *value, strlist_t raw_value,
     {
       pke_t last;
 
-      if (preserve_order)
+      if (preserve_order || name == NULL)
 	last = pk->last;
       else
 	{
diff --git a/common/t-private-keys.c b/common/t-private-keys.c
index 06415a1..1027e70 100644
--- a/common/t-private-keys.c
+++ b/common/t-private-keys.c
@@ -269,7 +269,6 @@ run_modification_tests (void)
 {
   gpg_error_t err;
   pkc_t pk;
-  pke_t e;
   gcry_sexp_t key;
   char *buf;
 
@@ -380,7 +379,6 @@ convert (const char *fname)
   gcry_sexp_t key;
   char *buf;
   size_t buflen;
-  gpgrt_ssize_t nread;
   struct stat st;
   pkc_t pk;
 

-----------------------------------------------------------------------

Summary of changes:
 common/private-keys.c   | 2 +-
 common/t-private-keys.c | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 22 09:07:10 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 22 Apr 2016 09:07:10 +0200
Subject: [git] GPG-ERROR - branch, master,
 updated. libgpg-error-1.21-23-gb84d704
Message-ID: <E1atVAL-0004Ad-W2@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".

The branch, master has been updated
       via  b84d704dc4396c0ea6962096249b510c385a3a13 (commit)
      from  1cd1ddb4ac2c13223a073f6d77696bcd6253e2ff (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b84d704dc4396c0ea6962096249b510c385a3a13
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 22 09:06:03 2016 +0200

    syscfg: Add powerpc-unknown-linux-gnuspe
    
    --

diff --git a/src/mkheader.c b/src/mkheader.c
index 0d3d6ba..64d0904 100644
--- a/src/mkheader.c
+++ b/src/mkheader.c
@@ -82,6 +82,7 @@ canon_host_triplet (const char *triplet)
     {"i486-pc-kfreebsd-gnu", "i686-pc-kfreebsd-gnu"},
     {"i586-pc-kfreebsd-gnu"},
     {"x86_64-pc-linux-gnuhardened1", "x86_64-pc-linux-gnu" },
+    {"powerpc-unknown-linux-gnuspe", "powerpc-unknown-linux-gnu" },
 
     { NULL }
   };

-----------------------------------------------------------------------

Summary of changes:
 src/mkheader.c | 1 +
 1 file changed, 1 insertion(+)


hooks/post-receive
-- 
Error codes used by GnuPG et al.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 22 10:01:16 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 22 Apr 2016 10:01:16 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
 updated. gnupg-1.4.20-9-gbedcef6
Message-ID: <E1atW0h-0005cE-RO@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  bedcef635221398e7bbb5dc0df7b04e9a7ce97cf (commit)
      from  6a9e8e9161941266b9365def3fa74aca9352daa7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bedcef635221398e7bbb5dc0df7b04e9a7ce97cf
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 22 09:57:38 2016 +0200

    doc: Explain that gpg-preset-passphrase can't be used.
    
    --

diff --git a/doc/gpg.texi b/doc/gpg.texi
index ae582d3..b770e0e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1640,7 +1640,9 @@ process. @option{--no-auto-check-trustdb} disables this option.
 @opindex use-agent
 Try to use the GnuPG-Agent.  With this option, GnuPG first tries to
 connect to the agent before it asks for a
-passphrase. @option{--no-use-agent} disables this option.
+passphrase. @option{--no-use-agent} disables this option.  Note, that
+the tool @command{gpg-preset-passphrase}, which comes with GnuPG-2,
+cannot be used to preset a passphrase for this version of GnuPG.
 
 @item --gpg-agent-info
 @opindex gpg-agent-info

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr 25 09:59:15 2016
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Mon, 25 Apr 2016 09:59:15 +0200
Subject: [git] GPG-ERROR - branch, master,
 updated. libgpg-error-1.21-24-gf1104b9
Message-ID: <E1aubPL-0003OQ-9h@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".

The branch, master has been updated
       via  f1104b92249005a31961d1a32c38ba65a0b3ff3a (commit)
      from  b84d704dc4396c0ea6962096249b510c385a3a13 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f1104b92249005a31961d1a32c38ba65a0b3ff3a
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Mon Apr 25 16:46:46 2016 +0900

    Fix for HPPA.
    
    * configure.ac (HAVE_GCC_ATTRIBUTE_ALIGNED): Revert.
    * src/gen-posix-lock-obj.c (USE_16BYTE_ALIGNMENT): Revert.
    * src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h: Revert.
    
    --
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
    
    This fixes commit 5168b97.  I considered wrongly that long double were
    128-bit in HPPA.  Currently, all that we can do for HPPA is assuming
    GCC and use its extension of "aligned" attribute.

diff --git a/configure.ac b/configure.ac
index 6d25b51..566ea62 100644
--- a/configure.ac
+++ b/configure.ac
@@ -274,6 +274,20 @@ if test "$GCC" = yes; then
 fi
 
 #
+# Check whether the compiler supports the GCC style aligned attribute
+#
+AC_CACHE_CHECK([whether the GCC style aligned attribute is supported],
+       [gcry_cv_gcc_attribute_aligned],
+       [gcry_cv_gcc_attribute_aligned=no
+        AC_COMPILE_IFELSE([AC_LANG_SOURCE(
+          [[struct { int a; } foo __attribute__ ((aligned (16)));]])],
+          [gcry_cv_gcc_attribute_aligned=yes])])
+if test "$gcry_cv_gcc_attribute_aligned" = "yes" ; then
+   AC_DEFINE(HAVE_GCC_ATTRIBUTE_ALIGNED,1,
+     [Defined if a GCC style "__attribute__ ((aligned (n))" is supported])
+fi
+
+#
 # Check for ELF visibility support.
 #
 AC_CACHE_CHECK(whether the visibility attribute is supported,
@@ -544,3 +558,11 @@ echo "
         Revision: mym4_revision  (mym4_revision_dec)
         Platform: $host$tmp
 "
+if test "$gcry_cv_gcc_attribute_aligned" != "yes" ; then
+cat <<G10EOF
+***
+***  Please note that your compiler does not support the GCC style
+***  aligned attribute.  Using this software may evoke bus errors.
+***
+G10EOF
+fi
diff --git a/src/gen-posix-lock-obj.c b/src/gen-posix-lock-obj.c
index 79b56de..e32a3cd 100644
--- a/src/gen-posix-lock-obj.c
+++ b/src/gen-posix-lock-obj.c
@@ -43,6 +43,7 @@
 #endif
 
 /* Special requirements for certain platforms.  */
+# define USE_LONG_DOUBLE_FOR_ALIGNMENT 0
 #if defined(__sun) && !defined (__LP64__) && !defined(_LP64)
 /* Solaris on 32-bit architecture.  */
 # define USE_DOUBLE_FOR_ALIGNMENT 1
@@ -50,9 +51,13 @@
 # define USE_DOUBLE_FOR_ALIGNMENT 0
 #endif
 #if defined(__hppa__)
-# define USE_LONG_DOUBLE_FOR_ALIGNMENT 1
+# define USE_16BYTE_ALIGNMENT 1
 #else
-# define USE_LONG_DOUBLE_FOR_ALIGNMENT 0
+# define USE_16BYTE_ALIGNMENT 0
+#endif
+
+#if USE_16BYTE_ALIGNMENT && !HAVE_GCC_ATTRIBUTE_ALIGNED
+# error compiler is not able to enforce a 16 byte alignment
 #endif
 
 #ifdef USE_POSIX_THREADS
@@ -117,7 +122,9 @@ main (void)
           "\n"
           "#define GPGRT_LOCK_INITIALIZER {%d,{{",
           SIZEOF_PTHREAD_MUTEX_T,
-# if USE_DOUBLE_FOR_ALIGNMENT
+# if USE_16BYTE_ALIGNMENT
+          "    int _x16_align __attribute__ ((aligned (16)));\n",
+# elif USE_DOUBLE_FOR_ALIGNMENT
           "    double _xd_align;\n",
 # elif USE_LONG_DOUBLE_FOR_ALIGNMENT
           "    long double _xld_align;\n",
diff --git a/src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h
index 3682577..b57bb76 100644
--- a/src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h
+++ b/src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h
@@ -7,7 +7,7 @@ typedef struct
   long _vers;
   union {
     volatile char _priv[48];
-    long double _xld_align;
+    int _x16_align __attribute__ ((aligned (16)));
     long _x_align;
     long *_xp_align;
   } u;

-----------------------------------------------------------------------

Summary of changes:
 configure.ac                                     | 22 ++++++++++++++++++++++
 src/gen-posix-lock-obj.c                         | 13 ++++++++++---
 src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h |  2 +-
 3 files changed, 33 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
Error codes used by GnuPG et al.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr 25 11:13:24 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 25 Apr 2016 11:13:24 +0200
Subject: [git] GPG-ERROR - branch, master,
 updated. libgpg-error-1.21-29-gc780f65
Message-ID: <E1aucZ4-0005b2-Ud@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".

The branch, master has been updated
       via  c780f657c03baf93c3a38f029f9b1a5d135a9ce4 (commit)
       via  9a05076e90eef504cbc3ef614982f856b9b60540 (commit)
       via  c95e0ed3001c68750af816b010c7d4109a2ba9cd (commit)
       via  1a18e19105bd2a4939d0938a61a4add92f45eadb (commit)
       via  8ae3af15caaaaffaa9dbeab5fd767076891200bb (commit)
      from  f1104b92249005a31961d1a32c38ba65a0b3ff3a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c780f657c03baf93c3a38f029f9b1a5d135a9ce4
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 25 11:12:24 2016 +0200

    Post release updates.
    
    --

diff --git a/NEWS b/NEWS
index ddade0a..75f2063 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.23 (unreleased) [C18/A18/R_)
+-----------------------------------------------
+
+
 Noteworthy changes in version 1.22 (2016-04-25) [C18/A18/R0)
 -----------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index 784ac69..939d6ef 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,7 +27,7 @@ min_automake_version="1.14"
 # another commit, and a push so that the git magic is able to work.
 # See below for the LT versions.
 m4_define([mym4_version_major], [1])
-m4_define([mym4_version_minor], [22])
+m4_define([mym4_version_minor], [23])
 
 # Below is m4 magic to extract and compute the revision number, the
 # decimalized short revision number, a beta version string, and a flag

commit 9a05076e90eef504cbc3ef614982f856b9b60540
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 25 11:04:52 2016 +0200

    Release 1.22.
    
    * configure.ac: Set LT version to C18/A18/R0.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/AUTHORS b/AUTHORS
index 2f89f6f..017fe97 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -6,72 +6,52 @@ Security related bug reports: security at gnupg.org
 License (library): LGPLv2.1+
 License (manual tools): GPLv2+ with exception
 
+Libgpg-error is free software.  See the files COPYING.LIB and COPYING
+for copying conditions.  License copyright years may be listed using
+range notation, e.g., 2000-2013, indicating that every year in the
+range, inclusive, is a copyrightable year that would otherwise be
+listed individually.
 
-Aron Xu <happyaron.xu at gmail.com>
- - TRANSLATION [zh_CN]
 
-Clytie Siddall <clytie at riverland.net.au>
- - TRANSLATION [vi]
-
-Daniel Nylander <po at danielnylander.se>
- - TRANSLATION [sv]
-
-David Pr??vot <david at tilapin.org>
- - TRANSLATION [fr]
-
-Felipe Castro <fefcas at gmail.com>
- - TRANSLATION [eo]
-
-Francesco Groccia <fgr at anche.no>
- - TRANSLATION [it]
-
-Freek de Kruijf <f.de.kruijf at gmail.com>
- - TRANSLATION [nl]
-
-g10 Code GmbH <code at g10code.com>
- - Design and implementation.
-
-Jakub Bogusz <qboosh at pld-linux.org>
- - TRANSLATION [pl]
-
-Joe Hansen <joedalton2 at yahoo.dk>
- - TRANSLATION [da]
-
-Laurentiu Buzdugan <lbuz at rolix.org>
- - TRANSLATION [ro]
-
-Petr Pisar <petr.pisar at atlas.cz>
- - TRANSLATION [cs]
-
-Robert Schiele <rschiele at uni-mannheim.de>
- - libgpg-error.spec
+Authors with a DCO
+==================
 
-Stephane Roy <sroy at j2n.net>
- - TRANSLATION [fr]
+We do not collect DCOs for libgpg-error.  As a supporting library for
+GnuPG, Libgcrypt, and GPGME a DCO for any of these projects is
+sufficient.
 
-Takeshi Hamasaki <hmatrjp at users.sourceforge.jp>
- - TRANSLATION [fp]
 
-Werner Koch <wk at gnupg.org>
- - TRANSLATION [de]
+Translators
+===========
 
-Yasuaki Taniguchi <yasuakit at gmail.com>
- - TRANSLATION [fp]
+cs    - Petr Pisar <petr.pisar at atlas.cz>
+da    - Joe Hansen <joedalton2 at yahoo.dk>
+de    - Werner Koch <wk at gnupg.org>
+eo    - Felipe Castro <fefcas at gmail.com>
+fr    - David Pr??vot <david at tilapin.org>
+        Stephane Roy <sroy at j2n.net>
+it    - Francesco Groccia <fgr at anche.no>
+jp    - Takeshi Hamasaki <hmatrjp at users.sourceforge.jp>
+        Yasuaki Taniguchi <yasuakit at gmail.com>
+nl    - Freek de Kruijf <f.de.kruijf at gmail.com>
+pl    - Jakub Bogusz <qboosh at pld-linux.org>
+ro    - Laurentiu Buzdugan <lbuz at rolix.org>
+sv    - Daniel Nylander <po at danielnylander.se>
+uk    - Yuri Chornoivan <yurchor at ukr.net>
+vi    - Clytie Siddall <clytie at riverland.net.au>
+zh_CN - Aron Xu <happyaron.xu at gmail.com>
 
-Yuri Chornoivan <yurchor at ukr.net>
- - TRANSLATION [uk]
 
+More credits
+============
 
-Authors with a DCO
-==================
-
-We do not collect DCOs for libgpg-error.  As a supporting library for
-GnuPG, Libgcrypt, and GPGME a DCO for any of these projects is
-sufficient.
+Robert Schiele <rschiele at uni-mannheim.de> wrote libgpg-error.spec.
 
+Thanks to Yukihiro Nakadaira for his public domain iconv
+implementation for Windows.
 
 
- Copyright 2003, 2004, 2005, 2006, 2007, 2013, 2014, 2015 g10 Code GmbH
+ Copyright 2003-2007, 2013-2016 g10 Code GmbH
 
  This file is free software; as a special exception the author gives
  unlimited permission to copy and/or distribute it, with or without
diff --git a/NEWS b/NEWS
index b736ad2..ddade0a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,12 @@
-Noteworthy changes in version 1.22 (unreleased) [C17/A17/R_)
+Noteworthy changes in version 1.22 (2016-04-25) [C18/A18/R0)
 -----------------------------------------------
 
+ * New functions and macros to to provide iconv(3) on Windows.
 
- * Interface changes relative to the 1.20 release:
+ * Support for LeakSanitizer with the gpgrt_annotate_leaked_object
+   inline function.
+
+ * Interface changes relative to the 1.21 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  GPG_ERR_DB_CORRUPTED             NEW.
  gpgrt_annotate_leaked_object     NEW inline func.
diff --git a/configure.ac b/configure.ac
index 566ea62..784ac69 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 # configure.ac for libgpg-error
-# Copyright (C) 2003, 2004, 2006, 2010, 2013, 2014, 2015 g10 Code GmbH
+# Copyright (C) 2003, 2004, 2006, 2010, 2013, 2014, 2015, 2016 g10 Code GmbH
 #
 # This file is part of libgpg-error.
 #
@@ -51,8 +51,8 @@ AC_INIT([libgpg-error],[mym4_full_version],[https://bugs.gnupg.org])
 #   (Interfaces added:			AGE++)
 #   (Interfaces removed:		AGE=0)
 # Note that added error codes don't constitute an interface change.
-LIBGPG_ERROR_LT_CURRENT=17
-LIBGPG_ERROR_LT_AGE=17
+LIBGPG_ERROR_LT_CURRENT=18
+LIBGPG_ERROR_LT_AGE=18
 LIBGPG_ERROR_LT_REVISION=0
 ################################################
 
diff --git a/doc/errorref.txt b/doc/errorref.txt
index 22b78fc..bf27a81 100644
--- a/doc/errorref.txt
+++ b/doc/errorref.txt
@@ -263,6 +263,8 @@ GPG_ERR_CONFLICT		Conflicting use
 
     NTBTLS: - Function has already been called and may not be called
               again at this protocol state.
+    GNUPG:  - Returned by g13 when creating a new container on a device
+              which seems to be in use.
 
 
 71	GPG_ERR_INV_CIPHER_MODE		Invalid cipher mode
diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in
index f0043f3..a79f6ba 100644
--- a/src/gpg-error.h.in
+++ b/src/gpg-error.h.in
@@ -1,5 +1,5 @@
 /* gpg-error.h - Public interface to libgpg-error.               -*- c -*-
- * Copyright (C) 2003, 2004, 2010, 2013, 2014, 2015 g10 Code GmbH
+ * Copyright (C) 2003, 2004, 2010, 2013, 2014, 2015, 2016 g10 Code GmbH
  *
  * This file is part of libgpg-error.
  *
diff --git a/src/version.c b/src/version.c
index d0c408d..64a9ac1 100644
--- a/src/version.c
+++ b/src/version.c
@@ -39,7 +39,7 @@ cright_blurb (void)
   static const char blurb[] =
     "\n\n"
     "This is Libgpg-error " PACKAGE_VERSION " - An error code library\n"
-    "Copyright 2003, 2004, 2010, 2013, 2014, 2015 g10 Code GmbH\n"
+    "Copyright 2003, 2004, 2010, 2013, 2014, 2015, 2016 g10 Code GmbH\n"
     "\n"
     "(" BUILD_REVISION " " BUILD_TIMESTAMP ")\n"
     "\n\n";
diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in
index 8a053a9..67599c6 100644
--- a/src/versioninfo.rc.in
+++ b/src/versioninfo.rc.in
@@ -39,7 +39,7 @@ BEGIN
             VALUE "FileDescription", "libgpg-error - Common error codes\0"
             VALUE "FileVersion", "@LIBGPG_ERROR_LT_CURRENT at .@LIBGPG_ERROR_LT_AGE at .@LIBGPG_ERROR_LT_REVISION at .@BUILD_REVISION@\0"
             VALUE "InternalName", "libgpg-error\0"
-            VALUE "LegalCopyright", "Copyright ? 2013 g10 Code GmbH\0"
+            VALUE "LegalCopyright", "Copyright ? 2016 g10 Code GmbH\0"
             VALUE "LegalTrademarks", "\0"
             VALUE "OriginalFilename", "libgpg-error.dll\0"
             VALUE "PrivateBuild", "\0"

commit c95e0ed3001c68750af816b010c7d4109a2ba9cd
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 25 10:37:08 2016 +0200

    po: Auto-update
    
    --

diff --git a/po/cs.po b/po/cs.po
index 5859f6b..1d27209 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -736,6 +736,11 @@ msgstr "Lich?? ??estn??ctkov?? ????sla v S-v??razu"
 msgid "Bad octal character in S-expression"
 msgstr "Chybn?? osmi??kov?? znak v??S-v??razu"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Data ne??ifrov??na"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/da.po b/po/da.po
index 0ce1fce..6a6a8eb 100644
--- a/po/da.po
+++ b/po/da.po
@@ -731,6 +731,11 @@ msgstr "Ulige hexadecimalt tal i S-udtryk"
 msgid "Bad octal character in S-expression"
 msgstr "??delagt oktalt tegn i S-udtryk"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Data er ikke krypteret"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/eo.po b/po/eo.po
index e16005a..87e9d7b 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -764,6 +764,11 @@ msgstr "Malparaj deksesumaj numeroj en S-esprimo"
 msgid "Bad octal character in S-expression"
 msgstr "Mal??usta okuma signo en S-esprimo"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Datumaro ne ??ifrita"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/fr.po b/po/fr.po
index eeba0a9..55a5819 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -729,6 +729,11 @@ msgstr "Nombre hexad??cimal impair dans l'expression symbolique"
 msgid "Bad octal character in S-expression"
 msgstr "Mauvais caract??re octal dans l'expression symbolique"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Donn??es non chiffr??es"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/hu.po b/po/hu.po
index abcab3a..d5ccc0d 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -762,6 +762,11 @@ msgstr "P??ratlan hexadecim??lis sz??mok az S-kifejez??sben"
 msgid "Bad octal character in S-expression"
 msgstr "Rossz oktadecim??lis karakter az S-kifejez??sben"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Az adatok nincsenek titkos??tva"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/it.po b/po/it.po
index a5c130a..44616c7 100644
--- a/po/it.po
+++ b/po/it.po
@@ -727,6 +727,11 @@ msgstr "Numeri esadecimali dispari in S-expression"
 msgid "Bad octal character in S-expression"
 msgstr "Carattere ottale errato in S-expression"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Dati non cifrati"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/nl.po b/po/nl.po
index 7513701..fad8b81 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -728,6 +728,11 @@ msgstr "Vreemde hexadecimale getallen in S-expressie"
 msgid "Bad octal character in S-expression"
 msgstr "Fout octaal teken in S-expressie"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Gegevens niet versleuteld"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/pl.po b/po/pl.po
index 3a118f8..596edd7 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -726,6 +726,11 @@ msgstr "Nieparzysta liczba cyfr szesnastkowych w S-wyra??eniu"
 msgid "Bad octal character in S-expression"
 msgstr "B????dny znak ??semkowy w S-wyra??eniu"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Dane nie zaszyfrowane"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/pt.po b/po/pt.po
index b88d15f..4eb64a8 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -728,6 +728,11 @@ msgstr "N??meros hexadecimais ??mpares na express??o simb??lica"
 msgid "Bad octal character in S-expression"
 msgstr "Car??cter octal errado na express??o simb??lica"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Dados n??o encriptados"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/ro.po b/po/ro.po
index dbab873..029be1f 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -765,6 +765,11 @@ msgstr "Numere hexazecimale ciudate 
 msgid "Bad octal character in S-expression"
 msgstr "Caracter octal incorect ?n expresia-S"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Date necifrate"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/ru.po b/po/ru.po
index 4193493..b80060a 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -726,6 +726,11 @@ msgstr "?????????????????????????????????? ?????????? ???????????????? ????????
 msgid "Bad octal character in S-expression"
 msgstr "???????????? ???????????????????????? ???????????? ?? S-??????????????????"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "???????????? ???? ??????????????????????"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/sr.po b/po/sr.po
index 2db485d..cfed426 100644
--- a/po/sr.po
+++ b/po/sr.po
@@ -761,6 +761,11 @@ msgstr "?????????????? ???????????????????????????? ?????????????? ?? ??-??????
 msgid "Bad octal character in S-expression"
 msgstr "?????? ?????????????????????????? ???????? ?? ??-????????????"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "???????????? ???????? ??????????????????"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/sv.po b/po/sv.po
index af48633..a1d6a6d 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -752,6 +752,11 @@ msgstr "Udda hexadecimala tal i S-uttryck"
 msgid "Bad octal character in S-expression"
 msgstr "Felaktigt oktadecimalt tecken i S-uttryck"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Data ??r inte krypterat"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/uk.po b/po/uk.po
index 75a8879..85d5384 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -728,6 +728,11 @@ msgstr "?????????? ???????????????????????????? ?????????? ?? S-????????????"
 msgid "Bad octal character in S-expression"
 msgstr "???????????????????? ???????????????????? ???????????? ?? S-????????????"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "???????? ???? ??????????????????????"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/vi.po b/po/vi.po
index 0ad1cbc..02e437e 100644
--- a/po/vi.po
+++ b/po/vi.po
@@ -754,6 +754,11 @@ msgstr "C?? s??? th???p l???c l??? trong bi???u th???c S"
 msgid "Bad octal character in S-expression"
 msgstr "K?? t??? b??t ph??n sai trong bi???u th???c S"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "Ch??a m???t m?? d??? li???u"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/zh_CN.po b/po/zh_CN.po
index f3696f4..c056dc6 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -751,6 +751,11 @@ msgstr ""
 msgid "Bad octal character in S-expression"
 msgstr ""
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "???????????????"
+
 msgid "Server indicated a failure"
 msgstr ""
 
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 779fed5..7034928 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -730,6 +730,11 @@ msgstr "S-??????????????????????????????????????????"
 msgid "Bad octal character in S-expression"
 msgstr "S-???????????????????????????????????????"
 
+#, fuzzy
+#| msgid "Data not encrypted"
+msgid "Database is corrupted"
+msgstr "??????????????????"
+
 msgid "Server indicated a failure"
 msgstr ""
 

commit 1a18e19105bd2a4939d0938a61a4add92f45eadb
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 25 10:34:37 2016 +0200

    po: Update German translation.
    
    --

diff --git a/po/de.po b/po/de.po
index 8ba17ba..d558c39 100644
--- a/po/de.po
+++ b/po/de.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: libgpg-error-1.19\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2015-12-12 12:52+0100\n"
+"PO-Revision-Date: 2016-04-25 10:33+0200\n"
 "Last-Translator: Werner Koch <wk at gnupg.org>\n"
 "Language-Team: none\n"
 "Language: de\n"
@@ -729,6 +729,9 @@ msgstr "Ungerade Anzahl von Hex-Zeichen in S-expression"
 msgid "Bad octal character in S-expression"
 msgstr "Falsches Oktal-Zeichen in S-expression"
 
+msgid "Database is corrupted"
+msgstr "Besch??digte Datenbank"
+
 msgid "Server indicated a failure"
 msgstr "Server zeigt einen unbestimmten Fehler an"
 

commit 8ae3af15caaaaffaa9dbeab5fd767076891200bb
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 25 10:21:45 2016 +0200

    build: Update config.{guess,sub} to 2016-04-02 and 2016-03-30.
    
    * build-aux/config.guess: Update.
    * build-aux/config.sub: Update.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/build-aux/config.guess b/build-aux/config.guess
index 7adf147..0967f2a 100755
--- a/build-aux/config.guess
+++ b/build-aux/config.guess
@@ -1,8 +1,8 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright 1992-2015 Free Software Foundation, Inc.
+#   Copyright 1992-2016 Free Software Foundation, Inc.
 
-timestamp='2015-01-01'
+timestamp='2016-04-02'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -15,7 +15,7 @@ timestamp='2015-01-01'
 # General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, see <https://www.gnu.org/licenses/>.
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
@@ -27,7 +27,7 @@ timestamp='2015-01-01'
 # Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
 #
 # You can get the latest version of this script from:
-# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
 #
 # Please send patches to <config-patches at gnu.org>.
 
@@ -50,7 +50,7 @@ version="\
 GNU config.guess ($timestamp)
 
 Originally written by Per Bothner.
-Copyright 1992-2015 Free Software Foundation, Inc.
+Copyright 1992-2016 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -168,20 +168,27 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	# Note: NetBSD doesn't particularly care about the vendor
 	# portion of the name.  We always set it to "unknown".
 	sysctl="sysctl -n hw.machine_arch"
-	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
-	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
+	    /sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || \
+	    echo unknown)`
 	case "${UNAME_MACHINE_ARCH}" in
 	    armeb) machine=armeb-unknown ;;
 	    arm*) machine=arm-unknown ;;
 	    sh3el) machine=shl-unknown ;;
 	    sh3eb) machine=sh-unknown ;;
 	    sh5el) machine=sh5le-unknown ;;
+	    earmv*)
+		arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
+		endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
+		machine=${arch}${endian}-unknown
+		;;
 	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
 	esac
 	# The Operating System including object format, if it has switched
 	# to ELF recently, or will in the future.
 	case "${UNAME_MACHINE_ARCH}" in
-	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+	    arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
 		eval $set_cc_for_build
 		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
 			| grep -q __ELF__
@@ -197,6 +204,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 		os=netbsd
 		;;
 	esac
+	# Determine ABI tags.
+	case "${UNAME_MACHINE_ARCH}" in
+	    earm*)
+		expr='s/^earmv[0-9]/-eabi/;s/eb$//'
+		abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
+		;;
+	esac
 	# The OS release
 	# Debian GNU/NetBSD machines have a different userland, and
 	# thus, need a distinct triplet. However, they do not need
@@ -207,13 +221,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 		release='-gnu'
 		;;
 	    *)
-		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
 		;;
 	esac
 	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
 	# contains redundant information, the shorter form:
 	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
-	echo "${machine}-${os}${release}"
+	echo "${machine}-${os}${release}${abi}"
 	exit ;;
     *:Bitrig:*:*)
 	UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
@@ -223,6 +237,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
 	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
 	exit ;;
+    *:LibertyBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
+	exit ;;
     *:ekkoBSD:*:*)
 	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
 	exit ;;
@@ -235,6 +253,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     *:MirBSD:*:*)
 	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
 	exit ;;
+    *:Sortix:*:*)
+	echo ${UNAME_MACHINE}-unknown-sortix
+	exit ;;
     alpha:OSF1:*:*)
 	case $UNAME_RELEASE in
 	*4.0)
@@ -251,42 +272,42 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
 	case "$ALPHA_CPU_TYPE" in
 	    "EV4 (21064)")
-		UNAME_MACHINE="alpha" ;;
+		UNAME_MACHINE=alpha ;;
 	    "EV4.5 (21064)")
-		UNAME_MACHINE="alpha" ;;
+		UNAME_MACHINE=alpha ;;
 	    "LCA4 (21066/21068)")
-		UNAME_MACHINE="alpha" ;;
+		UNAME_MACHINE=alpha ;;
 	    "EV5 (21164)")
-		UNAME_MACHINE="alphaev5" ;;
+		UNAME_MACHINE=alphaev5 ;;
 	    "EV5.6 (21164A)")
-		UNAME_MACHINE="alphaev56" ;;
+		UNAME_MACHINE=alphaev56 ;;
 	    "EV5.6 (21164PC)")
-		UNAME_MACHINE="alphapca56" ;;
+		UNAME_MACHINE=alphapca56 ;;
 	    "EV5.7 (21164PC)")
-		UNAME_MACHINE="alphapca57" ;;
+		UNAME_MACHINE=alphapca57 ;;
 	    "EV6 (21264)")
-		UNAME_MACHINE="alphaev6" ;;
+		UNAME_MACHINE=alphaev6 ;;
 	    "EV6.7 (21264A)")
-		UNAME_MACHINE="alphaev67" ;;
+		UNAME_MACHINE=alphaev67 ;;
 	    "EV6.8CB (21264C)")
-		UNAME_MACHINE="alphaev68" ;;
+		UNAME_MACHINE=alphaev68 ;;
 	    "EV6.8AL (21264B)")
-		UNAME_MACHINE="alphaev68" ;;
+		UNAME_MACHINE=alphaev68 ;;
 	    "EV6.8CX (21264D)")
-		UNAME_MACHINE="alphaev68" ;;
+		UNAME_MACHINE=alphaev68 ;;
 	    "EV6.9A (21264/EV69A)")
-		UNAME_MACHINE="alphaev69" ;;
+		UNAME_MACHINE=alphaev69 ;;
 	    "EV7 (21364)")
-		UNAME_MACHINE="alphaev7" ;;
+		UNAME_MACHINE=alphaev7 ;;
 	    "EV7.9 (21364A)")
-		UNAME_MACHINE="alphaev79" ;;
+		UNAME_MACHINE=alphaev79 ;;
 	esac
 	# A Pn.n version is a patched version.
 	# A Vn.n version is a released version.
 	# A Tn.n version is a released field test version.
 	# A Xn.n version is an unreleased experimental baselevel.
 	# 1.2 uses "1.2" for uname -r.
-	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
 	# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
 	exitcode=$?
 	trap '' 0
@@ -359,16 +380,16 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	exit ;;
     i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
 	eval $set_cc_for_build
-	SUN_ARCH="i386"
+	SUN_ARCH=i386
 	# If there is a compiler, see if it is configured for 64-bit objects.
 	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
 	# This test works for both compilers.
-	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+	if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
 	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
-		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
 		grep IS_64BIT_ARCH >/dev/null
 	    then
-		SUN_ARCH="x86_64"
+		SUN_ARCH=x86_64
 	    fi
 	fi
 	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
@@ -393,7 +414,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 	exit ;;
     sun*:*:4.2BSD:*)
 	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
-	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
 	case "`/bin/arch`" in
 	    sun3)
 		echo m68k-sun-sunos${UNAME_RELEASE}
@@ -618,13 +639,13 @@ EOF
 		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
 		    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
 		    case "${sc_cpu_version}" in
-		      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
-		      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+		      523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
+		      528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
 		      532)                      # CPU_PA_RISC2_0
 			case "${sc_kernel_bits}" in
-			  32) HP_ARCH="hppa2.0n" ;;
-			  64) HP_ARCH="hppa2.0w" ;;
-			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+			  32) HP_ARCH=hppa2.0n ;;
+			  64) HP_ARCH=hppa2.0w ;;
+			  '') HP_ARCH=hppa2.0 ;;   # HP-UX 10.20
 			esac ;;
 		    esac
 		fi
@@ -663,11 +684,11 @@ EOF
 		    exit (0);
 		}
 EOF
-		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
 		    test -z "$HP_ARCH" && HP_ARCH=hppa
 		fi ;;
 	esac
-	if [ ${HP_ARCH} = "hppa2.0w" ]
+	if [ ${HP_ARCH} = hppa2.0w ]
 	then
 	    eval $set_cc_for_build
 
@@ -680,12 +701,12 @@ EOF
 	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
 	    # => hppa64-hp-hpux11.23
 
-	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+	    if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
 		grep -q __LP64__
 	    then
-		HP_ARCH="hppa2.0w"
+		HP_ARCH=hppa2.0w
 	    else
-		HP_ARCH="hppa64"
+		HP_ARCH=hppa64
 	    fi
 	fi
 	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
@@ -790,14 +811,14 @@ EOF
 	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
 	exit ;;
     F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
-	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
-	FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+	FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
 	FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
 	echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
 	exit ;;
     5000:UNIX_System_V:4.*:*)
-	FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
-	FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
+	FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
 	echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
 	exit ;;
     i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
@@ -879,7 +900,7 @@ EOF
 	exit ;;
     *:GNU/*:*:*)
 	# other systems with GNU libc and userland
-	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
 	exit ;;
     i*86:Minix:*:*)
 	echo ${UNAME_MACHINE}-pc-minix
@@ -902,7 +923,7 @@ EOF
 	  EV68*) UNAME_MACHINE=alphaev68 ;;
 	esac
 	objdump --private-headers /bin/sh | grep -q ld.so.1
-	if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
+	if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
 	exit ;;
     arc:Linux:*:* | arceb:Linux:*:*)
@@ -933,6 +954,9 @@ EOF
     crisv32:Linux:*:*)
 	echo ${UNAME_MACHINE}-axis-linux-${LIBC}
 	exit ;;
+    e2k:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
     frv:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
 	exit ;;
@@ -945,6 +969,9 @@ EOF
     ia64:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
 	exit ;;
+    k1om:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
     m32r*:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
 	exit ;;
@@ -1021,7 +1048,7 @@ EOF
 	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
 	exit ;;
     x86_64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	echo ${UNAME_MACHINE}-pc-linux-${LIBC}
 	exit ;;
     xtensa*:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
@@ -1100,7 +1127,7 @@ EOF
 	# uname -m prints for DJGPP always 'pc', but it prints nothing about
 	# the processor, so we play safe by assuming i586.
 	# Note: whatever this is, it MUST be the same as what config.sub
-	# prints for the "djgpp" host, or else GDB configury will decide that
+	# prints for the "djgpp" host, or else GDB configure will decide that
 	# this is a cross-build.
 	echo i586-pc-msdosdjgpp
 	exit ;;
@@ -1249,6 +1276,9 @@ EOF
     SX-8R:SUPER-UX:*:*)
 	echo sx8r-nec-superux${UNAME_RELEASE}
 	exit ;;
+    SX-ACE:SUPER-UX:*:*)
+	echo sxace-nec-superux${UNAME_RELEASE}
+	exit ;;
     Power*:Rhapsody:*:*)
 	echo powerpc-apple-rhapsody${UNAME_RELEASE}
 	exit ;;
@@ -1262,9 +1292,9 @@ EOF
 	    UNAME_PROCESSOR=powerpc
 	fi
 	if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
-	    if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+	    if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
 		if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
-		    (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		    (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
 		    grep IS_64BIT_ARCH >/dev/null
 		then
 		    case $UNAME_PROCESSOR in
@@ -1286,7 +1316,7 @@ EOF
 	exit ;;
     *:procnto*:*:* | *:QNX:[0123456789]*:*)
 	UNAME_PROCESSOR=`uname -p`
-	if test "$UNAME_PROCESSOR" = "x86"; then
+	if test "$UNAME_PROCESSOR" = x86; then
 		UNAME_PROCESSOR=i386
 		UNAME_MACHINE=pc
 	fi
@@ -1317,7 +1347,7 @@ EOF
 	# "uname -m" is not consistent, so use $cputype instead. 386
 	# is converted to i386 for consistency with other x86
 	# operating systems.
-	if test "$cputype" = "386"; then
+	if test "$cputype" = 386; then
 	    UNAME_MACHINE=i386
 	else
 	    UNAME_MACHINE="$cputype"
@@ -1359,7 +1389,7 @@ EOF
 	echo i386-pc-xenix
 	exit ;;
     i*86:skyos:*:*)
-	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
 	exit ;;
     i*86:rdos:*:*)
 	echo ${UNAME_MACHINE}-pc-rdos
@@ -1370,6 +1400,9 @@ EOF
     x86_64:VMkernel:*:*)
 	echo ${UNAME_MACHINE}-unknown-esx
 	exit ;;
+    amd64:Isilon\ OneFS:*:*)
+	echo x86_64-unknown-onefs
+	exit ;;
 esac
 
 cat >&2 <<EOF
@@ -1379,9 +1412,9 @@ This script, last modified $timestamp, has failed to recognize
 the operating system you are using. It is advised that you
 download the most up to date version of the config scripts from
 
-  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
 and
-  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
 
 If the version you run ($0) is already up to date, please
 send the following data and any information you think might be
diff --git a/build-aux/config.sub b/build-aux/config.sub
index 0b2d816..8d39c4b 100755
--- a/build-aux/config.sub
+++ b/build-aux/config.sub
@@ -1,8 +1,8 @@
 #! /bin/sh
 # Configuration validation subroutine script.
-#   Copyright 1992-2015 Free Software Foundation, Inc.
+#   Copyright 1992-2016 Free Software Foundation, Inc.
 
-timestamp='2015-01-01'
+timestamp='2016-03-30'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -15,7 +15,7 @@ timestamp='2015-01-01'
 # General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
-# along with this program; if not, see <https://www.gnu.org/licenses/>.
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
 #
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
@@ -33,7 +33,7 @@ timestamp='2015-01-01'
 # Otherwise, we print the canonical config type on stdout and succeed.
 
 # You can get the latest version of this script from:
-# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
 
 # This file is supposed to be the same for all GNU packages
 # and recognize all the CPU types, system types and aliases
@@ -53,8 +53,7 @@ timestamp='2015-01-01'
 me=`echo "$0" | sed -e 's,.*/,,'`
 
 usage="\
-Usage: $0 [OPTION] CPU-MFR-OPSYS
-       $0 [OPTION] ALIAS
+Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
 
 Canonicalize a configuration name.
 
@@ -68,7 +67,7 @@ Report bugs and patches to <config-patches at gnu.org>."
 version="\
 GNU config.sub ($timestamp)
 
-Copyright 1992-2015 Free Software Foundation, Inc.
+Copyright 1992-2016 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -117,7 +116,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
 case $maybe_os in
   nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
   linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
-  knetbsd*-gnu* | netbsd*-gnu* | \
+  knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
   kopensolaris*-gnu* | \
   storm-chaos* | os2-emx* | rtmk-nova*)
     os=-$maybe_os
@@ -255,11 +254,12 @@ case $basic_machine in
 	| arc | arceb \
 	| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
 	| avr | avr32 \
+	| ba \
 	| be32 | be64 \
 	| bfin \
 	| c4x | c8051 | clipper \
 	| d10v | d30v | dlx | dsp16xx \
-	| epiphany \
+	| e2k | epiphany \
 	| fido | fr30 | frv | ft32 \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
 	| hexagon \
@@ -305,7 +305,7 @@ case $basic_machine in
 	| riscv32 | riscv64 \
 	| rl78 | rx \
 	| score \
-	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
 	| sh64 | sh64le \
 	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
 	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
@@ -376,12 +376,13 @@ case $basic_machine in
 	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
 	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
 	| avr-* | avr32-* \
+	| ba-* \
 	| be32-* | be64-* \
 	| bfin-* | bs2000-* \
 	| c[123]* | c30-* | [cjt]90-* | c4x-* \
 	| c8051-* | clipper-* | craynv-* | cydra-* \
 	| d10v-* | d30v-* | dlx-* \
-	| elxsi-* \
+	| e2k-* | elxsi-* \
 	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
 	| h8300-* | h8500-* \
 	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
@@ -428,12 +429,13 @@ case $basic_machine in
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
 	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
 	| pyramid-* \
+	| riscv32-* | riscv64-* \
 	| rl78-* | romp-* | rs6000-* | rx-* \
 	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
 	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
 	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
 	| sparclite-* \
-	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
 	| tahoe-* \
 	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
 	| tile*-* \
@@ -518,6 +520,9 @@ case $basic_machine in
 		basic_machine=i386-pc
 		os=-aros
 		;;
+	asmjs)
+		basic_machine=asmjs-unknown
+		;;
 	aux)
 		basic_machine=m68k-apple
 		os=-aux
@@ -1373,11 +1378,11 @@ case $os in
 	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
 	      | -sym* | -kopensolaris* | -plan9* \
 	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
-	      | -aos* | -aros* \
+	      | -aos* | -aros* | -cloudabi* | -sortix* \
 	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
 	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
 	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
-	      | -bitrig* | -openbsd* | -solidbsd* \
+	      | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
 	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
 	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
@@ -1393,7 +1398,8 @@ case $os in
 	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
 	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
-	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
+	      | -onefs* | -tirtos*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
@@ -1525,6 +1531,8 @@ case $os in
 		;;
 	-nacl*)
 		;;
+	-ios)
+		;;
 	-none)
 		;;
 	*)

-----------------------------------------------------------------------

Summary of changes:
 AUTHORS                |  88 ++++++++++++------------------
 NEWS                   |  12 +++-
 build-aux/config.guess | 145 ++++++++++++++++++++++++++++++-------------------
 build-aux/config.sub   |  38 ++++++++-----
 configure.ac           |   8 +--
 doc/errorref.txt       |   2 +
 po/cs.po               |   5 ++
 po/da.po               |   5 ++
 po/de.po               |   5 +-
 po/eo.po               |   5 ++
 po/fr.po               |   5 ++
 po/hu.po               |   5 ++
 po/it.po               |   5 ++
 po/nl.po               |   5 ++
 po/pl.po               |   5 ++
 po/pt.po               |   5 ++
 po/ro.po               |   5 ++
 po/ru.po               |   5 ++
 po/sr.po               |   5 ++
 po/sv.po               |   5 ++
 po/uk.po               |   5 ++
 po/vi.po               |   5 ++
 po/zh_CN.po            |   5 ++
 po/zh_TW.po            |   5 ++
 src/gpg-error.h.in     |   2 +-
 src/version.c          |   2 +-
 src/versioninfo.rc.in  |   2 +-
 27 files changed, 254 insertions(+), 135 deletions(-)


hooks/post-receive
-- 
Error codes used by GnuPG et al.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr 25 11:14:56 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 25 Apr 2016 11:14:56 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 0e71ca392cb559998c7923b4279e63ddd46f8e9f
Message-ID: <E1aucaZ-0005cX-3s@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  0e71ca392cb559998c7923b4279e63ddd46f8e9f (commit)
      from  51018e6290d9b95b0fac99ba86ab993e2c4d916a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0e71ca392cb559998c7923b4279e63ddd46f8e9f
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 25 11:14:21 2016 +0200

    swdb: Release libgpg-error 1.22

diff --git a/web/swdb.mac b/web/swdb.mac
index d7cdabd..2f81afc 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -110,10 +110,11 @@
 #
 # LIBGPG-ERROR
 #
-#+macro: libgpg_error_ver  1.21
-#+macro: libgpg_error_date 2015-12-12
-#+macro: libgpg_error_size 745k
-#+macro: libgpg_error_sha1 ef1dfb2f8761f019091180596e9e638d8cc37513
+#+macro: libgpg_error_ver  1.22
+#+macro: libgpg_error_date 2016-04-25
+#+macro: libgpg_error_size 759k
+#+macro: libgpg_error_sha1 c40015ed88bf5f50fa58d02252d75cf20b858951
+#+macro: libgpg_error_sha2 f2a04ee6317bdb41a625bea23fdc7f0b5a63fb677f02447c647ed61fb9e69d7b
 
 
 #

-----------------------------------------------------------------------

Summary of changes:
 web/swdb.mac | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr 25 12:10:36 2016
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Mon, 25 Apr 2016 12:10:36 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-17-ged066c2
Message-ID: <E1audSR-00082q-C0@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  ed066c261594de69c3c2aeaac98aeaf74bbb5f9e (commit)
       via  d580304566b5b1c4e7c97c060d7a7b8c0b810ae3 (commit)
       via  1532b60dcc5a45a74195cfbc20225006d027e7fa (commit)
      from  e925e8955b0a82f1a0e3c697704007c503a5f8b7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ed066c261594de69c3c2aeaac98aeaf74bbb5f9e
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Apr 25 12:08:03 2016 +0200

    Qt: Only use one line action for visibility
    
    * qt/pinentrydialog.cpp (PinEntryDialog::toggleVisibility): Toggle
    both lines in repeat mode.
    (PinEntryDialog::PinEntryDialog): Remove repeat line action.
    
    --
    It does not appear sensible to show / hide only one edit in
    repeat mode this should make the usage of the visibility action
    a bit more intutive.

diff --git a/qt/pinentrydialog.cpp b/qt/pinentrydialog.cpp
index 04f5c58..11a157c 100644
--- a/qt/pinentrydialog.cpp
+++ b/qt/pinentrydialog.cpp
@@ -123,7 +123,6 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
       mVisibilityTT(visibilityTT),
       mHideTT(hideTT),
       mVisiActionEdit(NULL),
-      mVisiActionRepeat(NULL),
       mVisiCB(NULL)
 {
     setWindowFlags(windowFlags() & ~Qt::WindowContextHelpButtonHint);
@@ -226,12 +225,6 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
         mVisiActionEdit = _edit->addAction(visibilityIcon, QLineEdit::TrailingPosition);
         mVisiActionEdit->setVisible(false);
         mVisiActionEdit->setToolTip(mVisibilityTT);
-        if (mRepeat) {
-            mVisiActionRepeat = mRepeat->addAction(visibilityIcon, QLineEdit::TrailingPosition);
-            mVisiActionRepeat->setVisible(false);
-            mVisiActionRepeat->setToolTip(mVisibilityTT);
-            connect(mVisiActionRepeat, SIGNAL(triggered()), this, SLOT(toggleVisibility()));
-        }
         connect(mVisiActionEdit, SIGNAL(triggered()), this, SLOT(toggleVisibility()));
     } else
 #endif
@@ -416,9 +409,6 @@ void PinEntryDialog::textChanged(const QString &text)
     if (mVisiActionEdit && sender() == _edit) {
         mVisiActionEdit->setVisible(!_edit->text().isEmpty());
     }
-    if (mVisiActionRepeat && sender() == mRepeat) {
-        mVisiActionRepeat->setVisible(!mRepeat->text().isEmpty());
-    }
 }
 
 void PinEntryDialog::toggleVisibility()
@@ -428,21 +418,16 @@ void PinEntryDialog::toggleVisibility()
             mVisiActionEdit->setIcon(QIcon::fromTheme(QLatin1String("hint")));
             mVisiActionEdit->setToolTip(mHideTT);
             _edit->setEchoMode(QLineEdit::Normal);
+            if (mRepeat) {
+                mRepeat->setEchoMode(QLineEdit::Normal);
+            }
         } else {
             mVisiActionEdit->setIcon(QIcon::fromTheme(QLatin1String("visibility")));
             mVisiActionEdit->setToolTip(mVisibilityTT);
             _edit->setEchoMode(QLineEdit::Password);
-        }
-    }
-    if (sender() == mVisiActionRepeat) {
-        if (mRepeat->echoMode() == QLineEdit::Password) {
-            mVisiActionRepeat->setIcon(QIcon::fromTheme(QLatin1String("hint")));
-            mVisiActionRepeat->setToolTip(mHideTT);
-            mRepeat->setEchoMode(QLineEdit::Normal);
-        } else {
-            mVisiActionRepeat->setIcon(QIcon::fromTheme(QLatin1String("visibility")));
-            mVisiActionRepeat->setToolTip(mVisibilityTT);
-            mRepeat->setEchoMode(QLineEdit::Password);
+            if (mRepeat) {
+                mRepeat->setEchoMode(QLineEdit::Password);
+            }
         }
     }
     if (sender() == mVisiCB) {
diff --git a/qt/pinentrydialog.h b/qt/pinentrydialog.h
index 4c1241c..c302f95 100644
--- a/qt/pinentrydialog.h
+++ b/qt/pinentrydialog.h
@@ -110,8 +110,7 @@ private:
     QString    mRepeatError,
                mVisibilityTT,
                mHideTT;
-    QAction   *mVisiActionEdit,
-              *mVisiActionRepeat;
+    QAction   *mVisiActionEdit;
     QCheckBox *mVisiCB;
 };
 

commit d580304566b5b1c4e7c97c060d7a7b8c0b810ae3
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Apr 25 12:05:35 2016 +0200

    Qt: Move qualitybar below repeat
    
    * qt/pinentrydialog.cpp (PinEntryDialog::PinEntryDialog): Move
    quality bar below repeat.
    
    --
    Havin the repeat directly below the entry field looks better and
    adds more connection between the entries.

diff --git a/qt/pinentrydialog.cpp b/qt/pinentrydialog.cpp
index 292d46f..04f5c58 100644
--- a/qt/pinentrydialog.cpp
+++ b/qt/pinentrydialog.cpp
@@ -201,10 +201,6 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
     //grid->addItem( new QSpacerItem( 0, _edit->height() / 10, QSizePolicy::Minimum, QSizePolicy::Fixed ), 1, 1 );
     grid->addWidget(_prompt, row, 1);
     grid->addWidget(_edit, row++, 2);
-    if (enable_quality_bar) {
-        grid->addWidget(_quality_bar_label, row, 1);
-        grid->addWidget(_quality_bar, row++, 2);
-    }
     if (!repeatString.isNull()) {
         mRepeat = new QLineEdit;
         mRepeat->setMaxLength(256);
@@ -218,6 +214,10 @@ PinEntryDialog::PinEntryDialog(QWidget *parent, const char *name,
         setTabOrder(_edit, mRepeat);
         setTabOrder(mRepeat, _ok);
     }
+    if (enable_quality_bar) {
+        grid->addWidget(_quality_bar_label, row, 1);
+        grid->addWidget(_quality_bar, row++, 2);
+    }
     /* Set up the show password action */
     const QIcon visibilityIcon = QIcon::fromTheme(QLatin1String("visibility"));
     const QIcon hideIcon = QIcon::fromTheme(QLatin1String("hint"));

commit 1532b60dcc5a45a74195cfbc20225006d027e7fa
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Apr 25 11:11:51 2016 +0200

    Qt: Do not take icon from theme
    
    * qt/main.cpp (main): Revert changes to take icon from theme.
    
    --
    Feedback was that pinentry should be recognisable and use it's
    own Icon.

diff --git a/qt/main.cpp b/qt/main.cpp
index bc7796f..d5da4a8 100644
--- a/qt/main.cpp
+++ b/qt/main.cpp
@@ -340,20 +340,7 @@ main(int argc, char *argv[])
            window anymore.  */
         i = argc;
         app.reset(new QApplication(i, new_argv));
-        const QIcon fallback = QIcon(QLatin1String(":/document-encrypt.png"));
-        const QString themeName = QIcon::themeName().toLower();
-        /* Some themes dont have an lock representation for document-encrypt
-           we need to filter out these. */
-        const QStringList okThemes = QStringList() << QLatin1String("breeze")
-                                                   << QLatin1String("breeze-dark")
-                                                   << QLatin1String("oxygen")
-                                                   << QLatin1String("mono");
-        if (okThemes.contains(themeName)) {
-            app->setWindowIcon(QIcon::fromTheme(QLatin1String("document-encrypt"),
-                                                fallback));
-        } else {
-            app->setWindowIcon(fallback);
-        }
+        app->setWindowIcon(QIcon(QLatin1String(":/document-encrypt.png")));
     }
 
     pinentry_parse_opts(argc, argv);

-----------------------------------------------------------------------

Summary of changes:
 qt/main.cpp           | 15 +--------------
 qt/pinentrydialog.cpp | 35 ++++++++++-------------------------
 qt/pinentrydialog.h   |  3 +--
 3 files changed, 12 insertions(+), 41 deletions(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr 25 17:29:19 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 25 Apr 2016 17:29:19 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-150-g8776abb
Message-ID: <E1auiQs-000269-36@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  8776abbe02935e720018f3ef6ffd48f21435ff8b (commit)
      from  b8cb0973bcbe201a1e32a326dd97c3e72778b9d8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8776abbe02935e720018f3ef6ffd48f21435ff8b
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 25 17:26:57 2016 +0200

    common: Use new function to print a failure of xtrymalloc.
    
    * common/miscellaneous.c (xoutofcore): New.
    * common/strlist.c (append_to_strlist): Use instead of abort.
    (append_to_strlist_try): Use xtrymalloc instead of xmalloc.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/miscellaneous.c b/common/miscellaneous.c
index ec36f08..8d9a7aa 100644
--- a/common/miscellaneous.c
+++ b/common/miscellaneous.c
@@ -106,6 +106,17 @@ setup_libgcrypt_logging (void)
 }
 
 
+/* Print an out of core message and let the process die.  The printed
+ * error is taken from ERRNO.  */
+void
+xoutofcore (void)
+{
+  gpg_error_t err = gpg_error_from_syserror ();
+  log_fatal (_("error allocating enough memory: %s\n"), gpg_strerror (err));
+  abort (); /* Never called; just to make the compiler happy.  */
+}
+
+
 /* A wrapper around gcry_cipher_algo_name to return the string
    "AES-128" instead of "AES".  Given that we have an alias in
    libgcrypt for it, it does not harm to too much to return this other
diff --git a/common/strlist.c b/common/strlist.c
index 319d034..d4f8644 100644
--- a/common/strlist.c
+++ b/common/strlist.c
@@ -128,8 +128,8 @@ append_to_strlist( strlist_t *list, const char *string )
 {
   strlist_t sl;
   sl = append_to_strlist_try (list, string);
-  if (sl == NULL)
-    abort ();
+  if (!sl)
+    xoutofcore ();
   return sl;
 }
 
@@ -140,7 +140,7 @@ append_to_strlist_try (strlist_t *list, const char *string)
 {
     strlist_t r, sl;
 
-    sl = xmalloc( sizeof *sl + strlen(string));
+    sl = xtrymalloc( sizeof *sl + strlen(string));
     if (sl == NULL)
       return NULL;
 
diff --git a/common/util.h b/common/util.h
index 466c519..84a15ab 100644
--- a/common/util.h
+++ b/common/util.h
@@ -263,6 +263,9 @@ const char *gnupg_messages_locale_name (void);
    logging subsystem. */
 void setup_libgcrypt_logging (void);
 
+/* Print an out of core emssage and die.  */
+void xoutofcore (void);
+
 /* Same as estream_asprintf but die on memory failure.  */
 char *xasprintf (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2);
 /* This is now an alias to estream_asprintf.  */

-----------------------------------------------------------------------

Summary of changes:
 common/miscellaneous.c | 11 +++++++++++
 common/strlist.c       |  6 +++---
 common/util.h          |  3 +++
 3 files changed, 17 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Apr 25 18:20:24 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 25 Apr 2016 18:20:24 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-152-gb7fa496
Message-ID: <E1aujEJ-0003kz-GJ@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b7fa4960c292ef1a290d32b7f46bb741bbfc0923 (commit)
       via  2502a76d8edbca035fd2a1879f2132c36b51e2c1 (commit)
      from  8776abbe02935e720018f3ef6ffd48f21435ff8b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b7fa4960c292ef1a290d32b7f46bb741bbfc0923
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 25 18:14:12 2016 +0200

    common: Minor fixes for the new private-keys.c.
    
    * common/private-keys.c (my_error_from_syserror): New.  Use it in
    place of gpg_error_from_syserror.
    (_pkc_add, pkc_lookup, pke_next_value): Use ascii_strcasecmp.
    (pkc_parse): Use xtrystrdup and append_to_strlist_try as intended.
    
    (_pkc_add): Add braces around if-statement.
    --
    
    We should have a macro so that we do not need to define a wrapper
    function like my_error_from_syserror in files where it is needed.  I
    am not sure about a proper name, "my_" seems to be the easiest
    replacement.  Note that the global DEFAULT_ERRSOURCE is relatively new
    to replace the need to convey the error source in function calls; we
    want that function from common/ return the error source of the main
    binary.
    
    We require that a key is ASCII and thus we better use ascii_strcasecmp
    to avoid problems with strange locales.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/private-keys.c b/common/private-keys.c
index a3c06f9..4cf7d22 100644
--- a/common/private-keys.c
+++ b/common/private-keys.c
@@ -61,6 +61,15 @@ struct private_key_entry
   char *value;
 };
 
+
+/* Helper */
+static inline gpg_error_t
+my_error_from_syserror (void)
+{
+  return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+}
+
+
 

 
 /* Allocation and deallocation.  */
@@ -179,7 +188,7 @@ assert_raw_value (pke_t entry)
 		&entry->value[offset]);
       if (append_to_strlist_try (&entry->raw_value, buf) == NULL)
 	{
-	  err = gpg_error_from_syserror ();
+	  err = my_error_from_syserror ();
 	  goto leave;
 	}
 
@@ -267,7 +276,7 @@ assert_value (pke_t entry)
 
   entry->value = p = xtrymalloc (len);
   if (entry->value == NULL)
-    return gpg_error_from_syserror ();
+    return my_error_from_syserror ();
 
   swallow_ws = 0;
   for (s = entry->raw_value; s; s = s->next)
@@ -326,7 +335,7 @@ _pkc_add (pkc_t pk, char *name, char *value, strlist_t raw_value,
       goto leave;
     }
 
-  if (name && strcasecmp (name, "Key:") == 0 && pkc_lookup (pk, "Key:"))
+  if (name && ascii_strcasecmp (name, "Key:") == 0 && pkc_lookup (pk, "Key:"))
     {
       err = gpg_error (GPG_ERR_INV_NAME);
       goto leave;
@@ -335,7 +344,7 @@ _pkc_add (pkc_t pk, char *name, char *value, strlist_t raw_value,
   e = xtrycalloc (1, sizeof *e);
   if (e == NULL)
     {
-      err = gpg_error_from_syserror ();
+      err = my_error_from_syserror ();
       goto leave;
     }
 
@@ -356,17 +365,18 @@ _pkc_add (pkc_t pk, char *name, char *value, strlist_t raw_value,
 
 	  /* If so, find the last in that block.  */
 	  if (last)
-	    while (last->next)
-	      {
-		pke_t next = last->next;
-
-		if (next->name && strcasecmp (next->name, name) == 0)
-		  last = next;
-		else
-		  break;
-	      }
-	  /* Otherwise, just find the last entry.  */
-	  else
+            {
+              while (last->next)
+                {
+                  pke_t next = last->next;
+
+                  if (next->name && ascii_strcasecmp (next->name, name) == 0)
+                    last = next;
+                  else
+                    break;
+                }
+            }
+	  else /* Otherwise, just find the last entry.  */
 	    last = pk->last;
 	}
 
@@ -410,13 +420,13 @@ pkc_add (pkc_t pk, const char *name, const char *value)
 
   k = xtrystrdup (name);
   if (k == NULL)
-    return gpg_error_from_syserror ();
+    return my_error_from_syserror ();
 
   v = xtrystrdup (value);
   if (v == NULL)
     {
       xfree (k);
-      return gpg_error_from_syserror ();
+      return my_error_from_syserror ();
     }
 
   return _pkc_add (pk, k, v, NULL, 0);
@@ -441,7 +451,7 @@ pkc_set (pkc_t pk, const char *name, const char *value)
 
       v = xtrystrdup (value);
       if (v == NULL)
-	return gpg_error_from_syserror ();
+	return my_error_from_syserror ();
 
       free_strlist_wipe (e->raw_value);
       e->raw_value = NULL;
@@ -496,7 +506,7 @@ pkc_lookup (pkc_t pk, const char *name)
 {
   pke_t entry;
   for (entry = pk->first; entry; entry = entry->next)
-    if (entry->name && strcasecmp (entry->name, name) == 0)
+    if (entry->name && ascii_strcasecmp (entry->name, name) == 0)
       return entry;
   return NULL;
 }
@@ -518,7 +528,7 @@ pke_t
 pke_next_value (pke_t entry, const char *name)
 {
   for (entry = entry->next; entry; entry = entry->next)
-    if (entry->name && strcasecmp (entry->name, name) == 0)
+    if (entry->name && ascii_strcasecmp (entry->name, name) == 0)
       return entry;
   return NULL;
 }
@@ -558,13 +568,13 @@ pkc_set_private_key (pkc_t pk, gcry_sexp_t sexp)
 
   raw = xtrymalloc (len);
   if (raw == NULL)
-    return gpg_error_from_syserror ();
+    return my_error_from_syserror ();
 
   clean = xtrymalloc (len);
   if (clean == NULL)
     {
       xfree (raw);
-      return gpg_error_from_syserror ();
+      return my_error_from_syserror ();
     }
 
   gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, raw, len);
@@ -621,7 +631,7 @@ pkc_parse (pkc_t *result, int *errlinep, estream_t stream)
 
   *result = pkc_new ();
   if (*result == NULL)
-    return gpg_error_from_syserror ();
+    return my_error_from_syserror ();
 
   if (errlinep)
     *errlinep = 0;
@@ -640,7 +650,7 @@ pkc_parse (pkc_t *result, int *errlinep, estream_t stream)
 	  /* A continuation.  */
 	  if (append_to_strlist_try (&raw_value, buf) == NULL)
 	    {
-	      err = gpg_error_from_syserror ();
+	      err = my_error_from_syserror ();
 	      goto leave;
 	    }
 	  continue;
@@ -672,26 +682,26 @@ pkc_parse (pkc_t *result, int *errlinep, estream_t stream)
 	  value = colon + 1;
 	  tmp = *value;
 	  *value = 0;
-	  name = xstrdup (p);
+	  name = xtrystrdup (p);
 	  *value = tmp;
 
 	  if (name == NULL)
 	    {
-	      err = gpg_error_from_syserror ();
+	      err = my_error_from_syserror ();
 	      goto leave;
 	    }
 
-	  if (append_to_strlist (&raw_value, value) == NULL)
+	  if (append_to_strlist_try (&raw_value, value) == NULL)
 	    {
-	      err = gpg_error_from_syserror ();
+	      err = my_error_from_syserror ();
 	      goto leave;
 	    }
 	  continue;
 	}
 
-      if (append_to_strlist (&raw_value, buf) == NULL)
+      if (append_to_strlist_try (&raw_value, buf) == NULL)
 	{
-	  err = gpg_error_from_syserror ();
+	  err = my_error_from_syserror ();
 	  goto leave;
 	}
     }
@@ -733,7 +743,7 @@ pkc_write (pkc_t pk, estream_t stream)
 	es_fputs (s->d, stream);
 
       if (es_ferror (stream))
-	return gpg_error_from_syserror ();
+	return my_error_from_syserror ();
     }
 
   return 0;

commit 2502a76d8edbca035fd2a1879f2132c36b51e2c1
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Apr 25 17:49:46 2016 +0200

    doc: Explain use of common error variable names.
    
    --

diff --git a/doc/HACKING b/doc/HACKING
index 11ae53b..d2168d6 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -74,7 +74,6 @@ do this after this scissor line:
 Note that such a comment will be removed if the git commit option
 =--cleanup=scissor= is used.
 
-
 ** License policy
 
   GnuPG is licensed under the GPLv3+ with some files under a mixed
@@ -131,12 +130,13 @@ Note that such a comment will be removed if the git commit option
   - Ignore signed/unsigned pointer mismatches
   - No arithmetic on void pointers; cast to char* first.
   - We use our own printf style functions like =es_printf=, and
-    =es_asprintf= which implement most C99 features with the exception
-    of =wchar_t= (which should anyway not be used).  Please always use
-    them and do not resort to those provided by libc.  The rationale
-    for using them is that we know that the format specifiers work on
-    all platforms and that we do not need to chase platform dependent
-    bugs.
+    =gpgrt_asprintf= (or the =es_asprintf= macro) which implement most
+    C99 features with the exception of =wchar_t= (which should anyway
+    not be used).  Please use them always and do not resort to those
+    provided by libc.  The rationale for using them is that we know
+    that the format specifiers work on all platforms and that we do
+    not need to chase platform dependent bugs.  Note also that in
+    gnupg asprintf is a macro already evaluating to gpgrt_asprintf.
   - It is common to have a label named "leave" for a function's
     cleanup and return code.  This helps with freeing memory and is a
     convenient location to set a breakpoint for debugging.
@@ -150,6 +150,23 @@ Note that such a comment will be removed if the git commit option
     end up in BSS.
   - Use --enable-maintainer-mode with configure.
 
+** Variable names
+
+  Follow the GNU standards.  Here are some conventions you may want to
+  stick to (do not rename existing "wrong" uses without a goog
+  reason).
+
+  - err :: This conveys an error code of type =gpg_error_t= which is
+           compatible to an =int=.  To compare such a variable to a
+           GPG_ERR_ constant, it is necessary to map the value like
+           this: =gpg_err_code(err)=.
+  - ec  :: This is used for a gpg-error code which has no source part
+           (=gpg_err_code_t=) and will eventually be used as input to
+           =gpg_err_make=.
+  - rc  :: Used for all kind of other errors; for example system
+           calls.  The value is not compatible with gpg-error.
+
+
 *** C99 language features
 
   In GnuPG 2.x, but *not in 1.4* and not in most libraries, a limited

-----------------------------------------------------------------------

Summary of changes:
 common/private-keys.c | 72 +++++++++++++++++++++++++++++----------------------
 doc/HACKING           | 31 +++++++++++++++++-----
 2 files changed, 65 insertions(+), 38 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Apr 26 15:47:42 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 26 Apr 2016 15:47:42 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-3-gee5a322
Message-ID: <E1av3K3-0002O1-PC@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  ee5a32226a7ca4ab067864e06623fc11a1768900 (commit)
      from  4545372c0f8dd35aef2a7abc12b588ed1a4a0363 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ee5a32226a7ca4ab067864e06623fc11a1768900
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 26 15:46:30 2016 +0200

    random: Try to use getrandom() instead of /dev/urandom (Linux only).
    
    * configure.ac: Check for syscall.
    * random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h.
    (_gcry_rndlinux_gather_random): Use getrandom is available.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/configure.ac b/configure.ac
index 5f9f711..ad06dfd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1514,7 +1514,7 @@ AC_CHECK_FUNCS(strtoul memmove stricmp atexit raise)
 # Other checks
 AC_CHECK_FUNCS(strerror rand mmap getpagesize sysconf waitpid wait4)
 AC_CHECK_FUNCS(gettimeofday getrusage gethrtime clock_gettime syslog)
-AC_CHECK_FUNCS(fcntl ftruncate flockfile)
+AC_CHECK_FUNCS(syscall fcntl ftruncate flockfile)
 
 GNUPG_CHECK_MLOCK
 
diff --git a/random/rndlinux.c b/random/rndlinux.c
index 0cb65df..592b9ac 100644
--- a/random/rndlinux.c
+++ b/random/rndlinux.c
@@ -32,6 +32,10 @@
 #include <string.h>
 #include <unistd.h>
 #include <fcntl.h>
+#if defined(__linux__) && defined(HAVE_SYSCALL)
+# include <sys/syscall.h>
+#endif
+
 #include "types.h"
 #include "g10lib.h"
 #include "rand-internal.h"
@@ -232,6 +236,50 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t,
             }
         }
 
+      /* If we have a modern Linux kernel and we want to read from the
+       * the non-blocking /dev/urandom, we first try to use the new
+       * getrandom syscall.  That call guarantees that the kernel's
+       * RNG has been properly seeded before returning any data.  This
+       * is different from /dev/urandom which may, due to its
+       * non-blocking semantics, return data even if the kernel has
+       * not been properly seeded.  Unfortunately we need to use a
+       * syscall and not a new device and thus we are not able to use
+       * select(2) to have a timeout. */
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+      if (fd == fd_urandom)
+        {
+          long ret;
+          size_t nbytes;
+
+          do
+            {
+              nbytes = length < sizeof(buffer)? length : sizeof(buffer);
+              if (nbytes > 256)
+                nbytes = 256;
+              ret = syscall (__NR_getrandom,
+                             (void*)buffer, (size_t)nbytes, (unsigned int)0);
+            }
+          while (ret == -1 && errno == EINTR);
+          if (ret == -1 && errno == ENOSYS)
+            ; /* The syscall is not supported - fallback to /dev/urandom.  */
+          else
+            { /* The syscall is supported.  Some sanity checks.  */
+              if (ret == -1)
+                log_fatal ("unexpected error from getrandom: %s\n",
+                           strerror (errno));
+              else if (ret != nbytes)
+                log_fatal ("getrandom returned only"
+                           " %ld of %zu requested bytes\n", ret, nbytes);
+
+              log_debug ("getrandom returned %zu requested bytes\n", nbytes);
+              (*add)(buffer, nbytes, origin);
+              length -= nbytes;
+              continue; /* until LENGTH is zero.  */
+            }
+          log_debug ("syscall(getrandom) not supported; errno = %d\n", errno);
+        }
+#endif
+
       do
         {
           size_t nbytes;

-----------------------------------------------------------------------

Summary of changes:
 configure.ac      |  2 +-
 random/rndlinux.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr 27 08:36:05 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 27 Apr 2016 08:36:05 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-157-g87de9e1
Message-ID: <E1avJ3v-0001VJ-L2@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  87de9e19edf0311ca0342e15ef44ebe40e32861e (commit)
       via  c83c6f212e9bc98a9ea8dd8102bc16edd1a03050 (commit)
       via  c3aeda82b8d00b87a5af72b4075c487c10dfdf6b (commit)
       via  fd765df6a7883c3d841abeb657330a1aab4b7756 (commit)
       via  07dbd061bd6c1f131f1d609b412675a128c5fe99 (commit)
      from  b7fa4960c292ef1a290d32b7f46bb741bbfc0923 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 87de9e19edf0311ca0342e15ef44ebe40e32861e
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Apr 27 08:34:29 2016 +0200

    gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.
    
    * g10/getkey.c (parse_auto_key_locate): Add method "wkd".
    (get_pubkey_byname): Implement that method.  Also rename a variable.
    * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
    * g10/keyserver.c (keyserver_import_wkd): New.
    * g10/test-stubs.c (keyserver_import_wkd): Add stub.
    * g10/gpgv.c (keyserver_import_wkd): Ditto.
    * g10/options.h (opt):  Add field 'with_wkd_hash'.
    (AKL_WKD): New.
    
    * g10/gpg.c (oWithWKDHash): New.
    (opts): Add option --with-wkd-hash.
    (main): Set that option.
    * g10/keylist.c (list_keyblock_print): Implement that option.
    --
    
    The Web Key Directory is an experimental feature to retrieve a key via
    https.  It is similar to OpenPGP DANE but also uses an encryption to
    reveal less information about a key lookup.
    
    For example the URI to lookup the key for Joe.Doe at Example.ORG is:
    
        https://example.org/.well-known/openpgpkey/
        hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q
    
    (line has been wrapped for rendering purposes).  The hash is a
    z-Base-32 encoded SHA-1 hash of the mail address' local-part.  The
    address wk at gnupg.org can be used for testing.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 0c43c55..c10678b 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1600,6 +1600,10 @@ mechanisms, in the order they are to be tried:
   Locate a key using DANE, as specified
   in draft-ietf-dane-openpgpkey-05.txt.
 
+  @item wkd
+  Locate a key using the Web Key Directory protocol.
+  This is an experimental method and semantics may change.
+
   @item ldap
   Using DNS Service Discovery, check the domain in question for any LDAP
   keyservers to use.  If this fails, attempt to locate the key using the
@@ -2235,6 +2239,11 @@ Print the ICAO spelling of the fingerprint in addition to the hex digits.
 @opindex with-keygrip
 Include the keygrip in the key listings.
 
+ at item --with-wkd-hash
+ at opindex with-wkd-hash
+Print a Web Key Directory indentifier along with each user ID in key
+listings.  This is an experimental feature and semantics may change.
+
 @item --with-secret
 @opindex with-secret
 Include info about the presence of a secret key in public key listings
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index e596533..b0f249e 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -1064,7 +1064,7 @@ gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock)
 
 
 

-/* Data callback for the DNS_CERT command. */
+/* Data callback for the DNS_CERT and WKD_GET commands. */
 static gpg_error_t
 dns_cert_data_cb (void *opaque, const void *data, size_t datalen)
 {
@@ -1287,3 +1287,62 @@ gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
   close_context (ctrl, ctx);
   return err;
 }
+
+
+

+/* Ask the dirmngr to retrieve a key via the Web Key Directory
+ * protocol.  On success a new estream with the key is stored at
+ * R_KEY.
+ */
+gpg_error_t
+gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, estream_t *r_key)
+{
+  gpg_error_t err;
+  assuan_context_t ctx;
+  struct dns_cert_parm_s parm;
+  char *line = NULL;
+
+  memset (&parm, 0, sizeof parm);
+
+  err = open_context (ctrl, &ctx);
+  if (err)
+    return err;
+
+  line = es_bsprintf ("WKD_GET -- %s", name);
+  if (!line)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
+    {
+      err = gpg_error (GPG_ERR_TOO_LARGE);
+      goto leave;
+    }
+
+  parm.memfp = es_fopenmem (0, "rwb");
+  if (!parm.memfp)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
+                         NULL, NULL, NULL, &parm);
+  if (err)
+    goto leave;
+
+  if (r_key)
+    {
+      es_rewind (parm.memfp);
+      *r_key = parm.memfp;
+      parm.memfp = NULL;
+    }
+
+ leave:
+  xfree (parm.fpr);
+  xfree (parm.url);
+  es_fclose (parm.memfp);
+  xfree (line);
+  close_context (ctrl, ctx);
+  return err;
+}
diff --git a/g10/call-dirmngr.h b/g10/call-dirmngr.h
index cdad645..4dc1e30 100644
--- a/g10/call-dirmngr.h
+++ b/g10/call-dirmngr.h
@@ -40,6 +40,8 @@ gpg_error_t gpg_dirmngr_dns_cert (ctrl_t ctrl,
 gpg_error_t gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
                                  unsigned char **r_fpr, size_t *r_fprlen,
                                  char **r_url);
+gpg_error_t gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name,
+                                 estream_t *r_key);
 
 
 #endif /*GNUPG_G10_CALL_DIRMNGR_H*/
diff --git a/g10/getkey.c b/g10/getkey.c
index 481e8dd..a3d29f5 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1274,7 +1274,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	{
 	  unsigned char *fpr = NULL;
 	  size_t fpr_len;
-	  int did_key_byname = 0;
+	  int did_akl_local = 0;
 	  int no_fingerprint = 0;
 	  const char *mechanism = "?";
 
@@ -1288,7 +1288,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 
 	    case AKL_LOCAL:
 	      mechanism = "Local";
-	      did_key_byname = 1;
+	      did_akl_local = 1;
 	      if (retctx)
 		{
 		  getkey_end (*retctx);
@@ -1321,6 +1321,13 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	      glo_ctrl.in_auto_key_retrieve--;
 	      break;
 
+	    case AKL_WKD:
+	      mechanism = "WKD";
+	      glo_ctrl.in_auto_key_retrieve++;
+	      rc = keyserver_import_wkd (ctrl, name, &fpr, &fpr_len);
+	      glo_ctrl.in_auto_key_retrieve--;
+	      break;
+
 	    case AKL_LDAP:
 	      mechanism = "LDAP";
 	      glo_ctrl.in_auto_key_retrieve++;
@@ -1386,22 +1393,20 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 
 	      add_to_strlist (&namelist, fpr_string);
 	    }
-	  else if (!rc && !fpr && !did_key_byname)
-	    /* The acquisition method said no failure occurred, but it
-	       didn't return a fingerprint.  That's a failure.  */
-	    {
-	      no_fingerprint = 1;
+	  else if (!rc && !fpr && !did_akl_local)
+            { /* The acquisition method said no failure occurred, but
+                 it didn't return a fingerprint.  That's a failure.  */
+              no_fingerprint = 1;
 	      rc = GPG_ERR_NO_PUBKEY;
 	    }
 	  xfree (fpr);
 	  fpr = NULL;
 
-	  if (!rc && !did_key_byname)
-	    /* There was no error and we didn't do a local lookup.
-	       This means that we imported a key into the local
-	       keyring.  Try to read the imported key from the
-	       keyring.  */
-	    {
+	  if (!rc && !did_akl_local)
+            { /* There was no error and we didn't do a local lookup.
+	         This means that we imported a key into the local
+	         keyring.  Try to read the imported key from the
+	         keyring.  */
 	      if (retctx)
 		{
 		  getkey_end (*retctx);
@@ -3195,6 +3200,7 @@ finish_lookup (GETKEY_CTX ctx, KBNODE keyblock)
 	      if (DBG_LOOKUP)
 		log_debug ("\tsubkey has expired\n");
 	      continue;
+
 	    }
 	  if (pk->timestamp > curtime && !opt.ignore_valid_from)
 	    {
@@ -3769,6 +3775,8 @@ parse_auto_key_locate (char *options)
 	akl->type = AKL_PKA;
       else if (ascii_strcasecmp (tok, "dane") == 0)
 	akl->type = AKL_DANE;
+      else if (ascii_strcasecmp (tok, "wkd") == 0)
+	akl->type = AKL_WKD;
       else if ((akl->spec = parse_keyserver_uri (tok, 1)))
 	akl->type = AKL_SPEC;
       else
diff --git a/g10/gpg.c b/g10/gpg.c
index b9d69a7..2f687fc 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -185,6 +185,7 @@ enum cmd_and_opt_values
     oWithICAOSpelling,
     oWithKeygrip,
     oWithSecret,
+    oWithWKDHash,
     oAnswerYes,
     oAnswerNo,
     oKeyring,
@@ -721,6 +722,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"),
   ARGPARSE_s_n (oWithKeygrip,     "with-keygrip", "@"),
   ARGPARSE_s_n (oWithSecret,      "with-secret", "@"),
+  ARGPARSE_s_n (oWithWKDHash,     "with-wkd-hash", "@"),
   ARGPARSE_s_s (oDisableCipherAlgo,  "disable-cipher-algo", "@"),
   ARGPARSE_s_s (oDisablePubkeyAlgo,  "disable-pubkey-algo", "@"),
   ARGPARSE_s_n (oAllowNonSelfsignedUID,      "allow-non-selfsigned-uid", "@"),
@@ -2575,6 +2577,10 @@ main (int argc, char **argv)
             opt.with_secret = 1;
             break;
 
+	  case oWithWKDHash:
+            opt.with_wkd_hash = 1;
+            break;
+
 	  case oSecretKeyring:
             /* Ignore this old option.  */
             break;
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 19a2ff6..2a53e69 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -374,6 +374,17 @@ keyserver_import_pka (const char *name,unsigned char *fpr)
   return -1;
 }
 
+gpg_error_t
+keyserver_import_wkd (ctrl_t ctrl, const char *name,
+                      unsigned char **fpr, size_t *fpr_len)
+{
+  (void)ctrl;
+  (void)name;
+  (void)fpr;
+  (void)fpr_len;
+  return GPG_ERR_BUG;
+}
+
 int
 keyserver_import_name (const char *name,struct keyserver_spec *spec)
 {
diff --git a/g10/import.c b/g10/import.c
index 369be35..e9fc014 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1279,7 +1279,7 @@ import_one (ctrl_t ctrl,
         {
           xfree (*fpr);
           /* Note that we need to compare against 0 here because
-             COUNT gets only incremented after returning form this
+             COUNT gets only incremented after returning from this
              function.  */
           if (!stats->count)
             *fpr = fingerprint_from_pk (pk, NULL, fpr_len);
diff --git a/g10/keylist.c b/g10/keylist.c
index d71bf4f..0812d9c 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1116,6 +1116,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
       if (node->pkt->pkttype == PKT_USER_ID)
 	{
 	  PKT_user_id *uid = node->pkt->pkt.user_id;
+          int indent;
 
 	  if ((uid->is_expired || uid->is_revoked)
 	      && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
@@ -1133,25 +1134,46 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
 	      || (opt.list_options & LIST_SHOW_UID_VALIDITY))
 	    {
 	      const char *validity;
-	      int indent;
 
 	      validity = uid_trust_string_fixed (pk, uid);
-	      indent =
-		(keystrlen () + (opt.legacy_list_mode? 9:11)) -
-		atoi (uid_trust_string_fixed (NULL, NULL));
-
+	      indent = ((keystrlen () + (opt.legacy_list_mode? 9:11))
+                        - atoi (uid_trust_string_fixed (NULL, NULL)));
 	      if (indent < 0 || indent > 40)
 		indent = 0;
 
 	      es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity);
 	    }
 	  else
-	    es_fprintf (es_stdout, "uid%*s",
-                        (int) keystrlen () + (opt.legacy_list_mode? 10:12), "");
+            {
+              indent = keystrlen () + (opt.legacy_list_mode? 10:12);
+              es_fprintf (es_stdout, "uid%*s", indent, "");
+            }
 
 	  print_utf8_buffer (es_stdout, uid->name, uid->len);
 	  es_putc ('\n', es_stdout);
 
+          if (opt.with_wkd_hash)
+            {
+              char *mbox, *hash, *p;
+              char hashbuf[32];
+
+              mbox = mailbox_from_userid (uid->name);
+              if (mbox && (p = strchr (mbox, '@')))
+                {
+                  *p++ = 0;
+                  gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
+                                       mbox, strlen (mbox));
+                  hash = zb32_encode (hashbuf, 8*20);
+                  if (hash)
+                    {
+                      es_fprintf (es_stdout, "   %*s%s@%s\n",
+                                  indent, "", hash, p);
+                      xfree (hash);
+                    }
+                }
+              xfree (mbox);
+            }
+
 	  if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
 	    show_photos (uid->attribs, uid->numattribs, pk, uid);
 	}
diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
index 6f6f430..f57dcaa 100644
--- a/g10/keyserver-internal.h
+++ b/g10/keyserver-internal.h
@@ -45,6 +45,8 @@ int keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
                            unsigned char **fpr,size_t *fpr_len);
 gpg_error_t keyserver_import_pka (ctrl_t ctrl, const char *name,
                                   unsigned char **fpr,size_t *fpr_len);
+gpg_error_t keyserver_import_wkd (ctrl_t ctrl, const char *name,
+                                  unsigned char **fpr, size_t *fpr_len);
 int keyserver_import_name (ctrl_t ctrl,
                            const char *name,unsigned char **fpr,size_t *fpr_len,
                            struct keyserver_spec *keyserver);
diff --git a/g10/keyserver.c b/g10/keyserver.c
index e9ccb58..95ef441 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -2004,6 +2004,39 @@ keyserver_import_pka (ctrl_t ctrl, const char *name,
 }
 
 
+/* Import a key using the Web Key Directory protocol.  */
+gpg_error_t
+keyserver_import_wkd (ctrl_t ctrl, const char *name,
+                      unsigned char **fpr, size_t *fpr_len)
+{
+  gpg_error_t err;
+  estream_t key;
+
+  err = gpg_dirmngr_wkd_get (ctrl, name, &key);
+  if (err)
+    ;
+  else if (key)
+    {
+      int armor_status = opt.no_armor;
+
+      /* Keys returned via WKD are in binary format. */
+      opt.no_armor = 1;
+
+      err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
+                                   (opt.keyserver_options.import_options
+                                    | IMPORT_NO_SECKEY),
+                                   NULL, NULL);
+
+      opt.no_armor = armor_status;
+
+      es_fclose (key);
+      key = NULL;
+    }
+
+  return err;
+}
+
+
 /* Import a key by name using LDAP */
 int
 keyserver_import_ldap (ctrl_t ctrl,
diff --git a/g10/options.h b/g10/options.h
index 1407b2f..0de0418 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -73,6 +73,7 @@ struct
   int with_fingerprint; /* Option --with-fingerprint active.  */
   int with_keygrip;     /* Option --with-keygrip active.  */
   int with_secret;      /* Option --with-secret active.  */
+  int with_wkd_hash;    /* Option --with-wkd-hash.  */
   int fingerprint; /* list fingerprints */
   int list_sigs;   /* list signatures */
   int print_pka_records;
@@ -245,6 +246,7 @@ struct
       AKL_CERT,
       AKL_PKA,
       AKL_DANE,
+      AKL_WKD,
       AKL_LDAP,
       AKL_KEYSERVER,
       AKL_SPEC
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index 74b6bf7..2edae18 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -186,6 +186,17 @@ keyserver_import_pka (const char *name,unsigned char *fpr)
   return -1;
 }
 
+gpg_error_t
+keyserver_import_wkd (ctrl_t ctrl, const char *name,
+                      unsigned char **fpr, size_t *fpr_len)
+{
+  (void)ctrl;
+  (void)name;
+  (void)fpr;
+  (void)fpr_len;
+  return GPG_ERR_BUG;
+}
+
 int
 keyserver_import_name (const char *name,struct keyserver_spec *spec)
 {

commit c83c6f212e9bc98a9ea8dd8102bc16edd1a03050
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Apr 27 08:20:25 2016 +0200

    dirmngr: Add experimental command WKD_GET.
    
    * dirmngr/server.c (cmd_wkd_get): New.
    (register_commands): Add command WKD_GET.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/server.c b/dirmngr/server.c
index b976468..80ce5b5 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -1,7 +1,7 @@
 /* server.c - LDAP and Keyserver access server
  * Copyright (C) 2002 Klar?lvdalens Datakonsult AB
  * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2011, 2015 g10 Code GmbH
- * Copyright (C) 2014 Werner Koch
+ * Copyright (C) 2014, 2015, 2016 Werner Koch
  *
  * This file is part of GnuPG.
  *
@@ -621,7 +621,7 @@ static const char hlp_dns_cert[] =
   "  *     Return the first record of any supported subtype\n"
   "  PGP   Return the first record of subtype PGP (3)\n"
   "  IPGP  Return the first record of subtype IPGP (6)\n"
-  "If the content of a certifciate is available (PGP) it is returned\n"
+  "If the content of a certificate is available (PGP) it is returned\n"
   "by data lines.  Fingerprints and URLs are returned via status lines.\n"
   "In --pka mode the fingerprint and if available an URL is returned.\n"
   "In --dane mode the key is returned from RR type 61";
@@ -798,6 +798,75 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
 
 
 

+static const char hlp_wkd_get[] =
+  "WKD_GET <user_id>\n"
+  "\n"
+  "Return the key for <user_id> from a Web Key Directory.\n";
+static gpg_error_t
+cmd_wkd_get (assuan_context_t ctx, char *line)
+{
+  ctrl_t ctrl = assuan_get_pointer (ctx);
+  gpg_error_t err = 0;
+  char *mbox = NULL;
+  char *domain;     /* Points to mbox.  */
+  char sha1buf[20];
+  char *uri = NULL;
+  char *encodedhash = NULL;
+
+  line = skip_options (line);
+
+  mbox = mailbox_from_userid (line);
+  if (!mbox || !(domain = strchr (mbox, '@')))
+    {
+      err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id");
+      goto leave;
+    }
+  *domain++ = 0;
+
+  gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, mbox, strlen (mbox));
+  encodedhash = zb32_encode (sha1buf, 8*20);
+  if (!encodedhash)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  uri = strconcat ("https://",
+                   domain,
+                   "/.well-known/openpgpkey/hu/",
+                   domain,
+                   "/",
+                   encodedhash,
+                   NULL);
+  if (!uri)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  /* Setup an output stream and perform the get.  */
+  {
+    estream_t outfp;
+
+    outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
+    if (!outfp)
+      err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
+    else
+      {
+        err = ks_action_fetch (ctrl, uri, outfp);
+        es_fclose (outfp);
+      }
+  }
+
+ leave:
+  xfree (uri);
+  xfree (encodedhash);
+  xfree (mbox);
+  return leave_cmd (ctx, err);
+}
+
+
+

 static const char hlp_ldapserver[] =
   "LDAPSERVER <data>\n"
   "\n"
@@ -1076,7 +1145,7 @@ static const char hlp_checkocsp[] =
   "Processing then takes place without further interaction; in\n"
   "particular dirmngr tries to locate other required certificates by\n"
   "its own mechanism which includes a local certificate store as well\n"
-  "as a list of trusted root certifciates.\n"
+  "as a list of trusted root certificates.\n"
   "\n"
   "If the option --force-default-responder is given, only the default\n"
   "OCSP responder will be used and any other methods of obtaining an\n"
@@ -2018,7 +2087,7 @@ cmd_ks_fetch (assuan_context_t ctx, char *line)
   /* No options for now.  */
   line = skip_options (line);
 
-  err = ensure_keyserver (ctrl);
+  err = ensure_keyserver (ctrl);  /* FIXME: Why do we needs this here?  */
   if (err)
     goto leave;
 
@@ -2261,6 +2330,7 @@ register_commands (assuan_context_t ctx)
     const char * const help;
   } table[] = {
     { "DNS_CERT",   cmd_dns_cert,   hlp_dns_cert },
+    { "WKD_GET",    cmd_wkd_get,    hlp_wkd_get },
     { "LDAPSERVER", cmd_ldapserver, hlp_ldapserver },
     { "ISVALID",    cmd_isvalid,    hlp_isvalid },
     { "CHECKCRL",   cmd_checkcrl,   hlp_checkcrl },

commit c3aeda82b8d00b87a5af72b4075c487c10dfdf6b
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Apr 27 08:18:37 2016 +0200

    dirmngr: Use system provided root CAs with KS_FETCH.
    
    * dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index b996c25..00d0c4b 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -73,7 +73,9 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
   estream_t fp = NULL;
   char *request_buffer = NULL;
 
-  err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF);
+  /* Note that we only use the system provided certificates with the
+   * fetch command.  */
+  err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_SYS);
   if (err)
     goto leave;
   http_session_set_log_cb (session, cert_log_cb);
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 781a188..0c43c55 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -476,7 +476,8 @@ only LDAP supports them all.
 @opindex fetch-keys
 Retrieve keys located at the specified URIs. Note that different
 installations of GnuPG may support different protocols (HTTP, FTP,
-LDAP, etc.)
+LDAP, etc.).  When using HTTPS the system provided root certificates
+are used by this command.
 
 @item --update-trustdb
 @opindex update-trustdb

commit fd765df6a7883c3d841abeb657330a1aab4b7756
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 26 21:57:56 2016 +0200

    http: Allow to request system defined CAs for TLS.
    
    * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New.
    * dirmngr/http.c (http_session_new): Add arg "flags".
    * dirmngr/ks-engine-hkp.c (send_request): Use new flag
    HTTP_FLAG_TRUST_DEF for the new arg of http_session_new.
    * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
    * dirmngr/t-http.c (main): Ditto.
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/http.c b/dirmngr/http.c
index aa33917..f0fcd0d 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -560,10 +560,14 @@ http_session_release (http_session_t sess)
 
 
 /* Create a new session object which is currently used to enable TLS
-   support.  It may eventually allow reusing existing connections.  */
+ * support.  It may eventually allow reusing existing connections.
+ * Valid values for FLAGS are:
+ *   HTTP_FLAG_TRUST_DEF - Use the CAs set with http_register_tls_ca
+ *   HTTP_FLAG_TRUST_SYS - Also use the CAs defined by the system
+ */
 gpg_error_t
 http_session_new (http_session_t *r_session, const char *tls_priority,
-                  const char *intended_hostname)
+                  const char *intended_hostname, unsigned int flags)
 {
   gpg_error_t err;
   http_session_t sess;
@@ -629,14 +633,34 @@ http_session_new (http_session_t *r_session, const char *tls_priority,
       }
 
     /* Add configured certificates to the session.  */
-    for (sl = tls_ca_certlist; sl; sl = sl->next)
+    if ((flags & HTTP_FLAG_TRUST_DEF))
+      {
+        for (sl = tls_ca_certlist; sl; sl = sl->next)
+          {
+            rc = gnutls_certificate_set_x509_trust_file
+              (sess->certcred, sl->d,
+               (sl->flags & 1)? GNUTLS_X509_FMT_PEM : GNUTLS_X509_FMT_DER);
+            if (rc < 0)
+              log_info ("setting CA from file '%s' failed: %s\n",
+                        sl->d, gnutls_strerror (rc));
+          }
+      }
+
+    /* Add system certificates to the session.  */
+    if ((flags & HTTP_FLAG_TRUST_SYS))
       {
-        rc = gnutls_certificate_set_x509_trust_file
-          (sess->certcred, sl->d,
-           (sl->flags & 1)? GNUTLS_X509_FMT_PEM : GNUTLS_X509_FMT_DER);
+#if GNUTLS_VERSION_NUMBER >= 0x030014
+        static int shown;
+
+        rc = gnutls_certificate_set_x509_system_trust (sess->certcred);
         if (rc < 0)
-          log_info ("setting CA from file '%s' failed: %s\n",
-                    sl->d, gnutls_strerror (rc));
+          log_info ("setting system CAs failed: %s\n", gnutls_strerror (rc));
+        else if (!shown)
+          {
+            shown = 1;
+            log_info ("number of system provided CAs: %d\n", rc);
+          }
+#endif /* gnutls >= 3.0.20 */
       }
 
     rc = gnutls_init (&sess->tls_session, GNUTLS_CLIENT);
diff --git a/dirmngr/http.h b/dirmngr/http.h
index 58b8c1a..569ccea 100644
--- a/dirmngr/http.h
+++ b/dirmngr/http.h
@@ -80,11 +80,13 @@ enum
     HTTP_FLAG_TRY_PROXY = 1,     /* Try to use a proxy.  */
     HTTP_FLAG_SHUTDOWN = 2,      /* Close sending end after the request.  */
     HTTP_FLAG_FORCE_TOR = 4,     /* Force a TOR connection.  */
-    HTTP_FLAG_LOG_RESP = 8,      /* Log the server respone.  */
+    HTTP_FLAG_LOG_RESP = 8,      /* Log the server response.  */
     HTTP_FLAG_FORCE_TLS = 16,    /* Force the use of TLS.  */
     HTTP_FLAG_IGNORE_CL = 32,    /* Ignore content-length.  */
     HTTP_FLAG_IGNORE_IPv4 = 64,  /* Do not use IPv4.  */
-    HTTP_FLAG_IGNORE_IPv6 = 128  /* Do not use IPv6.  */
+    HTTP_FLAG_IGNORE_IPv6 = 128, /* Do not use IPv6.  */
+    HTTP_FLAG_TRUST_DEF   = 256, /* Use the default CAs.  */
+    HTTP_FLAG_TRUST_SYS   = 512  /* Also use the system defined CAs.  */
   };
 
 
@@ -99,7 +101,8 @@ void http_register_tls_ca (const char *fname);
 
 gpg_error_t http_session_new (http_session_t *r_session,
                               const char *tls_priority,
-                              const char *intended_hostname);
+                              const char *intended_hostname,
+                              unsigned int flags);
 http_session_t http_session_ref (http_session_t sess);
 void http_session_release (http_session_t sess);
 
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index eca02f0..636eaf7 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -991,7 +991,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
 
   *r_fp = NULL;
 
-  err = http_session_new (&session, NULL, httphost);
+  err = http_session_new (&session, NULL, httphost, HTTP_FLAG_TRUST_DEF);
   if (err)
     goto leave;
   http_session_set_log_cb (session, cert_log_cb);
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index 8232313..b996c25 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -73,7 +73,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
   estream_t fp = NULL;
   char *request_buffer = NULL;
 
-  err = http_session_new (&session, NULL, NULL);
+  err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF);
   if (err)
     goto leave;
   http_session_set_log_cb (session, cert_log_cb);
diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c
index 9d5ea5f..3a6be6c 100644
--- a/dirmngr/t-http.c
+++ b/dirmngr/t-http.c
@@ -262,7 +262,7 @@ main (int argc, char **argv)
   http_register_tls_callback (verify_callback);
   http_register_tls_ca (cafile);
 
-  err = http_session_new (&session, NULL, NULL);
+  err = http_session_new (&session, NULL, NULL, HTTP_FLAG_TRUST_DEF);
   if (err)
     log_error ("http_session_new failed: %s\n", gpg_strerror (err));
 

commit 07dbd061bd6c1f131f1d609b412675a128c5fe99
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 26 15:51:46 2016 +0200

    gpg: Add OpenPGP card vendor 0x2342.
    
    --

diff --git a/g10/card-util.c b/g10/card-util.c
index d9c12c6..4276716 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -215,7 +215,7 @@ get_manufacturer (unsigned int no)
     case 0x002A: return "Magrathea";
 
     case 0x1337: return "Warsaw Hackerspace";
-
+    case 0x2342: return "warpzone"; /* hackerspace Muenster.  */
     case 0xF517: return "FSIJ";
 
       /* 0x0000 and 0xFFFF are defined as test cards per spec,

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/http.c           | 40 ++++++++++++++++++++-----
 dirmngr/http.h           |  9 ++++--
 dirmngr/ks-engine-hkp.c  |  2 +-
 dirmngr/ks-engine-http.c |  4 ++-
 dirmngr/server.c         | 78 +++++++++++++++++++++++++++++++++++++++++++++---
 dirmngr/t-http.c         |  2 +-
 doc/gpg.texi             | 12 +++++++-
 g10/call-dirmngr.c       | 61 ++++++++++++++++++++++++++++++++++++-
 g10/call-dirmngr.h       |  2 ++
 g10/card-util.c          |  2 +-
 g10/getkey.c             | 34 +++++++++++++--------
 g10/gpg.c                |  6 ++++
 g10/gpgv.c               | 11 +++++++
 g10/import.c             |  2 +-
 g10/keylist.c            | 36 +++++++++++++++++-----
 g10/keyserver-internal.h |  2 ++
 g10/keyserver.c          | 33 ++++++++++++++++++++
 g10/options.h            |  2 ++
 g10/test-stubs.c         | 11 +++++++
 19 files changed, 307 insertions(+), 42 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr 27 17:11:23 2016
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 27 Apr 2016 17:11:23 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-158-g508b0de
Message-ID: <E1avR6Z-0001jI-EE@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  508b0deb70d39d388149be9a63fab24cc956a239 (commit)
      from  87de9e19edf0311ca0342e15ef44ebe40e32861e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 508b0deb70d39d388149be9a63fab24cc956a239
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Apr 28 00:08:08 2016 +0900

    scd: Fix memory leaks.
    
    * scd/ccid-driver.c (scan_or_find_usb_device): Return on
    LIBUSB_ERROR_NO_MEM.  Free CONFIG before return except on error.
    (scan_or_find_devices): Free device list.
    
    --
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index e968b83..601681f 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -1149,7 +1149,8 @@ scan_or_find_usb_device (int scan_mode,
       err = libusb_get_config_descriptor (dev, cfg_no, &config);
       if (err < 0)
         {
-          libusb_free_config_descriptor (config);
+          if (err == LIBUSB_ERROR_NO_MEM)
+            return err;
           continue;
         }
 
@@ -1232,6 +1233,7 @@ scan_or_find_usb_device (int scan_mode,
                                 {
                                   libusb_close (idev);
                                   free (rid);
+                                  libusb_free_config_descriptor (config);
                                   return 1; /* Out of core. */
                                 }
                               memcpy (*ifcdesc_extra, ifcdesc->extra,
@@ -1258,6 +1260,7 @@ scan_or_find_usb_device (int scan_mode,
                             free (rid);
 
                           *r_idev = idev;
+                          libusb_free_config_descriptor (config);
                           return 1; /* Found requested device. */
                         }
                       else
@@ -1273,10 +1276,13 @@ scan_or_find_usb_device (int scan_mode,
 
                   libusb_close (idev);
                   idev = NULL;
+                  libusb_free_config_descriptor (config);
                   return 0;
                 }
             }
         }
+
+      libusb_free_config_descriptor (config);
     }
 
   return 0;
@@ -1376,6 +1382,7 @@ scan_or_find_devices (int readerno, const char *readerid,
                                    interface_number,
                                    ep_bulk_out, ep_bulk_in, ep_intr))
         {
+          libusb_free_device_list (dev_list, 1);
           /* Found requested device or out of core. */
           if (!idev)
             {
@@ -1389,6 +1396,8 @@ scan_or_find_devices (int readerno, const char *readerid,
         }
     }
 
+  libusb_free_device_list (dev_list, 1);
+
   /* Now check whether there are any devices with special transport types. */
   for (i=0; transports[i].name; i++)
     {

-----------------------------------------------------------------------

Summary of changes:
 scd/ccid-driver.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Apr 27 20:15:18 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 27 Apr 2016 20:15:18 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. f6e90247f3d2c9aad9934faa8652f2a181f96e4b
Message-ID: <E1avTyX-0007xE-N7@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  f6e90247f3d2c9aad9934faa8652f2a181f96e4b (commit)
      from  0e71ca392cb559998c7923b4279e63ddd46f8e9f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f6e90247f3d2c9aad9934faa8652f2a181f96e4b
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Apr 27 16:11:09 2016 +0200

    blog: Update an older entry.

diff --git a/misc/blog.gnupg.org/20151224-gnupg-in-november-and-december.org b/misc/blog.gnupg.org/20151224-gnupg-in-november-and-december.org
index e2fcd68..5c2f3cd 100644
--- a/misc/blog.gnupg.org/20151224-gnupg-in-november-and-december.org
+++ b/misc/blog.gnupg.org/20151224-gnupg-in-november-and-december.org
@@ -157,6 +157,15 @@ We have meanwhile received unofficial information that Facebook did
 not rescinded their support pledge.  We are waiting for an official
 comment and will report on that then.
 
+** Update 2016-04-27
+
+With the help of the friendly Facebook folks we were meanwhile able to
+clarify our perceived problem with their donation promise.  It was all
+due to an unfortunate misunderstanding between us.  Facebook will
+keep on supporting GnuPG in 2016 with a donation of 50000 USD.
+
+This support greatly helps us to pay our developers who are busy
+working on improving GnuPG and the global encryption infrastructure.
 
 ** About this news posting
 

-----------------------------------------------------------------------

Summary of changes:
 misc/blog.gnupg.org/20151224-gnupg-in-november-and-december.org | 9 +++++++++
 1 file changed, 9 insertions(+)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 28 05:49:39 2016
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Thu, 28 Apr 2016 05:49:39 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-159-gcb4fee8
Message-ID: <E1avcwL-0001VO-V2@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  cb4fee8bb645745ff199f7428e19226d5bc63dab (commit)
      from  508b0deb70d39d388149be9a63fab24cc956a239 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cb4fee8bb645745ff199f7428e19226d5bc63dab
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Apr 28 12:43:48 2016 +0900

    scd: Fix error return path.
    
    * scd/ccid-driver.c (bulk_in): Remove EAGAIN handling.
    Handle LIBUSB_ERROR_NO_DEVICE to return CCID_DRIVER_ERR_NO_READER.
    
    --
    
    GnuPG-bug-id: 2306
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index 601681f..985404f 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -1976,11 +1976,12 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
       if (rc < 0)
         {
           DEBUGOUT_1 ("usb_bulk_read error: %s\n", libusb_error_name (rc));
-          if (rc == EAGAIN && eagain_retries++ < 3)
+          if (rc == LIBUSB_ERROR_NO_DEVICE)
             {
-              my_sleep (1);
-              goto retry;
+              handle->enodev_seen = 1;
+              return CCID_DRIVER_ERR_NO_READER;
             }
+
           return CCID_DRIVER_ERR_CARD_IO_ERROR;
         }
       if (msglen < 0)

-----------------------------------------------------------------------

Summary of changes:
 scd/ccid-driver.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 28 10:58:17 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 28 Apr 2016 10:58:17 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. e8459bf295da8b19b4e3c609eb5c49b47a862e41
Message-ID: <E1avhl2-0003UH-92@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  e8459bf295da8b19b4e3c609eb5c49b47a862e41 (commit)
      from  f6e90247f3d2c9aad9934faa8652f2a181f96e4b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e8459bf295da8b19b4e3c609eb5c49b47a862e41
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 28 09:55:10 2016 +0200

    web: Reorganized library section. Add npth.

diff --git a/web/documentation/bts.org b/web/documentation/bts.org
index c8808cc..1db13dd 100644
--- a/web/documentation/bts.org
+++ b/web/documentation/bts.org
@@ -7,7 +7,7 @@
   Our bug tracking system can be found at [[https://bugs.gnupg.org/gnupg/index][bugs.gnupg.org]]. Please,
   query the database before you create a new bug report. You need to
   create an account to file a bug or edit existing bugs. See the
-  [[http://bugs.gnupg.org/index.html#intro][Introduction to the BTS]].  Bug reports need to be written in English
+  [[https://bugs.gnupg.org/index.html#intro][Introduction to the BTS]].  Bug reports need to be written in English
 
   If you can fix one of these bugs/limitations, we will certainly be
   glad to receive a patch via the gnupg-devel mailing list.  If the
diff --git a/web/download/index.org b/web/download/index.org
index 522c70a..2a5fa82 100644
--- a/web/download/index.org
+++ b/web/download/index.org
@@ -51,6 +51,7 @@
    | [[../related_software/libgcrypt/index.org][Libgcrypt]]     | {{{libgcrypt_ver}}}    | {{{libgcrypt_date}}}    |    {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}}          | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}}          |
    | [[../related_software/libksba/index.org][Libksba]]       | {{{libksba_ver}}}      | {{{libksba_date}}}      |      {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}}                | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}}                |
    | [[../related_software/libassuan/index.org][Libassuan]]     | {{{libassuan_ver}}}    | {{{libassuan_date}}}    |    {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}}          | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}}          |
+   | [[../related_software/npth/index.org][nPth]]          | {{{npth_ver}}}         | {{{npth_date}}}         |         {{{npth_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/npth/npth-{{{npth_ver}}}.tar.bz2{{{ftpclose}}}                         | {{{ftpopen}}}{{{ftp_loc_base}}}/npth/npth-{{{npth_ver}}}.tar.bz2.sig{{{ftpclose}}}                         |
    |---------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------|
    | Pinentry      | {{{pinentry_ver}}}     | {{{pinentry_date}}}     |     {{{pinentry_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}}             | {{{ftpopen}}}{{{ftp_loc_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}}             |
    |---------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------|
diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org
index 8527a94..5989351 100644
--- a/web/download/integrity_check.org
+++ b/web/download/integrity_check.org
@@ -115,6 +115,7 @@
    {{{libgcrypt_sha1}}}  libgcrypt-{{{libgcrypt_ver}}}.tar.bz2
    {{{libksba_sha1}}}  libksba-{{{libksba_ver}}}.tar.bz2
    {{{libassuan_sha1}}}  libassuan-{{{libassuan_ver}}}.tar.bz2
+   {{{npth_sha1}}}  npth-{{{npth_ver}}}.tar.bz2
    {{{pinentry_sha1}}}  pinentry-{{{pinentry_ver}}}.tar.bz2
    {{{gpgme_sha1}}}  gpgme-{{{gpgme_ver}}}.tar.bz2
    {{{gpa_sha1}}}  gpa-{{{gpa_ver}}}.tar.bz2
diff --git a/web/related_software/libraries.org b/web/related_software/libraries.org
index dd46884..2a5cc8d 100644
--- a/web/related_software/libraries.org
+++ b/web/related_software/libraries.org
@@ -7,24 +7,41 @@
 
   This page collects libraries related to GnuPG project.
 
-  If you feel wanting to improve this list, please, fill in a [[#gpgweb][Problem
-   Report]] form.
+  If you feel wanting to improve this list, please, fill in a [[https://www.gnupg.org/documentation/bts.html][Problem
+  Report]] form.
 
-   -  [[file:swlist.org::#egd][EGD]] :: Entropy Gathering Daemon
-   -  [[file:swlist.org::#gpgme][GPGME]] :: GnuPG Made Easy
-   -  [[file:swlist.org::#gnupg-for-java][gnupg-for-java]] :: Java binding for GPGME
-   -  [[file:libassuan/index.org][libassuan]] :: Libassuan is the IPC library used by some GnuPG
-                   related software.
-   -  [[http://directory.fsf.org/wiki/Libgcrypt][libgcrypt]] :: Libgcrypt is a general purpose cryptographic
+** Libraries required to build GnuPG
+
+  The libraries are requred to build currenrt GnUPG versions but may
+  also be used on its onw.  They are maintained by the GnuPG Project.
+
+   -  [[file:libgpg-error/index.org][Libgpg-error]] :: Libgpg-error is helper library used by a couple
+                      of other projects to provide a common set of
+                      error codes and descriptions.
+   -  [[file:libgcrypt/index.org][Libgcrypt]] :: Libgcrypt is a general purpose cryptographic
                    library based on the code from GnuPG. It provides
                    functions for all cryptographic building blocks:
                    symmetric ciphers, hash algorithms, MACs, public
                    key algorithms, large integer functions, random
                    numbers and a lot of supporting functions.
-   -  [[file:libgpg-error/index.org][libgpg-error]] :: Libgpg-error is helper library used by a couple
-                      of other projects to provide a common set of
-                      error codes and descriptions.
-   -  [[file:libksba/index.org][libksba]] :: Libksba provides an easy API to create and parse
+   -  [[file:libassuan/index.org][Libassuan]] :: Libassuan is the IPC library used by some GnuPG
+                   related software.
+   -  [[file:libksba/index.org][Libksba]] :: Libksba provides an easy API to create and parse
                  X.509 and CMS related objects.
+   -  [[file:npth/index.org][nPth]] :: The New GNU Portable Threads Library.
+
+
+** Libraries recommended for use with GnuPG
+
+   These libraries are not required to build GnuPG but are recommended
+   by the GnuPG Project.
+
+   -  [[file:gpgme/index.org][GPGME]] :: GnuPG Made Easy is a library designed to make access to
+               GnuPG easier for applications.
+
+** Other Libraries
+
+   -  [[file:swlist.org::#gnupg-for-java][gnupg-for-java]] :: Java binding for GPGME
+   -  [[file:swlist.org::#egd][EGD]] :: Entropy Gathering Daemon
 
 # eof
diff --git a/web/related_software/npth/index.org b/web/related_software/npth/index.org
new file mode 100644
index 0000000..3b1f088
--- /dev/null
+++ b/web/related_software/npth/index.org
@@ -0,0 +1,15 @@
+#+STARTUP: showall
+#+SETUPFILE: "../../share/setup.inc"
+
+* The New GNU Portable Threads Library
+
+  /nPth/ is a library to provide the GNU Pth API and thus a
+  non-preemptive threads implementation.
+
+  In contrast to GNU Pth is is based on the system's standard threads
+  implementation.  This allows the use of libraries which are not
+  compatible to GNU Pth.  Experience with a Windows Pth emulation
+  showed that this is a solid way to provide a co-routine based
+  framework.
+
+  See the [[../../download/index.org::npth][download]] section for the latest tarball.

-----------------------------------------------------------------------

Summary of changes:
 web/documentation/bts.org           |  2 +-
 web/download/index.org              |  1 +
 web/download/integrity_check.org    |  1 +
 web/related_software/libraries.org  | 41 ++++++++++++++++++++++++++-----------
 web/related_software/npth/index.org | 15 ++++++++++++++
 5 files changed, 47 insertions(+), 13 deletions(-)
 create mode 100644 web/related_software/npth/index.org


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Apr 28 22:23:32 2016
From: cvs at cvs.gnupg.org (by Peter Lebbing)
Date: Thu, 28 Apr 2016 22:23:32 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 51b7dbe7b6f6585ef617c3c61ffa77960ebb49aa
Message-ID: <E1avsS9-0002a8-Vs@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  51b7dbe7b6f6585ef617c3c61ffa77960ebb49aa (commit)
       via  194959a5829354db0bd87a34d8d2edb4c8d8a0bc (commit)
      from  e8459bf295da8b19b4e3c609eb5c49b47a862e41 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 51b7dbe7b6f6585ef617c3c61ffa77960ebb49aa
Author: Peter Lebbing <peter at digitalbrains.com>
Date:   Thu Apr 28 21:17:36 2016 +0200

    Fix typo's in whats-new-in-2.1.org

diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org
index 179b075..c1e6d09 100644
--- a/web/faq/whats-new-in-2.1.org
+++ b/web/faq/whats-new-in-2.1.org
@@ -376,7 +376,7 @@ pub  rsa2048/BD19AC1C
 
 In case the key has already been signed, the command prints a note and
 exits with success.  In case you want to check that it really worked,
-use ==--check-sigs= as usual:
+use =--check-sigs= as usual:
 
 #+begin_example
 $ gpg2 --check-sigs  '15CB 723E 2000 A1A8 2505  F3B7 CC00 B501 BD19 AC1C'
@@ -515,13 +515,13 @@ For load balancing reasons, keyservers are organized in pools to
 enable instant round-robin DNS assignment of random keyservers.  A
 problem with that approach is that the DNS resolver is not aware of
 the state of the keyserver.  If a keyserver has gone down or a routing
-problems occurs, /gpg/ and its keyserver helpers were not ware of it
+problems occurs, /gpg/ and its keyserver helpers were not aware of it
 and would try over and over to use the same, dead, keyserver up until
 the DNS information expires and a the DNS resolver assigned a new
 server from the pool.
 
 The new /dirmngr/ in GnuPG does not use the implicit round-robin of
-the DNS resolver but uses its own DNS look up and keeps an internal
+the DNS resolver but uses its own DNS lookup and keeps an internal
 table of all hosts from the pool along with the encountered aliveness
 state.  Thus after a failure (timeout) of a request, /dirmngr/ flags a
 host as dead and randomly selects another one from the pool.  After a
@@ -607,12 +607,12 @@ revocation certificate are put at the top of the file.
 :END:
 
 The /scdaemon/, which is responsible for accessing smardcards and
-other tokens, has received many updates.  In particular plugable USB
+other tokens, has received many updates.  In particular pluggable USB
 readers with a fixed card now work smoothless and similar to standard
 readers.  The latest features of the [[http://www.fsij.org/doc-gnuk/][gnuk]] token are supported.  Code
 for the SmartCard-HSM has been added.  More card readers with a PIN
 pad are supported.  The internal CCID driver does now also work with
-certain non-auto configuration equipped readers.
+certain non-auto-configuration equipped readers.
 
 ** New format for key listings
 :PROPERTIES:
@@ -643,7 +643,7 @@ that is =show-uid-validity= is implicitly used for the
 
 The annotated key listing produced by the =--with-colons= options did
 not change.  However a couple of new fields have been added, for
-example if the new option =--with-secret-= is used the ?S/N of a token
+example if the new option =--with-secret= is used the ?S/N of a token
 field? indicates the presence of a secret key even in a public key
 listing.  This option is supported by recent [[https://gnupg.org/related_software/gpgme/][GPGME]] versions and makes
 writing of key manager software easier.
@@ -682,7 +682,7 @@ menu of /gpgsm/.
 In batch mode the certificate creation dialog can now be controlled by
 a parameter file with several new keywords.  Such a parameter file
 allows the creation of arbitrary X.509 certificates similar to what
-can be done with /openssl/.  It may this be used as the base for a CA
+can be done with /openssl/.  It may thus be used as the base for a CA
 software.  For details see the ?CSR and certificate creation? section
 in the manual.
 

commit 194959a5829354db0bd87a34d8d2edb4c8d8a0bc
Author: Peter Lebbing <peter at digitalbrains.com>
Date:   Thu Apr 28 21:10:40 2016 +0200

    Fix typo's in libraries.org

diff --git a/web/related_software/libraries.org b/web/related_software/libraries.org
index 2a5cc8d..6c963d0 100644
--- a/web/related_software/libraries.org
+++ b/web/related_software/libraries.org
@@ -12,10 +12,10 @@
 
 ** Libraries required to build GnuPG
 
-  The libraries are requred to build currenrt GnUPG versions but may
-  also be used on its onw.  They are maintained by the GnuPG Project.
+  The libraries are required to build current GnuPG versions but may
+  also be used on their own.  They are maintained by the GnuPG Project.
 
-   -  [[file:libgpg-error/index.org][Libgpg-error]] :: Libgpg-error is helper library used by a couple
+   -  [[file:libgpg-error/index.org][Libgpg-error]] :: Libgpg-error is a helper library used by a couple
                       of other projects to provide a common set of
                       error codes and descriptions.
    -  [[file:libgcrypt/index.org][Libgcrypt]] :: Libgcrypt is a general purpose cryptographic

-----------------------------------------------------------------------

Summary of changes:
 web/faq/whats-new-in-2.1.org       | 14 +++++++-------
 web/related_software/libraries.org |  6 +++---
 2 files changed, 10 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 29 11:09:03 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 29 Apr 2016 11:09:03 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-162-g300b227
Message-ID: <E1aw4Oz-0002Zu-Sc@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  300b227cf457deb918f25bcece0d734b61ae1348 (commit)
       via  64bfeafa52a5ed3fa82bdc0ce7ef0edddeef188c (commit)
       via  9740dff9f4d18ba764dc7173d4902e94e3f0c2e8 (commit)
      from  cb4fee8bb645745ff199f7428e19226d5bc63dab (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 300b227cf457deb918f25bcece0d734b61ae1348
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 29 11:05:55 2016 +0200

    doc: Fix name of gpg's option --tofu-policy
    
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index c10678b..3cad361 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -567,8 +567,8 @@ Use the source, Luke :-). The output format is still subject to change.
 Pack or unpack an arbitrary input into/from an OpenPGP ASCII armor.
 This is a GnuPG extension to OpenPGP and in general not very useful.
 
- at item --tofu-set-policy @code{auto|good|unknown|bad|ask}  @code{key...}
- at opindex tofu-set-policy
+ at item --tofu-policy @code{auto|good|unknown|bad|ask}  @code{key...}
+ at opindex tofu-policy
 Set the TOFU policy for all the bindings associated with the specified
 keys.  For more information about the meaning of the policies,
 @pxref{trust-model-tofu}.  The keys may be specified either by their

commit 64bfeafa52a5ed3fa82bdc0ce7ef0edddeef188c
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 29 11:05:24 2016 +0200

    gpg: Remove all assert.h and s/assert/log_assert/.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/armor.c b/g10/armor.c
index 98fb105..fb74655 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <ctype.h>
 
 #include "gpg.h"
@@ -137,7 +136,7 @@ release_armor_context (armor_filter_context_t *afx)
 {
   if (!afx)
     return;
-  assert (afx->refcount);
+  log_assert (afx->refcount);
   if ( --afx->refcount )
     return;
   xfree (afx);
diff --git a/g10/build-packet.c b/g10/build-packet.c
index e244bda..4d6d4af 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <ctype.h>
 
 #include "gpg.h"
@@ -91,7 +90,7 @@ build_packet( IOBUF out, PACKET *pkt )
 
     if( DBG_PACKET )
 	log_debug("build_packet() type=%d\n", pkt->pkttype );
-    assert( pkt->pkt.generic );
+    log_assert( pkt->pkt.generic );
 
     switch ((pkttype = pkt->pkttype))
       {
@@ -266,7 +265,7 @@ calc_packet_length( PACKET *pkt )
     u32 n=0;
     int new_ctb = 0;
 
-    assert( pkt->pkt.generic );
+    log_assert (pkt->pkt.generic);
     switch( pkt->pkttype ) {
       case PKT_PLAINTEXT:
 	n = calc_plaintext( pkt->pkt.plaintext );
@@ -465,7 +464,7 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
           byte *p;
           unsigned int ndatabits;
 
-          assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE));
+          log_assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE));
           p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits);
           if (p)
             iobuf_write (a, p, (ndatabits+7)/8 );
@@ -509,7 +508,7 @@ do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc )
     log_assert (ctb_pkttype (ctb) == PKT_SYMKEY_ENC);
 
     /* The only acceptable version.  */
-    assert( enc->version == 4 );
+    log_assert( enc->version == 4 );
 
     /* RFC 4880, Section 3.7.  */
     switch( enc->s2k.mode )
@@ -798,7 +797,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
 
     if (!okay)
         log_error ("delete_subpkt: buffer shorter than subpacket\n");
-    assert (unused <= area->len);
+    log_assert (unused <= area->len);
     area->len -= unused;
     return !!unused;
 }
@@ -1437,7 +1436,7 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
 static int
 do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops )
 {
-  log_assert (ctb_pkttype (ctb) == PKT_ONEPASS_SIG);
+    log_assert (ctb_pkttype (ctb) == PKT_ONEPASS_SIG);
 
     write_header(out, ctb, 4 + 8 + 1);
 
diff --git a/g10/call-agent.c b/g10/call-agent.c
index d9e4859..c5bd694 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -25,7 +25,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 #ifdef HAVE_LOCALE_H
 #include <locale.h>
 #endif
@@ -712,7 +711,7 @@ learn_status_cb (void *opaque, const char *line)
            && strchr("1234", keyword[11]))
     {
       int no = keyword[11] - '1';
-      assert (no >= 0 && no <= 3);
+      log_assert (no >= 0 && no <= 3);
       xfree (parm->private_do[no]);
       parm->private_do[no] = unescape_status_string (line);
     }
@@ -2133,7 +2132,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
   buf = get_membuf (&data, &len);
   if (!buf)
     return gpg_error_from_syserror ();
-  assert (len); /* (we forced Nul termination.)  */
+  log_assert (len); /* (we forced Nul termination.)  */
 
   if (*buf != '(')
     {
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index b0f249e..d35a5cf 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -25,7 +25,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <time.h>
-#include <assert.h>
 #ifdef HAVE_LOCALE_H
 # include <locale.h>
 #endif
@@ -261,7 +260,7 @@ open_context (ctrl_t ctrl, assuan_context_t *r_ctx)
       if (dml)
         {
           /* Found an inactive local session - return that.  */
-          assert (!dml->is_active);
+          log_assert (!dml->is_active);
 
           /* But first do the per session init if not yet done.  */
           if (!dml->set_keyservers_done)
@@ -804,7 +803,7 @@ record_output (estream_t output,
       type_str = "sig";
       break;
     default:
-      assert (! "Unhandled type.");
+      log_assert (! "Unhandled type.");
     }
 
   if (pub_key_length > 0)
diff --git a/g10/card-util.c b/g10/card-util.c
index 4276716..be1a593 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #ifdef HAVE_LIBREADLINE
 # define GNUPG_LIBREADLINE_H_INCLUDED
 # include <readline/readline.h>
@@ -901,7 +900,7 @@ change_private_do (const char *args, int nr)
   int n;
   int rc;
 
-  assert (nr >= 1 && nr <= 4);
+  log_assert (nr >= 1 && nr <= 4);
   do_name[11] = '0' + nr;
 
   if (args && (args = strchr (args, '<')))  /* Read it from a file */
@@ -1247,7 +1246,7 @@ show_card_key_info (struct agent_card_info_s *info)
 static int
 replace_existing_key_p (struct agent_card_info_s *info, int keyno)
 {
-  assert (keyno >= 0 && keyno <= 3);
+  log_assert (keyno >= 0 && keyno <= 3);
 
   if ((keyno == 1 && info->fpr1valid)
       || (keyno == 2 && info->fpr2valid)
@@ -1538,8 +1537,8 @@ card_store_subkey (KBNODE node, int use)
   int rc;
   gnupg_isotime_t timebuf;
 
-  assert (node->pkt->pkttype == PKT_PUBLIC_KEY
-          || node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
+  log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY
+              || node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
 
   pk = node->pkt->pkt.public_key;
 
diff --git a/g10/cipher.c b/g10/cipher.c
index 41324c3..ae7ba17 100644
--- a/g10/cipher.c
+++ b/g10/cipher.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "status.h"
@@ -123,7 +122,7 @@ cipher_filter( void *opaque, int control,
 	rc = -1; /* not yet used */
     }
     else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */
-	assert(a);
+	log_assert(a);
 	if( !cfx->header ) {
 	    write_header( cfx, a );
 	}
@@ -139,7 +138,7 @@ cipher_filter( void *opaque, int control,
                                                  (cfx->mdc_hash));
 	    byte temp[22];
 
-	    assert( hashlen == 20 );
+	    log_assert( hashlen == 20 );
 	    /* We must hash the prefix of the MDC packet here. */
 	    temp[0] = 0xd3;
 	    temp[1] = 0x14;
diff --git a/g10/compress.c b/g10/compress.c
index fd1ed6a..bdddef1 100644
--- a/g10/compress.c
+++ b/g10/compress.c
@@ -29,7 +29,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <assert.h>
 #include <errno.h>
 #ifdef HAVE_ZIP
 # include <zlib.h>
diff --git a/g10/dearmor.c b/g10/dearmor.c
index 3fdd57d..38c3a3c 100644
--- a/g10/dearmor.c
+++ b/g10/dearmor.c
@@ -22,7 +22,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "status.h"
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c
index 1380faf..96d2177 100644
--- a/g10/decrypt-data.c
+++ b/g10/decrypt-data.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
@@ -57,7 +56,7 @@ release_dfx_context (decode_filter_ctx_t dfx)
   if (!dfx)
     return;
 
-  assert (dfx->refcount);
+  log_assert (dfx->refcount);
   if ( !--dfx->refcount )
     {
       gcry_cipher_close (dfx->cipher_hd);
@@ -273,8 +272,8 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
          bytes are appended.  */
       int datalen = gcry_md_get_algo_dlen (ed->mdc_method);
 
-      assert (dfx->cipher_hd);
-      assert (dfx->mdc_hash);
+      log_assert (dfx->cipher_hd);
+      log_assert (dfx->mdc_hash);
       gcry_cipher_decrypt (dfx->cipher_hd, dfx->defer, 22, NULL, 0);
       gcry_md_write (dfx->mdc_hash, dfx->defer, 2);
       gcry_md_final (dfx->mdc_hash);
@@ -320,8 +319,8 @@ mdc_decode_filter (void *opaque, int control, IOBUF a,
     }
   else if( control == IOBUFCTRL_UNDERFLOW )
     {
-      assert (a);
-      assert (size > 44); /* Our code requires at least this size.  */
+      log_assert (a);
+      log_assert (size > 44); /* Our code requires at least this size.  */
 
       /* Get at least 22 bytes and put it ahead in the buffer.  */
       if (dfx->partial)
@@ -414,7 +413,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a,
 	}
       else
         {
-          assert ( dfx->eof_seen );
+          log_assert ( dfx->eof_seen );
           rc = -1; /* Return EOF.  */
 	}
       *ret_len = n;
@@ -447,7 +446,7 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
     }
   else if ( control == IOBUFCTRL_UNDERFLOW )
     {
-      assert(a);
+      log_assert (a);
 
       if (fc->partial)
         {
diff --git a/g10/decrypt.c b/g10/decrypt.c
index 068b64a..27f51f6 100644
--- a/g10/decrypt.c
+++ b/g10/decrypt.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "options.h"
diff --git a/g10/delkey.c b/g10/delkey.c
index 5d0c3df..f76277c 100644
--- a/g10/delkey.c
+++ b/g10/delkey.c
@@ -24,7 +24,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <ctype.h>
 
 #include "gpg.h"
diff --git a/g10/ecdh.c b/g10/ecdh.c
index a1b7ecf..af1d844 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -22,7 +22,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
@@ -75,7 +74,7 @@ pk_ecdh_default_params (unsigned int qbits)
           break;
         }
     }
-  assert (i < DIM (kek_params_table));
+  log_assert (i < DIM (kek_params_table));
   if (DBG_CRYPTO)
     log_printhex ("ECDH KEK params are", kek_params, sizeof(kek_params) );
 
@@ -134,7 +133,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
       }
 
     secret_x_size = (nbits+7)/8;
-    assert (nbytes >= secret_x_size);
+    log_assert (nbytes >= secret_x_size);
     if ((nbytes & 1))
       /* Remove the "04" prefix of non-compressed format.  */
       memmove (secret_x, secret_x+1, secret_x_size);
@@ -241,16 +240,16 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
 
     gcry_md_final (h);
 
-    assert( gcry_md_get_algo_dlen (kdf_hash_algo) >= 32 );
+    log_assert( gcry_md_get_algo_dlen (kdf_hash_algo) >= 32 );
 
     memcpy (secret_x, gcry_md_read (h, kdf_hash_algo),
             gcry_md_get_algo_dlen (kdf_hash_algo));
     gcry_md_close (h);
 
     old_size = secret_x_size;
-    assert( old_size >= gcry_cipher_get_algo_keylen( kdf_encr_algo ) );
+    log_assert( old_size >= gcry_cipher_get_algo_keylen( kdf_encr_algo ) );
     secret_x_size = gcry_cipher_get_algo_keylen( kdf_encr_algo );
-    assert( secret_x_size <= gcry_md_get_algo_dlen (kdf_hash_algo) );
+    log_assert( secret_x_size <= gcry_md_get_algo_dlen (kdf_hash_algo) );
 
     /* We could have allocated more, so clean the tail before returning.  */
     memset (secret_x+secret_x_size, 0, old_size - secret_x_size);
diff --git a/g10/encrypt.c b/g10/encrypt.c
index fe18c15..57d24be 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -24,7 +24,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "options.h"
@@ -80,7 +79,7 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
   gcry_cipher_hd_t hd;
   byte buf[33];
 
-  assert ( dek->keylen <= 32 );
+  log_assert ( dek->keylen <= 32 );
   if (!*seskey)
     {
       *seskey=xmalloc_clear(sizeof(DEK));
diff --git a/g10/export.c b/g10/export.c
index 3f06934..89604b4 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -24,7 +24,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "options.h"
@@ -781,10 +780,10 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
   ski->algo = protect_algo;
   ski->s2k.mode = s2k_mode;
   ski->s2k.hash_algo = s2k_algo;
-  assert (sizeof ski->s2k.salt == sizeof s2k_salt);
+  log_assert (sizeof ski->s2k.salt == sizeof s2k_salt);
   memcpy (ski->s2k.salt, s2k_salt, sizeof s2k_salt);
   ski->s2k.count = s2k_count;
-  assert (ivlen <= sizeof ski->iv);
+  log_assert (ivlen <= sizeof ski->iv);
   memcpy (ski->iv, iv, ivlen);
   ski->ivlen = ivlen;
 
diff --git a/g10/free-packet.c b/g10/free-packet.c
index 670f256..8176e36 100644
--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
@@ -302,7 +301,7 @@ free_attributes(PKT_user_id *uid)
 void
 free_user_id (PKT_user_id *uid)
 {
-    assert (uid->ref > 0);
+    log_assert (uid->ref > 0);
     if (--uid->ref)
         return;
 
diff --git a/g10/getkey.c b/g10/getkey.c
index a3d29f5..907007b 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -23,7 +23,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <ctype.h>
 
 #include "gpg.h"
@@ -220,7 +219,7 @@ cache_public_key (PKT_public_key * pk)
               pk_cache_entries--;
             }
         }
-      assert (pk_cache_entries < MAX_PK_CACHE_ENTRIES);
+      log_assert (pk_cache_entries < MAX_PK_CACHE_ENTRIES);
     }
   pk_cache_entries++;
   ce = xmalloc (sizeof *ce);
@@ -659,8 +658,8 @@ pk_from_block (GETKEY_CTX ctx, PKT_public_key * pk, KBNODE keyblock,
 
   (void) ctx;
 
-  assert (a->pkt->pkttype == PKT_PUBLIC_KEY
-	  || a->pkt->pkttype == PKT_PUBLIC_SUBKEY);
+  log_assert (a->pkt->pkttype == PKT_PUBLIC_KEY
+              || a->pkt->pkttype == PKT_PUBLIC_SUBKEY);
 
   copy_public_key (pk, a->pkt->pkt.public_key);
 }
@@ -779,7 +778,7 @@ get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
   KBNODE keyblock;
   u32 pkid[2];
 
-  assert (pk);
+  log_assert (pk);
 #if MAX_PK_CACHE_ENTRIES
   {
     /* Try to get it from the cache */
@@ -817,8 +816,8 @@ get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
       return GPG_ERR_NO_PUBKEY;
     }
 
-  assert (keyblock && keyblock->pkt
-          && keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+  log_assert (keyblock && keyblock->pkt
+              && keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
 
   /* We return the primary key.  If KEYID matched a subkey, then we
      return an error.  */
@@ -970,7 +969,7 @@ skip_unusable (void *dummy, u32 * keyid, int uid_no)
 
       /* If UID_NO is non-zero, then the keyblock better have at least
 	 that many UIDs.  */
-      assert (uids_seen == uid_no);
+      log_assert (uids_seen == uid_no);
     }
 
   if (!unusable)
@@ -1040,8 +1039,8 @@ key_byname (GETKEY_CTX *retctx, strlist_t namelist,
   if (retctx)
     {
       /* Reset the returned context in case of error.  */
-      assert (!ret_kdbhd); /* Not allowed because the handle is stored
-			      in the context.  */
+      log_assert (!ret_kdbhd); /* Not allowed because the handle is stored
+                                  in the context.  */
       *retctx = NULL;
     }
   if (ret_kdbhd)
@@ -1380,7 +1379,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	    {
 	      char fpr_string[MAX_FINGERPRINT_LEN * 2 + 1];
 
-	      assert (fpr_len <= MAX_FINGERPRINT_LEN);
+	      log_assert (fpr_len <= MAX_FINGERPRINT_LEN);
 
 	      free_strlist (namelist);
 	      namelist = NULL;
@@ -1440,7 +1439,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 
   if (retctx && *retctx)
     {
-      assert (!(*retctx)->extra_list);
+      log_assert (!(*retctx)->extra_list);
       (*retctx)->extra_list = namelist;
     }
   else
@@ -1564,8 +1563,8 @@ get_pubkey_byfprint_fast (PKT_public_key * pk,
       return GPG_ERR_NO_PUBKEY;
     }
 
-  assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
-	  || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY);
+  log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
+              || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY);
   if (pk)
     copy_public_key (pk, keyblock->pkt->pkt.public_key);
   release_kbnode (keyblock);
@@ -3111,7 +3110,7 @@ finish_lookup (GETKEY_CTX ctx, KBNODE keyblock)
   PKT_public_key *pk;
 
 
-  assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+  log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
 
   if (ctx->exact)
     /* Get the key or subkey that matched the low-level search
@@ -3121,8 +3120,8 @@ finish_lookup (GETKEY_CTX ctx, KBNODE keyblock)
 	{
 	  if ((k->flag & 1))
 	    {
-	      assert (k->pkt->pkttype == PKT_PUBLIC_KEY
-		      || k->pkt->pkttype == PKT_PUBLIC_SUBKEY);
+	      log_assert (k->pkt->pkttype == PKT_PUBLIC_KEY
+                          || k->pkt->pkttype == PKT_PUBLIC_SUBKEY);
 	      foundk = k;
               pk = k->pkt->pkt.public_key;
               pk->flags.exact = 1;
@@ -3136,7 +3135,7 @@ finish_lookup (GETKEY_CTX ctx, KBNODE keyblock)
     {
       if ((k->flag & 2))
 	{
-	  assert (k->pkt->pkttype == PKT_USER_ID);
+	  log_assert (k->pkt->pkttype == PKT_USER_ID);
 	  foundu = k->pkt->pkt.user_id;
 	  break;
 	}
@@ -3856,8 +3855,8 @@ have_secret_key_with_kid (u32 *keyid)
              match a single key or subkey.  */
 	  if ((node->flag & 1))
             {
-              assert (node->pkt->pkttype == PKT_PUBLIC_KEY
-                      || node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
+              log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY
+                          || node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
 
               if (!agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
 		result = 1; /* Secret key available.  */
diff --git a/g10/gpg.c b/g10/gpg.c
index 2f687fc..006c95b 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -26,7 +26,6 @@
 #include <string.h>
 #include <ctype.h>
 #include <unistd.h>
-#include <assert.h>
 #ifdef HAVE_STAT
 #include <sys/stat.h> /* for stat() */
 #endif
@@ -1389,7 +1388,7 @@ check_permissions (const char *path, int item)
   if(opt.no_perm_warn)
     return 0;
 
-  assert(item==0 || item==1 || item==2);
+  log_assert(item==0 || item==1 || item==2);
 
   /* extensions may attach a path */
   if(item==2 && path[0]!=DIRSEP_C)
diff --git a/g10/import.c b/g10/import.c
index e9fc014..6707797 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "options.h"
@@ -1835,9 +1834,9 @@ import_revoke_cert (const char *fname, kbnode_t node,
 
   (void)fname;
 
-  assert( !node->next );
-  assert( node->pkt->pkttype == PKT_SIGNATURE );
-  assert( node->pkt->pkt.signature->sig_class == 0x20 );
+  log_assert (!node->next );
+  log_assert (node->pkt->pkttype == PKT_SIGNATURE );
+  log_assert (node->pkt->pkt.signature->sig_class == 0x20 );
 
   keyid[0] = node->pkt->pkt.signature->keyid[0];
   keyid[1] = node->pkt->pkt.signature->keyid[1];
@@ -2720,7 +2719,7 @@ append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs,
   (void)fname;
   (void)keyid;
 
-  assert(node->pkt->pkttype == PKT_USER_ID );
+  log_assert (node->pkt->pkttype == PKT_USER_ID );
 
   /* find the position */
   for (n = keyblock; n; n_where = n, n = n->next)
@@ -2773,8 +2772,8 @@ merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs,
   (void)fname;
   (void)keyid;
 
-  assert(dst->pkt->pkttype == PKT_USER_ID );
-  assert(src->pkt->pkttype == PKT_USER_ID );
+  log_assert (dst->pkt->pkttype == PKT_USER_ID);
+  log_assert (src->pkt->pkttype == PKT_USER_ID);
 
   for (n=src->next; n && n->pkt->pkttype != PKT_USER_ID; n = n->next)
     {
@@ -2821,8 +2820,8 @@ merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs,
   (void)fname;
   (void)keyid;
 
-  assert (dst->pkt->pkttype == PKT_PUBLIC_SUBKEY
-          || dst->pkt->pkttype == PKT_SECRET_SUBKEY);
+  log_assert (dst->pkt->pkttype == PKT_PUBLIC_SUBKEY
+              || dst->pkt->pkttype == PKT_SECRET_SUBKEY);
 
   for (n=src->next; n ; n = n->next)
     {
@@ -2882,8 +2881,8 @@ append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs,
   (void)fname;
   (void)keyid;
 
-  assert( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
-          || node->pkt->pkttype == PKT_SECRET_SUBKEY );
+  log_assert (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+              || node->pkt->pkttype == PKT_SECRET_SUBKEY);
 
   while (node)
     {
diff --git a/g10/kbnode.c b/g10/kbnode.c
index 3337e01..a1d1f3d 100644
--- a/g10/kbnode.c
+++ b/g10/kbnode.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
diff --git a/g10/keydb.c b/g10/keydb.c
index 9604807..0164348 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h>
@@ -861,7 +860,7 @@ keydb_new (void)
   hd->saved_found = -1;
   hd->is_reset = 1;
 
-  assert (used_resources <= MAX_KEYDB_RESOURCES);
+  log_assert (used_resources <= MAX_KEYDB_RESOURCES);
   for (i=j=0; ! die && i < used_resources; i++)
     {
       switch (all_resources[i].type)
@@ -919,7 +918,7 @@ keydb_release (KEYDB_HANDLE hd)
 
   if (!hd)
     return;
-  assert (active_handles > 0);
+  log_assert (active_handles > 0);
   active_handles--;
 
   unlock_all (hd);
@@ -1521,8 +1520,8 @@ keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
   KEYDB_SEARCH_DESC desc;
   size_t len;
 
-  assert (kb);
-  assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
+  log_assert (kb);
+  log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
   pk = kb->pkt->pkt.public_key;
 
   if (!hd)
@@ -1549,7 +1548,7 @@ keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
   err = keydb_search (hd, &desc, 1, NULL);
   if (err)
     return gpg_error (GPG_ERR_VALUE_NOT_FOUND);
-  assert (hd->found >= 0 && hd->found < hd->used);
+  log_assert (hd->found >= 0 && hd->found < hd->used);
 
   switch (hd->active[hd->found].type)
     {
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 84f0431..3fa3a2c 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -24,7 +24,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <ctype.h>
 #ifdef HAVE_LIBREADLINE
 # define GNUPG_LIBREADLINE_H_INCLUDED
@@ -339,8 +338,8 @@ sig_comparison (const void *av, const void *bv)
   int ndatab;
   int i;
 
-  assert (an->pkt->pkttype == PKT_SIGNATURE);
-  assert (bn->pkt->pkttype == PKT_SIGNATURE);
+  log_assert (an->pkt->pkttype == PKT_SIGNATURE);
+  log_assert (bn->pkt->pkttype == PKT_SIGNATURE);
 
   a = an->pkt->pkt.signature;
   b = bn->pkt->pkt.signature;
@@ -352,7 +351,7 @@ sig_comparison (const void *av, const void *bv)
 
   ndataa = pubkey_get_nsig (a->pubkey_algo);
   ndatab = pubkey_get_nsig (a->pubkey_algo);
-  assert (ndataa == ndatab);
+  log_assert (ndataa == ndatab);
 
   for (i = 0; i < ndataa; i ++)
     {
@@ -399,7 +398,7 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
   int missing_selfsig = 0;
   int modified = 0;
 
-  assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
+  log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
   pk = kb->pkt->pkt.public_key;
 
   /* First we look for duplicates.  */
@@ -431,17 +430,17 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
         sigs[i] = n;
         i ++;
       }
-    assert (i == nsigs);
+    log_assert (i == nsigs);
 
     qsort (sigs, nsigs, sizeof (sigs[0]), sig_comparison);
 
     last_i = 0;
     for (i = 1; i < nsigs; i ++)
       {
-        assert (sigs[last_i]);
-        assert (sigs[last_i]->pkt->pkttype == PKT_SIGNATURE);
-        assert (sigs[i]);
-        assert (sigs[i]->pkt->pkttype == PKT_SIGNATURE);
+        log_assert (sigs[last_i]);
+        log_assert (sigs[last_i]->pkt->pkttype == PKT_SIGNATURE);
+        log_assert (sigs[i]);
+        log_assert (sigs[i]->pkt->pkttype == PKT_SIGNATURE);
 
         if (sig_comparison (&sigs[last_i], &sigs[i]) == 0)
           /* They are the same.  Kill the latter.  */
@@ -519,7 +518,7 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
       switch (p->pkttype)
         {
         case PKT_PUBLIC_KEY:
-          assert (p->pkt.public_key == pk);
+          log_assert (p->pkt.public_key == pk);
           if (only_selected && ! (n->flag & NODFLG_SELKEY))
             {
               current_component = NULL;
@@ -658,9 +657,9 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
             }
           else if (n2)
             {
-              assert (n2->pkt->pkttype == PKT_USER_ID
-                      || n2->pkt->pkttype == PKT_PUBLIC_KEY
-                      || n2->pkt->pkttype == PKT_PUBLIC_SUBKEY);
+              log_assert (n2->pkt->pkttype == PKT_USER_ID
+                          || n2->pkt->pkttype == PKT_PUBLIC_KEY
+                          || n2->pkt->pkttype == PKT_PUBLIC_SUBKEY);
 
               if (DBG_PACKET)
                 {
@@ -681,7 +680,7 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
                  after n2.  */
 
               /* Unlink the signature.  */
-              assert (n_prevp);
+              log_assert (n_prevp);
               *n_prevp = n->next;
 
               /* Insert the sig immediately after the component.  */
@@ -1577,7 +1576,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
 	      PKT_signature *sig;
 	      struct sign_attrib attrib;
 
-	      assert (primary_pk);
+	      log_assert (primary_pk);
 	      memset (&attrib, 0, sizeof attrib);
 	      attrib.non_exportable = local;
 	      attrib.non_revocable = nonrevocable;
@@ -2639,7 +2638,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 	case cmdPREF:
 	  {
 	    int count = count_selected_uids (keyblock);
-	    assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+	    log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
 	    show_names (NULL, keyblock, keyblock->pkt->pkt.public_key,
 			count ? NODFLG_SELUID : 0, 1);
 	  }
@@ -2648,7 +2647,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 	case cmdSHOWPREF:
 	  {
 	    int count = count_selected_uids (keyblock);
-	    assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+	    log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
 	    show_names (NULL, keyblock, keyblock->pkt->pkt.public_key,
 			count ? NODFLG_SELUID : 0, 2);
 	  }
@@ -4052,7 +4051,7 @@ menu_adduid (kbnode_t pub_keyblock, int photo, const char *photo_name,
     }
   if (!node) /* No subkey.  */
     pub_where = NULL;
-  assert (pk);
+  log_assert (pk);
 
   if (photo)
     {
@@ -4349,7 +4348,7 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
   size_t fprlen;
   int rc;
 
-  assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+  log_assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
 
   pk = pub_keyblock->pkt->pkt.public_key;
 
@@ -4736,7 +4735,7 @@ menu_backsign (KBNODE pub_keyblock)
   KBNODE node;
   u32 timestamp;
 
-  assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+  log_assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
 
   merge_keys_and_selfsig (pub_keyblock);
   main_pk = pub_keyblock->pkt->pkt.public_key;
@@ -5485,7 +5484,7 @@ menu_select_uid_namehash (KBNODE keyblock, const char *namehash)
   KBNODE node;
   int i;
 
-  assert (strlen (namehash) == NAMEHASH_LEN * 2);
+  log_assert (strlen (namehash) == NAMEHASH_LEN * 2);
 
   for (i = 0; i < NAMEHASH_LEN; i++)
     hash[i] = hextobyte (&namehash[i * 2]);
@@ -5819,7 +5818,7 @@ menu_revsig (KBNODE keyblock)
   int rc, any, skip = 1, all = !count_selected_uids (keyblock);
   struct revocation_reason_info *reason = NULL;
 
-  assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+  log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
 
   /* First check whether we have any signatures at all.  */
   any = 0;
@@ -5960,7 +5959,7 @@ reloop:			/* (must use this, because we are modifing the list) */
 	  || node->pkt->pkttype != PKT_SIGNATURE)
 	continue;
       unode = find_prev_kbnode (keyblock, node, PKT_USER_ID);
-      assert (unode);		/* we already checked this */
+      log_assert (unode); /* we already checked this */
 
       memset (&attrib, 0, sizeof attrib);
       attrib.reason = reason;
diff --git a/g10/keygen.c b/g10/keygen.c
index 06710eb..f9cbf21 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -24,7 +24,6 @@
 #include <string.h>
 #include <ctype.h>
 #include <errno.h>
-#include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h>
@@ -1371,7 +1370,7 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
   char *keyparms;
   char nbitsstr[35];
 
-  assert (is_ELGAMAL (algo));
+  log_assert (is_ELGAMAL (algo));
 
   if (nbits < 1024)
     {
@@ -1513,9 +1512,9 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
   gpg_error_t err;
   char *keyparms;
 
-  assert (algo == PUBKEY_ALGO_ECDSA
-          || algo == PUBKEY_ALGO_EDDSA
-          || algo == PUBKEY_ALGO_ECDH);
+  log_assert (algo == PUBKEY_ALGO_ECDSA
+              || algo == PUBKEY_ALGO_EDDSA
+              || algo == PUBKEY_ALGO_ECDH);
 
   if (!curve || !*curve)
     return gpg_error (GPG_ERR_UNKNOWN_CURVE);
@@ -1571,7 +1570,7 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
   char nbitsstr[35];
   const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);
 
-  assert (is_RSA(algo));
+  log_assert (is_RSA(algo));
 
   if (!nbits)
     nbits = DEFAULT_STD_KEYSIZE;
@@ -2794,7 +2793,7 @@ generate_user_id (KBNODE keyblock, const char *uidstr)
 static void
 append_to_parameter (struct para_data_s *para, struct para_data_s *r)
 {
-  assert (para);
+  log_assert (para);
   while (para->next)
     para = para->next;
   para->next = r;
@@ -4034,7 +4033,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
               push_armor_filter (outctrl->pub.afx, outctrl->pub.stream);
             }
         }
-      assert( outctrl->pub.stream );
+      log_assert( outctrl->pub.stream );
       if (opt.verbose)
         log_info (_("writing public key to '%s'\n"), outctrl->pub.fname );
     }
@@ -4079,7 +4078,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
   if (!err)
     {
       pri_psk = pub_root->next->pkt->pkt.public_key;
-      assert (pri_psk);
+      log_assert (pri_psk);
 
       /* Make sure a few fields are correctly set up before going
          further.  */
@@ -4141,7 +4140,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
               for (node = pub_root; node; node = node->next)
                 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
                   sub_psk = node->pkt->pkt.public_key;
-              assert (sub_psk);
+              log_assert (sub_psk);
 
               if (s)
                 err = card_store_key_with_backup (ctrl, sub_psk, opt.homedir);
@@ -4327,7 +4326,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock)
   xfree (hexgrip);
   hexgrip = NULL;
   algo = ask_algo (ctrl, 1, NULL, &use, &hexgrip);
-  assert (algo);
+  log_assert (algo);
 
   if (hexgrip)
     nbits = 0;
@@ -4392,7 +4391,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
   u32 cur_time;
   struct para_data_s *para = NULL;
 
-  assert (keyno >= 1 && keyno <= 3);
+  log_assert (keyno >= 1 && keyno <= 3);
 
   para = xtrycalloc (1, sizeof *para + strlen (serialno) );
   if (!para)
@@ -4462,7 +4461,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
       for (node = pub_keyblock; node; node = node->next)
         if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
           sub_pk = node->pkt->pkt.public_key;
-      assert (sub_pk);
+      log_assert (sub_pk);
       err = write_keybinding (pub_keyblock, pri_pk, sub_pk,
                               use, cur_time, NULL);
     }
diff --git a/g10/keyid.c b/g10/keyid.c
index f2a5e03..bd808d2 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -26,7 +26,6 @@
 #include <string.h>
 #include <errno.h>
 #include <time.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
@@ -767,7 +766,7 @@ fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
   md = do_fingerprint_md(pk);
   dp = gcry_md_read( md, 0 );
   len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
-  assert( len <= MAX_FINGERPRINT_LEN );
+  log_assert( len <= MAX_FINGERPRINT_LEN );
   if (!array)
     array = xmalloc ( len );
   memcpy (array, dp, len );
@@ -849,7 +848,7 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen)
           buffer[j ++] = fingerprint[i];
         }
       buffer[j ++] = 0;
-      assert (j == space);
+      log_assert (j == space);
     }
   else
     {
diff --git a/g10/keylist.c b/g10/keylist.c
index 0812d9c..1649991 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -24,9 +24,8 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #ifdef HAVE_DOSISH_SYSTEM
-#include <fcntl.h>		/* for setmode() */
+# include <fcntl.h>		/* for setmode() */
 #endif
 
 #include "gpg.h"
@@ -799,7 +798,7 @@ print_subpackets_colon (PKT_signature * sig)
 {
   byte *i;
 
-  assert (opt.show_subpackets);
+  log_assert (opt.show_subpackets);
 
   for (i = opt.show_subpackets; *i; i++)
     {
@@ -1788,9 +1787,9 @@ do_reorder_keyblock (KBNODE keyblock, int attr)
       if (node->pkt->pkttype == PKT_USER_ID)
 	break;
     }
-  assert (node);
-  assert (last);	 /* The user ID is never the first packet.  */
-  assert (primary0);	 /* Ditto (this is the node before primary).  */
+  log_assert (node);
+  log_assert (last);	 /* The user ID is never the first packet.  */
+  log_assert (primary0); /* Ditto (this is the node before primary).  */
   if (node == primary)
     return; /* Already the first one.  */
 
diff --git a/g10/keyring.c b/g10/keyring.c
index ee079a9..843975e 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -243,7 +242,7 @@ keyring_new (void *token)
   KEYRING_HANDLE hd;
   KR_RESOURCE resource = token;
 
-  assert (resource);
+  log_assert (resource);
 
   hd = xtrycalloc (1, sizeof *hd);
   if (!hd)
@@ -258,7 +257,7 @@ keyring_release (KEYRING_HANDLE hd)
 {
     if (!hd)
         return;
-    assert (active_handles > 0);
+    log_assert (active_handles > 0);
     active_handles--;
     xfree (hd->word_match.name);
     xfree (hd->word_match.pattern);
@@ -691,7 +690,7 @@ keyring_delete_keyblock (KEYRING_HANDLE hd)
 int
 keyring_search_reset (KEYRING_HANDLE hd)
 {
-    assert (hd);
+    log_assert (hd);
 
     hd->current.kr = NULL;
     iobuf_close (hd->current.iobuf);
@@ -752,7 +751,7 @@ prepare_search (KEYRING_HANDLE hd)
           hd->current.eof = 1;
           return -1; /* keyring not available */
         }
-        assert (!hd->current.iobuf);
+        log_assert (!hd->current.iobuf);
     }
     else { /* EOF */
         if (DBG_LOOKUP)
@@ -1084,7 +1083,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
           if (desc[n].mode == KEYDB_SEARCH_MODE_WORDS)
             name = desc[n].u.name;
         }
-      assert (name);
+      log_assert (name);
       if ( !hd->word_match.name || strcmp (hd->word_match.name, name) )
         {
           /* name changed */
@@ -1713,7 +1712,7 @@ do_copy (int mode, const char *fname, KBNODE root,
 	    goto leave;
 	}
 	/* skip this keyblock */
-	assert( n_packets );
+	log_assert( n_packets );
 	rc = skip_some_packets( fp, n_packets );
 	if( rc ) {
 	    log_error("%s: skipping %u packets failed: %s\n",
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 95ef441..3486abb 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -24,7 +24,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include <assert.h>
 #include <errno.h>
 
 #include "gpg.h"
@@ -243,7 +242,7 @@ parse_keyserver_uri (const char *string,int require_scheme)
   int count;
   char *uri,*options;
 
-  assert(string!=NULL);
+  log_assert (string);
 
   keyserver=xmalloc_clear(sizeof(struct keyserver_spec));
 
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 5e6b40b..d56790b 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <time.h>
 
 #include "gpg.h"
@@ -855,7 +854,7 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
   gcry_md_hd_t md_good = NULL;
   int algo, rc;
 
-  assert (node->pkt->pkttype == PKT_SIGNATURE);
+  log_assert (node->pkt->pkttype == PKT_SIGNATURE);
   if (is_selfsig)
     *is_selfsig = 0;
   sig = node->pkt->pkt.signature;
@@ -1523,7 +1522,7 @@ pka_uri_from_sig (CTX c, PKT_signature *sig)
 {
   if (!sig->flags.pka_tried)
     {
-      assert (!sig->pka_info);
+      log_assert (!sig->pka_info);
       sig->flags.pka_tried = 1;
       sig->pka_info = get_pka_address (sig);
       if (sig->pka_info)
@@ -1637,7 +1636,7 @@ check_sig_and_print (CTX c, kbnode_t node)
 /*     dump_kbnode (c->list); */
 
     n = c->list;
-    assert (n);
+    log_assert (n);
     if ( n->pkt->pkttype == PKT_SIGNATURE )
       {
         /* This is either "S{1,n}" case (detached signature) or
@@ -1864,7 +1863,7 @@ check_sig_and_print (CTX c, kbnode_t node)
           if (un->pkt->pkt.user_id->attrib_data)
             continue;
 
-          assert (pk);
+          log_assert (pk);
 
 	  /* Since this is just informational, don't actually ask the
 	     user to update any trust information.  (Note: we register
diff --git a/g10/mdfilter.c b/g10/mdfilter.c
index 88b2ee1..0dbbc3c 100644
--- a/g10/mdfilter.c
+++ b/g10/mdfilter.c
@@ -22,7 +22,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "status.h"
diff --git a/g10/migrate.c b/g10/migrate.c
index 48cbdd0..f4881b4 100644
--- a/g10/migrate.c
+++ b/g10/migrate.c
@@ -23,7 +23,6 @@
 #include <string.h>
 #include <errno.h>
 #include <unistd.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "options.h"
diff --git a/g10/misc.c b/g10/misc.c
index bdc4505..d2537cf 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -69,8 +69,6 @@
 #include "i18n.h"
 #include "zb32.h"
 
-#include <assert.h>
-
 
 #ifdef ENABLE_SELINUX_HACKS
 /* A object and a global variable to keep track of files marked as
diff --git a/g10/openfile.c b/g10/openfile.c
index 859090e..006ff35 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 #include <errno.h>
 #include <sys/types.h>
 #include <sys/stat.h>
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 3407848..c77e409 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -24,7 +24,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
@@ -487,7 +486,7 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
   off_t pos;
 
   *skip = 0;
-  assert (!pkt->pkt.generic);
+  log_assert (!pkt->pkt.generic);
   if (retpos || list_mode)
     {
       pos = iobuf_tell (inp);
@@ -1114,7 +1113,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
 	log_info (_("WARNING: potentially insecure symmetrically"
 		    " encrypted session key\n"));
     }
-  assert (!pktlen);
+  log_assert (!pktlen);
 
   if (list_mode)
     {
@@ -2421,7 +2420,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 	   * NOTE: if you change the ivlen above 16, don't forget to
 	   * enlarge temp.  */
 	  ski->ivlen = openpgp_cipher_blocklen (ski->algo);
-	  assert (ski->ivlen <= sizeof (temp));
+	  log_assert (ski->ivlen <= sizeof (temp));
 
 	  if (ski->s2k.mode == 1001)
 	    ski->ivlen = 0;
@@ -2660,7 +2659,7 @@ parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
 void
 make_attribute_uidname (PKT_user_id * uid, size_t max_namelen)
 {
-  assert (max_namelen > 70);
+  log_assert (max_namelen > 70);
   if (uid->numattribs <= 0)
     sprintf (uid->name, "[bad attribute packet of size %lu]",
 	     uid->attrib_len);
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 5eb2562..b1d1a05 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -24,7 +24,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <assert.h>
 #include <errno.h>
 #ifdef HAVE_LOCALE_H
 #include <locale.h>
@@ -425,7 +424,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
 
   if ( !s2k )
     {
-      assert (mode != 3 && mode != 4);
+      log_assert (mode != 3 && mode != 4);
       /* This is used for the old rfc1991 mode
        * Note: This must match the code in encode.c with opt.rfc1991 set */
       s2k = &help_s2k;
diff --git a/g10/pkclist.c b/g10/pkclist.c
index d9ada59..b659cb8 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "options.h"
diff --git a/g10/pkglue.c b/g10/pkglue.c
index c8a5d24..232c489 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
@@ -40,9 +39,9 @@ get_mpi_from_sexp (gcry_sexp_t sexp, const char *item, int mpifmt)
   gcry_mpi_t data;
 
   list = gcry_sexp_find_token (sexp, item, 0);
-  assert (list);
+  log_assert (list);
   data = gcry_sexp_nth_mpi (list, 1, mpifmt);
-  assert (data);
+  log_assert (data);
   gcry_sexp_release (list);
   return data;
 }
diff --git a/g10/plaintext.c b/g10/plaintext.c
index 94ede07..e118f6b 100644
--- a/g10/plaintext.c
+++ b/g10/plaintext.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <sys/types.h>
 #ifdef HAVE_DOSISH_SYSTEM
 # include <fcntl.h> /* for setmode() */
@@ -636,7 +635,7 @@ ask_for_detached_datafile (gcry_md_hd_t md, gcry_md_hd_t md2,
       if (opt.verbose)
 	log_info (_("reading stdin ...\n"));
       fp = iobuf_open (NULL);
-      assert (fp);
+      log_assert (fp);
     }
   do_hash (md, md2, fp, textmode);
   iobuf_close (fp);
diff --git a/g10/progress.c b/g10/progress.c
index f4b4698..21810a4 100644
--- a/g10/progress.c
+++ b/g10/progress.c
@@ -19,7 +19,6 @@
 
 #include <config.h>
 #include <stdio.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "iobuf.h"
@@ -64,7 +63,7 @@ release_progress_context (progress_filter_context_t *pfx)
 {
   if (!pfx)
     return;
-  assert (pfx->refcount);
+  log_assert (pfx->refcount);
   if ( --pfx->refcount )
     return;
   xfree (pfx->what);
@@ -143,8 +142,8 @@ handle_progress (progress_filter_context_t *pfx, IOBUF inp, const char *name)
   if (!pfx)
     return;
 
-  assert (opt.enable_progress_filter);
-  assert (is_status_enabled ());
+  log_assert (opt.enable_progress_filter);
+  log_assert (is_status_enabled ());
 
   if ( !iobuf_is_pipe_filename (name) && *name )
     filesize = iobuf_get_filelength (inp, NULL);
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 23a4473..0df9bfa 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
@@ -197,7 +196,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
   if (sk->pubkey_algo == PUBKEY_ALGO_ECDH)
     {
       fingerprint_from_pk (sk, fp, &fpn);
-      assert (fpn == 20);
+      log_assert (fpn == 20);
     }
 
   /* Decrypt. */
@@ -267,7 +266,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
           goto leave;
         }
       nframe -= frame[nframe-1]; /* Remove padding.  */
-      assert (!n); /* (used just below) */
+      log_assert (!n); /* (used just below) */
     }
   else
     {
diff --git a/g10/revoke.c b/g10/revoke.c
index a8f7658..3c6e158 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <ctype.h>
 
 #include "gpg.h"
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 02dbb48..f61d21b 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -24,7 +24,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
diff --git a/g10/seskey.c b/g10/seskey.c
index 561118a..c41a145 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
@@ -106,7 +105,7 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
                   + 7 ) & (~7));
 
       /* alg+key+csum fit and the size is congruent to 8.  */
-      assert (!(nframe%8) && nframe > 1 + dek->keylen + 2 );
+      log_assert (!(nframe%8) && nframe > 1 + dek->keylen + 2 );
 
       frame = xmalloc_secure (nframe);
       n = 0;
@@ -117,7 +116,7 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
       frame[n++] = csum;
       i = nframe - n;         /* Number of padded bytes.  */
       memset (frame+n, i, i); /* Use it as the value of each padded byte.  */
-      assert (n+i == nframe);
+      log_assert (n+i == nframe);
 
       if (DBG_CRYPTO)
         log_debug ("encode_session_key: "
@@ -161,7 +160,7 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
   /* The number of random bytes are the number of otherwise unused
      bytes.  See diagram above.  */
   i = nframe - 6 - dek->keylen;
-  assert( i > 0 );
+  log_assert( i > 0 );
   p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
   /* Replace zero bytes by new values.  */
   for (;;)
@@ -195,7 +194,7 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
   n += dek->keylen;
   frame[n++] = csum >>8;
   frame[n++] = csum;
-  assert (n == nframe);
+  log_assert (n == nframe);
   if (gcry_mpi_scan( &a, GCRYMPI_FMT_USG, frame, n, &nframe))
     BUG();
   xfree (frame);
@@ -227,12 +226,12 @@ do_encode_md( gcry_md_hd_t md, int algo, size_t len, unsigned nbits,
     frame[n++] = 0;
     frame[n++] = 1; /* block type */
     i = nframe - len - asnlen -3 ;
-    assert( i > 1 );
+    log_assert( i > 1 );
     memset( frame+n, 0xff, i ); n += i;
     frame[n++] = 0;
     memcpy( frame+n, asn, asnlen ); n += asnlen;
     memcpy( frame+n, gcry_md_read (md, algo), len ); n += len;
-    assert( n == nframe );
+    log_assert( n == nframe );
 
     if (gcry_mpi_scan( &a, GCRYMPI_FMT_USG, frame, n, &nframe ))
 	BUG();
@@ -263,8 +262,8 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
   gcry_mpi_t frame;
   size_t mdlen;
 
-  assert (hash_algo);
-  assert (pk);
+  log_assert (hash_algo);
+  log_assert (pk);
 
   if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA)
     {
diff --git a/g10/sig-check.c b/g10/sig-check.c
index ee0ebcb..290f19a 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -23,7 +23,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
@@ -563,8 +562,8 @@ check_revocation_keys (PKT_public_key *pk, PKT_signature *sig)
   int i;
   int rc = GPG_ERR_GENERAL;
 
-  assert(IS_KEY_REV(sig));
-  assert((sig->keyid[0]!=pk->keyid[0]) || (sig->keyid[0]!=pk->keyid[1]));
+  log_assert (IS_KEY_REV(sig));
+  log_assert ((sig->keyid[0]!=pk->keyid[0]) || (sig->keyid[0]!=pk->keyid[1]));
 
   /* Avoid infinite recursion.  Consider the following:
    *
@@ -857,14 +856,14 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
       /* Primary key revocation.  */
       || sig->sig_class == 0x20)
     {
-      assert (packet->pkttype == PKT_PUBLIC_KEY);
+      log_assert (packet->pkttype == PKT_PUBLIC_KEY);
       hash_public_key (md, packet->pkt.public_key);
       rc = check_signature_end_simple (signer, sig, md);
     }
   else if (/* Primary key binding (made by a subkey).  */
       sig->sig_class == 0x19)
     {
-      assert (packet->pkttype == PKT_PUBLIC_KEY);
+      log_assert (packet->pkttype == PKT_PUBLIC_KEY);
       hash_public_key (md, packet->pkt.public_key);
       hash_public_key (md, signer);
       rc = check_signature_end_simple (signer, sig, md);
@@ -874,7 +873,7 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
            /* Subkey revocation.  */
            || sig->sig_class == 0x28)
     {
-      assert (packet->pkttype == PKT_PUBLIC_SUBKEY);
+      log_assert (packet->pkttype == PKT_PUBLIC_SUBKEY);
       hash_public_key (md, pripk);
       hash_public_key (md, packet->pkt.public_key);
       rc = check_signature_end_simple (signer, sig, md);
@@ -887,7 +886,7 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
            /* Certification revocation.  */
            || sig->sig_class == 0x30)
     {
-      assert (packet->pkttype == PKT_USER_ID);
+      log_assert (packet->pkttype == PKT_USER_ID);
       hash_public_key (md, pripk);
       hash_uid_packet (packet->pkt.user_id, md, sig);
       rc = check_signature_end_simple (signer, sig, md);
@@ -964,8 +963,8 @@ check_key_signature2 (kbnode_t root, kbnode_t node, PKT_public_key *check_pk,
     *r_expiredate = 0;
   if (r_expired)
     *r_expired = 0;
-  assert (node->pkt->pkttype == PKT_SIGNATURE);
-  assert (root->pkt->pkttype == PKT_PUBLIC_KEY);
+  log_assert (node->pkt->pkttype == PKT_SIGNATURE);
+  log_assert (root->pkt->pkttype == PKT_PUBLIC_KEY);
 
   pk = root->pkt->pkt.public_key;
   sig = node->pkt->pkt.signature;
diff --git a/g10/sign.c b/g10/sign.c
index c3ae028..364634a 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "options.h"
@@ -66,7 +65,7 @@ mk_notation_policy_etc (PKT_signature *sig,
     struct notation *nd=NULL;
     struct expando_args args;
 
-    assert(sig->version>=4);
+    log_assert(sig->version>=4);
 
     memset(&args,0,sizeof(args));
     args.pk=pk;
@@ -1143,7 +1142,7 @@ clearsign_file (ctrl_t ctrl,
 		}
 	    }
 	}
-	assert(any);
+	log_assert(any);
 	iobuf_writestr(out, LF );
     }
 
@@ -1377,9 +1376,9 @@ make_keysig_packet (PKT_signature **ret_sig, PKT_public_key *pk,
     int sigversion;
     gcry_md_hd_t md;
 
-    assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
-	    || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
-	    || sigclass == 0x30 || sigclass == 0x28 );
+    log_assert ((sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
+                || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
+                || sigclass == 0x30 || sigclass == 0x28 );
 
     sigversion = 4;
     if (sigversion < pksk->version)
diff --git a/g10/skclist.c b/g10/skclist.c
index 1eb0633..4cd7f33 100644
--- a/g10/skclist.c
+++ b/g10/skclist.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "options.h"
diff --git a/g10/sqlite.c b/g10/sqlite.c
index 599a3ef..90490c2 100644
--- a/g10/sqlite.c
+++ b/g10/sqlite.c
@@ -21,7 +21,6 @@
 #include <stdarg.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "util.h"
@@ -88,7 +87,7 @@ sqlite3_stepx (sqlite3 *db,
       stmt = *stmtp;
 
       /* Make sure this statement is associated with the supplied db.  */
-      assert (db == sqlite3_db_handle (stmt));
+      log_assert (db == sqlite3_db_handle (stmt));
 
 #if DEBUG_TOFU_CACHE
       prepares_saved ++;
@@ -171,7 +170,7 @@ sqlite3_stepx (sqlite3 *db,
 
     }
   t = va_arg (va, enum sqlite_arg_type);
-  assert (t == SQLITE_ARG_END);
+  log_assert (t == SQLITE_ARG_END);
   va_end (va);
 
   for (;;)
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
index 893c982..4c3d7a8 100644
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@@ -23,7 +23,6 @@
 #include <string.h>
 #include <errno.h>
 #include <ctype.h>
-#include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
diff --git a/g10/tdbio.c b/g10/tdbio.c
index 79e1e83..5fdd946 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
@@ -317,7 +316,7 @@ put_record_into_cache (ulong recno, const char *data)
 	}
 
       /* Now put into the cache.  */
-      assert (unused);
+      log_assert (unused);
       r = unused;
       r->flags.used = 1;
       r->recno = recno;
@@ -383,7 +382,7 @@ put_record_into_cache (ulong recno, const char *data)
       release_write_lock ();
 
       /* Now put into the cache.  */
-      assert (unused);
+      log_assert (unused);
       r = unused;
       r->flags.used = 1;
       r->recno = recno;
@@ -666,7 +665,7 @@ tdbio_set_dbname (const char *new_dbname, int create, int *r_nofile)
       p = pp;
   }
 #endif /*HAVE_W32_SYSTEM*/
-  assert (p);
+  log_assert (p);
   save_slash = *p;
   *p = 0;
   if (access (fname, F_OK))
@@ -751,7 +750,7 @@ open_db ()
 {
   TRUSTREC rec;
 
-  assert( db_fd == -1 );
+  log_assert( db_fd == -1 );
 
 #ifdef HAVE_W32CE_SYSTEM
   {
@@ -811,7 +810,7 @@ create_hashtable( TRUSTREC *vr, int type )
   if (offset == -1)
     log_fatal ("trustdb: lseek to end failed: %s\n", strerror(errno));
   recnum = offset / TRUST_RECORD_LEN;
-  assert (recnum); /* This is will never be the first record. */
+  log_assert (recnum); /* This is will never be the first record. */
 
   if (!type)
     vr->r.ver.trusthashtbl = recnum;
@@ -1770,7 +1769,7 @@ tdbio_new_recnum ()
       if (offset == (off_t)(-1))
         log_fatal ("trustdb: lseek to end failed: %s\n", strerror (errno));
       recnum = offset / TRUST_RECORD_LEN;
-      assert (recnum); /* this is will never be the first record */
+      log_assert (recnum); /* this is will never be the first record */
       /* We must write a record, so that the next call to this
        * function returns another recnum.  */
       memset (&rec, 0, sizeof rec);
diff --git a/g10/textfilter.c b/g10/textfilter.c
index da303c4..5929c5f 100644
--- a/g10/textfilter.c
+++ b/g10/textfilter.c
@@ -22,7 +22,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "status.h"
@@ -70,7 +69,7 @@ standard( text_filter_context_t *tfx, IOBUF a,
     size_t len = 0;
     unsigned maxlen;
 
-    assert( size > 10 );
+    log_assert( size > 10 );
     size -= 2;	/* reserve 2 bytes to append CR,LF */
     while( !rc && len < size ) {
 	int lf_seen;
diff --git a/g10/tofu.c b/g10/tofu.c
index 5f381b0..a24c52e 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -26,7 +26,6 @@
 #include <config.h>
 #include <stdio.h>
 #include <sys/stat.h>
-#include <assert.h>
 #include <stdarg.h>
 #include <sqlite3.h>
 
@@ -388,7 +387,7 @@ tofu_begin_batch_update (void)
 void
 tofu_end_batch_update (void)
 {
-  assert (batch_update > 0);
+  log_assert (batch_update > 0);
   batch_update --;
 
   if (batch_update == 0)
@@ -411,7 +410,7 @@ get_single_unsigned_long_cb (void *cookie, int argc, char **argv,
 
   (void) azColName;
 
-  assert (argc == 1);
+  log_assert (argc == 1);
 
   errno = 0;
   *count = strtoul (argv[0], &tail, 0);
@@ -682,16 +681,16 @@ opendb (char *filename, enum db_type type)
 
   if (opt.tofu_db_format == TOFU_DB_FLAT)
     {
-      assert (! filename);
-      assert (type == DB_COMBINED);
+      log_assert (! filename);
+      log_assert (type == DB_COMBINED);
 
       filename = make_filename (opt.homedir, "tofu.db", NULL);
       filename_free = 1;
     }
   else
-    assert (type == DB_EMAIL || type == DB_KEY);
+    log_assert (type == DB_EMAIL || type == DB_KEY);
 
-  assert (filename);
+  log_assert (filename);
 
   rc = sqlite3_open (filename, &db);
   if (rc)
@@ -762,9 +761,9 @@ getdb (struct dbs *dbs, const char *name, enum db_type type)
   sqlite3 *sqlitedb = NULL;
   gpg_error_t rc;
 
-  assert (dbs);
-  assert (name);
-  assert (type == DB_EMAIL || type == DB_KEY);
+  log_assert (dbs);
+  log_assert (name);
+  log_assert (type == DB_EMAIL || type == DB_KEY);
 
   if (opt.tofu_db_format == TOFU_DB_FLAT)
     /* When using the flat format, we only have a single DB, the
@@ -772,8 +771,8 @@ getdb (struct dbs *dbs, const char *name, enum db_type type)
     {
       if (dbs->db)
         {
-          assert (dbs->db->type == DB_COMBINED);
-          assert (! dbs->db->next);
+          log_assert (dbs->db->type == DB_COMBINED);
+          log_assert (! dbs->db->next);
           return dbs->db;
         }
 
@@ -814,7 +813,7 @@ getdb (struct dbs *dbs, const char *name, enum db_type type)
         goto out;
       }
 
-  assert (db_cache_count == count);
+  log_assert (db_cache_count == count);
 
   if (type == DB_COMBINED)
     filename = NULL;
@@ -883,18 +882,18 @@ closedb (struct db *db)
   if (opt.tofu_db_format == TOFU_DB_FLAT)
     /* If we are using the flat format, then there is only ever the
        combined DB.  */
-    assert (! db->next);
+    log_assert (! db->next);
 
   if (db->type == DB_COMBINED)
     {
-      assert (opt.tofu_db_format == TOFU_DB_FLAT);
-      assert (! db->name[0]);
+      log_assert (opt.tofu_db_format == TOFU_DB_FLAT);
+      log_assert (! db->name[0]);
     }
   else
     {
-      assert (opt.tofu_db_format == TOFU_DB_SPLIT);
-      assert (db->type != DB_COMBINED);
-      assert (db->name[0]);
+      log_assert (opt.tofu_db_format == TOFU_DB_SPLIT);
+      log_assert (db->type != DB_COMBINED);
+      log_assert (db->name[0]);
     }
 
   if (db->batch_update)
@@ -1002,10 +1001,10 @@ closedbs (struct dbs *dbs)
           /* When we leave batch mode we leave batch mode on any
              cached connections.  */
           if (! batch_update)
-            assert (! db->batch_update);
+            log_assert (! db->batch_update);
         }
       if (! batch_update)
-        assert (! db->batch_update);
+        log_assert (! db->batch_update);
 
       /* Join the two lists.  */
       db->next = db_cache;
@@ -1060,7 +1059,7 @@ get_single_long_cb (void *cookie, int argc, char **argv, char **azColName)
 
   (void) azColName;
 
-  assert (argc == 1);
+  log_assert (argc == 1);
 
   errno = 0;
   *count = strtol (argv[0], &tail, 0);
@@ -1203,7 +1202,7 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email,
   if (db_key)
     /* We also need to update the key DB.  */
     {
-      assert (opt.tofu_db_format == TOFU_DB_SPLIT);
+      log_assert (opt.tofu_db_format == TOFU_DB_SPLIT);
 
       rc = sqlite3_stepx
 	(db_key->db, &db_key->s.record_binding_update2, NULL, NULL, &err,
@@ -1228,7 +1227,7 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email,
 	}
     }
   else
-    assert (opt.tofu_db_format == TOFU_DB_FLAT);
+    log_assert (opt.tofu_db_format == TOFU_DB_FLAT);
 
  out:
   if (opt.tofu_db_format == TOFU_DB_SPLIT)
@@ -1416,7 +1415,7 @@ signature_stats_collect_cb (void *cookie, int argc, char **argv,
     }
   i ++;
 
-  assert (argc == i);
+  log_assert (argc == i);
 
   signature_stats_prepend (statsp, argv[0], policy, time_ago, count);
 
@@ -1531,13 +1530,13 @@ get_policy (struct dbs *dbs, const char *fingerprint, const char *email,
     }
 
  out:
-  assert (policy == _tofu_GET_POLICY_ERROR
-	  || policy == TOFU_POLICY_NONE
-	  || policy == TOFU_POLICY_AUTO
-	  || policy == TOFU_POLICY_GOOD
-	  || policy == TOFU_POLICY_UNKNOWN
-	  || policy == TOFU_POLICY_BAD
-	  || policy == TOFU_POLICY_ASK);
+  log_assert (policy == _tofu_GET_POLICY_ERROR
+              || policy == TOFU_POLICY_NONE
+              || policy == TOFU_POLICY_AUTO
+              || policy == TOFU_POLICY_GOOD
+              || policy == TOFU_POLICY_UNKNOWN
+              || policy == TOFU_POLICY_BAD
+              || policy == TOFU_POLICY_ASK);
 
   free_strlist (strlist);
 
@@ -1576,13 +1575,13 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email,
 
   /* Make sure _tofu_GET_TRUST_ERROR isn't equal to any of the trust
      levels.  */
-  assert (_tofu_GET_TRUST_ERROR != TRUST_UNKNOWN
-	  && _tofu_GET_TRUST_ERROR != TRUST_EXPIRED
-	  && _tofu_GET_TRUST_ERROR != TRUST_UNDEFINED
-	  && _tofu_GET_TRUST_ERROR != TRUST_NEVER
-	  && _tofu_GET_TRUST_ERROR != TRUST_MARGINAL
-	  && _tofu_GET_TRUST_ERROR != TRUST_FULLY
-	  && _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE);
+  log_assert (_tofu_GET_TRUST_ERROR != TRUST_UNKNOWN
+              && _tofu_GET_TRUST_ERROR != TRUST_EXPIRED
+              && _tofu_GET_TRUST_ERROR != TRUST_UNDEFINED
+              && _tofu_GET_TRUST_ERROR != TRUST_NEVER
+              && _tofu_GET_TRUST_ERROR != TRUST_MARGINAL
+              && _tofu_GET_TRUST_ERROR != TRUST_FULLY
+              && _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE);
 
   db = getdb (dbs, email, DB_EMAIL);
   if (! db)
@@ -1740,7 +1739,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email,
     {
       /* If we've seen this binding, then we've seen this email and
 	 policy couldn't possibly be TOFU_POLICY_NONE.  */
-      assert (policy == TOFU_POLICY_NONE);
+      log_assert (policy == TOFU_POLICY_NONE);
 
       if (DBG_TRUST)
 	log_debug ("TOFU: New binding <%s, %s>, no conflict.\n",
@@ -1772,7 +1771,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email,
        there is a conflict.  (If the policy was ask (cases #1 and #2)
        and we weren't allowed to ask, we'd have already exited).  */
     {
-      assert (policy == TOFU_POLICY_NONE);
+      log_assert (policy == TOFU_POLICY_NONE);
 
       if (record_binding (dbs, fingerprint, email, user_id,
 			  TOFU_POLICY_ASK, 0) != 0)
@@ -1893,7 +1892,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email,
 	    char *other_thing;
 	    enum tofu_policy other_policy;
 
-	    assert (strlist_iter->next);
+	    log_assert (strlist_iter->next);
 	    strlist_iter = strlist_iter->next;
 	    other_thing = strlist_iter->d;
 
@@ -2353,7 +2352,7 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
       signed long first_seen_ago;
       signed long most_recent_seen_ago;
 
-      assert (strlist_length (strlist) == 3);
+      log_assert (strlist_length (strlist) == 3);
 
       errno = 0;
       messages = strtol (strlist->d, &tail, 0);
@@ -2656,7 +2655,7 @@ tofu_register (PKT_public_key *pk, const char *user_id,
 	log_debug ("TOFU: Saving signature <%s, %s, %s>\n",
 		   fingerprint_pp, email, sig_digest);
 
-      assert (c == 0);
+      log_assert (c == 0);
 
       rc = sqlite3_stepx
 	(db->db, &db->s.register_insert, NULL, NULL, &err,
@@ -2720,20 +2719,20 @@ tofu_wot_trust_combine (int tofu_base, int wot_base)
   int wot = wot_base & TRUST_MASK;
   int upper = (tofu_base & ~TRUST_MASK) | (wot_base & ~TRUST_MASK);
 
-  assert (tofu == TRUST_UNKNOWN
-	  || tofu == TRUST_EXPIRED
-	  || tofu == TRUST_UNDEFINED
-	  || tofu == TRUST_NEVER
-	  || tofu == TRUST_MARGINAL
-	  || tofu == TRUST_FULLY
-	  || tofu == TRUST_ULTIMATE);
-  assert (wot == TRUST_UNKNOWN
-	  || wot == TRUST_EXPIRED
-	  || wot == TRUST_UNDEFINED
-	  || wot == TRUST_NEVER
-	  || wot == TRUST_MARGINAL
-	  || wot == TRUST_FULLY
-	  || wot == TRUST_ULTIMATE);
+  log_assert (tofu == TRUST_UNKNOWN
+              || tofu == TRUST_EXPIRED
+              || tofu == TRUST_UNDEFINED
+              || tofu == TRUST_NEVER
+              || tofu == TRUST_MARGINAL
+              || tofu == TRUST_FULLY
+              || tofu == TRUST_ULTIMATE);
+  log_assert (wot == TRUST_UNKNOWN
+              || wot == TRUST_EXPIRED
+              || wot == TRUST_UNDEFINED
+              || wot == TRUST_NEVER
+              || wot == TRUST_MARGINAL
+              || wot == TRUST_FULLY
+              || wot == TRUST_ULTIMATE);
 
   /* We first consider negative trust policys.  These trump positive
      trust policies.  */
@@ -2826,7 +2825,7 @@ tofu_set_policy (kbnode_t kb, enum tofu_policy policy)
   PKT_public_key *pk;
   char *fingerprint = NULL;
 
-  assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
+  log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
   pk = kb->pkt->pkt.public_key;
 
   dbs = opendbs ();
@@ -2906,8 +2905,8 @@ tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
   char *email;
 
   /* Make sure PK is a primary key.  */
-  assert (pk->main_keyid[0] == pk->keyid[0]
-	  && pk->main_keyid[1] == pk->keyid[1]);
+  log_assert (pk->main_keyid[0] == pk->keyid[0]
+              && pk->main_keyid[1] == pk->keyid[1]);
 
   dbs = opendbs ();
   if (! dbs)
diff --git a/g10/trust.c b/g10/trust.c
index f46aeea..82de7cb 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -23,7 +23,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "keydb.h"
@@ -561,7 +560,7 @@ clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
   kbnode_t node;
   u32 keyid[2];
 
-  assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+  log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
 
   keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
 
@@ -654,8 +653,8 @@ clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
   PKT_user_id *uid = uidnode->pkt->pkt.user_id;
   int deleted = 0;
 
-  assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
-  assert (uidnode->pkt->pkttype==PKT_USER_ID);
+  log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+  log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
 
   /* Skip valid user IDs, compacted user IDs, and non-self-signed user
      IDs if --allow-non-selfsigned-uid is set. */
@@ -706,8 +705,8 @@ clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
 {
   int dummy = 0;
 
-  assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
-  assert (uidnode->pkt->pkttype==PKT_USER_ID);
+  log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+  log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
 
   if (!uids_cleaned)
     uids_cleaned = &dummy;
diff --git a/g10/trustdb.c b/g10/trustdb.c
index c7d09da..1bdc430 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
 
 #ifndef DISABLE_REGEX
 #include <sys/types.h>
@@ -1079,9 +1078,9 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
 	    tofu_validity = TRUST_NEVER;
 	  else
 	    {
-	      assert (tl == TRUST_MARGINAL
-		      || tl == TRUST_FULLY
-		      || tl == TRUST_ULTIMATE);
+	      log_assert (tl == TRUST_MARGINAL
+                          || tl == TRUST_FULLY
+                          || tl == TRUST_ULTIMATE);
 
 	      if (tl > tofu_validity)
 		/* XXX: We we really want the max?  */
diff --git a/g10/verify.c b/g10/verify.c
index 2efc89d..5cd0bd7 100644
--- a/g10/verify.c
+++ b/g10/verify.c
@@ -23,7 +23,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include <assert.h>
 
 #include "gpg.h"
 #include "options.h"

commit 9740dff9f4d18ba764dc7173d4902e94e3f0c2e8
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 29 11:04:04 2016 +0200

    common: Improve log_assert.
    
    * common/logging.c (bug_at): Do not i18n the string.
    (_log_assert): New.
    * common/logging.h (log_assert): Use new function and pass line
    information.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/logging.c b/common/logging.c
index b7f1419..7c54d72 100644
--- a/common/logging.c
+++ b/common/logging.c
@@ -919,18 +919,37 @@ log_clock (const char *string)
 }
 
 
-#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+#ifdef GPGRT_HAVE_MACRO_FUNCTION
 void
 bug_at( const char *file, int line, const char *func )
 {
-  log_log (GPGRT_LOG_BUG, ("... this is a bug (%s:%d:%s)\n"), file, line, func);
+  log_log (GPGRT_LOG_BUG, "... this is a bug (%s:%d:%s)\n", file, line, func);
   abort (); /* Never called; just to make the compiler happy.  */
 }
-#else
+#else /*!GPGRT_HAVE_MACRO_FUNCTION*/
 void
 bug_at( const char *file, int line )
 {
-  log_log (GPGRT_LOG_BUG, _("you found a bug ... (%s:%d)\n"), file, line);
+  log_log (GPGRT_LOG_BUG, "you found a bug ... (%s:%d)\n", file, line);
   abort (); /* Never called; just to make the compiler happy.  */
 }
-#endif
+#endif /*!GPGRT_HAVE_MACRO_FUNCTION*/
+
+
+#ifdef GPGRT_HAVE_MACRO_FUNCTION
+void
+_log_assert (const char *expr, const char *file, int line, const char *func)
+{
+  log_log (GPGRT_LOG_BUG, "Assertion \"%s\" in %s failed (%s:%d)\n",
+           expr, func, file, line);
+  abort (); /* Never called; just to make the compiler happy.  */
+}
+#else /*!GPGRT_HAVE_MACRO_FUNCTION*/
+void
+_log_assert (const char *expr, const char *file, int line)
+{
+  log_log (GPGRT_LOG_BUG, "Assertion \"%s\" failed (%s:%d)\n",
+           file, line, func);
+  abort (); /* Never called; just to make the compiler happy.  */
+}
+#endif /*!GPGRT_HAVE_MACRO_FUNCTION*/
diff --git a/common/logging.h b/common/logging.h
index d0b1597..2f0b504 100644
--- a/common/logging.h
+++ b/common/logging.h
@@ -52,11 +52,22 @@ estream_t log_get_stream (void);
 #ifdef GPGRT_HAVE_MACRO_FUNCTION
   void bug_at (const char *file, int line, const char *func)
                GPGRT_ATTR_NORETURN;
-# define BUG() bug_at( __FILE__ , __LINE__, __FUNCTION__ )
-#else
-  void bug_at( const char *file, int line );
+  void _log_assert (const char *expr, const char *file, int line,
+                    const char *func) GPGRT_ATTR_NORETURN;
+# define BUG() bug_at( __FILE__ , __LINE__, __FUNCTION__)
+# define log_assert(expr)    do {                               \
+    if (!(expr))                                                \
+      _log_assert (#expr, __FILE__, __LINE__, __FUNCTION__);    \
+  } while (0)
+#else /*!GPGRT_HAVE_MACRO_FUNCTION*/
+  void bug_at (const char *file, int line);
+  void _log_assert (const char *expr, const char *file, int line;
 # define BUG() bug_at( __FILE__ , __LINE__ )
-#endif
+# define log_assert(expr)    do {                               \
+    if (!(expr))                                                \
+      _log_assert (#expr, __FILE__, __LINE__);                  \
+  } while (0)
+#endif /*!GPGRT_HAVE_MACRO_FUNCTION*/
 
 /* Flag values for log_set_prefix. */
 #define GPGRT_LOG_WITH_PREFIX  1
@@ -79,12 +90,6 @@ enum jnlib_log_levels {
 void log_log (int level, const char *fmt, ...) GPGRT_ATTR_PRINTF(2,3);
 void log_logv (int level, const char *fmt, va_list arg_ptr);
 void log_string (int level, const char *string);
-
-
-#define log_assert(expr)                                               \
-  do                                                                    \
-    if (! (expr)) log_bug ("Assertion " #expr " failed.\n");            \
-  while (0)
 void log_bug (const char *fmt, ...)    GPGRT_ATTR_NR_PRINTF(1,2);
 void log_fatal (const char *fmt, ...)  GPGRT_ATTR_NR_PRINTF(1,2);
 void log_error (const char *fmt, ...)  GPGRT_ATTR_PRINTF(1,2);

-----------------------------------------------------------------------

Summary of changes:
 common/logging.c   |  29 ++++++++++---
 common/logging.h   |  25 ++++++-----
 doc/gpg.texi       |   4 +-
 g10/armor.c        |   3 +-
 g10/build-packet.c |  13 +++---
 g10/call-agent.c   |   5 +--
 g10/call-dirmngr.c |   5 +--
 g10/card-util.c    |   9 ++--
 g10/cipher.c       |   5 +--
 g10/compress.c     |   1 -
 g10/dearmor.c      |   1 -
 g10/decrypt-data.c |  15 ++++---
 g10/decrypt.c      |   1 -
 g10/delkey.c       |   1 -
 g10/ecdh.c         |  11 +++--
 g10/encrypt.c      |   3 +-
 g10/export.c       |   5 +--
 g10/free-packet.c  |   3 +-
 g10/getkey.c       |  39 +++++++++--------
 g10/gpg.c          |   3 +-
 g10/import.c       |  21 +++++-----
 g10/kbnode.c       |   1 -
 g10/keydb.c        |  11 +++--
 g10/keyedit.c      |  47 ++++++++++-----------
 g10/keygen.c       |  25 ++++++-----
 g10/keyid.c        |   5 +--
 g10/keylist.c      |  11 +++--
 g10/keyring.c      |  13 +++---
 g10/keyserver.c    |   3 +-
 g10/mainproc.c     |   9 ++--
 g10/mdfilter.c     |   1 -
 g10/migrate.c      |   1 -
 g10/misc.c         |   2 -
 g10/openfile.c     |   1 -
 g10/parse-packet.c |   9 ++--
 g10/passphrase.c   |   3 +-
 g10/pkclist.c      |   1 -
 g10/pkglue.c       |   5 +--
 g10/plaintext.c    |   3 +-
 g10/progress.c     |   7 ++--
 g10/pubkey-enc.c   |   5 +--
 g10/revoke.c       |   1 -
 g10/seckey-cert.c  |   1 -
 g10/seskey.c       |  17 ++++----
 g10/sig-check.c    |  17 ++++----
 g10/sign.c         |  11 +++--
 g10/skclist.c      |   1 -
 g10/sqlite.c       |   5 +--
 g10/tdbdump.c      |   1 -
 g10/tdbio.c        |  13 +++---
 g10/textfilter.c   |   3 +-
 g10/tofu.c         | 121 ++++++++++++++++++++++++++---------------------------
 g10/trust.c        |  11 +++--
 g10/trustdb.c      |   7 ++--
 g10/verify.c       |   1 -
 55 files changed, 273 insertions(+), 302 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Apr 29 21:46:12 2016
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 29 Apr 2016 21:46:12 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.11-164-g35f4b6a
Message-ID: <E1awELZ-0007EH-EE@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  35f4b6aafdf1889ed1ae569af5852f47738fe993 (commit)
       via  dcad99c98616a6031ddfde313c920339e4012378 (commit)
      from  300b227cf457deb918f25bcece0d734b61ae1348 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 35f4b6aafdf1889ed1ae569af5852f47738fe993
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 29 21:45:15 2016 +0200

    common: Extend log_string to indent lines.
    
    * common/logging.c (do_logv): Add indentation when called via
    log_string.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/logging.c b/common/logging.c
index 7c54d72..9175b4f 100644
--- a/common/logging.c
+++ b/common/logging.c
@@ -715,7 +715,21 @@ do_logv (int level, int ignore_arg_ptr, const char *fmt, va_list arg_ptr)
   if (fmt)
     {
       if (ignore_arg_ptr)
-        es_fputs_unlocked (fmt, logstream);
+        { /* This is used by log_string and comes with the extra
+           * feature that after a LF the next line is indent at the
+           * length of the prefix.  Note that we do not yet include
+           * the length of the timestamp and pid in the indent
+           * computation.  */
+          const char *p, *pend;
+
+          for (p = fmt; (pend = strchr (p, '\n')); p = pend+1)
+            es_fprintf_unlocked (logstream, "%*s%.*s",
+                                 (int)((p != fmt
+                                        && (with_prefix || force_prefixes))
+                                       ?strlen (prefix_buffer)+2:0), "",
+                                 (int)(pend - p)+1, p);
+          es_fputs_unlocked (p, logstream);
+        }
       else
         es_vfprintf_unlocked (logstream, fmt, arg_ptr);
       if (*fmt && fmt[strlen(fmt)-1] != '\n')
@@ -769,12 +783,13 @@ do_log_ignore_arg (int level, const char *str, ...)
 }
 
 
+/* Log STRING at LEVEL but indent from the second line on by the
+ * length of the prefix.  */
 void
 log_string (int level, const char *string)
 {
   /* We need a dummy arg_ptr, but there is no portable way to create
-     one.  So we call the do_logv function through a variadic wrapper.
-     MB: Why not just use "%s"?  */
+   * one.  So we call the do_logv function through a variadic wrapper. */
   do_log_ignore_arg (level, string);
 }
 

commit dcad99c98616a6031ddfde313c920339e4012378
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Apr 29 15:41:10 2016 +0200

    gpg: Factor some code code out of tofu.c
    
    * g10/tofu.c (string_to_long): New.
    (string_to_ulong): New.
    (get_single_unsigned_long_cb): Replace strtol/strtoul by new function.
    (get_single_long_cb): Ditto.
    (signature_stats_collect_cb):  Ditto.
    (get_policy): Ditto.
    (show_statistics): Ditto.  Uese es_free instead of free.
    --
    
    There is one minor semantic change: We now accept "nnn.0" always.  The
    old code did not checked for ".0: in show_statistics.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/tofu.c b/g10/tofu.c
index a24c52e..e3218b9 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1,5 +1,5 @@
 /* tofu.c - TOFU trust model.
- * Copyright (C) 2015 g10 Code GmbH
+ * Copyright (C) 2015, 2016 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -398,7 +398,66 @@ tofu_end_batch_update (void)
         end_transaction (db, 1);
     }
 }
+
+
+
 

+/* Wrapper around strtol which prints a warning in case of a
+ * conversion error.  On success the converted value is stored at
+ * R_VALUE and 0 is returned; on error FALLBACK is stored at R_VALUE
+ * and an error code is returned.  */
+static gpg_error_t
+string_to_long (long *r_value, const char *string, long fallback, int line)
+{
+  gpg_error_t err;
+  char *tail = NULL;
+
+  gpg_err_set_errno (0);
+  *r_value = strtol (string, &tail, 0);
+  if (errno || !(!strcmp (tail, ".0") || !*tail))
+    {
+      err = errno? gpg_error_from_errno (errno) : gpg_error (GPG_ERR_BAD_DATA);
+      log_debug ("%s:%d: "
+                 "strtol failed for DB returned string (tail=%.10s): %s\n",
+                 __FILE__, line, tail, gpg_strerror (err));
+      *r_value = fallback;
+    }
+  else
+    err = 0;
+
+  return err;
+}
+
+
+/* Wrapper around strtoul which prints a warning in case of a
+ * conversion error.  On success the converted value is stored at
+ * R_VALUE and 0 is returned; on error FALLBACK is stored at R_VALUE
+ * and an error code is returned.  */
+static gpg_error_t
+string_to_ulong (unsigned long *r_value, const char *string,
+                 unsigned long fallback, int line)
+{
+  gpg_error_t err;
+  char *tail = NULL;
+
+  gpg_err_set_errno (0);
+  *r_value = strtoul (string, &tail, 0);
+  if (errno || !(!strcmp (tail, ".0") || !*tail))
+    {
+      err = errno? gpg_error_from_errno (errno) : gpg_error (GPG_ERR_BAD_DATA);
+      log_debug ("%s:%d: "
+                 "strtoul failed for DB returned string (tail=%.10s): %s\n",
+                 __FILE__, line, tail, gpg_strerror (err));
+      *r_value = fallback;
+    }
+  else
+    err = 0;
+
+  return err;
+}
+
+
+
 /* Collect results of a select count (*) ...; style query.  Aborts if
    the argument is not a valid integer (or real of the form X.0).  */
 static int
@@ -406,17 +465,13 @@ get_single_unsigned_long_cb (void *cookie, int argc, char **argv,
 			     char **azColName)
 {
   unsigned long int *count = cookie;
-  char *tail = NULL;
 
   (void) azColName;
 
   log_assert (argc == 1);
 
-  errno = 0;
-  *count = strtoul (argv[0], &tail, 0);
-  if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
-    /* Abort.  */
-    return 1;
+  if (string_to_ulong (count, argv[0], 0, __LINE__))
+    return 1; /* Abort.  */
   return 0;
 }
 
@@ -1055,17 +1110,14 @@ static int
 get_single_long_cb (void *cookie, int argc, char **argv, char **azColName)
 {
   long *count = cookie;
-  char *tail = NULL;
 
   (void) azColName;
 
   log_assert (argc == 1);
 
-  errno = 0;
-  *count = strtol (argv[0], &tail, 0);
-  if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
-    /* Abort.  */
-    return 1;
+  if (string_to_long (count, argv[0], 0, __LINE__))
+    return 1; /* Abort.  */
+
   return 0;
 }
 
@@ -1356,43 +1408,28 @@ signature_stats_collect_cb (void *cookie, int argc, char **argv,
 			    char **azColName, sqlite3_stmt *stmt)
 {
   struct signature_stats **statsp = cookie;
-  char *tail;
   int i = 0;
   enum tofu_policy policy;
   long time_ago;
   unsigned long count;
+  long along;
 
   (void) azColName;
   (void) stmt;
 
   i ++;
 
-  tail = NULL;
-  errno = 0;
-  policy = strtol (argv[i], &tail, 0);
-  if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
-    {
-      /* Abort.  */
-      log_error ("%s: Error converting %s to an integer (tail = '%s')\n",
-		 __func__, argv[i], tail);
-      return 1;
-    }
+  if (string_to_long (&along, argv[i], 0, __LINE__))
+    return 1;  /* Abort */
+  policy = along;
   i ++;
 
   if (! argv[i])
     time_ago = 0;
   else
     {
-      tail = NULL;
-      errno = 0;
-      time_ago = strtol (argv[i], &tail, 0);
-      if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
-        {
-          /* Abort.  */
-          log_error ("%s: Error converting %s to an integer (tail = '%s')\n",
-                     __func__, argv[i], tail);
-          return 1;
-        }
+      if (string_to_long (&time_ago, argv[i], 0, __LINE__))
+        return 1; /* Abort.  */
     }
   i ++;
 
@@ -1402,16 +1439,8 @@ signature_stats_collect_cb (void *cookie, int argc, char **argv,
     count = 0;
   else
     {
-      tail = NULL;
-      errno = 0;
-      count = strtoul (argv[i], &tail, 0);
-      if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
-        {
-          /* Abort.  */
-          log_error ("%s: Error converting %s to an integer (tail = '%s')\n",
-                     __func__, argv[i], tail);
-          return 1;
-        }
+      if (string_to_ulong (&count, argv[i], 0, __LINE__))
+        return 1; /* Abort */
     }
   i ++;
 
@@ -1449,8 +1478,8 @@ get_policy (struct dbs *dbs, const char *fingerprint, const char *email,
   int rc;
   char *err = NULL;
   strlist_t strlist = NULL;
-  char *tail = NULL;
   enum tofu_policy policy = _tofu_GET_POLICY_ERROR;
+  long along;
 
   db = getdb (dbs, email, DB_EMAIL);
   if (! db)
@@ -1494,15 +1523,14 @@ get_policy (struct dbs *dbs, const char *fingerprint, const char *email,
 
   /* The result has the right form.  */
 
-  errno = 0;
-  policy = strtol (strlist->d, &tail, 0);
-  if (errno || *tail != '\0')
+  if (string_to_long (&along, strlist->d, 0, __LINE__))
     {
       log_error (_("error reading TOFU database: %s\n"),
                  gpg_strerror (GPG_ERR_BAD_DATA));
       print_further_info ("bad value for policy: %s", strlist->d);
       goto out;
     }
+  policy = along;
 
   if (! (policy == TOFU_POLICY_AUTO
 	 || policy == TOFU_POLICY_GOOD
@@ -2347,52 +2375,24 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
               fingerprint_pp);
   else
     {
-      char *tail = NULL;
       signed long messages;
       signed long first_seen_ago;
       signed long most_recent_seen_ago;
 
       log_assert (strlist_length (strlist) == 3);
 
-      errno = 0;
-      messages = strtol (strlist->d, &tail, 0);
-      if (errno || *tail != '\0')
-	/* Abort.  */
-	{
-	  log_debug ("%s:%d: Couldn't convert %s (messages) to an int: %s.\n",
-		     __func__, __LINE__, strlist->d, strerror (errno));
-	  messages = -1;
-	}
+      string_to_long (&messages, strlist->d, -1, __LINE__);
 
       if (messages == 0 && *strlist->next->d == '\0')
-	/* min(NULL) => NULL => "".  */
-        {
+        { /* min(NULL) => NULL => "".  */
           first_seen_ago = -1;
           most_recent_seen_ago = -1;
         }
       else
 	{
-	  errno = 0;
-	  first_seen_ago = strtol (strlist->next->d, &tail, 0);
-	  if (errno || *tail != '\0')
-	    /* Abort.  */
-	    {
-	      log_debug ("%s:%d: Couldn't convert %s (first_seen) to an int: %s.\n",
-			 __func__, __LINE__,
-			 strlist->next->d, strerror (errno));
-	      first_seen_ago = 0;
-	    }
-
-	  errno = 0;
-	  most_recent_seen_ago = strtol (strlist->next->next->d, &tail, 0);
-	  if (errno || *tail != '\0')
-	    /* Abort.  */
-	    {
-	      log_debug ("%s:%d: Couldn't convert %s (most_recent_seen) to an int: %s.\n",
-			 __func__, __LINE__,
-			 strlist->next->next->d, strerror (errno));
-	      most_recent_seen_ago = 0;
-	    }
+          string_to_long (&first_seen_ago, strlist->next->d, 0, __LINE__);
+	  string_to_long (&most_recent_seen_ago, strlist->next->next->d, 0,
+                          __LINE__);
 	}
 
       if (messages == -1 || first_seen_ago == 0)
@@ -2493,7 +2493,7 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
               xfree (tmp);
 	      log_info ("%s", text);
               xfree (text);
-	      free (set_policy_command);
+	      es_free (set_policy_command);
 	    }
 	}
     }

-----------------------------------------------------------------------

Summary of changes:
 common/logging.c |  21 ++++++-
 g10/tofu.c       | 164 +++++++++++++++++++++++++++----------------------------
 2 files changed, 100 insertions(+), 85 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org