diff -Nru gnupg2-2.1.6/ABOUT-NLS gnupg2-2.0.28/ABOUT-NLS --- gnupg2-2.1.6/ABOUT-NLS 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/ABOUT-NLS 2015-06-02 08:13:55.000000000 +0000 @@ -18,35 +18,7 @@ available translations. They tell how people wanting to contribute and work on translations can contact the appropriate team. - When reporting bugs in the `intl/' directory or bugs which may be -related to internationalization, you should tell about the version of -`gettext' which is used. The information can be found in the -`intl/VERSION' file, in internationalized packages. - -1.1 Quick configuration advice -============================== - -If you want to exploit the full power of internationalization, you -should configure it using - - ./configure --with-included-gettext - -to force usage of internationalizing routines provided within this -package, despite the existence of internationalizing capabilities in the -operating system where this package is being installed. So far, only -the `gettext' implementation in the GNU C library version 2 provides as -many features (such as locale alias, message inheritance, automatic -charset conversion or plural form handling) as the implementation here. -It is also not possible to offer this additional functionality on top -of a `catgets' implementation. Future versions of GNU `gettext' will -very likely convey even more functionality. So it might be a good idea -to change to GNU `gettext' as soon as possible. - - So you need _not_ provide this option if you are using GNU libc 2 or -you have installed a recent copy of the GNU gettext package with the -included `libintl'. - -1.2 INSTALL Matters +1.1 INSTALL Matters =================== Some packages are "localizable" when properly installed; the programs @@ -56,36 +28,19 @@ By default, this package will be installed to allow translation of messages. It will automatically detect whether the system already -provides the GNU `gettext' functions. If not, the included GNU -`gettext' library will be used. This library is wholly contained -within this package, usually in the `intl/' subdirectory, so prior -installation of the GNU `gettext' package is _not_ required. -Installers may use special options at configuration time for changing -the default behaviour. The commands: +provides the GNU `gettext' functions. Installers may use special +options at configuration time for changing the default behaviour. The +command: - ./configure --with-included-gettext ./configure --disable-nls -will, respectively, bypass any pre-existing `gettext' to use the -internationalizing routines provided within this package, or else, -_totally_ disable translation of messages. +will _totally_ disable translation of messages. When you already have GNU `gettext' installed on your system and run configure without an option for your new package, `configure' will -probably detect the previously built and installed `libintl.a' file and -will decide to use this. This might not be desirable. You should use -the more recent version of the GNU `gettext' library. I.e. if the file -`intl/VERSION' shows that the library which comes with this package is -more recent, you should use - - ./configure --with-included-gettext - -to prevent auto-detection. - - The configuration process will not test for the `catgets' function -and therefore it will not be used. The reason is that even an -emulation of `gettext' on top of `catgets' could not provide all the -extensions of the GNU `gettext' library. +probably detect the previously built and installed `libintl' library +and will decide to use it. If not, you may have to to use the +`--with-libintl-prefix' option to tell `configure' where to look for it. Internationalized packages usually have many `po/LL.po' files, where LL gives an ISO 639 two-letter code identifying the language. Unless @@ -96,7 +51,7 @@ `LINGUAS' should then contain a space separated list of two-letter codes, stating which languages are allowed. -1.3 Using This Package +1.2 Using This Package ====================== As a user, if your language has been installed for this package, you @@ -148,7 +103,7 @@ to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT' (Portuguese as spoken in Portugal) in this context. -1.4 Translating Teams +1.3 Translating Teams ===================== For the Free Translation Project to be a success, we need interested @@ -177,859 +132,1118 @@ the terminology in use. Proven linguistic skills are praised more than programming skills, here. -1.5 Available Packages +1.4 Available Packages ====================== Languages are not equally supported in all packages. The following -matrix shows the current state of internationalization, as of November -2007. The matrix shows, in regard of each package, for which languages +matrix shows the current state of internationalization, as of June +2010. The matrix shows, in regard of each package, for which languages PO files have been submitted to translation coordination, with a translation percentage of at least 50%. - Ready PO files af am ar az be bg bs ca cs cy da de el en en_GB eo - +----------------------------------------------------+ - Compendium | [] [] [] [] | - a2ps | [] [] [] [] [] | - aegis | () | - ant-phone | () | - anubis | [] | - ap-utils | | - aspell | [] [] [] [] [] | - bash | [] | - bfd | | - bibshelf | [] | - binutils | | - bison | [] [] | - bison-runtime | [] | - bluez-pin | [] [] [] [] [] | - cflow | [] | - clisp | [] [] [] | - console-tools | [] [] | - coreutils | [] [] [] [] | - cpio | | - cpplib | [] [] [] | - cryptonit | [] | - dialog | | - diffutils | [] [] [] [] [] [] | - doodle | [] | - e2fsprogs | [] [] | - enscript | [] [] [] [] | - fetchmail | [] [] () [] [] | - findutils | [] | - findutils_stable | [] [] [] | - flex | [] [] [] | - fslint | | - gas | | - gawk | [] [] [] | - gcal | [] | - gcc | [] | - gettext-examples | [] [] [] [] [] | - gettext-runtime | [] [] [] [] [] | - gettext-tools | [] [] | - gip | [] | - gliv | [] [] | - glunarclock | [] | - gmult | [] [] | - gnubiff | () | - gnucash | [] [] () () [] | - gnuedu | | - gnulib | [] | - gnunet | | - gnunet-gtk | | - gnutls | [] | - gpe-aerial | [] [] | - gpe-beam | [] [] | - gpe-calendar | | - gpe-clock | [] [] | - gpe-conf | [] [] | - gpe-contacts | | - gpe-edit | [] | - gpe-filemanager | | - gpe-go | [] | - gpe-login | [] [] | - gpe-ownerinfo | [] [] | - gpe-package | | - gpe-sketchbook | [] [] | - gpe-su | [] [] | - gpe-taskmanager | [] [] | - gpe-timesheet | [] | - gpe-today | [] [] | - gpe-todo | | - gphoto2 | [] [] [] [] | - gprof | [] [] | - gpsdrive | | - gramadoir | [] [] | - grep | [] [] | - gretl | () | - gsasl | | - gss | | - gst-plugins-bad | [] [] | - gst-plugins-base | [] [] | - gst-plugins-good | [] [] [] | - gst-plugins-ugly | [] [] | - gstreamer | [] [] [] [] [] [] [] | - gtick | () | - gtkam | [] [] [] [] | - gtkorphan | [] [] | - gtkspell | [] [] [] [] | - gutenprint | [] | - hello | [] [] [] [] [] | - herrie | [] | - hylafax | | - idutils | [] [] | - indent | [] [] [] [] | - iso_15924 | | - iso_3166 | [] [] [] [] [] [] [] [] [] [] [] | - iso_3166_2 | | - iso_4217 | [] [] [] | - iso_639 | [] [] [] [] | - jpilot | [] | - jtag | | - jwhois | | - kbd | [] [] [] [] | - keytouch | [] [] | - keytouch-editor | [] | - keytouch-keyboa... | [] | - latrine | () | - ld | [] | - leafpad | [] [] [] [] [] | - libc | [] [] [] [] | - libexif | [] | - libextractor | [] | - libgpewidget | [] [] [] | - libgpg-error | [] | - libgphoto2 | [] [] | - libgphoto2_port | [] [] | - libgsasl | | - libiconv | [] [] | - libidn | [] [] [] | - lifelines | [] () | - lilypond | [] | - lingoteach | | - lprng | | - lynx | [] [] [] [] | - m4 | [] [] [] [] | - mailfromd | | - mailutils | [] | - make | [] [] | - man-db | [] [] [] | - minicom | [] [] [] | - nano | [] [] [] | - opcodes | [] | - parted | [] [] | - pilot-qof | | - popt | [] [] [] | - psmisc | [] | - pwdutils | | - qof | | - radius | [] | - recode | [] [] [] [] [] [] | - rpm | [] | - screem | | - scrollkeeper | [] [] [] [] [] [] [] [] | - sed | [] [] [] | - shared-mime-info | [] [] [] [] () [] [] [] | - sharutils | [] [] [] [] [] [] | - shishi | | - skencil | [] () | - solfege | | - soundtracker | [] [] | - sp | [] | - system-tools-ba... | [] [] [] [] [] [] [] [] [] | - tar | [] [] | - texinfo | [] [] [] | - tin | () () | - tuxpaint | [] [] [] [] [] [] | - unicode-han-tra... | | - unicode-transla... | | - util-linux | [] [] [] [] | - util-linux-ng | [] [] [] [] | - vorbis-tools | [] | - wastesedge | () | - wdiff | [] [] [] [] | - wget | [] [] [] | - xchat | [] [] [] [] [] [] [] | - xkeyboard-config | [] | - xpad | [] [] [] | - +----------------------------------------------------+ - af am ar az be bg bs ca cs cy da de el en en_GB eo - 6 0 2 1 8 26 2 40 48 2 56 88 15 1 15 18 - - es et eu fa fi fr ga gl gu he hi hr hu id is it + Ready PO files af am an ar as ast az be be@latin bg bn_IN bs ca +--------------------------------------------------+ - Compendium | [] [] [] [] [] | - a2ps | [] [] [] () | + a2ps | [] [] | aegis | | - ant-phone | [] | - anubis | [] | - ap-utils | [] [] | - aspell | [] [] [] | - bash | [] | - bfd | [] [] | - bibshelf | [] [] [] | - binutils | [] [] [] | - bison | [] [] [] [] [] [] | - bison-runtime | [] [] [] [] [] | - bluez-pin | [] [] [] [] [] | - cflow | [] | - clisp | [] [] | - console-tools | | - coreutils | [] [] [] [] [] [] | - cpio | [] [] [] | - cpplib | [] [] | - cryptonit | [] | - dialog | [] [] [] | - diffutils | [] [] [] [] [] [] [] [] [] | - doodle | [] [] | - e2fsprogs | [] [] [] | - enscript | [] [] [] | - fetchmail | [] | - findutils | [] [] [] | - findutils_stable | [] [] [] [] | - flex | [] [] [] | - fslint | | - gas | [] [] | - gawk | [] [] [] [] () | - gcal | [] [] | - gcc | [] | - gettext-examples | [] [] [] [] [] [] [] | - gettext-runtime | [] [] [] [] [] [] | - gettext-tools | [] [] [] [] | - gip | [] [] [] [] | - gliv | () | - glunarclock | [] [] [] | - gmult | [] [] [] | - gnubiff | () () | - gnucash | () () () | - gnuedu | [] | - gnulib | [] [] [] | - gnunet | | - gnunet-gtk | | - gnutls | | - gpe-aerial | [] [] | - gpe-beam | [] [] | - gpe-calendar | | - gpe-clock | [] [] [] [] | - gpe-conf | [] | - gpe-contacts | [] [] | - gpe-edit | [] [] [] [] | - gpe-filemanager | [] | - gpe-go | [] [] [] | - gpe-login | [] [] [] | - gpe-ownerinfo | [] [] [] [] [] | - gpe-package | [] | - gpe-sketchbook | [] [] | - gpe-su | [] [] [] [] | - gpe-taskmanager | [] [] [] | - gpe-timesheet | [] [] [] [] | - gpe-today | [] [] [] [] | - gpe-todo | [] | - gphoto2 | [] [] [] [] [] | - gprof | [] [] [] [] [] | - gpsdrive | [] | - gramadoir | [] [] | - grep | [] [] [] | - gretl | [] [] [] () | - gsasl | [] [] | - gss | [] [] | - gst-plugins-bad | [] [] [] [] | - gst-plugins-base | [] [] [] [] | - gst-plugins-good | [] [] [] [] [] | - gst-plugins-ugly | [] [] [] [] | - gstreamer | [] [] [] | - gtick | [] [] [] | - gtkam | [] [] [] [] | - gtkorphan | [] [] | - gtkspell | [] [] [] [] [] [] [] | - gutenprint | [] | - hello | [] [] [] [] [] [] [] [] [] [] [] [] [] | - herrie | [] | - hylafax | | - idutils | [] [] [] [] [] | - indent | [] [] [] [] [] [] [] [] [] [] | - iso_15924 | [] | - iso_3166 | [] [] [] [] [] [] [] [] [] [] [] [] [] | - iso_3166_2 | [] | - iso_4217 | [] [] [] [] [] [] | - iso_639 | [] [] [] [] [] [] | - jpilot | [] [] | - jtag | [] | - jwhois | [] [] [] [] [] | - kbd | [] [] | - keytouch | [] [] [] | - keytouch-editor | [] | - keytouch-keyboa... | [] [] | - latrine | [] [] | - ld | [] [] [] [] | - leafpad | [] [] [] [] [] [] | - libc | [] [] [] [] [] | - libexif | [] | - libextractor | [] | - libgpewidget | [] [] [] [] [] | - libgpg-error | [] | - libgphoto2 | [] [] [] | - libgphoto2_port | [] [] | - libgsasl | [] [] | - libiconv | [] [] [] | - libidn | [] [] | - lifelines | () | - lilypond | [] [] [] | - lingoteach | [] [] [] | - lprng | | - lynx | [] [] [] | - m4 | [] [] [] [] | - mailfromd | | - mailutils | [] [] | - make | [] [] [] [] [] [] [] [] | - man-db | [] | - minicom | [] [] [] [] | - nano | [] [] [] [] [] [] [] | - opcodes | [] [] [] [] | - parted | [] [] [] | - pilot-qof | | - popt | [] [] [] [] | - psmisc | [] [] | - pwdutils | | - qof | [] | - radius | [] [] | - recode | [] [] [] [] [] [] [] [] | - rpm | [] [] | - screem | | - scrollkeeper | [] [] [] | - sed | [] [] [] [] [] | - shared-mime-info | [] [] [] [] [] [] | - sharutils | [] [] [] [] [] [] [] [] | - shishi | [] | - skencil | [] [] | - solfege | [] | - soundtracker | [] [] [] | - sp | [] | - system-tools-ba... | [] [] [] [] [] [] [] [] [] | - tar | [] [] [] [] [] | - texinfo | [] [] [] | - tin | [] () | - tuxpaint | [] [] | - unicode-han-tra... | | - unicode-transla... | [] [] | - util-linux | [] [] [] [] [] [] [] | - util-linux-ng | [] [] [] [] [] [] [] | - vorbis-tools | | - wastesedge | () | - wdiff | [] [] [] [] [] [] [] [] | - wget | [] [] [] [] [] [] [] [] | - xchat | [] [] [] [] [] [] [] | - xkeyboard-config | [] [] [] [] | - xpad | [] [] [] | - +--------------------------------------------------+ - es et eu fa fi fr ga gl gu he hi hr hu id is it - 85 22 14 2 48 101 61 12 2 8 2 6 53 29 1 52 - - ja ka ko ku ky lg lt lv mk mn ms mt nb ne nl nn - +--------------------------------------------------+ - Compendium | [] | - a2ps | () [] [] | - aegis | () | - ant-phone | [] | - anubis | [] [] [] | - ap-utils | [] | - aspell | [] [] | - bash | [] | + ant-phone | | + anubis | | + aspell | [] [] | + bash | | bfd | | - bibshelf | [] | + bibshelf | [] | binutils | | - bison | [] [] [] | - bison-runtime | [] [] [] | - bluez-pin | [] [] [] | + bison | | + bison-runtime | [] | + bluez-pin | [] [] | + bombono-dvd | | + buzztard | | cflow | | - clisp | [] | - console-tools | | - coreutils | [] | - cpio | [] | - cpplib | [] | - cryptonit | [] | - dialog | [] [] | - diffutils | [] [] [] | + clisp | | + coreutils | [] [] | + cpio | | + cppi | | + cpplib | [] | + cryptsetup | | + dfarc | | + dialog | [] [] | + dico | | + diffutils | [] | + dink | | doodle | | - e2fsprogs | [] | - enscript | [] | - fetchmail | [] [] | - findutils | [] | - findutils_stable | [] | - flex | [] [] | - fslint | | + e2fsprogs | [] | + enscript | [] | + exif | | + fetchmail | [] | + findutils | [] | + flex | [] | + freedink | | gas | | - gawk | [] [] | - gcal | | + gawk | [] [] | + gcal | [] | gcc | | - gettext-examples | [] [] [] | - gettext-runtime | [] [] [] | - gettext-tools | [] [] | - gip | [] [] | - gliv | [] | - glunarclock | [] [] | - gmult | [] [] [] | + gettext-examples | [] [] [] [] | + gettext-runtime | [] [] | + gettext-tools | [] [] | + gip | [] | + gjay | | + gliv | [] | + glunarclock | [] [] | gnubiff | | - gnucash | () () () | + gnucash | [] | gnuedu | | - gnulib | [] [] | + gnulib | | gnunet | | gnunet-gtk | | - gnutls | [] | - gpe-aerial | [] | - gpe-beam | [] | - gpe-calendar | [] | - gpe-clock | [] [] [] | - gpe-conf | [] [] [] | - gpe-contacts | [] | - gpe-edit | [] [] [] | - gpe-filemanager | [] [] | - gpe-go | [] [] [] | - gpe-login | [] [] [] | - gpe-ownerinfo | [] [] | - gpe-package | [] [] | - gpe-sketchbook | [] [] | - gpe-su | [] [] [] | - gpe-taskmanager | [] [] [] [] | - gpe-timesheet | [] | - gpe-today | [] [] | - gpe-todo | [] | - gphoto2 | [] [] | - gprof | [] | - gpsdrive | [] | - gramadoir | () | - grep | [] [] | - gretl | | - gsasl | [] | + gnutls | | + gold | | + gpe-aerial | | + gpe-beam | | + gpe-bluetooth | | + gpe-calendar | | + gpe-clock | [] | + gpe-conf | | + gpe-contacts | | + gpe-edit | | + gpe-filemanager | | + gpe-go | | + gpe-login | | + gpe-ownerinfo | [] | + gpe-package | | + gpe-sketchbook | | + gpe-su | [] | + gpe-taskmanager | [] | + gpe-timesheet | [] | + gpe-today | [] | + gpe-todo | | + gphoto2 | | + gprof | [] | + gpsdrive | | + gramadoir | | + grep | | + grub | [] [] | + gsasl | | gss | | - gst-plugins-bad | [] | - gst-plugins-base | [] | - gst-plugins-good | [] | - gst-plugins-ugly | [] | - gstreamer | [] | - gtick | [] | - gtkam | [] [] | - gtkorphan | [] | - gtkspell | [] [] | - gutenprint | [] | - hello | [] [] [] [] [] [] [] | - herrie | [] | + gst-plugins-bad | [] | + gst-plugins-base | [] | + gst-plugins-good | [] | + gst-plugins-ugly | [] | + gstreamer | [] [] [] | + gtick | | + gtkam | [] | + gtkorphan | [] | + gtkspell | [] [] [] | + gutenprint | | + hello | [] | + help2man | | hylafax | | - idutils | [] | - indent | [] [] | - iso_15924 | [] | - iso_3166 | [] [] [] [] [] [] [] [] | - iso_3166_2 | [] | - iso_4217 | [] [] [] | - iso_639 | [] [] [] [] | - jpilot | () () | - jtag | | - jwhois | [] | - kbd | [] | - keytouch | [] | - keytouch-editor | [] | - keytouch-keyboa... | | - latrine | [] | - ld | | - leafpad | [] [] | - libc | [] [] [] | - libexif | | + idutils | | + indent | [] [] | + iso_15924 | | + iso_3166 | [] [] [] [] [] [] [] | + iso_3166_2 | | + iso_4217 | | + iso_639 | [] [] [] [] | + iso_639_3 | | + jwhois | | + kbd | | + keytouch | [] | + keytouch-editor | | + keytouch-keyboa... | [] | + klavaro | [] | + latrine | | + ld | [] | + leafpad | [] [] | + libc | [] [] | + libexif | () | libextractor | | - libgpewidget | [] | + libgnutls | | + libgpewidget | | libgpg-error | | - libgphoto2 | [] | - libgphoto2_port | [] | - libgsasl | [] | - libiconv | [] | - libidn | [] [] | - lifelines | [] | - lilypond | [] | - lingoteach | [] | + libgphoto2 | | + libgphoto2_port | | + libgsasl | | + libiconv | [] | + libidn | | + lifelines | | + liferea | [] [] | + lilypond | | + linkdr | [] | + lordsawar | | lprng | | - lynx | [] [] | - m4 | [] [] | + lynx | [] | + m4 | | mailfromd | | mailutils | | - make | [] [] [] | + make | | man-db | | - minicom | [] | - nano | [] [] [] | - opcodes | [] | - parted | [] [] | - pilot-qof | | - popt | [] [] [] | - psmisc | [] [] [] | + man-db-manpages | | + minicom | | + mkisofs | | + myserver | | + nano | [] [] | + opcodes | | + parted | | + pies | | + popt | | + psmisc | | + pspp | [] | pwdutils | | - qof | | - radius | | - recode | [] | - rpm | [] [] | - screem | [] | - scrollkeeper | [] [] [] [] | - sed | [] [] | - shared-mime-info | [] [] [] [] [] [] [] | - sharutils | [] [] | + radius | [] | + recode | [] [] | + rosegarden | | + rpm | | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] [] | + sed | [] [] | + sharutils | [] [] | shishi | | skencil | | - solfege | () () | + solfege | | + solfege-manual | | soundtracker | | - sp | () | - system-tools-ba... | [] [] [] [] | - tar | [] [] [] | - texinfo | [] [] | + sp | | + sysstat | | + tar | [] | + texinfo | | tin | | - tuxpaint | () [] [] | unicode-han-tra... | | unicode-transla... | | - util-linux | [] [] | - util-linux-ng | [] [] | + util-linux-ng | [] | + vice | | + vmm | | vorbis-tools | | - wastesedge | [] | - wdiff | [] [] | - wget | [] [] | - xchat | [] [] [] [] | - xkeyboard-config | [] [] [] | - xpad | [] [] [] | - +--------------------------------------------------+ - ja ka ko ku ky lg lt lv mk mn ms mt nb ne nl nn - 51 2 25 3 2 0 6 0 2 2 20 0 11 1 103 6 - - or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta - +--------------------------------------------------+ - Compendium | [] [] [] [] [] | - a2ps | () [] [] [] [] [] [] | - aegis | () () | - ant-phone | [] [] | - anubis | [] [] [] | - ap-utils | () | - aspell | [] [] [] | - bash | [] [] | - bfd | | - bibshelf | [] | - binutils | [] [] | - bison | [] [] [] [] [] | - bison-runtime | [] [] [] [] [] | - bluez-pin | [] [] [] [] [] [] [] [] [] | - cflow | [] | - clisp | [] | - console-tools | [] | - coreutils | [] [] [] [] | - cpio | [] [] [] | - cpplib | [] | - cryptonit | [] [] | - dialog | [] | - diffutils | [] [] [] [] [] [] | - doodle | [] [] | - e2fsprogs | [] [] | - enscript | [] [] [] [] [] | - fetchmail | [] [] [] | - findutils | [] [] [] | - findutils_stable | [] [] [] [] [] [] | - flex | [] [] [] [] [] | - fslint | [] | - gas | | - gawk | [] [] [] [] | - gcal | [] | - gcc | [] [] | - gettext-examples | [] [] [] [] [] [] [] [] | - gettext-runtime | [] [] [] [] [] [] [] [] | - gettext-tools | [] [] [] [] [] [] [] | - gip | [] [] [] [] | - gliv | [] [] [] [] [] [] | - glunarclock | [] [] [] [] [] [] | - gmult | [] [] [] [] | - gnubiff | () [] | - gnucash | () [] | - gnuedu | | - gnulib | [] [] [] | - gnunet | | - gnunet-gtk | [] | - gnutls | [] [] | - gpe-aerial | [] [] [] [] [] [] [] | - gpe-beam | [] [] [] [] [] [] [] | - gpe-calendar | [] [] [] [] | - gpe-clock | [] [] [] [] [] [] [] [] | - gpe-conf | [] [] [] [] [] [] [] | - gpe-contacts | [] [] [] [] [] | - gpe-edit | [] [] [] [] [] [] [] [] [] | - gpe-filemanager | [] [] | - gpe-go | [] [] [] [] [] [] [] [] | - gpe-login | [] [] [] [] [] [] [] [] | - gpe-ownerinfo | [] [] [] [] [] [] [] [] | - gpe-package | [] [] | - gpe-sketchbook | [] [] [] [] [] [] [] [] | - gpe-su | [] [] [] [] [] [] [] [] | - gpe-taskmanager | [] [] [] [] [] [] [] [] | - gpe-timesheet | [] [] [] [] [] [] [] [] | - gpe-today | [] [] [] [] [] [] [] [] | - gpe-todo | [] [] [] [] | - gphoto2 | [] [] [] [] [] [] | - gprof | [] [] [] | - gpsdrive | [] [] | - gramadoir | [] [] | - grep | [] [] [] [] | - gretl | [] [] [] | - gsasl | [] [] [] | - gss | [] [] [] [] | - gst-plugins-bad | [] [] [] | - gst-plugins-base | [] [] | - gst-plugins-good | [] [] | - gst-plugins-ugly | [] [] [] | - gstreamer | [] [] [] [] | - gtick | [] | - gtkam | [] [] [] [] [] | - gtkorphan | [] | - gtkspell | [] [] [] [] [] [] [] [] | - gutenprint | [] | - hello | [] [] [] [] [] [] [] [] | - herrie | [] [] [] | - hylafax | | - idutils | [] [] [] [] [] | - indent | [] [] [] [] [] [] [] | - iso_15924 | | - iso_3166 | [] [] [] [] [] [] [] [] [] [] [] [] [] | - iso_3166_2 | | - iso_4217 | [] [] [] [] [] [] [] | - iso_639 | [] [] [] [] [] [] [] | - jpilot | | - jtag | [] | - jwhois | [] [] [] [] | - kbd | [] [] [] | - keytouch | [] | - keytouch-editor | [] | - keytouch-keyboa... | [] | - latrine | | - ld | [] | - leafpad | [] [] [] [] [] [] | - libc | [] [] [] [] | - libexif | [] [] | - libextractor | [] [] | - libgpewidget | [] [] [] [] [] [] [] [] | - libgpg-error | [] [] [] | - libgphoto2 | [] | - libgphoto2_port | [] [] [] | - libgsasl | [] [] [] [] | - libiconv | [] [] [] | - libidn | [] [] () | - lifelines | [] [] | - lilypond | | - lingoteach | [] | - lprng | [] | - lynx | [] [] [] | - m4 | [] [] [] [] [] | - mailfromd | [] | - mailutils | [] [] [] | - make | [] [] [] [] | - man-db | [] [] [] [] | - minicom | [] [] [] [] [] | - nano | [] [] [] [] | - opcodes | [] [] | - parted | [] | - pilot-qof | | - popt | [] [] [] [] | - psmisc | [] [] | - pwdutils | [] [] | - qof | [] [] | - radius | [] [] | - recode | [] [] [] [] [] [] [] | - rpm | [] [] [] [] | - screem | | - scrollkeeper | [] [] [] [] [] [] [] | - sed | [] [] [] [] [] [] [] [] [] | - shared-mime-info | [] [] [] [] [] [] | - sharutils | [] [] [] [] | - shishi | [] | - skencil | [] [] [] | - solfege | [] | - soundtracker | [] [] | - sp | | - system-tools-ba... | [] [] [] [] [] [] [] [] [] | - tar | [] [] [] [] | - texinfo | [] [] [] [] | - tin | () | - tuxpaint | [] [] [] [] [] [] | - unicode-han-tra... | | - unicode-transla... | | - util-linux | [] [] [] [] | - util-linux-ng | [] [] [] [] | - vorbis-tools | [] | wastesedge | | - wdiff | [] [] [] [] [] [] [] | - wget | [] [] [] [] | - xchat | [] [] [] [] [] [] [] | - xkeyboard-config | [] [] [] | - xpad | [] [] [] | + wdiff | | + wget | [] [] | + wyslij-po | | + xchat | [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] | +--------------------------------------------------+ - or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta - 0 5 77 31 53 4 58 72 3 45 46 9 45 122 3 + af am an ar as ast az be be@latin bg bn_IN bs ca + 6 0 1 2 3 19 1 10 3 28 3 1 38 + + crh cs da de el en en_GB en_ZA eo es et eu fa + +-------------------------------------------------+ + a2ps | [] [] [] [] [] [] [] | + aegis | [] [] [] | + ant-phone | [] () | + anubis | [] [] | + aspell | [] [] [] [] [] | + bash | [] [] [] | + bfd | [] | + bibshelf | [] [] [] | + binutils | [] | + bison | [] [] | + bison-runtime | [] [] [] [] | + bluez-pin | [] [] [] [] [] [] | + bombono-dvd | [] | + buzztard | [] [] [] | + cflow | [] [] | + clisp | [] [] [] [] | + coreutils | [] [] [] [] | + cpio | | + cppi | | + cpplib | [] [] [] | + cryptsetup | [] | + dfarc | [] [] [] | + dialog | [] [] [] [] [] | + dico | | + diffutils | [] [] [] [] [] [] | + dink | [] [] [] | + doodle | [] | + e2fsprogs | [] [] [] | + enscript | [] [] [] | + exif | () [] [] | + fetchmail | [] [] () [] [] [] | + findutils | [] [] [] | + flex | [] [] | + freedink | [] [] [] | + gas | [] | + gawk | [] [] [] | + gcal | [] | + gcc | [] [] | + gettext-examples | [] [] [] [] | + gettext-runtime | [] [] [] [] | + gettext-tools | [] [] [] | + gip | [] [] [] [] | + gjay | [] | + gliv | [] [] [] | + glunarclock | [] [] | + gnubiff | () | + gnucash | [] () () () () | + gnuedu | [] [] | + gnulib | [] [] | + gnunet | | + gnunet-gtk | [] | + gnutls | [] [] | + gold | [] | + gpe-aerial | [] [] [] [] | + gpe-beam | [] [] [] [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] | + gpe-clock | [] [] [] [] | + gpe-conf | [] [] [] | + gpe-contacts | [] [] [] | + gpe-edit | [] [] | + gpe-filemanager | [] [] [] | + gpe-go | [] [] [] [] | + gpe-login | [] [] | + gpe-ownerinfo | [] [] [] [] | + gpe-package | [] [] [] | + gpe-sketchbook | [] [] [] [] | + gpe-su | [] [] [] [] | + gpe-taskmanager | [] [] [] [] | + gpe-timesheet | [] [] [] [] | + gpe-today | [] [] [] [] | + gpe-todo | [] [] [] | + gphoto2 | [] [] () [] [] [] | + gprof | [] [] [] | + gpsdrive | [] [] [] | + gramadoir | [] [] [] | + grep | [] | + grub | [] [] | + gsasl | [] | + gss | | + gst-plugins-bad | [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] () [] | + gtkam | [] [] () [] [] | + gtkorphan | [] [] [] [] | + gtkspell | [] [] [] [] [] [] [] | + gutenprint | [] [] [] | + hello | [] [] [] [] | + help2man | [] | + hylafax | [] [] | + idutils | [] [] | + indent | [] [] [] [] [] [] [] | + iso_15924 | [] () [] [] | + iso_3166 | [] [] [] [] () [] [] [] () | + iso_3166_2 | () | + iso_4217 | [] [] [] () [] [] | + iso_639 | [] [] [] [] () [] [] | + iso_639_3 | [] | + jwhois | [] | + kbd | [] [] [] [] [] | + keytouch | [] [] | + keytouch-editor | [] [] | + keytouch-keyboa... | [] | + klavaro | [] [] [] [] | + latrine | [] () | + ld | [] [] | + leafpad | [] [] [] [] [] [] | + libc | [] [] [] [] | + libexif | [] [] () | + libextractor | | + libgnutls | [] | + libgpewidget | [] [] | + libgpg-error | [] [] | + libgphoto2 | [] () | + libgphoto2_port | [] () [] | + libgsasl | | + libiconv | [] [] [] [] [] | + libidn | [] [] [] | + lifelines | [] () | + liferea | [] [] [] [] [] | + lilypond | [] [] [] | + linkdr | [] [] [] | + lordsawar | [] | + lprng | | + lynx | [] [] [] [] | + m4 | [] [] [] [] | + mailfromd | | + mailutils | [] | + make | [] [] [] | + man-db | | + man-db-manpages | | + minicom | [] [] [] [] | + mkisofs | | + myserver | | + nano | [] [] [] | + opcodes | [] [] | + parted | [] [] | + pies | | + popt | [] [] [] [] [] | + psmisc | [] [] [] | + pspp | [] | + pwdutils | [] | + radius | [] | + recode | [] [] [] [] [] [] | + rosegarden | () () () | + rpm | [] [] [] | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] [] [] [] | + sed | [] [] [] [] [] [] | + sharutils | [] [] [] [] | + shishi | | + skencil | [] () [] | + solfege | [] [] [] | + solfege-manual | [] [] | + soundtracker | [] [] [] | + sp | [] | + sysstat | [] [] [] | + tar | [] [] [] [] | + texinfo | [] [] [] | + tin | [] [] | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | [] [] [] [] | + vice | () () | + vmm | [] | + vorbis-tools | [] [] | + wastesedge | [] | + wdiff | [] [] | + wget | [] [] [] | + wyslij-po | | + xchat | [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] [] [] | + +-------------------------------------------------+ + crh cs da de el en en_GB en_ZA eo es et eu fa + 5 64 105 117 18 1 8 0 28 89 18 19 0 + + fi fr ga gl gu he hi hr hu hy id is it ja ka kn + +----------------------------------------------------+ + a2ps | [] [] [] [] | + aegis | [] [] | + ant-phone | [] [] | + anubis | [] [] [] [] | + aspell | [] [] [] [] | + bash | [] [] [] [] | + bfd | [] [] [] | + bibshelf | [] [] [] [] [] | + binutils | [] [] [] | + bison | [] [] [] [] | + bison-runtime | [] [] [] [] [] [] | + bluez-pin | [] [] [] [] [] [] [] [] | + bombono-dvd | [] | + buzztard | [] | + cflow | [] [] [] | + clisp | [] | + coreutils | [] [] [] [] [] | + cpio | [] [] [] [] | + cppi | [] [] | + cpplib | [] [] [] | + cryptsetup | [] [] [] | + dfarc | [] [] [] | + dialog | [] [] [] [] [] [] [] | + dico | | + diffutils | [] [] [] [] [] [] [] [] [] | + dink | [] | + doodle | [] [] | + e2fsprogs | [] [] | + enscript | [] [] [] [] | + exif | [] [] [] [] [] [] | + fetchmail | [] [] [] [] | + findutils | [] [] [] [] [] [] | + flex | [] [] [] | + freedink | [] [] [] | + gas | [] [] | + gawk | [] [] [] [] () [] | + gcal | [] | + gcc | [] | + gettext-examples | [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] | + gettext-tools | [] [] [] [] | + gip | [] [] [] [] [] [] | + gjay | [] | + gliv | [] () | + glunarclock | [] [] [] [] | + gnubiff | () [] () | + gnucash | () () () () () [] | + gnuedu | [] [] | + gnulib | [] [] [] [] [] [] | + gnunet | | + gnunet-gtk | [] | + gnutls | [] [] | + gold | [] [] | + gpe-aerial | [] [] [] | + gpe-beam | [] [] [] [] | + gpe-bluetooth | [] [] [] [] | + gpe-calendar | [] [] | + gpe-clock | [] [] [] [] [] | + gpe-conf | [] [] [] [] | + gpe-contacts | [] [] [] [] | + gpe-edit | [] [] [] | + gpe-filemanager | [] [] [] [] | + gpe-go | [] [] [] [] [] | + gpe-login | [] [] [] | + gpe-ownerinfo | [] [] [] [] [] | + gpe-package | [] [] [] | + gpe-sketchbook | [] [] [] [] | + gpe-su | [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] | + gpe-timesheet | [] [] [] [] [] | + gpe-today | [] [] [] [] [] [] [] | + gpe-todo | [] [] [] | + gphoto2 | [] [] [] [] [] [] | + gprof | [] [] [] [] | + gpsdrive | [] [] [] | + gramadoir | [] [] [] | + grep | [] [] | + grub | [] [] [] [] | + gsasl | [] [] [] [] [] | + gss | [] [] [] [] [] | + gst-plugins-bad | [] [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] [] [] [] [] | + gtkam | [] [] [] [] [] | + gtkorphan | [] [] [] | + gtkspell | [] [] [] [] [] [] [] [] [] | + gutenprint | [] [] [] [] | + hello | [] [] [] | + help2man | [] [] | + hylafax | [] | + idutils | [] [] [] [] [] [] | + indent | [] [] [] [] [] [] [] [] | + iso_15924 | [] () [] [] | + iso_3166 | [] () [] [] [] [] [] [] [] [] [] [] | + iso_3166_2 | () [] [] [] | + iso_4217 | [] () [] [] [] [] | + iso_639 | [] () [] [] [] [] [] [] [] | + iso_639_3 | () [] [] | + jwhois | [] [] [] [] [] | + kbd | [] [] | + keytouch | [] [] [] [] [] [] | + keytouch-editor | [] [] [] [] [] | + keytouch-keyboa... | [] [] [] [] [] | + klavaro | [] [] | + latrine | [] [] [] | + ld | [] [] [] [] | + leafpad | [] [] [] [] [] [] [] () | + libc | [] [] [] [] [] | + libexif | [] | + libextractor | | + libgnutls | [] [] | + libgpewidget | [] [] [] [] | + libgpg-error | [] [] | + libgphoto2 | [] [] [] | + libgphoto2_port | [] [] [] | + libgsasl | [] [] [] [] [] | + libiconv | [] [] [] [] [] [] | + libidn | [] [] [] [] | + lifelines | () | + liferea | [] [] [] [] | + lilypond | [] [] | + linkdr | [] [] [] [] [] | + lordsawar | | + lprng | [] | + lynx | [] [] [] [] [] | + m4 | [] [] [] [] [] [] | + mailfromd | | + mailutils | [] [] | + make | [] [] [] [] [] [] [] [] [] | + man-db | [] [] | + man-db-manpages | [] | + minicom | [] [] [] [] [] | + mkisofs | [] [] [] [] | + myserver | | + nano | [] [] [] [] [] [] | + opcodes | [] [] [] [] | + parted | [] [] [] [] | + pies | | + popt | [] [] [] [] [] [] [] [] [] | + psmisc | [] [] [] | + pspp | | + pwdutils | [] [] | + radius | [] [] | + recode | [] [] [] [] [] [] [] [] | + rosegarden | () () () () () | + rpm | [] [] | + rush | | + sarg | [] | + screem | [] [] | + scrollkeeper | [] [] [] [] | + sed | [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] [] [] [] | + shishi | [] | + skencil | [] | + solfege | [] [] [] [] | + solfege-manual | [] [] | + soundtracker | [] [] | + sp | [] () | + sysstat | [] [] [] [] [] | + tar | [] [] [] [] [] [] [] | + texinfo | [] [] [] [] | + tin | [] | + unicode-han-tra... | | + unicode-transla... | [] [] | + util-linux-ng | [] [] [] [] [] [] | + vice | () () () | + vmm | [] | + vorbis-tools | [] | + wastesedge | () () | + wdiff | [] | + wget | [] [] [] [] [] [] [] [] | + wyslij-po | [] [] [] | + xchat | [] [] [] [] [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] [] | + +----------------------------------------------------+ + fi fr ga gl gu he hi hr hu hy id is it ja ka kn + 105 121 53 20 4 8 3 5 53 2 120 5 84 67 0 4 + + ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne + +-----------------------------------------------+ + a2ps | [] | + aegis | | + ant-phone | | + anubis | [] [] | + aspell | [] | + bash | | + bfd | | + bibshelf | [] [] | + binutils | | + bison | [] | + bison-runtime | [] [] [] [] [] | + bluez-pin | [] [] [] [] [] | + bombono-dvd | | + buzztard | | + cflow | | + clisp | | + coreutils | [] | + cpio | | + cppi | | + cpplib | | + cryptsetup | | + dfarc | [] | + dialog | [] [] [] [] [] | + dico | | + diffutils | [] [] | + dink | | + doodle | | + e2fsprogs | | + enscript | | + exif | [] | + fetchmail | | + findutils | | + flex | | + freedink | [] | + gas | | + gawk | | + gcal | | + gcc | | + gettext-examples | [] [] [] [] | + gettext-runtime | [] | + gettext-tools | [] | + gip | [] [] | + gjay | | + gliv | | + glunarclock | [] | + gnubiff | | + gnucash | () () () () | + gnuedu | | + gnulib | | + gnunet | | + gnunet-gtk | | + gnutls | [] | + gold | | + gpe-aerial | [] | + gpe-beam | [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] | + gpe-clock | [] [] [] [] [] | + gpe-conf | [] [] | + gpe-contacts | [] [] | + gpe-edit | [] | + gpe-filemanager | [] [] | + gpe-go | [] [] [] | + gpe-login | [] | + gpe-ownerinfo | [] [] | + gpe-package | [] [] | + gpe-sketchbook | [] [] | + gpe-su | [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] [] | + gpe-timesheet | [] [] | + gpe-today | [] [] [] [] | + gpe-todo | [] [] | + gphoto2 | | + gprof | [] | + gpsdrive | | + gramadoir | | + grep | | + grub | | + gsasl | | + gss | | + gst-plugins-bad | [] [] [] [] | + gst-plugins-base | [] [] | + gst-plugins-good | [] [] | + gst-plugins-ugly | [] [] [] [] [] | + gstreamer | | + gtick | | + gtkam | [] | + gtkorphan | [] [] | + gtkspell | [] [] [] [] [] [] [] | + gutenprint | | + hello | [] [] [] | + help2man | | + hylafax | | + idutils | | + indent | | + iso_15924 | [] [] | + iso_3166 | [] [] () [] [] [] [] [] | + iso_3166_2 | | + iso_4217 | [] [] | + iso_639 | [] [] | + iso_639_3 | [] | + jwhois | [] | + kbd | | + keytouch | [] | + keytouch-editor | [] | + keytouch-keyboa... | [] | + klavaro | [] | + latrine | [] | + ld | | + leafpad | [] [] [] | + libc | [] | + libexif | | + libextractor | | + libgnutls | [] | + libgpewidget | [] [] | + libgpg-error | | + libgphoto2 | | + libgphoto2_port | | + libgsasl | | + libiconv | | + libidn | | + lifelines | | + liferea | | + lilypond | | + linkdr | | + lordsawar | | + lprng | | + lynx | | + m4 | | + mailfromd | | + mailutils | | + make | [] | + man-db | | + man-db-manpages | | + minicom | [] | + mkisofs | | + myserver | | + nano | [] [] | + opcodes | | + parted | | + pies | | + popt | [] [] [] | + psmisc | | + pspp | | + pwdutils | | + radius | | + recode | | + rosegarden | | + rpm | | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] | + sed | | + sharutils | | + shishi | | + skencil | | + solfege | [] | + solfege-manual | | + soundtracker | | + sp | | + sysstat | [] | + tar | [] | + texinfo | [] | + tin | | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | | + vice | | + vmm | | + vorbis-tools | | + wastesedge | | + wdiff | | + wget | [] | + wyslij-po | | + xchat | [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] | + +-----------------------------------------------+ + ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne + 20 5 10 1 13 48 4 2 2 4 24 10 20 3 1 + + nl nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr + +---------------------------------------------------+ + a2ps | [] [] [] [] [] [] [] [] | + aegis | [] [] [] | + ant-phone | [] [] | + anubis | [] [] [] | + aspell | [] [] [] [] [] | + bash | [] [] | + bfd | [] | + bibshelf | [] [] | + binutils | [] [] | + bison | [] [] [] | + bison-runtime | [] [] [] [] [] [] [] | + bluez-pin | [] [] [] [] [] [] [] [] | + bombono-dvd | [] () | + buzztard | [] [] | + cflow | [] | + clisp | [] [] | + coreutils | [] [] [] [] [] [] | + cpio | [] [] [] | + cppi | [] | + cpplib | [] | + cryptsetup | [] | + dfarc | [] | + dialog | [] [] [] [] | + dico | [] | + diffutils | [] [] [] [] [] [] | + dink | () | + doodle | [] [] | + e2fsprogs | [] [] | + enscript | [] [] [] [] [] | + exif | [] [] [] () [] | + fetchmail | [] [] [] [] | + findutils | [] [] [] [] [] | + flex | [] [] [] [] [] | + freedink | [] [] | + gas | | + gawk | [] [] [] [] | + gcal | | + gcc | [] | + gettext-examples | [] [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] [] [] [] | + gettext-tools | [] [] [] [] [] [] | + gip | [] [] [] [] [] | + gjay | | + gliv | [] [] [] [] [] [] | + glunarclock | [] [] [] [] [] | + gnubiff | [] () | + gnucash | [] () () () | + gnuedu | [] | + gnulib | [] [] [] [] | + gnunet | | + gnunet-gtk | | + gnutls | [] [] | + gold | | + gpe-aerial | [] [] [] [] [] [] [] | + gpe-beam | [] [] [] [] [] [] [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] [] [] [] | + gpe-clock | [] [] [] [] [] [] [] [] | + gpe-conf | [] [] [] [] [] [] [] | + gpe-contacts | [] [] [] [] [] | + gpe-edit | [] [] [] | + gpe-filemanager | [] [] [] | + gpe-go | [] [] [] [] [] [] [] [] | + gpe-login | [] [] | + gpe-ownerinfo | [] [] [] [] [] [] [] [] | + gpe-package | [] [] | + gpe-sketchbook | [] [] [] [] [] [] [] | + gpe-su | [] [] [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] [] [] [] | + gpe-timesheet | [] [] [] [] [] [] [] [] | + gpe-today | [] [] [] [] [] [] [] [] | + gpe-todo | [] [] [] [] [] | + gphoto2 | [] [] [] [] [] [] [] [] | + gprof | [] [] [] | + gpsdrive | [] [] | + gramadoir | [] [] | + grep | [] [] [] [] | + grub | [] [] [] | + gsasl | [] [] [] [] | + gss | [] [] [] | + gst-plugins-bad | [] [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] [] [] | + gtkam | [] [] [] [] [] [] | + gtkorphan | [] | + gtkspell | [] [] [] [] [] [] [] [] [] [] | + gutenprint | [] [] | + hello | [] [] [] [] | + help2man | [] [] | + hylafax | [] | + idutils | [] [] [] [] [] | + indent | [] [] [] [] [] [] [] | + iso_15924 | [] [] [] [] | + iso_3166 | [] [] [] [] [] () [] [] [] [] [] [] [] [] | + iso_3166_2 | [] [] [] | + iso_4217 | [] [] [] [] [] [] [] [] | + iso_639 | [] [] [] [] [] [] [] [] [] | + iso_639_3 | [] [] | + jwhois | [] [] [] [] | + kbd | [] [] [] | + keytouch | [] [] [] | + keytouch-editor | [] [] [] | + keytouch-keyboa... | [] [] [] | + klavaro | [] [] | + latrine | [] [] | + ld | | + leafpad | [] [] [] [] [] [] [] [] [] | + libc | [] [] [] [] | + libexif | [] [] () [] | + libextractor | | + libgnutls | [] [] | + libgpewidget | [] [] [] | + libgpg-error | [] [] | + libgphoto2 | [] [] | + libgphoto2_port | [] [] [] [] [] | + libgsasl | [] [] [] [] [] | + libiconv | [] [] [] [] [] | + libidn | [] [] | + lifelines | [] [] | + liferea | [] [] [] [] [] () () [] | + lilypond | [] | + linkdr | [] [] [] | + lordsawar | | + lprng | [] | + lynx | [] [] [] | + m4 | [] [] [] [] [] | + mailfromd | [] | + mailutils | [] | + make | [] [] [] [] | + man-db | [] [] [] | + man-db-manpages | [] [] [] | + minicom | [] [] [] [] | + mkisofs | [] [] [] | + myserver | | + nano | [] [] [] [] | + opcodes | [] [] | + parted | [] [] [] [] | + pies | [] | + popt | [] [] [] [] | + psmisc | [] [] [] | + pspp | [] [] | + pwdutils | [] | + radius | [] [] [] | + recode | [] [] [] [] [] [] [] [] | + rosegarden | () () | + rpm | [] [] [] | + rush | [] [] | + sarg | | + screem | | + scrollkeeper | [] [] [] [] [] [] [] [] | + sed | [] [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] | + shishi | [] | + skencil | [] [] | + solfege | [] [] [] [] | + solfege-manual | [] [] [] | + soundtracker | [] | + sp | | + sysstat | [] [] [] [] | + tar | [] [] [] [] | + texinfo | [] [] [] [] | + tin | [] | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | [] [] [] [] [] | + vice | [] | + vmm | [] | + vorbis-tools | [] [] | + wastesedge | [] | + wdiff | [] [] | + wget | [] [] [] [] [] [] [] | + wyslij-po | [] [] [] | + xchat | [] [] [] [] [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] | + +---------------------------------------------------+ + nl nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr + 135 10 4 7 105 1 29 62 47 91 3 54 46 9 37 - tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu + sv sw ta te tg th tr uk vi wa zh_CN zh_HK zh_TW +---------------------------------------------------+ - Compendium | [] [] [] [] | 19 - a2ps | [] [] [] | 19 - aegis | [] | 1 - ant-phone | [] [] | 6 - anubis | [] [] [] | 11 - ap-utils | () [] | 4 - aspell | [] [] [] | 16 - bash | [] | 6 - bfd | | 2 - bibshelf | [] | 7 - binutils | [] [] [] [] | 9 - bison | [] [] [] [] | 20 - bison-runtime | [] [] [] [] | 18 - bluez-pin | [] [] [] [] [] [] | 28 - cflow | [] [] | 5 - clisp | | 9 - console-tools | [] [] | 5 - coreutils | [] [] [] | 18 - cpio | [] [] [] [] | 11 - cpplib | [] [] [] [] [] | 12 - cryptonit | [] | 6 - dialog | [] [] [] | 9 - diffutils | [] [] [] [] [] | 29 - doodle | [] | 6 - e2fsprogs | [] [] | 10 - enscript | [] [] [] | 16 - fetchmail | [] [] | 12 - findutils | [] [] [] | 11 - findutils_stable | [] [] [] [] | 18 - flex | [] [] | 15 - fslint | [] | 2 - gas | [] | 3 - gawk | [] [] [] | 16 - gcal | [] | 5 - gcc | [] [] [] | 7 - gettext-examples | [] [] [] [] [] [] | 29 - gettext-runtime | [] [] [] [] [] [] | 28 - gettext-tools | [] [] [] [] [] | 20 - gip | [] [] | 13 - gliv | [] [] | 11 - glunarclock | [] [] [] | 15 - gmult | [] [] [] [] | 16 - gnubiff | [] | 2 - gnucash | () [] | 5 - gnuedu | [] | 2 - gnulib | [] | 10 - gnunet | | 0 - gnunet-gtk | [] [] | 3 - gnutls | | 4 - gpe-aerial | [] [] | 14 - gpe-beam | [] [] | 14 - gpe-calendar | [] [] | 7 - gpe-clock | [] [] [] [] | 21 - gpe-conf | [] [] [] | 16 - gpe-contacts | [] [] | 10 - gpe-edit | [] [] [] [] [] | 22 - gpe-filemanager | [] [] | 7 - gpe-go | [] [] [] [] | 19 - gpe-login | [] [] [] [] [] | 21 - gpe-ownerinfo | [] [] [] [] | 21 - gpe-package | [] | 6 - gpe-sketchbook | [] [] | 16 - gpe-su | [] [] [] [] | 21 - gpe-taskmanager | [] [] [] [] | 21 - gpe-timesheet | [] [] [] [] | 18 - gpe-today | [] [] [] [] [] | 21 - gpe-todo | [] [] | 8 - gphoto2 | [] [] [] [] | 21 - gprof | [] [] | 13 - gpsdrive | [] | 5 - gramadoir | [] | 7 - grep | [] | 12 - gretl | | 6 - gsasl | [] [] [] | 9 - gss | [] | 7 - gst-plugins-bad | [] [] [] | 13 - gst-plugins-base | [] [] | 11 - gst-plugins-good | [] [] [] [] [] | 16 - gst-plugins-ugly | [] [] [] | 13 - gstreamer | [] [] [] | 18 - gtick | [] [] | 7 - gtkam | [] | 16 - gtkorphan | [] | 7 - gtkspell | [] [] [] [] [] [] | 27 - gutenprint | | 4 - hello | [] [] [] [] [] | 38 - herrie | [] [] | 8 - hylafax | | 0 - idutils | [] [] | 15 - indent | [] [] [] [] [] | 28 - iso_15924 | [] [] | 4 - iso_3166 | [] [] [] [] [] [] [] [] [] | 54 - iso_3166_2 | [] [] | 4 - iso_4217 | [] [] [] [] [] | 24 - iso_639 | [] [] [] [] [] | 26 - jpilot | [] [] [] [] | 7 - jtag | [] | 3 - jwhois | [] [] [] | 13 - kbd | [] [] [] | 13 - keytouch | [] | 8 - keytouch-editor | [] | 5 - keytouch-keyboa... | [] | 5 - latrine | [] [] | 5 - ld | [] [] [] [] | 10 - leafpad | [] [] [] [] [] | 24 - libc | [] [] [] | 19 - libexif | [] | 5 - libextractor | [] | 5 - libgpewidget | [] [] [] | 20 - libgpg-error | [] | 6 - libgphoto2 | [] [] | 9 - libgphoto2_port | [] [] [] | 11 - libgsasl | [] | 8 - libiconv | [] [] | 11 - libidn | [] [] | 11 - lifelines | | 4 - lilypond | [] | 6 - lingoteach | [] | 6 - lprng | [] | 2 - lynx | [] [] [] | 15 - m4 | [] [] [] | 18 - mailfromd | [] [] | 3 - mailutils | [] [] | 8 - make | [] [] [] | 20 - man-db | [] | 9 - minicom | [] | 14 - nano | [] [] [] | 20 - opcodes | [] [] | 10 - parted | [] [] [] | 11 - pilot-qof | [] | 1 - popt | [] [] [] [] | 18 - psmisc | [] [] | 10 - pwdutils | [] | 3 - qof | [] | 4 - radius | [] [] | 7 - recode | [] [] [] | 25 - rpm | [] [] [] [] | 13 - screem | [] | 2 - scrollkeeper | [] [] [] [] | 26 - sed | [] [] [] [] | 23 - shared-mime-info | [] [] [] | 29 - sharutils | [] [] [] | 23 - shishi | [] | 3 - skencil | [] | 7 - solfege | [] | 3 - soundtracker | [] [] | 9 - sp | [] | 3 - system-tools-ba... | [] [] [] [] [] [] [] | 38 - tar | [] [] [] | 17 - texinfo | [] [] [] | 15 - tin | | 1 - tuxpaint | [] [] [] | 19 + a2ps | [] [] [] [] [] | 27 + aegis | [] | 9 + ant-phone | [] [] [] [] | 9 + anubis | [] [] [] [] | 15 + aspell | [] [] [] | 20 + bash | [] [] [] | 12 + bfd | [] | 6 + bibshelf | [] [] [] | 16 + binutils | [] [] | 8 + bison | [] [] | 12 + bison-runtime | [] [] [] [] [] [] | 29 + bluez-pin | [] [] [] [] [] [] [] [] | 37 + bombono-dvd | [] | 4 + buzztard | [] | 7 + cflow | [] [] [] | 9 + clisp | | 10 + coreutils | [] [] [] [] | 22 + cpio | [] [] [] [] [] [] | 13 + cppi | [] [] | 5 + cpplib | [] [] [] [] [] [] | 14 + cryptsetup | [] [] | 7 + dfarc | [] | 9 + dialog | [] [] [] [] [] [] [] | 30 + dico | [] | 2 + diffutils | [] [] [] [] [] [] | 30 + dink | | 4 + doodle | [] [] | 7 + e2fsprogs | [] [] [] | 11 + enscript | [] [] [] [] | 17 + exif | [] [] [] | 16 + fetchmail | [] [] [] | 17 + findutils | [] [] [] [] [] | 20 + flex | [] [] [] [] | 15 + freedink | [] | 10 + gas | [] | 4 + gawk | [] [] [] [] | 18 + gcal | [] [] | 5 + gcc | [] [] [] | 7 + gettext-examples | [] [] [] [] [] [] [] | 34 + gettext-runtime | [] [] [] [] [] [] [] | 29 + gettext-tools | [] [] [] [] [] [] | 22 + gip | [] [] [] [] | 22 + gjay | [] | 3 + gliv | [] [] [] | 14 + glunarclock | [] [] [] [] [] | 19 + gnubiff | [] [] | 4 + gnucash | () [] () [] () | 10 + gnuedu | [] [] | 7 + gnulib | [] [] [] [] | 16 + gnunet | [] | 1 + gnunet-gtk | [] [] [] | 5 + gnutls | [] [] [] | 10 + gold | [] | 4 + gpe-aerial | [] [] [] | 18 + gpe-beam | [] [] [] | 19 + gpe-bluetooth | [] [] [] | 13 + gpe-calendar | [] [] [] [] | 12 + gpe-clock | [] [] [] [] [] | 28 + gpe-conf | [] [] [] [] | 20 + gpe-contacts | [] [] [] | 17 + gpe-edit | [] [] [] | 12 + gpe-filemanager | [] [] [] [] | 16 + gpe-go | [] [] [] [] [] | 25 + gpe-login | [] [] [] | 11 + gpe-ownerinfo | [] [] [] [] [] | 25 + gpe-package | [] [] [] | 13 + gpe-sketchbook | [] [] [] | 20 + gpe-su | [] [] [] [] [] | 30 + gpe-taskmanager | [] [] [] [] [] | 29 + gpe-timesheet | [] [] [] [] [] | 25 + gpe-today | [] [] [] [] [] [] | 30 + gpe-todo | [] [] [] [] | 17 + gphoto2 | [] [] [] [] [] | 24 + gprof | [] [] [] | 15 + gpsdrive | [] [] [] | 11 + gramadoir | [] [] [] | 11 + grep | [] [] [] | 10 + grub | [] [] [] | 14 + gsasl | [] [] [] [] | 14 + gss | [] [] [] | 11 + gst-plugins-bad | [] [] [] [] | 26 + gst-plugins-base | [] [] [] [] [] | 24 + gst-plugins-good | [] [] [] [] | 24 + gst-plugins-ugly | [] [] [] [] [] | 29 + gstreamer | [] [] [] [] | 22 + gtick | [] [] [] | 13 + gtkam | [] [] [] | 20 + gtkorphan | [] [] [] | 14 + gtkspell | [] [] [] [] [] [] [] [] [] | 45 + gutenprint | [] | 10 + hello | [] [] [] [] [] [] | 21 + help2man | [] [] | 7 + hylafax | [] | 5 + idutils | [] [] [] [] | 17 + indent | [] [] [] [] [] [] | 30 + iso_15924 | () [] () [] [] | 16 + iso_3166 | [] [] () [] [] () [] [] [] () | 53 + iso_3166_2 | () [] () [] | 9 + iso_4217 | [] () [] [] () [] [] | 26 + iso_639 | [] [] [] () [] () [] [] [] [] | 38 + iso_639_3 | [] () | 8 + jwhois | [] [] [] [] [] | 16 + kbd | [] [] [] [] [] | 15 + keytouch | [] [] [] | 16 + keytouch-editor | [] [] [] | 14 + keytouch-keyboa... | [] [] [] | 14 + klavaro | [] | 11 + latrine | [] [] [] | 10 + ld | [] [] [] [] | 11 + leafpad | [] [] [] [] [] [] | 33 + libc | [] [] [] [] [] | 21 + libexif | [] () | 7 + libextractor | [] | 1 + libgnutls | [] [] [] | 9 + libgpewidget | [] [] [] | 14 + libgpg-error | [] [] [] | 9 + libgphoto2 | [] [] | 8 + libgphoto2_port | [] [] [] [] | 14 + libgsasl | [] [] [] | 13 + libiconv | [] [] [] [] | 21 + libidn | () [] [] | 11 + lifelines | [] | 4 + liferea | [] [] [] | 21 + lilypond | [] | 7 + linkdr | [] [] [] [] [] | 17 + lordsawar | | 1 + lprng | [] | 3 + lynx | [] [] [] [] | 17 + m4 | [] [] [] [] | 19 + mailfromd | [] [] | 3 + mailutils | [] | 5 + make | [] [] [] [] | 21 + man-db | [] [] [] | 8 + man-db-manpages | | 4 + minicom | [] [] | 16 + mkisofs | [] [] | 9 + myserver | | 0 + nano | [] [] [] [] | 21 + opcodes | [] [] [] | 11 + parted | [] [] [] [] [] | 15 + pies | [] [] | 3 + popt | [] [] [] [] [] [] | 27 + psmisc | [] [] | 11 + pspp | | 4 + pwdutils | [] [] | 6 + radius | [] [] | 9 + recode | [] [] [] [] | 28 + rosegarden | () | 0 + rpm | [] [] [] | 11 + rush | [] [] | 4 + sarg | | 1 + screem | [] | 3 + scrollkeeper | [] [] [] [] [] | 27 + sed | [] [] [] [] [] | 30 + sharutils | [] [] [] [] [] | 22 + shishi | [] | 3 + skencil | [] [] | 7 + solfege | [] [] [] [] | 16 + solfege-manual | [] | 8 + soundtracker | [] [] [] | 9 + sp | [] | 3 + sysstat | [] [] | 15 + tar | [] [] [] [] [] [] | 23 + texinfo | [] [] [] [] [] | 17 + tin | | 4 unicode-han-tra... | | 0 unicode-transla... | | 2 - util-linux | [] [] [] | 20 - util-linux-ng | [] [] [] | 20 - vorbis-tools | [] [] | 4 - wastesedge | | 1 - wdiff | [] [] | 23 - wget | [] [] [] | 20 - xchat | [] [] [] [] | 29 - xkeyboard-config | [] [] [] | 14 - xpad | [] [] [] | 15 + util-linux-ng | [] [] [] [] | 20 + vice | () () | 1 + vmm | [] | 4 + vorbis-tools | [] | 6 + wastesedge | | 2 + wdiff | [] [] | 7 + wget | [] [] [] [] [] | 26 + wyslij-po | [] [] | 8 + xchat | [] [] [] [] [] [] | 36 + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] | 63 + xkeyboard-config | [] [] [] | 22 +---------------------------------------------------+ - 76 teams tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu - 163 domains 0 3 1 74 51 0 143 21 1 57 7 45 0 2036 + 85 teams sv sw ta te tg th tr uk vi wa zh_CN zh_HK zh_TW + 178 domains 119 1 3 3 0 10 65 51 155 17 98 7 41 2618 Some counters in the preceding matrix are higher than the number of visible blocks let us expect. This is because a few extra PO files are @@ -1042,12 +1256,12 @@ lag between the mere existence a PO file and its wide availability in a distribution. - If November 2007 seems to be old, you may fetch a more recent copy -of this `ABOUT-NLS' file on most GNU archive sites. The most -up-to-date matrix with full percentage details can be found at + If June 2010 seems to be old, you may fetch a more recent copy of +this `ABOUT-NLS' file on most GNU archive sites. The most up-to-date +matrix with full percentage details can be found at `http://translationproject.org/extra/matrix.html'. -1.6 Using `gettext' in new packages +1.5 Using `gettext' in new packages =================================== If you are writing a freely available program and want to diff -Nru gnupg2-2.1.6/acinclude.m4 gnupg2-2.0.28/acinclude.m4 --- gnupg2-2.1.6/acinclude.m4 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/acinclude.m4 2015-06-02 08:13:55.000000000 +0000 @@ -7,12 +7,12 @@ dnl it under the terms of the GNU General Public License as published by dnl the Free Software Foundation; either version 3 of the License, or dnl (at your option) any later version. -dnl +dnl dnl GnuPG is distributed in the hope that it will be useful, dnl but WITHOUT ANY WARRANTY; without even the implied warranty of dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the dnl GNU General Public License for more details. -dnl +dnl dnl You should have received a copy of the GNU General Public License dnl along with this program; if not, see . @@ -38,7 +38,7 @@ dnl GNUPG_CHECK_GNUMAKE dnl AC_DEFUN([GNUPG_CHECK_GNUMAKE], - [ + [ if ${MAKE-make} --version 2>/dev/null | grep '^GNU ' >/dev/null 2>&1; then : else @@ -59,7 +59,7 @@ if faqprog.pl -V 2>/dev/null | grep '^faqprog.pl ' >/dev/null 2>&1; then working_faqprog=yes FAQPROG="faqprog.pl" - else + else working_faqprog=no FAQPROG=": " fi @@ -77,7 +77,7 @@ dnl *** No need to worry about this warning. dnl ***]]) dnl fi - ]) + ]) dnl GNUPG_CHECK_DOCBOOK_TO_TEXI dnl @@ -93,7 +93,7 @@ fi AC_MSG_RESULT($working_sgmltotexi) AM_CONDITIONAL(HAVE_DOCBOOK_TO_TEXI, test "$working_sgmltotexi" = "yes" ) - ]) + ]) @@ -103,7 +103,6 @@ AC_DEFUN([GNUPG_CHECK_ENDIAN], [ tmp_assumed_endian=big - tmp_assume_warn="" if test "$cross_compiling" = yes; then case "$host_cpu" in i@<:@345678@:>@* ) @@ -112,6 +111,7 @@ *) ;; esac + AC_MSG_WARN(cross compiling; assuming $tmp_assumed_endian endianess) fi AC_MSG_CHECKING(endianess) AC_CACHE_VAL(gnupg_cv_c_endian, @@ -141,11 +141,10 @@ gnupg_cv_c_endian=little, gnupg_cv_c_endian=big, gnupg_cv_c_endian=$tmp_assumed_endian - tmp_assumed_warn=" (assumed)" ) fi ]) - AC_MSG_RESULT([${gnupg_cv_c_endian}${tmp_assumed_warn}]) + AC_MSG_RESULT([$gnupg_cv_c_endian]) if test "$gnupg_cv_c_endian" = little; then AC_DEFINE(LITTLE_ENDIAN_HOST,1, [Defined if the host has little endian byte ordering]) @@ -162,7 +161,7 @@ # Add a --enable-NAME option to configure an set the # shell variable build_NAME either to "yes" or "no". DEFAULT must # either be "yes" or "no" and decided on the default value for -# build_NAME and whether --enable-NAME or --disable-NAME is shown with +# build_NAME and whether --enable-NAME or --disable-NAME is shown with # ./configure --help AC_DEFUN([GNUPG_BUILD_PROGRAM], [build_$1=$2 @@ -178,7 +177,7 @@ case "$build_$1" in no|yes) ;; - *) + *) AC_MSG_ERROR([only yes or no allowed for feature --enable-$1]) ;; esac @@ -186,23 +185,6 @@ -# GNUPG_DISABLE_GPG_ALGO(NAME,DESCRIPTION) -# -# Add a --disable-gpg-NAME option and the corresponding ac_define -# GPG_USE_. -AC_DEFUN([GNUPG_GPG_DISABLE_ALGO], - [AC_MSG_CHECKING([whether to enable the $2 for gpg]) - AC_ARG_ENABLE([gpg-$1], AC_HELP_STRING([--disable-gpg-$1], - [disable the $2 algorithm in gpg]), - , enableval=yes) - AC_MSG_RESULT($enableval) - if test x"$enableval" = xyes ; then - AC_DEFINE(GPG_USE_[]m4_toupper($1), 1, [Define to support the $2]) - fi - ]) - - - # Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock # is not called from uid 0 (not tested whether uid 0 works) @@ -322,28 +304,5 @@ ]) -# GNUPG_TIME_T_UNSIGNED -# Check whether time_t is unsigned -# -AC_DEFUN([GNUPG_TIME_T_UNSIGNED], - [ AC_CACHE_CHECK(whether time_t is unsigned, gnupg_cv_time_t_unsigned, - [AC_REQUIRE([AC_HEADER_TIME])dnl - AC_COMPILE_IFELSE([AC_LANG_BOOL_COMPILE_TRY( - [AC_INCLUDES_DEFAULT([]) -#if TIME_WITH_SYS_TIME -# include -# include -#else -# if HAVE_SYS_TIME_H -# include -# else -# include -# endif -#endif -], - [((time_t)-1) < 0])], - gnupg_cv_time_t_unsigned=no, gnupg_cv_time_t_unsigned=yes)]) - if test $gnupg_cv_time_t_unsigned = yes; then - AC_DEFINE(HAVE_UNSIGNED_TIME_T,1,[Defined if time_t is an unsigned type]) - fi -])# GNUPG_TIME_T_UNSIGNED + + diff -Nru gnupg2-2.1.6/aclocal.m4 gnupg2-2.0.28/aclocal.m4 --- gnupg2-2.1.6/aclocal.m4 2015-06-17 10:46:52.000000000 +0000 +++ gnupg2-2.0.28/aclocal.m4 2015-06-02 08:37:24.000000000 +0000 @@ -77,220 +77,119 @@ AC_SUBST([INTL_MACOSX_LIBS]) ]) -# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -# serial 1 (pkg-config-0.24) -# -# Copyright © 2004 Scott James Remnant . -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# PKG_PROG_PKG_CONFIG([MIN-VERSION]) -# ---------------------------------- -AC_DEFUN([PKG_PROG_PKG_CONFIG], -[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) -m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) -m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) -AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) -AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) -AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=m4_default([$1], [0.9.0]) - AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - PKG_CONFIG="" - fi -fi[]dnl -])# PKG_PROG_PKG_CONFIG - -# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -# -# Check to see whether a particular set of modules exists. Similar -# to PKG_CHECK_MODULES(), but does not set variables or print errors. -# -# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -# only at the first occurence in configure.ac, so if the first place -# it's called might be skipped (such as if it is within an "if", you -# have to call PKG_CHECK_EXISTS manually -# -------------------------------------------------------------- -AC_DEFUN([PKG_CHECK_EXISTS], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -if test -n "$PKG_CONFIG" && \ - AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then - m4_default([$2], [:]) -m4_ifvaln([$3], [else - $3])dnl -fi]) - -# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) -# --------------------------------------------- -m4_define([_PKG_CONFIG], -[if test -n "$$1"; then - pkg_cv_[]$1="$$1" - elif test -n "$PKG_CONFIG"; then - PKG_CHECK_EXISTS([$3], - [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes ], - [pkg_failed=yes]) - else - pkg_failed=untried -fi[]dnl -])# _PKG_CONFIG - -# _PKG_SHORT_ERRORS_SUPPORTED -# ----------------------------- -AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi[]dnl -])# _PKG_SHORT_ERRORS_SUPPORTED - - -# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -# [ACTION-IF-NOT-FOUND]) -# -# -# Note that if there is a possibility the first call to -# PKG_CHECK_MODULES might not happen, you should be sure to include an -# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac -# -# -# -------------------------------------------------------------- -AC_DEFUN([PKG_CHECK_MODULES], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl -AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl - -pkg_failed=no -AC_MSG_CHECKING([for $1]) - -_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) -_PKG_CONFIG([$1][_LIBS], [libs], [$2]) - -m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS -and $1[]_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details.]) - -if test $pkg_failed = yes; then - AC_MSG_RESULT([no]) - _PKG_SHORT_ERRORS_SUPPORTED - if test $_pkg_short_errors_supported = yes; then - $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` - else - $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` +# longlong.m4 serial 17 +dnl Copyright (C) 1999-2007, 2009-2014 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl From Paul Eggert. + +# Define HAVE_LONG_LONG_INT if 'long long int' works. +# This fixes a bug in Autoconf 2.61, and can be faster +# than what's in Autoconf 2.62 through 2.68. + +# Note: If the type 'long long int' exists but is only 32 bits large +# (as on some very old compilers), HAVE_LONG_LONG_INT will not be +# defined. In this case you can treat 'long long int' like 'long int'. + +AC_DEFUN([AC_TYPE_LONG_LONG_INT], +[ + AC_REQUIRE([AC_TYPE_UNSIGNED_LONG_LONG_INT]) + AC_CACHE_CHECK([for long long int], [ac_cv_type_long_long_int], + [ac_cv_type_long_long_int=yes + if test "x${ac_cv_prog_cc_c99-no}" = xno; then + ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int + if test $ac_cv_type_long_long_int = yes; then + dnl Catch a bug in Tandem NonStop Kernel (OSS) cc -O circa 2004. + dnl If cross compiling, assume the bug is not important, since + dnl nobody cross compiles for this platform as far as we know. + AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[@%:@include + @%:@ifndef LLONG_MAX + @%:@ define HALF \ + (1LL << (sizeof (long long int) * CHAR_BIT - 2)) + @%:@ define LLONG_MAX (HALF - 1 + HALF) + @%:@endif]], + [[long long int n = 1; + int i; + for (i = 0; ; i++) + { + long long int m = n << i; + if (m >> i != n) + return 1; + if (LLONG_MAX / 2 < m) + break; + } + return 0;]])], + [], + [ac_cv_type_long_long_int=no], + [:]) fi - # Put the nasty error message in config.log where it belongs - echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD - - m4_default([$4], [AC_MSG_ERROR( -[Package requirements ($2) were not met: - -$$1_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -_PKG_TEXT])[]dnl - ]) -elif test $pkg_failed = untried; then - AC_MSG_RESULT([no]) - m4_default([$4], [AC_MSG_FAILURE( -[The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -_PKG_TEXT - -To get pkg-config, see .])[]dnl - ]) -else - $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS - $1[]_LIBS=$pkg_cv_[]$1[]_LIBS - AC_MSG_RESULT([yes]) - $3 -fi[]dnl -])# PKG_CHECK_MODULES - - -# PKG_INSTALLDIR(DIRECTORY) -# ------------------------- -# Substitutes the variable pkgconfigdir as the location where a module -# should install pkg-config .pc files. By default the directory is -# $libdir/pkgconfig, but the default can be changed by passing -# DIRECTORY. The user can override through the --with-pkgconfigdir -# parameter. -AC_DEFUN([PKG_INSTALLDIR], -[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) -m4_pushdef([pkg_description], - [pkg-config installation directory @<:@]pkg_default[@:>@]) -AC_ARG_WITH([pkgconfigdir], - [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, - [with_pkgconfigdir=]pkg_default) -AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) -m4_popdef([pkg_default]) -m4_popdef([pkg_description]) -]) dnl PKG_INSTALLDIR - - -# PKG_NOARCH_INSTALLDIR(DIRECTORY) -# ------------------------- -# Substitutes the variable noarch_pkgconfigdir as the location where a -# module should install arch-independent pkg-config .pc files. By -# default the directory is $datadir/pkgconfig, but the default can be -# changed by passing DIRECTORY. The user can override through the -# --with-noarch-pkgconfigdir parameter. -AC_DEFUN([PKG_NOARCH_INSTALLDIR], -[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) -m4_pushdef([pkg_description], - [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) -AC_ARG_WITH([noarch-pkgconfigdir], - [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, - [with_noarch_pkgconfigdir=]pkg_default) -AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) -m4_popdef([pkg_default]) -m4_popdef([pkg_description]) -]) dnl PKG_NOARCH_INSTALLDIR - - -# PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, -# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -# ------------------------------------------- -# Retrieves the value of the pkg-config variable for the given module. -AC_DEFUN([PKG_CHECK_VAR], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl + fi]) + if test $ac_cv_type_long_long_int = yes; then + AC_DEFINE([HAVE_LONG_LONG_INT], [1], + [Define to 1 if the system has the type 'long long int'.]) + fi +]) -_PKG_CONFIG([$1], [variable="][$3]["], [$2]) -AS_VAR_COPY([$1], [pkg_cv_][$1]) +# Define HAVE_UNSIGNED_LONG_LONG_INT if 'unsigned long long int' works. +# This fixes a bug in Autoconf 2.61, and can be faster +# than what's in Autoconf 2.62 through 2.68. + +# Note: If the type 'unsigned long long int' exists but is only 32 bits +# large (as on some very old compilers), AC_TYPE_UNSIGNED_LONG_LONG_INT +# will not be defined. In this case you can treat 'unsigned long long int' +# like 'unsigned long int'. + +AC_DEFUN([AC_TYPE_UNSIGNED_LONG_LONG_INT], +[ + AC_CACHE_CHECK([for unsigned long long int], + [ac_cv_type_unsigned_long_long_int], + [ac_cv_type_unsigned_long_long_int=yes + if test "x${ac_cv_prog_cc_c99-no}" = xno; then + AC_LINK_IFELSE( + [_AC_TYPE_LONG_LONG_SNIPPET], + [], + [ac_cv_type_unsigned_long_long_int=no]) + fi]) + if test $ac_cv_type_unsigned_long_long_int = yes; then + AC_DEFINE([HAVE_UNSIGNED_LONG_LONG_INT], [1], + [Define to 1 if the system has the type 'unsigned long long int'.]) + fi +]) -AS_VAR_IF([$1], [""], [$5], [$4])dnl -])# PKG_CHECK_VAR +# Expands to a C program that can be used to test for simultaneous support +# of 'long long' and 'unsigned long long'. We don't want to say that +# 'long long' is available if 'unsigned long long' is not, or vice versa, +# because too many programs rely on the symmetry between signed and unsigned +# integer types (excluding 'bool'). +AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET], +[ + AC_LANG_PROGRAM( + [[/* For now, do not test the preprocessor; as of 2007 there are too many + implementations with broken preprocessors. Perhaps this can + be revisited in 2012. In the meantime, code should not expect + #if to work with literals wider than 32 bits. */ + /* Test literals. */ + long long int ll = 9223372036854775807ll; + long long int nll = -9223372036854775807LL; + unsigned long long int ull = 18446744073709551615ULL; + /* Test constant expressions. */ + typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll) + ? 1 : -1)]; + typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1 + ? 1 : -1)]; + int i = 63;]], + [[/* Test availability of runtime routines for shift and division. */ + long long int llmax = 9223372036854775807ll; + unsigned long long int ullmax = 18446744073709551615ull; + return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i) + | (llmax / ll) | (llmax % ll) + | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i) + | (ullmax / ull) | (ullmax % ull));]]) +]) # Copyright (C) 2002-2013 Free Software Foundation, Inc. # @@ -1039,6 +938,35 @@ fi ]) +# -*- Autoconf -*- +# Obsolete and "removed" macros, that must however still report explicit +# error messages when used, to smooth transition. +# +# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +AC_DEFUN([AM_CONFIG_HEADER], +[AC_DIAGNOSE([obsolete], +['$0': this macro is obsolete. +You should use the 'AC][_CONFIG_HEADERS' macro instead.])dnl +AC_CONFIG_HEADERS($@)]) + +AC_DEFUN([AM_PROG_CC_STDC], +[AC_PROG_CC +am_cv_prog_cc_stdc=$ac_cv_prog_cc_stdc +AC_DIAGNOSE([obsolete], +['$0': this macro is obsolete. +You should simply use the 'AC][_PROG_CC' macro instead. +Also, your code should no longer depend upon 'am_cv_prog_cc_stdc', +but upon 'ac_cv_prog_cc_stdc'.])]) + +AC_DEFUN([AM_C_PROTOTYPES], + [AC_FATAL([automatic de-ANSI-fication support has been removed])]) +AU_DEFUN([fp_C_PROTOTYPES], [AM_C_PROTOTYPES]) + # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001-2013 Free Software Foundation, Inc. @@ -1455,9 +1383,22 @@ AC_SUBST([am__untar]) ]) # _AM_PROG_TAR +m4_include([gl/m4/absolute-header.m4]) +m4_include([gl/m4/alloca.m4]) +m4_include([gl/m4/allocsa.m4]) +m4_include([gl/m4/eealloc.m4]) +m4_include([gl/m4/gnulib-comp.m4]) +m4_include([gl/m4/gnulib-tool.m4]) +m4_include([gl/m4/mkdtemp.m4]) +m4_include([gl/m4/setenv.m4]) +m4_include([gl/m4/stdint.m4]) +m4_include([gl/m4/strpbrk.m4]) +m4_include([gl/m4/unistd_h.m4]) m4_include([m4/autobuild.m4]) m4_include([m4/codeset.m4]) +m4_include([m4/estream.m4]) m4_include([m4/gettext.m4]) +m4_include([m4/gnupg-pth.m4]) m4_include([m4/gpg-error.m4]) m4_include([m4/iconv.m4]) m4_include([m4/isc-posix.m4]) @@ -1468,14 +1409,16 @@ m4_include([m4/lib-link.m4]) m4_include([m4/lib-prefix.m4]) m4_include([m4/libassuan.m4]) +m4_include([m4/libcurl.m4]) m4_include([m4/libgcrypt.m4]) +m4_include([m4/longdouble.m4]) m4_include([m4/nls.m4]) -m4_include([m4/npth.m4]) -m4_include([m4/ntbtls.m4]) m4_include([m4/po.m4]) m4_include([m4/progtest.m4]) m4_include([m4/readline.m4]) +m4_include([m4/size_max.m4]) m4_include([m4/socklen.m4]) m4_include([m4/sys_socket_h.m4]) m4_include([m4/tar-ustar.m4]) +m4_include([m4/xsize.m4]) m4_include([acinclude.m4]) diff -Nru gnupg2-2.1.6/agent/agent.h gnupg2-2.0.28/agent/agent.h --- gnupg2-2.1.6/agent/agent.h 2015-06-30 20:26:08.000000000 +0000 +++ gnupg2-2.0.28/agent/agent.h 2015-06-02 08:13:55.000000000 +0000 @@ -1,6 +1,5 @@ /* agent.h - Global definitions for the agent - * Copyright (C) 2001, 2002, 2003, 2005, 2011 Free Software Foundation, Inc. - * Copyright (C) 2015 g10 Code GmbH. + * Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -35,7 +34,6 @@ #include "../common/membuf.h" #include "../common/sysutils.h" /* (gnupg_fd_t) */ #include "../common/session-env.h" -#include "../common/shareddefs.h" /* To convey some special hash algorithms we use algorithm numbers reserved for application use. */ @@ -47,8 +45,6 @@ /* Maximum length of a digest. */ #define MAX_DIGEST_LEN 64 - - /* A large struct name "opt" to keep global flags */ struct { @@ -59,26 +55,23 @@ int batch; /* Batch mode */ const char *homedir; /* Configuration directory name */ - /* True if we handle sigusr2. */ - int sigusr2_enabled; - - /* Environment settings gathered at program start or changed using the + /* Environment setting gathered at program start or changed using the Assuan command UPDATESTARTUPTTY. */ session_env_t startup_env; char *startup_lc_ctype; char *startup_lc_messages; - /* Enable pinentry debugging (--debug 1024 should also be used). */ - int debug_pinentry; - - /* Filename of the program to start as pinentry. */ - const char *pinentry_program; + /* True if we are listening on the standard socket. */ + int use_standard_socket; - /* Filename of the program to handle smartcard tasks. */ - const char *scdaemon_program; + /* True if we handle sigusr2. */ + int sigusr2_enabled; + const char *pinentry_program; /* Filename of the program to start as + pinentry. */ + const char *scdaemon_program; /* Filename of the program to handle + smartcard tasks. */ int disable_scdaemon; /* Never use the SCdaemon. */ - int no_grab; /* Don't let the pinentry grab the keyboard */ /* The name of the file pinentry shall tocuh before exiting. If @@ -93,68 +86,36 @@ /* Flag disallowing bypassing of the warning. */ int enforce_passphrase_constraints; - /* The require minmum length of a passphrase. */ unsigned int min_passphrase_len; - /* The minimum number of non-alpha characters in a passphrase. */ unsigned int min_passphrase_nonalpha; - /* File name with a patternfile or NULL if not enabled. */ const char *check_passphrase_pattern; - /* If not 0 the user is asked to change his passphrase after these number of days. */ unsigned int max_passphrase_days; - /* If set, a passphrase history will be written and checked at each passphrase change. */ int enable_passhrase_history; int running_detached; /* We are running detached from the tty. */ - /* If this global option is true, the passphrase cache is ignored - for signing operations. */ int ignore_cache_for_signing; - - /* If this global option is true, the user is allowed to - interactively mark certificate in trustlist.txt as trusted. */ int allow_mark_trusted; - - /* If this global option is true, the Assuan command - PRESET_PASSPHRASE is allowed. */ int allow_preset_passphrase; - /* If this global option is true, the Assuan option - pinentry-mode=loopback is allowed. */ - int allow_loopback_pinentry; - /* Allow the use of an external password cache. If this option is enabled (which is the default) we send an option to Pinentry to allow it to enable such a cache. */ int allow_external_cache; - /* If this global option is true, the Assuan option of Pinentry - allow-emacs-prompt is allowed. */ - int allow_emacs_pinentry; - int keep_tty; /* Don't switch the TTY (for pinentry) on request */ int keep_display; /* Don't switch the DISPLAY (for pinentry) on request */ - - /* This global options indicates the use of an extra socket. Note - that we use a hack for cleanup handling in gpg-agent.c: If the - value is less than 2 the name has not yet been malloced. */ - int extra_socket; - - /* This global options indicates the use of an extra socket for web - browsers. Note that we use a hack for cleanup handling in - gpg-agent.c: If the value is less than 2 the name has not yet - been malloced. */ - int browser_socket; + int ssh_support; /* Enable ssh-agent emulation. */ } opt; -/* Bit values for the --debug option. */ #define DBG_COMMAND_VALUE 1 /* debug commands i/o */ #define DBG_MPI_VALUE 2 /* debug mpi details */ #define DBG_CRYPTO_VALUE 4 /* debug low level crypto */ @@ -162,15 +123,14 @@ #define DBG_CACHE_VALUE 64 /* debug the caching */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ -#define DBG_IPC_VALUE 1024 /* Enable Assuan debugging. */ +#define DBG_ASSUAN_VALUE 1024 -/* Test macros for the debug option. */ #define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE) #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) -#define DBG_IPC (opt.debug & DBG_IPC_VALUE) +#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) /* Forward reference for local definitions in command.c. */ struct server_local_s; @@ -186,35 +146,21 @@ struct server_control_s { /* Private data used to fire up the connection thread. We use this - structure do avoid an extra allocation for only a few bytes while - spawning a new connection thread. */ + structure do avoid an extra allocation for just a few bytes. */ struct { gnupg_fd_t fd; } thread_startup; - /* Flag indicating the connection is run in restricted mode. - A value of 1 if used for --extra-socket, - a value of 2 is used for --browser-socket. */ - int restricted; - /* Private data of the server (command.c). */ struct server_local_s *server_local; /* Private data of the SCdaemon (call-scd.c). */ struct scd_local_s *scd_local; - /* Environment settings for the connection. */ session_env_t session_env; char *lc_ctype; char *lc_messages; - /* The current pinentry mode. */ - pinentry_mode_t pinentry_mode; - - /* The TTL used for the --preset option of certain commands. */ - int cache_ttl_opt_preset; - - /* Information on the currently used digest (for signing commands). */ struct { int algo; unsigned char value[MAX_DIGEST_LEN]; @@ -224,50 +170,34 @@ unsigned char keygrip[20]; int have_keygrip; - /* A flag to enable a hack to send the PKAUTH command instead of the - PKSIGN command to the scdaemon. */ - int use_auth_call; - - /* A flag to inhibit enforced passphrase change during an explicit - passwd command. */ - int in_passwd; - - /* The current S2K which might be different from the calibrated - count. */ - unsigned long s2k_count; + int use_auth_call; /* Hack to send the PKAUTH command instead of the + PKSIGN command to the scdaemon. */ + int in_passwd; /* Hack to inhibit enforced passphrase change + during an explicit passwd command. */ }; -/* Information pertaining to pinentry requests. */ struct pin_entry_info_s { int min_digits; /* min. number of digits required or 0 for freeform entry */ int max_digits; /* max. number of allowed digits allowed*/ - int max_tries; /* max. number of allowed tries. */ - int failed_tries; /* Number of tries so far failed. */ + int max_tries; + int failed_tries; int with_qualitybar; /* Set if the quality bar should be displayed. */ - int with_repeat; /* Request repetition of the passphrase. */ - int repeat_okay; /* Repetition worked. */ int (*check_cb)(struct pin_entry_info_s *); /* CB used to check the PIN */ void *check_cb_arg; /* optional argument which might be of use in the CB */ - const char *cb_errtext; /* used by the cb to display a specific error */ - size_t max_length; /* Allocated length of the buffer PIN. */ - char pin[1]; /* The buffer to hold the PIN or passphrase. - It's actual allocated length is given by - MAX_LENGTH (above). */ + const char *cb_errtext; /* used by the cb to displaye a specific error */ + size_t max_length; /* allocated length of the buffer */ + char pin[1]; }; -/* Types of the private keys. */ enum { - PRIVATE_KEY_UNKNOWN = 0, /* Type of key is not known. */ - PRIVATE_KEY_CLEAR = 1, /* The key is not protected. */ - PRIVATE_KEY_PROTECTED = 2, /* The key is protected. */ - PRIVATE_KEY_SHADOWED = 3, /* The key is a stub for a smartcard - based key. */ - PROTECTED_SHARED_SECRET = 4, /* RFU. */ - PRIVATE_KEY_OPENPGP_NONE = 5 /* openpgp-native with protection "none". */ + PRIVATE_KEY_UNKNOWN = 0, + PRIVATE_KEY_CLEAR = 1, + PRIVATE_KEY_PROTECTED = 2, + PRIVATE_KEY_SHADOWED = 3 }; @@ -278,67 +208,31 @@ CACHE_MODE_ANY, /* Any mode except ignore matches. */ CACHE_MODE_NORMAL, /* Normal cache (gpg-agent). */ CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */ - CACHE_MODE_SSH, /* SSH related cache. */ - CACHE_MODE_NONCE /* This is a non-predictable nonce. */ + CACHE_MODE_SSH /* SSH related cache. */ } cache_mode_t; -/* The TTL is seconds used for adding a new nonce mode cache item. */ -#define CACHE_TTL_NONCE 120 - -/* The TTL in seconds used by the --preset option of some commands. - This is the default value changeable by an OPTION command. */ -#define CACHE_TTL_OPT_PRESET 900 - /* The type of a function to lookup a TTL by a keygrip. */ typedef int (*lookup_ttl_t)(const char *hexgrip); -/* This is a special version of the usual _() gettext macro. It - assumes a server connection control variable with the name "ctrl" - and uses that to translate a string according to the locale set for - the connection. The macro LunderscoreIMPL is used by i18n to - actually define the inline function when needed. */ -#define L_(a) agent_Lunderscore (ctrl, (a)) -#define LunderscorePROTO \ - static inline const char *agent_Lunderscore (ctrl_t ctrl, \ - const char *string) \ - GNUPG_GCC_ATTR_FORMAT_ARG(2); -#define LunderscoreIMPL \ - static inline const char * \ - agent_Lunderscore (ctrl_t ctrl, const char *string) \ - { \ - return ctrl? i18n_localegettext (ctrl->lc_messages, string) \ - /* */: gettext (string); \ - } - - /*-- gpg-agent.c --*/ -void agent_exit (int rc) GPGRT_GCC_A_NR; /* Also implemented in other tools */ -gpg_error_t agent_copy_startup_env (ctrl_t ctrl); +void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */ const char *get_agent_socket_name (void); const char *get_agent_ssh_socket_name (void); #ifdef HAVE_W32_SYSTEM void *get_agent_scd_notify_event (void); #endif void agent_sighup_action (void); -int map_pk_openpgp_to_gcry (int openpgp_algo); /*-- command.c --*/ gpg_error_t agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid); gpg_error_t agent_write_status (ctrl_t ctrl, const char *keyword, ...) GNUPG_GCC_A_SENTINEL(0); -gpg_error_t agent_print_status (ctrl_t ctrl, const char *keyword, - const char *format, ...) - GPGRT_GCC_A_PRINTF(3,4); void bump_key_eventcounter (void); void bump_card_eventcounter (void); void start_command_handler (ctrl_t, gnupg_fd_t, gnupg_fd_t); -gpg_error_t pinentry_loopback (ctrl_t, const char *keyword, - unsigned char **buffer, size_t *size, - size_t max_length); - #ifdef HAVE_W32_SYSTEM int serve_mmapped_ssh_request (ctrl_t ctrl, unsigned char *request, size_t maxreqlen); @@ -361,27 +255,21 @@ int agent_write_private_key (const unsigned char *grip, const void *buffer, size_t length, int force); gpg_error_t agent_key_from_file (ctrl_t ctrl, - const char *cache_nonce, const char *desc_text, const unsigned char *grip, unsigned char **shadow_info, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, - gcry_sexp_t *result, - char **r_passphrase); + gcry_sexp_t *result); gpg_error_t agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip, gcry_sexp_t *result); gpg_error_t agent_public_key_from_file (ctrl_t ctrl, const unsigned char *grip, gcry_sexp_t *result); -int agent_is_dsa_key (gcry_sexp_t s_key); -int agent_is_eddsa_key (gcry_sexp_t s_key); int agent_key_available (const unsigned char *grip); gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, int *r_keytype, unsigned char **r_shadow_info); -gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, - const unsigned char *grip); /*-- call-pinentry.c --*/ void initialize_module_call_pinentry (void); @@ -406,51 +294,39 @@ int agent_clear_passphrase (ctrl_t ctrl, const char *keyinfo, cache_mode_t cache_mode); + /*-- cache.c --*/ -void initialize_module_cache (void); -void deinitialize_module_cache (void); void agent_flush_cache (void); int agent_put_cache (const char *key, cache_mode_t cache_mode, const char *data, int ttl); -char *agent_get_cache (const char *key, cache_mode_t cache_mode); -void agent_store_cache_hit (const char *key); +const char *agent_get_cache (const char *key, cache_mode_t cache_mode, + void **cache_id); +void agent_unlock_cache_entry (void **cache_id); /*-- pksign.c --*/ -int agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, - const char *desc_text, +int agent_pksign_do (ctrl_t ctrl, const char *desc_text, gcry_sexp_t *signature_sexp, - cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, - const void *overridedata, size_t overridedatalen); -int agent_pksign (ctrl_t ctrl, const char *cache_nonce, - const char *desc_text, + cache_mode_t cache_mode, lookup_ttl_t lookup_ttl); +int agent_pksign (ctrl_t ctrl, const char *desc_text, membuf_t *outbuf, cache_mode_t cache_mode); /*-- pkdecrypt.c --*/ int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, const unsigned char *ciphertext, size_t ciphertextlen, - membuf_t *outbuf, int *r_padding); + membuf_t *outbuf); /*-- genkey.c --*/ -int check_passphrase_constraints (ctrl_t ctrl, const char *pw, - char **failed_constraint); -gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, - char **r_passphrase); -int agent_genkey (ctrl_t ctrl, const char *cache_nonce, - const char *keyparam, size_t keyparmlen, - int no_protection, const char *override_passphrase, - int preset, membuf_t *outbuf); -gpg_error_t agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey, - char **passphrase_addr); +int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent); +int agent_genkey (ctrl_t ctrl, + const char *keyparam, size_t keyparmlen, membuf_t *outbuf); +int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); /*-- protect.c --*/ unsigned long get_standard_s2k_count (void); -unsigned char get_standard_s2k_count_rfc4880 (void); int agent_protect (const unsigned char *plainkey, const char *passphrase, - unsigned char **result, size_t *resultlen, - unsigned long s2k_count); -int agent_unprotect (ctrl_t ctrl, - const unsigned char *protectedkey, const char *passphrase, + unsigned char **result, size_t *resultlen); +int agent_unprotect (const unsigned char *protectedkey, const char *passphrase, gnupg_isotime_t protected_at, unsigned char **result, size_t *resultlen); int agent_private_key_type (const unsigned char *privatekey); @@ -461,12 +337,7 @@ int agent_get_shadow_info (const unsigned char *shadowkey, unsigned char const **shadow_info); gpg_error_t parse_shadow_info (const unsigned char *shadow_info, - char **r_hexsn, char **r_idstr, int *r_pinlen); -gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo, - int s2kmode, - const unsigned char *s2ksalt, - unsigned int s2kcount, - unsigned char *key, size_t keylen); + char **r_hexsn, char **r_idstr); /*-- trustlist.c --*/ @@ -481,16 +352,13 @@ /*-- divert-scd.c --*/ int divert_pksign (ctrl_t ctrl, const unsigned char *digest, size_t digestlen, int algo, - const unsigned char *shadow_info, unsigned char **r_sig, - size_t *r_siglen); + const unsigned char *shadow_info, unsigned char **r_sig); int divert_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher, const unsigned char *shadow_info, - char **r_buf, size_t *r_len, int *r_padding); + char **r_buf, size_t *r_len); int divert_generic_cmd (ctrl_t ctrl, const char *cmdline, void *assuan_context); -int divert_writekey (ctrl_t ctrl, int force, const char *serialno, - const char *id, const char *keydata, size_t keydatalen); /*-- call-scd.c --*/ @@ -512,7 +380,6 @@ const char *keyid, int (*getpin_cb)(void *, const char *, char*, size_t), void *getpin_cb_arg, - int mdalgo, const unsigned char *indata, size_t indatalen, unsigned char **r_buf, size_t *r_buflen); int agent_card_pkdecrypt (ctrl_t ctrl, @@ -520,15 +387,10 @@ int (*getpin_cb)(void *, const char *, char*,size_t), void *getpin_cb_arg, const unsigned char *indata, size_t indatalen, - char **r_buf, size_t *r_buflen, int *r_padding); + char **r_buf, size_t *r_buflen); int agent_card_readcert (ctrl_t ctrl, const char *id, char **r_buf, size_t *r_buflen); int agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf); -int agent_card_writekey (ctrl_t ctrl, int force, const char *serialno, - const char *id, const char *keydata, - size_t keydatalen, - int (*getpin_cb)(void *, const char *, char*, size_t), - void *getpin_cb_arg); gpg_error_t agent_card_getattr (ctrl_t ctrl, const char *name, char **result); int agent_card_scd (ctrl_t ctrl, const char *cmdline, int (*getpin_cb)(void *, const char *, char*, size_t), @@ -536,15 +398,7 @@ /*-- learncard.c --*/ -int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force); - +int agent_handle_learn (ctrl_t ctrl, void *assuan_context); -/*-- cvt-openpgp.c --*/ -gpg_error_t -extract_private_key (gcry_sexp_t s_key, int req_private_key_data, - const char **r_algoname, int *r_npkey, int *r_nskey, - const char **r_format, - gcry_mpi_t *mpi_array, int arraysize, - gcry_sexp_t *r_curve, gcry_sexp_t *r_flags); #endif /*AGENT_H*/ diff -Nru gnupg2-2.1.6/agent/cache.c gnupg2-2.0.28/agent/cache.c --- gnupg2-2.1.6/agent/cache.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/cache.c 2015-06-02 08:13:55.000000000 +0000 @@ -1,5 +1,5 @@ /* cache.c - keep a cache of passphrases - * Copyright (C) 2002, 2010 Free Software Foundation, Inc. + * Copyright (C) 2002 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -24,31 +24,13 @@ #include #include #include -#include #include "agent.h" -/* The size of the encryption key in bytes. */ -#define ENCRYPTION_KEYSIZE (128/8) - -/* A mutex used to protect the encryption. This is required because - we use one context to do all encryption and decryption. */ -static npth_mutex_t encryption_lock; -/* The encryption context. This is the only place where the - encryption key for all cached entries is available. It would be nice - to keep this (or just the key) in some hardware device, for example - a TPM. Libgcrypt could be extended to provide such a service. - With the current scheme it is easy to retrieve the cached entries - if access to Libgcrypt's memory is available. The encryption - merely avoids grepping for clear texts in the memory. Nevertheless - the encryption provides the necessary infrastructure to make it - more secure. */ -static gcry_cipher_hd_t encryption_handle; - - struct secret_data_s { - int totallen; /* This includes the padding and space for AESWRAP. */ - char data[1]; /* A string. */ + int totallen; /* this includes the padding */ + int datalen; /* actual data length */ + char data[1]; }; typedef struct cache_item_s *ITEM; @@ -57,89 +39,14 @@ time_t created; time_t accessed; int ttl; /* max. lifetime given in seconds, -1 one means infinite */ + int lockcount; struct secret_data_s *pw; cache_mode_t cache_mode; char key[1]; }; -/* The cache himself. */ -static ITEM thecache; - -/* NULL or the last cache key stored by agent_store_cache_hit. */ -static char *last_stored_cache_key; - - -/* This function must be called once to initialize this module. It - has to be done before a second thread is spawned. */ -void -initialize_module_cache (void) -{ - int err; - - err = npth_mutex_init (&encryption_lock, NULL); - - if (err) - log_fatal ("error initializing cache module: %s\n", strerror (err)); -} - - -void -deinitialize_module_cache (void) -{ - gcry_cipher_close (encryption_handle); - encryption_handle = NULL; -} - - -/* We do the encryption init on the fly. We can't do it in the module - init code because that is run before we listen for connections and - in case we are started on demand by gpg etc. it will only wait for - a few seconds to decide whether the agent may now accept - connections. Thus we should get into listen state as soon as - possible. */ -static gpg_error_t -init_encryption (void) -{ - gpg_error_t err; - void *key; - int res; - - if (encryption_handle) - return 0; /* Shortcut - Already initialized. */ - - res = npth_mutex_lock (&encryption_lock); - if (res) - log_fatal ("failed to acquire cache encryption mutex: %s\n", strerror (res)); - - err = gcry_cipher_open (&encryption_handle, GCRY_CIPHER_AES128, - GCRY_CIPHER_MODE_AESWRAP, GCRY_CIPHER_SECURE); - if (!err) - { - key = gcry_random_bytes (ENCRYPTION_KEYSIZE, GCRY_STRONG_RANDOM); - if (!key) - err = gpg_error_from_syserror (); - else - { - err = gcry_cipher_setkey (encryption_handle, key, ENCRYPTION_KEYSIZE); - xfree (key); - } - if (err) - { - gcry_cipher_close (encryption_handle); - encryption_handle = NULL; - } - } - if (err) - log_error ("error initializing cache encryption context: %s\n", - gpg_strerror (err)); - - res = npth_mutex_unlock (&encryption_lock); - if (res) - log_fatal ("failed to release cache encryption mutex: %s\n", strerror (res)); - - return err? gpg_error (GPG_ERR_NOT_INITIALIZED) : 0; -} +static ITEM thecache; static void @@ -148,67 +55,31 @@ xfree (data); } -static gpg_error_t -new_data (const char *string, struct secret_data_s **r_data) +static struct secret_data_s * +new_data (const void *data, size_t length) { - gpg_error_t err; - struct secret_data_s *d, *d_enc; - size_t length; + struct secret_data_s *d; int total; - int res; - - *r_data = NULL; - - err = init_encryption (); - if (err) - return err; - length = strlen (string) + 1; - - /* We pad the data to 32 bytes so that it get more complicated + /* we pad the data to 32 bytes so that it get more complicated finding something out by watching allocation patterns. This is - usally not possible but we better assume nothing about our secure - storage provider. To support the AESWRAP mode we need to add 8 - extra bytes as well. */ - total = (length + 8) + 32 - ((length+8) % 32); - - d = xtrymalloc_secure (sizeof *d + total - 1); - if (!d) - return gpg_error_from_syserror (); - memcpy (d->data, string, length); - - d_enc = xtrymalloc (sizeof *d_enc + total - 1); - if (!d_enc) - { - err = gpg_error_from_syserror (); - xfree (d); - return err; - } - - d_enc->totallen = total; - res = npth_mutex_lock (&encryption_lock); - if (res) - log_fatal ("failed to acquire cache encryption mutex: %s\n", - strerror (res)); - - err = gcry_cipher_encrypt (encryption_handle, d_enc->data, total, - d->data, total - 8); - xfree (d); - res = npth_mutex_unlock (&encryption_lock); - if (res) - log_fatal ("failed to release cache encryption mutex: %s\n", strerror (res)); - if (err) - { - xfree (d_enc); - return err; + usally not possible but we better assume nothing about our + secure storage provider*/ + total = length + 32 - (length % 32); + + d = gcry_malloc_secure (sizeof *d + total - 1); + if (d) + { + d->totallen = total; + d->datalen = length; + memcpy (d->data, data, length); } - *r_data = d_enc; - return 0; + return d; } -/* Check whether there are items to expire. */ +/* check whether there are items to expire */ static void housekeeping (void) { @@ -218,10 +89,11 @@ /* First expire the actual data */ for (r=thecache; r; r = r->next) { - if (r->pw && r->ttl >= 0 && r->accessed + r->ttl < current) + if (!r->lockcount && r->pw + && r->ttl >= 0 && r->accessed + r->ttl < current) { if (DBG_CACHE) - log_debug (" expired '%s' (%ds after last access)\n", + log_debug (" expired `%s' (%ds after last access)\n", r->key, r->ttl); release_data (r->pw); r->pw = NULL; @@ -234,16 +106,16 @@ for (r=thecache; r; r = r->next) { unsigned long maxttl; - + switch (r->cache_mode) { case CACHE_MODE_SSH: maxttl = opt.max_cache_ttl_ssh; break; default: maxttl = opt.max_cache_ttl; break; } - if (r->pw && r->created + maxttl < current) + if (!r->lockcount && r->pw && r->created + maxttl < current) { if (DBG_CACHE) - log_debug (" expired '%s' (%lus after creation)\n", + log_debug (" expired `%s' (%lus after creation)\n", r->key, opt.max_cache_ttl); release_data (r->pw); r->pw = NULL; @@ -257,16 +129,27 @@ { if (!r->pw && r->ttl >= 0 && r->accessed + 60*30 < current) { - ITEM r2 = r->next; - if (DBG_CACHE) - log_debug (" removed '%s' (mode %d) (slot not used for 30m)\n", - r->key, r->cache_mode); - xfree (r); - if (!rprev) - thecache = r2; + if (r->lockcount) + { + log_error ("can't remove unused cache entry `%s' due to" + " lockcount=%d\n", + r->key, r->lockcount); + r->accessed += 60*10; /* next error message in 10 minutes */ + rprev = r; + r = r->next; + } else - rprev->next = r2; - r = r2; + { + ITEM r2 = r->next; + if (DBG_CACHE) + log_debug (" removed `%s' (slot not used for 30m)\n", r->key); + xfree (r); + if (!rprev) + thecache = r2; + else + rprev->next = r2; + r = r2; + } } else { @@ -287,35 +170,41 @@ for (r=thecache; r; r = r->next) { - if (r->pw) + if (!r->lockcount && r->pw) { if (DBG_CACHE) - log_debug (" flushing '%s'\n", r->key); + log_debug (" flushing `%s'\n", r->key); release_data (r->pw); r->pw = NULL; r->accessed = 0; } + else if (r->lockcount && r->pw) + { + if (DBG_CACHE) + log_debug (" marked `%s' for flushing\n", r->key); + r->accessed = 0; + r->ttl = 0; + } } } -/* Store the string DATA in the cache under KEY and mark it with a - maximum lifetime of TTL seconds. If there is already data under - this key, it will be replaced. Using a DATA of NULL deletes the - entry. A TTL of 0 is replaced by the default TTL and a TTL of -1 - set infinite timeout. CACHE_MODE is stored with the cache entry +/* Store DATA of length DATALEN in the cache under KEY and mark it + with a maximum lifetime of TTL seconds. If there is already data + under this key, it will be replaced. Using a DATA of NULL deletes + the entry. A TTL of 0 is replaced by the default TTL and a TTL of + -1 set infinite timeout. CACHE_MODE is stored with the cache entry and used to select different timeouts. */ int agent_put_cache (const char *key, cache_mode_t cache_mode, const char *data, int ttl) { - gpg_error_t err = 0; ITEM r; if (DBG_CACHE) - log_debug ("agent_put_cache '%s' (mode %d) requested ttl=%d\n", - key, cache_mode, ttl); + log_debug ("agent_put_cache `%s' requested ttl=%d mode=%d\n", + key, ttl, cache_mode); housekeeping (); if (!ttl) @@ -326,19 +215,16 @@ default: ttl = opt.def_cache_ttl; break; } } - if ((!ttl && data) || cache_mode == CACHE_MODE_IGNORE) + if (!ttl || cache_mode == CACHE_MODE_IGNORE) return 0; for (r=thecache; r; r = r->next) { - if (((cache_mode != CACHE_MODE_USER - && cache_mode != CACHE_MODE_NONCE) - || r->cache_mode == cache_mode) - && !strcmp (r->key, key)) + if (!r->lockcount && !strcmp (r->key, key)) break; } - if (r) /* Replace. */ - { + if (r) + { /* replace */ if (r->pw) { release_data (r->pw); @@ -346,126 +232,109 @@ } if (data) { - r->created = r->accessed = gnupg_get_time (); + r->created = r->accessed = gnupg_get_time (); r->ttl = ttl; r->cache_mode = cache_mode; - err = new_data (data, &r->pw); - if (err) - log_error ("error replacing cache item: %s\n", gpg_strerror (err)); + r->pw = new_data (data, strlen (data)+1); + if (!r->pw) + log_error ("out of core while allocating new cache item\n"); } } - else if (data) /* Insert. */ - { + else if (data) + { /* simply insert */ r = xtrycalloc (1, sizeof *r + strlen (key)); if (!r) - err = gpg_error_from_syserror (); + log_error ("out of core while allocating new cache control\n"); else { strcpy (r->key, key); - r->created = r->accessed = gnupg_get_time (); + r->created = r->accessed = gnupg_get_time (); r->ttl = ttl; r->cache_mode = cache_mode; - err = new_data (data, &r->pw); - if (err) - xfree (r); + r->pw = new_data (data, strlen (data)+1); + if (!r->pw) + { + log_error ("out of core while allocating new cache item\n"); + xfree (r); + } else { r->next = thecache; thecache = r; } } - if (err) - log_error ("error inserting cache item: %s\n", gpg_strerror (err)); } - return err; + return 0; } /* Try to find an item in the cache. Note that we currently don't - make use of CACHE_MODE except for CACHE_MODE_NONCE and - CACHE_MODE_USER. */ -char * -agent_get_cache (const char *key, cache_mode_t cache_mode) + make use of CACHE_MODE. */ +const char * +agent_get_cache (const char *key, cache_mode_t cache_mode, void **cache_id) { - gpg_error_t err; ITEM r; - char *value = NULL; - int res; - int last_stored = 0; if (cache_mode == CACHE_MODE_IGNORE) return NULL; - if (!key) - { - key = last_stored_cache_key; - if (!key) - return NULL; - last_stored = 1; - } - - if (DBG_CACHE) - log_debug ("agent_get_cache '%s' (mode %d)%s ...\n", - key, cache_mode, - last_stored? " (stored cache key)":""); + log_debug ("agent_get_cache `%s'...\n", key); housekeeping (); + /* first try to find one with no locks - this is an updated cache + entry: We might have entries with a lockcount and without a + lockcount. */ for (r=thecache; r; r = r->next) { - if (r->pw - && ((cache_mode != CACHE_MODE_USER - && cache_mode != CACHE_MODE_NONCE) - || r->cache_mode == cache_mode) - && !strcmp (r->key, key)) + if (!r->lockcount && r->pw && !strcmp (r->key, key)) { - /* Note: To avoid races KEY may not be accessed anymore below. */ + /* put_cache does only put strings into the cache, so we + don't need the lengths */ r->accessed = gnupg_get_time (); if (DBG_CACHE) log_debug ("... hit\n"); - if (r->pw->totallen < 32) - err = gpg_error (GPG_ERR_INV_LENGTH); - else if ((err = init_encryption ())) - ; - else if (!(value = xtrymalloc_secure (r->pw->totallen - 8))) - err = gpg_error_from_syserror (); - else - { - res = npth_mutex_lock (&encryption_lock); - if (res) - log_fatal ("failed to acquire cache encryption mutex: %s\n", - strerror (res)); - err = gcry_cipher_decrypt (encryption_handle, - value, r->pw->totallen - 8, - r->pw->data, r->pw->totallen); - res = npth_mutex_unlock (&encryption_lock); - if (res) - log_fatal ("failed to release cache encryption mutex: %s\n", - strerror (res)); - } - if (err) - { - xfree (value); - value = NULL; - log_error ("retrieving cache entry '%s' failed: %s\n", - key, gpg_strerror (err)); - } - return value; + r->lockcount++; + *cache_id = r; + return r->pw->data; + } + } + /* again, but this time get even one with a lockcount set */ + for (r=thecache; r; r = r->next) + { + if (r->pw && !strcmp (r->key, key)) + { + r->accessed = gnupg_get_time (); + if (DBG_CACHE) + log_debug ("... hit (locked)\n"); + r->lockcount++; + *cache_id = r; + return r->pw->data; } } if (DBG_CACHE) log_debug ("... miss\n"); + *cache_id = NULL; return NULL; } -/* Store the key for the last successful cache hit. That value is - used by agent_get_cache if the requested KEY is given as NULL. - NULL may be used to remove that key. */ void -agent_store_cache_hit (const char *key) +agent_unlock_cache_entry (void **cache_id) { - xfree (last_stored_cache_key); - last_stored_cache_key = key? xtrystrdup (key) : NULL; + ITEM r; + + for (r=thecache; r; r = r->next) + { + if (r == *cache_id) + { + if (!r->lockcount) + log_error ("trying to unlock non-locked cache entry `%s'\n", + r->key); + else + r->lockcount--; + return; + } + } } diff -Nru gnupg2-2.1.6/agent/call-pinentry.c gnupg2-2.0.28/agent/call-pinentry.c --- gnupg2-2.1.6/agent/call-pinentry.c 2015-06-30 19:14:34.000000000 +0000 +++ gnupg2-2.0.28/agent/call-pinentry.c 2015-06-02 08:33:03.000000000 +0000 @@ -32,11 +32,11 @@ # include # include #endif -#include +#include #include "agent.h" #include -#include "sysutils.h" +#include "setenv.h" #include "i18n.h" #ifdef _POSIX_OPEN_MAX @@ -47,8 +47,8 @@ /* Because access to the pinentry must be serialized (it is and shall - be a global mutually exclusive dialog) we better timeout pending - requests after some time. 1 minute seem to be a reasonable + be a global mutual dialog) we should better timeout further + requests after some time. 2 minutes seem to be a reasonable time. */ #define LOCK_TIMEOUT (1*60) @@ -62,10 +62,10 @@ static ctrl_t entry_owner; /* A mutex used to serialize access to the pinentry. */ -static npth_mutex_t entry_lock; +static pth_mutex_t entry_lock; /* The thread ID of the popup working thread. */ -static npth_t popup_tid; +static pth_t popup_tid; /* A flag used in communication between the popup working thread and its stop function. */ @@ -95,20 +95,40 @@ if (!initialized) { - if (npth_mutex_init (&entry_lock, NULL)) + if (pth_mutex_init (&entry_lock)) initialized = 1; } } +static void +dump_mutex_state (pth_mutex_t *m) +{ +#ifdef _W32_PTH_H + (void)m; + log_printf ("unknown under W32"); +#else + if (!(m->mx_state & PTH_MUTEX_INITIALIZED)) + log_printf ("not_initialized"); + else if (!(m->mx_state & PTH_MUTEX_LOCKED)) + log_printf ("not_locked"); + else + log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count); +#endif +} + + /* This function may be called to print infromation pertaining to the current state of this module to the log. */ void agent_query_dump_state (void) { + log_info ("agent_query_dump_state: entry_lock="); + dump_mutex_state (&entry_lock); + log_printf ("\n"); log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld popup_tid=%p\n", - entry_ctx, (long)assuan_get_pid (entry_ctx), (void*)popup_tid); + entry_ctx, (long)assuan_get_pid (entry_ctx), popup_tid); } /* Called to make sure that a popup window owned by the current @@ -131,43 +151,13 @@ unlock_pinentry (int rc) { assuan_context_t ctx = entry_ctx; - int err; - - if (rc) - { - if (DBG_IPC) - log_debug ("error calling pinentry: %s <%s>\n", - gpg_strerror (rc), gpg_strsource (rc)); - - /* Change the source of the error to pinentry so that the final - consumer of the error code knows that the problem is with - pinentry. For backward compatibility we do not do that for - some common error codes. */ - switch (gpg_err_code (rc)) - { - case GPG_ERR_NO_PIN_ENTRY: - case GPG_ERR_CANCELED: - case GPG_ERR_FULLY_CANCELED: - case GPG_ERR_ASS_UNKNOWN_INQUIRE: - case GPG_ERR_ASS_TOO_MUCH_DATA: - case GPG_ERR_NO_PASSPHRASE: - case GPG_ERR_BAD_PASSPHRASE: - case GPG_ERR_BAD_PIN: - break; - - default: - rc = gpg_err_make (GPG_ERR_SOURCE_PINENTRY, gpg_err_code (rc)); - break; - } - } entry_ctx = NULL; - err = npth_mutex_unlock (&entry_lock); - if (err) + if (!pth_mutex_release (&entry_lock)) { - log_error ("failed to release the entry lock: %s\n", strerror (err)); + log_error ("failed to release the entry lock\n"); if (!rc) - rc = gpg_error_from_errno (err); + rc = gpg_error (GPG_ERR_INTERNAL); } assuan_release (ctx); return rc; @@ -180,6 +170,16 @@ atfork_cb (void *opaque, int where) { ctrl_t ctrl = opaque; +#ifndef HAVE_W32_SYSTEM + struct sigaction sa; + + /* Pop up message should be able to be killed by SIGINT. */ + sigemptyset (&sa.sa_mask); + sa.sa_handler = SIG_DFL; + sa.sa_flags = 0; + sigaction (SIGINT, &sa, NULL); + sigprocmask (SIG_SETMASK, &sa.sa_mask, NULL); /* Unblock all signals. */ +#endif if (!where) { @@ -200,7 +200,7 @@ { value = session_env_getenv (ctrl->session_env, name); if (value) - gnupg_setenv (name, value, 1); + setenv (name, value, 1); } } } @@ -232,32 +232,30 @@ static int start_pinentry (ctrl_t ctrl) { - int rc = 0; - const char *full_pgmname; + int rc; const char *pgmname; assuan_context_t ctx; const char *argv[5]; - assuan_fd_t no_close_list[3]; + int no_close_list[3]; int i; + pth_event_t evt; const char *tmpstr; unsigned long pinentry_pid; const char *value; - struct timespec abstime; - int err; - npth_clock_gettime (&abstime); - abstime.tv_sec += LOCK_TIMEOUT; - err = npth_mutex_timedlock (&entry_lock, &abstime); - if (err) + evt = pth_event (PTH_EVENT_TIME, pth_timeout (LOCK_TIMEOUT, 0)); + if (!pth_mutex_acquire (&entry_lock, 0, evt)) { - if (err == ETIMEDOUT) - rc = gpg_error (GPG_ERR_TIMEOUT); + if (pth_event_occurred (evt)) + rc = gpg_error (GPG_ERR_TIMEOUT); else - rc = gpg_error_from_errno (rc); + rc = gpg_error (GPG_ERR_INTERNAL); + pth_event_free (evt, PTH_FREE_THIS); log_error (_("failed to acquire the pinentry lock: %s\n"), gpg_strerror (rc)); return rc; } + pth_event_free (evt, PTH_FREE_THIS); entry_owner = ctrl; @@ -279,18 +277,18 @@ log_error ("error flushing pending output: %s\n", strerror (errno)); /* At least Windows XP fails here with EBADF. According to docs and Wine an fflush(NULL) is the same as _flushall. However - the Wine implementaion does not flush stdin,stdout and stderr - - see above. Let's try to ignore the error. */ + the Wime implementaion does not flush stdin,stdout and stderr + - see above. Lets try to ignore the error. */ #ifndef HAVE_W32_SYSTEM return unlock_pinentry (tmperr); #endif } - full_pgmname = opt.pinentry_program; - if (!full_pgmname || !*full_pgmname) - full_pgmname = gnupg_module_name (GNUPG_MODULE_NAME_PINENTRY); - if ( !(pgmname = strrchr (full_pgmname, '/'))) - pgmname = full_pgmname; + if (!opt.pinentry_program || !*opt.pinentry_program) + opt.pinentry_program = gnupg_module_name (GNUPG_MODULE_NAME_PINENTRY); + pgmname = opt.pinentry_program; + if ( !(pgmname = strrchr (opt.pinentry_program, '/'))) + pgmname = opt.pinentry_program; else pgmname++; @@ -298,7 +296,7 @@ the resource bundle. For other systems we stick to the usual convention of supplying only the name of the program. */ #ifdef __APPLE__ - argv[0] = full_pgmname; + argv[0] = opt.pinentry_program; #else /*!__APPLE__*/ argv[0] = pgmname; #endif /*__APPLE__*/ @@ -320,7 +318,7 @@ no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); } - no_close_list[i] = ASSUAN_INVALID_FD; + no_close_list[i] = -1; rc = assuan_new (&ctx); if (rc) @@ -328,30 +326,24 @@ log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc)); return rc; } - /* We don't want to log the pinentry communication to make the logs - easier to read. We might want to add a new debug option to enable - pinentry logging. */ -#ifdef ASSUAN_NO_LOGGING - assuan_set_flag (ctx, ASSUAN_NO_LOGGING, !opt.debug_pinentry); -#endif /* Connect to the pinentry and perform initial handshaking. Note that atfork is used to change the environment for pinentry. We start the server in detached mode to suppress the console window under Windows. */ - rc = assuan_pipe_connect (ctx, full_pgmname, argv, + rc = assuan_pipe_connect (ctx, opt.pinentry_program, argv, no_close_list, atfork_cb, ctrl, ASSUAN_PIPE_CONNECT_DETACHED); if (rc) { - log_error ("can't connect to the PIN entry module '%s': %s\n", - full_pgmname, gpg_strerror (rc)); + log_error ("can't connect to the PIN entry module: %s\n", + gpg_strerror (rc)); assuan_release (ctx); return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY)); } entry_ctx = ctx; - if (DBG_IPC) + if (DBG_ASSUAN) log_debug ("connection to PIN entry established\n"); rc = assuan_transact (entry_ctx, @@ -360,6 +352,7 @@ if (rc) return unlock_pinentry (rc); + value = session_env_getenv (ctrl->session_env, "GPG_TTY"); if (value) { @@ -407,7 +400,6 @@ return unlock_pinentry (rc); } - if (opt.allow_external_cache) { /* Indicate to the pinentry that it may read from an external cache. @@ -423,33 +415,22 @@ return unlock_pinentry (rc); } - if (opt.allow_emacs_pinentry) - { - /* Indicate to the pinentry that it may read passphrase through - Emacs minibuffer, if possible. */ - rc = assuan_transact (entry_ctx, "OPTION allow-emacs-prompt", - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); - } - { /* Provide a few default strings for use by the pinentries. This may help a pinentry to avoid implementing localization code. */ - static struct { const char *key, *value; int what; } tbl[] = { + static struct { const char *key, *value; int mode; } tbl[] = { /* TRANSLATORS: These are labels for buttons etc used in Pinentries. An underscore indicates that the next letter should be used as an accelerator. Double the underscore for a literal one. The actual to be translated text starts after - the second vertical bar. Note that gpg-agent has been set to - utf-8 so that the strings are in the expected encoding. */ + the second vertical bar. */ { "ok", N_("|pinentry-label|_OK") }, { "cancel", N_("|pinentry-label|_Cancel") }, { "yes", N_("|pinentry-label|_Yes") }, { "no", N_("|pinentry-label|_No") }, { "prompt", N_("|pinentry-label|PIN:") }, - { "pwmngr", N_("|pinentry-label|_Save in password manager"), 1 }, + { "pwmngr", N_("|pinentry-label|_Save in password manager") }, { "cf-visi",N_("Do you really want to make your " "passphrase visible on the screen?") }, { "tt-visi",N_("|pinentry-tt|Make passphrase visible") }, @@ -462,9 +443,7 @@ for (idx=0; tbl[idx].key; idx++) { - if (!opt.allow_external_cache && tbl[idx].what == 1) - continue; /* No need for it. */ - s = L_(tbl[idx].value); + s = _(tbl[idx].value); if (*s == '|' && (s2=strchr (s+1,'|'))) s = s2+1; if (asprintf (&optstr, "OPTION default-%s=%s", tbl[idx].key, s) < 0 ) @@ -516,10 +495,8 @@ else { rc = agent_inq_pinentry_launched (ctrl, pinentry_pid); - if (gpg_err_code (rc) == GPG_ERR_CANCELED - || gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) - return unlock_pinentry (gpg_err_make (GPG_ERR_SOURCE_DEFAULT, - gpg_err_code (rc))); + if (gpg_err_code (rc) == GPG_ERR_CANCELED) + return unlock_pinentry (gpg_error (GPG_ERR_CANCELED)); rc = 0; } @@ -527,43 +504,39 @@ } -/* Returns True if the pinentry is currently active. If WAITSECONDS is +/* Returns True is the pinentry is currently active. If WAITSECONDS is greater than zero the function will wait for this many seconds before returning. */ int pinentry_active_p (ctrl_t ctrl, int waitseconds) { - int err; (void)ctrl; if (waitseconds > 0) { - struct timespec abstime; + pth_event_t evt; int rc; - npth_clock_gettime (&abstime); - abstime.tv_sec += waitseconds; - err = npth_mutex_timedlock (&entry_lock, &abstime); - if (err) + evt = pth_event (PTH_EVENT_TIME, pth_timeout (waitseconds, 0)); + if (!pth_mutex_acquire (&entry_lock, 0, evt)) { - if (err == ETIMEDOUT) + if (pth_event_occurred (evt)) rc = gpg_error (GPG_ERR_TIMEOUT); else rc = gpg_error (GPG_ERR_INTERNAL); + pth_event_free (evt, PTH_FREE_THIS); return rc; } + pth_event_free (evt, PTH_FREE_THIS); } else { - err = npth_mutex_trylock (&entry_lock); - if (err) + if (!pth_mutex_acquire (&entry_lock, 1, NULL)) return gpg_error (GPG_ERR_LOCKED); } - err = npth_mutex_unlock (&entry_lock); - if (err) - log_error ("failed to release the entry lock at %d: %s\n", __LINE__, - strerror (errno)); + if (!pth_mutex_release (&entry_lock)) + log_error ("failed to release the entry lock at %d\n", __LINE__); return 0; } @@ -601,7 +574,7 @@ /* Return a new malloced string by unescaping the string S. Escaping is percent escaping and '+'/space mapping. A binary Nul will silently be replaced by a 0xFF. Function returns NULL to indicate - an out of memory status. Parsing stops at the end of the string or + an out of memory status. PArsing stops at the end of the string or a white space character. */ static char * unescape_passphrase_string (const unsigned char *s) @@ -662,21 +635,24 @@ inq_quality (void *opaque, const char *line) { assuan_context_t ctx = opaque; - const char *s; char *pin; int rc; int percent; char numbuf[20]; - if ((s = has_leading_keyword (line, "QUALITY"))) + if (!strncmp (line, "QUALITY", 7) && (line[7] == ' ' || !line[7])) { - pin = unescape_passphrase_string (s); + line += 7; + while (*line == ' ') + line++; + + pin = unescape_passphrase_string (line); if (!pin) rc = gpg_error_from_syserror (); else { percent = estimate_passphrase_quality (pin); - if (check_passphrase_constraints (NULL, pin, NULL)) + if (check_passphrase_constraints (NULL, pin, 1)) percent = -percent; snprintf (numbuf, sizeof numbuf, "%d", percent); rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); @@ -685,7 +661,7 @@ } else { - log_error ("unsupported inquiry '%s' from pinentry\n", line); + log_error ("unsupported inquiry `%s' from pinentry\n", line); rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE); } @@ -695,7 +671,7 @@ /* Helper for agent_askpin and agent_get_passphrase. */ static int -setup_qualitybar (ctrl_t ctrl) +setup_qualitybar (void) { int rc; char line[ASSUAN_LINELENGTH]; @@ -704,7 +680,7 @@ /* TRANSLATORS: This string is displayed by Pinentry as the label for the quality bar. */ - tmpstr = try_percent_escape (L_("Quality:"), "\t\r\n\f\v"); + tmpstr = try_percent_escape (_("Quality:"), "\t\r\n\f\v"); snprintf (line, DIM(line)-1, "SETQUALITYBAR %s", tmpstr? tmpstr:""); line[DIM(line)-1] = 0; xfree (tmpstr); @@ -726,7 +702,7 @@ tooltip is limited to about 900 characters. If you do not translate this entry, a default english text (see source) will be used. */ - tooltip = L_("pinentry.qualitybar.tooltip"); + tooltip = _("pinentry.qualitybar.tooltip"); if (!strcmp ("pinentry.qualitybar.tooltip", tooltip)) tooltip = ("The quality of the text entered above.\n" "Please ask your administrator for " @@ -747,10 +723,9 @@ return 0; } + enum { - PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0, - PINENTRY_STATUS_PIN_REPEATED = 1 << 8, PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9 }; @@ -760,31 +735,18 @@ pinentry_status_cb (void *opaque, const char *line) { unsigned int *flag = opaque; - const char *args; - if ((args = has_leading_keyword (line, "BUTTON_INFO"))) - { - if (!strcmp (args, "close")) - *flag |= PINENTRY_STATUS_CLOSE_BUTTON; - } - else if (has_leading_keyword (line, "PIN_REPEATED")) - { - *flag |= PINENTRY_STATUS_PIN_REPEATED; - } - else if (has_leading_keyword (line, "PASSWORD_FROM_CACHE")) + if (strcmp (line, "PASSWORD_FROM_CACHE") == 0) { *flag |= PINENTRY_STATUS_PASSWORD_FROM_CACHE; } return 0; } - - - /* Call the Entry and ask for the PIN. We do check for a valid PIN number here and repeat it as long as we have invalid formed - numbers. KEYINFO and CACHE_MODE are used to tell pinentry something + numbers. KEYINFO and CACHEMODE are used to tell pinentry something about the key. */ int agent_askpin (ctrl_t ctrl, @@ -804,43 +766,14 @@ if (opt.batch) return 0; /* fixme: we should return BAD PIN */ - if (ctrl->pinentry_mode != PINENTRY_MODE_ASK) - { - if (ctrl->pinentry_mode == PINENTRY_MODE_CANCEL) - return gpg_error (GPG_ERR_CANCELED); - if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK) - { - unsigned char *passphrase; - size_t size; - - *pininfo->pin = 0; /* Reset the PIN. */ - rc = pinentry_loopback(ctrl, "PASSPHRASE", &passphrase, &size, - pininfo->max_length); - if (rc) - return rc; - - memcpy(&pininfo->pin, passphrase, size); - xfree(passphrase); - pininfo->pin[size] = 0; - if (pininfo->check_cb) - { - /* More checks by utilizing the optional callback. */ - pininfo->cb_errtext = NULL; - rc = pininfo->check_cb (pininfo); - } - return rc; - } - return gpg_error(GPG_ERR_NO_PIN_ENTRY); - } - if (!pininfo || pininfo->max_length < 1) return gpg_error (GPG_ERR_INV_VALUE); if (!desc_text && pininfo->min_digits) - desc_text = L_("Please enter your PIN, so that the secret key " - "can be unlocked for this session"); + desc_text = _("Please enter your PIN, so that the secret key " + "can be unlocked for this session"); else if (!desc_text) - desc_text = L_("Please enter your passphrase, so that the secret key " - "can be unlocked for this session"); + desc_text = _("Please enter your passphrase, so that the secret key " + "can be unlocked for this session"); if (prompt_text) is_pin = !!strstr (prompt_text, "PIN"); @@ -877,7 +810,7 @@ return unlock_pinentry (rc); snprintf (line, DIM(line)-1, "SETPROMPT %s", - prompt_text? prompt_text : is_pin? L_("PIN:") : L_("Passphrase:")); + prompt_text? prompt_text : is_pin? "PIN:" : "Passphrase:"); line[DIM(line)-1] = 0; rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) @@ -888,7 +821,7 @@ to the pinentry. */ if (pininfo->with_qualitybar && opt.min_passphrase_len ) { - rc = setup_qualitybar (ctrl); + rc = setup_qualitybar (); if (rc) return unlock_pinentry (rc); } @@ -903,18 +836,6 @@ return unlock_pinentry (rc); } - if (pininfo->with_repeat) - { - snprintf (line, DIM(line)-1, "SETREPEATERROR %s", - L_("does not match - try again")); - line[DIM(line)-1] = 0; - rc = assuan_transact (entry_ctx, line, - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc) - pininfo->with_repeat = 0; /* Pinentry does not support it. */ - } - pininfo->repeat_okay = 0; - for (;pininfo->failed_tries < pininfo->max_tries; pininfo->failed_tries++) { memset (&parm, 0, sizeof parm); @@ -927,7 +848,7 @@ /* TRANSLATORS: The string is appended to an error message in the pinentry. The %s is the actual error message, the two %d give the current and maximum number of tries. */ - snprintf (line, DIM(line)-1, L_("SETERROR %s (try %d of %d)"), + snprintf (line, DIM(line)-1, _("SETERROR %s (try %d of %d)"), errtext, pininfo->failed_tries+1, pininfo->max_tries); line[DIM(line)-1] = 0; rc = assuan_transact (entry_ctx, line, @@ -937,22 +858,12 @@ errtext = NULL; } - if (pininfo->with_repeat) - { - snprintf (line, DIM(line)-1, "SETREPEAT %s", L_("Repeat:")); - line[DIM(line)-1] = 0; - rc = assuan_transact (entry_ctx, line, - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc) - return unlock_pinentry (rc); - } - saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); pinentry_status = 0; rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, inq_quality, entry_ctx, - pinentry_status_cb, &pinentry_status); + pinentry_status_cb, &pinentry_status); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code for canceled which gets translated to an assuan Cancel error and @@ -961,16 +872,9 @@ && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); - - /* Change error code in case the window close button was clicked - to cancel the operation. */ - if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON) - && gpg_err_code (rc) == GPG_ERR_CANCELED) - rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); - if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA) - errtext = is_pin? L_("PIN too long") - : L_("Passphrase too long"); + errtext = is_pin? _("PIN too long") + : _("Passphrase too long"); else if (rc) return unlock_pinentry (rc); @@ -978,12 +882,12 @@ { /* do some basic checks on the entered PIN. */ if (!all_digitsp (pininfo->pin)) - errtext = L_("Invalid characters in PIN"); + errtext = _("Invalid characters in PIN"); else if (pininfo->max_digits && strlen (pininfo->pin) > pininfo->max_digits) - errtext = L_("PIN too long"); + errtext = _("PIN too long"); else if (strlen (pininfo->pin) < pininfo->min_digits) - errtext = L_("PIN too short"); + errtext = _("PIN too short"); } if (!errtext && pininfo->check_cb) @@ -995,18 +899,14 @@ errtext = pininfo->cb_errtext; else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE || gpg_err_code (rc) == GPG_ERR_BAD_PIN) - errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase")); + errtext = (is_pin? _("Bad PIN") + : _("Bad Passphrase")); else if (rc) return unlock_pinentry (rc); } if (!errtext) - { - if (pininfo->with_repeat - && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED)) - pininfo->repeat_okay = 1; - return unlock_pinentry (0); /* okay, got a PIN or passphrase */ - } + return unlock_pinentry (0); /* okay, got a PIN or passphrase */ if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) /* The password was read from the cache. Don't count this @@ -1021,7 +921,7 @@ /* Ask for the passphrase using the supplied arguments. The returned - passphrase needs to be freed by the caller. */ + passphrase needs to be freed by the caller. */ int agent_get_passphrase (ctrl_t ctrl, char **retpass, const char *desc, const char *prompt, @@ -1033,42 +933,17 @@ char line[ASSUAN_LINELENGTH]; struct entry_parm_s parm; int saveflag; - unsigned int pinentry_status; *retpass = NULL; if (opt.batch) return gpg_error (GPG_ERR_BAD_PASSPHRASE); - if (ctrl->pinentry_mode != PINENTRY_MODE_ASK) - { - if (ctrl->pinentry_mode == PINENTRY_MODE_CANCEL) - return gpg_error (GPG_ERR_CANCELED); - - if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK) - { - size_t size; - size_t len = ASSUAN_LINELENGTH/2; - unsigned char *buffer = gcry_malloc_secure (len); - - rc = pinentry_loopback(ctrl, "PASSPHRASE", &buffer, &size, len); - if (rc) - xfree(buffer); - else - { - buffer[size] = 0; - *retpass = buffer; - } - return rc; - } - return gpg_error (GPG_ERR_NO_PIN_ENTRY); - } - rc = start_pinentry (ctrl); if (rc) return rc; if (!prompt) - prompt = desc && strstr (desc, "PIN")? L_("PIN:"): L_("Passphrase:"); + prompt = desc && strstr (desc, "PIN")? "PIN": _("Passphrase"); /* If we have a KEYINFO string and are normal, user, or ssh cache @@ -1108,7 +983,7 @@ if (with_qualitybar && opt.min_passphrase_len) { - rc = setup_qualitybar (ctrl); + rc = setup_qualitybar (); if (rc) return unlock_pinentry (rc); } @@ -1130,22 +1005,14 @@ saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); - pinentry_status = 0; rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, - inq_quality, entry_ctx, - pinentry_status_cb, &pinentry_status); + inq_quality, entry_ctx, NULL, NULL); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code for canceled which gets translated to an assuan Cancel error and not to the code for a user cancel. Fix this here. */ if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); - /* Change error code in case the window close button was clicked - to cancel the operation. */ - if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON) - && gpg_err_code (rc) == GPG_ERR_CANCELED) - rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); - if (rc) xfree (parm.buffer); else @@ -1170,14 +1037,6 @@ int rc; char line[ASSUAN_LINELENGTH]; - if (ctrl->pinentry_mode != PINENTRY_MODE_ASK) - { - if (ctrl->pinentry_mode == PINENTRY_MODE_CANCEL) - return gpg_error (GPG_ERR_CANCELED); - - return gpg_error (GPG_ERR_NO_PIN_ENTRY); - } - rc = start_pinentry (ctrl); if (rc) return rc; @@ -1243,7 +1102,7 @@ /* Pop up the PINentry, display the text DESC and a button with the - text OK_BTN (which may be NULL to use the default of "OK") and wait + text OK_BTN (which may be NULL to use the default of "OK") and waut for the user to hit this button. The return value is not relevant. */ int @@ -1252,9 +1111,6 @@ int rc; char line[ASSUAN_LINELENGTH]; - if (ctrl->pinentry_mode != PINENTRY_MODE_ASK) - return gpg_error (GPG_ERR_CANCELED); - rc = start_pinentry (ctrl); if (rc) return rc; @@ -1321,11 +1177,7 @@ { int rc; char line[ASSUAN_LINELENGTH]; - npth_attr_t tattr; - int err; - - if (ctrl->pinentry_mode != PINENTRY_MODE_ASK) - return gpg_error (GPG_ERR_CANCELED); + pth_attr_t tattr; rc = start_pinentry (ctrl); if (rc) @@ -1349,22 +1201,22 @@ return unlock_pinentry (rc); } - err = npth_attr_init (&tattr); - if (err) - return unlock_pinentry (gpg_error_from_errno (err)); - npth_attr_setdetachstate (&tattr, NPTH_CREATE_JOINABLE); + tattr = pth_attr_new(); + pth_attr_set (tattr, PTH_ATTR_JOINABLE, 1); + pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024); + pth_attr_set (tattr, PTH_ATTR_NAME, "popup-message"); popup_finished = 0; - err = npth_create (&popup_tid, &tattr, popup_message_thread, NULL); - npth_attr_destroy (&tattr); - if (err) + popup_tid = pth_spawn (tattr, popup_message_thread, NULL); + if (!popup_tid) { - rc = gpg_error_from_errno (err); + rc = gpg_error_from_syserror (); log_error ("error spawning popup message handler: %s\n", - strerror (err) ); + strerror (errno) ); + pth_attr_destroy (tattr); return unlock_pinentry (rc); } - npth_setname_np (popup_tid, "popup-message"); + pth_attr_destroy (tattr); return 0; } @@ -1414,19 +1266,18 @@ #endif /* Now wait for the thread to terminate. */ - rc = npth_join (popup_tid, NULL); - if (rc) + rc = pth_join (popup_tid, NULL); + if (!rc) log_debug ("agent_popup_message_stop: pth_join failed: %s\n", - strerror (rc)); - /* Thread IDs are opaque, but we try our best here by resetting it - to the same content that a static global variable has. */ - memset (&popup_tid, '\0', sizeof (popup_tid)); + strerror (errno)); + popup_tid = NULL; entry_owner = NULL; /* Now we can close the connection. */ unlock_pinentry (0); } + int agent_clear_passphrase (ctrl_t ctrl, const char *keyinfo, cache_mode_t cache_mode) diff -Nru gnupg2-2.1.6/agent/call-scd.c gnupg2-2.0.28/agent/call-scd.c --- gnupg2-2.1.6/agent/call-scd.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/call-scd.c 2015-06-02 08:13:55.000000000 +0000 @@ -1,7 +1,5 @@ /* call-scd.c - fork of the scdaemon to do SC operations - * Copyright (C) 2001, 2002, 2005, 2007, 2010, - * 2011 Free Software Foundation, Inc. - * Copyright (C) 2013 Werner Koch + * Copyright (C) 2001, 2002, 2005, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -27,15 +25,13 @@ #include #include #include -#ifdef HAVE_SIGNAL_H -# include -#endif +#include #include #include #ifndef HAVE_W32_SYSTEM #include #endif -#include +#include #include "agent.h" #include @@ -46,6 +42,15 @@ #define MAX_OPEN_FDS 20 #endif +/* This Assuan flag is only available since libassuan 2.0.2. Because + comments lines are comments anyway we can use a replacement which + might not do anything. assuan_{g,s}et_flag don't return an error + thus there won't be any ABI problem. */ +#ifndef ASSUAN_CONVEY_COMMENTS +#define ASSUAN_CONVEY_COMMENTS 4 +#endif + + /* Definition of module local data of the CTRL structure. */ struct scd_local_s { @@ -78,14 +83,13 @@ void *sinfo_cb_arg; }; -struct inq_needpin_s +struct inq_needpin_s { assuan_context_t ctx; int (*getpin_cb)(void *, const char *, char*, size_t); void *getpin_cb_arg; assuan_context_t passthru; /* If not NULL, pass unknown inquiries up to the caller. */ - int any_inq_seen; }; @@ -94,7 +98,7 @@ static struct scd_local_s *scd_local_list; /* A Mutex used inside the start_scd function. */ -static npth_mutex_t start_scd_lock; +static pth_mutex_t start_scd_lock; /* A malloced string with the name of the socket to be used for additional connections. May be NULL if not provided by @@ -121,35 +125,53 @@ /* This function must be called once to initialize this module. This has to be done before a second thread is spawned. We can't do the - static initialization because NPth emulation code might not be able + static initialization because Pth emulation code might not be able to do a static init; in particular, it is not possible for W32. */ void initialize_module_call_scd (void) { static int initialized; - int err; if (!initialized) { - err = npth_mutex_init (&start_scd_lock, NULL); - if (err) - log_fatal ("error initializing mutex: %s\n", strerror (err)); + if (!pth_mutex_init (&start_scd_lock)) + log_fatal ("error initializing mutex: %s\n", strerror (errno)); initialized = 1; } } +static void +dump_mutex_state (pth_mutex_t *m) +{ +#ifdef _W32_PTH_H + (void)m; + log_printf ("unknown under W32"); +#else + if (!(m->mx_state & PTH_MUTEX_INITIALIZED)) + log_printf ("not_initialized"); + else if (!(m->mx_state & PTH_MUTEX_LOCKED)) + log_printf ("not_locked"); + else + log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count); +#endif +} + + /* This function may be called to print infromation pertaining to the current state of this module to the log. */ void agent_scd_dump_state (void) { + log_info ("agent_scd_dump_state: scd_lock="); + dump_mutex_state (&start_scd_lock); + log_printf ("\n"); log_info ("agent_scd_dump_state: primary_scd_ctx=%p pid=%ld reusable=%d\n", - primary_scd_ctx, + primary_scd_ctx, (long)assuan_get_pid (primary_scd_ctx), primary_scd_ctx_reusable); if (socket_name) - log_info ("agent_scd_dump_state: socket='%s'\n", socket_name); + log_info ("agent_scd_dump_state: socket=`%s'\n", socket_name); } @@ -160,9 +182,20 @@ called and error checked before any SCD operation. CTRL is the usual connection context and RC the error code to be passed trhough the function. */ -static int +static int unlock_scd (ctrl_t ctrl, int rc) { + if (gpg_err_code (rc) == GPG_ERR_NOT_OPERATIONAL + && gpg_err_source (rc) == GPG_ERR_SOURCE_SCD) + { + /* If the SCdaemon returned this error, it detected a major + problem, like no reader connected. To finish this we need to + stop the connection. This simulates an explicit killing of + the SCdaemon. */ + assuan_transact (primary_scd_ctx, "BYE", + NULL, NULL, NULL, NULL, NULL, NULL); + } + if (ctrl->scd_local->locked != 1) { log_error ("unlock_scd: invalid lock count (%d)\n", @@ -198,7 +231,7 @@ const char *pgmname; assuan_context_t ctx = NULL; const char *argv[3]; - assuan_fd_t no_close_list[3]; + int no_close_list[3]; int i; int rc; @@ -236,11 +269,10 @@ /* We need to protect the following code. */ - rc = npth_mutex_lock (&start_scd_lock); - if (rc) + if (!pth_mutex_acquire (&start_scd_lock, 0, NULL)) { log_error ("failed to acquire the start_scd lock: %s\n", - strerror (rc)); + strerror (errno)); return gpg_error (GPG_ERR_INTERNAL); } @@ -269,7 +301,7 @@ rc = assuan_socket_connect (ctx, socket_name, 0, 0); if (rc) { - log_error ("can't connect to socket '%s': %s\n", + log_error ("can't connect to socket `%s': %s\n", socket_name, gpg_strerror (rc)); err = gpg_error (GPG_ERR_NO_SCDAEMON); goto leave; @@ -290,7 +322,7 @@ /* Nope, it has not been started. Fire it up now. */ if (opt.verbose) log_info ("no running SCdaemon - starting it\n"); - + if (fflush (NULL)) { #ifndef HAVE_W32_SYSTEM @@ -324,7 +356,7 @@ no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); } - no_close_list[i] = ASSUAN_INVALID_FD; + no_close_list[i] = -1; /* Connect to the pinentry and perform initial handshaking. Use detached flag (128) so that under W32 SCDAEMON does not show up a @@ -342,6 +374,8 @@ if (opt.verbose) log_debug ("first connection to SCdaemon established\n"); + if (DBG_ASSUAN) + assuan_set_log_stream (ctx, log_get_stream ()); /* Get the name of the additional socket opened by scdaemon. */ { @@ -366,29 +400,26 @@ { memcpy (socket_name, databuf, datalen); socket_name[datalen] = 0; - if (DBG_IPC) - log_debug ("additional connections at '%s'\n", socket_name); + if (DBG_ASSUAN) + log_debug ("additional connections at `%s'\n", socket_name); } } xfree (databuf); } - /* Tell the scdaemon we want him to send us an event signal. We - don't support this for W32CE. */ -#ifndef HAVE_W32CE_SYSTEM + /* Tell the scdaemon we want him to send us an event signal. */ if (opt.sigusr2_enabled) { char buf[100]; - + #ifdef HAVE_W32_SYSTEM - snprintf (buf, sizeof buf, "OPTION event-signal=%lx", + snprintf (buf, sizeof buf, "OPTION event-signal=%lx", (unsigned long)get_agent_scd_notify_event ()); #else snprintf (buf, sizeof buf, "OPTION event-signal=%d", SIGUSR2); #endif assuan_transact (ctx, buf, NULL, NULL, NULL, NULL, NULL, NULL); } -#endif /*HAVE_W32CE_SYSTEM*/ primary_scd_ctx = ctx; primary_scd_ctx_reusable = 0; @@ -399,14 +430,13 @@ unlock_scd (ctrl, err); if (ctx) assuan_release (ctx); - } + } else { ctrl->scd_local->ctx = ctx; } - rc = npth_mutex_unlock (&start_scd_lock); - if (rc) - log_error ("failed to release the start_scd lock: %s\n", strerror (rc)); + if (!pth_mutex_release (&start_scd_lock)) + log_error ("failed to release the start_scd lock: %s\n", strerror (errno)); return err; } @@ -425,36 +455,35 @@ void agent_scd_check_aliveness (void) { + pth_event_t evt; pid_t pid; #ifdef HAVE_W32_SYSTEM DWORD rc; #else int rc; #endif - struct timespec abstime; - int err; if (!primary_scd_ctx) return; /* No scdaemon running. */ /* This is not a critical function so we use a short timeout while acquiring the lock. */ - npth_clock_gettime (&abstime); - abstime.tv_sec += 1; - err = npth_mutex_timedlock (&start_scd_lock, &abstime); - if (err) + evt = pth_event (PTH_EVENT_TIME, pth_timeout (1, 0)); + if (!pth_mutex_acquire (&start_scd_lock, 0, evt)) { - if (err == ETIMEDOUT) + if (pth_event_occurred (evt)) { if (opt.verbose > 1) log_info ("failed to acquire the start_scd lock while" - " doing an aliveness check: %s\n", strerror (err)); + " doing an aliveness check: %s\n", "timeout"); } else log_error ("failed to acquire the start_scd lock while" - " doing an aliveness check: %s\n", strerror (err)); + " doing an aliveness check: %s\n", strerror (errno)); + pth_event_free (evt, PTH_FREE_THIS); return; } + pth_event_free (evt, PTH_FREE_THIS); if (primary_scd_ctx) { @@ -490,7 +519,7 @@ sl->ctx = NULL; } } - + primary_scd_ctx = NULL; primary_scd_ctx_reusable = 0; @@ -499,10 +528,9 @@ } } - err = npth_mutex_unlock (&start_scd_lock); - if (err) + if (!pth_mutex_release (&start_scd_lock)) log_error ("failed to release the start_scd lock while" - " doing the aliveness check: %s\n", strerror (err)); + " doing the aliveness check: %s\n", strerror (errno)); } @@ -540,7 +568,7 @@ assuan_release (ctrl->scd_local->ctx); ctrl->scd_local->ctx = NULL; } - + /* Remove the local context from our list and release it. */ if (!scd_local_list) BUG (); @@ -549,7 +577,7 @@ else { struct scd_local_s *sl; - + for (sl=scd_local_list; sl->next_local; sl = sl->next_local) if (sl->next_local == ctrl->scd_local) break; @@ -589,7 +617,7 @@ { parm->sinfo_cb (parm->sinfo_cb_arg, keyword, keywordlen, line); } - + return 0; } @@ -656,7 +684,7 @@ memcpy (*serialno, line, n); (*serialno)[n] = 0; } - + return 0; } @@ -696,21 +724,22 @@ put_membuf (data, buffer, length); return 0; } - + /* Handle the NEEDPIN inquiry. */ static gpg_error_t inq_needpin (void *opaque, const char *line) { struct inq_needpin_s *parm = opaque; - const char *s; char *pin; size_t pinlen; int rc; - parm->any_inq_seen = 1; - if ((s = has_leading_keyword (line, "NEEDPIN"))) + if (!strncmp (line, "NEEDPIN", 7) && (line[7] == ' ' || !line[7])) { - line = s; + line += 7; + while (*line == ' ') + line++; + pinlen = 90; pin = gcry_malloc_secure (pinlen); if (!pin) @@ -721,11 +750,17 @@ rc = assuan_send_data (parm->ctx, pin, pinlen); xfree (pin); } - else if ((s = has_leading_keyword (line, "POPUPPINPADPROMPT"))) + else if (!strncmp (line, "POPUPPINPADPROMPT", 17) + && (line[17] == ' ' || !line[17])) { - rc = parm->getpin_cb (parm->getpin_cb_arg, s, NULL, 1); + line += 17; + while (*line == ' ') + line++; + + rc = parm->getpin_cb (parm->getpin_cb_arg, line, NULL, 1); } - else if ((s = has_leading_keyword (line, "DISMISSPINPADPROMPT"))) + else if (!strncmp (line, "DISMISSPINPADPROMPT", 19) + && (line[19] == ' ' || !line[19])) { rc = parm->getpin_cb (parm->getpin_cb_arg, "", NULL, 0); } @@ -747,7 +782,7 @@ assuan_end_confidential (parm->passthru); if (!rc) { - if ((rest = (needrest + if ((rest = (needrest && !assuan_get_flag (parm->ctx, ASSUAN_CONFIDENTIAL)))) assuan_begin_confidential (parm->ctx); rc = assuan_send_data (parm->ctx, value, valuelen); @@ -756,12 +791,12 @@ xfree (value); } else - log_error ("error forwarding inquiry '%s': %s\n", + log_error ("error forwarding inquiry `%s': %s\n", line, gpg_strerror (rc)); } else { - log_error ("unsupported inquiry '%s'\n", line); + log_error ("unsupported inquiry `%s'\n", line); rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE); } @@ -769,63 +804,23 @@ } -/* Helper returning a command option to describe the used hash - algorithm. See scd/command.c:cmd_pksign. */ -static const char * -hash_algo_option (int algo) -{ - switch (algo) - { - case GCRY_MD_MD5 : return "--hash=md5"; - case GCRY_MD_RMD160: return "--hash=rmd160"; - case GCRY_MD_SHA1 : return "--hash=sha1"; - case GCRY_MD_SHA224: return "--hash=sha224"; - case GCRY_MD_SHA256: return "--hash=sha256"; - case GCRY_MD_SHA384: return "--hash=sha384"; - case GCRY_MD_SHA512: return "--hash=sha512"; - default: return ""; - } -} - - -static gpg_error_t -cancel_inquire (ctrl_t ctrl, gpg_error_t rc) -{ - gpg_error_t oldrc = rc; - - /* The inquire callback was called and transact returned a - cancel error. We assume that the inquired process sent a - CANCEL. The passthrough code is not able to pass on the - CANCEL and thus scdaemon would stuck on this. As a - workaround we send a CANCEL now. */ - rc = assuan_write_line (ctrl->scd_local->ctx, "CAN"); - if (!rc) { - char *line; - size_t len; - - rc = assuan_read_line (ctrl->scd_local->ctx, &line, &len); - if (!rc) - rc = oldrc; - } - - return rc; -} -/* Create a signature using the current card. MDALGO is either 0 or - gives the digest algorithm. */ +/* Create a signature using the current card */ int agent_card_pksign (ctrl_t ctrl, const char *keyid, int (*getpin_cb)(void *, const char *, char*, size_t), void *getpin_cb_arg, - int mdalgo, const unsigned char *indata, size_t indatalen, unsigned char **r_buf, size_t *r_buflen) { - int rc; - char line[ASSUAN_LINELENGTH]; + int rc, i; + char *p, line[ASSUAN_LINELENGTH]; membuf_t data; struct inq_needpin_s inqparm; + size_t len; + unsigned char *sigbuf; + size_t sigbuflen; *r_buf = NULL; rc = start_scd (ctrl); @@ -835,8 +830,10 @@ if (indatalen*2 + 50 > DIM(line)) return unlock_scd (ctrl, gpg_error (GPG_ERR_GENERAL)); - bin2hex (indata, indatalen, stpcpy (line, "SETDATA ")); - + sprintf (line, "SETDATA "); + p = line + strlen (line); + for (i=0; i < indatalen ; i++, p += 2 ) + sprintf (p, "%02X", indata[i]); rc = assuan_transact (ctrl->scd_local->ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) @@ -847,62 +844,47 @@ inqparm.getpin_cb = getpin_cb; inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.passthru = 0; - inqparm.any_inq_seen = 0; - if (ctrl->use_auth_call) - snprintf (line, sizeof line, "PKAUTH %s", keyid); - else - snprintf (line, sizeof line, "PKSIGN %s %s", - hash_algo_option (mdalgo), keyid); + snprintf (line, DIM(line)-1, + ctrl->use_auth_call? "PKAUTH %s":"PKSIGN %s", keyid); + line[DIM(line)-1] = 0; rc = assuan_transact (ctrl->scd_local->ctx, line, membuf_data_cb, &data, inq_needpin, &inqparm, NULL, NULL); - if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || - gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) - rc = cancel_inquire (ctrl, rc); - if (rc) { - size_t len; - xfree (get_membuf (&data, &len)); return unlock_scd (ctrl, rc); } + sigbuf = get_membuf (&data, &sigbuflen); - *r_buf = get_membuf (&data, r_buflen); - return unlock_scd (ctrl, 0); -} - - - - -/* Check whether there is any padding info from scdaemon. */ -static gpg_error_t -padding_info_cb (void *opaque, const char *line) -{ - int *r_padding = opaque; - const char *s; - - if ((s=has_leading_keyword (line, "PADDING"))) - { - *r_padding = atoi (s); - } + /* Create an S-expression from it which is formatted like this: + "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" */ + *r_buflen = 21 + 11 + sigbuflen + 4; + p = xtrymalloc (*r_buflen); + *r_buf = (unsigned char*)p; + if (!p) + return unlock_scd (ctrl, out_of_core ()); + p = stpcpy (p, "(7:sig-val(3:rsa(1:s" ); + sprintf (p, "%u:", (unsigned int)sigbuflen); + p += strlen (p); + memcpy (p, sigbuf, sigbuflen); + p += sigbuflen; + strcpy (p, ")))"); + xfree (sigbuf); - return 0; + assert (gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL)); + return unlock_scd (ctrl, 0); } - -/* Decipher INDATA using the current card. Note that the returned - value is not an s-expression but the raw data as returned by - scdaemon. The padding information is stored at R_PADDING with -1 - for not known. */ +/* Decipher INDATA using the current card. Note that the returned value is */ int agent_card_pkdecrypt (ctrl_t ctrl, const char *keyid, int (*getpin_cb)(void *, const char *, char*, size_t), void *getpin_cb_arg, const unsigned char *indata, size_t indatalen, - char **r_buf, size_t *r_buflen, int *r_padding) + char **r_buf, size_t *r_buflen) { int rc, i; char *p, line[ASSUAN_LINELENGTH]; @@ -911,45 +893,34 @@ size_t len; *r_buf = NULL; - *r_padding = -1; /* Unknown. */ rc = start_scd (ctrl); if (rc) return rc; /* FIXME: use secure memory where appropriate */ + if (indatalen*2 + 50 > DIM(line)) + return unlock_scd (ctrl, gpg_error (GPG_ERR_GENERAL)); - for (len = 0; len < indatalen;) - { - p = stpcpy (line, "SETDATA "); - if (len) - p = stpcpy (p, "--append "); - for (i=0; len < indatalen && (i*2 < DIM(line)-50); i++, len++) - { - sprintf (p, "%02X", indata[len]); - p += 2; - } - rc = assuan_transact (ctrl->scd_local->ctx, line, - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc) - return unlock_scd (ctrl, rc); - } + sprintf (line, "SETDATA "); + p = line + strlen (line); + for (i=0; i < indatalen ; i++, p += 2 ) + sprintf (p, "%02X", indata[i]); + rc = assuan_transact (ctrl->scd_local->ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc) + return unlock_scd (ctrl, rc); init_membuf (&data, 1024); inqparm.ctx = ctrl->scd_local->ctx; inqparm.getpin_cb = getpin_cb; inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.passthru = 0; - inqparm.any_inq_seen = 0; snprintf (line, DIM(line)-1, "PKDECRYPT %s", keyid); line[DIM(line)-1] = 0; rc = assuan_transact (ctrl->scd_local->ctx, line, membuf_data_cb, &data, inq_needpin, &inqparm, - padding_info_cb, r_padding); - if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || - gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) - rc = cancel_inquire (ctrl, rc); - + NULL, NULL); if (rc) { xfree (get_membuf (&data, &len)); @@ -1041,64 +1012,6 @@ } -struct writekey_parm_s -{ - assuan_context_t ctx; - int (*getpin_cb)(void *, const char *, char*, size_t); - void *getpin_cb_arg; - assuan_context_t passthru; - int any_inq_seen; - /**/ - const unsigned char *keydata; - size_t keydatalen; -}; - -/* Handle a KEYDATA inquiry. Note, we only send the data, - assuan_transact takes care of flushing and writing the end */ -static gpg_error_t -inq_writekey_parms (void *opaque, const char *line) -{ - struct writekey_parm_s *parm = opaque; - - if (has_leading_keyword (line, "KEYDATA")) - return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen); - else - return inq_needpin (opaque, line); -} - - -int -agent_card_writekey (ctrl_t ctrl, int force, const char *serialno, - const char *id, const char *keydata, size_t keydatalen, - int (*getpin_cb)(void *, const char *, char*, size_t), - void *getpin_cb_arg) -{ - int rc; - char line[ASSUAN_LINELENGTH]; - struct writekey_parm_s parms; - - (void)serialno; - rc = start_scd (ctrl); - if (rc) - return rc; - - snprintf (line, DIM(line)-1, "WRITEKEY %s%s", force ? "--force " : "", id); - line[DIM(line)-1] = 0; - parms.ctx = ctrl->scd_local->ctx; - parms.getpin_cb = getpin_cb; - parms.getpin_cb_arg = getpin_cb_arg; - parms.passthru = 0; - parms.any_inq_seen = 0; - parms.keydata = keydata; - parms.keydatalen = keydatalen; - - rc = assuan_transact (ctrl->scd_local->ctx, line, NULL, NULL, - inq_writekey_parms, &parms, NULL, NULL); - if (parms.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || - gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) - rc = cancel_inquire (ctrl, rc); - return unlock_scd (ctrl, rc); -} /* Type used with the card_getattr_cb. */ struct card_getattr_parm_s { @@ -1131,7 +1044,7 @@ if (!parm->data) parm->error = errno; } - + return 0; } @@ -1159,7 +1072,7 @@ /* We assume that NAME does not need escaping. */ if (8 + strlen (name) > DIM(line)-1) return gpg_error (GPG_ERR_TOO_LARGE); - stpcpy (stpcpy (line, "GETATTR "), name); + stpcpy (stpcpy (line, "GETATTR "), name); err = start_scd (ctrl); if (err) @@ -1170,10 +1083,10 @@ card_getattr_cb, &parm); if (!err && parm.error) err = gpg_error_from_errno (parm.error); - + if (!err && !parm.data) err = gpg_error (GPG_ERR_NO_DATA); - + if (!err) *result = parm.data; else @@ -1192,28 +1105,16 @@ char keyword[200]; int i; - if (line[0] == '#' && (!line[1] || spacep (line+1))) - { - /* We are called in convey comments mode. Now, if we see a - comment marker as keyword we forward the line verbatim to the - the caller. This way the comment lines from scdaemon won't - appear as status lines with keyword '#'. */ - assuan_write_line (ctx, line); - } - else - { - for (i=0; *line && !spacep (line) && i < DIM(keyword)-1; line++, i++) - keyword[i] = *line; - keyword[i] = 0; - - /* Truncate any remaining keyword stuff. */ - for (; *line && !spacep (line); line++) - ; - while (spacep (line)) - line++; + for (i=0; *line && !spacep (line) && i < DIM(keyword)-1; line++, i++) + keyword[i] = *line; + keyword[i] = 0; + /* truncate any remaining keyword stuff. */ + for (; *line && !spacep (line); line++) + ; + while (spacep (line)) + line++; - assuan_write_status (ctx, keyword, line); - } + assuan_write_status (ctx, keyword, line); return 0; } @@ -1248,16 +1149,12 @@ inqparm.getpin_cb = getpin_cb; inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.passthru = assuan_context; - inqparm.any_inq_seen = 0; saveflag = assuan_get_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS); assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, 1); rc = assuan_transact (ctrl->scd_local->ctx, cmdline, pass_data_thru, assuan_context, inq_needpin, &inqparm, pass_status_thru, assuan_context); - if (inqparm.any_inq_seen && gpg_err_code(rc) == GPG_ERR_ASS_CANCELED) - rc = cancel_inquire (ctrl, rc); - assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, saveflag); if (rc) { @@ -1266,3 +1163,5 @@ return unlock_scd (ctrl, 0); } + + diff -Nru gnupg2-2.1.6/agent/ChangeLog-2011 gnupg2-2.0.28/agent/ChangeLog-2011 --- gnupg2-2.1.6/agent/ChangeLog-2011 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/ChangeLog-2011 2015-06-02 08:13:55.000000000 +0000 @@ -1,64 +1,14 @@ -2011-12-01 Werner Koch +2011-12-02 Werner Koch NB: ChangeLog files are no longer manually maintained. Starting on December 1st, 2011 we put change information only in the GIT commit log, and generate a top-level ChangeLog file from logs at "make dist". See doc/HACKING for details. -2011-11-28 Werner Koch +2011-08-04 Werner Koch - * command-ssh.c (card_key_available): Change wording of no key - diagnostic. - (ssh_handler_request_identities): Do not call card_key_available - if the scdaemon is disabled. - -2011-09-12 Ben Kibbey - - * genkey.c (agent_ask_new_passphrase): Allow for an empty passphrase - (no protection) in PINENTRY_MODE_LOOPBACK. - -2011-09-10 Ben Kibbey - - * agent.h (pinentry_loopback): New prototype. - * command.c (pinentry_loopback): New function to inquire a passphrase - from the client. For use with pinentry-mode=loopback. - * call-pinentry.c (agent_askpin): Handle PINENTRY_MODE_LOOPBACK. - * call-pinentry.c (agent_get_passphrase): Ditto. - * genkey.c (agent_ask_new_passphrase): Ditto. - -2011-08-10 Werner Koch - - * genkey.c (check_passphrase_pattern): Use gpg_strerror instead of - strerror. - * command-ssh.c (ssh_receive_mpint_list): Remove unused var - ELEMS_PUBLIC_N. - * gpg-agent.c (main): Remove unused var MAY_COREDUMP. - -2011-08-09 Ben Kibbey - - * command.c (option_handler): Have option s2k-count match the - documentation. - -2011-07-27 Werner Koch - - * call-scd.c (struct inq_needpin_s): Add field ANY_INQ_SEEN. - (inq_needpin): Set it. - (agent_card_scd): Send the cancel only if an inquire was actually - used. - -2011-07-09 Ben Kibbey - - * call-scd.c (agent_card_scd): Send the CANCEL command back to SCD - when the SCD command is cancelled from the client. - -2011-07-22 Werner Koch - - * command-ssh.c (ssh_receive_key): Do not init comment to an empty - static string; in the error case it would be freed. - -2011-07-20 Werner Koch - - * command.c (do_one_keyinfo, cmd_keyinfo): Support option --ssh-fpr. + * command.c (cmd_keyinfo, do_one_keyinfo): Support options --data + and --ssh-fpr. * command-ssh.c (ssh_identity_register): Display the ssh fingerprint in the prompt. @@ -69,165 +19,28 @@ (search_control_file): Add new arg R_CONFIRM and enhance parser. * findkey.c (agent_raw_key_from_file): New. (modify_description): Add format letter %F. + * findkey.c (agent_key_from_file): Simplify comment extraction by using gcry_sexp_nth_string. -2011-06-28 Ben Kibbey - - * command.c (option_handler): Add option s2k-count. - * agent.h (server_control_s): Add member s2k_count. - * genkey.c (store_key): Add parameter s2k_count. - * protect.c (agent_protect): Add parameter s2k_count. - * protect.c (do_encryption): Add parameter s2k_count. - -2011-06-01 Marcus Brinkmann - - * cvt-openpgp.c (convert_to_openpgp): Change type of N to unsigned - int. - -2011-04-26 Werner Koch - - * cvt-openpgp.c (convert_to_openpgp): Use rfc4880 encoded S2K count. - * protect.c (get_standard_s2k_count_rfc4880): New. - (S2K_DECODE_COUNT): New. - (s2k_hash_passphrase): Use the new macro. - -2011-04-21 Werner Koch - - * agent.h (server_control_s): Add field cache_ttl_opt_preset. - * gpg-agent.c (agent_init_default_ctrl): Init this field. - * genkey.c (agent_genkey): Use this new variable. - * command.c (cmd_passwd): Ditto. - (option_handler): Add new option cache-ttl-opt-preset. - -2011-04-20 Marcus Brinkmann - - * command.c (cmd_import_key): Release key from failed import - before converting openpgp private key in the openpgp-private-key - case. - -2011-04-17 Ben Kibbey - - * command.c (cmd_passwd): Check for an error before presetting. - -2011-04-12 Ben Kibbey - - * command.c (cmd_passwd): Fixed --preset when not previously cached. - -2011-04-12 Werner Koch - - * agent.h (CACHE_TTL_NONCE, CACHE_TTL_OPT_PRESET): New. - * command.c (cmd_passwd, cmd_import_key): Use new macros. - * genkey.c (agent_genkey): Ditto. - -2011-04-10 Ben Kibbey - - * command.c (cmd_passwd): Add option --preset. - * command.c (cmd_genkey): Add option --preset. - * genkey.c (agent_genkey): Add parameter preset. - -2011-04-06 Ben Kibbey - - * command.c (do_one_keyinfo): Add protection type field. - -2011-03-10 Werner Koch - - * protect.c (hash_passphrase): Use the new gcry_kdf_derive. - -2011-03-08 Werner Koch - - * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: Remove. - -2011-03-03 Ben Kibbey - - * command.c (cmd_preset_passphrase): Add option --inquire. - -2011-03-03 Werner Koch - - * gpg-agent.c: Add option --allow-loopback-pinentry. - * command.c (option_handler): Add option pinentry-mode. - * agent.h (pinentry_mode_t): New enum. - (struct server_local_s): Add PINENTRY_MODE. - (struct opt): Add ALLOW_LOOPBACK_PINENTRY. - * call-pinentry.c (agent_askpin): Implement ask, cancel and error - pinentry modes. - (agent_get_passphrase, agent_get_confirmation): Ditto. - (agent_show_message): Return cancel if pinentry mode is not "ask". - (agent_popup_message_start): Ditto. - -2011-03-02 Werner Koch - - * call-scd.c (hash_algo_option): New. - (agent_card_pksign): Use it with PKSIGN. - -2011-03-02 Ben Kibbey (wk) - - * command.c (cmd_clear_passphrase): Add option --mode=normal. - (cmd_keyinfo): Add option --data. - (do_one_keyinfo): Return CACHED status. Add arg DATA. - -2011-02-07 Werner Koch - - * pksign.c (do_encode_dsa): Enforce multipe of 8 bits only for DSA. - -2011-02-03 Werner Koch - - * protect.c (protect_info): Support ECC algos. - - * pksign.c (do_encode_dsa): Map public key algo number. Extend - DSA size check for ECDSA. - - * gpg-agent.c: Include cipher.h. - (map_pk_openpgp_to_gcry): New. - - * findkey.c (key_parms_from_sexp): Support ECDH. - - * cvt-openpgp.c (get_keygrip): Support ECC algorithms. - (convert_secret_key): Ditto. - (do_unprotect): Ditto. +2011-08-04 Werner Koch -2011-02-02 Werner Koch + * genkey.c (check_passphrase_pattern): Use gpg_strerror. - * cvt-openpgp.c (convert_secret_key): Remove algo mapping. + * command-ssh.c (ssh_receive_mpint_list): Remove set but unused + var ELEMS_PUBLIC_N. -2011-01-31 Werner Koch + * gpg-agent.c (main): Remove set but unused var MAY_COREDUMP. - * cvt-openpgp.c (convert_to_openpgp): Adjust to reverted Libgcrypt - ABI. - - * protect.c (protect_info): Adjust ECDSA and ECDH parameter names. - Add "ecc". - * findkey.c (key_parms_from_sexp): Ditto. - -2011-01-19 Werner Koch - - * trustlist.c (read_one_trustfile): Also chop an CR. - -2011-01-21 Werner Koch - - * pksign.c (do_encode_dsa): Compare MDLEN to bytes. - - * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New. - -2010-12-02 Werner Koch - - * gpg-agent.c (CHECK_OWN_SOCKET_INTERVAL) [W32CE]: Set to 60 - seconds. - -2010-11-29 Werner Koch - - * cache.c (initialize_module_cache): Factor code out to ... - (init_encryption): new. - (new_data, agent_get_cache): Init encryption on on the fly. - -2010-11-26 Werner Koch +2011-07-22 Werner Koch - * gpg-agent.c (CHECK_OWN_SOCKET_INTERVAL): New. - (handle_tick) [W32CE]: Don't check own socket. + * command-ssh.c (ssh_receive_key): Do not init comment to an empty + static string; in the error case it would be freed. -2010-11-23 Werner Koch +2011-04-29 Werner Koch - * Makefile.am (gpg_agent_LDFLAGS): Add extra_bin_ldflags. + * gpg-agent.c: Include estream.h + (main): s/pth_kill/es_pth_kill/. 2010-11-11 Werner Koch @@ -235,240 +48,33 @@ * gpg-agent.c (handle_connections): Set that flag. * call-scd.c (start_scd): Enable events depending on this flag. -2010-10-27 Werner Koch - - * gpg-agent.c (create_socket_name): Use TMPDIR. Change callers. - -2010-10-26 Werner Koch - - * cache.c (agent_put_cache): Allow deletion even if TTL is passwd - as 0. - - * genkey.c (agent_protect_and_store): Add arg PASSPHRASE_ADDR. - * command.c (cmd_passwd): Add option --passwd-nonce. - (struct server_local_s): Add LAST_CACHE_NONCE and LAST_PASSWD_NONCE. - (clear_nonce_cache): New. - (reset_notify): Clear the nonce cache. - (start_command_handler): Ditto. - -2010-10-25 Werner Koch - - * command.c (cmd_export_key): Free CACHE_NONCE. - (cmd_passwd): Add option --cache-nonce. - -2010-10-18 Werner Koch - - * call-pinentry.c (start_pinentry): Print name of pinentry on - connect error. - - * call-scd.c (agent_card_pksign): Make sure to return an unsigned - number. - -2010-10-14 Werner Koch - - * command.c (cmd_genkey): Add option --no-protection. - * genkey.c (agent_genkey): Add arg NO_PROTECTION. - -2010-10-13 Werner Koch - - * call-pinentry.c (agent_get_passphrase): Support the close_button. - - * gpg-agent.c (create_server_socket): Switch back to stderr - logging if we are not starting a agent. - - * command.c (cmd_passwd, cmd_export_key): Move mapping of - GPG_ERR_FULLY_CANCELED to .. - (leave_cmd): .. here. - (option_handler): Add option agent-awareness. - * protect-tool.c (get_passphrase): Take care of - GPG_ERR_FULLY_CANCELED. - * findkey.c (try_unprotect_cb): Ditto. - (unprotect): Remove the fully_canceled hack. - * call-pinentry.c (start_pinentry): Ditto. - (agent_askpin): Ditto. - * pkdecrypt.c (agent_pkdecrypt): Ditto - * pksign.c (agent_pksign_do): Ditto. - * genkey.c (agent_ask_new_passphrase): Remove arg CANCEL_ALL. - -2010-10-06 Werner Koch - - * cvt-openpgp.c (convert_secret_key): Add missing break. - -2010-10-05 Werner Koch - - * gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k - won't kill out gpg-agent. - 2010-09-30 Werner Koch - * gpg-agent.c (agent_exit): Run cleanup. - (cleanup): Run only once. - - * call-pinentry.c (close_button_status_cb): New. - (agent_askpin): Add arg R_CANCEL_ALL. Change all callers. - * genkey.c (agent_ask_new_passphrase): Ditto. - * findkey.c (unprotect): Return GPG_ERR_FULLY_CANCELED if needed. - - * command.c (cmd_export_key): Add support for OpenPGP keys. - * findkey.c (unprotect): Add optional arg R_PASSPHRASE. - (agent_key_from_file): Ditto. Change all callers. - * findkey.c (unprotect): Do not put the passphrase into the cache if it has been changed. - * cvt-openpgp.c (convert_to_openpgp, apply_protection) - (key_from_sexp): New. - -2010-09-29 Werner Koch - - * cvt-openpgp.c (convert_openpgp): Rename to convert_from_openpgp. - - * command.c (has_option): Stop at "--". - (has_option_name, option_value): Ditto. - (skip_options): Skip initial spaces. - 2010-09-24 Werner Koch * gpg-agent.c (main, reread_configuration): Always test whether the default configuration file has been created in the meantime. Fixes bug#1285. -2010-09-17 Werner Koch - - * command.c (cmd_havekey): Allow testing of several keygrips. - -2010-09-15 Werner Koch - - * protect.c (calculate_mic): Take care of shared secret format. - - * agent.h (PROTECTED_SHARED_SECRET): New. - -2010-09-02 Werner Koch - - * cache.c (new_data): Change arg and callers to use a string and - explicity return an error code. We never used raw binary data and - thus it is easier to use a string. Adjust callers. - (initialize_module_cache, deinitialize_module_cache): New. - (new_data): Encrypt the cached data. - (struct cache_item_s): Remove field LOCKCOUNT. Change all users - accordingly. - (agent_unlock_cache_entry): Remove. - (agent_get_cache): Return an allocated string and remove CACHE_ID. - * genkey.c (agent_genkey): Remove cache marker stuff. - * findkey.c (unprotect): Ditto. - * cvt-openpgp.c (convert_openpgp): Ditto. - * command.c (cmd_get_passphrase): Ditto. - * gpg-agent.c (main, cleanup): Initialize and deinitialize the - cache module. - -2010-09-01 Werner Koch - - * call-pinentry.c (start_pinentry): Disable pinentry logging. - - * command.c (cmd_import_key, cmd_genkey, cmd_pksign): Add CACHE - handling. - * cvt-openpgp.c (convert_openpgp): Add arg CACHE_NONCE and try the - cached nonce first. - * genkey.c (agent_genkey): Add arg CACHE_NONCE. - * cache.c (agent_get_cache): Require user and nonce cache modes - to match the requested mode. - (agent_put_cache): Ditto. - * agent.h (CACHE_MODE_NONCE): New. - * pksign.c (agent_pksign_do, agent_pksign): Add arg CACHE_NONCE. - * findkey.c (agent_key_from_file): Ditto. - (unprotect): Implement it. - -2010-08-31 Werner Koch - - * pksign.c (do_encode_dsa): Fix sign problem. - * findkey.c (agent_is_dsa_key): Adjust to actual usage. - -2010-08-30 Werner Koch - - * protect.c (s2k_hash_passphrase): New public function. - -2010-08-27 Werner Koch - - * command.c (cmd_import_key): Support OpenPGP keys. - * cvt-openpgp.h, cvt-openpgp.c: New. Some of the code is based on - code taken from g10/seckey-cert.c. - -2010-08-26 Werner Koch - - * command-ssh.c (open_control_file): Use estream to create the file. - - * findkey.c (agent_write_private_key): Explicitly create file with - mode 600. - * gpg-agent.c (main): Ditto. - * trustlist.c (agent_marktrusted): Explicitly create file with - mode 640. - -2010-08-16 Werner Koch - - * gpg-agent.c: Replace remaining printf by es_printf. - 2010-08-11 Werner Koch - * call-pinentry.c (agent_get_passphrase, agent_askpin): Fix + * call-pinentry.c (agent_askpin, agent_get_passphrase): Fix setting of confidential flag. * call-scd.c (agent_card_scd): Pass assuan comment lines to the caller. (ASSUAN_CONVEY_COMMENTS): Provide replacement if needed. -2010-08-09 Werner Koch - - * Makefile.am (t_common_ldadd): Add NETLIBS for sake of the TCP - logging. - -2010-06-24 Werner Koch - - * genkey.c (check_passphrase_pattern): Use HANG option for - gnupg_wait_progress. Fixes regression from 2010-06-09. - -2010-06-21 Werner Koch - - * protect-tool.c (export_p12_file, import_p12_cert_cb) - (import_p12_file, sexp_to_kparms, store_private_key): Remove - unused code. - -2010-06-18 Werner Koch - - * protect-tool.c (store_private_key, rsa_key_check): Remove. - - * command.c (cmd_export_key): New. - -2010-06-15 Werner Koch - - * command.c (cmd_keywrap_key, cmd_import_key): New. - - * genkey.c (agent_genkey, agent_protect_and_store): Factor common - code out to... - (agent_ask_new_passphrase): .. new. - - * findkey.c (agent_write_private_key): Return GPG_ERR_EEXIST - instead of GPG_ERR_GENERAL. - -2010-06-14 Werner Koch - - * protect-tool.c: Remove commands --p12-import and --p12-export. - * minip12.c, minip12.h: Move to ../sm. - * Makefile.am (gpg_protect_tool_SOURCES): Remove them. - * preset-passphrase.c: Remove unneeded minip12.h. - - * command.c (cmd_keywrap_key): New. - - * command.c (leave_cmd): New. - (cmd_istrusted, cmd_listtrusted, cmd_marktrusted, cmd_pksign) - (cmd_pkdecrypt, cmd_genkey, cmd_readkey, cmd_keyinfo) - (cmd_get_passphrase, cmd_get_confirmation, cmd_learn) - (cmd_passwd, cmd_preset_passphrase, cmd_getval, cmd_putval): Use it. - 2010-05-12 Werner Koch * preset-passphrase.c (forget_passphrase): Actually implement this. Fixes bug#1198. + * gpg-agent.c (handle_tick): Do not print die message with option -q. + 2010-05-11 Werner Koch * agent.h (opt): Add field USE_STANDARD_SOCKET. @@ -478,184 +84,53 @@ for non-W32 platforms. (cmd_getinfo): New subcommands std_session_env and std_startup_env. -2010-05-03 Werner Koch - - * gpg-agent.c (check_own_socket_thread): Do not release SOCKNAME - too early. - -2010-04-30 Werner Koch +2010-05-04 Werner Koch * gpg-agent.c (main): Add command --use-standard-socket-p. -2010-04-26 Werner Koch - - * gpg-agent.c (create_server_socket) [W32]: Also check for EEXIST. - -2010-04-19 Werner Koch - - * pksign.c (get_dsa_qbits, do_encode_dsa): New. - (agent_pksign_do): Detect DSA keys and use do_encode_dsa. - * findkey.c (agent_public_key_from_file): Factor some code out to .. - (key_parms_from_sexp): New. - (agent_is_dsa_key): New. - - * command.c (cmd_sethash): Clear digeest.RAW_VALUE. - -2010-04-14 Werner Koch - - * Makefile.am (libexec_PROGRAMS) [W32CE]: Do not build - gpg-preset-passphrase for now. - (pwquery_libs) [W32CE]: Set to empty. - - * trustlist.c (read_one_trustfile): Use estream. - -2010-04-13 Werner Koch - - * findkey.c (read_key_file): Use estream. - (agent_write_private_key): Ditto. - -2010-04-07 Werner Koch - - * gpg-agent.c (handle_connections) [W32]: Assume that PTh support - the handle event. Use a dummy event for W32CE. - (get_agent_scd_notify_event) [W32CE]: Do not build. - - * call-pinentry.c: Remove setenv.h. Include sysutils.h. - (atfork_cb): s/setenv/gnupg_setenv/. - - * gpg-agent.c: Do not include setenv.h. - (main): s/unsetenv/gnupg_unsetenv/. - - * protect.c (calibrate_get_time) [W32CE]: Use GetThreadTimes. - -2010-04-06 Werner Koch - - * call-scd.c [!HAVE_SIGNAL_H]: Do not include signal.h. +2010-05-03 Werner Koch - * findkey.c (agent_write_private_key): s/remove/gnupg_remove/. + * gpg-agent.c (check_own_socket_thread): Do not release SOCKNAME + too early. - * command-ssh.c (search_control_file): Replace rewind by fseek and - clearerr. - * genkey.c (check_passphrase_pattern): Ditto. +2010-03-17 Werner Koch - * gpg-agent.c [!HAVE_SIGNAL_H]: Do not include signal.h. - (remove_socket): s/remove/gnupg_remove/. - (create_private_keys_directory): Use gnupg_mkdir. + * call-scd.c (unlock_scd): Send a BYE under certain conditions. -2010-03-11 Werner Koch +2010-02-19 Werner Koch - * gpg-agent.c: Include "asshelp.h". - (main): Remove assuan_set_assuan_log_prefix. Add - assuan_set_log_cb. - (handle_signal): Disable pth ctrl dumping. - (parse_rereadable_options, main): Remove assuan_set_assuan_log_stream. - * call-scd.c (start_scd): Remove assuan_set_log_stream. + * call-pinentry.c (start_pinentry): Remove a translation prefix. -2010-03-10 Werner Koch +2010-02-18 Werner Koch - * Makefile.am (common_libs): Remove libjnlib.a. + * protect.c (agent_unprotect): Initialize CLEARTEXT. - * trustlist.c, protect-tool.c, command-ssh.c: Remove estream.h. + * command.c (register_commands): Unconditionally use + assuan_register_post_cmd_notify. + (start_command_handler): Undocumented use assuan_set_io_monitor. 2010-02-17 Werner Koch * call-pinentry.c (start_pinentry): Always free OPTSTR. Send default-xxx strings. -2010-01-26 Werner Koch - - * protect.c (do_encryption): Encode the s2kcount and no not use a - static value of 96. - -2009-12-21 Werner Koch - - * command.c (cmd_getinfo): Add sub-command s2k_count. - -2009-12-14 Werner Koch - - * protect.c (agent_unprotect): Decode the S2K count here and take - care of the new unencoded values. Add a lower limit sanity check. - (hash_passphrase): Do not decode here. - (get_standard_s2k_count, calibrate_s2k_count): New. - (calibrate_get_time, calibrate_elapsed_time): New. - (do_encryption): Use get_standard_s2k_count. - -2009-12-08 Werner Koch - - * protect.c (agent_unprotect): Avoid compiler warning. - -2009-12-08 Marcus Brinkmann - - * call-pinentry.c (start_pinentry): Convert posix fd to assuan fd. - * call-scd.c (start_scd): Likewise. - -2009-12-03 Werner Koch - - * gpg-agent.c (set_debug): Allow for numerical debug leveles. Print - active debug flags. +2010-02-11 Marcus Brinkmann -2009-12-02 Werner Koch + From trunk 2009-09-23, 2009-11-02, 2009-11-04, 2009-11-05, 2009-11-25, + 2009-12-08: - * trustlist.c (read_trustfiles): Store the pointer returned from - shrinking the memory and not the orginal one. Fixes bug#1163. - Reported by TAKAHASHI Tamotsu. Also return correct error after - memory failure. - -2009-11-27 Marcus Brinkmann - - * command.c (start_command_handler): Do not call - assuan_set_log_stream anymore. - * gpg-agent.c (main): But call assuan_set_assuan_log_stream here. - -2009-11-25 Marcus Brinkmann - - * command.c (start_command_handler): Use assuan_fd_t and - assuan_fdopen on fds. - -2009-11-05 Marcus Brinkmann - - * call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not - assuan_pipe_connect_ext. - * command.c (start_command_handler): Change - assuan_init_socket_server_ext into assuan_init_socket_server. - * call-scd.c (start_scd): Update use of assuan_socket_connect and - assuan_pipe_connect. - * gpg-agent.c (check_own_socket_thread, check_for_running_agent): - Update use of assuan_socket_connect. - -2009-11-04 Werner Koch - - * command.c (register_commands): Add help arg to - assuan_register_command. Convert all command comments to help - strings. - -2009-11-02 Marcus Brinkmann - - * command.c (reset_notify): Take LINE arg and return error. - (register_commands): Use assuan_handler_t type. - -2009-10-16 Marcus Brinkmann - - * gpg_agent_CFLAGS, gpg_agent_LDADD: Use libassuan instead of - libassuan-pth. + * Makefile.am (gpg_agent_CFLAGS, gpg_agent_LDADD): Use libassuan + instead of libassuan-pth. * gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL. - (main): Call assuan_set_system_hooks and assuan_sock_init. - Fix invocation of assuan_socket_connect. - -2009-09-23 Werner Koch - - * command.c (register_commands) [HAVE_ASSUAN_SET_IO_MONITOR]: - Remove cpp condition. - (start_command_handler) [HAVE_ASSUAN_SET_IO_MONITOR]: Ditto. - -2009-09-23 Marcus Brinkmann - - * gpg-agent.c (parse_rereadable_options): Don't set global assuan - log file (there ain't one anymore). - (main): Update to new API. + (main): Update to new API. Call assuan_set_system_hooks and + assuan_sock_init. Fix invocation of assuan_socket_connect. + Call assuan_set_assuan_log_stream here. + (parse_rereadable_options): Don't set global assuan log + file (there ain't one anymore). (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan - context before connecting to server. + context before connecting to server. Update use of + assuan_socket_connect. * command.c: Include "scdaemon.h" before because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of @@ -671,19 +146,58 @@ (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. + Use assuan_handler_t type. Add NULL arg to assuan_register_command. + Add help arg to assuan_register_command. Convert all command + comments to help strings. (start_command_handler): Allocate assuan context before starting - server. + server. Change assuan_init_socket_server_ext into + assuan_init_socket_server. Use assuan_fd_t and assuan_fdopen on fds. + Do not call assuan_set_log_stream anymore. + (reset_notify): Take LINE arg and return error. * call-pinentry.c: Include "scdaemon.h" before because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to - server. + server. Call assuan_pipe_connect, notassuan_pipe_connect_ext. + Convert posix fd to assuan fd. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. + Update use of assuan_socket_connect and assuan_pipe_connect. + Convert posix fd to assuan fd. + +2010-01-26 Werner Koch + + * protect.c (do_encryption): Encode the s2kcount and do not use a + static value of 96. + +2009-12-21 Werner Koch + + * command.c (cmd_getinfo): Add sub-command "s2k_count". + +2009-12-14 Werner Koch + + * protect.c (agent_unprotect): Decode the S2K count here and take + care of the new unencoded values. Add a lower limit sanity check. + (hash_passphrase): Do not decode here. + (get_standard_s2k_count, calibrate_s2k_count): New. + (calibrate_get_time, calibrate_elapsed_time): New. + (do_encryption): Use get_standard_s2k_count. + +2009-12-03 Werner Koch + + * gpg-agent.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + +2009-12-02 Werner Koch + + * trustlist.c (read_trustfiles): Store the pointer returned from + shrinking the memory and not the orginal one. Fixes bug#1163. + Reported by TAKAHASHI Tamotsu. Also return correct error after + memory failure. 2009-09-04 Marcus Brinkmann @@ -3092,7 +2606,7 @@ Copyright 2001, 2002, 2003, 2004, 2005, - 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. + 2007, 2008, 2009, 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -3101,7 +2615,3 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -Local Variables: -buffer-read-only: t -End: diff -Nru gnupg2-2.1.6/agent/command.c gnupg2-2.0.28/agent/command.c --- gnupg2-2.1.6/agent/command.c 2015-06-29 19:28:59.000000000 +0000 +++ gnupg2-2.0.28/agent/command.c 2015-06-02 08:13:55.000000000 +0000 @@ -1,7 +1,7 @@ /* command.c - gpg-agent command handler - * Copyright (C) 2001-2011 Free Software Foundation, Inc. - * Copyright (C) 2001-2013 Werner Koch - * Copyright (C) 2015 g10 Code GmbH. + * Copyright (C) 2001, 2002, 2003, 2004, 2005, + * 2006, 2008, 2009 Free Software Foundation, Inc. + * Copyright (C) 2013 Werner Koch * * This file is part of GnuPG. * @@ -38,71 +38,33 @@ #include "agent.h" #include #include "i18n.h" -#include "cvt-openpgp.h" #include "../common/ssh-utils.h" -#include "../common/asshelp.h" - -/* Maximum allowed size of the inquired ciphertext. */ +/* maximum allowed size of the inquired ciphertext */ #define MAXLEN_CIPHERTEXT 4096 -/* Maximum allowed size of the key parameters. */ +/* maximum allowed size of the key parameters */ #define MAXLEN_KEYPARAM 1024 -/* Maximum allowed size of key data as used in inquiries (bytes). */ -#define MAXLEN_KEYDATA 4096 -/* The size of the import/export KEK key (in bytes). */ -#define KEYWRAP_KEYSIZE (128/8) -/* A shortcut to call assuan_set_error using an gpg_err_code_t and a - text string. */ #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) -/* Check that the maximum digest length we support has at least the - length of the keygrip. */ + #if MAX_DIGEST_LEN < 20 #error MAX_DIGEST_LEN shorter than keygrip #endif -/* Data used to associate an Assuan context with local server data. - This is this modules local part of the server_control_s struct. */ +/* Data used to associate an Assuan context with local server data */ struct server_local_s { - /* Our Assuan context. */ assuan_context_t assuan_ctx; - - /* If this flag is true, the passphrase cache is used for signing - operations. It defaults to true but may be set on a per - connection base. The global option opt.ignore_cache_for_signing - takes precedence over this flag. */ + int message_fd; int use_cache_for_signing; - - /* An allocated description for the next key operation. This is - used if a pinnetry needs to be popped up. */ - char *keydesc; - - /* Flags to suppress I/O logging during a command. */ - int pause_io_logging; - - /* If this flags is set to true the agent will be terminated after - the end of the current session. */ - int stopme; - - /* Flag indicating whether pinentry notifications shall be done. */ - int allow_pinentry_notify; - - /* Malloced KEK (Key-Encryption-Key) for the import_key command. */ - void *import_key; - - /* Malloced KEK for the export_key command. */ - void *export_key; - - /* Client is aware of the error code GPG_ERR_FULLY_CANCELED. */ - int allow_fully_canceled; - - /* Last CACHE_NONCE sent as status (malloced). */ - char *last_cache_nonce; - - /* Last PASSWD_NONCE sent as status (malloced). */ - char *last_passwd_nonce; + char *keydesc; /* Allocated description for the next key + operation. */ + int pause_io_logging; /* Used to suppress I/O logging during a command */ + int stopme; /* If set to true the agent will be terminated after + the end of this session. */ + int allow_pinentry_notify; /* Set if pinentry notifications should + be done. */ }; @@ -159,7 +121,7 @@ p = get_membuf (mb, &n); if (p) { - wipememory (p, n); + memset (p, 0, n); xfree (p); } } @@ -184,31 +146,6 @@ } -/* Clear the nonces used to enable the passphrase cache for certain - multi-command command sequences. */ -static void -clear_nonce_cache (ctrl_t ctrl) -{ - if (ctrl->server_local->last_cache_nonce) - { - agent_put_cache (ctrl->server_local->last_cache_nonce, - CACHE_MODE_NONCE, NULL, 0); - xfree (ctrl->server_local->last_cache_nonce); - ctrl->server_local->last_cache_nonce = NULL; - } - if (ctrl->server_local->last_passwd_nonce) - { - agent_put_cache (ctrl->server_local->last_passwd_nonce, - CACHE_MODE_NONCE, NULL, 0); - xfree (ctrl->server_local->last_passwd_nonce); - ctrl->server_local->last_passwd_nonce = NULL; - } -} - - -/* This function is called by Libassuan whenever thee client sends a - reset. It has been registered similar to the other Assuan - commands. */ static gpg_error_t reset_notify (assuan_context_t ctx, char *line) { @@ -222,40 +159,11 @@ xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; - - clear_nonce_cache (ctrl); - return 0; } -/* Skip over options in LINE. - - Blanks after the options are also removed. Options are indicated - by two leading dashes followed by a string consisting of non-space - characters. The special option "--" indicates an explicit end of - options; all what follows will not be considered an option. The - first no-option string also indicates the end of option parsing. */ -static char * -skip_options (const char *line) -{ - while (spacep (line)) - line++; - while ( *line == '-' && line[1] == '-' ) - { - while (*line && !spacep (line)) - line++; - while (spacep (line)) - line++; - } - return (char*)line; -} - - -/* Check whether the option NAME appears in LINE. An example for a - line with options is: - --algo=42 --data foo bar - This function would then only return true if NAME is "data". */ +/* Check whether the option NAME appears in LINE */ static int has_option (const char *line, const char *name) { @@ -263,12 +171,9 @@ int n = strlen (name); s = strstr (line, name); - if (s && s >= skip_options (line)) - return 0; return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); } - /* Same as has_option but does only test for the name of the option and ignores an argument, i.e. with NAME being "--hash" it would return true for "--hash" as well as for "--hash=foo". */ @@ -279,15 +184,12 @@ int n = strlen (name); s = strstr (line, name); - if (s && s >= skip_options (line)) - return 0; return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n) || s[n] == '=')); } - /* Return a pointer to the argument of the option with NAME. If such - an option is not given, NULL is retruned. */ + an option is not given, it returns NULL. */ static char * option_value (const char *line, const char *name) { @@ -295,8 +197,6 @@ int n = strlen (name); s = strstr (line, name); - if (s && s >= skip_options (line)) - return NULL; if (s && (s == line || spacep (s-1)) && s[n] && (spacep (s+n) || s[n] == '=')) { @@ -309,7 +209,24 @@ } -/* Replace all '+' by a blank in the string S. */ +/* Skip over options. It is assumed that leading spaces have been + removed (this is the case for lines passed to a handler from + assuan). Blanks after the options are also removed. */ +static char * +skip_options (char *line) +{ + while ( *line == '-' && line[1] == '-' ) + { + while (*line && !spacep (line)) + line++; + while (spacep (line)) + line++; + } + return line; +} + + +/* Replace all '+' by a blank. */ static void plus_to_blank (char *s) { @@ -340,9 +257,8 @@ return 0; } - /* Parse the keygrip in STRING into the provided buffer BUF. BUF must - provide space for 20 bytes. BUF is not changed if the function + provide space for 20 bytes. BUF is not changed if the function returns an error. */ static int parse_keygrip (assuan_context_t ctx, const char *string, unsigned char *buf) @@ -364,11 +280,7 @@ } -/* Write an Assuan status line. KEYWORD is the first item on the - status line. The following arguments are all separated by a space - in the output. The last argument must be a NULL. Linefeeds and - carriage returns characters (which are not allowed in an Assuan - status line) are silently quoted in C-style. */ +/* Write an assuan status line. */ gpg_error_t agent_write_status (ctrl_t ctrl, const char *keyword, ...) { @@ -414,22 +326,6 @@ } -/* This function is similar to print_assuan_status but takes a CTRL - arg instead of an assuan context as first argument. */ -gpg_error_t -agent_print_status (ctrl_t ctrl, const char *keyword, const char *format, ...) -{ - gpg_error_t err; - va_list arg_ptr; - assuan_context_t ctx = ctrl->server_local->assuan_ctx; - - va_start (arg_ptr, format); - err = vprint_assuan_status (ctx, keyword, format, arg_ptr); - va_end (arg_ptr); - return err; -} - - /* Helper to notify the client about a launched Pinentry. Because that might disturb some older clients, this is only done if enabled via an option. Returns an gpg error code. */ @@ -446,42 +342,6 @@ } -/* Helper to print a message while leaving a command. */ -static gpg_error_t -leave_cmd (assuan_context_t ctx, gpg_error_t err) -{ - if (err) - { - const char *name = assuan_get_command_name (ctx); - if (!name) - name = "?"; - - /* Not all users of gpg-agent know about the fully canceled - error code; map it back if needed. */ - if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) - { - ctrl_t ctrl = assuan_get_pointer (ctx); - - if (!ctrl->server_local->allow_fully_canceled) - err = gpg_err_make (gpg_err_source (err), GPG_ERR_CANCELED); - } - - /* Most code from common/ does not know the error source, thus - we fix this here. */ - if (gpg_err_source (err) == GPG_ERR_SOURCE_UNKNOWN) - err = gpg_err_make (GPG_ERR_SOURCE_DEFAULT, gpg_err_code (err)); - - if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT) - log_error ("command '%s' failed: %s\n", name, - gpg_strerror (err)); - else - log_error ("command '%s' failed: %s <%s>\n", name, - gpg_strerror (err), gpg_strsource (err)); - } - return err; -} - - static const char hlp_geteventcounter[] = "GETEVENTCOUNTER\n" @@ -500,16 +360,21 @@ cmd_geteventcounter (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); + char any_counter[25]; + char key_counter[25]; + char card_counter[25]; (void)line; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - - return agent_print_status (ctrl, "EVENTCOUNTER", "%u %u %u", - eventcounter.any, - eventcounter.key, - eventcounter.card); + snprintf (any_counter, sizeof any_counter, "%u", eventcounter.any); + snprintf (key_counter, sizeof key_counter, "%u", eventcounter.key); + snprintf (card_counter, sizeof card_counter, "%u", eventcounter.card); + + return agent_write_status (ctrl, "EVENTCOUNTER", + any_counter, + key_counter, + card_counter, + NULL); } @@ -523,7 +388,6 @@ eventcounter.any++; } - /* This function should be called for all card reader status changes. This function is assured not to do any context switches. */ @@ -570,7 +434,10 @@ else if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF ) return gpg_error (GPG_ERR_NOT_TRUSTED); else - return leave_cmd (ctx, rc); + { + log_error ("command is_trusted failed: %s\n", gpg_strerror (rc)); + return rc; + } } @@ -581,16 +448,14 @@ static gpg_error_t cmd_listtrusted (assuan_context_t ctx, char *line) { - ctrl_t ctrl = assuan_get_pointer (ctx); int rc; (void)line; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - rc = agent_listtrusted (ctx); - return leave_cmd (ctx, rc); + if (rc) + log_error ("command listtrusted failed: %s\n", gpg_strerror (rc)); + return rc; } @@ -607,9 +472,6 @@ char fpr[41]; int flag; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - /* parse the fingerprint value */ for (p=line,n=0; hexdigitp (p); p++, n++) ; @@ -634,42 +496,32 @@ p++; rc = agent_marktrusted (ctrl, p, fpr, flag); - return leave_cmd (ctx, rc); + if (rc) + log_error ("command marktrusted failed: %s\n", gpg_strerror (rc)); + return rc; } static const char hlp_havekey[] = - "HAVEKEY \n" + "HAVEKEY \n" "\n" - "Return success if at least one of the secret keys with the given\n" - "keygrips is available."; + "Return success when the secret key is available."; static gpg_error_t cmd_havekey (assuan_context_t ctx, char *line) { - gpg_error_t err; + int rc; unsigned char buf[20]; - do - { - err = parse_keygrip (ctx, line, buf); - if (err) - return err; - - if (!agent_key_available (buf)) - return 0; /* Found. */ + rc = parse_keygrip (ctx, line, buf); + if (rc) + return rc; - while (*line && *line != ' ' && *line != '\t') - line++; - while (*line == ' ' || *line == '\t') - line++; - } - while (*line); + if (agent_key_available (buf)) + return gpg_error (GPG_ERR_NO_SECKEY); - /* No leave_cmd() here because errors are expected and would clutter - the log. */ - return gpg_error (GPG_ERR_NO_SECKEY); + return 0; } @@ -695,8 +547,8 @@ static const char hlp_setkeydesc[] = "SETKEYDESC plus_percent_escaped_string\n" "\n" - "Set a description to be used for the next PKSIGN, PKDECRYPT, IMPORT_KEY\n" - "or EXPORT_KEY operation if this operation requires a passphrase. If\n" + "Set a description to be used for the next PKSIGN or PKDECRYPT\n" + "operation if this operation requires the entry of a passphrase. If\n" "this command is not used a default text will be used. Note, that\n" "this description implictly selects the label used for the entry\n" "box; if the string contains the string PIN (which in general will\n" @@ -704,8 +556,8 @@ "\"passphrase\" is used. The description string should not contain\n" "blanks unless they are percent or '+' escaped.\n" "\n" - "The description is only valid for the next PKSIGN, PKDECRYPT,\n" - "IMPORT_KEY, EXPORT_KEY, or DELETE_KEY operation."; + "The description is only valid for the next PKSIGN or PKDECRYPT\n" + "operation."; static gpg_error_t cmd_setkeydesc (assuan_context_t ctx, char *line) { @@ -719,7 +571,7 @@ if (p) *p = 0; /* We ignore any garbage; we might late use it for other args. */ - if (!*desc) + if (!desc || !*desc) return set_error (GPG_ERR_ASS_PARAMETER, "no description given"); /* Note, that we only need to replace the + characters and should @@ -729,16 +581,7 @@ plus_to_blank (desc); xfree (ctrl->server_local->keydesc); - - if (ctrl->restricted) - { - ctrl->server_local->keydesc = strconcat - ((ctrl->restricted == 2 - ? _("Note: Request from the web browser.") - : _("Note: Request from a remote site.") ), "%0A%0A", desc, NULL); - } - else - ctrl->server_local->keydesc = xtrystrdup (desc); + ctrl->server_local->keydesc = xtrystrdup (desc); if (!ctrl->server_local->keydesc) return out_of_core (); return 0; @@ -746,7 +589,7 @@ static const char hlp_sethash[] = - "SETHASH (--hash=)|() \n" + "SETHASH --hash=| \n" "\n" "The client can use this command to tell the server about the data\n" "(which usually is a hash) to be signed."; @@ -799,7 +642,6 @@ return set_error (GPG_ERR_UNSUPPORTED_ALGORITHM, NULL); } ctrl->digest.algo = algo; - ctrl->digest.raw_value = 0; /* Parse the hash value. */ n = 0; @@ -827,7 +669,7 @@ static const char hlp_pksign[] = - "PKSIGN [] []\n" + "PKSIGN [options]\n" "\n" "Perform the actual sign operation. Neither input nor output are\n" "sensitive to eavesdropping."; @@ -838,17 +680,8 @@ cache_mode_t cache_mode = CACHE_MODE_NORMAL; ctrl_t ctrl = assuan_get_pointer (ctx); membuf_t outbuf; - char *cache_nonce = NULL; - char *p; - - line = skip_options (line); - p = line; - for (p=line; *p && *p != ' ' && *p != '\t'; p++) - ; - *p = '\0'; - if (*line) - cache_nonce = xtrystrdup (line); + (void)line; if (opt.ignore_cache_for_signing) cache_mode = CACHE_MODE_IGNORE; @@ -857,22 +690,22 @@ init_membuf (&outbuf, 512); - rc = agent_pksign (ctrl, cache_nonce, ctrl->server_local->keydesc, + rc = agent_pksign (ctrl, ctrl->server_local->keydesc, &outbuf, cache_mode); if (rc) clear_outbuf (&outbuf); else rc = write_and_clear_outbuf (ctx, &outbuf); - - xfree (cache_nonce); + if (rc) + log_error ("command pksign failed: %s\n", gpg_strerror (rc)); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; - return leave_cmd (ctx, rc); + return rc; } static const char hlp_pkdecrypt[] = - "PKDECRYPT []\n" + "PKDECRYPT \n" "\n" "Perform the actual decrypt operation. Input is not\n" "sensitive to eavesdropping."; @@ -884,136 +717,73 @@ unsigned char *value; size_t valuelen; membuf_t outbuf; - int padding; (void)line; /* First inquire the data to decrypt */ - rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u", MAXLEN_CIPHERTEXT); - if (!rc) - rc = assuan_inquire (ctx, "CIPHERTEXT", - &value, &valuelen, MAXLEN_CIPHERTEXT); + rc = assuan_inquire (ctx, "CIPHERTEXT", + &value, &valuelen, MAXLEN_CIPHERTEXT); if (rc) return rc; init_membuf (&outbuf, 512); rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc, - value, valuelen, &outbuf, &padding); + value, valuelen, &outbuf); xfree (value); if (rc) clear_outbuf (&outbuf); else - { - if (padding != -1) - rc = print_assuan_status (ctx, "PADDING", "%d", padding); - else - rc = 0; - if (!rc) - rc = write_and_clear_outbuf (ctx, &outbuf); - } + rc = write_and_clear_outbuf (ctx, &outbuf); + if (rc) + log_error ("command pkdecrypt failed: %s\n", gpg_strerror (rc)); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; - return leave_cmd (ctx, rc); + return rc; } static const char hlp_genkey[] = - "GENKEY [--no-protection] [--preset] [--inq-passwd] []\n" + "GENKEY\n" "\n" "Generate a new key, store the secret part and return the public\n" "part. Here is an example transaction:\n" "\n" " C: GENKEY\n" " S: INQUIRE KEYPARAM\n" - " C: D (genkey (rsa (nbits 2048)))\n" + " C: D (genkey (rsa (nbits 1024)))\n" " C: END\n" " S: D (public-key\n" " S: D (rsa (n 326487324683264) (e 10001)))\n" " S: OK key created\n" - "\n" - "When the --preset option is used the passphrase for the generated\n" - "key will be added to the cache. When --inq-passwd is used an inquire\n" - "with the keyword NEWPASSWD is used to request the passphrase for the\n" - "new key.\n"; + "\n"; static gpg_error_t cmd_genkey (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; - int no_protection; unsigned char *value; size_t valuelen; - unsigned char *newpasswd = NULL; membuf_t outbuf; - char *cache_nonce = NULL; - int opt_preset; - int opt_inq_passwd; - size_t n; - char *p; - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - - no_protection = has_option (line, "--no-protection"); - opt_preset = has_option (line, "--preset"); - opt_inq_passwd = has_option (line, "--inq-passwd"); - line = skip_options (line); - p = line; - for (p=line; *p && *p != ' ' && *p != '\t'; p++) - ; - *p = '\0'; - if (*line) - cache_nonce = xtrystrdup (line); + (void)line; /* First inquire the parameters */ - rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u", MAXLEN_KEYPARAM); - if (!rc) - rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM); + rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM); if (rc) return rc; init_membuf (&outbuf, 512); - /* If requested, ask for the password to be used for the key. If - this is not used the regular Pinentry mechanism is used. */ - if (opt_inq_passwd && !no_protection) - { - /* (N is used as a dummy) */ - assuan_begin_confidential (ctx); - rc = assuan_inquire (ctx, "NEWPASSWD", &newpasswd, &n, 256); - assuan_end_confidential (ctx); - if (rc) - goto leave; - if (!*newpasswd) - { - /* Empty password given - switch to no-protection mode. */ - xfree (newpasswd); - newpasswd = NULL; - no_protection = 1; - } - - } - - rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection, - newpasswd, opt_preset, &outbuf); - - leave: - if (newpasswd) - { - /* Assuan_inquire does not allow us to read into secure memory - thus we need to wipe it ourself. */ - wipememory (newpasswd, strlen (newpasswd)); - xfree (newpasswd); - } + rc = agent_genkey (ctrl, (char*)value, valuelen, &outbuf); xfree (value); if (rc) clear_outbuf (&outbuf); else rc = write_and_clear_outbuf (ctx, &outbuf); - xfree (cache_nonce); - return leave_cmd (ctx, rc); + if (rc) + log_error ("command genkey failed: %s\n", gpg_strerror (rc)); + return rc; } @@ -1031,9 +801,6 @@ unsigned char grip[20]; gcry_sexp_t s_pkey = NULL; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - rc = parse_keygrip (ctx, line, grip); if (rc) return rc; /* Return immediately as this is already an Assuan error code.*/ @@ -1059,7 +826,9 @@ gcry_sexp_release (s_pkey); } - return leave_cmd (ctx, rc); + if (rc) + log_error ("command readkey failed: %s\n", gpg_strerror (rc)); + return rc; } @@ -1075,11 +844,11 @@ "information from sshcontrol is always added to the info. Unless --data\n" "is given, the information is returned as a status line using the format:\n" "\n" - " KEYINFO \n" + " KEYINFO - - \n" "\n" "KEYGRIP is the keygrip.\n" "\n" - "TYPE is describes the type of the key:\n" + "TYPE describes the type of the key:\n" " 'D' - Regular key stored on disk,\n" " 'T' - Key is stored on a smartcard (token),\n" " 'X' - Unknown type,\n" @@ -1092,14 +861,6 @@ "IDSTR is the IDSTR used to distinguish keys on a smartcard. If it\n" " is not known a dash is used instead.\n" "\n" - "CACHED is 1 if the passphrase for the key was found in the key cache.\n" - " If not, a '-' is used instead.\n" - "\n" - "PROTECTION describes the key protection type:\n" - " 'P' - The key is protected with a passphrase,\n" - " 'C' - The key is not protected,\n" - " '-' - Unknown protection.\n" - "\n" "FPR returns the formatted ssh-style fingerprint of the key. It is only\n" " printed if the option --ssh-fpr has been used. It defaults to '-'.\n" "\n" @@ -1125,9 +886,6 @@ char *serialno = NULL; char *idstr = NULL; const char *keytypestr; - const char *cached; - const char *protectionstr; - char *pw; int missing_key = 0; char ttlbuf[20]; char flagsbuf[5]; @@ -1162,21 +920,19 @@ if (missing_key) { - protectionstr = "-"; keytypestr = "-"; + keytypestr = "-"; } else { switch (keytype) { - case PRIVATE_KEY_CLEAR: - case PRIVATE_KEY_OPENPGP_NONE: - protectionstr = "C"; keytypestr = "D"; + case PRIVATE_KEY_CLEAR: keytypestr = "D"; break; - case PRIVATE_KEY_PROTECTED: protectionstr = "P"; keytypestr = "D"; + case PRIVATE_KEY_PROTECTED: keytypestr = "D"; break; - case PRIVATE_KEY_SHADOWED: protectionstr = "-"; keytypestr = "T"; + case PRIVATE_KEY_SHADOWED: keytypestr = "T"; break; - default: protectionstr = "-"; keytypestr = "X"; + default: keytypestr = "X"; break; } } @@ -1193,28 +949,24 @@ } } - /* Here we have a little race by doing the cache check separately - from the retrieval function. Given that the cache flag is only a - hint, it should not really matter. */ - pw = agent_get_cache (hexgrip, CACHE_MODE_NORMAL); - cached = pw ? "1" : "-"; - xfree (pw); - if (shadow_info) { - err = parse_shadow_info (shadow_info, &serialno, &idstr, NULL); + err = parse_shadow_info (shadow_info, &serialno, &idstr); if (err) goto leave; } + /* Note that we don't support the CACHED and PROTECTION values as + gnupg 2.1 does. We print '-' instead. However we support the + ssh fingerprint. */ if (!data) err = agent_write_status (ctrl, "KEYINFO", hexgrip, keytypestr, serialno? serialno : "-", idstr? idstr : "-", - cached, - protectionstr, + "-", + "-", fpr? fpr : "-", ttlbuf, flagsbuf, @@ -1223,13 +975,14 @@ { char *string; - string = xtryasprintf ("%s %s %s %s %s %s %s %s %s\n", + string = xtryasprintf ("%s %s %s %s - - %s %s %s\n", hexgrip, keytypestr, serialno? serialno : "-", - idstr? idstr : "-", cached, protectionstr, + idstr? idstr : "-", fpr? fpr : "-", ttlbuf, flagsbuf); + if (!string) err = gpg_error_from_syserror (); else @@ -1246,8 +999,6 @@ } -/* Entry int for the command KEYINFO. This function handles the - command option processing. For details see hlp_keyinfo above. */ static gpg_error_t cmd_keyinfo (assuan_context_t ctx, char *line) { @@ -1261,9 +1012,6 @@ char hexgrip[41]; int disabled, ttl, confirm, is_ssh; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - if (has_option (line, "--ssh-list")) list_mode = 2; else @@ -1367,13 +1115,12 @@ if (dir) closedir (dir); if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND) - leave_cmd (ctx, err); + log_error ("command keyinfo failed: %s\n", gpg_strerror (err)); return err; } -/* Helper for cmd_get_passphrase. */ static int send_back_passphrase (assuan_context_t ctx, int via_data, const char *pw) { @@ -1432,17 +1179,15 @@ { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; - char *pw; + const char *pw; char *response; char *cacheid = NULL, *desc = NULL, *prompt = NULL, *errtext = NULL; const char *desc2 = _("Please re-enter this passphrase"); char *p; + void *cache_marker; int opt_data, opt_check, opt_no_ask, opt_qualbar; int opt_repeat = 0; - char *entry_errtext = NULL; - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + char *repeat_errtext = NULL; opt_data = has_option (line, "--data"); opt_check = has_option (line, "--check"); @@ -1486,7 +1231,7 @@ } } } - if (!*cacheid || strlen (cacheid) > 50) + if (!cacheid || !*cacheid || strlen (cacheid) > 50) return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID"); if (!desc) return set_error (GPG_ERR_ASS_PARAMETER, "no description given"); @@ -1500,11 +1245,12 @@ if (!strcmp (desc, "X")) desc = NULL; - pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_USER) : NULL; + pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_USER, &cache_marker) + : NULL; if (pw) { rc = send_back_passphrase (ctx, opt_data, pw); - xfree (pw); + agent_unlock_cache_entry (&cache_marker); } else if (opt_no_ask) rc = gpg_error (GPG_ERR_NO_DATA); @@ -1523,16 +1269,15 @@ next_try: rc = agent_get_passphrase (ctrl, &response, desc, prompt, - entry_errtext? entry_errtext:errtext, - opt_qualbar, cacheid, CACHE_MODE_USER); - xfree (entry_errtext); - entry_errtext = NULL; + repeat_errtext? repeat_errtext:errtext, + opt_qualbar, cacheid, CACHE_MODE_USER); + xfree (repeat_errtext); + repeat_errtext = NULL; if (!rc) { int i; - if (opt_check - && check_passphrase_constraints (ctrl, response, &entry_errtext)) + if (opt_check && check_passphrase_constraints (ctrl, response, 0)) { xfree (response); goto next_try; @@ -1550,9 +1295,9 @@ { xfree (response2); xfree (response); - entry_errtext = try_percent_escape + repeat_errtext = try_percent_escape (_("does not match - try again"), NULL); - if (!entry_errtext) + if (!repeat_errtext) { rc = gpg_error_from_syserror (); break; @@ -1571,30 +1316,23 @@ } } - return leave_cmd (ctx, rc); + if (rc) + log_error ("command get_passphrase failed: %s\n", gpg_strerror (rc)); + return rc; } static const char hlp_clear_passphrase[] = - "CLEAR_PASSPHRASE [--mode=normal] \n" + "CLEAR_PASSPHRASE \n" "\n" "may be used to invalidate the cache entry for a passphrase. The\n" - "function returns with OK even when there is no cached passphrase.\n" - "The --mode=normal option is used to clear an entry for a cacheid\n" - "added by the agent.\n"; + "function returns with OK even when there is no cached passphrase."; static gpg_error_t cmd_clear_passphrase (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); char *cacheid = NULL; char *p; - int opt_normal; - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - - opt_normal = has_option (line, "--mode=normal"); - line = skip_options (line); /* parse the stuff */ for (p=line; *p == ' '; p++) @@ -1603,14 +1341,12 @@ p = strchr (cacheid, ' '); if (p) *p = 0; /* ignore garbage */ - if (!*cacheid || strlen (cacheid) > 50) + if (!cacheid || !*cacheid || strlen (cacheid) > 50) return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID"); - agent_put_cache (cacheid, opt_normal ? CACHE_MODE_NORMAL : CACHE_MODE_USER, - NULL, 0); + agent_put_cache (cacheid, CACHE_MODE_USER, NULL, 0); - agent_clear_passphrase (ctrl, cacheid, - opt_normal ? CACHE_MODE_NORMAL : CACHE_MODE_USER); + agent_clear_passphrase (ctrl, cacheid, CACHE_MODE_USER); return 0; } @@ -1635,9 +1371,6 @@ char *desc = NULL; char *p; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - /* parse the stuff */ for (p=line; *p == ' '; p++) ; @@ -1646,7 +1379,7 @@ if (p) *p = 0; /* We ignore any garbage -may be later used for other args. */ - if (!*desc) + if (!desc || !*desc) return set_error (GPG_ERR_ASS_PARAMETER, "no description given"); if (!strcmp (desc, "X")) @@ -1660,222 +1393,96 @@ plus_to_blank (desc); rc = agent_get_confirmation (ctrl, desc, NULL, NULL, 0); - return leave_cmd (ctx, rc); + if (rc) + log_error ("command get_confirmation failed: %s\n", gpg_strerror (rc)); + return rc; } static const char hlp_learn[] = - "LEARN [--send] [--sendinfo] [--force]\n" + "LEARN [--send]\n" "\n" "Learn something about the currently inserted smartcard. With\n" - "--sendinfo information about the card is returned; with --send\n" - "the available certificates are returned as D lines; with --force\n" - "private key storage will be updated by the result."; + "--send the new certificates are send back."; static gpg_error_t cmd_learn (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); - gpg_error_t err; - int send, sendinfo, force; - - send = has_option (line, "--send"); - sendinfo = send? 1 : has_option (line, "--sendinfo"); - force = has_option (line, "--force"); - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + int rc; - err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL, force); - return leave_cmd (ctx, err); + rc = agent_handle_learn (ctrl, has_option (line, "--send")? ctx : NULL); + if (rc) + log_error ("command learn failed: %s\n", gpg_strerror (rc)); + return rc; } static const char hlp_passwd[] = - "PASSWD [--cache-nonce=] [--passwd-nonce=] [--preset]\n" - " [--verify] \n" + "PASSWD \n" "\n" - "Change the passphrase/PIN for the key identified by keygrip in LINE. If\n" - "--preset is used then the new passphrase will be added to the cache.\n" - "If --verify is used the command asks for the passphrase and verifies\n" - "that the passphrase valid.\n"; + "Change the passphrase/PIN for the key identified by keygrip in LINE."; static gpg_error_t cmd_passwd (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); - gpg_error_t err; - int c; - char *cache_nonce = NULL; - char *passwd_nonce = NULL; + int rc; unsigned char grip[20]; gcry_sexp_t s_skey = NULL; unsigned char *shadow_info = NULL; - char *passphrase = NULL; - char *pend; - int opt_preset, opt_verify; - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - - opt_preset = has_option (line, "--preset"); - cache_nonce = option_value (line, "--cache-nonce"); - opt_verify = has_option (line, "--verify"); - if (cache_nonce) - { - for (pend = cache_nonce; *pend && !spacep (pend); pend++) - ; - c = *pend; - *pend = '\0'; - cache_nonce = xtrystrdup (cache_nonce); - *pend = c; - if (!cache_nonce) - { - err = gpg_error_from_syserror (); - goto leave; - } - } - - passwd_nonce = option_value (line, "--passwd-nonce"); - if (passwd_nonce) - { - for (pend = passwd_nonce; *pend && !spacep (pend); pend++) - ; - c = *pend; - *pend = '\0'; - passwd_nonce = xtrystrdup (passwd_nonce); - *pend = c; - if (!passwd_nonce) - { - err = gpg_error_from_syserror (); - goto leave; - } - } - line = skip_options (line); - - err = parse_keygrip (ctx, line, grip); - if (err) + rc = parse_keygrip (ctx, line, grip); + if (rc) goto leave; ctrl->in_passwd++; - err = agent_key_from_file (ctrl, - opt_verify? NULL : cache_nonce, - ctrl->server_local->keydesc, - grip, &shadow_info, CACHE_MODE_IGNORE, NULL, - &s_skey, &passphrase); - if (err) + rc = agent_key_from_file (ctrl, ctrl->server_local->keydesc, + grip, &shadow_info, CACHE_MODE_IGNORE, NULL, + &s_skey); + if (rc) ; - else if (shadow_info) + else if (!s_skey) { log_error ("changing a smartcard PIN is not yet supported\n"); - err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); - } - else if (opt_verify) - { - /* All done. */ + rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); } else - { - char *newpass = NULL; - - if (passwd_nonce) - newpass = agent_get_cache (passwd_nonce, CACHE_MODE_NONCE); - err = agent_protect_and_store (ctrl, s_skey, &newpass); - if (!err && passphrase) - { - /* A passphrase existed on the old key and the change was - successful. Return a nonce for that old passphrase to - let the caller try to unprotect the other subkeys with - the same key. */ - if (!cache_nonce) - { - char buf[12]; - gcry_create_nonce (buf, 12); - cache_nonce = bin2hex (buf, 12, NULL); - } - if (cache_nonce - && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, - passphrase, CACHE_TTL_NONCE)) - { - assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); - xfree (ctrl->server_local->last_cache_nonce); - ctrl->server_local->last_cache_nonce = cache_nonce; - cache_nonce = NULL; - } - if (newpass) - { - /* If we have a new passphrase (which might be empty) we - store it under a passwd nonce so that the caller may - send that nonce again to use it for another key. */ - if (!passwd_nonce) - { - char buf[12]; - gcry_create_nonce (buf, 12); - passwd_nonce = bin2hex (buf, 12, NULL); - } - if (passwd_nonce - && !agent_put_cache (passwd_nonce, CACHE_MODE_NONCE, - newpass, CACHE_TTL_NONCE)) - { - assuan_write_status (ctx, "PASSWD_NONCE", passwd_nonce); - xfree (ctrl->server_local->last_passwd_nonce); - ctrl->server_local->last_passwd_nonce = passwd_nonce; - passwd_nonce = NULL; - } - } - } - if (!err && opt_preset) - { - char hexgrip[40+1]; - bin2hex(grip, 20, hexgrip); - err = agent_put_cache (hexgrip, CACHE_MODE_ANY, newpass, - ctrl->cache_ttl_opt_preset); - } - xfree (newpass); - } + rc = agent_protect_and_store (ctrl, s_skey); ctrl->in_passwd--; xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; leave: - xfree (passphrase); gcry_sexp_release (s_skey); xfree (shadow_info); - xfree (cache_nonce); - return leave_cmd (ctx, err); + if (rc) + log_error ("command passwd failed: %s\n", gpg_strerror (rc)); + return rc; } static const char hlp_preset_passphrase[] = - "PRESET_PASSPHRASE [--inquire] []\n" + "PRESET_PASSPHRASE \n" "\n" "Set the cached passphrase/PIN for the key identified by the keygrip\n" "to passwd for the given time, where -1 means infinite and 0 means\n" "the default (currently only a timeout of -1 is allowed, which means\n" "to never expire it). If passwd is not provided, ask for it via the\n" - "pinentry module unless --inquire is passed in which case the passphrase\n" - "is retrieved from the client via a server inquire.\n"; + "pinentry module."; static gpg_error_t cmd_preset_passphrase (assuan_context_t ctx, char *line) { - ctrl_t ctrl = assuan_get_pointer (ctx); int rc; char *grip_clear = NULL; - unsigned char *passphrase = NULL; + char *passphrase = NULL; int ttl; size_t len; - int opt_inquire; - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); if (!opt.allow_preset_passphrase) return set_error (GPG_ERR_NOT_SUPPORTED, "no --allow-preset-passphrase"); - opt_inquire = has_option (line, "--inquire"); - line = skip_options (line); grip_clear = line; while (*line && (*line != ' ' && *line != '\t')) line++; @@ -1906,40 +1513,21 @@ required. */ if (*line) { - if (opt_inquire) - { - rc = set_error (GPG_ERR_ASS_PARAMETER, - "both --inquire and passphrase specified"); - goto leave; - } - /* Do in-place conversion. */ passphrase = line; if (!hex2str (passphrase, passphrase, strlen (passphrase)+1, NULL)) rc = set_error (GPG_ERR_ASS_PARAMETER, "invalid hexstring"); } - else if (opt_inquire) - { - /* Note that the passphrase will be truncated at any null byte and the - * limit is 480 characters. */ - size_t maxlen = 480; - - rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%zu", maxlen); - if (!rc) - rc = assuan_inquire (ctx, "PASSPHRASE", &passphrase, &len, maxlen); - } else rc = set_error (GPG_ERR_NOT_IMPLEMENTED, "passphrase is required"); if (!rc) - { - rc = agent_put_cache (grip_clear, CACHE_MODE_ANY, passphrase, ttl); - if (opt_inquire) - xfree (passphrase); - } + rc = agent_put_cache (grip_clear, CACHE_MODE_ANY, passphrase, ttl); -leave: - return leave_cmd (ctx, rc); + if (rc) + log_error ("command preset_passphrase failed: %s\n", gpg_strerror (rc)); + + return rc; } @@ -1955,9 +1543,6 @@ ctrl_t ctrl = assuan_get_pointer (ctx); int rc; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - rc = divert_generic_cmd (ctrl, line, ctx); return rc; @@ -1965,583 +1550,24 @@ -static const char hlp_keywrap_key[] = - "KEYWRAP_KEY [--clear] \n" +static const char hlp_getval[] = + "GETVAL \n" "\n" - "Return a key to wrap another key. For now the key is returned\n" - "verbatim and and thus makes not much sense because an eavesdropper on\n" - "the gpg-agent connection will see the key as well as the wrapped key.\n" - "However, this function may either be equipped with a public key\n" - "mechanism or not used at all if the key is a pre-shared key. In any\n" - "case wrapping the import and export of keys is a requirement for\n" - "certain cryptographic validations and thus useful. The key persists\n" - "a RESET command but may be cleared using the option --clear.\n" - "\n" - "Supported modes are:\n" - " --import - Return a key to import a key into gpg-agent\n" - " --export - Return a key to export a key from gpg-agent"; + "Return the value for KEY from the special environment as created by\n" + "PUTVAL."; static gpg_error_t -cmd_keywrap_key (assuan_context_t ctx, char *line) +cmd_getval (assuan_context_t ctx, char *line) { - ctrl_t ctrl = assuan_get_pointer (ctx); - gpg_error_t err = 0; - int clearopt = has_option (line, "--clear"); - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + int rc = 0; + char *key = NULL; + char *p; + struct putval_item_s *vl; - assuan_begin_confidential (ctx); - if (has_option (line, "--import")) - { - xfree (ctrl->server_local->import_key); - if (clearopt) - ctrl->server_local->import_key = NULL; - else if (!(ctrl->server_local->import_key = - gcry_random_bytes (KEYWRAP_KEYSIZE, GCRY_STRONG_RANDOM))) - err = gpg_error_from_syserror (); - else - err = assuan_send_data (ctx, ctrl->server_local->import_key, - KEYWRAP_KEYSIZE); - } - else if (has_option (line, "--export")) - { - xfree (ctrl->server_local->export_key); - if (clearopt) - ctrl->server_local->export_key = NULL; - else if (!(ctrl->server_local->export_key = - gcry_random_bytes (KEYWRAP_KEYSIZE, GCRY_STRONG_RANDOM))) - err = gpg_error_from_syserror (); - else - err = assuan_send_data (ctx, ctrl->server_local->export_key, - KEYWRAP_KEYSIZE); - } - else - err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for MODE"); - assuan_end_confidential (ctx); - - return leave_cmd (ctx, err); -} - - - -static const char hlp_import_key[] = - "IMPORT_KEY [--unattended] []\n" - "\n" - "Import a secret key into the key store. The key is expected to be\n" - "encrypted using the current session's key wrapping key (cf. command\n" - "KEYWRAP_KEY) using the AESWRAP-128 algorithm. This function takes\n" - "no arguments but uses the inquiry \"KEYDATA\" to ask for the actual\n" - "key data. The unwrapped key must be a canonical S-expression. The\n" - "option --unattended tries to import the key as-is without any\n" - "re-encryption"; -static gpg_error_t -cmd_import_key (assuan_context_t ctx, char *line) -{ - ctrl_t ctrl = assuan_get_pointer (ctx); - gpg_error_t err; - int opt_unattended; - unsigned char *wrappedkey = NULL; - size_t wrappedkeylen; - gcry_cipher_hd_t cipherhd = NULL; - unsigned char *key = NULL; - size_t keylen, realkeylen; - char *passphrase = NULL; - unsigned char *finalkey = NULL; - size_t finalkeylen; - unsigned char grip[20]; - gcry_sexp_t openpgp_sexp = NULL; - char *cache_nonce = NULL; - char *p; - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - - if (!ctrl->server_local->import_key) - { - err = gpg_error (GPG_ERR_MISSING_KEY); - goto leave; - } - - opt_unattended = has_option (line, "--unattended"); - line = skip_options (line); - - p = line; - for (p=line; *p && *p != ' ' && *p != '\t'; p++) - ; - *p = '\0'; - if (*line) - cache_nonce = xtrystrdup (line); - - assuan_begin_confidential (ctx); - err = assuan_inquire (ctx, "KEYDATA", - &wrappedkey, &wrappedkeylen, MAXLEN_KEYDATA); - assuan_end_confidential (ctx); - if (err) - goto leave; - if (wrappedkeylen < 24) - { - err = gpg_error (GPG_ERR_INV_LENGTH); - goto leave; - } - keylen = wrappedkeylen - 8; - key = xtrymalloc_secure (keylen); - if (!key) - { - err = gpg_error_from_syserror (); - goto leave; - } - - err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128, - GCRY_CIPHER_MODE_AESWRAP, 0); - if (err) - goto leave; - err = gcry_cipher_setkey (cipherhd, - ctrl->server_local->import_key, KEYWRAP_KEYSIZE); - if (err) - goto leave; - err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen); - if (err) - goto leave; - gcry_cipher_close (cipherhd); - cipherhd = NULL; - xfree (wrappedkey); - wrappedkey = NULL; - - realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err); - if (!realkeylen) - goto leave; /* Invalid canonical encoded S-expression. */ - - err = keygrip_from_canon_sexp (key, realkeylen, grip); - if (err) - { - /* This might be due to an unsupported S-expression format. - Check whether this is openpgp-private-key and trigger that - import code. */ - if (!gcry_sexp_sscan (&openpgp_sexp, NULL, key, realkeylen)) - { - const char *tag; - size_t taglen; - - tag = gcry_sexp_nth_data (openpgp_sexp, 0, &taglen); - if (tag && taglen == 19 && !memcmp (tag, "openpgp-private-key", 19)) - ; - else - { - gcry_sexp_release (openpgp_sexp); - openpgp_sexp = NULL; - } - } - if (!openpgp_sexp) - goto leave; /* Note that ERR is still set. */ - } - - - if (openpgp_sexp) - { - /* In most cases the key is encrypted and thus the conversion - function from the OpenPGP format to our internal format will - ask for a passphrase. That passphrase will be returned and - used to protect the key using the same code as for regular - key import. */ - - xfree (key); - key = NULL; - err = convert_from_openpgp (ctrl, openpgp_sexp, grip, - ctrl->server_local->keydesc, cache_nonce, - &key, opt_unattended? NULL : &passphrase); - if (err) - goto leave; - realkeylen = gcry_sexp_canon_len (key, 0, NULL, &err); - if (!realkeylen) - goto leave; /* Invalid canonical encoded S-expression. */ - if (passphrase) - { - assert (!opt_unattended); - if (!cache_nonce) - { - char buf[12]; - gcry_create_nonce (buf, 12); - cache_nonce = bin2hex (buf, 12, NULL); - } - if (cache_nonce - && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, - passphrase, CACHE_TTL_NONCE)) - assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); - } - } - else if (opt_unattended) - { - err = set_error (GPG_ERR_ASS_PARAMETER, - "\"--unattended\" may only be used with OpenPGP keys"); - goto leave; - } - else - { - if (!agent_key_available (grip)) - err = gpg_error (GPG_ERR_EEXIST); - else - { - char *prompt = xtryasprintf - (_("Please enter the passphrase to protect the " - "imported object within the %s system."), GNUPG_NAME); - if (!prompt) - err = gpg_error_from_syserror (); - else - err = agent_ask_new_passphrase (ctrl, prompt, &passphrase); - xfree (prompt); - } - if (err) - goto leave; - } - - if (passphrase) - { - err = agent_protect (key, passphrase, &finalkey, &finalkeylen, - ctrl->s2k_count); - if (!err) - err = agent_write_private_key (grip, finalkey, finalkeylen, 0); - } - else - err = agent_write_private_key (grip, key, realkeylen, 0); - - leave: - gcry_sexp_release (openpgp_sexp); - xfree (finalkey); - xfree (passphrase); - xfree (key); - gcry_cipher_close (cipherhd); - xfree (wrappedkey); - xfree (cache_nonce); - xfree (ctrl->server_local->keydesc); - ctrl->server_local->keydesc = NULL; - return leave_cmd (ctx, err); -} - - - -static const char hlp_export_key[] = - "EXPORT_KEY [--cache-nonce=] [--openpgp] \n" - "\n" - "Export a secret key from the key store. The key will be encrypted\n" - "using the current session's key wrapping key (cf. command KEYWRAP_KEY)\n" - "using the AESWRAP-128 algorithm. The caller needs to retrieve that key\n" - "prior to using this command. The function takes the keygrip as argument.\n"; -static gpg_error_t -cmd_export_key (assuan_context_t ctx, char *line) -{ - ctrl_t ctrl = assuan_get_pointer (ctx); - gpg_error_t err; - unsigned char grip[20]; - gcry_sexp_t s_skey = NULL; - unsigned char *key = NULL; - size_t keylen; - gcry_cipher_hd_t cipherhd = NULL; - unsigned char *wrappedkey = NULL; - size_t wrappedkeylen; - int openpgp; - char *cache_nonce; - char *passphrase = NULL; - unsigned char *shadow_info = NULL; - char *pend; - int c; - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - - openpgp = has_option (line, "--openpgp"); - cache_nonce = option_value (line, "--cache-nonce"); - if (cache_nonce) - { - for (pend = cache_nonce; *pend && !spacep (pend); pend++) - ; - c = *pend; - *pend = '\0'; - cache_nonce = xtrystrdup (cache_nonce); - *pend = c; - if (!cache_nonce) - { - err = gpg_error_from_syserror (); - goto leave; - } - } - line = skip_options (line); - - if (!ctrl->server_local->export_key) - { - err = set_error (GPG_ERR_MISSING_KEY, "did you run KEYWRAP_KEY ?"); - goto leave; - } - - err = parse_keygrip (ctx, line, grip); - if (err) - goto leave; - - if (agent_key_available (grip)) - { - err = gpg_error (GPG_ERR_NO_SECKEY); - goto leave; - } - - /* Get the key from the file. With the openpgp flag we also ask for - the passphrase so that we can use it to re-encrypt it. */ - err = agent_key_from_file (ctrl, cache_nonce, - ctrl->server_local->keydesc, grip, - &shadow_info, CACHE_MODE_IGNORE, NULL, &s_skey, - openpgp ? &passphrase : NULL); - if (err) - goto leave; - if (shadow_info) - { - /* Key is on a smartcard. */ - err = gpg_error (GPG_ERR_UNUSABLE_SECKEY); - goto leave; - } - - if (openpgp) - { - /* The openpgp option changes the key format into the OpenPGP - key transfer format. The result is already a padded - canonical S-expression. */ - if (!passphrase) - { - err = agent_ask_new_passphrase - (ctrl, _("This key (or subkey) is not protected with a passphrase." - " Please enter a new passphrase to export it."), - &passphrase); - if (err) - goto leave; - } - err = convert_to_openpgp (ctrl, s_skey, passphrase, &key, &keylen); - if (!err && passphrase) - { - if (!cache_nonce) - { - char buf[12]; - gcry_create_nonce (buf, 12); - cache_nonce = bin2hex (buf, 12, NULL); - } - if (cache_nonce - && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, - passphrase, CACHE_TTL_NONCE)) - { - assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); - xfree (ctrl->server_local->last_cache_nonce); - ctrl->server_local->last_cache_nonce = cache_nonce; - cache_nonce = NULL; - } - } - } - else - { - /* Convert into a canonical S-expression and wrap that. */ - err = make_canon_sexp_pad (s_skey, 1, &key, &keylen); - } - if (err) - goto leave; - gcry_sexp_release (s_skey); - s_skey = NULL; - - err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128, - GCRY_CIPHER_MODE_AESWRAP, 0); - if (err) - goto leave; - err = gcry_cipher_setkey (cipherhd, - ctrl->server_local->export_key, KEYWRAP_KEYSIZE); - if (err) - goto leave; - - wrappedkeylen = keylen + 8; - wrappedkey = xtrymalloc (wrappedkeylen); - if (!wrappedkey) - { - err = gpg_error_from_syserror (); - goto leave; - } - - err = gcry_cipher_encrypt (cipherhd, wrappedkey, wrappedkeylen, key, keylen); - if (err) - goto leave; - xfree (key); - key = NULL; - gcry_cipher_close (cipherhd); - cipherhd = NULL; - - assuan_begin_confidential (ctx); - err = assuan_send_data (ctx, wrappedkey, wrappedkeylen); - assuan_end_confidential (ctx); - - - leave: - xfree (cache_nonce); - xfree (passphrase); - xfree (wrappedkey); - gcry_cipher_close (cipherhd); - xfree (key); - gcry_sexp_release (s_skey); - xfree (ctrl->server_local->keydesc); - ctrl->server_local->keydesc = NULL; - xfree (shadow_info); - - return leave_cmd (ctx, err); -} - - - -static const char hlp_delete_key[] = - "DELETE_KEY \n" - "\n" - "Delete a secret key from the key store.\n" - "As safeguard the agent asks the user for confirmation.\n"; -static gpg_error_t -cmd_delete_key (assuan_context_t ctx, char *line) -{ - ctrl_t ctrl = assuan_get_pointer (ctx); - gpg_error_t err; - unsigned char grip[20]; - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - - line = skip_options (line); - - err = parse_keygrip (ctx, line, grip); - if (err) - goto leave; - - err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip); - if (err) - goto leave; - - leave: - xfree (ctrl->server_local->keydesc); - ctrl->server_local->keydesc = NULL; - - return leave_cmd (ctx, err); -} - - - -static const char hlp_keytocard[] = - "KEYTOCARD [--force] \n" - "\n"; -static gpg_error_t -cmd_keytocard (assuan_context_t ctx, char *line) -{ - ctrl_t ctrl = assuan_get_pointer (ctx); - int force; - gpg_error_t err = 0; - unsigned char grip[20]; - gcry_sexp_t s_skey = NULL; - unsigned char *keydata; - size_t keydatalen, timestamplen; - const char *serialno, *timestamp_str, *id; - unsigned char *shadow_info = NULL; - time_t timestamp; - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - - force = has_option (line, "--force"); - line = skip_options (line); - - err = parse_keygrip (ctx, line, grip); - if (err) - return err; - - if (agent_key_available (grip)) - return gpg_error (GPG_ERR_NO_SECKEY); - - line += 40; - while (*line && (*line == ' ' || *line == '\t')) - line++; - serialno = line; - while (*line && (*line != ' ' && *line != '\t')) - line++; - if (!*line) - return gpg_error (GPG_ERR_MISSING_VALUE); - *line = '\0'; - line++; - while (*line && (*line == ' ' || *line == '\t')) - line++; - id = line; - while (*line && (*line != ' ' && *line != '\t')) - line++; - if (!*line) - return gpg_error (GPG_ERR_MISSING_VALUE); - *line = '\0'; - line++; - while (*line && (*line == ' ' || *line == '\t')) - line++; - timestamp_str = line; - while (*line && (*line != ' ' && *line != '\t')) - line++; - if (*line) - *line = '\0'; - timestamplen = line - timestamp_str; - if (timestamplen != 15) - return gpg_error (GPG_ERR_INV_VALUE); - - err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, - &shadow_info, CACHE_MODE_IGNORE, NULL, - &s_skey, NULL); - if (err) - { - xfree (shadow_info); - return err; - } - if (shadow_info) - { - /* Key is on a smartcard already. */ - xfree (shadow_info); - gcry_sexp_release (s_skey); - return gpg_error (GPG_ERR_UNUSABLE_SECKEY); - } - - keydatalen = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0); - keydata = xtrymalloc_secure (keydatalen + 30); - if (keydata == NULL) - { - gcry_sexp_release (s_skey); - return gpg_error_from_syserror (); - } - - gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, keydata, keydatalen); - gcry_sexp_release (s_skey); - keydatalen--; /* Decrement for last '\0'. */ - /* Add timestamp "created-at" in the private key */ - timestamp = isotime2epoch (timestamp_str); - snprintf (keydata+keydatalen-1, 30, "(10:created-at10:%010lu))", timestamp); - keydatalen += 10 + 19 - 1; - err = divert_writekey (ctrl, force, serialno, id, keydata, keydatalen); - xfree (keydata); - - return leave_cmd (ctx, err); -} - - - -static const char hlp_getval[] = - "GETVAL \n" - "\n" - "Return the value for KEY from the special environment as created by\n" - "PUTVAL."; -static gpg_error_t -cmd_getval (assuan_context_t ctx, char *line) -{ - ctrl_t ctrl = assuan_get_pointer (ctx); - int rc = 0; - char *key = NULL; - char *p; - struct putval_item_s *vl; - - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - - for (p=line; *p == ' '; p++) - ; - key = p; - p = strchr (key, ' '); - if (p) + for (p=line; *p == ' '; p++) + ; + key = p; + p = strchr (key, ' '); + if (p) { *p++ = 0; for (; *p == ' '; p++) @@ -2549,7 +1575,7 @@ if (*p) return set_error (GPG_ERR_ASS_PARAMETER, "too many arguments"); } - if (!*key) + if (!key || !*key) return set_error (GPG_ERR_ASS_PARAMETER, "no key given"); @@ -2562,7 +1588,9 @@ else return gpg_error (GPG_ERR_NO_DATA); - return leave_cmd (ctx, rc); + if (rc) + log_error ("command getval failed: %s\n", gpg_strerror (rc)); + return rc; } @@ -2587,7 +1615,6 @@ static gpg_error_t cmd_putval (assuan_context_t ctx, char *line) { - ctrl_t ctrl = assuan_get_pointer (ctx); int rc = 0; char *key = NULL; char *value = NULL; @@ -2595,9 +1622,6 @@ char *p; struct putval_item_s *vl, *vlprev; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - for (p=line; *p == ' '; p++) ; key = p; @@ -2616,7 +1640,7 @@ valuelen = percent_plus_unescape_inplace (value, 0); } } - if (!*key) + if (!key || !*key) return set_error (GPG_ERR_ASS_PARAMETER, "no key given"); @@ -2649,7 +1673,9 @@ } } - return leave_cmd (ctx, rc); + if (rc) + log_error ("command putval failed: %s\n", gpg_strerror (rc)); + return rc; } @@ -2676,9 +1702,6 @@ (void)line; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - se = session_env_new (); if (!se) err = gpg_error_from_syserror (); @@ -2722,7 +1745,8 @@ static const char hlp_killagent[] = "KILLAGENT\n" "\n" - "Stop the agent."; + "If the agent has been started using a standard socket\n" + "we allow a client to stop the agent."; static gpg_error_t cmd_killagent (assuan_context_t ctx, char *line) { @@ -2730,12 +1754,11 @@ (void)line; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + if (!opt.use_standard_socket) + return set_error (GPG_ERR_NOT_SUPPORTED, "no --use-standard-socket"); ctrl->server_local->stopme = 1; - assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1); - return 0; + return gpg_error (GPG_ERR_EOF); } @@ -2747,13 +1770,9 @@ static gpg_error_t cmd_reloadagent (assuan_context_t ctx, char *line) { - ctrl_t ctrl = assuan_get_pointer (ctx); - + (void)ctx; (void)line; - if (ctrl->restricted) - return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - agent_sighup_action (); return 0; } @@ -2771,13 +1790,10 @@ " socket_name - Return the name of the socket.\n" " ssh_socket_name - Return the name of the ssh socket.\n" " scd_running - Return OK if the SCdaemon is already running.\n" - " s2k_count - Return the calibrated S2K count.\n" - " std_env_names - List the names of the standard environment.\n" " std_session_env - List the standard session environment.\n" " std_startup_env - List the standard startup environment.\n" " cmd_has_option\n" - " - Returns OK if the command CMD implements the option OPT.\n" - " restricted - Returns OK if the connection is in restricted mode.\n"; + " - Returns OK if the command CMD implements the option OPT."; static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) { @@ -2789,54 +1805,6 @@ const char *s = VERSION; rc = assuan_send_data (ctx, s, strlen (s)); } - else if (!strncmp (line, "cmd_has_option", 14) - && (line[14] == ' ' || line[14] == '\t' || !line[14])) - { - char *cmd, *cmdopt; - line += 14; - while (*line == ' ' || *line == '\t') - line++; - if (!*line) - rc = gpg_error (GPG_ERR_MISSING_VALUE); - else - { - cmd = line; - while (*line && (*line != ' ' && *line != '\t')) - line++; - if (!*line) - rc = gpg_error (GPG_ERR_MISSING_VALUE); - else - { - *line++ = 0; - while (*line == ' ' || *line == '\t') - line++; - if (!*line) - rc = gpg_error (GPG_ERR_MISSING_VALUE); - else - { - cmdopt = line; - if (!command_has_option (cmd, cmdopt)) - rc = gpg_error (GPG_ERR_GENERAL); - } - } - } - } - else if (!strcmp (line, "s2k_count")) - { - char numbuf[50]; - - snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_count ()); - rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); - } - else if (!strcmp (line, "restricted")) - { - rc = ctrl->restricted? 0 : gpg_error (GPG_ERR_GENERAL); - } - else if (ctrl->restricted) - { - rc = gpg_error (GPG_ERR_FORBIDDEN); - } - /* All sub-commands below are not allowed in restricted mode. */ else if (!strcmp (line, "pid")) { char numbuf[50]; @@ -2866,20 +1834,12 @@ { rc = agent_scd_check_running ()? 0 : gpg_error (GPG_ERR_GENERAL); } - else if (!strcmp (line, "std_env_names")) + else if (!strcmp (line, "s2k_count")) { - int iterator; - const char *name; + char numbuf[50]; - iterator = 0; - while ((name = session_env_list_stdenvnames (&iterator, NULL))) - { - rc = assuan_send_data (ctx, name, strlen (name)+1); - if (!rc) - rc = assuan_send_data (ctx, NULL, 0); - if (rc) - break; - } + snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_count ()); + rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); } else if (!strcmp (line, "std_session_env") || !strcmp (line, "std_startup_env")) @@ -2909,6 +1869,38 @@ } } } + else if (!strncmp (line, "cmd_has_option", 14) + && (line[14] == ' ' || line[14] == '\t' || !line[14])) + { + char *cmd, *cmdopt; + line += 14; + while (*line == ' ' || *line == '\t') + line++; + if (!*line) + rc = gpg_error (GPG_ERR_MISSING_VALUE); + else + { + cmd = line; + while (*line && (*line != ' ' && *line != '\t')) + line++; + if (!*line) + rc = gpg_error (GPG_ERR_MISSING_VALUE); + else + { + *line++ = 0; + while (*line == ' ' || *line == '\t') + line++; + if (!*line) + rc = gpg_error (GPG_ERR_MISSING_VALUE); + else + { + cmdopt = line; + if (!command_has_option (cmd, cmdopt)) + rc = gpg_error (GPG_ERR_GENERAL); + } + } + } + } else rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); return rc; @@ -2916,27 +1908,13 @@ -/* This function is called by Libassuan to parse the OPTION command. - It has been registered similar to the other Assuan commands. */ static gpg_error_t option_handler (assuan_context_t ctx, const char *key, const char *value) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; - if (!strcmp (key, "agent-awareness")) - { - /* The value is a version string telling us of which agent - version the caller is aware of. */ - ctrl->server_local->allow_fully_canceled = - gnupg_compare_version (value, "2.1.0"); - } - else if (ctrl->restricted) - { - err = gpg_error (GPG_ERR_FORBIDDEN); - } - /* All options below are not allowed in restricted mode. */ - else if (!strcmp (key, "putenv")) + if (!strcmp (key, "putenv")) { /* Change the session's environment to be used for the Pinentry. Valid values are: @@ -2988,28 +1966,6 @@ ctrl->server_local->use_cache_for_signing = *value? atoi (value) : 0; else if (!strcmp (key, "allow-pinentry-notify")) ctrl->server_local->allow_pinentry_notify = 1; - else if (!strcmp (key, "pinentry-mode")) - { - int tmp = parse_pinentry_mode (value); - if (tmp == -1) - err = gpg_error (GPG_ERR_INV_VALUE); - else if (tmp == PINENTRY_MODE_LOOPBACK && !opt.allow_loopback_pinentry) - err = gpg_error (GPG_ERR_NOT_SUPPORTED); - else - ctrl->pinentry_mode = tmp; - } - else if (!strcmp (key, "cache-ttl-opt-preset")) - { - ctrl->cache_ttl_opt_preset = *value? atoi (value) : 0; - } - else if (!strcmp (key, "s2k-count")) - { - ctrl->s2k_count = *value? strtoul(value, NULL, 10) : 0; - if (ctrl->s2k_count && ctrl->s2k_count < 65536) - { - ctrl->s2k_count = 0; - } - } else err = gpg_error (GPG_ERR_UNKNOWN_OPTION); @@ -3074,8 +2030,7 @@ } -/* Tell Libassuan about our commands. Also register the other Assuan - handlers. */ +/* Tell the assuan library about our commands */ static int register_commands (assuan_context_t ctx) { @@ -3107,17 +2062,12 @@ { "INPUT", NULL }, { "OUTPUT", NULL }, { "SCD", cmd_scd, hlp_scd }, - { "KEYWRAP_KEY", cmd_keywrap_key, hlp_keywrap_key }, - { "IMPORT_KEY", cmd_import_key, hlp_import_key }, - { "EXPORT_KEY", cmd_export_key, hlp_export_key }, - { "DELETE_KEY", cmd_delete_key, hlp_delete_key }, { "GETVAL", cmd_getval, hlp_getval }, { "PUTVAL", cmd_putval, hlp_putval }, { "UPDATESTARTUPTTY", cmd_updatestartuptty, hlp_updatestartuptty }, { "KILLAGENT", cmd_killagent, hlp_killagent }, { "RELOADAGENT", cmd_reloadagent,hlp_reloadagent }, { "GETINFO", cmd_getinfo, hlp_getinfo }, - { "KEYTOCARD", cmd_keytocard, hlp_keytocard }, { NULL } }; int i, rc; @@ -3146,12 +2096,6 @@ int rc; assuan_context_t ctx = NULL; - if (ctrl->restricted) - { - if (agent_copy_startup_env (ctrl)) - return; - } - rc = assuan_new (&ctx); if (rc) { @@ -3194,6 +2138,7 @@ assuan_set_pointer (ctx, ctrl); ctrl->server_local = xcalloc (1, sizeof *ctrl->server_local); ctrl->server_local->assuan_ctx = ctx; + ctrl->server_local->message_fd = -1; ctrl->server_local->use_cache_for_signing = 1; ctrl->digest.raw_value = 0; @@ -3220,9 +2165,6 @@ } } - /* Reset the nonce caches. */ - clear_nonce_cache (ctrl); - /* Reset the SCD if needed. */ agent_reset_scd (ctrl); @@ -3231,32 +2173,9 @@ /* Cleanup. */ assuan_release (ctx); - xfree (ctrl->server_local->keydesc); - xfree (ctrl->server_local->import_key); - xfree (ctrl->server_local->export_key); if (ctrl->server_local->stopme) agent_exit (0); xfree (ctrl->server_local); ctrl->server_local = NULL; } - -/* Helper for the pinentry loopback mode. It merely passes the - parameters on to the client. */ -gpg_error_t -pinentry_loopback(ctrl_t ctrl, const char *keyword, - unsigned char **buffer, size_t *size, - size_t max_length) -{ - gpg_error_t rc; - assuan_context_t ctx = ctrl->server_local->assuan_ctx; - - rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%zu", max_length); - if (rc) - return rc; - - assuan_begin_confidential (ctx); - rc = assuan_inquire (ctx, keyword, buffer, size, max_length); - assuan_end_confidential (ctx); - return rc; -} diff -Nru gnupg2-2.1.6/agent/command-ssh.c gnupg2-2.0.28/agent/command-ssh.c --- gnupg2-2.1.6/agent/command-ssh.c 2015-06-30 19:26:58.000000000 +0000 +++ gnupg2-2.0.28/agent/command-ssh.c 2015-06-02 08:13:55.000000000 +0000 @@ -1,6 +1,6 @@ /* command-ssh.c - gpg-agent's ssh-agent emulation layer - * Copyright (C) 2004-2006, 2009, 2012 Free Software Foundation, Inc. - * Copyright (C) 2004-2006, 2009, 2012-2014 Werner Koch + * Copyright (C) 2004, 2005, 2006, 2009, 2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Werner Koch * * This file is part of GnuPG. * @@ -43,6 +43,7 @@ #include "agent.h" +#include "estream.h" #include "i18n.h" #include "../common/ssh-utils.h" @@ -74,7 +75,6 @@ #define SSH_DSA_SIGNATURE_ELEMS 2 #define SPEC_FLAG_USE_PKCS1V2 (1 << 0) #define SPEC_FLAG_IS_ECDSA (1 << 1) -#define SPEC_FLAG_IS_EdDSA (1 << 2) /*(lowercase 'd' on purpose.)*/ /* The name of the control file. */ #define SSH_CONTROL_FILE_NAME "sshcontrol" @@ -139,7 +139,7 @@ functions are necessary. */ typedef gpg_error_t (*ssh_signature_encoder_t) (ssh_key_type_spec_t *spec, estream_t signature_blob, - gcry_sexp_t sig); + gcry_mpi_t *mpis); /* Type, which is used for boundling all the algorithm specific information together in a single object. */ @@ -148,9 +148,6 @@ /* Algorithm identifier as used by OpenSSH. */ const char *ssh_identifier; - /* Human readable name of the algorithm. */ - const char *name; - /* Algorithm identifier as used by GnuPG. */ const char *identifier; @@ -233,17 +230,13 @@ static gpg_error_t ssh_key_modifier_rsa (const char *elems, gcry_mpi_t *mpis); static gpg_error_t ssh_signature_encoder_rsa (ssh_key_type_spec_t *spec, estream_t signature_blob, - gcry_sexp_t signature); + gcry_mpi_t *mpis); static gpg_error_t ssh_signature_encoder_dsa (ssh_key_type_spec_t *spec, estream_t signature_blob, - gcry_sexp_t signature); + gcry_mpi_t *mpis); static gpg_error_t ssh_signature_encoder_ecdsa (ssh_key_type_spec_t *spec, estream_t signature_blob, - gcry_sexp_t signature); -static gpg_error_t ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec, - estream_t signature_blob, - gcry_sexp_t signature); -static gpg_error_t ssh_key_extract_comment (gcry_sexp_t key, char **comment); + gcry_mpi_t *mpis); @@ -274,35 +267,31 @@ static ssh_key_type_spec_t ssh_key_types[] = { { - "ssh-ed25519", "Ed25519", "ecc", "qd", "q", "rs", "qd", - NULL, ssh_signature_encoder_eddsa, - "Ed25519", 0, SPEC_FLAG_IS_EdDSA - }, - { - "ssh-rsa", "RSA", "rsa", "nedupq", "en", "s", "nedpqu", + "ssh-rsa", "rsa", "nedupq", "en", "s", "nedpqu", ssh_key_modifier_rsa, ssh_signature_encoder_rsa, - NULL, 0, SPEC_FLAG_USE_PKCS1V2 + NULL, 0, SPEC_FLAG_USE_PKCS1V2 }, { - "ssh-dss", "DSA", "dsa", "pqgyx", "pqgy", "rs", "pqgyx", + "ssh-dss", "dsa", "pqgyx", "pqgy", "rs", "pqgyx", NULL, ssh_signature_encoder_dsa, NULL, 0, 0 }, { - "ecdsa-sha2-nistp256", "ECDSA", "ecdsa", "qd", "q", "rs", "qd", + "ecdsa-sha2-nistp256", "ecdsa", "qd", "q", "rs", "qd", NULL, ssh_signature_encoder_ecdsa, "nistp256", GCRY_MD_SHA256, SPEC_FLAG_IS_ECDSA }, { - "ecdsa-sha2-nistp384", "ECDSA", "ecdsa", "qd", "q", "rs", "qd", + "ecdsa-sha2-nistp384", "ecdsa", "qd", "q", "rs", "qd", NULL, ssh_signature_encoder_ecdsa, "nistp384", GCRY_MD_SHA384, SPEC_FLAG_IS_ECDSA }, { - "ecdsa-sha2-nistp521", "ECDSA", "ecdsa", "qd", "q", "rs", "qd", + "ecdsa-sha2-nistp521", "ecdsa", "qd", "q", "rs", "qd", NULL, ssh_signature_encoder_ecdsa, "nistp521", GCRY_MD_SHA512, SPEC_FLAG_IS_ECDSA } + }; @@ -348,20 +337,7 @@ return s; } -/* Lookup the ssh-identifier for the ECC curve CURVE_NAME. Returns - NULL if not found. */ -static const char * -ssh_identifier_from_curve_name (const char *curve_name) -{ - int i; - - for (i = 0; i < DIM (ssh_key_types); i++) - if (ssh_key_types[i].curve_name - && !strcmp (ssh_key_types[i].curve_name, curve_name)) - return ssh_key_types[i].ssh_identifier; - return NULL; -} /* @@ -484,34 +460,6 @@ return err; } -/* Skip over SIZE bytes from STREAM. */ -static gpg_error_t -stream_read_skip (estream_t stream, size_t size) -{ - char buffer[128]; - size_t bytes_to_read, bytes_read; - int ret; - - do - { - bytes_to_read = size; - if (bytes_to_read > sizeof buffer) - bytes_to_read = sizeof buffer; - - ret = es_read (stream, buffer, bytes_to_read, &bytes_read); - if (ret) - return gpg_error_from_syserror (); - else if (bytes_read != bytes_to_read) - return gpg_error (GPG_ERR_EOF); - else - size -= bytes_to_read; - } - while (size); - - return 0; -} - - /* Write SIZE bytes from BUFFER to STREAM. */ static gpg_error_t stream_write_data (estream_t stream, const unsigned char *buffer, size_t size) @@ -540,9 +488,6 @@ unsigned char *buffer = NULL; u32 length = 0; - if (string_size) - *string_size = 0; - /* Read string length. */ err = stream_read_uint32 (stream, &length); if (err) @@ -578,68 +523,21 @@ return err; } - -/* Read a binary string from STREAM and store it as an opaque MPI at - R_MPI. Depending on SECURE use secure memory. If the string is - too large for key material return an error. */ +/* Read a C-string from STREAM, store copy in STRING. */ static gpg_error_t -stream_read_blob (estream_t stream, unsigned int secure, gcry_mpi_t *r_mpi) +stream_read_cstring (estream_t stream, char **string) { + unsigned char *buffer; gpg_error_t err; - unsigned char *buffer = NULL; - u32 length = 0; - - *r_mpi = NULL; - - /* Read string length. */ - err = stream_read_uint32 (stream, &length); - if (err) - goto leave; - - /* To avoid excessive use of secure memory we check that an MPI is - not too large. */ - if (length > (4096/8) + 8) - { - log_error (_("ssh keys greater than %d bits are not supported\n"), 4096); - err = GPG_ERR_TOO_LARGE; - goto leave; - } - - /* Allocate space. */ - if (secure) - buffer = xtrymalloc_secure (length? length:1); - else - buffer = xtrymalloc (length?length:1); - if (!buffer) - { - err = gpg_error_from_syserror (); - goto leave; - } - /* Read data. */ - err = stream_read_data (stream, buffer, length); + err = stream_read_string (stream, 0, &buffer, NULL); if (err) - goto leave; - - *r_mpi = gcry_mpi_set_opaque (NULL, buffer, 8*length); - buffer = NULL; - - leave: - xfree (buffer); - return err; -} + goto out; + *string = (char *) buffer; -/* Read a C-string from STREAM, store copy in STRING. */ -static gpg_error_t -stream_read_cstring (estream_t stream, char **string) -{ - gpg_error_t err; - unsigned char *buffer; + out: - err = stream_read_string (stream, 0, &buffer, NULL); - if (!err) - *string = (char *)buffer; return err; } @@ -735,7 +633,6 @@ return err; } - /* Copy data from SRC to DST until EOF is reached. */ static gpg_error_t stream_copy (estream_t dst, estream_t src) @@ -854,7 +751,7 @@ err = gpg_error_from_syserror (); goto leave; } - /* FIXME: With "a+" we are not able to check whether this will + /* FIXME: With "a+" we are not able to check whether this will will be created and thus the blurb needs to be written first. */ cf->fp = fopen (cf->fname, append? "a+":"r"); if (!cf->fp && errno == ENOENT) @@ -863,7 +760,7 @@ if (!stream) { err = gpg_error_from_syserror (); - log_error (_("can't create '%s': %s\n"), + log_error (_("can't create `%s': %s\n"), cf->fname, gpg_strerror (err)); goto leave; } @@ -875,7 +772,7 @@ if (!cf->fp) { err = gpg_error_from_syserror (); - log_error (_("can't open '%s': %s\n"), + log_error (_("can't open `%s': %s\n"), cf->fname, gpg_strerror (err)); goto leave; } @@ -1031,8 +928,7 @@ assert (strlen (hexgrip) == 40 ); - if (r_disabled) - *r_disabled = 0; + *r_disabled = 0; if (r_ttl) *r_ttl = 0; if (r_confirm) @@ -1048,8 +944,7 @@ } if (!err) { - if (r_disabled) - *r_disabled = cf->item.disabled; + *r_disabled = cf->item.disabled; if (r_ttl) *r_ttl = cf->item.ttl; if (r_confirm) @@ -1066,8 +961,7 @@ general used to add a key received through the ssh-add function. We can assume that the user wants to allow ssh using this key. */ static gpg_error_t -add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec, - const char *hexgrip, const char *fmtfpr, +add_control_entry (ctrl_t ctrl, const char *hexgrip, const char *fmtfpr, int ttl, int confirm) { gpg_error_t err; @@ -1090,10 +984,9 @@ opened in append mode, we simply need to write to it. */ tp = localtime (&atime); fprintf (cf->fp, - ("# %s key added on: %04d-%02d-%02d %02d:%02d:%02d\n" - "# MD5 Fingerprint: %s\n" + ("# Key added on: %04d-%02d-%02d %02d:%02d:%02d\n" + "# Fingerprint: %s\n" "%s %d%s\n"), - spec->name, 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, tp->tm_hour, tp->tm_min, tp->tm_sec, fmtfpr, hexgrip, ttl, confirm? " confirm":""); @@ -1350,63 +1243,15 @@ /* Signature encoder function for RSA. */ static gpg_error_t ssh_signature_encoder_rsa (ssh_key_type_spec_t *spec, - estream_t signature_blob, - gcry_sexp_t s_signature) + estream_t signature_blob, gcry_mpi_t *mpis) { - gpg_error_t err = 0; - gcry_sexp_t valuelist = NULL; - gcry_sexp_t sublist = NULL; - gcry_mpi_t sig_value = NULL; - gcry_mpi_t *mpis = NULL; - const char *elems; - size_t elems_n; - int i; - unsigned char *data; size_t data_n; + gpg_error_t err; gcry_mpi_t s; - valuelist = gcry_sexp_nth (s_signature, 1); - if (!valuelist) - { - err = gpg_error (GPG_ERR_INV_SEXP); - goto out; - } - - elems = spec->elems_signature; - elems_n = strlen (elems); - - mpis = xtrycalloc (elems_n + 1, sizeof *mpis); - if (!mpis) - { - err = gpg_error_from_syserror (); - goto out; - } - - for (i = 0; i < elems_n; i++) - { - sublist = gcry_sexp_find_token (valuelist, spec->elems_signature + i, 1); - if (!sublist) - { - err = gpg_error (GPG_ERR_INV_SEXP); - break; - } - - sig_value = gcry_sexp_nth_mpi (sublist, 1, GCRYMPI_FMT_USG); - if (!sig_value) - { - err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ - break; - } - gcry_sexp_release (sublist); - sublist = NULL; - - mpis[i] = sig_value; - } - if (err) - goto out; + (void)spec; - /* RSA specific */ s = mpis[0]; err = gcry_mpi_aprint (GCRYMPI_FMT_USG, &data, &data_n, s); @@ -1417,9 +1262,7 @@ xfree (data); out: - gcry_sexp_release (valuelist); - gcry_sexp_release (sublist); - mpint_list_free (mpis); + return err; } @@ -1427,63 +1270,17 @@ /* Signature encoder function for DSA. */ static gpg_error_t ssh_signature_encoder_dsa (ssh_key_type_spec_t *spec, - estream_t signature_blob, - gcry_sexp_t s_signature) + estream_t signature_blob, gcry_mpi_t *mpis) { - gpg_error_t err = 0; - gcry_sexp_t valuelist = NULL; - gcry_sexp_t sublist = NULL; - gcry_mpi_t sig_value = NULL; - gcry_mpi_t *mpis = NULL; - const char *elems; - size_t elems_n; - int i; - unsigned char buffer[SSH_DSA_SIGNATURE_PADDING * SSH_DSA_SIGNATURE_ELEMS]; - unsigned char *data = NULL; + unsigned char *data; size_t data_n; + gpg_error_t err; + int i; - valuelist = gcry_sexp_nth (s_signature, 1); - if (!valuelist) - { - err = gpg_error (GPG_ERR_INV_SEXP); - goto out; - } - - elems = spec->elems_signature; - elems_n = strlen (elems); - - mpis = xtrycalloc (elems_n + 1, sizeof *mpis); - if (!mpis) - { - err = gpg_error_from_syserror (); - goto out; - } - - for (i = 0; i < elems_n; i++) - { - sublist = gcry_sexp_find_token (valuelist, spec->elems_signature + i, 1); - if (!sublist) - { - err = gpg_error (GPG_ERR_INV_SEXP); - break; - } - - sig_value = gcry_sexp_nth_mpi (sublist, 1, GCRYMPI_FMT_USG); - if (!sig_value) - { - err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ - break; - } - gcry_sexp_release (sublist); - sublist = NULL; - - mpis[i] = sig_value; - } - if (err) - goto out; + (void)spec; - /* DSA specific code. */ + data = NULL; /* FIXME: Why this complicated code? Why collecting boths mpis in a buffer instead of writing them out one after the other? */ @@ -1513,10 +1310,9 @@ err = stream_write_string (signature_blob, buffer, sizeof (buffer)); out: + xfree (data); - gcry_sexp_release (valuelist); - gcry_sexp_release (sublist); - mpint_list_free (mpis); + return err; } @@ -1524,62 +1320,15 @@ /* Signature encoder function for ECDSA. */ static gpg_error_t ssh_signature_encoder_ecdsa (ssh_key_type_spec_t *spec, - estream_t stream, gcry_sexp_t s_signature) + estream_t stream, gcry_mpi_t *mpis) { - gpg_error_t err = 0; - gcry_sexp_t valuelist = NULL; - gcry_sexp_t sublist = NULL; - gcry_mpi_t sig_value = NULL; - gcry_mpi_t *mpis = NULL; - const char *elems; - size_t elems_n; - int i; - unsigned char *data[2] = {NULL, NULL}; size_t data_n[2]; size_t innerlen; + gpg_error_t err; + int i; - valuelist = gcry_sexp_nth (s_signature, 1); - if (!valuelist) - { - err = gpg_error (GPG_ERR_INV_SEXP); - goto out; - } - - elems = spec->elems_signature; - elems_n = strlen (elems); - - mpis = xtrycalloc (elems_n + 1, sizeof *mpis); - if (!mpis) - { - err = gpg_error_from_syserror (); - goto out; - } - - for (i = 0; i < elems_n; i++) - { - sublist = gcry_sexp_find_token (valuelist, spec->elems_signature + i, 1); - if (!sublist) - { - err = gpg_error (GPG_ERR_INV_SEXP); - break; - } - - sig_value = gcry_sexp_nth_mpi (sublist, 1, GCRYMPI_FMT_USG); - if (!sig_value) - { - err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ - break; - } - gcry_sexp_release (sublist); - sublist = NULL; - - mpis[i] = sig_value; - } - if (err) - goto out; - - /* ECDSA specific */ + (void)spec; innerlen = 0; for (i = 0; i < DIM(data); i++) @@ -1604,212 +1353,103 @@ out: for (i = 0; i < DIM(data); i++) xfree (data[i]); - gcry_sexp_release (valuelist); - gcry_sexp_release (sublist); - mpint_list_free (mpis); return err; } -/* Signature encoder function for EdDSA. */ +/* + S-Expressions. + */ + + +/* This function constructs a new S-Expression for the key identified + by the KEY_SPEC, SECRET, CURVE_NAME, MPIS, and COMMENT, which is to + be stored at R_SEXP. Returns an error code. */ static gpg_error_t -ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec, - estream_t stream, gcry_sexp_t s_signature) +sexp_key_construct (gcry_sexp_t *r_sexp, + ssh_key_type_spec_t key_spec, int secret, + const char *curve_name, gcry_mpi_t *mpis, + const char *comment) { - gpg_error_t err = 0; - gcry_sexp_t valuelist = NULL; - gcry_sexp_t sublist = NULL; + const char *key_identifier[] = { "public-key", "private-key" }; + gpg_error_t err; + gcry_sexp_t sexp_new = NULL; + void *formatbuf = NULL; + void **arg_list = NULL; + int arg_idx; + estream_t format; const char *elems; size_t elems_n; - int i; + unsigned int i, j; - unsigned char *data[2] = {NULL, NULL}; - size_t data_n[2]; - size_t totallen = 0; + if (secret) + elems = key_spec.elems_sexp_order; + else + elems = key_spec.elems_key_public; + elems_n = strlen (elems); - valuelist = gcry_sexp_nth (s_signature, 1); - if (!valuelist) + format = es_fopenmem (0, "a+b"); + if (!format) { - err = gpg_error (GPG_ERR_INV_SEXP); + err = gpg_error_from_syserror (); goto out; } - elems = spec->elems_signature; - elems_n = strlen (elems); - - if (elems_n != DIM(data)) + /* Key identifier, algorithm identifier, mpis, comment, and a NULL + as a safeguard. */ + arg_list = xtrymalloc (sizeof (*arg_list) * (2 + 1 + elems_n + 1 + 1)); + if (!arg_list) { - err = gpg_error (GPG_ERR_INV_SEXP); + err = gpg_error_from_syserror (); goto out; } + arg_idx = 0; - for (i = 0; i < DIM(data); i++) + es_fputs ("(%s(%s", format); + arg_list[arg_idx++] = &key_identifier[secret]; + arg_list[arg_idx++] = &key_spec.identifier; + if (curve_name) { - sublist = gcry_sexp_find_token (valuelist, spec->elems_signature + i, 1); - if (!sublist) - { - err = gpg_error (GPG_ERR_INV_SEXP); - break; - } + es_fputs ("(curve%s)", format); + arg_list[arg_idx++] = &curve_name; + } - data[i] = gcry_sexp_nth_buffer (sublist, 1, &data_n[i]); - if (!data[i]) + for (i = 0; i < elems_n; i++) + { + es_fprintf (format, "(%c%%m)", elems[i]); + if (secret) { - err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ - break; + for (j = 0; j < elems_n; j++) + if (key_spec.elems_key_secret[j] == elems[i]) + break; } - totallen += data_n[i]; - gcry_sexp_release (sublist); - sublist = NULL; + else + j = i; + arg_list[arg_idx++] = &mpis[j]; } - if (err) - goto out; + es_fputs (")(comment%s))", format); + arg_list[arg_idx++] = &comment; + arg_list[arg_idx] = NULL; - err = stream_write_uint32 (stream, totallen); - if (err) - goto out; - - for (i = 0; i < DIM(data); i++) + es_putc (0, format); + if (es_ferror (format)) { - err = stream_write_data (stream, data[i], data_n[i]); - if (err) - goto out; + err = gpg_error_from_syserror (); + goto out; } - - out: - for (i = 0; i < DIM(data); i++) - xfree (data[i]); - gcry_sexp_release (valuelist); - gcry_sexp_release (sublist); - return err; -} - - -/* - S-Expressions. - */ - - -/* This function constructs a new S-Expression for the key identified - by the KEY_SPEC, SECRET, CURVE_NAME, MPIS, and COMMENT, which is to - be stored at R_SEXP. Returns an error code. */ -static gpg_error_t -sexp_key_construct (gcry_sexp_t *r_sexp, - ssh_key_type_spec_t key_spec, int secret, - const char *curve_name, gcry_mpi_t *mpis, - const char *comment) -{ - gpg_error_t err; - gcry_sexp_t sexp_new = NULL; - void *formatbuf = NULL; - void **arg_list = NULL; - estream_t format = NULL; - - - if ((key_spec.flags & SPEC_FLAG_IS_EdDSA)) + if (es_fclose_snatch (format, &formatbuf, NULL)) { - /* It is much easier and more readable to use a separate code - path for EdDSA. */ - if (!curve_name) - err = gpg_error (GPG_ERR_INV_CURVE); - else if (!mpis[0] || !gcry_mpi_get_flag (mpis[0], GCRYMPI_FLAG_OPAQUE)) - err = gpg_error (GPG_ERR_BAD_PUBKEY); - else if (secret - && (!mpis[1] - || !gcry_mpi_get_flag (mpis[1], GCRYMPI_FLAG_OPAQUE))) - err = gpg_error (GPG_ERR_BAD_SECKEY); - else if (secret) - err = gcry_sexp_build (&sexp_new, NULL, - "(private-key(ecc(curve %s)" - "(flags eddsa)(q %m)(d %m))" - "(comment%s))", - curve_name, - mpis[0], mpis[1], - comment? comment:""); - else - err = gcry_sexp_build (&sexp_new, NULL, - "(public-key(ecc(curve %s)" - "(flags eddsa)(q %m))" - "(comment%s))", - curve_name, - mpis[0], - comment? comment:""); + err = gpg_error_from_syserror (); + goto out; } - else - { - const char *key_identifier[] = { "public-key", "private-key" }; - int arg_idx; - const char *elems; - size_t elems_n; - unsigned int i, j; - - if (secret) - elems = key_spec.elems_sexp_order; - else - elems = key_spec.elems_key_public; - elems_n = strlen (elems); + format = NULL; - format = es_fopenmem (0, "a+b"); - if (!format) - { - err = gpg_error_from_syserror (); - goto out; - } - - /* Key identifier, algorithm identifier, mpis, comment, and a NULL - as a safeguard. */ - arg_list = xtrymalloc (sizeof (*arg_list) * (2 + 1 + elems_n + 1 + 1)); - if (!arg_list) - { - err = gpg_error_from_syserror (); - goto out; - } - arg_idx = 0; - - es_fputs ("(%s(%s", format); - arg_list[arg_idx++] = &key_identifier[secret]; - arg_list[arg_idx++] = &key_spec.identifier; - if (curve_name) - { - es_fputs ("(curve%s)", format); - arg_list[arg_idx++] = &curve_name; - } - - for (i = 0; i < elems_n; i++) - { - es_fprintf (format, "(%c%%m)", elems[i]); - if (secret) - { - for (j = 0; j < elems_n; j++) - if (key_spec.elems_key_secret[j] == elems[i]) - break; - } - else - j = i; - arg_list[arg_idx++] = &mpis[j]; - } - es_fputs (")(comment%s))", format); - arg_list[arg_idx++] = &comment; - arg_list[arg_idx] = NULL; - - es_putc (0, format); - if (es_ferror (format)) - { - err = gpg_error_from_syserror (); - goto out; - } - if (es_fclose_snatch (format, &formatbuf, NULL)) - { - err = gpg_error_from_syserror (); - goto out; - } - format = NULL; - - err = gcry_sexp_build_array (&sexp_new, NULL, formatbuf, arg_list); - } + err = gcry_sexp_build_array (&sexp_new, NULL, formatbuf, arg_list); + if (err) + goto out; - if (!err) - *r_sexp = sexp_new; + *r_sexp = sexp_new; + err = 0; out: es_fclose (format); @@ -1820,66 +1460,96 @@ } -/* This function extracts the key from the s-expression SEXP according - to KEY_SPEC and stores it in ssh format at (R_BLOB, R_BLOBLEN). If - WITH_SECRET is true, the secret key parts are also extracted if - possible. Returns 0 on success or an error code. Note that data - stored at R_BLOB must be freed using es_free! */ -static gpg_error_t -ssh_key_to_blob (gcry_sexp_t sexp, int with_secret, - ssh_key_type_spec_t key_spec, - void **r_blob, size_t *r_blob_size) +/* This functions breaks up the key contained in the S-Expression SEXP + according to KEY_SPEC. The MPIs are bundled in a newly create + list, which is to be stored in MPIS; a newly allocated string + holding the curve name may be stored at RCURVE, and a comment will + be stored at COMMENT; SECRET will be filled with a boolean flag + specifying what kind of key it is. Returns an error code. */ +static gpg_error_t +sexp_key_extract (gcry_sexp_t sexp, + ssh_key_type_spec_t key_spec, int *secret, + gcry_mpi_t **mpis, char **r_curve, char **comment) { gpg_error_t err = 0; gcry_sexp_t value_list = NULL; gcry_sexp_t value_pair = NULL; - char *curve_name = NULL; - estream_t stream = NULL; - void *blob = NULL; - size_t blob_size; - const char *elems, *p_elems; + gcry_sexp_t comment_list = NULL; + unsigned int i; + char *comment_new = NULL; const char *data; - size_t datalen; - - *r_blob = NULL; - *r_blob_size = 0; + size_t data_n; + int is_secret; + size_t elems_n; + const char *elems; + gcry_mpi_t *mpis_new = NULL; + gcry_mpi_t mpi; + char *curve_name = NULL; - stream = es_fopenmem (0, "r+b"); - if (!stream) + data = gcry_sexp_nth_data (sexp, 0, &data_n); + if (! data) { - err = gpg_error_from_syserror (); + err = gpg_error (GPG_ERR_INV_SEXP); goto out; } - /* Get the type of the key extpression. */ - data = gcry_sexp_nth_data (sexp, 0, &datalen); - if (!data) + if ((data_n == 10 && !strncmp (data, "public-key", 10)) + || (data_n == 21 && !strncmp (data, "protected-private-key", 21)) + || (data_n == 20 && !strncmp (data, "shadowed-private-key", 20))) + { + is_secret = 0; + elems = key_spec.elems_key_public; + } + else if (data_n == 11 && !strncmp (data, "private-key", 11)) + { + is_secret = 1; + elems = key_spec.elems_key_secret; + } + else { err = gpg_error (GPG_ERR_INV_SEXP); goto out; } - if ((datalen == 10 && !strncmp (data, "public-key", 10)) - || (datalen == 21 && !strncmp (data, "protected-private-key", 21)) - || (datalen == 20 && !strncmp (data, "shadowed-private-key", 20))) - elems = key_spec.elems_key_public; - else if (datalen == 11 && !strncmp (data, "private-key", 11)) - elems = with_secret? key_spec.elems_key_secret : key_spec.elems_key_public; - else + elems_n = strlen (elems); + mpis_new = xtrycalloc (elems_n + 1, sizeof *mpis_new ); + if (!mpis_new) { - err = gpg_error (GPG_ERR_INV_SEXP); + err = gpg_error_from_syserror (); goto out; } - /* Get the algorithm identifier. */ value_list = gcry_sexp_find_token (sexp, key_spec.identifier, 0); - if (!value_list) + if (! value_list) { err = gpg_error (GPG_ERR_INV_SEXP); goto out; } - /* Write the ssh algorithm identifier. */ + for (i = 0; i < elems_n; i++) + { + value_pair = gcry_sexp_find_token (value_list, elems + i, 1); + if (! value_pair) + { + err = gpg_error (GPG_ERR_INV_SEXP); + break; + } + + /* Note that we need to use STD format; i.e. prepend a 0x00 to + indicate a positive number if the high bit is set. */ + mpi = gcry_sexp_nth_mpi (value_pair, 1, GCRYMPI_FMT_STD); + if (! mpi) + { + err = gpg_error (GPG_ERR_INV_SEXP); + break; + } + mpis_new[i] = mpi; + gcry_sexp_release (value_pair); + value_pair = NULL; + } + if (err) + goto out; + if ((key_spec.flags & SPEC_FLAG_IS_ECDSA)) { /* Parse the "curve" parameter. We currently expect the curve @@ -1887,9 +1557,7 @@ easily be changed but then we need to find the curve name from the parameters using gcry_pk_get_curve. */ const char *mapped; - const char *sshname; - gcry_sexp_release (value_pair); value_pair = gcry_sexp_find_token (value_list, "curve", 5); if (!value_pair) { @@ -1923,87 +1591,48 @@ goto out; } } - - sshname = ssh_identifier_from_curve_name (curve_name); - if (!sshname) - { - err = gpg_error (GPG_ERR_UNKNOWN_CURVE); - goto out; - } - err = stream_write_cstring (stream, sshname); - if (err) - goto out; - err = stream_write_cstring (stream, curve_name); - if (err) - goto out; - } - else - { - /* Note: This is also used for EdDSA. */ - err = stream_write_cstring (stream, key_spec.ssh_identifier); - if (err) - goto out; - } - - /* Write the parameters. */ - for (p_elems = elems; *p_elems; p_elems++) - { gcry_sexp_release (value_pair); - value_pair = gcry_sexp_find_token (value_list, p_elems, 1); - if (!value_pair) - { - err = gpg_error (GPG_ERR_INV_SEXP); - goto out; - } - if ((key_spec.flags & SPEC_FLAG_IS_EdDSA)) - { + value_pair = NULL; + } - data = gcry_sexp_nth_data (value_pair, 1, &datalen); - if (!data) - { - err = gpg_error (GPG_ERR_INV_SEXP); - goto out; - } - err = stream_write_string (stream, data, datalen); - if (err) - goto out; - } - else - { - gcry_mpi_t mpi; + /* We do not require a comment sublist to be present here. */ + data = NULL; + data_n = 0; - /* Note that we need to use STD format; i.e. prepend a 0x00 - to indicate a positive number if the high bit is set. */ - mpi = gcry_sexp_nth_mpi (value_pair, 1, GCRYMPI_FMT_STD); - if (!mpi) - { - err = gpg_error (GPG_ERR_INV_SEXP); - goto out; - } - err = stream_write_mpi (stream, mpi); - gcry_mpi_release (mpi); - if (err) - goto out; - } + comment_list = gcry_sexp_find_token (sexp, "comment", 0); + if (comment_list) + data = gcry_sexp_nth_data (comment_list, 1, &data_n); + if (! data) + { + data = "(none)"; + data_n = 6; } - if (es_fclose_snatch (stream, &blob, &blob_size)) + comment_new = make_cstring (data, data_n); + if (! comment_new) { err = gpg_error_from_syserror (); goto out; } - stream = NULL; - *r_blob = blob; - blob = NULL; - *r_blob_size = blob_size; + if (secret) + *secret = is_secret; + *mpis = mpis_new; + *comment = comment_new; + *r_curve = curve_name; out: + gcry_sexp_release (value_list); gcry_sexp_release (value_pair); - xfree (curve_name); - es_fclose (stream); - es_free (blob); + gcry_sexp_release (comment_list); + + if (err) + { + xfree (curve_name); + xfree (comment_new); + mpint_list_free (mpis_new); + } return err; } @@ -2071,11 +1700,6 @@ gpg_error_t err; unsigned int i; - /* FIXME: Although this sees to work, it not be correct if the - lookup is done via name which might be "ecc" but actually it need - to check the flags to see whether it is eddsa or ecdsa. Maybe - the entire parameter controlled logic is too complicated and we - would do better by just switching on the ssh_name. */ for (i = 0; i < DIM (ssh_key_types); i++) if ((ssh_name && (! strcmp (ssh_name, ssh_key_types[i].ssh_identifier))) || (name && (! strcmp (name, ssh_key_types[i].identifier)))) @@ -2093,6 +1717,23 @@ } +/* Lookup the ssh-identifier for the ECC curve CURVE_NAME. Returns + NULL if not found. */ +static const char * +ssh_identifier_from_curve_name (const char *curve_name) +{ + int i; + + for (i = 0; i < DIM (ssh_key_types); i++) + if (ssh_key_types[i].curve_name + && !strcmp (ssh_key_types[i].curve_name, curve_name)) + return ssh_key_types[i].ssh_identifier; + + return NULL; +} + + + /* Receive a key from STREAM, according to the key specification given as KEY_SPEC. Depending on SECRET, receive a secret or a public key. If READ_COMMENT is true, receive a comment string as well. @@ -2112,6 +1753,7 @@ char *curve_name = NULL; + err = stream_read_cstring (stream, &key_type); if (err) goto out; @@ -2120,65 +1762,7 @@ if (err) goto out; - if ((spec.flags & SPEC_FLAG_IS_EdDSA)) - { - /* The format of an EdDSA key is: - * string key_type ("ssh-ed25519") - * string public_key - * string private_key - * - * Note that the private key is the concatenation of the private - * key with the public key. Thus theres are 64 bytes; however - * we only want the real 32 byte private key - Libgcrypt expects - * this. - */ - mpi_list = xtrycalloc (3, sizeof *mpi_list); - if (!mpi_list) - { - err = gpg_error_from_syserror (); - goto out; - } - - err = stream_read_blob (stream, 0, &mpi_list[0]); - if (err) - goto out; - if (secret) - { - u32 len = 0; - unsigned char *buffer; - - /* Read string length. */ - err = stream_read_uint32 (stream, &len); - if (err) - goto out; - if (len != 32 && len != 64) - { - err = gpg_error (GPG_ERR_BAD_SECKEY); - goto out; - } - buffer = xtrymalloc_secure (32); - if (!buffer) - { - err = gpg_error_from_syserror (); - goto out; - } - err = stream_read_data (stream, buffer, 32); - if (err) - { - xfree (buffer); - goto out; - } - mpi_list[1] = gcry_mpi_set_opaque (NULL, buffer, 8*32); - buffer = NULL; - if (len == 64) - { - err = stream_read_skip (stream, 32); - if (err) - goto out; - } - } - } - else if ((spec.flags & SPEC_FLAG_IS_ECDSA)) + if ((spec.flags & SPEC_FLAG_IS_ECDSA)) { /* The format of an ECDSA key is: * string key_type ("ecdsa-sha2-nistp256" | @@ -2220,95 +1804,157 @@ goto out; } } + } + + err = ssh_receive_mpint_list (stream, secret, spec, &mpi_list); + if (err) + goto out; + + if (read_comment) + { + err = stream_read_cstring (stream, &comment); + if (err) + goto out; + } + + if (secret) + elems = spec.elems_key_secret; + else + elems = spec.elems_key_public; + + if (spec.key_modifier) + { + err = (*spec.key_modifier) (elems, mpi_list); + if (err) + goto out; + } + + err = sexp_key_construct (&key, spec, secret, curve_name, mpi_list, + comment? comment:""); + if (err) + goto out; - err = ssh_receive_mpint_list (stream, secret, spec, &mpi_list); + if (key_spec) + *key_spec = spec; + *key_new = key; + + out: + mpint_list_free (mpi_list); + xfree (curve_name); + xfree (key_type); + xfree (comment); + + return err; +} + +/* Converts a key of type TYPE, whose key material is given in MPIS, + into a newly created binary blob, which is to be stored in + BLOB/BLOB_SIZE. Returns zero on success or an error code. */ +static gpg_error_t +ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size, + ssh_key_type_spec_t *spec, + const char *curve_name, gcry_mpi_t *mpis) +{ + unsigned char *blob_new; + long int blob_size_new; + estream_t stream; + gpg_error_t err; + unsigned int i; + + *blob = NULL; + *blob_size = 0; + + blob_new = NULL; + stream = NULL; + err = 0; + + stream = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+"); + if (! stream) + { + err = gpg_error_from_syserror (); + goto out; + } + + if ((spec->flags & SPEC_FLAG_IS_ECDSA) && curve_name) + { + const char *sshname = ssh_identifier_from_curve_name (curve_name); + if (!curve_name) + { + err = gpg_error (GPG_ERR_UNKNOWN_CURVE); + goto out; + } + err = stream_write_cstring (stream, sshname); + if (err) + goto out; + err = stream_write_cstring (stream, curve_name); if (err) goto out; } else { - err = ssh_receive_mpint_list (stream, secret, spec, &mpi_list); + err = stream_write_cstring (stream, spec->ssh_identifier); if (err) goto out; } - if (read_comment) + for (i = 0; mpis[i]; i++) + if ((err = stream_write_mpi (stream, mpis[i]))) + goto out; + + blob_size_new = es_ftell (stream); + if (blob_size_new == -1) { - err = stream_read_cstring (stream, &comment); - if (err) - goto out; + err = gpg_error_from_syserror (); + goto out; } - if (secret) - elems = spec.elems_key_secret; - else - elems = spec.elems_key_public; + err = es_fseek (stream, 0, SEEK_SET); + if (err) + goto out; - if (spec.key_modifier) + blob_new = xtrymalloc (blob_size_new); + if (! blob_new) { - err = (*spec.key_modifier) (elems, mpi_list); - if (err) - goto out; + err = gpg_error_from_syserror (); + goto out; } - if ((spec.flags & SPEC_FLAG_IS_EdDSA)) - { - if (secret) - { - err = gcry_sexp_build (&key, NULL, - "(private-key(ecc(curve \"Ed25519\")" - "(flags eddsa)(q %m)(d %m))" - "(comment%s))", - mpi_list[0], mpi_list[1], - comment? comment:""); - } - else - { - err = gcry_sexp_build (&key, NULL, - "(public-key(ecc(curve \"Ed25519\")" - "(flags eddsa)(q %m))" - "(comment%s))", - mpi_list[0], - comment? comment:""); - } - } - else - { - err = sexp_key_construct (&key, spec, secret, curve_name, mpi_list, - comment? comment:""); - if (err) - goto out; - } + err = stream_read_data (stream, blob_new, blob_size_new); + if (err) + goto out; - if (key_spec) - *key_spec = spec; - *key_new = key; + *blob = blob_new; + *blob_size = blob_size_new; out: - mpint_list_free (mpi_list); - xfree (curve_name); - xfree (key_type); - xfree (comment); + + if (stream) + es_fclose (stream); + if (err) + xfree (blob_new); return err; } -/* Write the public key from KEY to STREAM in SSH key format. If +/* Write the public key KEY_PUBLIC to STREAM in SSH key format. If OVERRIDE_COMMENT is not NULL, it will be used instead of the comment stored in the key. */ static gpg_error_t -ssh_send_key_public (estream_t stream, gcry_sexp_t key, +ssh_send_key_public (estream_t stream, + gcry_sexp_t key_public, const char *override_comment) { ssh_key_type_spec_t spec; + gcry_mpi_t *mpi_list = NULL; char *key_type = NULL; + char *curve; char *comment = NULL; - void *blob = NULL; - size_t bloblen; + unsigned char *blob = NULL; + size_t blob_n; gpg_error_t err; - err = sexp_extract_identifier (key, &key_type); + err = sexp_extract_identifier (key_public, &key_type); if (err) goto out; @@ -2316,36 +1962,32 @@ if (err) goto out; - err = ssh_key_to_blob (key, 0, spec, &blob, &bloblen); + err = sexp_key_extract (key_public, spec, NULL, &mpi_list, &curve, &comment); if (err) goto out; - err = stream_write_string (stream, blob, bloblen); + err = ssh_convert_key_to_blob (&blob, &blob_n, &spec, curve, mpi_list); if (err) goto out; - if (override_comment) - err = stream_write_cstring (stream, override_comment); - else - { - err = ssh_key_extract_comment (key, &comment); - if (err) - err = stream_write_cstring (stream, "(none)"); - else - err = stream_write_cstring (stream, comment); - } + err = stream_write_string (stream, blob, blob_n); if (err) goto out; + err = stream_write_cstring (stream, + override_comment? override_comment : comment); + out: - xfree (key_type); + + mpint_list_free (mpi_list); + xfree (curve); xfree (comment); - es_free (blob); + xfree (key_type); + xfree (blob); return err; } - /* Read a public key out of BLOB/BLOB_SIZE according to the key specification given as KEY_SPEC, storing the new key in KEY_PUBLIC. Returns zero on success or an error code. */ @@ -2354,11 +1996,13 @@ gcry_sexp_t *key_public, ssh_key_type_spec_t *key_spec) { - gpg_error_t err; estream_t blob_stream; + gpg_error_t err; + + err = 0; - blob_stream = es_fopenmem (0, "r+b"); - if (!blob_stream) + blob_stream = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+"); + if (! blob_stream) { err = gpg_error_from_syserror (); goto out; @@ -2375,7 +2019,10 @@ err = ssh_receive_key (blob_stream, key_public, 0, 0, key_spec); out: - es_fclose (blob_stream); + + if (blob_stream) + es_fclose (blob_stream); + return err; } @@ -2397,6 +2044,39 @@ } +/* Converts the secret key KEY_SECRET into a public key, storing it in + KEY_PUBLIC. SPEC is the according key specification. Returns zero + on success or an error code. */ +static gpg_error_t +key_secret_to_public (gcry_sexp_t *key_public, + ssh_key_type_spec_t spec, gcry_sexp_t key_secret) +{ + char *curve; + char *comment; + gcry_mpi_t *mpis; + gpg_error_t err; + int is_secret; + + comment = NULL; + mpis = NULL; + + err = sexp_key_extract (key_secret, spec, &is_secret, &mpis, + &curve, &comment); + if (err) + goto out; + + err = sexp_key_construct (key_public, spec, 0, curve, mpis, comment); + + out: + + mpint_list_free (mpis); + xfree (comment); + xfree (curve); + + return err; +} + + /* Check whether a smartcard is available and whether it has a usable key. Store a copy of that key at R_PK and return 0. If no key is available store NULL at R_PK and return an error code. If CARDSN @@ -2436,7 +2116,7 @@ } if (err) { - log_error (_("no authentication key for ssh on card: %s\n"), + log_error (_("error getting default authentication keyID of card: %s\n"), gpg_strerror (err)); xfree (serialno); return err; @@ -2600,7 +2280,7 @@ key_counter = 0; err = 0; - key_blobs = es_fopenmem (0, "r+b"); + key_blobs = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+b"); if (! key_blobs) { err = gpg_error_from_syserror (); @@ -2695,12 +2375,20 @@ goto out; } - err = ssh_send_key_public (key_blobs, key_secret, NULL); + err = key_secret_to_public (&key_public, spec, key_secret); if (err) goto out; + gcry_sexp_release (key_secret); key_secret = NULL; + err = ssh_send_key_public (key_blobs, key_public, NULL); + if (err) + goto out; + + gcry_sexp_release (key_public); + key_public = NULL; + key_counter++; } err = 0; @@ -2752,27 +2440,30 @@ return 0; } - -/* This function signs the data described by CTRL. If HASH is is not - NULL, (HASH,HASHLEN) overrides the hash stored in CTRL. This is to - allow the use of signature algorithms that implement the hashing - internally (e.g. Ed25519). On success the created signature is - stored in ssh format at R_SIG and it's size at R_SIGLEN; the caller - must use es_free to releaase this memory. */ +/* This function signs the data contained in CTRL, stores the created + signature in newly allocated memory in SIG and it's size in SIG_N; + SIG_ENCODER is the signature encoder to use. */ static gpg_error_t data_sign (ctrl_t ctrl, ssh_key_type_spec_t *spec, - const void *hash, size_t hashlen, - unsigned char **r_sig, size_t *r_siglen) + unsigned char **sig, size_t *sig_n) { gpg_error_t err; gcry_sexp_t signature_sexp = NULL; estream_t stream = NULL; - void *blob = NULL; - size_t bloblen; + gcry_sexp_t valuelist = NULL; + gcry_sexp_t sublist = NULL; + gcry_mpi_t sig_value = NULL; + unsigned char *sig_blob = NULL; + size_t sig_blob_n = 0; + int ret; + unsigned int i; + const char *elems; + size_t elems_n; + gcry_mpi_t *mpis = NULL; char hexgrip[40+1]; - *r_sig = NULL; - *r_siglen = 0; + *sig = NULL; + *sig_n = 0; /* Quick check to see whether we have a valid keygrip and convert it to hex. */ @@ -2804,14 +2495,14 @@ gcry_sexp_release (key); if (err) goto out; - prompt = xtryasprintf (L_("An ssh process requested the use of key%%0A" - " %s%%0A" - " (%s)%%0A" - "Do you want to allow this?"), + prompt = xtryasprintf (_("An ssh process requested the use of key%%0A" + " %s%%0A" + " (%s)%%0A" + "Do you want to allow this?"), fpr, comment? comment:""); xfree (fpr); gcry_free (comment); - err = agent_get_confirmation (ctrl, prompt, L_("Allow"), L_("Deny"), 0); + err = agent_get_confirmation (ctrl, prompt, _("Allow"), _("Deny"), 0); xfree (prompt); if (err) goto out; @@ -2819,18 +2510,24 @@ /* Create signature. */ ctrl->use_auth_call = 1; - err = agent_pksign_do (ctrl, NULL, - L_("Please enter the passphrase " - "for the ssh key%%0A %F%%0A (%c)"), + err = agent_pksign_do (ctrl, + _("Please enter the passphrase " + "for the ssh key%%0A %F%%0A (%c)"), &signature_sexp, - CACHE_MODE_SSH, ttl_from_sshcontrol, - hash, hashlen); + CACHE_MODE_SSH, ttl_from_sshcontrol); ctrl->use_auth_call = 0; if (err) goto out; - stream = es_fopenmem (0, "r+b"); - if (!stream) + valuelist = gcry_sexp_nth (signature_sexp, 1); + if (! valuelist) + { + err = gpg_error (GPG_ERR_INV_SEXP); + goto out; + } + + stream = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+"); + if (! stream) { err = gpg_error_from_syserror (); goto out; @@ -2840,40 +2537,99 @@ if (err) goto out; - err = spec->signature_encoder (spec, stream, signature_sexp); + elems = spec->elems_signature; + elems_n = strlen (elems); + + mpis = xtrycalloc (elems_n + 1, sizeof *mpis); + if (!mpis) + { + err = gpg_error_from_syserror (); + goto out; + } + + for (i = 0; i < elems_n; i++) + { + sublist = gcry_sexp_find_token (valuelist, spec->elems_signature + i, 1); + if (! sublist) + { + err = gpg_error (GPG_ERR_INV_SEXP); + break; + } + + sig_value = gcry_sexp_nth_mpi (sublist, 1, GCRYMPI_FMT_USG); + if (! sig_value) + { + err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ + break; + } + gcry_sexp_release (sublist); + sublist = NULL; + + mpis[i] = sig_value; + } + if (err) + goto out; + + err = spec->signature_encoder (spec, stream, mpis); if (err) goto out; - err = es_fclose_snatch (stream, &blob, &bloblen); + sig_blob_n = es_ftell (stream); + if (sig_blob_n == -1) + { + err = gpg_error_from_syserror (); + goto out; + } + + sig_blob = xtrymalloc (sig_blob_n); + if (! sig_blob) + { + err = gpg_error_from_syserror (); + goto out; + } + + ret = es_fseek (stream, 0, SEEK_SET); + if (ret) + { + err = gpg_error_from_syserror (); + goto out; + } + + err = stream_read_data (stream, sig_blob, sig_blob_n); if (err) goto out; - stream = NULL; - *r_sig = blob; blob = NULL; - *r_siglen = bloblen; + *sig = sig_blob; + *sig_n = sig_blob_n; out: - xfree (blob); - es_fclose (stream); + + if (err) + xfree (sig_blob); + + if (stream) + es_fclose (stream); + gcry_sexp_release (valuelist); gcry_sexp_release (signature_sexp); + gcry_sexp_release (sublist); + mpint_list_free (mpis); return err; } - /* Handler for the "sign_request" command. */ static gpg_error_t ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response) { - gcry_sexp_t key = NULL; + gcry_sexp_t key; ssh_key_type_spec_t spec; unsigned char hash[MAX_DIGEST_LEN]; unsigned int hash_n; unsigned char key_grip[20]; - unsigned char *key_blob = NULL; + unsigned char *key_blob; u32 key_blob_size; - unsigned char *data = NULL; - unsigned char *sig = NULL; + unsigned char *data; + unsigned char *sig; size_t sig_n; u32 data_size; u32 flags; @@ -2881,6 +2637,11 @@ gpg_error_t ret_err; int hash_algo; + key_blob = NULL; + data = NULL; + sig = NULL; + key = NULL; + /* Receive key. */ err = stream_read_string (request, 0, &key_blob, &key_blob_size); @@ -2904,48 +2665,42 @@ hash_algo = spec.hash_algo; if (!hash_algo) hash_algo = GCRY_MD_SHA1; /* Use the default. */ - ctrl->digest.algo = hash_algo; - if ((spec.flags & SPEC_FLAG_USE_PKCS1V2)) - ctrl->digest.raw_value = 0; - else - ctrl->digest.raw_value = 1; + + /* Hash data. */ + hash_n = gcry_md_get_algo_dlen (hash_algo); + if (! hash_n) + { + err = gpg_error (GPG_ERR_INTERNAL); + goto out; + } + err = data_hash (data, data_size, hash_algo, hash); + if (err) + goto out; /* Calculate key grip. */ err = ssh_key_grip (key, key_grip); if (err) goto out; - ctrl->have_keygrip = 1; - memcpy (ctrl->keygrip, key_grip, 20); - - /* Hash data unless we use EdDSA. */ - if ((spec.flags & SPEC_FLAG_IS_EdDSA)) - { - ctrl->digest.valuelen = 0; - } - else - { - hash_n = gcry_md_get_algo_dlen (hash_algo); - if (!hash_n) - { - err = gpg_error (GPG_ERR_INTERNAL); - goto out; - } - err = data_hash (data, data_size, hash_algo, hash); - if (err) - goto out; - memcpy (ctrl->digest.value, hash, hash_n); - ctrl->digest.valuelen = hash_n; - } /* Sign data. */ - if ((spec.flags & SPEC_FLAG_IS_EdDSA)) - err = data_sign (ctrl, &spec, data, data_size, &sig, &sig_n); + + ctrl->digest.algo = hash_algo; + memcpy (ctrl->digest.value, hash, hash_n); + ctrl->digest.valuelen = hash_n; + if ((spec.flags & SPEC_FLAG_USE_PKCS1V2)) + ctrl->digest.raw_value = 0; else - err = data_sign (ctrl, &spec, NULL, 0, &sig, &sig_n); + ctrl->digest.raw_value = 1; + ctrl->have_keygrip = 1; + memcpy (ctrl->keygrip, key_grip, 20); + + err = data_sign (ctrl, &spec, &sig, &sig_n); out: + /* Done. */ - if (!err) + + if (! err) { ret_err = stream_write_byte (response, SSH_RESPONSE_SIGN_RESPONSE); if (ret_err) @@ -2956,8 +2711,6 @@ } else { - log_error ("ssh sign request failed: %s <%s>\n", - gpg_strerror (err), gpg_strsource (err)); ret_err = stream_write_byte (response, SSH_RESPONSE_FAILURE); if (ret_err) goto leave; @@ -2968,35 +2721,54 @@ gcry_sexp_release (key); xfree (key_blob); xfree (data); - es_free (sig); + xfree (sig); return ret_err; } - /* This function extracts the comment contained in the key - s-expression KEY and stores a copy in COMMENT. Returns usual error + S-Expression KEY and stores a copy in COMMENT. Returns usual error code. */ static gpg_error_t -ssh_key_extract_comment (gcry_sexp_t key, char **r_comment) +ssh_key_extract_comment (gcry_sexp_t key, char **comment) { gcry_sexp_t comment_list; - - *r_comment = NULL; + char *comment_new; + const char *data; + size_t data_n; + gpg_error_t err; comment_list = gcry_sexp_find_token (key, "comment", 0); - if (!comment_list) - return gpg_error (GPG_ERR_INV_SEXP); + if (! comment_list) + { + err = gpg_error (GPG_ERR_INV_SEXP); + goto out; + } + + data = gcry_sexp_nth_data (comment_list, 1, &data_n); + if (! data) + { + err = gpg_error (GPG_ERR_INV_SEXP); + goto out; + } + + comment_new = make_cstring (data, data_n); + if (! comment_new) + { + err = gpg_error_from_syserror (); + goto out; + } + + *comment = comment_new; + err = 0; + + out: - *r_comment = gcry_sexp_nth_string (comment_list, 1); gcry_sexp_release (comment_list); - if (!*r_comment) - return gpg_error (GPG_ERR_INV_SEXP); - return 0; + return err; } - /* This function converts the key contained in the S-Expression KEY into a buffer, which is protected by the passphrase PASSPHRASE. Returns usual error code. */ @@ -3020,7 +2792,7 @@ gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n); /* FIXME: guarantee? */ - err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0); + err = agent_protect (buffer_new, passphrase, buffer, buffer_n); out: @@ -3050,8 +2822,7 @@ our key storage, don't do anything. When entering a new key also add an entry to the sshcontrol file. */ static gpg_error_t -ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec, - gcry_sexp_t key, int ttl, int confirm) +ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm) { gpg_error_t err; unsigned char key_grip_raw[20]; @@ -3059,10 +2830,11 @@ unsigned char *buffer = NULL; size_t buffer_n; char *description = NULL; - const char *description2 = L_("Please re-enter this passphrase"); + const char *description2 = _("Please re-enter this passphrase"); char *comment = NULL; char *key_fpr = NULL; const char *initial_errtext = NULL; + unsigned int i; struct pin_entry_info_s *pi = NULL, *pi2; err = ssh_key_grip (key, key_grip_raw); @@ -3083,11 +2855,11 @@ goto out; if ( asprintf (&description, - L_("Please enter a passphrase to protect" - " the received secret key%%0A" - " %s%%0A" - " %s%%0A" - "within gpg-agent's key storage"), + _("Please enter a passphrase to protect" + " the received secret key%%0A" + " %s%%0A" + " %s%%0A" + "within gpg-agent's key storage"), key_fpr, comment ? comment : "") < 0) { err = gpg_error_from_syserror (); @@ -3103,7 +2875,6 @@ pi2 = pi + (sizeof *pi + 100 + 1); pi->max_length = 100; pi->max_tries = 1; - pi->with_repeat = 1; pi2->max_length = 100; pi2->max_tries = 1; pi2->check_cb = reenter_compare_cb; @@ -3115,15 +2886,14 @@ if (err) goto out; - /* Unless the passphrase is empty or the pinentry told us that - it already did the repetition check, ask to confirm it. */ - if (*pi->pin && !pi->repeat_okay) + /* Unless the passphrase is empty, ask to confirm it. */ + if (pi->pin && *pi->pin) { err = agent_askpin (ctrl, description2, NULL, NULL, pi2, NULL, 0); if (err == -1) { /* The re-entered one did not match and the user did not hit cancel. */ - initial_errtext = L_("does not match - try again"); + initial_errtext = _("does not match - try again"); goto next_try; } } @@ -3138,13 +2908,15 @@ goto out; /* Cache this passphrase. */ - bin2hex (key_grip_raw, 20, key_grip); + for (i = 0; i < 20; i++) + sprintf (key_grip + 2 * i, "%02X", key_grip_raw[i]); + err = agent_put_cache (key_grip, CACHE_MODE_SSH, pi->pin, ttl); if (err) goto out; /* And add an entry to the sshcontrol file. */ - err = add_control_entry (ctrl, spec, key_grip, key_fpr, ttl, confirm); + err = add_control_entry (ctrl, key_grip, key_fpr, ttl, confirm); out: @@ -3188,7 +2960,6 @@ ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response) { gpg_error_t ret_err; - ssh_key_type_spec_t spec; gpg_error_t err; gcry_sexp_t key; unsigned char b; @@ -3200,7 +2971,7 @@ ttl = 0; /* FIXME? */ - err = ssh_receive_key (request, &key, 1, 1, &spec); + err = ssh_receive_key (request, &key, 1, 1, NULL); if (err) goto out; @@ -3239,7 +3010,7 @@ if (err) goto out; - err = ssh_identity_register (ctrl, &spec, key, ttl, confirm); + err = ssh_identity_register (ctrl, key, ttl, confirm); out: @@ -3427,16 +3198,21 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock) { ssh_request_spec_t *spec; - estream_t response = NULL; - estream_t request = NULL; + estream_t response; + estream_t request; unsigned char request_type; gpg_error_t err; - int send_err = 0; + int send_err; int ret; - unsigned char *request_data = NULL; + unsigned char *request_data; u32 request_data_size; u32 response_size; + request_data = NULL; + response = NULL; + request = NULL; + send_err = 0; + /* Create memory streams for request/response data. The entire request will be stored in secure memory, since it might contain secret key material. The response does not have to be stored in @@ -3475,9 +3251,9 @@ } if (spec->secret_input) - request = es_mopen (NULL, 0, 0, 1, realloc_secure, gcry_free, "r+b"); + request = es_mopen (NULL, 0, 0, 1, realloc_secure, gcry_free, "r+"); else - request = es_mopen (NULL, 0, 0, 1, gcry_realloc, gcry_free, "r+b"); + request = es_mopen (NULL, 0, 0, 1, gcry_realloc, gcry_free, "r+"); if (! request) { err = gpg_error_from_syserror (); @@ -3494,7 +3270,7 @@ goto out; es_rewind (request); - response = es_fopenmem (0, "r+b"); + response = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+"); if (! response) { err = gpg_error_from_syserror (); @@ -3570,14 +3346,48 @@ leave: - es_fclose (request); - es_fclose (response); - xfree (request_data); + if (request) + es_fclose (request); + if (response) + es_fclose (response); + xfree (request_data); /* FIXME? */ return !!err; } +/* Because the ssh protocol does not send us information about the the + current TTY setting, we use this function to use those from startup + or those explictly set. */ +static gpg_error_t +setup_ssh_env (ctrl_t ctrl) +{ + static const char *names[] = + {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL}; + gpg_error_t err = 0; + int idx; + const char *value; + + for (idx=0; !err && names[idx]; idx++) + if ((value = session_env_getenv (opt.startup_env, names[idx]))) + err = session_env_setenv (ctrl->session_env, names[idx], value); + + if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype) + if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype))) + err = gpg_error_from_syserror (); + + if (!err && !ctrl->lc_messages && opt.startup_lc_messages) + if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages))) + err = gpg_error_from_syserror (); + + if (err) + log_error ("error setting default session environment: %s\n", + gpg_strerror (err)); + + return err; +} + + /* Start serving client on SOCK_CLIENT. */ void start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) @@ -3586,7 +3396,7 @@ gpg_error_t err; int ret; - err = agent_copy_startup_env (ctrl); + err = setup_ssh_env (ctrl); if (err) goto out; @@ -3649,7 +3459,7 @@ u32 msglen; estream_t request_stream, response_stream; - if (agent_copy_startup_env (ctrl)) + if (setup_ssh_env (ctrl)) goto leave; /* Error setting up the environment. */ if (maxreqlen < 5) diff -Nru gnupg2-2.1.6/agent/cvt-openpgp.c gnupg2-2.0.28/agent/cvt-openpgp.c --- gnupg2-2.1.6/agent/cvt-openpgp.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/cvt-openpgp.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,1489 +0,0 @@ -/* cvt-openpgp.c - Convert an OpenPGP key to our internal format. - * Copyright (C) 1998-2002, 2006, 2009, 2010 Free Software Foundation, Inc. - * Copyright (C) 2013, 2014 Werner Koch - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include -#include -#include -#include -#include - -#include "agent.h" -#include "i18n.h" -#include "cvt-openpgp.h" -#include "host2net.h" - - -/* Helper to pass data via the callback to do_unprotect. */ -struct try_do_unprotect_arg_s -{ - int is_v4; - int is_protected; - int pubkey_algo; - const char *curve; - int protect_algo; - char *iv; - int ivlen; - int s2k_mode; - int s2k_algo; - byte *s2k_salt; - u32 s2k_count; - u16 desired_csum; - gcry_mpi_t *skey; - size_t skeysize; - int skeyidx; - gcry_sexp_t *r_key; -}; - - - -/* Compute the keygrip from the public key and store it at GRIP. */ -static gpg_error_t -get_keygrip (int pubkey_algo, const char *curve, gcry_mpi_t *pkey, - unsigned char *grip) -{ - gpg_error_t err; - gcry_sexp_t s_pkey = NULL; - - switch (pubkey_algo) - { - case GCRY_PK_DSA: - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", - pkey[0], pkey[1], pkey[2], pkey[3]); - break; - - case GCRY_PK_ELG: - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(elg(p%m)(g%m)(y%m)))", - pkey[0], pkey[1], pkey[2]); - break; - - case GCRY_PK_RSA: - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(rsa(n%m)(e%m)))", pkey[0], pkey[1]); - break; - - case GCRY_PK_ECC: - if (!curve) - err = gpg_error (GPG_ERR_BAD_SECKEY); - else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(ecc(curve %s)(flags eddsa)(q%m)))", - "Ed25519", pkey[0]); - else - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(ecc(curve %s)(q%m)))", - curve, pkey[0]); - break; - - default: - err = gpg_error (GPG_ERR_PUBKEY_ALGO); - break; - } - - if (!err && !gcry_pk_get_keygrip (s_pkey, grip)) - err = gpg_error (GPG_ERR_INTERNAL); - - gcry_sexp_release (s_pkey); - return err; -} - - -/* Convert a secret key given as algorithm id and an array of key - parameters into our s-expression based format. Note that - PUBKEY_ALGO has an gcrypt algorithm number. */ -static gpg_error_t -convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey, - const char *curve) -{ - gpg_error_t err; - gcry_sexp_t s_skey = NULL; - - *r_key = NULL; - - switch (pubkey_algo) - { - case GCRY_PK_DSA: - err = gcry_sexp_build (&s_skey, NULL, - "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", - skey[0], skey[1], skey[2], skey[3], skey[4]); - break; - - case GCRY_PK_ELG: - case GCRY_PK_ELG_E: - err = gcry_sexp_build (&s_skey, NULL, - "(private-key(elg(p%m)(g%m)(y%m)(x%m)))", - skey[0], skey[1], skey[2], skey[3]); - break; - - - case GCRY_PK_RSA: - case GCRY_PK_RSA_E: - case GCRY_PK_RSA_S: - err = gcry_sexp_build (&s_skey, NULL, - "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", - skey[0], skey[1], skey[2], skey[3], skey[4], - skey[5]); - break; - - case GCRY_PK_ECC: - if (!curve) - err = gpg_error (GPG_ERR_BAD_SECKEY); - else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) - { - /* Do not store the OID as name but the real name and the - EdDSA flag. */ - err = gcry_sexp_build (&s_skey, NULL, - "(private-key(ecc(curve%s)(flags eddsa)" - "(q%m)(d%m)))", - "Ed25519", skey[0], skey[1]); - } - else - err = gcry_sexp_build (&s_skey, NULL, - "(private-key(ecc(curve%s)(q%m)(d%m)))", - curve, skey[0], skey[1]); - break; - - default: - err = gpg_error (GPG_ERR_PUBKEY_ALGO); - break; - } - - if (!err) - *r_key = s_skey; - return err; -} - - -/* Convert a secret key given as algorithm id, an array of key - parameters, and an S-expression of the original OpenPGP transfer - key into our s-expression based format. This is a variant of - convert_secret_key which is used for the openpgp-native protection - mode. Note that PUBKEY_ALGO has an gcrypt algorithm number. */ -static gpg_error_t -convert_transfer_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey, - const char *curve, gcry_sexp_t transfer_key) -{ - gpg_error_t err; - gcry_sexp_t s_skey = NULL; - - *r_key = NULL; - - switch (pubkey_algo) - { - case GCRY_PK_DSA: - err = gcry_sexp_build - (&s_skey, NULL, - "(protected-private-key(dsa(p%m)(q%m)(g%m)(y%m)" - "(protected openpgp-native%S)))", - skey[0], skey[1], skey[2], skey[3], transfer_key); - break; - - case GCRY_PK_ELG: - err = gcry_sexp_build - (&s_skey, NULL, - "(protected-private-key(elg(p%m)(g%m)(y%m)" - "(protected openpgp-native%S)))", - skey[0], skey[1], skey[2], transfer_key); - break; - - - case GCRY_PK_RSA: - err = gcry_sexp_build - (&s_skey, NULL, - "(protected-private-key(rsa(n%m)(e%m)" - "(protected openpgp-native%S)))", - skey[0], skey[1], transfer_key ); - break; - - case GCRY_PK_ECC: - if (!curve) - err = gpg_error (GPG_ERR_BAD_SECKEY); - else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) - { - /* Do not store the OID as name but the real name and the - EdDSA flag. */ - err = gcry_sexp_build - (&s_skey, NULL, - "(protected-private-key(ecc(curve%s)(flags eddsa)(q%m)" - "(protected openpgp-native%S)))", - "Ed25519", skey[0], transfer_key); - } - else - err = gcry_sexp_build - (&s_skey, NULL, - "(protected-private-key(ecc(curve%s)(q%m)" - "(protected openpgp-native%S)))", - curve, skey[0], transfer_key); - break; - - default: - err = gpg_error (GPG_ERR_PUBKEY_ALGO); - break; - } - - if (!err) - *r_key = s_skey; - return err; -} - - -/* Hash the passphrase and set the key. */ -static gpg_error_t -hash_passphrase_and_set_key (const char *passphrase, - gcry_cipher_hd_t hd, int protect_algo, - int s2k_mode, int s2k_algo, - byte *s2k_salt, u32 s2k_count) -{ - gpg_error_t err; - unsigned char *key; - size_t keylen; - - keylen = gcry_cipher_get_algo_keylen (protect_algo); - if (!keylen) - return gpg_error (GPG_ERR_INTERNAL); - - key = xtrymalloc_secure (keylen); - if (!key) - return gpg_error_from_syserror (); - - err = s2k_hash_passphrase (passphrase, - s2k_algo, s2k_mode, s2k_salt, s2k_count, - key, keylen); - if (!err) - err = gcry_cipher_setkey (hd, key, keylen); - - xfree (key); - return err; -} - - -static u16 -checksum (const unsigned char *p, unsigned int n) -{ - u16 a; - - for (a=0; n; n-- ) - a += *p++; - return a; -} - - -/* Return the number of expected key parameters. */ -static void -get_npkey_nskey (int pubkey_algo, size_t *npkey, size_t *nskey) -{ - switch (pubkey_algo) - { - case GCRY_PK_RSA: *npkey = 2; *nskey = 6; break; - case GCRY_PK_ELG: *npkey = 3; *nskey = 4; break; - case GCRY_PK_ELG_E: *npkey = 3; *nskey = 4; break; - case GCRY_PK_DSA: *npkey = 4; *nskey = 5; break; - case GCRY_PK_ECC: *npkey = 1; *nskey = 2; break; - default: *npkey = 0; *nskey = 0; break; - } -} - - -/* Helper for do_unprotect. PUBKEY_ALOGO is the gcrypt algo number. - On success R_NPKEY and R_NSKEY receive the number or parameters for - the algorithm PUBKEY_ALGO and R_SKEYLEN the used length of - SKEY. */ -static int -prepare_unprotect (int pubkey_algo, gcry_mpi_t *skey, size_t skeysize, - int s2k_mode, - unsigned int *r_npkey, unsigned int *r_nskey, - unsigned int *r_skeylen) -{ - size_t npkey, nskey, skeylen; - int i; - - /* Count the actual number of MPIs is in the array and set the - remainder to NULL for easier processing later on. */ - for (skeylen = 0; skey[skeylen]; skeylen++) - ; - for (i=skeylen; i < skeysize; i++) - skey[i] = NULL; - - /* Check some args. */ - if (s2k_mode == 1001) - { - /* Stub key. */ - log_info (_("secret key parts are not available\n")); - return gpg_error (GPG_ERR_UNUSABLE_SECKEY); - } - - if (gcry_pk_test_algo (pubkey_algo)) - { - log_info (_("public key algorithm %d (%s) is not supported\n"), - pubkey_algo, gcry_pk_algo_name (pubkey_algo)); - return gpg_error (GPG_ERR_PUBKEY_ALGO); - } - - /* Get properties of the public key algorithm and do some - consistency checks. Note that we need at least NPKEY+1 elements - in the SKEY array. */ - get_npkey_nskey (pubkey_algo, &npkey, &nskey); - if (!npkey || !nskey || npkey >= nskey) - return gpg_error (GPG_ERR_INTERNAL); - if (skeylen <= npkey) - return gpg_error (GPG_ERR_MISSING_VALUE); - if (nskey+1 >= skeysize) - return gpg_error (GPG_ERR_BUFFER_TOO_SHORT); - - /* Check that the public key parameters are all available and not - encrypted. */ - for (i=0; i < npkey; i++) - { - if (!skey[i] || gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_USER1)) - return gpg_error (GPG_ERR_BAD_SECKEY); - } - - if (r_npkey) - *r_npkey = npkey; - if (r_nskey) - *r_nskey = nskey; - if (r_skeylen) - *r_skeylen = skeylen; - return 0; -} - - -/* Note that this function modifies SKEY. SKEYSIZE is the allocated - size of the array including the NULL item; this is used for a - bounds check. On success a converted key is stored at R_KEY. */ -static int -do_unprotect (const char *passphrase, - int pkt_version, int pubkey_algo, int is_protected, - const char *curve, gcry_mpi_t *skey, size_t skeysize, - int protect_algo, void *protect_iv, size_t protect_ivlen, - int s2k_mode, int s2k_algo, byte *s2k_salt, u32 s2k_count, - u16 desired_csum, gcry_sexp_t *r_key) -{ - gpg_error_t err; - unsigned int npkey, nskey, skeylen; - gcry_cipher_hd_t cipher_hd = NULL; - u16 actual_csum; - size_t nbytes; - int i; - gcry_mpi_t tmpmpi; - - *r_key = NULL; - - err = prepare_unprotect (pubkey_algo, skey, skeysize, s2k_mode, - &npkey, &nskey, &skeylen); - if (err) - return err; - - /* Check whether SKEY is at all protected. If it is not protected - merely verify the checksum. */ - if (!is_protected) - { - actual_csum = 0; - for (i=npkey; i < nskey; i++) - { - if (!skey[i] || gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_USER1)) - return gpg_error (GPG_ERR_BAD_SECKEY); - - if (gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_OPAQUE)) - { - unsigned int nbits; - const unsigned char *buffer; - buffer = gcry_mpi_get_opaque (skey[i], &nbits); - nbytes = (nbits+7)/8; - actual_csum += checksum (buffer, nbytes); - } - else - { - unsigned char *buffer; - - err = gcry_mpi_aprint (GCRYMPI_FMT_PGP, &buffer, &nbytes, - skey[i]); - if (!err) - actual_csum += checksum (buffer, nbytes); - xfree (buffer); - } - if (err) - return err; - } - - if (actual_csum != desired_csum) - return gpg_error (GPG_ERR_CHECKSUM); - - goto do_convert; - } - - - if (gcry_cipher_test_algo (protect_algo)) - { - /* The algorithm numbers are Libgcrypt numbers but fortunately - the OpenPGP algorithm numbers map one-to-one to the Libgcrypt - numbers. */ - log_info (_("protection algorithm %d (%s) is not supported\n"), - protect_algo, gnupg_cipher_algo_name (protect_algo)); - return gpg_error (GPG_ERR_CIPHER_ALGO); - } - - if (gcry_md_test_algo (s2k_algo)) - { - log_info (_("protection hash algorithm %d (%s) is not supported\n"), - s2k_algo, gcry_md_algo_name (s2k_algo)); - return gpg_error (GPG_ERR_DIGEST_ALGO); - } - - err = gcry_cipher_open (&cipher_hd, protect_algo, - GCRY_CIPHER_MODE_CFB, - (GCRY_CIPHER_SECURE - | (protect_algo >= 100 ? - 0 : GCRY_CIPHER_ENABLE_SYNC))); - if (err) - { - log_error ("failed to open cipher_algo %d: %s\n", - protect_algo, gpg_strerror (err)); - return err; - } - - err = hash_passphrase_and_set_key (passphrase, cipher_hd, protect_algo, - s2k_mode, s2k_algo, s2k_salt, s2k_count); - if (err) - { - gcry_cipher_close (cipher_hd); - return err; - } - - gcry_cipher_setiv (cipher_hd, protect_iv, protect_ivlen); - - actual_csum = 0; - if (pkt_version >= 4) - { - int ndata; - unsigned int ndatabits; - const unsigned char *p; - unsigned char *data; - u16 csum_pgp7 = 0; - - if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_OPAQUE )) - { - gcry_cipher_close (cipher_hd); - return gpg_error (GPG_ERR_BAD_SECKEY); - } - p = gcry_mpi_get_opaque (skey[npkey], &ndatabits); - ndata = (ndatabits+7)/8; - - if (ndata > 1) - csum_pgp7 = buf16_to_u16 (p+ndata-2); - data = xtrymalloc_secure (ndata); - if (!data) - { - err = gpg_error_from_syserror (); - gcry_cipher_close (cipher_hd); - return err; - } - gcry_cipher_decrypt (cipher_hd, data, ndata, p, ndata); - - p = data; - if (is_protected == 2) - { - /* This is the new SHA1 checksum method to detect tampering - with the key as used by the Klima/Rosa attack. */ - desired_csum = 0; - actual_csum = 1; /* Default to bad checksum. */ - - if (ndata < 20) - log_error ("not enough bytes for SHA-1 checksum\n"); - else - { - gcry_md_hd_t h; - - if (gcry_md_open (&h, GCRY_MD_SHA1, 1)) - BUG(); /* Algo not available. */ - gcry_md_write (h, data, ndata - 20); - gcry_md_final (h); - if (!memcmp (gcry_md_read (h, GCRY_MD_SHA1), data+ndata-20, 20)) - actual_csum = 0; /* Digest does match. */ - gcry_md_close (h); - } - } - else - { - /* Old 16 bit checksum method. */ - if (ndata < 2) - { - log_error ("not enough bytes for checksum\n"); - desired_csum = 0; - actual_csum = 1; /* Mark checksum bad. */ - } - else - { - desired_csum = buf16_to_u16 (data+ndata-2); - actual_csum = checksum (data, ndata-2); - if (desired_csum != actual_csum) - { - /* This is a PGP 7.0.0 workaround */ - desired_csum = csum_pgp7; /* Take the encrypted one. */ - } - } - } - - /* Better check it here. Otherwise the gcry_mpi_scan would fail - because the length may have an arbitrary value. */ - if (desired_csum == actual_csum) - { - for (i=npkey; i < nskey; i++ ) - { - if (gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_PGP, p, ndata, &nbytes)) - { - /* Checksum was okay, but not correctly decrypted. */ - desired_csum = 0; - actual_csum = 1; /* Mark checksum bad. */ - break; - } - gcry_mpi_release (skey[i]); - skey[i] = tmpmpi; - ndata -= nbytes; - p += nbytes; - } - skey[i] = NULL; - skeylen = i; - assert (skeylen <= skeysize); - - /* Note: at this point NDATA should be 2 for a simple - checksum or 20 for the sha1 digest. */ - } - xfree(data); - } - else /* Packet version <= 3. */ - { - unsigned char *buffer; - - for (i = npkey; i < nskey; i++) - { - const unsigned char *p; - size_t ndata; - unsigned int ndatabits; - - if (!skey[i] || !gcry_mpi_get_flag (skey[i], GCRYMPI_FLAG_OPAQUE)) - { - gcry_cipher_close (cipher_hd); - return gpg_error (GPG_ERR_BAD_SECKEY); - } - p = gcry_mpi_get_opaque (skey[i], &ndatabits); - ndata = (ndatabits+7)/8; - - if (!(ndata >= 2) || !(ndata == (buf16_to_ushort (p) + 7)/8 + 2)) - { - gcry_cipher_close (cipher_hd); - return gpg_error (GPG_ERR_BAD_SECKEY); - } - - buffer = xtrymalloc_secure (ndata); - if (!buffer) - { - err = gpg_error_from_syserror (); - gcry_cipher_close (cipher_hd); - return err; - } - - gcry_cipher_sync (cipher_hd); - buffer[0] = p[0]; - buffer[1] = p[1]; - gcry_cipher_decrypt (cipher_hd, buffer+2, ndata-2, p+2, ndata-2); - actual_csum += checksum (buffer, ndata); - err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_PGP, buffer, ndata, &ndata); - xfree (buffer); - if (err) - { - /* Checksum was okay, but not correctly decrypted. */ - desired_csum = 0; - actual_csum = 1; /* Mark checksum bad. */ - break; - } - gcry_mpi_release (skey[i]); - skey[i] = tmpmpi; - } - } - gcry_cipher_close (cipher_hd); - - /* Now let's see whether we have used the correct passphrase. */ - if (actual_csum != desired_csum) - return gpg_error (GPG_ERR_BAD_PASSPHRASE); - - do_convert: - if (nskey != skeylen) - err = gpg_error (GPG_ERR_BAD_SECKEY); - else - err = convert_secret_key (r_key, pubkey_algo, skey, curve); - if (err) - return err; - - /* The checksum may fail, thus we also check the key itself. */ - err = gcry_pk_testkey (*r_key); - if (err) - { - gcry_sexp_release (*r_key); - *r_key = NULL; - return gpg_error (GPG_ERR_BAD_PASSPHRASE); - } - - return 0; -} - - -/* Callback function to try the unprotection from the passphrase query - code. */ -static int -try_do_unprotect_cb (struct pin_entry_info_s *pi) -{ - gpg_error_t err; - struct try_do_unprotect_arg_s *arg = pi->check_cb_arg; - - err = do_unprotect (pi->pin, - arg->is_v4? 4:3, - arg->pubkey_algo, arg->is_protected, - arg->curve, - arg->skey, arg->skeysize, - arg->protect_algo, arg->iv, arg->ivlen, - arg->s2k_mode, arg->s2k_algo, - arg->s2k_salt, arg->s2k_count, - arg->desired_csum, arg->r_key); - /* SKEY may be modified now, thus we need to re-compute SKEYIDX. */ - for (arg->skeyidx = 0; (arg->skeyidx < arg->skeysize - && arg->skey[arg->skeyidx]); arg->skeyidx++) - ; - return err; -} - - -/* See convert_from_openpgp for the core of the description. This - function adds an optional PASSPHRASE argument and uses this to - silently decrypt the key; CACHE_NONCE and R_PASSPHRASE must both be - NULL in this mode. */ -static gpg_error_t -convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp, - unsigned char *grip, const char *prompt, - const char *cache_nonce, const char *passphrase, - unsigned char **r_key, char **r_passphrase) -{ - gpg_error_t err; - int unattended; - int from_native; - gcry_sexp_t top_list; - gcry_sexp_t list = NULL; - const char *value; - size_t valuelen; - char *string; - int idx; - int is_v4, is_protected; - int pubkey_algo; - int protect_algo = 0; - char iv[16]; - int ivlen = 0; - int s2k_mode = 0; - int s2k_algo = 0; - byte s2k_salt[8]; - u32 s2k_count = 0; - size_t npkey, nskey; - gcry_mpi_t skey[10]; /* We support up to 9 parameters. */ - char *curve = NULL; - u16 desired_csum; - int skeyidx = 0; - gcry_sexp_t s_skey = NULL; - - *r_key = NULL; - if (r_passphrase) - *r_passphrase = NULL; - unattended = !r_passphrase; - from_native = (!cache_nonce && passphrase && !r_passphrase); - - top_list = gcry_sexp_find_token (s_pgp, "openpgp-private-key", 0); - if (!top_list) - goto bad_seckey; - - list = gcry_sexp_find_token (top_list, "version", 0); - if (!list) - goto bad_seckey; - value = gcry_sexp_nth_data (list, 1, &valuelen); - if (!value || valuelen != 1 || !(value[0] == '3' || value[0] == '4')) - goto bad_seckey; - is_v4 = (value[0] == '4'); - - gcry_sexp_release (list); - list = gcry_sexp_find_token (top_list, "protection", 0); - if (!list) - goto bad_seckey; - value = gcry_sexp_nth_data (list, 1, &valuelen); - if (!value) - goto bad_seckey; - if (valuelen == 4 && !memcmp (value, "sha1", 4)) - is_protected = 2; - else if (valuelen == 3 && !memcmp (value, "sum", 3)) - is_protected = 1; - else if (valuelen == 4 && !memcmp (value, "none", 4)) - is_protected = 0; - else - goto bad_seckey; - - if (is_protected) - { - string = gcry_sexp_nth_string (list, 2); - if (!string) - goto bad_seckey; - protect_algo = gcry_cipher_map_name (string); - xfree (string); - - value = gcry_sexp_nth_data (list, 3, &valuelen); - if (!value || !valuelen || valuelen > sizeof iv) - goto bad_seckey; - memcpy (iv, value, valuelen); - ivlen = valuelen; - - string = gcry_sexp_nth_string (list, 4); - if (!string) - goto bad_seckey; - s2k_mode = strtol (string, NULL, 10); - xfree (string); - - string = gcry_sexp_nth_string (list, 5); - if (!string) - goto bad_seckey; - s2k_algo = gcry_md_map_name (string); - xfree (string); - - value = gcry_sexp_nth_data (list, 6, &valuelen); - if (!value || !valuelen || valuelen > sizeof s2k_salt) - goto bad_seckey; - memcpy (s2k_salt, value, valuelen); - - string = gcry_sexp_nth_string (list, 7); - if (!string) - goto bad_seckey; - s2k_count = strtoul (string, NULL, 10); - xfree (string); - } - - gcry_sexp_release (list); - list = gcry_sexp_find_token (top_list, "algo", 0); - if (!list) - goto bad_seckey; - string = gcry_sexp_nth_string (list, 1); - if (!string) - goto bad_seckey; - pubkey_algo = gcry_pk_map_name (string); - xfree (string); - - get_npkey_nskey (pubkey_algo, &npkey, &nskey); - if (!npkey || !nskey || npkey >= nskey) - goto bad_seckey; - - if (npkey == 1) /* This is ECC */ - { - gcry_sexp_release (list); - list = gcry_sexp_find_token (top_list, "curve", 0); - if (!list) - goto bad_seckey; - curve = gcry_sexp_nth_string (list, 1); - if (!curve) - goto bad_seckey; - } - - gcry_sexp_release (list); - list = gcry_sexp_find_token (top_list, "skey", 0); - if (!list) - goto bad_seckey; - for (idx=0;;) - { - int is_enc; - - value = gcry_sexp_nth_data (list, ++idx, &valuelen); - if (!value && skeyidx >= npkey) - break; /* Ready. */ - - /* Check for too many parameters. Note that depending on the - protection mode and version number we may see less than NSKEY - (but at least NPKEY+1) parameters. */ - if (idx >= 2*nskey) - goto bad_seckey; - if (skeyidx >= DIM (skey)-1) - goto bad_seckey; - - if (!value || valuelen != 1 || !(value[0] == '_' || value[0] == 'e')) - goto bad_seckey; - is_enc = (value[0] == 'e'); - value = gcry_sexp_nth_data (list, ++idx, &valuelen); - if (!value || !valuelen) - goto bad_seckey; - if (is_enc || curve) - { - /* Encrypted parameters and ECC parameters need or can be - stored as opaque. */ - skey[skeyidx] = gcry_mpi_set_opaque_copy (NULL, value, valuelen*8); - if (!skey[skeyidx]) - goto outofmem; - if (is_enc) - gcry_mpi_set_flag (skey[skeyidx], GCRYMPI_FLAG_USER1); - } - else - { - if (gcry_mpi_scan (skey + skeyidx, GCRYMPI_FMT_STD, - value, valuelen, NULL)) - goto bad_seckey; - } - skeyidx++; - } - skey[skeyidx++] = NULL; - - gcry_sexp_release (list); - list = gcry_sexp_find_token (top_list, "csum", 0); - if (list) - { - string = gcry_sexp_nth_string (list, 1); - if (!string) - goto bad_seckey; - desired_csum = strtoul (string, NULL, 10); - xfree (string); - } - else - desired_csum = 0; - - - gcry_sexp_release (list); list = NULL; - gcry_sexp_release (top_list); top_list = NULL; - -#if 0 - log_debug ("XXX is_v4=%d\n", is_v4); - log_debug ("XXX pubkey_algo=%d\n", pubkey_algo); - log_debug ("XXX is_protected=%d\n", is_protected); - log_debug ("XXX protect_algo=%d\n", protect_algo); - log_printhex ("XXX iv", iv, ivlen); - log_debug ("XXX ivlen=%d\n", ivlen); - log_debug ("XXX s2k_mode=%d\n", s2k_mode); - log_debug ("XXX s2k_algo=%d\n", s2k_algo); - log_printhex ("XXX s2k_salt", s2k_salt, sizeof s2k_salt); - log_debug ("XXX s2k_count=%lu\n", (unsigned long)s2k_count); - log_debug ("XXX curve='%s'\n", curve); - for (idx=0; skey[idx]; idx++) - gcry_log_debugmpi (gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_USER1) - ? "skey(e)" : "skey(_)", skey[idx]); -#endif /*0*/ - - err = get_keygrip (pubkey_algo, curve, skey, grip); - if (err) - goto leave; - - if (!from_native && !agent_key_available (grip)) - { - err = gpg_error (GPG_ERR_EEXIST); - goto leave; - } - - if (unattended && !from_native) - { - err = prepare_unprotect (pubkey_algo, skey, DIM(skey), s2k_mode, - NULL, NULL, NULL); - if (err) - goto leave; - - err = convert_transfer_key (&s_skey, pubkey_algo, skey, curve, s_pgp); - if (err) - goto leave; - } - else - { - struct pin_entry_info_s *pi; - struct try_do_unprotect_arg_s pi_arg; - - pi = xtrycalloc_secure (1, sizeof (*pi) + 100); - if (!pi) - return gpg_error_from_syserror (); - pi->max_length = 100; - pi->min_digits = 0; /* We want a real passphrase. */ - pi->max_digits = 16; - pi->max_tries = 3; - pi->check_cb = try_do_unprotect_cb; - pi->check_cb_arg = &pi_arg; - pi_arg.is_v4 = is_v4; - pi_arg.is_protected = is_protected; - pi_arg.pubkey_algo = pubkey_algo; - pi_arg.curve = curve; - pi_arg.protect_algo = protect_algo; - pi_arg.iv = iv; - pi_arg.ivlen = ivlen; - pi_arg.s2k_mode = s2k_mode; - pi_arg.s2k_algo = s2k_algo; - pi_arg.s2k_salt = s2k_salt; - pi_arg.s2k_count = s2k_count; - pi_arg.desired_csum = desired_csum; - pi_arg.skey = skey; - pi_arg.skeysize = DIM (skey); - pi_arg.skeyidx = skeyidx; - pi_arg.r_key = &s_skey; - - err = gpg_error (GPG_ERR_BAD_PASSPHRASE); - if (!is_protected) - { - err = try_do_unprotect_cb (pi); - } - else if (cache_nonce) - { - char *cache_value; - - cache_value = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); - if (cache_value) - { - if (strlen (cache_value) < pi->max_length) - strcpy (pi->pin, cache_value); - xfree (cache_value); - } - if (*pi->pin) - err = try_do_unprotect_cb (pi); - } - else if (from_native) - { - if (strlen (passphrase) < pi->max_length) - strcpy (pi->pin, passphrase); - err = try_do_unprotect_cb (pi); - } - if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE && !from_native) - err = agent_askpin (ctrl, prompt, NULL, NULL, pi, NULL, 0); - skeyidx = pi_arg.skeyidx; - if (!err && r_passphrase && is_protected) - { - *r_passphrase = xtrystrdup (pi->pin); - if (!*r_passphrase) - err = gpg_error_from_syserror (); - } - xfree (pi); - if (err) - goto leave; - } - - /* Save some memory and get rid of the SKEY array now. */ - for (idx=0; idx < skeyidx; idx++) - gcry_mpi_release (skey[idx]); - skeyidx = 0; - - /* Note that the padding is not required - we use it only because - that function allows us to create the result in secure memory. */ - err = make_canon_sexp_pad (s_skey, 1, r_key, NULL); - - leave: - xfree (curve); - gcry_sexp_release (s_skey); - gcry_sexp_release (list); - gcry_sexp_release (top_list); - for (idx=0; idx < skeyidx; idx++) - gcry_mpi_release (skey[idx]); - if (err && r_passphrase) - { - xfree (*r_passphrase); - *r_passphrase = NULL; - } - return err; - - bad_seckey: - err = gpg_error (GPG_ERR_BAD_SECKEY); - goto leave; - - outofmem: - err = gpg_error (GPG_ERR_ENOMEM); - goto leave; - -} - - -/* Convert an OpenPGP transfer key into our internal format. Before - asking for a passphrase we check whether the key already exists in - our key storage. S_PGP is the OpenPGP key in transfer format. If - CACHE_NONCE is given the passphrase will be looked up in the cache. - On success R_KEY will receive a canonical encoded S-expression with - the unprotected key in our internal format; the caller needs to - release that memory. The passphrase used to decrypt the OpenPGP - key will be returned at R_PASSPHRASE; the caller must release this - passphrase. If R_PASSPHRASE is NULL the unattended conversion mode - will be used which uses the openpgp-native protection format for - the key. The keygrip will be stored at the 20 byte buffer pointed - to by GRIP. On error NULL is stored at all return arguments. */ -gpg_error_t -convert_from_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, - unsigned char *grip, const char *prompt, - const char *cache_nonce, - unsigned char **r_key, char **r_passphrase) -{ - return convert_from_openpgp_main (ctrl, s_pgp, grip, prompt, - cache_nonce, NULL, - r_key, r_passphrase); -} - -/* This function is called by agent_unprotect to re-protect an - openpgp-native protected private-key into the standard private-key - protection format. */ -gpg_error_t -convert_from_openpgp_native (ctrl_t ctrl, - gcry_sexp_t s_pgp, const char *passphrase, - unsigned char **r_key) -{ - gpg_error_t err; - unsigned char grip[20]; - - if (!passphrase) - return gpg_error (GPG_ERR_INTERNAL); - - err = convert_from_openpgp_main (ctrl, s_pgp, grip, NULL, - NULL, passphrase, - r_key, NULL); - - /* On success try to re-write the key. */ - if (!err) - { - if (*passphrase) - { - unsigned char *protectedkey = NULL; - size_t protectedkeylen; - - if (!agent_protect (*r_key, passphrase, - &protectedkey, &protectedkeylen, - ctrl->s2k_count)) - agent_write_private_key (grip, protectedkey, protectedkeylen, 1); - xfree (protectedkey); - } - else - { - /* Empty passphrase: write key without protection. */ - agent_write_private_key (grip, - *r_key, - gcry_sexp_canon_len (*r_key, 0, NULL,NULL), - 1); - } - } - - return err; -} - - -/* Given an ARRAY of mpis with the key parameters, protect the secret - parameters in that array and replace them by one opaque encoded - mpi. NPKEY is the number of public key parameters and NSKEY is - the number of secret key parameters (including the public ones). - On success the array will have NPKEY+1 elements. */ -static gpg_error_t -apply_protection (gcry_mpi_t *array, int npkey, int nskey, - const char *passphrase, - int protect_algo, void *protect_iv, size_t protect_ivlen, - int s2k_mode, int s2k_algo, byte *s2k_salt, u32 s2k_count) -{ - gpg_error_t err; - int i, j; - gcry_cipher_hd_t cipherhd; - unsigned char *bufarr[10]; - size_t narr[10]; - unsigned int nbits[10]; - int ndata; - unsigned char *p, *data; - - assert (npkey < nskey); - assert (nskey < DIM (bufarr)); - - /* Collect only the secret key parameters into BUFARR et al and - compute the required size of the data buffer. */ - ndata = 20; /* Space for the SHA-1 checksum. */ - for (i = npkey, j = 0; i < nskey; i++, j++ ) - { - if (gcry_mpi_get_flag (array[i], GCRYMPI_FLAG_OPAQUE)) - { - const unsigned char *s; - unsigned int n; - - s = gcry_mpi_get_opaque (array[i], &n); - if (!s) - { - s = ""; - n = 0; - } - /* Strip leading zero bits. */ - for (; n >= 8 && !*s; s++, n -= 8) - ; - if (n >= 8 && !(*s & 0x80)) - if (--n >= 7 && !(*s & 0x40)) - if (--n >= 6 && !(*s & 0x20)) - if (--n >= 5 && !(*s & 0x10)) - if (--n >= 4 && !(*s & 0x08)) - if (--n >= 3 && !(*s & 0x04)) - if (--n >= 2 && !(*s & 0x02)) - if (--n >= 1 && !(*s & 0x01)) - --n; - - nbits[j] = n; - n = (n+7)/8; - narr[j] = n; - bufarr[j] = (gcry_is_secure (s)? xtrymalloc_secure (n?n:1) - /* */ : xtrymalloc (n?n:1)); - if (!bufarr[j]) - { - err = gpg_error_from_syserror (); - for (i = 0; i < j; i++) - xfree (bufarr[i]); - return err; - } - memcpy (bufarr[j], s, n); - } - else - { - err = gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j, narr+j, array[i]); - if (err) - { - for (i = 0; i < j; i++) - xfree (bufarr[i]); - return err; - } - nbits[j] = gcry_mpi_get_nbits (array[i]); - } - ndata += 2 + narr[j]; - } - - /* Allocate data buffer and stuff it with the secret key parameters. */ - data = xtrymalloc_secure (ndata); - if (!data) - { - err = gpg_error_from_syserror (); - for (i = 0; i < (nskey-npkey); i++ ) - xfree (bufarr[i]); - return err; - } - p = data; - for (i = 0; i < (nskey-npkey); i++ ) - { - *p++ = nbits[i] >> 8 ; - *p++ = nbits[i]; - memcpy (p, bufarr[i], narr[i]); - p += narr[i]; - xfree (bufarr[i]); - bufarr[i] = NULL; - } - assert (p == data + ndata - 20); - - /* Append a hash of the secret key parameters. */ - gcry_md_hash_buffer (GCRY_MD_SHA1, p, data, ndata - 20); - - /* Encrypt it. */ - err = gcry_cipher_open (&cipherhd, protect_algo, - GCRY_CIPHER_MODE_CFB, GCRY_CIPHER_SECURE); - if (!err) - err = hash_passphrase_and_set_key (passphrase, cipherhd, protect_algo, - s2k_mode, s2k_algo, s2k_salt, s2k_count); - if (!err) - err = gcry_cipher_setiv (cipherhd, protect_iv, protect_ivlen); - if (!err) - err = gcry_cipher_encrypt (cipherhd, data, ndata, NULL, 0); - gcry_cipher_close (cipherhd); - if (err) - { - xfree (data); - return err; - } - - /* Replace the secret key parameters in the array by one opaque value. */ - for (i = npkey; i < nskey; i++ ) - { - gcry_mpi_release (array[i]); - array[i] = NULL; - } - array[npkey] = gcry_mpi_set_opaque (NULL, data, ndata*8); - return 0; -} - - -/* - * Examining S_KEY in S-Expression and extract data. - * When REQ_PRIVATE_KEY_DATA == 1, S_KEY's CAR should be 'private-key', - * but it also allows shadowed or protected versions. - * On success, it returns 0, otherwise error number. - * R_ALGONAME is static string which is no need to free by caller. - * R_NPKEY is pointer to number of public key data. - * R_NSKEY is pointer to number of private key data. - * R_ELEMS is static string which is no need to free by caller. - * ARRAY contains public and private key data. - * ARRAYSIZE is the allocated size of the array for cross-checking. - * R_CURVE is pointer to S-Expression of the curve (can be NULL). - * R_FLAGS is pointer to S-Expression of the flags (can be NULL). - */ -gpg_error_t -extract_private_key (gcry_sexp_t s_key, int req_private_key_data, - const char **r_algoname, int *r_npkey, int *r_nskey, - const char **r_elems, - gcry_mpi_t *array, int arraysize, - gcry_sexp_t *r_curve, gcry_sexp_t *r_flags) -{ - gpg_error_t err; - gcry_sexp_t list, l2; - char *name; - const char *algoname, *format; - int npkey, nskey; - gcry_sexp_t curve = NULL; - gcry_sexp_t flags = NULL; - - *r_curve = NULL; - *r_flags = NULL; - - if (!req_private_key_data) - { - list = gcry_sexp_find_token (s_key, "shadowed-private-key", 0 ); - if (!list) - list = gcry_sexp_find_token (s_key, "protected-private-key", 0 ); - if (!list) - list = gcry_sexp_find_token (s_key, "private-key", 0 ); - } - else - list = gcry_sexp_find_token (s_key, "private-key", 0); - - if (!list) - { - log_error ("invalid private key format\n"); - return gpg_error (GPG_ERR_BAD_SECKEY); - } - - l2 = gcry_sexp_cadr (list); - gcry_sexp_release (list); - list = l2; - name = gcry_sexp_nth_string (list, 0); - if (!name) - { - gcry_sexp_release (list); - return gpg_error (GPG_ERR_INV_OBJ); /* Invalid structure of object. */ - } - - if (arraysize < 7) - BUG (); - - /* Map NAME to a name as used by Libgcrypt. We do not use the - Libgcrypt function here because we need a lowercase name and - require special treatment for some algorithms. */ - strlwr (name); - if (!strcmp (name, "rsa")) - { - algoname = "rsa"; - format = "ned?p?q?u?"; - npkey = 2; - nskey = 6; - err = gcry_sexp_extract_param (list, NULL, format, - array+0, array+1, array+2, array+3, - array+4, array+5, NULL); - } - else if (!strcmp (name, "elg")) - { - algoname = "elg"; - format = "pgyx?"; - npkey = 3; - nskey = 4; - err = gcry_sexp_extract_param (list, NULL, format, - array+0, array+1, array+2, array+3, - NULL); - } - else if (!strcmp (name, "dsa")) - { - algoname = "dsa"; - format = "pqgyx?"; - npkey = 4; - nskey = 5; - err = gcry_sexp_extract_param (list, NULL, format, - array+0, array+1, array+2, array+3, - array+4, NULL); - } - else if (!strcmp (name, "ecc")) - { - algoname = "ecc"; - format = "/qd?"; - npkey = 1; - nskey = 2; - curve = gcry_sexp_find_token (list, "curve", 0); - flags = gcry_sexp_find_token (list, "flags", 0); - err = gcry_sexp_extract_param (list, NULL, format, - array+0, array+1, NULL); - if (flags) - { - gcry_sexp_t param = gcry_sexp_find_token (flags, "param", 0); - if (param) - { - gcry_sexp_release (param); - array[6] = array[0]; - array[7] = array[1]; - err = gcry_sexp_extract_param (list, NULL, "pabgnh?", - array+0, array+1, array+2, array+3, - array+4, array+5, NULL); - if (array[5] == NULL) - { - array[5] = GCRYMPI_CONST_ONE; - npkey += 6; - nskey += 6; - } - format = "pabgnhqd?"; - } - } - } - else if (!strcmp (name, "ecdsa")) - { - algoname = "ecdsa"; - format = "pabgnqd?"; - npkey = 6; - nskey = 7; - err = gcry_sexp_extract_param (list, NULL, format, - array+0, array+1, array+2, array+3, - array+4, array+5, array+6, NULL); - } - else if (!strcmp (name, "ecdh")) - { - algoname = "ecdh"; - format = "pabgnqd?"; - npkey = 6; - nskey= 7; - err = gcry_sexp_extract_param (list, NULL, format, - array+0, array+1, array+2, array+3, - array+4, array+5, array+6, NULL); - } - else - { - err = gpg_error (GPG_ERR_PUBKEY_ALGO); - } - xfree (name); - gcry_sexp_release (list); - if (err) - { - gcry_sexp_release (curve); - gcry_sexp_release (flags); - return err; - } - else - { - *r_algoname = algoname; - if (r_elems) - { - if (format[0] == '/') /* It is opaque data qualifier, skip it. */ - *r_elems = format+1; - else - *r_elems = format; - } - *r_npkey = npkey; - if (r_nskey) - *r_nskey = nskey; - *r_curve = curve; - *r_flags = flags; - - return 0; - } -} - -/* Convert our key S_KEY into an OpenPGP key transfer format. On - success a canonical encoded S-expression is stored at R_TRANSFERKEY - and its length at R_TRANSFERKEYLEN; this S-expression is also - padded to a multiple of 64 bits. */ -gpg_error_t -convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, - unsigned char **r_transferkey, size_t *r_transferkeylen) -{ - gpg_error_t err; - const char *algoname; - int npkey, nskey; - gcry_mpi_t array[10]; - gcry_sexp_t curve = NULL; - gcry_sexp_t flags = NULL; - char protect_iv[16]; - char salt[8]; - unsigned long s2k_count; - int i, j; - - (void)ctrl; - - *r_transferkey = NULL; - - for (i=0; i < DIM (array); i++) - array[i] = NULL; - - err = extract_private_key (s_key, 1, &algoname, &npkey, &nskey, NULL, - array, DIM (array), &curve, &flags); - if (err) - return err; - - gcry_create_nonce (protect_iv, sizeof protect_iv); - gcry_create_nonce (salt, sizeof salt); - /* We need to use the encoded S2k count. It is not possible to - encode it after it has been used because the encoding procedure - may round the value up. */ - s2k_count = get_standard_s2k_count_rfc4880 (); - err = apply_protection (array, npkey, nskey, passphrase, - GCRY_CIPHER_AES, protect_iv, sizeof protect_iv, - 3, GCRY_MD_SHA1, salt, s2k_count); - /* Turn it into the transfer key S-expression. Note that we always - return a protected key. */ - if (!err) - { - char countbuf[35]; - membuf_t mbuf; - void *format_args[10+2]; - gcry_sexp_t tmpkey; - gcry_sexp_t tmpsexp = NULL; - - snprintf (countbuf, sizeof countbuf, "%lu", s2k_count); - - init_membuf (&mbuf, 50); - put_membuf_str (&mbuf, "(skey"); - for (i=j=0; i < npkey; i++) - { - put_membuf_str (&mbuf, " _ %m"); - format_args[j++] = array + i; - } - put_membuf_str (&mbuf, " e %m"); - format_args[j++] = array + npkey; - put_membuf_str (&mbuf, ")\n"); - put_membuf (&mbuf, "", 1); - - tmpkey = NULL; - { - char *format = get_membuf (&mbuf, NULL); - if (!format) - err = gpg_error_from_syserror (); - else - err = gcry_sexp_build_array (&tmpkey, NULL, format, format_args); - xfree (format); - } - if (!err) - err = gcry_sexp_build (&tmpsexp, NULL, - "(openpgp-private-key\n" - " (version 1:4)\n" - " (algo %s)\n" - " %S%S\n" - " (protection sha1 aes %b 1:3 sha1 %b %s))\n", - algoname, - curve, - tmpkey, - (int)sizeof protect_iv, protect_iv, - (int)sizeof salt, salt, - countbuf); - gcry_sexp_release (tmpkey); - if (!err) - err = make_canon_sexp_pad (tmpsexp, 0, r_transferkey, r_transferkeylen); - gcry_sexp_release (tmpsexp); - } - - for (i=0; i < DIM (array); i++) - gcry_mpi_release (array[i]); - gcry_sexp_release (curve); - gcry_sexp_release (flags); - - return err; -} diff -Nru gnupg2-2.1.6/agent/cvt-openpgp.h gnupg2-2.0.28/agent/cvt-openpgp.h --- gnupg2-2.1.6/agent/cvt-openpgp.h 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/cvt-openpgp.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -/* cvt-openpgp.h - Convert an OpenPGP key to our internal format. - * Copyright (C) 2010 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ -#ifndef GNUPG_AGENT_CVT_OPENPGP_H -#define GNUPG_AGENT_CVT_OPENPGP_H - -gpg_error_t convert_from_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, - unsigned char *grip, const char *prompt, - const char *cache_nonce, - unsigned char **r_key, char **r_passphrase); -gpg_error_t convert_from_openpgp_native (ctrl_t ctrl, - gcry_sexp_t s_pgp, - const char *passphrase, - unsigned char **r_key); - -gpg_error_t convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, - const char *passphrase, - unsigned char **r_transferkey, - size_t *r_transferkeylen); - -#endif /*GNUPG_AGENT_CVT_OPENPGP_H*/ diff -Nru gnupg2-2.1.6/agent/divert-scd.c gnupg2-2.0.28/agent/divert-scd.c --- gnupg2-2.1.6/agent/divert-scd.c 2015-06-30 19:23:20.000000000 +0000 +++ gnupg2-2.0.28/agent/divert-scd.c 2015-06-02 08:13:55.000000000 +0000 @@ -1,4 +1,4 @@ -/* divert-scd.c - divert operations to the scdaemon +/* divert-scd.c - divert operations to the scdaemon * Copyright (C) 2002, 2003, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. @@ -44,7 +44,7 @@ *r_kid = NULL; - rc = parse_shadow_info (shadow_info, &want_sn, &want_kid, NULL); + rc = parse_shadow_info (shadow_info, &want_sn, &want_kid); if (rc) return rc; @@ -89,9 +89,9 @@ "%s:%%0A%%0A" " \"%.*s\"", no_card - ? L_("Please insert the card with serial number") - : L_("Please remove the current card and " - "insert the one with serial number"), + ? _("Please insert the card with serial number") + : _("Please remove the current card and " + "insert the one with serial number"), want_sn_displen, want_sn) < 0) { rc = out_of_core (); @@ -99,10 +99,6 @@ else { rc = agent_get_confirmation (ctrl, desc, NULL, NULL, 0); - if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK && - gpg_err_code (rc) == GPG_ERR_NO_PIN_ENTRY) - rc = gpg_error (GPG_ERR_CARD_NOT_PRESENT); - xfree (desc); } } @@ -144,7 +140,7 @@ memcpy (frame+asnlen, digest, digestlen); if (DBG_CRYPTO) log_printhex ("encoded hash:", frame, asnlen+digestlen); - + *r_val = frame; *r_len = asnlen+digestlen; return 0; @@ -174,11 +170,11 @@ Example: "|AN|Please enter the new security officer's PIN" - + The text "Please ..." will get displayed and the flags 'A' and 'N' are considered. */ -static int +static int getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) { struct pin_entry_info_s *pi; @@ -201,19 +197,19 @@ for (s=info+1; s < ends; s++) { if (*s == 'A') - prompt = L_("Admin PIN"); + prompt = _("Admin PIN"); else if (*s == 'P') { /* TRANSLATORS: A PUK is the Personal Unblocking Code used to unblock a PIN. */ - prompt = L_("PUK"); + prompt = _("PUK"); is_puk = 1; } else if (*s == 'N') newpin = 1; else if (*s == 'R') { - prompt = L_("Reset Code"); + prompt = _("Reset Code"); resetcode = 1; } } @@ -239,7 +235,7 @@ char *desc; if ( asprintf (&desc, - L_("%s%%0A%%0AUse the reader's pinpad for input."), + _("%s%%0A%%0AUse the reader's pinpad for input."), info) < 0 ) rc = gpg_error_from_syserror (); else @@ -288,18 +284,18 @@ pi2->max_tries = 1; rc = agent_askpin (ctrl, (resetcode? - L_("Repeat this Reset Code"): + _("Repeat this Reset Code"): is_puk? - L_("Repeat this PUK"): - L_("Repeat this PIN")), + _("Repeat this PUK"): + _("Repeat this PIN")), prompt, NULL, pi2, NULL, 0); if (!rc && strcmp (pi->pin, pi2->pin)) { - again_text = (resetcode? - L_("Reset Code not correctly repeated; try again"): + again_text = (resetcode? + N_("Reset Code not correctly repeated; try again"): is_puk? - L_("PUK not correctly repeated; try again"): - L_("PIN not correctly repeated; try again")); + N_("PUK not correctly repeated; try again"): + N_("PIN not correctly repeated; try again")); xfree (pi2); xfree (pi); goto again; @@ -311,10 +307,10 @@ { char *desc; if ( asprintf (&desc, - L_("Please enter the PIN%s%s%s to unlock the card"), - info? " (":"", + _("Please enter the PIN%s%s%s to unlock the card"), + info? " (`":"", info? info:"", - info? ")":"") < 0) + info? "')":"") < 0) desc = NULL; rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi, NULL, 0); xfree (desc); @@ -333,10 +329,9 @@ int -divert_pksign (ctrl_t ctrl, +divert_pksign (ctrl_t ctrl, const unsigned char *digest, size_t digestlen, int algo, - const unsigned char *shadow_info, unsigned char **r_sig, - size_t *r_siglen) + const unsigned char *shadow_info, unsigned char **r_sig) { int rc; char *kid; @@ -352,7 +347,7 @@ int save = ctrl->use_auth_call; ctrl->use_auth_call = 1; rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl, - algo, digest, digestlen, &sigval, &siglen); + digest, digestlen, &sigval, &siglen); ctrl->use_auth_call = save; } else @@ -364,16 +359,13 @@ if (!rc) { rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl, - algo, data, ndata, &sigval, &siglen); + data, ndata, &sigval, &siglen); xfree (data); } } if (!rc) - { - *r_sig = sigval; - *r_siglen = siglen; - } + *r_sig = sigval; xfree (kid); @@ -383,13 +375,12 @@ /* Decrypt the the value given asn an S-expression in CIPHER using the key identified by SHADOW_INFO and return the plaintext in an - allocated buffer in R_BUF. The padding information is stored at - R_PADDING with -1 for not known. */ -int + allocated buffer in R_BUF. */ +int divert_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher, const unsigned char *shadow_info, - char **r_buf, size_t *r_len, int *r_padding) + char **r_buf, size_t *r_len) { int rc; char *kid; @@ -400,64 +391,34 @@ char *plaintext; size_t plaintextlen; - *r_padding = -1; - s = cipher; if (*s != '(') return gpg_error (GPG_ERR_INV_SEXP); s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); + return gpg_error (GPG_ERR_INV_SEXP); if (!smatch (&s, n, "enc-val")) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); + return gpg_error (GPG_ERR_UNKNOWN_SEXP); if (*s != '(') return gpg_error (GPG_ERR_UNKNOWN_SEXP); s++; n = snext (&s); if (!n) - return gpg_error (GPG_ERR_INV_SEXP); - if (smatch (&s, n, "rsa")) - { - if (*s != '(') - return gpg_error (GPG_ERR_UNKNOWN_SEXP); - s++; - n = snext (&s); - if (!n) - return gpg_error (GPG_ERR_INV_SEXP); - if (!smatch (&s, n, "a")) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); - n = snext (&s); - } - else if (smatch (&s, n, "ecdh")) - { - if (*s != '(') - return gpg_error (GPG_ERR_UNKNOWN_SEXP); - s++; - n = snext (&s); - if (!n) - return gpg_error (GPG_ERR_INV_SEXP); - if (smatch (&s, n, "s")) - { - n = snext (&s); - s += n; - if (*s++ != ')') - return gpg_error (GPG_ERR_INV_SEXP); - if (*s++ != '(') - return gpg_error (GPG_ERR_UNKNOWN_SEXP); - n = snext (&s); - if (!n) - return gpg_error (GPG_ERR_INV_SEXP); - } - if (!smatch (&s, n, "e")) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); - n = snext (&s); - } - else - return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); - + return gpg_error (GPG_ERR_INV_SEXP); + if (!smatch (&s, n, "rsa")) + return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); + if (*s != '(') + return gpg_error (GPG_ERR_UNKNOWN_SEXP); + s++; + n = snext (&s); if (!n) + return gpg_error (GPG_ERR_INV_SEXP); + if (!smatch (&s, n, "a")) return gpg_error (GPG_ERR_UNKNOWN_SEXP); + n = snext (&s); + if (!n) + return gpg_error (GPG_ERR_UNKNOWN_SEXP); ciphertext = s; ciphertextlen = n; @@ -467,7 +428,7 @@ rc = agent_card_pkdecrypt (ctrl, kid, getpin_cb, ctrl, ciphertext, ciphertextlen, - &plaintext, &plaintextlen, r_padding); + &plaintext, &plaintextlen); if (!rc) { *r_buf = plaintext; @@ -477,16 +438,14 @@ return rc; } -int -divert_writekey (ctrl_t ctrl, int force, const char *serialno, - const char *id, const char *keydata, size_t keydatalen) -{ - return agent_card_writekey (ctrl, force, serialno, id, keydata, keydatalen, - getpin_cb, ctrl); -} -int +int divert_generic_cmd (ctrl_t ctrl, const char *cmdline, void *assuan_context) { return agent_card_scd (ctrl, cmdline, getpin_cb, ctrl, assuan_context); } + + + + + diff -Nru gnupg2-2.1.6/agent/findkey.c gnupg2-2.0.28/agent/findkey.c --- gnupg2-2.1.6/agent/findkey.c 2015-06-30 19:31:36.000000000 +0000 +++ gnupg2-2.0.28/agent/findkey.c 2015-06-02 08:13:55.000000000 +0000 @@ -1,7 +1,6 @@ /* findkey.c - Locate the secret key * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, * 2010, 2011 Free Software Foundation, Inc. - * Copyright (C) 2014 Werner Koch * * This file is part of GnuPG. * @@ -30,7 +29,7 @@ #include #include #include -#include /* (we use pth_sleep) */ +#include /* (we use pth_sleep) */ #include "agent.h" #include "i18n.h" @@ -47,7 +46,7 @@ const unsigned char *protected_key; unsigned char *unprotected_key; int change_required; /* Set by the callback to indicate that the - user should change the passphrase. */ + user should chnage the passphrase. */ }; @@ -59,47 +58,69 @@ const void *buffer, size_t length, int force) { char *fname; - estream_t fp; + FILE *fp; char hexgrip[40+4+1]; + int fd; bin2hex (grip, 20, hexgrip); strcpy (hexgrip+40, ".key"); fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL); - /* FIXME: Write to a temp file first so that write failures during - key updates won't lead to a key loss. */ - if (!force && !access (fname, F_OK)) { - log_error ("secret key file '%s' already exists\n", fname); + log_error ("secret key file `%s' already exists\n", fname); xfree (fname); - return gpg_error (GPG_ERR_EEXIST); + return gpg_error (GPG_ERR_GENERAL); + } + + /* In FORCE mode we would like to create FNAME but only if it does + not already exist. We cannot make this guarantee just using + POSIX (GNU provides the "x" opentype for fopen, however, this is + not portable). Thus, we use the more flexible open function and + then use fdopen to obtain a stream. */ + fd = open (fname, force? (O_CREAT | O_TRUNC | O_WRONLY | O_BINARY) + : (O_CREAT | O_EXCL | O_WRONLY | O_BINARY), + S_IRUSR | S_IWUSR +#ifndef HAVE_W32_SYSTEM + | S_IRGRP +#endif + ); + if (fd < 0) + fp = NULL; + else + { + fp = fdopen (fd, "wb"); + if (!fp) + { + int save_e = errno; + close (fd); + errno = save_e; + } } - fp = es_fopen (fname, force? "wb,mode=-rw" : "wbx,mode=-rw"); if (!fp) { - gpg_error_t tmperr = gpg_error_from_syserror (); - log_error ("can't create '%s': %s\n", fname, gpg_strerror (tmperr)); + gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno)); + log_error ("can't create `%s': %s\n", fname, strerror (errno)); xfree (fname); return tmperr; } - if (es_fwrite (buffer, length, 1, fp) != 1) + if (fwrite (buffer, length, 1, fp) != 1) { - gpg_error_t tmperr = gpg_error_from_syserror (); - log_error ("error writing '%s': %s\n", fname, gpg_strerror (tmperr)); - es_fclose (fp); - gnupg_remove (fname); + gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno)); + log_error ("error writing `%s': %s\n", fname, strerror (errno)); + fclose (fp); + remove (fname); xfree (fname); return tmperr; } - if (es_fclose (fp)) + if ( fclose (fp) ) { - gpg_error_t tmperr = gpg_error_from_syserror (); - log_error ("error closing '%s': %s\n", fname, gpg_strerror (tmperr)); - gnupg_remove (fname); + gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno)); + log_error ("error closing `%s': %s\n", fname, strerror (errno)); + remove (fname); xfree (fname); return tmperr; } @@ -109,13 +130,12 @@ } -/* Callback function to try the unprotection from the passphrase query +/* Callback function to try the unprotection from the passpharse query code. */ static int try_unprotect_cb (struct pin_entry_info_s *pi) { struct try_unprotect_arg_s *arg = pi->check_cb_arg; - ctrl_t ctrl = arg->ctrl; size_t dummy; gpg_error_t err; gnupg_isotime_t now, protected_at, tmptime; @@ -124,18 +144,18 @@ assert (!arg->unprotected_key); arg->change_required = 0; - err = agent_unprotect (ctrl, arg->protected_key, pi->pin, protected_at, + err = agent_unprotect (arg->protected_key, pi->pin, protected_at, &arg->unprotected_key, &dummy); if (err) return err; - if (!opt.max_passphrase_days || ctrl->in_passwd) + if (!opt.max_passphrase_days || arg->ctrl->in_passwd) return 0; /* No regular passphrase change required. */ if (!*protected_at) { /* No protection date known - must force passphrase change. */ - desc = xtrystrdup (L_("Note: This passphrase has never been changed.%0A" - "Please change it now.")); + desc = xtrystrdup (_("Note: This passphrase has never been changed.%0A" + "Please change it now.")); if (!desc) return gpg_error_from_syserror (); } @@ -150,8 +170,8 @@ { /* Passphrase "expired". */ desc = xtryasprintf - (L_("This passphrase has not been changed%%0A" - "since %.4s-%.2s-%.2s. Please change it now."), + (_("This passphrase has not been changed%%0A" + "since %.4s-%.2s-%.2s. Please change it now."), protected_at, protected_at+4, protected_at+6); if (!desc) return gpg_error_from_syserror (); @@ -163,20 +183,19 @@ /* Change required. */ if (opt.enforce_passphrase_constraints) { - err = agent_get_confirmation (ctrl, desc, - L_("Change passphrase"), NULL, 0); + err = agent_get_confirmation (arg->ctrl, desc, + _("Change passphrase"), NULL, 0); if (!err) arg->change_required = 1; } else { - err = agent_get_confirmation (ctrl, desc, - L_("Change passphrase"), - L_("I'll change it later"), 0); + err = agent_get_confirmation (arg->ctrl, desc, + _("Change passphrase"), + _("I'll change it later"), 0); if (!err) arg->change_required = 1; - else if (gpg_err_code (err) == GPG_ERR_CANCELED - || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) + else if (gpg_err_code (err) == GPG_ERR_CANCELED) err = 0; } xfree (desc); @@ -191,7 +210,6 @@ %% - Replaced by a single % %c - Replaced by the content of COMMENT. - %C - Same as %c but put into parentheses. %F - Replaced by an ssh style fingerprint computed from KEY. The functions returns 0 on success or an error code. On success a @@ -243,20 +261,6 @@ out_len += comment_length; break; - case 'C': /* Comment. */ - if (!comment_length) - ; - else if (out) - { - *out++ = '('; - memcpy (out, comment, comment_length); - out += comment_length; - *out++ = ')'; - } - else - out_len += comment_length + 2; - break; - case 'F': /* SSH style fingerprint. */ if (!ssh_fpr && key) ssh_get_fingerprint_string (key, &ssh_fpr); @@ -314,16 +318,11 @@ should be the hex encoded keygrip of that key to be used with the caching mechanism. DESC_TEXT may be set to override the default description used for the pinentry. If LOOKUP_TTL is given this - function is used to lookup the default ttl. If R_PASSPHRASE is not - NULL, the function succeeded and the key was protected the used - passphrase (entered or from the cache) is stored there; if not NULL - will be stored. The caller needs to free the returned - passphrase. */ + function is used to lookup the default ttl. */ static int -unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, +unprotect (ctrl_t ctrl, const char *desc_text, unsigned char **keybuf, const unsigned char *grip, - cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, - char **r_passphrase) + cache_mode_t cache_mode, lookup_ttl_t lookup_ttl) { struct pin_entry_info_s *pi; struct try_unprotect_arg_s arg; @@ -332,99 +331,29 @@ size_t resultlen; char hexgrip[40+1]; - if (r_passphrase) - *r_passphrase = NULL; - bin2hex (grip, 20, hexgrip); - /* Initially try to get it using a cache nonce. */ - if (cache_nonce) - { - char *pw; - - pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); - if (pw) - { - rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen); - if (!rc) - { - if (r_passphrase) - *r_passphrase = pw; - else - xfree (pw); - xfree (*keybuf); - *keybuf = result; - return 0; - } - xfree (pw); - } - } - /* First try to get it from the cache - if there is none or we can't unprotect it, we fall back to ask the user */ if (cache_mode != CACHE_MODE_IGNORE) { - char *pw; + void *cache_marker; + const char *pw; retry: - pw = agent_get_cache (hexgrip, cache_mode); + pw = agent_get_cache (hexgrip, cache_mode, &cache_marker); if (pw) { - rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen); + rc = agent_unprotect (*keybuf, pw, NULL, &result, &resultlen); + agent_unlock_cache_entry (&cache_marker); if (!rc) { - if (cache_mode == CACHE_MODE_NORMAL) - agent_store_cache_hit (hexgrip); - if (r_passphrase) - *r_passphrase = pw; - else - xfree (pw); xfree (*keybuf); *keybuf = result; return 0; } - xfree (pw); rc = 0; } - else if (cache_mode == CACHE_MODE_NORMAL) - { - /* The standard use of GPG keys is to have a signing and an - encryption subkey. Commonly both use the same - passphrase. We try to help the user to enter the - passphrase only once by silently trying the last - correctly entered passphrase. Checking one additional - passphrase should be acceptable; despite the S2K - introduced delays. The assumed workflow is: - - 1. Read encrypted message in a MUA and thus enter a - passphrase for the encryption subkey. - - 2. Reply to that mail with an encrypted and signed - mail, thus entering the passphrase for the signing - subkey. - - We can often avoid the passphrase entry in the second - step. We do this only in normal mode, so not to - interfere with unrelated cache entries. */ - pw = agent_get_cache (NULL, cache_mode); - if (pw) - { - rc = agent_unprotect (ctrl, *keybuf, pw, NULL, - &result, &resultlen); - if (!rc) - { - if (r_passphrase) - *r_passphrase = pw; - else - xfree (pw); - xfree (*keybuf); - *keybuf = result; - return 0; - } - xfree (pw); - rc = 0; - } - } /* If the pinentry is currently in use, we wait up to 60 seconds for it to close and check the cache again. This solves a common @@ -443,7 +372,7 @@ { /* We need to give the other thread a chance to actually put it into the cache. */ - npth_sleep (1); + pth_sleep (1); goto retry; } /* Timeout - better call pinentry now the plain way. */ @@ -470,8 +399,6 @@ assert (arg.unprotected_key); if (arg.change_required) { - /* The callback told as that the user should change their - passphrase. Present the dialog to do. */ size_t canlen, erroff; gcry_sexp_t s_skey; @@ -488,7 +415,7 @@ xfree (pi); return rc; } - rc = agent_protect_and_store (ctrl, s_skey, NULL); + rc = agent_protect_and_store (ctrl, s_skey); gcry_sexp_release (s_skey); if (rc) { @@ -501,14 +428,8 @@ } } else - { - /* Passphrase is fine. */ - agent_put_cache (hexgrip, cache_mode, pi->pin, - lookup_ttl? lookup_ttl (hexgrip) : 0); - agent_store_cache_hit (hexgrip); - if (r_passphrase && *pi->pin) - *r_passphrase = xtrystrdup (pi->pin); - } + agent_put_cache (hexgrip, cache_mode, pi->pin, + lookup_ttl? lookup_ttl (hexgrip) : 0); xfree (*keybuf); *keybuf = arg.unprotected_key; } @@ -525,7 +446,7 @@ { int rc; char *fname; - estream_t fp; + FILE *fp; struct stat st; unsigned char *buf; size_t buflen, erroff; @@ -538,46 +459,33 @@ strcpy (hexgrip+40, ".key"); fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL); - fp = es_fopen (fname, "rb"); + fp = fopen (fname, "rb"); if (!fp) { rc = gpg_error_from_syserror (); if (gpg_err_code (rc) != GPG_ERR_ENOENT) - log_error ("can't open '%s': %s\n", fname, strerror (errno)); + log_error ("can't open `%s': %s\n", fname, strerror (errno)); xfree (fname); return rc; } - if (fstat (es_fileno (fp), &st)) + if (fstat (fileno(fp), &st)) { rc = gpg_error_from_syserror (); - log_error ("can't stat '%s': %s\n", fname, strerror (errno)); + log_error ("can't stat `%s': %s\n", fname, strerror (errno)); xfree (fname); - es_fclose (fp); + fclose (fp); return rc; } buflen = st.st_size; buf = xtrymalloc (buflen+1); - if (!buf) - { - rc = gpg_error_from_syserror (); - log_error ("error allocating %zu bytes for '%s': %s\n", - buflen, fname, strerror (errno)); - xfree (fname); - es_fclose (fp); - xfree (buf); - return rc; - - } - - if (es_fread (buf, buflen, 1, fp) != 1) + if (!buf || fread (buf, buflen, 1, fp) != 1) { rc = gpg_error_from_syserror (); - log_error ("error reading %zu bytes from '%s': %s\n", - buflen, fname, strerror (errno)); + log_error ("error reading `%s': %s\n", fname, strerror (errno)); xfree (fname); - es_fclose (fp); + fclose (fp); xfree (buf); return rc; } @@ -585,7 +493,7 @@ /* Convert the file into a gcrypt S-expression object. */ rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen); xfree (fname); - es_fclose (fp); + fclose (fp); xfree (buf); if (rc) { @@ -598,64 +506,35 @@ } -/* Remove the key identified by GRIP from the private key directory. */ -static gpg_error_t -remove_key_file (const unsigned char *grip) -{ - gpg_error_t err = 0; - char *fname; - char hexgrip[40+4+1]; - - bin2hex (grip, 20, hexgrip); - strcpy (hexgrip+40, ".key"); - fname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL); - if (gnupg_remove (fname)) - err = gpg_error_from_syserror (); - xfree (fname); - return err; -} - - /* Return the secret key as an S-Exp in RESULT after locating it using - the GRIP. If the operation shall be diverted to a token, an - allocated S-expression with the shadow_info part from the file is - stored at SHADOW_INFO; if not NULL will be stored at SHADOW_INFO. + the GRIP. Stores NULL at RESULT if the operation shall be diverted + to a token; in this case an allocated S-expression with the + shadow_info part from the file is stored at SHADOW_INFO. CACHE_MODE defines now the cache shall be used. DESC_TEXT may be set to present a custom description for the pinentry. LOOKUP_TTL is an optional function to convey a TTL to the cache manager; we do - not simply pass the TTL value because the value is only needed if - an unprotect action was needed and looking up the TTL may have some - overhead (e.g. scanning the sshcontrol file). If a CACHE_NONCE is - given that cache item is first tried to get a passphrase. If - R_PASSPHRASE is not NULL, the function succeeded and the key was - protected the used passphrase (entered or from the cache) is stored - there; if not NULL will be stored. The caller needs to free the - returned passphrase. */ + not simply pass the TTL value because the value is only needed if an + unprotect action was needed and looking up the TTL may have some + overhead (e.g. scanning the sshcontrol file). */ gpg_error_t -agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, - const char *desc_text, +agent_key_from_file (ctrl_t ctrl, const char *desc_text, const unsigned char *grip, unsigned char **shadow_info, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, - gcry_sexp_t *result, char **r_passphrase) + gcry_sexp_t *result) { int rc; unsigned char *buf; size_t len, buflen, erroff; gcry_sexp_t s_skey; + int got_shadow_info = 0; *result = NULL; if (shadow_info) *shadow_info = NULL; - if (r_passphrase) - *r_passphrase = NULL; rc = read_key_file (grip, &s_skey); if (rc) - { - if (gpg_err_code (rc) == GPG_ERR_ENOENT) - rc = gpg_error (GPG_ERR_NO_SECKEY); - return rc; - } + return rc; /* For use with the protection functions we also need the key as an canonical encoded S-expression in a buffer. Create this buffer @@ -668,22 +547,6 @@ { case PRIVATE_KEY_CLEAR: break; /* no unprotection needed */ - case PRIVATE_KEY_OPENPGP_NONE: - { - unsigned char *buf_new; - size_t buf_newlen; - - rc = agent_unprotect (ctrl, buf, "", NULL, &buf_new, &buf_newlen); - if (rc) - log_error ("failed to convert unprotected openpgp key: %s\n", - gpg_strerror (rc)); - else - { - xfree (buf); - buf = buf_new; - } - } - break; case PRIVATE_KEY_PROTECTED: { char *desc_text_final; @@ -709,8 +572,8 @@ if (!rc) { - rc = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip, - cache_mode, lookup_ttl, r_passphrase); + rc = unprotect (ctrl, desc_text_final, &buf, grip, + cache_mode, lookup_ttl); if (rc) log_error ("failed to unprotect the secret key: %s\n", gpg_strerror (rc)); @@ -737,6 +600,7 @@ { memcpy (*shadow_info, s, n); rc = 0; + got_shadow_info = 1; } } if (rc) @@ -752,14 +616,9 @@ } gcry_sexp_release (s_skey); s_skey = NULL; - if (rc) + if (rc || got_shadow_info) { xfree (buf); - if (r_passphrase) - { - xfree (*r_passphrase); - *r_passphrase = NULL; - } return rc; } @@ -771,11 +630,6 @@ { log_error ("failed to build S-Exp (off=%u): %s\n", (unsigned int)erroff, gpg_strerror (rc)); - if (r_passphrase) - { - xfree (*r_passphrase); - *r_passphrase = NULL; - } return rc; } @@ -784,186 +638,6 @@ } -/* Return the string name from the S-expression S_KEY as well as a - string describing the names of the parameters. ALGONAMESIZE and - ELEMSSIZE give the allocated size of the provided buffers. The - buffers may be NULL if not required. If R_LIST is not NULL the top - level list will be stored there; the caller needs to release it in - this case. */ -static gpg_error_t -key_parms_from_sexp (gcry_sexp_t s_key, gcry_sexp_t *r_list, - char *r_algoname, size_t algonamesize, - char *r_elems, size_t elemssize) -{ - gcry_sexp_t list, l2; - const char *name, *algoname, *elems; - size_t n; - - if (r_list) - *r_list = NULL; - - list = gcry_sexp_find_token (s_key, "shadowed-private-key", 0 ); - if (!list) - list = gcry_sexp_find_token (s_key, "protected-private-key", 0 ); - if (!list) - list = gcry_sexp_find_token (s_key, "private-key", 0 ); - if (!list) - { - log_error ("invalid private key format\n"); - return gpg_error (GPG_ERR_BAD_SECKEY); - } - - l2 = gcry_sexp_cadr (list); - gcry_sexp_release (list); - list = l2; - name = gcry_sexp_nth_data (list, 0, &n); - if (n==3 && !memcmp (name, "rsa", 3)) - { - algoname = "rsa"; - elems = "ne"; - } - else if (n==3 && !memcmp (name, "dsa", 3)) - { - algoname = "dsa"; - elems = "pqgy"; - } - else if (n==3 && !memcmp (name, "ecc", 3)) - { - algoname = "ecc"; - elems = "pabgnq"; - } - else if (n==5 && !memcmp (name, "ecdsa", 5)) - { - algoname = "ecdsa"; - elems = "pabgnq"; - } - else if (n==4 && !memcmp (name, "ecdh", 4)) - { - algoname = "ecdh"; - elems = "pabgnq"; - } - else if (n==3 && !memcmp (name, "elg", 3)) - { - algoname = "elg"; - elems = "pgy"; - } - else - { - log_error ("unknown private key algorithm\n"); - gcry_sexp_release (list); - return gpg_error (GPG_ERR_BAD_SECKEY); - } - - if (r_algoname) - { - if (strlen (algoname) >= algonamesize) - return gpg_error (GPG_ERR_BUFFER_TOO_SHORT); - strcpy (r_algoname, algoname); - } - if (r_elems) - { - if (strlen (elems) >= elemssize) - return gpg_error (GPG_ERR_BUFFER_TOO_SHORT); - strcpy (r_elems, elems); - } - - if (r_list) - *r_list = list; - else - gcry_sexp_release (list); - - return 0; -} - - -/* Return true if KEYPARMS holds an EdDSA key. */ -static int -is_eddsa (gcry_sexp_t keyparms) -{ - int result = 0; - gcry_sexp_t list; - const char *s; - size_t n; - int i; - - list = gcry_sexp_find_token (keyparms, "flags", 0); - for (i = list ? gcry_sexp_length (list)-1 : 0; i > 0; i--) - { - s = gcry_sexp_nth_data (list, i, &n); - if (!s) - continue; /* Not a data element. */ - - if (n == 5 && !memcmp (s, "eddsa", 5)) - { - result = 1; - break; - } - } - gcry_sexp_release (list); - return result; -} - - -/* Return the public key algorithm number if S_KEY is a DSA style key. - If it is not a DSA style key, return 0. */ -int -agent_is_dsa_key (gcry_sexp_t s_key) -{ - int result; - gcry_sexp_t list; - char algoname[6]; - - if (!s_key) - return 0; - - if (key_parms_from_sexp (s_key, &list, algoname, sizeof algoname, NULL, 0)) - return 0; /* Error - assume it is not an DSA key. */ - - if (!strcmp (algoname, "dsa")) - result = GCRY_PK_DSA; - else if (!strcmp (algoname, "ecc")) - { - if (is_eddsa (list)) - result = 0; - else - result = GCRY_PK_ECDSA; - } - else if (!strcmp (algoname, "ecdsa")) - result = GCRY_PK_ECDSA; - else - result = 0; - - gcry_sexp_release (list); - return result; -} - - -/* Return true if S_KEY is an EdDSA key as used with curve Ed25519. */ -int -agent_is_eddsa_key (gcry_sexp_t s_key) -{ - int result; - gcry_sexp_t list; - char algoname[6]; - - if (!s_key) - return 0; - - if (key_parms_from_sexp (s_key, &list, algoname, sizeof algoname, NULL, 0)) - return 0; /* Error - assume it is not an EdDSA key. */ - - if (!strcmp (algoname, "ecc") && is_eddsa (list)) - result = 1; - else if (!strcmp (algoname, "eddsa")) /* backward compatibility. */ - result = 1; - else - result = 0; - - gcry_sexp_release (list); - return result; -} - - /* Return the key for the keygrip GRIP. The result is stored at RESULT. This function extracts the key from the private key database and returns it as an S-expression object as it is. On @@ -995,43 +669,110 @@ const unsigned char *grip, gcry_sexp_t *result) { - gpg_error_t err; - int i, idx; + int i, idx, rc; gcry_sexp_t s_skey; - const char *algoname, *elems; - int npkey; - gcry_mpi_t array[10]; - gcry_sexp_t curve = NULL; - gcry_sexp_t flags = NULL; + const char *algoname; gcry_sexp_t uri_sexp, comment_sexp; const char *uri, *comment; size_t uri_length, comment_length; char *format, *p; - void *args[2+7+2+2+1]; /* Size is 2 + max. # of elements + 2 for uri + 2 - for comment + end-of-list. */ + void *args[4+2+2+1]; /* Size is max. # of elements + 2 for uri + 2 + for comment + end-of-list. */ int argidx; - gcry_sexp_t list = NULL; + gcry_sexp_t list, l2; + const char *name; const char *s; + size_t n; + const char *elems; + gcry_mpi_t *array; (void)ctrl; *result = NULL; - err = read_key_file (grip, &s_skey); - if (err) - return err; + rc = read_key_file (grip, &s_skey); + if (rc) + return rc; - for (i=0; i < DIM (array); i++) - array[i] = NULL; + list = gcry_sexp_find_token (s_skey, "shadowed-private-key", 0 ); + if (!list) + list = gcry_sexp_find_token (s_skey, "protected-private-key", 0 ); + if (!list) + list = gcry_sexp_find_token (s_skey, "private-key", 0 ); + if (!list) + { + log_error ("invalid private key format\n"); + gcry_sexp_release (s_skey); + return gpg_error (GPG_ERR_BAD_SECKEY); + } - err = extract_private_key (s_skey, 0, &algoname, &npkey, NULL, &elems, - array, DIM (array), &curve, &flags); - if (err) + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + name = gcry_sexp_nth_data (list, 0, &n); + if (n==3 && !memcmp (name, "rsa", 3)) + { + algoname = "rsa"; + elems = "ne"; + } + else if (n==3 && !memcmp (name, "dsa", 3)) + { + algoname = "dsa"; + elems = "pqgy"; + } + else if (n==3 && !memcmp (name, "elg", 3)) + { + algoname = "elg"; + elems = "pgy"; + } + else + { + log_error ("unknown private key algorithm\n"); + gcry_sexp_release (list); + gcry_sexp_release (s_skey); + return gpg_error (GPG_ERR_BAD_SECKEY); + } + + /* Allocate an array for the parameters and copy them out of the + secret key. FIXME: We should have a generic copy function. */ + array = xtrycalloc (strlen(elems) + 1, sizeof *array); + if (!array) { + rc = gpg_error_from_syserror (); + gcry_sexp_release (list); gcry_sexp_release (s_skey); - return err; + return rc; } + for (idx=0, s=elems; *s; s++, idx++ ) + { + l2 = gcry_sexp_find_token (list, s, 1); + if (!l2) + { + /* Required parameter not found. */ + for (i=0; i 0; i--) putc ('\xff', infp); fflush (infp); @@ -155,13 +150,13 @@ if (opt.enforce_passphrase_constraints) { - err = agent_show_message (ctrl, desc, L_("Enter new passphrase")); + err = agent_show_message (ctrl, desc, _("Enter new passphrase")); if (!err) err = gpg_error (GPG_ERR_CANCELED); } else err = agent_get_confirmation (ctrl, desc, - anyway_btn, L_("Enter new passphrase"), 0); + anyway_btn, _("Enter new passphrase"), 0); return err; } @@ -169,155 +164,109 @@ static int take_this_one_anyway (ctrl_t ctrl, const char *desc) { - return take_this_one_anyway2 (ctrl, desc, L_("Take this one anyway")); + return take_this_one_anyway2 (ctrl, desc, _("Take this one anyway")); } /* Check whether the passphrase PW is suitable. Returns 0 if the passphrase is suitable and true if it is not and the user should be - asked to provide a different one. If FAILED_CONSTRAINT is set, a - message describing the problem is returned in - *FAILED_CONSTRAINT. */ + asked to provide a different one. If SILENT is set, no message are + displayed. */ int -check_passphrase_constraints (ctrl_t ctrl, const char *pw, - char **failed_constraint) +check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent) { - gpg_error_t err = 0; + gpg_error_t err; unsigned int minlen = opt.min_passphrase_len; unsigned int minnonalpha = opt.min_passphrase_nonalpha; - char *msg1 = NULL; - char *msg2 = NULL; - char *msg3 = NULL; if (!pw) pw = ""; - /* The first check is to warn about an empty passphrase. */ - if (!*pw) - { - const char *desc = (opt.enforce_passphrase_constraints? - L_("You have not entered a passphrase!%0A" - "An empty passphrase is not allowed.") : - L_("You have not entered a passphrase - " - "this is in general a bad idea!%0A" - "Please confirm that you do not want to " - "have any protection on your key.")); - - err = 1; - if (failed_constraint) - { - if (opt.enforce_passphrase_constraints) - *failed_constraint = xstrdup (desc); - else - err = take_this_one_anyway2 (ctrl, desc, - L_("Yes, protection is not needed")); - } - - goto leave; - } - - /* Now check the constraints and collect the error messages unless - in in silent mode which returns immediately. */ if (utf8_charcount (pw) < minlen ) { - if (!failed_constraint) - { - err = gpg_error (GPG_ERR_INV_PASSPHRASE); - goto leave; - } + char *desc; + + if (silent) + return gpg_error (GPG_ERR_INV_PASSPHRASE); - msg1 = xtryasprintf - ( ngettext ("A passphrase should be at least %u character long.", + desc = xtryasprintf + ( ngettext ("Warning: You have entered an insecure passphrase.%%0A" + "A passphrase should be at least %u character long.", + "Warning: You have entered an insecure passphrase.%%0A" "A passphrase should be at least %u characters long.", minlen), minlen ); - if (!msg1) - { - err = gpg_error_from_syserror (); - goto leave; - } + if (!desc) + return gpg_error_from_syserror (); + err = take_this_one_anyway (ctrl, desc); + xfree (desc); + if (err) + return err; } if (nonalpha_count (pw) < minnonalpha ) { - if (!failed_constraint) - { - err = gpg_error (GPG_ERR_INV_PASSPHRASE); - goto leave; - } + char *desc; + + if (silent) + return gpg_error (GPG_ERR_INV_PASSPHRASE); - msg2 = xtryasprintf - ( ngettext ("A passphrase should contain at least %u digit or%%0A" + desc = xtryasprintf + ( ngettext ("Warning: You have entered an insecure passphrase.%%0A" + "A passphrase should contain at least %u digit or%%0A" "special character.", + "Warning: You have entered an insecure passphrase.%%0A" "A passphrase should contain at least %u digits or%%0A" "special characters.", minnonalpha), minnonalpha ); - if (!msg2) - { - err = gpg_error_from_syserror (); - goto leave; - } + if (!desc) + return gpg_error_from_syserror (); + err = take_this_one_anyway (ctrl, desc); + xfree (desc); + if (err) + return err; } - /* If configured check the passphrase against a list of known words + /* If configured check the passphrase against a list of know words and pattern. The actual test is done by an external program. The warning message is generic to give the user no hint on how to circumvent this list. */ if (*pw && opt.check_passphrase_pattern && check_passphrase_pattern (ctrl, pw)) { - if (!failed_constraint) - { - err = gpg_error (GPG_ERR_INV_PASSPHRASE); - goto leave; - } + const char *desc = + /* */ _("Warning: You have entered an insecure passphrase.%%0A" + "A passphrase may not be a known term or match%%0A" + "certain pattern."); - msg3 = xtryasprintf - (L_("A passphrase may not be a known term or match%%0A" - "certain pattern.")); - if (!msg3) - { - err = gpg_error_from_syserror (); - goto leave; - } + if (silent) + return gpg_error (GPG_ERR_INV_PASSPHRASE); + + err = take_this_one_anyway (ctrl, desc); + if (err) + return err; } - if (failed_constraint && (msg1 || msg2 || msg3)) + /* The final check is to warn about an empty passphrase. */ + if (!*pw) { - char *msg; - size_t n; + const char *desc = (opt.enforce_passphrase_constraints? + _("You have not entered a passphrase!%0A" + "An empty passphrase is not allowed.") : + _("You have not entered a passphrase - " + "this is in general a bad idea!%0A" + "Please confirm that you do not want to " + "have any protection on your key.")); + + if (silent) + return gpg_error (GPG_ERR_INV_PASSPHRASE); + + err = take_this_one_anyway2 (ctrl, desc, + _("Yes, protection is not needed")); + if (err) + return err; + } - msg = strconcat - (L_("Warning: You have entered an insecure passphrase."), - "%0A%0A", - msg1? msg1 : "", msg1? "%0A" : "", - msg2? msg2 : "", msg2? "%0A" : "", - msg3? msg3 : "", msg3? "%0A" : "", - NULL); - if (!msg) - { - err = gpg_error_from_syserror (); - goto leave; - } - /* Strip a trailing "%0A". */ - n = strlen (msg); - if (n > 3 && !strcmp (msg + n - 3, "%0A")) - msg[n-3] = 0; - - err = 1; - if (opt.enforce_passphrase_constraints) - *failed_constraint = msg; - else - { - err = take_this_one_anyway (ctrl, msg); - xfree (msg); - } - } - - leave: - xfree (msg1); - xfree (msg2); - xfree (msg3); - return err; + return 0; } @@ -334,110 +283,15 @@ } -/* Ask the user for a new passphrase using PROMPT. On success the - function returns 0 and store the passphrase at R_PASSPHRASE; if the - user opted not to use a passphrase NULL will be stored there. The - user needs to free the returned string. In case of an error and - error code is returned and NULL stored at R_PASSPHRASE. */ -gpg_error_t -agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, - char **r_passphrase) -{ - gpg_error_t err; - const char *text1 = prompt; - const char *text2 = L_("Please re-enter this passphrase"); - char *initial_errtext = NULL; - struct pin_entry_info_s *pi, *pi2; - - *r_passphrase = NULL; - - if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK) - { - size_t size; - size_t len = 100; - unsigned char *buffer; - - err = pinentry_loopback(ctrl, "NEW_PASSPHRASE", &buffer, &size, len); - if (!err) - { - if (size) - { - buffer[size] = 0; - *r_passphrase = buffer; - } - else - *r_passphrase = NULL; - } - return err; - } - - pi = gcry_calloc_secure (2, sizeof (*pi) + 100); - pi2 = pi + (sizeof *pi + 100); - pi->max_length = 100; - pi->max_tries = 3; - pi->with_qualitybar = 1; - pi->with_repeat = 1; - pi2->max_length = 100; - pi2->max_tries = 3; - pi2->check_cb = reenter_compare_cb; - pi2->check_cb_arg = pi->pin; - - next_try: - err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, NULL, 0); - xfree (initial_errtext); - initial_errtext = NULL; - if (!err) - { - if (check_passphrase_constraints (ctrl, pi->pin, &initial_errtext)) - { - pi->failed_tries = 0; - pi2->failed_tries = 0; - goto next_try; - } - /* Unless the passphrase is empty or the pinentry told us that - it already did the repetition check, ask to confirm it. */ - if (*pi->pin && !pi->repeat_okay) - { - err = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL, 0); - if (err == -1) - { /* The re-entered one did not match and the user did not - hit cancel. */ - initial_errtext = xtrystrdup (L_("does not match - try again")); - if (initial_errtext) - goto next_try; - err = gpg_error_from_syserror (); - } - } - } - - if (!err && *pi->pin) - { - /* User wants a passphrase. */ - *r_passphrase = xtrystrdup (pi->pin); - if (!*r_passphrase) - err = gpg_error_from_syserror (); - } - - xfree (initial_errtext); - xfree (pi); - return err; -} - - /* Generate a new keypair according to the parameters given in - KEYPARAM. If CACHE_NONCE is given first try to lookup a passphrase - using the cache nonce. If NO_PROTECTION is true the key will not - be protected by a passphrase. If OVERRIDE_PASSPHRASE is true that - passphrase will be used for the new key. */ + KEYPARAM */ int -agent_genkey (ctrl_t ctrl, const char *cache_nonce, - const char *keyparam, size_t keyparamlen, int no_protection, - const char *override_passphrase, int preset, membuf_t *outbuf) +agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen, + membuf_t *outbuf) { gcry_sexp_t s_keyparam, s_key, s_private, s_public; - char *passphrase_buffer = NULL; - const char *passphrase; + struct pin_entry_info_s *pi, *pi2; int rc; size_t len; char *buf; @@ -450,35 +304,63 @@ } /* Get the passphrase now, cause key generation may take a while. */ - if (override_passphrase) - passphrase = override_passphrase; - else if (no_protection || !cache_nonce) - passphrase = NULL; - else - { - passphrase_buffer = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); - passphrase = passphrase_buffer; - } - - if (passphrase || no_protection) - ; - else - { - rc = agent_ask_new_passphrase (ctrl, - L_("Please enter the passphrase to%0A" - "protect your new key"), - &passphrase_buffer); - if (rc) + { + const char *text1 = _("Please enter the passphrase to%0A" + "protect your new key"); + const char *text2 = _("Please re-enter this passphrase"); + const char *initial_errtext = NULL; + + pi = gcry_calloc_secure (2, sizeof (*pi) + 100); + pi2 = pi + (sizeof *pi + 100); + pi->max_length = 100; + pi->max_tries = 3; + pi->with_qualitybar = 1; + pi2->max_length = 100; + pi2->max_tries = 3; + pi2->check_cb = reenter_compare_cb; + pi2->check_cb_arg = pi->pin; + + next_try: + rc = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, NULL, 0); + initial_errtext = NULL; + if (!rc) + { + if (check_passphrase_constraints (ctrl, pi->pin, 0)) + { + pi->failed_tries = 0; + pi2->failed_tries = 0; + goto next_try; + } + if (pi->pin && *pi->pin) + { + rc = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL, 0); + if (rc == -1) + { /* The re-entered one did not match and the user did not + hit cancel. */ + initial_errtext = _("does not match - try again"); + goto next_try; + } + } + } + if (rc) + { + xfree (pi); return rc; - passphrase = passphrase_buffer; - } + } + + if (!*pi->pin) + { + xfree (pi); + pi = NULL; /* User does not want a passphrase. */ + } + } rc = gcry_pk_genkey (&s_key, s_keyparam ); gcry_sexp_release (s_keyparam); if (rc) { log_error ("key generation failed: %s\n", gpg_strerror (rc)); - xfree (passphrase_buffer); + xfree (pi); return rc; } @@ -488,7 +370,7 @@ { log_error ("key generation failed: invalid return value\n"); gcry_sexp_release (s_key); - xfree (passphrase_buffer); + xfree (pi); return gpg_error (GPG_ERR_INV_DATA); } s_public = gcry_sexp_find_token (s_key, "public-key", 0); @@ -497,7 +379,7 @@ log_error ("key generation failed: invalid return value\n"); gcry_sexp_release (s_private); gcry_sexp_release (s_key); - xfree (passphrase_buffer); + xfree (pi); return gpg_error (GPG_ERR_INV_DATA); } gcry_sexp_release (s_key); s_key = NULL; @@ -505,35 +387,8 @@ /* store the secret key */ if (DBG_CRYPTO) log_debug ("storing private key\n"); - rc = store_key (s_private, passphrase, 0, ctrl->s2k_count); - if (!rc) - { - if (!cache_nonce) - { - char tmpbuf[12]; - gcry_create_nonce (tmpbuf, 12); - cache_nonce = bin2hex (tmpbuf, 12, NULL); - } - if (cache_nonce - && !no_protection - && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, - passphrase, ctrl->cache_ttl_opt_preset)) - agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL); - if (preset && !no_protection) - { - unsigned char grip[20]; - char hexgrip[40+1]; - if (gcry_pk_get_keygrip (s_private, grip)) - { - bin2hex(grip, 20, hexgrip); - rc = agent_put_cache (hexgrip, CACHE_MODE_ANY, passphrase, - ctrl->cache_ttl_opt_preset); - } - } - } - xfree (passphrase_buffer); - passphrase_buffer = NULL; - passphrase = NULL; + rc = store_key (s_private, pi? pi->pin:NULL, 0); + xfree (pi); pi = NULL; gcry_sexp_release (s_private); if (rc) { @@ -565,41 +420,65 @@ -/* Apply a new passphrase to the key S_SKEY and store it. If - PASSPHRASE_ADDR and *PASSPHRASE_ADDR are not NULL, use that - passphrase. If PASSPHRASE_ADDR is not NULL store a newly entered - passphrase at that address. */ -gpg_error_t -agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey, - char **passphrase_addr) +/* Apply a new passpahrse to the key S_SKEY and store it. */ +int +agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey) { - gpg_error_t err; + struct pin_entry_info_s *pi, *pi2; + int rc; - if (passphrase_addr && *passphrase_addr) - { - /* Take an empty string as request not to protect the key. */ - err = store_key (s_skey, **passphrase_addr? *passphrase_addr:NULL, 1, - ctrl->s2k_count); - } - else - { - char *pass = NULL; + { + const char *text1 = _("Please enter the new passphrase"); + const char *text2 = _("Please re-enter this passphrase"); + const char *initial_errtext = NULL; + + pi = gcry_calloc_secure (2, sizeof (*pi) + 100); + pi2 = pi + (sizeof *pi + 100); + pi->max_length = 100; + pi->max_tries = 3; + pi->with_qualitybar = 1; + pi2->max_length = 100; + pi2->max_tries = 3; + pi2->check_cb = reenter_compare_cb; + pi2->check_cb_arg = pi->pin; + + next_try: + rc = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, NULL, 0); + initial_errtext = NULL; + if (!rc) + { + if (check_passphrase_constraints (ctrl, pi->pin, 0)) + { + pi->failed_tries = 0; + pi2->failed_tries = 0; + goto next_try; + } + /* Unless the passphrase is empty, ask to confirm it. */ + if (pi->pin && *pi->pin) + { + rc = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL, 0); + if (rc == -1) + { /* The re-entered one did not match and the user did not + hit cancel. */ + initial_errtext = _("does not match - try again"); + goto next_try; + } + } + } + if (rc) + { + xfree (pi); + return rc; + } - if (passphrase_addr) - { - xfree (*passphrase_addr); - *passphrase_addr = NULL; - } - err = agent_ask_new_passphrase (ctrl, - L_("Please enter the new passphrase"), - &pass); - if (!err) - err = store_key (s_skey, pass, 1, ctrl->s2k_count); - if (!err && passphrase_addr) - *passphrase_addr = pass; - else - xfree (pass); - } + if (!*pi->pin) + { + xfree (pi); + pi = NULL; /* User does not want a passphrase. */ + } + } - return err; + rc = store_key (s_skey, pi? pi->pin:NULL, 1); + xfree (pi); + return rc; } diff -Nru gnupg2-2.1.6/agent/gpg-agent.c gnupg2-2.0.28/agent/gpg-agent.c --- gnupg2-2.1.6/agent/gpg-agent.c 2015-07-01 12:14:32.000000000 +0000 +++ gnupg2-2.0.28/agent/gpg-agent.c 2015-06-02 08:13:55.000000000 +0000 @@ -1,6 +1,7 @@ /* gpg-agent.c - The GnuPG Agent - * Copyright (C) 2000-2007, 2009-2010 Free Software Foundation, Inc. - * Copyright (C) 2000-2014 Werner Koch + * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, + * 2006, 2007, 2009, 2010 Free Software Foundation, Inc. + * Copyright (C) 2013 Werner Koch * * This file is part of GnuPG. * @@ -44,23 +45,21 @@ # include #endif /*!HAVE_W32_SYSTEM*/ #include -#ifdef HAVE_SIGNAL_H -# include -#endif -#include +#include +#include -#define GNUPG_COMMON_NEED_AFLOCAL +#define JNLIB_NEED_LOG_LOGV +#define JNLIB_NEED_AFLOCAL #include "agent.h" #include /* Malloc hooks and socket wrappers. */ #include "i18n.h" +#include "mkdtemp.h" /* Gnulib replacement. */ #include "sysutils.h" +#include "setenv.h" #include "gc-opt-flags.h" #include "exechelp.h" -#include "asshelp.h" -#include "openpgpdefs.h" /* for PUBKEY_ALGO_ECDSA, PUBKEY_ALGO_ECDH */ -#include "../common/init.h" - +#include "../common/estream.h" enum cmd_and_opt_values { aNull = 0, @@ -78,8 +77,6 @@ oDebugAll, oDebugLevel, oDebugWait, - oDebugQuickRandom, - oDebugPinentry, oNoGreeting, oNoOptions, oHomedir, @@ -111,150 +108,105 @@ oEnablePassphraseHistory, oUseStandardSocket, oNoUseStandardSocket, - oExtraSocket, - oBrowserSocket, oFakedSystemTime, oIgnoreCacheForSigning, oAllowMarkTrusted, oNoAllowMarkTrusted, oAllowPresetPassphrase, - oAllowLoopbackPinentry, oNoAllowExternalCache, - oAllowEmacsPinentry, oKeepTTY, oKeepDISPLAY, oSSHSupport, oPuttySupport, oDisableScdaemon, - oDisableCheckOwnSocket, oWriteEnvFile }; -#ifndef ENAMETOOLONG -# define ENAMETOOLONG EINVAL -#endif - static ARGPARSE_OPTS opts[] = { - ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"), - ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"), - ARGPARSE_c (aUseStandardSocketP, "use-standard-socket-p", "@"), - - ARGPARSE_group (301, N_("@Options:\n ")), - - ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")), - ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")), - ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), - ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), - ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")), - ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")), - ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")), - - ARGPARSE_s_s (oDebug, "debug", "@"), - ARGPARSE_s_n (oDebugAll, "debug-all", "@"), - ARGPARSE_s_s (oDebugLevel, "debug-level", "@"), - ARGPARSE_s_i (oDebugWait," debug-wait", "@"), - ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"), - ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"), - - ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")), - ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")), - ARGPARSE_s_s (oLogFile, "log-file", N_("use a log file for the server")), - ARGPARSE_s_s (oPinentryProgram, "pinentry-program", - /* */ N_("|PGM|use PGM as the PIN-Entry program")), - ARGPARSE_s_s (oPinentryTouchFile, "pinentry-touch-file", "@"), - ARGPARSE_s_s (oScdaemonProgram, "scdaemon-program", - /* */ N_("|PGM|use PGM as the SCdaemon program") ), - ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon", - /* */ N_("do not use the SCdaemon") ), - ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"), - - ARGPARSE_s_s (oExtraSocket, "extra-socket", - /* */ N_("|NAME|accept some commands via NAME")), - - ARGPARSE_s_s (oBrowserSocket, "browser-socket", "@"), - - ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), - - ARGPARSE_s_n (oBatch, "batch", "@"), - ARGPARSE_s_s (oHomedir, "homedir", "@"), - - ARGPARSE_s_s (oDisplay, "display", "@"), - ARGPARSE_s_s (oTTYname, "ttyname", "@"), - ARGPARSE_s_s (oTTYtype, "ttytype", "@"), - ARGPARSE_s_s (oLCctype, "lc-ctype", "@"), - ARGPARSE_s_s (oLCmessages, "lc-messages", "@"), - ARGPARSE_s_s (oXauthority, "xauthority", "@"), - ARGPARSE_s_n (oKeepTTY, "keep-tty", - /* */ N_("ignore requests to change the TTY")), - ARGPARSE_s_n (oKeepDISPLAY, "keep-display", - /* */ N_("ignore requests to change the X display")), - - ARGPARSE_s_u (oDefCacheTTL, "default-cache-ttl", - N_("|N|expire cached PINs after N seconds")), - ARGPARSE_s_u (oDefCacheTTLSSH, "default-cache-ttl-ssh", "@" ), - ARGPARSE_s_u (oMaxCacheTTL, "max-cache-ttl", "@" ), - ARGPARSE_s_u (oMaxCacheTTLSSH, "max-cache-ttl-ssh", "@" ), - - ARGPARSE_s_n (oEnforcePassphraseConstraints, "enforce-passphrase-constraints", - /* */ "@"), - ARGPARSE_s_u (oMinPassphraseLen, "min-passphrase-len", "@"), - ARGPARSE_s_u (oMinPassphraseNonalpha, "min-passphrase-nonalpha", "@"), - ARGPARSE_s_s (oCheckPassphrasePattern, "check-passphrase-pattern", "@"), - ARGPARSE_s_u (oMaxPassphraseDays, "max-passphrase-days", "@"), - ARGPARSE_s_n (oEnablePassphraseHistory, "enable-passphrase-history", "@"), - - ARGPARSE_s_n (oIgnoreCacheForSigning, "ignore-cache-for-signing", - /* */ N_("do not use the PIN cache when signing")), - ARGPARSE_s_n (oNoAllowExternalCache, "no-allow-external-cache", - /* */ N_("disallow the use of an external password cache")), - ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted", - /* */ N_("disallow clients to mark keys as \"trusted\"")), - ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"), - ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase", - /* */ N_("allow presetting passphrase")), - ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry", - N_("allow caller to override the pinentry")), - ARGPARSE_s_n (oAllowEmacsPinentry, "allow-emacs-pinentry", - /* */ N_("allow passphrase to be prompted through Emacs")), - - ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")), - ARGPARSE_s_n (oPuttySupport, "enable-putty-support", + { aGPGConfList, "gpgconf-list", 256, "@" }, + { aGPGConfTest, "gpgconf-test", 256, "@" }, + { aUseStandardSocketP, "use-standard-socket-p", 256, "@" }, + + { 301, NULL, 0, N_("@Options:\n ") }, + + { oDaemon, "daemon", 0, N_("run in daemon mode (background)") }, + { oServer, "server", 0, N_("run in server mode (foreground)") }, + { oVerbose, "verbose", 0, N_("verbose") }, + { oQuiet, "quiet", 0, N_("be somewhat more quiet") }, + { oSh, "sh", 0, N_("sh-style command output") }, + { oCsh, "csh", 0, N_("csh-style command output") }, + { oOptions, "options" , 2, N_("|FILE|read options from FILE")}, + { oDebug, "debug" ,4|16, "@"}, + { oDebugAll, "debug-all" ,0, "@"}, + { oDebugLevel, "debug-level" ,2, "@"}, + { oDebugWait,"debug-wait",1, "@"}, + { oNoDetach, "no-detach" ,0, N_("do not detach from the console")}, + { oNoGrab, "no-grab" ,0, N_("do not grab keyboard and mouse")}, + { oLogFile, "log-file" ,2, N_("use a log file for the server")}, + { oUseStandardSocket, "use-standard-socket", 0, + N_("use a standard location for the socket")}, + { oNoUseStandardSocket, "no-use-standard-socket", 0, "@"}, + { oPinentryProgram, "pinentry-program", 2 , + N_("|PGM|use PGM as the PIN-Entry program") }, + { oPinentryTouchFile, "pinentry-touch-file", 2 , "@" }, + { oScdaemonProgram, "scdaemon-program", 2 , + N_("|PGM|use PGM as the SCdaemon program") }, + { oDisableScdaemon, "disable-scdaemon", 0, N_("do not use the SCdaemon") }, + { oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */ + + { oBatch, "batch", 0, "@" }, + { oHomedir, "homedir", 2, "@"}, + + { oDisplay, "display", 2, "@" }, + { oTTYname, "ttyname", 2, "@" }, + { oTTYtype, "ttytype", 2, "@" }, + { oLCctype, "lc-ctype", 2, "@" }, + { oLCmessages, "lc-messages", 2, "@" }, + { oXauthority, "xauthority", 2, "@" }, + { oKeepTTY, "keep-tty", 0, N_("ignore requests to change the TTY")}, + { oKeepDISPLAY, "keep-display", + 0, N_("ignore requests to change the X display")}, + + { oDefCacheTTL, "default-cache-ttl", 4, + N_("|N|expire cached PINs after N seconds")}, + { oDefCacheTTLSSH, "default-cache-ttl-ssh", 4, "@" }, + { oMaxCacheTTL, "max-cache-ttl", 4, "@" }, + { oMaxCacheTTLSSH, "max-cache-ttl-ssh", 4, "@" }, + + { oEnforcePassphraseConstraints, "enforce-passphrase-constraints", 0, "@"}, + { oMinPassphraseLen, "min-passphrase-len", 4, "@" }, + { oMinPassphraseNonalpha, "min-passphrase-nonalpha", 4, "@" }, + { oCheckPassphrasePattern, "check-passphrase-pattern", 2, "@" }, + { oMaxPassphraseDays, "max-passphrase-days", 4, "@" }, + { oEnablePassphraseHistory, "enable-passphrase-history", 0, "@" }, + + { oIgnoreCacheForSigning, "ignore-cache-for-signing", 0, + N_("do not use the PIN cache when signing")}, + { oNoAllowMarkTrusted, "no-allow-mark-trusted", 0, + N_("disallow clients to mark keys as \"trusted\"")}, + { oAllowMarkTrusted, "allow-mark-trusted", 0, "@"}, + { oAllowPresetPassphrase, "allow-preset-passphrase", 0, + N_("allow presetting passphrase")}, + { oSSHSupport, "enable-ssh-support", 0, N_("enable ssh support") }, + { oPuttySupport, "enable-putty-support", 0, #ifdef HAVE_W32_SYSTEM - /* */ N_("enable putty support") + N_("enable putty support") #else - /* */ "@" + "@" #endif - ), - - /* Dummy options for backward compatibility. */ - ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), - ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"), - ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"), - - {0} /* End of list */ + }, + { oNoAllowExternalCache, "no-allow-external-cache", 0, + N_("disallow the use of an external password cache") }, + { oWriteEnvFile, "write-env-file", 2|8, + N_("|FILE|write environment settings also to FILE")}, + {0} }; -/* The list of supported debug flags. */ -static struct debug_flags_s debug_flags [] = - { - { DBG_COMMAND_VALUE, "command" }, - { DBG_MPI_VALUE , "mpi" }, - { DBG_CRYPTO_VALUE , "crypto" }, - { DBG_MEMORY_VALUE , "memory" }, - { DBG_CACHE_VALUE , "cache" }, - { DBG_MEMSTAT_VALUE, "memstat" }, - { DBG_HASHING_VALUE, "hashing" }, - { DBG_IPC_VALUE , "ipc" }, - { 77, NULL } /* 77 := Do not exit on "help" or "?". */ - }; - - - #define DEFAULT_CACHE_TTL (10*60) /* 10 minutes */ #define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */ #define MAX_CACHE_TTL (120*60) /* 2 hours */ @@ -265,24 +217,14 @@ /* The timer tick used for housekeeping stuff. For Windows we use a longer period as the SetWaitableTimer seems to signal earlier than - the 2 seconds. CHECK_OWN_SOCKET_INTERVAL defines how often we - check our own socket in standard socket mode. If that value is 0 - we don't check at all. All values are in seconds. */ -#if defined(HAVE_W32CE_SYSTEM) -# define TIMERTICK_INTERVAL (60) -# define CHECK_OWN_SOCKET_INTERVAL (0) /* Never */ -#elif defined(HAVE_W32_SYSTEM) -# define TIMERTICK_INTERVAL (4) -# define CHECK_OWN_SOCKET_INTERVAL (60) + the 2 seconds. */ +#ifdef HAVE_W32_SYSTEM +#define TIMERTICK_INTERVAL (4) #else -# define TIMERTICK_INTERVAL (2) -# define CHECK_OWN_SOCKET_INTERVAL (60) +#define TIMERTICK_INTERVAL (2) /* Seconds. */ #endif -/* Flag indicating that the ssh-agent subsystem has been enabled. */ -static int ssh_support; - #ifdef HAVE_W32_SYSTEM /* Flag indicating that support for Putty has been enabled. */ static int putty_support; @@ -310,35 +252,18 @@ /* Counter for the currently running own socket checks. */ static int check_own_socket_running; -/* Flags to indicate that check_own_socket shall not be called. */ -static int disable_check_own_socket; - /* It is possible that we are currently running under setuid permissions */ static int maybe_setuid = 1; -/* Name of the communication socket used for native gpg-agent - requests. The second variable is either NULL or a malloced string - with the real socket name in case it has been redirected. */ +/* Name of the communication socket used for native gpg-agent requests. */ static char *socket_name; -static char *redir_socket_name; - -/* Name of the optional extra socket used for native gpg-agent requests. */ -static char *socket_name_extra; -static char *redir_socket_name_extra; - -/* Name of the optional browser socket used for native gpg-agent requests. */ -static char *socket_name_browser; -static char *redir_socket_name_browser; /* Name of the communication socket used for ssh-agent-emulation. */ static char *socket_name_ssh; -static char *redir_socket_name_ssh; /* We need to keep track of the server's nonces (these are dummies for POSIX systems). */ static assuan_sock_nonce_t socket_nonce; -static assuan_sock_nonce_t socket_nonce_extra; -static assuan_sock_nonce_t socket_nonce_browser; static assuan_sock_nonce_t socket_nonce_ssh; @@ -365,17 +290,13 @@ watched. */ static pid_t parent_pid = (pid_t)(-1); -/* Number of active connections. */ -static int active_connections; - /* Local prototypes. */ -static char *create_socket_name (char *standard_name, int with_homedir); -static gnupg_fd_t create_server_socket (char *name, int primary, int cygwin, - char **r_redir_name, +static char *create_socket_name (char *standard_name, char *template); +static gnupg_fd_t create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce); static void create_directories (void); @@ -383,23 +304,36 @@ static void agent_deinit_default_ctrl (ctrl_t ctrl); static void handle_connections (gnupg_fd_t listen_fd, - gnupg_fd_t listen_fd_extra, - gnupg_fd_t listen_fd_browser, gnupg_fd_t listen_fd_ssh); static void check_own_socket (void); -static int check_for_running_agent (int silent); +static int check_for_running_agent (int silent, int mode); /* Pth wrapper function definitions. */ -ASSUAN_SYSTEM_NPTH_IMPL; +ASSUAN_SYSTEM_PTH_IMPL; + +#if GCRYPT_VERSION_NUMBER < 0x010600 +GCRY_THREAD_OPTION_PTH_IMPL; +#if GCRY_THREAD_OPTION_VERSION < 1 +static int fixed_gcry_pth_init (void) +{ + return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0; +} +#endif +#endif /*GCRYPT_VERSION_NUMBER < 0x10600*/ + +#ifndef PTH_HAVE_PTH_THREAD_ID +static unsigned long pth_thread_id (void) +{ + return (unsigned long)pth_self (); +} +#endif + /* Functions. */ -/* Allocate a string describing a library version by calling a GETFNC. - This function is expected to be called only once. GETFNC is - expected to have a semantic like gcry_check_version (). */ static char * make_libversion (const char *libname, const char *(*getfnc)(const char*)) { @@ -417,9 +351,7 @@ return result; } -/* Return strings describing this program. The case values are - described in common/argparse.c:strusage. The values here override - the default values given by strusage. */ + static const char * my_strusage (int level) { @@ -428,7 +360,7 @@ switch (level) { - case 11: p = "@GPG_AGENT@ (@GNUPG@)"; + case 11: p = "gpg-agent (GnuPG)"; break; case 13: p = VERSION; break; case 17: p = PRINTABLE_OS_NAME; break; @@ -444,10 +376,10 @@ break; case 1: - case 40: p = _("Usage: @GPG_AGENT@ [options] (-h for help)"); + case 40: p = _("Usage: gpg-agent [options] (-h for help)"); break; - case 41: p = _("Syntax: @GPG_AGENT@ [options] [command [args]]\n" - "Secret key management for @GNUPG@\n"); + case 41: p = _("Syntax: gpg-agent [options] [command [args]]\n" + "Secret key management for GnuPG\n"); break; default: p = NULL; @@ -474,11 +406,11 @@ else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) opt.debug = 0; else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) - opt.debug = DBG_IPC_VALUE; + opt.debug = DBG_ASSUAN_VALUE; else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) - opt.debug = DBG_IPC_VALUE|DBG_COMMAND_VALUE; + opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE; else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) - opt.debug = (DBG_IPC_VALUE|DBG_COMMAND_VALUE + opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE |DBG_CACHE_VALUE); else if (!strcmp (debug_level, "guru") || numok) { @@ -492,7 +424,7 @@ } else { - log_error (_("invalid debug-level '%s' given\n"), debug_level); + log_error (_("invalid debug-level `%s' given\n"), debug_level); opt.debug = 0; /* Reset debugging, so that prior debug statements won't have an undesired effect. */ } @@ -509,23 +441,27 @@ gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); if (opt.debug) - parse_debug_flag (NULL, &opt.debug, debug_flags); + log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n", + (opt.debug & DBG_COMMAND_VALUE)? " command":"", + (opt.debug & DBG_MPI_VALUE )? " mpi":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", + (opt.debug & DBG_MEMORY_VALUE )? " memory":"", + (opt.debug & DBG_CACHE_VALUE )? " cache":"", + (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", + (opt.debug & DBG_HASHING_VALUE)? " hashing":"", + (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); } -/* Helper for cleanup to remove one socket with NAME. REDIR_NAME is - the corresponding real name if the socket has been redirected. */ +/* Helper for cleanup to remove one socket with NAME. */ static void -remove_socket (char *name, char *redir_name) +remove_socket (char *name) { if (name && *name) { char *p; - if (redir_name) - name = redir_name; - - gnupg_remove (name); + remove (name); p = strrchr (name, '/'); if (p) { @@ -537,24 +473,11 @@ } } - -/* Cleanup code for this program. This is either called has an atexit - handler or directly. */ static void cleanup (void) { - static int done; - - if (done) - return; - done = 1; - deinitialize_module_cache (); - remove_socket (socket_name, redir_socket_name); - if (opt.extra_socket > 1) - remove_socket (socket_name_extra, redir_socket_name_extra); - if (opt.browser_socket > 1) - remove_socket (socket_name_browser, redir_socket_name_browser); - remove_socket (socket_name_ssh, redir_socket_name_ssh); + remove_socket (socket_name); + remove_socket (socket_name_ssh); } @@ -573,7 +496,6 @@ opt.verbose = 0; opt.debug = 0; opt.no_grab = 0; - opt.debug_pinentry = 0; opt.pinentry_program = NULL; opt.pinentry_touch_file = NULL; opt.scdaemon_program = NULL; @@ -589,10 +511,8 @@ opt.enable_passhrase_history = 0; opt.ignore_cache_for_signing = 0; opt.allow_mark_trusted = 1; - opt.allow_external_cache = 1; - opt.allow_emacs_pinentry = 0; opt.disable_scdaemon = 0; - disable_check_own_socket = 0; + opt.allow_external_cache = 1; return 1; } @@ -601,12 +521,9 @@ case oQuiet: opt.quiet = 1; break; case oVerbose: opt.verbose++; break; - case oDebug: - parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags); - break; + case oDebug: opt.debug |= pargs->r.ret_ulong; break; case oDebugAll: opt.debug = ~0; break; case oDebugLevel: debug_level = pargs->r.ret_str; break; - case oDebugPinentry: opt.debug_pinentry = 1; break; case oLogFile: if (!reread) @@ -615,6 +532,8 @@ || strcmp (current_logfile, pargs->r.ret_str)) { log_set_file (pargs->r.ret_str); + if (DBG_ASSUAN) + assuan_set_assuan_log_stream (log_get_stream ()); xfree (current_logfile); current_logfile = xtrystrdup (pargs->r.ret_str); } @@ -626,7 +545,6 @@ case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break; case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break; case oDisableScdaemon: opt.disable_scdaemon = 1; break; - case oDisableCheckOwnSocket: disable_check_own_socket = 1; break; case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break; case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break; @@ -657,14 +575,9 @@ case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break; - case oAllowLoopbackPinentry: opt.allow_loopback_pinentry = 1; break; - case oNoAllowExternalCache: opt.allow_external_cache = 0; break; - case oAllowEmacsPinentry: opt.allow_emacs_pinentry = 1; - break; - default: return 0; /* not handled */ } @@ -673,14 +586,6 @@ } -/* Fixup some options after all have been processed. */ -static void -finalize_rereadable_options (void) -{ -} - - - /* The main entry point. */ int main (int argc, char **argv ) @@ -694,6 +599,8 @@ unsigned configlineno; int parse_debug = 0; int default_config =1; + int greeting = 0; + int nogreeting = 0; int pipe_server = 0; int is_daemon = 0; int nodetach = 0; @@ -702,10 +609,9 @@ int debug_wait = 0; int gpgconf_list = 0; gpg_error_t err; + const char *env_file_name = NULL; struct assuan_malloc_hooks malloc_hooks; - early_system_init (); - /* Before we do anything else we save the list of currently open file descriptors and the signal mask. This info is required to do the exec call properly. */ @@ -721,13 +627,27 @@ /* Please note that we may running SUID(ROOT), so be very CAREFUL when adding any stuff between here and the call to INIT_SECMEM() somewhere after the option parsing */ - log_set_prefix (GPG_AGENT_NAME, GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_WITH_PID); + log_set_prefix ("gpg-agent", JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID); /* Make sure that our subsystems are ready. */ i18n_init (); - init_common_subsystems (&argc, &argv); + init_common_subsystems (); + + +#if GCRYPT_VERSION_NUMBER < 0x010600 + /* Libgcrypt < 1.6 requires us to register the threading model first. + Note that this will also do the pth_init. */ +#if GCRY_THREAD_OPTION_VERSION < 1 + gcry_threads_pth.init = fixed_gcry_pth_init; +#endif + err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth); + if (err) + { + log_fatal ("can't register GNU Pth with Libgcrypt: %s\n", + gpg_strerror (err)); + } +#endif /*GCRYPT_VERSION_NUMBER < 0x010600*/ - npth_init (); /* Check that the libraries are suitable. Do it here because the option parsing may need services of the library. */ @@ -741,10 +661,10 @@ malloc_hooks.realloc = gcry_realloc; malloc_hooks.free = gcry_free; assuan_set_malloc_hooks (&malloc_hooks); + assuan_set_assuan_log_prefix (log_get_prefix (NULL)); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); - assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); + assuan_set_system_hooks (ASSUAN_SYSTEM_PTH); assuan_sock_init (); - setup_libassuan_logging (&opt.debug); setup_libgcrypt_logging (); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); @@ -753,6 +673,10 @@ /* Set default options. */ parse_rereadable_options (NULL, 0); /* Reset them to default values. */ +#ifdef USE_STANDARD_SOCKET + opt.use_standard_socket = 1; /* Under Windows we always use a standard + socket. */ +#endif shell = getenv ("SHELL"); if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") ) @@ -779,7 +703,7 @@ } if (!err) { - s = gnupg_ttyname (0); + s = ttyname (0); if (s) err = session_env_setenv (opt.startup_env, "GPG_TTY", s); } @@ -816,11 +740,6 @@ default_config = 0; /* --no-options */ else if (pargs.r_opt == oHomedir) opt.homedir = pargs.r.ret_str; - else if (pargs.r_opt == oDebugQuickRandom) - { - gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); - } - } /* Initialize the secure memory. */ @@ -832,8 +751,7 @@ */ if (default_config) - configname = make_filename (opt.homedir, GPG_AGENT_NAME EXTSEP_S "conf", - NULL ); + configname = make_filename (opt.homedir, "gpg-agent.conf", NULL ); argc = orig_argc; argv = orig_argv; @@ -850,7 +768,7 @@ if (default_config) { if( parse_debug ) - log_info (_("Note: no default option file '%s'\n"), + log_info (_("NOTE: no default option file `%s'\n"), configname ); /* Save the default conf file name so that reread_configuration is able to test whether the @@ -861,7 +779,7 @@ } else { - log_error (_("option file '%s': %s\n"), + log_error (_("option file `%s': %s\n"), configname, strerror(errno) ); exit(2); } @@ -869,7 +787,7 @@ configname = NULL; } if (parse_debug && configname ) - log_info (_("reading options from '%s'\n"), configname ); + log_info (_("reading options from `%s'\n"), configname ); default_config = 0; } @@ -895,7 +813,7 @@ goto next_pass; } break; - case oNoGreeting: /* Dummy option. */ break; + case oNoGreeting: nogreeting = 1; break; case oNoVerbose: opt.verbose = 0; break; case oNoOptions: break; /* no-options */ case oHomedir: opt.homedir = pargs.r.ret_str; break; @@ -911,14 +829,11 @@ case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break; case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break; case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str); - break; case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str); break; - case oUseStandardSocket: - case oNoUseStandardSocket: - obsolete_option (configname, configlineno, "use-standard-socket"); - break; + case oUseStandardSocket: opt.use_standard_socket = 1; break; + case oNoUseStandardSocket: opt.use_standard_socket = 0; break; case oFakedSystemTime: { @@ -932,31 +847,19 @@ case oKeepTTY: opt.keep_tty = 1; break; case oKeepDISPLAY: opt.keep_display = 1; break; - case oSSHSupport: - ssh_support = 1; - break; + case oSSHSupport: opt.ssh_support = 1; break; case oPuttySupport: # ifdef HAVE_W32_SYSTEM putty_support = 1; + opt.ssh_support = 1; # endif break; - case oExtraSocket: - opt.extra_socket = 1; /* (1 = points into argv) */ - socket_name_extra = pargs.r.ret_str; - break; - - case oBrowserSocket: - opt.browser_socket = 1; /* (1 = points into argv) */ - socket_name_browser = pargs.r.ret_str; - break; - - case oDebugQuickRandom: - /* Only used by the first stage command line parser. */ - break; - case oWriteEnvFile: - obsolete_option (configname, configlineno, "write-env-file"); + if (pargs.r_type) + env_file_name = pargs.r.ret_str; + else + env_file_name = make_filename ("~/.gpg-agent-info", NULL); break; default : pargs.err = configfp? 1:2; break; @@ -980,45 +883,21 @@ configname = NULL; if (log_get_errorcount(0)) exit(2); + if (nogreeting ) + greeting = 0; - finalize_rereadable_options (); - - /* Turn the homedir into an absolute one. */ - opt.homedir = make_absfilename (opt.homedir, NULL); - - /* Print a warning if an argument looks like an option. */ - if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN)) + if (greeting) { - int i; - - for (i=0; i < argc; i++) - if (argv[i][0] == '-' && argv[i][1] == '-') - log_info (_("Note: '%s' is not considered an option\n"), argv[i]); - } - -#ifdef ENABLE_NLS - /* gpg-agent usually does not output any messages because it runs in - the background. For log files it is acceptable to have messages - always encoded in utf-8. We switch here to utf-8, so that - commands like --help still give native messages. It is far - easier to switch only once instead of for every message and it - actually helps when more then one thread is active (avoids an - extra copy step). */ - bind_textdomain_codeset (PACKAGE_GT, "UTF-8"); + fprintf (stderr, "%s %s; %s\n", + strusage(11), strusage(13), strusage(14) ); + fprintf (stderr, "%s\n", strusage(15) ); + } +#ifdef IS_DEVELOPMENT_VERSION + /* We don't want to print it here because gpg-agent is useful of its + own and quite matured. */ + /*log_info ("NOTE: this is a development version!\n");*/ #endif - if (!pipe_server && !is_daemon && !gpgconf_list) - { - /* We have been called without any options and thus we merely - check whether an agent is already running. We do this right - here so that we don't clobber a logfile with this check but - print the status directly to stderr. */ - opt.debug = 0; - set_debug (); - check_for_running_agent (0); - agent_exit (0); - } - set_debug (); if (atexit (cleanup)) @@ -1028,7 +907,6 @@ exit (1); } - initialize_module_cache (); initialize_module_call_pinentry (); initialize_module_call_scd (); initialize_module_trustlist (); @@ -1045,30 +923,24 @@ } if (gpgconf_list == 3) - { - /* We now use the standard socket always - return true for - backward compatibility. */ - agent_exit (0); - } - else if (gpgconf_list == 2) + agent_exit (!opt.use_standard_socket); + if (gpgconf_list == 2) agent_exit (0); - else if (gpgconf_list) + if (gpgconf_list) { char *filename; char *filename_esc; /* List options and default values in the GPG Conf format. */ - filename = make_filename (opt.homedir, GPG_AGENT_NAME EXTSEP_S "conf", - NULL ); + filename = make_filename (opt.homedir, "gpg-agent.conf", NULL ); filename_esc = percent_escape (filename, NULL); - es_printf ("%s-%s.conf:%lu:\"%s\n", - GPGCONF_NAME, GPG_AGENT_NAME, - GC_OPT_FLAG_DEFAULT, filename_esc); + printf ("gpgconf-gpg-agent.conf:%lu:\"%s\n", + GC_OPT_FLAG_DEFAULT, filename_esc); xfree (filename); xfree (filename_esc); - es_printf ("verbose:%lu:\n" + printf ("verbose:%lu:\n" "quiet:%lu:\n" "debug-level:%lu:\"none:\n" "log-file:%lu:\n", @@ -1076,63 +948,83 @@ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME, GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME ); - es_printf ("default-cache-ttl:%lu:%d:\n", + printf ("default-cache-ttl:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL ); - es_printf ("default-cache-ttl-ssh:%lu:%d:\n", + printf ("default-cache-ttl-ssh:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL_SSH ); - es_printf ("max-cache-ttl:%lu:%d:\n", + printf ("max-cache-ttl:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL ); - es_printf ("max-cache-ttl-ssh:%lu:%d:\n", + printf ("max-cache-ttl-ssh:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH ); - es_printf ("enforce-passphrase-constraints:%lu:\n", + printf ("enforce-passphrase-constraints:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); - es_printf ("min-passphrase-len:%lu:%d:\n", + printf ("min-passphrase-len:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN ); - es_printf ("min-passphrase-nonalpha:%lu:%d:\n", + printf ("min-passphrase-nonalpha:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_NONALPHA); - es_printf ("check-passphrase-pattern:%lu:\n", + printf ("check-passphrase-pattern:%lu:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME); - es_printf ("max-passphrase-days:%lu:%d:\n", + printf ("max-passphrase-days:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_PASSPHRASE_DAYS); - es_printf ("enable-passphrase-history:%lu:\n", + printf ("enable-passphrase-history:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); - es_printf ("no-grab:%lu:\n", + printf ("no-grab:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); - es_printf ("ignore-cache-for-signing:%lu:\n", + printf ("ignore-cache-for-signing:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); - es_printf ("no-allow-external-cache:%lu:\n", + printf ("no-allow-mark-trusted:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); - es_printf ("no-allow-mark-trusted:%lu:\n", + printf ("no-allow-external-cache:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); - es_printf ("disable-scdaemon:%lu:\n", + printf ("disable-scdaemon:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); - es_printf ("enable-ssh-support:%lu:\n", GC_OPT_FLAG_NONE); #ifdef HAVE_W32_SYSTEM - es_printf ("enable-putty-support:%lu:\n", GC_OPT_FLAG_NONE); + printf ("enable-putty-support:%lu:\n", GC_OPT_FLAG_NONE); +#else + printf ("enable-ssh-support:%lu:\n", GC_OPT_FLAG_NONE); #endif - es_printf ("allow-loopback-pinentry:%lu:\n", - GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); - es_printf ("allow-emacs-pinentry:%lu:\n", - GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); agent_exit (0); } + /* If this has been called without any options, we merely check + whether an agent is already running. We do this here so that we + don't clobber a logfile but print it directly to stderr. */ + if (!pipe_server && !is_daemon) + { + log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX); + check_for_running_agent (0, 0); + agent_exit (0); + } + +#ifdef ENABLE_NLS + /* gpg-agent usually does not output any messages because it runs in + the background. For log files it is acceptable to have messages + always encoded in utf-8. We switch here to utf-8, so that + commands like --help still give native messages. It is far + easier to switch only once instead of for every message and it + actually helps when more then one thread is active (avoids an + extra copy step). */ + bind_textdomain_codeset (PACKAGE_GT, "UTF-8"); +#endif + /* Now start with logging to a file if this is desired. */ if (logfile) { log_set_file (logfile); - log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX - | GPGRT_LOG_WITH_TIME - | GPGRT_LOG_WITH_PID)); + log_set_prefix (NULL, (JNLIB_LOG_WITH_PREFIX + |JNLIB_LOG_WITH_TIME + |JNLIB_LOG_WITH_PID)); current_logfile = xstrdup (logfile); } + if (DBG_ASSUAN) + assuan_set_assuan_log_stream (log_get_stream ()); /* Make sure that we have a default ttyname. */ - if (!default_ttyname && gnupg_ttyname (1)) - default_ttyname = xstrdup (gnupg_ttyname (1)); + if (!default_ttyname && ttyname (1)) + default_ttyname = xstrdup (ttyname (1)); if (!default_ttytype && getenv ("TERM")) default_ttytype = xstrdup (getenv ("TERM")); @@ -1167,9 +1059,7 @@ else { /* Regular server mode */ gnupg_fd_t fd; - gnupg_fd_t fd_extra = GNUPG_INVALID_FD; - gnupg_fd_t fd_browser = GNUPG_INVALID_FD; - gnupg_fd_t fd_ssh = GNUPG_INVALID_FD; + gnupg_fd_t fd_ssh; pid_t pid; /* Remove the DISPLAY variable so that a pinentry does not @@ -1180,44 +1070,22 @@ exec the program given as arguments). */ #ifndef HAVE_W32_SYSTEM if (!opt.keep_display && !argc) - gnupg_unsetenv ("DISPLAY"); + unsetenv ("DISPLAY"); #endif - /* Remove the INSIDE_EMACS variable so that a pinentry does not - always try to interact with Emacs. The variable is set when - a client requested this using an OPTION command. */ - gnupg_unsetenv ("INSIDE_EMACS"); /* Create the sockets. */ - socket_name = create_socket_name (GPG_AGENT_SOCK_NAME, 1); - fd = create_server_socket (socket_name, 1, 0, - &redir_socket_name, &socket_nonce); - - if (opt.extra_socket) - { - socket_name_extra = create_socket_name (socket_name_extra, 0); - opt.extra_socket = 2; /* Indicate that it has been malloced. */ - fd_extra = create_server_socket (socket_name_extra, 0, 0, - &redir_socket_name_extra, - &socket_nonce_extra); - } - - if (opt.browser_socket) - { - socket_name_browser = create_socket_name (socket_name_browser, 0); - opt.browser_socket = 2; /* Indicate that it has been malloced. */ - fd_browser = create_server_socket (socket_name_browser, 0, 0, - &redir_socket_name_browser, - &socket_nonce_browser); - } - - if (ssh_support) - { - socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1); - fd_ssh = create_server_socket (socket_name_ssh, 0, 1, - &redir_socket_name_ssh, - &socket_nonce_ssh); - } + socket_name = create_socket_name + ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent"); + if (opt.ssh_support) + socket_name_ssh = create_socket_name + ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); + + fd = create_server_socket (socket_name, 0, &socket_nonce); + if (opt.ssh_support) + fd_ssh = create_server_socket (socket_name_ssh, 1, &socket_nonce_ssh); + else + fd_ssh = GNUPG_INVALID_FD; /* If we are going to exec a program in the parent, we record the PID, so that the child may check whether the program is @@ -1227,9 +1095,8 @@ fflush (NULL); #ifdef HAVE_W32_SYSTEM - (void)csh_style; - (void)nodetach; pid = getpid (); + printf ("set GPG_AGENT_INFO=%s;%lu;1\n", socket_name, (ulong)pid); #else /*!HAVE_W32_SYSTEM*/ pid = fork (); if (pid == (pid_t)-1) @@ -1239,14 +1106,25 @@ } else if (pid) { /* We are the parent */ - char *infostr_ssh_sock, *infostr_ssh_valid; + char *infostr, *infostr_ssh_sock, *infostr_ssh_pid; /* Close the socket FD. */ close (fd); - /* The signal mask might not be correct right now and thus - we restore it. That is not strictly necessary but some - programs falsely assume a cleared signal mask. */ + /* Note that we used a standard fork so that Pth runs in + both the parent and the child. The pth_fork would + terminate Pth in the child but that is not the way we + want it. Thus we use a plain fork and terminate Pth here + in the parent. The pth_kill may or may not work reliable + but it should not harm to call it. Because Pth fiddles + with the signal mask the signal mask might not be correct + right now and thus we restore it. That is not strictly + necessary but some programs falsely assume a cleared + signal mask. es_pth_kill is a wrapper around pth_kill to + take care not to use any Pth functions in the estream + code after Pth has been killed. */ + if ( !es_pth_kill () ) + log_error ("pth_kill failed in forked process\n"); #ifdef HAVE_SIGPROCMASK if (startup_signal_mask_valid) @@ -1259,8 +1137,15 @@ log_info ("no saved signal mask\n"); #endif /*HAVE_SIGPROCMASK*/ - /* Create the SSH info string if enabled. */ - if (ssh_support) + /* Create the info string: :: */ + if (asprintf (&infostr, "GPG_AGENT_INFO=%s:%lu:1", + socket_name, (ulong)pid ) < 0) + { + log_error ("out of core\n"); + kill (pid, SIGTERM); + exit (1); + } + if (opt.ssh_support) { if (asprintf (&infostr_ssh_sock, "SSH_AUTH_SOCK=%s", socket_name_ssh) < 0) @@ -1269,8 +1154,8 @@ kill (pid, SIGTERM); exit (1); } - if (asprintf (&infostr_ssh_valid, "gnupg_SSH_AUTH_SOCK_by=%lu", - (unsigned long)getpid()) < 0) + if (asprintf (&infostr_ssh_pid, "SSH_AGENT_PID=%u", + pid) < 0) { log_error ("out of core\n"); kill (pid, SIGTERM); @@ -1280,17 +1165,50 @@ *socket_name = 0; /* Don't let cleanup() remove the socket - the child should do this from now on */ - if (opt.extra_socket) - *socket_name_extra = 0; - if (opt.browser_socket) - *socket_name_browser = 0; - if (ssh_support) + if (opt.ssh_support) *socket_name_ssh = 0; + if (env_file_name) + { + FILE *fp; + + fp = fopen (env_file_name, "w"); + if (!fp) + log_error (_("error creating `%s': %s\n"), + env_file_name, strerror (errno)); + else + { + fputs (infostr, fp); + putc ('\n', fp); + if (opt.ssh_support) + { + fputs (infostr_ssh_sock, fp); + putc ('\n', fp); + fputs (infostr_ssh_pid, fp); + putc ('\n', fp); + } + fclose (fp); + } + } + + if (argc) { /* Run the program given on the commandline. */ - if (ssh_support && (putenv (infostr_ssh_sock) - || putenv (infostr_ssh_valid))) + if (putenv (infostr)) + { + log_error ("failed to set environment: %s\n", + strerror (errno) ); + kill (pid, SIGTERM ); + exit (1); + } + if (opt.ssh_support && putenv (infostr_ssh_sock)) + { + log_error ("failed to set environment: %s\n", + strerror (errno) ); + kill (pid, SIGTERM ); + exit (1); + } + if (opt.ssh_support && putenv (infostr_ssh_pid)) { log_error ("failed to set environment: %s\n", strerror (errno) ); @@ -1316,24 +1234,30 @@ shell's eval to set it */ if (csh_style) { - if (ssh_support) + *strchr (infostr, '=') = ' '; + printf ("setenv %s;\n", infostr); + if (opt.ssh_support) { *strchr (infostr_ssh_sock, '=') = ' '; - es_printf ("setenv %s;\n", infostr_ssh_sock); + printf ("setenv %s;\n", infostr_ssh_sock); + *strchr (infostr_ssh_pid, '=') = ' '; + printf ("setenv %s;\n", infostr_ssh_pid); } } else { - if (ssh_support) + printf ( "%s; export GPG_AGENT_INFO;\n", infostr); + if (opt.ssh_support) { - es_printf ("%s; export SSH_AUTH_SOCK;\n", - infostr_ssh_sock); + printf ("%s; export SSH_AUTH_SOCK;\n", infostr_ssh_sock); + printf ("%s; export SSH_AGENT_PID;\n", infostr_ssh_pid); } } - if (ssh_support) + xfree (infostr); + if (opt.ssh_support) { xfree (infostr_ssh_sock); - xfree (infostr_ssh_valid); + xfree (infostr_ssh_pid); } exit (0); } @@ -1358,7 +1282,7 @@ if ( ! close (i) && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1) { - log_error ("failed to open '%s': %s\n", + log_error ("failed to open `%s': %s\n", "/dev/null", strerror (errno)); cleanup (); exit (1); @@ -1373,7 +1297,7 @@ } log_get_prefix (&oldflags); - log_set_prefix (NULL, oldflags | GPGRT_LOG_RUN_DETACHED); + log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED); opt.running_detached = 1; } @@ -1394,7 +1318,7 @@ #endif /*!HAVE_W32_SYSTEM*/ log_info ("%s %s started\n", strusage(11), strusage(13) ); - handle_connections (fd, fd_extra, fd_browser, fd_ssh); + handle_connections (fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD); assuan_sock_close (fd); } @@ -1402,18 +1326,10 @@ } -/* Exit entry point. This function should be called instead of a - plain exit. */ void agent_exit (int rc) { /*FIXME: update_random_seed_file();*/ - - /* We run our cleanup handler because that may close cipher contexts - stored in secure memory and thus this needs to be done before we - explicitly terminate secure memory. */ - cleanup (); - #if 1 /* at this time a bit annoying */ if (opt.debug & DBG_MEMSTAT_VALUE) @@ -1430,11 +1346,6 @@ } -/* Each thread has its own local variables conveyed by a control - structure usually identified by an argument named CTRL. This - function is called immediately after allocating the control - structure. Its purpose is to setup the default values for that - structure. Note that some values may have already been set. */ static void agent_init_default_ctrl (ctrl_t ctrl) { @@ -1457,12 +1368,9 @@ xfree (ctrl->lc_messages); ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages) /**/ : NULL; - ctrl->cache_ttl_opt_preset = CACHE_TTL_OPT_PRESET; } -/* Release all resources allocated by default in the control - structure. This is the counterpart to agent_init_default_ctrl. */ static void agent_deinit_default_ctrl (ctrl_t ctrl) { @@ -1475,39 +1383,6 @@ } -/* Because the ssh protocol does not send us information about the - current TTY setting, we use this function to use those from startup - or those explictly set. This is also used for the restricted mode - where we ignore requests to change the environment. */ -gpg_error_t -agent_copy_startup_env (ctrl_t ctrl) -{ - static const char *names[] = - {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL}; - gpg_error_t err = 0; - int idx; - const char *value; - - for (idx=0; !err && names[idx]; idx++) - if ((value = session_env_getenv (opt.startup_env, names[idx]))) - err = session_env_setenv (ctrl->session_env, names[idx], value); - - if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype) - if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype))) - err = gpg_error_from_syserror (); - - if (!err && !ctrl->lc_messages && opt.startup_lc_messages) - if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages))) - err = gpg_error_from_syserror (); - - if (err) - log_error ("error setting default session environment: %s\n", - gpg_strerror (err)); - - return err; -} - - /* Reread parts of the configuration. Note, that this function is obviously not thread-safe and should only be called from the PTH signal handler. @@ -1531,7 +1406,7 @@ fp = fopen (config_filename, "r"); if (!fp) { - log_info (_("option file '%s': %s\n"), + log_info (_("option file `%s': %s\n"), config_filename, strerror(errno) ); return; } @@ -1550,7 +1425,6 @@ parse_rereadable_options (&pargs, 1); } fclose (fp); - finalize_rereadable_options (); set_debug (); } @@ -1579,18 +1453,18 @@ /* Under W32, this function returns the handle of the scdaemon notification event. Calling it the first time creates that event. */ -#if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM) +#ifdef HAVE_W32_SYSTEM void * get_agent_scd_notify_event (void) { - static HANDLE the_event = INVALID_HANDLE_VALUE; + static HANDLE the_event; - if (the_event == INVALID_HANDLE_VALUE) + if (!the_event) { HANDLE h, h2; SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE}; - /* We need to use a manual reset event object due to the way our + /* We need to use manual reset evet object due to the way our w32-pth wait function works: If we would use an automatic reset event we are not able to figure out which handle has been signaled because at the time we single out the signaled @@ -1614,30 +1488,52 @@ } } + log_debug ("returning notify handle %p\n", the_event); return the_event; } -#endif /*HAVE_W32_SYSTEM && !HAVE_W32CE_SYSTEM*/ +#endif /*HAVE_W32_SYSTEM*/ -/* Create a name for the socket in the home directory as using - STANDARD_NAME. We also check for valid characters as well as - against a maximum allowed length for a unix domain socket is done. - The function terminates the process in case of an error. Returns: - Pointer to an allocated string with the absolute name of the socket - used. */ +/* Create a name for the socket. With USE_STANDARD_SOCKET given as + true using STANDARD_NAME in the home directory or if given as + false from the mkdir type name TEMPLATE. In the latter case a + unique name in a unique new directory will be created. In both + cases check for valid characters as well as against a maximum + allowed length for a unix domain socket is done. The function + terminates the process in case of an error. Returns: Pointer to an + allocated string with the absolute name of the socket used. */ static char * -create_socket_name (char *standard_name, int with_homedir) +create_socket_name (char *standard_name, char *template) { - char *name; + char *name, *p; - if (with_homedir) + if (opt.use_standard_socket) name = make_filename (opt.homedir, standard_name, NULL); else - name = make_filename (standard_name, NULL); + { + name = xstrdup (template); + p = strrchr (name, '/'); + if (!p) + BUG (); + *p = 0; + if (!mkdtemp (name)) + { + log_error (_("can't create directory `%s': %s\n"), + name, strerror (errno)); + agent_exit (2); + } + *p = '/'; + } + if (strchr (name, PATHSEP_C)) { - log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S); + log_error (("`%s' are not allowed in the socket name\n"), PATHSEP_S); + agent_exit (2); + } + if (strlen (name) + 1 >= DIMof (struct sockaddr_un, sun_path) ) + { + log_error (_("name of socket too long\n")); agent_exit (2); } return name; @@ -1646,133 +1542,82 @@ /* Create a Unix domain socket with NAME. Returns the file descriptor - or terminates the process in case of an error. Note that this - function needs to be used for the regular socket first (indicated - by PRIMARY) and only then for the extra and the ssh sockets. If - the socket has been redirected the name of the real socket is - stored as a malloced string at R_REDIR_NAME. If CYGWIN is set a - Cygwin compatible socket is created (Windows only). */ + or terminates the process in case of an error. Not that this + function needs to be used for the regular socket first and only + then for the ssh socket. */ static gnupg_fd_t -create_server_socket (char *name, int primary, int cygwin, - char **r_redir_name, assuan_sock_nonce_t *nonce) +create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce) { - struct sockaddr *addr; - struct sockaddr_un *unaddr; + struct sockaddr_un *serv_addr; socklen_t len; gnupg_fd_t fd; int rc; - xfree (*r_redir_name); - *r_redir_name = NULL; - fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0); if (fd == ASSUAN_INVALID_FD) { log_error (_("can't create socket: %s\n"), strerror (errno)); - *name = 0; /* Inhibit removal of the socket by cleanup(). */ agent_exit (2); } -#if ASSUAN_VERSION_NUMBER >= 0x020300 /* >= 2.3.0 */ - if (cygwin) - assuan_sock_set_flag (fd, "cygwin", 1); -#else - (void)cygwin; -#endif - - unaddr = xmalloc (sizeof *unaddr); - addr = (struct sockaddr*)unaddr; - -#if ASSUAN_VERSION_NUMBER >= 0x020104 /* >= 2.1.4 */ - { - int redirected; - - if (assuan_sock_set_sockaddr_un (name, addr, &redirected)) - { - if (errno == ENAMETOOLONG) - log_error (_("socket name '%s' is too long\n"), name); - else - log_error ("error preparing socket '%s': %s\n", - name, gpg_strerror (gpg_error_from_syserror ())); - *name = 0; /* Inhibit removal of the socket by cleanup(). */ - agent_exit (2); - } - if (redirected) - { - *r_redir_name = xstrdup (unaddr->sun_path); - if (opt.verbose) - log_info ("redirecting socket '%s' to '%s'\n", name, *r_redir_name); - } - } -#else /* Assuan < 2.1.4 */ - memset (unaddr, 0, sizeof *unaddr); - unaddr->sun_family = AF_UNIX; - if (strlen (name) + 1 >= sizeof (unaddr->sun_path)) + serv_addr = xmalloc (sizeof (*serv_addr)); + memset (serv_addr, 0, sizeof *serv_addr); + serv_addr->sun_family = AF_UNIX; + if (strlen (name) + 1 >= sizeof (serv_addr->sun_path)) { - log_error (_("socket name '%s' is too long\n"), name); - *name = 0; /* Inhibit removal of the socket by cleanup(). */ + log_error (_("socket name `%s' is too long\n"), name); agent_exit (2); } - strcpy (unaddr->sun_path, name); -#endif /* Assuan < 2.1.4 */ - - len = SUN_LEN (unaddr); - rc = assuan_sock_bind (fd, addr, len); - - /* Our error code mapping on W32CE returns EEXIST thus we also test - for this. */ - if (rc == -1 - && (errno == EADDRINUSE -#ifdef HAVE_W32_SYSTEM - || errno == EEXIST -#endif - )) - { - /* Check whether a gpg-agent is already running. We do this - test only if this is the primary socket. For secondary - sockets we assume that a test for gpg-agent has already been - done and reuse the requested socket. Testing the ssh-socket - is not possible because at this point, though we know the new - Assuan socket, the Assuan server and thus the ssh-agent - server is not yet operational; this would lead to a hang. */ - if (primary && !check_for_running_agent (1)) + strcpy (serv_addr->sun_path, name); + len = SUN_LEN (serv_addr); + rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len); + if (opt.use_standard_socket && rc == -1 && errno == EADDRINUSE) + { + /* Check whether a gpg-agent is already running on the standard + socket. We do this test only if this is not the ssh socket. + For ssh we assume that a test for gpg-agent has already been + done and reuse the requested ssh socket. Testing the + ssh-socket is not possible because at this point, though we + know the new Assuan socket, the Assuan server and thus the + ssh-agent server is not yet operational. This would lead to + a hang. */ + if (!is_ssh && !check_for_running_agent (1, 1)) { - log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX); - log_set_file (NULL); log_error (_("a gpg-agent is already running - " "not starting a new one\n")); *name = 0; /* Inhibit removal of the socket by cleanup(). */ assuan_sock_close (fd); agent_exit (2); } - gnupg_remove (unaddr->sun_path); - rc = assuan_sock_bind (fd, addr, len); + remove (name); + rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len); } - if (rc != -1 && (rc=assuan_sock_get_nonce (addr, len, nonce))) + if (rc != -1 + && (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce))) log_error (_("error getting nonce for the socket\n")); if (rc == -1) { /* We use gpg_strerror here because it allows us to get strings for some W32 socket error codes. */ - log_error (_("error binding socket to '%s': %s\n"), - unaddr->sun_path, - gpg_strerror (gpg_error_from_syserror ())); + log_error (_("error binding socket to `%s': %s\n"), + serv_addr->sun_path, + gpg_strerror (gpg_error_from_errno (errno))); assuan_sock_close (fd); - *name = 0; /* Inhibit removal of the socket by cleanup(). */ + if (opt.use_standard_socket) + *name = 0; /* Inhibit removal of the socket by cleanup(). */ agent_exit (2); } if (listen (FD2INT(fd), 5 ) == -1) { log_error (_("listen() failed: %s\n"), strerror (errno)); - *name = 0; /* Inhibit removal of the socket by cleanup(). */ assuan_sock_close (fd); agent_exit (2); } if (opt.verbose) - log_info (_("listening on socket '%s'\n"), unaddr->sun_path); + log_info (_("listening on socket `%s'\n"), serv_addr->sun_path); return fd; } @@ -1790,11 +1635,17 @@ fname = make_filename (home, GNUPG_PRIVATE_KEYS_DIR, NULL); if (stat (fname, &statbuf) && errno == ENOENT) { - if (gnupg_mkdir (fname, "-rwx")) - log_error (_("can't create directory '%s': %s\n"), +#ifdef HAVE_W32_SYSTEM /*FIXME: Setup proper permissions. */ + if (!CreateDirectory (fname, NULL)) + log_error (_("can't create directory `%s': %s\n"), + fname, w32_strerror (-1) ); +#else + if (mkdir (fname, S_IRUSR|S_IWUSR|S_IXUSR )) + log_error (_("can't create directory `%s': %s\n"), fname, strerror (errno) ); +#endif else if (!opt.quiet) - log_info (_("directory '%s' created\n"), fname); + log_info (_("directory `%s' created\n"), fname); } xfree (fname); } @@ -1829,23 +1680,29 @@ #endif ) { - if (gnupg_mkdir (home, "-rwx")) - log_error (_("can't create directory '%s': %s\n"), +#ifdef HAVE_W32_SYSTEM + if (!CreateDirectory (home, NULL)) + log_error (_("can't create directory `%s': %s\n"), + home, w32_strerror (-1) ); +#else + if (mkdir (home, S_IRUSR|S_IWUSR|S_IXUSR )) + log_error (_("can't create directory `%s': %s\n"), home, strerror (errno) ); +#endif else { if (!opt.quiet) - log_info (_("directory '%s' created\n"), home); + log_info (_("directory `%s' created\n"), home); create_private_keys_directory (home); } } } else - log_error (_("stat() failed for '%s': %s\n"), home, strerror (errno)); + log_error (_("stat() failed for `%s': %s\n"), home, strerror (errno)); } else if ( !S_ISDIR(statbuf.st_mode)) { - log_error (_("can't use '%s' as home directory\n"), home); + log_error (_("can't use `%s' as home directory\n"), home); } else /* exists and is a directory. */ { @@ -1877,22 +1734,23 @@ if (kill (parent_pid, 0)) { shutdown_pending = 2; - log_info ("parent process died - shutting down\n"); - log_info ("%s %s stopped\n", strusage(11), strusage(13) ); + if (!opt.quiet) + { + log_info ("parent process died - shutting down\n"); + log_info ("%s %s stopped\n", strusage(11), strusage(13) ); + } cleanup (); agent_exit (0); } } #endif /*HAVE_W32_SYSTEM*/ - /* Code to be run from time to time. */ -#if CHECK_OWN_SOCKET_INTERVAL > 0 - if (last_minute + CHECK_OWN_SOCKET_INTERVAL <= time (NULL)) + /* Code to be run every minute. */ + if (last_minute + 60 <= time (NULL)) { check_own_socket (); last_minute = time (NULL); } -#endif } @@ -1904,18 +1762,12 @@ { log_info ("SIGHUP received - " "re-reading configuration and flushing cache\n"); - agent_flush_cache (); reread_configuration (); agent_reload_trustlist (); - /* We flush the module name cache so that after installing a - "pinentry" binary that one can be used in case the - "pinentry-basic" fallback was in use. */ - gnupg_module_name_flush_some (); } -/* A helper function to handle SIGUSR2. */ static void agent_sigusr2_action (void) { @@ -1926,9 +1778,6 @@ } -#ifndef HAVE_W32_SYSTEM -/* The signal handler for this program. It is expected to be run in - its own trhead and not in the context of a signal handler. */ static void handle_signal (int signo) { @@ -1941,9 +1790,7 @@ case SIGUSR1: log_info ("SIGUSR1 received - printing internal information:\n"); - /* Fixme: We need to see how to integrate pth dumping into our - logging system. */ - /* pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); */ + pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); agent_query_dump_state (); agent_scd_dump_state (); break; @@ -1956,8 +1803,8 @@ if (!shutdown_pending) log_info ("SIGTERM received - shutting down ...\n"); else - log_info ("SIGTERM received - still %i open connections\n", - active_connections); + log_info ("SIGTERM received - still %ld running threads\n", + pth_ctrl( PTH_CTRL_GETTHREADS )); shutdown_pending++; if (shutdown_pending > 2) { @@ -1979,7 +1826,7 @@ log_info ("signal %d received - no action defined\n", signo); } } -#endif + /* Check the nonce on a new connection. This is a NOP unless we we are using our Unix domain socket emulation under Windows. */ @@ -2019,6 +1866,9 @@ if (msg != WM_COPYDATA) { + /* pth_leave (); */ + /* log_debug ("putty loop: received WM_%u\n", msg ); */ + /* pth_enter (); */ return DefWindowProc (hwnd, msg, wparam, lparam); } @@ -2029,25 +1879,25 @@ if (!cds->cbData || mapfile[cds->cbData - 1]) return 0; /* Ignore empty and non-properly terminated strings. */ - if (DBG_IPC) + if (DBG_ASSUAN) { - npth_protect (); + pth_leave (); log_debug ("ssh map file '%s'", mapfile); - npth_unprotect (); + pth_enter (); } maphd = OpenFileMapping (FILE_MAP_ALL_ACCESS, FALSE, mapfile); - if (DBG_IPC) + if (DBG_ASSUAN) { - npth_protect (); + pth_leave (); log_debug ("ssh map handle %p\n", maphd); - npth_unprotect (); + pth_enter (); } if (!maphd || maphd == INVALID_HANDLE_VALUE) return 0; - npth_protect (); + pth_leave (); mysid = w32_get_user_sid (); if (!mysid) @@ -2066,7 +1916,7 @@ goto leave; } - if (DBG_IPC) + if (DBG_ASSUAN) { char *sidstr; @@ -2087,7 +1937,7 @@ } data = MapViewOfFile (maphd, FILE_MAP_ALL_ACCESS, 0, 0, 0); - if (DBG_IPC) + if (DBG_ASSUAN) log_debug ("ssh IPC buffer at %p\n", data); if (!data) goto leave; @@ -2125,7 +1975,7 @@ xfree (mysid); CloseHandle (maphd); - npth_unprotect (); + pth_enter (); return ret; } @@ -2145,18 +1995,18 @@ (void)arg; if (opt.verbose) - log_info ("putty message loop thread started\n"); + log_info ("putty message loop thread 0x%lx started\n", pth_thread_id ()); - /* The message loop runs as thread independent from our nPth system. - This also means that we need to make sure that we switch back to + /* The message loop runs as thread independet from out Pth system. + This also meand that we need to make sure that we switch back to our system before calling any no-windows function. */ - npth_unprotect (); + pth_enter (); /* First create a window to make sure that a message queue exists for this thread. */ if (!RegisterClass (&wndwclass)) { - npth_protect (); + pth_leave (); log_error ("error registering Pageant window class"); return NULL; } @@ -2168,7 +2018,7 @@ NULL); /* lpParm */ if (!hwnd) { - npth_protect (); + pth_leave (); log_error ("error creating Pageant window"); return NULL; } @@ -2179,28 +2029,34 @@ DispatchMessage(&msg); } - /* Back to nPth. */ - npth_protect (); + /* Back to Pth. */ + pth_leave (); if (opt.verbose) - log_info ("putty message loop thread stopped\n"); + log_info ("putty message loop thread 0x%lx stopped\n", pth_thread_id ()); return NULL; } #endif /*HAVE_W32_SYSTEM*/ +/* This is the standard connection thread's main function. */ static void * -do_start_connection_thread (ctrl_t ctrl) +start_connection_thread (void *arg) { + ctrl_t ctrl = arg; + + if (check_nonce (ctrl, &socket_nonce)) + return NULL; + agent_init_default_ctrl (ctrl); if (opt.verbose) log_info (_("handler 0x%lx for fd %d started\n"), - (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd)); + pth_thread_id (), FD2INT(ctrl->thread_startup.fd)); start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd); if (opt.verbose) log_info (_("handler 0x%lx for fd %d terminated\n"), - (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd)); + pth_thread_id (), FD2INT(ctrl->thread_startup.fd)); agent_deinit_default_ctrl (ctrl); xfree (ctrl); @@ -2208,59 +2064,6 @@ } -/* This is the standard connection thread's main function. */ -static void * -start_connection_thread_std (void *arg) -{ - ctrl_t ctrl = arg; - - if (check_nonce (ctrl, &socket_nonce)) - { - log_error ("handler 0x%lx nonce check FAILED\n", - (unsigned long) npth_self()); - return NULL; - } - - return do_start_connection_thread (ctrl); -} - - -/* This is the extra socket connection thread's main function. */ -static void * -start_connection_thread_extra (void *arg) -{ - ctrl_t ctrl = arg; - - if (check_nonce (ctrl, &socket_nonce_extra)) - { - log_error ("handler 0x%lx nonce check FAILED\n", - (unsigned long) npth_self()); - return NULL; - } - - ctrl->restricted = 1; - return do_start_connection_thread (ctrl); -} - - -/* This is the browser socket connection thread's main function. */ -static void * -start_connection_thread_browser (void *arg) -{ - ctrl_t ctrl = arg; - - if (check_nonce (ctrl, &socket_nonce_browser)) - { - log_error ("handler 0x%lx nonce check FAILED\n", - (unsigned long) npth_self()); - return NULL; - } - - ctrl->restricted = 2; - return do_start_connection_thread (ctrl); -} - - /* This is the ssh connection thread's main function. */ static void * start_connection_thread_ssh (void *arg) @@ -2273,12 +2076,12 @@ agent_init_default_ctrl (ctrl); if (opt.verbose) log_info (_("ssh handler 0x%lx for fd %d started\n"), - (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd)); + pth_thread_id (), FD2INT(ctrl->thread_startup.fd)); start_command_handler_ssh (ctrl, ctrl->thread_startup.fd); if (opt.verbose) log_info (_("ssh handler 0x%lx for fd %d terminated\n"), - (unsigned long) npth_self(), FD2INT(ctrl->thread_startup.fd)); + pth_thread_id (), FD2INT(ctrl->thread_startup.fd)); agent_deinit_default_ctrl (ctrl); xfree (ctrl); @@ -2289,62 +2092,61 @@ /* Connection handler loop. Wait for connection requests and spawn a thread after accepting a connection. */ static void -handle_connections (gnupg_fd_t listen_fd, - gnupg_fd_t listen_fd_extra, - gnupg_fd_t listen_fd_browser, - gnupg_fd_t listen_fd_ssh) +handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) { - npth_attr_t tattr; + pth_attr_t tattr; + pth_event_t ev, time_ev; + sigset_t sigs; + int signo; struct sockaddr_un paddr; socklen_t plen; fd_set fdset, read_fdset; int ret; gnupg_fd_t fd; int nfd; - int saved_errno; - struct timespec abstime; - struct timespec curtime; - struct timespec timeout; -#ifdef HAVE_W32_SYSTEM - HANDLE events[2]; - unsigned int events_set; -#endif - struct { - const char *name; - void *(*func) (void *arg); - gnupg_fd_t l_fd; - } listentbl[] = { - { "std", start_connection_thread_std }, - { "extra", start_connection_thread_extra }, - { "browser", start_connection_thread_browser }, - { "ssh", start_connection_thread_ssh } - }; - - - ret = npth_attr_init(&tattr); - if (ret) - log_fatal ("error allocating thread attributes: %s\n", - strerror (ret)); - npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED); -#ifndef HAVE_W32_SYSTEM - npth_sigev_init (); - npth_sigev_add (SIGHUP); - npth_sigev_add (SIGUSR1); - npth_sigev_add (SIGUSR2); - npth_sigev_add (SIGINT); - npth_sigev_add (SIGTERM); - npth_sigev_fini (); + tattr = pth_attr_new(); + pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0); + pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024); + +#ifndef HAVE_W32_SYSTEM /* fixme */ + /* Make sure that the signals we are going to handle are not blocked + and create an event object for them. We also set the default + action to ignore because we use an Pth event to get notified + about signals. This avoids that the default action is taken in + case soemthing goes wrong within Pth. The problem might also be + a Pth bug. */ + sigemptyset (&sigs ); + { + static const int mysigs[] = { SIGHUP, SIGUSR1, SIGUSR2, SIGINT, SIGTERM }; + struct sigaction sa; + int i; + + for (i=0; i < DIM (mysigs); i++) + { + sigemptyset (&sa.sa_mask); + sa.sa_handler = SIG_IGN; + sa.sa_flags = 0; + sigaction (mysigs[i], &sa, NULL); + + sigaddset (&sigs, mysigs[i]); + } + } + + pth_sigmask (SIG_UNBLOCK, &sigs, NULL); + ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo); #else -# ifdef HAVE_W32CE_SYSTEM +# ifdef PTH_EVENT_HANDLE + sigs = 0; + ev = pth_event (PTH_EVENT_HANDLE, get_agent_scd_notify_event ()); + signo = 0; +# else /* Use a dummy event. */ sigs = 0; ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo); -# else - events[0] = get_agent_scd_notify_event (); - events[1] = INVALID_HANDLE_VALUE; # endif #endif + time_ev = NULL; /* On Windows we need to fire up a separate thread to listen for requests from Putty (an SSH client), so we can replace Putty's @@ -2352,12 +2154,11 @@ #ifdef HAVE_W32_SYSTEM if (putty_support) { - npth_t thread; - - ret = npth_create (&thread, &tattr, putty_message_thread, NULL); - if (ret) + pth_attr_set (tattr, PTH_ATTR_NAME, "putty message loop"); + if (!pth_spawn (tattr, putty_message_thread, NULL)) { - log_error ("error spawning putty message loop: %s\n", strerror (ret)); + log_error ("error spawning putty message loop: %s\n", + strerror (errno) ); } } #endif /*HAVE_W32_SYSTEM*/ @@ -2369,18 +2170,6 @@ FD_ZERO (&fdset); FD_SET (FD2INT (listen_fd), &fdset); nfd = FD2INT (listen_fd); - if (listen_fd_extra != GNUPG_INVALID_FD) - { - FD_SET ( FD2INT(listen_fd_extra), &fdset); - if (FD2INT (listen_fd_extra) > nfd) - nfd = FD2INT (listen_fd_extra); - } - if (listen_fd_browser != GNUPG_INVALID_FD) - { - FD_SET ( FD2INT(listen_fd_browser), &fdset); - if (FD2INT (listen_fd_browser) > nfd) - nfd = FD2INT (listen_fd_browser); - } if (listen_fd_ssh != GNUPG_INVALID_FD) { FD_SET ( FD2INT(listen_fd_ssh), &fdset); @@ -2388,20 +2177,15 @@ nfd = FD2INT (listen_fd_ssh); } - listentbl[0].l_fd = listen_fd; - listentbl[1].l_fd = listen_fd_extra; - listentbl[2].l_fd = listen_fd_browser; - listentbl[3].l_fd = listen_fd_ssh; - - npth_clock_gettime (&abstime); - abstime.tv_sec += TIMERTICK_INTERVAL; - for (;;) { + /* Make sure that our signals are not blocked. */ + pth_sigmask (SIG_UNBLOCK, &sigs, NULL); + /* Shutdown test. */ if (shutdown_pending) { - if (active_connections == 0) + if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1) break; /* ready */ /* Do not accept new connections but keep on running the @@ -2409,107 +2193,176 @@ FD_ZERO (&fdset); } + /* Create a timeout event if needed. To help with power saving + we syncronize the ticks to the next full second. */ + if (!time_ev) + { + pth_time_t nexttick; + + nexttick = pth_timeout (TIMERTICK_INTERVAL, 0); + if (nexttick.tv_usec > 10) /* Use a 10 usec threshhold. */ + { + nexttick.tv_sec++; + nexttick.tv_usec = 0; + } + time_ev = pth_event (PTH_EVENT_TIME, nexttick); + } + /* POSIX says that fd_set should be implemented as a structure, thus a simple assignment is fine to copy the entire set. */ read_fdset = fdset; - npth_clock_gettime (&curtime); - if (!(npth_timercmp (&curtime, &abstime, <))) - { - /* Timeout. */ - handle_tick (); - npth_clock_gettime (&abstime); - abstime.tv_sec += TIMERTICK_INTERVAL; - } - npth_timersub (&abstime, &curtime, &timeout); - -#ifndef HAVE_W32_SYSTEM - ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, - npth_sigev_sigmask ()); - saved_errno = errno; + if (time_ev) + pth_event_concat (ev, time_ev, NULL); + ret = pth_select_ev (nfd+1, &read_fdset, NULL, NULL, NULL, ev); + if (time_ev) + pth_event_isolate (time_ev); - { - int signo; - while (npth_sigev_get_pending (&signo)) - handle_signal (signo); - } + if (ret == -1) + { + if (pth_event_occurred (ev) + || (time_ev && pth_event_occurred (time_ev))) + { + if (pth_event_occurred (ev)) + { +#if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE) + agent_sigusr2_action (); #else - ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, - events, &events_set); - saved_errno = errno; - - /* This is valid even if npth_eselect returns an error. */ - if (events_set & 1) - agent_sigusr2_action (); + handle_signal (signo); #endif - - if (ret == -1 && saved_errno != EINTR) - { - log_error (_("npth_pselect failed: %s - waiting 1s\n"), - strerror (saved_errno)); - npth_sleep (1); + } + if (time_ev && pth_event_occurred (time_ev)) + { + pth_event_free (time_ev, PTH_FREE_ALL); + time_ev = NULL; + handle_tick (); + } + continue; + } + log_error (_("pth_select failed: %s - waiting 1s\n"), + strerror (errno)); + pth_sleep (1); continue; } - if (ret <= 0) - /* Interrupt or timeout. Will be handled when calculating the - next timeout. */ - continue; - if (!shutdown_pending) + if (pth_event_occurred (ev)) + { +#if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE) + agent_sigusr2_action (); +#else + handle_signal (signo); +#endif + } + + if (time_ev && pth_event_occurred (time_ev)) { - int idx; + pth_event_free (time_ev, PTH_FREE_ALL); + time_ev = NULL; + handle_tick (); + } + + + /* We now might create new threads and because we don't want any + signals (as we are handling them here) to be delivered to a + new thread. Thus we need to block those signals. */ + pth_sigmask (SIG_BLOCK, &sigs, NULL); + + if (!shutdown_pending && FD_ISSET (FD2INT (listen_fd), &read_fdset)) + { ctrl_t ctrl; - npth_t thread; - for (idx=0; idx < DIM(listentbl); idx++) + plen = sizeof paddr; + fd = INT2FD (pth_accept (FD2INT(listen_fd), + (struct sockaddr *)&paddr, &plen)); + if (fd == GNUPG_INVALID_FD) + { + log_error ("accept failed: %s\n", strerror (errno)); + } + else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) ) { - if (listentbl[idx].l_fd == GNUPG_INVALID_FD) - continue; - if (!FD_ISSET (FD2INT (listentbl[idx].l_fd), &read_fdset)) - continue; - - plen = sizeof paddr; - fd = INT2FD (npth_accept (FD2INT(listentbl[idx].l_fd), - (struct sockaddr *)&paddr, &plen)); - if (fd == GNUPG_INVALID_FD) - { - log_error ("accept failed for %s: %s\n", - listentbl[idx].name, strerror (errno)); - } - else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl))) + log_error ("error allocating connection control data: %s\n", + strerror (errno) ); + assuan_sock_close (fd); + } + else if ( !(ctrl->session_env = session_env_new ()) ) + { + log_error ("error allocating session environment block: %s\n", + strerror (errno) ); + xfree (ctrl); + assuan_sock_close (fd); + } + else + { + char threadname[50]; + + snprintf (threadname, sizeof threadname-1, + "conn fd=%d (gpg)", FD2INT(fd)); + threadname[sizeof threadname -1] = 0; + pth_attr_set (tattr, PTH_ATTR_NAME, threadname); + ctrl->thread_startup.fd = fd; + if (!pth_spawn (tattr, start_connection_thread, ctrl)) { - log_error ("error allocating connection data for %s: %s\n", - listentbl[idx].name, strerror (errno) ); + log_error ("error spawning connection handler: %s\n", + strerror (errno) ); assuan_sock_close (fd); - } - else if ( !(ctrl->session_env = session_env_new ())) - { - log_error ("error allocating session env block for %s: %s\n", - listentbl[idx].name, strerror (errno) ); xfree (ctrl); - assuan_sock_close (fd); } - else + } + fd = GNUPG_INVALID_FD; + } + + if (!shutdown_pending && listen_fd_ssh != GNUPG_INVALID_FD + && FD_ISSET ( FD2INT (listen_fd_ssh), &read_fdset)) + { + ctrl_t ctrl; + + plen = sizeof paddr; + fd = INT2FD(pth_accept (FD2INT(listen_fd_ssh), + (struct sockaddr *)&paddr, &plen)); + if (fd == GNUPG_INVALID_FD) + { + log_error ("accept failed for ssh: %s\n", strerror (errno)); + } + else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) ) + { + log_error ("error allocating connection control data: %s\n", + strerror (errno) ); + assuan_sock_close (fd); + } + else if ( !(ctrl->session_env = session_env_new ()) ) + { + log_error ("error allocating session environment block: %s\n", + strerror (errno) ); + xfree (ctrl); + assuan_sock_close (fd); + } + else + { + char threadname[50]; + + agent_init_default_ctrl (ctrl); + snprintf (threadname, sizeof threadname-1, + "conn fd=%d (ssh)", FD2INT(fd)); + threadname[sizeof threadname -1] = 0; + pth_attr_set (tattr, PTH_ATTR_NAME, threadname); + ctrl->thread_startup.fd = fd; + if (!pth_spawn (tattr, start_connection_thread_ssh, ctrl) ) { - ctrl->thread_startup.fd = fd; - ret = npth_create (&thread, &tattr, - listentbl[idx].func, ctrl); - if (ret) - { - log_error ("error spawning connection handler for %s:" - " %s\n", listentbl[idx].name, strerror (ret)); - assuan_sock_close (fd); - xfree (ctrl); - } + log_error ("error spawning ssh connection handler: %s\n", + strerror (errno) ); + assuan_sock_close (fd); + xfree (ctrl); } - fd = GNUPG_INVALID_FD; } - } + fd = GNUPG_INVALID_FD; + } } + pth_event_free (ev, PTH_FREE_ALL); + if (time_ev) + pth_event_free (time_ev, PTH_FREE_ALL); cleanup (); log_info (_("%s %s stopped\n"), strusage(11), strusage(13)); - npth_attr_destroy (&tattr); } @@ -2595,58 +2448,104 @@ /* Check whether we are still listening on our own socket. In case another gpg-agent process started after us has taken ownership of - our socket, we would linger around without any real task. Thus we + our socket, we woul linger around without any real taks. Thus we better check once in a while whether we are really needed. */ static void check_own_socket (void) { char *sockname; - npth_t thread; - npth_attr_t tattr; - int err; + pth_attr_t tattr; - if (disable_check_own_socket) - return; + if (!opt.use_standard_socket) + return; /* This check makes only sense in standard socket mode. */ if (check_own_socket_running || shutdown_pending) return; /* Still running or already shutting down. */ - sockname = make_filename (opt.homedir, GPG_AGENT_SOCK_NAME, NULL); + sockname = make_filename (opt.homedir, "S.gpg-agent", NULL); if (!sockname) return; /* Out of memory. */ - err = npth_attr_init (&tattr); - if (err) - return; - npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED); - err = npth_create (&thread, &tattr, check_own_socket_thread, sockname); - if (err) - log_error ("error spawning check_own_socket_thread: %s\n", strerror (err)); - npth_attr_destroy (&tattr); + tattr = pth_attr_new(); + pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0); + pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024); + pth_attr_set (tattr, PTH_ATTR_NAME, "check-own-socket"); + + if (!pth_spawn (tattr, check_own_socket_thread, sockname)) + log_error ("error spawning check_own_socket_thread: %s\n", + strerror (errno) ); + pth_attr_destroy (tattr); } /* Figure out whether an agent is available and running. Prints an - error if not. If SILENT is true, no messages are printed. - Returns 0 if the agent is running. */ + error if not. If SILENT is true, no messages are printed. Usually + started with MODE 0. Returns 0 if the agent is running. */ static int -check_for_running_agent (int silent) +check_for_running_agent (int silent, int mode) { - gpg_error_t err; - char *sockname; + int rc; + char *infostr, *p; assuan_context_t ctx = NULL; + int prot, pid; - sockname = make_filename (opt.homedir, GPG_AGENT_SOCK_NAME, NULL); + if (!mode) + { + infostr = getenv ("GPG_AGENT_INFO"); + if (!infostr || !*infostr) + { + if (!check_for_running_agent (silent, 1)) + return 0; /* Okay, its running on the standard socket. */ + if (!silent) + log_error (_("no gpg-agent running in this session\n")); + return -1; + } - err = assuan_new (&ctx); - if (!err) - err = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0); - xfree (sockname); - if (err) + infostr = xstrdup (infostr); + if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr) + { + xfree (infostr); + if (!check_for_running_agent (silent, 1)) + return 0; /* Okay, its running on the standard socket. */ + if (!silent) + log_error (_("malformed GPG_AGENT_INFO environment variable\n")); + return -1; + } + + *p++ = 0; + pid = atoi (p); + while (*p && *p != PATHSEP_C) + p++; + prot = *p? atoi (p+1) : 0; + if (prot != 1) + { + xfree (infostr); + if (!silent) + log_error (_("gpg-agent protocol version %d is not supported\n"), + prot); + if (!check_for_running_agent (silent, 1)) + return 0; /* Okay, its running on the standard socket. */ + return -1; + } + } + else /* MODE != 0 */ { - if (!silent) - log_error (_("no gpg-agent running in this session\n")); + infostr = make_filename (opt.homedir, "S.gpg-agent", NULL); + pid = (pid_t)(-1); + } + + rc = assuan_new (&ctx); + if (! rc) + rc = assuan_socket_connect (ctx, infostr, pid, 0); + xfree (infostr); + if (rc) + { + if (!mode && !check_for_running_agent (silent, 1)) + return 0; /* Okay, its running on the standard socket. */ + + if (!mode && !silent) + log_error ("can't connect to the agent: %s\n", gpg_strerror (rc)); if (ctx) assuan_release (ctx); diff -Nru gnupg2-2.1.6/agent/learncard.c gnupg2-2.0.28/agent/learncard.c --- gnupg2-2.1.6/agent/learncard.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/learncard.c 2015-06-02 08:13:55.000000000 +0000 @@ -32,7 +32,7 @@ /* Structures used by the callback mechanism to convey information pertaining to key pairs. */ -struct keypair_info_s +struct keypair_info_s { struct keypair_info_s *next; int no_cert; @@ -44,7 +44,7 @@ }; typedef struct keypair_info_s *KEYPAIR_INFO; -struct kpinfo_cb_parm_s +struct kpinfo_cb_parm_s { ctrl_t ctrl; int error; @@ -56,13 +56,13 @@ pertaining to certificates. */ struct certinfo_s { struct certinfo_s *next; - int type; + int type; int done; char id[1]; }; typedef struct certinfo_s *CERTINFO; -struct certinfo_cb_parm_s +struct certinfo_cb_parm_s { ctrl_t ctrl; int error; @@ -75,9 +75,9 @@ struct sinfo_s { struct sinfo_s *next; char *data; /* Points into keyword. */ - char keyword[1]; + char keyword[1]; }; -typedef struct sinfo_s *SINFO; +typedef struct sinfo_s *SINFO; struct sinfo_cb_parm_s { int error; @@ -172,7 +172,7 @@ return; } *p = 0; /* ignore trailing stuff */ - + /* store it */ item->next = parm->info; parm->info = item; @@ -202,7 +202,7 @@ for (pend = p; *pend && !spacep (pend); pend++) ; if (p == pend || !*p) - { + { parm->error = gpg_error (GPG_ERR_INV_RESPONSE); return; } @@ -258,7 +258,7 @@ int rc; char *derbuf; size_t derbuflen; - + rc = agent_card_readcert (ctrl, id, &derbuf, &derbuflen); if (rc) { @@ -275,7 +275,7 @@ break; } if (opt.verbose || !*action) - log_info ("error reading certificate '%s': %s%s\n", + log_info ("error reading certificate `%s': %s%s\n", id? id:"?", gpg_strerror (rc), action); return *action? 0 : rc; @@ -296,10 +296,10 @@ return 0; } -/* Perform the learn operation. If ASSUAN_CONTEXT is not NULL and - SEND is true all new certificates are send back via Assuan. */ +/* Perform the learn operation. If ASSUAN_CONTEXT is not NULL all new + certificates are send back via Assuan. */ int -agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force) +agent_handle_learn (ctrl_t ctrl, void *assuan_context) { int rc; @@ -312,7 +312,7 @@ unsigned char grip[20]; char *p; int i; - static int certtype_list[] = { + static int certtype_list[] = { 111, /* Root CA */ 101, /* trusted */ 102, /* useful */ @@ -344,7 +344,7 @@ log_debug ("agent_card_learn failed: %s\n", gpg_strerror (rc)); goto leave; } - + log_info ("card has S/N: %s\n", serialno); /* Pass on all the collected status information. */ @@ -368,8 +368,8 @@ if (opt.verbose) log_info (" id: %s (type=%d)\n", citem->id, citem->type); - - if (assuan_context && send) + + if (assuan_context) { rc = send_cert_back (ctrl, citem->id, assuan_context); if (rc) @@ -378,7 +378,7 @@ } } } - + for (item = parm.info; item; item = item->next) { unsigned char *pubkey, *shdkey; @@ -398,10 +398,10 @@ for (p=item->hexgrip, i=0; i < 20; p += 2, i++) grip[i] = xtoi_2 (p); - - if (!force && !agent_key_available (grip)) + + if (!agent_key_available (grip)) continue; /* The key is already available. */ - + /* Unknown key - store it. */ rc = agent_card_readkey (ctrl, item->id, &pubkey); if (rc) @@ -430,7 +430,7 @@ n = gcry_sexp_canon_len (shdkey, 0, NULL, NULL); assert (n); - rc = agent_write_private_key (grip, shdkey, n, force); + rc = agent_write_private_key (grip, shdkey, n, 0); xfree (shdkey); if (rc) { @@ -439,12 +439,12 @@ } if (opt.verbose) - log_info (" id: %s - shadow key created\n", item->id); - - if (assuan_context && send) + log_info ("stored\n"); + + if (assuan_context) { CERTINFO citem; - + /* only send the certificate if we have not done so before */ for (citem = cparm.info; citem; citem = citem->next) { @@ -460,7 +460,7 @@ } } - + leave: xfree (serialno); release_keypair_info (parm.info); @@ -468,3 +468,5 @@ release_sinfo (sparm.info); return rc; } + + diff -Nru gnupg2-2.1.6/agent/Makefile.am gnupg2-2.0.28/agent/Makefile.am --- gnupg2-2.1.6/agent/Makefile.am 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/Makefile.am 2015-06-02 08:13:55.000000000 +0000 @@ -18,17 +18,12 @@ ## Process this file with automake to produce Makefile.in bin_PROGRAMS = gpg-agent -libexec_PROGRAMS = gpg-protect-tool -if !HAVE_W32CE_SYSTEM -# fixme: Do no use simple-pwquery for preset-passphrase. -libexec_PROGRAMS += gpg-preset-passphrase -endif +libexec_PROGRAMS = gpg-protect-tool gpg-preset-passphrase noinst_PROGRAMS = $(TESTS) EXTRA_DIST = ChangeLog-2011 gpg-agent-w32info.rc - -AM_CPPFLAGS = -I$(top_srcdir)/common +AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl include $(top_srcdir)/am/cmacros.am @@ -36,7 +31,7 @@ resource_objs += gpg-agent-w32info.o endif -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) +AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) gpg_agent_SOURCES = \ gpg-agent.c agent.h \ @@ -51,30 +46,24 @@ protect.c \ trustlist.c \ divert-scd.c \ - cvt-openpgp.c cvt-openpgp.h \ call-scd.c \ learncard.c -common_libs = $(libcommon) -commonpth_libs = $(libcommonpth) -if HAVE_W32CE_SYSTEM -pwquery_libs = -else +common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a +commonpth_libs = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a pwquery_libs = ../common/libsimple-pwquery.a -endif -gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) +gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS) gpg_agent_LDADD = $(commonpth_libs) \ - $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \ + $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) \ $(resource_objs) -gpg_agent_LDFLAGS = $(extra_bin_ldflags) -gpg_agent_DEPENDENCIES = $(resource_objs) gpg_protect_tool_SOURCES = \ protect-tool.c \ - protect.c + protect.c \ + minip12.c minip12.h gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) gpg_protect_tool_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) \ @@ -100,8 +89,8 @@ # TESTS = t-protect -t_common_ldadd = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ - $(LIBINTL) $(LIBICONV) $(NETLIBS) +t_common_ldadd = $(common_libs) \ + $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) t_protect_SOURCES = t-protect.c protect.c t_protect_LDADD = $(t_common_ldadd) diff -Nru gnupg2-2.1.6/agent/Makefile.in gnupg2-2.0.28/agent/Makefile.in --- gnupg2-2.1.6/agent/Makefile.in 2015-07-01 12:17:03.000000000 +0000 +++ gnupg2-2.0.28/agent/Makefile.in 2015-06-02 12:34:27.000000000 +0000 @@ -114,57 +114,61 @@ build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = gpg-agent$(EXEEXT) -libexec_PROGRAMS = gpg-protect-tool$(EXEEXT) $(am__EXEEXT_1) -# fixme: Do no use simple-pwquery for preset-passphrase. -@HAVE_W32CE_SYSTEM_FALSE@am__append_1 = gpg-preset-passphrase -noinst_PROGRAMS = $(am__EXEEXT_2) +libexec_PROGRAMS = gpg-protect-tool$(EXEEXT) \ + gpg-preset-passphrase$(EXEEXT) +noinst_PROGRAMS = $(am__EXEEXT_1) DIST_COMMON = $(top_srcdir)/am/cmacros.am $(srcdir)/Makefile.in \ - $(srcdir)/Makefile.am $(top_srcdir)/build-aux/mkinstalldirs \ - $(top_srcdir)/build-aux/depcomp -@HAVE_DOSISH_SYSTEM_FALSE@am__append_2 = -DGNUPG_BINDIR="\"$(bindir)\"" \ + $(srcdir)/Makefile.am $(top_srcdir)/scripts/mkinstalldirs \ + $(top_srcdir)/scripts/depcomp +@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\"" \ @HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" \ @HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" \ @HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \ -@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" \ -@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_LOCALSTATEDIR="\"$(localstatedir)\"" +@HAVE_DOSISH_SYSTEM_FALSE@ -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" # If a specific protect tool program has been defined, pass its name # to cc. Note that these macros should not be used directly but via # the gnupg_module_name function. -@GNUPG_AGENT_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\"" -@GNUPG_PINENTRY_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\"" -@GNUPG_SCDAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\"" -@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\"" -@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\"" -@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\"" -@HAVE_W32_SYSTEM_TRUE@am__append_9 = gpg-agent-w32info.o +@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\"" +@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\"" +@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\"" +@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\"" +@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\"" +@HAVE_W32_SYSTEM_TRUE@am__append_7 = gpg-agent-w32info.o TESTS = t-protect$(EXEEXT) subdir = agent ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \ - $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \ + $(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \ + $(top_srcdir)/gl/m4/eealloc.m4 \ + $(top_srcdir)/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/gl/m4/gnulib-tool.m4 \ + $(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \ + $(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \ + $(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \ + $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \ + $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \ $(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \ - $(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \ + $(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \ + $(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \ - $(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/m4/tar-ustar.m4 \ + $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \ + $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs +mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" -@HAVE_W32CE_SYSTEM_FALSE@am__EXEEXT_1 = \ -@HAVE_W32CE_SYSTEM_FALSE@ gpg-preset-passphrase$(EXEEXT) -am__EXEEXT_2 = t-protect$(EXEEXT) +am__EXEEXT_1 = t-protect$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS) am_gpg_agent_OBJECTS = gpg_agent-gpg-agent.$(OBJEXT) \ gpg_agent-command.$(OBJEXT) gpg_agent-command-ssh.$(OBJEXT) \ @@ -173,22 +177,24 @@ gpg_agent-pksign.$(OBJEXT) gpg_agent-pkdecrypt.$(OBJEXT) \ gpg_agent-genkey.$(OBJEXT) gpg_agent-protect.$(OBJEXT) \ gpg_agent-trustlist.$(OBJEXT) gpg_agent-divert-scd.$(OBJEXT) \ - gpg_agent-cvt-openpgp.$(OBJEXT) gpg_agent-call-scd.$(OBJEXT) \ - gpg_agent-learncard.$(OBJEXT) + gpg_agent-call-scd.$(OBJEXT) gpg_agent-learncard.$(OBJEXT) gpg_agent_OBJECTS = $(am_gpg_agent_OBJECTS) am__DEPENDENCIES_1 = -gpg_agent_LINK = $(CCLD) $(gpg_agent_CFLAGS) $(CFLAGS) \ - $(gpg_agent_LDFLAGS) $(LDFLAGS) -o $@ +gpg_agent_DEPENDENCIES = $(commonpth_libs) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(resource_objs) +gpg_agent_LINK = $(CCLD) $(gpg_agent_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ am_gpg_preset_passphrase_OBJECTS = preset-passphrase.$(OBJEXT) gpg_preset_passphrase_OBJECTS = $(am_gpg_preset_passphrase_OBJECTS) -@HAVE_W32CE_SYSTEM_FALSE@am__DEPENDENCIES_2 = \ -@HAVE_W32CE_SYSTEM_FALSE@ ../common/libsimple-pwquery.a -gpg_preset_passphrase_DEPENDENCIES = $(am__DEPENDENCIES_2) \ - $(common_libs) $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ +gpg_preset_passphrase_DEPENDENCIES = $(pwquery_libs) $(common_libs) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) am_gpg_protect_tool_OBJECTS = gpg_protect_tool-protect-tool.$(OBJEXT) \ - gpg_protect_tool-protect.$(OBJEXT) + gpg_protect_tool-protect.$(OBJEXT) \ + gpg_protect_tool-minip12.$(OBJEXT) gpg_protect_tool_OBJECTS = $(am_gpg_protect_tool_OBJECTS) gpg_protect_tool_DEPENDENCIES = $(common_libs) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @@ -198,10 +204,10 @@ $(AM_LDFLAGS) $(LDFLAGS) -o $@ am_t_protect_OBJECTS = t-protect.$(OBJEXT) protect.$(OBJEXT) t_protect_OBJECTS = $(am_t_protect_OBJECTS) -am__DEPENDENCIES_3 = $(common_libs) $(am__DEPENDENCIES_1) \ +am__DEPENDENCIES_2 = $(common_libs) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -t_protect_DEPENDENCIES = $(am__DEPENDENCIES_3) + $(am__DEPENDENCIES_1) +t_protect_DEPENDENCIES = $(am__DEPENDENCIES_2) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -215,7 +221,7 @@ am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp +depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp am__depfiles_maybe = depfiles am__mv = mv -f AM_V_lt = $(am__v_lt_@AM_V@) @@ -285,7 +291,11 @@ fi; \ } DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@ ACLOCAL = @ACLOCAL@ +ADNSLIBS = @ADNSLIBS@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ @@ -293,12 +303,16 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ BUILD_FILEVERSION = @BUILD_FILEVERSION@ BUILD_HOSTNAME = @BUILD_HOSTNAME@ BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@ BUILD_REVISION = @BUILD_REVISION@ BUILD_TIMESTAMP = @BUILD_TIMESTAMP@ -BUILD_VERSION = @BUILD_VERSION@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ @@ -314,25 +328,39 @@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ -ENCFS = @ENCFS@ EXEEXT = @EXEEXT@ -FUSERMOUNT = @FUSERMOUNT@ +FAQPROG = @FAQPROG@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@ -GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@ GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@ GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@ GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@ GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@ +GPGKEYS_CURL = @GPGKEYS_CURL@ +GPGKEYS_FINGER = @GPGKEYS_FINGER@ +GPGKEYS_HKP = @GPGKEYS_HKP@ +GPGKEYS_KDNS = @GPGKEYS_KDNS@ GPGKEYS_LDAP = @GPGKEYS_LDAP@ +GPGKEYS_MAILTO = @GPGKEYS_MAILTO@ GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@ GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@ GPG_ERROR_LIBS = @GPG_ERROR_LIBS@ GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@ GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@ GREP = @GREP@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -343,18 +371,19 @@ KSBA_CFLAGS = @KSBA_CFLAGS@ KSBA_CONFIG = @KSBA_CONFIG@ KSBA_LIBS = @KSBA_LIBS@ -LBER_LIBS = @LBER_LIBS@ LDAPLIBS = @LDAPLIBS@ LDAP_CPPFLAGS = @LDAP_CPPFLAGS@ LDFLAGS = @LDFLAGS@ LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@ LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@ LIBASSUAN_LIBS = @LIBASSUAN_LIBS@ +LIBCURL = @LIBCURL@ +LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@ LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ -LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@ +LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ @@ -373,12 +402,6 @@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NETLIBS = @NETLIBS@ -NPTH_CFLAGS = @NPTH_CFLAGS@ -NPTH_CONFIG = @NPTH_CONFIG@ -NPTH_LIBS = @NPTH_LIBS@ -NTBTLS_CFLAGS = @NTBTLS_CFLAGS@ -NTBTLS_CONFIG = @NTBTLS_CONFIG@ -NTBTLS_LIBS = @NTBTLS_LIBS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ @@ -390,28 +413,37 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ POSUB = @POSUB@ +PTH_CFLAGS = @PTH_CFLAGS@ +PTH_CONFIG = @PTH_CONFIG@ +PTH_LIBS = @PTH_LIBS@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ RANLIB = @RANLIB@ +SED = @SED@ SENDMAIL = @SENDMAIL@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SHRED = @SHRED@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDINT_H = @STDINT_H@ STRIP = @STRIP@ SYSROOT = @SYSROOT@ SYS_SOCKET_H = @SYS_SOCKET_H@ TAR = @TAR@ +UNISTD_H = @UNISTD_H@ USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ W32SOCKLIBS = @W32SOCKLIBS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ WINDRES = @WINDRES@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ ZLIBS = @ZLIBS@ +_libcurl_config = @_libcurl_config@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ @@ -463,31 +495,16 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = ChangeLog-2011 gpg-agent-w32info.rc - -# NB: AM_CFLAGS may also be used by tools running on the build -# platform to create source files. -AM_CPPFLAGS = -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \ - $(am__append_2) $(am__append_3) $(am__append_4) \ - $(am__append_5) $(am__append_6) $(am__append_7) \ - $(am__append_8) -@HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = - -# Under Windows we use LockFileEx. WindowsCE provides this only on -# the WindowsMobile 6 platform and thus we need to use the coredll6 -# import library. We also want to use a stacksize of 256k instead of -# the 2MB which is the default with cegcc. 256k is the largest stack -# we use with pth. -@HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6 -@HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = -@HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000 -resource_objs = $(am__append_9) +AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \ + -I$(top_srcdir)/intl -DLOCALEDIR=\"$(localedir)\" \ + $(am__append_1) $(am__append_2) $(am__append_3) \ + $(am__append_4) $(am__append_5) $(am__append_6) +resource_objs = $(am__append_7) # Convenience macros libcommon = ../common/libcommon.a libcommonpth = ../common/libcommonpth.a -libcommontls = ../common/libcommontls.a -libcommontlsnpth = ../common/libcommontlsnpth.a -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) +AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) gpg_agent_SOURCES = \ gpg-agent.c agent.h \ command.c command-ssh.c \ @@ -501,25 +518,22 @@ protect.c \ trustlist.c \ divert-scd.c \ - cvt-openpgp.c cvt-openpgp.h \ call-scd.c \ learncard.c -common_libs = $(libcommon) -commonpth_libs = $(libcommonpth) -@HAVE_W32CE_SYSTEM_FALSE@pwquery_libs = ../common/libsimple-pwquery.a -@HAVE_W32CE_SYSTEM_TRUE@pwquery_libs = -gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) +common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a +commonpth_libs = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a +pwquery_libs = ../common/libsimple-pwquery.a +gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS) gpg_agent_LDADD = $(commonpth_libs) \ - $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \ + $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) \ $(resource_objs) -gpg_agent_LDFLAGS = $(extra_bin_ldflags) -gpg_agent_DEPENDENCIES = $(resource_objs) gpg_protect_tool_SOURCES = \ protect-tool.c \ - protect.c + protect.c \ + minip12.c minip12.h gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) gpg_protect_tool_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) \ @@ -534,8 +548,8 @@ $(pwquery_libs) $(common_libs) \ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) -t_common_ldadd = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ - $(LIBINTL) $(LIBICONV) $(NETLIBS) +t_common_ldadd = $(common_libs) \ + $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) t_protect_SOURCES = t-protect.c protect.c t_protect_LDADD = $(t_common_ldadd) @@ -689,7 +703,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-call-scd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-command-ssh.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-command.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-cvt-openpgp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-divert-scd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-findkey.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-genkey.Po@am__quote@ @@ -700,6 +713,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-protect.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-trans.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_agent-trustlist.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_protect_tool-minip12.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_protect_tool-protect-tool.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpg_protect_tool-protect.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/preset-passphrase.Po@am__quote@ @@ -902,20 +916,6 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-divert-scd.obj `if test -f 'divert-scd.c'; then $(CYGPATH_W) 'divert-scd.c'; else $(CYGPATH_W) '$(srcdir)/divert-scd.c'; fi` -gpg_agent-cvt-openpgp.o: cvt-openpgp.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-cvt-openpgp.o -MD -MP -MF $(DEPDIR)/gpg_agent-cvt-openpgp.Tpo -c -o gpg_agent-cvt-openpgp.o `test -f 'cvt-openpgp.c' || echo '$(srcdir)/'`cvt-openpgp.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-cvt-openpgp.Tpo $(DEPDIR)/gpg_agent-cvt-openpgp.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cvt-openpgp.c' object='gpg_agent-cvt-openpgp.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-cvt-openpgp.o `test -f 'cvt-openpgp.c' || echo '$(srcdir)/'`cvt-openpgp.c - -gpg_agent-cvt-openpgp.obj: cvt-openpgp.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-cvt-openpgp.obj -MD -MP -MF $(DEPDIR)/gpg_agent-cvt-openpgp.Tpo -c -o gpg_agent-cvt-openpgp.obj `if test -f 'cvt-openpgp.c'; then $(CYGPATH_W) 'cvt-openpgp.c'; else $(CYGPATH_W) '$(srcdir)/cvt-openpgp.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-cvt-openpgp.Tpo $(DEPDIR)/gpg_agent-cvt-openpgp.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cvt-openpgp.c' object='gpg_agent-cvt-openpgp.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -c -o gpg_agent-cvt-openpgp.obj `if test -f 'cvt-openpgp.c'; then $(CYGPATH_W) 'cvt-openpgp.c'; else $(CYGPATH_W) '$(srcdir)/cvt-openpgp.c'; fi` - gpg_agent-call-scd.o: call-scd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_agent_CFLAGS) $(CFLAGS) -MT gpg_agent-call-scd.o -MD -MP -MF $(DEPDIR)/gpg_agent-call-scd.Tpo -c -o gpg_agent-call-scd.o `test -f 'call-scd.c' || echo '$(srcdir)/'`call-scd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gpg_agent-call-scd.Tpo $(DEPDIR)/gpg_agent-call-scd.Po @@ -972,6 +972,20 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-protect.obj `if test -f 'protect.c'; then $(CYGPATH_W) 'protect.c'; else $(CYGPATH_W) '$(srcdir)/protect.c'; fi` +gpg_protect_tool-minip12.o: minip12.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-minip12.o -MD -MP -MF $(DEPDIR)/gpg_protect_tool-minip12.Tpo -c -o gpg_protect_tool-minip12.o `test -f 'minip12.c' || echo '$(srcdir)/'`minip12.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gpg_protect_tool-minip12.Tpo $(DEPDIR)/gpg_protect_tool-minip12.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='minip12.c' object='gpg_protect_tool-minip12.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-minip12.o `test -f 'minip12.c' || echo '$(srcdir)/'`minip12.c + +gpg_protect_tool-minip12.obj: minip12.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -MT gpg_protect_tool-minip12.obj -MD -MP -MF $(DEPDIR)/gpg_protect_tool-minip12.Tpo -c -o gpg_protect_tool-minip12.obj `if test -f 'minip12.c'; then $(CYGPATH_W) 'minip12.c'; else $(CYGPATH_W) '$(srcdir)/minip12.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gpg_protect_tool-minip12.Tpo $(DEPDIR)/gpg_protect_tool-minip12.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='minip12.c' object='gpg_protect_tool-minip12.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gpg_protect_tool_CFLAGS) $(CFLAGS) -c -o gpg_protect_tool-minip12.obj `if test -f 'minip12.c'; then $(CYGPATH_W) 'minip12.c'; else $(CYGPATH_W) '$(srcdir)/minip12.c'; fi` + ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-am diff -Nru gnupg2-2.1.6/agent/minip12.c gnupg2-2.0.28/agent/minip12.c --- gnupg2-2.1.6/agent/minip12.c 1970-01-01 00:00:00.000000000 +0000 +++ gnupg2-2.0.28/agent/minip12.c 2015-06-02 08:13:55.000000000 +0000 @@ -0,0 +1,2362 @@ +/* minip12.c - A minimal pkcs-12 implementation. + * Copyright (C) 2002, 2003, 2004, 2006 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#include +#include + +#ifdef TEST +#include +#include +#endif + +#include "../jnlib/logging.h" +#include "../jnlib/utf8conv.h" +#include "minip12.h" + +#ifndef DIM +#define DIM(v) (sizeof(v)/sizeof((v)[0])) +#endif + + +enum +{ + UNIVERSAL = 0, + APPLICATION = 1, + ASNCONTEXT = 2, + PRIVATE = 3 +}; + + +enum +{ + TAG_NONE = 0, + TAG_BOOLEAN = 1, + TAG_INTEGER = 2, + TAG_BIT_STRING = 3, + TAG_OCTET_STRING = 4, + TAG_NULL = 5, + TAG_OBJECT_ID = 6, + TAG_OBJECT_DESCRIPTOR = 7, + TAG_EXTERNAL = 8, + TAG_REAL = 9, + TAG_ENUMERATED = 10, + TAG_EMBEDDED_PDV = 11, + TAG_UTF8_STRING = 12, + TAG_REALTIVE_OID = 13, + TAG_SEQUENCE = 16, + TAG_SET = 17, + TAG_NUMERIC_STRING = 18, + TAG_PRINTABLE_STRING = 19, + TAG_TELETEX_STRING = 20, + TAG_VIDEOTEX_STRING = 21, + TAG_IA5_STRING = 22, + TAG_UTC_TIME = 23, + TAG_GENERALIZED_TIME = 24, + TAG_GRAPHIC_STRING = 25, + TAG_VISIBLE_STRING = 26, + TAG_GENERAL_STRING = 27, + TAG_UNIVERSAL_STRING = 28, + TAG_CHARACTER_STRING = 29, + TAG_BMP_STRING = 30 +}; + + +static unsigned char const oid_data[9] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 }; +static unsigned char const oid_encryptedData[9] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06 }; +static unsigned char const oid_pkcs_12_keyBag[11] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x01 }; +static unsigned char const oid_pkcs_12_pkcs_8ShroudedKeyBag[11] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02 }; +static unsigned char const oid_pkcs_12_CertBag[11] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x03 }; +static unsigned char const oid_pkcs_12_CrlBag[11] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x04 }; + +static unsigned char const oid_pbeWithSHAAnd3_KeyTripleDES_CBC[10] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x03 }; +static unsigned char const oid_pbeWithSHAAnd40BitRC2_CBC[10] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x06 }; +static unsigned char const oid_x509Certificate_for_pkcs_12[10] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x16, 0x01 }; + + +static unsigned char const oid_rsaEncryption[9] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 }; + + +static unsigned char const data_3desiter2048[30] = { + 0x30, 0x1C, 0x06, 0x0A, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x03, 0x30, 0x0E, + 0x04, 0x08, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0x02, 0x02, 0x08, 0x00 }; +#define DATA_3DESITER2048_SALT_OFF 18 + +static unsigned char const data_rc2iter2048[30] = { + 0x30, 0x1C, 0x06, 0x0A, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x06, 0x30, 0x0E, + 0x04, 0x08, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0x02, 0x02, 0x08, 0x00 }; +#define DATA_RC2ITER2048_SALT_OFF 18 + +static unsigned char const data_mactemplate[51] = { + 0x30, 0x31, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, + 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, + 0x14, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x08, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x02, + 0x02, 0x08, 0x00 }; +#define DATA_MACTEMPLATE_MAC_OFF 17 +#define DATA_MACTEMPLATE_SALT_OFF 39 + +static unsigned char const data_attrtemplate[106] = { + 0x31, 0x7c, 0x30, 0x55, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x14, 0x31, + 0x48, 0x1e, 0x46, 0x00, 0x47, 0x00, 0x6e, 0x00, + 0x75, 0x00, 0x50, 0x00, 0x47, 0x00, 0x20, 0x00, + 0x65, 0x00, 0x78, 0x00, 0x70, 0x00, 0x6f, 0x00, + 0x72, 0x00, 0x74, 0x00, 0x65, 0x00, 0x64, 0x00, + 0x20, 0x00, 0x63, 0x00, 0x65, 0x00, 0x72, 0x00, + 0x74, 0x00, 0x69, 0x00, 0x66, 0x00, 0x69, 0x00, + 0x63, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00, + 0x20, 0x00, 0x66, 0x00, 0x66, 0x00, 0x66, 0x00, + 0x66, 0x00, 0x66, 0x00, 0x66, 0x00, 0x66, 0x00, + 0x66, 0x30, 0x23, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, + 0x04, 0x14 }; /* Need to append SHA-1 digest. */ +#define DATA_ATTRTEMPLATE_KEYID_OFF 73 + +struct buffer_s +{ + unsigned char *buffer; + size_t length; +}; + + +struct tag_info +{ + int class; + int is_constructed; + unsigned long tag; + unsigned long length; /* length part of the TLV */ + int nhdr; + int ndef; /* It is an indefinite length */ +}; + + +/* Parse the buffer at the address BUFFER which is of SIZE and return + the tag and the length part from the TLV triplet. Update BUFFER + and SIZE on success. Checks that the encoded length does not + exhaust the length of the provided buffer. */ +static int +parse_tag (unsigned char const **buffer, size_t *size, struct tag_info *ti) +{ + int c; + unsigned long tag; + const unsigned char *buf = *buffer; + size_t length = *size; + + ti->length = 0; + ti->ndef = 0; + ti->nhdr = 0; + + /* Get the tag */ + if (!length) + return -1; /* premature eof */ + c = *buf++; length--; + ti->nhdr++; + + ti->class = (c & 0xc0) >> 6; + ti->is_constructed = !!(c & 0x20); + tag = c & 0x1f; + + if (tag == 0x1f) + { + tag = 0; + do + { + tag <<= 7; + if (!length) + return -1; /* premature eof */ + c = *buf++; length--; + ti->nhdr++; + tag |= c & 0x7f; + } + while (c & 0x80); + } + ti->tag = tag; + + /* Get the length */ + if (!length) + return -1; /* prematureeof */ + c = *buf++; length--; + ti->nhdr++; + + if ( !(c & 0x80) ) + ti->length = c; + else if (c == 0x80) + ti->ndef = 1; + else if (c == 0xff) + return -1; /* forbidden length value */ + else + { + unsigned long len = 0; + int count = c & 0x7f; + + for (; count; count--) + { + len <<= 8; + if (!length) + return -1; /* premature_eof */ + c = *buf++; length--; + ti->nhdr++; + len |= c & 0xff; + } + ti->length = len; + } + + if (ti->class == UNIVERSAL && !ti->tag) + ti->length = 0; + + if (ti->length > length) + return -1; /* data larger than buffer. */ + + *buffer = buf; + *size = length; + return 0; +} + + +/* Given an ASN.1 chunk of a structure like: + + 24 NDEF: OCTET STRING -- This is not passed to us + 04 1: OCTET STRING -- INPUT point s to here + : 30 + 04 1: OCTET STRING + : 80 + [...] + 04 2: OCTET STRING + : 00 00 + : } -- This denotes a Null tag and are the last + -- two bytes in INPUT. + + Create a new buffer with the content of that octet string. INPUT + is the orginal buffer with a length as stored at LENGTH. Returns + NULL on error or a new malloced buffer with the length of this new + buffer stored at LENGTH and the number of bytes parsed from input + are added to the value stored at INPUT_CONSUMED. INPUT_CONSUMED is + allowed to be passed as NULL if the caller is not interested in + this value. */ +static unsigned char * +cram_octet_string (const unsigned char *input, size_t *length, + size_t *input_consumed) +{ + const unsigned char *s = input; + size_t n = *length; + unsigned char *output, *d; + struct tag_info ti; + + /* Allocate output buf. We know that it won't be longer than the + input buffer. */ + d = output = gcry_malloc (n); + if (!output) + goto bailout; + + for (;;) + { + if (parse_tag (&s, &n, &ti)) + goto bailout; + if (ti.class == UNIVERSAL && ti.tag == TAG_OCTET_STRING + && !ti.ndef && !ti.is_constructed) + { + memcpy (d, s, ti.length); + s += ti.length; + d += ti.length; + n -= ti.length; + } + else if (ti.class == UNIVERSAL && !ti.tag && !ti.is_constructed) + break; /* Ready */ + else + goto bailout; + } + + + *length = d - output; + if (input_consumed) + *input_consumed += s - input; + return output; + + bailout: + if (input_consumed) + *input_consumed += s - input; + gcry_free (output); + return NULL; +} + + + +static int +string_to_key (int id, char *salt, size_t saltlen, int iter, const char *pw, + int req_keylen, unsigned char *keybuf) +{ + int rc, i, j; + gcry_md_hd_t md; + gcry_mpi_t num_b1 = NULL; + int pwlen; + unsigned char hash[20], buf_b[64], buf_i[128], *p; + size_t cur_keylen; + size_t n; + + cur_keylen = 0; + pwlen = strlen (pw); + if (pwlen > 63/2) + { + log_error ("password too long\n"); + return -1; + } + + if (saltlen < 8) + { + log_error ("salt too short\n"); + return -1; + } + + /* Store salt and password in BUF_I */ + p = buf_i; + for(i=0; i < 64; i++) + *p++ = salt [i%saltlen]; + for(i=j=0; i < 64; i += 2) + { + *p++ = 0; + *p++ = pw[j]; + if (++j > pwlen) /* Note, that we include the trailing zero */ + j = 0; + } + + for (;;) + { + rc = gcry_md_open (&md, GCRY_MD_SHA1, 0); + if (rc) + { + log_error ( "gcry_md_open failed: %s\n", gpg_strerror (rc)); + return rc; + } + for(i=0; i < 64; i++) + gcry_md_putc (md, id); + gcry_md_write (md, buf_i, 128); + memcpy (hash, gcry_md_read (md, 0), 20); + gcry_md_close (md); + for (i=1; i < iter; i++) + gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20); + + for (i=0; i < 20 && cur_keylen < req_keylen; i++) + keybuf[cur_keylen++] = hash[i]; + if (cur_keylen == req_keylen) + { + gcry_mpi_release (num_b1); + return 0; /* ready */ + } + + /* need more bytes. */ + for(i=0; i < 64; i++) + buf_b[i] = hash[i % 20]; + rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, 64, &n); + if (rc) + { + log_error ( "gcry_mpi_scan failed: %s\n", gpg_strerror (rc)); + return -1; + } + gcry_mpi_add_ui (num_b1, num_b1, 1); + for (i=0; i < 128; i += 64) + { + gcry_mpi_t num_ij; + + rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, 64, &n); + if (rc) + { + log_error ( "gcry_mpi_scan failed: %s\n", + gpg_strerror (rc)); + return -1; + } + gcry_mpi_add (num_ij, num_ij, num_b1); + gcry_mpi_clear_highbit (num_ij, 64*8); + rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, 64, &n, num_ij); + if (rc) + { + log_error ( "gcry_mpi_print failed: %s\n", + gpg_strerror (rc)); + return -1; + } + gcry_mpi_release (num_ij); + } + } +} + + +static int +set_key_iv (gcry_cipher_hd_t chd, char *salt, size_t saltlen, int iter, + const char *pw, int keybytes) +{ + unsigned char keybuf[24]; + int rc; + + assert (keybytes == 5 || keybytes == 24); + if (string_to_key (1, salt, saltlen, iter, pw, keybytes, keybuf)) + return -1; + rc = gcry_cipher_setkey (chd, keybuf, keybytes); + if (rc) + { + log_error ( "gcry_cipher_setkey failed: %s\n", gpg_strerror (rc)); + return -1; + } + + if (string_to_key (2, salt, saltlen, iter, pw, 8, keybuf)) + return -1; + rc = gcry_cipher_setiv (chd, keybuf, 8); + if (rc) + { + log_error ("gcry_cipher_setiv failed: %s\n", gpg_strerror (rc)); + return -1; + } + return 0; +} + + +static void +crypt_block (unsigned char *buffer, size_t length, char *salt, size_t saltlen, + int iter, const char *pw, int cipher_algo, int encrypt) +{ + gcry_cipher_hd_t chd; + int rc; + + rc = gcry_cipher_open (&chd, cipher_algo, GCRY_CIPHER_MODE_CBC, 0); + if (rc) + { + log_error ( "gcry_cipher_open failed: %s\n", gpg_strerror(rc)); + wipememory (buffer, length); + return; + } + if (set_key_iv (chd, salt, saltlen, iter, pw, + cipher_algo == GCRY_CIPHER_RFC2268_40? 5:24)) + { + wipememory (buffer, length); + goto leave; + } + + rc = encrypt? gcry_cipher_encrypt (chd, buffer, length, NULL, 0) + : gcry_cipher_decrypt (chd, buffer, length, NULL, 0); + + if (rc) + { + wipememory (buffer, length); + log_error ( "en/de-crytion failed: %s\n", gpg_strerror (rc)); + goto leave; + } + + leave: + gcry_cipher_close (chd); +} + + +/* Decrypt a block of data and try several encodings of the key. + CIPHERTEXT is the encrypted data of size LENGTH bytes; PLAINTEXT is + a buffer of the same size to receive the decryption result. SALT, + SALTLEN, ITER and PW are the information required for decryption + and CIPHER_ALGO is the algorithm id to use. CHECK_FNC is a + function called with the plaintext and used to check whether the + decryption succeeded; i.e. that a correct passphrase has been + given. That function shall return true if the decryption has likely + succeeded. */ +static void +decrypt_block (const void *ciphertext, unsigned char *plaintext, size_t length, + char *salt, size_t saltlen, + int iter, const char *pw, int cipher_algo, + int (*check_fnc) (const void *, size_t)) +{ + static const char * const charsets[] = { + "", /* No conversion - use the UTF-8 passphrase direct. */ + "ISO-8859-1", + "ISO-8859-15", + "ISO-8859-2", + "ISO-8859-3", + "ISO-8859-4", + "ISO-8859-5", + "ISO-8859-6", + "ISO-8859-7", + "ISO-8859-8", + "ISO-8859-9", + "KOI8-R", + "IBM437", + "IBM850", + "EUC-JP", + "BIG5", + NULL + }; + int charsetidx = 0; + char *convertedpw = NULL; /* Malloced and converted password or NULL. */ + size_t convertedpwsize = 0; /* Allocated length. */ + + for (charsetidx=0; charsets[charsetidx]; charsetidx++) + { + if (*charsets[charsetidx]) + { + jnlib_iconv_t cd; + const char *inptr; + char *outptr; + size_t inbytes, outbytes; + + if (!convertedpw) + { + /* We assume one byte encodings. Thus we can allocate + the buffer of the same size as the original + passphrase; the result will actually be shorter + then. */ + convertedpwsize = strlen (pw) + 1; + convertedpw = gcry_malloc_secure (convertedpwsize); + if (!convertedpw) + { + log_info ("out of secure memory while" + " converting passphrase\n"); + break; /* Give up. */ + } + } + + cd = jnlib_iconv_open (charsets[charsetidx], "utf-8"); + if (cd == (jnlib_iconv_t)(-1)) + continue; + + inptr = pw; + inbytes = strlen (pw); + outptr = convertedpw; + outbytes = convertedpwsize - 1; + if ( jnlib_iconv (cd, (const char **)&inptr, &inbytes, + &outptr, &outbytes) == (size_t)-1) + { + jnlib_iconv_close (cd); + continue; + } + *outptr = 0; + jnlib_iconv_close (cd); + log_info ("decryption failed; trying charset `%s'\n", + charsets[charsetidx]); + } + memcpy (plaintext, ciphertext, length); + crypt_block (plaintext, length, salt, saltlen, iter, + convertedpw? convertedpw:pw, cipher_algo, 0); + if (check_fnc (plaintext, length)) + break; /* Decryption succeeded. */ + } + gcry_free (convertedpw); +} + + +/* Return true if the decryption of an bag_encrypted_data object has + likely succeeded. */ +static int +bag_decrypted_data_p (const void *plaintext, size_t length) +{ + struct tag_info ti; + const unsigned char *p = plaintext; + size_t n = length; + + /* { */ + /* # warning debug code is enabled */ + /* FILE *fp = fopen ("tmp-rc2-plain.der", "wb"); */ + /* if (!fp || fwrite (p, n, 1, fp) != 1) */ + /* exit (2); */ + /* fclose (fp); */ + /* } */ + + if (parse_tag (&p, &n, &ti)) + return 0; + if (ti.class || ti.tag != TAG_SEQUENCE) + return 0; + if (parse_tag (&p, &n, &ti)) + return 0; + + return 1; +} + +/* Note: If R_RESULT is passed as NULL, a key object as already be + processed and thus we need to skip it here. */ +static int +parse_bag_encrypted_data (const unsigned char *buffer, size_t length, + int startoffset, size_t *r_consumed, const char *pw, + void (*certcb)(void*, const unsigned char*, size_t), + void *certcbarg, gcry_mpi_t **r_result) +{ + struct tag_info ti; + const unsigned char *p = buffer; + const unsigned char *p_start = buffer; + size_t n = length; + const char *where; + char salt[20]; + size_t saltlen; + unsigned int iter; + unsigned char *plain = NULL; + int bad_pass = 0; + unsigned char *cram_buffer = NULL; + size_t consumed = 0; /* Number of bytes consumed from the orginal buffer. */ + int is_3des = 0; + gcry_mpi_t *result = NULL; + int result_count; + + if (r_result) + *r_result = NULL; + where = "start"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class != ASNCONTEXT || ti.tag) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.tag != TAG_SEQUENCE) + goto bailout; + + where = "bag.encryptedData.version"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.tag != TAG_INTEGER || ti.length != 1 || *p != 0) + goto bailout; + p++; n--; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.tag != TAG_SEQUENCE) + goto bailout; + + where = "bag.encryptedData.data"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.tag != TAG_OBJECT_ID || ti.length != DIM(oid_data) + || memcmp (p, oid_data, DIM(oid_data))) + goto bailout; + p += DIM(oid_data); + n -= DIM(oid_data); + + where = "bag.encryptedData.keyinfo"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (!ti.class && ti.tag == TAG_OBJECT_ID + && ti.length == DIM(oid_pbeWithSHAAnd40BitRC2_CBC) + && !memcmp (p, oid_pbeWithSHAAnd40BitRC2_CBC, + DIM(oid_pbeWithSHAAnd40BitRC2_CBC))) + { + p += DIM(oid_pbeWithSHAAnd40BitRC2_CBC); + n -= DIM(oid_pbeWithSHAAnd40BitRC2_CBC); + } + else if (!ti.class && ti.tag == TAG_OBJECT_ID + && ti.length == DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC) + && !memcmp (p, oid_pbeWithSHAAnd3_KeyTripleDES_CBC, + DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC))) + { + p += DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC); + n -= DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC); + is_3des = 1; + } + else + goto bailout; + + where = "rc2or3des-params"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OCTET_STRING + || ti.length < 8 || ti.length > 20 ) + goto bailout; + saltlen = ti.length; + memcpy (salt, p, saltlen); + p += saltlen; + n -= saltlen; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_INTEGER || !ti.length ) + goto bailout; + for (iter=0; ti.length; ti.length--) + { + iter <<= 8; + iter |= (*p++) & 0xff; + n--; + } + + where = "rc2or3des-ciphertext"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + + consumed = p - p_start; + if (ti.class == ASNCONTEXT && ti.tag == 0 && ti.is_constructed && ti.ndef) + { + /* Mozilla exported certs now come with single byte chunks of + octect strings. (Mozilla Firefox 1.0.4). Arghh. */ + where = "cram-rc2or3des-ciphertext"; + cram_buffer = cram_octet_string ( p, &n, &consumed); + if (!cram_buffer) + goto bailout; + p = p_start = cram_buffer; + if (r_consumed) + *r_consumed = consumed; + r_consumed = NULL; /* Ugly hack to not update that value any further. */ + ti.length = n; + } + else if (ti.class == ASNCONTEXT && ti.tag == 0 && ti.length ) + ; + else + goto bailout; + + log_info ("%lu bytes of %s encrypted text\n",ti.length,is_3des?"3DES":"RC2"); + + plain = gcry_malloc_secure (ti.length); + if (!plain) + { + log_error ("error allocating decryption buffer\n"); + goto bailout; + } + decrypt_block (p, plain, ti.length, salt, saltlen, iter, pw, + is_3des? GCRY_CIPHER_3DES : GCRY_CIPHER_RFC2268_40, + bag_decrypted_data_p); + n = ti.length; + startoffset = 0; + p_start = p = plain; + + where = "outer.outer.seq"; + if (parse_tag (&p, &n, &ti)) + { + bad_pass = 1; + goto bailout; + } + if (ti.class || ti.tag != TAG_SEQUENCE) + { + bad_pass = 1; + goto bailout; + } + + if (parse_tag (&p, &n, &ti)) + { + bad_pass = 1; + goto bailout; + } + + /* Loop over all certificates inside the bag. */ + while (n) + { + int iscrlbag = 0; + int iskeybag = 0; + + where = "certbag.nextcert"; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + + where = "certbag.objectidentifier"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OBJECT_ID) + goto bailout; + if ( ti.length == DIM(oid_pkcs_12_CertBag) + && !memcmp (p, oid_pkcs_12_CertBag, DIM(oid_pkcs_12_CertBag))) + { + p += DIM(oid_pkcs_12_CertBag); + n -= DIM(oid_pkcs_12_CertBag); + } + else if ( ti.length == DIM(oid_pkcs_12_CrlBag) + && !memcmp (p, oid_pkcs_12_CrlBag, DIM(oid_pkcs_12_CrlBag))) + { + p += DIM(oid_pkcs_12_CrlBag); + n -= DIM(oid_pkcs_12_CrlBag); + iscrlbag = 1; + } + else if ( ti.length == DIM(oid_pkcs_12_keyBag) + && !memcmp (p, oid_pkcs_12_keyBag, DIM(oid_pkcs_12_keyBag))) + { + /* The TrustedMIME plugin for MS Outlook started to create + files with just one outer 3DES encrypted container and + inside the certificates as well as the key. */ + p += DIM(oid_pkcs_12_keyBag); + n -= DIM(oid_pkcs_12_keyBag); + iskeybag = 1; + } + else + goto bailout; + + where = "certbag.before.certheader"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class != ASNCONTEXT || ti.tag) + goto bailout; + if (iscrlbag) + { + log_info ("skipping unsupported crlBag\n"); + p += ti.length; + n -= ti.length; + } + else if (iskeybag && (result || !r_result)) + { + log_info ("one keyBag already processed; skipping this one\n"); + p += ti.length; + n -= ti.length; + } + else if (iskeybag) + { + int len; + + log_info ("processing simple keyBag\n"); + + /* Fixme: This code is duplicated from parse_bag_data. */ + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER + || ti.length != 1 || *p) + goto bailout; + p++; n--; + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + len = ti.length; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (len < ti.nhdr) + goto bailout; + len -= ti.nhdr; + if (ti.class || ti.tag != TAG_OBJECT_ID + || ti.length != DIM(oid_rsaEncryption) + || memcmp (p, oid_rsaEncryption, + DIM(oid_rsaEncryption))) + goto bailout; + p += DIM (oid_rsaEncryption); + n -= DIM (oid_rsaEncryption); + if (len < ti.length) + goto bailout; + len -= ti.length; + if (n < len) + goto bailout; + p += len; + n -= len; + if ( parse_tag (&p, &n, &ti) + || ti.class || ti.tag != TAG_OCTET_STRING) + goto bailout; + if ( parse_tag (&p, &n, &ti) + || ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + len = ti.length; + + result = gcry_calloc (10, sizeof *result); + if (!result) + { + log_error ( "error allocating result array\n"); + goto bailout; + } + result_count = 0; + + where = "reading.keybag.key-parameters"; + for (result_count = 0; len && result_count < 9;) + { + if ( parse_tag (&p, &n, &ti) + || ti.class || ti.tag != TAG_INTEGER) + goto bailout; + if (len < ti.nhdr) + goto bailout; + len -= ti.nhdr; + if (len < ti.length) + goto bailout; + len -= ti.length; + if (!result_count && ti.length == 1 && !*p) + ; /* ignore the very first one if it is a 0 */ + else + { + int rc; + + rc = gcry_mpi_scan (result+result_count, GCRYMPI_FMT_USG, p, + ti.length, NULL); + if (rc) + { + log_error ("error parsing key parameter: %s\n", + gpg_strerror (rc)); + goto bailout; + } + result_count++; + } + p += ti.length; + n -= ti.length; + } + if (len) + goto bailout; + } + else + { + log_info ("processing certBag\n"); + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OBJECT_ID + || ti.length != DIM(oid_x509Certificate_for_pkcs_12) + || memcmp (p, oid_x509Certificate_for_pkcs_12, + DIM(oid_x509Certificate_for_pkcs_12))) + goto bailout; + p += DIM(oid_x509Certificate_for_pkcs_12); + n -= DIM(oid_x509Certificate_for_pkcs_12); + + where = "certbag.before.octetstring"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class != ASNCONTEXT || ti.tag) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OCTET_STRING || ti.ndef) + goto bailout; + + /* Return the certificate. */ + if (certcb) + certcb (certcbarg, p, ti.length); + + p += ti.length; + n -= ti.length; + } + + /* Ugly hack to cope with the padding: Forget about the rest if + that is less or equal to the cipher's block length. We can + reasonable assume that all valid data will be longer than + just one block. */ + if (n <= 8) + n = 0; + + /* Skip the optional SET with the pkcs12 cert attributes. */ + if (n) + { + where = "bag.attributes"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (!ti.class && ti.tag == TAG_SEQUENCE) + ; /* No attributes. */ + else if (!ti.class && ti.tag == TAG_SET && !ti.ndef) + { /* The optional SET. */ + p += ti.length; + n -= ti.length; + if (n <= 8) + n = 0; + if (n && parse_tag (&p, &n, &ti)) + goto bailout; + } + else + goto bailout; + } + } + + if (r_consumed) + *r_consumed = consumed; + gcry_free (plain); + gcry_free (cram_buffer); + if (r_result) + *r_result = result; + return 0; + + bailout: + if (result) + { + int i; + + for (i=0; result[i]; i++) + gcry_mpi_release (result[i]); + gcry_free (result); + } + if (r_consumed) + *r_consumed = consumed; + gcry_free (plain); + gcry_free (cram_buffer); + log_error ("encryptedData error at \"%s\", offset %u\n", + where, (unsigned int)((p - p_start)+startoffset)); + if (bad_pass) + { + /* Note, that the following string might be used by other programs + to check for a bad passphrase; it should therefore not be + translated or changed. */ + log_error ("possibly bad passphrase given\n"); + } + return -1; +} + + +/* Return true if the decryption of a bag_data object has likely + succeeded. */ +static int +bag_data_p (const void *plaintext, size_t length) +{ + struct tag_info ti; + const unsigned char *p = plaintext; + size_t n = length; + +/* { */ +/* # warning debug code is enabled */ +/* FILE *fp = fopen ("tmp-3des-plain-key.der", "wb"); */ +/* if (!fp || fwrite (p, n, 1, fp) != 1) */ +/* exit (2); */ +/* fclose (fp); */ +/* } */ + + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE) + return 0; + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER + || ti.length != 1 || *p) + return 0; + + return 1; +} + + +static gcry_mpi_t * +parse_bag_data (const unsigned char *buffer, size_t length, int startoffset, + size_t *r_consumed, const char *pw) +{ + int rc; + struct tag_info ti; + const unsigned char *p = buffer; + const unsigned char *p_start = buffer; + size_t n = length; + const char *where; + char salt[20]; + size_t saltlen; + unsigned int iter; + int len; + unsigned char *plain = NULL; + gcry_mpi_t *result = NULL; + int result_count, i; + unsigned char *cram_buffer = NULL; + size_t consumed = 0; /* Number of bytes consumed from the orginal buffer. */ + + where = "start"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class != ASNCONTEXT || ti.tag) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OCTET_STRING) + goto bailout; + + consumed = p - p_start; + if (ti.is_constructed && ti.ndef) + { + /* Mozilla exported certs now come with single byte chunks of + octect strings. (Mozilla Firefox 1.0.4). Arghh. */ + where = "cram-data.outersegs"; + cram_buffer = cram_octet_string ( p, &n, &consumed); + if (!cram_buffer) + goto bailout; + p = p_start = cram_buffer; + if (r_consumed) + *r_consumed = consumed; + r_consumed = NULL; /* Ugly hack to not update that value any further. */ + } + + + where = "data.outerseqs"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + + where = "data.objectidentifier"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OBJECT_ID + || ti.length != DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag) + || memcmp (p, oid_pkcs_12_pkcs_8ShroudedKeyBag, + DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag))) + goto bailout; + p += DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag); + n -= DIM(oid_pkcs_12_pkcs_8ShroudedKeyBag); + + where = "shrouded,outerseqs"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class != ASNCONTEXT || ti.tag) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OBJECT_ID + || ti.length != DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC) + || memcmp (p, oid_pbeWithSHAAnd3_KeyTripleDES_CBC, + DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC))) + goto bailout; + p += DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC); + n -= DIM(oid_pbeWithSHAAnd3_KeyTripleDES_CBC); + + where = "3des-params"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OCTET_STRING + || ti.length < 8 || ti.length > 20) + goto bailout; + saltlen = ti.length; + memcpy (salt, p, saltlen); + p += saltlen; + n -= saltlen; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_INTEGER || !ti.length ) + goto bailout; + for (iter=0; ti.length; ti.length--) + { + iter <<= 8; + iter |= (*p++) & 0xff; + n--; + } + + where = "3des-ciphertext"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class || ti.tag != TAG_OCTET_STRING || !ti.length ) + goto bailout; + + log_info ("%lu bytes of 3DES encrypted text\n", ti.length); + + plain = gcry_malloc_secure (ti.length); + if (!plain) + { + log_error ("error allocating decryption buffer\n"); + goto bailout; + } + consumed += p - p_start + ti.length; + decrypt_block (p, plain, ti.length, salt, saltlen, iter, pw, + GCRY_CIPHER_3DES, + bag_data_p); + n = ti.length; + startoffset = 0; + p_start = p = plain; + + where = "decrypted-text"; + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER + || ti.length != 1 || *p) + goto bailout; + p++; n--; + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + len = ti.length; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (len < ti.nhdr) + goto bailout; + len -= ti.nhdr; + if (ti.class || ti.tag != TAG_OBJECT_ID + || ti.length != DIM(oid_rsaEncryption) + || memcmp (p, oid_rsaEncryption, + DIM(oid_rsaEncryption))) + goto bailout; + p += DIM (oid_rsaEncryption); + n -= DIM (oid_rsaEncryption); + if (len < ti.length) + goto bailout; + len -= ti.length; + if (n < len) + goto bailout; + p += len; + n -= len; + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_OCTET_STRING) + goto bailout; + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_SEQUENCE) + goto bailout; + len = ti.length; + + result = gcry_calloc (10, sizeof *result); + if (!result) + { + log_error ( "error allocating result array\n"); + goto bailout; + } + result_count = 0; + + where = "reading.key-parameters"; + for (result_count=0; len && result_count < 9;) + { + if (parse_tag (&p, &n, &ti) || ti.class || ti.tag != TAG_INTEGER) + goto bailout; + if (len < ti.nhdr) + goto bailout; + len -= ti.nhdr; + if (len < ti.length) + goto bailout; + len -= ti.length; + if (!result_count && ti.length == 1 && !*p) + ; /* ignore the very first one if it is a 0 */ + else + { + rc = gcry_mpi_scan (result+result_count, GCRYMPI_FMT_USG, p, + ti.length, NULL); + if (rc) + { + log_error ("error parsing key parameter: %s\n", + gpg_strerror (rc)); + goto bailout; + } + result_count++; + } + p += ti.length; + n -= ti.length; + } + if (len) + goto bailout; + + gcry_free (cram_buffer); + if (r_consumed) + *r_consumed = consumed; + return result; + + bailout: + gcry_free (plain); + if (result) + { + for (i=0; result[i]; i++) + gcry_mpi_release (result[i]); + gcry_free (result); + } + gcry_free (cram_buffer); + log_error ( "data error at \"%s\", offset %u\n", + where, (unsigned int)((p - buffer) + startoffset)); + if (r_consumed) + *r_consumed = consumed; + return NULL; +} + + +/* Parse a PKCS12 object and return an array of MPI representing the + secret key parameters. This is a very limited implementation in + that it is only able to look for 3DES encoded encryptedData and + tries to extract the first private key object it finds. In case of + an error NULL is returned. CERTCB and CERRTCBARG are used to pass + X.509 certificates back to the caller. */ +gcry_mpi_t * +p12_parse (const unsigned char *buffer, size_t length, const char *pw, + void (*certcb)(void*, const unsigned char*, size_t), + void *certcbarg) +{ + struct tag_info ti; + const unsigned char *p = buffer; + const unsigned char *p_start = buffer; + size_t n = length; + const char *where; + int bagseqlength, len; + int bagseqndef, lenndef; + gcry_mpi_t *result = NULL; + unsigned char *cram_buffer = NULL; + + where = "pfx"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.tag != TAG_SEQUENCE) + goto bailout; + + where = "pfxVersion"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.tag != TAG_INTEGER || ti.length != 1 || *p != 3) + goto bailout; + p++; n--; + + where = "authSave"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.tag != TAG_SEQUENCE) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.tag != TAG_OBJECT_ID || ti.length != DIM(oid_data) + || memcmp (p, oid_data, DIM(oid_data))) + goto bailout; + p += DIM(oid_data); + n -= DIM(oid_data); + + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class != ASNCONTEXT || ti.tag) + goto bailout; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class != UNIVERSAL || ti.tag != TAG_OCTET_STRING) + goto bailout; + + if (ti.is_constructed && ti.ndef) + { + /* Mozilla exported certs now come with single byte chunks of + octect strings. (Mozilla Firefox 1.0.4). Arghh. */ + where = "cram-bags"; + cram_buffer = cram_octet_string ( p, &n, NULL); + if (!cram_buffer) + goto bailout; + p = p_start = cram_buffer; + } + + where = "bags"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (ti.class != UNIVERSAL || ti.tag != TAG_SEQUENCE) + goto bailout; + bagseqndef = ti.ndef; + bagseqlength = ti.length; + while (bagseqlength || bagseqndef) + { +/* log_debug ( "at offset %u\n", (p - p_start)); */ + where = "bag-sequence"; + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (bagseqndef && ti.class == UNIVERSAL && !ti.tag && !ti.is_constructed) + break; /* Ready */ + if (ti.class != UNIVERSAL || ti.tag != TAG_SEQUENCE) + goto bailout; + + if (!bagseqndef) + { + if (bagseqlength < ti.nhdr) + goto bailout; + bagseqlength -= ti.nhdr; + if (bagseqlength < ti.length) + goto bailout; + bagseqlength -= ti.length; + } + lenndef = ti.ndef; + len = ti.length; + + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (lenndef) + len = ti.nhdr; + else + len -= ti.nhdr; + + if (ti.tag == TAG_OBJECT_ID && ti.length == DIM(oid_encryptedData) + && !memcmp (p, oid_encryptedData, DIM(oid_encryptedData))) + { + size_t consumed = 0; + + p += DIM(oid_encryptedData); + n -= DIM(oid_encryptedData); + if (!lenndef) + len -= DIM(oid_encryptedData); + where = "bag.encryptedData"; + if (parse_bag_encrypted_data (p, n, (p - p_start), &consumed, pw, + certcb, certcbarg, + result? NULL : &result)) + goto bailout; + if (lenndef) + len += consumed; + } + else if (ti.tag == TAG_OBJECT_ID && ti.length == DIM(oid_data) + && !memcmp (p, oid_data, DIM(oid_data))) + { + if (result) + { + log_info ("already got an key object, skipping this one\n"); + p += ti.length; + n -= ti.length; + } + else + { + size_t consumed = 0; + + p += DIM(oid_data); + n -= DIM(oid_data); + if (!lenndef) + len -= DIM(oid_data); + result = parse_bag_data (p, n, (p - p_start), &consumed, pw); + if (!result) + goto bailout; + if (lenndef) + len += consumed; + } + } + else + { + log_info ("unknown bag type - skipped\n"); + p += ti.length; + n -= ti.length; + } + + if (len < 0 || len > n) + goto bailout; + p += len; + n -= len; + if (lenndef) + { + /* Need to skip the Null Tag. */ + if (parse_tag (&p, &n, &ti)) + goto bailout; + if (!(ti.class == UNIVERSAL && !ti.tag && !ti.is_constructed)) + goto bailout; + } + } + + gcry_free (cram_buffer); + return result; + bailout: + log_error ("error at \"%s\", offset %u\n", + where, (unsigned int)(p - p_start)); + if (result) + { + int i; + + for (i=0; result[i]; i++) + gcry_mpi_release (result[i]); + gcry_free (result); + } + gcry_free (cram_buffer); + return NULL; +} + + + +static size_t +compute_tag_length (size_t n) +{ + int needed = 0; + + if (n < 128) + needed += 2; /* tag and one length byte */ + else if (n < 256) + needed += 3; /* tag, number of length bytes, 1 length byte */ + else if (n < 65536) + needed += 4; /* tag, number of length bytes, 2 length bytes */ + else + { + log_error ("object too larger to encode\n"); + return 0; + } + return needed; +} + +static unsigned char * +store_tag_length (unsigned char *p, int tag, size_t n) +{ + if (tag == TAG_SEQUENCE) + tag |= 0x20; /* constructed */ + + *p++ = tag; + if (n < 128) + *p++ = n; + else if (n < 256) + { + *p++ = 0x81; + *p++ = n; + } + else if (n < 65536) + { + *p++ = 0x82; + *p++ = n >> 8; + *p++ = n; + } + + return p; +} + + +/* Create the final PKCS-12 object from the sequences contained in + SEQLIST. PW is the password. That array is terminated with an NULL + object. */ +static unsigned char * +create_final (struct buffer_s *sequences, const char *pw, size_t *r_length) +{ + int i; + size_t needed = 0; + size_t len[8], n; + unsigned char *macstart; + size_t maclen; + unsigned char *result, *p; + size_t resultlen; + char salt[8]; + unsigned char keybuf[20]; + gcry_md_hd_t md; + int rc; + int with_mac = 1; + + + /* 9 steps to create the pkcs#12 Krampf. */ + + /* 8. The MAC. */ + /* We add this at step 0. */ + + /* 7. All the buffers. */ + for (i=0; sequences[i].buffer; i++) + needed += sequences[i].length; + + /* 6. This goes into a sequences. */ + len[6] = needed; + n = compute_tag_length (needed); + needed += n; + + /* 5. Encapsulate all in an octet string. */ + len[5] = needed; + n = compute_tag_length (needed); + needed += n; + + /* 4. And tag it with [0]. */ + len[4] = needed; + n = compute_tag_length (needed); + needed += n; + + /* 3. Prepend an data OID. */ + needed += 2 + DIM (oid_data); + + /* 2. Put all into a sequences. */ + len[2] = needed; + n = compute_tag_length (needed); + needed += n; + + /* 1. Prepend the version integer 3. */ + needed += 3; + + /* 0. And the final outer sequence. */ + if (with_mac) + needed += DIM (data_mactemplate); + len[0] = needed; + n = compute_tag_length (needed); + needed += n; + + /* Allocate a buffer. */ + result = gcry_malloc (needed); + if (!result) + { + log_error ("error allocating buffer\n"); + return NULL; + } + p = result; + + /* 0. Store the very outer sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, len[0]); + + /* 1. Store the version integer 3. */ + *p++ = TAG_INTEGER; + *p++ = 1; + *p++ = 3; + + /* 2. Store another sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, len[2]); + + /* 3. Store the data OID. */ + p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_data)); + memcpy (p, oid_data, DIM (oid_data)); + p += DIM (oid_data); + + /* 4. Next comes a context tag. */ + p = store_tag_length (p, 0xa0, len[4]); + + /* 5. And an octet string. */ + p = store_tag_length (p, TAG_OCTET_STRING, len[5]); + + /* 6. And the inner sequence. */ + macstart = p; + p = store_tag_length (p, TAG_SEQUENCE, len[6]); + + /* 7. Append all the buffers. */ + for (i=0; sequences[i].buffer; i++) + { + memcpy (p, sequences[i].buffer, sequences[i].length); + p += sequences[i].length; + } + + if (with_mac) + { + /* Intermezzo to compute the MAC. */ + maclen = p - macstart; + gcry_randomize (salt, 8, GCRY_STRONG_RANDOM); + if (string_to_key (3, salt, 8, 2048, pw, 20, keybuf)) + { + gcry_free (result); + return NULL; + } + rc = gcry_md_open (&md, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); + if (rc) + { + log_error ("gcry_md_open failed: %s\n", gpg_strerror (rc)); + gcry_free (result); + return NULL; + } + rc = gcry_md_setkey (md, keybuf, 20); + if (rc) + { + log_error ("gcry_md_setkey failed: %s\n", gpg_strerror (rc)); + gcry_md_close (md); + gcry_free (result); + return NULL; + } + gcry_md_write (md, macstart, maclen); + + /* 8. Append the MAC template and fix it up. */ + memcpy (p, data_mactemplate, DIM (data_mactemplate)); + memcpy (p + DATA_MACTEMPLATE_SALT_OFF, salt, 8); + memcpy (p + DATA_MACTEMPLATE_MAC_OFF, gcry_md_read (md, 0), 20); + p += DIM (data_mactemplate); + gcry_md_close (md); + } + + /* Ready. */ + resultlen = p - result; + if (needed != resultlen) + log_debug ("length mismatch: %lu, %lu\n", + (unsigned long)needed, (unsigned long)resultlen); + + *r_length = resultlen; + return result; +} + + +/* Build a DER encoded SEQUENCE with the key: + + SEQUENCE { + INTEGER 0 + SEQUENCE { + OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) + NULL + } + OCTET STRING, encapsulates { + SEQUENCE { + INTEGER 0 + INTEGER + INTEGER + INTEGER + INTEGER + INTEGER + INTEGER + INTEGER + INTEGER + } + } + } +*/ + +static unsigned char * +build_key_sequence (gcry_mpi_t *kparms, size_t *r_length) +{ + int rc, i; + size_t needed, n; + unsigned char *plain, *p; + size_t plainlen; + size_t outseqlen, oidseqlen, octstrlen, inseqlen; + + needed = 3; /* The version(?) integer of value 0. */ + for (i=0; kparms[i]; i++) + { + n = 0; + rc = gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &n, kparms[i]); + if (rc) + { + log_error ("error formatting parameter: %s\n", gpg_strerror (rc)); + return NULL; + } + needed += n; + n = compute_tag_length (n); + if (!n) + return NULL; + needed += n; + } + if (i != 8) + { + log_error ("invalid parameters for p12_build\n"); + return NULL; + } + /* Now this all goes into a sequence. */ + inseqlen = needed; + n = compute_tag_length (needed); + if (!n) + return NULL; + needed += n; + /* Encapsulate all into an octet string. */ + octstrlen = needed; + n = compute_tag_length (needed); + if (!n) + return NULL; + needed += n; + /* Prepend the object identifier sequence. */ + oidseqlen = 2 + DIM (oid_rsaEncryption) + 2; + needed += 2 + oidseqlen; + /* The version number. */ + needed += 3; + /* And finally put the whole thing into a sequence. */ + outseqlen = needed; + n = compute_tag_length (needed); + if (!n) + return NULL; + needed += n; + + /* allocate 8 extra bytes for padding */ + plain = gcry_malloc_secure (needed+8); + if (!plain) + { + log_error ("error allocating encryption buffer\n"); + return NULL; + } + + /* And now fill the plaintext buffer. */ + p = plain; + p = store_tag_length (p, TAG_SEQUENCE, outseqlen); + /* Store version. */ + *p++ = TAG_INTEGER; + *p++ = 1; + *p++ = 0; + /* Store object identifier sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, oidseqlen); + p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_rsaEncryption)); + memcpy (p, oid_rsaEncryption, DIM (oid_rsaEncryption)); + p += DIM (oid_rsaEncryption); + *p++ = TAG_NULL; + *p++ = 0; + /* Start with the octet string. */ + p = store_tag_length (p, TAG_OCTET_STRING, octstrlen); + p = store_tag_length (p, TAG_SEQUENCE, inseqlen); + /* Store the key parameters. */ + *p++ = TAG_INTEGER; + *p++ = 1; + *p++ = 0; + for (i=0; kparms[i]; i++) + { + n = 0; + rc = gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &n, kparms[i]); + if (rc) + { + log_error ("oops: error formatting parameter: %s\n", + gpg_strerror (rc)); + gcry_free (plain); + return NULL; + } + p = store_tag_length (p, TAG_INTEGER, n); + + n = plain + needed - p; + rc = gcry_mpi_print (GCRYMPI_FMT_STD, p, n, &n, kparms[i]); + if (rc) + { + log_error ("oops: error storing parameter: %s\n", + gpg_strerror (rc)); + gcry_free (plain); + return NULL; + } + p += n; + } + + plainlen = p - plain; + assert (needed == plainlen); + /* Append some pad characters; we already allocated extra space. */ + n = 8 - plainlen % 8; + for (i=0; i < n; i++, plainlen++) + *p++ = n; + + *r_length = plainlen; + return plain; +} + + + +static unsigned char * +build_key_bag (unsigned char *buffer, size_t buflen, char *salt, + const unsigned char *sha1hash, const char *keyidstr, + size_t *r_length) +{ + size_t len[11], needed; + unsigned char *p, *keybag; + size_t keybaglen; + + /* Walk 11 steps down to collect the info: */ + + /* 10. The data goes into an octet string. */ + needed = compute_tag_length (buflen); + needed += buflen; + + /* 9. Prepend the algorithm identifier. */ + needed += DIM (data_3desiter2048); + + /* 8. Put a sequence around. */ + len[8] = needed; + needed += compute_tag_length (needed); + + /* 7. Prepend a [0] tag. */ + len[7] = needed; + needed += compute_tag_length (needed); + + /* 6b. The attributes which are appended at the end. */ + if (sha1hash) + needed += DIM (data_attrtemplate) + 20; + + /* 6. Prepend the shroudedKeyBag OID. */ + needed += 2 + DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag); + + /* 5+4. Put all into two sequences. */ + len[5] = needed; + needed += compute_tag_length ( needed); + len[4] = needed; + needed += compute_tag_length (needed); + + /* 3. This all goes into an octet string. */ + len[3] = needed; + needed += compute_tag_length (needed); + + /* 2. Prepend another [0] tag. */ + len[2] = needed; + needed += compute_tag_length (needed); + + /* 1. Prepend the data OID. */ + needed += 2 + DIM (oid_data); + + /* 0. Prepend another sequence. */ + len[0] = needed; + needed += compute_tag_length (needed); + + /* Now that we have all length information, allocate a buffer. */ + p = keybag = gcry_malloc (needed); + if (!keybag) + { + log_error ("error allocating buffer\n"); + return NULL; + } + + /* Walk 11 steps up to store the data. */ + + /* 0. Store the first sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, len[0]); + + /* 1. Store the data OID. */ + p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_data)); + memcpy (p, oid_data, DIM (oid_data)); + p += DIM (oid_data); + + /* 2. Store a [0] tag. */ + p = store_tag_length (p, 0xa0, len[2]); + + /* 3. And an octet string. */ + p = store_tag_length (p, TAG_OCTET_STRING, len[3]); + + /* 4+5. Two sequences. */ + p = store_tag_length (p, TAG_SEQUENCE, len[4]); + p = store_tag_length (p, TAG_SEQUENCE, len[5]); + + /* 6. Store the shroudedKeyBag OID. */ + p = store_tag_length (p, TAG_OBJECT_ID, + DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag)); + memcpy (p, oid_pkcs_12_pkcs_8ShroudedKeyBag, + DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag)); + p += DIM (oid_pkcs_12_pkcs_8ShroudedKeyBag); + + /* 7. Store a [0] tag. */ + p = store_tag_length (p, 0xa0, len[7]); + + /* 8. Store a sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, len[8]); + + /* 9. Now for the pre-encoded algorithm identifier and the salt. */ + memcpy (p, data_3desiter2048, DIM (data_3desiter2048)); + memcpy (p + DATA_3DESITER2048_SALT_OFF, salt, 8); + p += DIM (data_3desiter2048); + + /* 10. And the octet string with the encrypted data. */ + p = store_tag_length (p, TAG_OCTET_STRING, buflen); + memcpy (p, buffer, buflen); + p += buflen; + + /* Append the attributes whose length we calculated at step 2b. */ + if (sha1hash) + { + int i; + + memcpy (p, data_attrtemplate, DIM (data_attrtemplate)); + for (i=0; i < 8; i++) + p[DATA_ATTRTEMPLATE_KEYID_OFF+2*i+1] = keyidstr[i]; + p += DIM (data_attrtemplate); + memcpy (p, sha1hash, 20); + p += 20; + } + + + keybaglen = p - keybag; + if (needed != keybaglen) + log_debug ("length mismatch: %lu, %lu\n", + (unsigned long)needed, (unsigned long)keybaglen); + + *r_length = keybaglen; + return keybag; +} + + +static unsigned char * +build_cert_bag (unsigned char *buffer, size_t buflen, char *salt, + size_t *r_length) +{ + size_t len[9], needed; + unsigned char *p, *certbag; + size_t certbaglen; + + /* Walk 9 steps down to collect the info: */ + + /* 8. The data goes into an octet string. */ + needed = compute_tag_length (buflen); + needed += buflen; + + /* 7. The algorithm identifier. */ + needed += DIM (data_rc2iter2048); + + /* 6. The data OID. */ + needed += 2 + DIM (oid_data); + + /* 5. A sequence. */ + len[5] = needed; + needed += compute_tag_length ( needed); + + /* 4. An integer. */ + needed += 3; + + /* 3. A sequence. */ + len[3] = needed; + needed += compute_tag_length (needed); + + /* 2. A [0] tag. */ + len[2] = needed; + needed += compute_tag_length (needed); + + /* 1. The encryptedData OID. */ + needed += 2 + DIM (oid_encryptedData); + + /* 0. The first sequence. */ + len[0] = needed; + needed += compute_tag_length (needed); + + /* Now that we have all length information, allocate a buffer. */ + p = certbag = gcry_malloc (needed); + if (!certbag) + { + log_error ("error allocating buffer\n"); + return NULL; + } + + /* Walk 9 steps up to store the data. */ + + /* 0. Store the first sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, len[0]); + + /* 1. Store the encryptedData OID. */ + p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_encryptedData)); + memcpy (p, oid_encryptedData, DIM (oid_encryptedData)); + p += DIM (oid_encryptedData); + + /* 2. Store a [0] tag. */ + p = store_tag_length (p, 0xa0, len[2]); + + /* 3. Store a sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, len[3]); + + /* 4. Store the integer 0. */ + *p++ = TAG_INTEGER; + *p++ = 1; + *p++ = 0; + + /* 5. Store a sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, len[5]); + + /* 6. Store the data OID. */ + p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_data)); + memcpy (p, oid_data, DIM (oid_data)); + p += DIM (oid_data); + + /* 7. Now for the pre-encoded algorithm identifier and the salt. */ + memcpy (p, data_rc2iter2048, DIM (data_rc2iter2048)); + memcpy (p + DATA_RC2ITER2048_SALT_OFF, salt, 8); + p += DIM (data_rc2iter2048); + + /* 8. And finally the [0] tag with the encrypted data. */ + p = store_tag_length (p, 0x80, buflen); + memcpy (p, buffer, buflen); + p += buflen; + certbaglen = p - certbag; + + if (needed != certbaglen) + log_debug ("length mismatch: %lu, %lu\n", + (unsigned long)needed, (unsigned long)certbaglen); + + *r_length = certbaglen; + return certbag; +} + + +static unsigned char * +build_cert_sequence (unsigned char *buffer, size_t buflen, + const unsigned char *sha1hash, const char *keyidstr, + size_t *r_length) +{ + size_t len[8], needed, n; + unsigned char *p, *certseq; + size_t certseqlen; + int i; + + assert (strlen (keyidstr) == 8); + + /* Walk 8 steps down to collect the info: */ + + /* 7. The data goes into an octet string. */ + needed = compute_tag_length (buflen); + needed += buflen; + + /* 6. A [0] tag. */ + len[6] = needed; + needed += compute_tag_length (needed); + + /* 5. An OID. */ + needed += 2 + DIM (oid_x509Certificate_for_pkcs_12); + + /* 4. A sequence. */ + len[4] = needed; + needed += compute_tag_length (needed); + + /* 3. A [0] tag. */ + len[3] = needed; + needed += compute_tag_length (needed); + + /* 2b. The attributes which are appended at the end. */ + if (sha1hash) + needed += DIM (data_attrtemplate) + 20; + + /* 2. An OID. */ + needed += 2 + DIM (oid_pkcs_12_CertBag); + + /* 1. A sequence. */ + len[1] = needed; + needed += compute_tag_length (needed); + + /* 0. The first sequence. */ + len[0] = needed; + needed += compute_tag_length (needed); + + /* Now that we have all length information, allocate a buffer. */ + p = certseq = gcry_malloc (needed + 8 /*(for padding)*/); + if (!certseq) + { + log_error ("error allocating buffer\n"); + return NULL; + } + + /* Walk 8 steps up to store the data. */ + + /* 0. Store the first sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, len[0]); + + /* 1. Store the second sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, len[1]); + + /* 2. Store the pkcs12-cert-bag OID. */ + p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_pkcs_12_CertBag)); + memcpy (p, oid_pkcs_12_CertBag, DIM (oid_pkcs_12_CertBag)); + p += DIM (oid_pkcs_12_CertBag); + + /* 3. Store a [0] tag. */ + p = store_tag_length (p, 0xa0, len[3]); + + /* 4. Store a sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, len[4]); + + /* 5. Store the x509Certificate OID. */ + p = store_tag_length (p, TAG_OBJECT_ID, + DIM (oid_x509Certificate_for_pkcs_12)); + memcpy (p, oid_x509Certificate_for_pkcs_12, + DIM (oid_x509Certificate_for_pkcs_12)); + p += DIM (oid_x509Certificate_for_pkcs_12); + + /* 6. Store a [0] tag. */ + p = store_tag_length (p, 0xa0, len[6]); + + /* 7. And the octet string with the actual certificate. */ + p = store_tag_length (p, TAG_OCTET_STRING, buflen); + memcpy (p, buffer, buflen); + p += buflen; + + /* Append the attributes whose length we calculated at step 2b. */ + if (sha1hash) + { + memcpy (p, data_attrtemplate, DIM (data_attrtemplate)); + for (i=0; i < 8; i++) + p[DATA_ATTRTEMPLATE_KEYID_OFF+2*i+1] = keyidstr[i]; + p += DIM (data_attrtemplate); + memcpy (p, sha1hash, 20); + p += 20; + } + + certseqlen = p - certseq; + if (needed != certseqlen) + log_debug ("length mismatch: %lu, %lu\n", + (unsigned long)needed, (unsigned long)certseqlen); + + /* Append some pad characters; we already allocated extra space. */ + n = 8 - certseqlen % 8; + for (i=0; i < n; i++, certseqlen++) + *p++ = n; + + *r_length = certseqlen; + return certseq; +} + + +/* Expect the RSA key parameters in KPARMS and a password in PW. + Create a PKCS structure from it and return it as well as the length + in R_LENGTH; return NULL in case of an error. If CHARSET is not + NULL, re-encode PW to that character set. */ +unsigned char * +p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen, + const char *pw, const char *charset, size_t *r_length) +{ + unsigned char *buffer = NULL; + size_t n, buflen; + char salt[8]; + struct buffer_s seqlist[3]; + int seqlistidx = 0; + unsigned char sha1hash[20]; + char keyidstr[8+1]; + char *pwbuf = NULL; + size_t pwbufsize = 0; + + n = buflen = 0; /* (avoid compiler warning). */ + memset (sha1hash, 0, 20); + *keyidstr = 0; + + if (charset && pw && *pw) + { + jnlib_iconv_t cd; + const char *inptr; + char *outptr; + size_t inbytes, outbytes; + + /* We assume that the converted passphrase is at max 2 times + longer than its utf-8 encoding. */ + pwbufsize = strlen (pw)*2 + 1; + pwbuf = gcry_malloc_secure (pwbufsize); + if (!pwbuf) + { + log_error ("out of secure memory while converting passphrase\n"); + goto failure; + } + + cd = jnlib_iconv_open (charset, "utf-8"); + if (cd == (jnlib_iconv_t)(-1)) + { + log_error ("can't convert passphrase to" + " requested charset `%s': %s\n", + charset, strerror (errno)); + gcry_free (pwbuf); + pwbuf = NULL; + goto failure; + } + + inptr = pw; + inbytes = strlen (pw); + outptr = pwbuf; + outbytes = pwbufsize - 1; + if ( jnlib_iconv (cd, (const char **)&inptr, &inbytes, + &outptr, &outbytes) == (size_t)-1) + { + log_error ("error converting passphrase to" + " requested charset `%s': %s\n", + charset, strerror (errno)); + gcry_free (pwbuf); + pwbuf = NULL; + jnlib_iconv_close (cd); + goto failure; + } + *outptr = 0; + jnlib_iconv_close (cd); + pw = pwbuf; + } + + + if (cert && certlen) + { + /* Calculate the hash value we need for the bag attributes. */ + gcry_md_hash_buffer (GCRY_MD_SHA1, sha1hash, cert, certlen); + sprintf (keyidstr, "%02x%02x%02x%02x", + sha1hash[16], sha1hash[17], sha1hash[18], sha1hash[19]); + + /* Encode the certificate. */ + buffer = build_cert_sequence (cert, certlen, sha1hash, keyidstr, + &buflen); + if (!buffer) + goto failure; + + /* Encrypt it. */ + gcry_randomize (salt, 8, GCRY_STRONG_RANDOM); + crypt_block (buffer, buflen, salt, 8, 2048, pw, + GCRY_CIPHER_RFC2268_40, 1); + + /* Encode the encrypted stuff into a bag. */ + seqlist[seqlistidx].buffer = build_cert_bag (buffer, buflen, salt, &n); + seqlist[seqlistidx].length = n; + gcry_free (buffer); + buffer = NULL; + if (!seqlist[seqlistidx].buffer) + goto failure; + seqlistidx++; + } + + + if (kparms) + { + /* Encode the key. */ + buffer = build_key_sequence (kparms, &buflen); + if (!buffer) + goto failure; + + /* Encrypt it. */ + gcry_randomize (salt, 8, GCRY_STRONG_RANDOM); + crypt_block (buffer, buflen, salt, 8, 2048, pw, GCRY_CIPHER_3DES, 1); + + /* Encode the encrypted stuff into a bag. */ + if (cert && certlen) + seqlist[seqlistidx].buffer = build_key_bag (buffer, buflen, salt, + sha1hash, keyidstr, &n); + else + seqlist[seqlistidx].buffer = build_key_bag (buffer, buflen, salt, + NULL, NULL, &n); + seqlist[seqlistidx].length = n; + gcry_free (buffer); + buffer = NULL; + if (!seqlist[seqlistidx].buffer) + goto failure; + seqlistidx++; + } + + seqlist[seqlistidx].buffer = NULL; + seqlist[seqlistidx].length = 0; + + buffer = create_final (seqlist, pw, &buflen); + + failure: + if (pwbuf) + { + wipememory (pwbuf, pwbufsize); + gcry_free (pwbuf); + } + for ( ; seqlistidx; seqlistidx--) + gcry_free (seqlist[seqlistidx].buffer); + + *r_length = buffer? buflen : 0; + return buffer; +} + + +#ifdef TEST + +static void +cert_cb (void *opaque, const unsigned char *cert, size_t certlen) +{ + printf ("got a certificate of %u bytes length\n", certlen); +} + +int +main (int argc, char **argv) +{ + FILE *fp; + struct stat st; + unsigned char *buf; + size_t buflen; + gcry_mpi_t *result; + + if (argc != 3) + { + fprintf (stderr, "usage: testp12 file passphrase\n"); + return 1; + } + + gcry_control (GCRYCTL_DISABLE_SECMEM, NULL); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL); + + fp = fopen (argv[1], "rb"); + if (!fp) + { + fprintf (stderr, "can't open `%s': %s\n", argv[1], strerror (errno)); + return 1; + } + + if (fstat (fileno(fp), &st)) + { + fprintf (stderr, "can't stat `%s': %s\n", argv[1], strerror (errno)); + return 1; + } + + buflen = st.st_size; + buf = gcry_malloc (buflen+1); + if (!buf || fread (buf, buflen, 1, fp) != 1) + { + fprintf (stderr, "error reading `%s': %s\n", argv[1], strerror (errno)); + return 1; + } + fclose (fp); + + result = p12_parse (buf, buflen, argv[2], cert_cb, NULL); + if (result) + { + int i, rc; + unsigned char *tmpbuf; + + for (i=0; result[i]; i++) + { + rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &tmpbuf, + NULL, result[i]); + if (rc) + printf ("%d: [error printing number: %s]\n", + i, gpg_strerror (rc)); + else + { + printf ("%d: %s\n", i, tmpbuf); + gcry_free (tmpbuf); + } + } + } + + return 0; + +} + +/* +Local Variables: +compile-command: "gcc -Wall -O0 -g -DTEST=1 -o minip12 minip12.c ../jnlib/libjnlib.a -L /usr/local/lib -lgcrypt -lgpg-error" +End: +*/ +#endif /* TEST */ diff -Nru gnupg2-2.1.6/agent/minip12.h gnupg2-2.0.28/agent/minip12.h --- gnupg2-2.1.6/agent/minip12.h 1970-01-01 00:00:00.000000000 +0000 +++ gnupg2-2.0.28/agent/minip12.h 2015-06-02 08:13:55.000000000 +0000 @@ -0,0 +1,36 @@ +/* minip12.h - Global definitions for the minimal pkcs-12 implementation. + * Copyright (C) 2002, 2003 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef MINIP12_H +#define MINIP12_H + +#include + +gcry_mpi_t *p12_parse (const unsigned char *buffer, size_t length, + const char *pw, + void (*certcb)(void*, const unsigned char*, size_t), + void *certcbarg); + +unsigned char *p12_build (gcry_mpi_t *kparms, + unsigned char *cert, size_t certlen, + const char *pw, const char *charset, + size_t *r_length); + + +#endif /*MINIP12_H*/ diff -Nru gnupg2-2.1.6/agent/pkdecrypt.c gnupg2-2.0.28/agent/pkdecrypt.c --- gnupg2-2.1.6/agent/pkdecrypt.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/pkdecrypt.c 2015-06-02 08:13:55.000000000 +0000 @@ -32,12 +32,11 @@ /* DECRYPT the stuff in ciphertext which is expected to be a S-Exp. Try to get the key from CTRL and write the decoded stuff back to - OUTFP. The padding information is stored at R_PADDING with -1 - for not known. */ + OUTFP. */ int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, const unsigned char *ciphertext, size_t ciphertextlen, - membuf_t *outbuf, int *r_padding) + membuf_t *outbuf) { gcry_sexp_t s_skey = NULL, s_cipher = NULL, s_plain = NULL; unsigned char *shadow_info = NULL; @@ -45,8 +44,6 @@ char *buf = NULL; size_t len; - *r_padding = -1; - if (!ctrl->have_keygrip) { log_error ("speculative decryption not yet supported\n"); @@ -67,17 +64,19 @@ log_printhex ("keygrip:", ctrl->keygrip, 20); log_printhex ("cipher: ", ciphertext, ciphertextlen); } - rc = agent_key_from_file (ctrl, NULL, desc_text, + rc = agent_key_from_file (ctrl, desc_text, ctrl->keygrip, &shadow_info, - CACHE_MODE_NORMAL, NULL, &s_skey, NULL); + CACHE_MODE_NORMAL, NULL, &s_skey); if (rc) { - if (gpg_err_code (rc) != GPG_ERR_NO_SECKEY) + if (gpg_err_code (rc) == GPG_ERR_ENOENT) + rc = gpg_error (GPG_ERR_NO_SECKEY); + else log_error ("failed to read the secret key\n"); goto leave; } - if (shadow_info) + if (!s_skey) { /* divert operation to the smartcard */ if (!gcry_sexp_canon_len (ciphertext, ciphertextlen, NULL, NULL)) @@ -86,17 +85,21 @@ goto leave; } - rc = divert_pkdecrypt (ctrl, ciphertext, shadow_info, - &buf, &len, r_padding); + rc = divert_pkdecrypt (ctrl, ciphertext, shadow_info, &buf, &len ); if (rc) { log_error ("smartcard decryption failed: %s\n", gpg_strerror (rc)); goto leave; } - put_membuf_printf (outbuf, "(5:value%u:", (unsigned int)len); - put_membuf (outbuf, buf, len); - put_membuf (outbuf, ")", 2); + { + char tmpbuf[60]; + + sprintf (tmpbuf, "(5:value%u:", (unsigned int)len); + put_membuf (outbuf, tmpbuf, strlen (tmpbuf)); + put_membuf (outbuf, buf, len); + put_membuf (outbuf, ")", 2); + } } else { /* No smartcard, but a private key */ @@ -133,7 +136,7 @@ put_membuf (outbuf, buf, len); put_membuf (outbuf, ")", 2); } - } + } leave: @@ -144,3 +147,5 @@ xfree (shadow_info); return rc; } + + diff -Nru gnupg2-2.1.6/agent/pksign.c gnupg2-2.0.28/agent/pksign.c --- gnupg2-2.1.6/agent/pksign.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/pksign.c 2015-06-02 08:13:55.000000000 +0000 @@ -1,6 +1,5 @@ /* pksign.c - public key signing (well, actually using a secret key) - * Copyright (C) 2001-2004, 2010 Free Software Foundation, Inc. - * Copyright (C) 2001-2004, 2010, 2013 Werner Koch + * Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -29,7 +28,6 @@ #include #include "agent.h" -#include "i18n.h" static int @@ -44,13 +42,13 @@ const char *s; char tmp[16+1]; int i; - + s = gcry_md_algo_name (algo); if (s && strlen (s) < 16) { for (i=0; i < strlen (s); i++) tmp[i] = tolower (s[i]); - tmp[i] = '\0'; + tmp[i] = '\0'; } rc = gcry_sexp_build (&hash, NULL, @@ -60,168 +58,20 @@ else { gcry_mpi_t mpi; - + rc = gcry_mpi_scan (&mpi, GCRYMPI_FMT_USG, md, mdlen, NULL); - if (!rc) + if (! rc) { rc = gcry_sexp_build (&hash, NULL, "(data (flags raw) (value %m))", mpi); gcry_mpi_release (mpi); } - else - hash = NULL; - + } - + *r_hash = hash; - return rc; -} - - -/* Return the number of bits of the Q parameter from the DSA key - KEY. */ -static unsigned int -get_dsa_qbits (gcry_sexp_t key) -{ - gcry_sexp_t l1, l2; - gcry_mpi_t q; - unsigned int nbits; - - l1 = gcry_sexp_find_token (key, "private-key", 0); - if (!l1) - l1 = gcry_sexp_find_token (key, "protected-private-key", 0); - if (!l1) - l1 = gcry_sexp_find_token (key, "shadowed-private-key", 0); - if (!l1) - l1 = gcry_sexp_find_token (key, "public-key", 0); - if (!l1) - return 0; /* Does not contain a key object. */ - l2 = gcry_sexp_cadr (l1); - gcry_sexp_release (l1); - l1 = gcry_sexp_find_token (l2, "q", 1); - gcry_sexp_release (l2); - if (!l1) - return 0; /* Invalid object. */ - q = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); - gcry_sexp_release (l1); - if (!q) - return 0; /* Missing value. */ - nbits = gcry_mpi_get_nbits (q); - gcry_mpi_release (q); - - return nbits; -} - - -/* Return an appropriate hash algorithm to be used with RFC-6979 for a - message digest of length MDLEN. Although a fallback of SHA-256 is - used the current implementation in Libgcrypt will reject a hash - algorithm which does not match the length of the message. */ -static const char * -rfc6979_hash_algo_string (size_t mdlen) -{ - switch (mdlen) - { - case 20: return "sha1"; - case 28: return "sha224"; - case 32: return "sha256"; - case 48: return "sha384"; - case 64: return "sha512"; - default: return "sha256"; - } -} - - -/* Encode a message digest for use with the EdDSA algorithm - (i.e. curve Ed25519). */ -static gpg_error_t -do_encode_eddsa (const byte *md, size_t mdlen, gcry_sexp_t *r_hash) -{ - gpg_error_t err; - gcry_sexp_t hash; - - *r_hash = NULL; - err = gcry_sexp_build (&hash, NULL, - "(data(flags eddsa)(hash-algo sha512)(value %b))", - (int)mdlen, md); - if (!err) - *r_hash = hash; - return err; -} - - -/* Encode a message digest for use with an DSA algorithm. */ -static gpg_error_t -do_encode_dsa (const byte *md, size_t mdlen, int pkalgo, gcry_sexp_t pkey, - gcry_sexp_t *r_hash) -{ - gpg_error_t err; - gcry_sexp_t hash; - unsigned int qbits; - - *r_hash = NULL; - - if (pkalgo == GCRY_PK_ECDSA) - qbits = gcry_pk_get_nbits (pkey); - else if (pkalgo == GCRY_PK_DSA) - qbits = get_dsa_qbits (pkey); - else - return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); - - if (pkalgo == GCRY_PK_DSA && (qbits%8)) - { - /* FIXME: We check the QBITS but print a message about the hash - length. */ - log_error (_("DSA requires the hash length to be a" - " multiple of 8 bits\n")); - return gpg_error (GPG_ERR_INV_LENGTH); - } - - /* Don't allow any Q smaller than 160 bits. We don't want someone - to issue signatures from a key with a 16-bit Q or something like - that, which would look correct but allow trivial forgeries. Yes, - I know this rules out using MD5 with DSA. ;) */ - if (qbits < 160) - { - log_error (_("%s key uses an unsafe (%u bit) hash\n"), - gcry_pk_algo_name (pkalgo), qbits); - return gpg_error (GPG_ERR_INV_LENGTH); - } - - /* Check if we're too short. Too long is safe as we'll - * automatically left-truncate. - * - * This check would require the use of SHA512 with ECDSA 512. I - * think this is overkill to fail in this case. Therefore, relax - * the check, but only for ECDSA keys. We may need to adjust it - * later for general case. (Note that the check is really a bug for - * ECDSA 521 as the only hash that matches it is SHA 512, but 512 < - * 521 ). - */ - if (mdlen < ((pkalgo==GCRY_PK_ECDSA && qbits > 521) ? 512 : qbits)/8) - { - log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"), - mdlen*8, - gcry_pk_get_nbits (pkey), - gcry_pk_algo_name (pkalgo)); - /* FIXME: we need to check the requirements for ECDSA. */ - if (mdlen < 20 || pkalgo == GCRY_PK_DSA) - return gpg_error (GPG_ERR_INV_LENGTH); - } - - /* Truncate. */ - if (mdlen > qbits/8) - mdlen = qbits/8; - - /* Create the S-expression. */ - err = gcry_sexp_build (&hash, NULL, - "(data (flags rfc6979) (hash %s %b))", - rfc6979_hash_algo_string (mdlen), - (int)mdlen, md); - if (!err) - *r_hash = hash; - return err; + return rc; } @@ -237,7 +87,7 @@ gcry_sexp_t hash; unsigned char *frame; size_t i, n, nframe; - + nframe = (nbits+7) / 8; if ( !mdlen || mdlen + 8 + 4 > nframe ) { @@ -248,7 +98,7 @@ frame = xtrymalloc (nframe); if (!frame) return gpg_error_from_syserror (); - + /* Assemble the pkcs#1 block type 1. */ n = 0; frame[n++] = 0; @@ -261,7 +111,7 @@ memcpy (frame+n, md, mdlen ); n += mdlen; assert (n == nframe); - + /* Create the S-expression. */ rc = gcry_sexp_build (&hash, NULL, "(data (flags raw) (value %b))", @@ -269,157 +119,56 @@ xfree (frame); *r_hash = hash; - return rc; + return rc; } /* SIGN whatever information we have accumulated in CTRL and return the signature S-expression. LOOKUP is an optional function to - provide a way for lower layers to ask for the caching TTL. If a - CACHE_NONCE is given that cache item is first tried to get a - passphrase. If OVERRIDEDATA is not NULL, OVERRIDEDATALEN bytes - from this buffer are used instead of the data in CTRL. The - override feature is required to allow the use of Ed25519 with ssh - because Ed25519 dies the hashing itself. */ + provide a way for lower layers to ask for the caching TTL. */ int -agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, - const char *desc_text, +agent_pksign_do (ctrl_t ctrl, const char *desc_text, gcry_sexp_t *signature_sexp, - cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, - const void *overridedata, size_t overridedatalen) + cache_mode_t cache_mode, lookup_ttl_t lookup_ttl) { gcry_sexp_t s_skey = NULL, s_sig = NULL; unsigned char *shadow_info = NULL; unsigned int rc = 0; /* FIXME: gpg-error? */ - const unsigned char *data; - int datalen; - - if (overridedata) - { - data = overridedata; - datalen = overridedatalen; - } - else - { - data = ctrl->digest.value; - datalen = ctrl->digest.valuelen; - } - if (!ctrl->have_keygrip) + if (! ctrl->have_keygrip) return gpg_error (GPG_ERR_NO_SECKEY); - rc = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip, + rc = agent_key_from_file (ctrl, desc_text, ctrl->keygrip, &shadow_info, cache_mode, lookup_ttl, - &s_skey, NULL); + &s_skey); if (rc) { - if (gpg_err_code (rc) != GPG_ERR_NO_SECKEY) - log_error ("failed to read the secret key\n"); + log_error ("failed to read the secret key\n"); goto leave; } - if (shadow_info) + if (!s_skey) { /* Divert operation to the smartcard */ - size_t len; - unsigned char *buf = NULL; - int key_type; - int is_RSA = 0; - int is_ECDSA = 0; - int is_EdDSA = 0; - if (agent_is_eddsa_key (s_skey)) - is_EdDSA = 1; - else - { - key_type = agent_is_dsa_key (s_skey); - if (key_type == 0) - is_RSA = 1; - else if (key_type == GCRY_PK_ECDSA) - is_ECDSA = 1; - } + unsigned char *buf = NULL; + size_t len = 0; - rc = divert_pksign (ctrl, - data, datalen, + rc = divert_pksign (ctrl, + ctrl->digest.value, + ctrl->digest.valuelen, ctrl->digest.algo, - shadow_info, &buf, &len); + shadow_info, &buf); if (rc) { log_error ("smartcard signing failed: %s\n", gpg_strerror (rc)); goto leave; } + len = gcry_sexp_canon_len (buf, 0, NULL, NULL); + assert (len); - if (is_RSA) - { - if (*buf & 0x80) - { - len++; - buf = xtryrealloc (buf, len); - if (!buf) - goto leave; - - memmove (buf + 1, buf, len - 1); - *buf = 0; - } - - rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%b)))", - (int)len, buf); - } - else if (is_EdDSA) - { - rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(eddsa(r%b)(s%b)))", - (int)len/2, buf, (int)len/2, buf + len/2); - } - else if (is_ECDSA) - { - unsigned char *r_buf_allocated = NULL; - unsigned char *s_buf_allocated = NULL; - unsigned char *r_buf, *s_buf; - int r_buflen, s_buflen; - - r_buflen = s_buflen = len/2; - - if (*buf & 0x80) - { - r_buflen++; - r_buf_allocated = xtrymalloc (r_buflen); - if (!r_buf_allocated) - goto leave; - - r_buf = r_buf_allocated; - memcpy (r_buf + 1, buf, len/2); - *r_buf = 0; - } - else - r_buf = buf; - - if (*(buf + len/2) & 0x80) - { - s_buflen++; - s_buf_allocated = xtrymalloc (s_buflen); - if (!s_buf_allocated) - { - xfree (r_buf_allocated); - goto leave; - } - - s_buf = s_buf_allocated; - memcpy (s_buf + 1, buf + len/2, len/2); - *s_buf = 0; - } - else - s_buf = buf + len/2; - - rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(ecdsa(r%b)(s%b)))", - r_buflen, r_buf, - s_buflen, s_buf); - xfree (r_buf_allocated); - xfree (s_buf_allocated); - } - else - rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); - + rc = gcry_sexp_sscan (&s_sig, NULL, (char*)buf, len); xfree (buf); if (rc) { @@ -431,23 +180,18 @@ else { /* No smartcard, but a private key */ + gcry_sexp_t s_hash = NULL; - int dsaalgo; /* Put the hash into a sexp */ - if (agent_is_eddsa_key (s_skey)) - rc = do_encode_eddsa (data, datalen, - &s_hash); - else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1) - rc = do_encode_raw_pkcs1 (data, datalen, + if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1) + rc = do_encode_raw_pkcs1 (ctrl->digest.value, + ctrl->digest.valuelen, gcry_pk_get_nbits (s_skey), &s_hash); - else if ( (dsaalgo = agent_is_dsa_key (s_skey)) ) - rc = do_encode_dsa (data, datalen, - dsaalgo, s_skey, - &s_hash); else - rc = do_encode_md (data, datalen, + rc = do_encode_md (ctrl->digest.value, + ctrl->digest.valuelen, ctrl->digest.algo, &s_hash, ctrl->digest.raw_value); @@ -456,8 +200,8 @@ if (DBG_CRYPTO) { - gcry_log_debugsxp ("skey", s_skey); - gcry_log_debugsxp ("hash", s_hash); + log_debug ("skey: "); + gcry_sexp_dump (s_skey); } /* sign */ @@ -470,7 +214,10 @@ } if (DBG_CRYPTO) - gcry_log_debugsxp ("rslt", s_sig); + { + log_debug ("result: "); + gcry_sexp_dump (s_sig); + } } leave: @@ -484,19 +231,17 @@ } /* SIGN whatever information we have accumulated in CTRL and write it - back to OUTFP. If a CACHE_NONCE is given that cache item is first - tried to get a passphrase. */ + back to OUTFP. */ int -agent_pksign (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, - membuf_t *outbuf, cache_mode_t cache_mode) +agent_pksign (ctrl_t ctrl, const char *desc_text, + membuf_t *outbuf, cache_mode_t cache_mode) { gcry_sexp_t s_sig = NULL; char *buf = NULL; size_t len = 0; int rc = 0; - rc = agent_pksign_do (ctrl, cache_nonce, desc_text, &s_sig, cache_mode, NULL, - NULL, 0); + rc = agent_pksign_do (ctrl, desc_text, &s_sig, cache_mode, NULL); if (rc) goto leave; diff -Nru gnupg2-2.1.6/agent/preset-passphrase.c gnupg2-2.0.28/agent/preset-passphrase.c --- gnupg2-2.1.6/agent/preset-passphrase.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/preset-passphrase.c 2015-06-02 08:13:55.000000000 +0000 @@ -44,11 +44,12 @@ # include /* To initialize the sockets. fixme */ #endif +#define JNLIB_NEED_LOG_LOGV #include "agent.h" +#include "minip12.h" #include "simple-pwquery.h" #include "i18n.h" #include "sysutils.h" -#include "../common/init.h" enum cmd_and_opt_values @@ -89,7 +90,7 @@ const char *p; switch (level) { - case 11: p = "gpg-preset-passphrase (@GNUPG@)"; + case 11: p = "gpg-preset-passphrase (GnuPG)"; break; case 13: p = VERSION; break; case 17: p = PRINTABLE_OS_NAME; break; @@ -211,13 +212,12 @@ int cmd = 0; const char *keygrip = NULL; - early_system_init (); set_strusage (my_strusage); log_set_prefix ("gpg-preset-passphrase", 1); /* Make sure that our subsystems are ready. */ i18n_init (); - init_common_subsystems (&argc, &argv); + init_common_subsystems (); opt_homedir = default_homedir (); @@ -248,7 +248,7 @@ /* Tell simple-pwquery about the the standard socket name. */ { - char *tmp = make_filename (opt_homedir, GPG_AGENT_SOCK_NAME, NULL); + char *tmp = make_filename (opt_homedir, "S.gpg-agent", NULL); simple_pw_set_socket (tmp); xfree (tmp); } diff -Nru gnupg2-2.1.6/agent/protect.c gnupg2-2.0.28/agent/protect.c --- gnupg2-2.1.6/agent/protect.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/protect.c 2015-06-02 08:13:55.000000000 +0000 @@ -1,6 +1,6 @@ /* protect.c - Un/Protect a secret key - * Copyright (C) 1998-2003, 2007, 2009, 2011 Free Software Foundation, Inc. - * Copyright (C) 1998-2003, 2007, 2009, 2011, 2013-2015 Werner Koch + * Copyright (C) 1998, 1999, 2000, 2001, 2002, + * 2003, 2007, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -38,21 +38,15 @@ #include "agent.h" -#include "cvt-openpgp.h" #include "sexp-parse.h" -/* The protection mode for encryption. The supported modes for - decryption are listed in agent_unprotect(). */ -#define PROT_CIPHER GCRY_CIPHER_AES128 +#define PROT_CIPHER GCRY_CIPHER_AES #define PROT_CIPHER_STRING "aes" #define PROT_CIPHER_KEYLEN (128/8) -/* Decode an rfc4880 encoded S2K count. */ -#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6)) - /* A table containing the information needed to create a protected - private key. */ + private key */ static struct { const char *algo; const char *parmlist; @@ -86,18 +80,12 @@ const unsigned char *s2ksalt, unsigned long s2kcount, unsigned char *key, size_t keylen); - - /* Get the process time and store it in DATA. */ static void calibrate_get_time (struct calibrate_time_s *data) { #ifdef HAVE_W32_SYSTEM -# ifdef HAVE_W32CE_SYSTEM - GetThreadTimes (GetCurrentThread (), -# else GetProcessTimes (GetCurrentProcess (), -# endif &data->creation_time, &data->exit_time, &data->kernel_time, &data->user_time); #else @@ -180,7 +168,7 @@ if (opt.verbose) { ms = calibrate_s2k_count_one (count); - log_info ("S2K calibration: %lu -> %lums\n", count, ms); + log_info ("S2K calibration: %lu iterations for %lums\n", count, ms); } return count; @@ -202,45 +190,16 @@ } -/* Same as get_standard_s2k_count but return the count in the encoding - as described by rfc4880. */ -unsigned char -get_standard_s2k_count_rfc4880 (void) -{ - unsigned long iterations; - unsigned int count; - unsigned char result; - unsigned char c=0; - - iterations = get_standard_s2k_count (); - if (iterations >= 65011712) - return 255; - - /* Need count to be in the range 16-31 */ - for (count=iterations>>6; count>=32; count>>=1) - c++; - - result = (c<<4)|(count-16); - - if (S2K_DECODE_COUNT(result) < iterations) - result++; - - return result; - -} - -/* Calculate the MIC for a private key or shared secret S-expression. - SHA1HASH should point to a 20 byte buffer. This function is - suitable for all algorithms. */ +/* Calculate the MIC for a private key S-Exp. SHA1HASH should point to + a 20 byte buffer. This function is suitable for any algorithms. */ static int calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash) { const unsigned char *hash_begin, *hash_end; const unsigned char *s; size_t n; - int is_shared_secret; s = plainkey; if (*s != '(') @@ -249,23 +208,16 @@ n = snext (&s); if (!n) return gpg_error (GPG_ERR_INV_SEXP); - if (smatch (&s, n, "private-key")) - is_shared_secret = 0; - else if (smatch (&s, n, "shared-secret")) - is_shared_secret = 1; - else + if (!smatch (&s, n, "private-key")) return gpg_error (GPG_ERR_UNKNOWN_SEXP); if (*s != '(') return gpg_error (GPG_ERR_UNKNOWN_SEXP); hash_begin = s; - if (!is_shared_secret) - { - s++; - n = snext (&s); - if (!n) - return gpg_error (GPG_ERR_INV_SEXP); - s += n; /* Skip the algorithm name. */ - } + s++; + n = snext (&s); + if (!n) + return gpg_error (GPG_ERR_INV_SEXP); + s += n; /* skip over the algorithm name */ while (*s == '(') { @@ -316,8 +268,7 @@ static int do_encryption (const unsigned char *protbegin, size_t protlen, const char *passphrase, const unsigned char *sha1hash, - unsigned char **result, size_t *resultlen, - unsigned long s2k_count) + unsigned char **result, size_t *resultlen) { gcry_cipher_hd_t hd; const char *modestr = "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc"; @@ -376,8 +327,7 @@ { rc = hash_passphrase (passphrase, GCRY_MD_SHA1, 3, iv+2*blklen, - s2k_count ? s2k_count : get_standard_s2k_count(), - key, keylen); + get_standard_s2k_count (), key, keylen); if (!rc) rc = gcry_cipher_setkey (hd, key, keylen); xfree (key); @@ -420,8 +370,7 @@ { char countbuf[35]; - snprintf (countbuf, sizeof countbuf, "%lu", - s2k_count ? s2k_count : get_standard_s2k_count ()); + snprintf (countbuf, sizeof countbuf, "%lu", get_standard_s2k_count ()); p = xtryasprintf ("(9:protected%d:%s((4:sha18:%n_8bytes_%u:%s)%d:%n%*s)%d:%n%*s)", (int)strlen (modestr), modestr, @@ -453,8 +402,7 @@ a valid S-Exp here. */ int agent_protect (const unsigned char *plainkey, const char *passphrase, - unsigned char **result, size_t *resultlen, - unsigned long s2k_count) + unsigned char **result, size_t *resultlen) { int rc; const char *parmlist; @@ -471,9 +419,8 @@ int depth = 0; unsigned char *p; gcry_md_hd_t md; - int have_curve = 0; - /* Create an S-expression with the protected-at timestamp. */ + /* Create an S-expression with the procted-at timestamp. */ memcpy (timestamp_exp, "(12:protected-at15:", 19); gnupg_get_isotime (timestamp_exp+19); timestamp_exp[19+15] = ')'; @@ -504,11 +451,6 @@ if (!protect_info[infidx].algo) return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); - /* The parser below is a complete mess: To make it robust for ECC - use we should reorder the s-expression to include only what we - really need and thus guarantee the right order for saving stuff. - This should be done before calling this function and maybe with - the help of the new gcry_sexp_extract_param. */ parmlist = protect_info[infidx].parmlist; prot_from_idx = protect_info[infidx].prot_from; prot_to_idx = protect_info[infidx].prot_to; @@ -532,19 +474,10 @@ /* This is a private ECC key but the first parameter is the name of the curve. We change the parameter list here to the one we expect in this case. */ - have_curve = 1; parmlist = "?qd"; prot_from_idx = 2; prot_to_idx = 2; } - else if (n == 5 && !memcmp (s, "flags", 5) - && i == 1 && have_curve) - { - /* "curve" followed by "flags": Change again. */ - parmlist = "??qd"; - prot_from_idx = 3; - prot_to_idx = 3; - } else return gpg_error (GPG_ERR_INV_SEXP); } @@ -565,7 +498,7 @@ depth--; hash_end = s; s++; - /* Skip to the end of the S-expression. */ + /* skip to the end of the S-exp */ assert (depth == 1); rc = sskip (&s, &depth); if (rc) @@ -587,7 +520,7 @@ rc = do_encryption (prot_begin, prot_end - prot_begin + 1, passphrase, hashvalue, - &protected, &protectedlen, s2k_count); + &protected, &protectedlen); if (rc) return rc; @@ -625,7 +558,6 @@ return 0; } - /* Do the actual decryption and check the return list for consistency. */ static int @@ -633,7 +565,6 @@ const char *passphrase, const unsigned char *s2ksalt, unsigned long s2kcount, const unsigned char *iv, size_t ivlen, - int prot_cipher, int prot_cipher_keylen, unsigned char **result) { int rc = 0; @@ -642,11 +573,11 @@ unsigned char *outbuf; size_t reallen; - blklen = gcry_cipher_get_algo_blklen (prot_cipher); + blklen = gcry_cipher_get_algo_blklen (PROT_CIPHER); if (protectedlen < 4 || (protectedlen%blklen)) return gpg_error (GPG_ERR_CORRUPTED_PROTECTION); - rc = gcry_cipher_open (&hd, prot_cipher, GCRY_CIPHER_MODE_CBC, + rc = gcry_cipher_open (&hd, PROT_CIPHER, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); if (rc) return rc; @@ -659,16 +590,17 @@ if (!rc) { unsigned char *key; + size_t keylen = PROT_CIPHER_KEYLEN; - key = gcry_malloc_secure (prot_cipher_keylen); + key = gcry_malloc_secure (keylen); if (!key) rc = out_of_core (); else { rc = hash_passphrase (passphrase, GCRY_MD_SHA1, - 3, s2ksalt, s2kcount, key, prot_cipher_keylen); + 3, s2ksalt, s2kcount, key, keylen); if (!rc) - rc = gcry_cipher_setkey (hd, key, prot_cipher_keylen); + rc = gcry_cipher_setkey (hd, key, keylen); xfree (key); } } @@ -854,22 +786,12 @@ /* Unprotect the key encoded in canonical format. We assume a valid S-Exp here. If a protected-at item is available, its value will - be stored at protected_at unless this is NULL. */ + be stored at protocted_at unless this is NULL. */ int -agent_unprotect (ctrl_t ctrl, - const unsigned char *protectedkey, const char *passphrase, +agent_unprotect (const unsigned char *protectedkey, const char *passphrase, gnupg_isotime_t protected_at, unsigned char **result, size_t *resultlen) { - static struct { - const char *name; /* Name of the protection method. */ - int algo; /* (A zero indicates the "openpgp-native" hack.) */ - int keylen; /* Used key length in bytes. */ - } algotable[] = { - { "openpgp-s2k3-sha1-aes-cbc", GCRY_CIPHER_AES128, (128/8)}, - { "openpgp-s2k3-sha1-aes256-cbc", GCRY_CIPHER_AES256, (256/8)}, - { "openpgp-native", 0, 0 } - }; int rc; const unsigned char *s; const unsigned char *protect_list; @@ -879,9 +801,8 @@ const unsigned char *s2ksalt; unsigned long s2kcount; const unsigned char *iv; - int prot_cipher, prot_cipher_keylen; const unsigned char *prot_begin; - unsigned char *cleartext; + unsigned char *cleartext = NULL; /* Just to avoid gcc warning. */ unsigned char *final; size_t finallen; size_t cutoff, cutlen; @@ -970,40 +891,8 @@ n = snext (&s); if (!n) return gpg_error (GPG_ERR_INV_SEXP); - - /* Lookup the protection algo. */ - prot_cipher = 0; /* (avoid gcc warning) */ - prot_cipher_keylen = 0; /* (avoid gcc warning) */ - for (i= 0; i < DIM (algotable); i++) - if (smatch (&s, n, algotable[i].name)) - { - prot_cipher = algotable[i].algo; - prot_cipher_keylen = algotable[i].keylen; - break; - } - if (i == DIM (algotable)) + if (!smatch (&s, n, "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc")) return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION); - - if (!prot_cipher) /* This is "openpgp-native". */ - { - gcry_sexp_t s_prot_begin; - - rc = gcry_sexp_sscan (&s_prot_begin, NULL, - prot_begin, - gcry_sexp_canon_len (prot_begin, 0,NULL,NULL)); - if (rc) - return rc; - - rc = convert_from_openpgp_native (ctrl, s_prot_begin, passphrase, &final); - gcry_sexp_release (s_prot_begin); - if (!rc) - { - *result = final; - *resultlen = gcry_sexp_canon_len (final, 0, NULL, NULL); - } - return rc; - } - if (*s != '(' || s[1] != '(') return gpg_error (GPG_ERR_INV_SEXP); s += 2; @@ -1046,7 +935,7 @@ s++; /* skip list end */ n = snext (&s); - if (n != 16) /* Wrong blocksize for IV (we support only 128 bit). */ + if (n != 16) /* Wrong blocksize for IV (we support only aes-128). */ return gpg_error (GPG_ERR_CORRUPTED_PROTECTION); iv = s; s += n; @@ -1057,10 +946,9 @@ if (!n) return gpg_error (GPG_ERR_INV_SEXP); - cleartext = NULL; /* Avoid cc warning. */ rc = do_decryption (s, n, passphrase, s2ksalt, s2kcount, - iv, 16, prot_cipher, prot_cipher_keylen, + iv, 16, &cleartext); if (rc) return rc; @@ -1084,7 +972,7 @@ xfree (final); return rc; } - /* Now remove the part which is included in the MIC but should not + /* Now remove tha part which is included in the MIC but should not go into the final thing. */ if (cutlen) { @@ -1101,16 +989,13 @@ PRIVATE_KEY_UNKNOWN if we can't figure out the type (this is the value 0), PRIVATE_KEY_CLEAR for an unprotected private key. PRIVATE_KEY_PROTECTED for an protected private key or - PRIVATE_KEY_SHADOWED for a sub key where the secret parts are - stored elsewhere. Finally PRIVATE_KEY_OPENPGP_NONE may be returned - is the key is still in the openpgp-native format but without - protection. */ + PRIVATE_KEY_SHADOWED for a sub key where the secret parts are stored + elsewhere. */ int agent_private_key_type (const unsigned char *privatekey) { const unsigned char *s; size_t n; - int i; s = privatekey; if (*s != '(') @@ -1120,75 +1005,7 @@ if (!n) return PRIVATE_KEY_UNKNOWN; if (smatch (&s, n, "protected-private-key")) - { - /* We need to check whether this is openpgp-native protected - with the protection method "none". In that case we return a - different key type so that the caller knows that there is no - need to ask for a passphrase. */ - if (*s != '(') - return PRIVATE_KEY_PROTECTED; /* Unknown sexp - assume protected. */ - s++; - n = snext (&s); - if (!n) - return PRIVATE_KEY_UNKNOWN; /* Invalid sexp. */ - s += n; /* Skip over the algo */ - - /* Find the (protected ...) list. */ - for (;;) - { - if (*s != '(') - return PRIVATE_KEY_UNKNOWN; /* Invalid sexp. */ - s++; - n = snext (&s); - if (!n) - return PRIVATE_KEY_UNKNOWN; /* Invalid sexp. */ - if (smatch (&s, n, "protected")) - break; - s += n; - i = 1; - if (sskip (&s, &i)) - return PRIVATE_KEY_UNKNOWN; /* Invalid sexp. */ - } - /* Found - Is this openpgp-native? */ - n = snext (&s); - if (!n) - return PRIVATE_KEY_UNKNOWN; /* Invalid sexp. */ - if (smatch (&s, n, "openpgp-native")) /* Yes. */ - { - if (*s != '(') - return PRIVATE_KEY_UNKNOWN; /* Unknown sexp. */ - s++; - n = snext (&s); - if (!n) - return PRIVATE_KEY_UNKNOWN; /* Invalid sexp. */ - s += n; /* Skip over "openpgp-private-key". */ - /* Find the (protection ...) list. */ - for (;;) - { - if (*s != '(') - return PRIVATE_KEY_UNKNOWN; /* Invalid sexp. */ - s++; - n = snext (&s); - if (!n) - return PRIVATE_KEY_UNKNOWN; /* Invalid sexp. */ - if (smatch (&s, n, "protection")) - break; - s += n; - i = 1; - if (sskip (&s, &i)) - return PRIVATE_KEY_UNKNOWN; /* Invalid sexp. */ - } - /* Found - Is the mode "none"? */ - n = snext (&s); - if (!n) - return PRIVATE_KEY_UNKNOWN; /* Invalid sexp. */ - log_debug ("openpgp-native protection '%.*s'\n", (int)n, s); - if (smatch (&s, n, "none")) - return PRIVATE_KEY_OPENPGP_NONE; /* Yes. */ - } - - return PRIVATE_KEY_PROTECTED; - } + return PRIVATE_KEY_PROTECTED; if (smatch (&s, n, "shadowed-private-key")) return PRIVATE_KEY_SHADOWED; if (smatch (&s, n, "private-key")) @@ -1211,30 +1028,70 @@ unsigned long s2kcount, unsigned char *key, size_t keylen) { - /* The key derive function does not support a zero length string for - the passphrase in the S2K modes. Return a better suited error - code than GPG_ERR_INV_DATA. */ - if (!passphrase || !*passphrase) - return gpg_error (GPG_ERR_NO_PASSPHRASE); - return gcry_kdf_derive (passphrase, strlen (passphrase), - s2kmode == 3? GCRY_KDF_ITERSALTED_S2K : - s2kmode == 1? GCRY_KDF_SALTED_S2K : - s2kmode == 0? GCRY_KDF_SIMPLE_S2K : GCRY_KDF_NONE, - hashalgo, s2ksalt, 8, s2kcount, - keylen, key); -} + int rc; + gcry_md_hd_t md; + int pass, i; + int used = 0; + int pwlen = strlen (passphrase); + if ( (s2kmode != 0 && s2kmode != 1 && s2kmode != 3) + || !hashalgo || !keylen || !key || !passphrase) + return gpg_error (GPG_ERR_INV_VALUE); + if ((s2kmode == 1 ||s2kmode == 3) && !s2ksalt) + return gpg_error (GPG_ERR_INV_VALUE); -gpg_error_t -s2k_hash_passphrase (const char *passphrase, int hashalgo, - int s2kmode, - const unsigned char *s2ksalt, - unsigned int s2kcount, - unsigned char *key, size_t keylen) -{ - return hash_passphrase (passphrase, hashalgo, s2kmode, s2ksalt, - S2K_DECODE_COUNT (s2kcount), - key, keylen); + rc = gcry_md_open (&md, hashalgo, GCRY_MD_FLAG_SECURE); + if (rc) + return rc; + + for (pass=0; used < keylen; pass++) + { + if (pass) + { + gcry_md_reset (md); + for (i=0; i < pass; i++) /* preset the hash context */ + gcry_md_putc (md, 0); + } + + if (s2kmode == 1 || s2kmode == 3) + { + int len2 = pwlen + 8; + unsigned long count = len2; + + if (s2kmode == 3) + { + count = s2kcount; + if (count < len2) + count = len2; + } + + while (count > len2) + { + gcry_md_write (md, s2ksalt, 8); + gcry_md_write (md, passphrase, pwlen); + count -= len2; + } + if (count < 8) + gcry_md_write (md, s2ksalt, count); + else + { + gcry_md_write (md, s2ksalt, 8); + count -= 8; + gcry_md_write (md, passphrase, count); + } + } + else + gcry_md_write (md, passphrase, pwlen); + + gcry_md_final (md); + i = gcry_md_get_algo_dlen (hashalgo); + if (i > keylen - used) + i = keylen - used; + memcpy (key+used, gcry_md_read (md, hashalgo), i); + used += i; + } + gcry_md_close(md); + return 0; } @@ -1430,7 +1287,7 @@ required, NULL may be passed for them. */ gpg_error_t parse_shadow_info (const unsigned char *shadow_info, - char **r_hexsn, char **r_idstr, int *r_pinlen) + char **r_hexsn, char **r_idstr) { const unsigned char *s; size_t n; @@ -1439,8 +1296,6 @@ *r_hexsn = NULL; if (r_idstr) *r_idstr = NULL; - if (r_pinlen) - *r_pinlen = 0; s = shadow_info; if (*s != '(') @@ -1485,34 +1340,6 @@ (*r_idstr)[n] = 0; } - /* Parse the optional PINLEN. */ - n = snext (&s); - if (!n) - return 0; - - if (r_pinlen) - { - char *tmpstr = xtrymalloc (n+1); - if (!tmpstr) - { - if (r_hexsn) - { - xfree (*r_hexsn); - *r_hexsn = NULL; - } - if (r_idstr) - { - xfree (*r_idstr); - *r_idstr = NULL; - } - return gpg_error_from_syserror (); - } - memcpy (tmpstr, s, n); - tmpstr[n] = 0; - - *r_pinlen = (int)strtol (tmpstr, NULL, 10); - xfree (tmpstr); - } - return 0; } + diff -Nru gnupg2-2.1.6/agent/protect-tool.c gnupg2-2.0.28/agent/protect-tool.c --- gnupg2-2.1.6/agent/protect-tool.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/agent/protect-tool.c 2015-06-02 08:13:55.000000000 +0000 @@ -38,11 +38,13 @@ #include /* for setmode() */ #endif +#define JNLIB_NEED_LOG_LOGV #include "agent.h" +#include "minip12.h" #include "i18n.h" #include "get-passphrase.h" #include "sysutils.h" -#include "../common/init.h" +#include "estream.h" enum cmd_and_opt_values @@ -62,6 +64,9 @@ oS2Kcalibration, oCanonical, + oP12Import, + oP12Export, + oP12Charset, oStore, oForce, oHaveCert, @@ -95,10 +100,14 @@ static const char *opt_passphrase; static char *opt_prompt; static int opt_status_msg; +static const char *opt_p12_charset; static const char *opt_agent_program; +static session_env_t opt_session_env; static char *get_passphrase (int promptno); static void release_passphrase (char *pw); +static int store_private_key (const unsigned char *grip, + const void *buffer, size_t length, int force); static ARGPARSE_OPTS opts[] = { @@ -109,6 +118,11 @@ ARGPARSE_c (oShadow, "shadow", "create a shadow entry for a public key"), ARGPARSE_c (oShowShadowInfo, "show-shadow-info", "return the shadow info"), ARGPARSE_c (oShowKeygrip, "show-keygrip", "show the \"keygrip\""), + ARGPARSE_c (oP12Import, "p12-import", + "import a pkcs#12 encoded private key"), + ARGPARSE_c (oP12Export, "p12-export", + "export a private key pkcs#12 encoded"), + ARGPARSE_c (oS2Kcalibration, "s2k-calibration", "@"), ARGPARSE_group (301, N_("@\nOptions:\n ")), @@ -118,6 +132,8 @@ ARGPARSE_s_n (oCanonical, "canonical", "write output in canonical format"), ARGPARSE_s_s (oPassphrase, "passphrase", "|STRING|use passphrase STRING"), + ARGPARSE_s_s (oP12Charset,"p12-charset", + "|NAME|set charset for a new PKCS#12 passphrase to NAME"), ARGPARSE_s_n (oHaveCert, "have-cert", "certificate to export provided on STDIN"), ARGPARSE_s_n (oStore, "store", @@ -141,7 +157,7 @@ const char *p; switch (level) { - case 11: p = "gpg-protect-tool (" GNUPG_NAME ")"; + case 11: p = "gpg-protect-tool (GnuPG)"; break; case 13: p = VERSION; break; case 17: p = PRINTABLE_OS_NAME; break; @@ -190,7 +206,7 @@ rc = gcry_sexp_sscan (&sexp, &erroff, buf, buflen); if (rc) { - log_error ("invalid S-Expression in '%s' (off=%u): %s\n", + log_error ("invalid S-Expression in `%s' (off=%u): %s\n", fname, (unsigned int)erroff, gpg_strerror (rc)); return NULL; } @@ -257,7 +273,7 @@ nread = fread (buf+buflen, 1, NCHUNK, fp); if (nread < NCHUNK && ferror (fp)) { - log_error ("error reading '[stdin]': %s\n", strerror (errno)); + log_error ("error reading `[stdin]': %s\n", strerror (errno)); xfree (buf); return NULL; } @@ -274,13 +290,13 @@ fp = fopen (fname, "rb"); if (!fp) { - log_error ("can't open '%s': %s\n", fname, strerror (errno)); + log_error ("can't open `%s': %s\n", fname, strerror (errno)); return NULL; } if (fstat (fileno(fp), &st)) { - log_error ("can't stat '%s': %s\n", fname, strerror (errno)); + log_error ("can't stat `%s': %s\n", fname, strerror (errno)); fclose (fp); return NULL; } @@ -289,7 +305,7 @@ buf = xmalloc (buflen+1); if (fread (buf, buflen, 1, fp) != 1) { - log_error ("error reading '%s': %s\n", fname, strerror (errno)); + log_error ("error reading `%s': %s\n", fname, strerror (errno)); fclose (fp); xfree (buf); return NULL; @@ -333,7 +349,7 @@ return; pw = get_passphrase (1); - rc = agent_protect (key, pw, &result, &resultlen, 0); + rc = agent_protect (key, pw, &result, &resultlen); release_passphrase (pw); xfree (key); if (rc) @@ -371,7 +387,7 @@ if (!key) return; - rc = agent_unprotect (NULL, key, (pw=get_passphrase (1)), + rc = agent_unprotect (key, (pw=get_passphrase (1)), protected_at, &result, &resultlen); release_passphrase (pw); xfree (key); @@ -538,6 +554,463 @@ } +static int +rsa_key_check (struct rsa_secret_key_s *skey) +{ + int err = 0; + gcry_mpi_t t = gcry_mpi_snew (0); + gcry_mpi_t t1 = gcry_mpi_snew (0); + gcry_mpi_t t2 = gcry_mpi_snew (0); + gcry_mpi_t phi = gcry_mpi_snew (0); + + /* check that n == p * q */ + gcry_mpi_mul (t, skey->p, skey->q); + if (gcry_mpi_cmp( t, skey->n) ) + { + log_error ("RSA oops: n != p * q\n"); + err++; + } + + /* check that p is less than q */ + if (gcry_mpi_cmp (skey->p, skey->q) > 0) + { + gcry_mpi_t tmp; + + log_info ("swapping secret primes\n"); + tmp = gcry_mpi_copy (skey->p); + gcry_mpi_set (skey->p, skey->q); + gcry_mpi_set (skey->q, tmp); + gcry_mpi_release (tmp); + /* and must recompute u of course */ + gcry_mpi_invm (skey->u, skey->p, skey->q); + } + + /* check that e divides neither p-1 nor q-1 */ + gcry_mpi_sub_ui (t, skey->p, 1 ); + gcry_mpi_div (NULL, t, t, skey->e, 0); + if (!gcry_mpi_cmp_ui( t, 0) ) + { + log_error ("RSA oops: e divides p-1\n"); + err++; + } + gcry_mpi_sub_ui (t, skey->q, 1); + gcry_mpi_div (NULL, t, t, skey->e, 0); + if (!gcry_mpi_cmp_ui( t, 0)) + { + log_info ( "RSA oops: e divides q-1\n" ); + err++; + } + + /* check that d is correct. */ + gcry_mpi_sub_ui (t1, skey->p, 1); + gcry_mpi_sub_ui (t2, skey->q, 1); + gcry_mpi_mul (phi, t1, t2); + gcry_mpi_invm (t, skey->e, phi); + if (gcry_mpi_cmp (t, skey->d)) + { /* no: try universal exponent. */ + gcry_mpi_gcd (t, t1, t2); + gcry_mpi_div (t, NULL, phi, t, 0); + gcry_mpi_invm (t, skey->e, t); + if (gcry_mpi_cmp (t, skey->d)) + { + log_error ("RSA oops: bad secret exponent\n"); + err++; + } + } + + /* check for correctness of u */ + gcry_mpi_invm (t, skey->p, skey->q); + if (gcry_mpi_cmp (t, skey->u)) + { + log_info ( "RSA oops: bad u parameter\n"); + err++; + } + + if (err) + log_info ("RSA secret key check failed\n"); + + gcry_mpi_release (t); + gcry_mpi_release (t1); + gcry_mpi_release (t2); + gcry_mpi_release (phi); + + return err? -1:0; +} + + +/* A callback used by p12_parse to return a certificate. */ +static void +import_p12_cert_cb (void *opaque, const unsigned char *cert, size_t certlen) +{ + struct b64state state; + gpg_error_t err, err2; + + (void)opaque; + + err = b64enc_start (&state, stdout, "CERTIFICATE"); + if (!err) + err = b64enc_write (&state, cert, certlen); + err2 = b64enc_finish (&state); + if (!err) + err = err2; + if (err) + log_error ("error writing armored certificate: %s\n", gpg_strerror (err)); +} + +static void +import_p12_file (const char *fname) +{ + char *buf; + unsigned char *result; + size_t buflen, resultlen, buf_off; + int i; + int rc; + gcry_mpi_t *kparms; + struct rsa_secret_key_s sk; + gcry_sexp_t s_key; + unsigned char *key; + unsigned char grip[20]; + char *pw; + + /* fixme: we should release some stuff on error */ + + buf = read_file (fname, &buflen); + if (!buf) + return; + + /* GnuPG 2.0.4 accidently created binary P12 files with the string + "The passphrase is %s encoded.\n\n" prepended to the ASN.1 data. + We fix that here. */ + if (buflen > 29 && !memcmp (buf, "The passphrase is ", 18)) + { + for (buf_off=18; buf_off < buflen && buf[buf_off] != '\n'; buf_off++) + ; + buf_off++; + if (buf_off < buflen && buf[buf_off] == '\n') + buf_off++; + } + else + buf_off = 0; + + kparms = p12_parse ((unsigned char*)buf+buf_off, buflen-buf_off, + (pw=get_passphrase (2)), + import_p12_cert_cb, NULL); + release_passphrase (pw); + xfree (buf); + if (!kparms) + { + log_error ("error parsing or decrypting the PKCS-12 file\n"); + return; + } + for (i=0; kparms[i]; i++) + ; + if (i != 8) + { + log_error ("invalid structure of private key\n"); + return; + } + + +/* print_mpi (" n", kparms[0]); */ +/* print_mpi (" e", kparms[1]); */ +/* print_mpi (" d", kparms[2]); */ +/* print_mpi (" p", kparms[3]); */ +/* print_mpi (" q", kparms[4]); */ +/* print_mpi ("dmp1", kparms[5]); */ +/* print_mpi ("dmq1", kparms[6]); */ +/* print_mpi (" u", kparms[7]); */ + + sk.n = kparms[0]; + sk.e = kparms[1]; + sk.d = kparms[2]; + sk.q = kparms[3]; + sk.p = kparms[4]; + sk.u = kparms[7]; + if (rsa_key_check (&sk)) + return; +/* print_mpi (" n", sk.n); */ +/* print_mpi (" e", sk.e); */ +/* print_mpi (" d", sk.d); */ +/* print_mpi (" p", sk.p); */ +/* print_mpi (" q", sk.q); */ +/* print_mpi (" u", sk.u); */ + + /* Create an S-expresion from the parameters. */ + rc = gcry_sexp_build (&s_key, NULL, + "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", + sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL); + for (i=0; i < 8; i++) + gcry_mpi_release (kparms[i]); + gcry_free (kparms); + if (rc) + { + log_error ("failed to created S-expression from key: %s\n", + gpg_strerror (rc)); + return; + } + + /* Compute the keygrip. */ + if (!gcry_pk_get_keygrip (s_key, grip)) + { + log_error ("can't calculate keygrip\n"); + return; + } + log_info ("keygrip: "); + for (i=0; i < 20; i++) + log_printf ("%02X", grip[i]); + log_printf ("\n"); + + /* Convert to canonical encoding. */ + buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, NULL, 0); + assert (buflen); + key = gcry_xmalloc_secure (buflen); + buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, key, buflen); + assert (buflen); + gcry_sexp_release (s_key); + + pw = get_passphrase (4); + rc = agent_protect (key, pw, &result, &resultlen); + release_passphrase (pw); + xfree (key); + if (rc) + { + log_error ("protecting the key failed: %s\n", gpg_strerror (rc)); + return; + } + + if (opt_armor) + { + char *p = make_advanced (result, resultlen); + xfree (result); + if (!p) + return; + result = (unsigned char*)p; + resultlen = strlen (p); + } + + if (opt_store) + store_private_key (grip, result, resultlen, opt_force); + else + fwrite (result, resultlen, 1, stdout); + + xfree (result); +} + + + +static gcry_mpi_t * +sexp_to_kparms (gcry_sexp_t sexp) +{ + gcry_sexp_t list, l2; + const char *name; + const char *s; + size_t n; + int i, idx; + const char *elems; + gcry_mpi_t *array; + + list = gcry_sexp_find_token (sexp, "private-key", 0 ); + if(!list) + return NULL; + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + name = gcry_sexp_nth_data (list, 0, &n); + if(!name || n != 3 || memcmp (name, "rsa", 3)) + { + gcry_sexp_release (list); + return NULL; + } + + /* Parameter names used with RSA. */ + elems = "nedpqu"; + array = xcalloc (strlen(elems) + 1, sizeof *array); + for (idx=0, s=elems; *s; s++, idx++ ) + { + l2 = gcry_sexp_find_token (list, s, 1); + if (!l2) + { + for (i=0; i #include #include -#include +#include #include "agent.h" #include /* fixme: need a way to avoid assuan calls here */ #include "i18n.h" +#include "estream.h" /* A structure to store the information from the trust file. */ @@ -51,10 +51,11 @@ typedef struct trustitem_s trustitem_t; /* Malloced table and its allocated size with all trust items. */ -static trustitem_t *trusttable; -static size_t trusttablesize; +static trustitem_t *trusttable; +static size_t trusttablesize; /* A mutex used to protect the table. */ -static npth_mutex_t trusttable_lock; +static pth_mutex_t trusttable_lock; + static const char headerblurb[] = @@ -81,13 +82,11 @@ initialize_module_trustlist (void) { static int initialized; - int err; if (!initialized) { - err = npth_mutex_init (&trusttable_lock, NULL); - if (err) - log_fatal ("failed to init mutex in %s: %s\n", __FILE__,strerror (err)); + if (!pth_mutex_init (&trusttable_lock)) + log_fatal ("error initializing mutex: %s\n", strerror (errno)); initialized = 1; } } @@ -98,89 +97,69 @@ static void lock_trusttable (void) { - int err; - - err = npth_mutex_lock (&trusttable_lock); - if (err) - log_fatal ("failed to acquire mutex in %s: %s\n", __FILE__, strerror (err)); + if (!pth_mutex_acquire (&trusttable_lock, 0, NULL)) + log_fatal ("failed to acquire mutex in %s\n", __FILE__); } - static void unlock_trusttable (void) { - int err; - - err = npth_mutex_unlock (&trusttable_lock); - if (err) - log_fatal ("failed to release mutex in %s: %s\n", __FILE__, strerror (err)); + if (!pth_mutex_release (&trusttable_lock)) + log_fatal ("failed to release mutex in %s\n", __FILE__); } -/* Clear the trusttable. The caller needs to make sure that the - trusttable is locked. */ -static inline void -clear_trusttable (void) -{ - xfree (trusttable); - trusttable = NULL; - trusttablesize = 0; -} - static gpg_error_t read_one_trustfile (const char *fname, int allow_include, - trustitem_t **addr_of_table, + trustitem_t **addr_of_table, size_t *addr_of_tablesize, int *addr_of_tableidx) { gpg_error_t err = 0; - estream_t fp; + FILE *fp; int n, c; char *p, line[256]; trustitem_t *table, *ti; int tableidx; size_t tablesize; int lnr = 0; - + table = *addr_of_table; tablesize = *addr_of_tablesize; tableidx = *addr_of_tableidx; - fp = es_fopen (fname, "r"); + fp = fopen (fname, "r"); if (!fp) { err = gpg_error_from_syserror (); - log_error (_("error opening '%s': %s\n"), fname, gpg_strerror (err)); + log_error (_("error opening `%s': %s\n"), fname, gpg_strerror (err)); goto leave; } - while (es_fgets (line, DIM(line)-1, fp)) + while (fgets (line, DIM(line)-1, fp)) { lnr++; - - n = strlen (line); - if (!n || line[n-1] != '\n') + + if (!*line || line[strlen(line)-1] != '\n') { /* Eat until end of line. */ - while ( (c=es_getc (fp)) != EOF && c != '\n') + while ( (c=getc (fp)) != EOF && c != '\n') ; err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG : GPG_ERR_INCOMPLETE_LINE); - log_error (_("file '%s', line %d: %s\n"), + log_error (_("file `%s', line %d: %s\n"), fname, lnr, gpg_strerror (err)); continue; } - line[--n] = 0; /* Chop the LF. */ - if (n && line[n-1] == '\r') - line[--n] = 0; /* Chop an optional CR. */ - + line[strlen(line)-1] = 0; /* Chop the LF. */ + /* Allow for empty lines and spaces */ for (p=line; spacep (p); p++) ; if (!*p || *p == '#') continue; - + if (!strncmp (p, "include-default", 15) && (!p[15] || spacep (p+15))) { @@ -189,7 +168,7 @@ if (!allow_include) { - log_error (_("statement \"%s\" ignored in '%s', line %d\n"), + log_error (_("statement \"%s\" ignored in `%s', line %d\n"), "include-default", fname, lnr); continue; } @@ -197,13 +176,13 @@ etcname = make_filename (gnupg_sysconfdir (), "trustlist.txt", NULL); if ( !strcmp (etcname, fname) ) /* Same file. */ - log_info (_("statement \"%s\" ignored in '%s', line %d\n"), + log_info (_("statement \"%s\" ignored in `%s', line %d\n"), "include-default", fname, lnr); else if ( access (etcname, F_OK) && errno == ENOENT ) { /* A non existent system trustlist is not an error. Just print a note. */ - log_info (_("system trustlist '%s' not available\n"), etcname); + log_info (_("system trustlist `%s' not available\n"), etcname); } else { @@ -213,7 +192,7 @@ err = err2; } xfree (etcname); - + continue; } @@ -221,7 +200,7 @@ { trustitem_t *tmp; size_t tmplen; - + tmplen = tablesize + 20; tmp = xtryrealloc (table, tmplen * sizeof *table); if (!tmp) @@ -247,14 +226,14 @@ n = hexcolon2bin (p, ti->fpr, 20); if (n < 0) { - log_error (_("bad fingerprint in '%s', line %d\n"), fname, lnr); - err = gpg_error (GPG_ERR_BAD_DATA); + log_error (_("bad fingerprint in `%s', line %d\n"), fname, lnr); + err = gpg_error (GPG_ERR_BAD_DATA); continue; } p += n; for (; spacep (p); p++) ; - + /* Process the first flag which needs to be the first for backward compatibility. */ if (!*p || *p == '*' ) @@ -272,14 +251,14 @@ } else { - log_error (_("invalid keyflag in '%s', line %d\n"), fname, lnr); + log_error (_("invalid keyflag in `%s', line %d\n"), fname, lnr); err = gpg_error (GPG_ERR_BAD_DATA); continue; } p++; if ( *p && !spacep (p) ) { - log_error (_("invalid keyflag in '%s', line %d\n"), fname, lnr); + log_error (_("invalid keyflag in `%s', line %d\n"), fname, lnr); err = gpg_error (GPG_ERR_BAD_DATA); continue; } @@ -295,7 +274,7 @@ if (p[n] == '=') { log_error ("assigning a value to a flag is not yet supported; " - "in '%s', line %d\n", fname, lnr); + "in `%s', line %d\n", fname, lnr); err = gpg_error (GPG_ERR_BAD_DATA); p++; } @@ -304,21 +283,22 @@ else if (n == 2 && !memcmp (p, "cm", 2)) ti->flags.cm = 1; else - log_error ("flag '%.*s' in '%s', line %d ignored\n", + log_error ("flag `%.*s' in `%s', line %d ignored\n", n, p, fname, lnr); p += n; } tableidx++; } - if ( !err && !es_feof (fp) ) + if ( !err && !feof (fp) ) { err = gpg_error_from_syserror (); - log_error (_("error reading '%s', line %d: %s\n"), + log_error (_("error reading `%s', line %d: %s\n"), fname, lnr, gpg_strerror (err)); } leave: - es_fclose (fp); + if (fp) + fclose (fp); *addr_of_table = table; *addr_of_tablesize = tablesize; *addr_of_tableidx = tableidx; @@ -326,8 +306,7 @@ } -/* Read the trust files and update the global table on success. The - trusttable is assumed to be locked. */ +/* Read the trust files and update the global table on success. */ static gpg_error_t read_trustfiles (void) { @@ -352,7 +331,7 @@ else { err = gpg_error_from_syserror (); - log_error (_("error opening '%s': %s\n"), fname, gpg_strerror (err)); + log_error (_("error opening `%s': %s\n"), fname, gpg_strerror (err)); } xfree (fname); fname = make_filename (gnupg_sysconfdir (), "trustlist.txt", NULL); @@ -368,7 +347,11 @@ if (gpg_err_code (err) == GPG_ERR_ENOENT) { /* Take a missing trustlist as an empty one. */ - clear_trusttable (); + lock_trusttable (); + xfree (trusttable); + trusttable = NULL; + trusttablesize = 0; + unlock_trusttable (); err = 0; } return err; @@ -383,23 +366,22 @@ return err; } - /* Replace the trusttable. */ + lock_trusttable (); xfree (trusttable); trusttable = ti; trusttablesize = tableidx; + unlock_trusttable (); return 0; } + /* Check whether the given fpr is in our trustdb. We expect FPR to be - an all uppercase hexstring of 40 characters. If ALREADY_LOCKED is - true the function assumes that the trusttable is already locked. */ -static gpg_error_t -istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled, - int already_locked) + an all uppercase hexstring of 40 characters. */ +gpg_error_t +agent_istrusted (ctrl_t ctrl, const char *fpr, int *r_disabled) { gpg_error_t err; - int locked = already_locked; trustitem_t *ti; size_t len; unsigned char fprbin[20]; @@ -408,16 +390,7 @@ *r_disabled = 0; if ( hexcolon2bin (fpr, fprbin, 20) < 0 ) - { - err = gpg_error (GPG_ERR_INV_VALUE); - goto leave; - } - - if (!already_locked) - { - lock_trusttable (); - locked = 1; - } + return gpg_error (GPG_ERR_INV_VALUE); if (!trusttable) { @@ -425,7 +398,7 @@ if (err) { log_error (_("error reading list of trusted root certificates\n")); - goto leave; + return err; } } @@ -437,48 +410,31 @@ if (ti->flags.disabled && r_disabled) *r_disabled = 1; - /* Print status messages only if we have not been called - in a locked state. */ - if (already_locked) - ; - else if (ti->flags.relax) + if (ti->flags.relax) { - unlock_trusttable (); - locked = 0; - err = agent_write_status (ctrl, "TRUSTLISTFLAG", "relax", NULL); + err = agent_write_status (ctrl, + "TRUSTLISTFLAG", "relax", + NULL); + if (err) + return err; } else if (ti->flags.cm) { - unlock_trusttable (); - locked = 0; - err = agent_write_status (ctrl, "TRUSTLISTFLAG", "cm", NULL); + err = agent_write_status (ctrl, + "TRUSTLISTFLAG", "cm", + NULL); + if (err) + return err; } - - if (!err) - err = ti->flags.disabled? gpg_error (GPG_ERR_NOT_TRUSTED) : 0; - goto leave; + return ti->flags.disabled? gpg_error (GPG_ERR_NOT_TRUSTED) : 0; } } - err = gpg_error (GPG_ERR_NOT_TRUSTED); - - leave: - if (locked && !already_locked) - unlock_trusttable (); - return err; -} - - -/* Check whether the given fpr is in our trustdb. We expect FPR to be - an all uppercase hexstring of 40 characters. */ -gpg_error_t -agent_istrusted (ctrl_t ctrl, const char *fpr, int *r_disabled) -{ - return istrusted_internal (ctrl, fpr, r_disabled, 0); + return gpg_error (GPG_ERR_NOT_TRUSTED); } /* Write all trust entries to FP. */ -gpg_error_t +gpg_error_t agent_listtrusted (void *assuan_context) { trustitem_t *ti; @@ -486,13 +442,11 @@ gpg_error_t err; size_t len; - lock_trusttable (); if (!trusttable) { err = read_trustfiles (); if (err) { - unlock_trusttable (); log_error (_("error reading list of trusted root certificates\n")); return err; } @@ -500,6 +454,9 @@ if (trusttable) { + /* We need to lock the table because the scheduler may interrupt + assuan_send_data and an other thread may then re-read the table. */ + lock_trusttable (); for (ti=trusttable, len = trusttablesize; len; ti++, len--) { if (ti->flags.disabled) @@ -512,9 +469,9 @@ assuan_send_data (assuan_context, key, 43); assuan_send_data (assuan_context, NULL, 0); /* flush */ } + unlock_trusttable (); } - unlock_trusttable (); return 0; } @@ -574,7 +531,7 @@ count++; newname = xtrymalloc (strlen (name) + count*replstringlen + 1); if (!newname) - return NULL; + return NULL; for (s=name+1, d=newname; *s; s++) if (*s == '/') d = stpcpy (d, replstring); @@ -587,10 +544,10 @@ /* Insert the given fpr into our trustdb. We expect FPR to be an all uppercase hexstring of 40 characters. FLAG is either 'P' or 'C'. - This function does first check whether that key has already been - put into the trustdb and returns success in this case. Before a - FPR actually gets inserted, the user is asked by means of the - Pinentry whether this is actual what he wants to do. */ + This function does first check whether that key has already been put + into the trustdb and returns success in this case. Before a FPR + actually gets inserted, the user is asked by means of the Pinentry + whether this is actual want he wants to do. */ gpg_error_t agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag) { @@ -613,7 +570,7 @@ { xfree (fname); return gpg_error (GPG_ERR_EPERM); - } + } xfree (fname); if (!agent_istrusted (ctrl, fpr, &is_disabled)) @@ -621,7 +578,7 @@ return 0; /* We already got this fingerprint. Silently return success. */ } - + /* This feature must explicitly been enabled. */ if (!opt.allow_mark_trusted) return gpg_error (GPG_ERR_NOT_SUPPORTED); @@ -651,16 +608,16 @@ plain % sign, you need to encode it as "%%25". The "%s" gets replaced by the name as stored in the certificate. */ - L_("Do you ultimately trust%%0A" - " \"%s\"%%0A" - "to correctly certify user certificates?"), + _("Do you ultimately trust%%0A" + " \"%s\"%%0A" + "to correctly certify user certificates?"), nameformatted); if (!desc) { xfree (nameformatted); return out_of_core (); } - err = agent_get_confirmation (ctrl, desc, L_("Yes"), L_("No"), 1); + err = agent_get_confirmation (ctrl, desc, _("Yes"), _("No"), 1); xfree (desc); if (!err) yes_i_trust = 1; @@ -671,7 +628,7 @@ xfree (nameformatted); return err; } - + fprformatted = insert_colons (fpr); if (!fprformatted) @@ -684,7 +641,7 @@ fingerprint of course. */ if (yes_i_trust) { - desc = xtryasprintf + desc = xtryasprintf ( /* TRANSLATORS: This prompt is shown by the Pinentry and has one special property: A "%%0A" is used by Pinentry to @@ -694,21 +651,21 @@ "%%25". The second "%s" gets replaced by a hexdecimal fingerprint string whereas the first one receives the name as stored in the certificate. */ - L_("Please verify that the certificate identified as:%%0A" - " \"%s\"%%0A" - "has the fingerprint:%%0A" - " %s"), nameformatted, fprformatted); + _("Please verify that the certificate identified as:%%0A" + " \"%s\"%%0A" + "has the fingerprint:%%0A" + " %s"), nameformatted, fprformatted); if (!desc) { xfree (fprformatted); xfree (nameformatted); return out_of_core (); } - + /* TRANSLATORS: "Correct" is the label of a button and intended to be hit if the fingerprint matches the one of the CA. The other button is "the default "Cancel" of the Pinentry. */ - err = agent_get_confirmation (ctrl, desc, L_("Correct"), L_("Wrong"), 1); + err = agent_get_confirmation (ctrl, desc, _("Correct"), _("Wrong"), 1); xfree (desc); if (gpg_err_code (err) == GPG_ERR_NOT_CONFIRMED) yes_i_trust = 0; @@ -724,23 +681,23 @@ /* Now check again to avoid duplicates. We take the lock to make sure that nobody else plays with our file and force a reread. */ lock_trusttable (); - clear_trusttable (); - if (!istrusted_internal (ctrl, fpr, &is_disabled, 1) || is_disabled) + agent_reload_trustlist (); + if (!agent_istrusted (ctrl, fpr, &is_disabled) || is_disabled) { unlock_trusttable (); xfree (fprformatted); xfree (nameformatted); - return is_disabled? gpg_error (GPG_ERR_NOT_TRUSTED) : 0; + return is_disabled? gpg_error (GPG_ERR_NOT_TRUSTED) : 0; } fname = make_filename (opt.homedir, "trustlist.txt", NULL); if ( access (fname, F_OK) && errno == ENOENT) { - fp = es_fopen (fname, "wx,mode=-rw-r"); + fp = es_fopen (fname, "wx"); if (!fp) { err = gpg_error_from_syserror (); - log_error ("can't create '%s': %s\n", fname, gpg_strerror (err)); + log_error ("can't create `%s': %s\n", fname, gpg_strerror (err)); xfree (fname); unlock_trusttable (); xfree (fprformatted); @@ -750,11 +707,11 @@ es_fputs (headerblurb, fp); es_fclose (fp); } - fp = es_fopen (fname, "a+,mode=-rw-r"); + fp = es_fopen (fname, "a+"); if (!fp) { err = gpg_error_from_syserror (); - log_error ("can't open '%s': %s\n", fname, gpg_strerror (err)); + log_error ("can't open `%s': %s\n", fname, gpg_strerror (err)); xfree (fname); unlock_trusttable (); xfree (fprformatted); @@ -778,17 +735,15 @@ flag == 'S'? " relax":""); if (es_ferror (fp)) err = gpg_error_from_syserror (); - + if (es_fclose (fp)) err = gpg_error_from_syserror (); - clear_trusttable (); + agent_reload_trustlist (); xfree (fname); unlock_trusttable (); xfree (fprformatted); xfree (nameformatted); - if (!err) - bump_key_eventcounter (); return err; } @@ -801,7 +756,9 @@ /* All we need to do is to delete the trusttable. At the next access it will get re-read. */ lock_trusttable (); - clear_trusttable (); + xfree (trusttable); + trusttable = NULL; + trusttablesize = 0; unlock_trusttable (); bump_key_eventcounter (); } diff -Nru gnupg2-2.1.6/am/cmacros.am gnupg2-2.0.28/am/cmacros.am --- gnupg2-2.1.6/am/cmacros.am 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/am/cmacros.am 2015-06-02 08:13:55.000000000 +0000 @@ -18,8 +18,6 @@ localedir = $(datadir)/locale -# NB: AM_CFLAGS may also be used by tools running on the build -# platform to create source files. AM_CPPFLAGS += -DLOCALEDIR=\"$(localedir)\" if ! HAVE_DOSISH_SYSTEM @@ -27,8 +25,7 @@ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" \ -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" \ -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \ - -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" \ - -DGNUPG_LOCALSTATEDIR="\"$(localstatedir)\"" + -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" endif @@ -50,22 +47,6 @@ if GNUPG_PROTECT_TOOL_PGM AM_CPPFLAGS += -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\"" endif -if GNUPG_DIRMNGR_LDAP_PGM -AM_CPPFLAGS += -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\"" -endif - -# Under Windows we use LockFileEx. WindowsCE provides this only on -# the WindowsMobile 6 platform and thus we need to use the coredll6 -# import library. We also want to use a stacksize of 256k instead of -# the 2MB which is the default with cegcc. 256k is the largest stack -# we use with pth. -if HAVE_W32CE_SYSTEM -extra_sys_libs = -lcoredll6 -extra_bin_ldflags = -Wl,--stack=0x40000 -else -extra_sys_libs = -extra_bin_ldflags = -endif if HAVE_W32_SYSTEM .rc.o: @@ -77,5 +58,4 @@ # Convenience macros libcommon = ../common/libcommon.a libcommonpth = ../common/libcommonpth.a -libcommontls = ../common/libcommontls.a -libcommontlsnpth = ../common/libcommontlsnpth.a + diff -Nru gnupg2-2.1.6/AUTHORS gnupg2-2.0.28/AUTHORS --- gnupg2-2.1.6/AUTHORS 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/AUTHORS 2015-06-02 08:13:55.000000000 +0000 @@ -1,7 +1,5 @@ Program: GnuPG Homepage: https://www.gnupg.org -Download: ftp://ftp.gnupg.org/gcrypt/gnupg/ -Repository: git://git.gnupg.org/gnupg.git Maintainer: Werner Koch Bug reports: http://bugs.gnupg.org Security related bug reports: @@ -12,37 +10,12 @@ 2000-2013, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually. -List of Copyright holders -========================= - - Copyright (C) 1997-2015 Werner Koch - Copyright (C) 1994-2015 Free Software Foundation, Inc. - Copyright (C) 2003-2013 g10 Code GmbH - Copyright (C) 2002 Klarälvdalens Datakonsult AB - Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper - Copyright (C) 1994 X Consortium - Copyright (C) 1998 by The Internet Society. - Copyright (C) 1998-2004 The OpenLDAP Foundation - Copyright (C) 1998-2004 Kurt D. Zeilenga. - Copyright (C) 1998-2004 Net Boolean Incorporated. - Copyright (C) 2001-2004 IBM Corporation. - Copyright (C) 1999-2003 Howard Y.H. Chu. - Copyright (C) 1999-2003 Symas Corporation. - Copyright (C) 1998-2003 Hallvard B. Furuseth. - Copyright (C) 1992-1996 Regents of the University of Michigan. - - Authors with a FSF copyright assignment ======================================= Ales Nyakhaychyk Translations [be] -Andrey Jivsov Assigns past and future changes for ECC. - (g10/ecdh.c. other changes to support ECC) - -Ben Kibbey Assigns past and future changes. - Birger Langkjer Translations [da] Maxim Britov Translations [ru] @@ -125,6 +98,8 @@ Pedro Morais Translations [pt_PT] +Petr Pisar Translations [cs] + Rémi Guyomarch Assigns past and future changes. (g10/compress.c, g10/encr-data.c, g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c) @@ -154,45 +129,12 @@ Yuri Chornoivan, yurchor at ukr dot net: Translations [uk] -Yutaka Niibe Assigns Past and Future Changes - (scd/) - Authors with a DCO ================== -Andre Heinecke -2014-09-19:4525694.FcpLvWDUFT@esus: - -Andreas Schwier -2014-07-22:53CED1D8.1010306@cardcontact.de: - -Christian Aistleitner -2013-05-26:20130626112332.GA2228@quelltextlich.at: - -Damien Goutte-Gattat -2015-01-17:54BA49AA.2040708@incenp.org: - -Daniel Kahn Gillmor -2014-09-24:87oau6w9q7.fsf@alice.fifthhorseman.net: - -Hans of Guardian -2013-06-26:D84473D7-F3F7-43D5-A9CE-16580B88D574@guardianproject.info: - -Jonas Borgström -2013-08-29:521F1E7A.5080602@borgstrom.se: - -Joshua Rogers -2014-12-22:5497FE75.7010503@internot.info: - -Kyle Butt -2013-05-29:CAAODAYLbCtqOG6msLLL0UTdASKWT6u2ptxsgUQ1JpusBESBoNQ@mail.gmail.com: - -Stefan Tomanek -2014-01-30:20140129234449.GY30808@zirkel.wertarbyte.de: - -Werner Koch -2013-03-29:87620ahchj.fsf@vigenere.g10code.de: +The list of authors who signed the Developer's Certificate of Origin +is kept in the GIT master branch's copy of this file. Other authors @@ -202,6 +144,10 @@ 2013-03-29; the need for copyright disclaimers for translations already in December 2012. +The files common/libestream.[ch] are maintained as a separate project +by g10 Code GmbH. These files, as used here, are considered part of +GnuPG. + The RPM specs file scripts/gnupg.spec has been contributed by several people. @@ -216,18 +162,31 @@ ========= GnuPG is distributed under the GNU General Public License, version 3 -or later. - -Note that some files are under a combination of the GNU Lesser General -Public License, version 3 and the GNU General Public License, version -2. A few other files carry the all permissive license note as found -at the bottom of this file. +or later. A few files are under the Lesser General Public License, a +few other files carry the all permissive license note as found at the +bottom of this file. Certain files in keyserver/ allow one specific +exception: + + In addition, as a special exception, the Free Software Foundation + gives permission to link the code of the keyserver helper tools: + gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL + project's "OpenSSL" library (or with modified versions of it that + use the same license as the "OpenSSL" library), and distribute the + linked executables. You must obey the GNU General Public License + in all respects for all of the code used other than "OpenSSL". If + you modify this file, you may extend this exception to your version + of the file, but you are not obligated to do so. If you do not + wish to do so, delete this exception statement from your version. +Note that the gpgkeys_* binaries are currently installed under the +name gpg2keys_*. ========= - Copyright 1998-2013 Free Software Foundation, Inc. - Copyright 1997-2014 Werner Koch + Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, + 2006, 2007, 2008, 2009, 2010, 2011, + 2012, 2013 Free Software Foundation, Inc. + Copyright 1997, 1998, 2013, 2014 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -236,3 +195,4 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + diff -Nru gnupg2-2.1.6/autogen.rc gnupg2-2.0.28/autogen.rc --- gnupg2-2.1.6/autogen.rc 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/autogen.rc 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ -# autogen.sh configuration for GnuPG -*- sh -*- - -#version_parts=3 - -case "$myhost:$myhostsub" in - w32:ce) - extraoptions="--enable-dirmngr-auto-start --disable-scdaemon " - extraoptions="$extraoptions --disable-zip --enable-gpg2-is-gpg" - ;; - w32:) - extraoptions="--enable-gpgtar" - ;; -esac - -case "$myhost" in - w32) - configure_opts=" - --with-gpg-error-prefix=@SYSROOT@ - --with-ksba-prefix=@SYSROOT@ - --with-libgcrypt-prefix=@SYSROOT@ - --with-libassuan-prefix=@SYSROOT@ - --with-zlib=@SYSROOT@ - --with-regex=@SYSROOT@ - --with-npth-prefix=@SYSROOT@ - --with-adns=@SYSROOT@ - --disable-g13 - " - ;; - - amd64) - configure_opts=" - --with-gpg-error-prefix=@SYSROOT@ - --with-ksba-prefix=@SYSROOT@ - --with-libgcrypt-prefix=@SYSROOT@ - --with-libassuan-prefix=@SYSROOT@ - --with-zlib=/usr/x86_64-linux-gnu/usr - --with-pth-prefix=/usr/x86_64-linux-gnu/usr - " - ;; -esac - - -extra_aclocal_flags="" - -final_info="./configure --sysconfdir=/etc --enable-maintainer-mode && make" diff -Nru gnupg2-2.1.6/autogen.sh gnupg2-2.0.28/autogen.sh --- gnupg2-2.1.6/autogen.sh 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/autogen.sh 2015-06-02 08:13:55.000000000 +0000 @@ -1,6 +1,7 @@ #! /bin/sh -# autogen.sh -# Copyright (C) 2003, 2014 g10 Code GmbH +# Run this to generate all the initial makefiles, etc. +# +# Copyright (C) 2003 g10 Code GmbH # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -9,13 +10,6 @@ # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. -# -# This is a generic script to create the configure script and handle cross -# build environments. It requires the presence of a autogen.rc file to -# configure it for the respective package. It is maintained as part of -# GnuPG and source copied by other packages. -# -# Version: 2014-06-06 configure_ac="configure.ac" @@ -24,7 +18,7 @@ } check_version () { - if [ $(( `("$1" --version || echo "0") | cvtver` >= $2 )) = 1 ]; then + if [ `("$1" --version || echo "0") | cvtver` -ge "$2" ]; then return 0 fi echo "**Error**: "\`$1\'" not installed or too old." >&2 @@ -34,29 +28,6 @@ return 1 } -fatal () { - echo "autogen.sh:" "$*" >&2 - DIE=yes -} - -info () { - if [ -z "${SILENT}" ]; then - echo "autogen.sh:" "$*" >&2 - fi -} - -die_p () { - if [ "$DIE" = "yes" ]; then - echo "autogen.sh: Stop." >&2 - exit 1 - fi -} - -replace_sysroot () { - configure_opts=$(echo $configure_opts | sed "s#@SYSROOT@#${w32root}#g") - extraoptions=$(echo $extraoptions | sed "s#@SYSROOT@#${w32root}#g") -} - # Allow to override the default tool names AUTOCONF=${AUTOCONF_PREFIX}${AUTOCONF:-autoconf}${AUTOCONF_SUFFIX} AUTOHEADER=${AUTOCONF_PREFIX}${AUTOHEADER:-autoheader}${AUTOCONF_SUFFIX} @@ -69,219 +40,29 @@ DIE=no FORCE= -SILENT= -PRINT_HOST=no -PRINT_BUILD=no -tmp=$(dirname "$0") -tsdir=$(cd "${tmp}"; pwd) -version_parts=3 - -if [ -n "${AUTOGEN_SH_SILENT}" ]; then - SILENT=" --silent" -fi -if test x"$1" = x"--help"; then - echo "usage: ./autogen.sh [--silent] [--force] [--build-TYPE] [ARGS]" - exit 0 -fi -if test x"$1" = x"--silent"; then - SILENT=" --silent" - shift -fi if test x"$1" = x"--force"; then FORCE=" --force" shift fi -if test x"$1" = x"--print-host"; then - PRINT_HOST=yes - shift -fi -if test x"$1" = x"--print-build"; then - PRINT_BUILD=yes - shift -fi - -# Reject unsafe characters in $HOME, $tsdir and cwd. We consider spaces -# as unsafe because it is too easy to get scripts wrong in this regard. -am_lf=' -' -case `pwd` in - *[\;\\\"\#\$\&\'\`$am_lf\ \ ]*) - fatal "unsafe working directory name" ;; -esac -case $tsdir in - *[\;\\\"\#\$\&\'\`$am_lf\ \ ]*) - fatal "unsafe source directory: \`$tsdir'" ;; -esac -case $HOME in - *[\;\\\"\#\$\&\'\`$am_lf\ \ ]*) - fatal "unsafe home directory: \`$HOME'" ;; -esac -die_p - - -# List of variables sourced from autogen.rc. The strings '@SYSROOT@' in -# these variables are replaced by the actual system root. -configure_opts= -extraoptions= -# List of optional variables sourced from autogen.rc and ~/.gnupg-autogen.rc -w32_toolprefixes= -w32_extraoptions= -w32ce_toolprefixes= -w32ce_extraoptions= -w64_toolprefixes= -w64_extraoptions= -amd64_toolprefixes= -# End list of optional variables sourced from ~/.gnupg-autogen.rc -# What follows are variables which are sourced but default to -# environment variables or lacking them hardcoded values. -#w32root= -#w32ce_root= -#w64root= -#amd64root= - -# Convenience option to use certain configure options for some hosts. -myhost="" -myhostsub="" -case "$1" in - --find-version) - myhost="find-version" - SILENT=" --silent" - shift - ;; - --build-w32) - myhost="w32" - shift - ;; - --build-w32ce) - myhost="w32" - myhostsub="ce" - shift - ;; - --build-w64) - myhost="w32" - myhostsub="64" - shift - ;; - --build-amd64) - myhost="amd64" - shift - ;; - --build*) - fatal "**Error**: invalid build option $1" - shift - ;; - *) - ;; -esac -die_p - - -# Source our configuration -if [ -f "${tsdir}/autogen.rc" ]; then - . "${tsdir}/autogen.rc" -fi - -# Source optional site specific configuration -if [ -f "$HOME/.gnupg-autogen.rc" ]; then - info "sourcing extra definitions from $HOME/.gnupg-autogen.rc" - . "$HOME/.gnupg-autogen.rc" -fi - - -# **** FIND VERSION **** -# This is a helper for the configure.ac M4 magic -# Called -# ./autogen.sh --find-version PACKAGE MAJOR MINOR [MICRO] -# returns a complete version string with automatic beta numbering. -if [ "$myhost" = "find-version" ]; then - package="$1" - major="$2" - minor="$3" - micro="$4" - - case "$version_parts" in - 2) - matchstr1="$package-$major.[0-9]*" - matchstr2="$package-$major-base" - vers="$major.$minor" - ;; - *) - matchstr1="$package-$major.$minor.[0-9]*" - matchstr2="$package-$major.$minor-base" - vers="$major.$minor.$micro" - ;; - esac - - beta=no - if [ -d .git ]; then - ingit=yes - tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null) - if [ -n "$tmp" ]; then - tmp=$(echo "$tmp"|awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}') - else - tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \ - | awk -F- '$4!=0{print"-beta"$4}') - fi - [ -n "$tmp" ] && beta=yes - rev=$(git rev-parse --short HEAD | tr -d '\n\r') - rvd=$((0x$(echo ${rev} | head -c 4))) - else - ingit=no - beta=yes - tmp="-unknown" - rev="0000000" - rvd="0" +# ***** W32 build script ******* +# Used to cross-compile for Windows. +if test "$1" = "--build-w32"; then + tmp=`dirname $0` + tsdir=`cd "$tmp"; pwd` + shift + if [ ! -f $tsdir/scripts/config.guess ]; then + echo "$tsdir/scripts/config.guess not found" >&2 + exit 1 fi + build=`$tsdir/scripts/config.guess` - echo "$package-$vers$tmp:$beta:$ingit:$vers$tmp:$vers:$tmp:$rev:$rvd:" - exit 0 -fi -# **** end FIND VERSION **** - - -if [ ! -f "$tsdir/build-aux/config.guess" ]; then - fatal "$tsdir/build-aux/config.guess not found" - exit 1 -fi -build=`$tsdir/build-aux/config.guess` -if [ $PRINT_BUILD = yes ]; then - echo "$build" - exit 0 -fi - - - -# ****************** -# W32 build script -# ****************** -if [ "$myhost" = "w32" ]; then - case $myhostsub in - ce) - w32root="$w32ce_root" - [ -z "$w32root" ] && w32root="$HOME/w32ce_root" - toolprefixes="$w32ce_toolprefixes arm-mingw32ce" - extraoptions="$extraoptions $w32ce_extraoptions" - ;; - 64) - w32root="$w64root" - [ -z "$w32root" ] && w32root="$HOME/w64root" - toolprefixes="$w64_toolprefixes x86_64-w64-mingw32" - extraoptions="$extraoptions $w64_extraoptions" - ;; - *) - [ -z "$w32root" ] && w32root="$HOME/w32root" - toolprefixes="$w32_toolprefixes i686-w64-mingw32 i586-mingw32msvc" - toolprefixes="$toolprefixes i386-mingw32msvc mingw32" - extraoptions="$extraoptions $w32_extraoptions" - ;; - esac - info "Using $w32root as standard install directory" - replace_sysroot + [ -z "$w32root" ] && w32root="$HOME/w32root" + echo "Using $w32root as standard install directory" >&2 # Locate the cross compiler crossbindir= - for host in $toolprefixes; do + for host in i686-w64-mingw32 i586-mingw32msvc i386-mingw32msvc mingw32; do if ${host}-gcc --version >/dev/null 2>&1 ; then crossbindir=/usr/${host}/bin conf_CC="CC=${host}-gcc" @@ -289,29 +70,32 @@ fi done if [ -z "$crossbindir" ]; then - fatal "cross compiler kit not installed" - if [ -z "$myhostsub" ]; then - info "Under Debian GNU/Linux, you may install it using" - info " apt-get install mingw32 mingw32-runtime mingw32-binutils" - fi - die_p - fi - if [ $PRINT_HOST = yes ]; then - echo "$host" - exit 0 + echo "Cross compiler kit not installed" >&2 + echo "Under Debian GNU/Linux, you may install it using" >&2 + echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 + echo "Stop." >&2 + exit 1 fi if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then - fatal "Please run a 'make distclean' first" - die_p + echo "Please run a 'make distclean' first" >&2 + exit 1 fi fi - $tsdir/configure --enable-maintainer-mode ${SILENT} \ - --prefix=${w32root} \ - --host=${host} --build=${build} SYSROOT=${w32root} \ - ${configure_opts} ${extraoptions} "$@" + $tsdir/configure --enable-maintainer-mode --prefix=${w32root} \ + --host=${host} --build=${build} \ + --enable-gpgtar \ + --with-gpg-error-prefix=${w32root} \ + --with-ksba-prefix=${w32root} \ + --with-libgcrypt-prefix=${w32root} \ + --with-libassuan-prefix=${w32root} \ + --with-zlib=${w32root} \ + --with-regex=${w32root} \ + --with-pth-prefix=${w32root} \ + --with-libiconv-prefix=${w32root} \ + --with-adns=${w32root} "$@" rc=$? exit $rc fi @@ -319,16 +103,22 @@ # ***** AMD64 cross build script ******* # Used to cross-compile for AMD64 (for testing) -if [ "$myhost" = "amd64" ]; then - [ -z "$amd64root" ] && amd64root="$HOME/amd64root" - info "Using $amd64root as standard install directory" - replace_sysroot +if test "$1" = "--build-amd64"; then + tmp=`dirname $0` + tsdir=`cd "$tmp"; pwd` + shift + if [ ! -f $tsdir/scripts/config.guess ]; then + echo "$tsdir/scripts/config.guess not found" >&2 + exit 1 + fi + build=`$tsdir/scripts/config.guess` - toolprefixes="$amd64_toolprefixes x86_64-linux-gnu amd64-linux-gnu" + [ -z "$amd64root" ] && amd64root="$HOME/amd64root" + echo "Using $amd64root as standard install directory" >&2 # Locate the cross compiler crossbindir= - for host in $toolprefixes ; do + for host in x86_64-linux-gnu amd64-linux-gnu; do if ${host}-gcc --version >/dev/null 2>&1 ; then crossbindir=/usr/${host}/bin conf_CC="CC=${host}-gcc" @@ -340,10 +130,6 @@ echo "Stop." >&2 exit 1 fi - if [ $PRINT_HOST = yes ]; then - echo "$host" - exit 0 - fi if [ -f "$tsdir/config.log" ]; then if ! head $tsdir/config.log | grep "$host" >/dev/null; then @@ -352,10 +138,14 @@ fi fi - $tsdir/configure --enable-maintainer-mode ${SILENT} \ - --prefix=${amd64root} \ + $tsdir/configure --enable-maintainer-mode --prefix=${amd64root} \ --host=${host} --build=${build} \ - ${configure_opts} ${extraoptions} "$@" + --with-gpg-error-prefix=${amd64root} \ + --with-ksba-prefix=${amd64root} \ + --with-libgcrypt-prefix=${amd64root} \ + --with-libassuan-prefix=${amd64root} \ + --with-zlib=/usr/x86_64-linux-gnu/usr \ + --with-pth-prefix=/usr/x86_64-linux-gnu/usr rc=$? exit $rc fi @@ -375,15 +165,12 @@ }' ${configure_ac}` automake_vers_num=`echo "$automake_vers" | cvtver` -if [ -d "${tsdir}/po" ]; then - gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { +gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { s/^.*\[\(.*\)])/\1/p q }' ${configure_ac}` - gettext_vers_num=`echo "$gettext_vers" | cvtver` -else - gettext_vers="n/a" -fi +gettext_vers_num=`echo "$gettext_vers" | cvtver` + if [ -z "$autoconf_vers" -o -z "$automake_vers" -o -z "$gettext_vers" ] then @@ -398,71 +185,60 @@ if check_version $AUTOMAKE $automake_vers_num $automake_vers; then check_version $ACLOCAL $automake_vers_num $autoconf_vers automake fi -if [ "$gettext_vers" != "n/a" ]; then - if check_version $GETTEXT $gettext_vers_num $gettext_vers; then - check_version $MSGMERGE $gettext_vers_num $gettext_vers gettext - fi +if check_version $GETTEXT $gettext_vers_num $gettext_vers; then + check_version $MSGMERGE $gettext_vers_num $gettext_vers gettext fi -if [ "$DIE" = "yes" ]; then +if test "$DIE" = "yes"; then cat <&2 *** Activating trailing whitespace git pre-commit hook. *** For more information see this thread: http://mail.gnome.org/archives/desktop-devel-list/2009-May/msg00084html To deactivate this pre-commit hook again move .git/hooks/pre-commit and .git/hooks/pre-commit.sample out of the way. EOF - $CP .git/hooks/pre-commit.sample .git/hooks/pre-commit - chmod +x .git/hooks/pre-commit + cp .git/hooks/pre-commit.sample .git/hooks/pre-commit + chmod -c +x .git/hooks/pre-commit fi - - if [ "$gettext_vers" != "n/a" ]; then - tmp=$(git config --get filter.cleanpo.clean) - if [ "$tmp" != \ - "awk '/^\"POT-Creation-Date:/&&!s{s=1;next};!/^#: /{print}'" ] - then - info "*** Adding GIT filter.cleanpo.clean configuration." - git config --add filter.cleanpo.clean \ + tmp=$(git config --get filter.cleanpo.clean) + if [ "$tmp" != "awk '/^\"POT-Creation-Date:/&&!s{s=1;next};!/^#: /{print}'" ] + then + echo "*** Adding GIT filter.cleanpo.clean configuration." >&2 + git config --add filter.cleanpo.clean \ "awk '/^\"POT-Creation-Date:/&&!s{s=1;next};!/^#: /{print}'" - fi fi - if [ -f build-aux/git-hooks/commit-msg -a ! -f .git/hooks/commit-msg ] ; then - [ -z "${SILENT}" ] && cat <&2 *** Activating commit log message check hook. *** EOF - $CP build-aux/git-hooks/commit-msg .git/hooks/commit-msg - chmod +x .git/hooks/commit-msg + cp scripts/git-hooks/commit-msg .git/hooks/commit-msg + chmod -c +x .git/hooks/commit-msg fi fi -aclocal_flags="-I m4" -if [ -n "${extra_aclocal_flags}" ]; then - aclocal_flags="${aclocal_flags} ${extra_aclocal_flags}" -fi -if [ -n "${ACLOCAL_FLAGS}" ]; then - aclocal_flags="${aclocal_flags} ${ACLOCAL_FLAGS}" -fi -info "Running $ACLOCAL ${aclocal_flags} ..." -$ACLOCAL ${aclocal_flags} -info "Running autoheader..." + +echo "Running aclocal -I m4 -I gl/m4 ${ACLOCAL_FLAGS:+$ACLOCAL_FLAGS }..." +$ACLOCAL -I m4 -I gl/m4 $ACLOCAL_FLAGS +echo "Running autoheader..." $AUTOHEADER -info "Running automake --gnu ..." +echo "Running automake --gnu ..." $AUTOMAKE --gnu; -info "Running autoconf${FORCE} ..." +echo "Running autoconf${FORCE} ..." $AUTOCONF${FORCE} -info "You may now run:${am_lf} ${final_info}" +echo "You may now run: + ./configure --sysconfdir=/etc --enable-maintainer-mode --enable-symcryptrun --enable-mailto --enable-gpgtar && make +" diff -Nru gnupg2-2.1.6/build-aux/ChangeLog-2011 gnupg2-2.0.28/build-aux/ChangeLog-2011 --- gnupg2-2.1.6/build-aux/ChangeLog-2011 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/ChangeLog-2011 1970-01-01 00:00:00.000000000 +0000 @@ -1,62 +0,0 @@ -2011-12-01 Werner Koch - - NB: ChangeLog files are no longer manually maintained. Starting - on December 1st, 2011 we put change information only in the GIT - commit log, and generate a top-level ChangeLog file from logs at - "make dist". See doc/HACKING for details. - -2011-11-29 Werner Koch - - * build-all.sh: Make sure HOME has no unsafe characters. - -2011-11-28 Werner Koch , - Jim Meyering - - * build-all.sh: New. - -2011-08-10 Werner Koch - - * config.guess, config.sub: Update to version 2011-06-03. - -2010-10-26 Werner Koch - - * config.guess: Update to version 2010-09-24. - * config.sub: Update to version 2010-09-11. - -2007-12-14 Werner Koch - - * config.guess, config.sub: Update to version 2007-11-19. - -2007-07-04 Werner Koch - - Switched to GPLv3+. - - * config.sub, config.guess: Updated from current Savannah - upstream. Changed to GPLv3+. - -2007-05-04 Werner Koch - - * texinfo.tex: Updated from gnulib. - -2007-04-04 Werner Koch - - * mail-to-translators: Copied from 1.4 and adjusted. - -2004-09-30 Werner Koch - - * config.guess, config.sub: Updated. - - - Copyright 2004, 2007, 2010 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -Local Variables: -buffer-read-only: t -End: diff -Nru gnupg2-2.1.6/build-aux/compile gnupg2-2.0.28/build-aux/compile --- gnupg2-2.1.6/build-aux/compile 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/compile 1970-01-01 00:00:00.000000000 +0000 @@ -1,347 +0,0 @@ -#! /bin/sh -# Wrapper for compilers which do not understand '-c -o'. - -scriptversion=2012-10-14.11; # UTC - -# Copyright (C) 1999-2013 Free Software Foundation, Inc. -# Written by Tom Tromey . -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# This file is maintained in Automake, please report -# bugs to or send patches to -# . - -nl=' -' - -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent tools from complaining about whitespace usage. -IFS=" "" $nl" - -file_conv= - -# func_file_conv build_file lazy -# Convert a $build file to $host form and store it in $file -# Currently only supports Windows hosts. If the determined conversion -# type is listed in (the comma separated) LAZY, no conversion will -# take place. -func_file_conv () -{ - file=$1 - case $file in - / | /[!/]*) # absolute file, and not a UNC file - if test -z "$file_conv"; then - # lazily determine how to convert abs files - case `uname -s` in - MINGW*) - file_conv=mingw - ;; - CYGWIN*) - file_conv=cygwin - ;; - *) - file_conv=wine - ;; - esac - fi - case $file_conv/,$2, in - *,$file_conv,*) - ;; - mingw/*) - file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` - ;; - cygwin/*) - file=`cygpath -m "$file" || echo "$file"` - ;; - wine/*) - file=`winepath -w "$file" || echo "$file"` - ;; - esac - ;; - esac -} - -# func_cl_dashL linkdir -# Make cl look for libraries in LINKDIR -func_cl_dashL () -{ - func_file_conv "$1" - if test -z "$lib_path"; then - lib_path=$file - else - lib_path="$lib_path;$file" - fi - linker_opts="$linker_opts -LIBPATH:$file" -} - -# func_cl_dashl library -# Do a library search-path lookup for cl -func_cl_dashl () -{ - lib=$1 - found=no - save_IFS=$IFS - IFS=';' - for dir in $lib_path $LIB - do - IFS=$save_IFS - if $shared && test -f "$dir/$lib.dll.lib"; then - found=yes - lib=$dir/$lib.dll.lib - break - fi - if test -f "$dir/$lib.lib"; then - found=yes - lib=$dir/$lib.lib - break - fi - if test -f "$dir/lib$lib.a"; then - found=yes - lib=$dir/lib$lib.a - break - fi - done - IFS=$save_IFS - - if test "$found" != yes; then - lib=$lib.lib - fi -} - -# func_cl_wrapper cl arg... -# Adjust compile command to suit cl -func_cl_wrapper () -{ - # Assume a capable shell - lib_path= - shared=: - linker_opts= - for arg - do - if test -n "$eat"; then - eat= - else - case $1 in - -o) - # configure might choose to run compile as 'compile cc -o foo foo.c'. - eat=1 - case $2 in - *.o | *.[oO][bB][jJ]) - func_file_conv "$2" - set x "$@" -Fo"$file" - shift - ;; - *) - func_file_conv "$2" - set x "$@" -Fe"$file" - shift - ;; - esac - ;; - -I) - eat=1 - func_file_conv "$2" mingw - set x "$@" -I"$file" - shift - ;; - -I*) - func_file_conv "${1#-I}" mingw - set x "$@" -I"$file" - shift - ;; - -l) - eat=1 - func_cl_dashl "$2" - set x "$@" "$lib" - shift - ;; - -l*) - func_cl_dashl "${1#-l}" - set x "$@" "$lib" - shift - ;; - -L) - eat=1 - func_cl_dashL "$2" - ;; - -L*) - func_cl_dashL "${1#-L}" - ;; - -static) - shared=false - ;; - -Wl,*) - arg=${1#-Wl,} - save_ifs="$IFS"; IFS=',' - for flag in $arg; do - IFS="$save_ifs" - linker_opts="$linker_opts $flag" - done - IFS="$save_ifs" - ;; - -Xlinker) - eat=1 - linker_opts="$linker_opts $2" - ;; - -*) - set x "$@" "$1" - shift - ;; - *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) - func_file_conv "$1" - set x "$@" -Tp"$file" - shift - ;; - *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) - func_file_conv "$1" mingw - set x "$@" "$file" - shift - ;; - *) - set x "$@" "$1" - shift - ;; - esac - fi - shift - done - if test -n "$linker_opts"; then - linker_opts="-link$linker_opts" - fi - exec "$@" $linker_opts - exit 1 -} - -eat= - -case $1 in - '') - echo "$0: No command. Try '$0 --help' for more information." 1>&2 - exit 1; - ;; - -h | --h*) - cat <<\EOF -Usage: compile [--help] [--version] PROGRAM [ARGS] - -Wrapper for compilers which do not understand '-c -o'. -Remove '-o dest.o' from ARGS, run PROGRAM with the remaining -arguments, and rename the output as expected. - -If you are trying to build a whole package this is not the -right script to run: please start by reading the file 'INSTALL'. - -Report bugs to . -EOF - exit $? - ;; - -v | --v*) - echo "compile $scriptversion" - exit $? - ;; - cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) - func_cl_wrapper "$@" # Doesn't return... - ;; -esac - -ofile= -cfile= - -for arg -do - if test -n "$eat"; then - eat= - else - case $1 in - -o) - # configure might choose to run compile as 'compile cc -o foo foo.c'. - # So we strip '-o arg' only if arg is an object. - eat=1 - case $2 in - *.o | *.obj) - ofile=$2 - ;; - *) - set x "$@" -o "$2" - shift - ;; - esac - ;; - *.c) - cfile=$1 - set x "$@" "$1" - shift - ;; - *) - set x "$@" "$1" - shift - ;; - esac - fi - shift -done - -if test -z "$ofile" || test -z "$cfile"; then - # If no '-o' option was seen then we might have been invoked from a - # pattern rule where we don't need one. That is ok -- this is a - # normal compilation that the losing compiler can handle. If no - # '.c' file was seen then we are probably linking. That is also - # ok. - exec "$@" -fi - -# Name of file we expect compiler to create. -cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` - -# Create the lock directory. -# Note: use '[/\\:.-]' here to ensure that we don't use the same name -# that we are using for the .o file. Also, base the name on the expected -# object file name, since that is what matters with a parallel build. -lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d -while true; do - if mkdir "$lockdir" >/dev/null 2>&1; then - break - fi - sleep 1 -done -# FIXME: race condition here if user kills between mkdir and trap. -trap "rmdir '$lockdir'; exit 1" 1 2 15 - -# Run the compile. -"$@" -ret=$? - -if test -f "$cofile"; then - test "$cofile" = "$ofile" || mv "$cofile" "$ofile" -elif test -f "${cofile}bj"; then - test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" -fi - -rmdir "$lockdir" -exit $ret - -# Local Variables: -# mode: shell-script -# sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "scriptversion=" -# time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" -# time-stamp-end: "; # UTC" -# End: diff -Nru gnupg2-2.1.6/build-aux/config.guess gnupg2-2.0.28/build-aux/config.guess --- gnupg2-2.1.6/build-aux/config.guess 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/config.guess 1970-01-01 00:00:00.000000000 +0000 @@ -1,1421 +0,0 @@ -#! /bin/sh -# Attempt to guess a canonical system name. -# Copyright 1992-2015 Free Software Foundation, Inc. - -timestamp='2015-01-01' - -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that -# program. This Exception is an additional permission under section 7 -# of the GNU General Public License, version 3 ("GPLv3"). -# -# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. -# -# You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD -# -# Please send patches to . - - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] - -Output the configuration name of the system \`$me' is run on. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to ." - -version="\ -GNU config.guess ($timestamp) - -Originally written by Per Bothner. -Copyright 1992-2015 Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" >&2 - exit 1 ;; - * ) - break ;; - esac -done - -if test $# != 0; then - echo "$me: too many arguments$help" >&2 - exit 1 -fi - -trap 'exit 1' 1 2 15 - -# CC_FOR_BUILD -- compiler used by this script. Note that the use of a -# compiler to aid in system detection is discouraged as it requires -# temporary files to be created and, as you can see below, it is a -# headache to deal with in a portable fashion. - -# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still -# use `HOST_CC' if defined, but it is deprecated. - -# Portable tmp directory creation inspired by the Autoconf team. - -set_cc_for_build=' -trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -: ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -dummy=$tmp/dummy ; -tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; -case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; - for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then - CC_FOR_BUILD="$c"; break ; - fi ; - done ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ; set_cc_for_build= ;' - -# This is needed to find uname on a Pyramid OSx when run in the BSD universe. -# (ghazi@noc.rutgers.edu 1994-08-24) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then - PATH=$PATH:/.attbin ; export PATH -fi - -UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown -UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown -UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown - -case "${UNAME_SYSTEM}" in -Linux|GNU|GNU/*) - # If the system lacks a compiler, then just pick glibc. - # We could probably try harder. - LIBC=gnu - - eval $set_cc_for_build - cat <<-EOF > $dummy.c - #include - #if defined(__UCLIBC__) - LIBC=uclibc - #elif defined(__dietlibc__) - LIBC=dietlibc - #else - LIBC=gnu - #endif - EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` - ;; -esac - -# Note: order is significant - the case branches are not exclusive. - -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in - *:NetBSD:*:*) - # NetBSD (nbsd) targets should (where applicable) match one or - # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, - # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently - # switched to ELF, *-*-netbsd* would select the old - # object file format. This provides both forward - # compatibility and a consistent mechanism for selecting the - # object file format. - # - # Note: NetBSD doesn't particularly care about the vendor - # portion of the name. We always set it to "unknown". - sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` - case "${UNAME_MACHINE_ARCH}" in - armeb) machine=armeb-unknown ;; - arm*) machine=arm-unknown ;; - sh3el) machine=shl-unknown ;; - sh3eb) machine=sh-unknown ;; - sh5el) machine=sh5le-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; - esac - # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. - case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build - if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ELF__ - then - # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). - # Return netbsd for either. FIX? - os=netbsd - else - os=netbsdelf - fi - ;; - *) - os=netbsd - ;; - esac - # The OS release - # Debian GNU/NetBSD machines have a different userland, and - # thus, need a distinct triplet. However, they do not need - # kernel version information, so it can be replaced with a - # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in - Debian*) - release='-gnu' - ;; - *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` - ;; - esac - # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: - # contains redundant information, the shorter form: - # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" - exit ;; - *:Bitrig:*:*) - UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} - exit ;; - *:OpenBSD:*:*) - UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} - exit ;; - *:ekkoBSD:*:*) - echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} - exit ;; - *:SolidBSD:*:*) - echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} - exit ;; - macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd${UNAME_RELEASE} - exit ;; - *:MirBSD:*:*) - echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} - exit ;; - alpha:OSF1:*:*) - case $UNAME_RELEASE in - *4.0) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` - ;; - *5.*) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` - ;; - esac - # According to Compaq, /usr/sbin/psrinfo has been available on - # OSF/1 and Tru64 systems produced since 1995. I hope that - # covers most systems running today. This code pipes the CPU - # types through head -n 1, so we only detect the type of CPU 0. - ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` - case "$ALPHA_CPU_TYPE" in - "EV4 (21064)") - UNAME_MACHINE="alpha" ;; - "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; - "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; - "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; - "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; - "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; - "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; - "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; - "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; - "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; - "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; - "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; - "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; - "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; - "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; - esac - # A Pn.n version is a patched version. - # A Vn.n version is a released version. - # A Tn.n version is a released field test version. - # A Xn.n version is an unreleased experimental baselevel. - # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - # Reset EXIT trap before exiting to avoid spurious non-zero exit code. - exitcode=$? - trap '' 0 - exit $exitcode ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix - exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit ;; - Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 - exit ;; - *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos - exit ;; - *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos - exit ;; - *:OS/390:*:*) - echo i370-ibm-openedition - exit ;; - *:z/VM:*:*) - echo s390-ibm-zvmoe - exit ;; - *:OS400:*:*) - echo powerpc-ibm-os400 - exit ;; - arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} - exit ;; - arm*:riscos:*:*|arm*:RISCOS:*:*) - echo arm-unknown-riscos - exit ;; - SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp - exit ;; - Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) - # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit ;; - NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit ;; - DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 - exit ;; - DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) - case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7; exit ;; - esac ;; - s390x:SunOS:*:*) - echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux${UNAME_RELEASE} - exit ;; - i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval $set_cc_for_build - SUN_ARCH="i386" - # If there is a compiler, see if it is configured for 64-bit objects. - # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. - # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - SUN_ARCH="x86_64" - fi - fi - echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:6*:*) - # According to config.sub, this is the proper way to canonicalize - # SunOS6. Hard to guess exactly what SunOS6 will be like, but - # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in - Series*|S4*) - UNAME_RELEASE=`uname -v` - ;; - esac - # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit ;; - sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} - exit ;; - sun*:*:4.2BSD:*) - UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 - case "`/bin/arch`" in - sun3) - echo m68k-sun-sunos${UNAME_RELEASE} - ;; - sun4) - echo sparc-sun-sunos${UNAME_RELEASE} - ;; - esac - exit ;; - aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} - exit ;; - # The situation for MiNT is a little confusing. The machine name - # can be virtually everything (everything which is not - # "atarist" or "atariste" at least should have a processor - # > m68000). The system name ranges from "MiNT" over "FreeMiNT" - # to the lowercase version "mint" (or "freemint"). Finally - # the system name "TOS" denotes a system which is actually not - # MiNT. But MiNT is downward compatible to TOS, so this should - # be no problem. - atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit ;; - hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit ;; - *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit ;; - m68k:machten:*:*) - echo m68k-apple-machten${UNAME_RELEASE} - exit ;; - powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} - exit ;; - RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit ;; - RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} - exit ;; - VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} - exit ;; - 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} - exit ;; - mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -#ifdef __cplusplus -#include /* for printf() prototype */ - int main (int argc, char *argv[]) { -#else - int main (argc, argv) int argc; char *argv[]; { -#endif - #if defined (host_mips) && defined (MIPSEB) - #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); - #endif - #endif - exit (-1); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && - dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && - SYSTEM_NAME=`$dummy $dummyarg` && - { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} - exit ;; - Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax - exit ;; - Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax - exit ;; - Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax - exit ;; - Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit ;; - m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit ;; - m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit ;; - m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit ;; - AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] - then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] - then - echo m88k-dg-dgux${UNAME_RELEASE} - else - echo m88k-dg-dguxbcs${UNAME_RELEASE} - fi - else - echo i586-dg-dgux${UNAME_RELEASE} - fi - exit ;; - M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit ;; - M88*:*:R3*:*) - # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit ;; - XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit ;; - Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit ;; - *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit ;; - ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i*86:AIX:*:*) - echo i386-ibm-aix - exit ;; - ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} - exit ;; - *:AIX:2:3) - if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - - main() - { - if (!__power_pc()) - exit(1); - puts("powerpc-ibm-aix3.2.5"); - exit(0); - } -EOF - if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` - then - echo "$SYSTEM_NAME" - else - echo rs6000-ibm-aix3.2.5 - fi - elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 - else - echo rs6000-ibm-aix3.2 - fi - exit ;; - *:AIX:*:[4567]) - IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then - IBM_ARCH=rs6000 - else - IBM_ARCH=powerpc - fi - if [ -x /usr/bin/lslpp ] ; then - IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | - awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit ;; - *:AIX:*:*) - echo rs6000-ibm-aix - exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) - echo romp-ibm-bsd4.4 - exit ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit ;; # report: romp-ibm BSD 4.3 - *:BOSX:*:*) - echo rs6000-bull-bosx - exit ;; - DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit ;; - 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit ;; - hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit ;; - 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; - 9000/[678][0-9][0-9]) - if [ -x /usr/bin/getconf ]; then - sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 - esac ;; - esac - fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - - #define _HPUX_SOURCE - #include - #include - - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); - - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } -EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` - test -z "$HP_ARCH" && HP_ARCH=hppa - fi ;; - esac - if [ ${HP_ARCH} = "hppa2.0w" ] - then - eval $set_cc_for_build - - # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating - # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler - # generating 64-bit code. GNU and HP use different nomenclature: - # - # $ CC_FOR_BUILD=cc ./config.guess - # => hppa2.0w-hp-hpux11.23 - # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess - # => hppa64-hp-hpux11.23 - - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep -q __LP64__ - then - HP_ARCH="hppa2.0w" - else - HP_ARCH="hppa64" - fi - fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit ;; - ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} - exit ;; - 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - int - main () - { - long cpu = sysconf (_SC_CPU_VERSION); - /* The order matters, because CPU_IS_HP_MC68K erroneously returns - true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct - results, however. */ - if (CPU_IS_PA_RISC (cpu)) - { - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; - case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; - default: puts ("hppa-hitachi-hiuxwe2"); break; - } - } - else if (CPU_IS_HP_MC68K (cpu)) - puts ("m68k-hitachi-hiuxwe2"); - else puts ("unknown-hitachi-hiuxwe2"); - exit (0); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 - exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) - echo hppa1.1-hp-bsd - exit ;; - 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit ;; - *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix - exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) - echo hppa1.1-hp-osf - exit ;; - hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit ;; - i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk - else - echo ${UNAME_MACHINE}-unknown-osf1 - fi - exit ;; - parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit ;; - C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit ;; - C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit ;; - C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit ;; - C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit ;; - CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ - | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ - -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; - 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; - i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit ;; - sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} - exit ;; - *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} - exit ;; - *:FreeBSD:*:*) - UNAME_PROCESSOR=`/usr/bin/uname -p` - case ${UNAME_PROCESSOR} in - amd64) - echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - *) - echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - esac - exit ;; - i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin - exit ;; - *:MINGW64*:*) - echo ${UNAME_MACHINE}-pc-mingw64 - exit ;; - *:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit ;; - *:MSYS*:*) - echo ${UNAME_MACHINE}-pc-msys - exit ;; - i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 - exit ;; - i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 - exit ;; - *:Interix*:*) - case ${UNAME_MACHINE} in - x86) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; - IA64) - echo ia64-unknown-interix${UNAME_RELEASE} - exit ;; - esac ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks - exit ;; - 8664:Windows_NT:*) - echo x86_64-pc-mks - exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix - exit ;; - i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin - exit ;; - amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-unknown-cygwin - exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin - exit ;; - prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - *:GNU:*:*) - # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit ;; - *:GNU/*:*:*) - # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} - exit ;; - i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix - exit ;; - aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - aarch64_be:Linux:*:*) - UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - arc:Linux:*:* | arceb:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - arm*:Linux:*:*) - eval $set_cc_for_build - if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ARM_EABI__ - then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - else - if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ARM_PCS_VFP - then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi - else - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf - fi - fi - exit ;; - avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} - exit ;; - crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} - exit ;; - frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - i*86:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} - exit ;; - ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - mips:Linux:*:* | mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef ${UNAME_MACHINE} - #undef ${UNAME_MACHINE}el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=${UNAME_MACHINE}el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=${UNAME_MACHINE} - #else - CPU= - #endif - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } - ;; - openrisc*:Linux:*:*) - echo or1k-unknown-linux-${LIBC} - exit ;; - or32:Linux:*:* | or1k*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - padre:Linux:*:*) - echo sparc-unknown-linux-${LIBC} - exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-${LIBC} - exit ;; - parisc:Linux:*:* | hppa:Linux:*:*) - # Look for CPU level - case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; - PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; - *) echo hppa-unknown-linux-${LIBC} ;; - esac - exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-${LIBC} - exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-${LIBC} - exit ;; - ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-${LIBC} - exit ;; - ppcle:Linux:*:*) - echo powerpcle-unknown-linux-${LIBC} - exit ;; - s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux-${LIBC} - exit ;; - sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-${LIBC} - exit ;; - x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - i*86:DYNIX/ptx:4*:*) - # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. - # earlier versions are messed up and put the nodename in both - # sysname and nodename. - echo i386-sequent-sysv4 - exit ;; - i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, - # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} - exit ;; - i*86:OS/2:*:*) - # If we were able to find `uname', then EMX Unix compatibility - # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx - exit ;; - i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop - exit ;; - i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos - exit ;; - i*86:syllable:*:*) - echo ${UNAME_MACHINE}-pc-syllable - exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} - exit ;; - i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp - exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` - if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} - else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} - fi - exit ;; - i*86:*:5:[678]*) - # UnixWare 7.x, OpenUNIX and OpenServer 6. - case `/bin/uname -X | grep "^Machine"` in - *486*) UNAME_MACHINE=i486 ;; - *Pentium) UNAME_MACHINE=i586 ;; - *Pent*|*Celeron) UNAME_MACHINE=i686 ;; - esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} - exit ;; - i*86:*:3.2:*) - if test -f /usr/options/cb.name; then - UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then - UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` - (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 - (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ - && UNAME_MACHINE=i586 - (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ - && UNAME_MACHINE=i686 - (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ - && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL - else - echo ${UNAME_MACHINE}-pc-sysv32 - fi - exit ;; - pc:*:*:*) - # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i586. - # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that - # this is a cross-build. - echo i586-pc-msdosdjgpp - exit ;; - Intel:Mach:3*:*) - echo i386-pc-mach3 - exit ;; - paragon:*:*:*) - echo i860-intel-osf1 - exit ;; - i860:*:4.*:*) # i860-SVR4 - if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 - else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 - fi - exit ;; - mini*:CTIX:SYS*5:*) - # "miniframe" - echo m68010-convergent-sysv - exit ;; - mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv - exit ;; - M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix - exit ;; - M68*:*:R3V[5678]*:*) - test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; - 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) - OS_REL='' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4; exit; } ;; - NCR*:*:4.2:* | MPRAS*:*:4.2:*) - OS_REL='.3' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} - exit ;; - mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit ;; - TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} - exit ;; - rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} - exit ;; - SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} - exit ;; - RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 - exit ;; - RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit ;; - *:SINIX-*:*:*) - if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 - else - echo ns32k-sni-sysv - fi - exit ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit ;; - *:UNIX_System_V:4*:FTX*) - # From Gerald Hewes . - # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit ;; - *:*:*:FTX*) - # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit ;; - i*86:VOS:*:*) - # From Paul.Green@stratus.com. - echo ${UNAME_MACHINE}-stratus-vos - exit ;; - *:VOS:*:*) - # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos - exit ;; - mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} - exit ;; - news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 - exit ;; - R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} - else - echo mips-unknown-sysv${UNAME_RELEASE} - fi - exit ;; - BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos - exit ;; - BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos - exit ;; - BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos - exit ;; - BePC:Haiku:*:*) # Haiku running on Intel PC compatible. - echo i586-pc-haiku - exit ;; - x86_64:Haiku:*:*) - echo x86_64-unknown-haiku - exit ;; - SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} - exit ;; - SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} - exit ;; - SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} - exit ;; - SX-7:SUPER-UX:*:*) - echo sx7-nec-superux${UNAME_RELEASE} - exit ;; - SX-8:SUPER-UX:*:*) - echo sx8-nec-superux${UNAME_RELEASE} - exit ;; - SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux${UNAME_RELEASE} - exit ;; - Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} - exit ;; - *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} - exit ;; - *:Darwin:*:*) - UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval $set_cc_for_build - if test "$UNAME_PROCESSOR" = unknown ; then - UNAME_PROCESSOR=powerpc - fi - if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac - fi - fi - elif test "$UNAME_PROCESSOR" = i386 ; then - # Avoid executing cc on OS X 10.9, as it ships with a stub - # that puts up a graphical alert prompting to install - # developer tools. Any system running Mac OS X 10.7 or - # later (Darwin 11 and later) is required to have a 64-bit - # processor. This is not true of the ARM version of Darwin - # that Apple uses in portable devices. - UNAME_PROCESSOR=x86_64 - fi - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} - exit ;; - *:procnto*:*:* | *:QNX:[0123456789]*:*) - UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then - UNAME_PROCESSOR=i386 - UNAME_MACHINE=pc - fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} - exit ;; - *:QNX:*:4*) - echo i386-pc-qnx - exit ;; - NEO-?:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk${UNAME_RELEASE} - exit ;; - NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk${UNAME_RELEASE} - exit ;; - NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} - exit ;; - *:NonStop-UX:*:*) - echo mips-compaq-nonstopux - exit ;; - BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv - exit ;; - DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} - exit ;; - *:Plan9:*:*) - # "uname -m" is not consistent, so use $cputype instead. 386 - # is converted to i386 for consistency with other x86 - # operating systems. - if test "$cputype" = "386"; then - UNAME_MACHINE=i386 - else - UNAME_MACHINE="$cputype" - fi - echo ${UNAME_MACHINE}-unknown-plan9 - exit ;; - *:TOPS-10:*:*) - echo pdp10-unknown-tops10 - exit ;; - *:TENEX:*:*) - echo pdp10-unknown-tenex - exit ;; - KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 - exit ;; - XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 - exit ;; - *:TOPS-20:*:*) - echo pdp10-unknown-tops20 - exit ;; - *:ITS:*:*) - echo pdp10-unknown-its - exit ;; - SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} - exit ;; - *:DragonFly:*:*) - echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` - exit ;; - *:*VMS:*:*) - UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "${UNAME_MACHINE}" in - A*) echo alpha-dec-vms ; exit ;; - I*) echo ia64-dec-vms ; exit ;; - V*) echo vax-dec-vms ; exit ;; - esac ;; - *:XENIX:*:SysV) - echo i386-pc-xenix - exit ;; - i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' - exit ;; - i*86:rdos:*:*) - echo ${UNAME_MACHINE}-pc-rdos - exit ;; - i*86:AROS:*:*) - echo ${UNAME_MACHINE}-pc-aros - exit ;; - x86_64:VMkernel:*:*) - echo ${UNAME_MACHINE}-unknown-esx - exit ;; -esac - -cat >&2 < in order to provide the needed -information to handle your system. - -config.guess timestamp = $timestamp - -uname -m = `(uname -m) 2>/dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null` - -hostinfo = `(hostinfo) 2>/dev/null` -/bin/universe = `(/bin/universe) 2>/dev/null` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` -/bin/arch = `(/bin/arch) 2>/dev/null` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` - -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} -EOF - -exit 1 - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff -Nru gnupg2-2.1.6/build-aux/config.rpath gnupg2-2.0.28/build-aux/config.rpath --- gnupg2-2.1.6/build-aux/config.rpath 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/config.rpath 1970-01-01 00:00:00.000000000 +0000 @@ -1,690 +0,0 @@ -#! /bin/sh -# Output a system dependent set of variables, describing how to set the -# run time search path of shared libraries in an executable. -# -# Copyright 1996-2013 Free Software Foundation, Inc. -# Taken from GNU libtool, 2001 -# Originally by Gordon Matzigkeit , 1996 -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. -# -# The first argument passed to this file is the canonical host specification, -# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM -# or -# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM -# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld -# should be set by the caller. -# -# The set of defined variables is at the end of this script. - -# Known limitations: -# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer -# than 256 bytes, otherwise the compiler driver will dump core. The only -# known workaround is to choose shorter directory names for the build -# directory and/or the installation directory. - -# All known linkers require a '.a' archive for static linking (except MSVC, -# which needs '.lib'). -libext=a -shrext=.so - -host="$1" -host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` -host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` -host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` - -# Code taken from libtool.m4's _LT_CC_BASENAME. - -for cc_temp in $CC""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'` - -# Code taken from libtool.m4's _LT_COMPILER_PIC. - -wl= -if test "$GCC" = yes; then - wl='-Wl,' -else - case "$host_os" in - aix*) - wl='-Wl,' - ;; - mingw* | cygwin* | pw32* | os2* | cegcc*) - ;; - hpux9* | hpux10* | hpux11*) - wl='-Wl,' - ;; - irix5* | irix6* | nonstopux*) - wl='-Wl,' - ;; - linux* | k*bsd*-gnu | kopensolaris*-gnu) - case $cc_basename in - ecc*) - wl='-Wl,' - ;; - icc* | ifort*) - wl='-Wl,' - ;; - lf95*) - wl='-Wl,' - ;; - nagfor*) - wl='-Wl,-Wl,,' - ;; - pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) - wl='-Wl,' - ;; - ccc*) - wl='-Wl,' - ;; - xl* | bgxl* | bgf* | mpixl*) - wl='-Wl,' - ;; - como) - wl='-lopt=' - ;; - *) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ F* | *Sun*Fortran*) - wl= - ;; - *Sun\ C*) - wl='-Wl,' - ;; - esac - ;; - esac - ;; - newsos6) - ;; - *nto* | *qnx*) - ;; - osf3* | osf4* | osf5*) - wl='-Wl,' - ;; - rdos*) - ;; - solaris*) - case $cc_basename in - f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) - wl='-Qoption ld ' - ;; - *) - wl='-Wl,' - ;; - esac - ;; - sunos4*) - wl='-Qoption ld ' - ;; - sysv4 | sysv4.2uw2* | sysv4.3*) - wl='-Wl,' - ;; - sysv4*MP*) - ;; - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - wl='-Wl,' - ;; - unicos*) - wl='-Wl,' - ;; - uts4*) - ;; - esac -fi - -# Code taken from libtool.m4's _LT_LINKER_SHLIBS. - -hardcode_libdir_flag_spec= -hardcode_libdir_separator= -hardcode_direct=no -hardcode_minus_L=no - -case "$host_os" in - cygwin* | mingw* | pw32* | cegcc*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - if test "$GCC" != yes; then - with_gnu_ld=no - fi - ;; - interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) - with_gnu_ld=yes - ;; - openbsd*) - with_gnu_ld=no - ;; -esac - -ld_shlibs=yes -if test "$with_gnu_ld" = yes; then - # Set some defaults for GNU ld with shared library support. These - # are reset later if shared libraries are not supported. Putting them - # here allows them to be overridden if necessary. - # Unlike libtool, we use -rpath here, not --rpath, since the documented - # option of GNU ld is called -rpath, not --rpath. - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' - case "$host_os" in - aix[3-9]*) - # On AIX/PPC, the GNU linker is very broken - if test "$host_cpu" != ia64; then - ld_shlibs=no - fi - ;; - amigaos*) - case "$host_cpu" in - powerpc) - ;; - m68k) - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - ;; - esac - ;; - beos*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - : - else - ld_shlibs=no - fi - ;; - cygwin* | mingw* | pw32* | cegcc*) - # hardcode_libdir_flag_spec is actually meaningless, as there is - # no search path for DLLs. - hardcode_libdir_flag_spec='-L$libdir' - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - : - else - ld_shlibs=no - fi - ;; - haiku*) - ;; - interix[3-9]*) - hardcode_direct=no - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - ;; - gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - : - else - ld_shlibs=no - fi - ;; - netbsd*) - ;; - solaris*) - if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then - ld_shlibs=no - elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - : - else - ld_shlibs=no - fi - ;; - sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) - case `$LD -v 2>&1` in - *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) - ld_shlibs=no - ;; - *) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' - else - ld_shlibs=no - fi - ;; - esac - ;; - sunos4*) - hardcode_direct=yes - ;; - *) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - : - else - ld_shlibs=no - fi - ;; - esac - if test "$ld_shlibs" = no; then - hardcode_libdir_flag_spec= - fi -else - case "$host_os" in - aix3*) - # Note: this linker hardcodes the directories in LIBPATH if there - # are no directories specified by -L. - hardcode_minus_L=yes - if test "$GCC" = yes; then - # Neither direct hardcoding nor static linking is supported with a - # broken collect2. - hardcode_direct=unsupported - fi - ;; - aix[4-9]*) - if test "$host_cpu" = ia64; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - else - aix_use_runtimelinking=no - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. - case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) - for ld_flag in $LDFLAGS; do - if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then - aix_use_runtimelinking=yes - break - fi - done - ;; - esac - fi - hardcode_direct=yes - hardcode_libdir_separator=':' - if test "$GCC" = yes; then - case $host_os in aix4.[012]|aix4.[012].*) - collect2name=`${CC} -print-prog-name=collect2` - if test -f "$collect2name" && \ - strings "$collect2name" | grep resolve_lib_name >/dev/null - then - # We have reworked collect2 - : - else - # We have old collect2 - hardcode_direct=unsupported - hardcode_minus_L=yes - hardcode_libdir_flag_spec='-L$libdir' - hardcode_libdir_separator= - fi - ;; - esac - fi - # Begin _LT_AC_SYS_LIBPATH_AIX. - echo 'int main () { return 0; }' > conftest.c - ${CC} ${LDFLAGS} conftest.c -o conftest - aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` - if test -z "$aix_libpath"; then - aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` - fi - if test -z "$aix_libpath"; then - aix_libpath="/usr/lib:/lib" - fi - rm -f conftest.c conftest - # End _LT_AC_SYS_LIBPATH_AIX. - if test "$aix_use_runtimelinking" = yes; then - hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" - else - if test "$host_cpu" = ia64; then - hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' - else - hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" - fi - fi - ;; - amigaos*) - case "$host_cpu" in - powerpc) - ;; - m68k) - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - ;; - esac - ;; - bsdi[45]*) - ;; - cygwin* | mingw* | pw32* | cegcc*) - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - # hardcode_libdir_flag_spec is actually meaningless, as there is - # no search path for DLLs. - hardcode_libdir_flag_spec=' ' - libext=lib - ;; - darwin* | rhapsody*) - hardcode_direct=no - if { case $cc_basename in ifort*) true;; *) test "$GCC" = yes;; esac; }; then - : - else - ld_shlibs=no - fi - ;; - dgux*) - hardcode_libdir_flag_spec='-L$libdir' - ;; - freebsd2.2*) - hardcode_libdir_flag_spec='-R$libdir' - hardcode_direct=yes - ;; - freebsd2*) - hardcode_direct=yes - hardcode_minus_L=yes - ;; - freebsd* | dragonfly*) - hardcode_libdir_flag_spec='-R$libdir' - hardcode_direct=yes - ;; - hpux9*) - hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' - hardcode_libdir_separator=: - hardcode_direct=yes - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L=yes - ;; - hpux10*) - if test "$with_gnu_ld" = no; then - hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' - hardcode_libdir_separator=: - hardcode_direct=yes - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L=yes - fi - ;; - hpux11*) - if test "$with_gnu_ld" = no; then - hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' - hardcode_libdir_separator=: - case $host_cpu in - hppa*64*|ia64*) - hardcode_direct=no - ;; - *) - hardcode_direct=yes - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L=yes - ;; - esac - fi - ;; - irix5* | irix6* | nonstopux*) - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator=: - ;; - netbsd*) - hardcode_libdir_flag_spec='-R$libdir' - hardcode_direct=yes - ;; - newsos6) - hardcode_direct=yes - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator=: - ;; - *nto* | *qnx*) - ;; - openbsd*) - if test -f /usr/libexec/ld.so; then - hardcode_direct=yes - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - else - case "$host_os" in - openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) - hardcode_libdir_flag_spec='-R$libdir' - ;; - *) - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - ;; - esac - fi - else - ld_shlibs=no - fi - ;; - os2*) - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - ;; - osf3*) - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator=: - ;; - osf4* | osf5*) - if test "$GCC" = yes; then - hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' - else - # Both cc and cxx compiler support -rpath directly - hardcode_libdir_flag_spec='-rpath $libdir' - fi - hardcode_libdir_separator=: - ;; - solaris*) - hardcode_libdir_flag_spec='-R$libdir' - ;; - sunos4*) - hardcode_libdir_flag_spec='-L$libdir' - hardcode_direct=yes - hardcode_minus_L=yes - ;; - sysv4) - case $host_vendor in - sni) - hardcode_direct=yes # is this really true??? - ;; - siemens) - hardcode_direct=no - ;; - motorola) - hardcode_direct=no #Motorola manual says yes, but my tests say they lie - ;; - esac - ;; - sysv4.3*) - ;; - sysv4*MP*) - if test -d /usr/nec; then - ld_shlibs=yes - fi - ;; - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) - ;; - sysv5* | sco3.2v5* | sco5v6*) - hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' - hardcode_libdir_separator=':' - ;; - uts4*) - hardcode_libdir_flag_spec='-L$libdir' - ;; - *) - ld_shlibs=no - ;; - esac -fi - -# Check dynamic linker characteristics -# Code taken from libtool.m4's _LT_SYS_DYNAMIC_LINKER. -# Unlike libtool.m4, here we don't care about _all_ names of the library, but -# only about the one the linker finds when passed -lNAME. This is the last -# element of library_names_spec in libtool.m4, or possibly two of them if the -# linker has special search rules. -library_names_spec= # the last element of library_names_spec in libtool.m4 -libname_spec='lib$name' -case "$host_os" in - aix3*) - library_names_spec='$libname.a' - ;; - aix[4-9]*) - library_names_spec='$libname$shrext' - ;; - amigaos*) - case "$host_cpu" in - powerpc*) - library_names_spec='$libname$shrext' ;; - m68k) - library_names_spec='$libname.a' ;; - esac - ;; - beos*) - library_names_spec='$libname$shrext' - ;; - bsdi[45]*) - library_names_spec='$libname$shrext' - ;; - cygwin* | mingw* | pw32* | cegcc*) - shrext=.dll - library_names_spec='$libname.dll.a $libname.lib' - ;; - darwin* | rhapsody*) - shrext=.dylib - library_names_spec='$libname$shrext' - ;; - dgux*) - library_names_spec='$libname$shrext' - ;; - freebsd* | dragonfly*) - case "$host_os" in - freebsd[123]*) - library_names_spec='$libname$shrext$versuffix' ;; - *) - library_names_spec='$libname$shrext' ;; - esac - ;; - gnu*) - library_names_spec='$libname$shrext' - ;; - haiku*) - library_names_spec='$libname$shrext' - ;; - hpux9* | hpux10* | hpux11*) - case $host_cpu in - ia64*) - shrext=.so - ;; - hppa*64*) - shrext=.sl - ;; - *) - shrext=.sl - ;; - esac - library_names_spec='$libname$shrext' - ;; - interix[3-9]*) - library_names_spec='$libname$shrext' - ;; - irix5* | irix6* | nonstopux*) - library_names_spec='$libname$shrext' - case "$host_os" in - irix5* | nonstopux*) - libsuff= shlibsuff= - ;; - *) - case $LD in - *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;; - *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;; - *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;; - *) libsuff= shlibsuff= ;; - esac - ;; - esac - ;; - linux*oldld* | linux*aout* | linux*coff*) - ;; - linux* | k*bsd*-gnu | kopensolaris*-gnu) - library_names_spec='$libname$shrext' - ;; - knetbsd*-gnu) - library_names_spec='$libname$shrext' - ;; - netbsd*) - library_names_spec='$libname$shrext' - ;; - newsos6) - library_names_spec='$libname$shrext' - ;; - *nto* | *qnx*) - library_names_spec='$libname$shrext' - ;; - openbsd*) - library_names_spec='$libname$shrext$versuffix' - ;; - os2*) - libname_spec='$name' - shrext=.dll - library_names_spec='$libname.a' - ;; - osf3* | osf4* | osf5*) - library_names_spec='$libname$shrext' - ;; - rdos*) - ;; - solaris*) - library_names_spec='$libname$shrext' - ;; - sunos4*) - library_names_spec='$libname$shrext$versuffix' - ;; - sysv4 | sysv4.3*) - library_names_spec='$libname$shrext' - ;; - sysv4*MP*) - library_names_spec='$libname$shrext' - ;; - sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - library_names_spec='$libname$shrext' - ;; - tpf*) - library_names_spec='$libname$shrext' - ;; - uts4*) - library_names_spec='$libname$shrext' - ;; -esac - -sed_quote_subst='s/\(["`$\\]\)/\\\1/g' -escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"` -shlibext=`echo "$shrext" | sed -e 's,^\.,,'` -escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` -escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` -escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` - -LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that -# program. This Exception is an additional permission under section 7 -# of the GNU General Public License, version 3 ("GPLv3"). - - -# Please send patches to . -# -# Configuration subroutine to validate and canonicalize a configuration type. -# Supply the specified configuration type as an argument. -# If it is invalid, we print an error message on stderr and exit with code 1. -# Otherwise, we print the canonical config type on stdout and succeed. - -# You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD - -# This file is supposed to be the same for all GNU packages -# and recognize all the CPU types, system types and aliases -# that are meaningful with *any* GNU software. -# Each package is responsible for reporting which valid configurations -# it does not support. The user should be able to distinguish -# a failure to support a valid configuration from a meaningless -# configuration. - -# The goal of this file is to map all the various variations of a given -# machine specification into a single specification in the form: -# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM -# or in some cases, the newer four-part form: -# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM -# It is wrong to echo any other type of specification. - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS - -Canonicalize a configuration name. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to ." - -version="\ -GNU config.sub ($timestamp) - -Copyright 1992-2015 Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" - exit 1 ;; - - *local*) - # First pass through any local machine types. - echo $1 - exit ;; - - * ) - break ;; - esac -done - -case $# in - 0) echo "$me: missing argument$help" >&2 - exit 1;; - 1) ;; - *) echo "$me: too many arguments$help" >&2 - exit 1;; -esac - -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ - kopensolaris*-gnu* | \ - storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - android-linux) - os=-linux-android - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown - ;; - *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` - else os=; fi - ;; -esac - -### Let's recognize common machines as not being operating systems so -### that things like config.sub decstation-3100 work. We also -### recognize some manufacturers as not being operating systems, so we -### can provide default operating systems below. -case $os in - -sun*os*) - # Prevent following clause from handling this invalid input. - ;; - -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ - -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ - -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze*) - os= - basic_machine=$1 - ;; - -bluegene*) - os=-cnk - ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 - ;; - -scout) - ;; - -wrs) - os=-vxworks - basic_machine=$1 - ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; - -hiux*) - os=-hiuxwe2 - ;; - -sco6) - os=-sco5v6 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco4) - os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2v[4-9]*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5v6*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -isc) - os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -clix*) - basic_machine=clipper-intergraph - ;; - -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -lynx*178) - os=-lynxos178 - ;; - -lynx*5) - os=-lynxos5 - ;; - -lynx*) - os=-lynxos - ;; - -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` - ;; - -psos*) - os=-psos - ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; -esac - -# Decode aliases for certain CPU-COMPANY combinations. -case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | aarch64 | aarch64_be \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arceb \ - | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ - | avr | avr32 \ - | be32 | be64 \ - | bfin \ - | c4x | c8051 | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv | ft32 \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | hexagon \ - | i370 | i860 | i960 | ia64 \ - | ip2k | iq2000 \ - | k1om \ - | le32 | le64 \ - | lm32 \ - | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64octeon | mips64octeonel \ - | mips64orion | mips64orionel \ - | mips64r5900 | mips64r5900el \ - | mips64vr | mips64vrel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa32r6 | mipsisa32r6el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64r6 | mipsisa64r6el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipsr5900 | mipsr5900el \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | moxie \ - | mt \ - | msp430 \ - | nds32 | nds32le | nds32be \ - | nios | nios2 | nios2eb | nios2el \ - | ns16k | ns32k \ - | open8 | or1k | or1knd | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle \ - | pyramid \ - | riscv32 | riscv64 \ - | rl78 | rx \ - | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu \ - | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ - | ubicom32 \ - | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ - | visium \ - | we32k \ - | x86 | xc16x | xstormy16 | xtensa \ - | z8k | z80) - basic_machine=$basic_machine-unknown - ;; - c54x) - basic_machine=tic54x-unknown - ;; - c55x) - basic_machine=tic55x-unknown - ;; - c6x) - basic_machine=tic6x-unknown - ;; - leon|leon[3-9]) - basic_machine=sparc-$basic_machine - ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) - basic_machine=$basic_machine-unknown - os=-none - ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) - ;; - ms1) - basic_machine=mt-unknown - ;; - - strongarm | thumb | xscale) - basic_machine=arm-unknown - ;; - xgate) - basic_machine=$basic_machine-unknown - os=-none - ;; - xscaleeb) - basic_machine=armeb-unknown - ;; - - xscaleel) - basic_machine=armel-unknown - ;; - - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | aarch64-* | aarch64_be-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* | avr32-* \ - | be32-* | be64-* \ - | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | c8051-* | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ - | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | hexagon-* \ - | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* | iq2000-* \ - | k1om-* \ - | le32-* | le64-* \ - | lm32-* \ - | m32c-* | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ - | microblaze-* | microblazeel-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64octeon-* | mips64octeonel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64r5900-* | mips64r5900el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa32r6-* | mipsisa32r6el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64r6-* | mipsisa64r6el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipsr5900-* | mipsr5900el-* \ - | mipstx39-* | mipstx39el-* \ - | mmix-* \ - | mt-* \ - | msp430-* \ - | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* | nios2eb-* | nios2el-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | open8-* \ - | or1k*-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ - | pyramid-* \ - | rl78-* | romp-* | rs6000-* | rx-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ - | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ - | tahoe-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile*-* \ - | tron-* \ - | ubicom32-* \ - | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ - | vax-* \ - | visium-* \ - | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* \ - | xstormy16-* | xtensa*-* \ - | ymp-* \ - | z8k-* | z80-*) - ;; - # Recognize the basic CPU types without company name, with glob match. - xtensa*) - basic_machine=$basic_machine-unknown - ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-unknown - os=-bsd - ;; - 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att - ;; - 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - abacus) - basic_machine=abacus-unknown - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aros) - basic_machine=i386-pc - os=-aros - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - blackfin) - basic_machine=bfin-unknown - os=-linux - ;; - blackfin-*) - basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - bluegene*) - basic_machine=powerpc-ibm - os=-cnk - ;; - c54x-*) - basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c55x-*) - basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c6x-*) - basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - cegcc) - basic_machine=arm-unknown - os=-cegcc - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - craynv) - basic_machine=craynv-cray - os=-unicosmp - ;; - cr16 | cr16-*) - basic_machine=cr16-unknown - os=-elf - ;; - crds | unos) - basic_machine=m68k-crds - ;; - crisv32 | crisv32-* | etraxfs*) - basic_machine=crisv32-axis - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec - ;; - decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 - ;; - decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 - ;; - delta | 3300 | motorola-3300 | motorola-delta \ - | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - dicos) - basic_machine=i686-pc - os=-dicos - ;; - djgpp) - basic_machine=i586-pc - os=-msdosdjgpp - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx - ;; - dpx2* | dpx2*-bull) - basic_machine=m68k-bull - os=-sysv3 - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd - ;; - encore | umax | mmax) - basic_machine=ns32k-encore - ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose - ;; - fx2800) - basic_machine=i860-alliant - ;; - genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 - ;; - h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux - ;; - hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp - ;; - hp9k3[2-9][0-9]) - basic_machine=m68k-hp - ;; - hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp - ;; - hp9k78[0-9] | hp78[0-9]) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppa-next) - os=-nextstep3 - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm - ;; - i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv32 - ;; - i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv4 - ;; - i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv - ;; - i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-solaris2 - ;; - i386mach) - basic_machine=i386-mach - os=-mach - ;; - i386-vsta | vsta) - basic_machine=i386-unknown - os=-vsta - ;; - iris | iris4d) - basic_machine=mips-sgi - case $os in - -irix*) - ;; - *) - os=-irix4 - ;; - esac - ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - leon-*|leon[3-9]-*) - basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` - ;; - m68knommu) - basic_machine=m68k-unknown - os=-linux - ;; - m68knommu-*) - basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - m88k-omron*) - basic_machine=m88k-omron - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - microblaze*) - basic_machine=microblaze-xilinx - ;; - mingw64) - basic_machine=x86_64-pc - os=-mingw64 - ;; - mingw32) - basic_machine=i686-pc - os=-mingw32 - ;; - mingw32ce) - basic_machine=arm-unknown - os=-mingw32ce - ;; - miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` - ;; - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - moxiebox) - basic_machine=moxie-unknown - os=-moxiebox - ;; - msdos) - basic_machine=i386-pc - os=-msdos - ;; - ms1-*) - basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` - ;; - msys) - basic_machine=i686-pc - os=-msys - ;; - mvs) - basic_machine=i370-ibm - os=-mvs - ;; - nacl) - basic_machine=le32-unknown - os=-nacl - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos - ;; - news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv - ;; - next | m*-next ) - basic_machine=m68k-next - case $os in - -nextstep* ) - ;; - -ns2*) - os=-nextstep2 - ;; - *) - os=-nextstep3 - ;; - esac - ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; - np1) - basic_machine=np1-gould - ;; - neo-tandem) - basic_machine=neo-tandem - ;; - nse-tandem) - basic_machine=nse-tandem - ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; - op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - openrisc | openrisc-*) - basic_machine=or32-unknown - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k - ;; - pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - parisc) - basic_machine=hppa-unknown - os=-linux - ;; - parisc-*) - basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - pbd) - basic_machine=sparc-tti - ;; - pbb) - basic_machine=m68k-tti - ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; - pc98) - basic_machine=i386-pc - ;; - pc98-*) - basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; - pentium4) - basic_machine=i786-pc - ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pn) - basic_machine=pn-gould - ;; - power) basic_machine=power-ibm - ;; - ppc | ppcbe) basic_machine=powerpc-unknown - ;; - ppc-* | ppcbe-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppcle | powerpclittle | ppc-le | powerpc-little) - basic_machine=powerpcle-unknown - ;; - ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64) basic_machine=powerpc64-unknown - ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) - basic_machine=powerpc64le-unknown - ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ps2) - basic_machine=i386-ibm - ;; - pw32) - basic_machine=i586-unknown - os=-pw32 - ;; - rdos | rdos64) - basic_machine=x86_64-pc - os=-rdos - ;; - rdos32) - basic_machine=i386-pc - os=-rdos - ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff - ;; - rm[46]00) - basic_machine=mips-siemens - ;; - rtpc | rtpc-*) - basic_machine=romp-ibm - ;; - s390 | s390-*) - basic_machine=s390-ibm - ;; - s390x | s390x-*) - basic_machine=s390x-ibm - ;; - sa29200) - basic_machine=a29k-amd - os=-udi - ;; - sb1) - basic_machine=mipsisa64sb1-unknown - ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; - sde) - basic_machine=mipsisa32-sde - os=-elf - ;; - sei) - basic_machine=mips-sei - os=-seiux - ;; - sequent) - basic_machine=i386-sequent - ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; - sh5el) - basic_machine=sh5le-unknown - ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) - basic_machine=sparclite-wrs - os=-vxworks - ;; - sps7) - basic_machine=m68k-bull - os=-sysv2 - ;; - spur) - basic_machine=spur-unknown - ;; - st2000) - basic_machine=m68k-tandem - ;; - stratus) - basic_machine=i860-stratus - os=-sysv4 - ;; - strongarm-* | thumb-*) - basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - sun2) - basic_machine=m68000-sun - ;; - sun2os3) - basic_machine=m68000-sun - os=-sunos3 - ;; - sun2os4) - basic_machine=m68000-sun - os=-sunos4 - ;; - sun3os3) - basic_machine=m68k-sun - os=-sunos3 - ;; - sun3os4) - basic_machine=m68k-sun - os=-sunos4 - ;; - sun4os3) - basic_machine=sparc-sun - os=-sunos3 - ;; - sun4os4) - basic_machine=sparc-sun - os=-sunos4 - ;; - sun4sol2) - basic_machine=sparc-sun - os=-solaris2 - ;; - sun3 | sun3-*) - basic_machine=m68k-sun - ;; - sun4) - basic_machine=sparc-sun - ;; - sun386 | sun386i | roadrunner) - basic_machine=i386-sun - ;; - sv1) - basic_machine=sv1-cray - os=-unicos - ;; - symmetry) - basic_machine=i386-sequent - os=-dynix - ;; - t3e) - basic_machine=alphaev5-cray - os=-unicos - ;; - t90) - basic_machine=t90-cray - os=-unicos - ;; - tile*) - basic_machine=$basic_machine-unknown - os=-linux-gnu - ;; - tx39) - basic_machine=mipstx39-unknown - ;; - tx39el) - basic_machine=mipstx39el-unknown - ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 - ;; - tower | tower-32) - basic_machine=m68k-ncr - ;; - tpf) - basic_machine=s390x-ibm - os=-tpf - ;; - udi29k) - basic_machine=a29k-amd - os=-udi - ;; - ultra3) - basic_machine=a29k-nyu - os=-sym1 - ;; - v810 | necv810) - basic_machine=v810-nec - os=-none - ;; - vaxv) - basic_machine=vax-dec - os=-sysv - ;; - vms) - basic_machine=vax-dec - os=-vms - ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; - vxworks960) - basic_machine=i960-wrs - os=-vxworks - ;; - vxworks68) - basic_machine=m68k-wrs - os=-vxworks - ;; - vxworks29k) - basic_machine=a29k-wrs - os=-vxworks - ;; - w65*) - basic_machine=w65-wdc - os=-none - ;; - w89k-*) - basic_machine=hppa1.1-winbond - os=-proelf - ;; - xbox) - basic_machine=i686-pc - os=-mingw32 - ;; - xps | xps100) - basic_machine=xps100-honeywell - ;; - xscale-* | xscalee[bl]-*) - basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` - ;; - ymp) - basic_machine=ymp-cray - os=-unicos - ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - z80-*-coff) - basic_machine=z80-unknown - os=-sim - ;; - none) - basic_machine=none-none - os=-none - ;; - -# Here we handle the default manufacturer of certain CPU types. It is in -# some cases the only manufacturer, in others, it is the most popular. - w89k) - basic_machine=hppa1.1-winbond - ;; - op50n) - basic_machine=hppa1.1-oki - ;; - op60c) - basic_machine=hppa1.1-oki - ;; - romp) - basic_machine=romp-ibm - ;; - mmix) - basic_machine=mmix-knuth - ;; - rs6000) - basic_machine=rs6000-ibm - ;; - vax) - basic_machine=vax-dec - ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; - pdp11) - basic_machine=pdp11-dec - ;; - we32k) - basic_machine=we32k-att - ;; - sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown - ;; - sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun - ;; - cydra) - basic_machine=cydra-cydrome - ;; - orion) - basic_machine=orion-highlevel - ;; - orion105) - basic_machine=clipper-highlevel - ;; - mac | mpw | mac-mpw) - basic_machine=m68k-apple - ;; - pmac | pmac-mpw) - basic_machine=powerpc-apple - ;; - *-unknown) - # Make sure to match an already-canonicalized machine name. - ;; - *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; -esac - -# Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` - ;; - *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` - ;; - *) - ;; -esac - -# Decode manufacturer-specific aliases for certain operating systems. - -if [ x"$os" != x"" ] -then -case $os in - # First match some system type aliases - # that might get confused with valid system types. - # -solaris* is a basic system type, with this one exception. - -auroraux) - os=-auroraux - ;; - -solaris1 | -solaris1.*) - os=`echo $os | sed -e 's|solaris1|sunos4|'` - ;; - -solaris) - os=-solaris2 - ;; - -svr4*) - os=-sysv4 - ;; - -unixware*) - os=-sysv4.2uw - ;; - -gnu/linux*) - os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` - ;; - # First accept the basic system types. - # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. - # -sysv* is not here because it comes later, after sysvr4. - -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* | -plan9* \ - | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* \ - | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ - | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* \ - | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) - # Remember, each alternative MUST END IN *, to match a version number. - ;; - -qnx*) - case $basic_machine in - x86-* | i*86-*) - ;; - *) - os=-nto$os - ;; - esac - ;; - -nto-qnx*) - ;; - -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` - ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) - ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` - ;; - -linux-dietlibc) - os=-linux-dietlibc - ;; - -linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` - ;; - -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` - ;; - -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` - ;; - -opened*) - os=-openedition - ;; - -os400*) - os=-os400 - ;; - -wince*) - os=-wince - ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; - -utek*) - os=-bsd - ;; - -dynix*) - os=-bsd - ;; - -acis*) - os=-aos - ;; - -atheos*) - os=-atheos - ;; - -syllable*) - os=-syllable - ;; - -386bsd) - os=-bsd - ;; - -ctix* | -uts*) - os=-sysv - ;; - -nova*) - os=-rtmk-nova - ;; - -ns2 ) - os=-nextstep2 - ;; - -nsk*) - os=-nsk - ;; - # Preserve the version number of sinix5. - -sinix5.*) - os=`echo $os | sed -e 's|sinix|sysv|'` - ;; - -sinix*) - os=-sysv4 - ;; - -tpf*) - os=-tpf - ;; - -triton*) - os=-sysv3 - ;; - -oss*) - os=-sysv3 - ;; - -svr4) - os=-sysv4 - ;; - -svr3) - os=-sysv3 - ;; - -sysvr4) - os=-sysv4 - ;; - # This must come after -sysvr4. - -sysv*) - ;; - -ose*) - os=-ose - ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint - ;; - -aros*) - os=-aros - ;; - -zvmoe) - os=-zvmoe - ;; - -dicos*) - os=-dicos - ;; - -nacl*) - ;; - -none) - ;; - *) - # Get rid of the `-' at the beginning of $os. - os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 - exit 1 - ;; -esac -else - -# Here we handle the default operating systems that come with various machines. -# The value should be what the vendor currently ships out the door with their -# machine or put another way, the most popular os provided with the machine. - -# Note that if you're going to try to match "-MANUFACTURER" here (say, -# "-sun"), then you have to tell the case statement up towards the top -# that MANUFACTURER isn't an operating system. Otherwise, code above -# will signal an error saying that MANUFACTURER isn't an operating -# system, and we'll never get to this point. - -case $basic_machine in - score-*) - os=-elf - ;; - spu-*) - os=-elf - ;; - *-acorn) - os=-riscix1.2 - ;; - arm*-rebel) - os=-linux - ;; - arm*-semi) - os=-aout - ;; - c4x-* | tic4x-*) - os=-coff - ;; - c8051-*) - os=-elf - ;; - hexagon-*) - os=-elf - ;; - tic54x-*) - os=-coff - ;; - tic55x-*) - os=-coff - ;; - tic6x-*) - os=-coff - ;; - # This must come before the *-dec entry. - pdp10-*) - os=-tops20 - ;; - pdp11-*) - os=-none - ;; - *-dec | vax-*) - os=-ultrix4.2 - ;; - m68*-apollo) - os=-domain - ;; - i386-sun) - os=-sunos4.0.2 - ;; - m68000-sun) - os=-sunos3 - ;; - m68*-cisco) - os=-aout - ;; - mep-*) - os=-elf - ;; - mips*-cisco) - os=-elf - ;; - mips*-*) - os=-elf - ;; - or32-*) - os=-coff - ;; - *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 - ;; - sparc-* | *-sun) - os=-sunos4.1.1 - ;; - *-be) - os=-beos - ;; - *-haiku) - os=-haiku - ;; - *-ibm) - os=-aix - ;; - *-knuth) - os=-mmixware - ;; - *-wec) - os=-proelf - ;; - *-winbond) - os=-proelf - ;; - *-oki) - os=-proelf - ;; - *-hp) - os=-hpux - ;; - *-hitachi) - os=-hiux - ;; - i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv - ;; - *-cbm) - os=-amigaos - ;; - *-dg) - os=-dgux - ;; - *-dolphin) - os=-sysv3 - ;; - m68k-ccur) - os=-rtu - ;; - m88k-omron*) - os=-luna - ;; - *-next ) - os=-nextstep - ;; - *-sequent) - os=-ptx - ;; - *-crds) - os=-unos - ;; - *-ns) - os=-genix - ;; - i370-*) - os=-mvs - ;; - *-next) - os=-nextstep3 - ;; - *-gould) - os=-sysv - ;; - *-highlevel) - os=-bsd - ;; - *-encore) - os=-bsd - ;; - *-sgi) - os=-irix - ;; - *-siemens) - os=-sysv4 - ;; - *-masscomp) - os=-rtu - ;; - f30[01]-fujitsu | f700-fujitsu) - os=-uxpv - ;; - *-rom68k) - os=-coff - ;; - *-*bug) - os=-coff - ;; - *-apple) - os=-macos - ;; - *-atari*) - os=-mint - ;; - *) - os=-none - ;; -esac -fi - -# Here we handle the case where we know the os, and the CPU type, but not the -# manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) - case $os in - -riscix*) - vendor=acorn - ;; - -sunos*) - vendor=sun - ;; - -cnk*|-aix*) - vendor=ibm - ;; - -beos*) - vendor=be - ;; - -hpux*) - vendor=hp - ;; - -mpeix*) - vendor=hp - ;; - -hiux*) - vendor=hitachi - ;; - -unos*) - vendor=crds - ;; - -dgux*) - vendor=dg - ;; - -luna*) - vendor=omron - ;; - -genix*) - vendor=ns - ;; - -mvs* | -opened*) - vendor=ibm - ;; - -os400*) - vendor=ibm - ;; - -ptx*) - vendor=sequent - ;; - -tpf*) - vendor=ibm - ;; - -vxsim* | -vxworks* | -windiss*) - vendor=wrs - ;; - -aux*) - vendor=apple - ;; - -hms*) - vendor=hitachi - ;; - -mpw* | -macos*) - vendor=apple - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - vendor=atari - ;; - -vos*) - vendor=stratus - ;; - esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` - ;; -esac - -echo $basic_machine$os -exit - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff -Nru gnupg2-2.1.6/build-aux/depcomp gnupg2-2.0.28/build-aux/depcomp --- gnupg2-2.1.6/build-aux/depcomp 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/depcomp 1970-01-01 00:00:00.000000000 +0000 @@ -1,791 +0,0 @@ -#! /bin/sh -# depcomp - compile a program generating dependencies as side-effects - -scriptversion=2013-05-30.07; # UTC - -# Copyright (C) 1999-2013 Free Software Foundation, Inc. - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# Originally written by Alexandre Oliva . - -case $1 in - '') - echo "$0: No command. Try '$0 --help' for more information." 1>&2 - exit 1; - ;; - -h | --h*) - cat <<\EOF -Usage: depcomp [--help] [--version] PROGRAM [ARGS] - -Run PROGRAMS ARGS to compile a file, generating dependencies -as side-effects. - -Environment variables: - depmode Dependency tracking mode. - source Source file read by 'PROGRAMS ARGS'. - object Object file output by 'PROGRAMS ARGS'. - DEPDIR directory where to store dependencies. - depfile Dependency file to output. - tmpdepfile Temporary file to use when outputting dependencies. - libtool Whether libtool is used (yes/no). - -Report bugs to . -EOF - exit $? - ;; - -v | --v*) - echo "depcomp $scriptversion" - exit $? - ;; -esac - -# Get the directory component of the given path, and save it in the -# global variables '$dir'. Note that this directory component will -# be either empty or ending with a '/' character. This is deliberate. -set_dir_from () -{ - case $1 in - */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; - *) dir=;; - esac -} - -# Get the suffix-stripped basename of the given path, and save it the -# global variable '$base'. -set_base_from () -{ - base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` -} - -# If no dependency file was actually created by the compiler invocation, -# we still have to create a dummy depfile, to avoid errors with the -# Makefile "include basename.Plo" scheme. -make_dummy_depfile () -{ - echo "#dummy" > "$depfile" -} - -# Factor out some common post-processing of the generated depfile. -# Requires the auxiliary global variable '$tmpdepfile' to be set. -aix_post_process_depfile () -{ - # If the compiler actually managed to produce a dependency file, - # post-process it. - if test -f "$tmpdepfile"; then - # Each line is of the form 'foo.o: dependency.h'. - # Do two passes, one to just change these to - # $object: dependency.h - # and one to simply output - # dependency.h: - # which is needed to avoid the deleted-header problem. - { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" - sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" - } > "$depfile" - rm -f "$tmpdepfile" - else - make_dummy_depfile - fi -} - -# A tabulation character. -tab=' ' -# A newline character. -nl=' -' -# Character ranges might be problematic outside the C locale. -# These definitions help. -upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ -lower=abcdefghijklmnopqrstuvwxyz -digits=0123456789 -alpha=${upper}${lower} - -if test -z "$depmode" || test -z "$source" || test -z "$object"; then - echo "depcomp: Variables source, object and depmode must be set" 1>&2 - exit 1 -fi - -# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. -depfile=${depfile-`echo "$object" | - sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} -tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} - -rm -f "$tmpdepfile" - -# Avoid interferences from the environment. -gccflag= dashmflag= - -# Some modes work just like other modes, but use different flags. We -# parameterize here, but still list the modes in the big case below, -# to make depend.m4 easier to write. Note that we *cannot* use a case -# here, because this file can only contain one case statement. -if test "$depmode" = hp; then - # HP compiler uses -M and no extra arg. - gccflag=-M - depmode=gcc -fi - -if test "$depmode" = dashXmstdout; then - # This is just like dashmstdout with a different argument. - dashmflag=-xM - depmode=dashmstdout -fi - -cygpath_u="cygpath -u -f -" -if test "$depmode" = msvcmsys; then - # This is just like msvisualcpp but w/o cygpath translation. - # Just convert the backslash-escaped backslashes to single forward - # slashes to satisfy depend.m4 - cygpath_u='sed s,\\\\,/,g' - depmode=msvisualcpp -fi - -if test "$depmode" = msvc7msys; then - # This is just like msvc7 but w/o cygpath translation. - # Just convert the backslash-escaped backslashes to single forward - # slashes to satisfy depend.m4 - cygpath_u='sed s,\\\\,/,g' - depmode=msvc7 -fi - -if test "$depmode" = xlc; then - # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. - gccflag=-qmakedep=gcc,-MF - depmode=gcc -fi - -case "$depmode" in -gcc3) -## gcc 3 implements dependency tracking that does exactly what -## we want. Yay! Note: for some reason libtool 1.4 doesn't like -## it if -MD -MP comes after the -MF stuff. Hmm. -## Unfortunately, FreeBSD c89 acceptance of flags depends upon -## the command line argument order; so add the flags where they -## appear in depend2.am. Note that the slowdown incurred here -## affects only configure: in makefiles, %FASTDEP% shortcuts this. - for arg - do - case $arg in - -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; - *) set fnord "$@" "$arg" ;; - esac - shift # fnord - shift # $arg - done - "$@" - stat=$? - if test $stat -ne 0; then - rm -f "$tmpdepfile" - exit $stat - fi - mv "$tmpdepfile" "$depfile" - ;; - -gcc) -## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. -## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. -## (see the conditional assignment to $gccflag above). -## There are various ways to get dependency output from gcc. Here's -## why we pick this rather obscure method: -## - Don't want to use -MD because we'd like the dependencies to end -## up in a subdir. Having to rename by hand is ugly. -## (We might end up doing this anyway to support other compilers.) -## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like -## -MM, not -M (despite what the docs say). Also, it might not be -## supported by the other compilers which use the 'gcc' depmode. -## - Using -M directly means running the compiler twice (even worse -## than renaming). - if test -z "$gccflag"; then - gccflag=-MD, - fi - "$@" -Wp,"$gccflag$tmpdepfile" - stat=$? - if test $stat -ne 0; then - rm -f "$tmpdepfile" - exit $stat - fi - rm -f "$depfile" - echo "$object : \\" > "$depfile" - # The second -e expression handles DOS-style file names with drive - # letters. - sed -e 's/^[^:]*: / /' \ - -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" -## This next piece of magic avoids the "deleted header file" problem. -## The problem is that when a header file which appears in a .P file -## is deleted, the dependency causes make to die (because there is -## typically no way to rebuild the header). We avoid this by adding -## dummy dependencies for each header file. Too bad gcc doesn't do -## this for us directly. -## Some versions of gcc put a space before the ':'. On the theory -## that the space means something, we add a space to the output as -## well. hp depmode also adds that space, but also prefixes the VPATH -## to the object. Take care to not repeat it in the output. -## Some versions of the HPUX 10.20 sed can't process this invocation -## correctly. Breaking it into two sed invocations is a workaround. - tr ' ' "$nl" < "$tmpdepfile" \ - | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ - | sed -e 's/$/ :/' >> "$depfile" - rm -f "$tmpdepfile" - ;; - -hp) - # This case exists only to let depend.m4 do its work. It works by - # looking at the text of this script. This case will never be run, - # since it is checked for above. - exit 1 - ;; - -sgi) - if test "$libtool" = yes; then - "$@" "-Wp,-MDupdate,$tmpdepfile" - else - "$@" -MDupdate "$tmpdepfile" - fi - stat=$? - if test $stat -ne 0; then - rm -f "$tmpdepfile" - exit $stat - fi - rm -f "$depfile" - - if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files - echo "$object : \\" > "$depfile" - # Clip off the initial element (the dependent). Don't try to be - # clever and replace this with sed code, as IRIX sed won't handle - # lines with more than a fixed number of characters (4096 in - # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; - # the IRIX cc adds comments like '#:fec' to the end of the - # dependency line. - tr ' ' "$nl" < "$tmpdepfile" \ - | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ - | tr "$nl" ' ' >> "$depfile" - echo >> "$depfile" - # The second pass generates a dummy entry for each header file. - tr ' ' "$nl" < "$tmpdepfile" \ - | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ - >> "$depfile" - else - make_dummy_depfile - fi - rm -f "$tmpdepfile" - ;; - -xlc) - # This case exists only to let depend.m4 do its work. It works by - # looking at the text of this script. This case will never be run, - # since it is checked for above. - exit 1 - ;; - -aix) - # The C for AIX Compiler uses -M and outputs the dependencies - # in a .u file. In older versions, this file always lives in the - # current directory. Also, the AIX compiler puts '$object:' at the - # start of each line; $object doesn't have directory information. - # Version 6 uses the directory in both cases. - set_dir_from "$object" - set_base_from "$object" - if test "$libtool" = yes; then - tmpdepfile1=$dir$base.u - tmpdepfile2=$base.u - tmpdepfile3=$dir.libs/$base.u - "$@" -Wc,-M - else - tmpdepfile1=$dir$base.u - tmpdepfile2=$dir$base.u - tmpdepfile3=$dir$base.u - "$@" -M - fi - stat=$? - if test $stat -ne 0; then - rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" - exit $stat - fi - - for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" - do - test -f "$tmpdepfile" && break - done - aix_post_process_depfile - ;; - -tcc) - # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 - # FIXME: That version still under development at the moment of writing. - # Make that this statement remains true also for stable, released - # versions. - # It will wrap lines (doesn't matter whether long or short) with a - # trailing '\', as in: - # - # foo.o : \ - # foo.c \ - # foo.h \ - # - # It will put a trailing '\' even on the last line, and will use leading - # spaces rather than leading tabs (at least since its commit 0394caf7 - # "Emit spaces for -MD"). - "$@" -MD -MF "$tmpdepfile" - stat=$? - if test $stat -ne 0; then - rm -f "$tmpdepfile" - exit $stat - fi - rm -f "$depfile" - # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. - # We have to change lines of the first kind to '$object: \'. - sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" - # And for each line of the second kind, we have to emit a 'dep.h:' - # dummy dependency, to avoid the deleted-header problem. - sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" - rm -f "$tmpdepfile" - ;; - -## The order of this option in the case statement is important, since the -## shell code in configure will try each of these formats in the order -## listed in this file. A plain '-MD' option would be understood by many -## compilers, so we must ensure this comes after the gcc and icc options. -pgcc) - # Portland's C compiler understands '-MD'. - # Will always output deps to 'file.d' where file is the root name of the - # source file under compilation, even if file resides in a subdirectory. - # The object file name does not affect the name of the '.d' file. - # pgcc 10.2 will output - # foo.o: sub/foo.c sub/foo.h - # and will wrap long lines using '\' : - # foo.o: sub/foo.c ... \ - # sub/foo.h ... \ - # ... - set_dir_from "$object" - # Use the source, not the object, to determine the base name, since - # that's sadly what pgcc will do too. - set_base_from "$source" - tmpdepfile=$base.d - - # For projects that build the same source file twice into different object - # files, the pgcc approach of using the *source* file root name can cause - # problems in parallel builds. Use a locking strategy to avoid stomping on - # the same $tmpdepfile. - lockdir=$base.d-lock - trap " - echo '$0: caught signal, cleaning up...' >&2 - rmdir '$lockdir' - exit 1 - " 1 2 13 15 - numtries=100 - i=$numtries - while test $i -gt 0; do - # mkdir is a portable test-and-set. - if mkdir "$lockdir" 2>/dev/null; then - # This process acquired the lock. - "$@" -MD - stat=$? - # Release the lock. - rmdir "$lockdir" - break - else - # If the lock is being held by a different process, wait - # until the winning process is done or we timeout. - while test -d "$lockdir" && test $i -gt 0; do - sleep 1 - i=`expr $i - 1` - done - fi - i=`expr $i - 1` - done - trap - 1 2 13 15 - if test $i -le 0; then - echo "$0: failed to acquire lock after $numtries attempts" >&2 - echo "$0: check lockdir '$lockdir'" >&2 - exit 1 - fi - - if test $stat -ne 0; then - rm -f "$tmpdepfile" - exit $stat - fi - rm -f "$depfile" - # Each line is of the form `foo.o: dependent.h', - # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. - # Do two passes, one to just change these to - # `$object: dependent.h' and one to simply `dependent.h:'. - sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" - # Some versions of the HPUX 10.20 sed can't process this invocation - # correctly. Breaking it into two sed invocations is a workaround. - sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ - | sed -e 's/$/ :/' >> "$depfile" - rm -f "$tmpdepfile" - ;; - -hp2) - # The "hp" stanza above does not work with aCC (C++) and HP's ia64 - # compilers, which have integrated preprocessors. The correct option - # to use with these is +Maked; it writes dependencies to a file named - # 'foo.d', which lands next to the object file, wherever that - # happens to be. - # Much of this is similar to the tru64 case; see comments there. - set_dir_from "$object" - set_base_from "$object" - if test "$libtool" = yes; then - tmpdepfile1=$dir$base.d - tmpdepfile2=$dir.libs/$base.d - "$@" -Wc,+Maked - else - tmpdepfile1=$dir$base.d - tmpdepfile2=$dir$base.d - "$@" +Maked - fi - stat=$? - if test $stat -ne 0; then - rm -f "$tmpdepfile1" "$tmpdepfile2" - exit $stat - fi - - for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" - do - test -f "$tmpdepfile" && break - done - if test -f "$tmpdepfile"; then - sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" - # Add 'dependent.h:' lines. - sed -ne '2,${ - s/^ *// - s/ \\*$// - s/$/:/ - p - }' "$tmpdepfile" >> "$depfile" - else - make_dummy_depfile - fi - rm -f "$tmpdepfile" "$tmpdepfile2" - ;; - -tru64) - # The Tru64 compiler uses -MD to generate dependencies as a side - # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. - # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put - # dependencies in 'foo.d' instead, so we check for that too. - # Subdirectories are respected. - set_dir_from "$object" - set_base_from "$object" - - if test "$libtool" = yes; then - # Libtool generates 2 separate objects for the 2 libraries. These - # two compilations output dependencies in $dir.libs/$base.o.d and - # in $dir$base.o.d. We have to check for both files, because - # one of the two compilations can be disabled. We should prefer - # $dir$base.o.d over $dir.libs/$base.o.d because the latter is - # automatically cleaned when .libs/ is deleted, while ignoring - # the former would cause a distcleancheck panic. - tmpdepfile1=$dir$base.o.d # libtool 1.5 - tmpdepfile2=$dir.libs/$base.o.d # Likewise. - tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 - "$@" -Wc,-MD - else - tmpdepfile1=$dir$base.d - tmpdepfile2=$dir$base.d - tmpdepfile3=$dir$base.d - "$@" -MD - fi - - stat=$? - if test $stat -ne 0; then - rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" - exit $stat - fi - - for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" - do - test -f "$tmpdepfile" && break - done - # Same post-processing that is required for AIX mode. - aix_post_process_depfile - ;; - -msvc7) - if test "$libtool" = yes; then - showIncludes=-Wc,-showIncludes - else - showIncludes=-showIncludes - fi - "$@" $showIncludes > "$tmpdepfile" - stat=$? - grep -v '^Note: including file: ' "$tmpdepfile" - if test $stat -ne 0; then - rm -f "$tmpdepfile" - exit $stat - fi - rm -f "$depfile" - echo "$object : \\" > "$depfile" - # The first sed program below extracts the file names and escapes - # backslashes for cygpath. The second sed program outputs the file - # name when reading, but also accumulates all include files in the - # hold buffer in order to output them again at the end. This only - # works with sed implementations that can handle large buffers. - sed < "$tmpdepfile" -n ' -/^Note: including file: *\(.*\)/ { - s//\1/ - s/\\/\\\\/g - p -}' | $cygpath_u | sort -u | sed -n ' -s/ /\\ /g -s/\(.*\)/'"$tab"'\1 \\/p -s/.\(.*\) \\/\1:/ -H -$ { - s/.*/'"$tab"'/ - G - p -}' >> "$depfile" - echo >> "$depfile" # make sure the fragment doesn't end with a backslash - rm -f "$tmpdepfile" - ;; - -msvc7msys) - # This case exists only to let depend.m4 do its work. It works by - # looking at the text of this script. This case will never be run, - # since it is checked for above. - exit 1 - ;; - -#nosideeffect) - # This comment above is used by automake to tell side-effect - # dependency tracking mechanisms from slower ones. - -dashmstdout) - # Important note: in order to support this mode, a compiler *must* - # always write the preprocessed file to stdout, regardless of -o. - "$@" || exit $? - - # Remove the call to Libtool. - if test "$libtool" = yes; then - while test "X$1" != 'X--mode=compile'; do - shift - done - shift - fi - - # Remove '-o $object'. - IFS=" " - for arg - do - case $arg in - -o) - shift - ;; - $object) - shift - ;; - *) - set fnord "$@" "$arg" - shift # fnord - shift # $arg - ;; - esac - done - - test -z "$dashmflag" && dashmflag=-M - # Require at least two characters before searching for ':' - # in the target name. This is to cope with DOS-style filenames: - # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. - "$@" $dashmflag | - sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" - rm -f "$depfile" - cat < "$tmpdepfile" > "$depfile" - # Some versions of the HPUX 10.20 sed can't process this sed invocation - # correctly. Breaking it into two sed invocations is a workaround. - tr ' ' "$nl" < "$tmpdepfile" \ - | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ - | sed -e 's/$/ :/' >> "$depfile" - rm -f "$tmpdepfile" - ;; - -dashXmstdout) - # This case only exists to satisfy depend.m4. It is never actually - # run, as this mode is specially recognized in the preamble. - exit 1 - ;; - -makedepend) - "$@" || exit $? - # Remove any Libtool call - if test "$libtool" = yes; then - while test "X$1" != 'X--mode=compile'; do - shift - done - shift - fi - # X makedepend - shift - cleared=no eat=no - for arg - do - case $cleared in - no) - set ""; shift - cleared=yes ;; - esac - if test $eat = yes; then - eat=no - continue - fi - case "$arg" in - -D*|-I*) - set fnord "$@" "$arg"; shift ;; - # Strip any option that makedepend may not understand. Remove - # the object too, otherwise makedepend will parse it as a source file. - -arch) - eat=yes ;; - -*|$object) - ;; - *) - set fnord "$@" "$arg"; shift ;; - esac - done - obj_suffix=`echo "$object" | sed 's/^.*\././'` - touch "$tmpdepfile" - ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" - rm -f "$depfile" - # makedepend may prepend the VPATH from the source file name to the object. - # No need to regex-escape $object, excess matching of '.' is harmless. - sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" - # Some versions of the HPUX 10.20 sed can't process the last invocation - # correctly. Breaking it into two sed invocations is a workaround. - sed '1,2d' "$tmpdepfile" \ - | tr ' ' "$nl" \ - | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ - | sed -e 's/$/ :/' >> "$depfile" - rm -f "$tmpdepfile" "$tmpdepfile".bak - ;; - -cpp) - # Important note: in order to support this mode, a compiler *must* - # always write the preprocessed file to stdout. - "$@" || exit $? - - # Remove the call to Libtool. - if test "$libtool" = yes; then - while test "X$1" != 'X--mode=compile'; do - shift - done - shift - fi - - # Remove '-o $object'. - IFS=" " - for arg - do - case $arg in - -o) - shift - ;; - $object) - shift - ;; - *) - set fnord "$@" "$arg" - shift # fnord - shift # $arg - ;; - esac - done - - "$@" -E \ - | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ - -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ - | sed '$ s: \\$::' > "$tmpdepfile" - rm -f "$depfile" - echo "$object : \\" > "$depfile" - cat < "$tmpdepfile" >> "$depfile" - sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" - rm -f "$tmpdepfile" - ;; - -msvisualcpp) - # Important note: in order to support this mode, a compiler *must* - # always write the preprocessed file to stdout. - "$@" || exit $? - - # Remove the call to Libtool. - if test "$libtool" = yes; then - while test "X$1" != 'X--mode=compile'; do - shift - done - shift - fi - - IFS=" " - for arg - do - case "$arg" in - -o) - shift - ;; - $object) - shift - ;; - "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") - set fnord "$@" - shift - shift - ;; - *) - set fnord "$@" "$arg" - shift - shift - ;; - esac - done - "$@" -E 2>/dev/null | - sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" - rm -f "$depfile" - echo "$object : \\" > "$depfile" - sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" - echo "$tab" >> "$depfile" - sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" - rm -f "$tmpdepfile" - ;; - -msvcmsys) - # This case exists only to let depend.m4 do its work. It works by - # looking at the text of this script. This case will never be run, - # since it is checked for above. - exit 1 - ;; - -none) - exec "$@" - ;; - -*) - echo "Unknown depmode $depmode" 1>&2 - exit 1 - ;; -esac - -exit 0 - -# Local Variables: -# mode: shell-script -# sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "scriptversion=" -# time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" -# time-stamp-end: "; # UTC" -# End: diff -Nru gnupg2-2.1.6/build-aux/getswdb.sh gnupg2-2.0.28/build-aux/getswdb.sh --- gnupg2-2.1.6/build-aux/getswdb.sh 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/getswdb.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,172 +0,0 @@ -#!/bin/sh -# Get the online version of the GnuPG software version database -# Copyright (C) 2014 Werner Koch -# -# This file is free software; as a special exception the author gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the -# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# The URL of the file to retrieve. -# (some wget versions seem to have problems with SubjectAltName, thus -# we do not use www.gnupg.org) -urlbase="https://gnupg.org/" - -WGET=wget -GPGV=gpgv - -srcdir=$(dirname "$0") -distsigkey="$srcdir/../g10/distsigkey.gpg" - -# Convert a 3 part version number it a numeric value. -cvtver () { - awk 'NR==1 {split($NF,A,".");X=1000000*A[1]+1000*A[2]+A[3];print X;exit 0}' -} - -# Prints usage information. -usage() -{ - cat <&2 - ;; - esac - shift -done - -# Mac OSX has only a shasum and not sha1sum -if [ ${find_sha1sum} = yes ]; then - for i in sha1sum shasum ; do - tmp=$($i /dev/null | cut -d ' ' -f1) - if [ x"$tmp" = x"da39a3ee5e6b4b0d3255bfef95601890afd80709" ]; then - echo "$i" - exit 0 - fi - done - echo "false" - exit 1 -fi - -# Get GnuPG version from VERSION file. For a GIT checkout this means -# that ./autogen.sh must have been run first. For a regular tarball -# VERSION is always available. -if [ ! -f "$srcdir/../VERSION" ]; then - echo "VERSION file missing - run autogen.sh first." >&2 - exit 1 -fi -version=$(cat "$srcdir/../VERSION") -version_num=$(echo "$version" | cvtver) - -if [ $skip_verify = no ]; then - if ! $GPGV --version >/dev/null 2>/dev/null ; then - echo "command \"gpgv\" is not installed" >&2 - echo "(please install an older version of GnuPG)" >&2 - exit 1 - fi -fi - -# -# Download the list and verify. -# -if [ $skip_download = yes ]; then - if [ ! -f swdb.lst ]; then - echo "swdb.lst is missing." >&2 - exit 1 - fi - if [ $skip_verify = no ]; then - if [ ! -f swdb.lst.sig ]; then - echo "swdb.lst.sig is missing." >&2 - exit 1 - fi - fi -else - if ! $WGET --version >/dev/null 2>/dev/null ; then - echo "command \"wget\" is not installed" >&2 - exit 1 - fi - - if ! $WGET -q -O swdb.lst "$urlbase/swdb.lst" ; then - echo "download of swdb.lst failed." >&2 - exit 1 - fi - if [ $skip_verify = no ]; then - if ! $WGET -q -O swdb.lst.sig "$urlbase/swdb.lst.sig" ; then - echo "download of swdb.lst.sig failed." >&2 - exit 1 - fi - fi -fi -if [ $skip_verify = no ]; then - if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then - echo "list of software versions is not valid!" >&2 - exit 1 - fi -fi - -# -# Check that the online version of GnuPG is not less than this version -# to help detect rollback attacks. -# -if [ $skip_selfcheck = no ]; then - gnupg_ver=$(awk '$1=="gnupg21_ver" {print $2;exit}' swdb.lst) - if [ -z "$gnupg_ver" ]; then - echo "GnuPG 2.1 version missing in swdb.lst!" >&2 - exit 1 - fi - gnupg_ver_num=$(echo "$gnupg_ver" | cvtver) - if [ $(( $gnupg_ver_num >= $version_num )) = 0 ]; then - echo "GnuPG version in swdb.lst is less than this version!" >&2 - echo " This version: $version" >&2 - echo " SWDB version: $gnupg_ver" >&2 - exit 1 - fi -fi diff -Nru gnupg2-2.1.6/build-aux/git-log-fix gnupg2-2.0.28/build-aux/git-log-fix --- gnupg2-2.1.6/build-aux/git-log-fix 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/git-log-fix 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -# This file is expected to be used via gitlog-to-changelog's --amend=FILE -# option. It specifies what changes to make to each given SHA1's commit -# log and metadata, using Perl-eval'able expressions. diff -Nru gnupg2-2.1.6/build-aux/git-log-footer gnupg2-2.0.28/build-aux/git-log-footer --- gnupg2-2.1.6/build-aux/git-log-footer 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/git-log-footer 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ - -2011-12-01 Werner Koch - - NB: Changes done before December 1st, 2011 are described in - per directory files named ChangeLog-2011. See doc/HACKING for - details. - - ----- - Copyright (C) 2011 Free Software Foundation, Inc. - - Copying and distribution of this file and/or the original GIT - commit log messages, with or without modification, are - permitted provided the copyright notice and this notice are - preserved. diff -Nru gnupg2-2.1.6/build-aux/gitlog-to-changelog gnupg2-2.0.28/build-aux/gitlog-to-changelog --- gnupg2-2.1.6/build-aux/gitlog-to-changelog 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/gitlog-to-changelog 1970-01-01 00:00:00.000000000 +0000 @@ -1,375 +0,0 @@ -eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' - & eval 'exec perl -wS "$0" $argv:q' - if 0; -# Convert git log output to ChangeLog format. - -my $VERSION = '2012-01-24 15:58 (wk)'; # UTC -# The definition above must lie within the first 8 lines in order -# for the Emacs time-stamp write hook (at end) to update it. -# If you change this file with Emacs, please let the write hook -# do its job. Otherwise, update this string manually. - -# Copyright (C) 2008-2012 Free Software Foundation, Inc. - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# Written by Jim Meyering -# Custom bugs bred by Werner Koch - -use strict; -use warnings; -use Getopt::Long; -use POSIX qw(strftime); - -(my $ME = $0) =~ s|.*/||; - -# use File::Coda; # http://meyering.net/code/Coda/ -END { - defined fileno STDOUT or return; - close STDOUT and return; - warn "$ME: failed to close standard output: $!\n"; - $? ||= 1; -} - -sub usage ($) -{ - my ($exit_code) = @_; - my $STREAM = ($exit_code == 0 ? *STDOUT : *STDERR); - if ($exit_code != 0) - { - print $STREAM "Try `$ME --help' for more information.\n"; - } - else - { - print $STREAM < ChangeLog - $ME -- -n 5 foo > last-5-commits-to-branch-foo - -In a FILE specified via --amend, comment lines (starting with "#") are ignored. -FILE must consist of pairs where SHA is a 40-byte SHA1 (alone on -a line) referring to a commit in the current project, and CODE refers to one -or more consecutive lines of Perl code. Pairs must be separated by one or -more blank line. - -Here is sample input for use with --amend=FILE, from coreutils: - -3a169f4c5d9159283548178668d2fae6fced3030 -# fix typo in title: -s/all tile types/all file types/ - -1379ed974f1fa39b12e2ffab18b3f7a607082202 -# Due to a bug in vc-dwim, I mis-attributed a patch by Paul to myself. -# Change the author to be Paul. Note the escaped "@": -s,Jim .*>,Paul Eggert , - -EOF - } - exit $exit_code; -} - -# If the string $S is a well-behaved file name, simply return it. -# If it contains white space, quotes, etc., quote it, and return the new string. -sub shell_quote($) -{ - my ($s) = @_; - if ($s =~ m![^\w+/.,-]!) - { - # Convert each single quote to '\'' - $s =~ s/\'/\'\\\'\'/g; - # Then single quote the string. - $s = "'$s'"; - } - return $s; -} - -sub quoted_cmd(@) -{ - return join (' ', map {shell_quote $_} @_); -} - -# Parse file F. -# Comment lines (starting with "#") are ignored. -# F must consist of pairs where SHA is a 40-byte SHA1 -# (alone on a line) referring to a commit in the current project, and -# CODE refers to one or more consecutive lines of Perl code. -# Pairs must be separated by one or more blank line. -sub parse_amend_file($) -{ - my ($f) = @_; - - open F, '<', $f - or die "$ME: $f: failed to open for reading: $!\n"; - - my $fail; - my $h = {}; - my $in_code = 0; - my $sha; - while (defined (my $line = )) - { - $line =~ /^\#/ - and next; - chomp $line; - $line eq '' - and $in_code = 0, next; - - if (!$in_code) - { - $line =~ /^([0-9a-fA-F]{40})$/ - or (warn "$ME: $f:$.: invalid line; expected an SHA1\n"), - $fail = 1, next; - $sha = lc $1; - $in_code = 1; - exists $h->{$sha} - and (warn "$ME: $f:$.: duplicate SHA1\n"), - $fail = 1, next; - } - else - { - $h->{$sha} ||= ''; - $h->{$sha} .= "$line\n"; - } - } - close F; - - $fail - and exit 1; - - return $h; -} - -{ - my $since_date; - my $format_string = '%s%n%b%n'; - my $amend_file; - my $append_dot = 0; - my $tear_off = 0; - GetOptions - ( - help => sub { usage 0 }, - version => sub { print "$ME version $VERSION\n"; exit }, - 'since=s' => \$since_date, - 'format=s' => \$format_string, - 'amend=s' => \$amend_file, - 'append-dot' => \$append_dot, - 'tear-off' => \$tear_off, - ) or usage 1; - - - defined $since_date - and unshift @ARGV, "--since=$since_date"; - - # This is a hash that maps an SHA1 to perl code (i.e., s/old/new/) - # that makes a correction in the log or attribution of that commit. - my $amend_code = defined $amend_file ? parse_amend_file $amend_file : {}; - - my @cmd = (qw (git log --log-size), - '--pretty=format:%H:%ct %an <%ae>%n%n'.$format_string, @ARGV); - open PIPE, '-|', @cmd - or die ("$ME: failed to run `". quoted_cmd (@cmd) ."': $!\n" - . "(Is your Git too old? Version 1.5.1 or later is required.)\n"); - - my $prev_date_line = ''; - my @prev_coauthors = (); - - while (1) - { - defined (my $in = ) - or last; - $in =~ /^log size (\d+)$/ - or die "$ME:$.: Invalid line (expected log size):\n$in"; - my $log_nbytes = $1; - - my $log; - my $n_read = read PIPE, $log, $log_nbytes; - $n_read == $log_nbytes - or die "$ME:$.: unexpected EOF\n"; - - # Skip log entries with the default merge commit message. - $log =~ /^.*\n\nMerge branch '.*\n\s*/ - and goto SKIPCOMMIT; - - # Skip log entries if the body starts with a tear off marker. - if ($tear_off) - { - $log =~ /^.*\n\n.*\n--\s*/ - and goto SKIPCOMMIT; - } - - # Extract leading hash. - my ($sha, $rest) = split ':', $log, 2; - defined $sha - or die "$ME:$.: malformed log entry\n"; - $sha =~ /^[0-9a-fA-F]{40}$/ - or die "$ME:$.: invalid SHA1: $sha\n"; - - # If this commit's log requires any transformation, do it now. - my $code = $amend_code->{$sha}; - if (defined $code) - { - eval 'use Safe'; - my $s = new Safe; - # Put the unpreprocessed entry into "$_". - $_ = $rest; - - # Let $code operate on it, safely. - my $r = $s->reval("$code") - or die "$ME:$.:$sha: failed to eval \"$code\":\n$@\n"; - - # Note that we've used this entry. - delete $amend_code->{$sha}; - - # Update $rest upon success. - $rest = $_; - } - - my @line = split "\n", $rest; - my $author_line = shift @line; - defined $author_line - or die "$ME:$.: unexpected EOF\n"; - $author_line =~ /^(\d+) (.*>)$/ - or die "$ME:$.: Invalid line " - . "(expected date/author/email):\n$author_line\n"; - - my $date_line = sprintf "%s $2\n", strftime ("%F", localtime ($1)); - - # Format 'Co-authored-by: A U Thor ' lines in - # standard multi-author ChangeLog format. - my @coauthors = grep /^Co-authored-by:.*$/, @line; - for (@coauthors) - { - s/^Co-authored-by:\s*/\t /; - s/\s*/ - or warn "$ME: warning: missing email address for " - . substr ($_, 5) . "\n"; - } - - # If this header would be the same as the previous date/name/email/ - # coauthors header, then arrange not to print it. - if ($date_line ne $prev_date_line or "@coauthors" ne "@prev_coauthors") - { - $prev_date_line eq '' - or print "\n"; - print $date_line; - @coauthors - and print join ("\n", @coauthors), "\n"; - } - $prev_date_line = $date_line; - @prev_coauthors = @coauthors; - - # Omit "Co-authored-by..." and "Signed-off-by..." lines. - @line = grep !/^Signed-off-by: .*>$/, @line; - @line = grep !/^Co-authored-by: /, @line; - - # Remove everything after a line with 2 dashes at the beginning. - if ($tear_off) - { - my @tmpline; - foreach (@line) - { - last if /^--\s*$/; - push @tmpline,$_; - } - @line = @tmpline; - } - - # Remove leading and trailing blank lines. - if (@line) - { - while ($line[0] =~ /^\s*$/) { shift @line; } - while ($line[$#line] =~ /^\s*$/) { pop @line; } - } - - # If there were any lines - if (@line == 0) - { - warn "$ME: warning: empty commit message:\n $date_line\n"; - } - else - { - if ($append_dot) - { - # If the first line of the message has enough room, then - if (length $line[0] < 72) - { - # append a dot if there is no other punctuation or blank - # at the end. - $line[0] =~ /[[:punct:]\s]$/ - or $line[0] .= '.'; - } - } - - # Prefix each non-empty line with a TAB. - @line = map { length $_ ? "\t$_" : '' } @line; - - print "\n", join ("\n", @line), "\n"; - } - - SKIPCOMMIT: - defined ($in = ) - or last; - $in ne "\n" - and die "$ME:$.: unexpected line:\n$in"; - } - - close PIPE - or die "$ME: error closing pipe from " . quoted_cmd (@cmd) . "\n"; - # FIXME-someday: include $PROCESS_STATUS in the diagnostic - - # Complain about any unused entry in the --amend=F specified file. - my $fail = 0; - foreach my $sha (keys %$amend_code) - { - warn "$ME:$amend_file: unused entry: $sha\n"; - $fail = 1; - } - - exit $fail; -} - -# Local Variables: -# mode: perl -# indent-tabs-mode: nil -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "my $VERSION = '" -# time-stamp-format: "%:y-%02m-%02d %02H:%02M (wk)" -# time-stamp-time-zone: "UTC" -# time-stamp-end: "'; # UTC" -# End: diff -Nru gnupg2-2.1.6/build-aux/install-sh gnupg2-2.0.28/build-aux/install-sh --- gnupg2-2.1.6/build-aux/install-sh 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/install-sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,527 +0,0 @@ -#!/bin/sh -# install - install a program, script, or datafile - -scriptversion=2011-11-20.07; # UTC - -# This originates from X11R5 (mit/util/scripts/install.sh), which was -# later released in X11R6 (xc/config/util/install.sh) with the -# following copyright and license. -# -# Copyright (C) 1994 X Consortium -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- -# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -# -# Except as contained in this notice, the name of the X Consortium shall not -# be used in advertising or otherwise to promote the sale, use or other deal- -# ings in this Software without prior written authorization from the X Consor- -# tium. -# -# -# FSF changes to this file are in the public domain. -# -# Calling this script install-sh is preferred over install.sh, to prevent -# 'make' implicit rules from creating a file called install from it -# when there is no Makefile. -# -# This script is compatible with the BSD install script, but was written -# from scratch. - -nl=' -' -IFS=" "" $nl" - -# set DOITPROG to echo to test this script - -# Don't use :- since 4.3BSD and earlier shells don't like it. -doit=${DOITPROG-} -if test -z "$doit"; then - doit_exec=exec -else - doit_exec=$doit -fi - -# Put in absolute file names if you don't have them in your path; -# or use environment vars. - -chgrpprog=${CHGRPPROG-chgrp} -chmodprog=${CHMODPROG-chmod} -chownprog=${CHOWNPROG-chown} -cmpprog=${CMPPROG-cmp} -cpprog=${CPPROG-cp} -mkdirprog=${MKDIRPROG-mkdir} -mvprog=${MVPROG-mv} -rmprog=${RMPROG-rm} -stripprog=${STRIPPROG-strip} - -posix_glob='?' -initialize_posix_glob=' - test "$posix_glob" != "?" || { - if (set -f) 2>/dev/null; then - posix_glob= - else - posix_glob=: - fi - } -' - -posix_mkdir= - -# Desired mode of installed file. -mode=0755 - -chgrpcmd= -chmodcmd=$chmodprog -chowncmd= -mvcmd=$mvprog -rmcmd="$rmprog -f" -stripcmd= - -src= -dst= -dir_arg= -dst_arg= - -copy_on_change=false -no_target_directory= - -usage="\ -Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE - or: $0 [OPTION]... SRCFILES... DIRECTORY - or: $0 [OPTION]... -t DIRECTORY SRCFILES... - or: $0 [OPTION]... -d DIRECTORIES... - -In the 1st form, copy SRCFILE to DSTFILE. -In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. -In the 4th, create DIRECTORIES. - -Options: - --help display this help and exit. - --version display version info and exit. - - -c (ignored) - -C install only if different (preserve the last data modification time) - -d create directories instead of installing files. - -g GROUP $chgrpprog installed files to GROUP. - -m MODE $chmodprog installed files to MODE. - -o USER $chownprog installed files to USER. - -s $stripprog installed files. - -t DIRECTORY install into DIRECTORY. - -T report an error if DSTFILE is a directory. - -Environment variables override the default commands: - CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG - RMPROG STRIPPROG -" - -while test $# -ne 0; do - case $1 in - -c) ;; - - -C) copy_on_change=true;; - - -d) dir_arg=true;; - - -g) chgrpcmd="$chgrpprog $2" - shift;; - - --help) echo "$usage"; exit $?;; - - -m) mode=$2 - case $mode in - *' '* | *' '* | *' -'* | *'*'* | *'?'* | *'['*) - echo "$0: invalid mode: $mode" >&2 - exit 1;; - esac - shift;; - - -o) chowncmd="$chownprog $2" - shift;; - - -s) stripcmd=$stripprog;; - - -t) dst_arg=$2 - # Protect names problematic for 'test' and other utilities. - case $dst_arg in - -* | [=\(\)!]) dst_arg=./$dst_arg;; - esac - shift;; - - -T) no_target_directory=true;; - - --version) echo "$0 $scriptversion"; exit $?;; - - --) shift - break;; - - -*) echo "$0: invalid option: $1" >&2 - exit 1;; - - *) break;; - esac - shift -done - -if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then - # When -d is used, all remaining arguments are directories to create. - # When -t is used, the destination is already specified. - # Otherwise, the last argument is the destination. Remove it from $@. - for arg - do - if test -n "$dst_arg"; then - # $@ is not empty: it contains at least $arg. - set fnord "$@" "$dst_arg" - shift # fnord - fi - shift # arg - dst_arg=$arg - # Protect names problematic for 'test' and other utilities. - case $dst_arg in - -* | [=\(\)!]) dst_arg=./$dst_arg;; - esac - done -fi - -if test $# -eq 0; then - if test -z "$dir_arg"; then - echo "$0: no input file specified." >&2 - exit 1 - fi - # It's OK to call 'install-sh -d' without argument. - # This can happen when creating conditional directories. - exit 0 -fi - -if test -z "$dir_arg"; then - do_exit='(exit $ret); exit $ret' - trap "ret=129; $do_exit" 1 - trap "ret=130; $do_exit" 2 - trap "ret=141; $do_exit" 13 - trap "ret=143; $do_exit" 15 - - # Set umask so as not to create temps with too-generous modes. - # However, 'strip' requires both read and write access to temps. - case $mode in - # Optimize common cases. - *644) cp_umask=133;; - *755) cp_umask=22;; - - *[0-7]) - if test -z "$stripcmd"; then - u_plus_rw= - else - u_plus_rw='% 200' - fi - cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; - *) - if test -z "$stripcmd"; then - u_plus_rw= - else - u_plus_rw=,u+rw - fi - cp_umask=$mode$u_plus_rw;; - esac -fi - -for src -do - # Protect names problematic for 'test' and other utilities. - case $src in - -* | [=\(\)!]) src=./$src;; - esac - - if test -n "$dir_arg"; then - dst=$src - dstdir=$dst - test -d "$dstdir" - dstdir_status=$? - else - - # Waiting for this to be detected by the "$cpprog $src $dsttmp" command - # might cause directories to be created, which would be especially bad - # if $src (and thus $dsttmp) contains '*'. - if test ! -f "$src" && test ! -d "$src"; then - echo "$0: $src does not exist." >&2 - exit 1 - fi - - if test -z "$dst_arg"; then - echo "$0: no destination specified." >&2 - exit 1 - fi - dst=$dst_arg - - # If destination is a directory, append the input filename; won't work - # if double slashes aren't ignored. - if test -d "$dst"; then - if test -n "$no_target_directory"; then - echo "$0: $dst_arg: Is a directory" >&2 - exit 1 - fi - dstdir=$dst - dst=$dstdir/`basename "$src"` - dstdir_status=0 - else - # Prefer dirname, but fall back on a substitute if dirname fails. - dstdir=` - (dirname "$dst") 2>/dev/null || - expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$dst" : 'X\(//\)[^/]' \| \ - X"$dst" : 'X\(//\)$' \| \ - X"$dst" : 'X\(/\)' \| . 2>/dev/null || - echo X"$dst" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q' - ` - - test -d "$dstdir" - dstdir_status=$? - fi - fi - - obsolete_mkdir_used=false - - if test $dstdir_status != 0; then - case $posix_mkdir in - '') - # Create intermediate dirs using mode 755 as modified by the umask. - # This is like FreeBSD 'install' as of 1997-10-28. - umask=`umask` - case $stripcmd.$umask in - # Optimize common cases. - *[2367][2367]) mkdir_umask=$umask;; - .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; - - *[0-7]) - mkdir_umask=`expr $umask + 22 \ - - $umask % 100 % 40 + $umask % 20 \ - - $umask % 10 % 4 + $umask % 2 - `;; - *) mkdir_umask=$umask,go-w;; - esac - - # With -d, create the new directory with the user-specified mode. - # Otherwise, rely on $mkdir_umask. - if test -n "$dir_arg"; then - mkdir_mode=-m$mode - else - mkdir_mode= - fi - - posix_mkdir=false - case $umask in - *[123567][0-7][0-7]) - # POSIX mkdir -p sets u+wx bits regardless of umask, which - # is incompatible with FreeBSD 'install' when (umask & 300) != 0. - ;; - *) - tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ - trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 - - if (umask $mkdir_umask && - exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 - then - if test -z "$dir_arg" || { - # Check for POSIX incompatibilities with -m. - # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writable bit of parent directory when it shouldn't. - # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. - ls_ld_tmpdir=`ls -ld "$tmpdir"` - case $ls_ld_tmpdir in - d????-?r-*) different_mode=700;; - d????-?--*) different_mode=755;; - *) false;; - esac && - $mkdirprog -m$different_mode -p -- "$tmpdir" && { - ls_ld_tmpdir_1=`ls -ld "$tmpdir"` - test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" - } - } - then posix_mkdir=: - fi - rmdir "$tmpdir/d" "$tmpdir" - else - # Remove any dirs left behind by ancient mkdir implementations. - rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null - fi - trap '' 0;; - esac;; - esac - - if - $posix_mkdir && ( - umask $mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" - ) - then : - else - - # The umask is ridiculous, or mkdir does not conform to POSIX, - # or it failed possibly due to a race condition. Create the - # directory the slow way, step by step, checking for races as we go. - - case $dstdir in - /*) prefix='/';; - [-=\(\)!]*) prefix='./';; - *) prefix='';; - esac - - eval "$initialize_posix_glob" - - oIFS=$IFS - IFS=/ - $posix_glob set -f - set fnord $dstdir - shift - $posix_glob set +f - IFS=$oIFS - - prefixes= - - for d - do - test X"$d" = X && continue - - prefix=$prefix$d - if test -d "$prefix"; then - prefixes= - else - if $posix_mkdir; then - (umask=$mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break - # Don't fail if two instances are running concurrently. - test -d "$prefix" || exit 1 - else - case $prefix in - *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; - *) qprefix=$prefix;; - esac - prefixes="$prefixes '$qprefix'" - fi - fi - prefix=$prefix/ - done - - if test -n "$prefixes"; then - # Don't fail if two instances are running concurrently. - (umask $mkdir_umask && - eval "\$doit_exec \$mkdirprog $prefixes") || - test -d "$dstdir" || exit 1 - obsolete_mkdir_used=true - fi - fi - fi - - if test -n "$dir_arg"; then - { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && - { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && - { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || - test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 - else - - # Make a couple of temp file names in the proper directory. - dsttmp=$dstdir/_inst.$$_ - rmtmp=$dstdir/_rm.$$_ - - # Trap to clean up those temp files at exit. - trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 - - # Copy the file name to the temp name. - (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && - - # and set any options; do chmod last to preserve setuid bits. - # - # If any of these fail, we abort the whole thing. If we want to - # ignore errors from any of these, just make sure not to ignore - # errors from the above "$doit $cpprog $src $dsttmp" command. - # - { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && - { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && - { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && - { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && - - # If -C, don't bother to copy if it wouldn't change the file. - if $copy_on_change && - old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && - new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && - - eval "$initialize_posix_glob" && - $posix_glob set -f && - set X $old && old=:$2:$4:$5:$6 && - set X $new && new=:$2:$4:$5:$6 && - $posix_glob set +f && - - test "$old" = "$new" && - $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 - then - rm -f "$dsttmp" - else - # Rename the file to the real destination. - $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || - - # The rename failed, perhaps because mv can't rename something else - # to itself, or perhaps because mv is so ancient that it does not - # support -f. - { - # Now remove or move aside any old file at destination location. - # We try this two ways since rm can't unlink itself on some - # systems and the destination file might be busy for other - # reasons. In this case, the final cleanup might fail but the new - # file should still install successfully. - { - test ! -f "$dst" || - $doit $rmcmd -f "$dst" 2>/dev/null || - { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && - { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } - } || - { echo "$0: cannot unlink or rename $dst" >&2 - (exit 1); exit 1 - } - } && - - # Now rename the file to the real destination. - $doit $mvcmd "$dsttmp" "$dst" - } - fi || exit 1 - - trap '' 0 - fi -done - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "scriptversion=" -# time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" -# time-stamp-end: "; # UTC" -# End: diff -Nru gnupg2-2.1.6/build-aux/mdate-sh gnupg2-2.0.28/build-aux/mdate-sh --- gnupg2-2.1.6/build-aux/mdate-sh 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/mdate-sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,224 +0,0 @@ -#!/bin/sh -# Get modification time of a file or directory and pretty-print it. - -scriptversion=2010-08-21.06; # UTC - -# Copyright (C) 1995-2013 Free Software Foundation, Inc. -# written by Ulrich Drepper , June 1995 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# This file is maintained in Automake, please report -# bugs to or send patches to -# . - -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -fi - -case $1 in - '') - echo "$0: No file. Try '$0 --help' for more information." 1>&2 - exit 1; - ;; - -h | --h*) - cat <<\EOF -Usage: mdate-sh [--help] [--version] FILE - -Pretty-print the modification day of FILE, in the format: -1 January 1970 - -Report bugs to . -EOF - exit $? - ;; - -v | --v*) - echo "mdate-sh $scriptversion" - exit $? - ;; -esac - -error () -{ - echo "$0: $1" >&2 - exit 1 -} - - -# Prevent date giving response in another language. -LANG=C -export LANG -LC_ALL=C -export LC_ALL -LC_TIME=C -export LC_TIME - -# GNU ls changes its time format in response to the TIME_STYLE -# variable. Since we cannot assume 'unset' works, revert this -# variable to its documented default. -if test "${TIME_STYLE+set}" = set; then - TIME_STYLE=posix-long-iso - export TIME_STYLE -fi - -save_arg1=$1 - -# Find out how to get the extended ls output of a file or directory. -if ls -L /dev/null 1>/dev/null 2>&1; then - ls_command='ls -L -l -d' -else - ls_command='ls -l -d' -fi -# Avoid user/group names that might have spaces, when possible. -if ls -n /dev/null 1>/dev/null 2>&1; then - ls_command="$ls_command -n" -fi - -# A 'ls -l' line looks as follows on OS/2. -# drwxrwx--- 0 Aug 11 2001 foo -# This differs from Unix, which adds ownership information. -# drwxrwx--- 2 root root 4096 Aug 11 2001 foo -# -# To find the date, we split the line on spaces and iterate on words -# until we find a month. This cannot work with files whose owner is a -# user named "Jan", or "Feb", etc. However, it's unlikely that '/' -# will be owned by a user whose name is a month. So we first look at -# the extended ls output of the root directory to decide how many -# words should be skipped to get the date. - -# On HPUX /bin/sh, "set" interprets "-rw-r--r--" as options, so the "x" below. -set x`$ls_command /` - -# Find which argument is the month. -month= -command= -until test $month -do - test $# -gt 0 || error "failed parsing '$ls_command /' output" - shift - # Add another shift to the command. - command="$command shift;" - case $1 in - Jan) month=January; nummonth=1;; - Feb) month=February; nummonth=2;; - Mar) month=March; nummonth=3;; - Apr) month=April; nummonth=4;; - May) month=May; nummonth=5;; - Jun) month=June; nummonth=6;; - Jul) month=July; nummonth=7;; - Aug) month=August; nummonth=8;; - Sep) month=September; nummonth=9;; - Oct) month=October; nummonth=10;; - Nov) month=November; nummonth=11;; - Dec) month=December; nummonth=12;; - esac -done - -test -n "$month" || error "failed parsing '$ls_command /' output" - -# Get the extended ls output of the file or directory. -set dummy x`eval "$ls_command \"\\\$save_arg1\""` - -# Remove all preceding arguments -eval $command - -# Because of the dummy argument above, month is in $2. -# -# On a POSIX system, we should have -# -# $# = 5 -# $1 = file size -# $2 = month -# $3 = day -# $4 = year or time -# $5 = filename -# -# On Darwin 7.7.0 and 7.6.0, we have -# -# $# = 4 -# $1 = day -# $2 = month -# $3 = year or time -# $4 = filename - -# Get the month. -case $2 in - Jan) month=January; nummonth=1;; - Feb) month=February; nummonth=2;; - Mar) month=March; nummonth=3;; - Apr) month=April; nummonth=4;; - May) month=May; nummonth=5;; - Jun) month=June; nummonth=6;; - Jul) month=July; nummonth=7;; - Aug) month=August; nummonth=8;; - Sep) month=September; nummonth=9;; - Oct) month=October; nummonth=10;; - Nov) month=November; nummonth=11;; - Dec) month=December; nummonth=12;; -esac - -case $3 in - ???*) day=$1;; - *) day=$3; shift;; -esac - -# Here we have to deal with the problem that the ls output gives either -# the time of day or the year. -case $3 in - *:*) set `date`; eval year=\$$# - case $2 in - Jan) nummonthtod=1;; - Feb) nummonthtod=2;; - Mar) nummonthtod=3;; - Apr) nummonthtod=4;; - May) nummonthtod=5;; - Jun) nummonthtod=6;; - Jul) nummonthtod=7;; - Aug) nummonthtod=8;; - Sep) nummonthtod=9;; - Oct) nummonthtod=10;; - Nov) nummonthtod=11;; - Dec) nummonthtod=12;; - esac - # For the first six month of the year the time notation can also - # be used for files modified in the last year. - if (expr $nummonth \> $nummonthtod) > /dev/null; - then - year=`expr $year - 1` - fi;; - *) year=$3;; -esac - -# The result. -echo $day $month $year - -# Local Variables: -# mode: shell-script -# sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "scriptversion=" -# time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" -# time-stamp-end: "; # UTC" -# End: diff -Nru gnupg2-2.1.6/build-aux/missing gnupg2-2.0.28/build-aux/missing --- gnupg2-2.1.6/build-aux/missing 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/missing 1970-01-01 00:00:00.000000000 +0000 @@ -1,215 +0,0 @@ -#! /bin/sh -# Common wrapper for a few potentially missing GNU programs. - -scriptversion=2013-10-28.13; # UTC - -# Copyright (C) 1996-2013 Free Software Foundation, Inc. -# Originally written by Fran,cois Pinard , 1996. - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -if test $# -eq 0; then - echo 1>&2 "Try '$0 --help' for more information" - exit 1 -fi - -case $1 in - - --is-lightweight) - # Used by our autoconf macros to check whether the available missing - # script is modern enough. - exit 0 - ;; - - --run) - # Back-compat with the calling convention used by older automake. - shift - ;; - - -h|--h|--he|--hel|--help) - echo "\ -$0 [OPTION]... PROGRAM [ARGUMENT]... - -Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due -to PROGRAM being missing or too old. - -Options: - -h, --help display this help and exit - -v, --version output version information and exit - -Supported PROGRAM values: - aclocal autoconf autoheader autom4te automake makeinfo - bison yacc flex lex help2man - -Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and -'g' are ignored when checking the name. - -Send bug reports to ." - exit $? - ;; - - -v|--v|--ve|--ver|--vers|--versi|--versio|--version) - echo "missing $scriptversion (GNU Automake)" - exit $? - ;; - - -*) - echo 1>&2 "$0: unknown '$1' option" - echo 1>&2 "Try '$0 --help' for more information" - exit 1 - ;; - -esac - -# Run the given program, remember its exit status. -"$@"; st=$? - -# If it succeeded, we are done. -test $st -eq 0 && exit 0 - -# Also exit now if we it failed (or wasn't found), and '--version' was -# passed; such an option is passed most likely to detect whether the -# program is present and works. -case $2 in --version|--help) exit $st;; esac - -# Exit code 63 means version mismatch. This often happens when the user -# tries to use an ancient version of a tool on a file that requires a -# minimum version. -if test $st -eq 63; then - msg="probably too old" -elif test $st -eq 127; then - # Program was missing. - msg="missing on your system" -else - # Program was found and executed, but failed. Give up. - exit $st -fi - -perl_URL=http://www.perl.org/ -flex_URL=http://flex.sourceforge.net/ -gnu_software_URL=http://www.gnu.org/software - -program_details () -{ - case $1 in - aclocal|automake) - echo "The '$1' program is part of the GNU Automake package:" - echo "<$gnu_software_URL/automake>" - echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" - echo "<$gnu_software_URL/autoconf>" - echo "<$gnu_software_URL/m4/>" - echo "<$perl_URL>" - ;; - autoconf|autom4te|autoheader) - echo "The '$1' program is part of the GNU Autoconf package:" - echo "<$gnu_software_URL/autoconf/>" - echo "It also requires GNU m4 and Perl in order to run:" - echo "<$gnu_software_URL/m4/>" - echo "<$perl_URL>" - ;; - esac -} - -give_advice () -{ - # Normalize program name to check for. - normalized_program=`echo "$1" | sed ' - s/^gnu-//; t - s/^gnu//; t - s/^g//; t'` - - printf '%s\n' "'$1' is $msg." - - configure_deps="'configure.ac' or m4 files included by 'configure.ac'" - case $normalized_program in - autoconf*) - echo "You should only need it if you modified 'configure.ac'," - echo "or m4 files included by it." - program_details 'autoconf' - ;; - autoheader*) - echo "You should only need it if you modified 'acconfig.h' or" - echo "$configure_deps." - program_details 'autoheader' - ;; - automake*) - echo "You should only need it if you modified 'Makefile.am' or" - echo "$configure_deps." - program_details 'automake' - ;; - aclocal*) - echo "You should only need it if you modified 'acinclude.m4' or" - echo "$configure_deps." - program_details 'aclocal' - ;; - autom4te*) - echo "You might have modified some maintainer files that require" - echo "the 'autom4te' program to be rebuilt." - program_details 'autom4te' - ;; - bison*|yacc*) - echo "You should only need it if you modified a '.y' file." - echo "You may want to install the GNU Bison package:" - echo "<$gnu_software_URL/bison/>" - ;; - lex*|flex*) - echo "You should only need it if you modified a '.l' file." - echo "You may want to install the Fast Lexical Analyzer package:" - echo "<$flex_URL>" - ;; - help2man*) - echo "You should only need it if you modified a dependency" \ - "of a man page." - echo "You may want to install the GNU Help2man package:" - echo "<$gnu_software_URL/help2man/>" - ;; - makeinfo*) - echo "You should only need it if you modified a '.texi' file, or" - echo "any other file indirectly affecting the aspect of the manual." - echo "You might want to install the Texinfo package:" - echo "<$gnu_software_URL/texinfo/>" - echo "The spurious makeinfo call might also be the consequence of" - echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" - echo "want to install GNU make:" - echo "<$gnu_software_URL/make/>" - ;; - *) - echo "You might have modified some files without having the proper" - echo "tools for further handling them. Check the 'README' file, it" - echo "often tells you about the needed prerequisites for installing" - echo "this package. You may also peek at any GNU archive site, in" - echo "case some other package contains this missing '$1' program." - ;; - esac -} - -give_advice "$1" | sed -e '1s/^/WARNING: /' \ - -e '2,$s/^/ /' >&2 - -# Propagate the correct exit status (expected to be 127 for a program -# not found, 63 for a program that failed due to version mismatch). -exit $st - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "scriptversion=" -# time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" -# time-stamp-end: "; # UTC" -# End: diff -Nru gnupg2-2.1.6/build-aux/mkinstalldirs gnupg2-2.0.28/build-aux/mkinstalldirs --- gnupg2-2.1.6/build-aux/mkinstalldirs 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/mkinstalldirs 1970-01-01 00:00:00.000000000 +0000 @@ -1,161 +0,0 @@ -#! /bin/sh -# mkinstalldirs --- make directory hierarchy - -scriptversion=2006-05-11.19 - -# Original author: Noah Friedman -# Created: 1993-05-16 -# Public domain. -# -# This file is maintained in Automake, please report -# bugs to or send patches to -# . - -nl=' -' -IFS=" "" $nl" -errstatus=0 -dirmode= - -usage="\ -Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ... - -Create each directory DIR (with mode MODE, if specified), including all -leading file name components. - -Report bugs to ." - -# process command line arguments -while test $# -gt 0 ; do - case $1 in - -h | --help | --h*) # -h for help - echo "$usage" - exit $? - ;; - -m) # -m PERM arg - shift - test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } - dirmode=$1 - shift - ;; - --version) - echo "$0 $scriptversion" - exit $? - ;; - --) # stop option processing - shift - break - ;; - -*) # unknown option - echo "$usage" 1>&2 - exit 1 - ;; - *) # first non-opt arg - break - ;; - esac -done - -for file -do - if test -d "$file"; then - shift - else - break - fi -done - -case $# in - 0) exit 0 ;; -esac - -# Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and -# mkdir -p a/c at the same time, both will detect that a is missing, -# one will create a, then the other will try to create a and die with -# a "File exists" error. This is a problem when calling mkinstalldirs -# from a parallel make. We use --version in the probe to restrict -# ourselves to GNU mkdir, which is thread-safe. -case $dirmode in - '') - if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then - echo "mkdir -p -- $*" - exec mkdir -p -- "$@" - else - # On NextStep and OpenStep, the `mkdir' command does not - # recognize any option. It will interpret all options as - # directories to create, and then abort because `.' already - # exists. - test -d ./-p && rmdir ./-p - test -d ./--version && rmdir ./--version - fi - ;; - *) - if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 && - test ! -d ./--version; then - echo "mkdir -m $dirmode -p -- $*" - exec mkdir -m "$dirmode" -p -- "$@" - else - # Clean up after NextStep and OpenStep mkdir. - for d in ./-m ./-p ./--version "./$dirmode"; - do - test -d $d && rmdir $d - done - fi - ;; -esac - -for file -do - case $file in - /*) pathcomp=/ ;; - *) pathcomp= ;; - esac - oIFS=$IFS - IFS=/ - set fnord $file - shift - IFS=$oIFS - - for d - do - test "x$d" = x && continue - - pathcomp=$pathcomp$d - case $pathcomp in - -*) pathcomp=./$pathcomp ;; - esac - - if test ! -d "$pathcomp"; then - echo "mkdir $pathcomp" - - mkdir "$pathcomp" || lasterr=$? - - if test ! -d "$pathcomp"; then - errstatus=$lasterr - else - if test ! -z "$dirmode"; then - echo "chmod $dirmode $pathcomp" - lasterr= - chmod "$dirmode" "$pathcomp" || lasterr=$? - - if test ! -z "$lasterr"; then - errstatus=$lasterr - fi - fi - fi - fi - - pathcomp=$pathcomp/ - done -done - -exit $errstatus - -# Local Variables: -# mode: shell-script -# sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "scriptversion=" -# time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" -# End: diff -Nru gnupg2-2.1.6/build-aux/potomo gnupg2-2.0.28/build-aux/potomo --- gnupg2-2.1.6/build-aux/potomo 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/potomo 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -#!/bin/sh -# potomo - Convert a .po file to an utf-8 encoded .mo file. -# Copyright 2008 g10 Code GmbH -# Copyright 2010 Free Software Foundation, Inc. -# -# This file is free software; as a special exception the author gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. -# -# This file is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the -# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -# This script is used to create the mo files for applications using -# the simple gettext implementation provided by libgpg-error. That -# gettext can only cope with utf-8 encoded mo files; thus we make this -# sure while creating the mo. A conversion is not done if the source -# file does not exist or if it is not newer than the mo file. - -if [ "$1" = "--get-linguas" -a $# -eq 2 ]; then - if [ ! -f "$2/LINGUAS" ]; then - echo "potomo: directory '$2' has no LINGUAS file" >&2 - exit 1 - fi - echo $(sed -e "/^#/d" -e "s/#.*//" "$2"/LINGUAS) - exit 0 -fi - -if [ $# -ne 2 ]; then - echo "usage: potomo INFILE.PO OUTFILE.MO" >&2 - echo " potomo --get-linguas DIR" >&2 - exit 1 -fi -infile="$1" -outfile="$2" - -if [ ! -f "$infile" ]; then - echo "potomo: '$infile' not found - ignored" 2>&1 - exit 0 -fi - -if [ "$outfile" -nt "$infile" ]; then - echo "potomo: '$outfile' is newer than source - keeping" 2>&1 - exit 0 -fi - -# Note that we could use the newer msgconv. However this tool was not -# widely available back in 2008. - -fromset=`sed -n '/^"Content-Type:/ s/.*charset=\([a-zA-Z0-9_-]*\).*/\1/p' \ - "$infile"` - -case "$fromset" in - utf8|utf-8|UTF8|UTF-8) - echo "potomo: '$infile' keeping $fromset" >&2 - msgfmt --output-file="$outfile" "$infile" - ;; - *) - echo "potomo: '$infile' converting from $fromset to utf-8" >&2 - iconv --silent --from-code=$fromset --to-code=utf-8 < "$infile" |\ - sed "/^\"Content-Type:/ s/charset=[a-zA-Z0-9_-]*/charset=utf-8/"|\ - msgfmt --output-file="$outfile" - - ;; -esac diff -Nru gnupg2-2.1.6/build-aux/speedo/patches/atk-1.32.0.patch gnupg2-2.0.28/build-aux/speedo/patches/atk-1.32.0.patch --- gnupg2-2.1.6/build-aux/speedo/patches/atk-1.32.0.patch 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/patches/atk-1.32.0.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,671 +0,0 @@ -#! /bin/sh -patch -p1 -l -f $* < $0 -exit $? - - -diff -urpb orig/atk-1.32.0/atk/atkaction.c atk/atk/atkaction.c ---- orig/atk-1.32.0/atk/atkaction.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkaction.c 2014-02-17 12:30:53.263192763 +0100 -@@ -101,7 +101,7 @@ atk_action_get_n_actions (AtkAction *ob - * Returns a description string, or %NULL - * if @action does not implement this interface. - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_action_get_description (AtkAction *obj, - gint i) - { -@@ -140,7 +140,7 @@ atk_action_get_description (AtkAction *o - * Returns a name string, or %NULL - * if @action does not implement this interface. - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_action_get_name (AtkAction *obj, - gint i) - { -@@ -166,7 +166,7 @@ atk_action_get_name (AtkAction *obj, - * Returns a name string, or %NULL - * if @action does not implement this interface. - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_action_get_localized_name (AtkAction *obj, - gint i) - { -@@ -203,7 +203,7 @@ atk_action_get_localized_name (AtkAction - * if there is no keybinding for this action. - * - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_action_get_keybinding (AtkAction *obj, - gint i) - { -Only in atk/atk: atkaction.c~ -diff -urpb orig/atk-1.32.0/atk/atkaction.h atk/atk/atkaction.h ---- orig/atk-1.32.0/atk/atkaction.h 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkaction.h 2014-02-17 12:30:58.907192071 +0100 -@@ -55,16 +55,16 @@ struct _AtkActionIface - gboolean (*do_action) (AtkAction *action, - gint i); - gint (*get_n_actions) (AtkAction *action); -- G_CONST_RETURN gchar* (*get_description) (AtkAction *action, -+ const gchar* (*get_description) (AtkAction *action, - gint i); -- G_CONST_RETURN gchar* (*get_name) (AtkAction *action, -+ const gchar* (*get_name) (AtkAction *action, - gint i); -- G_CONST_RETURN gchar* (*get_keybinding) (AtkAction *action, -+ const gchar* (*get_keybinding) (AtkAction *action, - gint i); - gboolean (*set_description) (AtkAction *action, - gint i, - const gchar *desc); -- G_CONST_RETURN gchar* (*get_localized_name)(AtkAction *action, -+ const gchar* (*get_localized_name)(AtkAction *action, - gint i); - AtkFunction pad2; - }; -@@ -85,11 +85,11 @@ GType atk_action_get_type (void); - gboolean atk_action_do_action (AtkAction *action, - gint i); - gint atk_action_get_n_actions (AtkAction *action); --G_CONST_RETURN gchar* atk_action_get_description (AtkAction *action, -+const gchar* atk_action_get_description (AtkAction *action, - gint i); --G_CONST_RETURN gchar* atk_action_get_name (AtkAction *action, -+const gchar* atk_action_get_name (AtkAction *action, - gint i); --G_CONST_RETURN gchar* atk_action_get_keybinding (AtkAction *action, -+const gchar* atk_action_get_keybinding (AtkAction *action, - gint i); - gboolean atk_action_set_description (AtkAction *action, - gint i, -@@ -97,7 +97,7 @@ gboolean atk_action_set_des - - /* NEW in ATK 1.1: */ - --G_CONST_RETURN gchar* atk_action_get_localized_name (AtkAction *action, -+const gchar* atk_action_get_localized_name (AtkAction *action, - gint i); - - /* -Only in atk/atk: atkaction.h~ -diff -urpb orig/atk-1.32.0/atk/atkdocument.c atk/atk/atkdocument.c ---- orig/atk-1.32.0/atk/atkdocument.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkdocument.c 2014-02-17 12:30:58.535192391 +0100 -@@ -93,7 +93,7 @@ atk_document_base_init (AtkDocumentIface - * - * Returns: a string indicating the document type - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_document_get_document_type (AtkDocument *document) - { - AtkDocumentIface *iface; -@@ -155,7 +155,7 @@ atk_document_get_document (AtkDocument * - * locale of the document content as a whole, or NULL if - * the document content does not specify a locale. - **/ --G_CONST_RETURN gchar * -+const gchar * - atk_document_get_locale (AtkDocument *document) - { - AtkDocumentIface *iface; -@@ -219,7 +219,7 @@ atk_document_get_attributes (AtkDocument - * document, or NULL if a value for #attribute_name has not been specified - * for this document. - */ --G_CONST_RETURN gchar * -+const gchar * - atk_document_get_attribute_value (AtkDocument *document, - const gchar *attribute_name) - { -Only in atk/atk: atkdocument.c~ -diff -urpb orig/atk-1.32.0/atk/atkdocument.h atk/atk/atkdocument.h ---- orig/atk-1.32.0/atk/atkdocument.h 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkdocument.h 2014-02-17 12:31:31.691190631 +0100 -@@ -49,12 +49,12 @@ typedef struct _AtkDocumentIface AtkDocu - struct _AtkDocumentIface - { - GTypeInterface parent; -- G_CONST_RETURN gchar* ( *get_document_type) (AtkDocument *document); -+ const gchar* ( *get_document_type) (AtkDocument *document); - gpointer ( *get_document) (AtkDocument *document); - -- G_CONST_RETURN gchar* ( *get_document_locale) (AtkDocument *document); -+ const gchar* ( *get_document_locale) (AtkDocument *document); - AtkAttributeSet * ( *get_document_attributes) (AtkDocument *document); -- G_CONST_RETURN gchar* ( *get_document_attribute_value) (AtkDocument *document, -+ const gchar* ( *get_document_attribute_value) (AtkDocument *document, - const gchar *attribute_name); - gboolean ( *set_document_attribute) (AtkDocument *document, - const gchar *attribute_name, -@@ -68,11 +68,11 @@ struct _AtkDocumentIface - - GType atk_document_get_type (void); - --G_CONST_RETURN gchar* atk_document_get_document_type (AtkDocument *document); -+const gchar* atk_document_get_document_type (AtkDocument *document); - gpointer atk_document_get_document (AtkDocument *document); --G_CONST_RETURN gchar* atk_document_get_locale (AtkDocument *document); -+const gchar* atk_document_get_locale (AtkDocument *document); - AtkAttributeSet* atk_document_get_attributes (AtkDocument *document); --G_CONST_RETURN gchar* atk_document_get_attribute_value (AtkDocument *document, -+const gchar* atk_document_get_attribute_value (AtkDocument *document, - const gchar *attribute_name); - gboolean atk_document_set_attribute_value (AtkDocument *document, - const gchar *attribute_name, -Only in atk/atk: atkdocument.h~ -diff -urpb orig/atk-1.32.0/atk/atkimage.c atk/atk/atkimage.c ---- orig/atk-1.32.0/atk/atkimage.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkimage.c 2014-02-17 12:30:58.119192299 +0100 -@@ -46,7 +46,7 @@ atk_image_get_type (void) - * - * Returns: a string representing the image description - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_image_get_image_description (AtkImage *image) - { - AtkImageIface *iface; -@@ -192,7 +192,7 @@ atk_image_get_image_position (AtkImage * - * Returns a string corresponding to the POSIX LC_MESSAGES locale used by the image description, or NULL if the image does not specify a locale. - * - */ --G_CONST_RETURN gchar* -+const gchar* - atk_image_get_image_locale (AtkImage *image) - { - -Only in atk/atk: atkimage.c~ -diff -urpb orig/atk-1.32.0/atk/atkimage.h atk/atk/atkimage.h ---- orig/atk-1.32.0/atk/atkimage.h 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkimage.h 2014-02-17 12:28:31.599200223 +0100 -@@ -53,13 +53,13 @@ struct _AtkImageIface - gint *x, - gint *y, - AtkCoordType coord_type); -- G_CONST_RETURN gchar* ( *get_image_description) (AtkImage *image); -+ const gchar* ( *get_image_description) (AtkImage *image); - void ( *get_image_size) (AtkImage *image, - gint *width, - gint *height); - gboolean ( *set_image_description) (AtkImage *image, - const gchar *description); -- G_CONST_RETURN gchar* ( *get_image_locale) (AtkImage *image); -+ const gchar* ( *get_image_locale) (AtkImage *image); - - AtkFunction pad1; - -@@ -67,7 +67,7 @@ struct _AtkImageIface - - GType atk_image_get_type (void); - --G_CONST_RETURN gchar* atk_image_get_image_description (AtkImage *image); -+const gchar* atk_image_get_image_description (AtkImage *image); - - void atk_image_get_image_size (AtkImage *image, - gint *width, -@@ -80,7 +80,7 @@ void atk_image_get_image_position - gint *y, - AtkCoordType coord_type); - --G_CONST_RETURN gchar* atk_image_get_image_locale (AtkImage *image); -+const gchar* atk_image_get_image_locale (AtkImage *image); - - G_END_DECLS - -Only in atk/atk: atkimage.h~ -diff -urpb orig/atk-1.32.0/atk/atkobject.c atk/atk/atkobject.c ---- orig/atk-1.32.0/atk/atkobject.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkobject.c 2014-02-17 12:28:39.467199803 +0100 -@@ -285,9 +285,9 @@ static void atk_object_real_g - GValue *value, - GParamSpec *pspec); - static void atk_object_finalize (GObject *object); --static G_CONST_RETURN gchar* -+static const gchar* - atk_object_real_get_name (AtkObject *object); --static G_CONST_RETURN gchar* -+static const gchar* - atk_object_real_get_description - (AtkObject *object); - static AtkObject* atk_object_real_get_parent (AtkObject *object); -@@ -692,7 +692,7 @@ atk_implementor_get_type (void) - * - * Returns: a character string representing the accessible name of the object. - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_object_get_name (AtkObject *accessible) - { - AtkObjectClass *klass; -@@ -716,7 +716,7 @@ atk_object_get_name (AtkObject *accessib - * of the accessible. - * - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_object_get_description (AtkObject *accessible) - { - AtkObjectClass *klass; -@@ -1123,7 +1123,7 @@ atk_object_notify_state_change (AtkObjec - AtkState state, - gboolean value) - { -- G_CONST_RETURN gchar* name; -+ const gchar* name; - - g_return_if_fail (ATK_IS_OBJECT (accessible)); - -@@ -1319,13 +1319,13 @@ atk_object_finalize (GObject *object) - G_OBJECT_CLASS (parent_class)->finalize (object); - } - --static G_CONST_RETURN gchar* -+static const gchar* - atk_object_real_get_name (AtkObject *object) - { - return object->name; - } - --static G_CONST_RETURN gchar* -+static const gchar* - atk_object_real_get_description (AtkObject *object) - { - return object->description; -@@ -1487,7 +1487,7 @@ atk_object_notify (GObject *obj, - * - * Returns: the string describing the AtkRole - */ --G_CONST_RETURN gchar* -+const gchar* - atk_role_get_name (AtkRole role) - { - if (role >= 0 && role < ATK_ROLE_LAST_DEFINED) -@@ -1514,7 +1514,7 @@ atk_role_get_name (AtkRole role) - * - * Returns: the localized string describing the AtkRole - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_role_get_localized_name (AtkRole role) - { - gettext_initialization (); -Only in atk/atk: atkobject.c~ -diff -urpb orig/atk-1.32.0/atk/atkobject.h atk/atk/atkobject.h ---- orig/atk-1.32.0/atk/atkobject.h 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkobject.h 2014-02-17 12:28:48.851199302 +0100 -@@ -381,11 +381,11 @@ struct _AtkObjectClass - /* - * Gets the accessible name of the object - */ -- G_CONST_RETURN gchar* (* get_name) (AtkObject *accessible); -+ const gchar* (* get_name) (AtkObject *accessible); - /* - * Gets the accessible description of the object - */ -- G_CONST_RETURN gchar* (* get_description) (AtkObject *accessible); -+ const gchar* (* get_description) (AtkObject *accessible); - /* - * Gets the accessible parent of the object - */ -@@ -535,8 +535,8 @@ AtkObject* atk_implementor_ - * Properties directly supported by AtkObject - */ - --G_CONST_RETURN gchar* atk_object_get_name (AtkObject *accessible); --G_CONST_RETURN gchar* atk_object_get_description (AtkObject *accessible); -+const gchar* atk_object_get_name (AtkObject *accessible); -+const gchar* atk_object_get_description (AtkObject *accessible); - AtkObject* atk_object_get_parent (AtkObject *accessible); - gint atk_object_get_n_accessible_children (AtkObject *accessible); - AtkObject* atk_object_ref_accessible_child (AtkObject *accessible, -@@ -571,7 +571,7 @@ void atk_object_notify_s - void atk_object_initialize (AtkObject *accessible, - gpointer data); - --G_CONST_RETURN gchar* atk_role_get_name (AtkRole role); -+const gchar* atk_role_get_name (AtkRole role); - AtkRole atk_role_for_name (const gchar *name); - - -@@ -582,7 +582,7 @@ gboolean atk_object_add_rel - gboolean atk_object_remove_relationship (AtkObject *object, - AtkRelationType relationship, - AtkObject *target); --G_CONST_RETURN gchar* atk_role_get_localized_name (AtkRole role); -+const gchar* atk_role_get_localized_name (AtkRole role); - - /* */ - -Only in atk/atk: atkobject.h~ -diff -urpb orig/atk-1.32.0/atk/atkrelation.c atk/atk/atkrelation.c ---- orig/atk-1.32.0/atk/atkrelation.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkrelation.c 2014-02-17 12:29:04.307198532 +0100 -@@ -130,7 +130,7 @@ atk_relation_type_register (const gchar - * - * Returns: the string describing the AtkRelationType - */ --G_CONST_RETURN gchar* -+const gchar* - atk_relation_type_get_name (AtkRelationType type) - { - GTypeClass *type_class; -Only in atk/atk: atkrelation.c~ -diff -urpb orig/atk-1.32.0/atk/atkrelation.h atk/atk/atkrelation.h ---- orig/atk-1.32.0/atk/atkrelation.h 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkrelation.h 2014-02-17 12:29:12.167198142 +0100 -@@ -61,7 +61,7 @@ struct _AtkRelationClass - GType atk_relation_get_type (void); - - AtkRelationType atk_relation_type_register (const gchar *name); --G_CONST_RETURN gchar* atk_relation_type_get_name (AtkRelationType type); -+const gchar* atk_relation_type_get_name (AtkRelationType type); - AtkRelationType atk_relation_type_for_name (const gchar *name); - - /* -Only in atk/atk: atkrelation.h~ -diff -urpb orig/atk-1.32.0/atk/atkstate.c atk/atk/atkstate.c ---- orig/atk-1.32.0/atk/atkstate.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkstate.c 2014-02-17 12:29:19.023197754 +0100 -@@ -57,7 +57,7 @@ atk_state_type_register (const gchar *na - * - * Returns: the string describing the AtkStateType - */ --G_CONST_RETURN gchar* -+const gchar* - atk_state_type_get_name (AtkStateType type) - { - GTypeClass *type_class; -Only in atk/atk: atkstate.c~ -diff -urpb orig/atk-1.32.0/atk/atkstate.h atk/atk/atkstate.h ---- orig/atk-1.32.0/atk/atkstate.h 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkstate.h 2014-02-17 12:26:44.459205944 +0100 -@@ -170,7 +170,7 @@ typedef guint64 AtkState; - - AtkStateType atk_state_type_register (const gchar *name); - --G_CONST_RETURN gchar* atk_state_type_get_name (AtkStateType type); -+const gchar* atk_state_type_get_name (AtkStateType type); - AtkStateType atk_state_type_for_name (const gchar *name); - - G_END_DECLS -Only in atk/atk: atkstate.h~ -diff -urpb orig/atk-1.32.0/atk/atkstreamablecontent.c atk/atk/atkstreamablecontent.c ---- orig/atk-1.32.0/atk/atkstreamablecontent.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkstreamablecontent.c 2014-02-17 12:30:57.659192412 +0100 -@@ -73,7 +73,7 @@ atk_streamable_content_get_n_mime_types - * Returns : a gchar* representing the specified mime type; the caller - * should not free the character string. - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_streamable_content_get_mime_type (AtkStreamableContent *streamable, - gint i) - { -Only in atk/atk: atkstreamablecontent.c~ -diff -urpb orig/atk-1.32.0/atk/atkstreamablecontent.h atk/atk/atkstreamablecontent.h ---- orig/atk-1.32.0/atk/atkstreamablecontent.h 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkstreamablecontent.h 2014-02-17 12:29:49.487196042 +0100 -@@ -54,11 +54,11 @@ struct _AtkStreamableContentIface - * at index 0 should be considered the "default" data type for the stream. - * - * This assumes that the strings for the mime types are stored in the -- * AtkStreamableContent. Alternatively the G_CONST_RETURN could be removed -+ * AtkStreamableContent. Alternatively the const could be removed - * and the caller would be responsible for calling g_free() on the - * returned value. - */ -- G_CONST_RETURN gchar* (* get_mime_type) (AtkStreamableContent *streamable, -+ const gchar* (* get_mime_type) (AtkStreamableContent *streamable, - gint i); - /* - * One possible implementation for this method is that it constructs the -@@ -80,7 +80,7 @@ struct _AtkStreamableContentIface - * constructed. Note that it is possible for get_uri to return NULL but for - * get_stream to work nonetheless, since not all GIOChannels connect to URIs. - */ -- G_CONST_RETURN gchar* (* get_uri) (AtkStreamableContent *streamable, -+ const gchar* (* get_uri) (AtkStreamableContent *streamable, - const gchar *mime_type); - - -@@ -92,7 +92,7 @@ GType atk_streamable_co - - gint atk_streamable_content_get_n_mime_types (AtkStreamableContent *streamable); - --G_CONST_RETURN gchar* atk_streamable_content_get_mime_type (AtkStreamableContent *streamable, -+const gchar* atk_streamable_content_get_mime_type (AtkStreamableContent *streamable, - gint i); - GIOChannel* atk_streamable_content_get_stream (AtkStreamableContent *streamable, - const gchar *mime_type); -Only in atk/atk: atkstreamablecontent.h~ -diff -urpb orig/atk-1.32.0/atk/atktable.c atk/atk/atktable.c ---- orig/atk-1.32.0/atk/atktable.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atktable.c 2014-02-17 12:30:57.319192444 +0100 -@@ -300,7 +300,7 @@ atk_table_get_n_columns (AtkTable *table - * Returns: a gchar* representing the column description, or %NULL - * if value does not implement this interface. - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_table_get_column_description (AtkTable *table, - gint column) - { -@@ -404,7 +404,7 @@ atk_table_get_n_rows (AtkTable *table) - * Returns: a gchar* representing the row description, or %NULL - * if value does not implement this interface. - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_table_get_row_description (AtkTable *table, - gint row) - { -Only in atk/atk: atktable.c~ -diff -urpb orig/atk-1.32.0/atk/atktable.h atk/atk/atktable.h ---- orig/atk-1.32.0/atk/atktable.h 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atktable.h 2014-02-17 12:30:08.035195073 +0100 -@@ -69,12 +69,12 @@ struct _AtkTableIface - gint column); - AtkObject* - (* get_caption) (AtkTable *table); -- G_CONST_RETURN gchar* -+ const gchar* - (* get_column_description) (AtkTable *table, - gint column); - AtkObject* (* get_column_header) (AtkTable *table, - gint column); -- G_CONST_RETURN gchar* -+ const gchar* - (* get_row_description) (AtkTable *table, - gint row); - AtkObject* (* get_row_header) (AtkTable *table, -@@ -163,12 +163,12 @@ gint atk_table_get_row_exte - gint column); - AtkObject* - atk_table_get_caption (AtkTable *table); --G_CONST_RETURN gchar* -+const gchar* - atk_table_get_column_description (AtkTable *table, - gint column); - AtkObject* atk_table_get_column_header (AtkTable *table, - gint column); --G_CONST_RETURN gchar* -+const gchar* - atk_table_get_row_description (AtkTable *table, - gint row); - AtkObject* atk_table_get_row_header (AtkTable *table, -Only in atk/atk: atktable.h~ -diff -urpb orig/atk-1.32.0/atk/atktext.c atk/atk/atktext.c ---- orig/atk-1.32.0/atk/atktext.c 2010-09-27 09:07:09.000000000 +0200 -+++ atk/atk/atktext.c 2014-02-17 12:30:56.871192495 +0100 -@@ -1054,7 +1054,7 @@ atk_text_attribute_register (const gchar - * - * Returns: a string containing the name; this string should not be freed - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_text_attribute_get_name (AtkTextAttribute attr) - { - GTypeClass *type_class; -@@ -1150,7 +1150,7 @@ atk_text_attribute_for_name (const gchar - * Returns: a string containing the value; this string should not be freed; - * NULL is returned if there are no values maintained for the attr value. - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_text_attribute_get_value (AtkTextAttribute attr, - gint index) - { -Only in atk/atk: atktext.c~ -diff -urpb orig/atk-1.32.0/atk/atktext.h atk/atk/atktext.h ---- orig/atk-1.32.0/atk/atktext.h 2010-09-27 09:07:09.000000000 +0200 -+++ atk/atk/atktext.h 2014-02-17 12:30:56.475192626 +0100 -@@ -355,9 +355,9 @@ AtkTextRange** atk_text_get_bounded_ran - AtkTextClipType y_clip_type); - void atk_text_free_ranges (AtkTextRange **ranges); - void atk_attribute_set_free (AtkAttributeSet *attrib_set); --G_CONST_RETURN gchar* atk_text_attribute_get_name (AtkTextAttribute attr); -+const gchar* atk_text_attribute_get_name (AtkTextAttribute attr); - AtkTextAttribute atk_text_attribute_for_name (const gchar *name); --G_CONST_RETURN gchar* atk_text_attribute_get_value (AtkTextAttribute attr, -+const gchar* atk_text_attribute_get_value (AtkTextAttribute attr, - gint index_); - - G_END_DECLS -Only in atk/atk: atktext.h~ -diff -urpb orig/atk-1.32.0/atk/atkutil.c atk/atk/atkutil.c ---- orig/atk-1.32.0/atk/atkutil.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkutil.c 2014-02-17 12:30:33.651193705 +0100 -@@ -340,7 +340,7 @@ atk_get_focus_object (void) - * - * Returns: name string for the GUI toolkit implementing ATK for this application - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_get_toolkit_name (void) - { - const gchar *retval; -@@ -365,7 +365,7 @@ atk_get_toolkit_name (void) - * - * Returns: version string for the GUI toolkit implementing ATK for this application - **/ --G_CONST_RETURN gchar* -+const gchar* - atk_get_toolkit_version (void) - { - const gchar *retval; -@@ -391,7 +391,7 @@ atk_get_toolkit_version (void) - * Returns: version string for ATK - **/ - --G_CONST_RETURN gchar * -+const gchar * - atk_get_version (void) - { - return VERSION; -Only in atk/atk: atkutil.c~ -diff -urpb orig/atk-1.32.0/atk/atkutil.h atk/atk/atkutil.h ---- orig/atk-1.32.0/atk/atkutil.h 2010-09-06 08:45:45.000000000 +0200 -+++ atk/atk/atkutil.h 2014-02-17 12:30:40.635193333 +0100 -@@ -147,8 +147,8 @@ struct _AtkUtilClass - gpointer data); - void (* remove_key_event_listener) (guint listener_id); - AtkObject* (* get_root) (void); -- G_CONST_RETURN gchar* (* get_toolkit_name) (void); -- G_CONST_RETURN gchar* (* get_toolkit_version) (void); -+ const gchar* (* get_toolkit_name) (void); -+ const gchar* (* get_toolkit_version) (void); - }; - GType atk_util_get_type (void); - -@@ -229,17 +229,17 @@ AtkObject* atk_get_focus_object (void); - /* - * Returns name string for the GUI toolkit. - */ --G_CONST_RETURN gchar *atk_get_toolkit_name (void); -+const gchar *atk_get_toolkit_name (void); - - /* - * Returns version string for the GUI toolkit. - */ --G_CONST_RETURN gchar *atk_get_toolkit_version (void); -+const gchar *atk_get_toolkit_version (void); - - /* - * Gets the current version of ATK - */ --G_CONST_RETURN gchar *atk_get_version (void); -+const gchar *atk_get_version (void); - - /* --- GType boilerplate --- */ - /* convenience macros for atk type implementations, which for a type GtkGadgetAccessible will: -Only in atk/atk: atkutil.h~ -diff -urpb orig/atk-1.32.0/tests/testrelation.c atk/tests/testrelation.c ---- orig/atk-1.32.0/tests/testrelation.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/tests/testrelation.c 2014-02-17 12:53:42.095119569 +0100 -@@ -28,7 +28,7 @@ static gboolean - test_relation (void) - { - AtkRelationType type1, type2; -- G_CONST_RETURN gchar *name; -+ const gchar *name; - AtkObject *obj; - gboolean ret_value; - AtkRelationSet *set; -@@ -169,7 +169,7 @@ static gboolean - test_role (void) - { - AtkRole role1, role2; -- G_CONST_RETURN gchar *name; -+ const gchar *name; - - name = atk_role_get_name (ATK_ROLE_PAGE_TAB); - g_return_val_if_fail (name, FALSE); -@@ -230,7 +230,7 @@ static gboolean - test_text_attr (void) - { - AtkTextAttribute attr1, attr2; -- G_CONST_RETURN gchar *name; -+ const gchar *name; - - name = atk_text_attribute_get_name (ATK_TEXT_ATTR_PIXELS_INSIDE_WRAP); - g_return_val_if_fail (name, FALSE); -Only in atk/tests/: testrelation.c~ -diff -urpb orig/atk-1.32.0/tests/teststateset.c atk/tests/teststateset.c ---- orig/atk-1.32.0/tests/teststateset.c 2010-09-06 08:45:45.000000000 +0200 -+++ atk/tests/teststateset.c 2014-02-17 12:53:55.675118832 +0100 -@@ -208,7 +208,7 @@ static gboolean - test_state (void) - { - AtkStateType type1, type2; -- G_CONST_RETURN gchar *name; -+ const gchar *name; - - name = atk_state_type_get_name (ATK_STATE_VISIBLE); - g_return_val_if_fail (name, FALSE); - - ---- orig/atk-1.32.0/atk/Makefile.in 2010-09-27 09:53:57.000000000 +0200 -+++ atk/atk/Makefile.in 2014-02-17 12:52:40.443122866 +0100 -@@ -40,7 +40,7 @@ host_triplet = @host@ - @HAVE_INTROSPECTION_TRUE@am__append_2 = $(gir_DATA) $(typelibs_DATA) - - # ---------- Win32 stuff ---------- --@OS_WIN32_TRUE@am__append_3 = -export-symbols $(srcdir)/atk.def -no-undefined -Wl,atk-win32-res.o -+@OS_WIN32_TRUE@am__append_3 = -export-symbols atk.def -no-undefined -Wl,atk-win32-res.o - @OS_WIN32_FALSE@libatk_1_0_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - @OS_WIN32_FALSE@ $(am__DEPENDENCIES_1) - subdir = atk -@@ -861,7 +861,7 @@ s-enum-types-c: @REBUILD@ $(atk_headers) - @HAVE_INTROSPECTION_TRUE@Atk-1.0.gir: libatk-1.0.la Makefile - - @OS_WIN32_TRUE@install-def-file: --@OS_WIN32_TRUE@ $(INSTALL) $(srcdir)/atk.def $(DESTDIR)$(libdir)/atk-1.0.def -+@OS_WIN32_TRUE@ $(INSTALL) atk.def $(DESTDIR)$(libdir)/atk-1.0.def - @OS_WIN32_TRUE@uninstall-def-file: - @OS_WIN32_TRUE@ -rm $(DESTDIR)$(libdir)/atk-1.0.def - @OS_WIN32_FALSE@install-def-file: diff -Nru gnupg2-2.1.6/build-aux/speedo/patches/libiconv-1.14.patch gnupg2-2.0.28/build-aux/speedo/patches/libiconv-1.14.patch --- gnupg2-2.1.6/build-aux/speedo/patches/libiconv-1.14.patch 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/patches/libiconv-1.14.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -#! /bin/sh -patch -p0 -l -f $* < $0 -exit $? - -On some systems the gets macro has been removed and thus the test -leads to an unresolved symbol error. - ---- srclib/stdio.in.h~ 2011-08-07 15:42:06.000000000 +0200 -+++ srclib/stdio.in.h 2014-09-04 13:07:07.079024312 +0200 -@@ -691,11 +691,6 @@ - _GL_CXXALIAS_SYS (gets, char *, (char *s)); - # undef gets - # endif --_GL_CXXALIASWARN (gets); --/* It is very rare that the developer ever has full control of stdin, -- so any use of gets warrants an unconditional warning. Assume it is -- always declared, since it is required by C89. */ --_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); - #endif diff -Nru gnupg2-2.1.6/build-aux/speedo/patches/pango-1.29.4.patch gnupg2-2.0.28/build-aux/speedo/patches/pango-1.29.4.patch --- gnupg2-2.1.6/build-aux/speedo/patches/pango-1.29.4.patch 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/patches/pango-1.29.4.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -#! /bin/sh -patch -p0 -l -f $* < $0 -exit $? - -Without that patch the module is build with wrong symbols and thus -can't be loaded by pango. I don't know why they have this defines -just in this module. It entirely defeats the feature of loading -modules dynamically - maybe this was just a quick hack for including -the code directly - however, I was not able to make that work either. - - ---- modules/basic/basic-win32.c~ 2011-09-28 16:34:33.000000000 +0200 -+++ modules/basic/basic-win32.c 2014-02-20 20:01:10.107723565 +0100 -@@ -33,9 +33,10 @@ - - extern HFONT _pango_win32_font_get_hfont (PangoFont *font); - --#ifndef PANGO_MODULE_PREFIX --#define PANGO_MODULE_PREFIX _pango_basic_win32 --#endif -+/* #ifndef PANGO_MODULE_PREFIX */ -+/* #define PANGO_MODULE_PREFIX _pango_basic_win32 */ -+/* #endif */ -+#undef PANGO_MODULE_PREFIX - - #include "pango-engine.h" - #include "pango-utils.h" diff -Nru gnupg2-2.1.6/build-aux/speedo/w32/exdll.h gnupg2-2.0.28/build-aux/speedo/w32/exdll.h --- gnupg2-2.1.6/build-aux/speedo/w32/exdll.h 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/w32/exdll.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,151 +0,0 @@ -/* exdll.h for use with gpg4win - * Copyright (C) 1999-2005 Nullsoft, Inc. - * - * This license applies to everything in the NSIS package, except - * where otherwise noted. - * - * This software is provided 'as-is', without any express or implied - * warranty. In no event will the authors be held liable for any - * damages arising from the use of this software. - * - * Permission is granted to anyone to use this software for any - * purpose, including commercial applications, and to alter it and - * redistribute it freely, subject to the following restrictions: - * - * 1. The origin of this software must not be misrepresented; you must - * not claim that you wrote the original software. If you use this - * software in a product, an acknowledgment in the product - * documentation would be appreciated but is not required. - * - * 2. Altered source versions must be plainly marked as such, and must - * not be misrepresented as being the original software. - * - * 3. This notice may not be removed or altered from any source - * distribution. - ************************************************************ - * 2005-11-14 wk Applied license text to orginal exdll.h file from - * NSIS 2.0.4 and did some formatting changes. - */ - -#ifndef _EXDLL_H_ -#define _EXDLL_H_ - -/* only include this file from one place in your DLL. (it is all - static, if you use it in two places it will fail) */ - -#define EXDLL_INIT() { \ - g_stringsize=string_size; \ - g_stacktop=stacktop; \ - g_variables=variables; } - -/* For page showing plug-ins */ -#define WM_NOTIFY_OUTER_NEXT (WM_USER+0x8) -#define WM_NOTIFY_CUSTOM_READY (WM_USER+0xd) -#define NOTIFY_BYE_BYE 'x' - -typedef struct _stack_t { - struct _stack_t *next; - char text[1]; /* This should be the length of string_size. */ -} stack_t; - - -static unsigned int g_stringsize; -static stack_t **g_stacktop; -static char *g_variables; - -static int __stdcall popstring(char *str, size_t maxlen); /* 0 on success, 1 on empty stack */ -static void __stdcall pushstring(const char *str); - -enum - { - INST_0, // $0 - INST_1, // $1 - INST_2, // $2 - INST_3, // $3 - INST_4, // $4 - INST_5, // $5 - INST_6, // $6 - INST_7, // $7 - INST_8, // $8 - INST_9, // $9 - INST_R0, // $R0 - INST_R1, // $R1 - INST_R2, // $R2 - INST_R3, // $R3 - INST_R4, // $R4 - INST_R5, // $R5 - INST_R6, // $R6 - INST_R7, // $R7 - INST_R8, // $R8 - INST_R9, // $R9 - INST_CMDLINE, // $CMDLINE - INST_INSTDIR, // $INSTDIR - INST_OUTDIR, // $OUTDIR - INST_EXEDIR, // $EXEDIR - INST_LANG, // $LANGUAGE - __INST_LAST -}; - -typedef struct { - int autoclose; - int all_user_var; - int exec_error; - int abort; - int exec_reboot; - int reboot_called; - int XXX_cur_insttype; /* deprecated */ - int XXX_insttype_changed; /* deprecated */ - int silent; - int instdir_error; - int rtl; - int errlvl; -} exec_flags_t; - -typedef struct { - exec_flags_t *exec_flags; - int (__stdcall *ExecuteCodeSegment)(int, HWND); -} extra_parameters_t; - - -/* Utility functions (not required but often useful). */ -static int __stdcall -popstring(char *str, size_t maxlen) -{ - stack_t *th; - if (!g_stacktop || !*g_stacktop) - return 1; - th=(*g_stacktop); - lstrcpyn (str, th->text, maxlen); - *g_stacktop = th->next; - GlobalFree((HGLOBAL)th); - return 0; -} - -static void __stdcall -pushstring(const char *str) -{ - stack_t *th; - if (!g_stacktop) return; - th=(stack_t*)GlobalAlloc(GPTR,sizeof(stack_t)+g_stringsize); - lstrcpyn(th->text,str,g_stringsize); - th->next=*g_stacktop; - *g_stacktop=th; -} - -static char * __stdcall -getuservariable(const int varnum) -{ - if (varnum < 0 || varnum >= __INST_LAST) return NULL; - return g_variables+varnum*g_stringsize; -} - -static void __stdcall -setuservariable(const int varnum, const char *var) -{ - if (var != NULL && varnum >= 0 && varnum < __INST_LAST) - lstrcpy(g_variables + varnum*g_stringsize, var); -} - - - -#endif/*_EXDLL_H_*/ diff -Nru gnupg2-2.1.6/build-aux/speedo/w32/g4wihelp.c gnupg2-2.0.28/build-aux/speedo/w32/g4wihelp.c --- gnupg2-2.1.6/build-aux/speedo/w32/g4wihelp.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/w32/g4wihelp.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,1136 +0,0 @@ -/* g4wihelp.c - NSIS Helper DLL used with gpg4win. -*- coding: latin-1; -*- - * Copyright (C) 2005 g10 Code GmbH - * Copyright (C) 2001 Justin Frankel - * - * This software is provided 'as-is', without any express or implied - * warranty. In no event will the authors be held liable for any - * damages arising from the use of this software. - * - * Permission is granted to anyone to use this software for any - * purpose, including commercial applications, and to alter it and - * redistribute it freely, subject to the following restrictions: - * - * 1. The origin of this software must not be misrepresented; you must - * not claim that you wrote the original software. If you use this - * software in a product, an acknowledgment in the product - * documentation would be appreciated but is not required. - * - * 2. Altered source versions must be plainly marked as such, and must - * not be misrepresented as being the original software. - * - * 3. This notice may not be removed or altered from any source - * distribution. - ************************************************************ - * The code for the splash screen has been taken from the Splash - * plugin of the NSIS 2.04 distribution. That code comes without - * explicit copyright notices in tyhe source files or author names, it - * seems that it has been written by Justin Frankel; not sure about - * the year, though. [wk 2005-11-28] - * - * Fixed some compiler warnings. [wk 2014-02-24]. - */ - -#include -#include -#include "exdll.h" - -static HINSTANCE g_hInstance; /* Our Instance. */ -static HWND g_hwndParent; /* Handle of parent window or NULL. */ -static HBITMAP g_hbm; /* Handle of the splash image. */ -static int sleepint; /* Milliseconds to show the spals image. */ - - -/* Standard entry point for DLLs. */ -int WINAPI -DllMain (HANDLE hinst, DWORD reason, LPVOID reserved) -{ - if (reason == DLL_PROCESS_ATTACH) - g_hInstance = hinst; - return TRUE; -} - - - -/* Dummy function for testing. */ -void __declspec(dllexport) -dummy (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - g_hwndParent = hwndParent; - - EXDLL_INIT(); - - // note if you want parameters from the stack, pop them off in order. - // i.e. if you are called via exdll::myFunction file.dat poop.dat - // calling popstring() the first time would give you file.dat, - // and the second time would give you poop.dat. - // you should empty the stack of your parameters, and ONLY your - // parameters. - - // do your stuff here - { - char buf[1024]; - snprintf (buf, sizeof buf - 1, "$R0=%s\r\n$R1=%s\r\n", - getuservariable(INST_R0), - getuservariable(INST_R1)); - MessageBox (g_hwndParent,buf,0,MB_OK); - - snprintf (buf, sizeof buf - 1, - "autoclose =%d\r\n" - "all_user_var =%d\r\n" - "exec_error =%d\r\n" - "abort =%d\r\n" - "exec_reboot =%d\r\n" - "reboot_called=%d\r\n" - "silent =%d\r\n" - "instdir_error=%d\r\n" - "rtl =%d\r\n" - "errlvl =%d\r\n", - extra->exec_flags->autoclose, - extra->exec_flags->all_user_var, - extra->exec_flags->exec_error, - extra->exec_flags->abort, - extra->exec_flags->exec_reboot, - extra->exec_flags->reboot_called, - extra->exec_flags->silent, - extra->exec_flags->instdir_error, - extra->exec_flags->rtl, - extra->exec_flags->errlvl); - MessageBox(g_hwndParent,buf,0,MB_OK); - } -} - - -void __declspec(dllexport) -runonce (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - const char *result; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - CreateMutexA (NULL, 0, getuservariable(INST_R0)); - result = GetLastError ()? "1":"0"; - setuservariable (INST_R0, result); -} - - -void __declspec(dllexport) -playsound (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - char fname[MAX_PATH]; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - if (popstring(fname, sizeof fname)) - return; - PlaySound (fname, NULL, SND_ASYNC|SND_FILENAME|SND_NODEFAULT); -} - - -void __declspec(dllexport) -stopsound (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - g_hwndParent = hwndParent; - EXDLL_INIT(); - PlaySound (NULL, NULL, 0); -} - - -/* Windows procedure to control the splashimage. This one pauses the - execution until the sleep time is over or the user closes this - windows. */ -static LRESULT CALLBACK -splash_wndproc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) -{ - LRESULT result = 0; - - switch (uMsg) - { - case WM_CREATE: - { - BITMAP bm; - RECT vp; - - GetObject(g_hbm, sizeof(bm), (LPSTR)&bm); - SystemParametersInfo(SPI_GETWORKAREA, 0, &vp, 0); - SetWindowLong(hwnd,GWL_STYLE,0); - SetWindowPos(hwnd,NULL, - vp.left+(vp.right-vp.left-bm.bmWidth)/2, - vp.top+(vp.bottom-vp.top-bm.bmHeight)/2, - bm.bmWidth,bm.bmHeight, - SWP_NOZORDER); - ShowWindow(hwnd,SW_SHOW); - SetTimer(hwnd,1,sleepint,NULL); - } - break; - - case WM_PAINT: - { - PAINTSTRUCT ps; - RECT r; - HDC curdc=BeginPaint(hwnd,&ps); - HDC hdc=CreateCompatibleDC(curdc); - HBITMAP oldbm; - GetClientRect(hwnd,&r); - oldbm=(HBITMAP)SelectObject(hdc,g_hbm); - BitBlt(curdc,r.left,r.top,r.right-r.left,r.bottom-r.top, - hdc,0,0,SRCCOPY); - SelectObject(hdc,oldbm); - DeleteDC(hdc); - EndPaint(hwnd,&ps); - } - break; - - case WM_CLOSE: - break; - - case WM_TIMER: - case WM_LBUTTONDOWN: - DestroyWindow(hwnd); - /*(fall through)*/ - default: - result = DefWindowProc (hwnd, uMsg, wParam, lParam); - } - - return result; -} - - -/* Display a splash screen. Call as - - g4wihelp::showsplash SLEEP FNAME - - With SLEEP being the time in milliseconds to show the splashscreen - and FNAME the complete filename of the image. As of now only BMP - is supported. -*/ -void __declspec(dllexport) -showsplash (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - static WNDCLASS wc; - char sleepstr[30]; - char fname[MAX_PATH]; - int err = 0; - char *p; - char classname[] = "_sp"; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - if (popstring(sleepstr, sizeof sleepstr)) - err = 1; - if (popstring(fname, sizeof fname)) - err = 1; - if (err) - return; - - if (!*fname) - return; /* Nothing to do. */ - - for (sleepint=0, p=sleepstr; *p >= '0' && *p <= '9'; p++) - { - sleepint *= 10; - sleepint += *p - '0'; - } - if (sleepint <= 0) - return; /* Nothing to do. */ - - wc.lpfnWndProc = splash_wndproc; - wc.hInstance = g_hInstance; - wc.hCursor = LoadCursor(NULL,IDC_ARROW); - wc.lpszClassName = classname; - if (!RegisterClass(&wc)) - return; /* Error. */ - - g_hbm = LoadImage (NULL, fname, IMAGE_BITMAP, - 0, 0 , LR_CREATEDIBSECTION|LR_LOADFROMFILE); - if (g_hbm) - { - MSG msg; - HWND hwnd; - - hwnd = CreateWindowEx (WS_EX_TOOLWINDOW, classname, classname, - 0, 0, 0, 0, 0, (HWND)hwndParent, NULL, - g_hInstance, NULL); - - while (IsWindow(hwnd) && GetMessage ( &msg, hwnd, 0, 0)) - { - DispatchMessage (&msg); - } - - DeleteObject (g_hbm); - g_hbm = NULL; - } - UnregisterClass (classname, g_hInstance); -} - - -/* Service Management. */ - -/* Use this to report unexpected errors. FIXME: This is really not - very descriptive. */ -void -service_error (const char *str) -{ - char buf[1024]; - snprintf (buf, sizeof (buf) - 1, "error: %s: ec=%d\r\n", str, - GetLastError ()); - MessageBox(g_hwndParent, buf, 0, MB_OK); - - setuservariable (INST_R0, "1"); -} - - -void __declspec(dllexport) -service_create (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - SC_HANDLE sc; - SC_HANDLE service; - const char *result = NULL; - char service_name[256]; - char display_name[256]; - char program[256]; - int err = 0; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - /* The expected stack layout: service_name, display_name, program. */ - if (popstring (service_name, sizeof (service_name))) - err = 1; - if (!err && popstring (display_name, sizeof (display_name))) - err = 1; - if (!err && popstring (program, sizeof (program))) - err = 1; - if (err) - { - setuservariable (INST_R0, "1"); - return; - } - - sc = OpenSCManager (NULL, NULL, SC_MANAGER_ALL_ACCESS); - if (sc == NULL) - { - service_error ("OpenSCManager"); - return; - } - - service = CreateService (sc, service_name, display_name, - SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, - /* Use SERVICE_DEMAND_START for testing. - FIXME: Currently not configurable by caller. */ - SERVICE_AUTO_START, - SERVICE_ERROR_NORMAL, program, - NULL, NULL, NULL, - /* FIXME: Currently not configurable by caller. */ - /* FIXME: LocalService or NetworkService - don't work for dirmngr right now. NOTE! - If you change it here, you also should - adjust make-msi.pl for the msi - installer. In the future, this should - be an argument to the function and then - the make-msi.pl script can extract it - from the invocation. */ - NULL /* "NT AUTHORITY\\LocalService" */, - NULL); - if (service == NULL) - { - service_error ("CreateService"); - CloseServiceHandle (sc); - return; - } - CloseServiceHandle (service); - - result = GetLastError () ? "1":"0"; - setuservariable (INST_R0, result); - return; -} - - -/* Requires g_hwndParent to be set! */ -SC_HANDLE -service_lookup (char *service_name) -{ - SC_HANDLE sc; - SC_HANDLE service; - - sc = OpenSCManager (NULL, NULL, SC_MANAGER_ALL_ACCESS); - if (sc == NULL) - { - service_error ("OpenSCManager"); - return NULL; - } - service = OpenService (sc, service_name, SC_MANAGER_ALL_ACCESS); - if (service == NULL) - { - /* Fail silently here. */ - CloseServiceHandle (sc); - return NULL; - } - CloseServiceHandle (sc); - return service; -} - - -/* Returns status. */ -void __declspec(dllexport) -service_query (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - SC_HANDLE service; - const char *result = NULL; - char service_name[256]; - int err = 0; - SERVICE_STATUS status; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - /* The expected stack layout: service_name argc [argv]. */ - if (popstring (service_name, sizeof (service_name))) - err = 1; - if (err) - { - setuservariable (INST_R0, "ERROR"); - return; - } - - service = service_lookup (service_name); - if (service == NULL) - if (err == 0) - { - setuservariable (INST_R0, "MISSING"); - return; - } - - err = QueryServiceStatus (service, &status); - if (err == 0) - { - setuservariable (INST_R0, "ERROR"); - CloseServiceHandle (service); - return; - } - CloseServiceHandle (service); - - switch (status.dwCurrentState) - { - case SERVICE_START_PENDING: - result = "START_PENDING"; - break; - case SERVICE_RUNNING: - result = "RUNNING"; - break; - case SERVICE_PAUSE_PENDING: - result = "PAUSE_PENDING"; - break; - case SERVICE_PAUSED: - result = "PAUSED"; - break; - case SERVICE_CONTINUE_PENDING: - result = "CONTINUE_PENDING"; - break; - case SERVICE_STOP_PENDING: - result = "STOP_PENDING"; - break; - case SERVICE_STOPPED: - result = "STOPPED"; - break; - default: - result = "UNKNOWN"; - } - setuservariable (INST_R0, result); - return; -} - - -void __declspec(dllexport) -service_start (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - SC_HANDLE service; - const char *result = NULL; - char service_name[256]; - char argc_str[256]; -#define NR_ARGS 10 -#define ARG_MAX 256 - char argv_str[NR_ARGS][ARG_MAX]; - const char *argv[NR_ARGS + 1]; - int argc; - int i; - int err = 0; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - /* The expected stack layout: service_name argc [argv]. */ - if (popstring (service_name, sizeof (service_name))) - err = 1; - if (!err && popstring (argc_str, sizeof (argc_str))) - err = 1; - if (!err) - { - argc = atoi (argc_str); - for (i = 0; i < argc; i++) - { - if (popstring (argv_str[i], ARG_MAX)) - { - err = 1; - break; - } - argv[i] = argv_str[i]; - } - argv[i] = NULL; - } - if (err) - { - setuservariable (INST_R0, "1"); - return; - } - - service = service_lookup (service_name); - if (service == NULL) - return; - - err = StartService (service, argc, argc == 0 ? NULL : argv); - if (err == 0) - { - service_error ("StartService"); - CloseServiceHandle (service); - return; - } - CloseServiceHandle (service); - - setuservariable (INST_R0, "0"); - return; -} - - -void __declspec(dllexport) -service_stop (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - SC_HANDLE service; - const char *result = NULL; - char service_name[256]; - int err = 0; - SERVICE_STATUS status; - DWORD timeout = 10000; /* 10 seconds. */ - DWORD start_time; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - /* The expected stack layout: service_name argc [argv]. */ - if (popstring (service_name, sizeof (service_name))) - err = 1; - if (err) - { - setuservariable (INST_R0, "1"); - return; - } - - service = service_lookup (service_name); - if (service == NULL) - return; - - err = QueryServiceStatus (service, &status); - if (err == 0) - { - service_error ("QueryService"); - CloseServiceHandle (service); - return; - } - - if (status.dwCurrentState != SERVICE_STOPPED - && status.dwCurrentState != SERVICE_STOP_PENDING) - { - err = ControlService (service, SERVICE_CONTROL_STOP, &status); - if (err == 0) - { - service_error ("ControlService"); - CloseServiceHandle (service); - return; - } - } - - start_time = GetTickCount (); - while (status.dwCurrentState != SERVICE_STOPPED) - { - Sleep (1000); /* One second. */ - if (!QueryServiceStatus (service, &status)) - { - service_error ("QueryService"); - CloseServiceHandle (service); - return; - } - if (status.dwCurrentState == SERVICE_STOPPED) - break; - - if (GetTickCount () - start_time > timeout) - { - char buf[1024]; - snprintf (buf, sizeof (buf) - 1, - "time out waiting for service %s to stop\r\n", - service_name); - MessageBox (g_hwndParent, buf, 0, MB_OK); - setuservariable (INST_R0, "1"); - return; - } - } - CloseServiceHandle (service); - setuservariable (INST_R0, "0"); - return; -} - - -void __declspec(dllexport) -service_delete (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - SC_HANDLE service; - const char *result = NULL; - char service_name[256]; - int err = 0; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - /* The expected stack layout: service_name argc [argv]. */ - if (popstring (service_name, sizeof (service_name))) - err = 1; - if (err) - { - setuservariable (INST_R0, "1"); - return; - } - - service = service_lookup (service_name); - if (service == NULL) - return; - - err = DeleteService (service); - if (err == 0) - { - service_error ("DeleteService"); - CloseServiceHandle (service); - return; - } - CloseServiceHandle (service); - - setuservariable (INST_R0, "0"); - return; -} - - -#include - -/* Extract config file parameters. FIXME: Not particularly robust. - We expect some reasonable formatting. The parser below is very - limited. It expects a command line option /c=FILE or /C=FILE, - where FILE must be enclosed in double-quotes if it contains spaces. - That file should contain a single section [gpg4win] and KEY=VALUE - pairs for each additional configuration file to install. Comments - are supported only on lines by themselves. VALUE can be quoted in - double-quotes, but does not need to be, unless it has whitespace at - the beginning or end. KEY can, for example, be "gpg.conf" (without - the quotes). */ -void -config_init (char **keys, char **values, int max) -{ - /* First, parse the command line. */ - char *cmdline; - char *begin = NULL; - char *end = NULL; - char mark; - char *fname; - char *ptr; - FILE *conf; - - *keys = NULL; - *values = NULL; - - cmdline = getuservariable (INST_CMDLINE); - - mark = (*cmdline == '"') ? (cmdline++, '"') : ' '; - while (*cmdline && *cmdline != mark) - cmdline++; - if (mark == '"' && *cmdline) - cmdline++; - while (*cmdline && *cmdline == ' ') - cmdline++; - - while (*cmdline) - { - /* We are at the beginning of a new argument. */ - if (cmdline[0] == '/' && (cmdline[1] == 'C' || cmdline[1] == 'c') - && cmdline[2] == '=') - { - cmdline += 3; - begin = cmdline; - } - - while (*cmdline && *cmdline != ' ') - { - /* Skip over quoted parts. */ - if (*cmdline == '"') - { - cmdline++; - while (*cmdline && *cmdline != '"') - cmdline++; - if (*cmdline) - cmdline++; - } - else - cmdline++; - } - if (begin && !end) - { - end = cmdline - 1; - break; - } - while (*cmdline && *cmdline == ' ') - cmdline++; - } - - if (!begin || begin > end) - return; - - /* Strip quotes. */ - if (*begin == '"' && *end == '"') - { - begin++; - end--; - } - if (begin > end) - return; - - fname = malloc (end - begin + 2); - if (!fname) - return; - - ptr = fname; - while (begin <= end) - *(ptr++) = *(begin++); - *ptr = '\0'; - - conf = fopen (fname, "r"); - free (fname); - if (!conf) - return; - - while (max - 1 > 0) - { - char line[256]; - char *ptr2; - - if (fgets (line, sizeof (line), conf) == NULL) - break; - ptr = &line[strlen (line)]; - while (ptr > line && (ptr[-1] == '\n' || ptr[-1] == '\r' - || ptr[-1] == ' ' || ptr[-1] == '\t')) - ptr--; - *ptr = '\0'; - - ptr = line; - while (*ptr && (*ptr == ' ' || *ptr == '\t')) - ptr++; - /* Ignore comment lines. */ - /* FIXME: Ignore section markers. */ - if (*ptr == '\0' || *ptr == ';' || *ptr == '[') - continue; - begin = ptr; - while (*ptr && *ptr != '=' && *ptr != ' ' && *ptr != '\t') - ptr++; - end = ptr - 1; - while (*ptr && (*ptr == ' ' || *ptr == '\t')) - ptr++; - if (*ptr != '=') - continue; - ptr++; - - if (begin > end) - continue; - - /* We found a key. */ - *keys = malloc (end - begin + 2); - if (!keys) - return; - ptr2 = *keys; - while (begin <= end) - *(ptr2++) = *(begin++); - *ptr2 = '\0'; - - *values = NULL; - - while (*ptr && (*ptr == ' ' || *ptr == '\t')) - ptr++; - begin = ptr; - /* In this case, end points to the byte after the value, which - is OK because that is '\0'. */ - end = &line[strlen (line)]; - if (begin > end) - begin = end; - - /* Strip quotes. */ - if (*begin == '"' && end[-1] == '"') - { - begin++; - end--; - *end = '\0'; - } - if (begin > end) - return; - - *values = malloc (end - begin + 1); - ptr2 = *values; - while (begin <= end) - *(ptr2++) = *(begin++); - - keys++; - values++; - max--; - } - - fclose (conf); - *keys = NULL; - *values = NULL; -} - - -char * -config_lookup (char *key) -{ -#define MAX_KEYS 128 - static int initialised = 0; - static char *keys[MAX_KEYS]; - static char *values[MAX_KEYS]; - int i; - - if (initialised == 0) - { - initialised = 1; - config_init (keys, values, MAX_KEYS); - -#if 0 - MessageBox(g_hwndParent, "Configuration File:", 0, MB_OK); - i = 0; - while (keys[i]) - { - char buf[256]; - sprintf (buf, "%s=%s\r\n", keys[i], values[i]); - MessageBox (g_hwndParent, buf, 0, MB_OK); - i++; - } -#endif - } - - i = 0; - while (keys[i]) - { - if (!strcmp (keys[i], key)) - return values[i]; - i++; - } - - return NULL; -} - - -void __declspec(dllexport) -config_fetch (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - char key[256]; - int err = 0; - char *value; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - /* The expected stack layout: key. */ - if (popstring (key, sizeof (key))) - err = 1; - if (err) - { - setuservariable (INST_R0, ""); - return; - } - - value = config_lookup (key); - - setuservariable (INST_R0, value == NULL ? "" : value); - return; -} - - -void __declspec(dllexport) -config_fetch_bool (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - char key[256]; - int err = 0; - char *value; - int result; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - /* The expected stack layout: key. */ - if (popstring (key, sizeof (key))) - err = 1; - if (err) - { - setuservariable (INST_R0, ""); - return; - } - - value = config_lookup (key); - if (value == NULL || *value == '\0') - { - setuservariable (INST_R0, ""); - return; - } - - result = 0; - if (!strcasecmp (value, "true") - || !strcasecmp (value, "yes") - || atoi (value) != 0) - result = 1; - - setuservariable (INST_R0, result == 0 ? "0" : "1"); - return; -} - - -/* Return a string from the Win32 Registry or NULL in case of error. - Caller must release the return value. A NULL for root is an alias - for HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE in turn. */ -char * -read_w32_registry_string (HKEY root, const char *dir, const char *name) -{ - HKEY root_key; - HKEY key_handle; - DWORD n1, nbytes, type; - char *result = NULL; - - root_key = root; - if (! root_key) - root_key = HKEY_CURRENT_USER; - - if( RegOpenKeyEx( root_key, dir, 0, KEY_READ, &key_handle ) ) - { - if (root) - return NULL; /* no need for a RegClose, so return direct */ - /* It seems to be common practise to fall back to HKLM. */ - if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, dir, 0, KEY_READ, &key_handle) ) - return NULL; /* still no need for a RegClose, so return direct */ - } - - nbytes = 1; - if( RegQueryValueEx( key_handle, name, 0, NULL, NULL, &nbytes ) ) { - if (root) - goto leave; - /* Try to fallback to HKLM also vor a missing value. */ - RegCloseKey (key_handle); - if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, dir, 0, KEY_READ, &key_handle) ) - return NULL; /* Nope. */ - if (RegQueryValueEx( key_handle, name, 0, NULL, NULL, &nbytes)) - goto leave; - } - - result = malloc( (n1=nbytes+1) ); - - if( !result ) - goto leave; - if( RegQueryValueEx( key_handle, name, 0, &type, result, &n1 ) ) { - free(result); result = NULL; - goto leave; - } - result[nbytes] = 0; /* make sure it is really a string */ - - leave: - RegCloseKey( key_handle ); - return result; -} - - -#define ENV_HK HKEY_LOCAL_MACHINE -#define ENV_REG "SYSTEM\\CurrentControlSet\\Control\\" \ - "Session Manager\\Environment" - /* The following setting can be used for a per-user setting. */ -#if 0 -#define ENV_HK HKEY_CURRENT_USER -#define ENV_REG "Environment" -#endif -/* Due to a bug in Windows7 (kb 2685893) we better put a lower limit - than 8191 on the maximum length of the PATH variable. Note, that - depending on the used toolchain we used to had a 259 byte limit in - the past. */ -#define PATH_LENGTH_LIMIT 2047 - -void __declspec(dllexport) -path_add (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - char dir[PATH_LENGTH_LIMIT]; - char *path; - char *path_new; - int path_new_size; - char *comp; - const char delims[] = ";"; - HKEY key_handle = 0; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - setuservariable (INST_R0, "0"); - -/* MessageBox (g_hwndParent, "XXX 1", 0, MB_OK); */ - - /* The expected stack layout: path component. */ - if (popstring (dir, sizeof (dir))) - return; - -/* MessageBox (g_hwndParent, "XXX 2", 0, MB_OK); */ - - path = read_w32_registry_string (ENV_HK, ENV_REG, "Path"); - if (! path) - { - MessageBox (g_hwndParent, "No PATH variable found", 0, MB_OK); - return; - } - -/* MessageBox (g_hwndParent, "XXX 3", 0, MB_OK); */ - - /* Old path plus semicolon plus dir plus terminating nul. */ - path_new_size = strlen (path) + 1 + strlen (dir) + 1; - if (path_new_size > PATH_LENGTH_LIMIT) - { - MessageBox (g_hwndParent, "PATH env variable too big", 0, MB_OK); - free (path); - return; - } - -/* MessageBox (g_hwndParent, "XXX 4", 0, MB_OK); */ - - path_new = malloc (path_new_size); - if (!path_new) - { - free (path); - return; - } - -/* MessageBox (g_hwndParent, "XXX 5", 0, MB_OK); */ - - strcpy (path_new, path); - strcat (path_new, ";"); - strcat (path_new, dir); - -/* MessageBox (g_hwndParent, "XXX 6", 0, MB_OK); */ -/* MessageBox (g_hwndParent, dir, 0, MB_OK); */ -/* MessageBox (g_hwndParent, "XXX 7", 0, MB_OK); */ - - /* Check if the directory already exists in the path. */ - comp = strtok (path, delims); - do - { -/* MessageBox (g_hwndParent, comp, 0, MB_OK); */ - - if (!strcmp (comp, dir)) - { - free (path); - free (path_new); - return; - } - comp = strtok (NULL, delims); - } - while (comp); - free (path); - -/* MessageBox (g_hwndParent, "XXX 8", 0, MB_OK); */ - - /* Set a key for our CLSID. */ - RegCreateKey (ENV_HK, ENV_REG, &key_handle); - RegSetValueEx (key_handle, "Path", 0, REG_EXPAND_SZ, - path_new, path_new_size); - RegCloseKey (key_handle); - SetEnvironmentVariable("PATH", path_new); - free (path_new); - -/* MessageBox (g_hwndParent, "XXX 9", 0, MB_OK); */ - - setuservariable (INST_R0, "1"); -} - - -void __declspec(dllexport) -path_remove (HWND hwndParent, int string_size, char *variables, - stack_t **stacktop, extra_parameters_t *extra) -{ - char dir[PATH_LENGTH_LIMIT]; - char *path; - char *path_new; - int path_new_size; - char *comp; - const char delims[] = ";"; - HKEY key_handle = 0; - int changed = 0; - int count = 0; - - g_hwndParent = hwndParent; - EXDLL_INIT(); - - setuservariable (INST_R0, "0"); - - /* The expected stack layout: path component. */ - if (popstring (dir, sizeof (dir))) - return; - - path = read_w32_registry_string (ENV_HK, ENV_REG, "Path"); - /* Old path plus semicolon plus dir plus terminating nul. */ - path_new_size = strlen (path) + 1; - path_new = malloc (path_new_size); - if (!path_new) - { - free (path); - return; - } - path_new[0] = '\0'; - - /* Compose the new path. */ - comp = strtok (path, delims); - do - { - if (strcmp (comp, dir)) - { - if (count != 0) - strcat (path_new, ";"); - strcat (path_new, comp); - count++; - } - else - changed = 1; - - comp = strtok (NULL, delims); - } - while (comp); - free (path); - - if (! changed) - return; - - /* Set a key for our CLSID. */ - RegCreateKey (ENV_HK, ENV_REG, &key_handle); - RegSetValueEx (key_handle, "Path", 0, REG_EXPAND_SZ, - path_new, path_new_size); - RegCloseKey (key_handle); - free (path_new); - - setuservariable (INST_R0, "1"); -} diff -Nru gnupg2-2.1.6/build-aux/speedo/w32/gdk-pixbuf-loaders.cache gnupg2-2.0.28/build-aux/speedo/w32/gdk-pixbuf-loaders.cache --- gnupg2-2.1.6/build-aux/speedo/w32/gdk-pixbuf-loaders.cache 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/w32/gdk-pixbuf-loaders.cache 1970-01-01 00:00:00.000000000 +0000 @@ -1,138 +0,0 @@ -# GdkPixbuf Image Loader Modules file -# Automatically generated file, do not edit -# Created by gdk-pixbuf-query-loaders.exe from gdk-pixbuf-2.26.5 -# -# LoaderDir = ../lib/gdk-pixbuf-2.0/2.10.0/loaders -# -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-ani.dll" -"ani" 4 "gdk-pixbuf" "The ANI image format" "LGPL" -"application/x-navi-animation" "" -"ani" "" -"RIFF ACON" " xxxx " 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-bmp.dll" -"bmp" 5 "gdk-pixbuf" "The BMP image format" "LGPL" -"image/bmp" "image/x-bmp" "image/x-MS-bmp" "" -"bmp" "" -"BM" "" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-emf.dll" -"emf" 4 "gdk-pixbuf" "The EMF image format" "LGPL" -"application/emf" "application/x-emf" "image/x-emf" "image/x-mgx-emf" "" -"emf" "" -"\001" "" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-gif.dll" -"gif" 5 "gdk-pixbuf" "The GIF image format" "LGPL" -"image/gif" "" -"gif" "" -"GIF8" "" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-ico.dll" -"ico" 4 "gdk-pixbuf" "The ICO image format" "LGPL" -"image/x-icon" "image/x-ico" "" -"ico" "cur" "" -" \001 " "zz znz" 100 -" \002 " "zz znz" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-jpeg.dll" -"jpeg" 5 "gdk-pixbuf" "The JPEG image format" "LGPL" -"image/jpeg" "" -"jpeg" "jpe" "jpg" "" -"\377\330" "" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-tiff.dll" -"tiff" 5 "gdk-pixbuf" "The TIFF image format" "LGPL" -"image/tiff" "" -"tiff" "tif" "" -"MM *" " z " 100 -"II* " " z" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-wmf.dll" -"wmf" 4 "gdk-pixbuf" "The WMF image format" "LGPL" -"image/x-wmf" "" -"wmf" "apm" "" -"\327\315\306\232" "" 100 -"\001" "" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-icns.dll" -"icns" 4 "gdk-pixbuf" "The ICNS image format" "GPL" -"image/x-icns" "" -"icns" "" -"icns" "" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-pcx.dll" -"pcx" 4 "gdk-pixbuf" "The PCX image format" "LGPL" -"image/x-pcx" "" -"pcx" "" -"\n \001" "" 100 -"\n\002\001" "" 100 -"\n\003\001" "" 100 -"\n\004\001" "" 100 -"\n\005\001" "" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.dll" -"png" 5 "gdk-pixbuf" "The PNG image format" "LGPL" -"image/png" "" -"png" "" -"\211PNG\r\n\032\n" "" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-pnm.dll" -"pnm" 4 "gdk-pixbuf" "The PNM/PBM/PGM/PPM image format family" "LGPL" -"image/x-portable-anymap" "image/x-portable-bitmap" "image/x-portable-graymap" "image/x-portable-pixmap" "" -"pnm" "pbm" "pgm" "ppm" "" -"P1" "" 100 -"P2" "" 100 -"P3" "" 100 -"P4" "" 100 -"P5" "" 100 -"P6" "" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-qtif.dll" -"qtif" 4 "gdk-pixbuf" "The QTIF image format" "LGPL" -"image/x-quicktime" "image/qtif" "" -"qtif" "qif" "" -"abcdidsc" "xxxx " 100 -"abcdidat" "xxxx " 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-ras.dll" -"ras" 4 "gdk-pixbuf" "The Sun raster image format" "LGPL" -"image/x-cmu-raster" "image/x-sun-raster" "" -"ras" "" -"Y\246j\225" "" 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-tga.dll" -"tga" 4 "gdk-pixbuf" "The Targa image format" "LGPL" -"image/x-tga" "" -"tga" "targa" "" -" \001\001" "x " 100 -" \001\t" "x " 100 -" \002" "xz " 99 -" \003" "xz " 100 -" \n" "xz " 100 -" \v" "xz " 100 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-wbmp.dll" -"wbmp" 4 "gdk-pixbuf" "The WBMP image format" "LGPL" -"image/vnd.wap.wbmp" "" -"wbmp" "" -" " "zz" 1 -" `" "z " 1 -" @" "z " 1 -" " "z " 1 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-xbm.dll" -"xbm" 4 "gdk-pixbuf" "The XBM image format" "LGPL" -"image/x-xbitmap" "" -"xbm" "" -"#define " "" 100 -"/*" "" 50 - -"../lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-xpm.dll" -"xpm" 4 "gdk-pixbuf" "The XPM image format" "LGPL" -"image/x-xpixmap" "" -"xpm" "" -"/* XPM */" "" 100 - - -# eof # Binary files /tmp/NDvifIw2A6/gnupg2-2.1.6/build-aux/speedo/w32/gnupg-logo-150x57.bmp and /tmp/metsikI6sQ/gnupg2-2.0.28/build-aux/speedo/w32/gnupg-logo-150x57.bmp differ Binary files /tmp/NDvifIw2A6/gnupg2-2.1.6/build-aux/speedo/w32/gnupg-logo-164x314.bmp and /tmp/metsikI6sQ/gnupg2-2.0.28/build-aux/speedo/w32/gnupg-logo-164x314.bmp differ diff -Nru gnupg2-2.1.6/build-aux/speedo/w32/inst.nsi gnupg2-2.0.28/build-aux/speedo/w32/inst.nsi --- gnupg2-2.1.6/build-aux/speedo/w32/inst.nsi 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/w32/inst.nsi 1970-01-01 00:00:00.000000000 +0000 @@ -1,1357 +0,0 @@ -# inst.nsi - Installer for GnuPG on Windows. -*- coding: latin-1; -*- -# Copyright (C) 2005, 2014 g10 Code GmbH -# -# This file is part of GnuPG. -# -# GnuPG is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# GnuPG is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . - -# Macros to provide for invocation: -# INST_DIR -# INST6_DIR -# BUILD_DIR -# TOP_SRCDIR -# W32_SRCDIR -# BUILD_ISODATE - the build date, e.g. "2014-10-31" -# BUILD_DATESTR - ditto w/o '-', e.g. "20141031" -# NAME -# VERSION -# PROD_VERSION -# -# WITH_GUI - Include the GPA GUI - -!cd "${INST_DIR}" -!addincludedir "${W32_SRCDIR}" -!addplugindir "${BUILD_DIR}" - -# The package name and version. PRETTY_PACKAGE is a user visible name -# only while PACKAGE is useful for filenames etc. PROD_VERSION is the -# product version and needs to be in the format "MAJ.MIN.MIC.BUILDNR". -!define PACKAGE "gnupg" -!define PACKAGE_SHORT "gnupg" -!define PRETTY_PACKAGE "GNU Privacy Guard" -!define PRETTY_PACKAGE_SHORT "GnuPG" -!define COMPANY "The GnuPG Project" -!define COPYRIGHT "Copyright (C) 2015 The GnuPG Project" -!define DESCRIPTION "GnuPG: The GNU Privacy Guard for Windows" - -!define INSTALL_DIR "GnuPG" - -!define WELCOME_TITLE_ENGLISH \ - "Welcome to the installation of GnuPG" - -!define WELCOME_TITLE_GERMAN \ - "Willkommen bei der Installation von GnuPG" - -!define ABOUT_ENGLISH \ - "GnuPG is the mostly used software for mail and data encryption. \ - GnuPG can be used to encrypt data and to create digital signatures. \ - GnuPG includes an advanced key management facility and is compliant \ - with the OpenPGP Internet standard as described in RFC-4880. \ - \r\n\r\n$_CLICK \ - \r\n\r\n\r\n\r\n\r\nThis is GnuPG version ${VERSION}.\r\n\ - File version: ${PROD_VERSION}\r\n\ - Release date: ${BUILD_ISODATE}" -!define ABOUT_GERMAN \ - "GnuPG is die häufigst verwendete Software zur Mail- und Datenverschlüsselung.\ - \r\n\r\n$_CLICK \ - \r\n\r\n\r\n\r\n\r\nDies ist GnuPG Version ${VERSION}.\r\n\ - Dateiversion: ${PROD_VERSION}\r\n\ - Releasedatum: ${BUILD_ISODATE}" - - -# The copyright license of the package. Define only one of these. -!define LICENSE_GPL - -# Select the best compression algorithm available. The dictionary -# size is the default (8 MB). -!ifndef SOURCES -SetCompressor lzma -# SetCompressorDictSize 8 -!endif - -# Include the generic parts. -!define HAVE_STARTMENU - -# We use the modern UI. -!include "MUI.nsh" - -# Some helper some -!include "LogicLib.nsh" -!include "x64.nsh" - -# Set the package name. Note that this name should not be suffixed -# with the version because this would get displayed in the start menu. -# Given that a slash in the name troubles Windows startmenu creation -# we set the Startmenu explicit below. -Name "${PRETTY_PACKAGE}" - -# Set the output filename. -OutFile "${NAME}-${VERSION}_${BUILD_DATESTR}.exe" - -#Fixme: Do we need a logo? -#Icon "${TOP_SRCDIR}/doc/logo/gnupg-logo-icon.ico" -#UninstallIcon "${TOP_SRCDIR}/doc/logo/gnupg-logo-icon.ico" - -# Set the installation directory. -!ifndef INSTALL_DIR -!define INSTALL_DIR "GnuPG" -!endif -InstallDir "$PROGRAMFILES\${INSTALL_DIR}" - -InstallDirRegKey HKLM "Software\${PACKAGE_SHORT}" "Install Directory" - - -# Add version information to the file properties. -VIProductVersion "${PROD_VERSION}" -VIAddVersionKey "ProductName" "${PRETTY_PACKAGE_SHORT} (${VERSION})" -VIAddVersionKey "Comments" \ - "GnuPG is Free Software; you can redistribute it \ - and/or modify it under the terms of the GNU General Public License. \ - You should have received a copy of the GNU General Public License \ - along with this software; if not, write to the Free Software \ - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, \ - MA 02110-1301, USA" -VIAddVersionKey "CompanyName" "${COMPANY}" -VIAddVersionKey "LegalTrademarks" "" -VIAddVersionKey "LegalCopyright" "${COPYRIGHT}" -VIAddVersionKey "FileDescription" "${DESCRIPTION}" -VIAddVersionKey "FileVersion" "${PROD_VERSION}" - -# Interface Settings - -# !define MUI_ABORTWARNING -!define MUI_FINISHPAGE_NOAUTOCLOSE -!define MUI_UNFINISHPAGE_NOAUTOCLOSE - -!define MUI_HEADERIMAGE -!define MUI_HEADERIMAGE_BITMAP "${W32_SRCDIR}\gnupg-logo-150x57.bmp" -!define MUI_WELCOMEFINISHPAGE_BITMAP "${W32_SRCDIR}\gnupg-logo-164x314.bmp" - -# Remember the installer language -!define MUI_LANGDLL_REGISTRY_ROOT "HKCU" -!define MUI_LANGDLL_REGISTRY_KEY "Software\GnuPG" -!define MUI_LANGDLL_REGISTRY_VALUENAME "Installer Language" - -# -# The list of wizard pages. -# -!define MUI_WELCOMEPAGE_TITLE "$(T_WelcomeTitle)" -!define MUI_WELCOMEPAGE_TEXT "$(T_About)" -!insertmacro MUI_PAGE_WELCOME - -!define MUI_LICENSEPAGE_BUTTON "$(^NextBtn)" -!define MUI_PAGE_HEADER_SUBTEXT "$(T_GPLHeader)" -!define MUI_LICENSEPAGE_TEXT_BOTTOM "$(T_GPLShort)" -!insertmacro MUI_PAGE_LICENSE "${TOP_SRCDIR}/COPYING" - -!define MUI_PAGE_CUSTOMFUNCTION_SHOW PrintNonAdminWarning -!insertmacro MUI_PAGE_COMPONENTS - -!define MUI_PAGE_CUSTOMFUNCTION_LEAVE CheckExistingVersion -!insertmacro MUI_PAGE_DIRECTORY - -!ifdef HAVE_STARTMENU - -Page custom CustomPageOptions - -Var STARTMENU_FOLDER - -!define MUI_PAGE_CUSTOMFUNCTION_PRE CheckIfStartMenuWanted -!define MUI_STARTMENUPAGE_NODISABLE -!define MUI_STARTMENUPAGE_REGISTRY_ROOT "HKCU" -!define MUI_STARTMENUPAGE_REGISTRY_KEY "Software\GnuPG" -!define MUI_STARTMENUPAGE_REGISTRY_VALUENAME "Start Menu Folder" -# We need to set the Startmenu name explicitly because a slash in the -# name is not possible. -!define MUI_STARTMENUPAGE_DEFAULTFOLDER "GnuPG" - -!insertmacro MUI_PAGE_STARTMENU Application $STARTMENU_FOLDER - -!endif - -!define MUI_PAGE_CUSTOMFUNCTION_PRE PrintCloseOtherApps -!insertmacro MUI_PAGE_INSTFILES - -#!define MUI_PAGE_CUSTOMFUNCTION_PRE ShowFinalWarnings -!define MUI_FINISHPAGE_SHOWREADME "README.txt" -!define MUI_FINISHPAGE_SHOWREADME_TEXT "$(T_ShowReadme)" -#!define MUI_FINISHPAGE_RUN -#!define MUI_FINISHPAGE_RUN_FUNCTION RunOnFinish -#!define MUI_FINISHPAGE_RUN_TEXT "$(T_RunKeyManager)" -#!define MUI_FINISHPAGE_RUN_NOTCHECKED -!define MUI_FINISHPAGE_LINK "$(T_MoreInfo)" -!define MUI_FINISHPAGE_LINK_LOCATION "$(T_MoreInfoURL)" -!insertmacro MUI_PAGE_FINISH - - -# Uninstaller pages. - -!insertmacro MUI_UNPAGE_CONFIRM -!insertmacro MUI_UNPAGE_INSTFILES - - -#Page license -#Page components -#Page directory -#Page instfiles -#UninstPage uninstConfirm -#UninstPage instfiles - - -# Language support. This has to be done after defining the pages, but -# before defining the translation strings. Confusing. - -!insertmacro MUI_LANGUAGE "English" -!insertmacro MUI_LANGUAGE "German" - -!insertmacro MUI_RESERVEFILE_LANGDLL -!insertmacro MUI_RESERVEFILE_INSTALLOPTIONS -ReserveFile "${BUILD_DIR}\g4wihelp.dll" -ReserveFile "${W32_SRCDIR}\gnupg-logo-150x57.bmp" -ReserveFile "${W32_SRCDIR}\gnupg-logo-164x314.bmp" -ReserveFile "${TOP_SRCDIR}\COPYING" -ReserveFile "${W32_SRCDIR}\inst-options.ini" - -# Language support - -LangString T_LangCode ${LANG_ENGLISH} "en" -LangString T_LangCode ${LANG_GERMAN} "de" - - -# The WelcomeTitle is displayed on the first page. -LangString T_WelcomeTitle ${LANG_ENGLISH} "${WELCOME_TITLE_ENGLISH}" -LangString T_WelcomeTitle ${LANG_GERMAN} "${WELCOME_TITLE_GERMAN}" - -# The About string as displayed on the first page. -LangString T_About ${LANG_ENGLISH} "${ABOUT_ENGLISH}" -LangString T_About ${LANG_GERMAN} "${ABOUT_GERMAN}" - -# Startup page -LangString T_GPLHeader ${LANG_ENGLISH} \ - "This software is licensed under the terms of the GNU General Public \ - License (GNU GPL)." -LangString T_GPLHeader ${LANG_GERMAN}} \ - "Diese Software ist unter der GNU General Public License \ - (GNU GPL) lizensiert." - -LangString T_GPLShort ${LANG_ENGLISH} \ - "In short: You are allowed to run this software for any purpose. \ - You may distribute it as long as you give the recipients the same \ - rights you have received." -LangString T_GPLShort ${LANG_GERMAN} \ - "In aller Kürze: Sie haben das Recht, die Software zu jedem Zweck \ - einzusetzen. Sie können die Software weitergeben, sofern Sie dem \ - Empfänger dieselben Rechte einräumen, die auch Sie erhalten haben." - -LangString T_RunKeyManager ${LANG_ENGLISH} \ - "Run the key manager" -LangString T_RunKeyManager ${LANG_GERMAN} \ - "Die Schlüsselverwaltung aufrufen" - -LangString T_MoreInfo ${LANG_ENGLISH} \ - "Click here for GnuPG's website" -LangString T_MoreInfo ${LANG_GERMAN} \ - "Hier klicken um zur GnuPG Homepage zu gelangen" -LangString T_MoreInfoURL ${LANG_ENGLISH} "https://gnupg.org" -LangString T_MoreInfoURL ${LANG_GERMAN} "https://gnupg.org" - -LangString T_ShowReadme ${LANG_ENGLISH} \ - "Show the README file" -LangString T_ShowReadme ${LANG_GERMAN} \ - "Die README Datei anzeigen" - -LangString T_NoKeyManager ${LANG_ENGLISH} \ - "No key manager has been installed, thus we can't run one now." -LangString T_NoKeyManager ${LANG_GERMAN} \ - "Es wurde keine Schlüsselverwaltung installiert. \ - Deswegen kann sie jetzt auch nicht ausgeführt werden." - -# Functions - -# Custom functions and macros for this installer. -LangString T_AlreadyRunning ${LANG_ENGLISH} \ - "An instance of this installer is already running." -LangString T_AlreadyRunning ${LANG_GERMAN} \ - "Ein Exemplar dieses Installers läuft bereits." - -Function G4wRunOnce - Push $R0 - StrCpy $R0 "gnupg" - g4wihelp::runonce - StrCmp $R0 0 +3 - MessageBox MB_OK $(T_AlreadyRunning) - Abort - Pop $R0 -FunctionEnd - -# -# Control function for the Custom page to select special -# install options. -# -Function CustomPageOptions - !insertmacro MUI_HEADER_TEXT "$(T_InstallOptions)" "$(T_InstallOptLinks)" - - # Note, that the default selection is done in the ini file - !insertmacro MUI_INSTALLOPTIONS_WRITE "${W32_SRCDIR}/inst-options.ini" \ - "Field 1" "Text" "$(T_InstOptLabelA)" - !insertmacro MUI_INSTALLOPTIONS_WRITE "${W32_SRCDIR}/inst-options.ini" \ - "Field 2" "Text" "$(T_InstOptFieldA)" - !insertmacro MUI_INSTALLOPTIONS_WRITE "${W32_SRCDIR}/inst-options.ini" \ - "Field 3" "Text" "$(T_InstOptFieldB)" - !insertmacro MUI_INSTALLOPTIONS_WRITE "${W32_SRCDIR}/inst-options.ini" \ - "Field 4" "Text" "$(T_InstOptFieldC)" - !insertmacro MUI_INSTALLOPTIONS_WRITE "${W32_SRCDIR}/inst-options.ini" \ - "Field 5" "Text" "$(T_InstOptLabelB)" - - !insertmacro MUI_INSTALLOPTIONS_DISPLAY "${W32_SRCDIR}/inst-options.ini" -FunctionEnd - - -# Check whether GnuPG has already been installed. This is called as -# a leave function from the directory page. A call to abort will get -# back to the directory selection. -Function CheckExistingVersion - ClearErrors - FileOpen $0 "$INSTDIR\VERSION" r - IfErrors nexttest - FileRead $0 $R0 - FileRead $0 $R1 - FileClose $0 - - Push $R1 - Call TrimNewLines - Pop $R1 - - MessageBox MB_YESNO "$(T_FoundExistingVersion)" IDYES leave - Abort - - nexttest: - ClearErrors - ReadRegStr $0 HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG" "DisplayVersion" - IfErrors leave 0 - MessageBox MB_YESNO "$(T_FoundExistingVersionB)" IDYES leave - Abort - - leave: -FunctionEnd - - - -# PrintNonAdminWarning - -# Check whether the current user is in the Administrator group or an -# OS version without the need for an Administrator is in use. Print a -# diagnostic if this is not the case and abort installation. -Function PrintNonAdminWarning - ClearErrors - UserInfo::GetName - IfErrors leave - Pop $0 - UserInfo::GetAccountType - Pop $1 - StrCmp $1 "Admin" leave +1 - MessageBox MB_OK "$(T_AdminNeeded)" - Quit - - leave: -FunctionEnd - - -# Check whether the start menu is actually wanted. - -Function CheckIfStartMenuWanted - !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${W32_SRCDIR}/inst-options.ini" \ - "Field 2" "State" - IntCmp $R0 1 +2 - Abort -FunctionEnd - - -# Check whether this is a reinstall and popup a message box to explain -# that it is better to close other apps before continuing -Function PrintCloseOtherApps - IfFileExists $INSTDIR\bin\gpg.exe print_warning - IfFileExists $INSTDIR\bin\gpa.exe print_warning - Return - print_warning: - MessageBox MB_OK|MB_ICONEXCLAMATION "$(T_CloseOtherApps)" - -FunctionEnd - -# Called right before the final page to show more warnings. -#Function ShowFinalWarnings -# leave: -#FunctionEnd - -#----------------------------------------------- -# Strings pertaining to the install options page -#----------------------------------------------- - -# Installation options title -LangString T_InstallOptions ${LANG_ENGLISH} "Install Options" -LangString T_InstallOptions ${LANG_GERMAN} "Installationsoptionen" - -# Installation options subtitle 1 -LangString T_InstallOptLinks ${LANG_ENGLISH} "Start links" -LangString T_InstallOptLinks ${LANG_GERMAN} "Startlinks" - -LangString T_InstOptLabelA ${LANG_ENGLISH} \ - "Please select where GnuPG shall install links:" -LangString T_InstOptLabelA ${LANG_GERMAN} \ - "Bitte wählen Sie, welche Verknüpfungen angelegt werden sollen:" - -LangString T_InstOptLabelB ${LANG_ENGLISH} \ - "(Only programs will be linked into the quick launch bar.)" -LangString T_InstOptLabelB ${LANG_GERMAN} \ - "(In die Schnellstartleiste werden nur Verknüpfungen für \ - Programme angelegt.) " - -LangString T_InstOptFieldA ${LANG_ENGLISH} \ - "Start Menu" -LangString T_InstOptFieldA ${LANG_GERMAN} \ - "Startmenü" - -LangString T_InstOptFieldB ${LANG_ENGLISH} \ - "Desktop" -LangString T_InstOptFieldB ${LANG_GERMAN} \ - "Arbeitsfläche" - -LangString T_InstOptFieldC ${LANG_ENGLISH} \ - "Quick Launch Bar" -LangString T_InstOptFieldC ${LANG_GERMAN} \ - "Schnellstartleiste" - -#------------------------------------------------ -# String pertaining to the existing version check -#------------------------------------------------ -LangString T_FoundExistingVersion ${LANG_ENGLISH} \ - "Version $R1 has already been installed. $\r$\n\ - Do you want to overwrite it with version ${VERSION}?" -LangString T_FoundExistingVersion ${LANG_GERMAN} \ - "Version $R1 ist hier bereits installiert. $\r$\n\ - Möchten Sie diese mit Version ${VERSION} überschreiben? $\r$\n\ - $\r$\n\ - (Sie können in jedem Fall mit JA antworten, falls es sich um \ - eine neuere oder dieselbe Version handelt.)" -LangString T_FoundExistingVersionB ${LANG_ENGLISH} \ - "A version of GnuPG has already been installed on the system. \ - There will be no problem installing and thus overwriting this \ - Version. $\r$\n\ - $\r$\n\ - Do you want to continue installing GnuPG?" -LangString T_FoundExistingVersionB ${LANG_GERMAN} \ - "Eine Version von GnuPG ist hier bereits installiert. \ - Es ist problemlos möglich, die Installation fortzuführen. $\r$\n\ - $\r$\n\ - Möchten die die Installation von GnuPG fortführen?" - - - -# From Function PrintNonAdminWarning -LangString T_AdminNeeded ${LANG_ENGLISH} \ - "Warning: Administrator permissions required for a successful installation" -LangString T_AdminNeeded ${LANG_GERMAN} \ - "Achtung: Für eine erfolgreiche Installation werden \ - Administratorrechte benötigt." - -# From Function PrintCloseOtherApps -LangString T_CloseOtherApps ${LANG_ENGLISH} \ - "Please make sure that other applications are not running. \ - GnuPG will try to install anyway but a reboot may be required." -LangString T_CloseOtherApps ${LANG_GERMAN} \ - "Bitte stellen Sie sicher, daß alle anderen Anwendugen geschlossen \ - sind. GnuPG wird auf jeden Fall versuchen, eine Installation \ - durchzuführen; es ist dann aber u.U. notwendig, das System neu zu starten." - - -# TrimNewlines - taken from the NSIS reference -# input, top of stack (e.g. whatever$\r$\n) -# output, top of stack (replaces, with e.g. whatever) -# modifies no other variables. -Function TrimNewlines - Exch $R0 - Push $R1 - Push $R2 - StrCpy $R1 0 - - loop: - IntOp $R1 $R1 - 1 - StrCpy $R2 $R0 1 $R1 - StrCmp $R2 "$\r" loop - StrCmp $R2 "$\n" loop - IntOp $R1 $R1 + 1 - IntCmp $R1 0 no_trim_needed - StrCpy $R0 $R0 $R1 - - no_trim_needed: - Pop $R2 - Pop $R1 - Exch $R0 -FunctionEnd - - -# AddToPath - Adds the given dir to the search path. -# Input - head of the stack -Function AddToPath - Exch $0 - g4wihelp::path_add "$0" - StrCmp $R5 "0" add_to_path_done - SendMessage ${HWND_BROADCAST} ${WM_WININICHANGE} 0 "STR:Environment" /TIMEOUT=5000 - add_to_path_done: - Pop $0 -FunctionEnd - - -# RemoveFromPath - Remove a given dir from the path -# Input: head of the stack -Function un.RemoveFromPath - Exch $0 - g4wihelp::path_remove "$0" - StrCmp $R5 "0" remove_from_path_done - SendMessage ${HWND_BROADCAST} ${WM_WININICHANGE} 0 "STR:Environment" /TIMEOUT=5000 - remove_from_path_done: - Pop $0 -FunctionEnd - - -# -# Define the installer sections. -# - -Section "-gnupginst" - SetOutPath "$INSTDIR" - - File "${BUILD_DIR}/README.txt" - - # Write a version file. - FileOpen $0 "$INSTDIR\VERSION" w - FileWrite $0 "${PACKAGE}$\r$\n" - FileWrite $0 "${VERSION}$\r$\n" - FileClose $0 - - WriteRegStr HKLM "Software\GnuPG" "Install Directory" $INSTDIR - - # If we are reinstalling, try to kill a possible running gpa using - # an already installed gpa. - ifFileExists "$INSTDIR\bin\launch-gpa.exe" 0 no_uiserver - ExecWait '"$INSTDIR\bin\launch-gpa" --stop-server' - - no_uiserver: - - # If we are reinstalling, try to kill a possible running agent using - # an already installed gpgconf. - ifFileExists "$INSTDIR\bin\gpgconf.exe" 0 no_gpgconf - ExecWait '"$INSTDIR\bin\gpgconf" --kill dirmngr' - ExecWait '"$INSTDIR\bin\gpgconf" --kill gpg-agent' - - no_gpgconf: - - # Add the bin directory to the PATH - Push "$INSTDIR\bin" - Call AddToPath - DetailPrint "Added $INSTDIR\bin to PATH" -SectionEnd - -LangString DESC_Menu_gnupg_readme ${LANG_ENGLISH} \ - "General information on GnuPG" -LangString DESC_Menu_gnupg_readme ${LANG_GERMAN} \ - "Allgemeine Informationen zu GnuPG" - - -Section "GnuPG" SEC_gnupg - SectionIn RO - - SetOutPath "$INSTDIR\bin" - File /oname=gpg.exe "bin/gpg2.exe" - File /oname=gpgv.exe "bin/gpgv2.exe" - File "bin/gpgsm.exe" - File "bin/gpgconf.exe" - File "bin/gpg-connect-agent.exe" - File "bin/gpgtar.exe" - - ClearErrors - SetOverwrite try - File "bin/gpg-agent.exe" - SetOverwrite lastused - ifErrors 0 +3 - File /oname=gpg-agent.exe.tmp "bin/gpg-agent.exe" - Rename /REBOOTOK gpg-agent.exe.tmp gpg-agent.exe - - ClearErrors - SetOverwrite try - File "bin/dirmngr.exe" - SetOverwrite lastused - ifErrors 0 +3 - File /oname=dirmngr.exe.tmp "bin/dirmngr.exe" - Rename /REBOOTOK dirmngr.exe.tmp dirmngr.exe - - ClearErrors - SetOverwrite try - File "libexec/scdaemon.exe" - SetOverwrite lastused - ifErrors 0 +3 - File /oname=scdaemon.exe.tmp "libexec/scdaemon.exe" - Rename /REBOOTOK scdaemon.exe.tmp scdaemon.exe - - SetOutPath "$INSTDIR\share\gnupg" - File "share/gnupg/gpg-conf.skel" -SectionEnd - - -LangString DESC_SEC_gnupg ${LANG_ENGLISH} \ - "The GnuPG Core is the actual encrypt core and a set of command \ - line utilities." -LangString DESC_SEC_gnupg ${LANG_GERMAN} \ - "Der GnuPG Core ist, wie der Name schon sagt, der Kernbestandteil \ - dieser Software. Der GnuPG Core stellt die eigentliche \ - Verschlüsselung sowie die Verwaltung der Schlüssel bereit." - -LangString DESC_Menu_gnupg_manual ${LANG_ENGLISH} \ - "Show the manual for the GnuPG Core" -LangString DESC_Menu_gnupg_manual ${LANG_GERMAN} \ - "Das Handbuch zum GnuPG Kern anzeigen" - -Section "-libgpg-error" SEC_libgpg_error - SetOutPath "$INSTDIR\bin" - File bin/libgpg-error-0.dll - SetOutPath "$INSTDIR\lib" - File /oname=libgpg-error.imp lib/libgpg-error.dll.a - SetOutPath "$INSTDIR\include" - File include/gpg-error.h -SectionEnd - -Section "-libiconv" SEC_libiconv - SetOutPath "$INSTDIR\bin" - File bin/libiconv-2.dll -SectionEnd - -Section "-zlib" SEC_zlib - SetOutPath "$INSTDIR\bin" - File bin/zlib1.dll -SectionEnd - -Section "-adns" SEC_adns - SetOutPath "$INSTDIR\bin" - File bin/libadns-1.dll - SetOutPath "$INSTDIR\lib" - File /oname=libadns.imp lib/libadns.dll.a - SetOutPath "$INSTDIR\include" - File include/adns.h -SectionEnd - -Section "-npth" SEC_npth - SetOutPath "$INSTDIR\bin" - File bin/libnpth-0.dll - SetOutPath "$INSTDIR\lib" - File /oname=libnpth.imp lib/libnpth.dll.a - SetOutPath "$INSTDIR\include" - File include/npth.h -SectionEnd - -Section "-gcrypt" SEC_gcrypt - SetOutPath "$INSTDIR\bin" - File bin/libgcrypt-20.dll - SetOutPath "$INSTDIR\lib" - File /oname=libgcrypt.imp lib/libgcrypt.dll.a - SetOutPath "$INSTDIR\include" - File include/gcrypt.h -SectionEnd - -Section "-assuan" SEC_assuan - SetOutPath "$INSTDIR\bin" - File bin/libassuan-0.dll - SetOutPath "$INSTDIR\lib" - File /oname=libassuan.imp lib/libassuan.dll.a - SetOutPath "$INSTDIR\include" - File include/assuan.h -SectionEnd - -Section "-ksba" SEC_ksba - SetOutPath "$INSTDIR\bin" - File bin/libksba-8.dll - SetOutPath "$INSTDIR\lib" - File /oname=libksba.imp lib/libksba.dll.a - SetOutPath "$INSTDIR\include" - File include/ksba.h -SectionEnd - -Section "-gpgme" SEC_gpgme - SetOutPath "$INSTDIR\bin" - File bin/libgpgme-11.dll - File /nonfatal bin/libgpgme-glib-11.dll - File libexec/gpgme-w32spawn.exe - SetOutPath "$INSTDIR\lib" - File /oname=libgpgme.imp lib/libgpgme.dll.a - File /nonfatal /oname=libgpgme-glib.imp lib/libgpgme-glib.dll.a - SetOutPath "$INSTDIR\include" - File include/gpgme.h -SectionEnd - -!ifdef WITH_GUI -Section "-gettext" SEC_gettext - SetOutPath "$INSTDIR\bin" - File bin/libintl-8.dll -SectionEnd - -Section "-glib" SEC_glib - SetOutPath "$INSTDIR\bin" - File bin/libgio-2.0-0.dll - File bin/libglib-2.0-0.dll - File bin/libgmodule-2.0-0.dll - File bin/libgobject-2.0-0.dll - File bin/libgthread-2.0-0.dll - File bin/gspawn-win32-helper.exe - File bin/gspawn-win32-helper-console.exe - - File bin/libffi-6.dll -SectionEnd - -Section "-libpng" SEC_libpng - SetOutPath "$INSTDIR\bin" - File bin/libpng14-14.dll -SectionEnd - -#Section "-jpeg" SEC_jpeg -# SetOutPath "$INSTDIR" -# File bin/jpeg62.dll -#SectionEnd - -Section "-cairo" SEC_cairo - SetOutPath "$INSTDIR\bin" - File bin/libcairo-gobject-2.dll - File bin/libpangocairo-1.0-0.dll - File bin/libcairo-2.dll - File bin/libcairo-script-interpreter-2.dll -SectionEnd - -Section "-pixman" SEC_pixman - SetOutPath "$INSTDIR\bin" - File bin/libpixman-1-0.dll -SectionEnd - -Section "-pango" SEC_pango - SetOutPath "$INSTDIR\bin" - File bin/pango-querymodules.exe - File bin/libpango-1.0-0.dll - File bin/libpangowin32-1.0-0.dll - - SetOutPath "$INSTDIR\lib\pango\1.6.0\modules" - File lib/pango/1.6.0/modules/pango-basic-win32.dll - File lib/pango/1.6.0/modules/pango-arabic-lang.dll - File lib/pango/1.6.0/modules/pango-indic-lang.dll - - SetOutPath "$INSTDIR\etc\pango" - File ${W32_SRCDIR}/pango.modules -SectionEnd - -Section "-atk" SEC_atk - SetOutPath "$INSTDIR\bin" - File bin/libatk-1.0-0.dll -SectionEnd - -Section "-gtk+" SEC_gtk_ - SetOutPath "$INSTDIR\bin" - File bin/libgdk_pixbuf-2.0-0.dll - File bin/libgdk-win32-2.0-0.dll - File bin/libgtk-win32-2.0-0.dll - - SetOutPath "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0" - File /oname=loaders.cache ${W32_SRCDIR}/gdk-pixbuf-loaders.cache - SetOutPath "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders" - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-ani.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-bmp.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-emf.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-gif.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-ico.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-jpeg.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-tiff.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-gdip-wmf.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-icns.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-pcx.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-pnm.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-qtif.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-ras.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-tga.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-wbmp.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-xbm.dll - File lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-xpm.dll - - SetOutPath "$INSTDIR\lib\gtk-2.0\2.10.0\engines" - File lib/gtk-2.0/2.10.0/engines/libwimp.dll - File lib/gtk-2.0/2.10.0/engines/libpixmap.dll - - SetOutPath "$INSTDIR\lib\gtk-2.0\2.10.0\immodules" - File lib/gtk-2.0/2.10.0/immodules/im-thai.dll - File lib/gtk-2.0/2.10.0/immodules/im-cyrillic-translit.dll - File lib/gtk-2.0/2.10.0/immodules/im-multipress.dll - File lib/gtk-2.0/2.10.0/immodules/im-ti-er.dll - File lib/gtk-2.0/2.10.0/immodules/im-am-et.dll - File lib/gtk-2.0/2.10.0/immodules/im-cedilla.dll - File lib/gtk-2.0/2.10.0/immodules/im-inuktitut.dll - File lib/gtk-2.0/2.10.0/immodules/im-viqr.dll - File lib/gtk-2.0/2.10.0/immodules/im-ti-et.dll - File lib/gtk-2.0/2.10.0/immodules/im-ipa.dll - File lib/gtk-2.0/2.10.0/immodules/im-ime.dll - - SetOutPath "$INSTDIR\share\themes\Default\gtk-2.0-key" - File share/themes/Default/gtk-2.0-key/gtkrc - - SetOutPath "$INSTDIR\share\themes\MS-Windows\gtk-2.0" - File share/themes/MS-Windows/gtk-2.0/gtkrc - - SetOutPath "$INSTDIR\etc\gtk-2.0" - File etc/gtk-2.0/im-multipress.conf -SectionEnd -!endif - -Section "-pinentry" SEC_pinentry - SetOutPath "$INSTDIR\bin" - File /oname=pinentry-basic.exe "bin/pinentry-w32.exe" -SectionEnd - -!ifdef WITH_GUI -Section "gpa" SEC_gpa - SectionIn RO - SetOutPath "$INSTDIR\bin" - File bin/gpa.exe - File bin/launch-gpa.exe -SectionEnd - -LangString DESC_SEC_gpa ${LANG_ENGLISH} \ - "The GnuPG Assistant is the graphical interface of GnuPG" -LangString DESC_SEC_gpa ${LANG_GERMAN} \ - "Der GnuPG Assistent ist die graphische Oberfläche von GnuPG." - -LangString DESC_Menu_gpa ${LANG_ENGLISH} \ - "Run the GnuGP Assistant." -LangString DESC_Menu_gpa ${LANG_GERMAN} \ - "Den GnuPG Assistenten starten." - -Section "gpgex" SEC_gpgex - SetOutPath "$INSTDIR\bin" - - ClearErrors - SetOverwrite try - File bin/gpgex.dll - SetOverwrite lastused - ifErrors 0 do_reg - File /oname=gpgex.dll.tmp bin/gpgex.dll - Rename /REBOOTOK gpgex.dll.tmp gpgex.dll - - do_reg: - ClearErrors - RegDLL "$INSTDIR\bin\gpgex.dll" - ifErrors 0 +2 - MessageBox MB_OK "$(T_GPGEX_RegFailed)" - -${If} ${RunningX64} - # Install the 64 bit version of the plugin. - # Note that we install this in addition to the 32 bit version so that - # the 32 bit version can be used by file dialogs of 32 bit programs. - ClearErrors - SetOverwrite try - File /oname=gpgex6.dll "${INST6_DIR}/bin/gpgex.dll" - SetOverwrite lastused - ifErrors 0 do_reg64 - File /oname=gpgex6.dll.tmp "${INST6_DIR}/bin/gpgex.dll" - Rename /REBOOTOK gpgex6.dll.tmp gpgex6.dll - - do_reg64: - # Register the DLL. We need to register both versions. However - # RegDLL can't be used for 64 bit and InstallLib seems to be a - # registry hack. - ClearErrors - ExecWait '"$SYSDIR\regsvr32" /s "$INSTDIR\bin\gpgex6.dll"' - ifErrors 0 +2 - MessageBox MB_OK "$(T_GPGEX_RegFailed) (64 bit)" - - # Note: There is no need to install the help an mo files because - # they are identical to those installed by the 32 bit version. -${EndIf} -SectionEnd - -LangString T_GPGEX_RegFailed ${LANG_ENGLISH} \ - "Warning: Registration of the Explorer plugin failed." - -LangString DESC_SEC_gpgex ${LANG_ENGLISH} \ - "GnuPG Explorer Extension" - -!endif - - -Section "-gnupglast" SEC_gnupglast - SetOutPath "$INSTDIR" -SectionEnd - - -# -# Define the uninstaller sections. -# -# (reverse order of the installer sections!) -# - -Section "-un.gnupglast" - ifFileExists "$INSTDIR\bin\launch-gpa.exe" 0 no_uiserver - ExecWait '"$INSTDIR\bin\launch-gpa" --stop-server' - no_uiserver: - ifFileExists "$INSTDIR\bin\gpgconf.exe" 0 no_gpgconf - ExecWait '"$INSTDIR\bin\gpgconf" --kill gpg-agent' - no_gpgconf: -SectionEnd - -Section "-un.gpgex" - UnRegDLL "$INSTDIR\bin\gpgex.dll" - - Delete /REBOOTOK "$INSTDIR\bin\gpgex.dll" - -${If} ${RunningX64} - ExecWait '"$SYSDIR\regsvr32" /u /s "$INSTDIR\bin\gpgex6.dll"' - Delete /REBOOTOK "$INSTDIR\bin\gpgex6.dll" -${EndIf} -SectionEnd - -!ifdef WITH_GUI -Section "-un.gpa" - Delete "$INSTDIR\bin\gpa.exe" - Delete "$INSTDIR\bin\launch-gpa.exe" - - RMDir "$INSTDIR\share\gpa" -SectionEnd -!endif - -Section "-un.pinentry" - Delete "$INSTDIR\bin\pinentry-basic.exe" -SectionEnd - -!ifdef WITH_GUI -Section "-un.gtk+" - Delete "$INSTDIR\bin\libgdk_pixbuf-2.0-0.dll" - Delete "$INSTDIR\bin\libgdk-win32-2.0-0.dll" - Delete "$INSTDIR\bin\libgtk-win32-2.0-0.dll" - - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders.cache" - - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-ani.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-gdip-bmp.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-gdip-emf.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-gdip-gif.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-gdip-ico.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-gdip-jpeg.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-gdip-tiff.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-gdip-wmf.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-icns.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-pcx.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-png.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-pnm.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-qtif.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-ras.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-tga.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-xbm.dll" - Delete "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-xpm.dll" - RMDir "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0\loaders" - RMDir "$INSTDIR\lib\gdk-pixbuf-2.0\2.10.0" - RMDir "$INSTDIR\lib\gdk-pixbuf-2.0" - - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\engines\libwimp.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\engines\libpixmap.dll" - RMDir "$INSTDIR\lib\gtk-2.0\2.10.0\engines" - - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-thai.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-cyrillic-translit.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-multipress.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-ti-er.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-am-et.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-cedilla.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-inuktitut.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-viqr.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-ti-et.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-ipa.dll" - Delete "$INSTDIR\lib\gtk-2.0\2.10.0\immodules\im-ime.dll" - RMDir "$INSTDIR\lib\gtk-2.0\2.10.0\immodules" - - RMDir "$INSTDIR\lib\gtk-2.0\2.10.0" - RMDir "$INSTDIR\lib\gtk-2.0" - - Delete "$INSTDIR\share\themes\Default\gtk-2.0-key\gtkrc" - RMDir "$INSTDIR\share\themes\Default\gtk-2.0-key" - RMDir "$INSTDIR\share\themes\Default" - - Delete "$INSTDIR\share\themes\MS-Windows\gtk-2.0\gtkrc" - RMDir "$INSTDIR\share\themes\MS-Windows\gtk-2.0" - RMDir "$INSTDIR\share\themes\MS-Windows" - - RMDir "$INSTDIR\share\themes" - - Delete "$INSTDIR\etc\gtk-2.0\im-multipress.conf" - RMDir "$INSTDIR\etc\gtk-2.0" -SectionEnd - -Section "-un.atk" - Delete "$INSTDIR\bin\libatk-1.0-0.dll" -SectionEnd - -Section "-un.pango" - Delete "$INSTDIR\bin\pango-querymodules.exe" - Delete "$INSTDIR\bin\libpango-1.0-0.dll" - Delete "$INSTDIR\bin\libpangowin32-1.0-0.dll" - - Delete "$INSTDIR\lib\pango\1.6.0\modules\pango-basic-win32.dll" - Delete "$INSTDIR\lib\pango\1.6.0\modules\pango-arabic-lang.dll" - Delete "$INSTDIR\lib\pango\1.6.0\modules\pango-indic-lang.dll" - RMDir "$INSTDIR\lib\pango\1.6.0\modules" - RMDir "$INSTDIR\lib\pango\1.6.0" - RMDir "$INSTDIR\lib\pango" - - Delete "$INSTDIR\etc\pango\pango.modules" - RMDir "$INSTDIR\etc\pango" -SectionEnd - -Section "-un.pixman" - Delete "$INSTDIR\bin\libpixman-1-0.dll" -SectionEnd - -Section "-un.cairo" - Delete "$INSTDIR\bin\libcairo-gobject-2.dll" - Delete "$INSTDIR\bin\libpangocairo-1.0-0.dll" - Delete "$INSTDIR\bin\libcairo-2.dll" - Delete "$INSTDIR\bin\libcairo-script-interpreter-2.dll" -SectionEnd - -Section "-un.libpng" - Delete "$INSTDIR\bin\libpng14-14.dll" -SectionEnd - -Section "-un.glib" - Delete "$INSTDIR\bin\libgio-2.0-0.dll" - Delete "$INSTDIR\bin\libglib-2.0-0.dll" - Delete "$INSTDIR\bin\libgmodule-2.0-0.dll" - Delete "$INSTDIR\bin\libgobject-2.0-0.dll" - Delete "$INSTDIR\bin\libgthread-2.0-0.dll" - Delete "$INSTDIR\bin\gspawn-win32-helper.exe" - Delete "$INSTDIR\bin\gspawn-win32-helper-console.exe" - Delete "$INSTDIR\bin\libffi-6.dll" -SectionEnd -!endif - - -Section "-un.gettext" - Delete "$INSTDIR\bin\libintl-8.dll" -SectionEnd - -Section "-un.gpgme" - Delete "$INSTDIR\bin\libgpgme-11.dll" - Delete "$INSTDIR\bin\libgpgme-glib-11.dll" - Delete "$INSTDIR\bin\gpgme-w32spawn.exe" - Delete "$INSTDIR\lib\libgpgme.imp" - Delete "$INSTDIR\lib\libgpgme-glib.imp" - Delete "$INSTDIR\include\gpgme.h" -SectionEnd - -Section "-un.ksba" - Delete "$INSTDIR\bin\libksba-8.dll" - Delete "$INSTDIR\lib\libksba.imp" - Delete "$INSTDIR\include\ksba.h" -SectionEnd - -Section "-un.assuan" - Delete "$INSTDIR\bin\libassuan-0.dll" - Delete "$INSTDIR\lib\libassuan.imp" - Delete "$INSTDIR\include\assuan.h" -SectionEnd - -Section "-un.gcrypt" - Delete "$INSTDIR\bin\libgcrypt-20.dll" - Delete "$INSTDIR\lib\libgcrypt.imp" - Delete "$INSTDIR\include\gcrypt.h" -SectionEnd - -Section "-un.npth" - Delete "$INSTDIR\bin\libnpth-0.dll" - Delete "$INSTDIR\lib\libnpth.imp" - Delete "$INSTDIR\include\npth.h" -SectionEnd - -Section "-un.adns" - Delete "$INSTDIR\bin\libadns-1.dll" - Delete "$INSTDIR\lib\libadns.imp" - Delete "$INSTDIR\include\adns.h" -SectionEnd - -Section "-un.zlib" - Delete "$INSTDIR\bin\zlib1.dll" -SectionEnd - -Section "-un.libiconv" - Delete "$INSTDIR\bin\libiconv-2.dll" -SectionEnd - -Section "-un.libgpg-error" - Delete "$INSTDIR\bin\libgpg-error-0.dll" - Delete "$INSTDIR\lib\libgpg-error.imp" - Delete "$INSTDIR\include\gpg-error.h" -SectionEnd - -Section "-un.gnupg" - Delete "$INSTDIR\bin\gpg.exe" - Delete "$INSTDIR\bin\gpgv.exe" - Delete "$INSTDIR\bin\gpgsm.exe" - Delete "$INSTDIR\bin\gpg-agent.exe" - Delete "$INSTDIR\bin\scdaemon.exe" - Delete "$INSTDIR\bin\dirmngr.exe" - Delete "$INSTDIR\bin\gpgconf.exe" - Delete "$INSTDIR\bin\gpg-connect-agent.exe" - Delete "$INSTDIR\bin\gpgtar.exe" - - Delete "$INSTDIR\share\gnupg\gpg-conf.skel" - RMDir "$INSTDIR\share\gnupg" -SectionEnd - -Section "-un.gnupginst" - # Delete standard stuff. - Delete "$INSTDIR\README.txt" - - Delete "$INSTDIR\VERSION" - - # Remove the bin directory from the PATH - Push "$INSTDIR\bin" - Call un.RemoveFromPath - - # Try to remove the top level directories. - RMDir "$INSTDIR\bin" - RMDir "$INSTDIR\lib" - RMDir "$INSTDIR\include" - RMDir "$INSTDIR\share" - RMDir "$INSTDIR\etc" - RMDir "$INSTDIR" - - # Clean the registry. - DeleteRegValue HKLM "Software\GNU\GnuPG" "Install Directory" -SectionEnd - - -Function .onInit - ;;!define MUI_LANGDLL_ALWAYSSHOW - !insertmacro MUI_LANGDLL_DISPLAY - - Call G4wRunOnce - - SetOutPath $TEMP -#!ifdef SOURCES -# File /oname=gpgspltmp.bmp "${TOP_SRCDIR}/doc/logo/gnupg-logo-400px.bmp" -# # We play the tune only for the soruce installer -# File /oname=gpgspltmp.wav "${TOP_SRCDIR}/src/gnupg-splash.wav" -# g4wihelp::playsound $TEMP\gpgspltmp.wav -# g4wihelp::showsplash 2500 $TEMP\gpgspltmp.bmp - -# Delete $TEMP\gpgspltmp.bmp -# # Note that we delete gpgspltmp.wav in .onInst{Failed,Success} -#!endif - - # We can't use TOP_SRCDIR dir as the name of the file needs to be - # the same while building and running the installer. Thus we - # generate the file from a template. - !insertmacro MUI_INSTALLOPTIONS_EXTRACT "${W32_SRCDIR}/inst-options.ini" - - #Call CalcDepends -FunctionEnd - - -#Function .onInstFailed -# Delete $TEMP\gpgspltmp.wav -#FunctionEnd - -#Function .onInstSuccess -# Delete $TEMP\gpgspltmp.wav -#FunctionEnd - -#Function .onSelChange -# Call CalcDepends -#FunctionEnd - - -# This must be in a central place. Urgs. - -!insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN -!insertmacro MUI_DESCRIPTION_TEXT ${SEC_gnupg} $(DESC_SEC_gnupg) -!insertmacro MUI_DESCRIPTION_TEXT ${SEC_gpa} $(DESC_SEC_gpa) -!insertmacro MUI_DESCRIPTION_TEXT ${SEC_gpgex} $(DESC_SEC_gpgex) -!insertmacro MUI_FUNCTION_DESCRIPTION_END - - -# This also must be in a central place. Also Urgs. - -!ifdef WITH_GUI -Section "-startmenu" - -!ifdef HAVE_STARTMENU - # Make sure that the context of the automatic variables has been set to - # the "all users" shell folder. This guarantees that the menu gets written - # for all users. We have already checked that we are running as Admin; or - # we printed a warning that installation will not succeed. - SetShellVarContext all - - # Check if the start menu entries where requested. - !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${W32_SRCDIR}/inst-options.ini" \ - "Field 2" "State" - IntCmp $R0 0 no_start_menu - -!insertmacro MUI_STARTMENU_WRITE_BEGIN Application - CreateDirectory "$SMPROGRAMS\$STARTMENU_FOLDER" - - SectionGetFlags ${SEC_gpa} $R0 - IntOp $R0 $R0 & ${SF_SELECTED} - IntCmp $R0 ${SF_SELECTED} 0 no_gpa_menu - CreateShortCut "$SMPROGRAMS\$STARTMENU_FOLDER\GPA.lnk" \ - "$INSTDIR\bin\launch-gpa.exe" \ - "" "" "" SW_SHOWNORMAL "" $(DESC_Menu_gpa) - no_gpa_menu: - - - CreateShortCut "$SMPROGRAMS\$STARTMENU_FOLDER\GnuPG Manual.lnk" \ - "$INSTDIR\share\gnupg\gnupg.html" \ - "" "" "" SW_SHOWNORMAL "" $(DESC_Menu_gnupg_manual) - - CreateShortCut "$SMPROGRAMS\$STARTMENU_FOLDER\GnuPG README.lnk" \ - "$INSTDIR\README.txt" \ - "" "" "" SW_SHOWNORMAL "" $(DESC_Menu_gnupg_readme) - -!insertmacro MUI_STARTMENU_WRITE_END - - - -no_start_menu: - - - # Check if the desktop entries where requested. - !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${W32_SRCDIR}/inst-options.ini" \ - "Field 3" "State" - IntCmp $R0 0 no_desktop - - SectionGetFlags ${SEC_gpa} $R0 - IntOp $R0 $R0 & ${SF_SELECTED} - IntCmp $R0 ${SF_SELECTED} 0 no_gpa_desktop - CreateShortCut "$DESKTOP\GPA.lnk" \ - "$INSTDIR\bin\launch-gpa.exe" \ - "" "" "" SW_SHOWNORMAL "" $(DESC_Menu_gpa) - no_gpa_desktop: - - - CreateShortCut "$DESKTOP\GPA Manual.lnk" \ - "$INSTDIR\share\gpa\gpa.html" \ - "" "" "" SW_SHOWNORMAL "" $(DESC_Menu_gpa_manual) - -no_desktop: - - - # Check if the quick launch bar entries where requested. - !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${W32_SRCDIR}/inst-options.ini" \ - "Field 4" "State" - IntCmp $R0 0 no_quick_launch - StrCmp $QUICKLAUNCH $TEMP no_quick_launch - - SectionGetFlags ${SEC_gpa} $R0 - IntOp $R0 $R0 & ${SF_SELECTED} - IntCmp $R0 ${SF_SELECTED} 0 no_gpa_quicklaunch - CreateShortCut "$QUICKLAUNCH\GPA.lnk" \ - "$INSTDIR\bin\launch-gpa.exe" \ - "" "" "" SW_SHOWNORMAL "" $(DESC_Menu_gpa) -no_gpa_quicklaunch: - - -no_quick_launch: - - -!endif -SectionEnd -!endif - - -# -# Now for the generic parts to end the installation. -# -Var MYTMP - -# Last section is a hidden one. -Section - WriteUninstaller "$INSTDIR\gnupg-uninstall.exe" - - # Windows Add/Remove Programs support - StrCpy $MYTMP "Software\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG" - WriteRegExpandStr HKLM $MYTMP "UninstallString" '"$INSTDIR\gnupg-uninstall.exe"' - WriteRegExpandStr HKLM $MYTMP "InstallLocation" "$INSTDIR" - WriteRegStr HKLM $MYTMP "DisplayName" "${PRETTY_PACKAGE}" -!ifdef WITH_GUI - WriteRegStr HKLM $MYTMP "DisplayIcon" "$INSTDIR\bin\gpa.exe,0" -!endif - WriteRegStr HKLM $MYTMP "DisplayVersion" "${VERSION}" - WriteRegStr HKLM $MYTMP "Publisher" "The GnuPG Project" - WriteRegStr HKLM $MYTMP "URLInfoAbout" "https://gnupg.org" - WriteRegDWORD HKLM $MYTMP "NoModify" "1" - WriteRegDWORD HKLM $MYTMP "NoRepair" "1" -SectionEnd - - -Section Uninstall - -!ifdef WITH_GUI -!ifdef HAVE_STARTMENU - # Make sure that the context of the automatic variables has been set to - # the "all users" shell folder. This guarantees that the menu gets written - # for all users. We have already checked that we are running as Admin; or - # we printed a warning that installation will not succeed. - SetShellVarContext all - - #--------------------------------------------------- - # Delete the menu entries and any empty parent menus - #--------------------------------------------------- - !insertmacro MUI_STARTMENU_GETFOLDER Application $MYTMP - Delete "$SMPROGRAMS\$MYTMP\GPA.lnk" - Delete "$SMPROGRAMS\$MYTMP\GnuPG Manual.lnk" - Delete "$SMPROGRAMS\$MYTMP\GnuPG README.lnk" - Delete "$SMPROGRAMS\$MYTMP\*.lnk" - StrCpy $MYTMP "$SMPROGRAMS\$MYTMP" - startMenuDeleteLoop: - ClearErrors - RMDir $MYTMP - GetFullPathName $MYTMP "$MYTMP\.." - IfErrors startMenuDeleteLoopDone - StrCmp $MYTMP $SMPROGRAMS startMenuDeleteLoopDone startMenuDeleteLoop - startMenuDeleteLoopDone: - - DeleteRegValue HKLM "Software\GNU\GnuPG" "Start Menu Folder" - - # Delete Desktop links. - Delete "$DESKTOP\GPA.lnk" - Delete "$DESKTOP\GnuPG Manual.lnk" - Delete "$DESKTOP\GnuPG README.lnk" - - # Delete Quick Launch Bar links. - StrCmp $QUICKLAUNCH $TEMP no_quick_launch_uninstall - Delete "$QUICKLAUNCH\GPA.lnk" -no_quick_launch_uninstall: - -!endif -!endif - - Delete "$INSTDIR\gnupg-uninstall.exe" - RMDir "$INSTDIR" - - # Clean the registry. - DeleteRegValue HKLM "Software\GnuPG" "Install Directory" - DeleteRegKey /ifempty HKLM "Software\GnuPG" - # Remove Windows Add/Remove Programs support. - DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG" -SectionEnd diff -Nru gnupg2-2.1.6/build-aux/speedo/w32/inst-options.ini gnupg2-2.0.28/build-aux/speedo/w32/inst-options.ini --- gnupg2-2.1.6/build-aux/speedo/w32/inst-options.ini 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/w32/inst-options.ini 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -[Settings] -NumFields=5 - -; The number of the fields here is known in w32inst.nsi. -; The tags must be "[Field N]" with N=1..NumFields - -[Field 1] -Type=Label -Left=0 -Right=-1 -Top=0 -Bottom=20 - -[Field 2] -Type=Checkbox -Left=0 -Right=-1 -Top=30 -Bottom=40 -;Text=Start Menu -State=1 - -[Field 3] -Type=Checkbox -Left=0 -Right=-1 -Top=50 -Bottom=60 -;Text=Desktop -State=0 - -[Field 4] -Type=Checkbox -Left=0 -Right=-1 -Top=70 -Bottom=80 -;Text=Quick Launch Bar -State=0 - -[Field 5] -Type=Label -Left=0 -Right=-1 -Top=90 -Bottom=130 diff -Nru gnupg2-2.1.6/build-aux/speedo/w32/pango.modules gnupg2-2.0.28/build-aux/speedo/w32/pango.modules --- gnupg2-2.1.6/build-aux/speedo/w32/pango.modules 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/w32/pango.modules 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -# Pango Modules file -# -"../lib/pango/1.6.0/modules/pango-basic-win32.dll" BasicScriptEngineWin32 PangoEngineShape PangoRenderWin32 common: diff -Nru gnupg2-2.1.6/build-aux/speedo/w32/pkg-copyright.txt gnupg2-2.0.28/build-aux/speedo/w32/pkg-copyright.txt --- gnupg2-2.1.6/build-aux/speedo/w32/pkg-copyright.txt 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/w32/pkg-copyright.txt 1970-01-01 00:00:00.000000000 +0000 @@ -1,104 +0,0 @@ -Here is a list with collected copyright notices. For details see the -description of each individual package. [Compiled by wk FIXME] - -GnuPG is - - Copyright (C) 1997-2015 Werner Koch - Copyright (C) 1994-2015 Free Software Foundation, Inc. - Copyright (C) 2003-2015 g10 Code GmbH - Copyright (C) 2002 Klarälvdalens Datakonsult AB - Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper - Copyright (C) 1994 X Consortium - Copyright (C) 1998 by The Internet Society. - Copyright (C) 1998-2004 The OpenLDAP Foundation - Copyright (C) 1998-2004 Kurt D. Zeilenga. - Copyright (C) 1998-2004 Net Boolean Incorporated. - Copyright (C) 2001-2004 IBM Corporation. - Copyright (C) 1999-2003 Howard Y.H. Chu. - Copyright (C) 1999-2003 Symas Corporation. - Copyright (C) 1998-2003 Hallvard B. Furuseth. - Copyright (C) 1992-1996 Regents of the University of Michigan. - - GnuPG is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - GnuPG is distributed in the hope that it will be useful, but WITHOUT - ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - 02110-1301, USA - -GPGME is - - Copyright (C) 2000 Werner Koch (dd9jn) - Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 g10 Code GmbH - - GPGME is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation; either version 2.1 of - the License, or (at your option) any later version. - - GPGME is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with this program; if not, see . - -LIBGPG-ERROR is - - Copyright (C) 2003, 2004 g10 Code GmbH - - libgpg-error is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public License - as published by the Free Software Foundation; either version 2.1 of - the License, or (at your option) any later version. - - libgpg-error is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License - along with this program; if not, see . - - -NSIS is - - Copyright (C) 1999-2005 Nullsoft, Inc. - - This license applies to everything in the NSIS package, except where - otherwise noted. - - This software is provided 'as-is', without any express or implied - warranty. In no event will the authors be held liable for any - damages arising from the use of this software. - - Permission is granted to anyone to use this software for any - purpose, including commercial applications, and to alter it and - redistribute it freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; you must - not claim that you wrote the original software. If you use this - software in a product, an acknowledgment in the product - documentation would be appreciated but is not required. - - 2. Altered source versions must be plainly marked as such, and must - not be misrepresented as being the original software. - - 3. This notice may not be removed or altered from any source - distribution. - - The user interface used with the installer is - - Copyright (C) 2002-2005 Joost Verburg - - [It is distributed along with NSIS and the same conditions as stated - above apply] diff -Nru gnupg2-2.1.6/build-aux/speedo/w32/README.txt gnupg2-2.0.28/build-aux/speedo/w32/README.txt --- gnupg2-2.1.6/build-aux/speedo/w32/README.txt 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/w32/README.txt 1970-01-01 00:00:00.000000000 +0000 @@ -1,75 +0,0 @@ -;; README.txt -*- coding: latin-1; -*- -;; This is the README installed for Windows. Lines with a -;; semicolon in the first column are considered a comment and not -;; included in the actually installed version. Certain keywords are -;; replaced by the Makefile; those words are enclosed by exclamation -;; marks. - - GNUPG for Windows - =================== - -This is GnuPG for Windows, version !VERSION!. - -Content: - - 1. Important notes - 2. Changes - 3. GnuPG README file - 4. Legal notices - - -1. Important Notes -================== - -This is the core part of the GnuPG system as used by several other -frontend programs. This installer does not provide any graphical -frontend and thus almost everything needs to be done on the command -line. However, a small native Windows GUI tool is included which is -used by GnuPG to ask for passphrases. It provides only the basic -functionality and is installed under the name "pinentry-basic.exe". -Other software using this core component may install a different -version of such a tool under the name "pinentry.exe" or configure the -gpg-agent to use that version. - -See https://gnupg.org for latest news. HowTo documents and manuals -can be found there but some have also been installed on your machine. - -Development and maintenance of GnuPG is mostly financed by donations; -please see https://gnupg.org/donate/ for details. - - -2. Record of Changes -==================== - -This is a list of changes to the GnuPG core for this and the previous -release. - -!NEWSFILE! - - -3. GnuPG README file -==================== - -Below is the README file as distributed with the GnuPG source. - -!GNUPGREADME! - - -4. Legal notices pertaining to the individual packets -===================================================== - -GnuPG for Windows consist of several independent developed packages, -available under different license conditions. Most of these packages -are however available under the GNU General Public License (GNU GPL). -Common to all is that they are free to use without restrictions, may -be modified and that modifications may be distributed. If the source -file (i.e. gnupg-w32-VERSION_DATE.tar.xz) is distributed along with -the installer and the use of the GNU GPL has been pointed out, -distribution is in all cases possible. - -What follows is a list of copyright statements. - -!PKG-COPYRIGHT! - - -***end of file *** diff -Nru gnupg2-2.1.6/build-aux/speedo/zlib.pc gnupg2-2.0.28/build-aux/speedo/zlib.pc --- gnupg2-2.1.6/build-aux/speedo/zlib.pc 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo/zlib.pc 1970-01-01 00:00:00.000000000 +0000 @@ -1,10 +0,0 @@ -prefix=/usr -exec_prefix=${prefix} -libdir=${exec_prefix}/lib -includedir=${prefix}/include - -Name: zlib -Description: zlib compression library -Version: 1.2.5 -Libs: -L${libdir} -lz -Cflags: -I${includedir} diff -Nru gnupg2-2.1.6/build-aux/speedo.mk gnupg2-2.0.28/build-aux/speedo.mk --- gnupg2-2.1.6/build-aux/speedo.mk 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/speedo.mk 1970-01-01 00:00:00.000000000 +0000 @@ -1,1129 +0,0 @@ -# speedo.mk - Speedo rebuilds speedily. -# Copyright (C) 2008, 2014 g10 Code GmbH -# -# speedo is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# speedo is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . - -# speedo builds gnupg-related packages from GIT and installs them in a -# user directory, thereby providing a non-obstrusive test environment. -# speedo does only work with GNU make. The build system is similar to -# that of gpg4win. The following commands are supported: -# -# make -f speedo.mk all pkg2rep=/dir/with/tarballs -# or -# make -f speedo.mk -# -# Builds all packages and installs them under PLAY/inst. At the end, -# speedo prints commands that can be executed in the local shell to -# make use of the installed packages. -# -# make -f speedo.mk clean -# or -# make -f speedo.mk clean-PACKAGE -# -# Removes all packages or the package PACKAGE from the installation -# and build tree. A subsequent make will rebuild these (and only -# these) packages. -# -# make -f speedo.mk report -# or -# make -f speedo.mk report-PACKAGE -# -# Lists packages and versions. -# - -# We need to know our own name. -SPEEDO_MK := $(realpath $(lastword $(MAKEFILE_LIST))) - -.PHONY : help native native-gui w32-installer w32-source -.PHONY : git-native git-native-gui git-w32-installer git-w32-source -.PHONY : this-native this-native-gui this-w32-installer this-w32-source - -help: - @echo 'usage: make -f speedo.mk TARGET' - @echo ' with TARGET being one of:' - @echo ' help This help' - @echo ' native Native build of the GnuPG core' - @echo ' native-gui Ditto but with pinentry and GPA' - @echo ' w32-installer Build a Windows installer' - @echo ' w32-source Pack a source archive' - @echo - @echo 'You may append INSTALL_PREFIX= for native builds.' - @echo 'Prepend TARGET with "git-" to build from GIT repos.' - @echo 'Prepend TARGET with "this-" to build from the source tarball.' - @echo 'Use SELFCHECK=0 for a non-released version.' - @echo 'Use CUSTOM_SWDB=1 for an already downloaded swdb.lst.' - -SPEEDOMAKE := $(MAKE) -f $(SPEEDO_MK) UPD_SWDB=1 - -native: check-tools - $(SPEEDOMAKE) TARGETOS=native WHAT=release WITH_GUI=0 all - -git-native: check-tools - $(SPEEDOMAKE) TARGETOS=native WHAT=git WITH_GUI=0 all - -this-native: check-tools - $(SPEEDOMAKE) TARGETOS=native WHAT=this WITH_GUI=0 all - -native-gui: check-tools - $(SPEEDOMAKE) TARGETOS=native WHAT=release WITH_GUI=1 all - -git-native-gui: check-tools - $(SPEEDOMAKE) TARGETOS=native WHAT=git WITH_GUI=1 all - -this-native-gui: check-tools - $(SPEEDOMAKE) TARGETOS=native WHAT=this WITH_GUI=1 all - -w32-installer: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=0 installer - -git-w32-installer: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=0 installer - -this-w32-installer: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=this WITH_GUI=0 \ - CUSTOM_SWDB=1 installer - -w32-source: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=0 dist-source - -git-w32-source: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=0 dist-source - -this-w32-source: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=this WITH_GUI=0 \ - CUSTOM_SWDB=1 dist-source - - -# Set this to "git" to build from git, -# to "release" from tarballs, -# to "this" from the unpacked sources. -WHAT=git - -# Set target to "native" or "w32" -TARGETOS= - -# Set to 1 to build the GUI tools -WITH_GUI=0 - -# Set to 1 to use a pre-installed swdb.lst instead of the online version. -CUSTOM_SWDB=0 - -# Set to 1 to really download the swdb. -UPD_SWDB=0 - -# Set to 0 to skip the GnuPG version self-check -SELFCHECK=1 - -# Set to the location of the directory with tarballs of -# external packages. -TARBALLS=$(shell pwd)/../tarballs - -# Number of parallel make jobs -MAKE_J=3 - -# Name to use for the w32 installer and sources -INST_NAME=gnupg-w32 - -# Use this to override the installaion directory for native builds. -INSTALL_PREFIX=none - - -# Directory names. -# They must be absolute, as we switch directories pretty often. -root := $(shell pwd)/PLAY -sdir := $(root)/src -bdir := $(root)/build -bdir6:= $(root)/build-w64 -ifeq ($(INSTALL_PREFIX),none) -idir := $(root)/inst -else -idir := $(abspath $(INSTALL_PREFIX)) -endif -idir6:= $(root)/inst-w64 -stampdir := $(root)/stamps -topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd) -auxsrc := $(topsrc)/build-aux/speedo -patdir := $(topsrc)/build-aux/speedo/patches -w32src := $(topsrc)/build-aux/speedo/w32 - -# =====BEGIN LIST OF PACKAGES===== -# The packages that should be built. The order is also the build order. -# Fixme: Do we need to build pkg-config for cross-building? - -speedo_spkgs = \ - libgpg-error npth libgcrypt - -ifeq ($(TARGETOS),w32) -speedo_spkgs += \ - zlib bzip2 adns libiconv -ifeq ($(WITH_GUI),1) -speedo_spkgs += gettext -endif -endif - -speedo_spkgs += \ - libassuan libksba gnupg - -ifeq ($(TARGETOS),w32) -ifeq ($(WITH_GUI),1) -speedo_spkgs += \ - libffi glib pkg-config -endif -endif - -speedo_spkgs += \ - gpgme - -ifeq ($(TARGETOS),w32) -ifeq ($(WITH_GUI),1) -speedo_spkgs += \ - libpng \ - gdk-pixbuf atk pixman cairo pango gtk+ -endif -endif - -ifeq ($(TARGETOS),w32) - -speedo_spkgs += pinentry -ifeq ($(WITH_GUI),1) -speedo_spkgs += gpa gpgex -endif - -else - -ifeq ($(WITH_GUI),1) -speedo_spkgs += pinentry gpa -endif - -endif - - -# =====END LIST OF PACKAGES===== - - -# Packages which are additionally build for 64 bit Windows. They are -# only used for gpgex and thus we need to build them only if we want -# a full installer. -speedo_w64_spkgs = -ifeq ($(WITH_GUI),1) -speedo_w64_spkgs += libgpg-error libiconv gettext libassuan gpgex -endif - -# Packages which use the gnupg autogen.sh build style -speedo_gnupg_style = \ - libgpg-error npth libgcrypt \ - libassuan libksba gnupg gpgme \ - pinentry gpa gpgex - -# Packages which use only make and no build directory -speedo_make_only_style = \ - zlib bzip2 - -# Get the content of the software DB. -ifeq ($(CUSTOM_SWDB),1) -getswdb_options = --skip-download --skip-verify -else -getswdb_options = -endif -ifeq ($(SELFCHECK),0) -getswdb_options += --skip-selfcheck -endif -ifeq ($(UPD_SWDB),1) -SWDB := $(shell $(topsrc)/build-aux/getswdb.sh $(getswdb_options) && echo okay) -ifeq ($(strip $(SWDB)),) -ifneq ($(WHAT),git) -$(error Error getting GnuPG software version database) -endif -endif - -# Version numbers of the released packages -gnupg_ver_this = $(shell cat $(topsrc)/VERSION) - -gnupg_ver := $(shell awk '$$1=="gnupg21_ver" {print $$2}' swdb.lst) - -libgpg_error_ver := $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst) -libgpg_error_sha1:= $(shell awk '$$1=="libgpg_error_sha1" {print $$2}' swdb.lst) - -npth_ver := $(shell awk '$$1=="npth_ver" {print $$2}' swdb.lst) -npth_sha1 := $(shell awk '$$1=="npth_sha1" {print $$2}' swdb.lst) - -libgcrypt_ver := $(shell awk '$$1=="libgcrypt_ver" {print $$2}' swdb.lst) -libgcrypt_sha1 := $(shell awk '$$1=="libgcrypt_sha1" {print $$2}' swdb.lst) - -libassuan_ver := $(shell awk '$$1=="libassuan_ver" {print $$2}' swdb.lst) -libassuan_sha1 := $(shell awk '$$1=="libassuan_sha1" {print $$2}' swdb.lst) - -libksba_ver := $(shell awk '$$1=="libksba_ver" {print $$2}' swdb.lst) -libksba_sha1 := $(shell awk '$$1=="libksba_sha1" {print $$2}' swdb.lst) - -gpgme_ver := $(shell awk '$$1=="gpgme_ver" {print $$2}' swdb.lst) -gpgme_sha1 := $(shell awk '$$1=="gpgme_sha1" {print $$2}' swdb.lst) - -pinentry_ver := $(shell awk '$$1=="pinentry_ver" {print $$2}' swdb.lst) -pinentry_sha1 := $(shell awk '$$1=="pinentry_sha1" {print $$2}' swdb.lst) - -gpa_ver := $(shell awk '$$1=="gpa_ver" {print $$2}' swdb.lst) -gpa_sha1 := $(shell awk '$$1=="gpa_sha1" {print $$2}' swdb.lst) - -gpgex_ver := $(shell awk '$$1=="gpgex_ver" {print $$2}' swdb.lst) -gpgex_sha1 := $(shell awk '$$1=="gpgex_sha1" {print $$2}' swdb.lst) - -zlib_ver := $(shell awk '$$1=="zlib_ver" {print $$2}' swdb.lst) -zlib_sha1 := $(shell awk '$$1=="zlib_sha1_gz" {print $$2}' swdb.lst) - -bzip2_ver := $(shell awk '$$1=="bzip2_ver" {print $$2}' swdb.lst) -bzip2_sha1 := $(shell awk '$$1=="bzip2_sha1_gz" {print $$2}' swdb.lst) - -adns_ver := $(shell awk '$$1=="adns_ver" {print $$2}' swdb.lst) -adns_sha1 := $(shell awk '$$1=="adns_sha1" {print $$2}' swdb.lst) - -$(info Information from the version database) -$(info GnuPG ..........: $(gnupg_ver) (building $(gnupg_ver_this))) -$(info Libgpg-error ...: $(libgpg_error_ver)) -$(info Npth ...........: $(npth_ver)) -$(info Libgcrypt ......: $(libgcrypt_ver)) -$(info Libassuan ......: $(libassuan_ver)) -$(info Zlib ...........: $(zlib_ver)) -$(info Bzip2 ..........: $(bzip2_ver)) -$(info ADNS ...........: $(adns_ver)) -$(info GPGME ..........: $(gpgme_ver)) -$(info Pinentry .......: $(pinentry_ver)) -$(info GPA ............: $(gpa_ver)) -$(info GpgEX.... ......: $(gpgex_ver)) -endif - -# Version number for external packages -pkg_config_ver = 0.23 -libiconv_ver = 1.14 -gettext_ver = 0.18.2.1 -libffi_ver = 3.0.13 -glib_ver = 2.34.3 -libpng_ver = 1.4.12 -gdk_pixbuf_ver = 2.26.5 -atk_ver = 1.32.0 -pango_ver = 1.29.4 -pixman_ver = 0.32.4 -cairo_ver = 1.12.16 -gtk__ver = 2.24.17 - -# The GIT repository. Using a local repo is much faster. -#gitrep = git://git.gnupg.org -gitrep = ${HOME}/s - -# The tarball directories -pkgrep = ftp://ftp.gnupg.org/gcrypt -pkg10rep = ftp://ftp.g10code.com/g10code -pkg2rep = $(TARBALLS) - -# For each package, the following variables can be defined: -# -# speedo_pkg_PACKAGE_git: The GIT repository that should be built. -# speedo_pkg_PACKAGE_gitref: The GIT revision to checkout -# -# speedo_pkg_PACKAGE_tar: URL to the tar file that should be built. -# -# Exactly one of the above variables is required. Note that this -# version of speedo does not cache repositories or tar files, and does -# not test the integrity of the downloaded software. If you care -# about this, you can also specify filenames to locally verified files. -# Filenames are differentiated from URLs by starting with a slash '/'. -# -# speedo_pkg_PACKAGE_configure: Extra arguments to configure. -# -# speedo_pkg_PACKAGE_make_args: Extra arguments to make. -# -# speedo_pkg_PACKAGE_make_args_inst: Extra arguments to make install. -# -# Note that you can override the defaults in this file in a local file -# "config.mk" - -ifeq ($(WHAT),this) -else ifeq ($(WHAT),git) - speedo_pkg_libgpg_error_git = $(gitrep)/libgpg-error - speedo_pkg_libgpg_error_gitref = master - speedo_pkg_npth_git = $(gitrep)/npth - speedo_pkg_npth_gitref = master - speedo_pkg_libassuan_git = $(gitrep)/libassuan - speedo_pkg_libassuan_gitref = master - speedo_pkg_libgcrypt_git = $(gitrep)/libgcrypt - speedo_pkg_libgcrypt_gitref = master - speedo_pkg_libksba_git = $(gitrep)/libksba - speedo_pkg_libksba_gitref = master - speedo_pkg_gpgme_git = $(gitrep)/gpgme - speedo_pkg_gpgme_gitref = master - speedo_pkg_pinentry_git = $(gitrep)/pinentry - speedo_pkg_pinentry_gitref = master - speedo_pkg_gpa_git = $(gitrep)/gpa - speedo_pkg_gpa_gitref = master - speedo_pkg_gpgex_git = $(gitrep)/gpgex - speedo_pkg_gpgex_gitref = master -else ifeq ($(WHAT),release) - speedo_pkg_libgpg_error_tar = \ - $(pkgrep)/libgpg-error/libgpg-error-$(libgpg_error_ver).tar.bz2 - speedo_pkg_npth_tar = \ - $(pkgrep)/npth/npth-$(npth_ver).tar.bz2 - speedo_pkg_libassuan_tar = \ - $(pkgrep)/libassuan/libassuan-$(libassuan_ver).tar.bz2 - speedo_pkg_libgcrypt_tar = \ - $(pkgrep)/libgcrypt/libgcrypt-$(libgcrypt_ver).tar.bz2 - speedo_pkg_libksba_tar = \ - $(pkgrep)/libksba/libksba-$(libksba_ver).tar.bz2 - speedo_pkg_gpgme_tar = \ - $(pkgrep)/gpgme/gpgme-$(gpgme_ver).tar.bz2 - speedo_pkg_pinentry_tar = \ - $(pkgrep)/pinentry/pinentry-$(pinentry_ver).tar.bz2 - speedo_pkg_gpa_tar = \ - $(pkgrep)/gpa/gpa-$(gpa_ver).tar.bz2 - speedo_pkg_gpgex_tar = \ - $(pkg10rep)/gpgex/gpgex-$(gpgex_ver).tar.bz2 -else - $(error invalid value for WHAT (use on of: git release this)) -endif - -speedo_pkg_pkg_config_tar = $(pkg2rep)/pkg-config-$(pkg_config_ver).tar.gz -speedo_pkg_zlib_tar = $(pkgrep)/zlib/zlib-$(zlib_ver).tar.gz -speedo_pkg_bzip2_tar = $(pkgrep)/bzip2/bzip2-$(bzip2_ver).tar.gz -speedo_pkg_adns_tar = $(pkg10rep)/adns/adns-$(adns_ver).tar.bz2 -speedo_pkg_libiconv_tar = $(pkg2rep)/libiconv-$(libiconv_ver).tar.gz -speedo_pkg_gettext_tar = $(pkg2rep)/gettext-$(gettext_ver).tar.gz -speedo_pkg_libffi_tar = $(pkg2rep)/libffi-$(libffi_ver).tar.gz -speedo_pkg_glib_tar = $(pkg2rep)/glib-$(glib_ver).tar.xz -speedo_pkg_libpng_tar = $(pkg2rep)/libpng-$(libpng_ver).tar.bz2 -speedo_pkg_gdk_pixbuf_tar = $(pkg2rep)/gdk-pixbuf-$(gdk_pixbuf_ver).tar.xz -speedo_pkg_atk_tar = $(pkg2rep)/atk-$(atk_ver).tar.bz2 -speedo_pkg_pango_tar = $(pkg2rep)/pango-$(pango_ver).tar.bz2 -speedo_pkg_pixman_tar = $(pkg2rep)/pixman-$(pixman_ver).tar.gz -speedo_pkg_cairo_tar = $(pkg2rep)/cairo-$(cairo_ver).tar.xz -speedo_pkg_gtk__tar = $(pkg2rep)/gtk+-$(gtk__ver).tar.xz - - -# -# Package build options -# - -speedo_pkg_libgpg_error_configure = --enable-static -speedo_pkg_w64_libgpg_error_configure = --enable-static - -speedo_pkg_libassuan_configure = --enable-static -speedo_pkg_w64_libassuan_configure = --enable-static - -speedo_pkg_libgcrypt_configure = --disable-static - -speedo_pkg_libksba_configure = --disable-static - -ifeq ($(TARGETOS),w32) -speedo_pkg_gnupg_configure = --enable-gpg2-is-gpg --disable-g13 --disable-ntbtls -else -speedo_pkg_gnupg_configure = --disable-g13 -endif -speedo_pkg_gnupg_extracflags = -g - -# Create the version info files only for W32 so that they won't get -# installed if for example INSTALL_PREFIX=/usr/local is used. -ifeq ($(TARGETOS),w32) -define speedo_pkg_gnupg_post_install -(set -e; \ - sed -n 's/.*PACKAGE_VERSION "\(.*\)"/\1/p' config.h >$(idir)/INST_VERSION; \ - sed -n 's/.*W32INFO_VI_PRODUCTVERSION \(.*\)/\1/p' common/w32info-rc.h \ - |sed 's/,/./g' >$(idir)/INST_PROD_VERSION ) -endef -endif - -# The LDFLAGS is needed for -lintl for glib. -ifeq ($(WITH_GUI),1) -speedo_pkg_gpgme_configure = \ - --enable-static --enable-w32-glib --disable-w32-qt \ - --with-gpg-error-prefix=$(idir) \ - LDFLAGS=-L$(idir)/lib -else -speedo_pkg_gpgme_configure = \ - --disable-static --disable-w32-glib --disable-w32-qt \ - --with-gpg-error-prefix=$(idir) \ - LDFLAGS=-L$(idir)/lib -endif - - -ifeq ($(TARGETOS),w32) -speedo_pkg_pinentry_configure = --disable-pinentry-gtk2 -else -speedo_pkg_pinentry_configure = --enable-pinentry-gtk2 -endif -speedo_pkg_pinentry_configure += \ - --disable-pinentry-qt4 \ - CPPFLAGS=-I$(idir)/include \ - LDFLAGS=-L$(idir)/lib \ - CXXFLAGS=-static-libstdc++ - - -speedo_pkg_gpa_configure = \ - --with-libiconv-prefix=$(idir) --with-libintl-prefix=$(idir) \ - --with-gpgme-prefix=$(idir) --with-zlib=$(idir) \ - --with-libassuan-prefix=$(idir) --with-gpg-error-prefix=$(idir) - -speedo_pkg_gpgex_configure = \ - --with-gpg-error-prefix=$(idir) \ - --with-libassuan-prefix=$(idir) \ - --enable-gpa-only - -speedo_pkg_w64_gpgex_configure = \ - --with-gpg-error-prefix=$(idir6) \ - --with-libassuan-prefix=$(idir6) \ - --enable-gpa-only - - -# -# External packages -# - -ifeq ($(TARGETOS),w32) -speedo_pkg_zlib_make_args = \ - -fwin32/Makefile.gcc PREFIX=$(host)- IMPLIB=libz.dll.a - -speedo_pkg_zlib_make_args_inst = \ - -fwin32/Makefile.gcc \ - BINARY_PATH=$(idir)/bin INCLUDE_PATH=$(idir)/include \ - LIBRARY_PATH=$(idir)/lib SHARED_MODE=1 IMPLIB=libz.dll.a - -# Zlib needs some special magic to generate a libtool file. -# We also install the pc file here. -define speedo_pkg_zlib_post_install -(set -e; mkdir $(idir)/lib/pkgconfig || true; \ -cp $(auxsrc)/zlib.pc $(idir)/lib/pkgconfig/; \ -cd $(idir); \ -echo "# Generated by libtool" > lib/libz.la \ -echo "dlname='../bin/zlib1.dll'" >> lib/libz.la; \ -echo "library_names='libz.dll.a'" >> lib/libz.la; \ -echo "old_library='libz.a'" >> lib/libz.la; \ -echo "dependency_libs=''" >> lib/libz.la; \ -echo "current=1" >> lib/libz.la; \ -echo "age=2" >> lib/libz.la; \ -echo "revision=5" >> lib/libz.la; \ -echo "installed=yes" >> lib/libz.la; \ -echo "shouldnotlink=no" >> lib/libz.la; \ -echo "dlopen=''" >> lib/libz.la; \ -echo "dlpreopen=''" >> lib/libz.la; \ -echo "libdir=\"$(idir)/lib\"" >> lib/libz.la) -endef - -endif - -ifeq ($(TARGETOS),w32) -speedo_pkg_bzip2_make_args = \ - CC="$(host)-gcc" AR="$(host)-ar" RANLIB="$(host)-ranlib" - -speedo_pkg_bzip2_make_args_inst = \ - PREFIX=$(idir) CC="$(host)-gcc" AR="$(host)-ar" RANLIB="$(host)-ranlib" -endif - -speedo_pkg_w64_libiconv_configure = \ - --enable-shared=no --enable-static=yes - -speedo_pkg_gettext_configure = \ - --with-lib-prefix=$(idir) --with-libiconv-prefix=$(idir) \ - CPPFLAGS=-I$(idir)/include LDFLAGS=-L$(idir)/lib -speedo_pkg_w64_gettext_configure = \ - --with-lib-prefix=$(idir) --with-libiconv-prefix=$(idir) \ - CPPFLAGS=-I$(idir6)/include LDFLAGS=-L$(idir6)/lib -speedo_pkg_gettext_extracflags = -O2 -# We only need gettext-runtime and there is sadly no top level -# configure option for this -speedo_pkg_gettext_make_dir = gettext-runtime - - -speedo_pkg_glib_configure = \ - --disable-modular-tests \ - --with-libiconv=gnu \ - CPPFLAGS=-I$(idir)/include \ - LDFLAGS=-L$(idir)/lib \ - CCC=$(host)-g++ \ - LIBFFI_CFLAGS=-I$(idir)/lib/libffi-$(libffi_ver)/include \ - LIBFFI_LIBS=\"-L$(idir)/lib -lffi\" -ifeq ($(TARGETOS),w32) -speedo_pkg_glib_extracflags = -march=i486 -endif - -ifeq ($(TARGETOS),w32) -speedo_pkg_libpng_configure = \ - CPPFLAGS=\"-I$(idir)/include -DPNG_BUILD_DLL\" \ - LDFLAGS=\"-L$(idir)/lib\" LIBPNG_DEFINES=\"-DPNG_BUILD_DLL\" -else -speedo_pkg_libpng_configure = \ - CPPFLAGS=\"-I$(idir)/include\" \ - LDFLAGS=\"-L$(idir)/lib\" -endif - -ifneq ($(TARGETOS),w32) -speedo_pkg_gdk_pixbuf_configure = --without-libtiff --without-libjpeg -endif - -speedo_pkg_pixman_configure = \ - CPPFLAGS=-I$(idir)/include \ - LDFLAGS=-L$(idir)/lib - -ifeq ($(TARGETOS),w32) -speedo_pkg_cairo_configure = \ - --disable-qt --disable-ft --disable-fc \ - --enable-win32 --enable-win32-font \ - CPPFLAGS=-I$(idir)/include \ - LDFLAGS=-L$(idir)/lib -else -speedo_pkg_cairo_configure = \ - --disable-qt \ - CPPFLAGS=-I$(idir)/include \ - LDFLAGS=-L$(idir)/lib -endif - -speedo_pkg_pango_configure = \ - --disable-gtk-doc \ - CPPFLAGS=-I$(idir)/include \ - LDFLAGS=-L$(idir)/lib - -speedo_pkg_gtk__configure = \ - --disable-cups \ - CPPFLAGS=-I$(idir)/include \ - LDFLAGS=-L$(idir)/lib - - -# --------- - -all: all-speedo - -report: report-speedo - -clean: clean-speedo - -ifeq ($(TARGETOS),w32) -STRIP = i686-w64-mingw32-strip -else -STRIP = strip -endif -W32CC = i686-w64-mingw32-gcc - --include config.mk - -# -# The generic speedo code -# - -MKDIR=mkdir -MAKENSIS=makensis -SHA1SUM := $(shell $(topsrc)/build-aux/getswdb.sh --find-sha1sum) -ifeq ($(SHA1SUM),false) -$(error The sha1sum tool is missing) -endif - - -BUILD_ISODATE=$(shell date -u +%Y-%m-%d) -BUILD_DATESTR=$(subst -,,$(BUILD_ISODATE)) - -# The next two macros will work only after gnupg has been build. -ifeq ($(TARGETOS),w32) -INST_VERSION=$(shell head -1 $(idir)/INST_VERSION) -INST_PROD_VERSION=$(shell head -1 $(idir)/INST_PROD_VERSION) -endif - -# List with packages -speedo_build_list = $(speedo_spkgs) -speedo_w64_build_list = $(speedo_w64_spkgs) - -# To avoid running external commands during the read phase (":=" style -# assignments), we check that the targetos has been given -ifneq ($(TARGETOS),) - -# Determine build and host system -build := $(shell $(topsrc)/autogen.sh --silent --print-build) -ifeq ($(TARGETOS),w32) - speedo_autogen_buildopt := --build-w32 - speedo_autogen_buildopt6 := --build-w64 - host := $(shell $(topsrc)/autogen.sh --silent --print-host --build-w32) - host6:= $(shell $(topsrc)/autogen.sh --silent --print-host --build-w64) - speedo_host_build_option := --host=$(host) --build=$(build) - speedo_host_build_option6 := --host=$(host6) --build=$(build) - speedo_w32_cflags := -mms-bitfields -else - speedo_autogen_buildopt := - host := - speedo_host_build_option := - speedo_w32_cflags := -endif - -ifeq ($(MAKE_J),) - speedo_makeopt= -else - speedo_makeopt=-j$(MAKE_J) -endif - -# End non-empty TARGETOS -endif - - - -# The playground area is our scratch area, where we unpack, build and -# install the packages. -$(stampdir)/stamp-directories: - $(MKDIR) $(root) || true - $(MKDIR) $(stampdir) || true - $(MKDIR) $(sdir) || true - $(MKDIR) $(bdir) || true - $(MKDIR) $(idir) || true -ifeq ($(TARGETOS),w32) - $(MKDIR) $(bdir6) || true - $(MKDIR) $(idir6) || true -endif - touch $(stampdir)/stamp-directories - -# Frob the name $1 by converting all '-' and '+' characters to '_'. -define FROB_macro -$(subst +,_,$(subst -,_,$(1))) -endef - -# Get the variable $(1) (which may contain '-' and '+' characters). -define GETVAR -$($(call FROB_macro,$(1))) -endef - -# Set a couple of common variables. -define SETVARS - pkg="$(1)"; \ - git="$(call GETVAR,speedo_pkg_$(1)_git)"; \ - gitref="$(call GETVAR,speedo_pkg_$(1)_gitref)"; \ - tar="$(call GETVAR,speedo_pkg_$(1)_tar)"; \ - sha1="$(call GETVAR,$(1)_sha1)"; \ - pkgsdir="$(sdir)/$(1)"; \ - if [ "$(1)" = "gnupg" ]; then \ - git=''; \ - gitref=''; \ - tar=''; \ - pkgsdir="$(topsrc)"; \ - fi; \ - pkgbdir="$(bdir)/$(1)"; \ - pkgcfg="$(call GETVAR,speedo_pkg_$(1)_configure)"; \ - tmp="$(speedo_w32_cflags) \ - $(call GETVAR,speedo_pkg_$(1)_extracflags)"; \ - if [ x$$$$(echo "$$$$tmp" | tr -d '[:space:]')x != xx ]; then \ - pkgextracflags="CFLAGS=\"$$$$tmp\""; \ - else \ - pkgextracflags=; \ - fi; \ - pkgmkdir="$(call GETVAR,speedo_pkg_$(1)_make_dir)"; \ - pkgmkargs="$(call GETVAR,speedo_pkg_$(1)_make_args)"; \ - pkgmkargs_inst="$(call GETVAR,speedo_pkg_$(1)_make_args_inst)"; \ - pkgmkargs_uninst="$(call GETVAR,speedo_pkg_$(1)_make_args_uninst)"; \ - export PKG_CONFIG="/usr/bin/pkg-config"; \ - export PKG_CONFIG_PATH="$(idir)/lib/pkgconfig"; \ - [ "$(TARGETOS)" != native ] && export PKG_CONFIG_LIBDIR=""; \ - export SYSROOT="$(idir)"; \ - export PATH="$(idir)/bin:$${PATH}"; \ - export LD_LIBRARY_PATH="$(idir)/lib:$${LD_LIBRARY_PATH}" -endef - -define SETVARS_W64 - pkg="$(1)"; \ - git="$(call GETVAR,speedo_pkg_$(1)_git)"; \ - gitref="$(call GETVAR,speedo_pkg_$(1)_gitref)"; \ - tar="$(call GETVAR,speedo_pkg_$(1)_tar)"; \ - sha1="$(call GETVAR,$(1)_sha1)"; \ - pkgsdir="$(sdir)/$(1)"; \ - if [ "$(1)" = "gnupg" ]; then \ - git=''; \ - gitref=''; \ - tar=''; \ - pkgsdir="$(topsrc)"; \ - fi; \ - pkgbdir="$(bdir6)/$(1)"; \ - pkgcfg="$(call GETVAR,speedo_pkg_w64_$(1)_configure)"; \ - tmp="$(speedo_w32_cflags) \ - $(call GETVAR,speedo_pkg_$(1)_extracflags)"; \ - if [ x$$$$(echo "$$$$tmp" | tr -d '[:space:]')x != xx ]; then \ - pkgextracflags="CFLAGS=\"$$$$tmp\""; \ - else \ - pkgextracflags=; \ - fi; \ - pkgmkdir="$(call GETVAR,speedo_pkg_$(1)_make_dir)"; \ - pkgmkargs="$(call GETVAR,speedo_pkg_$(1)_make_args)"; \ - pkgmkargs_inst="$(call GETVAR,speedo_pkg_$(1)_make_args_inst)"; \ - pkgmkargs_uninst="$(call GETVAR,speedo_pkg_$(1)_make_args_uninst)"; \ - export PKG_CONFIG="/usr/bin/pkg-config"; \ - export PKG_CONFIG_PATH="$(idir6)/lib/pkgconfig"; \ - [ "$(TARGETOS)" != native ] && export PKG_CONFIG_LIBDIR=""; \ - export SYSROOT="$(idir6)"; \ - export PATH="$(idir6)/bin:$${PATH}"; \ - export LD_LIBRARY_PATH="$(idir6)/lib:$${LD_LIBRARY_PATH}" -endef - - -# Template for source packages. - -# Note that the gnupg package is special: The package source dir is -# the same as the topsrc dir and thus we need to detect the gnupg -# package and cd to that directory. We also test that no in-source build -# has been done. autogen.sh is not run for gnupg. -# -define SPKG_template - -$(stampdir)/stamp-$(1)-00-unpack: $(stampdir)/stamp-directories - @echo "speedo: /*" - @echo "speedo: * $(1)" - @echo "speedo: */" - @(set -e; cd $(sdir); \ - $(call SETVARS,$(1)); \ - if [ "$(WHAT)" = "this" ]; then \ - echo "speedo: using included source"; \ - elif [ "$(1)" = "gnupg" ]; then \ - cd $$$${pkgsdir}; \ - if [ -f config.log ]; then \ - echo "GnuPG has already been build in-source" >&2 ;\ - echo "Please run \"make distclean\" and retry" >&2 ;\ - exit 1 ; \ - fi; \ - echo "speedo: unpacking gnupg not needed"; \ - elif [ -n "$$$${git}" ]; then \ - echo "speedo: unpacking $(1) from $$$${git}:$$$${gitref}"; \ - git clone -b "$$$${gitref}" "$$$${git}" "$$$${pkg}"; \ - cd "$$$${pkg}"; \ - AUTOGEN_SH_SILENT=1 ./autogen.sh; \ - elif [ -n "$$$${tar}" ]; then \ - echo "speedo: unpacking $(1) from $$$${tar}"; \ - case "$$$${tar}" in \ - *.gz) pretar=zcat ;; \ - *.bz2) pretar=bzcat ;; \ - *.xz) pretar=xzcat ;; \ - *) pretar=cat ;; \ - esac; \ - [ -f tmp.tgz ] && rm tmp.tgz; \ - case "$$$${tar}" in \ - /*) $$$${pretar} < $$$${tar} | tar xf - ;; \ - *) wget -q -O - $$$${tar} | tee tmp.tgz \ - | $$$${pretar} | tar x$$$${opt}f - ;; \ - esac; \ - if [ -f tmp.tgz ]; then \ - if [ -n "$$$${sha1}" ]; then \ - tmp=$$$$($(SHA1SUM) /dev/null && \ - $(MAKE) --no-print-directory \ - $$$${pkgmkargs_uninst} uninstall V=0 ) || true;\ - if [ "$(1)" = "gnupg" ]; then \ - rm -fR "$$$${pkgbdir}" || true ;\ - else \ - rm -fR "$$$${pkgsdir}" "$$$${pkgbdir}" || true;\ - fi) - -rm -f $(stampdir)/stamp-final-$(1) $(stampdir)/stamp-$(1)-* - - -.PHONY : build-$(1) -build-$(1): $(stampdir)/stamp-final-$(1) - - -.PHONY : report-$(1) -report-$(1): - @($(call SETVARS,$(1)); \ - echo -n $(1):\ ; \ - if [ -n "$$$${git}" ]; then \ - if [ -e "$$$${pkgsdir}/.git" ]; then \ - cd "$$$${pkgsdir}" && \ - git describe ; \ - else \ - echo missing; \ - fi \ - elif [ -n "$$$${tar}" ]; then \ - base=`echo "$$$${tar}" | sed -e 's,^.*/,,' \ - | sed -e 's,\.tar.*$$$$,,'`; \ - echo $$$${base} ; \ - fi) - -endef - - -# Insert the template for each source package. -$(foreach spkg, $(speedo_spkgs), $(eval $(call SPKG_template,$(spkg)))) - -$(stampdir)/stamp-final: $(stampdir)/stamp-directories -ifeq ($(TARGETOS),w32) -$(stampdir)/stamp-final: $(addprefix $(stampdir)/stamp-w64-final-,$(speedo_w64_build_list)) -endif -$(stampdir)/stamp-final: $(addprefix $(stampdir)/stamp-final-,$(speedo_build_list)) - touch $(stampdir)/stamp-final - -all-speedo: $(stampdir)/stamp-final - -report-speedo: $(addprefix report-,$(speedo_build_list)) - -# Just to check if we catched all stamps. -clean-stamps: - $(RM) -fR $(stampdir) - -clean-speedo: - $(RM) -fR PLAY - - -# -# Windows installer -# -# {{{ -ifeq ($(TARGETOS),w32) - -dist-source: all - for i in 00 01 02 03; do sleep 1;touch PLAY/stamps/stamp-*-${i}-*;done - (set -e;\ - tarname="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).tar" ;\ - [ -f "$$tarname" ] && rm "$$tarname" ;\ - tar -C $(topsrc) -cf "$$tarname" --exclude-backups --exclude-vc \ - --transform='s,^\./,$(INST_NAME)-$(INST_VERSION)/,' \ - --anchored --exclude './PLAY' . ;\ - tar --totals -rf "$$tarname" --exclude-backups --exclude-vc \ - --transform='s,^,$(INST_NAME)-$(INST_VERSION)/,' \ - PLAY/stamps/stamp-*-00-unpack PLAY/src swdb.lst swdb.lst.sig ;\ - xz "$$tarname" ;\ - ) - - -# Extract the two latest news entries. */ -$(bdir)/NEWS.tmp: $(topsrc)/NEWS - awk '/^Notewo/ {if(okay>1){exit}; okay++};okay {print $0}' \ - <$(topsrc)/NEWS >$(bdir)/NEWS.tmp - -$(bdir)/README.txt: $(bdir)/NEWS.tmp $(topsrc)/README $(w32src)/README.txt \ - $(w32src)/pkg-copyright.txt - sed -e '/^;.*/d;' \ - -e '/!NEWSFILE!/{r $(bdir)/NEWS.tmp' -e 'd;}' \ - -e '/!GNUPGREADME!/{r $(topsrc)/README' -e 'd;}' \ - -e '/!PKG-COPYRIGHT!/{r $(w32src)/pkg-copyright.txt' -e 'd;}' \ - -e 's,!VERSION!,$(INST_VERSION),g' \ - < $(w32src)/README.txt \ - | sed -e '/^#/d' \ - | awk '{printf "%s\r\n", $$0}' >$(bdir)/README.txt - -$(bdir)/g4wihelp.dll: $(w32src)/g4wihelp.c $(w32src)/exdll.h - (set -e; cd $(bdir); \ - $(W32CC) -I. -shared -O2 -o g4wihelp.dll $(w32src)/g4wihelp.c \ - -lwinmm -lgdi32; \ - $(STRIP) g4wihelp.dll) - -w32_insthelpers: $(bdir)/g4wihelp.dll - -$(bdir)/inst-options.ini: $(w32src)/inst-options.ini - cat $(w32src)/inst-options.ini >$(bdir)/inst-options.ini - -extra_installer_options = -ifeq ($(WITH_GUI),1) -extra_installer_options += -DWITH_GUI=1 -endif - -installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt - $(MAKENSIS) -V2 \ - -DINST_DIR=$(idir) \ - -DINST6_DIR=$(idir6) \ - -DBUILD_DIR=$(bdir) \ - -DTOP_SRCDIR=$(topsrc) \ - -DW32_SRCDIR=$(w32src) \ - -DBUILD_ISODATE=$(BUILD_ISODATE) \ - -DBUILD_DATESTR=$(BUILD_DATESTR) \ - -DNAME=$(INST_NAME) \ - -DVERSION=$(INST_VERSION) \ - -DPROD_VERSION=$(INST_PROD_VERSION) \ - $(extra_installer_options) $(w32src)/inst.nsi - @echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" - -endif -# }}} W32 - - -# -# Check availibility of standard tools -# -check-tools: - - -# -# Mark phony targets -# -.PHONY: all all-speedo report-speedo clean-stamps clean-speedo installer \ - w32_insthelpers check-tools diff -Nru gnupg2-2.1.6/build-aux/texinfo.tex gnupg2-2.0.28/build-aux/texinfo.tex --- gnupg2-2.1.6/build-aux/texinfo.tex 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/build-aux/texinfo.tex 1970-01-01 00:00:00.000000000 +0000 @@ -1,8638 +0,0 @@ -% texinfo.tex -- TeX macros to handle Texinfo files. -% -% Load plain if necessary, i.e., if running under initex. -\expandafter\ifx\csname fmtname\endcsname\relax\input plain\fi -% -\def\texinfoversion{2007-05-03.09} -% -% Copyright (C) 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995, -% 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, -% 2007 Free Software Foundation, Inc. -% -% This texinfo.tex file is free software; you can redistribute it and/or -% modify it under the terms of the GNU General Public License as -% published by the Free Software Foundation; either version 3, or (at -% your option) any later version. -% -% This texinfo.tex file is distributed in the hope that it will be -% useful, but WITHOUT ANY WARRANTY; without even the implied warranty -% of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -% General Public License for more details. -% -% You should have received a copy of the GNU General Public License -% along with this texinfo.tex file; see the file COPYING. If not, -% see . -% -% As a special exception, when this file is read by TeX when processing -% a Texinfo source document, you may use the result without -% restriction. (This has been our intent since Texinfo was invented.) -% -% Please try the latest version of texinfo.tex before submitting bug -% reports; you can get the latest version from: -% http://www.gnu.org/software/texinfo/ (the Texinfo home page), or -% ftp://tug.org/tex/texinfo.tex -% (and all CTAN mirrors, see http://www.ctan.org). -% The texinfo.tex in any given distribution could well be out -% of date, so if that's what you're using, please check. -% -% Send bug reports to bug-texinfo@gnu.org. Please include including a -% complete document in each bug report with which we can reproduce the -% problem. Patches are, of course, greatly appreciated. -% -% To process a Texinfo manual with TeX, it's most reliable to use the -% texi2dvi shell script that comes with the distribution. For a simple -% manual foo.texi, however, you can get away with this: -% tex foo.texi -% texindex foo.?? -% tex foo.texi -% tex foo.texi -% dvips foo.dvi -o # or whatever; this makes foo.ps. -% The extra TeX runs get the cross-reference information correct. -% Sometimes one run after texindex suffices, and sometimes you need more -% than two; texi2dvi does it as many times as necessary. -% -% It is possible to adapt texinfo.tex for other languages, to some -% extent. You can get the existing language-specific files from the -% full Texinfo distribution. -% -% The GNU Texinfo home page is http://www.gnu.org/software/texinfo. - - -\message{Loading texinfo [version \texinfoversion]:} - -% If in a .fmt file, print the version number -% and turn on active characters that we couldn't do earlier because -% they might have appeared in the input file name. -\everyjob{\message{[Texinfo version \texinfoversion]}% - \catcode`+=\active \catcode`\_=\active} - - -\chardef\other=12 - -% We never want plain's \outer definition of \+ in Texinfo. -% For @tex, we can use \tabalign. -\let\+ = \relax - -% Save some plain tex macros whose names we will redefine. -\let\ptexb=\b -\let\ptexbullet=\bullet -\let\ptexc=\c -\let\ptexcomma=\, -\let\ptexdot=\. -\let\ptexdots=\dots -\let\ptexend=\end -\let\ptexequiv=\equiv -\let\ptexexclam=\! -\let\ptexfootnote=\footnote -\let\ptexgtr=> -\let\ptexhat=^ -\let\ptexi=\i -\let\ptexindent=\indent -\let\ptexinsert=\insert -\let\ptexlbrace=\{ -\let\ptexless=< -\let\ptexnewwrite\newwrite -\let\ptexnoindent=\noindent -\let\ptexplus=+ -\let\ptexrbrace=\} -\let\ptexslash=\/ -\let\ptexstar=\* -\let\ptext=\t - -% If this character appears in an error message or help string, it -% starts a new line in the output. -\newlinechar = `^^J - -% Use TeX 3.0's \inputlineno to get the line number, for better error -% messages, but if we're using an old version of TeX, don't do anything. -% -\ifx\inputlineno\thisisundefined - \let\linenumber = \empty % Pre-3.0. -\else - \def\linenumber{l.\the\inputlineno:\space} -\fi - -% Set up fixed words for English if not already set. -\ifx\putwordAppendix\undefined \gdef\putwordAppendix{Appendix}\fi -\ifx\putwordChapter\undefined \gdef\putwordChapter{Chapter}\fi -\ifx\putwordfile\undefined \gdef\putwordfile{file}\fi -\ifx\putwordin\undefined \gdef\putwordin{in}\fi -\ifx\putwordIndexIsEmpty\undefined \gdef\putwordIndexIsEmpty{(Index is empty)}\fi -\ifx\putwordIndexNonexistent\undefined \gdef\putwordIndexNonexistent{(Index is nonexistent)}\fi -\ifx\putwordInfo\undefined \gdef\putwordInfo{Info}\fi -\ifx\putwordInstanceVariableof\undefined \gdef\putwordInstanceVariableof{Instance Variable of}\fi -\ifx\putwordMethodon\undefined \gdef\putwordMethodon{Method on}\fi -\ifx\putwordNoTitle\undefined \gdef\putwordNoTitle{No Title}\fi -\ifx\putwordof\undefined \gdef\putwordof{of}\fi -\ifx\putwordon\undefined \gdef\putwordon{on}\fi -\ifx\putwordpage\undefined \gdef\putwordpage{page}\fi -\ifx\putwordsection\undefined \gdef\putwordsection{section}\fi -\ifx\putwordSection\undefined \gdef\putwordSection{Section}\fi -\ifx\putwordsee\undefined \gdef\putwordsee{see}\fi -\ifx\putwordSee\undefined \gdef\putwordSee{See}\fi -\ifx\putwordShortTOC\undefined \gdef\putwordShortTOC{Short Contents}\fi -\ifx\putwordTOC\undefined \gdef\putwordTOC{Table of Contents}\fi -% -\ifx\putwordMJan\undefined \gdef\putwordMJan{January}\fi -\ifx\putwordMFeb\undefined \gdef\putwordMFeb{February}\fi -\ifx\putwordMMar\undefined \gdef\putwordMMar{March}\fi -\ifx\putwordMApr\undefined \gdef\putwordMApr{April}\fi -\ifx\putwordMMay\undefined \gdef\putwordMMay{May}\fi -\ifx\putwordMJun\undefined \gdef\putwordMJun{June}\fi -\ifx\putwordMJul\undefined \gdef\putwordMJul{July}\fi -\ifx\putwordMAug\undefined \gdef\putwordMAug{August}\fi -\ifx\putwordMSep\undefined \gdef\putwordMSep{September}\fi -\ifx\putwordMOct\undefined \gdef\putwordMOct{October}\fi -\ifx\putwordMNov\undefined \gdef\putwordMNov{November}\fi -\ifx\putwordMDec\undefined \gdef\putwordMDec{December}\fi -% -\ifx\putwordDefmac\undefined \gdef\putwordDefmac{Macro}\fi -\ifx\putwordDefspec\undefined \gdef\putwordDefspec{Special Form}\fi -\ifx\putwordDefvar\undefined \gdef\putwordDefvar{Variable}\fi -\ifx\putwordDefopt\undefined \gdef\putwordDefopt{User Option}\fi -\ifx\putwordDeffunc\undefined \gdef\putwordDeffunc{Function}\fi - -% Since the category of space is not known, we have to be careful. -\chardef\spacecat = 10 -\def\spaceisspace{\catcode`\ =\spacecat} - -% sometimes characters are active, so we need control sequences. -\chardef\colonChar = `\: -\chardef\commaChar = `\, -\chardef\dashChar = `\- -\chardef\dotChar = `\. -\chardef\exclamChar= `\! -\chardef\lquoteChar= `\` -\chardef\questChar = `\? -\chardef\rquoteChar= `\' -\chardef\semiChar = `\; -\chardef\underChar = `\_ - -% Ignore a token. -% -\def\gobble#1{} - -% The following is used inside several \edef's. -\def\makecsname#1{\expandafter\noexpand\csname#1\endcsname} - -% Hyphenation fixes. -\hyphenation{ - Flor-i-da Ghost-script Ghost-view Mac-OS Post-Script - ap-pen-dix bit-map bit-maps - data-base data-bases eshell fall-ing half-way long-est man-u-script - man-u-scripts mini-buf-fer mini-buf-fers over-view par-a-digm - par-a-digms rath-er rec-tan-gu-lar ro-bot-ics se-vere-ly set-up spa-ces - spell-ing spell-ings - stand-alone strong-est time-stamp time-stamps which-ever white-space - wide-spread wrap-around -} - -% Margin to add to right of even pages, to left of odd pages. -\newdimen\bindingoffset -\newdimen\normaloffset -\newdimen\pagewidth \newdimen\pageheight - -% For a final copy, take out the rectangles -% that mark overfull boxes (in case you have decided -% that the text looks ok even though it passes the margin). -% -\def\finalout{\overfullrule=0pt} - -% @| inserts a changebar to the left of the current line. It should -% surround any changed text. This approach does *not* work if the -% change spans more than two lines of output. To handle that, we would -% have adopt a much more difficult approach (putting marks into the main -% vertical list for the beginning and end of each change). -% -\def\|{% - % \vadjust can only be used in horizontal mode. - \leavevmode - % - % Append this vertical mode material after the current line in the output. - \vadjust{% - % We want to insert a rule with the height and depth of the current - % leading; that is exactly what \strutbox is supposed to record. - \vskip-\baselineskip - % - % \vadjust-items are inserted at the left edge of the type. So - % the \llap here moves out into the left-hand margin. - \llap{% - % - % For a thicker or thinner bar, change the `1pt'. - \vrule height\baselineskip width1pt - % - % This is the space between the bar and the text. - \hskip 12pt - }% - }% -} - -% Sometimes it is convenient to have everything in the transcript file -% and nothing on the terminal. We don't just call \tracingall here, -% since that produces some useless output on the terminal. We also make -% some effort to order the tracing commands to reduce output in the log -% file; cf. trace.sty in LaTeX. -% -\def\gloggingall{\begingroup \globaldefs = 1 \loggingall \endgroup}% -\def\loggingall{% - \tracingstats2 - \tracingpages1 - \tracinglostchars2 % 2 gives us more in etex - \tracingparagraphs1 - \tracingoutput1 - \tracingmacros2 - \tracingrestores1 - \showboxbreadth\maxdimen \showboxdepth\maxdimen - \ifx\eTeXversion\undefined\else % etex gives us more logging - \tracingscantokens1 - \tracingifs1 - \tracinggroups1 - \tracingnesting2 - \tracingassigns1 - \fi - \tracingcommands3 % 3 gives us more in etex - \errorcontextlines16 -}% - -% add check for \lastpenalty to plain's definitions. If the last thing -% we did was a \nobreak, we don't want to insert more space. -% -\def\smallbreak{\ifnum\lastpenalty<10000\par\ifdim\lastskip<\smallskipamount - \removelastskip\penalty-50\smallskip\fi\fi} -\def\medbreak{\ifnum\lastpenalty<10000\par\ifdim\lastskip<\medskipamount - \removelastskip\penalty-100\medskip\fi\fi} -\def\bigbreak{\ifnum\lastpenalty<10000\par\ifdim\lastskip<\bigskipamount - \removelastskip\penalty-200\bigskip\fi\fi} - -% For @cropmarks command. -% Do @cropmarks to get crop marks. -% -\newif\ifcropmarks -\let\cropmarks = \cropmarkstrue -% -% Dimensions to add cropmarks at corners. -% Added by P. A. MacKay, 12 Nov. 1986 -% -\newdimen\outerhsize \newdimen\outervsize % set by the paper size routines -\newdimen\cornerlong \cornerlong=1pc -\newdimen\cornerthick \cornerthick=.3pt -\newdimen\topandbottommargin \topandbottommargin=.75in - -% Main output routine. -\chardef\PAGE = 255 -\output = {\onepageout{\pagecontents\PAGE}} - -\newbox\headlinebox -\newbox\footlinebox - -% \onepageout takes a vbox as an argument. Note that \pagecontents -% does insertions, but you have to call it yourself. -\def\onepageout#1{% - \ifcropmarks \hoffset=0pt \else \hoffset=\normaloffset \fi - % - \ifodd\pageno \advance\hoffset by \bindingoffset - \else \advance\hoffset by -\bindingoffset\fi - % - % Do this outside of the \shipout so @code etc. will be expanded in - % the headline as they should be, not taken literally (outputting ''code). - \setbox\headlinebox = \vbox{\let\hsize=\pagewidth \makeheadline}% - \setbox\footlinebox = \vbox{\let\hsize=\pagewidth \makefootline}% - % - {% - % Have to do this stuff outside the \shipout because we want it to - % take effect in \write's, yet the group defined by the \vbox ends - % before the \shipout runs. - % - \indexdummies % don't expand commands in the output. - \normalturnoffactive % \ in index entries must not stay \, e.g., if - % the page break happens to be in the middle of an example. - % We don't want .vr (or whatever) entries like this: - % \entry{{\tt \indexbackslash }acronym}{32}{\code {\acronym}} - % "\acronym" won't work when it's read back in; - % it needs to be - % {\code {{\tt \backslashcurfont }acronym} - \shipout\vbox{% - % Do this early so pdf references go to the beginning of the page. - \ifpdfmakepagedest \pdfdest name{\the\pageno} xyz\fi - % - \ifcropmarks \vbox to \outervsize\bgroup - \hsize = \outerhsize - \vskip-\topandbottommargin - \vtop to0pt{% - \line{\ewtop\hfil\ewtop}% - \nointerlineskip - \line{% - \vbox{\moveleft\cornerthick\nstop}% - \hfill - \vbox{\moveright\cornerthick\nstop}% - }% - \vss}% - \vskip\topandbottommargin - \line\bgroup - \hfil % center the page within the outer (page) hsize. - \ifodd\pageno\hskip\bindingoffset\fi - \vbox\bgroup - \fi - % - \unvbox\headlinebox - \pagebody{#1}% - \ifdim\ht\footlinebox > 0pt - % Only leave this space if the footline is nonempty. - % (We lessened \vsize for it in \oddfootingyyy.) - % The \baselineskip=24pt in plain's \makefootline has no effect. - \vskip 24pt - \unvbox\footlinebox - \fi - % - \ifcropmarks - \egroup % end of \vbox\bgroup - \hfil\egroup % end of (centering) \line\bgroup - \vskip\topandbottommargin plus1fill minus1fill - \boxmaxdepth = \cornerthick - \vbox to0pt{\vss - \line{% - \vbox{\moveleft\cornerthick\nsbot}% - \hfill - \vbox{\moveright\cornerthick\nsbot}% - }% - \nointerlineskip - \line{\ewbot\hfil\ewbot}% - }% - \egroup % \vbox from first cropmarks clause - \fi - }% end of \shipout\vbox - }% end of group with \indexdummies - \advancepageno - \ifnum\outputpenalty>-20000 \else\dosupereject\fi -} - -\newinsert\margin \dimen\margin=\maxdimen - -\def\pagebody#1{\vbox to\pageheight{\boxmaxdepth=\maxdepth #1}} -{\catcode`\@ =11 -\gdef\pagecontents#1{\ifvoid\topins\else\unvbox\topins\fi -% marginal hacks, juha@viisa.uucp (Juha Takala) -\ifvoid\margin\else % marginal info is present - \rlap{\kern\hsize\vbox to\z@{\kern1pt\box\margin \vss}}\fi -\dimen@=\dp#1 \unvbox#1 -\ifvoid\footins\else\vskip\skip\footins\footnoterule \unvbox\footins\fi -\ifr@ggedbottom \kern-\dimen@ \vfil \fi} -} - -% Here are the rules for the cropmarks. Note that they are -% offset so that the space between them is truly \outerhsize or \outervsize -% (P. A. MacKay, 12 November, 1986) -% -\def\ewtop{\vrule height\cornerthick depth0pt width\cornerlong} -\def\nstop{\vbox - {\hrule height\cornerthick depth\cornerlong width\cornerthick}} -\def\ewbot{\vrule height0pt depth\cornerthick width\cornerlong} -\def\nsbot{\vbox - {\hrule height\cornerlong depth\cornerthick width\cornerthick}} - -% Parse an argument, then pass it to #1. The argument is the rest of -% the input line (except we remove a trailing comment). #1 should be a -% macro which expects an ordinary undelimited TeX argument. -% -\def\parsearg{\parseargusing{}} -\def\parseargusing#1#2{% - \def\argtorun{#2}% - \begingroup - \obeylines - \spaceisspace - #1% - \parseargline\empty% Insert the \empty token, see \finishparsearg below. -} - -{\obeylines % - \gdef\parseargline#1^^M{% - \endgroup % End of the group started in \parsearg. - \argremovecomment #1\comment\ArgTerm% - }% -} - -% First remove any @comment, then any @c comment. -\def\argremovecomment#1\comment#2\ArgTerm{\argremovec #1\c\ArgTerm} -\def\argremovec#1\c#2\ArgTerm{\argcheckspaces#1\^^M\ArgTerm} - -% Each occurence of `\^^M' or `\^^M' is replaced by a single space. -% -% \argremovec might leave us with trailing space, e.g., -% @end itemize @c foo -% This space token undergoes the same procedure and is eventually removed -% by \finishparsearg. -% -\def\argcheckspaces#1\^^M{\argcheckspacesX#1\^^M \^^M} -\def\argcheckspacesX#1 \^^M{\argcheckspacesY#1\^^M} -\def\argcheckspacesY#1\^^M#2\^^M#3\ArgTerm{% - \def\temp{#3}% - \ifx\temp\empty - % Do not use \next, perhaps the caller of \parsearg uses it; reuse \temp: - \let\temp\finishparsearg - \else - \let\temp\argcheckspaces - \fi - % Put the space token in: - \temp#1 #3\ArgTerm -} - -% If a _delimited_ argument is enclosed in braces, they get stripped; so -% to get _exactly_ the rest of the line, we had to prevent such situation. -% We prepended an \empty token at the very beginning and we expand it now, -% just before passing the control to \argtorun. -% (Similarily, we have to think about #3 of \argcheckspacesY above: it is -% either the null string, or it ends with \^^M---thus there is no danger -% that a pair of braces would be stripped. -% -% But first, we have to remove the trailing space token. -% -\def\finishparsearg#1 \ArgTerm{\expandafter\argtorun\expandafter{#1}} - -% \parseargdef\foo{...} -% is roughly equivalent to -% \def\foo{\parsearg\Xfoo} -% \def\Xfoo#1{...} -% -% Actually, I use \csname\string\foo\endcsname, ie. \\foo, as it is my -% favourite TeX trick. --kasal, 16nov03 - -\def\parseargdef#1{% - \expandafter \doparseargdef \csname\string#1\endcsname #1% -} -\def\doparseargdef#1#2{% - \def#2{\parsearg#1}% - \def#1##1% -} - -% Several utility definitions with active space: -{ - \obeyspaces - \gdef\obeyedspace{ } - - % Make each space character in the input produce a normal interword - % space in the output. Don't allow a line break at this space, as this - % is used only in environments like @example, where each line of input - % should produce a line of output anyway. - % - \gdef\sepspaces{\obeyspaces\let =\tie} - - % If an index command is used in an @example environment, any spaces - % therein should become regular spaces in the raw index file, not the - % expansion of \tie (\leavevmode \penalty \@M \ ). - \gdef\unsepspaces{\let =\space} -} - - -\def\flushcr{\ifx\par\lisppar \def\next##1{}\else \let\next=\relax \fi \next} - -% Define the framework for environments in texinfo.tex. It's used like this: -% -% \envdef\foo{...} -% \def\Efoo{...} -% -% It's the responsibility of \envdef to insert \begingroup before the -% actual body; @end closes the group after calling \Efoo. \envdef also -% defines \thisenv, so the current environment is known; @end checks -% whether the environment name matches. The \checkenv macro can also be -% used to check whether the current environment is the one expected. -% -% Non-false conditionals (@iftex, @ifset) don't fit into this, so they -% are not treated as enviroments; they don't open a group. (The -% implementation of @end takes care not to call \endgroup in this -% special case.) - - -% At runtime, environments start with this: -\def\startenvironment#1{\begingroup\def\thisenv{#1}} -% initialize -\let\thisenv\empty - -% ... but they get defined via ``\envdef\foo{...}'': -\long\def\envdef#1#2{\def#1{\startenvironment#1#2}} -\def\envparseargdef#1#2{\parseargdef#1{\startenvironment#1#2}} - -% Check whether we're in the right environment: -\def\checkenv#1{% - \def\temp{#1}% - \ifx\thisenv\temp - \else - \badenverr - \fi -} - -% Evironment mismatch, #1 expected: -\def\badenverr{% - \errhelp = \EMsimple - \errmessage{This command can appear only \inenvironment\temp, - not \inenvironment\thisenv}% -} -\def\inenvironment#1{% - \ifx#1\empty - out of any environment% - \else - in environment \expandafter\string#1% - \fi -} - -% @end foo executes the definition of \Efoo. -% But first, it executes a specialized version of \checkenv -% -\parseargdef\end{% - \if 1\csname iscond.#1\endcsname - \else - % The general wording of \badenverr may not be ideal, but... --kasal, 06nov03 - \expandafter\checkenv\csname#1\endcsname - \csname E#1\endcsname - \endgroup - \fi -} - -\newhelp\EMsimple{Press RETURN to continue.} - - -%% Simple single-character @ commands - -% @@ prints an @ -% Kludge this until the fonts are right (grr). -\def\@{{\tt\char64}} - -% This is turned off because it was never documented -% and you can use @w{...} around a quote to suppress ligatures. -%% Define @` and @' to be the same as ` and ' -%% but suppressing ligatures. -%\def\`{{`}} -%\def\'{{'}} - -% Used to generate quoted braces. -\def\mylbrace {{\tt\char123}} -\def\myrbrace {{\tt\char125}} -\let\{=\mylbrace -\let\}=\myrbrace -\begingroup - % Definitions to produce \{ and \} commands for indices, - % and @{ and @} for the aux/toc files. - \catcode`\{ = \other \catcode`\} = \other - \catcode`\[ = 1 \catcode`\] = 2 - \catcode`\! = 0 \catcode`\\ = \other - !gdef!lbracecmd[\{]% - !gdef!rbracecmd[\}]% - !gdef!lbraceatcmd[@{]% - !gdef!rbraceatcmd[@}]% -!endgroup - -% @comma{} to avoid , parsing problems. -\let\comma = , - -% Accents: @, @dotaccent @ringaccent @ubaraccent @udotaccent -% Others are defined by plain TeX: @` @' @" @^ @~ @= @u @v @H. -\let\, = \c -\let\dotaccent = \. -\def\ringaccent#1{{\accent23 #1}} -\let\tieaccent = \t -\let\ubaraccent = \b -\let\udotaccent = \d - -% Other special characters: @questiondown @exclamdown @ordf @ordm -% Plain TeX defines: @AA @AE @O @OE @L (plus lowercase versions) @ss. -\def\questiondown{?`} -\def\exclamdown{!`} -\def\ordf{\leavevmode\raise1ex\hbox{\selectfonts\lllsize \underbar{a}}} -\def\ordm{\leavevmode\raise1ex\hbox{\selectfonts\lllsize \underbar{o}}} - -% Dotless i and dotless j, used for accents. -\def\imacro{i} -\def\jmacro{j} -\def\dotless#1{% - \def\temp{#1}% - \ifx\temp\imacro \ptexi - \else\ifx\temp\jmacro \j - \else \errmessage{@dotless can be used only with i or j}% - \fi\fi -} - -% The \TeX{} logo, as in plain, but resetting the spacing so that a -% period following counts as ending a sentence. (Idea found in latex.) -% -\edef\TeX{\TeX \spacefactor=1000 } - -% @LaTeX{} logo. Not quite the same results as the definition in -% latex.ltx, since we use a different font for the raised A; it's most -% convenient for us to use an explicitly smaller font, rather than using -% the \scriptstyle font (since we don't reset \scriptstyle and -% \scriptscriptstyle). -% -\def\LaTeX{% - L\kern-.36em - {\setbox0=\hbox{T}% - \vbox to \ht0{\hbox{\selectfonts\lllsize A}\vss}}% - \kern-.15em - \TeX -} - -% Be sure we're in horizontal mode when doing a tie, since we make space -% equivalent to this in @example-like environments. Otherwise, a space -% at the beginning of a line will start with \penalty -- and -% since \penalty is valid in vertical mode, we'd end up putting the -% penalty on the vertical list instead of in the new paragraph. -{\catcode`@ = 11 - % Avoid using \@M directly, because that causes trouble - % if the definition is written into an index file. - \global\let\tiepenalty = \@M - \gdef\tie{\leavevmode\penalty\tiepenalty\ } -} - -% @: forces normal size whitespace following. -\def\:{\spacefactor=1000 } - -% @* forces a line break. -\def\*{\hfil\break\hbox{}\ignorespaces} - -% @/ allows a line break. -\let\/=\allowbreak - -% @. is an end-of-sentence period. -\def\.{.\spacefactor=\endofsentencespacefactor\space} - -% @! is an end-of-sentence bang. -\def\!{!\spacefactor=\endofsentencespacefactor\space} - -% @? is an end-of-sentence query. -\def\?{?\spacefactor=\endofsentencespacefactor\space} - -% @frenchspacing on|off says whether to put extra space after punctuation. -% -\def\onword{on} -\def\offword{off} -% -\parseargdef\frenchspacing{% - \def\temp{#1}% - \ifx\temp\onword \plainfrenchspacing - \else\ifx\temp\offword \plainnonfrenchspacing - \else - \errhelp = \EMsimple - \errmessage{Unknown @frenchspacing option `\temp', must be on/off}% - \fi\fi -} - -% @w prevents a word break. Without the \leavevmode, @w at the -% beginning of a paragraph, when TeX is still in vertical mode, would -% produce a whole line of output instead of starting the paragraph. -\def\w#1{\leavevmode\hbox{#1}} - -% @group ... @end group forces ... to be all on one page, by enclosing -% it in a TeX vbox. We use \vtop instead of \vbox to construct the box -% to keep its height that of a normal line. According to the rules for -% \topskip (p.114 of the TeXbook), the glue inserted is -% max (\topskip - \ht (first item), 0). If that height is large, -% therefore, no glue is inserted, and the space between the headline and -% the text is small, which looks bad. -% -% Another complication is that the group might be very large. This can -% cause the glue on the previous page to be unduly stretched, because it -% does not have much material. In this case, it's better to add an -% explicit \vfill so that the extra space is at the bottom. The -% threshold for doing this is if the group is more than \vfilllimit -% percent of a page (\vfilllimit can be changed inside of @tex). -% -\newbox\groupbox -\def\vfilllimit{0.7} -% -\envdef\group{% - \ifnum\catcode`\^^M=\active \else - \errhelp = \groupinvalidhelp - \errmessage{@group invalid in context where filling is enabled}% - \fi - \startsavinginserts - % - \setbox\groupbox = \vtop\bgroup - % Do @comment since we are called inside an environment such as - % @example, where each end-of-line in the input causes an - % end-of-line in the output. We don't want the end-of-line after - % the `@group' to put extra space in the output. Since @group - % should appear on a line by itself (according to the Texinfo - % manual), we don't worry about eating any user text. - \comment -} -% -% The \vtop produces a box with normal height and large depth; thus, TeX puts -% \baselineskip glue before it, and (when the next line of text is done) -% \lineskip glue after it. Thus, space below is not quite equal to space -% above. But it's pretty close. -\def\Egroup{% - % To get correct interline space between the last line of the group - % and the first line afterwards, we have to propagate \prevdepth. - \endgraf % Not \par, as it may have been set to \lisppar. - \global\dimen1 = \prevdepth - \egroup % End the \vtop. - % \dimen0 is the vertical size of the group's box. - \dimen0 = \ht\groupbox \advance\dimen0 by \dp\groupbox - % \dimen2 is how much space is left on the page (more or less). - \dimen2 = \pageheight \advance\dimen2 by -\pagetotal - % if the group doesn't fit on the current page, and it's a big big - % group, force a page break. - \ifdim \dimen0 > \dimen2 - \ifdim \pagetotal < \vfilllimit\pageheight - \page - \fi - \fi - \box\groupbox - \prevdepth = \dimen1 - \checkinserts -} -% -% TeX puts in an \escapechar (i.e., `@') at the beginning of the help -% message, so this ends up printing `@group can only ...'. -% -\newhelp\groupinvalidhelp{% -group can only be used in environments such as @example,^^J% -where each line of input produces a line of output.} - -% @need space-in-mils -% forces a page break if there is not space-in-mils remaining. - -\newdimen\mil \mil=0.001in - -% Old definition--didn't work. -%\parseargdef\need{\par % -%% This method tries to make TeX break the page naturally -%% if the depth of the box does not fit. -%{\baselineskip=0pt% -%\vtop to #1\mil{\vfil}\kern -#1\mil\nobreak -%\prevdepth=-1000pt -%}} - -\parseargdef\need{% - % Ensure vertical mode, so we don't make a big box in the middle of a - % paragraph. - \par - % - % If the @need value is less than one line space, it's useless. - \dimen0 = #1\mil - \dimen2 = \ht\strutbox - \advance\dimen2 by \dp\strutbox - \ifdim\dimen0 > \dimen2 - % - % Do a \strut just to make the height of this box be normal, so the - % normal leading is inserted relative to the preceding line. - % And a page break here is fine. - \vtop to #1\mil{\strut\vfil}% - % - % TeX does not even consider page breaks if a penalty added to the - % main vertical list is 10000 or more. But in order to see if the - % empty box we just added fits on the page, we must make it consider - % page breaks. On the other hand, we don't want to actually break the - % page after the empty box. So we use a penalty of 9999. - % - % There is an extremely small chance that TeX will actually break the - % page at this \penalty, if there are no other feasible breakpoints in - % sight. (If the user is using lots of big @group commands, which - % almost-but-not-quite fill up a page, TeX will have a hard time doing - % good page breaking, for example.) However, I could not construct an - % example where a page broke at this \penalty; if it happens in a real - % document, then we can reconsider our strategy. - \penalty9999 - % - % Back up by the size of the box, whether we did a page break or not. - \kern -#1\mil - % - % Do not allow a page break right after this kern. - \nobreak - \fi -} - -% @br forces paragraph break (and is undocumented). - -\let\br = \par - -% @page forces the start of a new page. -% -\def\page{\par\vfill\supereject} - -% @exdent text.... -% outputs text on separate line in roman font, starting at standard page margin - -% This records the amount of indent in the innermost environment. -% That's how much \exdent should take out. -\newskip\exdentamount - -% This defn is used inside fill environments such as @defun. -\parseargdef\exdent{\hfil\break\hbox{\kern -\exdentamount{\rm#1}}\hfil\break} - -% This defn is used inside nofill environments such as @example. -\parseargdef\nofillexdent{{\advance \leftskip by -\exdentamount - \leftline{\hskip\leftskip{\rm#1}}}} - -% @inmargin{WHICH}{TEXT} puts TEXT in the WHICH margin next to the current -% paragraph. For more general purposes, use the \margin insertion -% class. WHICH is `l' or `r'. -% -\newskip\inmarginspacing \inmarginspacing=1cm -\def\strutdepth{\dp\strutbox} -% -\def\doinmargin#1#2{\strut\vadjust{% - \nobreak - \kern-\strutdepth - \vtop to \strutdepth{% - \baselineskip=\strutdepth - \vss - % if you have multiple lines of stuff to put here, you'll need to - % make the vbox yourself of the appropriate size. - \ifx#1l% - \llap{\ignorespaces #2\hskip\inmarginspacing}% - \else - \rlap{\hskip\hsize \hskip\inmarginspacing \ignorespaces #2}% - \fi - \null - }% -}} -\def\inleftmargin{\doinmargin l} -\def\inrightmargin{\doinmargin r} -% -% @inmargin{TEXT [, RIGHT-TEXT]} -% (if RIGHT-TEXT is given, use TEXT for left page, RIGHT-TEXT for right; -% else use TEXT for both). -% -\def\inmargin#1{\parseinmargin #1,,\finish} -\def\parseinmargin#1,#2,#3\finish{% not perfect, but better than nothing. - \setbox0 = \hbox{\ignorespaces #2}% - \ifdim\wd0 > 0pt - \def\lefttext{#1}% have both texts - \def\righttext{#2}% - \else - \def\lefttext{#1}% have only one text - \def\righttext{#1}% - \fi - % - \ifodd\pageno - \def\temp{\inrightmargin\righttext}% odd page -> outside is right margin - \else - \def\temp{\inleftmargin\lefttext}% - \fi - \temp -} - -% @include file insert text of that file as input. -% -\def\include{\parseargusing\filenamecatcodes\includezzz} -\def\includezzz#1{% - \pushthisfilestack - \def\thisfile{#1}% - {% - \makevalueexpandable - \def\temp{\input #1 }% - \expandafter - }\temp - \popthisfilestack -} -\def\filenamecatcodes{% - \catcode`\\=\other - \catcode`~=\other - \catcode`^=\other - \catcode`_=\other - \catcode`|=\other - \catcode`<=\other - \catcode`>=\other - \catcode`+=\other - \catcode`-=\other -} - -\def\pushthisfilestack{% - \expandafter\pushthisfilestackX\popthisfilestack\StackTerm -} -\def\pushthisfilestackX{% - \expandafter\pushthisfilestackY\thisfile\StackTerm -} -\def\pushthisfilestackY #1\StackTerm #2\StackTerm {% - \gdef\popthisfilestack{\gdef\thisfile{#1}\gdef\popthisfilestack{#2}}% -} - -\def\popthisfilestack{\errthisfilestackempty} -\def\errthisfilestackempty{\errmessage{Internal error: - the stack of filenames is empty.}} - -\def\thisfile{} - -% @center line -% outputs that line, centered. -% -\parseargdef\center{% - \ifhmode - \let\next\centerH - \else - \let\next\centerV - \fi - \next{\hfil \ignorespaces#1\unskip \hfil}% -} -\def\centerH#1{% - {% - \hfil\break - \advance\hsize by -\leftskip - \advance\hsize by -\rightskip - \line{#1}% - \break - }% -} -\def\centerV#1{\line{\kern\leftskip #1\kern\rightskip}} - -% @sp n outputs n lines of vertical space - -\parseargdef\sp{\vskip #1\baselineskip} - -% @comment ...line which is ignored... -% @c is the same as @comment -% @ignore ... @end ignore is another way to write a comment - -\def\comment{\begingroup \catcode`\^^M=\other% -\catcode`\@=\other \catcode`\{=\other \catcode`\}=\other% -\commentxxx} -{\catcode`\^^M=\other \gdef\commentxxx#1^^M{\endgroup}} - -\let\c=\comment - -% @paragraphindent NCHARS -% We'll use ems for NCHARS, close enough. -% NCHARS can also be the word `asis' or `none'. -% We cannot feasibly implement @paragraphindent asis, though. -% -\def\asisword{asis} % no translation, these are keywords -\def\noneword{none} -% -\parseargdef\paragraphindent{% - \def\temp{#1}% - \ifx\temp\asisword - \else - \ifx\temp\noneword - \defaultparindent = 0pt - \else - \defaultparindent = #1em - \fi - \fi - \parindent = \defaultparindent -} - -% @exampleindent NCHARS -% We'll use ems for NCHARS like @paragraphindent. -% It seems @exampleindent asis isn't necessary, but -% I preserve it to make it similar to @paragraphindent. -\parseargdef\exampleindent{% - \def\temp{#1}% - \ifx\temp\asisword - \else - \ifx\temp\noneword - \lispnarrowing = 0pt - \else - \lispnarrowing = #1em - \fi - \fi -} - -% @firstparagraphindent WORD -% If WORD is `none', then suppress indentation of the first paragraph -% after a section heading. If WORD is `insert', then do indent at such -% paragraphs. -% -% The paragraph indentation is suppressed or not by calling -% \suppressfirstparagraphindent, which the sectioning commands do. -% We switch the definition of this back and forth according to WORD. -% By default, we suppress indentation. -% -\def\suppressfirstparagraphindent{\dosuppressfirstparagraphindent} -\def\insertword{insert} -% -\parseargdef\firstparagraphindent{% - \def\temp{#1}% - \ifx\temp\noneword - \let\suppressfirstparagraphindent = \dosuppressfirstparagraphindent - \else\ifx\temp\insertword - \let\suppressfirstparagraphindent = \relax - \else - \errhelp = \EMsimple - \errmessage{Unknown @firstparagraphindent option `\temp'}% - \fi\fi -} - -% Here is how we actually suppress indentation. Redefine \everypar to -% \kern backwards by \parindent, and then reset itself to empty. -% -% We also make \indent itself not actually do anything until the next -% paragraph. -% -\gdef\dosuppressfirstparagraphindent{% - \gdef\indent{% - \restorefirstparagraphindent - \indent - }% - \gdef\noindent{% - \restorefirstparagraphindent - \noindent - }% - \global\everypar = {% - \kern -\parindent - \restorefirstparagraphindent - }% -} - -\gdef\restorefirstparagraphindent{% - \global \let \indent = \ptexindent - \global \let \noindent = \ptexnoindent - \global \everypar = {}% -} - - -% @asis just yields its argument. Used with @table, for example. -% -\def\asis#1{#1} - -% @math outputs its argument in math mode. -% -% One complication: _ usually means subscripts, but it could also mean -% an actual _ character, as in @math{@var{some_variable} + 1}. So make -% _ active, and distinguish by seeing if the current family is \slfam, -% which is what @var uses. -{ - \catcode`\_ = \active - \gdef\mathunderscore{% - \catcode`\_=\active - \def_{\ifnum\fam=\slfam \_\else\sb\fi}% - } -} -% Another complication: we want \\ (and @\) to output a \ character. -% FYI, plain.tex uses \\ as a temporary control sequence (why?), but -% this is not advertised and we don't care. Texinfo does not -% otherwise define @\. -% -% The \mathchar is class=0=ordinary, family=7=ttfam, position=5C=\. -\def\mathbackslash{\ifnum\fam=\ttfam \mathchar"075C \else\backslash \fi} -% -\def\math{% - \tex - \mathunderscore - \let\\ = \mathbackslash - \mathactive - $\finishmath -} -\def\finishmath#1{#1$\endgroup} % Close the group opened by \tex. - -% Some active characters (such as <) are spaced differently in math. -% We have to reset their definitions in case the @math was an argument -% to a command which sets the catcodes (such as @item or @section). -% -{ - \catcode`^ = \active - \catcode`< = \active - \catcode`> = \active - \catcode`+ = \active - \gdef\mathactive{% - \let^ = \ptexhat - \let< = \ptexless - \let> = \ptexgtr - \let+ = \ptexplus - } -} - -% @bullet and @minus need the same treatment as @math, just above. -\def\bullet{$\ptexbullet$} -\def\minus{$-$} - -% @dots{} outputs an ellipsis using the current font. -% We do .5em per period so that it has the same spacing in the cm -% typewriter fonts as three actual period characters; on the other hand, -% in other typewriter fonts three periods are wider than 1.5em. So do -% whichever is larger. -% -\def\dots{% - \leavevmode - \setbox0=\hbox{...}% get width of three periods - \ifdim\wd0 > 1.5em - \dimen0 = \wd0 - \else - \dimen0 = 1.5em - \fi - \hbox to \dimen0{% - \hskip 0pt plus.25fil - .\hskip 0pt plus1fil - .\hskip 0pt plus1fil - .\hskip 0pt plus.5fil - }% -} - -% @enddots{} is an end-of-sentence ellipsis. -% -\def\enddots{% - \dots - \spacefactor=\endofsentencespacefactor -} - -% @comma{} is so commas can be inserted into text without messing up -% Texinfo's parsing. -% -\let\comma = , - -% @refill is a no-op. -\let\refill=\relax - -% If working on a large document in chapters, it is convenient to -% be able to disable indexing, cross-referencing, and contents, for test runs. -% This is done with @novalidate (before @setfilename). -% -\newif\iflinks \linkstrue % by default we want the aux files. -\let\novalidate = \linksfalse - -% @setfilename is done at the beginning of every texinfo file. -% So open here the files we need to have open while reading the input. -% This makes it possible to make a .fmt file for texinfo. -\def\setfilename{% - \fixbackslash % Turn off hack to swallow `\input texinfo'. - \iflinks - \tryauxfile - % Open the new aux file. TeX will close it automatically at exit. - \immediate\openout\auxfile=\jobname.aux - \fi % \openindices needs to do some work in any case. - \openindices - \let\setfilename=\comment % Ignore extra @setfilename cmds. - % - % If texinfo.cnf is present on the system, read it. - % Useful for site-wide @afourpaper, etc. - \openin 1 texinfo.cnf - \ifeof 1 \else \input texinfo.cnf \fi - \closein 1 - % - \comment % Ignore the actual filename. -} - -% Called from \setfilename. -% -\def\openindices{% - \newindex{cp}% - \newcodeindex{fn}% - \newcodeindex{vr}% - \newcodeindex{tp}% - \newcodeindex{ky}% - \newcodeindex{pg}% -} - -% @bye. -\outer\def\bye{\pagealignmacro\tracingstats=1\ptexend} - - -\message{pdf,} -% adobe `portable' document format -\newcount\tempnum -\newcount\lnkcount -\newtoks\filename -\newcount\filenamelength -\newcount\pgn -\newtoks\toksA -\newtoks\toksB -\newtoks\toksC -\newtoks\toksD -\newbox\boxA -\newcount\countA -\newif\ifpdf -\newif\ifpdfmakepagedest - -% when pdftex is run in dvi mode, \pdfoutput is defined (so \pdfoutput=1 -% can be set). So we test for \relax and 0 as well as \undefined, -% borrowed from ifpdf.sty. -\ifx\pdfoutput\undefined -\else - \ifx\pdfoutput\relax - \else - \ifcase\pdfoutput - \else - \pdftrue - \fi - \fi -\fi - -% PDF uses PostScript string constants for the names of xref targets, -% for display in the outlines, and in other places. Thus, we have to -% double any backslashes. Otherwise, a name like "\node" will be -% interpreted as a newline (\n), followed by o, d, e. Not good. -% http://www.ntg.nl/pipermail/ntg-pdftex/2004-July/000654.html -% (and related messages, the final outcome is that it is up to the TeX -% user to double the backslashes and otherwise make the string valid, so -% that's what we do). - -% double active backslashes. -% -{\catcode`\@=0 \catcode`\\=\active - @gdef@activebackslashdouble{% - @catcode`@\=@active - @let\=@doublebackslash} -} - -% To handle parens, we must adopt a different approach, since parens are -% not active characters. hyperref.dtx (which has the same problem as -% us) handles it with this amazing macro to replace tokens, with minor -% changes for Texinfo. It is included here under the GPL by permission -% from the author, Heiko Oberdiek. -% -% #1 is the tokens to replace. -% #2 is the replacement. -% #3 is the control sequence with the string. -% -\def\HyPsdSubst#1#2#3{% - \def\HyPsdReplace##1#1##2\END{% - ##1% - \ifx\\##2\\% - \else - #2% - \HyReturnAfterFi{% - \HyPsdReplace##2\END - }% - \fi - }% - \xdef#3{\expandafter\HyPsdReplace#3#1\END}% -} -\long\def\HyReturnAfterFi#1\fi{\fi#1} - -% #1 is a control sequence in which to do the replacements. -\def\backslashparens#1{% - \xdef#1{#1}% redefine it as its expansion; the definition is simply - % \lastnode when called from \setref -> \pdfmkdest. - \HyPsdSubst{(}{\realbackslash(}{#1}% - \HyPsdSubst{)}{\realbackslash)}{#1}% -} - -\newhelp\nopdfimagehelp{Texinfo supports .png, .jpg, .jpeg, and .pdf images -with PDF output, and none of those formats could be found. (.eps cannot -be supported due to the design of the PDF format; use regular TeX (DVI -output) for that.)} - -\ifpdf - \input pdfcolor - \pdfcatalog{/PageMode /UseOutlines} - % - % #1 is image name, #2 width (might be empty/whitespace), #3 height (ditto). - \def\dopdfimage#1#2#3{% - \def\imagewidth{#2}\setbox0 = \hbox{\ignorespaces #2}% - \def\imageheight{#3}\setbox2 = \hbox{\ignorespaces #3}% - % - % pdftex (and the PDF format) support .png, .jpg, .pdf (among - % others). Let's try in that order. - \let\pdfimgext=\empty - \begingroup - \openin 1 #1.png \ifeof 1 - \openin 1 #1.jpg \ifeof 1 - \openin 1 #1.jpeg \ifeof 1 - \openin 1 #1.JPG \ifeof 1 - \openin 1 #1.pdf \ifeof 1 - \errhelp = \nopdfimagehelp - \errmessage{Could not find image file #1 for pdf}% - \else \gdef\pdfimgext{pdf}% - \fi - \else \gdef\pdfimgext{JPG}% - \fi - \else \gdef\pdfimgext{jpeg}% - \fi - \else \gdef\pdfimgext{jpg}% - \fi - \else \gdef\pdfimgext{png}% - \fi - \closein 1 - \endgroup - % - % without \immediate, pdftex seg faults when the same image is - % included twice. (Version 3.14159-pre-1.0-unofficial-20010704.) - \ifnum\pdftexversion < 14 - \immediate\pdfimage - \else - \immediate\pdfximage - \fi - \ifdim \wd0 >0pt width \imagewidth \fi - \ifdim \wd2 >0pt height \imageheight \fi - \ifnum\pdftexversion<13 - #1.\pdfimgext - \else - {#1.\pdfimgext}% - \fi - \ifnum\pdftexversion < 14 \else - \pdfrefximage \pdflastximage - \fi} - % - \def\pdfmkdest#1{{% - % We have to set dummies so commands such as @code, and characters - % such as \, aren't expanded when present in a section title. - \indexnofonts - \turnoffactive - \activebackslashdouble - \makevalueexpandable - \def\pdfdestname{#1}% - \backslashparens\pdfdestname - \safewhatsit{\pdfdest name{\pdfdestname} xyz}% - }} - % - % used to mark target names; must be expandable. - \def\pdfmkpgn#1{#1} - % - % by default, use a color that is dark enough to print on paper as - % nearly black, but still distinguishable for online viewing. - % (Defined in pdfcolor.tex.) - \let\urlcolor = \BrickRed - \let\linkcolor = \BrickRed - \def\endlink{\Black\pdfendlink} - % - % Adding outlines to PDF; macros for calculating structure of outlines - % come from Petr Olsak - \def\expnumber#1{\expandafter\ifx\csname#1\endcsname\relax 0% - \else \csname#1\endcsname \fi} - \def\advancenumber#1{\tempnum=\expnumber{#1}\relax - \advance\tempnum by 1 - \expandafter\xdef\csname#1\endcsname{\the\tempnum}} - % - % #1 is the section text, which is what will be displayed in the - % outline by the pdf viewer. #2 is the pdf expression for the number - % of subentries (or empty, for subsubsections). #3 is the node text, - % which might be empty if this toc entry had no corresponding node. - % #4 is the page number - % - \def\dopdfoutline#1#2#3#4{% - % Generate a link to the node text if that exists; else, use the - % page number. We could generate a destination for the section - % text in the case where a section has no node, but it doesn't - % seem worth the trouble, since most documents are normally structured. - \def\pdfoutlinedest{#3}% - \ifx\pdfoutlinedest\empty - \def\pdfoutlinedest{#4}% - \else - % Doubled backslashes in the name. - {\activebackslashdouble \xdef\pdfoutlinedest{#3}% - \backslashparens\pdfoutlinedest}% - \fi - % - % Also double the backslashes in the display string. - {\activebackslashdouble \xdef\pdfoutlinetext{#1}% - \backslashparens\pdfoutlinetext}% - % - \pdfoutline goto name{\pdfmkpgn{\pdfoutlinedest}}#2{\pdfoutlinetext}% - } - % - \def\pdfmakeoutlines{% - \begingroup - % Thanh's hack / proper braces in bookmarks - \edef\mylbrace{\iftrue \string{\else}\fi}\let\{=\mylbrace - \edef\myrbrace{\iffalse{\else\string}\fi}\let\}=\myrbrace - % - % Read toc silently, to get counts of subentries for \pdfoutline. - \def\numchapentry##1##2##3##4{% - \def\thischapnum{##2}% - \def\thissecnum{0}% - \def\thissubsecnum{0}% - }% - \def\numsecentry##1##2##3##4{% - \advancenumber{chap\thischapnum}% - \def\thissecnum{##2}% - \def\thissubsecnum{0}% - }% - \def\numsubsecentry##1##2##3##4{% - \advancenumber{sec\thissecnum}% - \def\thissubsecnum{##2}% - }% - \def\numsubsubsecentry##1##2##3##4{% - \advancenumber{subsec\thissubsecnum}% - }% - \def\thischapnum{0}% - \def\thissecnum{0}% - \def\thissubsecnum{0}% - % - % use \def rather than \let here because we redefine \chapentry et - % al. a second time, below. - \def\appentry{\numchapentry}% - \def\appsecentry{\numsecentry}% - \def\appsubsecentry{\numsubsecentry}% - \def\appsubsubsecentry{\numsubsubsecentry}% - \def\unnchapentry{\numchapentry}% - \def\unnsecentry{\numsecentry}% - \def\unnsubsecentry{\numsubsecentry}% - \def\unnsubsubsecentry{\numsubsubsecentry}% - \readdatafile{toc}% - % - % Read toc second time, this time actually producing the outlines. - % The `-' means take the \expnumber as the absolute number of - % subentries, which we calculated on our first read of the .toc above. - % - % We use the node names as the destinations. - \def\numchapentry##1##2##3##4{% - \dopdfoutline{##1}{count-\expnumber{chap##2}}{##3}{##4}}% - \def\numsecentry##1##2##3##4{% - \dopdfoutline{##1}{count-\expnumber{sec##2}}{##3}{##4}}% - \def\numsubsecentry##1##2##3##4{% - \dopdfoutline{##1}{count-\expnumber{subsec##2}}{##3}{##4}}% - \def\numsubsubsecentry##1##2##3##4{% count is always zero - \dopdfoutline{##1}{}{##3}{##4}}% - % - % PDF outlines are displayed using system fonts, instead of - % document fonts. Therefore we cannot use special characters, - % since the encoding is unknown. For example, the eogonek from - % Latin 2 (0xea) gets translated to a | character. Info from - % Staszek Wawrykiewicz, 19 Jan 2004 04:09:24 +0100. - % - % xx to do this right, we have to translate 8-bit characters to - % their "best" equivalent, based on the @documentencoding. Right - % now, I guess we'll just let the pdf reader have its way. - \indexnofonts - \setupdatafile - \catcode`\\=\active \otherbackslash - \input \jobname.toc - \endgroup - } - % - \def\skipspaces#1{\def\PP{#1}\def\D{|}% - \ifx\PP\D\let\nextsp\relax - \else\let\nextsp\skipspaces - \ifx\p\space\else\addtokens{\filename}{\PP}% - \advance\filenamelength by 1 - \fi - \fi - \nextsp} - \def\getfilename#1{\filenamelength=0\expandafter\skipspaces#1|\relax} - \ifnum\pdftexversion < 14 - \let \startlink \pdfannotlink - \else - \let \startlink \pdfstartlink - \fi - % make a live url in pdf output. - \def\pdfurl#1{% - \begingroup - % it seems we really need yet another set of dummies; have not - % tried to figure out what each command should do in the context - % of @url. for now, just make @/ a no-op, that's the only one - % people have actually reported a problem with. - % - \normalturnoffactive - \def\@{@}% - \let\/=\empty - \makevalueexpandable - \leavevmode\urlcolor - \startlink attr{/Border [0 0 0]}% - user{/Subtype /Link /A << /S /URI /URI (#1) >>}% - \endgroup} - \def\pdfgettoks#1.{\setbox\boxA=\hbox{\toksA={#1.}\toksB={}\maketoks}} - \def\addtokens#1#2{\edef\addtoks{\noexpand#1={\the#1#2}}\addtoks} - \def\adn#1{\addtokens{\toksC}{#1}\global\countA=1\let\next=\maketoks} - \def\poptoks#1#2|ENDTOKS|{\let\first=#1\toksD={#1}\toksA={#2}} - \def\maketoks{% - \expandafter\poptoks\the\toksA|ENDTOKS|\relax - \ifx\first0\adn0 - \else\ifx\first1\adn1 \else\ifx\first2\adn2 \else\ifx\first3\adn3 - \else\ifx\first4\adn4 \else\ifx\first5\adn5 \else\ifx\first6\adn6 - \else\ifx\first7\adn7 \else\ifx\first8\adn8 \else\ifx\first9\adn9 - \else - \ifnum0=\countA\else\makelink\fi - \ifx\first.\let\next=\done\else - \let\next=\maketoks - \addtokens{\toksB}{\the\toksD} - \ifx\first,\addtokens{\toksB}{\space}\fi - \fi - \fi\fi\fi\fi\fi\fi\fi\fi\fi\fi - \next} - \def\makelink{\addtokens{\toksB}% - {\noexpand\pdflink{\the\toksC}}\toksC={}\global\countA=0} - \def\pdflink#1{% - \startlink attr{/Border [0 0 0]} goto name{\pdfmkpgn{#1}} - \linkcolor #1\endlink} - \def\done{\edef\st{\global\noexpand\toksA={\the\toksB}}\st} -\else - \let\pdfmkdest = \gobble - \let\pdfurl = \gobble - \let\endlink = \relax - \let\linkcolor = \relax - \let\pdfmakeoutlines = \relax -\fi % \ifx\pdfoutput - - -\message{fonts,} - -% Change the current font style to #1, remembering it in \curfontstyle. -% For now, we do not accumulate font styles: @b{@i{foo}} prints foo in -% italics, not bold italics. -% -\def\setfontstyle#1{% - \def\curfontstyle{#1}% not as a control sequence, because we are \edef'd. - \csname ten#1\endcsname % change the current font -} - -% Select #1 fonts with the current style. -% -\def\selectfonts#1{\csname #1fonts\endcsname \csname\curfontstyle\endcsname} - -\def\rm{\fam=0 \setfontstyle{rm}} -\def\it{\fam=\itfam \setfontstyle{it}} -\def\sl{\fam=\slfam \setfontstyle{sl}} -\def\bf{\fam=\bffam \setfontstyle{bf}}\def\bfstylename{bf} -\def\tt{\fam=\ttfam \setfontstyle{tt}} - -% Texinfo sort of supports the sans serif font style, which plain TeX does not. -% So we set up a \sf. -\newfam\sffam -\def\sf{\fam=\sffam \setfontstyle{sf}} -\let\li = \sf % Sometimes we call it \li, not \sf. - -% We don't need math for this font style. -\def\ttsl{\setfontstyle{ttsl}} - - -% Default leading. -\newdimen\textleading \textleading = 13.2pt - -% Set the baselineskip to #1, and the lineskip and strut size -% correspondingly. There is no deep meaning behind these magic numbers -% used as factors; they just match (closely enough) what Knuth defined. -% -\def\lineskipfactor{.08333} -\def\strutheightpercent{.70833} -\def\strutdepthpercent {.29167} -% -\def\setleading#1{% - \normalbaselineskip = #1\relax - \normallineskip = \lineskipfactor\normalbaselineskip - \normalbaselines - \setbox\strutbox =\hbox{% - \vrule width0pt height\strutheightpercent\baselineskip - depth \strutdepthpercent \baselineskip - }% -} - -% -% PDF CMaps. See also LaTeX's t1.cmap. -% -% \cmapOT1 -\ifpdf - \begingroup - \catcode`\^^M=\active \def^^M{^^J}% Output line endings as the ^^J char. - \catcode`\%=12 \immediate\pdfobj stream {%!PS-Adobe-3.0 Resource-CMap -%%DocumentNeededResources: ProcSet (CIDInit) -%%IncludeResource: ProcSet (CIDInit) -%%BeginResource: CMap (TeX-OT1-0) -%%Title: (TeX-OT1-0 TeX OT1 0) -%%Version: 1.000 -%%EndComments -/CIDInit /ProcSet findresource begin -12 dict begin -begincmap -/CIDSystemInfo -<< /Registry (TeX) -/Ordering (OT1) -/Supplement 0 ->> def -/CMapName /TeX-OT1-0 def -/CMapType 2 def -1 begincodespacerange -<00> <7F> -endcodespacerange -8 beginbfrange -<00> <01> <0393> -<09> <0A> <03A8> -<23> <26> <0023> -<28> <3B> <0028> -<3F> <5B> <003F> -<5D> <5E> <005D> -<61> <7A> <0061> -<7B> <7C> <2013> -endbfrange -40 beginbfchar -<02> <0398> -<03> <039B> -<04> <039E> -<05> <03A0> -<06> <03A3> -<07> <03D2> -<08> <03A6> -<0B> <00660066> -<0C> <00660069> -<0D> <0066006C> -<0E> <006600660069> -<0F> <00660066006C> -<10> <0131> -<11> <0237> -<12> <0060> -<13> <00B4> -<14> <02C7> -<15> <02D8> -<16> <00AF> -<17> <02DA> -<18> <00B8> -<19> <00DF> -<1A> <00E6> -<1B> <0153> -<1C> <00F8> -<1D> <00C6> -<1E> <0152> -<1F> <00D8> -<21> <0021> -<22> <201D> -<27> <2019> -<3C> <00A1> -<3D> <003D> -<3E> <00BF> -<5C> <201C> -<5F> <02D9> -<60> <2018> -<7D> <02DD> -<7E> <007E> -<7F> <00A8> -endbfchar -endcmap -CMapName currentdict /CMap defineresource pop -end -end -%%EndResource -%%EOF - }\endgroup - \expandafter\edef\csname cmapOT1\endcsname#1{% - \pdffontattr#1{/ToUnicode \the\pdflastobj\space 0 R}% - }% -% -% \cmapOT1IT - \begingroup - \catcode`\^^M=\active \def^^M{^^J}% Output line endings as the ^^J char. - \catcode`\%=12 \immediate\pdfobj stream {%!PS-Adobe-3.0 Resource-CMap -%%DocumentNeededResources: ProcSet (CIDInit) -%%IncludeResource: ProcSet (CIDInit) -%%BeginResource: CMap (TeX-OT1IT-0) -%%Title: (TeX-OT1IT-0 TeX OT1IT 0) -%%Version: 1.000 -%%EndComments -/CIDInit /ProcSet findresource begin -12 dict begin -begincmap -/CIDSystemInfo -<< /Registry (TeX) -/Ordering (OT1IT) -/Supplement 0 ->> def -/CMapName /TeX-OT1IT-0 def -/CMapType 2 def -1 begincodespacerange -<00> <7F> -endcodespacerange -8 beginbfrange -<00> <01> <0393> -<09> <0A> <03A8> -<25> <26> <0025> -<28> <3B> <0028> -<3F> <5B> <003F> -<5D> <5E> <005D> -<61> <7A> <0061> -<7B> <7C> <2013> -endbfrange -42 beginbfchar -<02> <0398> -<03> <039B> -<04> <039E> -<05> <03A0> -<06> <03A3> -<07> <03D2> -<08> <03A6> -<0B> <00660066> -<0C> <00660069> -<0D> <0066006C> -<0E> <006600660069> -<0F> <00660066006C> -<10> <0131> -<11> <0237> -<12> <0060> -<13> <00B4> -<14> <02C7> -<15> <02D8> -<16> <00AF> -<17> <02DA> -<18> <00B8> -<19> <00DF> -<1A> <00E6> -<1B> <0153> -<1C> <00F8> -<1D> <00C6> -<1E> <0152> -<1F> <00D8> -<21> <0021> -<22> <201D> -<23> <0023> -<24> <00A3> -<27> <2019> -<3C> <00A1> -<3D> <003D> -<3E> <00BF> -<5C> <201C> -<5F> <02D9> -<60> <2018> -<7D> <02DD> -<7E> <007E> -<7F> <00A8> -endbfchar -endcmap -CMapName currentdict /CMap defineresource pop -end -end -%%EndResource -%%EOF - }\endgroup - \expandafter\edef\csname cmapOT1IT\endcsname#1{% - \pdffontattr#1{/ToUnicode \the\pdflastobj\space 0 R}% - }% -% -% \cmapOT1TT - \begingroup - \catcode`\^^M=\active \def^^M{^^J}% Output line endings as the ^^J char. - \catcode`\%=12 \immediate\pdfobj stream {%!PS-Adobe-3.0 Resource-CMap -%%DocumentNeededResources: ProcSet (CIDInit) -%%IncludeResource: ProcSet (CIDInit) -%%BeginResource: CMap (TeX-OT1TT-0) -%%Title: (TeX-OT1TT-0 TeX OT1TT 0) -%%Version: 1.000 -%%EndComments -/CIDInit /ProcSet findresource begin -12 dict begin -begincmap -/CIDSystemInfo -<< /Registry (TeX) -/Ordering (OT1TT) -/Supplement 0 ->> def -/CMapName /TeX-OT1TT-0 def -/CMapType 2 def -1 begincodespacerange -<00> <7F> -endcodespacerange -5 beginbfrange -<00> <01> <0393> -<09> <0A> <03A8> -<21> <26> <0021> -<28> <5F> <0028> -<61> <7E> <0061> -endbfrange -32 beginbfchar -<02> <0398> -<03> <039B> -<04> <039E> -<05> <03A0> -<06> <03A3> -<07> <03D2> -<08> <03A6> -<0B> <2191> -<0C> <2193> -<0D> <0027> -<0E> <00A1> -<0F> <00BF> -<10> <0131> -<11> <0237> -<12> <0060> -<13> <00B4> -<14> <02C7> -<15> <02D8> -<16> <00AF> -<17> <02DA> -<18> <00B8> -<19> <00DF> -<1A> <00E6> -<1B> <0153> -<1C> <00F8> -<1D> <00C6> -<1E> <0152> -<1F> <00D8> -<20> <2423> -<27> <2019> -<60> <2018> -<7F> <00A8> -endbfchar -endcmap -CMapName currentdict /CMap defineresource pop -end -end -%%EndResource -%%EOF - }\endgroup - \expandafter\edef\csname cmapOT1TT\endcsname#1{% - \pdffontattr#1{/ToUnicode \the\pdflastobj\space 0 R}% - }% -\else - \expandafter\let\csname cmapOT1\endcsname\gobble - \expandafter\let\csname cmapOT1IT\endcsname\gobble - \expandafter\let\csname cmapOT1TT\endcsname\gobble -\fi - - -% Set the font macro #1 to the font named #2, adding on the -% specified font prefix (normally `cm'). -% #3 is the font's design size, #4 is a scale factor, #5 is the CMap -% encoding (currently only OT1, OT1IT and OT1TT are allowed, pass -% empty to omit). -\def\setfont#1#2#3#4#5{% - \font#1=\fontprefix#2#3 scaled #4 - \csname cmap#5\endcsname#1% -} -% This is what gets called when #5 of \setfont is empty. -\let\cmap\gobble - - -% Use cm as the default font prefix. -% To specify the font prefix, you must define \fontprefix -% before you read in texinfo.tex. -\ifx\fontprefix\undefined -\def\fontprefix{cm} -\fi -% Support font families that don't use the same naming scheme as CM. -\def\rmshape{r} -\def\rmbshape{bx} %where the normal face is bold -\def\bfshape{b} -\def\bxshape{bx} -\def\ttshape{tt} -\def\ttbshape{tt} -\def\ttslshape{sltt} -\def\itshape{ti} -\def\itbshape{bxti} -\def\slshape{sl} -\def\slbshape{bxsl} -\def\sfshape{ss} -\def\sfbshape{ss} -\def\scshape{csc} -\def\scbshape{csc} - -% Definitions for a main text size of 11pt. This is the default in -% Texinfo. -% -\def\definetextfontsizexi{% -% Text fonts (11.2pt, magstep1). -\def\textnominalsize{11pt} -\edef\mainmagstep{\magstephalf} -\setfont\textrm\rmshape{10}{\mainmagstep}{OT1} -\setfont\texttt\ttshape{10}{\mainmagstep}{OT1TT} -\setfont\textbf\bfshape{10}{\mainmagstep}{OT1} -\setfont\textit\itshape{10}{\mainmagstep}{OT1IT} -\setfont\textsl\slshape{10}{\mainmagstep}{OT1} -\setfont\textsf\sfshape{10}{\mainmagstep}{OT1} -\setfont\textsc\scshape{10}{\mainmagstep}{OT1} -\setfont\textttsl\ttslshape{10}{\mainmagstep}{OT1TT} -\font\texti=cmmi10 scaled \mainmagstep -\font\textsy=cmsy10 scaled \mainmagstep - -% A few fonts for @defun names and args. -\setfont\defbf\bfshape{10}{\magstep1}{OT1} -\setfont\deftt\ttshape{10}{\magstep1}{OT1TT} -\setfont\defttsl\ttslshape{10}{\magstep1}{OT1TT} -\def\df{\let\tentt=\deftt \let\tenbf = \defbf \let\tenttsl=\defttsl \bf} - -% Fonts for indices, footnotes, small examples (9pt). -\def\smallnominalsize{9pt} -\setfont\smallrm\rmshape{9}{1000}{OT1} -\setfont\smalltt\ttshape{9}{1000}{OT1TT} -\setfont\smallbf\bfshape{10}{900}{OT1} -\setfont\smallit\itshape{9}{1000}{OT1IT} -\setfont\smallsl\slshape{9}{1000}{OT1} -\setfont\smallsf\sfshape{9}{1000}{OT1} -\setfont\smallsc\scshape{10}{900}{OT1} -\setfont\smallttsl\ttslshape{10}{900}{OT1TT} -\font\smalli=cmmi9 -\font\smallsy=cmsy9 - -% Fonts for small examples (8pt). -\def\smallernominalsize{8pt} -\setfont\smallerrm\rmshape{8}{1000}{OT1} -\setfont\smallertt\ttshape{8}{1000}{OT1TT} -\setfont\smallerbf\bfshape{10}{800}{OT1} -\setfont\smallerit\itshape{8}{1000}{OT1IT} -\setfont\smallersl\slshape{8}{1000}{OT1} -\setfont\smallersf\sfshape{8}{1000}{OT1} -\setfont\smallersc\scshape{10}{800}{OT1} -\setfont\smallerttsl\ttslshape{10}{800}{OT1TT} -\font\smalleri=cmmi8 -\font\smallersy=cmsy8 - -% Fonts for title page (20.4pt): -\def\titlenominalsize{20pt} -\setfont\titlerm\rmbshape{12}{\magstep3}{OT1} -\setfont\titleit\itbshape{10}{\magstep4}{OT1IT} -\setfont\titlesl\slbshape{10}{\magstep4}{OT1} -\setfont\titlett\ttbshape{12}{\magstep3}{OT1TT} -\setfont\titlettsl\ttslshape{10}{\magstep4}{OT1TT} -\setfont\titlesf\sfbshape{17}{\magstep1}{OT1} -\let\titlebf=\titlerm -\setfont\titlesc\scbshape{10}{\magstep4}{OT1} -\font\titlei=cmmi12 scaled \magstep3 -\font\titlesy=cmsy10 scaled \magstep4 -\def\authorrm{\secrm} -\def\authortt{\sectt} - -% Chapter (and unnumbered) fonts (17.28pt). -\def\chapnominalsize{17pt} -\setfont\chaprm\rmbshape{12}{\magstep2}{OT1} -\setfont\chapit\itbshape{10}{\magstep3}{OT1IT} -\setfont\chapsl\slbshape{10}{\magstep3}{OT1} -\setfont\chaptt\ttbshape{12}{\magstep2}{OT1TT} -\setfont\chapttsl\ttslshape{10}{\magstep3}{OT1TT} -\setfont\chapsf\sfbshape{17}{1000}{OT1} -\let\chapbf=\chaprm -\setfont\chapsc\scbshape{10}{\magstep3}{OT1} -\font\chapi=cmmi12 scaled \magstep2 -\font\chapsy=cmsy10 scaled \magstep3 - -% Section fonts (14.4pt). -\def\secnominalsize{14pt} -\setfont\secrm\rmbshape{12}{\magstep1}{OT1} -\setfont\secit\itbshape{10}{\magstep2}{OT1IT} -\setfont\secsl\slbshape{10}{\magstep2}{OT1} -\setfont\sectt\ttbshape{12}{\magstep1}{OT1TT} -\setfont\secttsl\ttslshape{10}{\magstep2}{OT1TT} -\setfont\secsf\sfbshape{12}{\magstep1}{OT1} -\let\secbf\secrm -\setfont\secsc\scbshape{10}{\magstep2}{OT1} -\font\seci=cmmi12 scaled \magstep1 -\font\secsy=cmsy10 scaled \magstep2 - -% Subsection fonts (13.15pt). -\def\ssecnominalsize{13pt} -\setfont\ssecrm\rmbshape{12}{\magstephalf}{OT1} -\setfont\ssecit\itbshape{10}{1315}{OT1IT} -\setfont\ssecsl\slbshape{10}{1315}{OT1} -\setfont\ssectt\ttbshape{12}{\magstephalf}{OT1TT} -\setfont\ssecttsl\ttslshape{10}{1315}{OT1TT} -\setfont\ssecsf\sfbshape{12}{\magstephalf}{OT1} -\let\ssecbf\ssecrm -\setfont\ssecsc\scbshape{10}{1315}{OT1} -\font\sseci=cmmi12 scaled \magstephalf -\font\ssecsy=cmsy10 scaled 1315 - -% Reduced fonts for @acro in text (10pt). -\def\reducednominalsize{10pt} -\setfont\reducedrm\rmshape{10}{1000}{OT1} -\setfont\reducedtt\ttshape{10}{1000}{OT1TT} -\setfont\reducedbf\bfshape{10}{1000}{OT1} -\setfont\reducedit\itshape{10}{1000}{OT1IT} -\setfont\reducedsl\slshape{10}{1000}{OT1} -\setfont\reducedsf\sfshape{10}{1000}{OT1} -\setfont\reducedsc\scshape{10}{1000}{OT1} -\setfont\reducedttsl\ttslshape{10}{1000}{OT1TT} -\font\reducedi=cmmi10 -\font\reducedsy=cmsy10 - -% reset the current fonts -\textfonts -\rm -} % end of 11pt text font size definitions - - -% Definitions to make the main text be 10pt Computer Modern, with -% section, chapter, etc., sizes following suit. This is for the GNU -% Press printing of the Emacs 22 manual. Maybe other manuals in the -% future. Used with @smallbook, which sets the leading to 12pt. -% -\def\definetextfontsizex{% -% Text fonts (10pt). -\def\textnominalsize{10pt} -\edef\mainmagstep{1000} -\setfont\textrm\rmshape{10}{\mainmagstep}{OT1} -\setfont\texttt\ttshape{10}{\mainmagstep}{OT1TT} -\setfont\textbf\bfshape{10}{\mainmagstep}{OT1} -\setfont\textit\itshape{10}{\mainmagstep}{OT1IT} -\setfont\textsl\slshape{10}{\mainmagstep}{OT1} -\setfont\textsf\sfshape{10}{\mainmagstep}{OT1} -\setfont\textsc\scshape{10}{\mainmagstep}{OT1} -\setfont\textttsl\ttslshape{10}{\mainmagstep}{OT1TT} -\font\texti=cmmi10 scaled \mainmagstep -\font\textsy=cmsy10 scaled \mainmagstep - -% A few fonts for @defun names and args. -\setfont\defbf\bfshape{10}{\magstephalf}{OT1} -\setfont\deftt\ttshape{10}{\magstephalf}{OT1TT} -\setfont\defttsl\ttslshape{10}{\magstephalf}{OT1TT} -\def\df{\let\tentt=\deftt \let\tenbf = \defbf \let\tenttsl=\defttsl \bf} - -% Fonts for indices, footnotes, small examples (9pt). -\def\smallnominalsize{9pt} -\setfont\smallrm\rmshape{9}{1000}{OT1} -\setfont\smalltt\ttshape{9}{1000}{OT1TT} -\setfont\smallbf\bfshape{10}{900}{OT1} -\setfont\smallit\itshape{9}{1000}{OT1IT} -\setfont\smallsl\slshape{9}{1000}{OT1} -\setfont\smallsf\sfshape{9}{1000}{OT1} -\setfont\smallsc\scshape{10}{900}{OT1} -\setfont\smallttsl\ttslshape{10}{900}{OT1TT} -\font\smalli=cmmi9 -\font\smallsy=cmsy9 - -% Fonts for small examples (8pt). -\def\smallernominalsize{8pt} -\setfont\smallerrm\rmshape{8}{1000}{OT1} -\setfont\smallertt\ttshape{8}{1000}{OT1TT} -\setfont\smallerbf\bfshape{10}{800}{OT1} -\setfont\smallerit\itshape{8}{1000}{OT1IT} -\setfont\smallersl\slshape{8}{1000}{OT1} -\setfont\smallersf\sfshape{8}{1000}{OT1} -\setfont\smallersc\scshape{10}{800}{OT1} -\setfont\smallerttsl\ttslshape{10}{800}{OT1TT} -\font\smalleri=cmmi8 -\font\smallersy=cmsy8 - -% Fonts for title page (20.4pt): -\def\titlenominalsize{20pt} -\setfont\titlerm\rmbshape{12}{\magstep3}{OT1} -\setfont\titleit\itbshape{10}{\magstep4}{OT1IT} -\setfont\titlesl\slbshape{10}{\magstep4}{OT1} -\setfont\titlett\ttbshape{12}{\magstep3}{OT1TT} -\setfont\titlettsl\ttslshape{10}{\magstep4}{OT1TT} -\setfont\titlesf\sfbshape{17}{\magstep1}{OT1} -\let\titlebf=\titlerm -\setfont\titlesc\scbshape{10}{\magstep4}{OT1} -\font\titlei=cmmi12 scaled \magstep3 -\font\titlesy=cmsy10 scaled \magstep4 -\def\authorrm{\secrm} -\def\authortt{\sectt} - -% Chapter fonts (14.4pt). -\def\chapnominalsize{14pt} -\setfont\chaprm\rmbshape{12}{\magstep1}{OT1} -\setfont\chapit\itbshape{10}{\magstep2}{OT1IT} -\setfont\chapsl\slbshape{10}{\magstep2}{OT1} -\setfont\chaptt\ttbshape{12}{\magstep1}{OT1TT} -\setfont\chapttsl\ttslshape{10}{\magstep2}{OT1TT} -\setfont\chapsf\sfbshape{12}{\magstep1}{OT1} -\let\chapbf\chaprm -\setfont\chapsc\scbshape{10}{\magstep2}{OT1} -\font\chapi=cmmi12 scaled \magstep1 -\font\chapsy=cmsy10 scaled \magstep2 - -% Section fonts (12pt). -\def\secnominalsize{12pt} -\setfont\secrm\rmbshape{12}{1000}{OT1} -\setfont\secit\itbshape{10}{\magstep1}{OT1IT} -\setfont\secsl\slbshape{10}{\magstep1}{OT1} -\setfont\sectt\ttbshape{12}{1000}{OT1TT} -\setfont\secttsl\ttslshape{10}{\magstep1}{OT1TT} -\setfont\secsf\sfbshape{12}{1000}{OT1} -\let\secbf\secrm -\setfont\secsc\scbshape{10}{\magstep1}{OT1} -\font\seci=cmmi12 -\font\secsy=cmsy10 scaled \magstep1 - -% Subsection fonts (10pt). -\def\ssecnominalsize{10pt} -\setfont\ssecrm\rmbshape{10}{1000}{OT1} -\setfont\ssecit\itbshape{10}{1000}{OT1IT} -\setfont\ssecsl\slbshape{10}{1000}{OT1} -\setfont\ssectt\ttbshape{10}{1000}{OT1TT} -\setfont\ssecttsl\ttslshape{10}{1000}{OT1TT} -\setfont\ssecsf\sfbshape{10}{1000}{OT1} -\let\ssecbf\ssecrm -\setfont\ssecsc\scbshape{10}{1000}{OT1} -\font\sseci=cmmi10 -\font\ssecsy=cmsy10 - -% Reduced fonts for @acro in text (9pt). -\def\reducednominalsize{9pt} -\setfont\reducedrm\rmshape{9}{1000}{OT1} -\setfont\reducedtt\ttshape{9}{1000}{OT1TT} -\setfont\reducedbf\bfshape{10}{900}{OT1} -\setfont\reducedit\itshape{9}{1000}{OT1IT} -\setfont\reducedsl\slshape{9}{1000}{OT1} -\setfont\reducedsf\sfshape{9}{1000}{OT1} -\setfont\reducedsc\scshape{10}{900}{OT1} -\setfont\reducedttsl\ttslshape{10}{900}{OT1TT} -\font\reducedi=cmmi9 -\font\reducedsy=cmsy9 - -% reduce space between paragraphs -\divide\parskip by 2 - -% reset the current fonts -\textfonts -\rm -} % end of 10pt text font size definitions - - -% We provide the user-level command -% @fonttextsize 10 -% (or 11) to redefine the text font size. pt is assumed. -% -\def\xword{10} -\def\xiword{11} -% -\parseargdef\fonttextsize{% - \def\textsizearg{#1}% - \wlog{doing @fonttextsize \textsizearg}% - % - % Set \globaldefs so that documents can use this inside @tex, since - % makeinfo 4.8 does not support it, but we need it nonetheless. - % - \begingroup \globaldefs=1 - \ifx\textsizearg\xword \definetextfontsizex - \else \ifx\textsizearg\xiword \definetextfontsizexi - \else - \errhelp=\EMsimple - \errmessage{@fonttextsize only supports `10' or `11', not `\textsizearg'} - \fi\fi - \endgroup -} - - -% In order for the font changes to affect most math symbols and letters, -% we have to define the \textfont of the standard families. Since -% texinfo doesn't allow for producing subscripts and superscripts except -% in the main text, we don't bother to reset \scriptfont and -% \scriptscriptfont (which would also require loading a lot more fonts). -% -\def\resetmathfonts{% - \textfont0=\tenrm \textfont1=\teni \textfont2=\tensy - \textfont\itfam=\tenit \textfont\slfam=\tensl \textfont\bffam=\tenbf - \textfont\ttfam=\tentt \textfont\sffam=\tensf -} - -% The font-changing commands redefine the meanings of \tenSTYLE, instead -% of just \STYLE. We do this because \STYLE needs to also set the -% current \fam for math mode. Our \STYLE (e.g., \rm) commands hardwire -% \tenSTYLE to set the current font. -% -% Each font-changing command also sets the names \lsize (one size lower) -% and \lllsize (three sizes lower). These relative commands are used in -% the LaTeX logo and acronyms. -% -% This all needs generalizing, badly. -% -\def\textfonts{% - \let\tenrm=\textrm \let\tenit=\textit \let\tensl=\textsl - \let\tenbf=\textbf \let\tentt=\texttt \let\smallcaps=\textsc - \let\tensf=\textsf \let\teni=\texti \let\tensy=\textsy - \let\tenttsl=\textttsl - \def\curfontsize{text}% - \def\lsize{reduced}\def\lllsize{smaller}% - \resetmathfonts \setleading{\textleading}} -\def\titlefonts{% - \let\tenrm=\titlerm \let\tenit=\titleit \let\tensl=\titlesl - \let\tenbf=\titlebf \let\tentt=\titlett \let\smallcaps=\titlesc - \let\tensf=\titlesf \let\teni=\titlei \let\tensy=\titlesy - \let\tenttsl=\titlettsl - \def\curfontsize{title}% - \def\lsize{chap}\def\lllsize{subsec}% - \resetmathfonts \setleading{25pt}} -\def\titlefont#1{{\titlefonts\rm #1}} -\def\chapfonts{% - \let\tenrm=\chaprm \let\tenit=\chapit \let\tensl=\chapsl - \let\tenbf=\chapbf \let\tentt=\chaptt \let\smallcaps=\chapsc - \let\tensf=\chapsf \let\teni=\chapi \let\tensy=\chapsy - \let\tenttsl=\chapttsl - \def\curfontsize{chap}% - \def\lsize{sec}\def\lllsize{text}% - \resetmathfonts \setleading{19pt}} -\def\secfonts{% - \let\tenrm=\secrm \let\tenit=\secit \let\tensl=\secsl - \let\tenbf=\secbf \let\tentt=\sectt \let\smallcaps=\secsc - \let\tensf=\secsf \let\teni=\seci \let\tensy=\secsy - \let\tenttsl=\secttsl - \def\curfontsize{sec}% - \def\lsize{subsec}\def\lllsize{reduced}% - \resetmathfonts \setleading{16pt}} -\def\subsecfonts{% - \let\tenrm=\ssecrm \let\tenit=\ssecit \let\tensl=\ssecsl - \let\tenbf=\ssecbf \let\tentt=\ssectt \let\smallcaps=\ssecsc - \let\tensf=\ssecsf \let\teni=\sseci \let\tensy=\ssecsy - \let\tenttsl=\ssecttsl - \def\curfontsize{ssec}% - \def\lsize{text}\def\lllsize{small}% - \resetmathfonts \setleading{15pt}} -\let\subsubsecfonts = \subsecfonts -\def\reducedfonts{% - \let\tenrm=\reducedrm \let\tenit=\reducedit \let\tensl=\reducedsl - \let\tenbf=\reducedbf \let\tentt=\reducedtt \let\reducedcaps=\reducedsc - \let\tensf=\reducedsf \let\teni=\reducedi \let\tensy=\reducedsy - \let\tenttsl=\reducedttsl - \def\curfontsize{reduced}% - \def\lsize{small}\def\lllsize{smaller}% - \resetmathfonts \setleading{10.5pt}} -\def\smallfonts{% - \let\tenrm=\smallrm \let\tenit=\smallit \let\tensl=\smallsl - \let\tenbf=\smallbf \let\tentt=\smalltt \let\smallcaps=\smallsc - \let\tensf=\smallsf \let\teni=\smalli \let\tensy=\smallsy - \let\tenttsl=\smallttsl - \def\curfontsize{small}% - \def\lsize{smaller}\def\lllsize{smaller}% - \resetmathfonts \setleading{10.5pt}} -\def\smallerfonts{% - \let\tenrm=\smallerrm \let\tenit=\smallerit \let\tensl=\smallersl - \let\tenbf=\smallerbf \let\tentt=\smallertt \let\smallcaps=\smallersc - \let\tensf=\smallersf \let\teni=\smalleri \let\tensy=\smallersy - \let\tenttsl=\smallerttsl - \def\curfontsize{smaller}% - \def\lsize{smaller}\def\lllsize{smaller}% - \resetmathfonts \setleading{9.5pt}} - -% Set the fonts to use with the @small... environments. -\let\smallexamplefonts = \smallfonts - -% About \smallexamplefonts. If we use \smallfonts (9pt), @smallexample -% can fit this many characters: -% 8.5x11=86 smallbook=72 a4=90 a5=69 -% If we use \scriptfonts (8pt), then we can fit this many characters: -% 8.5x11=90+ smallbook=80 a4=90+ a5=77 -% For me, subjectively, the few extra characters that fit aren't worth -% the additional smallness of 8pt. So I'm making the default 9pt. -% -% By the way, for comparison, here's what fits with @example (10pt): -% 8.5x11=71 smallbook=60 a4=75 a5=58 -% -% I wish the USA used A4 paper. -% --karl, 24jan03. - - -% Set up the default fonts, so we can use them for creating boxes. -% -\definetextfontsizexi - -% Define these so they can be easily changed for other fonts. -\def\angleleft{$\langle$} -\def\angleright{$\rangle$} - -% Count depth in font-changes, for error checks -\newcount\fontdepth \fontdepth=0 - -% Fonts for short table of contents. -\setfont\shortcontrm\rmshape{12}{1000}{OT1} -\setfont\shortcontbf\bfshape{10}{\magstep1}{OT1} % no cmb12 -\setfont\shortcontsl\slshape{12}{1000}{OT1} -\setfont\shortconttt\ttshape{12}{1000}{OT1TT} - -%% Add scribe-like font environments, plus @l for inline lisp (usually sans -%% serif) and @ii for TeX italic - -% \smartitalic{ARG} outputs arg in italics, followed by an italic correction -% unless the following character is such as not to need one. -\def\smartitalicx{\ifx\next,\else\ifx\next-\else\ifx\next.\else - \ptexslash\fi\fi\fi} -\def\smartslanted#1{{\ifusingtt\ttsl\sl #1}\futurelet\next\smartitalicx} -\def\smartitalic#1{{\ifusingtt\ttsl\it #1}\futurelet\next\smartitalicx} - -% like \smartslanted except unconditionally uses \ttsl. -% @var is set to this for defun arguments. -\def\ttslanted#1{{\ttsl #1}\futurelet\next\smartitalicx} - -% like \smartslanted except unconditionally use \sl. We never want -% ttsl for book titles, do we? -\def\cite#1{{\sl #1}\futurelet\next\smartitalicx} - -\let\i=\smartitalic -\let\slanted=\smartslanted -\let\var=\smartslanted -\let\dfn=\smartslanted -\let\emph=\smartitalic - -% @b, explicit bold. -\def\b#1{{\bf #1}} -\let\strong=\b - -% @sansserif, explicit sans. -\def\sansserif#1{{\sf #1}} - -% We can't just use \exhyphenpenalty, because that only has effect at -% the end of a paragraph. Restore normal hyphenation at the end of the -% group within which \nohyphenation is presumably called. -% -\def\nohyphenation{\hyphenchar\font = -1 \aftergroup\restorehyphenation} -\def\restorehyphenation{\hyphenchar\font = `- } - -% Set sfcode to normal for the chars that usually have another value. -% Can't use plain's \frenchspacing because it uses the `\x notation, and -% sometimes \x has an active definition that messes things up. -% -\catcode`@=11 - \def\plainfrenchspacing{% - \sfcode\dotChar =\@m \sfcode\questChar=\@m \sfcode\exclamChar=\@m - \sfcode\colonChar=\@m \sfcode\semiChar =\@m \sfcode\commaChar =\@m - \def\endofsentencespacefactor{1000}% for @. and friends - } - \def\plainnonfrenchspacing{% - \sfcode`\.3000\sfcode`\?3000\sfcode`\!3000 - \sfcode`\:2000\sfcode`\;1500\sfcode`\,1250 - \def\endofsentencespacefactor{3000}% for @. and friends - } -\catcode`@=\other -\def\endofsentencespacefactor{3000}% default - -\def\t#1{% - {\tt \rawbackslash \plainfrenchspacing #1}% - \null -} -\def\samp#1{`\tclose{#1}'\null} -\setfont\keyrm\rmshape{8}{1000}{OT1} -\font\keysy=cmsy9 -\def\key#1{{\keyrm\textfont2=\keysy \leavevmode\hbox{% - \raise0.4pt\hbox{\angleleft}\kern-.08em\vtop{% - \vbox{\hrule\kern-0.4pt - \hbox{\raise0.4pt\hbox{\vphantom{\angleleft}}#1}}% - \kern-0.4pt\hrule}% - \kern-.06em\raise0.4pt\hbox{\angleright}}}} -\def\key #1{{\nohyphenation \uppercase{#1}}\null} -% The old definition, with no lozenge: -%\def\key #1{{\ttsl \nohyphenation \uppercase{#1}}\null} -\def\ctrl #1{{\tt \rawbackslash \hat}#1} - -% @file, @option are the same as @samp. -\let\file=\samp -\let\option=\samp - -% @code is a modification of @t, -% which makes spaces the same size as normal in the surrounding text. -\def\tclose#1{% - {% - % Change normal interword space to be same as for the current font. - \spaceskip = \fontdimen2\font - % - % Switch to typewriter. - \tt - % - % But `\ ' produces the large typewriter interword space. - \def\ {{\spaceskip = 0pt{} }}% - % - % Turn off hyphenation. - \nohyphenation - % - \rawbackslash - \plainfrenchspacing - #1% - }% - \null -} - -% We *must* turn on hyphenation at `-' and `_' in @code. -% Otherwise, it is too hard to avoid overfull hboxes -% in the Emacs manual, the Library manual, etc. - -% Unfortunately, TeX uses one parameter (\hyphenchar) to control -% both hyphenation at - and hyphenation within words. -% We must therefore turn them both off (\tclose does that) -% and arrange explicitly to hyphenate at a dash. -% -- rms. -{ - \catcode`\-=\active \catcode`\_=\active - \catcode`\'=\active \catcode`\`=\active - % - \global\def\code{\begingroup - \catcode\rquoteChar=\active \catcode\lquoteChar=\active - \let'\codequoteright \let`\codequoteleft - % - \catcode\dashChar=\active \catcode\underChar=\active - \ifallowcodebreaks - \let-\codedash - \let_\codeunder - \else - \let-\realdash - \let_\realunder - \fi - \codex - } -} - -\def\realdash{-} -\def\codedash{-\discretionary{}{}{}} -\def\codeunder{% - % this is all so @math{@code{var_name}+1} can work. In math mode, _ - % is "active" (mathcode"8000) and \normalunderscore (or \char95, etc.) - % will therefore expand the active definition of _, which is us - % (inside @code that is), therefore an endless loop. - \ifusingtt{\ifmmode - \mathchar"075F % class 0=ordinary, family 7=ttfam, pos 0x5F=_. - \else\normalunderscore \fi - \discretionary{}{}{}}% - {\_}% -} -\def\codex #1{\tclose{#1}\endgroup} - -% An additional complication: the above will allow breaks after, e.g., -% each of the four underscores in __typeof__. This is undesirable in -% some manuals, especially if they don't have long identifiers in -% general. @allowcodebreaks provides a way to control this. -% -\newif\ifallowcodebreaks \allowcodebreakstrue - -\def\keywordtrue{true} -\def\keywordfalse{false} - -\parseargdef\allowcodebreaks{% - \def\txiarg{#1}% - \ifx\txiarg\keywordtrue - \allowcodebreakstrue - \else\ifx\txiarg\keywordfalse - \allowcodebreaksfalse - \else - \errhelp = \EMsimple - \errmessage{Unknown @allowcodebreaks option `\txiarg'}% - \fi\fi -} - -% @kbd is like @code, except that if the argument is just one @key command, -% then @kbd has no effect. - -% @kbdinputstyle -- arg is `distinct' (@kbd uses slanted tty font always), -% `example' (@kbd uses ttsl only inside of @example and friends), -% or `code' (@kbd uses normal tty font always). -\parseargdef\kbdinputstyle{% - \def\txiarg{#1}% - \ifx\txiarg\worddistinct - \gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\ttsl}% - \else\ifx\txiarg\wordexample - \gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\tt}% - \else\ifx\txiarg\wordcode - \gdef\kbdexamplefont{\tt}\gdef\kbdfont{\tt}% - \else - \errhelp = \EMsimple - \errmessage{Unknown @kbdinputstyle option `\txiarg'}% - \fi\fi\fi -} -\def\worddistinct{distinct} -\def\wordexample{example} -\def\wordcode{code} - -% Default is `distinct.' -\kbdinputstyle distinct - -\def\xkey{\key} -\def\kbdfoo#1#2#3\par{\def\one{#1}\def\three{#3}\def\threex{??}% -\ifx\one\xkey\ifx\threex\three \key{#2}% -\else{\tclose{\kbdfont\look}}\fi -\else{\tclose{\kbdfont\look}}\fi} - -% For @indicateurl, @env, @command quotes seem unnecessary, so use \code. -\let\indicateurl=\code -\let\env=\code -\let\command=\code - -% @uref (abbreviation for `urlref') takes an optional (comma-separated) -% second argument specifying the text to display and an optional third -% arg as text to display instead of (rather than in addition to) the url -% itself. First (mandatory) arg is the url. Perhaps eventually put in -% a hypertex \special here. -% -\def\uref#1{\douref #1,,,\finish} -\def\douref#1,#2,#3,#4\finish{\begingroup - \unsepspaces - \pdfurl{#1}% - \setbox0 = \hbox{\ignorespaces #3}% - \ifdim\wd0 > 0pt - \unhbox0 % third arg given, show only that - \else - \setbox0 = \hbox{\ignorespaces #2}% - \ifdim\wd0 > 0pt - \ifpdf - \unhbox0 % PDF: 2nd arg given, show only it - \else - \unhbox0\ (\code{#1})% DVI: 2nd arg given, show both it and url - \fi - \else - \code{#1}% only url given, so show it - \fi - \fi - \endlink -\endgroup} - -% @url synonym for @uref, since that's how everyone uses it. -% -\let\url=\uref - -% rms does not like angle brackets --karl, 17may97. -% So now @email is just like @uref, unless we are pdf. -% -%\def\email#1{\angleleft{\tt #1}\angleright} -\ifpdf - \def\email#1{\doemail#1,,\finish} - \def\doemail#1,#2,#3\finish{\begingroup - \unsepspaces - \pdfurl{mailto:#1}% - \setbox0 = \hbox{\ignorespaces #2}% - \ifdim\wd0>0pt\unhbox0\else\code{#1}\fi - \endlink - \endgroup} -\else - \let\email=\uref -\fi - -% Check if we are currently using a typewriter font. Since all the -% Computer Modern typewriter fonts have zero interword stretch (and -% shrink), and it is reasonable to expect all typewriter fonts to have -% this property, we can check that font parameter. -% -\def\ifmonospace{\ifdim\fontdimen3\font=0pt } - -% Typeset a dimension, e.g., `in' or `pt'. The only reason for the -% argument is to make the input look right: @dmn{pt} instead of @dmn{}pt. -% -\def\dmn#1{\thinspace #1} - -\def\kbd#1{\def\look{#1}\expandafter\kbdfoo\look??\par} - -% @l was never documented to mean ``switch to the Lisp font'', -% and it is not used as such in any manual I can find. We need it for -% Polish suppressed-l. --karl, 22sep96. -%\def\l#1{{\li #1}\null} - -% Explicit font changes: @r, @sc, undocumented @ii. -\def\r#1{{\rm #1}} % roman font -\def\sc#1{{\smallcaps#1}} % smallcaps font -\def\ii#1{{\it #1}} % italic font - -% @acronym for "FBI", "NATO", and the like. -% We print this one point size smaller, since it's intended for -% all-uppercase. -% -\def\acronym#1{\doacronym #1,,\finish} -\def\doacronym#1,#2,#3\finish{% - {\selectfonts\lsize #1}% - \def\temp{#2}% - \ifx\temp\empty \else - \space ({\unsepspaces \ignorespaces \temp \unskip})% - \fi -} - -% @abbr for "Comput. J." and the like. -% No font change, but don't do end-of-sentence spacing. -% -\def\abbr#1{\doabbr #1,,\finish} -\def\doabbr#1,#2,#3\finish{% - {\plainfrenchspacing #1}% - \def\temp{#2}% - \ifx\temp\empty \else - \space ({\unsepspaces \ignorespaces \temp \unskip})% - \fi -} - -% @pounds{} is a sterling sign, which Knuth put in the CM italic font. -% -\def\pounds{{\it\$}} - -% @euro{} comes from a separate font, depending on the current style. -% We use the free feym* fonts from the eurosym package by Henrik -% Theiling, which support regular, slanted, bold and bold slanted (and -% "outlined" (blackboard board, sort of) versions, which we don't need). -% It is available from http://www.ctan.org/tex-archive/fonts/eurosym. -% -% Although only regular is the truly official Euro symbol, we ignore -% that. The Euro is designed to be slightly taller than the regular -% font height. -% -% feymr - regular -% feymo - slanted -% feybr - bold -% feybo - bold slanted -% -% There is no good (free) typewriter version, to my knowledge. -% A feymr10 euro is ~7.3pt wide, while a normal cmtt10 char is ~5.25pt wide. -% Hmm. -% -% Also doesn't work in math. Do we need to do math with euro symbols? -% Hope not. -% -% -\def\euro{{\eurofont e}} -\def\eurofont{% - % We set the font at each command, rather than predefining it in - % \textfonts and the other font-switching commands, so that - % installations which never need the symbol don't have to have the - % font installed. - % - % There is only one designed size (nominal 10pt), so we always scale - % that to the current nominal size. - % - % By the way, simply using "at 1em" works for cmr10 and the like, but - % does not work for cmbx10 and other extended/shrunken fonts. - % - \def\eurosize{\csname\curfontsize nominalsize\endcsname}% - % - \ifx\curfontstyle\bfstylename - % bold: - \font\thiseurofont = \ifusingit{feybo10}{feybr10} at \eurosize - \else - % regular: - \font\thiseurofont = \ifusingit{feymo10}{feymr10} at \eurosize - \fi - \thiseurofont -} - -% @registeredsymbol - R in a circle. The font for the R should really -% be smaller yet, but lllsize is the best we can do for now. -% Adapted from the plain.tex definition of \copyright. -% -\def\registeredsymbol{% - $^{{\ooalign{\hfil\raise.07ex\hbox{\selectfonts\lllsize R}% - \hfil\crcr\Orb}}% - }$% -} - -% @textdegree - the normal degrees sign. -% -\def\textdegree{$^\circ$} - -% Laurent Siebenmann reports \Orb undefined with: -% Textures 1.7.7 (preloaded format=plain 93.10.14) (68K) 16 APR 2004 02:38 -% so we'll define it if necessary. -% -\ifx\Orb\undefined -\def\Orb{\mathhexbox20D} -\fi - - -\message{page headings,} - -\newskip\titlepagetopglue \titlepagetopglue = 1.5in -\newskip\titlepagebottomglue \titlepagebottomglue = 2pc - -% First the title page. Must do @settitle before @titlepage. -\newif\ifseenauthor -\newif\iffinishedtitlepage - -% Do an implicit @contents or @shortcontents after @end titlepage if the -% user says @setcontentsaftertitlepage or @setshortcontentsaftertitlepage. -% -\newif\ifsetcontentsaftertitlepage - \let\setcontentsaftertitlepage = \setcontentsaftertitlepagetrue -\newif\ifsetshortcontentsaftertitlepage - \let\setshortcontentsaftertitlepage = \setshortcontentsaftertitlepagetrue - -\parseargdef\shorttitlepage{\begingroup\hbox{}\vskip 1.5in \chaprm \centerline{#1}% - \endgroup\page\hbox{}\page} - -\envdef\titlepage{% - % Open one extra group, as we want to close it in the middle of \Etitlepage. - \begingroup - \parindent=0pt \textfonts - % Leave some space at the very top of the page. - \vglue\titlepagetopglue - % No rule at page bottom unless we print one at the top with @title. - \finishedtitlepagetrue - % - % Most title ``pages'' are actually two pages long, with space - % at the top of the second. We don't want the ragged left on the second. - \let\oldpage = \page - \def\page{% - \iffinishedtitlepage\else - \finishtitlepage - \fi - \let\page = \oldpage - \page - \null - }% -} - -\def\Etitlepage{% - \iffinishedtitlepage\else - \finishtitlepage - \fi - % It is important to do the page break before ending the group, - % because the headline and footline are only empty inside the group. - % If we use the new definition of \page, we always get a blank page - % after the title page, which we certainly don't want. - \oldpage - \endgroup - % - % Need this before the \...aftertitlepage checks so that if they are - % in effect the toc pages will come out with page numbers. - \HEADINGSon - % - % If they want short, they certainly want long too. - \ifsetshortcontentsaftertitlepage - \shortcontents - \contents - \global\let\shortcontents = \relax - \global\let\contents = \relax - \fi - % - \ifsetcontentsaftertitlepage - \contents - \global\let\contents = \relax - \global\let\shortcontents = \relax - \fi -} - -\def\finishtitlepage{% - \vskip4pt \hrule height 2pt width \hsize - \vskip\titlepagebottomglue - \finishedtitlepagetrue -} - -%%% Macros to be used within @titlepage: - -\let\subtitlerm=\tenrm -\def\subtitlefont{\subtitlerm \normalbaselineskip = 13pt \normalbaselines} - -\def\authorfont{\authorrm \normalbaselineskip = 16pt \normalbaselines - \let\tt=\authortt} - -\parseargdef\title{% - \checkenv\titlepage - \leftline{\titlefonts\rm #1} - % print a rule at the page bottom also. - \finishedtitlepagefalse - \vskip4pt \hrule height 4pt width \hsize \vskip4pt -} - -\parseargdef\subtitle{% - \checkenv\titlepage - {\subtitlefont \rightline{#1}}% -} - -% @author should come last, but may come many times. -% It can also be used inside @quotation. -% -\parseargdef\author{% - \def\temp{\quotation}% - \ifx\thisenv\temp - \def\quotationauthor{#1}% printed in \Equotation. - \else - \checkenv\titlepage - \ifseenauthor\else \vskip 0pt plus 1filll \seenauthortrue \fi - {\authorfont \leftline{#1}}% - \fi -} - - -%%% Set up page headings and footings. - -\let\thispage=\folio - -\newtoks\evenheadline % headline on even pages -\newtoks\oddheadline % headline on odd pages -\newtoks\evenfootline % footline on even pages -\newtoks\oddfootline % footline on odd pages - -% Now make TeX use those variables -\headline={{\textfonts\rm \ifodd\pageno \the\oddheadline - \else \the\evenheadline \fi}} -\footline={{\textfonts\rm \ifodd\pageno \the\oddfootline - \else \the\evenfootline \fi}\HEADINGShook} -\let\HEADINGShook=\relax - -% Commands to set those variables. -% For example, this is what @headings on does -% @evenheading @thistitle|@thispage|@thischapter -% @oddheading @thischapter|@thispage|@thistitle -% @evenfooting @thisfile|| -% @oddfooting ||@thisfile - - -\def\evenheading{\parsearg\evenheadingxxx} -\def\evenheadingxxx #1{\evenheadingyyy #1\|\|\|\|\finish} -\def\evenheadingyyy #1\|#2\|#3\|#4\finish{% -\global\evenheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} - -\def\oddheading{\parsearg\oddheadingxxx} -\def\oddheadingxxx #1{\oddheadingyyy #1\|\|\|\|\finish} -\def\oddheadingyyy #1\|#2\|#3\|#4\finish{% -\global\oddheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} - -\parseargdef\everyheading{\oddheadingxxx{#1}\evenheadingxxx{#1}}% - -\def\evenfooting{\parsearg\evenfootingxxx} -\def\evenfootingxxx #1{\evenfootingyyy #1\|\|\|\|\finish} -\def\evenfootingyyy #1\|#2\|#3\|#4\finish{% -\global\evenfootline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} - -\def\oddfooting{\parsearg\oddfootingxxx} -\def\oddfootingxxx #1{\oddfootingyyy #1\|\|\|\|\finish} -\def\oddfootingyyy #1\|#2\|#3\|#4\finish{% - \global\oddfootline = {\rlap{\centerline{#2}}\line{#1\hfil#3}}% - % - % Leave some space for the footline. Hopefully ok to assume - % @evenfooting will not be used by itself. - \global\advance\pageheight by -12pt - \global\advance\vsize by -12pt -} - -\parseargdef\everyfooting{\oddfootingxxx{#1}\evenfootingxxx{#1}} - - -% @headings double turns headings on for double-sided printing. -% @headings single turns headings on for single-sided printing. -% @headings off turns them off. -% @headings on same as @headings double, retained for compatibility. -% @headings after turns on double-sided headings after this page. -% @headings doubleafter turns on double-sided headings after this page. -% @headings singleafter turns on single-sided headings after this page. -% By default, they are off at the start of a document, -% and turned `on' after @end titlepage. - -\def\headings #1 {\csname HEADINGS#1\endcsname} - -\def\HEADINGSoff{% -\global\evenheadline={\hfil} \global\evenfootline={\hfil} -\global\oddheadline={\hfil} \global\oddfootline={\hfil}} -\HEADINGSoff -% When we turn headings on, set the page number to 1. -% For double-sided printing, put current file name in lower left corner, -% chapter name on inside top of right hand pages, document -% title on inside top of left hand pages, and page numbers on outside top -% edge of all pages. -\def\HEADINGSdouble{% -\global\pageno=1 -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\folio\hfil\thistitle}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chapoddpage -} -\let\contentsalignmacro = \chappager - -% For single-sided printing, chapter title goes across top left of page, -% page number on top right. -\def\HEADINGSsingle{% -\global\pageno=1 -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\thischapter\hfil\folio}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chappager -} -\def\HEADINGSon{\HEADINGSdouble} - -\def\HEADINGSafter{\let\HEADINGShook=\HEADINGSdoublex} -\let\HEADINGSdoubleafter=\HEADINGSafter -\def\HEADINGSdoublex{% -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\folio\hfil\thistitle}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chapoddpage -} - -\def\HEADINGSsingleafter{\let\HEADINGShook=\HEADINGSsinglex} -\def\HEADINGSsinglex{% -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\thischapter\hfil\folio}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chappager -} - -% Subroutines used in generating headings -% This produces Day Month Year style of output. -% Only define if not already defined, in case a txi-??.tex file has set -% up a different format (e.g., txi-cs.tex does this). -\ifx\today\undefined -\def\today{% - \number\day\space - \ifcase\month - \or\putwordMJan\or\putwordMFeb\or\putwordMMar\or\putwordMApr - \or\putwordMMay\or\putwordMJun\or\putwordMJul\or\putwordMAug - \or\putwordMSep\or\putwordMOct\or\putwordMNov\or\putwordMDec - \fi - \space\number\year} -\fi - -% @settitle line... specifies the title of the document, for headings. -% It generates no output of its own. -\def\thistitle{\putwordNoTitle} -\def\settitle{\parsearg{\gdef\thistitle}} - - -\message{tables,} -% Tables -- @table, @ftable, @vtable, @item(x). - -% default indentation of table text -\newdimen\tableindent \tableindent=.8in -% default indentation of @itemize and @enumerate text -\newdimen\itemindent \itemindent=.3in -% margin between end of table item and start of table text. -\newdimen\itemmargin \itemmargin=.1in - -% used internally for \itemindent minus \itemmargin -\newdimen\itemmax - -% Note @table, @ftable, and @vtable define @item, @itemx, etc., with -% these defs. -% They also define \itemindex -% to index the item name in whatever manner is desired (perhaps none). - -\newif\ifitemxneedsnegativevskip - -\def\itemxpar{\par\ifitemxneedsnegativevskip\nobreak\vskip-\parskip\nobreak\fi} - -\def\internalBitem{\smallbreak \parsearg\itemzzz} -\def\internalBitemx{\itemxpar \parsearg\itemzzz} - -\def\itemzzz #1{\begingroup % - \advance\hsize by -\rightskip - \advance\hsize by -\tableindent - \setbox0=\hbox{\itemindicate{#1}}% - \itemindex{#1}% - \nobreak % This prevents a break before @itemx. - % - % If the item text does not fit in the space we have, put it on a line - % by itself, and do not allow a page break either before or after that - % line. We do not start a paragraph here because then if the next - % command is, e.g., @kindex, the whatsit would get put into the - % horizontal list on a line by itself, resulting in extra blank space. - \ifdim \wd0>\itemmax - % - % Make this a paragraph so we get the \parskip glue and wrapping, - % but leave it ragged-right. - \begingroup - \advance\leftskip by-\tableindent - \advance\hsize by\tableindent - \advance\rightskip by0pt plus1fil - \leavevmode\unhbox0\par - \endgroup - % - % We're going to be starting a paragraph, but we don't want the - % \parskip glue -- logically it's part of the @item we just started. - \nobreak \vskip-\parskip - % - % Stop a page break at the \parskip glue coming up. However, if - % what follows is an environment such as @example, there will be no - % \parskip glue; then the negative vskip we just inserted would - % cause the example and the item to crash together. So we use this - % bizarre value of 10001 as a signal to \aboveenvbreak to insert - % \parskip glue after all. Section titles are handled this way also. - % - \penalty 10001 - \endgroup - \itemxneedsnegativevskipfalse - \else - % The item text fits into the space. Start a paragraph, so that the - % following text (if any) will end up on the same line. - \noindent - % Do this with kerns and \unhbox so that if there is a footnote in - % the item text, it can migrate to the main vertical list and - % eventually be printed. - \nobreak\kern-\tableindent - \dimen0 = \itemmax \advance\dimen0 by \itemmargin \advance\dimen0 by -\wd0 - \unhbox0 - \nobreak\kern\dimen0 - \endgroup - \itemxneedsnegativevskiptrue - \fi -} - -\def\item{\errmessage{@item while not in a list environment}} -\def\itemx{\errmessage{@itemx while not in a list environment}} - -% @table, @ftable, @vtable. -\envdef\table{% - \let\itemindex\gobble - \tablecheck{table}% -} -\envdef\ftable{% - \def\itemindex ##1{\doind {fn}{\code{##1}}}% - \tablecheck{ftable}% -} -\envdef\vtable{% - \def\itemindex ##1{\doind {vr}{\code{##1}}}% - \tablecheck{vtable}% -} -\def\tablecheck#1{% - \ifnum \the\catcode`\^^M=\active - \endgroup - \errmessage{This command won't work in this context; perhaps the problem is - that we are \inenvironment\thisenv}% - \def\next{\doignore{#1}}% - \else - \let\next\tablex - \fi - \next -} -\def\tablex#1{% - \def\itemindicate{#1}% - \parsearg\tabley -} -\def\tabley#1{% - {% - \makevalueexpandable - \edef\temp{\noexpand\tablez #1\space\space\space}% - \expandafter - }\temp \endtablez -} -\def\tablez #1 #2 #3 #4\endtablez{% - \aboveenvbreak - \ifnum 0#1>0 \advance \leftskip by #1\mil \fi - \ifnum 0#2>0 \tableindent=#2\mil \fi - \ifnum 0#3>0 \advance \rightskip by #3\mil \fi - \itemmax=\tableindent - \advance \itemmax by -\itemmargin - \advance \leftskip by \tableindent - \exdentamount=\tableindent - \parindent = 0pt - \parskip = \smallskipamount - \ifdim \parskip=0pt \parskip=2pt \fi - \let\item = \internalBitem - \let\itemx = \internalBitemx -} -\def\Etable{\endgraf\afterenvbreak} -\let\Eftable\Etable -\let\Evtable\Etable -\let\Eitemize\Etable -\let\Eenumerate\Etable - -% This is the counter used by @enumerate, which is really @itemize - -\newcount \itemno - -\envdef\itemize{\parsearg\doitemize} - -\def\doitemize#1{% - \aboveenvbreak - \itemmax=\itemindent - \advance\itemmax by -\itemmargin - \advance\leftskip by \itemindent - \exdentamount=\itemindent - \parindent=0pt - \parskip=\smallskipamount - \ifdim\parskip=0pt \parskip=2pt \fi - \def\itemcontents{#1}% - % @itemize with no arg is equivalent to @itemize @bullet. - \ifx\itemcontents\empty\def\itemcontents{\bullet}\fi - \let\item=\itemizeitem -} - -% Definition of @item while inside @itemize and @enumerate. -% -\def\itemizeitem{% - \advance\itemno by 1 % for enumerations - {\let\par=\endgraf \smallbreak}% reasonable place to break - {% - % If the document has an @itemize directly after a section title, a - % \nobreak will be last on the list, and \sectionheading will have - % done a \vskip-\parskip. In that case, we don't want to zero - % parskip, or the item text will crash with the heading. On the - % other hand, when there is normal text preceding the item (as there - % usually is), we do want to zero parskip, or there would be too much - % space. In that case, we won't have a \nobreak before. At least - % that's the theory. - \ifnum\lastpenalty<10000 \parskip=0in \fi - \noindent - \hbox to 0pt{\hss \itemcontents \kern\itemmargin}% - \vadjust{\penalty 1200}}% not good to break after first line of item. - \flushcr -} - -% \splitoff TOKENS\endmark defines \first to be the first token in -% TOKENS, and \rest to be the remainder. -% -\def\splitoff#1#2\endmark{\def\first{#1}\def\rest{#2}}% - -% Allow an optional argument of an uppercase letter, lowercase letter, -% or number, to specify the first label in the enumerated list. No -% argument is the same as `1'. -% -\envparseargdef\enumerate{\enumeratey #1 \endenumeratey} -\def\enumeratey #1 #2\endenumeratey{% - % If we were given no argument, pretend we were given `1'. - \def\thearg{#1}% - \ifx\thearg\empty \def\thearg{1}\fi - % - % Detect if the argument is a single token. If so, it might be a - % letter. Otherwise, the only valid thing it can be is a number. - % (We will always have one token, because of the test we just made. - % This is a good thing, since \splitoff doesn't work given nothing at - % all -- the first parameter is undelimited.) - \expandafter\splitoff\thearg\endmark - \ifx\rest\empty - % Only one token in the argument. It could still be anything. - % A ``lowercase letter'' is one whose \lccode is nonzero. - % An ``uppercase letter'' is one whose \lccode is both nonzero, and - % not equal to itself. - % Otherwise, we assume it's a number. - % - % We need the \relax at the end of the \ifnum lines to stop TeX from - % continuing to look for a . - % - \ifnum\lccode\expandafter`\thearg=0\relax - \numericenumerate % a number (we hope) - \else - % It's a letter. - \ifnum\lccode\expandafter`\thearg=\expandafter`\thearg\relax - \lowercaseenumerate % lowercase letter - \else - \uppercaseenumerate % uppercase letter - \fi - \fi - \else - % Multiple tokens in the argument. We hope it's a number. - \numericenumerate - \fi -} - -% An @enumerate whose labels are integers. The starting integer is -% given in \thearg. -% -\def\numericenumerate{% - \itemno = \thearg - \startenumeration{\the\itemno}% -} - -% The starting (lowercase) letter is in \thearg. -\def\lowercaseenumerate{% - \itemno = \expandafter`\thearg - \startenumeration{% - % Be sure we're not beyond the end of the alphabet. - \ifnum\itemno=0 - \errmessage{No more lowercase letters in @enumerate; get a bigger - alphabet}% - \fi - \char\lccode\itemno - }% -} - -% The starting (uppercase) letter is in \thearg. -\def\uppercaseenumerate{% - \itemno = \expandafter`\thearg - \startenumeration{% - % Be sure we're not beyond the end of the alphabet. - \ifnum\itemno=0 - \errmessage{No more uppercase letters in @enumerate; get a bigger - alphabet} - \fi - \char\uccode\itemno - }% -} - -% Call \doitemize, adding a period to the first argument and supplying the -% common last two arguments. Also subtract one from the initial value in -% \itemno, since @item increments \itemno. -% -\def\startenumeration#1{% - \advance\itemno by -1 - \doitemize{#1.}\flushcr -} - -% @alphaenumerate and @capsenumerate are abbreviations for giving an arg -% to @enumerate. -% -\def\alphaenumerate{\enumerate{a}} -\def\capsenumerate{\enumerate{A}} -\def\Ealphaenumerate{\Eenumerate} -\def\Ecapsenumerate{\Eenumerate} - - -% @multitable macros -% Amy Hendrickson, 8/18/94, 3/6/96 -% -% @multitable ... @end multitable will make as many columns as desired. -% Contents of each column will wrap at width given in preamble. Width -% can be specified either with sample text given in a template line, -% or in percent of \hsize, the current width of text on page. - -% Table can continue over pages but will only break between lines. - -% To make preamble: -% -% Either define widths of columns in terms of percent of \hsize: -% @multitable @columnfractions .25 .3 .45 -% @item ... -% -% Numbers following @columnfractions are the percent of the total -% current hsize to be used for each column. You may use as many -% columns as desired. - - -% Or use a template: -% @multitable {Column 1 template} {Column 2 template} {Column 3 template} -% @item ... -% using the widest term desired in each column. - -% Each new table line starts with @item, each subsequent new column -% starts with @tab. Empty columns may be produced by supplying @tab's -% with nothing between them for as many times as empty columns are needed, -% ie, @tab@tab@tab will produce two empty columns. - -% @item, @tab do not need to be on their own lines, but it will not hurt -% if they are. - -% Sample multitable: - -% @multitable {Column 1 template} {Column 2 template} {Column 3 template} -% @item first col stuff @tab second col stuff @tab third col -% @item -% first col stuff -% @tab -% second col stuff -% @tab -% third col -% @item first col stuff @tab second col stuff -% @tab Many paragraphs of text may be used in any column. -% -% They will wrap at the width determined by the template. -% @item@tab@tab This will be in third column. -% @end multitable - -% Default dimensions may be reset by user. -% @multitableparskip is vertical space between paragraphs in table. -% @multitableparindent is paragraph indent in table. -% @multitablecolmargin is horizontal space to be left between columns. -% @multitablelinespace is space to leave between table items, baseline -% to baseline. -% 0pt means it depends on current normal line spacing. -% -\newskip\multitableparskip -\newskip\multitableparindent -\newdimen\multitablecolspace -\newskip\multitablelinespace -\multitableparskip=0pt -\multitableparindent=6pt -\multitablecolspace=12pt -\multitablelinespace=0pt - -% Macros used to set up halign preamble: -% -\let\endsetuptable\relax -\def\xendsetuptable{\endsetuptable} -\let\columnfractions\relax -\def\xcolumnfractions{\columnfractions} -\newif\ifsetpercent - -% #1 is the @columnfraction, usually a decimal number like .5, but might -% be just 1. We just use it, whatever it is. -% -\def\pickupwholefraction#1 {% - \global\advance\colcount by 1 - \expandafter\xdef\csname col\the\colcount\endcsname{#1\hsize}% - \setuptable -} - -\newcount\colcount -\def\setuptable#1{% - \def\firstarg{#1}% - \ifx\firstarg\xendsetuptable - \let\go = \relax - \else - \ifx\firstarg\xcolumnfractions - \global\setpercenttrue - \else - \ifsetpercent - \let\go\pickupwholefraction - \else - \global\advance\colcount by 1 - \setbox0=\hbox{#1\unskip\space}% Add a normal word space as a - % separator; typically that is always in the input, anyway. - \expandafter\xdef\csname col\the\colcount\endcsname{\the\wd0}% - \fi - \fi - \ifx\go\pickupwholefraction - % Put the argument back for the \pickupwholefraction call, so - % we'll always have a period there to be parsed. - \def\go{\pickupwholefraction#1}% - \else - \let\go = \setuptable - \fi% - \fi - \go -} - -% multitable-only commands. -% -% @headitem starts a heading row, which we typeset in bold. -% Assignments have to be global since we are inside the implicit group -% of an alignment entry. Note that \everycr resets \everytab. -\def\headitem{\checkenv\multitable \crcr \global\everytab={\bf}\the\everytab}% -% -% A \tab used to include \hskip1sp. But then the space in a template -% line is not enough. That is bad. So let's go back to just `&' until -% we encounter the problem it was intended to solve again. -% --karl, nathan@acm.org, 20apr99. -\def\tab{\checkenv\multitable &\the\everytab}% - -% @multitable ... @end multitable definitions: -% -\newtoks\everytab % insert after every tab. -% -\envdef\multitable{% - \vskip\parskip - \startsavinginserts - % - % @item within a multitable starts a normal row. - % We use \def instead of \let so that if one of the multitable entries - % contains an @itemize, we don't choke on the \item (seen as \crcr aka - % \endtemplate) expanding \doitemize. - \def\item{\crcr}% - % - \tolerance=9500 - \hbadness=9500 - \setmultitablespacing - \parskip=\multitableparskip - \parindent=\multitableparindent - \overfullrule=0pt - \global\colcount=0 - % - \everycr = {% - \noalign{% - \global\everytab={}% - \global\colcount=0 % Reset the column counter. - % Check for saved footnotes, etc. - \checkinserts - % Keeps underfull box messages off when table breaks over pages. - %\filbreak - % Maybe so, but it also creates really weird page breaks when the - % table breaks over pages. Wouldn't \vfil be better? Wait until the - % problem manifests itself, so it can be fixed for real --karl. - }% - }% - % - \parsearg\domultitable -} -\def\domultitable#1{% - % To parse everything between @multitable and @item: - \setuptable#1 \endsetuptable - % - % This preamble sets up a generic column definition, which will - % be used as many times as user calls for columns. - % \vtop will set a single line and will also let text wrap and - % continue for many paragraphs if desired. - \halign\bgroup &% - \global\advance\colcount by 1 - \multistrut - \vtop{% - % Use the current \colcount to find the correct column width: - \hsize=\expandafter\csname col\the\colcount\endcsname - % - % In order to keep entries from bumping into each other - % we will add a \leftskip of \multitablecolspace to all columns after - % the first one. - % - % If a template has been used, we will add \multitablecolspace - % to the width of each template entry. - % - % If the user has set preamble in terms of percent of \hsize we will - % use that dimension as the width of the column, and the \leftskip - % will keep entries from bumping into each other. Table will start at - % left margin and final column will justify at right margin. - % - % Make sure we don't inherit \rightskip from the outer environment. - \rightskip=0pt - \ifnum\colcount=1 - % The first column will be indented with the surrounding text. - \advance\hsize by\leftskip - \else - \ifsetpercent \else - % If user has not set preamble in terms of percent of \hsize - % we will advance \hsize by \multitablecolspace. - \advance\hsize by \multitablecolspace - \fi - % In either case we will make \leftskip=\multitablecolspace: - \leftskip=\multitablecolspace - \fi - % Ignoring space at the beginning and end avoids an occasional spurious - % blank line, when TeX decides to break the line at the space before the - % box from the multistrut, so the strut ends up on a line by itself. - % For example: - % @multitable @columnfractions .11 .89 - % @item @code{#} - % @tab Legal holiday which is valid in major parts of the whole country. - % Is automatically provided with highlighting sequences respectively - % marking characters. - \noindent\ignorespaces##\unskip\multistrut - }\cr -} -\def\Emultitable{% - \crcr - \egroup % end the \halign - \global\setpercentfalse -} - -\def\setmultitablespacing{% - \def\multistrut{\strut}% just use the standard line spacing - % - % Compute \multitablelinespace (if not defined by user) for use in - % \multitableparskip calculation. We used define \multistrut based on - % this, but (ironically) that caused the spacing to be off. - % See bug-texinfo report from Werner Lemberg, 31 Oct 2004 12:52:20 +0100. -\ifdim\multitablelinespace=0pt -\setbox0=\vbox{X}\global\multitablelinespace=\the\baselineskip -\global\advance\multitablelinespace by-\ht0 -\fi -%% Test to see if parskip is larger than space between lines of -%% table. If not, do nothing. -%% If so, set to same dimension as multitablelinespace. -\ifdim\multitableparskip>\multitablelinespace -\global\multitableparskip=\multitablelinespace -\global\advance\multitableparskip-7pt %% to keep parskip somewhat smaller - %% than skip between lines in the table. -\fi% -\ifdim\multitableparskip=0pt -\global\multitableparskip=\multitablelinespace -\global\advance\multitableparskip-7pt %% to keep parskip somewhat smaller - %% than skip between lines in the table. -\fi} - - -\message{conditionals,} - -% @iftex, @ifnotdocbook, @ifnothtml, @ifnotinfo, @ifnotplaintext, -% @ifnotxml always succeed. They currently do nothing; we don't -% attempt to check whether the conditionals are properly nested. But we -% have to remember that they are conditionals, so that @end doesn't -% attempt to close an environment group. -% -\def\makecond#1{% - \expandafter\let\csname #1\endcsname = \relax - \expandafter\let\csname iscond.#1\endcsname = 1 -} -\makecond{iftex} -\makecond{ifnotdocbook} -\makecond{ifnothtml} -\makecond{ifnotinfo} -\makecond{ifnotplaintext} -\makecond{ifnotxml} - -% Ignore @ignore, @ifhtml, @ifinfo, and the like. -% -\def\direntry{\doignore{direntry}} -\def\documentdescription{\doignore{documentdescription}} -\def\docbook{\doignore{docbook}} -\def\html{\doignore{html}} -\def\ifdocbook{\doignore{ifdocbook}} -\def\ifhtml{\doignore{ifhtml}} -\def\ifinfo{\doignore{ifinfo}} -\def\ifnottex{\doignore{ifnottex}} -\def\ifplaintext{\doignore{ifplaintext}} -\def\ifxml{\doignore{ifxml}} -\def\ignore{\doignore{ignore}} -\def\menu{\doignore{menu}} -\def\xml{\doignore{xml}} - -% Ignore text until a line `@end #1', keeping track of nested conditionals. -% -% A count to remember the depth of nesting. -\newcount\doignorecount - -\def\doignore#1{\begingroup - % Scan in ``verbatim'' mode: - \obeylines - \catcode`\@ = \other - \catcode`\{ = \other - \catcode`\} = \other - % - % Make sure that spaces turn into tokens that match what \doignoretext wants. - \spaceisspace - % - % Count number of #1's that we've seen. - \doignorecount = 0 - % - % Swallow text until we reach the matching `@end #1'. - \dodoignore{#1}% -} - -{ \catcode`_=11 % We want to use \_STOP_ which cannot appear in texinfo source. - \obeylines % - % - \gdef\dodoignore#1{% - % #1 contains the command name as a string, e.g., `ifinfo'. - % - % Define a command to find the next `@end #1'. - \long\def\doignoretext##1^^M@end #1{% - \doignoretextyyy##1^^M@#1\_STOP_}% - % - % And this command to find another #1 command, at the beginning of a - % line. (Otherwise, we would consider a line `@c @ifset', for - % example, to count as an @ifset for nesting.) - \long\def\doignoretextyyy##1^^M@#1##2\_STOP_{\doignoreyyy{##2}\_STOP_}% - % - % And now expand that command. - \doignoretext ^^M% - }% -} - -\def\doignoreyyy#1{% - \def\temp{#1}% - \ifx\temp\empty % Nothing found. - \let\next\doignoretextzzz - \else % Found a nested condition, ... - \advance\doignorecount by 1 - \let\next\doignoretextyyy % ..., look for another. - % If we're here, #1 ends with ^^M\ifinfo (for example). - \fi - \next #1% the token \_STOP_ is present just after this macro. -} - -% We have to swallow the remaining "\_STOP_". -% -\def\doignoretextzzz#1{% - \ifnum\doignorecount = 0 % We have just found the outermost @end. - \let\next\enddoignore - \else % Still inside a nested condition. - \advance\doignorecount by -1 - \let\next\doignoretext % Look for the next @end. - \fi - \next -} - -% Finish off ignored text. -{ \obeylines% - % Ignore anything after the last `@end #1'; this matters in verbatim - % environments, where otherwise the newline after an ignored conditional - % would result in a blank line in the output. - \gdef\enddoignore#1^^M{\endgroup\ignorespaces}% -} - - -% @set VAR sets the variable VAR to an empty value. -% @set VAR REST-OF-LINE sets VAR to the value REST-OF-LINE. -% -% Since we want to separate VAR from REST-OF-LINE (which might be -% empty), we can't just use \parsearg; we have to insert a space of our -% own to delimit the rest of the line, and then take it out again if we -% didn't need it. -% We rely on the fact that \parsearg sets \catcode`\ =10. -% -\parseargdef\set{\setyyy#1 \endsetyyy} -\def\setyyy#1 #2\endsetyyy{% - {% - \makevalueexpandable - \def\temp{#2}% - \edef\next{\gdef\makecsname{SET#1}}% - \ifx\temp\empty - \next{}% - \else - \setzzz#2\endsetzzz - \fi - }% -} -% Remove the trailing space \setxxx inserted. -\def\setzzz#1 \endsetzzz{\next{#1}} - -% @clear VAR clears (i.e., unsets) the variable VAR. -% -\parseargdef\clear{% - {% - \makevalueexpandable - \global\expandafter\let\csname SET#1\endcsname=\relax - }% -} - -% @value{foo} gets the text saved in variable foo. -\def\value{\begingroup\makevalueexpandable\valuexxx} -\def\valuexxx#1{\expandablevalue{#1}\endgroup} -{ - \catcode`\- = \active \catcode`\_ = \active - % - \gdef\makevalueexpandable{% - \let\value = \expandablevalue - % We don't want these characters active, ... - \catcode`\-=\other \catcode`\_=\other - % ..., but we might end up with active ones in the argument if - % we're called from @code, as @code{@value{foo-bar_}}, though. - % So \let them to their normal equivalents. - \let-\realdash \let_\normalunderscore - } -} - -% We have this subroutine so that we can handle at least some @value's -% properly in indexes (we call \makevalueexpandable in \indexdummies). -% The command has to be fully expandable (if the variable is set), since -% the result winds up in the index file. This means that if the -% variable's value contains other Texinfo commands, it's almost certain -% it will fail (although perhaps we could fix that with sufficient work -% to do a one-level expansion on the result, instead of complete). -% -\def\expandablevalue#1{% - \expandafter\ifx\csname SET#1\endcsname\relax - {[No value for ``#1'']}% - \message{Variable `#1', used in @value, is not set.}% - \else - \csname SET#1\endcsname - \fi -} - -% @ifset VAR ... @end ifset reads the `...' iff VAR has been defined -% with @set. -% -% To get special treatment of `@end ifset,' call \makeond and the redefine. -% -\makecond{ifset} -\def\ifset{\parsearg{\doifset{\let\next=\ifsetfail}}} -\def\doifset#1#2{% - {% - \makevalueexpandable - \let\next=\empty - \expandafter\ifx\csname SET#2\endcsname\relax - #1% If not set, redefine \next. - \fi - \expandafter - }\next -} -\def\ifsetfail{\doignore{ifset}} - -% @ifclear VAR ... @end ifclear reads the `...' iff VAR has never been -% defined with @set, or has been undefined with @clear. -% -% The `\else' inside the `\doifset' parameter is a trick to reuse the -% above code: if the variable is not set, do nothing, if it is set, -% then redefine \next to \ifclearfail. -% -\makecond{ifclear} -\def\ifclear{\parsearg{\doifset{\else \let\next=\ifclearfail}}} -\def\ifclearfail{\doignore{ifclear}} - -% @dircategory CATEGORY -- specify a category of the dir file -% which this file should belong to. Ignore this in TeX. -\let\dircategory=\comment - -% @defininfoenclose. -\let\definfoenclose=\comment - - -\message{indexing,} -% Index generation facilities - -% Define \newwrite to be identical to plain tex's \newwrite -% except not \outer, so it can be used within macros and \if's. -\edef\newwrite{\makecsname{ptexnewwrite}} - -% \newindex {foo} defines an index named foo. -% It automatically defines \fooindex such that -% \fooindex ...rest of line... puts an entry in the index foo. -% It also defines \fooindfile to be the number of the output channel for -% the file that accumulates this index. The file's extension is foo. -% The name of an index should be no more than 2 characters long -% for the sake of vms. -% -\def\newindex#1{% - \iflinks - \expandafter\newwrite \csname#1indfile\endcsname - \openout \csname#1indfile\endcsname \jobname.#1 % Open the file - \fi - \expandafter\xdef\csname#1index\endcsname{% % Define @#1index - \noexpand\doindex{#1}} -} - -% @defindex foo == \newindex{foo} -% -\def\defindex{\parsearg\newindex} - -% Define @defcodeindex, like @defindex except put all entries in @code. -% -\def\defcodeindex{\parsearg\newcodeindex} -% -\def\newcodeindex#1{% - \iflinks - \expandafter\newwrite \csname#1indfile\endcsname - \openout \csname#1indfile\endcsname \jobname.#1 - \fi - \expandafter\xdef\csname#1index\endcsname{% - \noexpand\docodeindex{#1}}% -} - - -% @synindex foo bar makes index foo feed into index bar. -% Do this instead of @defindex foo if you don't want it as a separate index. -% -% @syncodeindex foo bar similar, but put all entries made for index foo -% inside @code. -% -\def\synindex#1 #2 {\dosynindex\doindex{#1}{#2}} -\def\syncodeindex#1 #2 {\dosynindex\docodeindex{#1}{#2}} - -% #1 is \doindex or \docodeindex, #2 the index getting redefined (foo), -% #3 the target index (bar). -\def\dosynindex#1#2#3{% - % Only do \closeout if we haven't already done it, else we'll end up - % closing the target index. - \expandafter \ifx\csname donesynindex#2\endcsname \undefined - % The \closeout helps reduce unnecessary open files; the limit on the - % Acorn RISC OS is a mere 16 files. - \expandafter\closeout\csname#2indfile\endcsname - \expandafter\let\csname\donesynindex#2\endcsname = 1 - \fi - % redefine \fooindfile: - \expandafter\let\expandafter\temp\expandafter=\csname#3indfile\endcsname - \expandafter\let\csname#2indfile\endcsname=\temp - % redefine \fooindex: - \expandafter\xdef\csname#2index\endcsname{\noexpand#1{#3}}% -} - -% Define \doindex, the driver for all \fooindex macros. -% Argument #1 is generated by the calling \fooindex macro, -% and it is "foo", the name of the index. - -% \doindex just uses \parsearg; it calls \doind for the actual work. -% This is because \doind is more useful to call from other macros. - -% There is also \dosubind {index}{topic}{subtopic} -% which makes an entry in a two-level index such as the operation index. - -\def\doindex#1{\edef\indexname{#1}\parsearg\singleindexer} -\def\singleindexer #1{\doind{\indexname}{#1}} - -% like the previous two, but they put @code around the argument. -\def\docodeindex#1{\edef\indexname{#1}\parsearg\singlecodeindexer} -\def\singlecodeindexer #1{\doind{\indexname}{\code{#1}}} - -% Take care of Texinfo commands that can appear in an index entry. -% Since there are some commands we want to expand, and others we don't, -% we have to laboriously prevent expansion for those that we don't. -% -\def\indexdummies{% - \escapechar = `\\ % use backslash in output files. - \def\@{@}% change to @@ when we switch to @ as escape char in index files. - \def\ {\realbackslash\space }% - % - % Need these in case \tex is in effect and \{ is a \delimiter again. - % But can't use \lbracecmd and \rbracecmd because texindex assumes - % braces and backslashes are used only as delimiters. - \let\{ = \mylbrace - \let\} = \myrbrace - % - % I don't entirely understand this, but when an index entry is - % generated from a macro call, the \endinput which \scanmacro inserts - % causes processing to be prematurely terminated. This is, - % apparently, because \indexsorttmp is fully expanded, and \endinput - % is an expandable command. The redefinition below makes \endinput - % disappear altogether for that purpose -- although logging shows that - % processing continues to some further point. On the other hand, it - % seems \endinput does not hurt in the printed index arg, since that - % is still getting written without apparent harm. - % - % Sample source (mac-idx3.tex, reported by Graham Percival to - % help-texinfo, 22may06): - % @macro funindex {WORD} - % @findex xyz - % @end macro - % ... - % @funindex commtest - % - % The above is not enough to reproduce the bug, but it gives the flavor. - % - % Sample whatsit resulting: - % .@write3{\entry{xyz}{@folio }{@code {xyz@endinput }}} - % - % So: - \let\endinput = \empty - % - % Do the redefinitions. - \commondummies -} - -% For the aux and toc files, @ is the escape character. So we want to -% redefine everything using @ as the escape character (instead of -% \realbackslash, still used for index files). When everything uses @, -% this will be simpler. -% -\def\atdummies{% - \def\@{@@}% - \def\ {@ }% - \let\{ = \lbraceatcmd - \let\} = \rbraceatcmd - % - % Do the redefinitions. - \commondummies - \otherbackslash -} - -% Called from \indexdummies and \atdummies. -% -\def\commondummies{% - % - % \definedummyword defines \#1 as \string\#1\space, thus effectively - % preventing its expansion. This is used only for control% words, - % not control letters, because the \space would be incorrect for - % control characters, but is needed to separate the control word - % from whatever follows. - % - % For control letters, we have \definedummyletter, which omits the - % space. - % - % These can be used both for control words that take an argument and - % those that do not. If it is followed by {arg} in the input, then - % that will dutifully get written to the index (or wherever). - % - \def\definedummyword ##1{\def##1{\string##1\space}}% - \def\definedummyletter##1{\def##1{\string##1}}% - \let\definedummyaccent\definedummyletter - % - \commondummiesnofonts - % - \definedummyletter\_% - % - % Non-English letters. - \definedummyword\AA - \definedummyword\AE - \definedummyword\L - \definedummyword\OE - \definedummyword\O - \definedummyword\aa - \definedummyword\ae - \definedummyword\l - \definedummyword\oe - \definedummyword\o - \definedummyword\ss - \definedummyword\exclamdown - \definedummyword\questiondown - \definedummyword\ordf - \definedummyword\ordm - % - % Although these internal commands shouldn't show up, sometimes they do. - \definedummyword\bf - \definedummyword\gtr - \definedummyword\hat - \definedummyword\less - \definedummyword\sf - \definedummyword\sl - \definedummyword\tclose - \definedummyword\tt - % - \definedummyword\LaTeX - \definedummyword\TeX - % - % Assorted special characters. - \definedummyword\bullet - \definedummyword\comma - \definedummyword\copyright - \definedummyword\registeredsymbol - \definedummyword\dots - \definedummyword\enddots - \definedummyword\equiv - \definedummyword\error - \definedummyword\euro - \definedummyword\expansion - \definedummyword\minus - \definedummyword\pounds - \definedummyword\point - \definedummyword\print - \definedummyword\result - \definedummyword\textdegree - % - % We want to disable all macros so that they are not expanded by \write. - \macrolist - % - \normalturnoffactive - % - % Handle some cases of @value -- where it does not contain any - % (non-fully-expandable) commands. - \makevalueexpandable -} - -% \commondummiesnofonts: common to \commondummies and \indexnofonts. -% -\def\commondummiesnofonts{% - % Control letters and accents. - \definedummyletter\!% - \definedummyaccent\"% - \definedummyaccent\'% - \definedummyletter\*% - \definedummyaccent\,% - \definedummyletter\.% - \definedummyletter\/% - \definedummyletter\:% - \definedummyaccent\=% - \definedummyletter\?% - \definedummyaccent\^% - \definedummyaccent\`% - \definedummyaccent\~% - \definedummyword\u - \definedummyword\v - \definedummyword\H - \definedummyword\dotaccent - \definedummyword\ringaccent - \definedummyword\tieaccent - \definedummyword\ubaraccent - \definedummyword\udotaccent - \definedummyword\dotless - % - % Texinfo font commands. - \definedummyword\b - \definedummyword\i - \definedummyword\r - \definedummyword\sc - \definedummyword\t - % - % Commands that take arguments. - \definedummyword\acronym - \definedummyword\cite - \definedummyword\code - \definedummyword\command - \definedummyword\dfn - \definedummyword\emph - \definedummyword\env - \definedummyword\file - \definedummyword\kbd - \definedummyword\key - \definedummyword\math - \definedummyword\option - \definedummyword\pxref - \definedummyword\ref - \definedummyword\samp - \definedummyword\strong - \definedummyword\tie - \definedummyword\uref - \definedummyword\url - \definedummyword\var - \definedummyword\verb - \definedummyword\w - \definedummyword\xref -} - -% \indexnofonts is used when outputting the strings to sort the index -% by, and when constructing control sequence names. It eliminates all -% control sequences and just writes whatever the best ASCII sort string -% would be for a given command (usually its argument). -% -\def\indexnofonts{% - % Accent commands should become @asis. - \def\definedummyaccent##1{\let##1\asis}% - % We can just ignore other control letters. - \def\definedummyletter##1{\let##1\empty}% - % Hopefully, all control words can become @asis. - \let\definedummyword\definedummyaccent - % - \commondummiesnofonts - % - % Don't no-op \tt, since it isn't a user-level command - % and is used in the definitions of the active chars like <, >, |, etc. - % Likewise with the other plain tex font commands. - %\let\tt=\asis - % - \def\ { }% - \def\@{@}% - % how to handle braces? - \def\_{\normalunderscore}% - % - % Non-English letters. - \def\AA{AA}% - \def\AE{AE}% - \def\L{L}% - \def\OE{OE}% - \def\O{O}% - \def\aa{aa}% - \def\ae{ae}% - \def\l{l}% - \def\oe{oe}% - \def\o{o}% - \def\ss{ss}% - \def\exclamdown{!}% - \def\questiondown{?}% - \def\ordf{a}% - \def\ordm{o}% - % - \def\LaTeX{LaTeX}% - \def\TeX{TeX}% - % - % Assorted special characters. - % (The following {} will end up in the sort string, but that's ok.) - \def\bullet{bullet}% - \def\comma{,}% - \def\copyright{copyright}% - \def\registeredsymbol{R}% - \def\dots{...}% - \def\enddots{...}% - \def\equiv{==}% - \def\error{error}% - \def\euro{euro}% - \def\expansion{==>}% - \def\minus{-}% - \def\pounds{pounds}% - \def\point{.}% - \def\print{-|}% - \def\result{=>}% - \def\textdegree{degrees}% - % - % We need to get rid of all macros, leaving only the arguments (if present). - % Of course this is not nearly correct, but it is the best we can do for now. - % makeinfo does not expand macros in the argument to @deffn, which ends up - % writing an index entry, and texindex isn't prepared for an index sort entry - % that starts with \. - % - % Since macro invocations are followed by braces, we can just redefine them - % to take a single TeX argument. The case of a macro invocation that - % goes to end-of-line is not handled. - % - \macrolist -} - -\let\indexbackslash=0 %overridden during \printindex. -\let\SETmarginindex=\relax % put index entries in margin (undocumented)? - -% Most index entries go through here, but \dosubind is the general case. -% #1 is the index name, #2 is the entry text. -\def\doind#1#2{\dosubind{#1}{#2}{}} - -% Workhorse for all \fooindexes. -% #1 is name of index, #2 is stuff to put there, #3 is subentry -- -% empty if called from \doind, as we usually are (the main exception -% is with most defuns, which call us directly). -% -\def\dosubind#1#2#3{% - \iflinks - {% - % Store the main index entry text (including the third arg). - \toks0 = {#2}% - % If third arg is present, precede it with a space. - \def\thirdarg{#3}% - \ifx\thirdarg\empty \else - \toks0 = \expandafter{\the\toks0 \space #3}% - \fi - % - \edef\writeto{\csname#1indfile\endcsname}% - % - \safewhatsit\dosubindwrite - }% - \fi -} - -% Write the entry in \toks0 to the index file: -% -\def\dosubindwrite{% - % Put the index entry in the margin if desired. - \ifx\SETmarginindex\relax\else - \insert\margin{\hbox{\vrule height8pt depth3pt width0pt \the\toks0}}% - \fi - % - % Remember, we are within a group. - \indexdummies % Must do this here, since \bf, etc expand at this stage - \def\backslashcurfont{\indexbackslash}% \indexbackslash isn't defined now - % so it will be output as is; and it will print as backslash. - % - % Process the index entry with all font commands turned off, to - % get the string to sort by. - {\indexnofonts - \edef\temp{\the\toks0}% need full expansion - \xdef\indexsorttmp{\temp}% - }% - % - % Set up the complete index entry, with both the sort key and - % the original text, including any font commands. We write - % three arguments to \entry to the .?? file (four in the - % subentry case), texindex reduces to two when writing the .??s - % sorted result. - \edef\temp{% - \write\writeto{% - \string\entry{\indexsorttmp}{\noexpand\folio}{\the\toks0}}% - }% - \temp -} - -% Take care of unwanted page breaks/skips around a whatsit: -% -% If a skip is the last thing on the list now, preserve it -% by backing up by \lastskip, doing the \write, then inserting -% the skip again. Otherwise, the whatsit generated by the -% \write or \pdfdest will make \lastskip zero. The result is that -% sequences like this: -% @end defun -% @tindex whatever -% @defun ... -% will have extra space inserted, because the \medbreak in the -% start of the @defun won't see the skip inserted by the @end of -% the previous defun. -% -% But don't do any of this if we're not in vertical mode. We -% don't want to do a \vskip and prematurely end a paragraph. -% -% Avoid page breaks due to these extra skips, too. -% -% But wait, there is a catch there: -% We'll have to check whether \lastskip is zero skip. \ifdim is not -% sufficient for this purpose, as it ignores stretch and shrink parts -% of the skip. The only way seems to be to check the textual -% representation of the skip. -% -% The following is almost like \def\zeroskipmacro{0.0pt} except that -% the ``p'' and ``t'' characters have catcode \other, not 11 (letter). -% -\edef\zeroskipmacro{\expandafter\the\csname z@skip\endcsname} -% -\newskip\whatsitskip -\newcount\whatsitpenalty -% -% ..., ready, GO: -% -\def\safewhatsit#1{% -\ifhmode - #1% -\else - % \lastskip and \lastpenalty cannot both be nonzero simultaneously. - \whatsitskip = \lastskip - \edef\lastskipmacro{\the\lastskip}% - \whatsitpenalty = \lastpenalty - % - % If \lastskip is nonzero, that means the last item was a - % skip. And since a skip is discardable, that means this - % -\skip0 glue we're inserting is preceded by a - % non-discardable item, therefore it is not a potential - % breakpoint, therefore no \nobreak needed. - \ifx\lastskipmacro\zeroskipmacro - \else - \vskip-\whatsitskip - \fi - % - #1% - % - \ifx\lastskipmacro\zeroskipmacro - % If \lastskip was zero, perhaps the last item was a penalty, and - % perhaps it was >=10000, e.g., a \nobreak. In that case, we want - % to re-insert the same penalty (values >10000 are used for various - % signals); since we just inserted a non-discardable item, any - % following glue (such as a \parskip) would be a breakpoint. For example: - % - % @deffn deffn-whatever - % @vindex index-whatever - % Description. - % would allow a break between the index-whatever whatsit - % and the "Description." paragraph. - \ifnum\whatsitpenalty>9999 \penalty\whatsitpenalty \fi - \else - % On the other hand, if we had a nonzero \lastskip, - % this make-up glue would be preceded by a non-discardable item - % (the whatsit from the \write), so we must insert a \nobreak. - \nobreak\vskip\whatsitskip - \fi -\fi -} - -% The index entry written in the file actually looks like -% \entry {sortstring}{page}{topic} -% or -% \entry {sortstring}{page}{topic}{subtopic} -% The texindex program reads in these files and writes files -% containing these kinds of lines: -% \initial {c} -% before the first topic whose initial is c -% \entry {topic}{pagelist} -% for a topic that is used without subtopics -% \primary {topic} -% for the beginning of a topic that is used with subtopics -% \secondary {subtopic}{pagelist} -% for each subtopic. - -% Define the user-accessible indexing commands -% @findex, @vindex, @kindex, @cindex. - -\def\findex {\fnindex} -\def\kindex {\kyindex} -\def\cindex {\cpindex} -\def\vindex {\vrindex} -\def\tindex {\tpindex} -\def\pindex {\pgindex} - -\def\cindexsub {\begingroup\obeylines\cindexsub} -{\obeylines % -\gdef\cindexsub "#1" #2^^M{\endgroup % -\dosubind{cp}{#2}{#1}}} - -% Define the macros used in formatting output of the sorted index material. - -% @printindex causes a particular index (the ??s file) to get printed. -% It does not print any chapter heading (usually an @unnumbered). -% -\parseargdef\printindex{\begingroup - \dobreak \chapheadingskip{10000}% - % - \smallfonts \rm - \tolerance = 9500 - \plainfrenchspacing - \everypar = {}% don't want the \kern\-parindent from indentation suppression. - % - % See if the index file exists and is nonempty. - % Change catcode of @ here so that if the index file contains - % \initial {@} - % as its first line, TeX doesn't complain about mismatched braces - % (because it thinks @} is a control sequence). - \catcode`\@ = 11 - \openin 1 \jobname.#1s - \ifeof 1 - % \enddoublecolumns gets confused if there is no text in the index, - % and it loses the chapter title and the aux file entries for the - % index. The easiest way to prevent this problem is to make sure - % there is some text. - \putwordIndexNonexistent - \else - % - % If the index file exists but is empty, then \openin leaves \ifeof - % false. We have to make TeX try to read something from the file, so - % it can discover if there is anything in it. - \read 1 to \temp - \ifeof 1 - \putwordIndexIsEmpty - \else - % Index files are almost Texinfo source, but we use \ as the escape - % character. It would be better to use @, but that's too big a change - % to make right now. - \def\indexbackslash{\backslashcurfont}% - \catcode`\\ = 0 - \escapechar = `\\ - \begindoublecolumns - \input \jobname.#1s - \enddoublecolumns - \fi - \fi - \closein 1 -\endgroup} - -% These macros are used by the sorted index file itself. -% Change them to control the appearance of the index. - -\def\initial#1{{% - % Some minor font changes for the special characters. - \let\tentt=\sectt \let\tt=\sectt \let\sf=\sectt - % - % Remove any glue we may have, we'll be inserting our own. - \removelastskip - % - % We like breaks before the index initials, so insert a bonus. - \nobreak - \vskip 0pt plus 3\baselineskip - \penalty 0 - \vskip 0pt plus -3\baselineskip - % - % Typeset the initial. Making this add up to a whole number of - % baselineskips increases the chance of the dots lining up from column - % to column. It still won't often be perfect, because of the stretch - % we need before each entry, but it's better. - % - % No shrink because it confuses \balancecolumns. - \vskip 1.67\baselineskip plus .5\baselineskip - \leftline{\secbf #1}% - % Do our best not to break after the initial. - \nobreak - \vskip .33\baselineskip plus .1\baselineskip -}} - -% \entry typesets a paragraph consisting of the text (#1), dot leaders, and -% then page number (#2) flushed to the right margin. It is used for index -% and table of contents entries. The paragraph is indented by \leftskip. -% -% A straightforward implementation would start like this: -% \def\entry#1#2{... -% But this frozes the catcodes in the argument, and can cause problems to -% @code, which sets - active. This problem was fixed by a kludge--- -% ``-'' was active throughout whole index, but this isn't really right. -% -% The right solution is to prevent \entry from swallowing the whole text. -% --kasal, 21nov03 -\def\entry{% - \begingroup - % - % Start a new paragraph if necessary, so our assignments below can't - % affect previous text. - \par - % - % Do not fill out the last line with white space. - \parfillskip = 0in - % - % No extra space above this paragraph. - \parskip = 0in - % - % Do not prefer a separate line ending with a hyphen to fewer lines. - \finalhyphendemerits = 0 - % - % \hangindent is only relevant when the entry text and page number - % don't both fit on one line. In that case, bob suggests starting the - % dots pretty far over on the line. Unfortunately, a large - % indentation looks wrong when the entry text itself is broken across - % lines. So we use a small indentation and put up with long leaders. - % - % \hangafter is reset to 1 (which is the value we want) at the start - % of each paragraph, so we need not do anything with that. - \hangindent = 2em - % - % When the entry text needs to be broken, just fill out the first line - % with blank space. - \rightskip = 0pt plus1fil - % - % A bit of stretch before each entry for the benefit of balancing - % columns. - \vskip 0pt plus1pt - % - % Swallow the left brace of the text (first parameter): - \afterassignment\doentry - \let\temp = -} -\def\doentry{% - \bgroup % Instead of the swallowed brace. - \noindent - \aftergroup\finishentry - % And now comes the text of the entry. -} -\def\finishentry#1{% - % #1 is the page number. - % - % The following is kludged to not output a line of dots in the index if - % there are no page numbers. The next person who breaks this will be - % cursed by a Unix daemon. - \def\tempa{{\rm }}% - \def\tempb{#1}% - \edef\tempc{\tempa}% - \edef\tempd{\tempb}% - \ifx\tempc\tempd - \ % - \else - % - % If we must, put the page number on a line of its own, and fill out - % this line with blank space. (The \hfil is overwhelmed with the - % fill leaders glue in \indexdotfill if the page number does fit.) - \hfil\penalty50 - \null\nobreak\indexdotfill % Have leaders before the page number. - % - % The `\ ' here is removed by the implicit \unskip that TeX does as - % part of (the primitive) \par. Without it, a spurious underfull - % \hbox ensues. - \ifpdf - \pdfgettoks#1.% - \ \the\toksA - \else - \ #1% - \fi - \fi - \par - \endgroup -} - -% Like plain.tex's \dotfill, except uses up at least 1 em. -\def\indexdotfill{\cleaders - \hbox{$\mathsurround=0pt \mkern1.5mu.\mkern1.5mu$}\hskip 1em plus 1fill} - -\def\primary #1{\line{#1\hfil}} - -\newskip\secondaryindent \secondaryindent=0.5cm -\def\secondary#1#2{{% - \parfillskip=0in - \parskip=0in - \hangindent=1in - \hangafter=1 - \noindent\hskip\secondaryindent\hbox{#1}\indexdotfill - \ifpdf - \pdfgettoks#2.\ \the\toksA % The page number ends the paragraph. - \else - #2 - \fi - \par -}} - -% Define two-column mode, which we use to typeset indexes. -% Adapted from the TeXbook, page 416, which is to say, -% the manmac.tex format used to print the TeXbook itself. -\catcode`\@=11 - -\newbox\partialpage -\newdimen\doublecolumnhsize - -\def\begindoublecolumns{\begingroup % ended by \enddoublecolumns - % Grab any single-column material above us. - \output = {% - % - % Here is a possibility not foreseen in manmac: if we accumulate a - % whole lot of material, we might end up calling this \output - % routine twice in a row (see the doublecol-lose test, which is - % essentially a couple of indexes with @setchapternewpage off). In - % that case we just ship out what is in \partialpage with the normal - % output routine. Generally, \partialpage will be empty when this - % runs and this will be a no-op. See the indexspread.tex test case. - \ifvoid\partialpage \else - \onepageout{\pagecontents\partialpage}% - \fi - % - \global\setbox\partialpage = \vbox{% - % Unvbox the main output page. - \unvbox\PAGE - \kern-\topskip \kern\baselineskip - }% - }% - \eject % run that output routine to set \partialpage - % - % Use the double-column output routine for subsequent pages. - \output = {\doublecolumnout}% - % - % Change the page size parameters. We could do this once outside this - % routine, in each of @smallbook, @afourpaper, and the default 8.5x11 - % format, but then we repeat the same computation. Repeating a couple - % of assignments once per index is clearly meaningless for the - % execution time, so we may as well do it in one place. - % - % First we halve the line length, less a little for the gutter between - % the columns. We compute the gutter based on the line length, so it - % changes automatically with the paper format. The magic constant - % below is chosen so that the gutter has the same value (well, +-<1pt) - % as it did when we hard-coded it. - % - % We put the result in a separate register, \doublecolumhsize, so we - % can restore it in \pagesofar, after \hsize itself has (potentially) - % been clobbered. - % - \doublecolumnhsize = \hsize - \advance\doublecolumnhsize by -.04154\hsize - \divide\doublecolumnhsize by 2 - \hsize = \doublecolumnhsize - % - % Double the \vsize as well. (We don't need a separate register here, - % since nobody clobbers \vsize.) - \vsize = 2\vsize -} - -% The double-column output routine for all double-column pages except -% the last. -% -\def\doublecolumnout{% - \splittopskip=\topskip \splitmaxdepth=\maxdepth - % Get the available space for the double columns -- the normal - % (undoubled) page height minus any material left over from the - % previous page. - \dimen@ = \vsize - \divide\dimen@ by 2 - \advance\dimen@ by -\ht\partialpage - % - % box0 will be the left-hand column, box2 the right. - \setbox0=\vsplit255 to\dimen@ \setbox2=\vsplit255 to\dimen@ - \onepageout\pagesofar - \unvbox255 - \penalty\outputpenalty -} -% -% Re-output the contents of the output page -- any previous material, -% followed by the two boxes we just split, in box0 and box2. -\def\pagesofar{% - \unvbox\partialpage - % - \hsize = \doublecolumnhsize - \wd0=\hsize \wd2=\hsize - \hbox to\pagewidth{\box0\hfil\box2}% -} -% -% All done with double columns. -\def\enddoublecolumns{% - % The following penalty ensures that the page builder is exercised - % _before_ we change the output routine. This is necessary in the - % following situation: - % - % The last section of the index consists only of a single entry. - % Before this section, \pagetotal is less than \pagegoal, so no - % break occurs before the last section starts. However, the last - % section, consisting of \initial and the single \entry, does not - % fit on the page and has to be broken off. Without the following - % penalty the page builder will not be exercised until \eject - % below, and by that time we'll already have changed the output - % routine to the \balancecolumns version, so the next-to-last - % double-column page will be processed with \balancecolumns, which - % is wrong: The two columns will go to the main vertical list, with - % the broken-off section in the recent contributions. As soon as - % the output routine finishes, TeX starts reconsidering the page - % break. The two columns and the broken-off section both fit on the - % page, because the two columns now take up only half of the page - % goal. When TeX sees \eject from below which follows the final - % section, it invokes the new output routine that we've set after - % \balancecolumns below; \onepageout will try to fit the two columns - % and the final section into the vbox of \pageheight (see - % \pagebody), causing an overfull box. - % - % Note that glue won't work here, because glue does not exercise the - % page builder, unlike penalties (see The TeXbook, pp. 280-281). - \penalty0 - % - \output = {% - % Split the last of the double-column material. Leave it on the - % current page, no automatic page break. - \balancecolumns - % - % If we end up splitting too much material for the current page, - % though, there will be another page break right after this \output - % invocation ends. Having called \balancecolumns once, we do not - % want to call it again. Therefore, reset \output to its normal - % definition right away. (We hope \balancecolumns will never be - % called on to balance too much material, but if it is, this makes - % the output somewhat more palatable.) - \global\output = {\onepageout{\pagecontents\PAGE}}% - }% - \eject - \endgroup % started in \begindoublecolumns - % - % \pagegoal was set to the doubled \vsize above, since we restarted - % the current page. We're now back to normal single-column - % typesetting, so reset \pagegoal to the normal \vsize (after the - % \endgroup where \vsize got restored). - \pagegoal = \vsize -} -% -% Called at the end of the double column material. -\def\balancecolumns{% - \setbox0 = \vbox{\unvbox255}% like \box255 but more efficient, see p.120. - \dimen@ = \ht0 - \advance\dimen@ by \topskip - \advance\dimen@ by-\baselineskip - \divide\dimen@ by 2 % target to split to - %debug\message{final 2-column material height=\the\ht0, target=\the\dimen@.}% - \splittopskip = \topskip - % Loop until we get a decent breakpoint. - {% - \vbadness = 10000 - \loop - \global\setbox3 = \copy0 - \global\setbox1 = \vsplit3 to \dimen@ - \ifdim\ht3>\dimen@ - \global\advance\dimen@ by 1pt - \repeat - }% - %debug\message{split to \the\dimen@, column heights: \the\ht1, \the\ht3.}% - \setbox0=\vbox to\dimen@{\unvbox1}% - \setbox2=\vbox to\dimen@{\unvbox3}% - % - \pagesofar -} -\catcode`\@ = \other - - -\message{sectioning,} -% Chapters, sections, etc. - -% \unnumberedno is an oxymoron, of course. But we count the unnumbered -% sections so that we can refer to them unambiguously in the pdf -% outlines by their "section number". We avoid collisions with chapter -% numbers by starting them at 10000. (If a document ever has 10000 -% chapters, we're in trouble anyway, I'm sure.) -\newcount\unnumberedno \unnumberedno = 10000 -\newcount\chapno -\newcount\secno \secno=0 -\newcount\subsecno \subsecno=0 -\newcount\subsubsecno \subsubsecno=0 - -% This counter is funny since it counts through charcodes of letters A, B, ... -\newcount\appendixno \appendixno = `\@ -% -% \def\appendixletter{\char\the\appendixno} -% We do the following ugly conditional instead of the above simple -% construct for the sake of pdftex, which needs the actual -% letter in the expansion, not just typeset. -% -\def\appendixletter{% - \ifnum\appendixno=`A A% - \else\ifnum\appendixno=`B B% - \else\ifnum\appendixno=`C C% - \else\ifnum\appendixno=`D D% - \else\ifnum\appendixno=`E E% - \else\ifnum\appendixno=`F F% - \else\ifnum\appendixno=`G G% - \else\ifnum\appendixno=`H H% - \else\ifnum\appendixno=`I I% - \else\ifnum\appendixno=`J J% - \else\ifnum\appendixno=`K K% - \else\ifnum\appendixno=`L L% - \else\ifnum\appendixno=`M M% - \else\ifnum\appendixno=`N N% - \else\ifnum\appendixno=`O O% - \else\ifnum\appendixno=`P P% - \else\ifnum\appendixno=`Q Q% - \else\ifnum\appendixno=`R R% - \else\ifnum\appendixno=`S S% - \else\ifnum\appendixno=`T T% - \else\ifnum\appendixno=`U U% - \else\ifnum\appendixno=`V V% - \else\ifnum\appendixno=`W W% - \else\ifnum\appendixno=`X X% - \else\ifnum\appendixno=`Y Y% - \else\ifnum\appendixno=`Z Z% - % The \the is necessary, despite appearances, because \appendixletter is - % expanded while writing the .toc file. \char\appendixno is not - % expandable, thus it is written literally, thus all appendixes come out - % with the same letter (or @) in the toc without it. - \else\char\the\appendixno - \fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi - \fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi} - -% Each @chapter defines this as the name of the chapter. -% page headings and footings can use it. @section does likewise. -% However, they are not reliable, because we don't use marks. -\def\thischapter{} -\def\thissection{} - -\newcount\absseclevel % used to calculate proper heading level -\newcount\secbase\secbase=0 % @raisesections/@lowersections modify this count - -% @raisesections: treat @section as chapter, @subsection as section, etc. -\def\raisesections{\global\advance\secbase by -1} -\let\up=\raisesections % original BFox name - -% @lowersections: treat @chapter as section, @section as subsection, etc. -\def\lowersections{\global\advance\secbase by 1} -\let\down=\lowersections % original BFox name - -% we only have subsub. -\chardef\maxseclevel = 3 -% -% A numbered section within an unnumbered changes to unnumbered too. -% To achive this, remember the "biggest" unnum. sec. we are currently in: -\chardef\unmlevel = \maxseclevel -% -% Trace whether the current chapter is an appendix or not: -% \chapheadtype is "N" or "A", unnumbered chapters are ignored. -\def\chapheadtype{N} - -% Choose a heading macro -% #1 is heading type -% #2 is heading level -% #3 is text for heading -\def\genhead#1#2#3{% - % Compute the abs. sec. level: - \absseclevel=#2 - \advance\absseclevel by \secbase - % Make sure \absseclevel doesn't fall outside the range: - \ifnum \absseclevel < 0 - \absseclevel = 0 - \else - \ifnum \absseclevel > 3 - \absseclevel = 3 - \fi - \fi - % The heading type: - \def\headtype{#1}% - \if \headtype U% - \ifnum \absseclevel < \unmlevel - \chardef\unmlevel = \absseclevel - \fi - \else - % Check for appendix sections: - \ifnum \absseclevel = 0 - \edef\chapheadtype{\headtype}% - \else - \if \headtype A\if \chapheadtype N% - \errmessage{@appendix... within a non-appendix chapter}% - \fi\fi - \fi - % Check for numbered within unnumbered: - \ifnum \absseclevel > \unmlevel - \def\headtype{U}% - \else - \chardef\unmlevel = 3 - \fi - \fi - % Now print the heading: - \if \headtype U% - \ifcase\absseclevel - \unnumberedzzz{#3}% - \or \unnumberedseczzz{#3}% - \or \unnumberedsubseczzz{#3}% - \or \unnumberedsubsubseczzz{#3}% - \fi - \else - \if \headtype A% - \ifcase\absseclevel - \appendixzzz{#3}% - \or \appendixsectionzzz{#3}% - \or \appendixsubseczzz{#3}% - \or \appendixsubsubseczzz{#3}% - \fi - \else - \ifcase\absseclevel - \chapterzzz{#3}% - \or \seczzz{#3}% - \or \numberedsubseczzz{#3}% - \or \numberedsubsubseczzz{#3}% - \fi - \fi - \fi - \suppressfirstparagraphindent -} - -% an interface: -\def\numhead{\genhead N} -\def\apphead{\genhead A} -\def\unnmhead{\genhead U} - -% @chapter, @appendix, @unnumbered. Increment top-level counter, reset -% all lower-level sectioning counters to zero. -% -% Also set \chaplevelprefix, which we prepend to @float sequence numbers -% (e.g., figures), q.v. By default (before any chapter), that is empty. -\let\chaplevelprefix = \empty -% -\outer\parseargdef\chapter{\numhead0{#1}} % normally numhead0 calls chapterzzz -\def\chapterzzz#1{% - % section resetting is \global in case the chapter is in a group, such - % as an @include file. - \global\secno=0 \global\subsecno=0 \global\subsubsecno=0 - \global\advance\chapno by 1 - % - % Used for \float. - \gdef\chaplevelprefix{\the\chapno.}% - \resetallfloatnos - % - \message{\putwordChapter\space \the\chapno}% - % - % Write the actual heading. - \chapmacro{#1}{Ynumbered}{\the\chapno}% - % - % So @section and the like are numbered underneath this chapter. - \global\let\section = \numberedsec - \global\let\subsection = \numberedsubsec - \global\let\subsubsection = \numberedsubsubsec -} - -\outer\parseargdef\appendix{\apphead0{#1}} % normally apphead0 calls appendixzzz -\def\appendixzzz#1{% - \global\secno=0 \global\subsecno=0 \global\subsubsecno=0 - \global\advance\appendixno by 1 - \gdef\chaplevelprefix{\appendixletter.}% - \resetallfloatnos - % - \def\appendixnum{\putwordAppendix\space \appendixletter}% - \message{\appendixnum}% - % - \chapmacro{#1}{Yappendix}{\appendixletter}% - % - \global\let\section = \appendixsec - \global\let\subsection = \appendixsubsec - \global\let\subsubsection = \appendixsubsubsec -} - -\outer\parseargdef\unnumbered{\unnmhead0{#1}} % normally unnmhead0 calls unnumberedzzz -\def\unnumberedzzz#1{% - \global\secno=0 \global\subsecno=0 \global\subsubsecno=0 - \global\advance\unnumberedno by 1 - % - % Since an unnumbered has no number, no prefix for figures. - \global\let\chaplevelprefix = \empty - \resetallfloatnos - % - % This used to be simply \message{#1}, but TeX fully expands the - % argument to \message. Therefore, if #1 contained @-commands, TeX - % expanded them. For example, in `@unnumbered The @cite{Book}', TeX - % expanded @cite (which turns out to cause errors because \cite is meant - % to be executed, not expanded). - % - % Anyway, we don't want the fully-expanded definition of @cite to appear - % as a result of the \message, we just want `@cite' itself. We use - % \the to achieve this: TeX expands \the only once, - % simply yielding the contents of . (We also do this for - % the toc entries.) - \toks0 = {#1}% - \message{(\the\toks0)}% - % - \chapmacro{#1}{Ynothing}{\the\unnumberedno}% - % - \global\let\section = \unnumberedsec - \global\let\subsection = \unnumberedsubsec - \global\let\subsubsection = \unnumberedsubsubsec -} - -% @centerchap is like @unnumbered, but the heading is centered. -\outer\parseargdef\centerchap{% - % Well, we could do the following in a group, but that would break - % an assumption that \chapmacro is called at the outermost level. - % Thus we are safer this way: --kasal, 24feb04 - \let\centerparametersmaybe = \centerparameters - \unnmhead0{#1}% - \let\centerparametersmaybe = \relax -} - -% @top is like @unnumbered. -\let\top\unnumbered - -% Sections. -\outer\parseargdef\numberedsec{\numhead1{#1}} % normally calls seczzz -\def\seczzz#1{% - \global\subsecno=0 \global\subsubsecno=0 \global\advance\secno by 1 - \sectionheading{#1}{sec}{Ynumbered}{\the\chapno.\the\secno}% -} - -\outer\parseargdef\appendixsection{\apphead1{#1}} % normally calls appendixsectionzzz -\def\appendixsectionzzz#1{% - \global\subsecno=0 \global\subsubsecno=0 \global\advance\secno by 1 - \sectionheading{#1}{sec}{Yappendix}{\appendixletter.\the\secno}% -} -\let\appendixsec\appendixsection - -\outer\parseargdef\unnumberedsec{\unnmhead1{#1}} % normally calls unnumberedseczzz -\def\unnumberedseczzz#1{% - \global\subsecno=0 \global\subsubsecno=0 \global\advance\secno by 1 - \sectionheading{#1}{sec}{Ynothing}{\the\unnumberedno.\the\secno}% -} - -% Subsections. -\outer\parseargdef\numberedsubsec{\numhead2{#1}} % normally calls numberedsubseczzz -\def\numberedsubseczzz#1{% - \global\subsubsecno=0 \global\advance\subsecno by 1 - \sectionheading{#1}{subsec}{Ynumbered}{\the\chapno.\the\secno.\the\subsecno}% -} - -\outer\parseargdef\appendixsubsec{\apphead2{#1}} % normally calls appendixsubseczzz -\def\appendixsubseczzz#1{% - \global\subsubsecno=0 \global\advance\subsecno by 1 - \sectionheading{#1}{subsec}{Yappendix}% - {\appendixletter.\the\secno.\the\subsecno}% -} - -\outer\parseargdef\unnumberedsubsec{\unnmhead2{#1}} %normally calls unnumberedsubseczzz -\def\unnumberedsubseczzz#1{% - \global\subsubsecno=0 \global\advance\subsecno by 1 - \sectionheading{#1}{subsec}{Ynothing}% - {\the\unnumberedno.\the\secno.\the\subsecno}% -} - -% Subsubsections. -\outer\parseargdef\numberedsubsubsec{\numhead3{#1}} % normally numberedsubsubseczzz -\def\numberedsubsubseczzz#1{% - \global\advance\subsubsecno by 1 - \sectionheading{#1}{subsubsec}{Ynumbered}% - {\the\chapno.\the\secno.\the\subsecno.\the\subsubsecno}% -} - -\outer\parseargdef\appendixsubsubsec{\apphead3{#1}} % normally appendixsubsubseczzz -\def\appendixsubsubseczzz#1{% - \global\advance\subsubsecno by 1 - \sectionheading{#1}{subsubsec}{Yappendix}% - {\appendixletter.\the\secno.\the\subsecno.\the\subsubsecno}% -} - -\outer\parseargdef\unnumberedsubsubsec{\unnmhead3{#1}} %normally unnumberedsubsubseczzz -\def\unnumberedsubsubseczzz#1{% - \global\advance\subsubsecno by 1 - \sectionheading{#1}{subsubsec}{Ynothing}% - {\the\unnumberedno.\the\secno.\the\subsecno.\the\subsubsecno}% -} - -% These macros control what the section commands do, according -% to what kind of chapter we are in (ordinary, appendix, or unnumbered). -% Define them by default for a numbered chapter. -\let\section = \numberedsec -\let\subsection = \numberedsubsec -\let\subsubsection = \numberedsubsubsec - -% Define @majorheading, @heading and @subheading - -% NOTE on use of \vbox for chapter headings, section headings, and such: -% 1) We use \vbox rather than the earlier \line to permit -% overlong headings to fold. -% 2) \hyphenpenalty is set to 10000 because hyphenation in a -% heading is obnoxious; this forbids it. -% 3) Likewise, headings look best if no \parindent is used, and -% if justification is not attempted. Hence \raggedright. - - -\def\majorheading{% - {\advance\chapheadingskip by 10pt \chapbreak }% - \parsearg\chapheadingzzz -} - -\def\chapheading{\chapbreak \parsearg\chapheadingzzz} -\def\chapheadingzzz#1{% - {\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt\raggedright - \rm #1\hfill}}% - \bigskip \par\penalty 200\relax - \suppressfirstparagraphindent -} - -% @heading, @subheading, @subsubheading. -\parseargdef\heading{\sectionheading{#1}{sec}{Yomitfromtoc}{} - \suppressfirstparagraphindent} -\parseargdef\subheading{\sectionheading{#1}{subsec}{Yomitfromtoc}{} - \suppressfirstparagraphindent} -\parseargdef\subsubheading{\sectionheading{#1}{subsubsec}{Yomitfromtoc}{} - \suppressfirstparagraphindent} - -% These macros generate a chapter, section, etc. heading only -% (including whitespace, linebreaking, etc. around it), -% given all the information in convenient, parsed form. - -%%% Args are the skip and penalty (usually negative) -\def\dobreak#1#2{\par\ifdim\lastskip<#1\removelastskip\penalty#2\vskip#1\fi} - -%%% Define plain chapter starts, and page on/off switching for it -% Parameter controlling skip before chapter headings (if needed) - -\newskip\chapheadingskip - -\def\chapbreak{\dobreak \chapheadingskip {-4000}} -\def\chappager{\par\vfill\supereject} -\def\chapoddpage{\chappager \ifodd\pageno \else \hbox to 0pt{} \chappager\fi} - -\def\setchapternewpage #1 {\csname CHAPPAG#1\endcsname} - -\def\CHAPPAGoff{% -\global\let\contentsalignmacro = \chappager -\global\let\pchapsepmacro=\chapbreak -\global\let\pagealignmacro=\chappager} - -\def\CHAPPAGon{% -\global\let\contentsalignmacro = \chappager -\global\let\pchapsepmacro=\chappager -\global\let\pagealignmacro=\chappager -\global\def\HEADINGSon{\HEADINGSsingle}} - -\def\CHAPPAGodd{% -\global\let\contentsalignmacro = \chapoddpage -\global\let\pchapsepmacro=\chapoddpage -\global\let\pagealignmacro=\chapoddpage -\global\def\HEADINGSon{\HEADINGSdouble}} - -\CHAPPAGon - -% Chapter opening. -% -% #1 is the text, #2 is the section type (Ynumbered, Ynothing, -% Yappendix, Yomitfromtoc), #3 the chapter number. -% -% To test against our argument. -\def\Ynothingkeyword{Ynothing} -\def\Yomitfromtockeyword{Yomitfromtoc} -\def\Yappendixkeyword{Yappendix} -% -\def\chapmacro#1#2#3{% - \pchapsepmacro - {% - \chapfonts \rm - % - % Have to define \thissection before calling \donoderef, because the - % xref code eventually uses it. On the other hand, it has to be called - % after \pchapsepmacro, or the headline will change too soon. - \gdef\thissection{#1}% - \gdef\thischaptername{#1}% - % - % Only insert the separating space if we have a chapter/appendix - % number, and don't print the unnumbered ``number''. - \def\temptype{#2}% - \ifx\temptype\Ynothingkeyword - \setbox0 = \hbox{}% - \def\toctype{unnchap}% - \gdef\thischapternum{}% - \gdef\thischapter{#1}% - \else\ifx\temptype\Yomitfromtockeyword - \setbox0 = \hbox{}% contents like unnumbered, but no toc entry - \def\toctype{omit}% - \gdef\thischapternum{}% - \gdef\thischapter{}% - \else\ifx\temptype\Yappendixkeyword - \setbox0 = \hbox{\putwordAppendix{} #3\enspace}% - \def\toctype{app}% - \xdef\thischapternum{\appendixletter}% - % We don't substitute the actual chapter name into \thischapter - % because we don't want its macros evaluated now. And we don't - % use \thissection because that changes with each section. - % - \xdef\thischapter{\putwordAppendix{} \appendixletter: - \noexpand\thischaptername}% - \else - \setbox0 = \hbox{#3\enspace}% - \def\toctype{numchap}% - \xdef\thischapternum{\the\chapno}% - \xdef\thischapter{\putwordChapter{} \the\chapno: - \noexpand\thischaptername}% - \fi\fi\fi - % - % Write the toc entry for this chapter. Must come before the - % \donoderef, because we include the current node name in the toc - % entry, and \donoderef resets it to empty. - \writetocentry{\toctype}{#1}{#3}% - % - % For pdftex, we have to write out the node definition (aka, make - % the pdfdest) after any page break, but before the actual text has - % been typeset. If the destination for the pdf outline is after the - % text, then jumping from the outline may wind up with the text not - % being visible, for instance under high magnification. - \donoderef{#2}% - % - % Typeset the actual heading. - \vbox{\hyphenpenalty=10000 \tolerance=5000 \parindent=0pt \raggedright - \hangindent=\wd0 \centerparametersmaybe - \unhbox0 #1\par}% - }% - \nobreak\bigskip % no page break after a chapter title - \nobreak -} - -% @centerchap -- centered and unnumbered. -\let\centerparametersmaybe = \relax -\def\centerparameters{% - \advance\rightskip by 3\rightskip - \leftskip = \rightskip - \parfillskip = 0pt -} - - -% I don't think this chapter style is supported any more, so I'm not -% updating it with the new noderef stuff. We'll see. --karl, 11aug03. -% -\def\setchapterstyle #1 {\csname CHAPF#1\endcsname} -% -\def\unnchfopen #1{% -\chapoddpage {\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt\raggedright - \rm #1\hfill}}\bigskip \par\nobreak -} -\def\chfopen #1#2{\chapoddpage {\chapfonts -\vbox to 3in{\vfil \hbox to\hsize{\hfil #2} \hbox to\hsize{\hfil #1} \vfil}}% -\par\penalty 5000 % -} -\def\centerchfopen #1{% -\chapoddpage {\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt - \hfill {\rm #1}\hfill}}\bigskip \par\nobreak -} -\def\CHAPFopen{% - \global\let\chapmacro=\chfopen - \global\let\centerchapmacro=\centerchfopen} - - -% Section titles. These macros combine the section number parts and -% call the generic \sectionheading to do the printing. -% -\newskip\secheadingskip -\def\secheadingbreak{\dobreak \secheadingskip{-1000}} - -% Subsection titles. -\newskip\subsecheadingskip -\def\subsecheadingbreak{\dobreak \subsecheadingskip{-500}} - -% Subsubsection titles. -\def\subsubsecheadingskip{\subsecheadingskip} -\def\subsubsecheadingbreak{\subsecheadingbreak} - - -% Print any size, any type, section title. -% -% #1 is the text, #2 is the section level (sec/subsec/subsubsec), #3 is -% the section type for xrefs (Ynumbered, Ynothing, Yappendix), #4 is the -% section number. -% -\def\sectionheading#1#2#3#4{% - {% - % Switch to the right set of fonts. - \csname #2fonts\endcsname \rm - % - % Insert space above the heading. - \csname #2headingbreak\endcsname - % - % Only insert the space after the number if we have a section number. - \def\sectionlevel{#2}% - \def\temptype{#3}% - % - \ifx\temptype\Ynothingkeyword - \setbox0 = \hbox{}% - \def\toctype{unn}% - \gdef\thissection{#1}% - \else\ifx\temptype\Yomitfromtockeyword - % for @headings -- no section number, don't include in toc, - % and don't redefine \thissection. - \setbox0 = \hbox{}% - \def\toctype{omit}% - \let\sectionlevel=\empty - \else\ifx\temptype\Yappendixkeyword - \setbox0 = \hbox{#4\enspace}% - \def\toctype{app}% - \gdef\thissection{#1}% - \else - \setbox0 = \hbox{#4\enspace}% - \def\toctype{num}% - \gdef\thissection{#1}% - \fi\fi\fi - % - % Write the toc entry (before \donoderef). See comments in \chapmacro. - \writetocentry{\toctype\sectionlevel}{#1}{#4}% - % - % Write the node reference (= pdf destination for pdftex). - % Again, see comments in \chapmacro. - \donoderef{#3}% - % - % Interline glue will be inserted when the vbox is completed. - % That glue will be a valid breakpoint for the page, since it'll be - % preceded by a whatsit (usually from the \donoderef, or from the - % \writetocentry if there was no node). We don't want to allow that - % break, since then the whatsits could end up on page n while the - % section is on page n+1, thus toc/etc. are wrong. Debian bug 276000. - \nobreak - % - % Output the actual section heading. - \vbox{\hyphenpenalty=10000 \tolerance=5000 \parindent=0pt \raggedright - \hangindent=\wd0 % zero if no section number - \unhbox0 #1}% - }% - % Add extra space after the heading -- half of whatever came above it. - % Don't allow stretch, though. - \kern .5 \csname #2headingskip\endcsname - % - % Do not let the kern be a potential breakpoint, as it would be if it - % was followed by glue. - \nobreak - % - % We'll almost certainly start a paragraph next, so don't let that - % glue accumulate. (Not a breakpoint because it's preceded by a - % discardable item.) - \vskip-\parskip - % - % This is purely so the last item on the list is a known \penalty > - % 10000. This is so \startdefun can avoid allowing breakpoints after - % section headings. Otherwise, it would insert a valid breakpoint between: - % - % @section sec-whatever - % @deffn def-whatever - \penalty 10001 -} - - -\message{toc,} -% Table of contents. -\newwrite\tocfile - -% Write an entry to the toc file, opening it if necessary. -% Called from @chapter, etc. -% -% Example usage: \writetocentry{sec}{Section Name}{\the\chapno.\the\secno} -% We append the current node name (if any) and page number as additional -% arguments for the \{chap,sec,...}entry macros which will eventually -% read this. The node name is used in the pdf outlines as the -% destination to jump to. -% -% We open the .toc file for writing here instead of at @setfilename (or -% any other fixed time) so that @contents can be anywhere in the document. -% But if #1 is `omit', then we don't do anything. This is used for the -% table of contents chapter openings themselves. -% -\newif\iftocfileopened -\def\omitkeyword{omit}% -% -\def\writetocentry#1#2#3{% - \edef\writetoctype{#1}% - \ifx\writetoctype\omitkeyword \else - \iftocfileopened\else - \immediate\openout\tocfile = \jobname.toc - \global\tocfileopenedtrue - \fi - % - \iflinks - {\atdummies - \edef\temp{% - \write\tocfile{@#1entry{#2}{#3}{\lastnode}{\noexpand\folio}}}% - \temp - }% - \fi - \fi - % - % Tell \shipout to create a pdf destination on each page, if we're - % writing pdf. These are used in the table of contents. We can't - % just write one on every page because the title pages are numbered - % 1 and 2 (the page numbers aren't printed), and so are the first - % two pages of the document. Thus, we'd have two destinations named - % `1', and two named `2'. - \ifpdf \global\pdfmakepagedesttrue \fi -} - - -% These characters do not print properly in the Computer Modern roman -% fonts, so we must take special care. This is more or less redundant -% with the Texinfo input format setup at the end of this file. -% -\def\activecatcodes{% - \catcode`\"=\active - \catcode`\$=\active - \catcode`\<=\active - \catcode`\>=\active - \catcode`\\=\active - \catcode`\^=\active - \catcode`\_=\active - \catcode`\|=\active - \catcode`\~=\active -} - - -% Read the toc file, which is essentially Texinfo input. -\def\readtocfile{% - \setupdatafile - \activecatcodes - \input \jobname.toc -} - -\newskip\contentsrightmargin \contentsrightmargin=1in -\newcount\savepageno -\newcount\lastnegativepageno \lastnegativepageno = -1 - -% Prepare to read what we've written to \tocfile. -% -\def\startcontents#1{% - % If @setchapternewpage on, and @headings double, the contents should - % start on an odd page, unlike chapters. Thus, we maintain - % \contentsalignmacro in parallel with \pagealignmacro. - % From: Torbjorn Granlund - \contentsalignmacro - \immediate\closeout\tocfile - % - % Don't need to put `Contents' or `Short Contents' in the headline. - % It is abundantly clear what they are. - \def\thischapter{}% - \chapmacro{#1}{Yomitfromtoc}{}% - % - \savepageno = \pageno - \begingroup % Set up to handle contents files properly. - \raggedbottom % Worry more about breakpoints than the bottom. - \advance\hsize by -\contentsrightmargin % Don't use the full line length. - % - % Roman numerals for page numbers. - \ifnum \pageno>0 \global\pageno = \lastnegativepageno \fi -} - - -% Normal (long) toc. -\def\contents{% - \startcontents{\putwordTOC}% - \openin 1 \jobname.toc - \ifeof 1 \else - \readtocfile - \fi - \vfill \eject - \contentsalignmacro % in case @setchapternewpage odd is in effect - \ifeof 1 \else - \pdfmakeoutlines - \fi - \closein 1 - \endgroup - \lastnegativepageno = \pageno - \global\pageno = \savepageno -} - -% And just the chapters. -\def\summarycontents{% - \startcontents{\putwordShortTOC}% - % - \let\numchapentry = \shortchapentry - \let\appentry = \shortchapentry - \let\unnchapentry = \shortunnchapentry - % We want a true roman here for the page numbers. - \secfonts - \let\rm=\shortcontrm \let\bf=\shortcontbf - \let\sl=\shortcontsl \let\tt=\shortconttt - \rm - \hyphenpenalty = 10000 - \advance\baselineskip by 1pt % Open it up a little. - \def\numsecentry##1##2##3##4{} - \let\appsecentry = \numsecentry - \let\unnsecentry = \numsecentry - \let\numsubsecentry = \numsecentry - \let\appsubsecentry = \numsecentry - \let\unnsubsecentry = \numsecentry - \let\numsubsubsecentry = \numsecentry - \let\appsubsubsecentry = \numsecentry - \let\unnsubsubsecentry = \numsecentry - \openin 1 \jobname.toc - \ifeof 1 \else - \readtocfile - \fi - \closein 1 - \vfill \eject - \contentsalignmacro % in case @setchapternewpage odd is in effect - \endgroup - \lastnegativepageno = \pageno - \global\pageno = \savepageno -} -\let\shortcontents = \summarycontents - -% Typeset the label for a chapter or appendix for the short contents. -% The arg is, e.g., `A' for an appendix, or `3' for a chapter. -% -\def\shortchaplabel#1{% - % This space should be enough, since a single number is .5em, and the - % widest letter (M) is 1em, at least in the Computer Modern fonts. - % But use \hss just in case. - % (This space doesn't include the extra space that gets added after - % the label; that gets put in by \shortchapentry above.) - % - % We'd like to right-justify chapter numbers, but that looks strange - % with appendix letters. And right-justifying numbers and - % left-justifying letters looks strange when there is less than 10 - % chapters. Have to read the whole toc once to know how many chapters - % there are before deciding ... - \hbox to 1em{#1\hss}% -} - -% These macros generate individual entries in the table of contents. -% The first argument is the chapter or section name. -% The last argument is the page number. -% The arguments in between are the chapter number, section number, ... - -% Chapters, in the main contents. -\def\numchapentry#1#2#3#4{\dochapentry{#2\labelspace#1}{#4}} -% -% Chapters, in the short toc. -% See comments in \dochapentry re vbox and related settings. -\def\shortchapentry#1#2#3#4{% - \tocentry{\shortchaplabel{#2}\labelspace #1}{\doshortpageno\bgroup#4\egroup}% -} - -% Appendices, in the main contents. -% Need the word Appendix, and a fixed-size box. -% -\def\appendixbox#1{% - % We use M since it's probably the widest letter. - \setbox0 = \hbox{\putwordAppendix{} M}% - \hbox to \wd0{\putwordAppendix{} #1\hss}} -% -\def\appentry#1#2#3#4{\dochapentry{\appendixbox{#2}\labelspace#1}{#4}} - -% Unnumbered chapters. -\def\unnchapentry#1#2#3#4{\dochapentry{#1}{#4}} -\def\shortunnchapentry#1#2#3#4{\tocentry{#1}{\doshortpageno\bgroup#4\egroup}} - -% Sections. -\def\numsecentry#1#2#3#4{\dosecentry{#2\labelspace#1}{#4}} -\let\appsecentry=\numsecentry -\def\unnsecentry#1#2#3#4{\dosecentry{#1}{#4}} - -% Subsections. -\def\numsubsecentry#1#2#3#4{\dosubsecentry{#2\labelspace#1}{#4}} -\let\appsubsecentry=\numsubsecentry -\def\unnsubsecentry#1#2#3#4{\dosubsecentry{#1}{#4}} - -% And subsubsections. -\def\numsubsubsecentry#1#2#3#4{\dosubsubsecentry{#2\labelspace#1}{#4}} -\let\appsubsubsecentry=\numsubsubsecentry -\def\unnsubsubsecentry#1#2#3#4{\dosubsubsecentry{#1}{#4}} - -% This parameter controls the indentation of the various levels. -% Same as \defaultparindent. -\newdimen\tocindent \tocindent = 15pt - -% Now for the actual typesetting. In all these, #1 is the text and #2 is the -% page number. -% -% If the toc has to be broken over pages, we want it to be at chapters -% if at all possible; hence the \penalty. -\def\dochapentry#1#2{% - \penalty-300 \vskip1\baselineskip plus.33\baselineskip minus.25\baselineskip - \begingroup - \chapentryfonts - \tocentry{#1}{\dopageno\bgroup#2\egroup}% - \endgroup - \nobreak\vskip .25\baselineskip plus.1\baselineskip -} - -\def\dosecentry#1#2{\begingroup - \secentryfonts \leftskip=\tocindent - \tocentry{#1}{\dopageno\bgroup#2\egroup}% -\endgroup} - -\def\dosubsecentry#1#2{\begingroup - \subsecentryfonts \leftskip=2\tocindent - \tocentry{#1}{\dopageno\bgroup#2\egroup}% -\endgroup} - -\def\dosubsubsecentry#1#2{\begingroup - \subsubsecentryfonts \leftskip=3\tocindent - \tocentry{#1}{\dopageno\bgroup#2\egroup}% -\endgroup} - -% We use the same \entry macro as for the index entries. -\let\tocentry = \entry - -% Space between chapter (or whatever) number and the title. -\def\labelspace{\hskip1em \relax} - -\def\dopageno#1{{\rm #1}} -\def\doshortpageno#1{{\rm #1}} - -\def\chapentryfonts{\secfonts \rm} -\def\secentryfonts{\textfonts} -\def\subsecentryfonts{\textfonts} -\def\subsubsecentryfonts{\textfonts} - - -\message{environments,} -% @foo ... @end foo. - -% @point{}, @result{}, @expansion{}, @print{}, @equiv{}. -% -% Since these characters are used in examples, it should be an even number of -% \tt widths. Each \tt character is 1en, so two makes it 1em. -% -\def\point{$\star$} -\def\result{\leavevmode\raise.15ex\hbox to 1em{\hfil$\Rightarrow$\hfil}} -\def\expansion{\leavevmode\raise.1ex\hbox to 1em{\hfil$\mapsto$\hfil}} -\def\print{\leavevmode\lower.1ex\hbox to 1em{\hfil$\dashv$\hfil}} -\def\equiv{\leavevmode\lower.1ex\hbox to 1em{\hfil$\ptexequiv$\hfil}} - -% The @error{} command. -% Adapted from the TeXbook's \boxit. -% -\newbox\errorbox -% -{\tentt \global\dimen0 = 3em}% Width of the box. -\dimen2 = .55pt % Thickness of rules -% The text. (`r' is open on the right, `e' somewhat less so on the left.) -\setbox0 = \hbox{\kern-.75pt \reducedsf error\kern-1.5pt} -% -\setbox\errorbox=\hbox to \dimen0{\hfil - \hsize = \dimen0 \advance\hsize by -5.8pt % Space to left+right. - \advance\hsize by -2\dimen2 % Rules. - \vbox{% - \hrule height\dimen2 - \hbox{\vrule width\dimen2 \kern3pt % Space to left of text. - \vtop{\kern2.4pt \box0 \kern2.4pt}% Space above/below. - \kern3pt\vrule width\dimen2}% Space to right. - \hrule height\dimen2} - \hfil} -% -\def\error{\leavevmode\lower.7ex\copy\errorbox} - -% @tex ... @end tex escapes into raw Tex temporarily. -% One exception: @ is still an escape character, so that @end tex works. -% But \@ or @@ will get a plain tex @ character. - -\envdef\tex{% - \catcode `\\=0 \catcode `\{=1 \catcode `\}=2 - \catcode `\$=3 \catcode `\&=4 \catcode `\#=6 - \catcode `\^=7 \catcode `\_=8 \catcode `\~=\active \let~=\tie - \catcode `\%=14 - \catcode `\+=\other - \catcode `\"=\other - \catcode `\|=\other - \catcode `\<=\other - \catcode `\>=\other - \escapechar=`\\ - % - \let\b=\ptexb - \let\bullet=\ptexbullet - \let\c=\ptexc - \let\,=\ptexcomma - \let\.=\ptexdot - \let\dots=\ptexdots - \let\equiv=\ptexequiv - \let\!=\ptexexclam - \let\i=\ptexi - \let\indent=\ptexindent - \let\noindent=\ptexnoindent - \let\{=\ptexlbrace - \let\+=\tabalign - \let\}=\ptexrbrace - \let\/=\ptexslash - \let\*=\ptexstar - \let\t=\ptext - \let\frenchspacing=\plainfrenchspacing - % - \def\endldots{\mathinner{\ldots\ldots\ldots\ldots}}% - \def\enddots{\relax\ifmmode\endldots\else$\mathsurround=0pt \endldots\,$\fi}% - \def\@{@}% -} -% There is no need to define \Etex. - -% Define @lisp ... @end lisp. -% @lisp environment forms a group so it can rebind things, -% including the definition of @end lisp (which normally is erroneous). - -% Amount to narrow the margins by for @lisp. -\newskip\lispnarrowing \lispnarrowing=0.4in - -% This is the definition that ^^M gets inside @lisp, @example, and other -% such environments. \null is better than a space, since it doesn't -% have any width. -\def\lisppar{\null\endgraf} - -% This space is always present above and below environments. -\newskip\envskipamount \envskipamount = 0pt - -% Make spacing and below environment symmetrical. We use \parskip here -% to help in doing that, since in @example-like environments \parskip -% is reset to zero; thus the \afterenvbreak inserts no space -- but the -% start of the next paragraph will insert \parskip. -% -\def\aboveenvbreak{{% - % =10000 instead of <10000 because of a special case in \itemzzz and - % \sectionheading, q.v. - \ifnum \lastpenalty=10000 \else - \advance\envskipamount by \parskip - \endgraf - \ifdim\lastskip<\envskipamount - \removelastskip - % it's not a good place to break if the last penalty was \nobreak - % or better ... - \ifnum\lastpenalty<10000 \penalty-50 \fi - \vskip\envskipamount - \fi - \fi -}} - -\let\afterenvbreak = \aboveenvbreak - -% \nonarrowing is a flag. If "set", @lisp etc don't narrow margins; it will -% also clear it, so that its embedded environments do the narrowing again. -\let\nonarrowing=\relax - -% @cartouche ... @end cartouche: draw rectangle w/rounded corners around -% environment contents. -\font\circle=lcircle10 -\newdimen\circthick -\newdimen\cartouter\newdimen\cartinner -\newskip\normbskip\newskip\normpskip\newskip\normlskip -\circthick=\fontdimen8\circle -% -\def\ctl{{\circle\char'013\hskip -6pt}}% 6pt from pl file: 1/2charwidth -\def\ctr{{\hskip 6pt\circle\char'010}} -\def\cbl{{\circle\char'012\hskip -6pt}} -\def\cbr{{\hskip 6pt\circle\char'011}} -\def\carttop{\hbox to \cartouter{\hskip\lskip - \ctl\leaders\hrule height\circthick\hfil\ctr - \hskip\rskip}} -\def\cartbot{\hbox to \cartouter{\hskip\lskip - \cbl\leaders\hrule height\circthick\hfil\cbr - \hskip\rskip}} -% -\newskip\lskip\newskip\rskip - -\envdef\cartouche{% - \ifhmode\par\fi % can't be in the midst of a paragraph. - \startsavinginserts - \lskip=\leftskip \rskip=\rightskip - \leftskip=0pt\rightskip=0pt % we want these *outside*. - \cartinner=\hsize \advance\cartinner by-\lskip - \advance\cartinner by-\rskip - \cartouter=\hsize - \advance\cartouter by 18.4pt % allow for 3pt kerns on either - % side, and for 6pt waste from - % each corner char, and rule thickness - \normbskip=\baselineskip \normpskip=\parskip \normlskip=\lineskip - % Flag to tell @lisp, etc., not to narrow margin. - \let\nonarrowing = t% - \vbox\bgroup - \baselineskip=0pt\parskip=0pt\lineskip=0pt - \carttop - \hbox\bgroup - \hskip\lskip - \vrule\kern3pt - \vbox\bgroup - \kern3pt - \hsize=\cartinner - \baselineskip=\normbskip - \lineskip=\normlskip - \parskip=\normpskip - \vskip -\parskip - \comment % For explanation, see the end of \def\group. -} -\def\Ecartouche{% - \ifhmode\par\fi - \kern3pt - \egroup - \kern3pt\vrule - \hskip\rskip - \egroup - \cartbot - \egroup - \checkinserts -} - - -% This macro is called at the beginning of all the @example variants, -% inside a group. -\def\nonfillstart{% - \aboveenvbreak - \hfuzz = 12pt % Don't be fussy - \sepspaces % Make spaces be word-separators rather than space tokens. - \let\par = \lisppar % don't ignore blank lines - \obeylines % each line of input is a line of output - \parskip = 0pt - \parindent = 0pt - \emergencystretch = 0pt % don't try to avoid overfull boxes - \ifx\nonarrowing\relax - \advance \leftskip by \lispnarrowing - \exdentamount=\lispnarrowing - \else - \let\nonarrowing = \relax - \fi - \let\exdent=\nofillexdent -} - -% If you want all examples etc. small: @set dispenvsize small. -% If you want even small examples the full size: @set dispenvsize nosmall. -% This affects the following displayed environments: -% @example, @display, @format, @lisp -% -\def\smallword{small} -\def\nosmallword{nosmall} -\let\SETdispenvsize\relax -\def\setnormaldispenv{% - \ifx\SETdispenvsize\smallword - % end paragraph for sake of leading, in case document has no blank - % line. This is redundant with what happens in \aboveenvbreak, but - % we need to do it before changing the fonts, and it's inconvenient - % to change the fonts afterward. - \ifnum \lastpenalty=10000 \else \endgraf \fi - \smallexamplefonts \rm - \fi -} -\def\setsmalldispenv{% - \ifx\SETdispenvsize\nosmallword - \else - \ifnum \lastpenalty=10000 \else \endgraf \fi - \smallexamplefonts \rm - \fi -} - -% We often define two environments, @foo and @smallfoo. -% Let's do it by one command: -\def\makedispenv #1#2{ - \expandafter\envdef\csname#1\endcsname {\setnormaldispenv #2} - \expandafter\envdef\csname small#1\endcsname {\setsmalldispenv #2} - \expandafter\let\csname E#1\endcsname \afterenvbreak - \expandafter\let\csname Esmall#1\endcsname \afterenvbreak -} - -% Define two synonyms: -\def\maketwodispenvs #1#2#3{ - \makedispenv{#1}{#3} - \makedispenv{#2}{#3} -} - -% @lisp: indented, narrowed, typewriter font; @example: same as @lisp. -% -% @smallexample and @smalllisp: use smaller fonts. -% Originally contributed by Pavel@xerox. -% -\maketwodispenvs {lisp}{example}{% - \nonfillstart - \tt\quoteexpand - \let\kbdfont = \kbdexamplefont % Allow @kbd to do something special. - \gobble % eat return -} -% @display/@smalldisplay: same as @lisp except keep current font. -% -\makedispenv {display}{% - \nonfillstart - \gobble -} - -% @format/@smallformat: same as @display except don't narrow margins. -% -\makedispenv{format}{% - \let\nonarrowing = t% - \nonfillstart - \gobble -} - -% @flushleft: same as @format, but doesn't obey \SETdispenvsize. -\envdef\flushleft{% - \let\nonarrowing = t% - \nonfillstart - \gobble -} -\let\Eflushleft = \afterenvbreak - -% @flushright. -% -\envdef\flushright{% - \let\nonarrowing = t% - \nonfillstart - \advance\leftskip by 0pt plus 1fill - \gobble -} -\let\Eflushright = \afterenvbreak - - -% @quotation does normal linebreaking (hence we can't use \nonfillstart) -% and narrows the margins. We keep \parskip nonzero in general, since -% we're doing normal filling. So, when using \aboveenvbreak and -% \afterenvbreak, temporarily make \parskip 0. -% -\envdef\quotation{% - {\parskip=0pt \aboveenvbreak}% because \aboveenvbreak inserts \parskip - \parindent=0pt - % - % @cartouche defines \nonarrowing to inhibit narrowing at next level down. - \ifx\nonarrowing\relax - \advance\leftskip by \lispnarrowing - \advance\rightskip by \lispnarrowing - \exdentamount = \lispnarrowing - \else - \let\nonarrowing = \relax - \fi - \parsearg\quotationlabel -} - -% We have retained a nonzero parskip for the environment, since we're -% doing normal filling. -% -\def\Equotation{% - \par - \ifx\quotationauthor\undefined\else - % indent a bit. - \leftline{\kern 2\leftskip \sl ---\quotationauthor}% - \fi - {\parskip=0pt \afterenvbreak}% -} - -% If we're given an argument, typeset it in bold with a colon after. -\def\quotationlabel#1{% - \def\temp{#1}% - \ifx\temp\empty \else - {\bf #1: }% - \fi -} - - -% LaTeX-like @verbatim...@end verbatim and @verb{...} -% If we want to allow any as delimiter, -% we need the curly braces so that makeinfo sees the @verb command, eg: -% `@verbx...x' would look like the '@verbx' command. --janneke@gnu.org -% -% [Knuth]: Donald Ervin Knuth, 1996. The TeXbook. -% -% [Knuth] p.344; only we need to do the other characters Texinfo sets -% active too. Otherwise, they get lost as the first character on a -% verbatim line. -\def\dospecials{% - \do\ \do\\\do\{\do\}\do\$\do\&% - \do\#\do\^\do\^^K\do\_\do\^^A\do\%\do\~% - \do\<\do\>\do\|\do\@\do+\do\"% -} -% -% [Knuth] p. 380 -\def\uncatcodespecials{% - \def\do##1{\catcode`##1=\other}\dospecials} -% -% [Knuth] pp. 380,381,391 -% Disable Spanish ligatures ?` and !` of \tt font -\begingroup - \catcode`\`=\active\gdef`{\relax\lq} -\endgroup -% -% Setup for the @verb command. -% -% Eight spaces for a tab -\begingroup - \catcode`\^^I=\active - \gdef\tabeightspaces{\catcode`\^^I=\active\def^^I{\ \ \ \ \ \ \ \ }} -\endgroup -% -\def\setupverb{% - \tt % easiest (and conventionally used) font for verbatim - \def\par{\leavevmode\endgraf}% - \catcode`\`=\active - \tabeightspaces - % Respect line breaks, - % print special symbols as themselves, and - % make each space count - % must do in this order: - \obeylines \uncatcodespecials \sepspaces -} - -% Setup for the @verbatim environment -% -% Real tab expansion -\newdimen\tabw \setbox0=\hbox{\tt\space} \tabw=8\wd0 % tab amount -% -\def\starttabbox{\setbox0=\hbox\bgroup} - -% Allow an option to not replace quotes with a regular directed right -% quote/apostrophe (char 0x27), but instead use the undirected quote -% from cmtt (char 0x0d). The undirected quote is ugly, so don't make it -% the default, but it works for pasting with more pdf viewers (at least -% evince), the lilypond developers report. xpdf does work with the -% regular 0x27. -% -\def\codequoteright{% - \expandafter\ifx\csname SETcodequoteundirected\endcsname\relax - '% - \else - \char'15 - \fi -} -% -% and a similar option for the left quote char vs. a grave accent. -% Modern fonts display ASCII 0x60 as a grave accent, so some people like -% the code environments to do likewise. -% -\def\codequoteleft{% - \expandafter\ifx\csname SETcodequotebacktick\endcsname\relax - `% - \else - \char'22 - \fi -} -% -\begingroup - \catcode`\^^I=\active - \gdef\tabexpand{% - \catcode`\^^I=\active - \def^^I{\leavevmode\egroup - \dimen0=\wd0 % the width so far, or since the previous tab - \divide\dimen0 by\tabw - \multiply\dimen0 by\tabw % compute previous multiple of \tabw - \advance\dimen0 by\tabw % advance to next multiple of \tabw - \wd0=\dimen0 \box0 \starttabbox - }% - } - \catcode`\'=\active - \gdef\rquoteexpand{\catcode\rquoteChar=\active \def'{\codequoteright}}% - % - \catcode`\`=\active - \gdef\lquoteexpand{\catcode\lquoteChar=\active \def`{\codequoteleft}}% - % - \gdef\quoteexpand{\rquoteexpand \lquoteexpand}% -\endgroup - -% start the verbatim environment. -\def\setupverbatim{% - \let\nonarrowing = t% - \nonfillstart - % Easiest (and conventionally used) font for verbatim - \tt - \def\par{\leavevmode\egroup\box0\endgraf}% - \catcode`\`=\active - \tabexpand - \quoteexpand - % Respect line breaks, - % print special symbols as themselves, and - % make each space count - % must do in this order: - \obeylines \uncatcodespecials \sepspaces - \everypar{\starttabbox}% -} - -% Do the @verb magic: verbatim text is quoted by unique -% delimiter characters. Before first delimiter expect a -% right brace, after last delimiter expect closing brace: -% -% \def\doverb'{'#1'}'{#1} -% -% [Knuth] p. 382; only eat outer {} -\begingroup - \catcode`[=1\catcode`]=2\catcode`\{=\other\catcode`\}=\other - \gdef\doverb{#1[\def\next##1#1}[##1\endgroup]\next] -\endgroup -% -\def\verb{\begingroup\setupverb\doverb} -% -% -% Do the @verbatim magic: define the macro \doverbatim so that -% the (first) argument ends when '@end verbatim' is reached, ie: -% -% \def\doverbatim#1@end verbatim{#1} -% -% For Texinfo it's a lot easier than for LaTeX, -% because texinfo's \verbatim doesn't stop at '\end{verbatim}': -% we need not redefine '\', '{' and '}'. -% -% Inspired by LaTeX's verbatim command set [latex.ltx] -% -\begingroup - \catcode`\ =\active - \obeylines % - % ignore everything up to the first ^^M, that's the newline at the end - % of the @verbatim input line itself. Otherwise we get an extra blank - % line in the output. - \xdef\doverbatim#1^^M#2@end verbatim{#2\noexpand\end\gobble verbatim}% - % We really want {...\end verbatim} in the body of the macro, but - % without the active space; thus we have to use \xdef and \gobble. -\endgroup -% -\envdef\verbatim{% - \setupverbatim\doverbatim -} -\let\Everbatim = \afterenvbreak - - -% @verbatiminclude FILE - insert text of file in verbatim environment. -% -\def\verbatiminclude{\parseargusing\filenamecatcodes\doverbatiminclude} -% -\def\doverbatiminclude#1{% - {% - \makevalueexpandable - \setupverbatim - \input #1 - \afterenvbreak - }% -} - -% @copying ... @end copying. -% Save the text away for @insertcopying later. -% -% We save the uninterpreted tokens, rather than creating a box. -% Saving the text in a box would be much easier, but then all the -% typesetting commands (@smallbook, font changes, etc.) have to be done -% beforehand -- and a) we want @copying to be done first in the source -% file; b) letting users define the frontmatter in as flexible order as -% possible is very desirable. -% -\def\copying{\checkenv{}\begingroup\scanargctxt\docopying} -\def\docopying#1@end copying{\endgroup\def\copyingtext{#1}} -% -\def\insertcopying{% - \begingroup - \parindent = 0pt % paragraph indentation looks wrong on title page - \scanexp\copyingtext - \endgroup -} - - -\message{defuns,} -% @defun etc. - -\newskip\defbodyindent \defbodyindent=.4in -\newskip\defargsindent \defargsindent=50pt -\newskip\deflastargmargin \deflastargmargin=18pt -\newcount\defunpenalty - -% Start the processing of @deffn: -\def\startdefun{% - \ifnum\lastpenalty<10000 - \medbreak - \defunpenalty=10003 % Will keep this @deffn together with the - % following @def command, see below. - \else - % If there are two @def commands in a row, we'll have a \nobreak, - % which is there to keep the function description together with its - % header. But if there's nothing but headers, we need to allow a - % break somewhere. Check specifically for penalty 10002, inserted - % by \printdefunline, instead of 10000, since the sectioning - % commands also insert a nobreak penalty, and we don't want to allow - % a break between a section heading and a defun. - % - % As a minor refinement, we avoid "club" headers by signalling - % with penalty of 10003 after the very first @deffn in the - % sequence (see above), and penalty of 10002 after any following - % @def command. - \ifnum\lastpenalty=10002 \penalty2000 \else \defunpenalty=10002 \fi - % - % Similarly, after a section heading, do not allow a break. - % But do insert the glue. - \medskip % preceded by discardable penalty, so not a breakpoint - \fi - % - \parindent=0in - \advance\leftskip by \defbodyindent - \exdentamount=\defbodyindent -} - -\def\dodefunx#1{% - % First, check whether we are in the right environment: - \checkenv#1% - % - % As above, allow line break if we have multiple x headers in a row. - % It's not a great place, though. - \ifnum\lastpenalty=10002 \penalty3000 \else \defunpenalty=10002 \fi - % - % And now, it's time to reuse the body of the original defun: - \expandafter\gobbledefun#1% -} -\def\gobbledefun#1\startdefun{} - -% \printdefunline \deffnheader{text} -% -\def\printdefunline#1#2{% - \begingroup - % call \deffnheader: - #1#2 \endheader - % common ending: - \interlinepenalty = 10000 - \advance\rightskip by 0pt plus 1fil - \endgraf - \nobreak\vskip -\parskip - \penalty\defunpenalty % signal to \startdefun and \dodefunx - % Some of the @defun-type tags do not enable magic parentheses, - % rendering the following check redundant. But we don't optimize. - \checkparencounts - \endgroup -} - -\def\Edefun{\endgraf\medbreak} - -% \makedefun{deffn} creates \deffn, \deffnx and \Edeffn; -% the only thing remainnig is to define \deffnheader. -% -\def\makedefun#1{% - \expandafter\let\csname E#1\endcsname = \Edefun - \edef\temp{\noexpand\domakedefun - \makecsname{#1}\makecsname{#1x}\makecsname{#1header}}% - \temp -} - -% \domakedefun \deffn \deffnx \deffnheader -% -% Define \deffn and \deffnx, without parameters. -% \deffnheader has to be defined explicitly. -% -\def\domakedefun#1#2#3{% - \envdef#1{% - \startdefun - \parseargusing\activeparens{\printdefunline#3}% - }% - \def#2{\dodefunx#1}% - \def#3% -} - -%%% Untyped functions: - -% @deffn category name args -\makedefun{deffn}{\deffngeneral{}} - -% @deffn category class name args -\makedefun{defop}#1 {\defopon{#1\ \putwordon}} - -% \defopon {category on}class name args -\def\defopon#1#2 {\deffngeneral{\putwordon\ \code{#2}}{#1\ \code{#2}} } - -% \deffngeneral {subind}category name args -% -\def\deffngeneral#1#2 #3 #4\endheader{% - % Remember that \dosubind{fn}{foo}{} is equivalent to \doind{fn}{foo}. - \dosubind{fn}{\code{#3}}{#1}% - \defname{#2}{}{#3}\magicamp\defunargs{#4\unskip}% -} - -%%% Typed functions: - -% @deftypefn category type name args -\makedefun{deftypefn}{\deftypefngeneral{}} - -% @deftypeop category class type name args -\makedefun{deftypeop}#1 {\deftypeopon{#1\ \putwordon}} - -% \deftypeopon {category on}class type name args -\def\deftypeopon#1#2 {\deftypefngeneral{\putwordon\ \code{#2}}{#1\ \code{#2}} } - -% \deftypefngeneral {subind}category type name args -% -\def\deftypefngeneral#1#2 #3 #4 #5\endheader{% - \dosubind{fn}{\code{#4}}{#1}% - \defname{#2}{#3}{#4}\defunargs{#5\unskip}% -} - -%%% Typed variables: - -% @deftypevr category type var args -\makedefun{deftypevr}{\deftypecvgeneral{}} - -% @deftypecv category class type var args -\makedefun{deftypecv}#1 {\deftypecvof{#1\ \putwordof}} - -% \deftypecvof {category of}class type var args -\def\deftypecvof#1#2 {\deftypecvgeneral{\putwordof\ \code{#2}}{#1\ \code{#2}} } - -% \deftypecvgeneral {subind}category type var args -% -\def\deftypecvgeneral#1#2 #3 #4 #5\endheader{% - \dosubind{vr}{\code{#4}}{#1}% - \defname{#2}{#3}{#4}\defunargs{#5\unskip}% -} - -%%% Untyped variables: - -% @defvr category var args -\makedefun{defvr}#1 {\deftypevrheader{#1} {} } - -% @defcv category class var args -\makedefun{defcv}#1 {\defcvof{#1\ \putwordof}} - -% \defcvof {category of}class var args -\def\defcvof#1#2 {\deftypecvof{#1}#2 {} } - -%%% Type: -% @deftp category name args -\makedefun{deftp}#1 #2 #3\endheader{% - \doind{tp}{\code{#2}}% - \defname{#1}{}{#2}\defunargs{#3\unskip}% -} - -% Remaining @defun-like shortcuts: -\makedefun{defun}{\deffnheader{\putwordDeffunc} } -\makedefun{defmac}{\deffnheader{\putwordDefmac} } -\makedefun{defspec}{\deffnheader{\putwordDefspec} } -\makedefun{deftypefun}{\deftypefnheader{\putwordDeffunc} } -\makedefun{defvar}{\defvrheader{\putwordDefvar} } -\makedefun{defopt}{\defvrheader{\putwordDefopt} } -\makedefun{deftypevar}{\deftypevrheader{\putwordDefvar} } -\makedefun{defmethod}{\defopon\putwordMethodon} -\makedefun{deftypemethod}{\deftypeopon\putwordMethodon} -\makedefun{defivar}{\defcvof\putwordInstanceVariableof} -\makedefun{deftypeivar}{\deftypecvof\putwordInstanceVariableof} - -% \defname, which formats the name of the @def (not the args). -% #1 is the category, such as "Function". -% #2 is the return type, if any. -% #3 is the function name. -% -% We are followed by (but not passed) the arguments, if any. -% -\def\defname#1#2#3{% - % Get the values of \leftskip and \rightskip as they were outside the @def... - \advance\leftskip by -\defbodyindent - % - % How we'll format the type name. Putting it in brackets helps - % distinguish it from the body text that may end up on the next line - % just below it. - \def\temp{#1}% - \setbox0=\hbox{\kern\deflastargmargin \ifx\temp\empty\else [\rm\temp]\fi} - % - % Figure out line sizes for the paragraph shape. - % The first line needs space for \box0; but if \rightskip is nonzero, - % we need only space for the part of \box0 which exceeds it: - \dimen0=\hsize \advance\dimen0 by -\wd0 \advance\dimen0 by \rightskip - % The continuations: - \dimen2=\hsize \advance\dimen2 by -\defargsindent - % (plain.tex says that \dimen1 should be used only as global.) - \parshape 2 0in \dimen0 \defargsindent \dimen2 - % - % Put the type name to the right margin. - \noindent - \hbox to 0pt{% - \hfil\box0 \kern-\hsize - % \hsize has to be shortened this way: - \kern\leftskip - % Intentionally do not respect \rightskip, since we need the space. - }% - % - % Allow all lines to be underfull without complaint: - \tolerance=10000 \hbadness=10000 - \exdentamount=\defbodyindent - {% - % defun fonts. We use typewriter by default (used to be bold) because: - % . we're printing identifiers, they should be in tt in principle. - % . in languages with many accents, such as Czech or French, it's - % common to leave accents off identifiers. The result looks ok in - % tt, but exceedingly strange in rm. - % . we don't want -- and --- to be treated as ligatures. - % . this still does not fix the ?` and !` ligatures, but so far no - % one has made identifiers using them :). - \df \tt - \def\temp{#2}% return value type - \ifx\temp\empty\else \tclose{\temp} \fi - #3% output function name - }% - {\rm\enskip}% hskip 0.5 em of \tenrm - % - \boldbrax - % arguments will be output next, if any. -} - -% Print arguments in slanted roman (not ttsl), inconsistently with using -% tt for the name. This is because literal text is sometimes needed in -% the argument list (groff manual), and ttsl and tt are not very -% distinguishable. Prevent hyphenation at `-' chars. -% -\def\defunargs#1{% - % use sl by default (not ttsl), - % tt for the names. - \df \sl \hyphenchar\font=0 - % - % On the other hand, if an argument has two dashes (for instance), we - % want a way to get ttsl. Let's try @var for that. - \let\var=\ttslanted - #1% - \sl\hyphenchar\font=45 -} - -% We want ()&[] to print specially on the defun line. -% -\def\activeparens{% - \catcode`\(=\active \catcode`\)=\active - \catcode`\[=\active \catcode`\]=\active - \catcode`\&=\active -} - -% Make control sequences which act like normal parenthesis chars. -\let\lparen = ( \let\rparen = ) - -% Be sure that we always have a definition for `(', etc. For example, -% if the fn name has parens in it, \boldbrax will not be in effect yet, -% so TeX would otherwise complain about undefined control sequence. -{ - \activeparens - \global\let(=\lparen \global\let)=\rparen - \global\let[=\lbrack \global\let]=\rbrack - \global\let& = \& - - \gdef\boldbrax{\let(=\opnr\let)=\clnr\let[=\lbrb\let]=\rbrb} - \gdef\magicamp{\let&=\amprm} -} - -\newcount\parencount - -% If we encounter &foo, then turn on ()-hacking afterwards -\newif\ifampseen -\def\amprm#1 {\ampseentrue{\bf\ }} - -\def\parenfont{% - \ifampseen - % At the first level, print parens in roman, - % otherwise use the default font. - \ifnum \parencount=1 \rm \fi - \else - % The \sf parens (in \boldbrax) actually are a little bolder than - % the contained text. This is especially needed for [ and ] . - \sf - \fi -} -\def\infirstlevel#1{% - \ifampseen - \ifnum\parencount=1 - #1% - \fi - \fi -} -\def\bfafterword#1 {#1 \bf} - -\def\opnr{% - \global\advance\parencount by 1 - {\parenfont(}% - \infirstlevel \bfafterword -} -\def\clnr{% - {\parenfont)}% - \infirstlevel \sl - \global\advance\parencount by -1 -} - -\newcount\brackcount -\def\lbrb{% - \global\advance\brackcount by 1 - {\bf[}% -} -\def\rbrb{% - {\bf]}% - \global\advance\brackcount by -1 -} - -\def\checkparencounts{% - \ifnum\parencount=0 \else \badparencount \fi - \ifnum\brackcount=0 \else \badbrackcount \fi -} -\def\badparencount{% - \errmessage{Unbalanced parentheses in @def}% - \global\parencount=0 -} -\def\badbrackcount{% - \errmessage{Unbalanced square braces in @def}% - \global\brackcount=0 -} - - -\message{macros,} -% @macro. - -% To do this right we need a feature of e-TeX, \scantokens, -% which we arrange to emulate with a temporary file in ordinary TeX. -\ifx\eTeXversion\undefined - \newwrite\macscribble - \def\scantokens#1{% - \toks0={#1}% - \immediate\openout\macscribble=\jobname.tmp - \immediate\write\macscribble{\the\toks0}% - \immediate\closeout\macscribble - \input \jobname.tmp - } -\fi - -\def\scanmacro#1{% - \begingroup - \newlinechar`\^^M - \let\xeatspaces\eatspaces - % Undo catcode changes of \startcontents and \doprintindex - % When called from @insertcopying or (short)caption, we need active - % backslash to get it printed correctly. Previously, we had - % \catcode`\\=\other instead. We'll see whether a problem appears - % with macro expansion. --kasal, 19aug04 - \catcode`\@=0 \catcode`\\=\active \escapechar=`\@ - % ... and \example - \spaceisspace - % - % Append \endinput to make sure that TeX does not see the ending newline. - % I've verified that it is necessary both for e-TeX and for ordinary TeX - % --kasal, 29nov03 - \scantokens{#1\endinput}% - \endgroup -} - -\def\scanexp#1{% - \edef\temp{\noexpand\scanmacro{#1}}% - \temp -} - -\newcount\paramno % Count of parameters -\newtoks\macname % Macro name -\newif\ifrecursive % Is it recursive? - -% List of all defined macros in the form -% \definedummyword\macro1\definedummyword\macro2... -% Currently is also contains all @aliases; the list can be split -% if there is a need. -\def\macrolist{} - -% Add the macro to \macrolist -\def\addtomacrolist#1{\expandafter \addtomacrolistxxx \csname#1\endcsname} -\def\addtomacrolistxxx#1{% - \toks0 = \expandafter{\macrolist\definedummyword#1}% - \xdef\macrolist{\the\toks0}% -} - -% Utility routines. -% This does \let #1 = #2, with \csnames; that is, -% \let \csname#1\endcsname = \csname#2\endcsname -% (except of course we have to play expansion games). -% -\def\cslet#1#2{% - \expandafter\let - \csname#1\expandafter\endcsname - \csname#2\endcsname -} - -% Trim leading and trailing spaces off a string. -% Concepts from aro-bend problem 15 (see CTAN). -{\catcode`\@=11 -\gdef\eatspaces #1{\expandafter\trim@\expandafter{#1 }} -\gdef\trim@ #1{\trim@@ @#1 @ #1 @ @@} -\gdef\trim@@ #1@ #2@ #3@@{\trim@@@\empty #2 @} -\def\unbrace#1{#1} -\unbrace{\gdef\trim@@@ #1 } #2@{#1} -} - -% Trim a single trailing ^^M off a string. -{\catcode`\^^M=\other \catcode`\Q=3% -\gdef\eatcr #1{\eatcra #1Q^^MQ}% -\gdef\eatcra#1^^MQ{\eatcrb#1Q}% -\gdef\eatcrb#1Q#2Q{#1}% -} - -% Macro bodies are absorbed as an argument in a context where -% all characters are catcode 10, 11 or 12, except \ which is active -% (as in normal texinfo). It is necessary to change the definition of \. - -% It's necessary to have hard CRs when the macro is executed. This is -% done by making ^^M (\endlinechar) catcode 12 when reading the macro -% body, and then making it the \newlinechar in \scanmacro. - -\def\scanctxt{% - \catcode`\"=\other - \catcode`\+=\other - \catcode`\<=\other - \catcode`\>=\other - \catcode`\@=\other - \catcode`\^=\other - \catcode`\_=\other - \catcode`\|=\other - \catcode`\~=\other -} - -\def\scanargctxt{% - \scanctxt - \catcode`\\=\other - \catcode`\^^M=\other -} - -\def\macrobodyctxt{% - \scanctxt - \catcode`\{=\other - \catcode`\}=\other - \catcode`\^^M=\other - \usembodybackslash -} - -\def\macroargctxt{% - \scanctxt - \catcode`\\=\other -} - -% \mbodybackslash is the definition of \ in @macro bodies. -% It maps \foo\ => \csname macarg.foo\endcsname => #N -% where N is the macro parameter number. -% We define \csname macarg.\endcsname to be \realbackslash, so -% \\ in macro replacement text gets you a backslash. - -{\catcode`@=0 @catcode`@\=@active - @gdef@usembodybackslash{@let\=@mbodybackslash} - @gdef@mbodybackslash#1\{@csname macarg.#1@endcsname} -} -\expandafter\def\csname macarg.\endcsname{\realbackslash} - -\def\macro{\recursivefalse\parsearg\macroxxx} -\def\rmacro{\recursivetrue\parsearg\macroxxx} - -\def\macroxxx#1{% - \getargs{#1}% now \macname is the macname and \argl the arglist - \ifx\argl\empty % no arguments - \paramno=0% - \else - \expandafter\parsemargdef \argl;% - \fi - \if1\csname ismacro.\the\macname\endcsname - \message{Warning: redefining \the\macname}% - \else - \expandafter\ifx\csname \the\macname\endcsname \relax - \else \errmessage{Macro name \the\macname\space already defined}\fi - \global\cslet{macsave.\the\macname}{\the\macname}% - \global\expandafter\let\csname ismacro.\the\macname\endcsname=1% - \addtomacrolist{\the\macname}% - \fi - \begingroup \macrobodyctxt - \ifrecursive \expandafter\parsermacbody - \else \expandafter\parsemacbody - \fi} - -\parseargdef\unmacro{% - \if1\csname ismacro.#1\endcsname - \global\cslet{#1}{macsave.#1}% - \global\expandafter\let \csname ismacro.#1\endcsname=0% - % Remove the macro name from \macrolist: - \begingroup - \expandafter\let\csname#1\endcsname \relax - \let\definedummyword\unmacrodo - \xdef\macrolist{\macrolist}% - \endgroup - \else - \errmessage{Macro #1 not defined}% - \fi -} - -% Called by \do from \dounmacro on each macro. The idea is to omit any -% macro definitions that have been changed to \relax. -% -\def\unmacrodo#1{% - \ifx #1\relax - % remove this - \else - \noexpand\definedummyword \noexpand#1% - \fi -} - -% This makes use of the obscure feature that if the last token of a -% is #, then the preceding argument is delimited by -% an opening brace, and that opening brace is not consumed. -\def\getargs#1{\getargsxxx#1{}} -\def\getargsxxx#1#{\getmacname #1 \relax\getmacargs} -\def\getmacname #1 #2\relax{\macname={#1}} -\def\getmacargs#1{\def\argl{#1}} - -% Parse the optional {params} list. Set up \paramno and \paramlist -% so \defmacro knows what to do. Define \macarg.blah for each blah -% in the params list, to be ##N where N is the position in that list. -% That gets used by \mbodybackslash (above). - -% We need to get `macro parameter char #' into several definitions. -% The technique used is stolen from LaTeX: let \hash be something -% unexpandable, insert that wherever you need a #, and then redefine -% it to # just before using the token list produced. -% -% The same technique is used to protect \eatspaces till just before -% the macro is used. - -\def\parsemargdef#1;{\paramno=0\def\paramlist{}% - \let\hash\relax\let\xeatspaces\relax\parsemargdefxxx#1,;,} -\def\parsemargdefxxx#1,{% - \if#1;\let\next=\relax - \else \let\next=\parsemargdefxxx - \advance\paramno by 1% - \expandafter\edef\csname macarg.\eatspaces{#1}\endcsname - {\xeatspaces{\hash\the\paramno}}% - \edef\paramlist{\paramlist\hash\the\paramno,}% - \fi\next} - -% These two commands read recursive and nonrecursive macro bodies. -% (They're different since rec and nonrec macros end differently.) - -\long\def\parsemacbody#1@end macro% -{\xdef\temp{\eatcr{#1}}\endgroup\defmacro}% -\long\def\parsermacbody#1@end rmacro% -{\xdef\temp{\eatcr{#1}}\endgroup\defmacro}% - -% This defines the macro itself. There are six cases: recursive and -% nonrecursive macros of zero, one, and many arguments. -% Much magic with \expandafter here. -% \xdef is used so that macro definitions will survive the file -% they're defined in; @include reads the file inside a group. -\def\defmacro{% - \let\hash=##% convert placeholders to macro parameter chars - \ifrecursive - \ifcase\paramno - % 0 - \expandafter\xdef\csname\the\macname\endcsname{% - \noexpand\scanmacro{\temp}}% - \or % 1 - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\braceorline - \expandafter\noexpand\csname\the\macname xxx\endcsname}% - \expandafter\xdef\csname\the\macname xxx\endcsname##1{% - \egroup\noexpand\scanmacro{\temp}}% - \else % many - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\csname\the\macname xx\endcsname}% - \expandafter\xdef\csname\the\macname xx\endcsname##1{% - \expandafter\noexpand\csname\the\macname xxx\endcsname ##1,}% - \expandafter\expandafter - \expandafter\xdef - \expandafter\expandafter - \csname\the\macname xxx\endcsname - \paramlist{\egroup\noexpand\scanmacro{\temp}}% - \fi - \else - \ifcase\paramno - % 0 - \expandafter\xdef\csname\the\macname\endcsname{% - \noexpand\norecurse{\the\macname}% - \noexpand\scanmacro{\temp}\egroup}% - \or % 1 - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\braceorline - \expandafter\noexpand\csname\the\macname xxx\endcsname}% - \expandafter\xdef\csname\the\macname xxx\endcsname##1{% - \egroup - \noexpand\norecurse{\the\macname}% - \noexpand\scanmacro{\temp}\egroup}% - \else % many - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \expandafter\noexpand\csname\the\macname xx\endcsname}% - \expandafter\xdef\csname\the\macname xx\endcsname##1{% - \expandafter\noexpand\csname\the\macname xxx\endcsname ##1,}% - \expandafter\expandafter - \expandafter\xdef - \expandafter\expandafter - \csname\the\macname xxx\endcsname - \paramlist{% - \egroup - \noexpand\norecurse{\the\macname}% - \noexpand\scanmacro{\temp}\egroup}% - \fi - \fi} - -\def\norecurse#1{\bgroup\cslet{#1}{macsave.#1}} - -% \braceorline decides whether the next nonwhitespace character is a -% {. If so it reads up to the closing }, if not, it reads the whole -% line. Whatever was read is then fed to the next control sequence -% as an argument (by \parsebrace or \parsearg) -\def\braceorline#1{\let\macnamexxx=#1\futurelet\nchar\braceorlinexxx} -\def\braceorlinexxx{% - \ifx\nchar\bgroup\else - \expandafter\parsearg - \fi \macnamexxx} - - -% @alias. -% We need some trickery to remove the optional spaces around the equal -% sign. Just make them active and then expand them all to nothing. -\def\alias{\parseargusing\obeyspaces\aliasxxx} -\def\aliasxxx #1{\aliasyyy#1\relax} -\def\aliasyyy #1=#2\relax{% - {% - \expandafter\let\obeyedspace=\empty - \addtomacrolist{#1}% - \xdef\next{\global\let\makecsname{#1}=\makecsname{#2}}% - }% - \next -} - - -\message{cross references,} - -\newwrite\auxfile -\newif\ifhavexrefs % True if xref values are known. -\newif\ifwarnedxrefs % True if we warned once that they aren't known. - -% @inforef is relatively simple. -\def\inforef #1{\inforefzzz #1,,,,**} -\def\inforefzzz #1,#2,#3,#4**{\putwordSee{} \putwordInfo{} \putwordfile{} \file{\ignorespaces #3{}}, - node \samp{\ignorespaces#1{}}} - -% @node's only job in TeX is to define \lastnode, which is used in -% cross-references. The @node line might or might not have commas, and -% might or might not have spaces before the first comma, like: -% @node foo , bar , ... -% We don't want such trailing spaces in the node name. -% -\parseargdef\node{\checkenv{}\donode #1 ,\finishnodeparse} -% -% also remove a trailing comma, in case of something like this: -% @node Help-Cross, , , Cross-refs -\def\donode#1 ,#2\finishnodeparse{\dodonode #1,\finishnodeparse} -\def\dodonode#1,#2\finishnodeparse{\gdef\lastnode{#1}} - -\let\nwnode=\node -\let\lastnode=\empty - -% Write a cross-reference definition for the current node. #1 is the -% type (Ynumbered, Yappendix, Ynothing). -% -\def\donoderef#1{% - \ifx\lastnode\empty\else - \setref{\lastnode}{#1}% - \global\let\lastnode=\empty - \fi -} - -% @anchor{NAME} -- define xref target at arbitrary point. -% -\newcount\savesfregister -% -\def\savesf{\relax \ifhmode \savesfregister=\spacefactor \fi} -\def\restoresf{\relax \ifhmode \spacefactor=\savesfregister \fi} -\def\anchor#1{\savesf \setref{#1}{Ynothing}\restoresf \ignorespaces} - -% \setref{NAME}{SNT} defines a cross-reference point NAME (a node or an -% anchor), which consists of three parts: -% 1) NAME-title - the current sectioning name taken from \thissection, -% or the anchor name. -% 2) NAME-snt - section number and type, passed as the SNT arg, or -% empty for anchors. -% 3) NAME-pg - the page number. -% -% This is called from \donoderef, \anchor, and \dofloat. In the case of -% floats, there is an additional part, which is not written here: -% 4) NAME-lof - the text as it should appear in a @listoffloats. -% -\def\setref#1#2{% - \pdfmkdest{#1}% - \iflinks - {% - \atdummies % preserve commands, but don't expand them - \edef\writexrdef##1##2{% - \write\auxfile{@xrdef{#1-% #1 of \setref, expanded by the \edef - ##1}{##2}}% these are parameters of \writexrdef - }% - \toks0 = \expandafter{\thissection}% - \immediate \writexrdef{title}{\the\toks0 }% - \immediate \writexrdef{snt}{\csname #2\endcsname}% \Ynumbered etc. - \safewhatsit{\writexrdef{pg}{\folio}}% will be written later, during \shipout - }% - \fi -} - -% @xref, @pxref, and @ref generate cross-references. For \xrefX, #1 is -% the node name, #2 the name of the Info cross-reference, #3 the printed -% node name, #4 the name of the Info file, #5 the name of the printed -% manual. All but the node name can be omitted. -% -\def\pxref#1{\putwordsee{} \xrefX[#1,,,,,,,]} -\def\xref#1{\putwordSee{} \xrefX[#1,,,,,,,]} -\def\ref#1{\xrefX[#1,,,,,,,]} -\def\xrefX[#1,#2,#3,#4,#5,#6]{\begingroup - \unsepspaces - \def\printedmanual{\ignorespaces #5}% - \def\printedrefname{\ignorespaces #3}% - \setbox1=\hbox{\printedmanual\unskip}% - \setbox0=\hbox{\printedrefname\unskip}% - \ifdim \wd0 = 0pt - % No printed node name was explicitly given. - \expandafter\ifx\csname SETxref-automatic-section-title\endcsname\relax - % Use the node name inside the square brackets. - \def\printedrefname{\ignorespaces #1}% - \else - % Use the actual chapter/section title appear inside - % the square brackets. Use the real section title if we have it. - \ifdim \wd1 > 0pt - % It is in another manual, so we don't have it. - \def\printedrefname{\ignorespaces #1}% - \else - \ifhavexrefs - % We know the real title if we have the xref values. - \def\printedrefname{\refx{#1-title}{}}% - \else - % Otherwise just copy the Info node name. - \def\printedrefname{\ignorespaces #1}% - \fi% - \fi - \fi - \fi - % - % Make link in pdf output. - \ifpdf - \leavevmode - \getfilename{#4}% - {\indexnofonts - \turnoffactive - % See comments at \activebackslashdouble. - {\activebackslashdouble \xdef\pdfxrefdest{#1}% - \backslashparens\pdfxrefdest}% - % - \ifnum\filenamelength>0 - \startlink attr{/Border [0 0 0]}% - goto file{\the\filename.pdf} name{\pdfxrefdest}% - \else - \startlink attr{/Border [0 0 0]}% - goto name{\pdfmkpgn{\pdfxrefdest}}% - \fi - }% - \linkcolor - \fi - % - % Float references are printed completely differently: "Figure 1.2" - % instead of "[somenode], p.3". We distinguish them by the - % LABEL-title being set to a magic string. - {% - % Have to otherify everything special to allow the \csname to - % include an _ in the xref name, etc. - \indexnofonts - \turnoffactive - \expandafter\global\expandafter\let\expandafter\Xthisreftitle - \csname XR#1-title\endcsname - }% - \iffloat\Xthisreftitle - % If the user specified the print name (third arg) to the ref, - % print it instead of our usual "Figure 1.2". - \ifdim\wd0 = 0pt - \refx{#1-snt}{}% - \else - \printedrefname - \fi - % - % if the user also gave the printed manual name (fifth arg), append - % "in MANUALNAME". - \ifdim \wd1 > 0pt - \space \putwordin{} \cite{\printedmanual}% - \fi - \else - % node/anchor (non-float) references. - % - % If we use \unhbox0 and \unhbox1 to print the node names, TeX does not - % insert empty discretionaries after hyphens, which means that it will - % not find a line break at a hyphen in a node names. Since some manuals - % are best written with fairly long node names, containing hyphens, this - % is a loss. Therefore, we give the text of the node name again, so it - % is as if TeX is seeing it for the first time. - \ifdim \wd1 > 0pt - \putwordsection{} ``\printedrefname'' \putwordin{} \cite{\printedmanual}% - \else - % _ (for example) has to be the character _ for the purposes of the - % control sequence corresponding to the node, but it has to expand - % into the usual \leavevmode...\vrule stuff for purposes of - % printing. So we \turnoffactive for the \refx-snt, back on for the - % printing, back off for the \refx-pg. - {\turnoffactive - % Only output a following space if the -snt ref is nonempty; for - % @unnumbered and @anchor, it won't be. - \setbox2 = \hbox{\ignorespaces \refx{#1-snt}{}}% - \ifdim \wd2 > 0pt \refx{#1-snt}\space\fi - }% - % output the `[mynode]' via a macro so it can be overridden. - \xrefprintnodename\printedrefname - % - % But we always want a comma and a space: - ,\space - % - % output the `page 3'. - \turnoffactive \putwordpage\tie\refx{#1-pg}{}% - \fi - \fi - \endlink -\endgroup} - -% This macro is called from \xrefX for the `[nodename]' part of xref -% output. It's a separate macro only so it can be changed more easily, -% since square brackets don't work well in some documents. Particularly -% one that Bob is working on :). -% -\def\xrefprintnodename#1{[#1]} - -% Things referred to by \setref. -% -\def\Ynothing{} -\def\Yomitfromtoc{} -\def\Ynumbered{% - \ifnum\secno=0 - \putwordChapter@tie \the\chapno - \else \ifnum\subsecno=0 - \putwordSection@tie \the\chapno.\the\secno - \else \ifnum\subsubsecno=0 - \putwordSection@tie \the\chapno.\the\secno.\the\subsecno - \else - \putwordSection@tie \the\chapno.\the\secno.\the\subsecno.\the\subsubsecno - \fi\fi\fi -} -\def\Yappendix{% - \ifnum\secno=0 - \putwordAppendix@tie @char\the\appendixno{}% - \else \ifnum\subsecno=0 - \putwordSection@tie @char\the\appendixno.\the\secno - \else \ifnum\subsubsecno=0 - \putwordSection@tie @char\the\appendixno.\the\secno.\the\subsecno - \else - \putwordSection@tie - @char\the\appendixno.\the\secno.\the\subsecno.\the\subsubsecno - \fi\fi\fi -} - -% Define \refx{NAME}{SUFFIX} to reference a cross-reference string named NAME. -% If its value is nonempty, SUFFIX is output afterward. -% -\def\refx#1#2{% - {% - \indexnofonts - \otherbackslash - \expandafter\global\expandafter\let\expandafter\thisrefX - \csname XR#1\endcsname - }% - \ifx\thisrefX\relax - % If not defined, say something at least. - \angleleft un\-de\-fined\angleright - \iflinks - \ifhavexrefs - \message{\linenumber Undefined cross reference `#1'.}% - \else - \ifwarnedxrefs\else - \global\warnedxrefstrue - \message{Cross reference values unknown; you must run TeX again.}% - \fi - \fi - \fi - \else - % It's defined, so just use it. - \thisrefX - \fi - #2% Output the suffix in any case. -} - -% This is the macro invoked by entries in the aux file. Usually it's -% just a \def (we prepend XR to the control sequence name to avoid -% collisions). But if this is a float type, we have more work to do. -% -\def\xrdef#1#2{% - {% The node name might contain 8-bit characters, which in our current - % implementation are changed to commands like @'e. Don't let these - % mess up the control sequence name. - \indexnofonts - \turnoffactive - \xdef\safexrefname{#1}% - }% - % - \expandafter\gdef\csname XR\safexrefname\endcsname{#2}% remember this xref - % - % Was that xref control sequence that we just defined for a float? - \expandafter\iffloat\csname XR\safexrefname\endcsname - % it was a float, and we have the (safe) float type in \iffloattype. - \expandafter\let\expandafter\floatlist - \csname floatlist\iffloattype\endcsname - % - % Is this the first time we've seen this float type? - \expandafter\ifx\floatlist\relax - \toks0 = {\do}% yes, so just \do - \else - % had it before, so preserve previous elements in list. - \toks0 = \expandafter{\floatlist\do}% - \fi - % - % Remember this xref in the control sequence \floatlistFLOATTYPE, - % for later use in \listoffloats. - \expandafter\xdef\csname floatlist\iffloattype\endcsname{\the\toks0 - {\safexrefname}}% - \fi -} - -% Read the last existing aux file, if any. No error if none exists. -% -\def\tryauxfile{% - \openin 1 \jobname.aux - \ifeof 1 \else - \readdatafile{aux}% - \global\havexrefstrue - \fi - \closein 1 -} - -\def\setupdatafile{% - \catcode`\^^@=\other - \catcode`\^^A=\other - \catcode`\^^B=\other - \catcode`\^^C=\other - \catcode`\^^D=\other - \catcode`\^^E=\other - \catcode`\^^F=\other - \catcode`\^^G=\other - \catcode`\^^H=\other - \catcode`\^^K=\other - \catcode`\^^L=\other - \catcode`\^^N=\other - \catcode`\^^P=\other - \catcode`\^^Q=\other - \catcode`\^^R=\other - \catcode`\^^S=\other - \catcode`\^^T=\other - \catcode`\^^U=\other - \catcode`\^^V=\other - \catcode`\^^W=\other - \catcode`\^^X=\other - \catcode`\^^Z=\other - \catcode`\^^[=\other - \catcode`\^^\=\other - \catcode`\^^]=\other - \catcode`\^^^=\other - \catcode`\^^_=\other - % It was suggested to set the catcode of ^ to 7, which would allow ^^e4 etc. - % in xref tags, i.e., node names. But since ^^e4 notation isn't - % supported in the main text, it doesn't seem desirable. Furthermore, - % that is not enough: for node names that actually contain a ^ - % character, we would end up writing a line like this: 'xrdef {'hat - % b-title}{'hat b} and \xrdef does a \csname...\endcsname on the first - % argument, and \hat is not an expandable control sequence. It could - % all be worked out, but why? Either we support ^^ or we don't. - % - % The other change necessary for this was to define \auxhat: - % \def\auxhat{\def^{'hat }}% extra space so ok if followed by letter - % and then to call \auxhat in \setq. - % - \catcode`\^=\other - % - % Special characters. Should be turned off anyway, but... - \catcode`\~=\other - \catcode`\[=\other - \catcode`\]=\other - \catcode`\"=\other - \catcode`\_=\other - \catcode`\|=\other - \catcode`\<=\other - \catcode`\>=\other - \catcode`\$=\other - \catcode`\#=\other - \catcode`\&=\other - \catcode`\%=\other - \catcode`+=\other % avoid \+ for paranoia even though we've turned it off - % - % This is to support \ in node names and titles, since the \ - % characters end up in a \csname. It's easier than - % leaving it active and making its active definition an actual \ - % character. What I don't understand is why it works in the *value* - % of the xrdef. Seems like it should be a catcode12 \, and that - % should not typeset properly. But it works, so I'm moving on for - % now. --karl, 15jan04. - \catcode`\\=\other - % - % Make the characters 128-255 be printing characters. - {% - \count1=128 - \def\loop{% - \catcode\count1=\other - \advance\count1 by 1 - \ifnum \count1<256 \loop \fi - }% - }% - % - % @ is our escape character in .aux files, and we need braces. - \catcode`\{=1 - \catcode`\}=2 - \catcode`\@=0 -} - -\def\readdatafile#1{% -\begingroup - \setupdatafile - \input\jobname.#1 -\endgroup} - - -\message{insertions,} -% including footnotes. - -\newcount \footnoteno - -% The trailing space in the following definition for supereject is -% vital for proper filling; pages come out unaligned when you do a -% pagealignmacro call if that space before the closing brace is -% removed. (Generally, numeric constants should always be followed by a -% space to prevent strange expansion errors.) -\def\supereject{\par\penalty -20000\footnoteno =0 } - -% @footnotestyle is meaningful for info output only. -\let\footnotestyle=\comment - -{\catcode `\@=11 -% -% Auto-number footnotes. Otherwise like plain. -\gdef\footnote{% - \let\indent=\ptexindent - \let\noindent=\ptexnoindent - \global\advance\footnoteno by \@ne - \edef\thisfootno{$^{\the\footnoteno}$}% - % - % In case the footnote comes at the end of a sentence, preserve the - % extra spacing after we do the footnote number. - \let\@sf\empty - \ifhmode\edef\@sf{\spacefactor\the\spacefactor}\ptexslash\fi - % - % Remove inadvertent blank space before typesetting the footnote number. - \unskip - \thisfootno\@sf - \dofootnote -}% - -% Don't bother with the trickery in plain.tex to not require the -% footnote text as a parameter. Our footnotes don't need to be so general. -% -% Oh yes, they do; otherwise, @ifset (and anything else that uses -% \parseargline) fails inside footnotes because the tokens are fixed when -% the footnote is read. --karl, 16nov96. -% -\gdef\dofootnote{% - \insert\footins\bgroup - % We want to typeset this text as a normal paragraph, even if the - % footnote reference occurs in (for example) a display environment. - % So reset some parameters. - \hsize=\pagewidth - \interlinepenalty\interfootnotelinepenalty - \splittopskip\ht\strutbox % top baseline for broken footnotes - \splitmaxdepth\dp\strutbox - \floatingpenalty\@MM - \leftskip\z@skip - \rightskip\z@skip - \spaceskip\z@skip - \xspaceskip\z@skip - \parindent\defaultparindent - % - \smallfonts \rm - % - % Because we use hanging indentation in footnotes, a @noindent appears - % to exdent this text, so make it be a no-op. makeinfo does not use - % hanging indentation so @noindent can still be needed within footnote - % text after an @example or the like (not that this is good style). - \let\noindent = \relax - % - % Hang the footnote text off the number. Use \everypar in case the - % footnote extends for more than one paragraph. - \everypar = {\hang}% - \textindent{\thisfootno}% - % - % Don't crash into the line above the footnote text. Since this - % expands into a box, it must come within the paragraph, lest it - % provide a place where TeX can split the footnote. - \footstrut - \futurelet\next\fo@t -} -}%end \catcode `\@=11 - -% In case a @footnote appears in a vbox, save the footnote text and create -% the real \insert just after the vbox finished. Otherwise, the insertion -% would be lost. -% Similarily, if a @footnote appears inside an alignment, save the footnote -% text to a box and make the \insert when a row of the table is finished. -% And the same can be done for other insert classes. --kasal, 16nov03. - -% Replace the \insert primitive by a cheating macro. -% Deeper inside, just make sure that the saved insertions are not spilled -% out prematurely. -% -\def\startsavinginserts{% - \ifx \insert\ptexinsert - \let\insert\saveinsert - \else - \let\checkinserts\relax - \fi -} - -% This \insert replacement works for both \insert\footins{foo} and -% \insert\footins\bgroup foo\egroup, but it doesn't work for \insert27{foo}. -% -\def\saveinsert#1{% - \edef\next{\noexpand\savetobox \makeSAVEname#1}% - \afterassignment\next - % swallow the left brace - \let\temp = -} -\def\makeSAVEname#1{\makecsname{SAVE\expandafter\gobble\string#1}} -\def\savetobox#1{\global\setbox#1 = \vbox\bgroup \unvbox#1} - -\def\checksaveins#1{\ifvoid#1\else \placesaveins#1\fi} - -\def\placesaveins#1{% - \ptexinsert \csname\expandafter\gobblesave\string#1\endcsname - {\box#1}% -} - -% eat @SAVE -- beware, all of them have catcode \other: -{ - \def\dospecials{\do S\do A\do V\do E} \uncatcodespecials % ;-) - \gdef\gobblesave @SAVE{} -} - -% initialization: -\def\newsaveins #1{% - \edef\next{\noexpand\newsaveinsX \makeSAVEname#1}% - \next -} -\def\newsaveinsX #1{% - \csname newbox\endcsname #1% - \expandafter\def\expandafter\checkinserts\expandafter{\checkinserts - \checksaveins #1}% -} - -% initialize: -\let\checkinserts\empty -\newsaveins\footins -\newsaveins\margin - - -% @image. We use the macros from epsf.tex to support this. -% If epsf.tex is not installed and @image is used, we complain. -% -% Check for and read epsf.tex up front. If we read it only at @image -% time, we might be inside a group, and then its definitions would get -% undone and the next image would fail. -\openin 1 = epsf.tex -\ifeof 1 \else - % Do not bother showing banner with epsf.tex v2.7k (available in - % doc/epsf.tex and on ctan). - \def\epsfannounce{\toks0 = }% - \input epsf.tex -\fi -\closein 1 -% -% We will only complain once about lack of epsf.tex. -\newif\ifwarnednoepsf -\newhelp\noepsfhelp{epsf.tex must be installed for images to - work. It is also included in the Texinfo distribution, or you can get - it from ftp://tug.org/tex/epsf.tex.} -% -\def\image#1{% - \ifx\epsfbox\undefined - \ifwarnednoepsf \else - \errhelp = \noepsfhelp - \errmessage{epsf.tex not found, images will be ignored}% - \global\warnednoepsftrue - \fi - \else - \imagexxx #1,,,,,\finish - \fi -} -% -% Arguments to @image: -% #1 is (mandatory) image filename; we tack on .eps extension. -% #2 is (optional) width, #3 is (optional) height. -% #4 is (ignored optional) html alt text. -% #5 is (ignored optional) extension. -% #6 is just the usual extra ignored arg for parsing this stuff. -\newif\ifimagevmode -\def\imagexxx#1,#2,#3,#4,#5,#6\finish{\begingroup - \catcode`\^^M = 5 % in case we're inside an example - \normalturnoffactive % allow _ et al. in names - % If the image is by itself, center it. - \ifvmode - \imagevmodetrue - \nobreak\bigskip - % Usually we'll have text after the image which will insert - % \parskip glue, so insert it here too to equalize the space - % above and below. - \nobreak\vskip\parskip - \nobreak - \line\bgroup - \fi - % - % Output the image. - \ifpdf - \dopdfimage{#1}{#2}{#3}% - \else - % \epsfbox itself resets \epsf?size at each figure. - \setbox0 = \hbox{\ignorespaces #2}\ifdim\wd0 > 0pt \epsfxsize=#2\relax \fi - \setbox0 = \hbox{\ignorespaces #3}\ifdim\wd0 > 0pt \epsfysize=#3\relax \fi - \epsfbox{#1.eps}% - \fi - % - \ifimagevmode \egroup \bigbreak \fi % space after the image -\endgroup} - - -% @float FLOATTYPE,LABEL,LOC ... @end float for displayed figures, tables, -% etc. We don't actually implement floating yet, we always include the -% float "here". But it seemed the best name for the future. -% -\envparseargdef\float{\eatcommaspace\eatcommaspace\dofloat#1, , ,\finish} - -% There may be a space before second and/or third parameter; delete it. -\def\eatcommaspace#1, {#1,} - -% #1 is the optional FLOATTYPE, the text label for this float, typically -% "Figure", "Table", "Example", etc. Can't contain commas. If omitted, -% this float will not be numbered and cannot be referred to. -% -% #2 is the optional xref label. Also must be present for the float to -% be referable. -% -% #3 is the optional positioning argument; for now, it is ignored. It -% will somehow specify the positions allowed to float to (here, top, bottom). -% -% We keep a separate counter for each FLOATTYPE, which we reset at each -% chapter-level command. -\let\resetallfloatnos=\empty -% -\def\dofloat#1,#2,#3,#4\finish{% - \let\thiscaption=\empty - \let\thisshortcaption=\empty - % - % don't lose footnotes inside @float. - % - % BEWARE: when the floats start float, we have to issue warning whenever an - % insert appears inside a float which could possibly float. --kasal, 26may04 - % - \startsavinginserts - % - % We can't be used inside a paragraph. - \par - % - \vtop\bgroup - \def\floattype{#1}% - \def\floatlabel{#2}% - \def\floatloc{#3}% we do nothing with this yet. - % - \ifx\floattype\empty - \let\safefloattype=\empty - \else - {% - % the floattype might have accents or other special characters, - % but we need to use it in a control sequence name. - \indexnofonts - \turnoffactive - \xdef\safefloattype{\floattype}% - }% - \fi - % - % If label is given but no type, we handle that as the empty type. - \ifx\floatlabel\empty \else - % We want each FLOATTYPE to be numbered separately (Figure 1, - % Table 1, Figure 2, ...). (And if no label, no number.) - % - \expandafter\getfloatno\csname\safefloattype floatno\endcsname - \global\advance\floatno by 1 - % - {% - % This magic value for \thissection is output by \setref as the - % XREFLABEL-title value. \xrefX uses it to distinguish float - % labels (which have a completely different output format) from - % node and anchor labels. And \xrdef uses it to construct the - % lists of floats. - % - \edef\thissection{\floatmagic=\safefloattype}% - \setref{\floatlabel}{Yfloat}% - }% - \fi - % - % start with \parskip glue, I guess. - \vskip\parskip - % - % Don't suppress indentation if a float happens to start a section. - \restorefirstparagraphindent -} - -% we have these possibilities: -% @float Foo,lbl & @caption{Cap}: Foo 1.1: Cap -% @float Foo,lbl & no caption: Foo 1.1 -% @float Foo & @caption{Cap}: Foo: Cap -% @float Foo & no caption: Foo -% @float ,lbl & Caption{Cap}: 1.1: Cap -% @float ,lbl & no caption: 1.1 -% @float & @caption{Cap}: Cap -% @float & no caption: -% -\def\Efloat{% - \let\floatident = \empty - % - % In all cases, if we have a float type, it comes first. - \ifx\floattype\empty \else \def\floatident{\floattype}\fi - % - % If we have an xref label, the number comes next. - \ifx\floatlabel\empty \else - \ifx\floattype\empty \else % if also had float type, need tie first. - \appendtomacro\floatident{\tie}% - \fi - % the number. - \appendtomacro\floatident{\chaplevelprefix\the\floatno}% - \fi - % - % Start the printed caption with what we've constructed in - % \floatident, but keep it separate; we need \floatident again. - \let\captionline = \floatident - % - \ifx\thiscaption\empty \else - \ifx\floatident\empty \else - \appendtomacro\captionline{: }% had ident, so need a colon between - \fi - % - % caption text. - \appendtomacro\captionline{\scanexp\thiscaption}% - \fi - % - % If we have anything to print, print it, with space before. - % Eventually this needs to become an \insert. - \ifx\captionline\empty \else - \vskip.5\parskip - \captionline - % - % Space below caption. - \vskip\parskip - \fi - % - % If have an xref label, write the list of floats info. Do this - % after the caption, to avoid chance of it being a breakpoint. - \ifx\floatlabel\empty \else - % Write the text that goes in the lof to the aux file as - % \floatlabel-lof. Besides \floatident, we include the short - % caption if specified, else the full caption if specified, else nothing. - {% - \atdummies - % - % since we read the caption text in the macro world, where ^^M - % is turned into a normal character, we have to scan it back, so - % we don't write the literal three characters "^^M" into the aux file. - \scanexp{% - \xdef\noexpand\gtemp{% - \ifx\thisshortcaption\empty - \thiscaption - \else - \thisshortcaption - \fi - }% - }% - \immediate\write\auxfile{@xrdef{\floatlabel-lof}{\floatident - \ifx\gtemp\empty \else : \gtemp \fi}}% - }% - \fi - \egroup % end of \vtop - % - % place the captured inserts - % - % BEWARE: when the floats start floating, we have to issue warning - % whenever an insert appears inside a float which could possibly - % float. --kasal, 26may04 - % - \checkinserts -} - -% Append the tokens #2 to the definition of macro #1, not expanding either. -% -\def\appendtomacro#1#2{% - \expandafter\def\expandafter#1\expandafter{#1#2}% -} - -% @caption, @shortcaption -% -\def\caption{\docaption\thiscaption} -\def\shortcaption{\docaption\thisshortcaption} -\def\docaption{\checkenv\float \bgroup\scanargctxt\defcaption} -\def\defcaption#1#2{\egroup \def#1{#2}} - -% The parameter is the control sequence identifying the counter we are -% going to use. Create it if it doesn't exist and assign it to \floatno. -\def\getfloatno#1{% - \ifx#1\relax - % Haven't seen this figure type before. - \csname newcount\endcsname #1% - % - % Remember to reset this floatno at the next chap. - \expandafter\gdef\expandafter\resetallfloatnos - \expandafter{\resetallfloatnos #1=0 }% - \fi - \let\floatno#1% -} - -% \setref calls this to get the XREFLABEL-snt value. We want an @xref -% to the FLOATLABEL to expand to "Figure 3.1". We call \setref when we -% first read the @float command. -% -\def\Yfloat{\floattype@tie \chaplevelprefix\the\floatno}% - -% Magic string used for the XREFLABEL-title value, so \xrefX can -% distinguish floats from other xref types. -\def\floatmagic{!!float!!} - -% #1 is the control sequence we are passed; we expand into a conditional -% which is true if #1 represents a float ref. That is, the magic -% \thissection value which we \setref above. -% -\def\iffloat#1{\expandafter\doiffloat#1==\finish} -% -% #1 is (maybe) the \floatmagic string. If so, #2 will be the -% (safe) float type for this float. We set \iffloattype to #2. -% -\def\doiffloat#1=#2=#3\finish{% - \def\temp{#1}% - \def\iffloattype{#2}% - \ifx\temp\floatmagic -} - -% @listoffloats FLOATTYPE - print a list of floats like a table of contents. -% -\parseargdef\listoffloats{% - \def\floattype{#1}% floattype - {% - % the floattype might have accents or other special characters, - % but we need to use it in a control sequence name. - \indexnofonts - \turnoffactive - \xdef\safefloattype{\floattype}% - }% - % - % \xrdef saves the floats as a \do-list in \floatlistSAFEFLOATTYPE. - \expandafter\ifx\csname floatlist\safefloattype\endcsname \relax - \ifhavexrefs - % if the user said @listoffloats foo but never @float foo. - \message{\linenumber No `\safefloattype' floats to list.}% - \fi - \else - \begingroup - \leftskip=\tocindent % indent these entries like a toc - \let\do=\listoffloatsdo - \csname floatlist\safefloattype\endcsname - \endgroup - \fi -} - -% This is called on each entry in a list of floats. We're passed the -% xref label, in the form LABEL-title, which is how we save it in the -% aux file. We strip off the -title and look up \XRLABEL-lof, which -% has the text we're supposed to typeset here. -% -% Figures without xref labels will not be included in the list (since -% they won't appear in the aux file). -% -\def\listoffloatsdo#1{\listoffloatsdoentry#1\finish} -\def\listoffloatsdoentry#1-title\finish{{% - % Can't fully expand XR#1-lof because it can contain anything. Just - % pass the control sequence. On the other hand, XR#1-pg is just the - % page number, and we want to fully expand that so we can get a link - % in pdf output. - \toksA = \expandafter{\csname XR#1-lof\endcsname}% - % - % use the same \entry macro we use to generate the TOC and index. - \edef\writeentry{\noexpand\entry{\the\toksA}{\csname XR#1-pg\endcsname}}% - \writeentry -}} - - -\message{localization,} - -% @documentlanguage is usually given very early, just after -% @setfilename. If done too late, it may not override everything -% properly. Single argument is the language abbreviation. -% It would be nice if we could set up a hyphenation file here. -% -\parseargdef\documentlanguage{% - \tex % read txi-??.tex file in plain TeX. - % Read the file if it exists. - \openin 1 txi-#1.tex - \ifeof 1 - \errhelp = \nolanghelp - \errmessage{Cannot read language file txi-#1.tex}% - \else - \input txi-#1.tex - \fi - \closein 1 - \endgroup -} -\newhelp\nolanghelp{The given language definition file cannot be found or -is empty. Maybe you need to install it? In the current directory -should work if nowhere else does.} - -% Set the catcode of characters 128 through 255 to the specified number. -% -\def\setnonasciicharscatcode#1{% - \count255=128 - \loop\ifnum\count255<256 - \global\catcode\count255=#1 - \advance\count255 by 1 - \repeat -} - -% @documentencoding sets the definition of non-ASCII characters -% according to the specified encoding. -% -\parseargdef\documentencoding{% - % Encoding being declared for the document. - \def\declaredencoding{\csname #1.enc\endcsname}% - % - % Supported encodings: names converted to tokens in order to be able - % to compare them with \ifx. - \def\ascii{\csname US-ASCII.enc\endcsname}% - \def\latnine{\csname ISO-8859-15.enc\endcsname}% - \def\latone{\csname ISO-8859-1.enc\endcsname}% - \def\lattwo{\csname ISO-8859-2.enc\endcsname}% - \def\utfeight{\csname UTF-8.enc\endcsname}% - % - \ifx \declaredencoding \ascii - \asciichardefs - % - \else \ifx \declaredencoding \lattwo - \setnonasciicharscatcode\active - \lattwochardefs - % - \else \ifx \declaredencoding \latone - \setnonasciicharscatcode\active - \latonechardefs - % - \else \ifx \declaredencoding \latnine - \setnonasciicharscatcode\active - \latninechardefs - % - \else \ifx \declaredencoding \utfeight - \setnonasciicharscatcode\active - \utfeightchardefs - % - \else - \message{Unknown document encoding #1, ignoring.}% - % - \fi % utfeight - \fi % latnine - \fi % latone - \fi % lattwo - \fi % ascii -} - -% A message to be logged when using a character that isn't available -% the default font encoding (OT1). -% -\def\missingcharmsg#1{\message{Character missing in OT1 encoding: #1.}} - -% Take account of \c (plain) vs. \, (Texinfo) difference. -\def\cedilla#1{\ifx\c\ptexc\c{#1}\else\,{#1}\fi} - -% First, make active non-ASCII characters in order for them to be -% correctly categorized when TeX reads the replacement text of -% macros containing the character definitions. -\setnonasciicharscatcode\active -% -% Latin1 (ISO-8859-1) character definitions. -\def\latonechardefs{% - \gdef^^a0{~} - \gdef^^a1{\exclamdown} - \gdef^^a2{\missingcharmsg{CENT SIGN}} - \gdef^^a3{{\pounds}} - \gdef^^a4{\missingcharmsg{CURRENCY SIGN}} - \gdef^^a5{\missingcharmsg{YEN SIGN}} - \gdef^^a6{\missingcharmsg{BROKEN BAR}} - \gdef^^a7{\S} - \gdef^^a8{\"{}} - \gdef^^a9{\copyright} - \gdef^^aa{\ordf} - \gdef^^ab{\missingcharmsg{LEFT-POINTING DOUBLE ANGLE QUOTATION MARK}} - \gdef^^ac{$\lnot$} - \gdef^^ad{\-} - \gdef^^ae{\registeredsymbol} - \gdef^^af{\={}} - % - \gdef^^b0{\textdegree} - \gdef^^b1{$\pm$} - \gdef^^b2{$^2$} - \gdef^^b3{$^3$} - \gdef^^b4{\'{}} - \gdef^^b5{$\mu$} - \gdef^^b6{\P} - % - \gdef^^b7{$^.$} - \gdef^^b8{\cedilla\ } - \gdef^^b9{$^1$} - \gdef^^ba{\ordm} - % - \gdef^^bb{\missingcharmsg{RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK}} - \gdef^^bc{$1\over4$} - \gdef^^bd{$1\over2$} - \gdef^^be{$3\over4$} - \gdef^^bf{\questiondown} - % - \gdef^^c0{\`A} - \gdef^^c1{\'A} - \gdef^^c2{\^A} - \gdef^^c3{\~A} - \gdef^^c4{\"A} - \gdef^^c5{\ringaccent A} - \gdef^^c6{\AE} - \gdef^^c7{\cedilla C} - \gdef^^c8{\`E} - \gdef^^c9{\'E} - \gdef^^ca{\^E} - \gdef^^cb{\"E} - \gdef^^cc{\`I} - \gdef^^cd{\'I} - \gdef^^ce{\^I} - \gdef^^cf{\"I} - % - \gdef^^d0{\missingcharmsg{LATIN CAPITAL LETTER ETH}} - \gdef^^d1{\~N} - \gdef^^d2{\`O} - \gdef^^d3{\'O} - \gdef^^d4{\^O} - \gdef^^d5{\~O} - \gdef^^d6{\"O} - \gdef^^d7{$\times$} - \gdef^^d8{\O} - \gdef^^d9{\`U} - \gdef^^da{\'U} - \gdef^^db{\^U} - \gdef^^dc{\"U} - \gdef^^dd{\'Y} - \gdef^^de{\missingcharmsg{LATIN CAPITAL LETTER THORN}} - \gdef^^df{\ss} - % - \gdef^^e0{\`a} - \gdef^^e1{\'a} - \gdef^^e2{\^a} - \gdef^^e3{\~a} - \gdef^^e4{\"a} - \gdef^^e5{\ringaccent a} - \gdef^^e6{\ae} - \gdef^^e7{\cedilla c} - \gdef^^e8{\`e} - \gdef^^e9{\'e} - \gdef^^ea{\^e} - \gdef^^eb{\"e} - \gdef^^ec{\`{\dotless i}} - \gdef^^ed{\'{\dotless i}} - \gdef^^ee{\^{\dotless i}} - \gdef^^ef{\"{\dotless i}} - % - \gdef^^f0{\missingcharmsg{LATIN SMALL LETTER ETH}} - \gdef^^f1{\~n} - \gdef^^f2{\`o} - \gdef^^f3{\'o} - \gdef^^f4{\^o} - \gdef^^f5{\~o} - \gdef^^f6{\"o} - \gdef^^f7{$\div$} - \gdef^^f8{\o} - \gdef^^f9{\`u} - \gdef^^fa{\'u} - \gdef^^fb{\^u} - \gdef^^fc{\"u} - \gdef^^fd{\'y} - \gdef^^fe{\missingcharmsg{LATIN SMALL LETTER THORN}} - \gdef^^ff{\"y} -} - -% Latin9 (ISO-8859-15) encoding character definitions. -\def\latninechardefs{% - % Encoding is almost identical to Latin1. - \latonechardefs - % - \gdef^^a4{\euro} - \gdef^^a6{\v S} - \gdef^^a8{\v s} - \gdef^^b4{\v Z} - \gdef^^b8{\v z} - \gdef^^bc{\OE} - \gdef^^bd{\oe} - \gdef^^be{\"Y} -} - -% Latin2 (ISO-8859-2) character definitions. -\def\lattwochardefs{% - \gdef^^a0{~} - \gdef^^a1{\missingcharmsg{LATIN CAPITAL LETTER A WITH OGONEK}} - \gdef^^a2{\u{}} - \gdef^^a3{\L} - \gdef^^a4{\missingcharmsg{CURRENCY SIGN}} - \gdef^^a5{\v L} - \gdef^^a6{\'S} - \gdef^^a7{\S} - \gdef^^a8{\"{}} - \gdef^^a9{\v S} - \gdef^^aa{\cedilla S} - \gdef^^ab{\v T} - \gdef^^ac{\'Z} - \gdef^^ad{\-} - \gdef^^ae{\v Z} - \gdef^^af{\dotaccent Z} - % - \gdef^^b0{\textdegree} - \gdef^^b1{\missingcharmsg{LATIN SMALL LETTER A WITH OGONEK}} - \gdef^^b2{\missingcharmsg{OGONEK}} - \gdef^^b3{\l} - \gdef^^b4{\'{}} - \gdef^^b5{\v l} - \gdef^^b6{\'s} - \gdef^^b7{\v{}} - \gdef^^b8{\cedilla\ } - \gdef^^b9{\v s} - \gdef^^ba{\cedilla s} - \gdef^^bb{\v t} - \gdef^^bc{\'z} - \gdef^^bd{\H{}} - \gdef^^be{\v z} - \gdef^^bf{\dotaccent z} - % - \gdef^^c0{\'R} - \gdef^^c1{\'A} - \gdef^^c2{\^A} - \gdef^^c3{\u A} - \gdef^^c4{\"A} - \gdef^^c5{\'L} - \gdef^^c6{\'C} - \gdef^^c7{\cedilla C} - \gdef^^c8{\v C} - \gdef^^c9{\'E} - \gdef^^ca{\missingcharmsg{LATIN CAPITAL LETTER E WITH OGONEK}} - \gdef^^cb{\"E} - \gdef^^cc{\v E} - \gdef^^cd{\'I} - \gdef^^ce{\^I} - \gdef^^cf{\v D} - % - \gdef^^d0{\missingcharmsg{LATIN CAPITAL LETTER D WITH STROKE}} - \gdef^^d1{\'N} - \gdef^^d2{\v N} - \gdef^^d3{\'O} - \gdef^^d4{\^O} - \gdef^^d5{\H O} - \gdef^^d6{\"O} - \gdef^^d7{$\times$} - \gdef^^d8{\v R} - \gdef^^d9{\ringaccent U} - \gdef^^da{\'U} - \gdef^^db{\H U} - \gdef^^dc{\"U} - \gdef^^dd{\'Y} - \gdef^^de{\cedilla T} - \gdef^^df{\ss} - % - \gdef^^e0{\'r} - \gdef^^e1{\'a} - \gdef^^e2{\^a} - \gdef^^e3{\u a} - \gdef^^e4{\"a} - \gdef^^e5{\'l} - \gdef^^e6{\'c} - \gdef^^e7{\cedilla c} - \gdef^^e8{\v c} - \gdef^^e9{\'e} - \gdef^^ea{\missingcharmsg{LATIN SMALL LETTER E WITH OGONEK}} - \gdef^^eb{\"e} - \gdef^^ec{\v e} - \gdef^^ed{\'\i} - \gdef^^ee{\^\i} - \gdef^^ef{\v d} - % - \gdef^^f0{\missingcharmsg{LATIN SMALL LETTER D WITH STROKE}} - \gdef^^f1{\'n} - \gdef^^f2{\v n} - \gdef^^f3{\'o} - \gdef^^f4{\^o} - \gdef^^f5{\H o} - \gdef^^f6{\"o} - \gdef^^f7{$\div$} - \gdef^^f8{\v r} - \gdef^^f9{\ringaccent u} - \gdef^^fa{\'u} - \gdef^^fb{\H u} - \gdef^^fc{\"u} - \gdef^^fd{\'y} - \gdef^^fe{\cedilla t} - \gdef^^ff{\dotaccent{}} -} - -% UTF-8 character definitions. -% -% This code to support UTF-8 is based on LaTeX's utf8.def, with some -% changes for Texinfo conventions. It is included here under the GPL by -% permission from Frank Mittelbach and the LaTeX team. -% -\newcount\countUTFx -\newcount\countUTFy -\newcount\countUTFz - -\gdef\UTFviiiTwoOctets#1#2{\expandafter - \UTFviiiDefined\csname u8:#1\string #2\endcsname} -% -\gdef\UTFviiiThreeOctets#1#2#3{\expandafter - \UTFviiiDefined\csname u8:#1\string #2\string #3\endcsname} -% -\gdef\UTFviiiFourOctets#1#2#3#4{\expandafter - \UTFviiiDefined\csname u8:#1\string #2\string #3\string #4\endcsname} - -\gdef\UTFviiiDefined#1{% - \ifx #1\relax - \message{\linenumber Unicode char \string #1 not defined for Texinfo}% - \else - \expandafter #1% - \fi -} - -\begingroup - \catcode`\~13 - \catcode`\"12 - - \def\UTFviiiLoop{% - \global\catcode\countUTFx\active - \uccode`\~\countUTFx - \uppercase\expandafter{\UTFviiiTmp}% - \advance\countUTFx by 1 - \ifnum\countUTFx < \countUTFy - \expandafter\UTFviiiLoop - \fi} - - \countUTFx = "C2 - \countUTFy = "E0 - \def\UTFviiiTmp{% - \xdef~{\noexpand\UTFviiiTwoOctets\string~}} - \UTFviiiLoop - - \countUTFx = "E0 - \countUTFy = "F0 - \def\UTFviiiTmp{% - \xdef~{\noexpand\UTFviiiThreeOctets\string~}} - \UTFviiiLoop - - \countUTFx = "F0 - \countUTFy = "F4 - \def\UTFviiiTmp{% - \xdef~{\noexpand\UTFviiiFourOctets\string~}} - \UTFviiiLoop -\endgroup - -\begingroup - \catcode`\"=12 - \catcode`\<=12 - \catcode`\.=12 - \catcode`\,=12 - \catcode`\;=12 - \catcode`\!=12 - \catcode`\~=13 - - \gdef\DeclareUnicodeCharacter#1#2{% - \countUTFz = "#1\relax - \wlog{\space\space defining Unicode char U+#1 (decimal \the\countUTFz)}% - \begingroup - \parseXMLCharref - \def\UTFviiiTwoOctets##1##2{% - \csname u8:##1\string ##2\endcsname}% - \def\UTFviiiThreeOctets##1##2##3{% - \csname u8:##1\string ##2\string ##3\endcsname}% - \def\UTFviiiFourOctets##1##2##3##4{% - \csname u8:##1\string ##2\string ##3\string ##4\endcsname}% - \expandafter\expandafter\expandafter\expandafter - \expandafter\expandafter\expandafter - \gdef\UTFviiiTmp{#2}% - \endgroup} - - \gdef\parseXMLCharref{% - \ifnum\countUTFz < "A0\relax - \errhelp = \EMsimple - \errmessage{Cannot define Unicode char value < 00A0}% - \else\ifnum\countUTFz < "800\relax - \parseUTFviiiA,% - \parseUTFviiiB C\UTFviiiTwoOctets.,% - \else\ifnum\countUTFz < "10000\relax - \parseUTFviiiA;% - \parseUTFviiiA,% - \parseUTFviiiB E\UTFviiiThreeOctets.{,;}% - \else - \parseUTFviiiA;% - \parseUTFviiiA,% - \parseUTFviiiA!% - \parseUTFviiiB F\UTFviiiFourOctets.{!,;}% - \fi\fi\fi - } - - \gdef\parseUTFviiiA#1{% - \countUTFx = \countUTFz - \divide\countUTFz by 64 - \countUTFy = \countUTFz - \multiply\countUTFz by 64 - \advance\countUTFx by -\countUTFz - \advance\countUTFx by 128 - \uccode `#1\countUTFx - \countUTFz = \countUTFy} - - \gdef\parseUTFviiiB#1#2#3#4{% - \advance\countUTFz by "#10\relax - \uccode `#3\countUTFz - \uppercase{\gdef\UTFviiiTmp{#2#3#4}}} -\endgroup - -\def\utfeightchardefs{% - \DeclareUnicodeCharacter{00A0}{\tie} - \DeclareUnicodeCharacter{00A1}{\exclamdown} - \DeclareUnicodeCharacter{00A3}{\pounds} - \DeclareUnicodeCharacter{00A8}{\"{ }} - \DeclareUnicodeCharacter{00A9}{\copyright} - \DeclareUnicodeCharacter{00AA}{\ordf} - \DeclareUnicodeCharacter{00AD}{\-} - \DeclareUnicodeCharacter{00AE}{\registeredsymbol} - \DeclareUnicodeCharacter{00AF}{\={ }} - - \DeclareUnicodeCharacter{00B0}{\ringaccent{ }} - \DeclareUnicodeCharacter{00B4}{\'{ }} - \DeclareUnicodeCharacter{00B8}{\cedilla{ }} - \DeclareUnicodeCharacter{00BA}{\ordm} - \DeclareUnicodeCharacter{00BF}{\questiondown} - - \DeclareUnicodeCharacter{00C0}{\`A} - \DeclareUnicodeCharacter{00C1}{\'A} - \DeclareUnicodeCharacter{00C2}{\^A} - \DeclareUnicodeCharacter{00C3}{\~A} - \DeclareUnicodeCharacter{00C4}{\"A} - \DeclareUnicodeCharacter{00C5}{\AA} - \DeclareUnicodeCharacter{00C6}{\AE} - \DeclareUnicodeCharacter{00C7}{\cedilla{C}} - \DeclareUnicodeCharacter{00C8}{\`E} - \DeclareUnicodeCharacter{00C9}{\'E} - \DeclareUnicodeCharacter{00CA}{\^E} - \DeclareUnicodeCharacter{00CB}{\"E} - \DeclareUnicodeCharacter{00CC}{\`I} - \DeclareUnicodeCharacter{00CD}{\'I} - \DeclareUnicodeCharacter{00CE}{\^I} - \DeclareUnicodeCharacter{00CF}{\"I} - - \DeclareUnicodeCharacter{00D1}{\~N} - \DeclareUnicodeCharacter{00D2}{\`O} - \DeclareUnicodeCharacter{00D3}{\'O} - \DeclareUnicodeCharacter{00D4}{\^O} - \DeclareUnicodeCharacter{00D5}{\~O} - \DeclareUnicodeCharacter{00D6}{\"O} - \DeclareUnicodeCharacter{00D8}{\O} - \DeclareUnicodeCharacter{00D9}{\`U} - \DeclareUnicodeCharacter{00DA}{\'U} - \DeclareUnicodeCharacter{00DB}{\^U} - \DeclareUnicodeCharacter{00DC}{\"U} - \DeclareUnicodeCharacter{00DD}{\'Y} - \DeclareUnicodeCharacter{00DF}{\ss} - - \DeclareUnicodeCharacter{00E0}{\`a} - \DeclareUnicodeCharacter{00E1}{\'a} - \DeclareUnicodeCharacter{00E2}{\^a} - \DeclareUnicodeCharacter{00E3}{\~a} - \DeclareUnicodeCharacter{00E4}{\"a} - \DeclareUnicodeCharacter{00E5}{\aa} - \DeclareUnicodeCharacter{00E6}{\ae} - \DeclareUnicodeCharacter{00E7}{\cedilla{c}} - \DeclareUnicodeCharacter{00E8}{\`e} - \DeclareUnicodeCharacter{00E9}{\'e} - \DeclareUnicodeCharacter{00EA}{\^e} - \DeclareUnicodeCharacter{00EB}{\"e} - \DeclareUnicodeCharacter{00EC}{\`{\dotless{i}}} - \DeclareUnicodeCharacter{00ED}{\'{\dotless{i}}} - \DeclareUnicodeCharacter{00EE}{\^{\dotless{i}}} - \DeclareUnicodeCharacter{00EF}{\"{\dotless{i}}} - - \DeclareUnicodeCharacter{00F1}{\~n} - \DeclareUnicodeCharacter{00F2}{\`o} - \DeclareUnicodeCharacter{00F3}{\'o} - \DeclareUnicodeCharacter{00F4}{\^o} - \DeclareUnicodeCharacter{00F5}{\~o} - \DeclareUnicodeCharacter{00F6}{\"o} - \DeclareUnicodeCharacter{00F8}{\o} - \DeclareUnicodeCharacter{00F9}{\`u} - \DeclareUnicodeCharacter{00FA}{\'u} - \DeclareUnicodeCharacter{00FB}{\^u} - \DeclareUnicodeCharacter{00FC}{\"u} - \DeclareUnicodeCharacter{00FD}{\'y} - \DeclareUnicodeCharacter{00FF}{\"y} - - \DeclareUnicodeCharacter{0100}{\=A} - \DeclareUnicodeCharacter{0101}{\=a} - \DeclareUnicodeCharacter{0102}{\u{A}} - \DeclareUnicodeCharacter{0103}{\u{a}} - \DeclareUnicodeCharacter{0106}{\'C} - \DeclareUnicodeCharacter{0107}{\'c} - \DeclareUnicodeCharacter{0108}{\^C} - \DeclareUnicodeCharacter{0109}{\^c} - \DeclareUnicodeCharacter{010A}{\dotaccent{C}} - \DeclareUnicodeCharacter{010B}{\dotaccent{c}} - \DeclareUnicodeCharacter{010C}{\v{C}} - \DeclareUnicodeCharacter{010D}{\v{c}} - \DeclareUnicodeCharacter{010E}{\v{D}} - - \DeclareUnicodeCharacter{0112}{\=E} - \DeclareUnicodeCharacter{0113}{\=e} - \DeclareUnicodeCharacter{0114}{\u{E}} - \DeclareUnicodeCharacter{0115}{\u{e}} - \DeclareUnicodeCharacter{0116}{\dotaccent{E}} - \DeclareUnicodeCharacter{0117}{\dotaccent{e}} - \DeclareUnicodeCharacter{011A}{\v{E}} - \DeclareUnicodeCharacter{011B}{\v{e}} - \DeclareUnicodeCharacter{011C}{\^G} - \DeclareUnicodeCharacter{011D}{\^g} - \DeclareUnicodeCharacter{011E}{\u{G}} - \DeclareUnicodeCharacter{011F}{\u{g}} - - \DeclareUnicodeCharacter{0120}{\dotaccent{G}} - \DeclareUnicodeCharacter{0121}{\dotaccent{g}} - \DeclareUnicodeCharacter{0124}{\^H} - \DeclareUnicodeCharacter{0125}{\^h} - \DeclareUnicodeCharacter{0128}{\~I} - \DeclareUnicodeCharacter{0129}{\~{\dotless{i}}} - \DeclareUnicodeCharacter{012A}{\=I} - \DeclareUnicodeCharacter{012B}{\={\dotless{i}}} - \DeclareUnicodeCharacter{012C}{\u{I}} - \DeclareUnicodeCharacter{012D}{\u{\dotless{i}}} - - \DeclareUnicodeCharacter{0130}{\dotaccent{I}} - \DeclareUnicodeCharacter{0131}{\dotless{i}} - \DeclareUnicodeCharacter{0132}{IJ} - \DeclareUnicodeCharacter{0133}{ij} - \DeclareUnicodeCharacter{0134}{\^J} - \DeclareUnicodeCharacter{0135}{\^{\dotless{j}}} - \DeclareUnicodeCharacter{0139}{\'L} - \DeclareUnicodeCharacter{013A}{\'l} - - \DeclareUnicodeCharacter{0141}{\L} - \DeclareUnicodeCharacter{0142}{\l} - \DeclareUnicodeCharacter{0143}{\'N} - \DeclareUnicodeCharacter{0144}{\'n} - \DeclareUnicodeCharacter{0147}{\v{N}} - \DeclareUnicodeCharacter{0148}{\v{n}} - \DeclareUnicodeCharacter{014C}{\=O} - \DeclareUnicodeCharacter{014D}{\=o} - \DeclareUnicodeCharacter{014E}{\u{O}} - \DeclareUnicodeCharacter{014F}{\u{o}} - - \DeclareUnicodeCharacter{0150}{\H{O}} - \DeclareUnicodeCharacter{0151}{\H{o}} - \DeclareUnicodeCharacter{0152}{\OE} - \DeclareUnicodeCharacter{0153}{\oe} - \DeclareUnicodeCharacter{0154}{\'R} - \DeclareUnicodeCharacter{0155}{\'r} - \DeclareUnicodeCharacter{0158}{\v{R}} - \DeclareUnicodeCharacter{0159}{\v{r}} - \DeclareUnicodeCharacter{015A}{\'S} - \DeclareUnicodeCharacter{015B}{\'s} - \DeclareUnicodeCharacter{015C}{\^S} - \DeclareUnicodeCharacter{015D}{\^s} - \DeclareUnicodeCharacter{015E}{\cedilla{S}} - \DeclareUnicodeCharacter{015F}{\cedilla{s}} - - \DeclareUnicodeCharacter{0160}{\v{S}} - \DeclareUnicodeCharacter{0161}{\v{s}} - \DeclareUnicodeCharacter{0162}{\cedilla{t}} - \DeclareUnicodeCharacter{0163}{\cedilla{T}} - \DeclareUnicodeCharacter{0164}{\v{T}} - - \DeclareUnicodeCharacter{0168}{\~U} - \DeclareUnicodeCharacter{0169}{\~u} - \DeclareUnicodeCharacter{016A}{\=U} - \DeclareUnicodeCharacter{016B}{\=u} - \DeclareUnicodeCharacter{016C}{\u{U}} - \DeclareUnicodeCharacter{016D}{\u{u}} - \DeclareUnicodeCharacter{016E}{\ringaccent{U}} - \DeclareUnicodeCharacter{016F}{\ringaccent{u}} - - \DeclareUnicodeCharacter{0170}{\H{U}} - \DeclareUnicodeCharacter{0171}{\H{u}} - \DeclareUnicodeCharacter{0174}{\^W} - \DeclareUnicodeCharacter{0175}{\^w} - \DeclareUnicodeCharacter{0176}{\^Y} - \DeclareUnicodeCharacter{0177}{\^y} - \DeclareUnicodeCharacter{0178}{\"Y} - \DeclareUnicodeCharacter{0179}{\'Z} - \DeclareUnicodeCharacter{017A}{\'z} - \DeclareUnicodeCharacter{017B}{\dotaccent{Z}} - \DeclareUnicodeCharacter{017C}{\dotaccent{z}} - \DeclareUnicodeCharacter{017D}{\v{Z}} - \DeclareUnicodeCharacter{017E}{\v{z}} - - \DeclareUnicodeCharacter{01C4}{D\v{Z}} - \DeclareUnicodeCharacter{01C5}{D\v{z}} - \DeclareUnicodeCharacter{01C6}{d\v{z}} - \DeclareUnicodeCharacter{01C7}{LJ} - \DeclareUnicodeCharacter{01C8}{Lj} - \DeclareUnicodeCharacter{01C9}{lj} - \DeclareUnicodeCharacter{01CA}{NJ} - \DeclareUnicodeCharacter{01CB}{Nj} - \DeclareUnicodeCharacter{01CC}{nj} - \DeclareUnicodeCharacter{01CD}{\v{A}} - \DeclareUnicodeCharacter{01CE}{\v{a}} - \DeclareUnicodeCharacter{01CF}{\v{I}} - - \DeclareUnicodeCharacter{01D0}{\v{\dotless{i}}} - \DeclareUnicodeCharacter{01D1}{\v{O}} - \DeclareUnicodeCharacter{01D2}{\v{o}} - \DeclareUnicodeCharacter{01D3}{\v{U}} - \DeclareUnicodeCharacter{01D4}{\v{u}} - - \DeclareUnicodeCharacter{01E2}{\={\AE}} - \DeclareUnicodeCharacter{01E3}{\={\ae}} - \DeclareUnicodeCharacter{01E6}{\v{G}} - \DeclareUnicodeCharacter{01E7}{\v{g}} - \DeclareUnicodeCharacter{01E8}{\v{K}} - \DeclareUnicodeCharacter{01E9}{\v{k}} - - \DeclareUnicodeCharacter{01F0}{\v{\dotless{j}}} - \DeclareUnicodeCharacter{01F1}{DZ} - \DeclareUnicodeCharacter{01F2}{Dz} - \DeclareUnicodeCharacter{01F3}{dz} - \DeclareUnicodeCharacter{01F4}{\'G} - \DeclareUnicodeCharacter{01F5}{\'g} - \DeclareUnicodeCharacter{01F8}{\`N} - \DeclareUnicodeCharacter{01F9}{\`n} - \DeclareUnicodeCharacter{01FC}{\'{\AE}} - \DeclareUnicodeCharacter{01FD}{\'{\ae}} - \DeclareUnicodeCharacter{01FE}{\'{\O}} - \DeclareUnicodeCharacter{01FF}{\'{\o}} - - \DeclareUnicodeCharacter{021E}{\v{H}} - \DeclareUnicodeCharacter{021F}{\v{h}} - - \DeclareUnicodeCharacter{0226}{\dotaccent{A}} - \DeclareUnicodeCharacter{0227}{\dotaccent{a}} - \DeclareUnicodeCharacter{0228}{\cedilla{E}} - \DeclareUnicodeCharacter{0229}{\cedilla{e}} - \DeclareUnicodeCharacter{022E}{\dotaccent{O}} - \DeclareUnicodeCharacter{022F}{\dotaccent{o}} - - \DeclareUnicodeCharacter{0232}{\=Y} - \DeclareUnicodeCharacter{0233}{\=y} - \DeclareUnicodeCharacter{0237}{\dotless{j}} - - \DeclareUnicodeCharacter{1E02}{\dotaccent{B}} - \DeclareUnicodeCharacter{1E03}{\dotaccent{b}} - \DeclareUnicodeCharacter{1E04}{\udotaccent{B}} - \DeclareUnicodeCharacter{1E05}{\udotaccent{b}} - \DeclareUnicodeCharacter{1E06}{\ubaraccent{B}} - \DeclareUnicodeCharacter{1E07}{\ubaraccent{b}} - \DeclareUnicodeCharacter{1E0A}{\dotaccent{D}} - \DeclareUnicodeCharacter{1E0B}{\dotaccent{d}} - \DeclareUnicodeCharacter{1E0C}{\udotaccent{D}} - \DeclareUnicodeCharacter{1E0D}{\udotaccent{d}} - \DeclareUnicodeCharacter{1E0E}{\ubaraccent{D}} - \DeclareUnicodeCharacter{1E0F}{\ubaraccent{d}} - - \DeclareUnicodeCharacter{1E1E}{\dotaccent{F}} - \DeclareUnicodeCharacter{1E1F}{\dotaccent{f}} - - \DeclareUnicodeCharacter{1E20}{\=G} - \DeclareUnicodeCharacter{1E21}{\=g} - \DeclareUnicodeCharacter{1E22}{\dotaccent{H}} - \DeclareUnicodeCharacter{1E23}{\dotaccent{h}} - \DeclareUnicodeCharacter{1E24}{\udotaccent{H}} - \DeclareUnicodeCharacter{1E25}{\udotaccent{h}} - \DeclareUnicodeCharacter{1E26}{\"H} - \DeclareUnicodeCharacter{1E27}{\"h} - - \DeclareUnicodeCharacter{1E30}{\'K} - \DeclareUnicodeCharacter{1E31}{\'k} - \DeclareUnicodeCharacter{1E32}{\udotaccent{K}} - \DeclareUnicodeCharacter{1E33}{\udotaccent{k}} - \DeclareUnicodeCharacter{1E34}{\ubaraccent{K}} - \DeclareUnicodeCharacter{1E35}{\ubaraccent{k}} - \DeclareUnicodeCharacter{1E36}{\udotaccent{L}} - \DeclareUnicodeCharacter{1E37}{\udotaccent{l}} - \DeclareUnicodeCharacter{1E3A}{\ubaraccent{L}} - \DeclareUnicodeCharacter{1E3B}{\ubaraccent{l}} - \DeclareUnicodeCharacter{1E3E}{\'M} - \DeclareUnicodeCharacter{1E3F}{\'m} - - \DeclareUnicodeCharacter{1E40}{\dotaccent{M}} - \DeclareUnicodeCharacter{1E41}{\dotaccent{m}} - \DeclareUnicodeCharacter{1E42}{\udotaccent{M}} - \DeclareUnicodeCharacter{1E43}{\udotaccent{m}} - \DeclareUnicodeCharacter{1E44}{\dotaccent{N}} - \DeclareUnicodeCharacter{1E45}{\dotaccent{n}} - \DeclareUnicodeCharacter{1E46}{\udotaccent{N}} - \DeclareUnicodeCharacter{1E47}{\udotaccent{n}} - \DeclareUnicodeCharacter{1E48}{\ubaraccent{N}} - \DeclareUnicodeCharacter{1E49}{\ubaraccent{n}} - - \DeclareUnicodeCharacter{1E54}{\'P} - \DeclareUnicodeCharacter{1E55}{\'p} - \DeclareUnicodeCharacter{1E56}{\dotaccent{P}} - \DeclareUnicodeCharacter{1E57}{\dotaccent{p}} - \DeclareUnicodeCharacter{1E58}{\dotaccent{R}} - \DeclareUnicodeCharacter{1E59}{\dotaccent{r}} - \DeclareUnicodeCharacter{1E5A}{\udotaccent{R}} - \DeclareUnicodeCharacter{1E5B}{\udotaccent{r}} - \DeclareUnicodeCharacter{1E5E}{\ubaraccent{R}} - \DeclareUnicodeCharacter{1E5F}{\ubaraccent{r}} - - \DeclareUnicodeCharacter{1E60}{\dotaccent{S}} - \DeclareUnicodeCharacter{1E61}{\dotaccent{s}} - \DeclareUnicodeCharacter{1E62}{\udotaccent{S}} - \DeclareUnicodeCharacter{1E63}{\udotaccent{s}} - \DeclareUnicodeCharacter{1E6A}{\dotaccent{T}} - \DeclareUnicodeCharacter{1E6B}{\dotaccent{t}} - \DeclareUnicodeCharacter{1E6C}{\udotaccent{T}} - \DeclareUnicodeCharacter{1E6D}{\udotaccent{t}} - \DeclareUnicodeCharacter{1E6E}{\ubaraccent{T}} - \DeclareUnicodeCharacter{1E6F}{\ubaraccent{t}} - - \DeclareUnicodeCharacter{1E7C}{\~V} - \DeclareUnicodeCharacter{1E7D}{\~v} - \DeclareUnicodeCharacter{1E7E}{\udotaccent{V}} - \DeclareUnicodeCharacter{1E7F}{\udotaccent{v}} - - \DeclareUnicodeCharacter{1E80}{\`W} - \DeclareUnicodeCharacter{1E81}{\`w} - \DeclareUnicodeCharacter{1E82}{\'W} - \DeclareUnicodeCharacter{1E83}{\'w} - \DeclareUnicodeCharacter{1E84}{\"W} - \DeclareUnicodeCharacter{1E85}{\"w} - \DeclareUnicodeCharacter{1E86}{\dotaccent{W}} - \DeclareUnicodeCharacter{1E87}{\dotaccent{w}} - \DeclareUnicodeCharacter{1E88}{\udotaccent{W}} - \DeclareUnicodeCharacter{1E89}{\udotaccent{w}} - \DeclareUnicodeCharacter{1E8A}{\dotaccent{X}} - \DeclareUnicodeCharacter{1E8B}{\dotaccent{x}} - \DeclareUnicodeCharacter{1E8C}{\"X} - \DeclareUnicodeCharacter{1E8D}{\"x} - \DeclareUnicodeCharacter{1E8E}{\dotaccent{Y}} - \DeclareUnicodeCharacter{1E8F}{\dotaccent{y}} - - \DeclareUnicodeCharacter{1E90}{\^Z} - \DeclareUnicodeCharacter{1E91}{\^z} - \DeclareUnicodeCharacter{1E92}{\udotaccent{Z}} - \DeclareUnicodeCharacter{1E93}{\udotaccent{z}} - \DeclareUnicodeCharacter{1E94}{\ubaraccent{Z}} - \DeclareUnicodeCharacter{1E95}{\ubaraccent{z}} - \DeclareUnicodeCharacter{1E96}{\ubaraccent{h}} - \DeclareUnicodeCharacter{1E97}{\"t} - \DeclareUnicodeCharacter{1E98}{\ringaccent{w}} - \DeclareUnicodeCharacter{1E99}{\ringaccent{y}} - - \DeclareUnicodeCharacter{1EA0}{\udotaccent{A}} - \DeclareUnicodeCharacter{1EA1}{\udotaccent{a}} - - \DeclareUnicodeCharacter{1EB8}{\udotaccent{E}} - \DeclareUnicodeCharacter{1EB9}{\udotaccent{e}} - \DeclareUnicodeCharacter{1EBC}{\~E} - \DeclareUnicodeCharacter{1EBD}{\~e} - - \DeclareUnicodeCharacter{1ECA}{\udotaccent{I}} - \DeclareUnicodeCharacter{1ECB}{\udotaccent{i}} - \DeclareUnicodeCharacter{1ECC}{\udotaccent{O}} - \DeclareUnicodeCharacter{1ECD}{\udotaccent{o}} - - \DeclareUnicodeCharacter{1EE4}{\udotaccent{U}} - \DeclareUnicodeCharacter{1EE5}{\udotaccent{u}} - - \DeclareUnicodeCharacter{1EF2}{\`Y} - \DeclareUnicodeCharacter{1EF3}{\`y} - \DeclareUnicodeCharacter{1EF4}{\udotaccent{Y}} - - \DeclareUnicodeCharacter{1EF8}{\~Y} - \DeclareUnicodeCharacter{1EF9}{\~y} - - \DeclareUnicodeCharacter{2013}{--} - \DeclareUnicodeCharacter{2014}{---} - \DeclareUnicodeCharacter{2022}{\bullet} - \DeclareUnicodeCharacter{2026}{\dots} - \DeclareUnicodeCharacter{20AC}{\euro} - - \DeclareUnicodeCharacter{2192}{\expansion} - \DeclareUnicodeCharacter{21D2}{\result} - - \DeclareUnicodeCharacter{2212}{\minus} - \DeclareUnicodeCharacter{2217}{\point} - \DeclareUnicodeCharacter{2261}{\equiv} -}% end of \utfeightchardefs - - -% US-ASCII character definitions. -\def\asciichardefs{% nothing need be done - \relax -} - -% Make non-ASCII characters printable again for compatibility with -% existing Texinfo documents that may use them, even without declaring a -% document encoding. -% -\setnonasciicharscatcode \other - - -\message{formatting,} - -\newdimen\defaultparindent \defaultparindent = 15pt - -\chapheadingskip = 15pt plus 4pt minus 2pt -\secheadingskip = 12pt plus 3pt minus 2pt -\subsecheadingskip = 9pt plus 2pt minus 2pt - -% Prevent underfull vbox error messages. -\vbadness = 10000 - -% Don't be so finicky about underfull hboxes, either. -\hbadness = 2000 - -% Following George Bush, just get rid of widows and orphans. -\widowpenalty=10000 -\clubpenalty=10000 - -% Use TeX 3.0's \emergencystretch to help line breaking, but if we're -% using an old version of TeX, don't do anything. We want the amount of -% stretch added to depend on the line length, hence the dependence on -% \hsize. We call this whenever the paper size is set. -% -\def\setemergencystretch{% - \ifx\emergencystretch\thisisundefined - % Allow us to assign to \emergencystretch anyway. - \def\emergencystretch{\dimen0}% - \else - \emergencystretch = .15\hsize - \fi -} - -% Parameters in order: 1) textheight; 2) textwidth; -% 3) voffset; 4) hoffset; 5) binding offset; 6) topskip; -% 7) physical page height; 8) physical page width. -% -% We also call \setleading{\textleading}, so the caller should define -% \textleading. The caller should also set \parskip. -% -\def\internalpagesizes#1#2#3#4#5#6#7#8{% - \voffset = #3\relax - \topskip = #6\relax - \splittopskip = \topskip - % - \vsize = #1\relax - \advance\vsize by \topskip - \outervsize = \vsize - \advance\outervsize by 2\topandbottommargin - \pageheight = \vsize - % - \hsize = #2\relax - \outerhsize = \hsize - \advance\outerhsize by 0.5in - \pagewidth = \hsize - % - \normaloffset = #4\relax - \bindingoffset = #5\relax - % - \ifpdf - \pdfpageheight #7\relax - \pdfpagewidth #8\relax - \fi - % - \setleading{\textleading} - % - \parindent = \defaultparindent - \setemergencystretch -} - -% @letterpaper (the default). -\def\letterpaper{{\globaldefs = 1 - \parskip = 3pt plus 2pt minus 1pt - \textleading = 13.2pt - % - % If page is nothing but text, make it come out even. - \internalpagesizes{46\baselineskip}{6in}% - {\voffset}{.25in}% - {\bindingoffset}{36pt}% - {11in}{8.5in}% -}} - -% Use @smallbook to reset parameters for 7x9.25 trim size. -\def\smallbook{{\globaldefs = 1 - \parskip = 2pt plus 1pt - \textleading = 12pt - % - \internalpagesizes{7.5in}{5in}% - {\voffset}{.25in}% - {\bindingoffset}{16pt}% - {9.25in}{7in}% - % - \lispnarrowing = 0.3in - \tolerance = 700 - \hfuzz = 1pt - \contentsrightmargin = 0pt - \defbodyindent = .5cm -}} - -% Use @smallerbook to reset parameters for 6x9 trim size. -% (Just testing, parameters still in flux.) -\def\smallerbook{{\globaldefs = 1 - \parskip = 1.5pt plus 1pt - \textleading = 12pt - % - \internalpagesizes{7.4in}{4.8in}% - {-.2in}{-.4in}% - {0pt}{14pt}% - {9in}{6in}% - % - \lispnarrowing = 0.25in - \tolerance = 700 - \hfuzz = 1pt - \contentsrightmargin = 0pt - \defbodyindent = .4cm -}} - -% Use @afourpaper to print on European A4 paper. -\def\afourpaper{{\globaldefs = 1 - \parskip = 3pt plus 2pt minus 1pt - \textleading = 13.2pt - % - % Double-side printing via postscript on Laserjet 4050 - % prints double-sided nicely when \bindingoffset=10mm and \hoffset=-6mm. - % To change the settings for a different printer or situation, adjust - % \normaloffset until the front-side and back-side texts align. Then - % do the same for \bindingoffset. You can set these for testing in - % your texinfo source file like this: - % @tex - % \global\normaloffset = -6mm - % \global\bindingoffset = 10mm - % @end tex - \internalpagesizes{51\baselineskip}{160mm} - {\voffset}{\hoffset}% - {\bindingoffset}{44pt}% - {297mm}{210mm}% - % - \tolerance = 700 - \hfuzz = 1pt - \contentsrightmargin = 0pt - \defbodyindent = 5mm -}} - -% Use @afivepaper to print on European A5 paper. -% From romildo@urano.iceb.ufop.br, 2 July 2000. -% He also recommends making @example and @lisp be small. -\def\afivepaper{{\globaldefs = 1 - \parskip = 2pt plus 1pt minus 0.1pt - \textleading = 12.5pt - % - \internalpagesizes{160mm}{120mm}% - {\voffset}{\hoffset}% - {\bindingoffset}{8pt}% - {210mm}{148mm}% - % - \lispnarrowing = 0.2in - \tolerance = 800 - \hfuzz = 1.2pt - \contentsrightmargin = 0pt - \defbodyindent = 2mm - \tableindent = 12mm -}} - -% A specific text layout, 24x15cm overall, intended for A4 paper. -\def\afourlatex{{\globaldefs = 1 - \afourpaper - \internalpagesizes{237mm}{150mm}% - {\voffset}{4.6mm}% - {\bindingoffset}{7mm}% - {297mm}{210mm}% - % - % Must explicitly reset to 0 because we call \afourpaper. - \globaldefs = 0 -}} - -% Use @afourwide to print on A4 paper in landscape format. -\def\afourwide{{\globaldefs = 1 - \afourpaper - \internalpagesizes{241mm}{165mm}% - {\voffset}{-2.95mm}% - {\bindingoffset}{7mm}% - {297mm}{210mm}% - \globaldefs = 0 -}} - -% @pagesizes TEXTHEIGHT[,TEXTWIDTH] -% Perhaps we should allow setting the margins, \topskip, \parskip, -% and/or leading, also. Or perhaps we should compute them somehow. -% -\parseargdef\pagesizes{\pagesizesyyy #1,,\finish} -\def\pagesizesyyy#1,#2,#3\finish{{% - \setbox0 = \hbox{\ignorespaces #2}\ifdim\wd0 > 0pt \hsize=#2\relax \fi - \globaldefs = 1 - % - \parskip = 3pt plus 2pt minus 1pt - \setleading{\textleading}% - % - \dimen0 = #1 - \advance\dimen0 by \voffset - % - \dimen2 = \hsize - \advance\dimen2 by \normaloffset - % - \internalpagesizes{#1}{\hsize}% - {\voffset}{\normaloffset}% - {\bindingoffset}{44pt}% - {\dimen0}{\dimen2}% -}} - -% Set default to letter. -% -\letterpaper - - -\message{and turning on texinfo input format.} - -% Define macros to output various characters with catcode for normal text. -\catcode`\"=\other -\catcode`\~=\other -\catcode`\^=\other -\catcode`\_=\other -\catcode`\|=\other -\catcode`\<=\other -\catcode`\>=\other -\catcode`\+=\other -\catcode`\$=\other -\def\normaldoublequote{"} -\def\normaltilde{~} -\def\normalcaret{^} -\def\normalunderscore{_} -\def\normalverticalbar{|} -\def\normalless{<} -\def\normalgreater{>} -\def\normalplus{+} -\def\normaldollar{$}%$ font-lock fix - -% This macro is used to make a character print one way in \tt -% (where it can probably be output as-is), and another way in other fonts, -% where something hairier probably needs to be done. -% -% #1 is what to print if we are indeed using \tt; #2 is what to print -% otherwise. Since all the Computer Modern typewriter fonts have zero -% interword stretch (and shrink), and it is reasonable to expect all -% typewriter fonts to have this, we can check that font parameter. -% -\def\ifusingtt#1#2{\ifdim \fontdimen3\font=0pt #1\else #2\fi} - -% Same as above, but check for italic font. Actually this also catches -% non-italic slanted fonts since it is impossible to distinguish them from -% italic fonts. But since this is only used by $ and it uses \sl anyway -% this is not a problem. -\def\ifusingit#1#2{\ifdim \fontdimen1\font>0pt #1\else #2\fi} - -% Turn off all special characters except @ -% (and those which the user can use as if they were ordinary). -% Most of these we simply print from the \tt font, but for some, we can -% use math or other variants that look better in normal text. - -\catcode`\"=\active -\def\activedoublequote{{\tt\char34}} -\let"=\activedoublequote -\catcode`\~=\active -\def~{{\tt\char126}} -\chardef\hat=`\^ -\catcode`\^=\active -\def^{{\tt \hat}} - -\catcode`\_=\active -\def_{\ifusingtt\normalunderscore\_} -\let\realunder=_ -% Subroutine for the previous macro. -\def\_{\leavevmode \kern.07em \vbox{\hrule width.3em height.1ex}\kern .07em } - -\catcode`\|=\active -\def|{{\tt\char124}} -\chardef \less=`\< -\catcode`\<=\active -\def<{{\tt \less}} -\chardef \gtr=`\> -\catcode`\>=\active -\def>{{\tt \gtr}} -\catcode`\+=\active -\def+{{\tt \char 43}} -\catcode`\$=\active -\def${\ifusingit{{\sl\$}}\normaldollar}%$ font-lock fix - -% If a .fmt file is being used, characters that might appear in a file -% name cannot be active until we have parsed the command line. -% So turn them off again, and have \everyjob (or @setfilename) turn them on. -% \otherifyactive is called near the end of this file. -\def\otherifyactive{\catcode`+=\other \catcode`\_=\other} - -% Used sometimes to turn off (effectively) the active characters even after -% parsing them. -\def\turnoffactive{% - \normalturnoffactive - \otherbackslash -} - -\catcode`\@=0 - -% \backslashcurfont outputs one backslash character in current font, -% as in \char`\\. -\global\chardef\backslashcurfont=`\\ -\global\let\rawbackslashxx=\backslashcurfont % let existing .??s files work - -% \realbackslash is an actual character `\' with catcode other, and -% \doublebackslash is two of them (for the pdf outlines). -{\catcode`\\=\other @gdef@realbackslash{\} @gdef@doublebackslash{\\}} - -% In texinfo, backslash is an active character; it prints the backslash -% in fixed width font. -\catcode`\\=\active -@def@normalbackslash{{@tt@backslashcurfont}} -% On startup, @fixbackslash assigns: -% @let \ = @normalbackslash - -% \rawbackslash defines an active \ to do \backslashcurfont. -% \otherbackslash defines an active \ to be a literal `\' character with -% catcode other. -@gdef@rawbackslash{@let\=@backslashcurfont} -@gdef@otherbackslash{@let\=@realbackslash} - -% Same as @turnoffactive except outputs \ as {\tt\char`\\} instead of -% the literal character `\'. -% -@def@normalturnoffactive{% - @let\=@normalbackslash - @let"=@normaldoublequote - @let~=@normaltilde - @let^=@normalcaret - @let_=@normalunderscore - @let|=@normalverticalbar - @let<=@normalless - @let>=@normalgreater - @let+=@normalplus - @let$=@normaldollar %$ font-lock fix - @unsepspaces -} - -% Make _ and + \other characters, temporarily. -% This is canceled by @fixbackslash. -@otherifyactive - -% If a .fmt file is being used, we don't want the `\input texinfo' to show up. -% That is what \eatinput is for; after that, the `\' should revert to printing -% a backslash. -% -@gdef@eatinput input texinfo{@fixbackslash} -@global@let\ = @eatinput - -% On the other hand, perhaps the file did not have a `\input texinfo'. Then -% the first `\' in the file would cause an error. This macro tries to fix -% that, assuming it is called before the first `\' could plausibly occur. -% Also turn back on active characters that might appear in the input -% file name, in case not using a pre-dumped format. -% -@gdef@fixbackslash{% - @ifx\@eatinput @let\ = @normalbackslash @fi - @catcode`+=@active - @catcode`@_=@active -} - -% Say @foo, not \foo, in error messages. -@escapechar = `@@ - -% These look ok in all fonts, so just make them not special. -@catcode`@& = @other -@catcode`@# = @other -@catcode`@% = @other - - -@c Local variables: -@c eval: (add-hook 'write-file-hooks 'time-stamp) -@c page-delimiter: "^\\\\message" -@c time-stamp-start: "def\\\\texinfoversion{" -@c time-stamp-format: "%:y-%02m-%02d.%02H" -@c time-stamp-end: "}" -@c End: - -@c vim:sw=2: - -@ignore - arch-tag: e1b36e32-c96e-4135-a41a-0b2efa2ea115 -@end ignore diff -Nru gnupg2-2.1.6/ChangeLog gnupg2-2.0.28/ChangeLog --- gnupg2-2.1.6/ChangeLog 2015-07-01 12:17:57.000000000 +0000 +++ gnupg2-2.0.28/ChangeLog 2015-06-02 12:35:24.000000000 +0000 @@ -1,379 +1,46 @@ -2015-07-01 Werner Koch +2015-06-02 Werner Koch - Release 2.1.6. + Release 2.0.28. -2015-07-01 Daiki Ueno + agent: Make --allow-external-password-cache work. + * agent/call-pinentry.c (start_pinentry): Remove first instance of + sending the option. - agent: Unset INSIDE_EMACS on gpg-agent startup. - * agent/gpg-agent.c (main): Unset INSIDE_EMACS envvar. - -2015-07-01 Werner Koch - - common: Implement i18n_localegettext. - * common/i18n.c (msg_cache_s, msg_cache_head_s): New. - (msgcache): New. - (i18n_localegettext): Implement locale dependent lookup. - -2015-06-30 Daniel Kahn Gillmor - - Pass DBUS_SESSION_BUS_ADDRESS for gnome3. - * common/session-env.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS. - -2015-06-30 Werner Koch - - Flag the L_() function with attribute format_arg. - * agent/agent.h (LunderscorePROTO): New. - * common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. - * common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for - i18n_localegettext. Expand LunderscorePROTO. - * agent/genkey.c (check_passphrase_constraints): Use xtryasprintf - again to keep the old translations. - - agent: Use different translation func for Pinentry strings. - * po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_". - * common/i18n.c (i18n_localegettext): New stub. - * common/i18n.h: Expand the LunderscoreIMPL macro. - * agent/agent.h (L_): New. - (LunderscoreIMPL): New. - * agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change - caller. - * agent/findkey.c (try_unprotect_cb): Add local var ctrl. - * agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf - by xtrystrdup to avoid gcc warning. Unfortinately this changes the - string. - (agent_ask_new_passphrase): Cleanup the use of initial_errtext. - - gpg: Make show-sig-subpackets work again. - * g10/gpg.c (parse_list_options): Fix offset for subpackets. - -2015-06-29 Werner Koch - - agent: Prepare for Libassuan with Cygwin support. - * agent/gpg-agent.c (create_server_socket): Add arg "cygwin". Call - assuan_sock_set_flag if Assuan version is recent enough. - (main): Create ssh server socket with Cygwin flag set. - -2015-06-29 Neal H. Walfield - - Show passphrase constraints errors as password prompt errors. - * agent/agent.h (check_passphrase_constraints): Add parameter - failed_constraint and remove parameter silent. Update callers. - * agent/genkey.c (check_passphrase_constraints): Add parameter - failed_constraint and remove parameter silent. If FAILED_CONSTRAINT - is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the - error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway - or take_this_one_anyway2. If FAILED_CONSTRAINT is NULL, act as if - SILENT was set. - (agent_ask_new_passphrase): Change initial_errtext's type from a const - char * to a char *. Pass it to check_passphrase_constraints. If it - contains malloc's memory, free it. - -2015-06-29 Neal H. Walfield - - Improve documentation for default-cache-ttl and default-cache-ttl-ssh. - * doc/gpg-agent.texi (Agent Options): Improve documentation for - default-cache-ttl and default-cache-ttl-ssh. - - Don't raise max-cache-ttl to default-cache-ttl. - * agent/gpg-agent.c (finalize_rereadable_options): Don't raise - max-cache-ttl to default-cache-ttl. Likewise for max-cache-ttl-ssh - and default-cache-ttl-ssh. - - Improve the description of old packets with an indeterminate length. - * g10/parse-packet.c (parse): Make the description more accurate when - listing packets: old format packets don't support partial lengths, - only indeterminate lengths (RFC 4880, Section 4.2). - -2015-06-29 Werner Koch - - agent: Add --verify to the PASSWD command. - * agent/command.c (cmd_passwd): Add option --verify. - - agent,w32: Do not create a useless socket with --enable-putty-support. - * agent/agent.h (opt): Remove field ssh_support. - * agent/gpg-agent.c (ssh_support): New. Replace all opt.ssh_support - by this. - (main): Do not set ssh_support along with setting putty_support. - - gpgsm: Add command option "offline". - * sm/server.c (option_handler): Add "offline". - (cmd_getinfo): Ditto. - * sm/certchain.c (is_cert_still_valid): - (do_validate_chain): - * sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value - of --disable-dirmngr. - * sm/call-dirmngr.c (start_dirmngr_ext): Better also check for - ctrl->offline. - -2015-06-26 NIIBE Yutaka - - scd: Support button flag and AES key data for OpenPGPcard v3.0. - * scd/app-openpgp.c (do_getattr, show_caps, app_select_openpgp): - Support button and symmetric decryption. - (do_setattr): Support setting AESKEY. - -2015-06-25 Andre Heinecke - - sm: Fix cert storage for ephemeral certs. - * sm/keydb.c (keydb_store_cert): Clear ephemeral flag for - existing certs if store should not be ephemeral. - -2015-06-23 Werner Koch - - Allow use of debug flag names for all tools. - * g13/g13.c: Make use of debug_parse_flag. - * scd/scdaemon.c: Ditto. - * sm/gpgsm.c: Ditto - * agent/gpg-agent.c: Ditto. But do not terminate on "help" - * dirmngr/dirmngr.c: Ditto. - - common: Improve fucntion parse_debug_flag. - * common/miscellaneous.c (parse_debug_flag): Add hack not to call - exit. Add "none" and "all" flags. - -2015-06-23 NIIBE Yutaka - - scd: pinpad workaround for PC/SC implementations. - * scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer - for TPDU card reader. - -2015-06-22 Werner Koch - - gpg: Allow debug flag names for --debug. - * g10/gpg.c (opts): Change arg for oDebug to a string. - (debug_flags): New; factored out from set_debug. - (set_debug): Remove "--debug-level help". Use parse_debug_flag to - print the used flags. - (main): Use parse_debug_flag for oDebug. - - common: Add function parse_debug_flag. - * common/miscellaneous.c (parse_debug_flag): New. - * common/util.h (struct debug_flags_s): New. - - common: Add function strtokenize. - * common/stringhelp.c: Include assert.h. - (strtokenize): New. - * common/t-stringhelp.c (test_strtokenize): New. - - gpg: Fix regression due to recent commit 6500f33. - * g10/keydb.c (kid_list_s): Keep a state in the table. - (kid_not_found_table): Rename to kid_found_table. - (n_kid_not_found_table): Rename to kid_found_table_count. - (kid_not_found_p): Return found state. - (kid_not_found_insert): Add arg found. - (keydb_search): Store found state in the table. - -2015-06-22 NIIBE Yutaka - - scd: Fix Cherry ST-2000 support for pinpad input. - * scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15. - * scd/ccid-driver.c (ccid_transceive_secure): Add zero for the - template of APDU. - -2015-06-20 Werner Koch - - gpg: Print number of good signatures with --check-sigs. - * g10/keylist.c (keylist_context): Add field good_sigs. - (list_keyblock_print): Updated good_sigs. - (print_signature_stats): Print number of good signatures and use - log_info instead of tty_printf. - - gpg: Improve speed of --check-sigs and --lish-sigs. - * g10/keydb.c (kid_list_t): New. - (kid_not_found_table, n_kid_not_found_table): New. - (kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New. - (keydb_insert_keyblock): Flush the new cache. - (keydb_delete_keyblock): Ditto. - (keydb_update_keyblock): Ditto. - (keydb_search): Use the new cache. - (keydb_dump_stats): New. - * g10/gpg.c (g10_exit): Dump keydb stats. - -2015-06-19 Werner Koch - - gpg: Add more log_clock calls to keydb.c. - * g10/keydb.c (keydb_get_keyblock): Add log_clock calls. - - gpg: Print available debug flags using "--debug-level help". - * g10/gpg.c (set_debug): Add "help" option and use a table for the - flags. - - gpg: Fix export problem in case an old keyring has PGP-2 keys. - * g10/export.c (do_export_stream): Skip legacy keys. - -2015-06-18 Werner Koch - - dirmngr: Fix the cleanup zombies fix (685b782). - * dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Do not close the - stdout reader after EOF from read_log_data. - * dirmngr/crlcache.c (crl_cache_reload_crl): Close the reader before - the next iteration. - -2015-06-17 Werner Koch - - agent: Print a warning for obsolete options. - * g10/misc.c (obsolete_scdaemon_option): Move to - * common/miscellaneous.c (obsolete_option): ... here. - * agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete - options. - -2015-06-16 Werner Koch - - dirmngr: Cleanup zombies and fix hang on shutdown. - * dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Move nfds computation - into the loop. Check the queue also on timeout. Close log_fd and - reader context on EOF or error. - - dirmngr: Avoid accessing uninitialized memory in log callback. - * dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before - use. - (start_connection_thread): Ditto. - (handle_connections): Ditto. - -2015-06-16 Neal H. Walfield - - Don't prompt for the password multiple times in pinentry loopback mode. - * g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK, - clear OPT.PASSPHRASE_REPEAT. - -2015-06-16 NIIBE Yutaka - - po: Update Japanese Translation. - -2015-06-15 Werner Koch - - doc: Add defs.inc to BUILT_SOURCES. - -2015-06-11 Werner Koch - - Release 2.1.5. - - agent: Fix --extra-socket on Windows. - * agent/gpg-agent.c (start_connection_thread): Rename to ... - (do_start_connection_thread): this. Factor nonce checking out to ... - (start_connection_thread_std): this, - (start_connection_thread_extra): this, - (start_connection_thread_browser): and this. - - agent: Add experimental option --browser-socket. - * agent/agent.h (opt): Add field "browser_socket". - * agent/command.c (cmd_setkeydesc): Use a different message for - restricted==2. - * agent/gpg-agent.c (oBrowserSocket): New. - (opts): Add --browser-socket. - (socket_name_browser, redir_socket_name_browser): New. - (socket_nonce_browser): New. - (cleanup): Cleanup browser socket. - (main): Implement option. - (start_connection_thread_browser): New. - (handle_connections): Add arg listen_fd_browser and use it. - -2015-06-10 Daiki Ueno - - agent: Add option --allow-emacs-pinentry. - * agent/agent.h (opt): Add field allow_emacs_pinentry. - * agent/call-pinentry.c (start_pinentry): Act upon new var. - * agent/gpg-agent.c (oAllowEmacsPinentry): New. - (opts): Add option --allow-emacs-pinentry. - (parse_rereadable_options): Set this option. - * tools/gpgconf-comp.c (gc_options_gpg_agent): Add new option. - -2015-06-09 Werner Koch - - doc: Do not used fixed file names in the manuals. - * doc/mkdefsinc.c: New. - * doc/Makefile.am: Include cmacros.am. - (EXTRA_DIST): Add mkdefsinc.c defsincdate. - (BUILT_SOURCES): Add defsincdate - (CLEANFILES): Add mkdefsinc and defs.inc. - (mkdefsinc): New rule. - (yat2m-stamp): Depend on defs.inc. - ($(myman_pages) gnupg.7): Ditto. - (gnupg.texi): Remove rule to touch itself. - (dist-hook): New. - (defsincdate): New. - (defs.inc): New. - * doc/gnupg.texi: Remove inclusion of version.texi. Include defs.inc. - Also include defs.inc in all files used to build man files. Change - fixed directory names to those from defs.inc. - - dirmngr: Avoid crash due to an empty crls.d/DIR.txt. - * dirmngr/crlcache.c (check_dir_version): Avoid segv. - -2015-06-08 Werner Koch - - doc: Change the manual source to be only for GnuPG 2.1. - - Convey envvar INSIDE_EMACS to the pinentry. - * common/session-env.c (stdenvnames): Add it. - - agent: Add command "getinfo std_env_names". - * agent/command.c (cmd_getinfo): Add new sub-command. - -2015-06-05 NIIBE Yutaka - - scd: do_decipher change for OpenPGPcard v3.0. - * scd/app-openpgp.c (do_decipher): Add a header for ECDH. - -2015-06-04 Werner Koch - - gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c. - * g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND. - * g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND. - * g10/trustdb.c (read_trust_record): Ditto. - (tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto. - (tdb_update_ownertrust, update_min_ownertrust): Ditto. - (tdb_clear_ownertrusts, update_validity): Ditto. - (tdb_cache_disabled_value): Ditto. - - gpg: Cleanup error code path in case of a bad trustdb. - * g10/tdbio.c (tdbio_read_record): Fix returning of the error. - - gpg: Fix output in case of a corrupted trustdb. - * g10/tdbdump.c (list_trustdb): Add arg FP and change callers to pass - es_stdout. - * g10/tdbio.c (upd_hashtable): On a corrupted trustdb call - list_trustdb only in verbose > 1 mode and let it dump to stderr. - -2015-05-29 NIIBE Yutaka - - scd: Fix key template of ECC. - * scd/app-openpgp.c (build_ecc_privkey_template): Use correct value. - -2015-05-28 NIIBE Yutaka - - g10: Fix a race condition initially creating trustdb. - * g10/tdbio.c (take_write_lock, release_write_lock): New. - (put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use - new lock functions. - (tdbio_set_dbname): Fix the race. - (open_db): Don't call dotlock_create. - -2015-05-27 NIIBE Yutaka - - g10: Remove g10/signal.c. - * g10/signal.c: Remove. - * g10/main.h: Remove old function API. - * g10/tdbio.c: Use new API, even in the dead code. + agent: Add strings for use by future Pinentry versions. + * agent/call-pinentry.c (start_pinentry): Add more strings. 2015-05-20 Werner Koch agent: Cleanup caching code for command GET_PASSPHRASE. * agent/command.c (cmd_get_passphrase): Read from the user cache. -2015-05-19 Neal H. Walfield +2015-05-19 Neal H. Walfield - agent: When the password cache is cleared, also clear the ext. cache. - * agent/agent.h (agent_clear_passphrase): New declaration. - * agent/call-pinentry.c (agent_clear_passphrase): New function. + agent: Backport changes from 2.1 to support an external password manager. + * agent/agent.h (agent_askpin): Add arguments keyinfo and cache_mode. + Update callers. + (agent_get_passphrase): Likewise. + (agent_clear_passphrase): New function. + (opt): Add field allow_external_cache. + * agent/call-pinentry.c (start_pinentry): Send "OPTION + allow-external-password-cache" to the pinentry. + (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New constant. + (pinentry_status_cb): New function. + (agent_askpin): Add arguments keyinfo and cache_mode. If KEYINFO and + CACHE_MODE describe a cachable key, then send SETKEYINFO to the + pinentry. Pass PINENTRY_STATUS_CB to the "GETPIN" invocation. If the + passphrase was incorrect and PINENTRY_STATUS_PASSWORD_FROM_CACHE is + set, decrement PININFO->FAILED_TRIES. + (agent_get_passphrase): Add arguments keyinfo and cache_mode. If + KEYINFO and CACHE_MODE describe a cachable key, then send SETKEYINFO + to the pinentry. + (agent_clear_passphrase): New function. + * agent/call-pinentry.c (start_pinentry): Act upon new var, + allow_external_cache. * agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase. - - agent: Modify agent_clear_passphrase to support an ext. password cache. - * agent/agent.h (agent_get_passphrase): Add arguments keyinfo and - cache_mode. Update callers. - * agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo - and cache_mode. If KEYINFO and CACHE_MODE describe a cachable key, - then send SETKEYINFO to the pinentry. + * agent/gpg-agent.c (oNoAllowExternalCache): New. + (opts): Add option --no-allow-external-cache. + (parse_rereadable_options): Set this option. 2015-05-19 NIIBE Yutaka @@ -381,280 +48,35 @@ g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for encryption. -2015-05-15 Werner Koch - - build: Make --disable-gpgsm work. - * Makefile.am: Always build kbx/ - * g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS. - -2015-05-12 Werner Koch - - Release 2.1.4. - - speedo: Add make option SELFCHECK=0 to build a new release. - * build-aux/getswdb.sh: Add option --skip-selfcheck. - * build-aux/speedo.mk: Add option SELFCHECK. + g10: Improve handling of no corresponding public key. + * g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not + exact match. 2015-05-11 Werner Koch - common: Cope with AIX problem on number of open files. - * common/exechelp-posix.c: Limit returned value for too hight values. - gpg-connect-agent: Fix quoting of internal percent+ function. * tools/gpg-connect-agent.c (get_var_ext) - - gpg: Avoid cluttering stdout with trustdb info in verbose mode. - * g10/trustdb.c (validate_keys): Call dump_key_array only in debug - mode. - - gpg: Fix wrong output in list mode. - * g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to - LISTFP. - - gpg: New command --quick-adduid. - * g10/keygen.c (ask_user_id): Factor some code out to ... - (uid_already_in_keyblock): new. - (generate_user_id): Add arg UIDSTR. Fix leaked P. - * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. - (keyedit_quick_adduid): New. - * g10/gpg.c (aQuickAddUid): New. - (opts): Add command --quick-adduid. - (main): Implement that. - - gpg: Add push/pop found state feature to keydb. - * g10/keydb.c (keydb_handle): Add field saved_found. - (keydb_new): Init new field. - (keydb_push_found_state, keydb_pop_found_state): New. - * g10/keyring.c (kyring_handle): Add field saved_found. - (keyring_push_found_state, keyring_pop_found_state): New. - - gpg: Minor code merging in keyedit. - * g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order. - (fix_keyblock): New. Call fix_key_signature_order and other fix - functions. - (keyedit_menu): Factor code out to new fix_keyblock. - (keyedit_quick_sign): Ditto. Check for primary fpr before calling - fix_keyblock. - -2015-05-07 Werner Koch - - agent: Minor change for 56b5c9f. - * agent/call-pinentry.c (agent_askpin): Move option setting to ... - (start_pinentry): here. Fix error code check. - -2015-05-07 Kristian Fiskerstrand - - dirmngr: Fix segfault in ldap engine. - (ks-engine-ldap.c) Fix segfault caused by missing check whether uri is - initialized - -2015-05-07 Neal H. Walfield - - agent: Improve support for externally cached passwords. - * agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New - constant. - (pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was - provided. - (agent_askpin): Pass "OPTION allow-external-password-cache" to the - pinentry. Always pass SETKEYINFO to the pinentry. If there is no - stable identifier, then use "--clear". If the password is incorrect - and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS, - then decrement PININFO->FAILED_TRIES. - - agent: Or in the value; don't overwrite the variable. - * agent/call-pinentry.c (pinentry_status_cb): Or in - PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG. - - agent: Avoid magic numbers. Use more accurate names. - * agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant. - (PINENTRY_STATUS_PIN_REPEATED): Likewise. - (close_button_status_cb): Rename from this... - (pinentry_status_cb): ... to this. Use the constants. - (agent_askpin): Rename local variable from close_button to - pinentry_status. Use symbolic constants rather than magic numbers. - -2015-05-07 Werner Koch - - gpg: Improve 'General key info' line of --card-status. - * g10/keylist.c (print_pubkey_info): Print either "pub" or "sub". - - * g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK. - * g10/keyid.c (keyid_from_fingerprint): Adjust for change. - * g10/revoke.c (gen_desig_revoke): Adjust for change. - * g10/card-util.c (card_status): Simplify by using new arg. Align - card-no string. - - * g10/card-util.c (card_status): Remove not used GnuPG-1 code. - - gpg: Fix regression not displaying the card serial number. - * g10/call-agent.c (keyinfo_status_cb): Detect KEYINFO. - -2015-05-06 Werner Koch - - speedo,w32: Install a native pinentry. - * build-aux/speedo.mk: Always build pinentry for w32. - (speedo_pkg_pinentry_configure): Adjust to modern pinentry. - * build-aux/speedo/w32/inst.nsi: Install native pinentry under the - name pinentry-basic.exe. - 2015-05-01 NIIBE Yutaka - g10: fix cmp_public_key. - * g10/free-packet.c (cmp_public_keys): Compare opaque - data at the first entry of the array when it's unknown algo. - -2015-04-30 NIIBE Yutaka - scd: PC/SC reader selection by partial string match. * scd/apdu.c (open_pcsc_reader_direct): Partial string match. + * scd/pcsc-wrapper.c (handle_open): Likewise. + +2015-04-30 NIIBE Yutaka -2015-04-24 Werner Koch + g10: fix cmp_public_key and cmp_secret_keys. + * g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque + data at the first entry of the array when it's unknown algo. + * configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.5.0. - common: Remove JNLIB from boiler plate (jnlib merge). - * common/README.jnlib: Remove. +2015-04-16 Werner Koch - common: Rename log and gcc attribute macros (jnlib merge). - * common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*. - * common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*. - - common: Remove two JNLIB_ macros (jnlib merge). - * configure.ac: Merge seperate jnlib checks. - (HAVE_JNLIB_LOGGING): Remove. - * common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL): - Rename to GNUPG_COMMON_NEED_AFLOCAL. Change all tests. - - common: Remove libjnlib-config.h (jnlib merge). - * common/libjnlib-config.h: Remove. - * common/common-defs.h (getenv) [HAVE_GETENV]: New. From removed - header. - (getpid) [HAVE_W32CE_SYSTEM]: New. From removed header. - * common/argparse.c: Include util.h and common-defs.h. Replace - jnlib_ macro names for non-GNUPG builds by x* names. - * common/dotlock.c: Ditto. - * common/logging.c: Include util.h and common-defs.h. Replace jnlib_ - symbol names by x* names. - * common/strlist.c: Ditto. - * common/utf8conv.c: Ditto. - * common/w32-reg.c: Ditto. - * common/mischelp.c: Ditto. Also remove _jnlib_free. - * common/stringhelp.c: Ditto. - (JNLIB_LOG_WITH_PREFIX): Do not depend on this macro. - * common/logging.h (JNLIB_LOG_WITH_PREFIX): Do not depend on this - macro. - -2015-04-23 Werner Koch - - gpg: Move all DNS access to Dirmngr. - * common/dns-cert.h: Move to ../dirmngr/. - * common/dns-cert.c: Move to ../dirmngr/. Change args to return the - key as a buffer. - * common/t-dns-cert.c: Move to ../dirmngr/. - * common/pka.c, common/pka.h, common/t-pka.c: Remove. - - * dirmngr/server.c (data_line_cookie_write): Factor code out to - data_line_write and make it a wrapper for that. - (data_line_write): New. - (cmd_dns_cert): New. - (register_commands): Register new command. - - * g10/Makefile.am (LDADD): Remove DNSLIBS. - * g10/call-dirmngr.c (dns_cert_parm_s): New. - (dns_cert_data_cb, dns_cert_status_cb): New. - (gpg_dirmngr_dns_cert): New. - (gpg_dirmngr_get_pka): New. - * g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function. - * g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by - gpg_dirmngr_dns_cert. - (keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka. - * g10/mainproc.c: Include call-dirmngr.h. - (pka_uri_from_sig): Add CTX arg. Replace get_pka_info by - gpg_dirmngr_get_pka. - - common: Minor change of hex2str to allow for embedded nul. - * common/convert.c (hex2str): Set ERRNO. Return adjusted COUNT. - -2015-04-23 NIIBE Yutaka - - common: removal of t-support.c from t_jnlib_src. - * common/Makefile.am (t_jnlib_src): Remove t-support.c. - -2015-04-21 Werner Koch - - gpg: Make keyserver-option http_proxy work. - * g10/options.h (opt): Add field keyserver_options.http_proxy. - * g10/keyserver.c (warn_kshelper_option): Add arg noisy. - (parse_keyserver_options): Parse into new http_proxy field. - * g10/call-dirmngr.c (create_context): Send the http-proxy option. - - common: Make proper use of http proxy parameter. - * common/http.c (is_hostname_port): New. - (send_request): Fix proxy name parsing. - - dirmngr: Add http proxy support for keyservers. - * dirmngr/dirmngr.h (server_control_s): Add field http_proxy. - * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value - from OPT. - (dirmngr_deinit_default_ctrl): New. - (main): Call dirmngr_deinit_default_ctrl. - * dirmngr/server.c (start_command_handler): Ditto. - (option_handler): Add option "http-proxy". - * dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL. - * dirmngr/ocsp.c (do_ocsp_request): Ditto. - * dirmngr/ks-engine-hkp.c (send_request): Add proxy support. - * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. - - gpg: Do not use honor-keyserver-url sub-option by default. - - gpg: Make preferred keyservers work. - * g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done. - (create_context): Move keyserver setting to ... - (open_context): here. - (clear_context_flags): New. - (gpg_dirmngr_ks_get): Add arg override_keyserver. - * g10/keyserver.c (keyserver_refresh): Improve diagnostics. - (keyserver_get_chunk): Ditto. Pass OVERRIDE_KEYSERVER to ks_get. - - gpg: Update sub-options of --keyserver-options. - * g10/options.h (KEYSERVER_HTTP_PROXY): New. - (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove. - (KEYSERVER_TIMEOUT): New. - * common/keyserver.h (KEYSERVER_TIMEOUT): Remove. - * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files" - and "keep-temp-files". Add "http-proxy" and "timeout". - (parse_keyserver_options): Remove 1.2 compatibility option - "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files" - code. - -2015-04-14 Werner Koch - - agent: Send the new SETKEYINFO command to the Pinentry. - * agent/call-pinentry.c (agent_askpin): Add args keyinfo and - cache_mode. Change all callers to pass (NULL,0) for them. Send - SETKEYINFO command. - * agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for - the new args. + gpg: Emit status line NEWSIG before signature verification starts. + * g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG. -2015-04-14 NIIBE Yutaka +2015-04-15 NIIBE Yutaka scd: better handling of extended APDU. * scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0. @@ -666,127 +88,25 @@ (ccid_transceive_apdu_level): Implement sending extended APDU in chain of CCID message. -2015-04-13 Werner Koch - - gpg: Fix NULL-segv due to invalid imported data. - * g10/free-packet.c (my_mpi_copy): New. - (copy_public_key, copy_signature): Use instead of mpi_copy. - -2015-04-13 Neal H. Walfield - - dirmngr: If LDAP is not enable, don't build the LDAP bits. - * dirmngr/Makefile.am (dirmngr_SOURCES): Only include - ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP - is TRUE. - (module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE. - * dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is - TRUE. - (ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not - TRUE. - (ks_action_search): Likewise. - (ks_action_get): Likewise. - (ks_action_put): Likewise. - * dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is - TRUE. - (cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not - TRUE. - -2015-04-13 Werner Koch - - common: Do without nested fucntions to support non-gcc. - * common/t-stringhelp.c (test_strsplit): Remove nested function. - -2015-04-11 Werner Koch - - Release 2.1.3. - -2015-04-11 Yuri Chornoivan - - po: Update Ukrainian translation. - -2015-04-11 Ineiev - - po: Update and review Russian translation. - -2015-04-10 Werner Koch - - dirmngr,w32: Make it build for Windows. - * dirmngr/Makefile.am (t_common_ldadd): Add missing libs. - - Remove obsolete directories from AM_CPPFLAGS. - - dirmngr,w32: Replace functions not available under Windows. - * dirmngr/ks-engine-ldap.c (extract_attributes): Replace isoptime and - gmtime_r. - - common: Add new function gnupg_gmtime. - * common/gettime.c (gnupg_gmtime): New. - (gnupg_get_isotime): Use it. Also take care of an gmtime_t returning - an error. - - common: Add new function isodate_human_to_tm. - * common/gettime.c (isotime_human_p): Add arg date_only. - (isodate_human_to_tm): New. - * common/t-gettime.c (test_isodate_human_to_tm): New. - (main): Call new test. - - dirmngr,w32: Avoid name clash with existing function. - * dirmngr/ks-engine-ldap.c (ldap_connect): Rename to my_ldap_connect. +2015-04-15 Werner Koch gpgparsemail: Fix last commit (3f2bdac) * tools/rfc822parse.c (parse_field): Replace break by goto. -2015-04-09 Werner Koch - gpgparsemail: Fix case of zero length continuation lines. * tools/rfc822parse.c (parse_field): Loop after continuation line. -2015-04-08 Werner Koch + agent: Fix length test in sshcontrol parser. + * agent/command-ssh.c (ssh_search_control_file): Check S before + upcasing it. - sm: Fix certificate lookup in dirmngr cache. - * sm/call-dirmngr.c (get_cached_cert): Fix typo in LOOKUP command. + scd: Fix possible NULL deref in apdu.c. + * scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL. + (control_pcsc_wrapped): Ditto. -2015-04-06 Werner Koch +2015-04-15 NIIBE Yutaka - gpg: Print the user id in --fast-list-mode. - * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Change. - - gpg: Prepare to pass additional context to the list functions. - * g10/keylist.c (struct sig_stats): Rename to keylist_context and add - field check_sigs. - (keylist_context_release): New. - (list_all): Set listctx.check_sigs and call release func. - (list_one): Ditto. - (locate_one): Ditto. - (list_keyblock_print): Use .check_sigs field. Repalce arg opaque by - listctx. - (list_keyblock): Ditto. Make static. - (list_keyblock_direct): New. - * g10/keygen.c (do_generate_keypair): Replace list_keyblock by - list_keyblock_direct. - - gpg: Merge duplicated code for get_user_id et al. - * g10/getkey.c (get_user_id_string): Add args mode and r_LEN. - (get_user_id_string_native): Add new args. - (get_long_user_id_string, get_user_id): Rewrite using - get_user_id_string. - - gpg: Add new option --debug-iolbf. - * g10/gpg.c (oDebugIOLBF): new. - (opts): Add --debug-iolbf. - (main): Set option. - - Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG. - * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE. - - Fix use of DBG_CACHE and DBG_LOOKUP. - * dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192. - * g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New. - * g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places. - - gpg: Rename a debug macro. - * g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE. - (DBG_CIPHER): Rename to DBG_CRYPTO. + po: Update Japanese translation. 2015-04-05 Werner Koch @@ -794,206 +114,11 @@ * g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read et al. -2015-04-03 NIIBE Yutaka - - g10: Fix keytocard. - g10/call-agent.h (agent_scd_learn): Add FORCE option. - g10/call-agent.c (agent_scd_learn): Implement FORCE option. - g10/keygen.c (gen_card_key): Follow the change of option. - g10/card-util.c (change_pin, card_status, factory_reset): Likewise. - g10/keyedit.c (keyedit_menu): Update private key storage by - agent_scd_learn. - - agent: Add --force option for LEARN. - * agent/command.c (cmd_learn): Handle --force option. - (cmd_keytocard): Don't update key storage file. - * agent/agent.h (agent_handle_learn): Add FORCE. - * agent/learncard.c (agent_handle_learn): Implement FORCE to update - key stroage file. - -2015-03-31 Neal H. Walfield - - dirmngr: Don't use alloca. - * dirmngr/ks-engine-ldap.c (ks_ldap_put): Replace use of alloca with - xmalloc and xfree. - - dirmngr: Simplify truncation of long strings in debug code. - * dirmngr/ks-engine-ldap.c (modlist_dump): Simplify truncation of long - strings. - - dirmngr: Use a better error code. - * dirmngr/ldap-parse-uri.c (ldap_parse_uri): On error, return - GPG_ERR_GENERAL, not GPG_ERR_ASS_GENERAL. - - dirmngr: Better encapsulate the keyservers variable. - * dirmngr/dirmngr.h (struct server_control_s): Move field keyservers - from here... - * dirmngr/server.c (struct server_local_s): ... to here. Update - users. - * dirmngr/ks-action.h (ks_action_resolve): Add argument keyservers. - (ks_action_search): Likewise. - (ks_action_get): Likewise. - (ks_action_put): Likewise. - * dirmngr/ks-action.c (ks_action_resolve): Add argument keyservers. - Use it instead of ctrl->keyservers. - (ks_action_search): Likewise. - (ks_action_get): Likewise. - (ks_action_put): Likewise. - -2015-03-28 Neal H. Walfield - - gpg: Only use the last specified keyserver. - * g10/gpg.c (main): Only use the last specified keyserver. - 2015-03-25 Werner Koch - dirmngr: Fix resource leaks and check rare errors. - * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Fix resource - leak. - (ks_ldap_search): Check error from es_fopenmem. Use LDAP_ERR where - required. - (modlist_dump): Check error from es_fopenmem. - (uncescape): s/int/size_t/. Use existing macros. - (extract_attributes): Use existing trim function. - (ks_ldap_put): Do not segv on error from modlist_dump. - - dirmngr: Minor cleanups. - * dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h. - (ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/. - (tm2ldaptime): Use snprintf. - (ldap_connect): Get error code prior to log_error and and use modern - function. Use xfree, xtrustrdup etc. - (modlist_lookup): Use GNUPG_GCC_A_USED. - (modlist_free): Use xfree. - - common: Add macro GNUPG_GCC_A_USED. - * common/util.h (GNUPG_GCC_A_USED): New. - sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption). * sm/certreqgen.c (create_request): Change default hash algo. - * sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change default bulk cipher algo. - -2015-03-24 Werner Koch - - gpg,w32: Handle forward slash in --keyring option. - * g10/keydb.c (keydb_add_resource): Allow forward slash under Windows. - -2015-03-23 Neal H. Walfield - - Improve documentation for ks_hkp_get. - * dirmngr/ks-engine-hkp.c (ks_hkp_get): Improvement documentation. - - Improve documenation of http_parse_uri. - * common/http.c (http_parse_uri): Improve documentation. - - Add support to talking to LDAP key servers. - * g10/call-dirmngr.c (record_output): New function. - (ks_put_inq_cb): Use it here to generate a --with-colons like output - instead of a custom format. - * dirmngr/ks-action.c: Include "ldap-parse-uri.h". - (ks_action_help): If the provided URI is an LDAP URI, then use - ldap_parse_uri to parse. Call ks_ldap_help. - (ks_action_search): If passed an LDAP URI, then call ks_ldap_search. - (ks_action_get): Likewise. - (ks_action_put): Likewise. Also, change data from a 'const void *' to - a 'void *' and add info and infolen parameters. Add note that - function may modify DATA. - * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly. - * dirmngr/server.c: Include "ldap-parse-uri.h". - (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using - ldap_parse_uri. - (hlp_ks_put): Improve documentation. - (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve - documentation. - * dirmngr/ks-engine.h (ks_ldap_help): New declaration. - (ks_ldap_search): Likewise. - (ks_ldap_get): Likewise. - (ks_ldap_put): Likewise. - * dirmngr/ks-engine-ldap.c: New file. - * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c, - ldap-parse-uri.c and ldap-parse-uri.h. - (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs). - - Import _gpgme_parse_timestamp from gpgme as parse_timestamp. - * common/gettime.h (parse_timestamp): New declaration. - * common/gettime.c (_win32_timegm): New function imported from - gpgme/src/conversion.c:_gpgme_timegm. - (parse_timestamp): New function imported from - gpgme/src/conversion.c:_gpgme_parse_timestamp. - - Move copy_stream function to misc.c. - * dirmngr/ks-action.c (copy_stream): Move function from here... - * dirmngr/misc.c (copy_stream): ... to here and drop the static - qualifier. - * dirmngr/misc.h (copy_stream): Add declaration. - - Move armor_data to misc.c. - * dirmngr/ks-engine-hkp.c (armor_data): Move function from here... - * dirmngr/misc.c (armor_data): ... to here and drop static qualifier. - * dirmngr/misc.h: New declaration. - - Add new LDAP utility functions. - * dirmngr/Makefile.am (module_tests): New variable. - (noinst_PROGRAMS): New primary. Set it to $(module_tests). - (TESTS): New variable. Set it to $(module_tests). - (t_common_src): New variable. - (t_common_ldadd): Likewise. - (t_ldap_parse_uri_SOURCES): New primary. - (t_ldap_parse_uri_LDADD): Likewise. - * dirmngr/ldap-parse-uri.c: New file. - * dirmngr/ldap-parse-uri.h: Likewise. - * dirmngr/t-ldap-parse-uri.c: Likewise. - * dirmngr/t-support.h: Likewise. - - Add new function uri_query_lookup. - * common/http.h (uri_query_lookup): New declaration. - * common/http.c (uri_query_lookup): The corresponding implementation. - - Add new function strlist_find. - * common/strlist.h (strlist_find): New declaration. - * common/strlist.c (strlist_find): New function. - - common: Add new helper function, strsplit. - * common/stringhelp.h (strsplit): New declaration. - * common/stringhelp.c (strsplit): New function. - * common/t-stringhelp.c (test_strsplit): New function. - (main): Call it here. - -2015-03-20 Werner Koch - - gpg: Consider a mailbox only userid in mail search mode. - * kbx/keybox-search.c: Include mbox-util.h. - (blob_cmp_mail): Improve OpenPGP uid parsing. - - common: Add function is_valid_mailbox_mem. - * common/mbox-util.c (mem_count_chr): New. - (my_memstr): New. - (has_invalid_email_chars): Change args to work on a buffer. - (is_valid_mailbox_mem): New. - (is_valid_mailbox): Rewrite to use is_valid_mailbox_mem. - - gpg: Find keys using mail addresses with garbage after the '>' - * kbx/keybox-search.c (blob_cmp_mail): Stop comparing at the '>'. - - common: Fix syntax error when building with gnutls. - * common/http.c (send_request): Add missing comma. - -2015-03-19 Werner Koch - - gpg: Emit status line NEWSIG before signature verification starts. - * g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG. - - agent: Compute correct MPI length header for protected ECC keys. - * agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from - opaque MPIs to comply with the OpenPGP spec. - - hkps: Fix host name verification when using pools. - * common/http.c (send_request): Set the requested for SNI. - * dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not - the selecting a host. - - Define replacement error codes from libgpg-error 1.19. - * common/util.h: Add GPG_ERR_LDAP codes for libgpg-error < 1.19. + * sm/gpgsm.c (main): Change default bulk cipher algo. 2015-03-17 Andre Heinecke @@ -1001,216 +126,68 @@ * tools/gpgtar-extract.c (extract_regular): Handle size multiples of RECORDSIZE. -2015-03-17 Werner Koch - - common: Add feature to ease using argparse's usage(). - * common/argparse.c (show_help): Take care of flag value - (usage): Ditto. - - common: Allow standalone build of argparse.c. - * common/argparse.h: Remove types.h - not required. - * common/argparse.c: Change to allow standalone use. - -2015-03-16 Werner Koch - - gpg: Create all MPIs with RFC-4880 correct length headers. - * g10/build-packet.c (gpg_mpi_write): Strip leading zeroes. - - gpg: Allow printing of MPI values in --list-mode. - * g10/parse-packet.c (set_packet_list_mode): Set mpi_print_mode. - * g10/misc.c (mpi_print): Do not print an extra leading zero. - - gpg: Fix broken write of opaque MPI length header. - * g10/build-packet.c (gpg_mpi_write): Use a char array for the length. - -2015-03-15 Werner Koch - - gpg: Fix possible dead code elimination. - * g10/encrypt.c: Change condition for detecting a real file. - - g13: Fix pointer wrap check. - * g13/utils.c (find_tuple, next_tuple): Cast pointer to size_t before - doing an overflow check. - - agent: Remove useless conditions in command.c. - * agent/command.c (cmd_setkeydesc): Remove NULL check. - (cmd_get_passphrase): Ditto. - (cmd_clear_passphrase): Ditto. - (cmd_get_confirmation): Ditto. - (cmd_getval): Ditto. - (cmd_putval): Ditto. - - agent: Fix length test in sshcontrol parser. - * agent/command-ssh.c (ssh_search_control_file): Check S before - upcasing it. - - agent: Remove useless conditions. - * agent/genkey.c (agent_ask_new_passphrase): Remove useless condition. - * agent/command-ssh.c (ssh_identity_register): Ditto. - - gpg: Remove useless condition. - * g10/keylist.c (list_keyblock_colon): Remove useless condition (PK). - (list_keyblock_print): Likewise. - - scd: Fix possible NULL deref in apdu.c. - * scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL. - (control_pcsc_wrapped): Ditto. - - common: Make openpgp_oid_to_str more robust. - * common/openpgp-oid.c (openpgp_oid_to_str): Take care of - gcry_mpi_get_opaque returning NULL. Remove useless condition !BUF. - 2015-03-11 Werner Koch - agent: Improve error reporting from Pinentry. - * agent/call-pinentry.c (unlock_pinentry): Add error logging. Map - error source of uncommon errors to Pinentry. - -2015-03-10 Werner Koch - - gpg: Change --print-pka-records into an option. - * g10/gpg.c (aPrintPKARecords): Rename to oPrintPKARecords and do not - use it as a command. - * g10/keylist.c (list_keyblock): List PKA rceords also for secret - keys. - - gpg: Add --list-gcrypt-config and "curve" item for --list-config. - * common/openpgp-oid.c (curve_supported_p): New. - (openpgp_enum_curves): New. - * common/t-openpgp-oid.c (test_openpgp_enum_curves): New. - (main): Add option --verbose. - * g10/gpg.c (opts): Add --list-gcrypt-config. - (list_config): Add items "curve" and "curveoid". Remove unused code. - -2015-03-09 NIIBE Yutaka - - scd: fix for 64-bit arch. - * agent/pksign.c (agent_pksign_do): Use int. - * scd/app-openpgp.c (get_public_key): Likewise. - -2015-03-04 Daniel Kahn Gillmor - - gpg: avoid chatter about trustdb when --quiet. - * g10/trustdb.c (tdb_check_trustdb_stale): avoid log_info() when - opt.quiet + common: Check option arguments for a valid range. + * common/argparse.h (ARGPARSE_INVALID_ARG): New. + * common/argparse.c: Include limits h and errno.h. + (initialize): Add error strings for new error constant. + (set_opt_arg): Add range checking. -2015-02-26 Werner Koch + gpg: New command --list-gcrypt-config. + * g10/gpg.c (aListGcryptConfig): New. + (main): Implement command. - gpg: Lowercase mailbox for PKA lookups. - * common/stringhelp.c (ascii_strlwr): New. - * common/mbox-util.c (mailbox_from_userid): Downcase result. - - gpg: Fix memory leak due to PKA lookup. - * g10/keyserver.c (keyserver_import_pka): Move the xfree. - -2015-02-25 Werner Koch - - gpg: Switch to a hash and CERT record based PKA system. - * common/dns-cert.c (get_dns_cert): Make r_key optional. - * common/pka.c: Rewrite for the new hash based lookup. - * common/t-pka.c: New. - * configure.ac: Remove option --disable-dns-pka. - (USE_DNS_PKA): Remove ac_define. - * g10/getkey.c (parse_auto_key_locate): Always include PKA. - - common: Allow requesting a specific certtype with get_dns_cert() - * common/dns-cert.c (get_dns_cert): Add arg want_certtype. Change all - callers. - (CERTTYPE_): Move constants to ... - * common/dns-cert.h: here as DNS_CERTTYPE_. - - Move new mailbox.c source file to common/. - * g10/mailbox.c: Move to ... - * common/mbox-util.c: new file. - * common/mbox-util.h: New. Include where needed. - * g10/t-mailbox.c: Move to ... - * common/t-mbox-util.c: new file. - -2015-02-24 Werner Koch - - gpg: Add command --print-pka-records. - * g10/gpg.c (main): Add command --print-pka-records. - * g10/options.h (struct opt): Add field "print_pka_records". - * g10/keylist.c (list_keyblock_pka): New. - (list_keyblock): Call it if new option is set. - (print_fingerprint): Add mode 10. - - gpg: Add function to extract the mailbox. - * g10/misc.c (has_invalid_email_chars, is_valid_mailbox) - (is_valid_user_id): Move to ... - * g10/mailbox.c: new file. - (string_has_ctrl_or_space, has_dotdot_after_at): New. - (has_invalid_email_chars): New. - - * g10/t-mailbox.c: New. - * g10/Makefile.am (module_tests): Add t-mailbox. - (t_mailbox_SOURCES, t_mailbox_LDADD): New. - -2015-02-23 Werner Koch - - gpg: Add option to print fingerprints in ICAO spelling. - * g10/gpg.c: Add option --with-icao-spelling. - * g10/options.h (struct opt): Add with_icao_spelling. - * g10/keylist.c (print_icao_hexdigit): New. - (print_fingerprint): Print ICAO spelling. - - gpg: Skip legacy keys while searching keyrings. - * g10/getkey.c (search_modes_are_fingerprint): New. - (lookup): Skip over legacy keys. - - common: Fix regression due to commit 2183683b. - * common/dns-cert.c (get_dns_cert): Remove cruft. - -2015-02-19 Werner Koch - - gpg: Replace remaining uses of stdio by estream. - * g10/sign.c (sign_file): Use log_printf instead of stderr. - * g10/tdbdump.c (export_ownertrust): Use estream fucntions. - (import_ownertrust): Ditto. - * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. - - gpg: Fix segv due to NULL value stored as opaque MPI. - * g10/build-packet.c (gpg_mpi_write): Check for NULL return from - gcry_mpi_get_opaque. - (gpg_mpi_write_nohdr, do_key): Ditto. - * g10/keyid.c (hash_public_key): Ditto. +2015-02-26 Werner Koch -2015-02-12 Werner Koch + gpg: Remove left-over debug message. + * g10/armor.c (check_input): Remove log_debug. - scd: Fix regression in 2.1.2 (due to commit 2183683) - * scd/apdu.c (pcsc_vendor_specific_init): Replace use of - bufNN_to_uint by direct code. +2015-02-18 Werner Koch -2015-02-12 Andre Heinecke + Release 2.0.27. - dirmngr: Initialize cache from sysconfig dir. - * dirmngr/certcache.c (cert_cache_init): Load certificates - from sysconfig dir instead of the homeidr. - * dirmngr/dirmngr.c (main): Removed parsing of obsolete - homedir_data option. - * dirmngr/dirmngr.h (opt): Removed homedir_data. - * doc/dirmngr.texi: Update and clarify certs directory doc. + gpg: Remove an unused variable. + * g10/import.c (import): Remove need_armor. -2015-02-11 Werner Koch + po: Update German translation. - Release 2.1.2. +2015-02-18 Daniel Kahn Gillmor - dirmngr: Avoid warning about unused function. - * dirmngr/dirmngr.c (my_gnutls_log): Build only if gnutls is used. + curl-shim: clean up varargs. + * keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is + called. + +2015-02-18 Werner Koch + + gpg: Print better diagnostics for keyserver operations. + * g10/armor.c (parse_key_failed_line): New. + (check_input): Watch out for gpgkeys_ error lines. + * g10/filter.h (armor_filter_context_t): Add field key_failed_code. + * g10/import.c (import): Add arg r_gpgkeys_err. + (import_keys_internal): Ditto. + (import_keys_stream): Ditto. + * g10/keyserver.c (keyserver_errstr): New. + (keyserver_spawn): Detect "KEY " lines while sending. Get gpgkeys_err + while receiving keys. + (keyserver_work): Add kludge for better error messages. + +2015-02-13 Werner Koch + + keyserver: Show log prefix when not build with cURL. + * keyserver/ksutil.c (init_ks_options) [!HAVE_LIBCURL]: Set logging + prefix. - build: Update standard build-aux files. +2015-02-12 Werner Koch Use inline functions to convert buffer data to scalars. - * common/host2net.h (buf16_to_ulong, buf16_to_uint): New. + * include/host2net.h (buf16_to_ulong, buf16_to_uint): New. (buf16_to_ushort, buf16_to_u16): New. (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New. -2015-02-09 Werner Koch - gpg: Prevent an invalid memory read using a garbled keyring. * g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet types. - * g10/keydb.c (parse_keyblock_image): Ditto. gpg: Fix a NULL-deref in export due to invalid packet lengths. * g10/build-packet.c (write_fake_data): Take care of a NULL stored as @@ -1219,68 +196,13 @@ gpg: Fix a NULL-deref due to empty ring trust packets. * g10/parse-packet.c (parse_trust): Always allocate a packet. -2015-02-04 Werner Koch - - gpg-agent: Use "pinentry-basic" as fallback. - * common/homedir.c (get_default_pinentry_name): New. - (gnupg_module_name): Use that for the default pinentry. - (gnupg_module_name_flush_some): New. - * agent/gpg-agent.c (agent_sighup_action): Flush some module names. - * agent/call-pinentry.c (start_pinentry): Do not modify - opt.pinentry_program. - - w32: Add manifest to gpg. - * g10/gpg.w32-manifest.in: New. - * g10/gpg-w32info.rc: Add manifest. - * g10/Makefile.am (EXTRA_DIST): Add manifest. - (gpg-w32info.o): Depend on manifest. - * configure.ac (BUILD_VERSION): New. - (AC_CONFIG_FILES): Add manifest. - -2015-02-03 Werner Koch - - Update copyright years. - * common/w32info-rc.h.in (W32INFO_COMPANYNAME): Change to "The GnuPG - Project". - -2015-02-02 Werner Koch - - w32: Change default Windows install dir and add bin to PATH. - * build-aux/speedo.mk (WITH_GUI): New macro. The Windows installer is - now build by default without any GUI stuff. - * build-aux/speedo/w32/inst.nsi: Change standard installation - directory. - (AddToPath, un.RemoveFromPath): New. - (gnupginst): Add bin directory to the PATH. - -2015-02-01 Werner Koch - - w32: Allow for Unicocde installation directory. - * common/homedir.c (w32_rootdir): Use Unicode fucntion not only for - WinCE. - -2015-01-30 Joshua Rogers +2015-02-12 Joshua Rogers kbx: Fix resource leak. * kbx/keybox-update.c (blob_filecopy): Fix resource leak. On error return, 'fp' and 'newfp' was never closed. -2015-01-29 Werner Koch - - agent: Fix use of imported but unprotected openpgp keys. - * agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New. - * agent/command.c (do_one_keyinfo): Implement it. - * agent/findkey.c (agent_key_from_file): Ditto. - (agent_key_info_from_file): Ditto. - (agent_delete_key): Ditto. - * agent/protect.c (agent_private_key_type): Add detection for openpgp - "none" method. - -2015-01-29 NIIBE Yutaka - - po: Update Japanese Translation. - -2015-01-28 Werner Koch +2015-02-12 Werner Koch gpg: Limit the size of key packets to a sensible value. * g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New. @@ -1292,58 +214,34 @@ (parse_attribute): Ditto. (parse_comment): Ditto. - gpg: Fix buffering problem in --list-config. - * g10/gpg.c (list_config): Replace print_sanitized_string2 by - es_write_sanitized. - - * common/stringhelp.c (print_sanitized_buffer2): Remove. - (print_sanitized_buffer, print_sanitized_utf8_buffer): Remove. - (print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove. - (print_sanitized_string): Remove. + Avoid double-close in unusual dotlock situations. + * jnlib/dotlock.c (create_dotlock): Avoid double close due to EINTR. - * sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP. - (pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove. - - Add a hook to be called right after main. - * common/init.c (early_system_init): New stub function. +2015-01-28 Werner Koch gpg: Allow predefined names as answer to the keygen.algo prompt. * g10/keygen.c (ask_algo): Add list of strings. - agent: Add some extra robustness to extract_private_key. - * agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize". - Make sure that R_FLAGS and R_CURVE are set to NULL. - -2015-01-28 NIIBE Yutaka - - scd: Fix varargs call for 64-bit arch on ECC keys. - * scd/app-openpgp.c (store_fpr): Remove CARD_VERSION from the - arguments. - (rsa_writekey): Follow the change. - (do_genkey): Likewise. - (ecc_writekey): Likewise. Cast to size_t. - -2015-01-27 Werner Koch - - gpg: Fix segv introduced to commit 4d7c9b0. - * g10/keygen.c (get_parameter_passphrase): Take care of R == NULL. - -2015-01-27 NIIBE Yutaka - - agent: Fix agent_public_key_from_file for ECC. - * agent/cvt-openpgp.c (extract_private_key): New. - (convert_to_openpgp): Use extract_private_key. - * agent/findkey.c (agent_public_key_from_file): Use - extract_private_key. - 2015-01-26 Werner Koch - sm: Simplify fix ed8383c6. - * sm/minip12.c (p12_build): Release PWBUF only at the end. + gpg: Print a warning if the subkey expiration may not be what you want. + * g10/keyedit.c (subkey_expire_warning): New. + keyedit_menu): Call it when needed. + + build: Update to gettext 0.19.3. + + build: Require automake 1.14. + * Makefile.am (AUTOMAKE_OPTIONS): Move to ... + * configure.ac (AM_INIT_AUTOMAKE): here. Add option serial-tests. + * kbx/Makefile.am (INCLUDES): Remove. Include ../am/cmacros. + +2015-01-26 Jedi Lin + + po: Yet another update for Chinese (traditional) 2015-01-25 Joshua Rogers - ccid: Remove incorrect expression leading to errors. + Remove incorrect expression leading to errors. * scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'. 2015-01-23 Werner Koch @@ -1352,120 +250,13 @@ * tools/gpgconf-comp.c (option_check_validity): Enable check for UINT32. -2015-01-22 Werner Koch - - gpg: Improve skipping of PGP-2 keys. - * g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy - keys. - * g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY. - (prepare_search): Ditto. - (keyring_rebuild_cache): Skip legacy keys. - * g10/keyserver.c (keyidlist): Ditto. - * g10/trustdb.c (validate_key_list): Ditto. - - gpg: Add dedicated error code for PGP-2 keys. - * g10/parse-packet.c (parse_key): Return GPG_ERR_LEGACY_KEY for PGP2 - keys. - * g10/import.c (read_block): Simplify by checking GPG_ERR_LEGACY_KEY. - * g10/getkey.c (lookup): Silence error message for PGP-2 keys. - - * common/util.h (GPG_ERR_LEGACY_KEY): Add replacement for older - libgpg-error. - - gpg: Replace remaining old error code macros by GPG_ERR_. - * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by - gpg_strerror. - (G10ERR_): Remove all macros and change all occurrences by their - GPG_ERR_ counterparts. - - gpg: Remove an unused variable. - * g10/getkey.c (getkey_ctx_s): Remove last_rc. - -2015-01-21 Werner Koch - - dirmngr: Fix TLS build problems. - * dirmngr/Makefile.am (AM_CFLAGS): Add flags for TLS libs. - - gpg: Support --passphrase with --quick-gen-key. - * g10/keygen.c: Include shareddefs.h. - (quick_generate_keypair): Support static passphrase. - (get_parameter_passphrase): New. - (do_generate_keypair): Use it. - - gpg: Re-enable the "Passphrase" parameter for batch key generation. - * agent/command.c (cmd_genkey): Add option --inq-passwd. - * agent/genkey.c (agent_genkey): Add new arg override_passphrase. - * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword. - (agent_genkey): Add arg optional arg "passphrase". - * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc) - (gen_rsa, do_create): Add arg "passphrase" and pass it through. - (do_generate_keypair): Make use of pPASSPHRASE. - (release_parameter_list): Wipe out a passphrase parameter. - -2015-01-19 Werner Koch - - kbx: Minor cleanup for the previous fix. - * kbx/keybox-search.c (blob_get_keyid): Rename to - blob_get_first_keyid. Check number of keys and remove blob type check. - -2015-01-19 Damien Goutte-Gattat - - kbx: Call skipfnc callback to filter out keys. - * kbx/keybox-search.c (blob_get_keyid): New. - (keybox-search): Call skipfnc callback function. - -2015-01-13 Andreas Schwier - - scd: Allow for certificates > 1024 with PC/SC. - * scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too - allow for larger certificates. - -2015-01-08 NIIBE Yutaka - - dirmngr: Fix error code path of map_host. - * dirmngr/ks-engine-hkp.c (map_host): Fix error return. - -2015-01-08 Joshua Rogers - - scd: fix get_public_key for OpenPGPcard v1.0. - * scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use. - -2015-01-07 NIIBE Yutaka - - dirmngr: fix LDAP query PATTERNS limit check. - * dirmngr/ldap.c (start_cert_fetch_ldap): fix ARGC limitation. - - scd: fix merge failure. - * scd/apdu.c (pcsc_pinpad_verify): Remove wrong lines inserted by - merge. - -2015-01-05 Werner Koch - - sm,g13: Init local vars to avoid compiler warnings. - * sm/misc.c (transform_sigval): Init RSA_S_LEN. - * g13/mount.c (read_keyblob): Init HEADERLEN. - - gpg: Remove unused args from a function. - * g10/keyserver.c (parse_keyserver_uri): Remove args configname and - configlineno. Change all callers. - - gpg: Clear a possible rest of the KDF secret buffer. - * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args. - - build: Require automake 1.14. - * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests. - -2015-01-04 Werner Koch - - agent: Make --allow-loopback-pinentry gpgconf changeable. - -2014-12-22 Joshua Rogers +2015-01-13 Joshua Rogers tools: Free variable before return. * tools/gpgconf-comp.c: Free 'dest_filename' before it is returned upon error. -2014-12-22 Daniel Kahn Gillmor +2015-01-13 Daniel Kahn Gillmor sm: Avoid double-free on iconv failure. * sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid @@ -1477,311 +268,59 @@ avoid future chance of using uninitialized memory. * common/iobuf.c: (iobuf_open): initialize len - avoid double-close in unusual dotlock situations. - * common/dotlock.c: (dotlock_create_unix) avoid double-close() - in unusual situations. - gpgkey2ssh: clean up varargs. * tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called. -2014-12-22 Werner Koch +2015-01-13 Werner Koch doc: Fix memory leak in yat2m. * doc/yat2m.c (write_th): Free NAME. - dirmngr: Fix memory leak. - * dirmngr/server.c (cmd_ks_search, cmd_ks_get): Fix memory leak. - - * dirmngr/ks-engine-hkp.c (ks_hkp_mark_host): Remove double check. + gpgsm: Return NULL on fail. + * sm/gpgsm.c (parse_keyserver_line): Set SERVER to NULL. - dirmngr: Remove un-needed check. - * dirmngr/crlfetch.c (crl_fetch): Check that URL is not NULL. - - dirmngr,gpgsm: Return NULL on fail. - * dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL. - * sm/gpgsm.c (parse_keyserver_line): Ditto. - -2014-12-22 NIIBE Yutaka - - scd: ECDH Support. - * agent/divert-scd.c (divert_pkdecrypt): Support ECDH. - * scd/app-openpgp.c (get_algo_byte, store_fpr): Support ECDH. - (send_key_attr): Support ECDH. Fix EdDSA algorithm value. - (retrieve_key_material): Initialize fields. - (get_public_key, ecc_writekey, do_writekey): Support ECDH. - (ecdh_writekey): Remove. - (do_decipher): Support ECDH. - (parse_algorithm_attribute): Support ECDH. Fix EdDSA. - -2014-12-19 Werner Koch - - agent: Make sure --max-cache-ttl is >= --default-cache-ttl. - * agent/gpg-agent.c (finalize_rereadable_options): New. - (main, reread_configuration): Call it. + gpg: Fix possible read of unallocated memory. + * g10/parse-packet.c (can_handle_critical): Check content length + before calling can_handle_critical_notation. - agent: Keep the session environment for restricted connections. - * agent/command-ssh.c (setup_ssh_env): Move code to ... - * agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change - calllers. - * agent/command.c (start_command_handler): Call that fucntion for - restricted connections. +2015-01-09 Werner Koch - agent: Fix string prepended to remotely initiated prompts. - * agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make - translatable. + scd: Fix possibly inhibited checkpin of the admin pin. + * scd/app-openpgp.c (do_check_pin): Do not check a byte of a released + buffer. -2014-12-18 Werner Koch +2015-01-08 Joshua Rogers - build: Remove option to build without agent. - * configure.ac (build-agent): Set to yes. + scd: fix get_public_key for OpenPGPcard v1.0. + * scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use. -2014-12-17 Werner Koch +2014-12-12 NIIBE Yutaka - gpgconf: Exit with failure if --launch fails. - * tools/gpgconf-comp.c (gc_component_launch): Return an error code. - * tools/gpgconf.c (main): Exit if launch failed. + gpg: release DEK soon after its use. + * g10/keygen.c (generate_subkeypair): Release DEK soon. -2014-12-16 Werner Koch +2014-11-26 David Prévot - Release 2.1.1. + po: Update French translation. - po: Update the German translation. + po: Update Danish translation. -2014-12-16 Petr Pisar +2014-11-26 Yuri Chornoivan - po: Update Czech translation. + po: Update Ukrainian translation. -2014-12-16 Werner Koch +2014-11-26 Jedi Lin - gpg: Show private DO information in the card status. - * g10/call-agent.c (agent_release_card_info): Free private_do. - (learn_status_cb): Parse PRIVATE-DO-n stati. + po: Update Chinese (traditional) translation. -2014-12-16 Ineiev +2014-11-26 Ineiev po: Update Russian translation. -2014-12-16 Jedi - - po: Update zh_TW translation. - -2014-12-15 Werner Koch - - gpg: Add sub-command "factory-reset" to --card-edit. - * common/util.h (GPG_ERR_OBJ_TERM_STATE): New. - * scd/iso7816.c (map_sw): Add this error code. - * scd/app-openpgp.c (do_getattr): Return the life cycle indicator. - * scd/app.c (select_application): Allow a return value of - GPG_ERR_OBJ_TERM_STATE. - * scd/scdaemon.c (set_debug): Print the DBG_READER value. - * g10/call-agent.c (start_agent): Print a status line for the - termination state. - (agent_scd_learn): Make arg "info" optional. - (agent_scd_apdu): New. - * g10/card-util.c (send_apdu): New. - (factory_reset): New. - (card_edit): Add command factory-reset. - - gpg: Fix regression in notation data regression. - * g10/misc.c (pct_expando): Reorder conditions for clarity. - * g10/sign.c (write_signature_packets): Fix notation data creation. - - gpg: Avoid extra LF in notaion data listing. - * g10/keylist.c (show_notation): Use log_printf. - -2014-12-12 Werner Koch - - scd: Fix possibly inhibited checkpin of the admin pin. - * scd/app-openpgp.c (do_check_pin): Do not check a byte of a released - buffer. - - gpg: Let --card--status create a shadow key (card key stub). - * agent/command.c (cmd_learn): Add option --sendinfo. - * agent/learncard.c (agent_handle_learn): Add arg "send" andsend - certifciate only if that is set. - * g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO - optional. - (agent_learn): Remove. - * g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn. - - gpg: Fix possible read of unallocated memory. - * g10/parse-packet.c (can_handle_critical): Check content length - before calling can_handle_critical_notation. - -2014-12-11 Werner Koch - - build: Replace deprecated autconf macro. - * m4/intl.m4: s/AM_PROG_MKDIR_P/AC_PROG_MKDIR_P/ - * m4/po.m4: Ditto. - -2014-12-08 Werner Koch - - dirmngr: Improve dead host detection. - * dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead - also for 2 other error messages. - - http: Improve diagnostic messages. - * common/http.c (send_request): Print TLS alert info - (connect_server): Detect bogus DNS entry. - - gpg: Obsolete some keyserver helper options. - * g10/options.h (opt): Remove keyserver_options.other. - * g10/gpg.c (main): Obsolete option --honor-http-proxt. - * g10/keyserver.c (add_canonical_option): Replace by ... - (warn_kshelper_option): New. - (parse_keyserver_uri): Obsolete "x-broken-http". - - dirmngr: Return a proper error for all dead hosts. - * dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t. - Return an error code for all dead hosts. - (make_host_part): Change to return an gpg_error_t. Change all - callers. - - gpg: Write a status line for a failed --send-keys. - * g10/keyserver.c (keyserver_put): Write an status error. - -2014-12-08 NIIBE Yutaka - - scd: Fix for EdDSA. - * scd/app-openpgp.c (get_algo_byte): It catches 22. - (store_fpr): It's MPI usually, but it's opaque bytes for EdDSA. - -2014-12-05 Andre Heinecke - - Document no-allow-mark-trusted option. - doc: Document no-allow-mark-trusted for gpg-agent - - * doc/gpg-agent.texi: Change allow-mark-trusted doc to - no-allow-mark-trusted. - - -- - Since rev. 78a56b14 allow-mark-trusted is the default option - and was replaced by no-allow-mark-trusted to disable the - interactive prompt. - -2014-12-05 NIIBE Yutaka - - scd: Fix for NIST P-256. - * g10/card-util.c (card_store_subkey): Error check. - * scd/app-opengpg.c (ecc_writekey): Support NIST P-256. - (do_writekey): Error check. - -2014-12-04 Werner Koch - - gpg: Allow import of large keys. - * g10/import.c (import): Skip too large keys. - * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB. - -2014-12-03 Werner Koch - - gpg: Remove option aliases --[no-]throw-keyid and --notation-data. - * g10/gpg.c (opts): Remove them. - * g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users. - -2014-12-02 Werner Koch - - agent: Replace some sprintf. - * agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex. - * agent/command-ssh.c (ssh_identity_register): Ditto. - * agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by - put_membuf_printf. - -2014-12-01 Werner Koch - - tools: Improve watchgnupg portability. - * configure.ac (AC_CHECK_HEADERS): Check for sys.select.h - * tools/watchgnupg.c: Include it. - - gpg: Fix export bug using exact search with only one key in the keybox. - * g10/export.c (do_export_stream): Disable caching. - * g10/keyserver.c (keyidlist): Ditto. - - scd: Implement socket redirection. - * scd/scdaemon.c (ENAMETOOLONG): New. - (redir_socket_name): New. - (cleanup): Take care of a redirected socket. - (main): Pass redir_socket_name to create_server_socket. - (create_socket_name): Remove superfluous length check. - (create_server_socket): Add arg r_redir_name and implement - redirection. Replace assert for older Assuan by an error message. - - dirmngr: Implement socket redirection. - * dirmngr/dirmngr.c (ENAMETOOLONG): new. - (redir_socket_name): New. - (main): Add Assuan socket redirection. - (cleanup): Adjust cleanup for redirection. - -2014-11-28 Werner Koch - - agent: Implement socket redirection. - * agent/gpg-agent.c (ENAMETOOLONG): New. - (redir_socket_name, redir_socket_name_extra) - (redir_socket_name_ssh): New. - (remove_socket): Take care of the redir names. - (main): Pass the redir names to create_server_socket. - (create_socket_name): Remove length check - that is anyway done later. - (create_server_socket): Add arg r_redir_name and implement redirection - if Libassuan is at least 2.14. - - gpg: Change another BUG() call to a regular error message. - * g10/mainproc.c (proc_tree): Replace BUG by a proper error messages. - - Add option --no-autostart. - * g10/gpg.c: Add option --no-autostart. - * sm/gpgsm.c: Ditto. - * g10/options.h (opt): Add field autostart. - * sm/gpgsm.h (opt): Ditto. - * g10/call-agent.c (start_agent): Print note if agent was not - autostarted. - * sm/call-agent.c (start_agent): Ditto. - * g10/call-dirmngr.c (create_context): Likewise. - * sm/call-dirmngr.c (start_dirmngr_ext): Ditto. - -2014-11-27 МироÑлав Ðиколић - - gpg-agent: Add restricted connection feature. - * agent/agent.h (opt): Add field extra_socket. - (server_control_s): Add field restricted. - * agent/command.c: Check restricted flag on many commands. - * agent/gpg-agent.c (oExtraSocket): New. - (opts): Add option --extra-socket. - (socket_name_extra): New. - (cleanup): Cleanup that socket name. - (main): Implement oExtraSocket. - (create_socket_name): Add arg homedir and change all callers. - (create_server_socket): Rename arg is_ssh to primary and change - callers. - (start_connection_thread): Take ctrl as arg. - (start_connection_thread_std): New. - (start_connection_thread_extra): New. - (handle_connections): Add arg listen_fd_extra and replace the - connection starting code by parameterized loop. - * common/asshelp.c (start_new_gpg_agent): Detect the use of the - restricted mode and don't fail on sending the pinentry environment. - - * common/util.h (GPG_ERR_FORBIDDEN): New. - - agent: Make auditing of the option list easier. - * agent/gpg-agent.c (opts): Use ARGPARSE_ macros. - -2014-11-26 Kristian Fiskerstrand - - dirmngr: Only report hkps scheme when available. - * dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros. - -2014-11-26 Werner Koch - - gpg: Change a bug() call to a regular error message. - * g10/decrypt-data.c (decrypt_data): Return an error code instead of - calling BUG(). +2014-11-26 Frans Spiesschaert -2014-11-25 Werner Koch - - Fix buffer overflow in openpgp_oid_to_str. - * common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow. - - * common/t-openpgp-oid.c (BADOID): New. - (test_openpgp_oid_to_str): Add test cases. + po: New Dutch translation. + * po/LINGUAS: Add nl.po. 2014-11-24 Werner Koch @@ -1793,70 +332,11 @@ * g10/parse-packet.c (parse_attribute_subpkts): Check that the attribute packet is large enough for the subpacket type. - gpg: Fix batch generation of ECC keys. - * g10/keygen.c (get_parameter_algo): Map ECC algorithm strings - directly. - -2014-11-24 Daniel Kahn Gillmor - - Distinguish between ARGPARSE_AMBIGUOUS_{OPTION,COMMAND} - * common/argparse.c (initialize): Use correct value. - - gpg: Refer to --throw-keyids instead of --throw-keyid. - * g10/encrypt.c: adjust error message - -2014-11-21 Werner Koch - - gpg: Track number of skipped v3 keys on import. - * g10/import.c (stats_s): Add field v3keys. - (import): Update this field. - (import_print_stats): Print v3 key count. - (read_block): Skip v3 keys and return a count for them. - - gpg: Fix regression in parse_key. - * g10/parse-packet.c (parse): Better return just the gpg_err_code. - (parse_key): Return the error code. - - speedo: Add simple logos to the installer. - * build-aux/speedo/w32/README.txt: Include GnuPG Readme. - * build-aux/speedo/w32/gnupg-logo-150x57.bmp: New. - * build-aux/speedo/w32/gnupg-logo-164x314.bmp: New. - * build-aux/speedo/w32/inst.nsi: Add logos. - * build-aux/speedo.mk ($(bdir)/NEWS.tmp): Extract news items. - -2014-11-20 Werner Koch - - gpg: Fix hash detection for ECDSA. - * g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA. - - Fix linker problem on OS X. - * common/init.c (default_errsource): Move to the .data segmemt. - -2014-11-19 Werner Koch - - gpg-connect-agent: Add convenience option --uiserver. - - Add "gpgconf --kill dirmngr" and avoid useless launch before a kill. - * common/asshelp.c (start_new_gpg_agent): Add arg autostart. Change - all callers to use 1 for it. - (start_new_dirmngr): Ditto. - * tools/gpg-connect-agent.c: Add option --no-autostart. - (main): Default autostart to 1. - (start_agent): Implement no-autostart. - * tools/gpgconf-comp.c (gpg_agent_runtime_change): Use --no-autostart. - (scdaemon_runtime_change): Ditto. - (dirmngr_runtime_change): New. - - po: Copied missing translations from the 2.0 branch. - * po/LINGUAS: Add new translations. - -2014-11-17 Werner Koch - gpg: Fix a NULL-deref for invalid input data. * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse entry. -2014-11-13 Werner Koch +2014-11-14 Werner Koch gpg: Make the use of "--verify FILE" for detached sigs harder. * g10/openfile.c (open_sigfile): Factor some code out to ... @@ -1866,315 +346,28 @@ * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly matching data file is not used by a standard signatures. - gpg: Fix a missing LF in debug output. - * g10/kbnode.c (dump_kbnode): Print a LF. - - gpg: Remove PGP-2 related cruft. - * g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash - header. - (fake_packet): Remove pgp-2 workaround for white space stripping. - * g10/filter.h (armor_filter_context_t): Remove field pgp2mode. - * g10/options.h (opt): Remove field pgp2_workarounds. - * g10/gpg.c (main): Do not set this field. - * g10/gpgv.c (main): Ditto. - * g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash - algo. Using MD5 here is useless. - (proc_plaintext): Remove PGP-2 related woraround - (proc_tree): Remove another workaround but keep the one for PGP-5. - 2014-11-12 Werner Koch - gpg: Improve perceived speed of secret key listings. - * g10/keylist.c (list_keyblock): Flush stdout for secret keys. - - gpg: Fix regression in --refresh-keys. - * g10/keyserver.c (keyserver_get): Factor all code out to ... - (keyserver_get_chunk): new. Extimate line length. - (keyserver_get): Split up requests into chunks. - - gpg: Add import options "keep-ownertrust". + gpg: Add import option "keep-ownertrust". * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New. * g10/import.c (parse_import_options): Add "keep-ownertrust". (import_one): Act upon new option. -2014-11-11 Werner Koch - - Remove use of gnulib (part 2) - * configure.ac (strpbrk): Add to AC_CHECK_FUNCS. - (gl_EARLY): Remove. - * common/stringhelp.c (strpbrk) [!HAVE_STRPBRK]: New. - * common/sysutils.c (gnupg_mkdtemp): New. Based on code from - glibc-2.6. - (gnupg_setenv): Rewrite. - (gnupg_unsetenv): Rewrite. - * g10/exec.c: Include sysutils.h and replace mkdtemp by gnupg_mkdtemp. - * g13/be-encfs.c: Ditto. - * g13/mount.c: Ditto. - * tools/symcryptrun.c (confucius_mktmpdir): Ditto. - - Remove use of gnulib (part 1) - * gl/: Remove entire tree. - * configure.ac: Remove gnulib tests and the gl/ Makefile. - (setenv): Add to AC_CHECK_FUNCS. - * autogen.rc (extra_aclocal_flags): Set to empty. - * Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4 - (SUBDIRS): Remove gl/. - * agent/Makefile.am (common_libs): Remove ../gl/gnulib.a - * common/Makefile.am (t_common_ldadd): Ditto. - * dirmngr/Makefile.am (dirmngr_LDADD): Ditto. - (dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto. - * g10/Makefile.am (needed_libs): Ditto. - * g13/Makefile.am (g13_LDADD): Ditto. - * kbx/Makefile.am (kbxutil_LDADD): Ditto. - ($(PROGRAMS)): Ditto. - * scd/Makefile.am (scdaemon_LDADD): Ditto. - * sm/Makefile.am (common_libs): Ditto. - * tools/Makefile.am (common_libs, commonpth_libs): Ditto. - - * agent/gpg-agent.c: Remove "mkdtemp.h" - * g10/exec.c: Ditto. - * scd/scdaemon.c: Ditto. - * tools/symcryptrun.c: Ditto. - * common/sysutils.c: Remove "setenv.h" - - * common/t-timestuff.c: Use putenv if setenv is not available. - -2014-11-07 Werner Koch - - gpg: Remove warning message for non-implemented search modes. - * kbx/keybox-search.c (keybox_search): Silently ignore. - * doc/specify-user-id.texi: Docuement '@", '+', and '.' search - prefixes. - - w32: Fix http access module. - * common/http.c (write_server) [W32]: Rework to use send() instead of - write even when build with npth. - (cookie_read) [W32]: Rework to use recv() instead of read even when - build with npth. - - build: Add method to use a custom swdb.lst and use adns with Windows. - * build-aux/getswdb.sh: Add option --skip-verify. - * build-aux/speedo.mk: Add config var CUSTOM_SWDB. Tage adns version - from swdb and build for Windows with adns. - - build: Improve test for ADNS. - * configure.ac : Use adns_free as probe function for libadns. - (HAVE_ADNS_FREE): Remove bogus tests to set this and remove the macro. - (ADNSLIBS): Do not ac_subst - it is only used within configure. - -2014-11-05 Werner Koch - - speedo: Append the date to the Windows installer. - * build-aux/speedo.mk (BUILD_DATESTR): New. - (dist-source, installer): Use it. - - Release 2.1.0. - - Avoid sign extension when shifting the MSB. - * sm/fingerprint.c (gpgsm_get_short_fingerprint): Cast MSB before - shifting. - * g10/build-packet.c (delete_sig_subpkt): Ditto. - -2014-11-04 Werner Koch - - Remove all expired common CA certificates. - * doc/com-certs.pem: Remove certifciates. - -2014-11-02 Werner Koch - - gpg: Avoid extra pinentries for each subkey in --export-secret-keys. - * agent/command.c (cmd_export_key): Actually implement the cache_nonce - feature. - * g10/export.c (do_export_stream): Make use of a cache_nonce. - - gpg: Fix endless loop in keylisting with fingerprint. - * g10/getkey.c (getkey_next): Disable cache. - - gpg: Minor cleanup for key listing related code. - * g10/getkey.c (get_pubkey_next): Divert to getkey_next. - (get_pubkey_end): Move code to getkey_end. - * g10/keydb.c (keydb_search_reset): Add a debug statement. - (dump_search_desc): Add arg HD and print the handle. - - gpg: Do not show an useless passphrase prompt in batch mode. - * g10/keygen.c: Remove unused PASSPHRASE related code. - (proc_parameter_file): Remove useless asking for a passphrase in batch - mode. - -2014-10-31 Werner Koch - - gpg: Remove superfluous check for Libgcrypt >= 1.4.0. - * g10/gpg.c (main): Remove check. - - kbx: Let keydb_search skip unwanted blobs. - * kbx/keybox.h (keybox_blobtype_t): New. - * kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*. - * kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip - non-matching blobs. - * sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search. - * g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search. - - gpg: Fix --rebuild-keydb-caches. - * g10/parse-packet.c (parse_key): Store even unsupported packet - versions. - * g10/keyring.c (keyring_rebuild_cache): Do not copy keys with - versions less than 4. - - gpg: Fix testing for secret key availability. - * g10/getkey.c (have_secret_key_with_kid): Do not change the search - mode. - - build: Avoid distributing backup files etc. - * Makefile.am (EXTRA_DIST): Do not include directories. - -2014-10-30 Werner Koch - - tests: Speed up the genkey1024.test by using not so strong random. - * agent/gpg-agent.c (oDebugQuickRandom): New. - (opts): New option --debug-quick-random. - (main): Use new option. - * common/asshelp.c (start_new_gpg_agent): Add hack to pass an - additional argument for the agent name. - * tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent - starting parameters. - * tests/openpgp/version.test: Ditto. - -2014-10-29 Werner Koch - - common: Check option arguments for a valid range. - * common/argparse.h (ARGPARSE_INVALID_ARG): New. - * common/argparse.c: Include limits h and errno.h. - (initialize): Add error strings for new error constant. - (set_opt_arg): Add range checking. - - Fix stdint.h problem for Apple. - * gl/stdint_.h [__APPLE__]: Include hack. - -2014-10-27 Werner Koch - - speedo: Fixes for native build. - * build-aux/speedo.mk (TARGETOS): Init with empty string. - (speedo_pkg_gnupg_configure): Use --enable-gpg2-is-gpg only for w32. - (INST_VERSION, INST_PROD_VERSION): Create only for w32. - -2014-10-24 Werner Koch - - agent: Support pinentries with integrated repeat passphrase feature. - * agent/agent.h (struct pin_entry_info_s): Add fields repeat_okay and - with_repeat. - * agent/call-pinentry.c (close_button_status_cb): Rewrite and check - for PIN_REPEAT. Change users to check only the relevant bit. - (agent_askpin): Support repeat logic of new Pinentries. - - * agent/command-ssh.c (ssh_identity_register): Use the new repeat - feature. - * agent/genkey.c (agent_ask_new_passphrase): Ditto. - -2014-10-19 Werner Koch - - gpg: Silence "packet with obsolete versoin" warnings. - * g10/parse-packet.c (parse_key): Print warning only in very verbose - mode. - - gpg: Make card key generation work again. - * g10/call-agent.c (agent_scd_learn): Rename from agent_learn. - (agent_learn): New. - * g10/keygen.c (gen_card_key): Call new agent-learn. - -2014-10-17 Werner Koch - - dirmngr: Allow building without LDAP support. - * configure.ac: Add option --disable-ldap. - (USE_LDAP): New ac_define and am_conditional. - * dirmngr/Makefile.am: Take care of USE_LDAP. - * dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options - and do not call any ldap function. - * dirmngr/server.c (!USE_LDAP): Do not call any ldap function. - * dirmngr/crlfetch.c (!USE_LDAP): Ditto. - - w32: Set SYSROOT to help finding config scripts. - * autogen.sh : Set SYSROOT. - - gpg: Remove all support for v3 keys and always create v4-signatures. - * g10/build-packet.c (do_key): Remove support for building v3 keys. - * g10/parse-packet.c (read_protected_v3_mpi): Remove. - (parse_key): Remove support for v3-keys. Add dedicated warnings for - v3-key packets. - * g10/keyid.c (hash_public_key): Remove v3-key support. - (keyid_from_pk): Ditto. - (fingerprint_from_pk): Ditto. - - * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs. - * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs, - oForceV4Certs, oNoForceV4Certs. - (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs, - --no-force-v4-certs int dummy options. - (main): Remove setting of the force_v3_sigs force_v4_certs flags. - * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs. - * g10/sign.c (hash_uid): Remove support for v3-signatures - (hash_sigversion_to_magic): Ditto. - (only_old_style): Remove this v3-key function. - (write_signature_packets): Remove support for creating v3-signatures. - (sign_file): Ditto. - (sign_symencrypt_file): Ditto. - (clearsign_file): Ditto. Remove code to emit no Hash armor line if - only v3-keys are used. - (make_keysig_packet): Remove arg SIGVERSION and force using - v4-signatures. Change all callers to not pass a value for this arg. - Remove all v3-key related code. - (update_keysig_packet): Remove v3-signature support. - * g10/keyedit.c (sign_uids): Always create v4-signatures. - - * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and - change caller. - -2014-10-13 Werner Koch - - gpg: Remove extra RSA import status line. - * g10/import.c (stats_s): Remove field "imported_rsa". - (import_print_stats): Do not print separate value for RSA. - (import_one): Remove the RSA counter. - - gpg: Fix informative printing of user ids. - * g10/getkey.c (keyid_list): Add field "fpr". - (cache_user_id): Store fpr and check for dups only by fpr. - (get_pubkey_byfpr): New. - (get_user_id_string): Make static and use xasprintf. - (get_long_user_id_string): Use xasprintf. - (get_user_id_byfpr): New. - (get_user_id_byfpr_native): New. - * g10/keyid.c (fingerprint_from_pk): Make arg RET_LEN optional. - * g10/import.c (import_one): Use get_user_id_byfpr_native. - - gpg: Allow importing keys with duplicated long key ids. - * g10/keydb.c (keydb_handle): Add field no_caching. - (keyblock_cache): Repalce field kid by fpr. - (keydb_disable_caching): New. - (keydb_search): Use the fingerprint as cache index. - - * g10/import.c (import_one): Use the fingerprint and not the kid to - lookup the key. Call keydb_disable_caching beofre re-searching for - update. - - * tests/openpgp/import.test: Add a test case. - - tests: Speed up conventional encryption tests for gpg. - * tests/openpgp/conventional-mdc.test: Add an s2k-count option. - * tests/openpgp/conventional.test: Ditto. - -2014-10-12 Werner Koch +2014-10-11 Werner Koch - gpg: Minor change for better readability. - * g10/build-packet.c (write_version): Remove. - (do_pubkey_enc, do_onepass_sig): Write version directly. + gpg: Show v3 key fingerprints as all zero. + * g10/keyid.c (fingerprint_from_pk): Show v3 fingerprints as all zero. -2014-10-10 Werner Koch + gpg: Avoid using cached MD5 signature status. + * g10/sig-check.c (check_key_signature2): Avoid using a cached MD5 + signature status. + * g10/keyring.c (keyring_get_keyblock): Ditto. + (write_keyblock): Ditto. - doc: Fix a man page rendering problem. - * doc/gpg-agent.texi (Agent Configuration): Fix rendering of the - sshcontrol example. + * g10/sig-check.c (do_check): Move reject warning to ... + * g10/misc.c (print_md5_rejected_note): new. -2014-10-10 Daniel Kahn Gillmor +2014-10-03 Daniel Kahn Gillmor gpg: Add build and runtime support for larger RSA keys. * configure.ac: Added --enable-large-secmem option. @@ -2184,814 +377,233 @@ * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa * doc/gpg.texi: Document --enable-large-rsa. -2014-10-09 Werner Koch +2014-10-02 Werner Koch - gpg: Skip overlong keys and a print a warning. - * kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too - long blobs. - * sm/keydb.c (keydb_search): Call keybox_search with a dummy param. - * g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs. - (keydb_search_reset): Reset that field. - (keydb_search): Update that field. - (keydb_get_skipped_counter): New. - * g10/keylist.c (list_all): Print count of skipped keys. - - gpg: Sync keylist output and warning messages. - * g10/keylist.c (list_all): Flush stdout before logging. - * g10/misc.c (print_pubkey_algo_note): Ditto. - (print_cipher_algo_note): Ditto. - (print_digest_algo_note): Ditto. - (print_md5_rejected_note): Ditto. - - kbx: Fix handling of overlong keys. - * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 10^6 to 2MiB. - (_keybox_read_blob2): Skip too long record records. - (_keybox_write_blob): Do not accept too long record. - * kbx/keybox-dump.c (file_stats_s): Add field skipped_long_blobs. - (_keybox_dump_file): Print new counter. - (_keybox_dump_file): Skip too long records. - ---- - - To test this feature you may set the limit back to 1MiB and use key - F7F0E70F307D56ED which is in my local copy close to 2MiB. Without - this patch it was possible to import the key but access to that key - and all keys stored after it was not possible. - - gpg: Take care to use pubring.kbx if it has ever been used. - * kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp. - * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header - flag. - * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp - and set header flag. - * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static - and add arg for_openpgp. - (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the - former keybox_new. - * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the - openpgp header flags. + build: Update m4 scripts. + * m4/gpg-error.m4: Update from Libgpg-error git master. + * m4/libgcrypt.m4: Update from Libgcrypt git master. + * configure.ac: Declare SYSROOT a precious variable. Add extra error + message for library configuration mismatches. - * g10/keydb.c (rt_from_file): New. Factored out and extended from - keydb_add_resource. - (keydb_add_resource): Switch to the kbx file if it has the openpgp - flag set. +2014-10-02 Daniel Kahn Gillmor - * kbx/keybox-dump.c (dump_header_blob): Print header flags. + gpg: --compress-sigs and --compress-keys are not no-ops in 2.0. + * g10/gpg.c: Cleanup argument parsing. -2014-10-09 Daniel Kahn Gillmor + gpg: Avoid duplicate declaration of {no-,}sk-comments noops. + * g10/gpg.c: Cleanup argument parsing. - Avoid unnecessary library linkage. - * dirmngr/Makefile.am: Avoid $(DNSLIBS) for dirmngr_ldap - * g10/Makefile.am: $(LIBREADLINE) is only for gpg2; gpgv2 does not - need $(LIBASSUAN_LIBS) - * sm/Makefile.am: gpgsm does not need $(ZLIBS) - * tools/Makefile.am: gpgconf does not need $(NPTH_LIBS) +2014-09-27 Werner Koch -2014-10-08 Werner Koch + gpg: Default to SHA-256 for all signature types on RSA keys. + * g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in + strict RFC or PGP modes. + * g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for + RSA key signatures. - gpg: Avoid error exit if keygrip computations fails in a key listing. - * g10/keyid.c (keygrip_from_pk): Use log_info and clear array on error. - -2014-10-03 Werner Koch - - Release 2.1.0-beta864. - - gpg: Allow creating a cert-only primary key. - * g10/keygen.c (ask_key_flags): Allow a 'c' in direct entry. - - build: Add configure options --disable-{ntb,gnu}tls. - * configure.ac: Add --disable-ntbtls and --disable-gnutls. - -2014-10-03 Andre Heinecke - - gpg: Check gpg-agent version before 2.1 migration. - * g10/call-agent.c, g10/call-agent.h (agent_get_version): New. - * g10/migrate.c (migrate_secring): Abort migration if - agent_get_version returns not at least 2.1.0 - -2014-10-03 Werner Koch - - po: Update German translation. - - Remove support for the GPG_AGENT_INFO envvar. - * agent/agent.h (opt): Remove field use_standard_socket. - * agent/command.c (cmd_killagent): Always allow killing. - * agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and - --write-env-file into dummy options. Always return true for - --use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar - setting or set that envvar. - (create_socket_name): Simplify by removing non standard socket - support. - (check_for_running_agent): Ditto. - * common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use. - * common/simple-pwquery.c (agent_open): Ditto. - * configure.ac (GPG_AGENT_INFO_NAME): Remove. - * g10/server.c (gpg_server): Do not print the AgentInfo comment. - * g13/server.c (g13_server): Ditto. - * sm/server.c (gpgsm_server): Ditto. - * tools/gpgconf.c (main): Simplify by removing non standard socket - support. - -2014-10-02 Werner Koch - - gpg: Fix regression removing SHA256. - * g10/misc.c (map_md_openpgp_to_gcry): Always use SHA256. - - First changes for future use of NTBTLS. - * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New. - (HTTP_USE_NTBTLS): New. Prefer over GNUTLS. - * m4/ntbtls.m4: New. - * m4/Makefile.am (EXTRA_DIST): Add new file. - * common/http.c: Add conditionals to eventually use NTBTLS. - - build: Update m4 scripts. - * m4/gpg-error.m4: Update from Libgpg-error git master. - * m4/libgcrypt.m4: Update from Libgcrypt git master. - * configure.ac: Declare SYSROOT a precious variable. Add extra error - message for library configuration mismatches. - -2014-09-29 Werner Koch - - doc: Remove GnuPG-1 related parts from gpg.texi. - * doc/Makefile.am (YAT2M_OPTIONS): Add 2.1 to the source info. - * doc/gpg.texi: Remove gpg1 related texts. - -2014-09-27 Werner Koch - - gpg: Default to SHA-256 for all signature types on RSA keys. - * g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in - strict RFC or PGP modes. - * g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for - RSA key signatures. - * configure.ac: Do not allow to disable sha256. - - gpg: Simplify command --gen-key and add --full-gen-key. - * g10/gpg.c (aFullKeygen): New. - (opts): Add command --full-key-gen. - (main): Implement it. - * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although - the value is identical. - (DEFAULT_STD_CURVE): New. - (DEFAULT_STD_SUBALGO): New. - (DEFAULT_STD_SUBKEYSIZE): New. - (DEFAULT_STD_SUBCURVE): New. - (quick_generate_keypair): Use new macros here. - (generate_keypair): Add arg "full" and fix call callers. Do not ask - for keysize in non-full node. - (ask_user_id): Add arg "full" and simplify for non-full mode. - -2014-09-26 Werner Koch +2014-09-26 Werner Koch gpg: Add shortcut for setting key capabilities. * g10/keygen.c (ask_key_flags): Add shortcut '='. * doc/help.txt (gpg.keygen.flags): New. -2014-09-25 Werner Koch - - gpg: Do not always print dashes in obsolete_option. - * g10/gpg.c (main): Pass option names to obsolete_option without - double dash. - * g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double - dash only for command line options. - 2014-09-25 Daniel Kahn Gillmor gpg: Warn about (but don't fail) on scdaemon options in gpg.conf. * g10/gpg.c: Add config options that should belong in scdaemon.conf * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New. -2014-09-22 Werner Koch - - speedo: Check that wget and gpgv are installed. - * build-aux/getswdb.sh: Check for required tools. - - speedo: Autodetect sha1sum tools. - * build-aux/getswdb.sh: Add option --find-sha1sum. - * build-aux/speedo.mk (check-tools): New phony target. Not yet used. - (SHA1SUM): New var. Use it instead of sha1sum. - - gpg: Create default keyring with .kbx suffix. - * g10/keydb.c (maybe_create_keyring_or_box): Rename arg for clarity. - (keydb_add_resource): Fix order of args to maybe_create_keyring_or_box - and check and create .kbx. - -2014-09-20 Werner Koch - - gpg: --delete-secret-key - check that a secret key exists. - * g10/delkey.c (do_delete_key): Check availibility of a secret key. - - gpg: Make algorithm selection prompt for ECC more clear. - * g10/keygen.c (ask_algo): Change 9 to "ECC and ECC". - -2014-09-18 Werner Koch - - Release 2.1.0-beta834. - - speedo: Distribute needed files. - * Makefile.am (EXTRA_DIST): Add speedo stuff. - - build: Enable gpgtar by default. - - common: Do not build maintainer modules in non-maintainer mode. - * common/Makefile.am (module_maint_tests): Use only in maintainer - mode. - (t_common_cflags): New. - - common: Remove superfluous statements. - * common/exechelp-posix.c: Remove weak pragmas. - * common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double - const. - - g13: Avoid segv after pipe creation failure. - * g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an - early error. - (gpg_decrypt_blob): Ditto. - - scd: Fix int/short mismatch in format string of app-p15.c. - * scd/app-p15.c (parse_certid): Use snprintf and cast value. - (send_certinfo): Ditto. - (send_keypairinfo): Ditto. - (do_getattr): Ditto. - - agent: Init a local variable in the error case. - * agent/pksign.c (do_encode_md): Init HASH on error. - - agent: Remove left over debug output. - * agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug - output. - - agent: Silence compiler warning for a debug message. - * agent/call-pinentry.c (agent_query_dump_state): Use %p for - POPUP_TID. - - sm: Silence compiler warnings. - * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I. - * sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler - warning. - - gpg: Silence a compiler warning. - * g10/parse-packet.c (enum_sig_subpkt): Replace hack. - - gpg: Replace a hash algo test function. - * g10/gpg.c (print_mds): Replace openpgp_md_test_algo. - - speedo: Various fixes. - * build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org. Minor - other fixes. - -2014-09-17 Werner Koch - - gpg: Print a warning if the subkey expiration may not be what you want. - * g10/keyedit.c (subkey_expire_warning): New. - (keyedit_menu): Call it when needed. - - gpg: Improve passphrase caching. - * agent/cache.c (last_stored_cache_key): New. - (agent_get_cache): Allow NULL for KEY. - (agent_store_cache_hit): New. - * agent/findkey.c (unprotect): Call new function and try to use the - last stored key. - - * g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to - make_keysig_packet. - (gen_standard_revoke): Add arg CACHE_NONCE and pass to - create_revocation. - * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with - cache nonce. - -2014-09-12 Werner Koch - - gpg: Use algorithm id 22 for EdDSA. - * common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22. - * g10/keygen.c (ask_curve): Reword the Curve25519 warning note. - -2014-09-11 Werner Koch - - gpg: Stop early on bogus old style comment packets. - * g10/parse-packet.c (parse_key): Take care of too short packets for - old style commet packets. - -2014-09-10 Werner Koch - - dirmngr: Support https for KS_FETCH. - * dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ... - * dirmngr/misc.c (cert_log_cb): here. - * dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection - and https. - - dirmngr: Fix the ks_fetch command for the http scheme. - * common/http.c (http_session_ref): Allow for NULL arg. - -2014-09-08 Werner Koch - - gpg: Fix memory leak in ECC encryption. - * g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error - handling. - -2014-09-02 Werner Koch - - gpg: Fix export of NIST ECC keys. - * common/openpgp-oid.c (struct oidtable): New. - (openpgp_curve_to_oid): Rewrite and allow OID as input. - (openpgp_oid_to_curve): Make use of the new table. - - agent: Fix import of OpenPGP EdDSA keys. - * agent/cvt-openpgp.c (get_keygrip): Special case EdDSA. - (convert_secret_key): Ditto. - (convert_transfer_key): Ditto. - (apply_protection): Handle opaque MPIs. - - (do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before - unpacking an opaque mpi. - -2014-09-01 Kyle Butt - - gpg: Fix export of ecc secret keys by adjusting check ordering. - * g10/export.c (transfer_format_to_openpgp): Move the check against - PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of - parameters. - -2014-09-01 Werner Koch - - agent: Allow key unprotection using AES-256. - * agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for - clarity. - (do_decryption): Add args prot_cipher and prot_cipher_keylen. USe - them instead of the hardwired values. - (agent_unprotect): Change to use a table of protection algorithms. - Add AES-256 variant. - -2014-08-28 Werner Koch - - gpg: Do not show "MD5" and triplicated "RSA" in --version. - * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases - (build_list_md_test_algo): Ignore MD5. +2014-09-03 Kristian Fiskerstrand - gpg: Do not show "MD5" and triplicated "RSA" in --version. - * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases - (build_list_md_test_algo): Ignore MD5. + gpg: Need to init the trustdb for import. + * g10/trustdb.c (clear_ownertrusts): Init trustdb. 2014-08-26 Werner Koch - gpg: Remove CAST5 from the default prefs and order SHA-1 last. - * g10/keygen.c (keygen_set_std_prefs): Update prefs. - - Switch to the libgpg-error provided estream. - * configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14. - (GPGRT_ENABLE_ES_MACROS): Define. - (estream_INIT): Remove. - * m4/estream.m4: Remove. - * common/estream-printf.c, common/estream-printf.h: Remove. - * common/estream.c, common/estream.h: Remove. - * common/init.c (_init_common_subsystems): Call gpgrt initialization. + build: Print an error message if zlib is not installed. + * configure.ac (missing_zlib): New. gpg: Allow for positional parameters in the passphrase prompt. * g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf. -2014-08-20 Werner Koch - - gpg: Fix "can't handle public key algorithm" warning. - * g10/parse-packet.c (unknown_pubkey_warning): Check for encr/sign - capabilities. - -2014-08-19 Werner Koch - - speedo: Get version numbers from online database. - * build-aux/getswdb.sh: New. - * build-aux/speedo.mk: Get release version numbers from swdb.lst. - - build: Create VERSION file via autoconf. - * Makefile.am (dist-hook): Remove creation of VERSION. - (EXTRA_DIST): Add VERSION. - * configure.ac: Let autoconf create VERSION. - -2014-08-18 Werner Koch - - gpg: Install the current release signing pubkey. - * g10/distsigkey.gpg: New. - - agent: Return NO_SECKEY instead of ENONET for PKSIGN and others. - * agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY. - * agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY. - * agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT. - - kbx: Make user id and signature data optional for OpenPGP. - * kbx/keybox-blob.c (_keybox_create_openpgp_blob): Remove restriction. - - gpg: Change default cipher for --symmetric from CAST5 to AES-128. - * g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES - depending on configure option. - * g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO. - - yat2m: Support @set and @value. - * doc/yat2m.c (variablelist): New. - (set_variable): New. - (macro_set_p): Also check the variables. - (proc_texi_cmd): Support the @value command. - (parse_file): Support the @set command. - (top_parse_file): Release variablelist. - - yat2m: Support the $* command for man page rendering. - -2014-08-17 Werner Koch - - estream: Change license from GPL to LPGL. - * common/estream-printf.c, common/estream-printf.h: Change license. - * common/estream.c, common/estream.h: Ditto. - -2014-08-14 Werner Koch - - Release 2.1.0-beta783. +2014-08-12 Werner Koch - po: Update the German (de) translation. + Release 2.0.26. sm: Create homedir and lock empty keybox creation. * sm/gpgsm.h (opt): Add field "no_homedir_creation". * sm/gpgsm.c (main): Set it if --no-options is used. - * sm/keydb.c (try_make_homedir): New. Similar to the one from - g10/openfile.c. + * sm/keydb.c: Include fcntl.h. + (try_make_homedir): New. Similar to the one from g10/openfile.c (maybe_create_keybox): New. Similar to the one from g10/keydb.c. (keydb_add_resource): Replace some code by maybe_create_keybox. - gpg: Screen keyserver responses. - * g10/main.h (import_screener_t): New. - * g10/import.c (import): Add screener callbacks to param list. - (import_one): Ditto. - (import_secret_one): Ditto. - (import_keys_internal): Ditto. - (import_keys_stream): Ditto. - * g10/keyserver.c (struct ks_retrieval_screener_arg_s): New. - (keyserver_retrieval_screener): New. - (keyserver_get): Pass screener to import_keys_es_stream(). - - scd: Minor changes to app-sc-hsm. - * scd/app-sc-hsm.c: Re-indendet some parts and set some vars to NULL - after xfree for improbed robustness. - (read_ef_prkd): Replace serial operator by blocks for better - readability. - (apply_PKCS_padding): Rewrite for easier auditing. - (strip_PKCS15_padding): Ditto. Add stricter check on SRCLEN. - - gpg: Disable an MD5 workaround for pgp2 by default. - * g10/sig-check.c (do_check): Move some code to ... - * g10/misc.c (print_md5_rejected_note): new function. - * g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround - only if option --allow-weak-digest-algos is used. - - gpg: Remove options --pgp2 and --rfc1991. - * g10/gpg.c (oRFC1991, oPGP2): Remove - (opts): Remove --pgp2 and --rfc1991. - * g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users. - (RFC2440, PGP2): Remove. Remove all code only enabled by these - conditions. - * tests/openpgp/clearsig.test: Remove --rfc1991 test. - - build: Fix autogen.sh base version hack. - * autogen.sh : Fix. - - gpg: Remove --compress-keys and --compress-sigs feature. - * g10/gpg.c (oCompressKeys, oCompressSigs): Remove. - (opts): Turn --compress-keys and --compress-signs in NOPs. - * g10/options.h (opt): Remove fields compress_keys and compress_sigs. - * g10/export.c (do_export): Remove compress_keys feature. - * g10/sign.c (sign_file): Remove compress_sigs feature. - -2014-08-13 Werner Koch - - gpg: Add list-option "show-usage". - * g10/gpg.c (parse_list_options): Add "show-usage". - * g10/options.h (LIST_SHOW_USAGE): New. - * g10/keyid.c (usagestr_from_pk): Add arg FILL. Change caller. - * g10/keylist.c (list_keyblock_print): Print usage info. - -2014-08-12 Werner Koch - - gpg: Make --with-colons work again for --search-keys. - * g10/keyserver.c (search_line_handler): Replace log_debug by - es_printf. - 2014-08-08 NIIBE Yutaka po: Update Japanese translation. -2014-07-25 Werner Koch +2014-08-06 Werner Koch - scd: Minor and editorial changes to app-sc-hsm.c. - * scd/app-sc-hsm.c (select_and_read_binary): Use SW_ macro. - (parse_certid): Remove useless test. - (send_certinfo, send_keypairinfo): Shrink malloc to the needed size. - (do_getattr): Ditto. - (verify_pin): Use SW_ macro. - (do_decipher): Replace OFS variable and extend comment. - - scd: Add a new status word code. - * scd/apdu.h (SW_REF_DATA_INV): New. - * scd/apdu.c (apdu_strerror): Add string. - -2014-07-25 Andreas Schwier - - scd: Support for SmartCard-HSM. - * scd/app-sc-hsm.c: New. - * scd/app.c (select_application, get_supported_applications): Register - new app. - -2014-07-25 Werner Koch - - gpg: Switch to an EdDSA format with prefix byte. - * g10/keygen.c (gen_ecc): USe "comp" for EdDSA. - -2014-07-23 Werner Koch - - agent: Show just one warning with all failed passphrase constraints. - * agent/genkey.c (check_passphrase_constraints): Build a final warning - after all checks. - - agent: Only one confirmation prompt for an empty passphrase. - * agent/genkey.c (check_passphrase_constraints): Moev empty passphrase - check to the front. - - gpg: Add command --quick-gen-key. - * g10/gpg.c (aQuickKeygen): New. - * g10/misc.c (is_valid_user_id): New stub. - * g10/keygen.c (quickgen_set_para): New. - (quick_generate_keypair): New. - - common: Add cpr_get_answer_is_yes_def() - * g10/cpr.c (cpr_get_answer_is_yes): Factor code out to .... - (cpr_get_answer_is_yes_def): ...new. - - gpg: Make --quick-sign-key promote local key signatures. - * g10/keyedit.c (sign_uids): Promote local sigs in quick mode. - -2014-07-22 Werner Koch - - scd: Do not use the pcsc-wrapper. - * scd/apdu.c (NEED_PCSC_WRAPPER): Do not define. - * scd/Makefile.am (libexec_PROGRAMS): Remove gnupg-pcsc-wrapper - (gnupg_pcsc_wrapper_SOURCES): Remove. - (gnupg_pcsc_wrapper_LDADD): Remove. - (gnupg_pcsc_wrapper_CFLAGS): Remove. + gpg: Fix regression due to the keyserver import filter. + * g10/keyserver.c (keyserver_retrieval_filter): Change args. Rewrite + to take subpakets in account. + * g10/import.c (import_one, import_secret_one): Pass keyblock to + filter. -2014-07-21 Werner Koch + gpg: Add kbnode_t for easier backporting. + * g10/gpg.h (kbnode_t): New. - gpg: Improve --list-packets output for faulty packets. - * g10/parse-packet.c: Add list_mode output for certain failures. +2014-07-21 Simon Josefsson - gpg: Cap size of attribute packets at 16MB. - * g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap - size of packet. + Add OpenPGP card manufacturer Yubico (6). -2014-07-03 Werner Koch - - Release 2.1.0-beta751. - - gpg: Make show-uid-validity the default. +2014-07-21 Andreas Schwier - tests: Fix end-of-all-ticks test for Western locales. - * common/t-timestuff.c (test_timegm): Use timegm if available. - (main): Set TX to UTC if timegm is not available. + scd: Allow for certificates > 1024 with PC/SC. + * scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too + allow for larger certificates. -2014-07-03 Kristian Fiskerstrand +2014-07-21 Werner Koch - gpg: Spelling error. + gpg: Cap size of attribute packets at 16MB. + * g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap + size of packet. 2014-06-30 Werner Koch - gpg: Auto-create revocation certificates. - * configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define. - * g10/revoke.c (create_revocation): Add arg "leadin". - (gen_standard_revoke): New. - * g10/openfile.c (get_openpgp_revocdir): New. - (open_outfile): Add MODE value 3. - * g10/keyid.c (hexfingerprint): New. - * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke. + Release 2.0.25. estream: Fix minor glitch in "%.*s" format. * common/estream-printf.c (pr_string): Take care of non-nul terminated strings. - gpg: Rearrange code in gen_revoke. - * g10/revoke.c (gen_revoke): Factor some code out to ... - (create_revocation): new. - - gpg: Create exported secret files and revocs with mode 700. - * common/iobuf.c (direct_open): Add arg MODE700. - (iobuf_create): Ditto. - * g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call - callers to pass 0 for it. - * g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new - arg. - * g10/export.c (do_export): Pass true for new arg if SECRET is true. - - common: Minor code cleanup for a legacy OS. - * common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals. - -2014-06-27 Werner Koch - - speedo: Fix the w32 installer name. - - po: Update some strings of the French (fr) translation. - - po: Update the German (de) translation. - - agent: Adjust for changed npth_eselect under W32. - * agent/gpg-agent.c (handle_connections) [W32]: Make events_set an - unsigned int to match the changed prototype. - - dirmngr: Use the homedir based socket also under W32. - * common/homedir.c (dirmngr_user_socket_name): Use same code for all - platforms. - -2014-06-27 Yuri Chornoivan - - po: Update and enable Ukrainian (uk) translation. - - Fix typos in messages. - -2014-06-27 Werner Koch - - build: Remove unused options. - * configure.ac: Remove option --build-agent-only. - (FAKE_CURL, GPGKEYS_CURL): Remove check for cURL - (GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused - SENDMAIL check. - (GPGKEYS_KDNS): Remove ac_subst. - * autogen.rc (final_info): Remove suggestion to use the removed option - --enable-mailto. - -2014-06-27 NIIBE Yutaka - - scd: Add pinpad support for REINER SCT cyberJack go. - * scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New. - * scd/ccid-driver.c (ccid_transceive_secure): Handle the case for - VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change). - 2014-06-27 Werner Koch scd: Support reader Gemalto IDBridge CT30. - * scd/ccid-driver.h (GEMPC_CT30): New product id. * scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that reader. - -2014-06-26 Werner Koch + (GEMPC_CT30): New product id. gpg: Limit keysize for unattended key generation to useful values. * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096. (gen_rsa): Enforce keysize 1024 to 4096. (gen_dsa): Enforce keysize 768 to 3072. - Enable DNS SRV records again. - * configure.ac (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst. - (use_dns_srv): Make test work. - - agent: Fix export of RSA keys to OpenPGP. - * agent/cvt-openpgp.c (convert_transfer_key): Fix sexp build format - string. - - gpg,gpgsm: Simplify wrong_args function. - - speedo: "make clean-gnupg" may not remove the source. - * build-aux/speedo.mk (clean-$(1)): Take care of gnupg. - - gpgsm: Fix default config name. - 2014-06-25 Werner Koch - doc: Improve the rendering of the manual. - - doc: Update for modern makeinfo. - * doc/texi.css: Remove. - * doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref. - - gpg: Allow key-to-card upload for cert-only keys. - * g10/card-util.c (card_store_subkey): Allo CERT usage for key 0. + agent: Let gpg-protect-tool pass envvars to pinentry. + * agent/protect-tool.c (opt_session_env): New. + (main): Pass session environment object to + gnupg_prepare_get_passphrase. + + gpg: Make screening of keyserver result work with multi-key commands. + * g10/keyserver.c (ks_retrieval_filter_arg_s): new. + (keyserver_retrieval_filter): Use new struct and check all + descriptions. + (keyserver_spawn): Pass filter arg suing the new struct. 2014-06-24 Werner Koch - doc: Add conditionals for GnuPG-1. + Release 2.0.24. -2014-06-20 Werner Koch +2014-06-24 Kristian Fiskerstrand - gpg: Make export of ECC keys work again. - * agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead - of the curve parameters. - * g10/export.c (canon_pubkey_algo): Rename to ... - (canon_pk_algo): this. Support ECC. - (transfer_format_to_openpgp): Expect curve name. + gpg: Fix a couple of spelling errors. - gpg: Avoid infinite loop in uncompressing garbled packets. - * g10/compress.c (do_uncompress): Limit the number of extra FF bytes. +2014-06-24 Werner Koch -2014-06-17 Kristian Fiskerstrand + gpg: Do not link gpgv against libassuan. + * g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS. - gpg: Fix a couple of spelling errors. + po: Update de.po. -2014-06-17 Werner Koch + common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6. + * common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if + defined. + + Remove thread callbacks for libgcrypt >= 1.6. + * agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with + libgcrypt >= 1.6. + (main): Ditto. + * scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto. + (main): Ditto. - speedo: Support building from dist-source generated tarball. + gpg: Use more specific reason codes for INV_RECP. + * g10/pkclist.c (build_pk_list): Use more specific reasons codes for + INV_RECP. -2014-06-13 Werner Koch + gpg: Make show-uid-validity the default. - http: Print human readable GNUTLS status. - * common/http.c (send_gnutls_bye): Take care of EAGAIN et al. - (http_verify_server_credentials): Print a human readable status. +2014-06-24 Stefan Tomanek -2014-06-12 Werner Koch + gpg: Screen keyserver responses. + * g10/main.h (import_filter_t): New. + * g10/import.c (import): Add filter callbacks to param list. + (import_one): Ditto. + (import_secret_one): Ditto. + (import_keys_internal): Ditto. + (import_keys_stream): Ditto. + * g10/keyserver.c (keyserver_retrieval_filter): New. + (keyserver_spawn): Pass filter to import_keys_stream() - gpg: Improve the output of --list-packets. - * g10/parse-packet.c (parse): Print packet meta info in list mode. +2014-06-24 Werner Koch -2014-06-11 Werner Koch + gpg: Allow key-to-card upload for cert-only keys. + * g10/card-util.c (card_store_subkey): Allo CERT usage for key 0. - speedo: Improve building of the w32 installer. - * build-aux/speedo.mk: Change name of build directory to PLAY. - Improve the dist-source target. - * build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank - line (plus comment). - * build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*. - Install more tools. +2014-06-23 Werner Koch -2014-06-10 Werner Koch + ssh: Fix for newer Libgcrypt versions. + * common/ssh-utils.c (get_fingerprint): Add GCRY_PK_ECC case. - speedo: Revamped speedo and include a w32 installer. - * build-aux/speedo/: New. - * build-aux/speedo/w32/: New. +2014-06-20 Werner Koch - build: Add more options to autogen.sh. - * autogen.sh: Add options --print-host and --print-build. + gpg: Avoid infinite loop in uncompressing garbled packets. + * g10/compress.c (do_uncompress): Limit the number of extra FF bytes. - w32: Fix build problem with dirmngr. - * dirmngr/ks-engine-hkp.c (EAI_SYSTEM) [W32]: Add replacement - constant. +2014-06-03 Werner Koch - gpg: Use more specific reason codes for INV_RECP. - * g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific - reasons codes for INV_RECP. + doc: Update for modern makeinfo. + * doc/texi.css: Remove. + * doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref. -2014-06-06 Werner Koch + Release 2.0.23. - Improve the beta number generation. - * autogen.sh: Add option --find-version - * configure.ac: Rework the setting of the mym4_ variables. - -2014-06-05 Werner Koch - - Remove keyserver helper code. - * configure.ac: Remove keyserver helper related stuff. - * Makefile.am (SUBDIRS): Remove keyserver. - * keyserver/Makefile.am: Remove. - - gpg: Require confirmation for --gen-key with experimental curves. - * g10/keygen.c (ask_curve): Add arg both. Require confirmation for - Curve25519. - - gpg: Auto-migrate existing secring.gpg. - * g10/migrate.c: New. - * g10/import.c (import_old_secring): New. - (import_one): Add arg silent. - (transfer_secret_keys): Add arg batch. - (import_secret_one): Add args batch and for_migration. - * g10/gpg.c (main): Call migration function. + doc: Adjust Makefile for fixed yat2m. + * doc/Makefile.am (yat2m-stamp): Remove dirmngr-client hack. -2014-06-04 Werner Koch + gpg: New %U expando for the photo viewer. + * g10/photoid.c (show_photos): Set namehash. + * g10/misc.c (pct_expando): Add "%U" expando. - gpgsm: Fix commit be07ed65. - * sm/server.c (option_handler): Use "with-secret". + common: Add z-base-32 encoder. + * common/zb32.c: New. + * common/t-zb32.c: New. + * common/Makefile.am (common_sources): Add zb82.c -2014-06-03 Werner Koch + gpg: Reject signatures made with MD5. + * g10/gpg.c: Add option --allow-weak-digest-algos. + (main): Set option also in PGP2 mode. + * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. + * g10/sig-check.c (do_check): Reject MD5 signatures. + * tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos. - Add new option --with-secret. - * g10/gpg.c: Add option --with-secret. - * g10/options.h (struct opt): Add field with_secret. - * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all - and list_one. - (list_all, list_one): Add arg mark_secret. - (list_keyblock_colon): Add arg has_secret. - * sm/gpgsm.c: Add option --with-secret. - * sm/server.c (option_handler): Add option "with-secret". - * sm/gpgsm.h (server_control_s): Add field with_secret. - * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move - the token string from the wrong field 14 to 15. - - gpgsm: New commands --export-secret-key-{p8,raw} - * sm/gpgsm.c: Add new commands. - * sm/minip12.c (build_key_sequence): Add arg mode. - (p12_raw_build): New. - * sm/export.c (export_p12): Add arg rawmode. Call p12_raw_build. - (gpgsm_p12_export): Ditto. - (print_short_info): Print the keygrip. + gpg: Remove useless diagnostic in MDC verification. + * g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad + MDC packer header and a bad MDC. + + gpg: Fix glitch entering a full expiration time. + * g10/keygen.c (ask_expire_interval): Get the current time after the + prompt. 2014-06-02 Werner Koch - gpg: Avoid NULL-deref in default key listing. - * g10/keyid.c (hash_public_key): Take care of NULL keys. - * g10/misc.c (pubkey_nbits): Ditto. + gpg: Graceful skip reading of corrupt MPIs. + * g10/parse-packet.c (mpi_read): Change error message on overflow. gpg: Simplify default key listing. * g10/mainproc.c (list_node): Rework. - gpg: Graceful skip reading of corrupt MPIs. - * g10/parse-packet.c (mpi_read): Change error message on overflow. - gpgsm: Handle re-issued CA certificates in a better way. * sm/certchain.c (find_up_search_by_keyid): Consider all matching certificates. @@ -3013,1152 +625,26 @@ * common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to pass 0 to the arguments. -2014-05-19 Werner Koch - - dirmngr: Print certificates on failed TLS verification. - * dirmngr/ks-engine-hkp.c (cert_log_cb): New. - (send_request): Set callback. - - http: Add callback to help logging of server certificates. - * common/http.c (http_session_s): Add field cert_log_cb. - (http_session_set_log_cb): New. - (http_verify_server_credentials): Call callback. - -2014-05-16 Werner Koch - - keyserver: Improve support for hkps pools. - * dirmngr/ks-engine-hkp.c (hostinfo_s): Add fields cname, v4addr, and - v6addr. - (create_new_hostinfo): Clear them. - (my_getnameinfo): Add args numeric and r_isnumeric. - (is_ip_address): New. - (map_host): Add arg r_host. Rewrite the code to handle pools in a - special way. - (ks_hkp_print_hosttable): Change format of help info output. - (make_host_part): Add arg optional r_httphost. - (send_request): Add arg httphost. - (ks_hkp_search, ks_hkp_get, ks_hkp_put): Get httphost and pass it to - send_request. - - http: Allow overriding of the Host header. - * common/http.c (http_open): Add arg httphost. - (http_open_document): Pass NULL for httphost. - (send_request): Add arg httphost. If given, use HTTPHOST instead of - SERVER. Use https with a proxy if requested. - (http_verify_server_credentials): Do not stop at the first error - message. - * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open. - * keyserver/curl-shim.c (curl_easy_perform): Ditto. - * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. - * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto. - -2014-05-14 Werner Koch - - gpg: Fix uninitialized access to search descindex with gpg keyboxes. - * kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage - both callers. - * g10/keydb.c (keydb_search): Always set DESCINDEX. - - w32: Make make_absfilename work with drive letters. - * common/stringhelp.c (do_make_filename) [HAVE_DRIVE_LETTERS]: Fix. - - gpg: Remove useless diagnostic in MDC verification. - * g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad - MDC packer header and a bad MDC. - - gpg: Fix glitch entering a full expiration time. - * g10/keygen.c (ask_expire_interval): Get the current time after the - prompt. - -2014-05-08 Werner Koch - - agent: Fix import of non-protected gpg keys. - * agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for - non-protected keys. - (convert_from_openpgp_main): Do not call agent_askpin for a - non-protected key. - - Make more use of *_NAME macros. - * configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New. - (GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New. - (DIRMNGR_DISP_NAME, G13_DISP_NAME): New. - (GPGCONF_DISP_NAME): New. - (SCDAEMON_SOCK_NAME): New. - * common/argparse.c (show_help): Map description string. - -2014-05-08 NIIBE Yutaka - - agent: Fix auth key comment handling. - * agent/command-ssh.c (ssh_send_key_public): Handle the case with no - comment. - -2014-05-07 Werner Koch - - Make -jN work again. - * common/Makefile.am ($(PROGRAMS)): New rule - (t_http_LDADD): Use libcommontls.a without directory prefix. - * dirmngr/Makefile.am ($(PROGRAMS)): New rule. - - gpg: Print the key algorithm/curve with signature info. - * g10/mainproc.c (check_sig_and_print): Print the name and curve. - - gpg: Fix memleak in signature verification of bogus keys. - * g10/mainproc.c (check_sig_and_print): Factor common code out to ... - (print_good_bad_signature): here. - - gpg: Mark experimental algorithms in the key listing. - * g10/keylist.c (list_keyblock_print): Remove duplicate curve name. - Print a note for experimental algorithms. - * g10/misc.c (print_pubkey_algo_note): Fix warning message. - - gpg: Finish experimental support for Ed25519. - * agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve". - (get_keygrip): Add and use arg CURVE. - (convert_secret_key): Ditto. - (convert_transfer_key): Ditto. - (get_npkey_nskey): New. - (prepare_unprotect): Replace gcrypt functions by - get_npkey_nskey. Allow opaque MPIs. - (do_unprotect): Use CURVE instead of parameters. - (convert_from_openpgp_main): Ditto. - (convert_to_openpgp): Simplify. - * g10/import.c (one_mpi_from_pkey): Remove. - (transfer_secret_keys): Rewrite to use the curve instead of the - parameters. - * g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag. - - * common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of - "NIST P-256" et al. - * g10/keygen.c (ask_curve): Add arg ALGO. - (generate_keypair): Rewrite the ECC key logic. - - * tests/openpgp/ecc.test: Provide the "ecc" passphrase. - - kbx: Add experimental support for EDDSA. - * kbx/keybox-openpgp.c (parse_key): Use algo constants and add - experimental support for EdDSA. - - agent: Remove greeting message. - * agent/gpg-agent.c (main): Remove greeting. Make --no-greeting a - dummy. - -2014-05-06 Werner Koch - - Use "samethread" mode keyword for some es_fopenmem. - * dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword. - * g10/call-dirmngr.c (ks_put_inq_cb): Ditto. - * scd/atr.c (atr_dump): Ditto. - -2014-05-05 Werner Koch - - dirmngr: Add support for hkps keyservers. - * dirmngr/dirmngr.c: Include gnutls.h. - (opts): Add --gnutls-debug and --hkp-cacert. - (opt_gnutls_debug, my_gnutls_log): New. - (set_debug): Set gnutls log level. - (parse_rereadable_options): Register a CA file. - (main): Init GNUTLS. - * dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps. - (send_request): Ditto. - - http: Add reference counting to the session object. - * common/http.c (http_session_t): Add field "refcount". - (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code. - (send_request, my_npth_read, my_npth_write): Use SOCK object for the - transport ptr. - (http_session_release): Factor all code out to ... - (session_unref): here. Deref SOCK. - (http_session_new): Init refcount and transport ptr. - (http_session_ref): New. Ref and unref all assignments. - -2014-05-02 Werner Koch - - http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info. - * common/http.c (http_parse_uri): Factor code out to ... - (parse_uri): here. Add arg FORCE_TLS. - (do_parse_uri): Ditto. Implement flag. - (http_get_tls_info): New. - (http_register_tls_ca): Allow clearing of the list. - (send_request): Use a default verification function. - * common/http.h (HTTP_FLAG_FORCE_TLS): New. - * common/t-http.c (main): Add several command line options. - - common: Fix test for openpgp_oid_is_ed25519. - * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): Add correct - value. - - http: Revamp TLS API. - * configure.ac (NEED_GNUTLS_VERSION): New. - (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst. - - * common/http.h (http_session_t): New. - * common/http.c: Remove compatibility for gnutls < 3.0. - (http_session_s): New. - (cookie_s): Replace gnutls_session_t by http_session_t. - (tls_callback, tls_ca_certlist): New variables. - (my_socket_unref): Add preclose args. - (my_npth_read, my_npth_write): New. - (make_header_line): Fix bug using int* instead of char*. - (http_register_tls_callback): New. - (http_register_tls_ca): New. - (http_session_new): New. - (http_session_release): New. - (http_get_header_names): New. - (escape_data): Add hack to escape in forms mode. - (send_request) [HTTP_USE_GNUTLS]: Support SNI. - (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line. - (send_gnutls_bye): New. - (cookie_close): Make use of preclose feature. - (http_verify_server_credentials): New. - (main) [TEST]: Remove test code. - * common/t-http.c: New. - * common/tls-ca.pem: New. - * common/Makefile.am (tls_sources): New. Move http code to here. - (libcommontls_a_SOURCES): New. - (libcommontlsnpth_a_SOURCES): New. - (EXTRA_DIST): Add tls-ca.pem - (module_maint_tests): Add t-http. - (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. - - * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth. - - common: Cleanup the use of USE_NPTH and HAVE_NPTH macros. - * configure.ac (HAVE_NPTH): New ac_define. - * common/estream.c: Use USE_NPTH instead of HAVE_NPTH. - * common/http.c: Ditto. Replace remaining calls to pth by npth calls. - (connect_server): Remove useless _(). - * common/exechelp-posix.c, common/exechelp-w32.c - * common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h. - * common/init.c (_init_common_subsystems): Remove call to pth_init. - * common/sysutils.c (gnupg_sleep): Use npth_sleep. - * scd/ccid-driver.c (my_sleep): Ditto. - -2014-04-30 Werner Koch - - estream: Implement "samethread" mode keyword. - * src/estream.c (estream_internal): Add field SAMETHREAD. - (init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it. - (parse_mode): Add arg SAMETHREAD and parse that keyword. - (es_initialize): Rename to ... - (init_stream_obj): this. Add arg SAMETHREAD. - (es_create): Add arg SAMETHREAD. Call init_stream_lock after - init_stream_obj. - (doreadline): Call es_create with samethread flag. - (es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen) - (do_fpopen, do_w32open): Implement "samethread" keyword. - (es_freopen): Take samthread flag from old stream. - (es_tmpfile): Call es)_create w/o samethread. - - estream: Fix deadlock in es_fileno. - * src/estream.c (es_fileno_unlocked): Call the unlocked functions. - - estream: Add debug code to the lock functions. - * common/estream.c (dbg_lock_0, dbg_lock_1, dbg_lock_1): New. - - estream: Replace locking macros by functions. - * common/estream.c: Replace most macros. - -2014-04-28 NIIBE Yutaka - - ECC Fixes. - * agent/cvt-openpgp.c (get_keygrip, convert_secret_key) - (convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which - does not distinguish the detail. - (do_unprotect, convert_from_openpgp_main): Don't call - map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and - not the value defined by OpenPGP. - (convert_to_openpgp): It's "ecc". - * agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove. - * g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error. - * g10/pubkey-enc.c (get_it): Fix swapping the fields error. - 2014-04-22 Werner Koch - gpg: Pass --homedir to gpg-agent. - * agent/gpg-agent.c (main): Make sure homedir is absolute. - * common/asshelp.c (lock_spawning): Create lock file with an absolute - name. - (start_new_gpg_agent): Use an absolute name for the socket and pass - option --homedir to the agent. - (start_new_dirmngr): Use an absolute name for the --homedir. - - common: Add functions make_absfilename and make_absfilename_try. - * common/stringhelp.c (do_make_filename): Add modes 2 and 3. - (make_absfilename): New. - (make_absfilename_try): New. - - common: Add function gnupg_getcwd. - * tools/gpg-connect-agent.c (gnu_getcwd): Move to ... - * common/sysutils.c (gnupg_getcwd): .. here. - * tools/gpg-connect-agent.c (get_var_ext): Use gnupg_getcwd. - gpg: Print a warning if GKR has hijacked gpg-agent. * g10/call-agent.c (check_hijacking): New. (start_agent): Call it. (membuf_data_cb, default_inq_cb): Move more to the top. -2014-04-17 Werner Koch - - gpg: New %U expando for the photo viewer. - * g10/photoid.c (show_photos): Set namehash. - * g10/misc.c (pct_expando): Add "%U" expando. - - common: Add z-base-32 encoder. - * common/zb32.c: New. - * common/t-zb32.c: New. - * common/Makefile.am (common_sources): Add zb82.c - (module_tests): Add t-zb32. - 2014-04-16 Werner Koch - Two minor code cleanups and one NULL deref on error fix. - * common/estream.c (es_freopen): Remove useless check for STREAM. - * kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check - for BLOB. - * tools/sockprox.c (run_proxy): Do not fclose(NULL). - -2014-04-15 Werner Koch - - gpg: Re-enable secret key deletion. - * g10/call-agent.c (agent_delete_key): New. - * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. - * g10/passphrase.c (gpg_format_keydesc): Support new format. - * g10/delkey.c (do_delete_key): Add secret key deletion. - - gpg: Re-indent a file. - * g10/delkey.c: Re-indent. - (do_delete_key, delete_keys): Change return type top gpg_error_t. - - gpg: Fix regression in secret key export. - * agent/cvt-openpgp.c (convert_to_openpgp): Fix use - gcry_sexp_extract_param. - * g10/export.c (do_export_stream): Provide a proper prompt to the - agent. - - gpg: Change pinentry prompt to talk about "secret key". - * g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings. - * g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT) - (FORMAT_KEYDESC_EXPORT): New. Use them for clarity. - - agent: Add command DELETE_KEY. - * agent/command.c (cmd_delete_key): New. - * agent/findkey.c (modify_description): Add '%C' feature. - (remove_key_file): New. - (agent_delete_key): New. - * agent/command-ssh.c (search_control_file): Make arg R_DISABLE - optional. - - * configure.ac: Require libgpg-error 1.13. - -2014-04-09 NIIBE Yutaka - - scd: EdDSA support. - * scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New. - (struct app_local_s): Add eddsa. - (get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA. - (get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519. - (send_key_attr, get_public_key): Support KEY_TYPE_EDDSA. - (build_ecc_privkey_template): Rename as it supports both of - ECDSA and EdDSA. - (ecc_writekey): Rename. Support CURVE_ED25519, too. - (do_writekey): Follow the change of ecc_writekey. - (do_auth): Support KEY_TYPE_EDDSA. - (parse_ecc_curve): Support CURVE_ED25519. Bug fix for other curves. - (parse_algorithm_attribute): Bug fix for ECDH. Support EdDSA. - -2014-04-08 Werner Koch - - dirmngr: Fix compiler warning. - * common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New. - * dirmngr/dirmngr.c (handle_tick): Factor time check out to ... - (time_for_housekeeping_p): new. - - gpgconf: Add command --launch. - * tools/gpgconf.c: Add command --launch. - * tools/gpgconf-comp.c (gc_component_launch): New. - - scd: Silent compiler warnings about unused variables. - * scd/app-openpgp.c (build_ecdsa_privkey_template): Mark unused arg. - (ecdh_writekey): Mark unused args. - -2014-04-08 NIIBE Yutaka - - agent: Support EdDSA. - * agent/pksign.c (agent_pksign_do): Handle EdDSA signature. - - g10: EdDSA support. - * g10/keyid.c (keygrip_from_pk): Compute keygrip of EdDSA key. - * g10/keygen.c (generate_subkeypair): Ed25519 is for EdDSA. - * common/openpgp-oid.c (oid_ed25519): Update. - -2014-04-04 NIIBE Yutaka - - agent: EdDSA support for SSH. - * agent/command-ssh.c (ssh_signature_encoder_eddsa): Signature is - two 32-byte opaque data which should not be interpreted as number. - -2014-03-27 Werner Koch - - gpg: Add commands --quick-sign-key and --quick-lsign-key. - * g10/gpg.c (main): Add commands --quick-sign-key and - --quick-lsign-key. - * g10/keyedit.c (sign_uids): Add args FP and QUICK. - (keyedit_quick_sign): New. - (show_key_with_all_names): Add arg NOWARN. - - Change some keyedit functions to allow printing to arbitrary streams. - * common/ttyio.c (tty_print_string): Add optional arg FP. Change all - callers. - (tty_print_utf8_string2): Ditto. - * g10/keyedit.c (show_prefs): Ditto. - (show_key_with_all_names_colon): Ditto. - (show_names): Ditto. - * g10/keylist.c (print_revokers): Ditto. - (print_fingerprint): Ditto. - -2014-03-23 Werner Koch - - agent: Replace es_mopen by es_fopenmem for ssh. - * agent/command-ssh.c (ssh_read_key_public_from_blob): Use - es_fopenmem. - (ssh_handler_request_identities): Ditto. - (ssh_request_process): Ditto. - -2014-03-22 Werner Koch - - agent: Put ssh key type as comment into sshcontrol. - * agent/command-ssh.c (ssh_key_type_spec): Add field name. - (ssh_key_types): Add human readable names. - (add_control_entry): Add arg SPEC and print key type as comment. - (ssh_identity_register): Add arg SPEC. - (ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key. - - agent: Support the Ed25519 signature algorithm for ssh. - * agent/command-ssh.c (SPEC_FLAG_IS_EdDSA): New. - (ssh_key_types): Add entry for ssh-ed25519. - (ssh_identifier_from_curve_name): Move to the top. - (stream_read_skip): New. - (stream_read_blob): New. - (ssh_signature_encoder_rsa): Replace MPIS array by an s-exp and move - the s-exp parsing to here. - (ssh_signature_encoder_dsa): Ditto. - (ssh_signature_encoder_ecdsa): Ditto. - (ssh_signature_encoder_eddsa): New. - (sexp_key_construct): Rewrite. - (ssh_key_extract): Rename to ... - (ssh_key_to_blob): .. this and rewrite most of it. - (ssh_receive_key): Add case for EdDSA. - (ssh_convert_key_to_blob, key_secret_to_public): Remove. - (ssh_send_key_public): Rewrite. - (ssh_handler_request_identities): Simplify. - (data_sign): Add rename args. Add new args HASH and HASHLEN. Make - use of es_fopenmen and es_fclose_snatch. Remove parsing into MPIs - which is now doe in the sgnature encoder functions. - (ssh_handler_sign_request): Take care of Ed25519. - (ssh_key_extract_comment): Rewrite using gcry_sexp_nth_string. - - agent: Cleanups to prepare implementation of Ed25519. - * agent/cvt-openpgp.c: Remove. - (convert_to_openpgp): Use gcry_sexp_extract_param. - * agent/findkey.c (is_eddsa): New. - (agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA. - * agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and - OVERRIDEDATALEN. - - * common/ssh-utils.c (is_eddsa): New. - (get_fingerprint): Take care or EdDSA. - -2014-03-18 Werner Koch - - tools: Fix NULL deref in gpg-connect-agent. - * tools/gpg-connect-agent.c (handle_inquire): Do not pass NULL to - strlen. - - dirmngr: Resurrect hosts in the HKP hosttable. - * dirmngr/dirmngr.c (HOUSEKEEPING_INTERVAL): New. - (housekeeping_thread): New. - (handle_tick): Call new function. - * dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): New. - (struct hostinfo_s): Add field died_at and set it along with the dead - flag. - (ks_hkp_print_hosttable): Print that info. - (ks_hkp_housekeeping): New. - - common: New function elapsed_time_string. - * common/gettime.c (elapsed_time_string): New. - -2014-03-17 Werner Koch - - gpg: Reject signatures made with MD5. - * g10/gpg.c: Add option --allow-weak-digest-algos. - (main): Set option also in PGP2 mode. - * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. - * g10/sig-check.c (do_check): Reject MD5 signatures. - * tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf. - - gpg: Make --auto-key-locate work again with keyservers. - * dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode. - * g10/keyserver.c (keyserver_import_name): Implement. - (keyserver_get): Use exact mode for name based import. - (keyserver_get): Add args R_FPR and R_FPRLEN. Change all callers. - - gpg: New mechanism "clear" for --auto-key-locate. - * g10/getkey.c (parse_auto_key_locate): Implement "clear". - -2014-03-14 Werner Koch - - gpg-connect-agent: Make it easier to connect to the dirmngr. - * tools/gpg-connect-agent.c: Add options --dirmngr and - --dirmngr-program. - - dirmngr: Make use of IPv4 and IPV6 more explicit. - * common/http.c (connect_server): Handle the new flags. - * common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New. - * dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags. - (make_host_part): Ditto. - (send_request): Add arg httpflags. - (ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags. - - dirmngr: Do not use brackets around legacy IP addresses. - * dirmngr/ks-engine-hkp.c (my_getnameinfo): Change args to take a - complete addrinfo. Bracket only v6 addresses. Change caller. - - gpg: Print the actual used keyserver address. - * dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE - status lines. - * g10/call-dirmngr.c (ks_status_parm_s): New. - (ks_search_parm_s): Add field stparm. - (ks_status_cb): New. - (ks_search_data_cb): Send source to the data callback. - (gpg_dirmngr_ks_search): Change callback prototope to include the - SPECIAL arg. Adjust all users. Use ks_status_cb. - (gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb. - * g10/keyserver.c (search_line_handler): Adjust callback and print - "data source" disgnostic. - (keyserver_get): Print data source diagnostic. - - dirmngr: Default to a user socket name and enable autostart. - * common/homedir.c (dirmngr_socket_name): Rename to - dirmngr_sys_socket_name. - (dirmngr_user_socket_name): New. - * common/asshelp.c (start_new_dirmngr): Handle sys and user dirmngr - socket. - * dirmngr/dirmngr.c (main): Ditto. - * dirmngr/server.c (cmd_getinfo): Ditto. - * sm/server.c (gpgsm_server): Ditto. - * dirmngr/dirmngr-client.c (start_dirmngr): Likewise. - * tools/gpgconf.c (main): Print "dirmngr-sys-socket" with --list-dirs. - - * configure.ac (USE_DIRMNGR_AUTO_START): Set by default. + gpg: Fix use of deprecated RSA_E and RSA_E with newer libgcrypts. + * g10/misc.c (pubkey_get_npkey): Map RSA_E and RSA_S to RSA. + (pubkey_get_nskey): Ditto. + (pubkey_get_nsig): Ditto. + (pubkey_get_nenc): Ditto. + (pubkey_nbits): Take care of RSA_E and RSA_S. 2014-03-12 Werner Koch - gpg: Add option --dirmngr-program. - * g10/gpg.c: Add option --dirmngr-program. - * g10/options.h (struct opt): Add field dirmngr_program. - * g10/call-dirmngr.c (create_context): Use new var. - - * dirmngr/dirmngr.c: Include gc-opt-flags.h. - (main): Remove GC_OPT_FLAG_*. - * tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ... - * common/gc-opt-flags.h: here. - - dirmngr: Detect dead keyservers and try another one. - * dirmngr/ks-action.c (ks_action_resolve): Rename var for clarity. - (ks_action_search, ks_action_put): Ditto. - (ks_action_get): Consult only the first server which retruned some - data. - - * dirmngr/ks-engine-hkp.c (SEND_REQUEST_RETRIES): New. - (map_host): Add arg CTRL and call dirmngr_tick. - (make_host_part): Add arg CTRL. - (mark_host_dead): Allow the use of an URL. - (handle_send_request_error): New. - (ks_hkp_search, ks_hkp_get, ks_hkp_put): Mark host dead and retry on - error. - - http: Add a flag to the URL parser indicating a literal v6 address. - * common/http.h (struct parsed_uri_t): Add field v6lit. - * common/http.c (do_parse_uri): Set v6lit. - -2014-03-12 NIIBE Yutaka - - scd: writekey support of ECC. - * scd/app-openpgp.c (CURVE_SEC_P256K1, get_algo_byte): New. - (store_fpr): Support ECC keys with varargs. - (get_ecc_key_parameters, get_curve_name): Support secp256k1. - (parse_ecc_curve): Likewise. - (build_ecdsa_privkey_template, rsa_writekey, ecdsa_writekey): New. - (ecdh_writekey): New. Not implemented yet. - (do_writekey): Call rsa_writekey, ecdsa_writekey, or ecdh_writekey. - (do_genkey): Follow the change of store_fpr. - -2014-03-11 Werner Koch - - dirmngr: Put brackets around IP addresses in the hosttable. - * dirmngr/ks-engine-hkp.c (EAI_OVERFLOW): Provide a substitute. - (my_getnameinfo): New. - (map_host): Use it. - - dirmngr: Add command option to mark hosts as dead or alive. - * dirmngr/server.c (cmd_killdirmngr): Factor some code out to ... - (check_owner_permission): here. - (cmd_keyserver): Add options --dead and --alive. - * dirmngr/ks-engine-hkp.c (host_in_pool_p): New. - (ks_hkp_mark_host): New. - - dirmngr: Make Assuan output of keyblocks easier readable. - * dirmngr/server.c (data_line_cookie_write): Print shorter data lines - in verbose mode. - - dirmngr: Fix HKP host selection code. - * dirmngr/server.c (cmd_keyserver): Add option --resolve and change - --print-hosttable to --hosttable. - * dirmngr/ks-action.c (ks_printf_help): New. - (ks_action_resolve): New. - * dirmngr/ks-engine-hkp.c (select_random_host): Fix selection. - (ks_hkp_print_hosttable): Print to assuan stream. - (map_host): Remove debug code. Add arg FORCE_SELECT. Return numeric - IP addr if it can't be resolved. - (make_host_part): Add arg FORCE_SELECT; change callers to pass false. - (ks_hkp_resolve): New. - - List readline support in configure summary. - * m4/readline.m4: Set gnupg_cv_have_readline. - * configure.ac: Add readline support to summary output. - -2014-03-11 NIIBE Yutaka - - agent: API change of agent_key_from_file. - * agent/findkey.c (agent_key_from_file): Always return S-expression. - * agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO. - (cmd_export_key): Likewise. Free SHADOW_INFO. - (cmd_keytocard): Likewise. Release S_SKEY. - * agent/pkdecrypt.c (agent_pkdecrypt): Likewise. - * agent/pksign.c (agent_pksign_do): Likewise. Use the S-expression to - know the key type. - -2014-03-10 Werner Koch - - Backport useful code from fixes for bug 1447. - * configure.ac: Cehck for inet_ntop. - * m4/libcurl.m4: Provide a #define for the version of the curl - library. - - scd: acquire lock in new_reader_slot. - * scd/apdu.c (new_reader_slot): Acquire lock. - (open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped) - (open_ccid_reader, open_rapdu_reader): Release lock. - (lock_slot, trylock_slot, unlock_slot): Move more to the top. - - Do not require libiconv for Android. - * configure.ac (require_iconv): New. Set to false for android. - (AM_ICONV): Run only if required. - -2014-03-07 Werner Koch - - dirmmgr: Use a portability wrapper for struct timeval. - * dirmngr/dirmngr_ldap.c [W32]: Include winber.h. - (my_ldap_timeval_t): New. - - Silence more warnings about unused vars and args. - * dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var. - * dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/. - * dirmngr/dirmngr.c (w32_service_control): Mark unused args. - (call_real_main): New. - (main) [W32]: Use new function to match prototype. - (real_main) [W32]: Mark unused vars. - (handle_signal) [W32]: Do not build the function at all. - (handle_connections) [W32]: Do not define signo. - * dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars. - * g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined. - - dirmngr: Simplify strtok macro. - * dirmngr/ldap-url.c (ldap_utf8_strtok): Remove unused r3d arg. - (ldap_str2charray): Remove lasts. - - Use attribute __gnu_printf__ also in estream header files. - * common/estream-printf.h: Use attribute gnu_printf. - * common/estream.h: Ditto. - - Use attribute __gnu_printf__ with our estream-printf functions. - * common/mischelp.h (JNLIB_GCC_A_PRINTF): Use __gnu_printf__ - (JNLIB_GCC_A_NR_PRINTF): Ditto. - - w32: Silence warnings about unused vars. - * agent/gpg-agent.c (main) [W32]: Mark unused vars. - * sm/gpgsm.c (run_protect_tool) [W32]: Ditto. - * g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto. - * scd/scdaemon.c (main) [W32]: Ditto. - (handle_connections) [W32]: Ditto. - (handle_signal) [W32]: Do not build the function at all. - * scd/apdu.c (pcsc_send_apdu_direct): Ditto. - (connect_pcsc_card): s/long/pcsc_dword_t/. - (open_pcsc_reader_direct): Remove var listlen. - - w32: Fix a potential problem in gpgconf's gettext. - * tools/gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Make sure - to return something even DOMAIN is not given. - - Silence several warnings when building under Windows. - * agent/call-scd.c (start_scd): Replace int by assuan_fd_t. - (start_pinentry): Ditto. - * common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t. - * common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for - prototypes on Windows and some other platforms. - * common/logging.c (fun_writer): Declare addrbuf only if needed. - * g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented. - * g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server - mode. - * g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD - by -1 as temporary hack for Windows. - * g10/export.c (do_export): Ditto. - * g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto. - * g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto. - * g10/server.c (cmd_verify, gpg_server) [W32]: Return an error. - - w32: Include winsock2.h to silence warnings. - - gl: Avoid warning about shadowing an arg. - * gl/setenv.c (KNOWN_VALUE): s/value/_v/. - - common: Fix build problem with Sun Studio compiler. - * common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy - functions. - (ESTREAM_MUTEX_INITIALIZE): Ditto. - - gpg: Do not require a trustdb with --always-trust. - * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE. - * g10/trustdb.c (trustdb_args): Add field no_trustdb. - (init_trustdb): Set that field. - (revalidation_mark): Take care of a nonexistent trustdb file. - (read_trust_options): Ditto. - (tdb_get_ownertrust): Ditto. - (tdb_get_min_ownertrust): Ditto. - (tdb_update_ownertrust): Ditto. - (update_min_ownertrust): Ditto. - (tdb_clear_ownertrusts): Ditto. - (tdb_cache_disabled_value): Ditto. - (tdb_check_trustdb_stale): Ditto. - (tdb_get_validity_core): Ditto. - * g10/gpg.c (main): Do not create a trustdb with most commands for - trust-model always. - - gpg: Print a "not found" message for an unknown key in --key-edit. - * g10/keyedit.c (keyedit_menu): Print message. - - gpg: Protect against rogue keyservers sending secret keys. - * g10/options.h (IMPORT_NO_SECKEY): New. - * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new - flag. - * g10/import.c (import_secret_one): Deny import if flag is set. - - agent: Fix UPDATESTARTUPTTY for ssh. - * agent/command-ssh.c (setup_ssh_env): Fix env setting. - - gpgv: Init Libgcrypt to avoid syslog warning. - * g10/gpgv.c (main): Check libgcrypt version and disable secure - memory. - - Improve libcurl detection. - * m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been - given. Suggested by John Marshall. - - gpg: Remove legacy keyserver examples from the template conf file. - * g10/options.skel: Update. - - (cherry picked from commit f3c5cc8bcd37e38b5d65db6a50466e22d03d1f0c) - - w32: Define WINVER only if needed. - * common/sysutils.c (WINVER): Define only if less that 5.0. - - w32: Remove unused code. - * jnlib/w32-reg.c (write_w32_registry_string): Remove. - - agent: Make --allow-mark-trusted the default. - * agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted. - Put this option into the gpgconf-list. - (main): Enable opt.allow_mark_trusted by default. - * tools/gpgconf-comp.c (gc_options_gpg_agent): Replace - allow-mark-trusted by no-allow-mark-trusted. - - * agent/trustlist.c (agent_marktrusted): Always set the "relax" flag. - - ssh: Add support for Putty. - * agent/gpg-agent.c [W32]: Include Several Windows header. - (opts): Change help text for enable-ssh-support. - (opts, main): Add option --enable-putty-support - (putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32. - (agent_init_default_ctrl): Add and asssert call. - (putty_message_proc, putty_message_thread): New. - (handle_connections) [W32]: Start putty message thread. - * common/sysutils.c (w32_get_user_sid): New for W32 only - * tools/gpgconf-comp.c (gc_options_gpg_agent): Add - --enable-ssh-support and --enable-putty-support. Make the - configuration group visible at basic level. - * agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only. - - agent: Fix binary vs. text mode problem in ssh. - * agent/command-ssh.c (file_to_buffer) - (ssh_handler_request_identities): Open streams in binary mode. - (start_command_handler_ssh): Factor some code out to .. - (setup_ssh_env): new function. - - Fix syntax error for building on APPLE. - * scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error. - - Ignore obsolete option --disable-keypad. - * scd/scdaemon.c (opts): Ignore --disable-keypad. - - Allow marking options as ignored. - * jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New. - (ARGPARSE_TYPE_MASK): New, for internal use. - (ARGPARSE_ignore): New. - * jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining - constants by macros. - (optfile_parse): Implement ARGPARSE_OPT_IGNORE. - (arg_parse): Exclide ignore options from --dump-options. - -2014-03-06 Werner Koch - - common: Fix recent commit 55656208. - * common/membuf.c (get_membuf_shrink): Fix use of LEN. - -2014-03-06 NIIBE Yutaka - - Fix g10/trust.c. - * g10/trust.c (register_trusted_keyid, register_trusted_key) - (update_ownertrust): Call functions with tdb_. - -2014-02-26 Werner Koch - - common: Replace all macros in strusage() returned strings. - * common/argparse.c (writechar): Remove. - (writestrings): Simplify. - (strusage): Use map_static_macro_string. - - common: New function map_static_macro_string. - * common/mapstrings.c: New. - * common/t-mapstrings.c: New. - * common/t-support.h (DIM, DIMof): Define if not defined. - * common/Makefile.am: Add new files. - - common: New function get_membuf_shrink. - * common/membuf.c (get_membuf_shrink): New. - - agent: Fixed unresolved symbol under Windows. - * agent/gpg-agent.c (main): s/ttyname/gnupg_ttyname/. - - common: Require an installed libiconv. - * common/utf8conv.c: Remove dynload.h. - (load_libiconv): Remove. Remove all calls to it. - -2014-02-10 Werner Koch - - gpg: Silent more compiler warnings due to some configure options. - * g10/keygen.c (generate_keypair, gen_card_key) - (gen_card_key_with_backup) [!ENABLE_CARD_SUPPORT]: Mark unused args. - - tests: Avoid segv if dns cert lookup is not configured. - * common/dns-cert.c (get_dns_cert) [!USE_DNS_CERT]: Reset return args. - - gpg: Cleanup compiler warnings due to some configure options. - * g10/photoid.c (show_photos) [DISABLE_PHOTO_VIEWER]: Mark args as - unused. - * tools/gpgconf-comp.c (my_dgettext): Mark DOMAIN as unused if NLS is - not configured. - - gpg: Allow building without any trust model support. - * configure.ac: Add option --disable-trust-models - (NO_TRUST_MODELS): New ac_define and am_conditional. - * g10/Makefile.am (trust_source): New. - (gpg2_SOURCES): Factor some files out to above. Add trust.c. - * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, - --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, - --list-trustdb, --trustdb-name, --auto-check-trustdb, - --no-auto-check-trustdb, and --force-ownertrust. - (parse_trust_model) [NO_TRUST_MODELS]: Do not build. - (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all - trustdb related option code. - * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", - "enable", and "disable". - * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print - "tru" record. - - * g10/trust.c: New. - * g10/trustdb.c (struct key_item): Move to trustdb.h. - (register_trusted_keyid): Rename to tdb_register_trusted_keyid. - (register_trusted_key): Rename to tdb_register_trusted_key. - (trust_letter, uid_trust_string_fixed, trust_value_to_string) - (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) - (get_ownertrust_string, get_validity_info, get_validity_string) - (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. - (mark_usable_uid_certs): Move to trust.c and make global. - (is_in_klist): Move as inline to trustdb.h. - (trustdb_check_or_update): Rename to tdb_check_or_update - (revalidation_mark): Rename to tdb_revalidation_mark. - (get_ownertrust): Rename to tdb_get_ownertrust. - (get_min_ownertrust): Rename to tdb_get_min_ownertrust. - (update_ownertrust): Rename to tdb_update_ownertrust. - (clear_ownertrusts): Rename to tdb_clear_ownertrusts. - (cache_disabled_value): Rename to tdb_cache_disabled_value. - (check_trustdb_stale): Rename to tdb_check_trustdb_stale. - (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and - factor some code out to ... - * trust.c (get_validity): ...new. - (check_or_update_trustdb): New wrapper. - (revalidation_mark): New wrapper. - (get_ownertrust): New wrapper. - (get_ownertrust_with_min): New wrapper. - (update_ownertrust): New wrapper. - (clear_ownertrusts): New wrapper. - (cache_disabled_value): New wrapper. - (check_trustdb_stale): New wrapper. - - * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead - of --always-trust. - - tests: Handle disabled algorithms. - * tests/openpgp/mds.test: Skip disabled algorithms. - * tests/openpgp/signencrypt-dsa.test: Ditto. - * tests/openpgp/sigs-dsa.test: Ditto. - -2014-02-07 Werner Koch - - Silence annoying ABI change warning. - * configure.ac [GCC]: Pass -Wno-psabi for gcc >= 4.6. Avoid some gcc - option tests for gcc >= 4.6 - - Allow disabling of card support. - * configure.ac: Add option --disable-card-support. Also add - am_conditional and do not build scd if card support is enabled. - - gpg: List only available algos in --gen-key. - * g10/keygen.c (ask_algo, ask_curve): Take care of GPG_USE_. - - gpg: Change --print-mds to output enabled OpenPGP algos. - * g10/gpg.c (print_mds): Use opengpg_md_test_algo. Test also for MD5 - availibility. - - gpg: Avoid compiler warnings for disabled algos. - * g10/misc.c (map_cipher_openpgp_to_gcry): Add case for disabled algo. - (openpgp_pk_test_algo2): Ditto. - (map_md_openpgp_to_gcry): Ditto. - -2014-02-05 Werner Koch - - gpg: Change format for the key size in --list-key and --edit-key. - * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode. - * g10/options.h (struct opt): Add field legacy_list_mode. - * g10/keydb.h (PUBKEY_STRING_SIZE): New. - * g10/keyid.c (pubkey_string): New. - * g10/import.c (import_one, import_secret_one): Use pubkey_string. - * g10/keylist.c (print_seckey_info): Ditto. - (print_pubkey_info, print_card_key_info): Ditto. - (list_keyblock_print): Ditto. - * g10/mainproc.c (list_node): Ditto. - * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto. - * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the - format. - (show_basic_key_info): Ditto. - * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519". - (openpgp_oid_to_curve): Downcase "ed25519" - -2014-01-31 Werner Koch - - gpg: Add configure options to disable algorithms. - * acinclude.m4 (GNUPG_GPG_DISABLE_ALGO): New. - * configure.ac: Add --enable-gpg-* options to disable non MUS - algorithms. - * g10/misc.c (map_cipher_openpgp_to_gcry): Implement these options. - (openpgp_pk_test_algo2): Ditto. - (map_md_openpgp_to_gcry): Ditto. - (openpgp_cipher_test_algo, openpgp_md_test_algo): Simplify. - - gpg: Improve --version algo info output. - * g10/misc.c (openpgp_pk_algo_name): Return a different string for - each ECC algorithm. - * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the - different algo type enums. - (build_list_pk_algo_name): Ditto. - (build_list_cipher_test_algo): Ditto. - (build_list_cipher_algo_name): Ditto. - (build_list_md_test_algo): Ditto. - (build_list_md_algo_name): Ditto. - (my_strusage): Use them. - (list_config): Ditto. Add "pubkeyname". - (build_list): Add letter==1 hack. - - gpg: Start using OpenPGP digest algo ids. - * g10/misc.c (print_pubkey_algo_note): Use enum typedef for the arg. - (print_cipher_algo_note): Ditto. - (print_digest_algo_note): Ditto. - (map_md_openpgp_to_gcry): New. - (openpgp_md_test_algo): Rewrite. - (openpgp_md_algo_name): Rewrite to do without Libgcrypt. - * g10/cpr.c (write_status_begin_signing): Remove hardwired list of - algo ranges. - - gpg: Use only OpenPGP cipher algo ids. - * g10/misc.c (map_cipher_openpgp_to_gcry): Use explicit mapping and - use enums for the arg and return value. - (map_cipher_gcry_to_openpgp): Ditto. - (openpgp_cipher_blocklen): Use constant macros. - (openpgp_cipher_test_algo): Use mapping function and prepare to - disable algorithms. - (openpgp_cipher_algo_name): Do not use Libgcrypt. - - * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Replace - CGRY_CIPHER_* by CIPHER_ALGO_*. - - * common/openpgpdefs.h (cipher_algo_t): Remove unused - CIPHER_ALGO_DUMMY. - -2014-01-30 Werner Koch - - gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id. - * common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a - string. - * g10/keygen.c (check_keygrip): Adjust for change. - * sm/certreqgen-ui.c (check_keygrip): Likewise. - - * agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry. - - * g10/misc.c (map_pk_openpgp_to_gcry): Remove. - (openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2. - (openpgp_pk_test_algo2): Rewrite. - (openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA. - (openpgp_pk_algo_name): Rewrite to remove need for gcry calls. - (pubkey_get_npkey, pubkey_get_nskey): Ditto. - (pubkey_get_nsig, pubkey_get_nenc): Ditto. - * g10/keygen.c(do_create_from_keygrip): Support EdDSA. - (common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto. - * g10/build-packet.c (do_key): Ditto. - * g10/export.c (transfer_format_to_openpgp): Ditto. - * g10/getkey.c (cache_public_key): Ditto. - * g10/import.c (transfer_secret_keys): Ditto. - * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto. - * g10/mainproc.c (proc_pubkey_enc): Ditto. - * g10/parse-packet.c (parse_key): Ditto, - * g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto. - * g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name. - * g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only - OpenPGP algo ids and support EdDSA. - * g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids. - * g10/seskey.c (encode_md_value): Ditto. - -2014-01-29 Werner Koch - - gpg: Remove cipher.h and put algo ids into a common file. - * common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t) - (compress_algo_t): New. - * agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h. - * g10/cipher.h (DEK): Move to ... - * g10/dek.h: new file. - * g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA) - (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC) - (PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT) - (PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to - * g10/packet.h: here. - * g10/cipher.h: Remove. Remove from all files. - * g10/filter.h, g10/packet.h: Include dek.h. - * g10/Makefile.am (common_source): Remove cipher.h. Add dek.h. - - include: Remove this directory. - * include/cipher.h: Move to ... - * g10/cipher.h: here. - * agent/gpg-agent.c: Adjust header file name. - - * include/host2net.h: Move to ... - * common/host2net.h: here. Change license to LGPLv3/GPLv2. Adjust - notices to reflect that only me worked on that file. - - * include/types.h: Remove. - * common/types.h: Include inttypes.h. Add byte typedef and comments - for __riscos__. - * common/iobuf.h: Adjust header file name. - - * include/_regex.h: Remove this unused file. - - * include/Makefile.am: Remove. - * Makefile.am (SUBDIRS): Remove "include". - * configure.ac (AC_CONFIG_FILES): Remove include/Makefile. - * include/ChangeLog-2011: Move to ... - * common/ChangeLog-2011.include: here. - * common/Makefile.am (EXTRA_DIST): Add file. - - * include/zlib-riscos.h: Move this repo only file to ... - * g10/zlib-riscos.h: here. - - * include/: Remove. - -2014-01-17 Werner Koch - - Remove unused u64 type definitions. - * configure.ac: Remove check for uint64 and UINT64_C. - * include/types.h: Remove u64 stuff. - * common/types.h: Ditto. - -2014-01-16 NIIBE Yutaka - - agent: Not remove SSH socket when already running. - * agent/gpg-agent.c (main): Defer setting of socket_name_ssh to avoid - removal of the socket when it will die in create_server_socket for - socket_name. - - agent: Fix agent_is_eddsa_key. - * agent/findkey.c (agent_is_eddsa_key): Implemented. - -2014-01-15 NIIBE Yutaka - - Add secp256k1. - * common/openpgp-oid.c (openpgp_curve_to_oid): Add secp256k1. - (openpgp_oid_to_curve): Likewise. - - * g10/keygen.c (ask_curve): Add secp256k1. - -2014-01-10 Werner Koch - - autogen.sh: Add rule for 64 bit windows. - - Turn autogen.sh into a generic script. - * autogen.sh: Revamp. - * autogen.rc: New. - * Makefile.am (EXTRA_DIST): Add autogen.rc. - - Rename scripts/ to build-aux/ - * scripts/: Rename to build-aux/ - * Makefile.am: Adjust accordingly. - * configure.ac (AC_CONFIG_AUX_DIR): Change to build-aux. - -2014-01-09 Werner Koch - - Improve the speedo make script. - * scripts/gpg-w32-dev/README: Remove - * scripts/gpg-w32-dev/GNUmakefile, scripts/gpg-w32-dev/speedo.mk: - Merge into .. - * scripts/speedo.mk: this. - - gpgsplit: Allow building without zlib support. - * tools/gpgsplit.c [!HAVE_ZLIB]: Do not include zlib.h. - (handle_zlib): Build only if HAVE_ZLIB is defined. - (write_part): Support zlib and zip only if HAVE_ZLIB is defined. - - w32: Fix backslash quoting in registry name. - * configure.ac (GNUPG_REGISTRY_DIR): Double backslashes. - - Fix test for zlib. - * configure.ac (HAVE_ZLIB): Define only if found. - - Add --enable-silent-rules stuff. - * configure.ac: Add AM_SILENT_RULES. - -2014-01-08 Werner Koch - - w32: Add macro for the registry key. - * configure.ac (GNUPG_REGISTRY_DIR) [W32]: New ac-define. - * common/homedir.c (default_homedir): Use it. - * common/logging.c (do_logv): Use it. + scd: Skip S/N reading for the "undefined" application. + * scd/app.c (select_application): Skip serial number reading. 2013-12-11 Werner Koch @@ -4168,19 +654,15 @@ * g10/mainproc.c (proc_encrypted): Remove show_session_key code. * g10/decrypt-data.c (decrypt_data): Add new show_session_key code. -2013-12-05 Werner Koch - - gpg: Change OID of Ed25519 and add Brainpool oids. - * common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for - Ed25519. Add brainpool OIDs. - (openpgp_oid_to_curve): Ditto. +2013-11-27 Werner Koch -2013-11-29 Werner Koch + Silence annoying ABI change warning. + * configure.ac [GCC]: Pass -Wno-psabi for gcc >= 4.6. Avoid some gcc + option tests for gcc >= 4.6 - common: Add put_membuf_printf. - * common/membuf.c (put_membuf_printf): New. - -2013-11-27 Werner Koch + scd: Fix two compiler warnings. + * scd/apdu.c (pcsc_vendor_specific_init): Add suggested parens. + * scd/ccid-driver.c (ccid_get_atr): Cast DEBUGOUT_1 arg to int. gpg: Change armor Version header to emit only the major version. * g10/options.h (opt): Rename field no_version to emit_version. @@ -4189,82 +671,12 @@ * g10/armor.c (armor_filter): Implement different --emit-version values. -2013-11-18 Werner Koch - - Make use of the *_NAME etc macros. - Replace hardwired strings at many places with new macros from config.h - and use the new strusage macro replacement feature. - - * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn - sentinels. - * agent/command.c (cmd_import_key): Use asprintf to create the prompt. - - Add strusage macro replacement feature. - * common/argparse.c (writechar): New. - (writestrings): Add macro replacement feature. - (show_help): Remove specialized @EMAIL@ replacement. - * configure.ac (GNUPG_NAME, GPG_NAME, GPGSM_NAME): Define. - (GPG_AGENT_NAME, DIRMNGR_NAME, G13_NAME, GPGCONF_NAME): Define. - (GPGTAR_NAME, GPG_AGENT_INFO_NAME, GPG_AGENT_SOCK_NAME): Define. - (GPG_AGENT_SSH_SOCK_NAME, DIRMNGR_INFO_NAME): Define. - (DIRMNGR_SOCK_NAME): Define. - 2013-11-15 Werner Koch - kbx: Implement update operation for OpenPGP keyblocks. - * kbx/keybox-update.c (keybox_update_keyblock): Implement. - * kbx/keybox-search.c (get_blob_flags): Move to ... - * kbx/keybox-defs.h (blob_get_type): here. - * kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB. - * g10/keydb.c (build_keyblock_image): Allow calling without - R_SIGSTATUS. - (keydb_update_keyblock): Implement for keybox. - - * kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed - size. Print "does not expire" also on 64 bit platforms. - - gpg: Rework ECC support and add experimental support for Ed25519. - * agent/findkey.c (key_parms_from_sexp): Add algo name "ecc". - (agent_is_dsa_key): Ditto. - (agent_is_eddsa_key): New. Not finished, though. - * agent/pksign.c (do_encode_eddsa): New. - (agent_pksign_do): Use gcry_log_debug functions. - * agent/protect.c (agent_protect): Parse a flags parameter. - * g10/keygen.c (gpg_curve_to_oid): Move to ... - * common/openpgp-oid.c (openpgp_curve_to_oid): here and rename. - (oid_ed25519): New. - (openpgp_oid_is_ed25519): New. - (openpgp_oid_to_curve): New. - * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New. - * g10/build-packet.c (gpg_mpi_write): Write the length header also for - opaque MPIs. - (gpg_mpi_write_nohdr): New. - (do_key): Use gpg_mpi_write_nohdr depending on algorithm. - (do_pubkey_enc): Ditto. - * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use - gpg_mpi_write_nohdr. - * g10/export.c (transfer_format_to_openpgp): - * g10/keygen.c (ecckey_from_sexp): Return the error. - (gen_ecc): Repalce arg NBITS by CURVE. - (read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve". - (ask_curve): New. - (generate_keypair, generate_subkeypair): Use ask_curve. - (do_generate_keypair): Also pass curve name. - * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print - curve name. - * g10/parse-packet.c (mpi_read): Remove workaround for - Libcgrypt < 1.5. - (parse_key): Fix ECC case. Print the curve name. - * g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp. - (pk_verify, pk_check_secret_key): Add special case for Ed25519. - * g10/seskey.c (encode_md_value): Ditto. - * g10/sign.c (do_sign, hash_for, sign_file): Ditto. - - kbx: Fix possible segv in kbxdump. - * kbx/keybox-dump.c (_keybox_dump_blob): Check length before get32. - - Require Libgcrypt 1.6. - * agent/pksign.c (do_encode_dsa): Remove Libgcrypt version check + common: Fix build problem with Sun Studio compiler. + * common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy + functions. + (ESTREAM_MUTEX_INITIALIZE): Ditto. 2013-11-13 NIIBE Yutaka @@ -4285,19 +697,6 @@ scd: pinpad fix for PC/SC on Windows. * scd/apdu.c (SCARD_CTL_CODE): Fix for Windows. -2013-10-28 Werner Koch - - doc: Change yat2m to allow arbitrary condition names. - * doc/yat2m.c (MAX_CONDITION_NESTING): New. - (gpgone_defined): Remove. - (condition_s, condition_stack, condition_stack_idx): New. - (cond_is_active, cond_in_verbatim): New. - (add_predefined_macro, set_macro, macro_set_p): New. - (evaluate_conditions, push_condition, pop_condition): New. - (parse_file): Rewrite to use the condition stack. - (top_parse_file): Set prefined macros. - (main): Change -D to define arbitrary macros. - 2013-10-25 NIIBE Yutaka scd: fix pinpad input on Windows. @@ -4322,8 +721,75 @@ * scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin length. +2013-10-11 Werner Koch + + gpg: Do not require a trustdb with --always-trust. + * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE. + * g10/trustdb.c (trustdb_args): Add field no_trustdb. + (init_trustdb): Set that field. + (revalidation_mark): Take care of a nonexistent trustdb file. + (read_trust_options): Ditto. + (get_ownertrust): Ditto. + (get_min_ownertrust): Ditto. + (update_ownertrust): Ditto. + (update_min_ownertrust): Ditto. + (clear_ownertrusts): Ditto. + (cache_disabled_value): Ditto. + (check_trustdb_stale): Ditto. + (get_validity): Ditto. + * g10/gpg.c (main): Do not create a trustdb with most commands for + trust-model always. + + gpg: Fix --version output and explicitly disable ECC. + * g10/misc.c (openpgp_pk_algo_name): New. Replace all calls in g10/ + to gcry_pk_algo_name by a call to this function. + (map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG. + (openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of + GCRY_PK_ELG_E. Return an error for ECC algos. + (openpgp_pk_test_algo2): Return an error for ECC algos. + * g10/gpg.c (build_list): Avoid printing ECC two times. + * include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*. + +2013-10-04 Werner Koch + + Release 2.0.22. + + doc: Update from master. + + gpg: Print a "not found" message for an unknown key in --key-edit. + * g10/keyedit.c (keyedit_menu): Print message. + + gpg: Kludge not to bail out on ECC if build with Libgcrypt 1.6. + * g10/misc.c (print_pubkey_algo_note): Map the algo. + (openpgp_pk_test_algo, openpgp_pk_test_algo2): Ditto. + (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig) + (pubkey_get_nenc): Return 0 for ECC algorithms. + + po: Update Czech translation. + + gpg: Protect against rogue keyservers sending secret keys. + * g10/options.h (IMPORT_NO_SECKEY): New. + * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new + flag. + * g10/import.c (import_secret_one): Deny import if flag is set. + +2013-10-04 Daniel Kahn Gillmor + + gpg: Allow setting of all zero key flags. + * g10/keygen.c (do_add_key_flags): Do not check for empty key flags. + (cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151) + 2013-10-04 Werner Koch + gpg: Distinguish between missing and cleared key flags. + * include/cipher.h (PUBKEY_USAGE_NONE): New. + * g10/getkey.c (parse_key_usage): Set new flag. + + keyserver: Allow use of cURL's default CA store. + * keyserver/gpgkeys_curl.c (main): Set CURLOPT_CAINFO only if a file + has been given. + * keyserver/gpgkeys_hkp.c (main): Ditto. + gpg: Limit the nesting level of I/O filters. * common/iobuf.c (MAX_NESTING_FILTER): New. (iobuf_push_filter2): Limit the nesting level. @@ -4343,29 +809,27 @@ (do_proc_packets): Check packet nesting depth. Handle errors from check_compressed. -2013-09-08 Werner Koch +2013-09-18 Marcus Brinkmann - Switch to deterministic DSA. - * agent/pksign.c (rfc6979_hash_algo_string): New. - (do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979. + 2009-11-10 Marcus Brinkmann + * server.c (cmd_getauditlog): Don't dup FD for es_fdopen_nc as + this leaks the FD here. -2013-08-30 Werner Koch + (cherry picked from commit b3cda3f45cdbf3c66538589c7e108cbf73adc850) - scd: Suppress gcc warning about possible uninitialized use. - * scd/app-nks.c (parse_pwidstr): Always init r_pwid. + Resolved Conflicts: + sm/ChangeLog-2011 - Removed. + + GnuPG-bug-id: 1535 + +2013-08-30 Werner Koch gpg: Use 2048 as the default keysize in batch mode. * g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to 2048. gpgtar: Fix building for systems with a separate libintl. - * tools/Makefile.am (gpgtar_LDADD): Add LIBINTL and LIBICONV. - - scd: Use vendor and product id macros also in apdu.c. - * scd/ccid-driver.c: Move vendor and product ids to ... - * scd/ccid-driver.h: here. - * scd/apdu.c (CCID_DRIVER_INCLUDE_USB_IDS): Define to include ids. - (pcsc_vendor_specific_init): Use vendor and product id macros. + * tools/Makefile.am (gpgtar_LDADD): Add LIBINTL. 2013-08-30 NIIBE Yutaka @@ -4387,41 +851,6 @@ scd: add support for RSA_CRT and RSA_CRT_N key import. * scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support. -2013-08-29 Werner Koch - - kbx: Add a few macros for easier readability. - * kbx/keybox-update.c (FILECOPY_INSERT) - (FILECOPY_DELETE, FILECOPY_UPDATE): New macros. Replace numbers by - them. - -2013-08-28 Werner Koch - - Fix commit 04e2c83f. - * agent/command-ssh.c (stream_read_string): Do not assign to a NULL - ptr. - - gpg: Make decryption with the OpenPGP card work. - * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New. - * scd/app-openpgp.c (do_decipher): Add arg R_INFO. - * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy. - * scd/app.c (app_decipher): Add arg R_INFO. - * scd/command.c (cmd_pkdecrypt): Print status line "PADDING". - * agent/call-scd.c (padding_info_cb): New. - (agent_card_pkdecrypt): Add arg R_PADDING. - * agent/divert-scd.c (divert_pkdecrypt): Ditto. - * agent/pkdecrypt.c (agent_pkdecrypt): Ditto. - * agent/command.c (cmd_pkdecrypt): Print status line "PADDING". - * g10/call-agent.c (padding_info_cb): New. - (agent_pkdecrypt): Add arg R_PADDING. - * g10/pubkey-enc.c (get_it): Use padding info. - - agent: Fix two compiler warnings. - * agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu - in format string. - * scd/ccid-driver.c (ccid_get_atr): Ditto. - * agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to - avoid maybe_unitialized warning. - 2013-08-27 NIIBE Yutaka scd: fix parsing login-data DO. @@ -4441,10 +870,38 @@ (check_pcsc_pinpad): Set it. (pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532. - scd: Improve --enable-pinpad-varlen. - * tools/gpgconf-comp.c (gc_options_scdaemon): Add - enable-pinpad-varlen. - * scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader. + (cherry picked from commit 5c5e52df4b92e23045ac87abac09357de58920d4) + + scd: Improve --enable-pinpad-varlen. + * tools/gpgconf-comp.c (gc_options_scdaemon): Add + enable-pinpad-varlen. + * scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader. + + (cherry picked from commit 7bde2bf3b0ddb5d3515a44879e1a7ddb581a5c0b) + +2013-08-19 Werner Koch + + Release 2.0.21. + + Require libgpg-error 1.11. + * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11. + * common/util.h: Remove GPG_ERR_ replacements. + +2013-08-19 Jakub Bogusz + + Update the Polish translation. + +2013-08-19 Werner Koch + + agent: Fix UPDATESTARTUPTTY for ssh. + * agent/command-ssh.c (setup_ssh_env): Fix env setting. + + tests: Make sure not to create files outside the build directory. + * tests/openpgp/Makefile.am (./gpg_dearmor): Add option --homedir. + + gpgv: Init Libgcrypt to avoid syslog warning. + * g10/gpgv.c (main): Check libgcrypt version and disable secure + memory. 2013-08-08 Werner Koch @@ -4460,6 +917,15 @@ output. (cmd_keyinfo): Add options --ssh-list and --with-ssh. +2013-08-06 Werner Koch + + Improve libcurl detection. + * m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been + given. Suggested by John Marshall. + + gpg: Remove legacy keyserver examples from the template conf file. + * g10/options.skel: Update. + 2013-08-02 Werner Koch gpg: No need to create a trustdb when encrypting with --always-trust. @@ -4467,99 +933,149 @@ 2013-08-01 Werner Koch - w32: Fix recent patch 9ff72e4. - * common/homedir.c (check_portable_app): Fix the name of the control - file. - - agent: Include missing prototype. - * agent/protect.c: Include cvt-openpgp.h. - w32: Add code to support a portable use of GnuPG. * common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New. (check_portable_app) [W32]: New. (standard_homedir, default_homedir) [W32]: Support the portable flag. (w32_rootdir, w32_commondir) [W32]: Ditto. - (gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto. - * common/logging.h (JNLIB_LOG_NO_REGISTRY): New. - * common/logging.c (no_registry): New variable. - (log_set_prefix, log_get_prefix): Set/get that variable. - (do_logv): Do not check the registry if that variable is set. + (gnupg_bindir) [W32]: Ditto. + + w32: Always require libiconv. + * configure.ac (missing_iconv): Set and die if we have no libiconv. + * m4/iconv.m4: Update from libiconv 1.14. + * tools/Makefile.am (gpgtar_LDADD): Add LIBICONV. + * jnlib/utf8conv.c: Always include iconv.h + (load_libiconv): Remove this w32 only function. + (iconv_open, iconv, iconv_close): Remove W32 function pointer. + (set_native_charset): Do not call load_libiconv. + (jnlib_iconv_open, jnlib_iconv, jnlib_iconv_close): Ditto. + + w32: Remove unused code. + * jnlib/w32-reg.c (write_w32_registry_string): Remove. + +2013-07-03 Werner Koch + + Update the German translation. + + agent: Make --allow-mark-trusted the default. + * agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted. + Put this option into the gpgconf-list. + (main): Enable opt.allow_mark_trusted by default. + * tools/gpgconf-comp.c (gc_options_gpg_agent): Replace + allow-mark-trusted by no-allow-mark-trusted. - Silence compiler warning about deprecated Libgcrypt symbols. + * agent/trustlist.c (agent_marktrusted): Always set the "relax" flag. + + Update the German translation. + + ssh: Add support for Putty. + * agent/gpg-agent.c [W32]: Include Several Windows header. + (opts): Change help text for enable-ssh-support. + (opts, main): Add option --enable-putty-support + (putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32. + (agent_init_default_ctrl): Add and asssert call. + (putty_message_proc, putty_message_thread): New. + (handle_connections) [W32]: Start putty message thread. + * common/sysutils.c (w32_get_user_sid): New for W32 only + * tools/gpgconf-comp.c (gc_options_gpg_agent): Add + --enable-ssh-support and --enable-putty-support. Make the + configuration group visible at basic level. + * agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only. + + agent: Fix binary vs. text mode problem in ssh. + * agent/command-ssh.c (file_to_buffer) + (ssh_handler_request_identities): Open streams in binary mode. + (start_command_handler_ssh): Factor some code out to .. + (setup_ssh_env): new function. + + Silence deprecated warnings from gcc 4.6.3. * configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED. - dirmngr: Define missing LDAP constant. - * dirmngr/ldap-url.c (LDAP_SCOPE_DEFAULT): Define if missing. + estream: Backport es_fopemem_init from master. + * common/estream.c (es_fopenmem_init): New. + +2013-07-01 Werner Koch + + ssh: Mark unused arg. + * agent/command-ssh.c (ssh_signature_encoder_ecdsa): Cast spec to + void. + + ssh: Support ECDSA keys. + * agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New. + (struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO. + (ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}. + (ssh_signature_encoder_t): Add arg spec and adjust all callers. + (ssh_signature_encoder_ecdsa): New. + (sexp_key_construct, sexp_key_extract, ssh_receive_key) + (ssh_convert_key_to_blob): Support ecdsa. + (ssh_identifier_from_curve_name): New. + (ssh_send_key_public): Retrieve and pass the curve_name. + (key_secret_to_public): Ditto. + (data_sign): Add arg SPEC and change callers to pass it. + (ssh_handler_sign_request): Get the hash algo from SPEC. + * common/ssh-utils.c (get_fingerprint): Support ecdsa. + + * agent/protect.c (protect_info): Add flag ECC_HACK. + (agent_protect): Allow the use of the "curve" parameter. + * agent/t-protect.c (test_agent_protect): Add a test case for ecdsa. + + * agent/command-ssh.c (ssh_key_grip): Print a better error code. + + estream: New function es_fclose_snatch. + * common/estream.c (cookie_ioctl_function_t): New type. + (es_fclose_snatch): New function. + (COOKIE_IOCTL_SNATCH_BUFFER): New constant. + (struct estream_internal): Add field FUNC_IOCTL. + (es_initialize): Clear FUNC_IOCTL. + (es_func_mem_ioctl): New function. + (es_fopenmem): Init FUNC_IOCTL. + + ssh: Rewrite a function for better maintainability. + * agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite. + + ssh: Improve key lookup for many keys. + * agent/command-ssh.c: Remove dirent.h. + (control_file_s): Add struct item. + (rewind_control_file): New. + (search_control_file): Factor code out to ... + (read_control_file_item): New. + (ssh_handler_request_identities): Change to iterate over entries in + sshcontrol. + + ssh: Cleanup sshcontrol file access code. + * agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace + the direct use of the string. + (struct control_file_s, control_file_t): New. + (open_control_file, close_control_file): New. Use them instead of + using fopen/fclose directly. + + ssh: Do not look for a card based ssh key if scdaemon is disabled. + * agent/command-ssh.c (ssh_handler_request_identities): Do not call + card_key_available if the scdaemon is disabled. + + ssh: Make the mode extension "x" portable by a call to es_fopen. + * agent/command-ssh.c (open_control_file): Use_es_fopen to support + the "wx" mode flag. + +2013-05-11 Werner Koch + + Fix syntax error for building on APPLE. + * scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error. + +2013-05-10 Werner Koch + + Release 2.0.20. - scd: Fix a syntax error for Apple and Windows. - * scd/apdu.c (pcsc_dword_t) [W32]: Fix syntax error. + Update gpg-error, libgcrypt, and ksba m4 scripts. + * m4/gpg-error.m4: Update from libgpg-error repo. + * m4/ksba.m4: Likewise. + * m4/libgcrypt.m4: Likewise. - common: Fix a build error when using adns. - * common/dns-cert.c (get_dns_cert) [USE_ADNS]: Fix synatx error. +2013-05-10 Yuri Chornoivan -2013-07-31 Werner Koch - - common: Comment out unused code. - * common/w32-reg.c (write_w32_registry_string): Comment out. - - dirmngr: Remove unused file. - * dirmngr/get-path.c: Remove. - -2013-06-27 Werner Koch - - sm: Remove cruft from source files. - * sm/keydb.c, sm/keydb.h: Remove disabled code parts. - - Prepare for newer automake versions. - * configure.ac (AM_INIT_AUTOMAKE): Replace 2 argument form by the - option form. Add options from the top Makefile. - (AM_CONFIG_HEADER): Rename to AC_CONFIG_HEADER. - * Makefile.am (AUTOMAKE_OPTIONS): Remove. - - * kbx/Makefile.am: Remove INCLUDES. Include cmacros.am. FActor some - AM_CPPFLAGS options to AM_CFLAGS. - -2013-06-26 Werner Koch - - Fix Makefile regression. - * agent/Makefile.am (gpg_agent_DEPENDENCIES): Remove cruft from wrong - resolve conflict 2013-04-25. - (gpg_agent_DEPENDENCIES): Remove obsolete gpg_agent_res_deps - (gpg_agent_LDFLAGS): Remove obsolete gpg_agent_res_ldflags. - -2013-05-22 Werner Koch - - Implement unattended OpenPGP secret key import. - * agent/command.c (cmd_import_key): Add option --unattended. - * agent/cvt-openpgp.c (convert_transfer_key): New. - (do_unprotect): Factor some code out to ... - (prepare_unprotect): new function. - (convert_from_openpgp): Factor all code out to ... - (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement - openpgp-native protection modes. - (convert_from_openpgp_native): New. - * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion - * agent/protect-tool.c (convert_from_openpgp_native): Ditto. - * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all - callers. Support openpgp-native protection. - * g10/call-agent.c (agent_import_key): Add arg 'unattended'. - * g10/import.c (transfer_secret_keys): Use unattended in batch mode. - - New debug functions log_printcanon and log_printsexp. - * common/sexputil.c (sexp_to_string, canon_sexp_to_string): New. - (log_printcanon, log_printsexp): New. - - agent: Fix length detection of canonical formatted openpgp keys. - * agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to - gcry_sexp_canon_len. - - agent: New option --disable-check-own-socket. - * agent/gpg-agent.c (oDisableCheckOwnSocket): New. - (disable_check_own_socket): New. - (parse_rereadable_options): Set new option. - (check_own_socket): Implement new option. + Update Ukrainian translation. -2013-05-07 Werner Koch +2013-05-07 Werner Koch w32: Add icons and version information. * common/gnupg.ico: New. Take from artwork/gnupg-favicon-1.ico. @@ -4583,30 +1099,78 @@ * doc/gpg.texi: Fix syntax and add missing menu entries. * doc/gpgsm.texi: Fix subsectioning. +2013-04-24 Jedi + + Update helper scripts. + * compile, config.guess, config.rpath, config.sub, depcomp, + * install-sh, mdate-sh, mkinstalldirs: Update to Feb 25 versions from + gnulib. + +2013-04-24 Joe Hansen + + Update Danish translation. + * po/da.po: Update. + +2013-04-24 Jaime Suarez + + Update Spanish translation. + +2013-04-24 Werner Koch + + Update de.po and fr.po for keypad->pinpad change. + +2013-04-24 NIIBE Yutaka + + scd: Add pinpad support for REINER SCT cyberJack go. + * scd/ccid-driver.c (VENDOR_REINER, CYBERJACK_GO): New. + (ccid_transceive_secure): Handle the case for VENDOR_REINER. + Original work was by Alina Friedrichsen (tiny change). + +2013-04-23 Werner Koch + + Allow building gpgkeys_ldap with the 32 bit mingw-w64 toolchain. + * keyserver/gpgkeys_ldap.c (my_ldap_start_tls_s): Define macro + depending on compiler version. + (main): Use new macro. + 2013-04-22 Werner Koch Fix potential heap corruption in "gpg -v --version". * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. -2013-04-19 Werner Koch + Switch to the new automagic beta numbering scheme. + * configure.ac: Add all the required m4 magic. - gpgsm: Remove non-implemented commands from --help. - * sm/gpgsm.c (opts): Removed commands --clearsign, --symmetric, - --send-keys, and --recv-keys. + Update docs from master. + * doc/gpg-agent.texi: Update from master. + * doc/gpg.texi: Ditto. + * doc/gpgsm.texi: Ditto. + * doc/gpl.texi: Ditto. + * doc/yat2m.c: Ditto. -2013-04-19 Daiki Ueno + Ignore obsolete option --disable-keypad. + * scd/scdaemon.c (opts): Ignore --disable-keypad. - Make sure to call fflush if estream_t is backed with stdio. - * common/estream.c (es_func_fp_write): Call fflush after fwrite. + Allow marking options as ignored. + * jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New. + (ARGPARSE_TYPE_MASK): New, for internal use. + (ARGPARSE_ignore): New. + * jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining + constants by macros. + (optfile_parse): Implement ARGPARSE_OPT_IGNORE. + (arg_parse): Exclide ignore options from --dump-options. -2013-04-19 Werner Koch + Do not mix test result with progress lines. + This makes parsing of the results easier. Fixes bug#1400. - doc: Formatting fixes. - * doc/Makefile.am (.fig.jpg): Correct to use -L jpeg. - * doc/gpg.texi: Fix cross reference for --options. - * doc/gpgsm.texi: Likewise. - * doc/gpl.texi: Fix enumerate and re-indent examples. + * tests/openpgp/defs.inc (progress_cancel, progress_end) + (progress_new): New. + * tests/openpgp/conventional-mdc.test: Use progress functions + * tests/openpgp/conventional.test: Ditto. + * tests/openpgp/encrypt-dsa.test: Ditto. + * tests/openpgp/encrypt.test: Ditto. + * tests/openpgp/sigs.test: Ditto. 2013-04-01 NIIBE Yutaka @@ -4615,10 +1179,6 @@ * scd/Makefile.am (libexec_PROGRAMS): Add scdaemon (bin_PROGRAMS): Remove scdaemon. -2013-03-29 Werner Koch - - copyright assignments are not anymore required. - 2013-03-26 NIIBE Yutaka scd: PC/SC status fix. @@ -4634,7 +1194,7 @@ scd: call update_card_removed only when detecting removal. * scd/command.c (update_reader_status_file): Add condition - vr->status == 0. + ss->status == 0. 2013-03-22 NIIBE Yutaka @@ -4649,181 +1209,41 @@ 2013-03-21 NIIBE Yutaka - po: Enable ja.po. - * po/LINGUAS: Enable ja.po. - scd: change default value of pinpad maxlen. * scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value of maxlen for pinpad input is now 15 (was: 25). * scd/ccid-driver.c (ccid_transceive_secure): Likewise. -2013-03-20 Werner Koch - - Add code to allow for late memory cleanup. - * common/init.c (mem_cleanup_item_t): New. - (run_mem_cleanup): New. - (_init_common_subsystems): Add an atexit for it. - (register_mem_cleanup_func): New. - - * g10/kbnode.c (cleanup_registered): New. - (release_unused_nodes): New. - (alloc_node): Call register_mem_cleanup_func. - - kbx: Remove unused macro. - * kbx/keybox.h (KEYBOX_WITH_OPENPGP): Remove unused macro. - -2013-03-19 Werner Koch - - gpg: Print indicator for unknown key capability. - * g10/keylist.c (print_capabilities): Print '?' for unknown usage. - -2013-03-19 Daniel Kahn Gillmor - - gpg: Allow setting of all zero key flags. - * g10/keygen.c (do_add_key_flags): Do not check for empty key flags. - -2013-03-19 Werner Koch - - gpg: Distinguish between missing and cleared key flags. - * include/cipher.h (PUBKEY_USAGE_NONE): New. - * g10/getkey.c (parse_key_usage): Set new flag. - 2013-03-15 NIIBE Yutaka scd: ccid-driver supporting larger APDU. * scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger APDU. - scd: fix missing close paren. - * scd/app-openpgp.c (du_auth): Fix. - -2013-03-09 NIIBE Yutaka - - scd: support ECDSA signing. - * scd/app-openpgp.c (do_sign): Only prepend message digest block - for RSA or do_auth. - (do_auth): Remove message digest block for ECDSA. - -2013-03-08 NIIBE Yutaka - - scd: support ECDSA public key. - * scd/app-openpgp.c (key_type_t): New. - (CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New. - (struct app_local_s): Change keyattr to have key_type and union. - (get_ecc_key_parameters, get_curve_name): New. - (send_key_attr, get_public_key): Support ECDSA. - (build_privkey_template, do_writekey, do_genkey): Follow the change - of the member KEY_ATTR. - (parse_historical): New. - (parse_algorithm_attribute): Support ECDSA. - -2013-03-05 Werner Koch +2013-03-03 David Shaw - Require libgpg-error 1.11. - * configure.ac: Require libgpg-error 1.11. - * common/util.h (GPG_ERR_NO_KEYSERVER, GPG_ERR_INV_CURVE) - (GPG_ERR_UNKNOWN_CURVE): Remove fallback definitions. - -2013-02-28 NIIBE Yutaka - - agent: pksign result conversion to sexp to upper layer. - * agent/agent.h (divert_pksign): Add R_SIGLEN argument. - * agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN. - * agent/call-scd.c (agent_card_pksign): Move composition of - S-expression to... - * agent/pksign.c (agent_pksign_do): ... here. - -2013-02-22 Werner Koch - - Use has_leading_keyword in the assuan callbacks. - * agent/call-pinentry.c (inq_quality): Use has_leading_keyword. - * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto. - * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto. - (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto. - * g10/call-dirmngr.c (ks_put_inq_cb): Ditto. - * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto. - (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto. - (keyinfo_status_cb, inq_import_key_parms): Ditto. - * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto. - (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto. - - Remove some unused variables. - * tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused - used_components. - * agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg. - * g13/g13.c (main): Comment variable of yet unimplemented options. - - gpg: Fix a memory leak in batch key generation. - * g10/keygen.c (append_to_parameter): New. - (proc_parameter_file): Use new func to extend the parameter list. - - * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of - gcry_kdf_derive failed. - * g10/keygen.c (proc_parameter_file): Print a diagnostic if - passphrase_to_dek failed. - - gpg: Handle the agent's NEW_PASSPHRASE inquiry. - * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE. - - common: Add func has_leading_keyword. - * common/stringhelp.c (has_leading_keyword): New. - - Remove build hacks for FreeBSD. - * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and - LDFLAGS. - -2013-02-22 NIIBE Yutaka - - agent: fix two bugs. - * agent/command.c (cmd_keytocard): Decrement KEYDATALEN. - * agent/findkey.c (agent_public_key_from_file): Increment for ELEMS. - - gpg: fix keytocard and support ECC card for key attribute. - * g10/call-agent.c (agent_keytocard): Supply PARM arg. - * g10/card-util.c (card_status): Support ECC. - (card_store_subkey): Don't assume RSA. - -2013-02-21 Werner Koch - - gpg: Fix a memory leak in batch key generation. - * g10/keygen.c (append_to_parameter): New. - (proc_parameter_file): Use new func to extend the parameter list. - - * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of - gcry_kdf_derive failed. - * g10/keygen.c (proc_parameter_file): Print a diagnostic if - passphrase_to_dek failed. - - gpg: Handle the agent's NEW_PASSPHRASE inquiry. - * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE. - - common: Add func has_leading_keyword. - * common/stringhelp.c (has_leading_keyword): New. - -2013-02-20 Werner Koch - - Remove build hacks for FreeBSD. - * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and - LDFLAGS. + Differentiate between success (full or partial), not-found, and failure. + * keyserver/gpgkeys_hkp.c (get_key): Use curl_easy_setinfo to get the + HTTP status code so we can tell the difference between a successful + retrieval, a partial retrieval, a not-found, or a server failed. + + Emulate curl_easy_getinfo and CURLINFO_RESPONSE_CODE in curl-shim. + * keyserver/curl-shim.h, keyserver/curl-shim.c (curl_easy_getinfo): + New. Return the HTTP status code for the last transfer. + +2013-02-28 David Shaw + + Bring the fix for bug 739 on 1.4 over to 2.0 (bug 1479) + * http.h, http.c (http_wait_response, main): Remove + HTTP_FLAG_NO_SHUTDOWN. 2013-02-12 NIIBE Yutaka - gpg: Implement card_store_subkey again. - * g10/call-agent.h (agent_keytocard): New. - * g10/call-agent.c (agent_keytocard): New. - * g10/card-util.c (replace_existing_key_p): Returns 1 when replace. - (card_generate_subkey): Check return value of replace_existing_key_p. - (card_store_subkey): Implement again using agent_keytocard. - - agent: Add KEYTOCARD command. - * agent/agent.h (divert_writekey, agent_card_writekey): New. - * agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New. - * agent/command.c (cmd_keytocard, hlp_keytocard): New. - (register_commands): Add cmd_keytocard. - * agent/divert-scd.c (divert_writekey): New. + Japanese: minor doc update. + * doc/help.ja.txt: Update. - Japanese: update po and doc. + Japanese: updated po and doc. * doc/help.ja.txt, po/ja.po: Updated. 2013-02-08 NIIBE Yutaka @@ -4870,50 +1290,15 @@ * tools/gpgconf-comp.c (gc_options_scdaemon): Rename to disable-pinpad. -2013-02-07 Werner Koch - - gpg: Add pinentry-mode feature. - * g10/gpg.c: Include shareddefs.h. - (main): Add option --pinentry-mode. - * g10/options.h (struct opt): Add field pinentry_mode. - * g10/passphrase.c: Include shareddefs.h. - (have_static_passphrase): Take care of loopback pinentry_mode. - (read_passphrase_from_fd): Ditto. - (get_static_passphrase): New. - (passphrase_to_dek_ext): Factor some code out to ... - (emit_status_need_passphrase): new. - * g10/call-agent.c (start_agent): Send the pinentry mode. - (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a - proper error code. - (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. - (agent_pkdecrypt): Ditto. - * g10/pubkey-enc.c (get_it): Pass new args. - * g10/sign.c (do_sign): Pass new args. - - * g10/call-agent.c (struct default_inq_parm_s): New. Change all - similar structs to reference this one. Change all users and inquire - callback to use this struct, instead of NULL or some undefined but not - used structs. This change will help to eventually get rid of global - variables. - -2013-02-06 Werner Koch - - agent: Move a typedef to common and provide parse_pinentry_mode. - * common/agent-opt.c: New. - * common/shareddefs.h: New. - * common/Makefile.am: Add new files. - * agent/agent.h: Include shareddefs.h. - (pinentry_mode_t): Factor out to shareddefs.h. - * agent/command.c (option_handler): Use parse_pinentry_mode. - - agent: Return a better error code if no passphrase was given. - * agent/protect.c (hash_passphrase): Handle an empty passphrase. - 2013-02-05 NIIBE Yutaka scd: Fix check_keypad_request. * scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad. + scd: Clean up. + * apdu.h (apdu_send_simple_kp): Remove. + * apdu.c (apdu_send_simple_kp): Remove. + SCD: Add vendor specific initalization. * scd/ccid-driver.c (ccid_vendor_specific_init): New. (ccid_open_reader): Call ccid_vendor_specific_init. @@ -5019,72 +1404,6 @@ (ccid_transceive_secure): Add enable_varlen handling. Enable GEMPC_PINPAD. -2013-01-30 Werner Koch - - Remove unused status codes. - * common/status.h (STATUS_BEGIN_STREAM, STATUS_END_STREAM) - (STATUS_SIEXPIRED): Remove unused codes. - - gpg: Add status line PINENTRY_LAUNCHED. - * common/status.h (STATUS_PINENTRY_LAUNCHED): New. - * g10/server.c (server_local_s): Add field allow_pinentry_notify. - (option_handler): Add option "allow-pinentry-notify". - (gpg_proxy_pinentry_notify): New. - * g10/call-agent.c (default_inq_cb): Factor code out to the new - function. - -2013-01-25 NIIBE Yutaka - - agent: Fix a bug of handling return code from npth_join. - * agent/call-pinentry.c (agent_popup_message_stop): Fix npth_join - return code. - -2013-01-11 Christian Aistleitner - - gpg: Fix honoring --cert-digest-algo when recreating a cert. - * g10/sign.c (update_keysig_packet): Override original signature's - digest algo in hashed data and for hash computation. - -2013-01-11 Werner Koch - - Fix spurious cruft from configure summary output. - * configure.ac (build_scdaemon_extra): Remove $tmp cruft. - -2013-01-11 NIIBE Yutaka - - SCD: Hold lock for pinpad input. - * scd/apdu.c (apdu_check_keypad, apdu_keypad_verify) - (apdu_keypad_modify): Hold lock to serialize communication. - -2013-01-08 Werner Koch - - kbx: Switch from MD5 to SHA-1 for the checksum. - * kbx/keybox-blob.c (put_membuf): Use a NULL buf to store zero bytes. - (create_blob_finish): Write just the needed space. - (create_blob_finish): Switch to SHA-1. - * kbx/keybox-dump.c (print_checksum): New. - (_keybox_dump_blob): Print the checksum and the verification status. - - gpg: Cache keybox searches. - * common/iobuf.c (iobuf_seek): Fix for temp streams. - * g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls. - * g10/keydb.c (dump_search_desc): New. - (enum_keyblock_states, struct keyblock_cache): New. - (keyblock_cache_clear): New. - (keydb_get_keyblock, keydb_search): Implement a keyblock cache. - (keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock) - (keydb_rebuild_caches, keydb_search_reset): Clear the cache. - - Make log_clock easier to read. - * common/logging.c (log_clock): Print in microseconds. - - gpg: Remove a function wrapper. - * g10/keydb.h (keydb_search): Remove macro. - * g10/keydb.c (keydb_search2): Rename to keydb_search. Change all - callers. - -2013-01-08 NIIBE Yutaka - SCD: Support not-so-smart card readers. * scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage, auto_param, and auto_pps. @@ -5099,34 +1418,22 @@ When bNadValue in the return values of SetParameters == 0, clear handle->nonnull_nad flag. -2013-01-07 Werner Koch +2013-02-04 NIIBE Yutaka + + SCD: Hold lock for pinpad input. + * scd/apdu.c (apdu_check_keypad, apdu_keypad_verify) + (apdu_keypad_modify): Hold lock to serialize communication. + + agent: kill pinentry by SIGINT, fixing a bug to be killed by SIGINT. + * agent/call-pinentry.c (atfork_cb): Reset signal mask and signal + handler for child process. + (agent_popup_message_stop): Send SIGINT (was: SIGKILL). - gpg: Set the node flags while retrieving a keyblock. - * g10/keydb.c (parse_keyblock_image): Add args PK_NO and UID_NO and - set the note flags accordingly. - (keydb_get_keyblock): Transfer PK_NO and UID_NO to parse_keyblock_image. - * kbx/keybox-search.c (blob_cmp_fpr, blob_cmp_fpr_part) - (blob_cmp_name, blob_cmp_mail): Return the key/user number. - (keybox_search): Set the key and user number into the found struct. - (keybox_get_keyblock): Add args R_PK_NO and R_UID_NO and set them from - the found struct. - - New function log_clock. - * common/logging.c (log_clock): New. - * g10/gpg.c (set_debug): Print clock debug flag. - * g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New. - - gpg: Allow searching for user ids in a keybox. - * kbx/keybox-search.c (blob_cmp_name): Add arg X509 and adjust for PGP - use. Change callers. - (blob_cmp_mail): Add arg X509 and find the mailbox offset for PGP. - Chnage callers. - (has_subject_or_alt): Rename to has_username. - (has_username): Allow blobtype PGP. - (has_mail): Ditto. +2013-01-11 Christian Aistleitner - gpg: Allow generation of more than 4096 keys in one run. - * g10/getkey.c (cache_public_key): Make room in the cache if needed. + gpg: Fix honoring --cert-digest-algo when recreating a cert. + * g10/sign.c (update_keysig_packet): Override original signature's + digest algo in hashed data and for hash computation. 2013-01-07 NIIBE Yutaka @@ -5134,96 +1441,46 @@ * po/ja.po: Fix wrong translations for designated revocation. Reported by Hideki Saito. - Conflicts: - po/ja.po +2013-01-03 Werner Koch + + gpg: Detect Keybox files and print a diagnostic. + * g10/keydb.c (KEYDB_RESOURCE_TYPE_KEYBOX): New. + (keydb_add_resource): Handle scheme "gnupg-kbx:". Detect Keybox + magic. Print wanrning note for Keybox. + (keydb_new, keydb_release, keydb_get_resource_name) + (lock_all, unlock_all, keydb_get_keyblock) + (keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock) + (keydb_locate_writable, keydb_rebuild_caches, keydb_search_reset) + (keydb_search2): Ignore Keybox type in switches. + * g10/gpg.h (G10ERR_UNSUPPORTED): Map to correct gpg-error value. + +2012-12-29 NIIBE Yutaka -2013-01-05 NIIBE Yutaka + Update Japanese Translation. + * po/ja.po: Fix terms and expressions. Update Japanese Translation. - * po/ja.po: Fix fuzzy translations. + * po/ja.po: Translate all untranslated messages. + +2012-12-27 NIIBE Yutaka -2013-01-03 NIIBE Yutaka + Update Japanese Translation. + * po/ja.po: Fix all fuzzy translations. Fill some of unstanslated + messages. Update Japanese Translation. - * po/ja.po: Update with POT. + * po/ja.po: Remove old entries. Update Japanese Translation. - * po/ja.po: Start from the new one of 2.0. + * po/ja.po: Fix headers. Update by msgmerge -U ja.po gnupg2.pot. + + Update Japanese tranlation. + * po/ja.po: Change the encoding to UTF-8 (was: EUC-JP). -2012-12-28 Werner Koch +2012-12-21 David Shaw - gpg: Add signature cache support to the keybox. - * g10/keydb.c (parse_keyblock_image): Add arg SIGSTATUS. - (keydb_get_keyblock): Handle it. - (build_keyblock_image): Add arg SIGSTATUS. - (keydb_insert_keyblock): Handle it. - * kbx/keybox-blob.c (pgp_create_sig_part): Add arg SIGSTATUS. - (_keybox_create_openpgp_blob): Ditto. - * kbx/kbxutil.c (import_openpgp): Adjust for above change. - * kbx/keybox.h (KEYBOX_FLAG_SIG_INFO): New. - * kbx/keybox-search.c (_keybox_get_flag_location): Handle new flag. - (keybox_get_keyblock): Add arg R_SIGSTATUS. - * kbx/keybox-update.c (keybox_insert_keyblock): Add arg SIGSTATUS. - - kbxutil: Improve format of the Sig-Expire lines. - * kbx/keybox-dump.c (_keybox_dump_blob): Print the expirate timestamp. - - gpg: First working support for keyboxes. - * g10/getkey.c (get_pubkey_fast): Improve the assertion. - * kbx/keybox.h: Include iobuf.h. - * kbx/keybox-blob.c (keyboxblob_uid): Add field OFF. - (KEYBOX_WITH_OPENPGP): Remove use of this macro. - (pgp_create_key_part_single): New. - (pgp_temp_store_kid): Change to use the keybox-openpgp parser. - (pgp_create_key_part): Ditto. - (pgp_create_uid_part): Ditto. - (pgp_create_sig_part): Ditto. - (pgp_create_blob_keyblock): Ditto. - (_keybox_create_openpgp_blob): Ditto. - * kbx/keybox-search.c (keybox_get_keyblock): New. - * kbx/keybox-update.c (keybox_insert_keyblock): New. - * g10/keydb.c (parse_keyblock_image): - (keydb_get_keyblock): Support keybox. - (build_keyblock_image): New. - (keydb_insert_keyblock): Support keybox. - - * kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print - a kbx file to stdout. - - * kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6 - bytes. - - kbxutil: Print algo number and fold similar lines. - * kbx/keybox-defs.h (_keybox_openpgp_key_info): Add field ALGO. - * kbx/keybox-openpgp.c (parse_key): Store algo. - * kbx/kbxutil.c (dump_openpgp_key): Print algo number. - * kbx/keybox-dump.c (_keybox_dump_blob): Print identical Sig-Expire - value lines with a range of indices. - -2012-12-27 Werner Koch - - gpg: First patches to support a keybox storage backend. - * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to .. - * kbx/keybox.h: here. - * kbx/keybox-init.c (keybox_lock): Add dummy function - * g10/keydb.c: Include keybox.h. - (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX. - (struct resource_item): Add field kb. - (maybe_create_keyring_or_box): Add error descriptions to diagnostics. - Add arg IS_BOX. Write a header for a new keybox file. - (keydb_add_resource): No more need for the force flag. Rename the - local variable "force" to "create". Add URL scheme "gnupg-kbx". Add - magic test to detect a keybox file. Add basic support for keybox. - (keydb_new, keydb_get_resource_name, keydb_delete_keyblock) - (keydb_locate_writable, keydb_search_reset, keydb_search2): Add - support for keybox. - (lock_all, unlock_all): Ditto. - * g10/Makefile.am (needed_libs): Add libkeybox.a. - (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround. - - * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY) - KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New. - * g10/gpg.c, g10/gpgv.c (main): Use new constants. + Make sure srvcount is initialized. + * keyserver/gpgkeys_hkp.c (srv_replace): Initialize srvcount. 2012-12-20 Werner Koch @@ -5233,120 +1490,84 @@ 2012-12-19 Werner Koch - gpg: Make commit 2b3cb2ee actually work. + gpg: Make commit 258192d4 actually work. * g10/sign.c (update_keysig_packet): Use digest_algo. - (cherry-picked from commit d23ec86095714d388acac14b515445fe69f019e9) - gpg: Suppress "public key already present" in quiet mode. - * g10/pkclist.c (find_and_check_key, build_pk_list): Print a - diagnostic only in non-quiet mode. + * g10/pkclist.c (build_pk_list): Print two diagnostics only in + non-quiet mode. 2012-12-18 Werner Koch - common: Add meta option ignore-invalid-option. - * common/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New. + jnlib: Add meta option ignore-invalid-option. + * jnlib/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New. (initialize): Init field IIO_LIST. (ignore_invalid_option_p): New. (ignore_invalid_option_add): New. (ignore_invalid_option_clear): New. (optfile_parse): Implement meta option. -2012-12-13 Werner Koch - Hans of Guardian - - utf8conv.c: Add hacks for Android. - * common/utf8conv.c [HAVE_ANDROID_SYSTEM]: Do not include iconv.h. - (iconv_open, iconv_close, load_libiconv) [HAVE_ANDROID_SYSTEM]: New - dummy functions. - (set_native_charset) [HAVE_ANDROID_SYSTEM]: Force use of "utf-8". - (jnlib_iconv_open) [HAVE_ANDROID_SYSTEM]: Act the same as under W32. - (jnlib_iconv) [HAVE_ANDROID_SYSTEM]: Ditto. - (jnlib_iconv_close) [HAVE_ANDROID_SYSTEM]: Ditto. - -2012-12-13 NIIBE Yutaka - - SCD: Fix the process of writing key or generating key. - * scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME. - -2012-12-12 Werner Koch - - ssh: Support ECDSA keys. - * agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New. - (struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO. - (ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}. - (ssh_signature_encoder_t): Add arg spec and adjust all callers. - (ssh_signature_encoder_ecdsa): New. - (sexp_key_construct, sexp_key_extract, ssh_receive_key) - (ssh_convert_key_to_blob): Support ecdsa. - (ssh_identifier_from_curve_name): New. - (ssh_send_key_public): Retrieve and pass the curve_name. - (key_secret_to_public): Ditto. - (data_sign): Add arg SPEC and change callers to pass it. - (ssh_handler_sign_request): Get the hash algo from SPEC. - * common/ssh-utils.c (get_fingerprint): Support ecdsa. - - * agent/protect.c (protect_info): Add flag ECC_HACK. - (agent_protect): Allow the use of the "curve" parameter. - * agent/t-protect.c (test_agent_protect): Add a test case for ecdsa. +2012-12-18 David Shaw - * agent/command-ssh.c (ssh_key_grip): Print a better error code. + No point in defaulting try-dns-srv to on if we don't have SRV support. + * keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we + have SRV support in the first place. -2012-12-11 Werner Koch + Issue 1447: Pass proper Host header and SNI when SRV is used with curl. + * configure.ac: Check for inet_ntop. - ssh: Rewrite a function for better maintainability. - * agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite. + * m4/libcurl.m4: Provide a #define for the version of the curl + library. -2012-12-10 Werner Koch + * keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on + each target. Once we find one that resolves to an address (whether + IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the + SRV name as the "host". Force the HTTP Host header to be the same. + +2012-12-15 David Shaw + + Part of issue 1447: Pass proper Host header when SRV is used. + * common/http.c (send_request, connect_server): Set proper Host header + (no :port, host is that of the SRV) when SRV is used in the + curl-shim. + + Fix issue 1446: honor ports given in SRV responses. + * common/http.c (send_request, connect_server, http_open): Use a + struct srv instead of a single srvtag so we can pass the chosen host + and port back to the caller. + (connect_server): Use the proper port in the HAVE_GETADDRINFO case. - ssh: Improve key lookup for many keys. - * agent/command-ssh.c: Remove dirent.h. - (control_file_s): Add struct item. - (rewind_control_file): New. - (search_control_file): Factor code out to ... - (read_control_file_item): New. - (ssh_handler_request_identities): Change to iterate over entries in - sshcontrol. + * keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log + chosen host and port. - ssh: Cleanup sshcontrol file access code. - * agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace - the direct use of the string. - (struct control_file_s, control_file_t): New. - (open_control_file, close_control_file): New. Use them instead of - using fopen/fclose directly. + * keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV. - agent: Add envvar "gnupg_SSH_AUTH_SOCK_by" - * agent/gpg-agent.c (main): Pass new envar gnupg_SSH_AUTH_SOCK_by to - an invoked process. +2012-12-13 NIIBE Yutaka - config: Update npth.m4. - * m4/npth.m4: Take from current npth master. + SCD: Fix the process of writing key or generating key. + * scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME. -2012-12-04 NIIBE Yutaka +2012-12-07 NIIBE Yutaka - Revert SCD changes of 2010-05-03. + Revert SCD changes of 2010-05-03 (scd/ChangeLog 2010-03-17). * scd/apdu.c (pcsc_no_service): Remove. (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove pcsc_no_service support. (apdu_open_reader): Remove R_NO_SERVICE. * scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE. * scd/command.c (reader_disabled): Remove. - (get_current_reader): Follow the change of R_NO_SERVICE. + (get_reader_slot): Follow the change of R_NO_SERVICE. (open_card, cmd_serialno, scd_command_handler): Remove reader_disabled support. * scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE. Don't keep opening unavailable card reader. * scd/command.c (update_reader_status_file): Don't call - get_current_reader. + get_reader_slot. 2012-11-30 David Shaw - Refresh sample keys. - - Adjust awk to not add trailing whitespace. - * mksamplekeys: Tweak awk script to not add trailing whitespace to - blank lines (makes git pre-commit hook unhappy) + Update sample keys. 2012-11-29 David Shaw @@ -5358,48 +1579,15 @@ 2012-11-27 Werner Koch Fix printing of ECC algo names in hkp keyserver listings. + * g10/misc.c (map_pk_openpgp_to_gcry): New. * g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids. -2012-11-26 Ben Kibbey - - Check for inet_addr() in -lnsl. - * configure.ac: Check for inet_addr() in libnsl. - -2012-11-20 Werner Koch - - Do not use a broken ttyname. - * configure.ac (HAVE_BROKEN_TTYNAME): New ac_define set for Android - systems. - * common/util.h (gnupg_ttyname): New macro. Change all callers of - ttyname to use this macro instead. - (ttyname) [W32]: Rename to _gnupg_ttyname and use also if - HAVE_BROKEN_TTYNAME is defined. - * common/simple-pwquery.c (agent_send_all_options): Keep on using - ttyname unless HAVE_BROKEN_TTYNAME is set. This is because this file - may be used standalone. - -2012-11-16 Werner Koch - - Fix non-portable use of chmod in autogen.sh. - * autogen.sh: Remove option -c from chmod. - - Improve parsing of the GIT revision number. - * configure.ac (mmm4_revision): Use git rev-parse. - - Add an OpenPGP card vendor. - * g10/card-util.c (get_manufacturer): Add Yubico. - 2012-11-06 Werner Koch - agent: Use wipememory instead of memset in one place. - * agent/command.c (clear_outbuf): Use wipememory. Suggested by Ben - Kibbey. - - Allow decryption with card keys > 3072 bits. + Allow decryption with card keys > 3072 bit. * scd/command.c (MAXLEN_SETDATA): New. (cmd_setdata): Add option --append. - * agent/call-scd.c (agent_card_pkdecrypt): Use new option for long - data. + * g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data * scd/app-openpgp.c (struct app_local_s): Add field manufacturer. (app_select_openpgp): Store manufacturer. @@ -5420,304 +1608,244 @@ 2012-08-24 Werner Koch - Update and enable French translation. + Update French translation. * po/fr.po: Update. - * po/LINGUAS: Enable fr. 2012-08-24 David Prévot Fix typos spotted during translations. - * agent/genkey.c: s/to to/to/ - * sm/*.c: s/failed to allocated/failed to allocate/ - * sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/ - * g10/seskey.c: missing closing parenthesis - * dirmngr/crlcache.c: s/may has/may have/ + agent/genkey.c: s/to to/to/ + sm/*.c: s/failed to allocated/failed to allocate/ + sm/certlist.c: s/should have not/should not have/ Consistency fix: * g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax - * dirmngr/dirmngr_ldap: no period in Syntax - * dirmngr/dirmngr-client.c: infinitive for option description: - s/certificates are expected/expect certificates/ + + Actually show translators comments in PO files. Keep previous msgids of translated messages. * po/Makefile.in.in: Use --previous with msgmerge. -2012-08-24 Hans-Christoph Steiner +2012-07-20 NIIBE Yutaka - Fix build system for Android by disabling tests since its x-compiled. - * configure.ac (HAVE_ANDROID_SYSTEM, RUN_TESTS): New. - (AH_BOTTOM) [__ANDROID__]: Do not re-define ttyname. - * Makefile.am: Depend tests on new RUN_TESTS conditional. + scd: Add forgotten VENDOR_FSIJ to ccid-driver. + * scd/ccid-driver.c (ccid_transceive_secure): Handle VENDOR_FSIJ. -2012-08-24 Werner Koch +2012-06-25 NIIBE Yutaka + + scd: handle reader/token removal. * scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means SW_HOST_NO_READER. + + scd: Fix updating slot status. * scd/comman.c (do_reset): Let clear card_removed flag. + + scd: acquire lock in new_reader_slot. + * scd/apdu.c (new_reader_slot): Acquire lock. + (open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped) + (open_ccid_reader, open_rapdu_reader): Release lock. - Fix left over use of jnlib on some platforms. - * tools/watchgnupg.c: Take mischelp.h from common/ and not jnlib/. + scd: move lock_slot, trylock_slot, unlock_slot functions. + * scd/apdu.c (lock_slot, trylock_slot, unlock_slot): Move. + + scd: Fix merge mistake. * scd/iso7816.c (iso7816_reset_retry_counter): Implement. + +2012-06-25 Werner Koch + + scd: Prefer application Geldkarte over DINSIG. + * scd/app.c (select_application): Reorder application tests. + +2012-06-25 Werner Koch + Ben Kibbey + + scd: Fix for card change returning GPG_ERR_CARD_RESET. + * scd/apdu.c (apdu_connect): Do not test for zero atrlen. 2012-06-25 NIIBE Yutaka - scd: handle reader/token removal. - * scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means - SW_HOST_NO_READER. + Merge ccid_driver_improvement branch. (backport) + * scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify. + (open_ccid_reader): Use ccid_keypad_operation for verify and modify. -2012-06-05 Werner Koch + * scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New. + (ccid_transceive_apdu_level): Permit sending packet where + apdulen <= 289. Support receiving packets in a chain. + (ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920. + Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24. - Change all quotes in strings and comments to the new GNU standard. - The asymmetric quotes used by GNU in the past (`...') don't render - nicely on modern systems. We now use two \x27 characters ('...'). + Add error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify. + * scd/apdu.c (pcsc_keypad_verify): Add debug log and error log. + (pcsc_keypad_modify): Likewise. - The proper solution would be to use the correct Unicode symmetric - quotes here. However this has the disadvantage that the system - requires Unicode support. We don't want that today. If Unicode is - available a generated po file can be used to output proper quotes. A - simple sed script like the one used for en@quote is sufficient to - change them. + Fix pinpad input support for passphrase modification. (backport) + * apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0. + (pcsc_keypad_modify): Likewise. + (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA. + bConfirmPIN value is determined by the parameter p0. - The changes have been done by applying + * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when + reset_mode is on, or resetcode is on. use_keypad only makes sense for + iso7816_change_reference_data_kp. - sed -i "s/\`\([^'\`]*\)'/'\1'/g" + * iso7816.h (iso7816_put_data_kp): Remove. + (iso7816_reset_retry_counter_kp): Remove. + (iso7816_reset_retry_counter_with_rc_kp): Remove. + (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. - to most files and fixing obvious problems by hand. The msgid strings in - the po files were fixed with a similar command. + * iso7816.c (iso7816_put_data_kp): Remove. + (iso7816_reset_retry_counter_kp): Remove. + (iso7816_reset_retry_counter_with_rc_kp): Remove. + (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. -2012-05-24 Werner Koch + scd: Fix pinpad input support (backport from master) + * app-openpgp.c (do_change_pin): Fix pincb messages when + use_keypad == 1. + + scd: PC/SC pinpad support (pinpad input for modify pass phrase). (backport) + * iso7816.h (iso7816_change_reference_data_kp): Remove arguments + of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN. + + * iso7816.c (iso7816_change_reference_data_kp): Call + apdu_keypad_modify. + (iso7816_change_reference_data): Don't call + iso7816_change_reference_data_kp. - Print the hash algorithm in colon mode key listing. - * g10/keylist.c (list_keyblock_colon): Print digest_algo. + * apdu.h (apdu_keypad_modify): New. - Fix type conflict warning. - * g10/keylist.c: Change min_cert_level to a byte. + * apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New. + (struct reader_table_s): New memeber function keypad_modify. + (new_reader_slot, open_ct_reader, open_ccid_reader) + (open_rapdu_reader): Initialize keypad_modify. -2012-05-11 Werner Koch + * app-openpgp.c (do_change_pin): Handle keypad and call + iso7816_change_reference_data_kp if it is the case. - Switch to the new automagic beta numbering scheme. - * configure.ac: Add all the require m4 magic. + scd: PC/SC pinpad support. (Backported from master.) + * iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN. -2012-05-08 Werner Koch + * iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only + handle thecase with PININFO. + (iso7816_verify): Call apdu_send_simple. - Add tweaks for the not anymore patented IDEA algorithm. - * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 - compatibility mode. - * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. - * common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this - status anymore. + * app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of + iso7816_verify_kp. - po: Update de.po. - * po/de.po: Update. + * app-nks.c (verify_pin): Likewise. - common: Remove generated files only during maintainer-clean. - * common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES. + * app-dinsig.c (verify_pin): Likewise. -2012-04-30 Werner Koch + * apdu.c: Include "iso7816.h". + (struct reader_table_s): New memeber function keypad_verify. + Add fields verify_ioctl and modify_ioctl in pcsc. + (CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT) + (FEATURE_MODIFY_PIN_DIRECT): New. + (pcsc_control): New. + (control_pcsc_direct, control_pcsc_wrapped, control_pcsc) + (check_pcsc_keypad, pcsc_keypad_verify): New. + (ccid_keypad_verify, apdu_keypad_verify): New. + (new_reader_slot): Initialize with check_pcsc_keypad, + pcsc_keypad_verify, verify_ioctl and modify_ioctl. + (open_ct_reader): Initialize keypad_verify with NULL. + (open_ccid_reader): Initialize keypad_verify. + (open_rapdu_reader): Initialize keypad_verify with NULL. + (apdu_open_reader): Initialize pcsc_control. - agent: Fix deadlock in trustlist due to the switch to npth. - * agent/trustlist.c (clear_trusttable): New. - (agent_reload_trustlist): Use new function. - (read_trustfiles): Require to be called with lock held. - (agent_istrusted): Factor all code out to ... - (istrusted_internal): new. Add ALREADY_LOCKED arg. Make sure the - table islocked. Do not print TRUSTLISTFLAG stati if called internally. - (agent_marktrusted): Replace calls to agent_reload_trustlist by - explicit code. - -2012-04-26 NIIBE Yutaka - - make DNS and URI fields work in gpgsm --gen-key. - * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Actually set mb_uri and - mb_dns.avoid buffer strncpy-induced buffer overrun - -2012-04-26 Jim Meyering - - avoid buffer strncpy-induced buffer overrun. - * dirmngr/crlcache.c (open_dir): Ensure that both this_update - and next_update member strings are NUL-terminated. - - remove doubled words in a comment. - -2012-04-20 Werner Koch - - Change license for some files in common to LGPLv3+/GPLv2+. - Having the LGPL on the common GnuPG code helps to share code - between GnuPG and related projects (like GPGME and Libassuan). This - is good for interoperability and to reduces bugs. - - * common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c - * common/b64enc.c, common/convert.c, common/dns-cert.c - * common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c - * common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c - * common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c - * common/helpfile.c, common/homedir.c, common/http.c, common/http.h - * common/i18n.c, common/init.c, common/init.h, common/iobuf.c - * common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h - * common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h - * common/percent.c, common/pka.c, common/pka.h, common/session-env.c - * common/session-env.h, common/sexp-parse.h, common/sexputil.c - * common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c - * common/ssh-utils.h, common/sysutils.c, common/sysutils.h - * common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h - * common/userids.c, common/userids.h, common/xasprintf.c: Change - license to LGPLv3+/GPLv2+/ - -2012-04-10 Ben Kibbey - - Fix killing PID -1. - When the KILLSCD command had been sent a race condition would occur - causing PID -1 getting killed, which on Linux seems to terminate all - applications for the current user. + * pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control. + (handle_control): New. + (main): Handle the case 6 of handle_control. -2012-04-05 Werner Koch + scd fixes on error. + * scd/apdu.c (open_pcsc_reader_wrapped): Show error number. - Do not mix test result with progress lines. - This makes parsing of the results easier. Fixes bug#1400. + * scd/command.c (get_reader_slot): Return -1 on error. - * tests/openpgp/defs.inc (progress_cancel, progress_end) - (progress_new): New. - * tests/openpgp/conventional-mdc.test: Use progress functions - * tests/openpgp/conventional.test: Ditto. - * tests/openpgp/encrypt-dsa.test: Ditto. - * tests/openpgp/encrypt.test: Ditto. - * tests/openpgp/sigs.test: Ditto. + scd: Fix the changes of scd/command.c. + * scd/command.c (do_reset): Assign slot after setting slot_table. + +2012-06-25 Werner Koch + + scd: Fix resetting and closing of the reader. (Backported by gniibe) + * scd/command.c (update_card_removed): Do no act on an invalid VRDR. + (do_reset): Ignore apdu_reset error codes for no and inactive card. + Close the reader before setting the slot to -1. + (update_reader_status_file): Notify the application before closing the + reader. -2012-04-04 Ben Kibbey + scd: Retry command SERIALNO for an inactive card. + * scd/command.c (cmd_serialno): Retry once for an inactive card. - Mention status messages in the documentation. - Note INQUIRE_MAXLEN. + Fix detection of card removal and insertion. + * scd/apdu.c (apdu_connect): Return status codes for no card available + and inactive card. + * scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET. + (open_card): Map apdu_connect status to GPG_ERR_CARD_RESET. - Document PASSWD --preset. + Support the Cherry ST-2000 card reader. + * scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335) + (SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants. + (parse_ccid_descriptor): Use them. + (scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry + ST-2000. Suggested by Matthias-Christian Ott. - Document GENKEY options. +2012-06-25 NIIBE Yutaka - Document PRESET_PASSPHRASE. + fix wLangId in ccid-driver.c. - Document CLEAR_PASSPHRASE. - And describe the --mode=normal option. +2012-05-24 Werner Koch -2012-03-27 Werner Koch + Add provisions to build with Libgcrypt 1.6. + Replace gcry_md_start_debug by gcry_md_debug in all files. - Fix timegm regression test. - * common/t-timestuff.c (test_timegm): Change test to use January and - not February or December+1. Bug spotted by Daniel Kahn Gillmor. - - Print warning for arguments not considered an option. - GnuPG requires that options are given before other arguments. This - can sometimes be confusing. We now print a warning if we found an - argument looking alike a long option without being preceded by the - stop option. This is bug#1343. - - * common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New. - * common/argparse.c (arg_parse): Set new flag. - * g10/gpg.c (main): Print the warning. - * agent/gpg-agent.c (main): Ditto. - * dirmngr/dirmngr.c (main): Ditto. - * g13/g13.c (main): Ditto. - * scd/scdaemon.c (main): Ditto. - * sm/gpgsm.c (main): Ditto. - * tools/gpg-connect-agent.c (main): Ditto. - * tools/gpgconf.c (main): Ditto. + * agent/gpg-agent.c (fixed_gcry_pth_init): Use only if + GCRY_THREAD_OPTION_VERSION is 0 + * scd/scdaemon.c (fixed_gcry_pth_init): Ditto. -2012-03-26 Werner Koch + Print the hash algorithm in colon mode key listing. + * g10/keylist.c (list_keyblock_colon): Print digest_algo. - Allow compress algorithm 0. - * g10/mainproc.c (proc_compressed): Remove superfluous check for - compress algorithm 0. Reported by pfandrade. This is bug#1326. +2012-05-08 Werner Koch + + common: Remove generated files only during maintainer-clean. + * common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES. - Add mksamplekeys script. - * doc/mksamplekeys: New. + Fix copyright years. + * scripts/git-log-footer: Add more years; we actually published the + first code in 1997. + +2012-03-30 Werner Koch + + Cast second value of a ?: to void in estream.c. + * common/estream.c (ESTREAM_MUTEX_LOCK): Cast pth_mutex_acquire result + to void. Some compilers choke on mixing void and int in an + conditional operator. Reported by Nelson H. F. Beebe. -2012-02-28 Marcus Brinkmann +2012-03-27 Werner Koch - Replace npth_yield in busy wait by npth_usleep. - * dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): Call - npth_usleep instead of npth_yield. + Release 2.0.19. -2012-02-16 Marcus Brinkmann + Update zh_TW translation. - Check for lber and link dirmngr_ldap to it. - * configure.ac (LBER_LIBS, HAVE_LBER): New variables, check for lber. - * dirmngr/Makefile.am (dirmngr_lda_LDADD): Add $(LBER_LIBS). + Update config.{sub,guess} to version 2012-02-10. + * scripts/config.guess, scripts/config.sub: Update. -2012-02-07 Werner Koch + Update texinfo source from master. + * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi + * doc/scdaemon.texi, doc/tools.texi: Update. + * doc/yat2m.c: Update. - agent: Add pin length field to the shadowed private key format. - This is not yet fully implemented. It will eventually allow to - support pinpad equipped readers which do not support variable length - pin lengths. - * agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and - parse pinlen info. Change all callers to pass NULL for it. + Add target to update the texinfo files from master. + * doc/Makefile.am (update-source): New. - Use new status printing functions. - * agent/command.c (cmd_geteventcounter): Get rid of static buffers. - * scd/command.c (cmd_serialno, cmd_learn): Simplify by using - print_assuan_status. +2012-03-26 Werner Koch - agent: New function agent_print_status. - * common/asshelp2.c (vprint_assuan_status): New. - (print_assuan_status): Re-implement using above func. - * agent/command.c (agent_print_status): New. + Fix make rules for audit-events.h et al. + * common/Makefile.am (audit-events.h, status-codes.h): Fix target file + name. - po: Add Ukrainian translation. - * po/uk.po: New. + Update samplekeys and NEWS. + * doc/samplekeys.asc: Update. - common: Replace macro based function calls by using DEFAULT_ERRSOURCE. - * common/dns-cert.h (get_dns_cert): Remove macro. - * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace - arg ERRSOURCE by global DEFAULT_ERRSOURCE. - * common/http.h (http_parse_uri, http_raw_connect, http_open) - (http_open_document, http_wait_response): Remove macros. - * common/http.c (_http_parse_uri, _http_raw_connect, _http_open) - (_http_open_document, _http_wait_response): Remove underscore from - symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. - * common/ssh-utils.h (ssh_get_fingerprint) - (ssh_get_fingerprint_string): Remove macros. - * common/ssh-utils.h (_ssh_get_fingerprint) - (_ssh_get_fingerprint_string): Remove underscore from symbols. - Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. - * common/tlv.h (parse_ber_header, parse_sexp): Remove macros. - * common/tlv.c: Include util.h. - (_parse_ber_header, _parse_sexp): Remove underscore from symbols. - Replace args ERRSOURCE by global DEFAULT_ERRSOURCE. - -2012-02-06 Werner Koch - - Add replacement hack for Android's broken ttyname. - * configure.ac (HAVE_TTYNAME) [__ANDROID__]: Add hack. - - agent: Simplify printing of INQUIRE_MAXLEN. - * agent/command.c: Include asshelp.h. - (cmd_pkdecrypt, cmd_genkey, cmd_preset_passphrase) - (pinentry_loopback): Use print_assuan_status for INQUIRE_MAXLEN. - - common: Add function print_assuan_status. - * common/asshelp2.c: New. - (print_assuan_status): New function. - * common/Makefile.am (common_sources): Add asshelp2.c. - - common: Add a global variable to for the default error source. - For the shared code parts it is cumbersome to pass an error sourse - variable to each function. Its value is always a constant for a given - binary and thus a global variable makes things a lot easier than the - former macro stuff. - * common/init.c (default_errsource): New global var. - (init_common_subsystems): Rename to _init_common_subsystems. Set - DEFAULT_ERRSOURCE. - * common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT. - (init_common_subsystems): New macro. - * common/util.h (default_errsource): Add declaration. - * kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery. - -2012-02-03 Ben Kibbey - - Also let GENKEY and PKDECRYPT send the INQUIRE_MAXLEN status message. - * agent/command.c (cmd_pkdecrypt): Send the INQUIRE_MAXLEN status - message before doing the inquire. - (cmd_genkey): Ditto. - -2012-02-02 Ben Kibbey - - Inform the client of the preset passphrase length. - * agent/command.c (cmd_preset_passphrase): Send the INQUIRE_MAXLEN - status message before inquiring the passphrase. + Allow compressed data with algorithm 0. + * g10/mainproc.c (proc_compressed): Remove superfluous check for + an algorithm number of 0. This is bug#1326. 2012-02-01 David Shaw @@ -5728,91 +1856,34 @@ This is used by various things in --edit-key like setpref, primary, etc. Suggested by Christian Aistleitner. -2012-01-27 Werner Koch - - gl: Add support for Android to stdint.h replacement. - * gl/stdint_.h: When included from Bionic , just include - the system's . - - gpg-connect-tool: Take the string "true" as a true condition. - * tools/gpg-connect-agent.c (main): Handle strings "true" and "yes" in - conditions as expected. - -2012-01-26 Ben Kibbey - - Return GPG_ERR_CARD_NOT_PRESENT when pinentry-mode=loopback. - Since there isn't a way to prompt the user to insert the smartcard when - pinentry-mode=loopback, return GPG_ERR_CARD_NOT_PRESENT instead of - GPG_ERR_NO_PIN_ENTRY. - - * agent/divert-scd.c (ask_for_card): Return GPG_ERR_CARD_NOT_PRESENT - when pinentry-mode=loopback. - - Also check for GPG_ERR_ASS_CANCELED during an inquire. - Fix pinentry-mode=loopback when cancelling an inquire from scdaemon. - This is similar to commit 4f21f8d but for both protocol command - cancellation and pinentry cancellation. - - * agent/call-scd.c (agent_card_pkdecrypt): Check for - GPG_ERR_ASS_CANCELED. - (agent_card_pksign): Ditto. - -2012-01-25 Werner Koch - - nPth is now a hard requirement for GnuPG. - * configure.ac: Remove cruft to allow building without npth. - - Require libassuan 2.1.0. - * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.1.0. This is due to - the npth changes. - - Fix strerror vs. gpg_strerror usage. - This bug was introduced by the migration to npth. - * agent/gpg-agent.c (handle_connections): Use strerror. - - Add missing variable. - * agent/gpg-agent.c (handle_connections) [!W32]: Add missing variable. - -2012-01-25 Marcus Brinkmann - - Port LDAP wrapper to NPTH. - * agent/gpg-agent.c (handle_connections): Handle error. - * dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c: Port to NPTH. - - Port Windows code to NPTH. - * agent/gpg-agent.c (get_agent_ssh_socket_name): Use - INVALID_HANDLE_VALUE instead of 0. - (handle_signal) [!HAVE_W32_SYSTEM]: Don't define. - (handle_connections): Port Windows code to NPTH. - * dirmngr/dirmngr.c (handle_connections): Port Windows code to NPTH. - * g13/g13.c (handle_connections): Port Windows code to NPTH. - * scd/scdaemon.c (handle_connections): Port Windows code to NPTH. - - Port to npth. - * configure.ac: Don't check for PTH but for NPTH. - (AH_BOTTOM): Remove PTH_SYSCALL_SOFT. - (have_pth): Rename to ... - (have_npth): ... this. - (USE_GNU_NPTH): Rename to ... - (USE_GNU_PTH): ... this. - * m4/npth.m4: New file. - * agent/Makefile.am, agent/cache.c, agent/call-pinentry.c, - agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c, - agent/trustlist.c, common/Makefile.am, common/estream.c, - common/exechelp-posix.c, common/exechelp-w32.c, - common/exechelp-w32ce.c, common/http.c, common/init.c, - common/sysutils.c, dirmngr/Makefile.am, dirmngr/crlfetch.c, - dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c, - dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/Makefile.am, - g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/Makefile.am, - scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c, - scd/scdaemon.c, tools/Makefile.am: Port to npth. +2012-01-31 Werner Koch -2012-01-25 Werner Koch + Update copyright year. - Require gitlog-to-changelog to be installed. + Require an installed gitlog_to_changelog for make dist. + * scripts/gitlog-to-changelog: Remove. * Makefile.am (GITLOG_TO_CHANGELOG): New. - (gen-ChangeLog): Use installed version of gitlog-to-changelog. + (gen-ChangeLog): Use it. Add set -e. + + Add Ukrainian translation. + * po/uk.po: New. + * po/LINGUAS: Add uk.po. + + estream: Avoid printing leading zeroes by %p on 32 bit systems. + * common/estream-printf.c (pr_pointer): Synchronize definition of + AULONG with its use. + + gpg: Add a DECRYPTION_INFO status. + * common/status.h (STATUS_DECRYPTION_INFO): New. + * g10/encr-data.c: Include status.h. + (decrypt_data): Emit STATUS_DECRYPTION_INFO line. + +2012-01-20 Werner Koch + + Do not copy default merge commit log entries into the ChangeLog. + * scripts/gitlog-to-changelog: Skip merge commits. + + Add files to .gitignore. 2012-01-20 David Shaw @@ -5831,137 +1902,18 @@ tdbio_write_record): Add a byte for min_cert_level in the tdbio version record. -2012-01-20 Werner Koch - - estream: Fix unclean usage of realloc. - * common/estream-printf.c (_ESTREAM_PRINTF_MALLOC): Remove. - (_ESTREAM_PRINTF_FREE): Remove. - (_ESTREAM_PRINTF_REALLOC): New. - (fixed_realloc) [!_ESTREAM_PRINTF_REALLOC]): New. - (estream_vasprintf): Use my_printf_realloc instead of my_printf_malloc - and my_printf_free. - (dynamic_buffer_out): Use my_printf_realloc instead of realloc. - - Do not copy default merge commit log entries into the ChangeLog. - * scripts/gitlog-to-changelog: Skip merge commits. - -2012-01-18 Ben Kibbey - - Add the INQUIRE_MAXLEN status message. - This status message is used to inform the client of the maximum length - of an inquired passphrase and is used in pinentry-mode=loopback. - - * agent/command.c (pinentry_loopback): Send the INQUIRE_MAXLEN status - message before doing the inquire. - -2012-01-16 Jim Meyering - - yat2m: don't dereference pointer to freed memory. - * doc/yat2m.c (top_parse_file): Correct macrolist-freeing loop. - - gpg-agent: fix lc-messages handling not to change Xauthority setting. - * agent/gpg-agent.c (main): Supply omitted "break" statement for - lc-messages option. Otherwise, control would fall through to the - following oXauthority case and use the same value there. - -2012-01-15 Werner Koch - - Fix indentation. - -2012-01-14 Ben Kibbey - - Fix scdaemon pinentry inquire cancelation. - Similar to commit 29af488 but also fixes PKDECRYPT and PKSIGN. - - * agent/call-scd.c (agent_card_pkdecrypt): Check for GPG_ERR_CANCELED - when returning from the PKDECRYPT operation of scdaemon and cancel the - inquire. - (agent_card_pksign): Ditto. - (cancel_inquire): New. - -2012-01-11 Werner Koch - - gpg: Fix segv with RSA_S keys. - * g10/misc.c (pubkey_get_npkey, pubkey_get_nskey) - (pubkey_get_nsig, pubkey_get_nenc): Map all RSA algo ids to - GCRY_PK_RSA. - - estream: Avoid printing leading zeroes by %p on 32 bit systems. - * common/estream-printf.c (pr_pointer): Synchronize definition of - AULONG with its use. - 2012-01-11 David Shaw Refresh sample keys. -2012-01-10 David Shaw - - Adapt HKP fix for fingerprint/long keyid retrievals for dirmngr. - * dirmngr/ks-engine-hkp.c (ks_hkp_get): Use the longest valid keyid form - -2012-01-06 Werner Koch - - gpg: Make the double space in the middle of a fingerprint optional. - This change might help to c+p a fingerprint from an HTML page without - being enclosed in a "pre" tag. - * common/userids.c (classify_user_id): Skip a second blank in the - middle of a fingerprint. - - gpg: Allow use of a standard space separated fingerprint. - * common/userids.c (classify_user_id): Check for space separated GPG - fingerprint. - -2012-01-06 NIIBE Yutaka - - Merge ccid_driver_improvement branch. - * scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify. - (open_ccid_reader): Use ccid_keypad_operation for verify and modify. - - * scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New. - (ccid_transceive_apdu_level): Permit sending packet where - apdulen <= 289. Support receiving packets in a chain. - (ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920. - Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24. - -2012-01-03 Marcus Brinkmann - - Silence gcc warning. - * sm/call-dirmngr.c (get_cached_cert): Make sure buflen is initialized. - - Revert last change, add comment about link() return values. - * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Do not check - return value of link(). - - Fix compiler warnings. - * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Check return - value of link(). - * g13/g13.c: Make sure err is initialized. - * scd/scdaemon.c (main) [!USE_GCRY_THREAD_CBS]: Do not define ERR. - - Fix last change: Only set gcrypt thread callback for older versions. - * dirmngr/dirmngr.c, g13/g13.c: Rename FIX_GCRY_PTH_INIT to - USE_GCRY_THREAD_CBS. - 2012-01-03 Werner Koch - Terminate csh commands with a semicolon also for dirmngr. - * dirmngr/dirmngr.c (main): Terminate csh style output with a semicolon. - Terminate csh commands with a semicolon. Fixes bug#1386. * agent/gpg-agent.c (main): Terminate csh style output with a semicolon. * scd/scdaemon.c: Ditto. -2012-01-02 Marcus Brinkmann - - Only set gcrypt thread callback for older version of gcrypt. - * agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c - (USE_GCRY_THREAD_CBS): New macro, defined if - GCRY_THREAD_OPTION_VERSION is 0. - (fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define. - (main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks. - 2011-12-28 David Shaw Use the longest key ID available when talking to a HKP server. @@ -5969,235 +1921,21 @@ IDs, this is safe to do. Patch from Daniel Kahn Gillmor . -2011-12-20 Werner Koch - - Post-release version number update. - - Release 2.1.0beta3. - - Prepare for the beta3 release. - - po: Update the German translation. - - Add the STEED Self-Signing Nonthority certificate. - * doc/com-certs.pem: Install it when creating a keybox. - - faq: Add section on US export restrictions. - - Require Libassuan 2.0.3. - * configure.ac: Require Libassuan 2.0.3. - * agent/call-scd.c (ASSUAN_CONVEY_COMMENTS): Remove macro replacement. - * agent/command.c (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Remove - dependency. - (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Ditto. - * scd/command.c (cmd_killscd) [ASSUAN_FORCE_CLOSE]: Ditto. - -2011-12-20 NIIBE Yutaka - - Add error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify. - * scd/apdu.c (pcsc_keypad_verify): Add debug log and error log. - (pcsc_keypad_modify): Likewise. - -2011-12-19 Werner Koch - Ben Kibbey - - scd: Fix for card change returning GPG_ERR_CARD_RESET. - * scd/apdu.c (apdu_connect): Do not test for zero atrlen. - -2011-12-16 NIIBE Yutaka - - Don't kill pinentry by SIGKILL but let it quit by SIGINT. - * agent/call-pinentry.c (agent_popup_message_stop): To pinentry, send - SIGINT (was: SIGKILL). - 2011-12-15 David Shaw Merge fix for issue 1331 from 1.4. * photoid.c (generate_photo_id): Check for the JPEG magic numbers instead of JFIF since some programs generate an EXIF header first. -2011-12-15 Werner Koch - - scd: Prefer application Geldkarte over DINSIG. - * scd/app.c (select_application): Reorder application tests. - - scd: Add option --dump-atr to command APDU. - * scd/atr.c: Rewrite. - * scd/Makefile.am (scdaemon_SOURCES): Add atr.c and atr.h. - * scd/command.c (cmd_apdu): Add option --dump-atr. - - estream: New function es_fclose_snatch. - * common/estream.c (cookie_ioctl_function_t): New type. - (es_fclose_snatch): New function. - (COOKIE_IOCTL_SNATCH_BUFFER): New constant. - (struct estream_internal): Add field FUNC_IOCTL. - (es_initialize): Clear FUNC_IOCTL. - (es_func_mem_ioctl): New function. - (es_fopenmem, es_fopenmem_init): Init FUNC_IOCTL. - -2011-12-14 Werner Koch - - scd: Skip S/N reading for the "undefined" application. - * scd/app.c (select_application): Skip serial number reading. - - scd: Add more status word values for documentation. - - scd: Add the "undefined" stub application. - * scd/app.c (select_application): Implement the "undefined" - application. - - agent: Pass comment lines from scd verbatim thru gpg-agent. - * agent/call-scd.c (pass_status_thru): Pass comment lines verbatim. - * tools/gpg-connect-agent.c (help_cmd_p): New. - (main): Treat an "SCD HELP" the same as "HELP". - - scd: Fix resetting and closing of the reader. - * scd/command.c (update_card_removed): Do no act on an invalid VRDR. - (do_reset): Ignore apdu_reset error codes for no and inactive card. - Close the reader before setting the slot to -1. - (update_reader_status_file): Notify the application before closing the - reader. - - scd: Add debug option for reader function calls. - * scd/scdaemon.h (DBG_READER_VALUE, DBG_READER): New. - * scd/apdu.c (apdu_open_reader, apdu_close_reader) - (apdu_shutdown_reader, apdu_connect, apdu_disconnect) - (apdu_reset, apdu_get_atr, apdu_get_status): Add debug code. - (apdu_activate): Remove this unused function. - -2011-12-13 Werner Koch - - scd: New option --debug-assuan-log-cats. - * scd/scdaemon.c (oDebugAssuanLogCats): New. - (opts): Add option --debug-assuan-log-cats. - (main): Implement option. - * common/asshelp.c (set_libassuan_log_cats): New. - - scd: Introduce a virtual reader table. - The vreader table makes the code more clear by explicitly talking - about APDU slots and reader indices. It also accommodates for future - extensions. - - * scd/scdaemon.h (server_control_s): Remove READER_SLOT. - * scd/scdaemon.c (scd_init_default_ctrl): Do not init READER_SLOT. - * scd/app.c (check_application_conflict): Add arg SLOT. - * scd/command.c (slot_status_s): Rename to vreader_s. - (server_local_s): Add field VREADER_IDX as replacement for - the READER_SLOT in server_control_s. Change all users. - (slot_table): Rename to vreader_table. Change all users. - (vreader_slot): New. - (do_reset, cmd_apdu): Map vreader to apdu slot. - (get_reader_slot): Rename to get_current_reader. Return -1 on error. - (open_card): Map vreader toapdu slot. Pass slot to - check_application_conflict. - (scd_command_handler): Init VREADER_IDX. - (update_reader_status_file): Reset SLOT field on error. - -2011-12-12 Werner Koch - - scd: Retry command SERIALNO for an inactive card. - * scd/command.c (cmd_serialno): Retry once for an inactive card. - - Fix detection of card removal and insertion. - * scd/apdu.c (apdu_connect): Return status codes for no card available - and inactive card. - * scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET. - (open_card): Map apdu_connect status to GPG_ERR_CARD_RESET. - - gitlog-to-changelog: New option --tear-off. - * scripts/gitlog-to-changelog: Add option --tear-off. - * Makefile.am (gen-ChangeLog): Use that option. - -2011-12-07 Werner Koch - - gpgsm: Add new validation model "steed". - * sm/gpgsm.h (VALIDATE_FLAG_STEED): New. - * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed". - * sm/server.c (option_handler): Allow validation model "steed". - * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New. - * sm/certchain.c (do_validate_chain): Handle the - well-known-private-key attribute. Support the "steed" model. - (gpgsm_validate_chain): Ditto. - * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line. - * sm/keylist.c (list_cert_colon): Print the new 'w' flag. - - Correct punctuation in the ChangeLog summary line. - * Makefile.am (gen-ChangeLog): Supply --append-dot. - - Allow comments which will not show up in the ChangeLog. - * scripts/gitlog-to-changelog: Ignore lines after a "--" line. - -2011-12-06 Werner Koch - - gpgsm: Allow specification of an AuthorityKeyIdentifier. - * sm/certreqgen.c (pAUTHKEYID): New. - (read_parameters): Add keyword Authority-Key-Id. - (proc_parameters): Check its value. - (create_request): Insert an Authority-Key-Id. - - gpgsm: Allow arbitrary extensions for cert creation. - * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New. - (read_parameters): Add new keywords. - (proc_parameters): Check values of new keywords. - (create_request): Add SubjectKeyId and extensions. - (parse_parameter_usage): Support "cert" and the encrypt alias "encr". - - gpgsm: Fix storing of the serial number. - * sm/certreqgen.c (create_request): Fix hex-bin conversion. - -2011-12-05 Werner Koch - - Fix last change. - * agent/command.c (start_command_handler): Remove use of removed var. - - Amend the agent code with more comments. - * agent/command.c (server_local_s): Remove unused field MESSAGE_FD. - 2011-12-02 Werner Koch - Support the Cherry ST-2000 card reader. - * scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335) - (SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants. - (parse_ccid_descriptor): Use them. - (scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry - ST-2000. Suggested by Matthias-Christian Ott. - - Avoid possible double free in export.c. - * g10/export.c (transfer_format_to_openpgp): Avoid possible double - free of LIST. Reported by NIIBE Yutaka. - -2011-12-02 NIIBE Yutaka - - Fix pinpad input support for passphrase modification. - * apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0. - (pcsc_keypad_modify): Likewise. - (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA. - bConfirmPIN value is determined by the parameter p0. - - * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when - reset_mode is on, or resetcode is on. use_keypad only makes sense for - iso7816_change_reference_data_kp. - - * iso7816.h (iso7816_put_data_kp): Remove. - (iso7816_reset_retry_counter_kp): Remove. - (iso7816_reset_retry_counter_with_rc_kp): Remove. - (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. - - * iso7816.c (iso7816_put_data_kp): Remove. - (iso7816_reset_retry_counter_kp): Remove. - (iso7816_reset_retry_counter_with_rc_kp): Remove. - (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. - -2011-12-01 Werner Koch - - Add hook to check the commit log syntax. - * autogen.sh: Install commit-msg hook for git. - Generate the ChangeLog from commit logs. * scripts/gitlog-to-changelog: New script. Taken from gnulib. * scripts/git-log-fix: New file. * scripts/git-log-footer: New file. - * doc/HACKING: Describe the ChangeLog policy + * scripts/git-hooks/commit-msg: New script. + * autogen.sh: Install commit-msg hook for git. + * doc/HACKING: Describe the ChangeLog policy. * ChangeLog: New file. * Makefile.am (EXTRA_DIST): Add new files. (gen-ChangeLog): New. @@ -6212,7 +1950,9 @@ details. ----- - Copyright (C) 2011 Free Software Foundation, Inc. + Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, + 2005, 2006, 2007, 2008, 2009, 2010, 2011, + 2012 Free Software Foundation, Inc. Copying and distribution of this file and/or the original GIT commit log messages, with or without modification, are diff -Nru gnupg2-2.1.6/ChangeLog-2011 gnupg2-2.0.28/ChangeLog-2011 --- gnupg2-2.1.6/ChangeLog-2011 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/ChangeLog-2011 2015-06-02 08:13:55.000000000 +0000 @@ -1,235 +1,80 @@ -2011-12-01 Werner Koch +2011-12-02 Werner Koch NB: ChangeLog files are no longer manually maintained. Starting on December 1st, 2011 we put change information only in the GIT commit log, and generate a top-level ChangeLog file from logs at "make dist". See doc/HACKING for details. -2011-11-29 Werner Koch +2011-08-04 Werner Koch - * autogen.sh: Make sure HOME et al have no unsafe characters. + Release 2.0.18. -2011-11-28 Jim Meyering - - accept --with-libgpg-error-prefix as well as --with-gpg-error-prefix - * m4/gpg-error.m4: Update from git master. - -2011-09-23 Werner Koch - - * configure.ac: Remove check for gcry_kdf_derive. - -2011-08-10 Werner Koch - - * configure.ac: Fix new autoconf warnings. - -2011-05-20 Werner Koch - - * configure.ac: Require libgpg-error 1.10. - -2011-03-08 Werner Koch - - Release 2.1.0beta2. - - * configure.ac: Require libgcrypt 1.5.0. - (HAVE_GCRY_PK_ECDH, HAVE_GCRY_PK_GET_CURVE): Remove. - (utmp.h): Check for header. - -2011-02-25 Werner Koch - - * configure.ac: Require libksba 1.2. + * configure.ac: Fix usage of AC_LANG_PROGRAM. + (AC_CHECK_HEADERS): Check for utmp.h. 2011-02-04 Werner Koch * autogen.sh: Ensure that the git pre-commit hoom has been enabled. Add a cleanpo filter if not yet set. -2011-02-03 Werner Koch - - * configure.ac (HAVE_GCRY_PK_GET_CURVE): Use AC_TRY_LINK. - -2011-02-01 Werner Koch - - * configure.ac (HAVE_GCRY_PK_GET_CURVE): Define if availabale. - -2011-01-20 Werner Koch - - * configure.ac (AC_CONFIG_FILES): Remove keyserver/. - -2011-01-19 Werner Koch - - * configure.ac: Add new option --enable-gpg2-is-gpg. - (NAME_OF_INSTALLED_GPG): New ac_define. - * autogen.sh [--build-w32ce]: Use --enable-gpg2-is-gpg. - -2011-01-21 Werner Koch - - * configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP. - (HAVE_GCRY_PK_ECDH): Add new test. - -2011-01-03 Werner Koch - - * README.SVN: Rename to README.GIT. - * Makefile.am (EXTRA_DIST): Adjust for that change. - -2010-12-14 Werner Koch - - * configure.ac (BUILD_WITH_GPG, BUILD_WITH_GPGSM) - (BUILD_WITH_AGENT, BUILD_WITH_SCDAEMON, BUILD_WITH_DIRMNGR) - (BUILD_WITH_G13): New defines. - -2010-11-23 Werner Koch - - * am/cmacros.am (extra_bin_ldflags): New. For W32CE set the stack - size to 256k. - -2010-11-17 Werner Koch - - * configure.ac (ENABLE_CARD_SUPPORT): Define. - -2010-10-27 Werner Koch - - * acinclude.m4 (GNUPG_TIME_T_UNSIGNED): New. - * configure.ac (AC_HEADER_TIME): Include before checking time_t. - (GNUPG_TIME_T_UNSIGNED): Add. - -2010-10-26 Werner Koch - - Release 2.1.0beta1. - -2010-10-18 Werner Koch - - * Makefile.am (install-data-hook): Add W32 specific hook. - -2010-10-08 Werner Koch - - * configure.ac: Add option --enable-dirmngr-auto-start. - (USE_DIRMNGR_AUTO_START): New ac_define. - * autogen.sh <--build-w32ce>: Use new option. - -2010-10-06 Werner Koch - - * configure.ac: Make --enable-standard-socket the default. - -2010-10-04 Werner Koch - - * configure.ac (GNUPG_CHECK_FAQPROG): Remove. - -2010-08-19 Werner Koch - - * configure.ac (AH_BOTTOM): Define GPG_ERR_ENABLE_ERRNO_MACROS. - -2010-08-09 Werner Koch - - * configure.ac (inet_pton): Check for it. +2011-01-13 Werner Koch -2010-08-05 Werner Koch + Release 2.0.17. - * configure.ac (AH_BOTTOM): Remove HTTP_USE_ESTREAM. - -2010-08-02 Werner Koch - - * configure.ac: Require libksba 1.1.0 due to the use of - ksba_reader_set_release_notify. - -2010-07-30 Werner Koch - - * configure.ac (GNUPG_PTH_PATH) [W32]: Require version 2.0.3. - -2010-07-25 Werner Koch - - * configure.ac (USE_LDAPWRAPPER): AC_DEFINE and AM_CONDITIONAL it. - -2010-06-09 Werner Koch - - * configure.ac (GNUPG_DIRMNGR_LDAP_PGM): Add option - --with-dirmngr-ldap-pgm. - - * am/cmacros.am (-DGNUPG_LOCALSTATEDIR): New. - (GNUPG_DEFAULT_DIRMNGR_LDAP): New. - -2010-06-08 Werner Koch - - * configure.ac: Add build support for dirmngr. - (try_ldap): Rename to try_ks_ldap. - (GNUPG_CHECK_LDAP): Also test if dirmngr is to be build. - - * Makefile.am (SUBDIRS): Add dirmngr. - -2010-06-07 Werner Koch - - * dirmngr/: New. +2011-01-11 Werner Koch * configure.ac: Add option --enable-gpgtar. + (AC_CHECK_FUNCS): Add stat. -2010-05-31 Werner Koch - - * configure.ac (AC_CHECK_FUNCS): Check for lstat. - -2010-04-30 Werner Koch - - * configure.ac: Add option --enable-standard-socket. - (USE_STANDARD_SOCKET): ac_define it. + * autogen.sh : Remove superfluous --without-included-gettext. -2010-04-14 Werner Koch +2011-01-10 Werner Koch - * Makefile.am (keyserver) [W32CE]: Do not build for now. + * configure.ac: Support a git_revision string. - * configure.ac (use_zip): New. - (--disable-zip): New option. - (HAVE_ZIP): New. - * autogen.sh : Disable ZIP. +2010-07-19 Werner Koch -2010-04-07 Werner Koch + Release 2.0.16. - * autogen.sh: Take a .gnupg-autogen.rc file in account. + * configure.ac: Require libgpg-error 1.7 and libksba 1.0.7 to + force building with more recent versions. - * gl/mkdtemp.c (getpid) [W32CE]: New macro. +2010-05-04 Werner Koch -2010-03-24 Werner Koch - - * configure.ac (AH_BOTTOM): Use /gnupg as the default homedir on - dosish systems which don't support drive letters (e.g. W32CE). + * configure.ac: Add option --enable-standard-socket. - * am/cmacros.am (extra_sys_libs): New. +2010-03-09 Werner Koch -2010-03-23 Werner Koch + Release 2.0.15. - * configure.ac (W32SOCKLIBS): Change value for W32CE. + * configure.ac: Add option --disable-ccid-driver. -2010-03-12 Werner Koch +2010-02-18 Werner Koch - * configure.ac (AC_INIT): Prepare for using git. + Release 2.0.15rc1. -2010-03-10 Werner Koch + * configure.ac: Remove double check for libassuan. - * jnlib/: Move all code to common/. - * Makefile.am (SUBDIRS): Remove jnlib. - * configure.ac (AC_CONFIG_FILES): Remove jnlib/Makefile. +2010-02-11 Marcus Brinkmann - * configure.ac (AM_PATH_LIBASSUAN): Remove double test. - * acinclude.m4 (GNUPG_CHECK_ENDIAN): Remove bogus warning. + From trunk 2009-10-16: -2010-03-09 Werner Koch + * configure.ac: Check for libassuan instead of libassuan-pth. - * configure.ac: Add option --disable-ccid-driver. - (AH_BOTTOM): Define GPG_ERR_ENABLE_GETTEXT_MACROS. +2009-10-12 Werner Koch -2010-02-26 Werner Koch + From trunk 2009-09-23: - * gl/mkdtemp.c (__set_errno) [W32CE]: Use gpg_err_set_errno. - * gl/setenv.c (__set_errno) [W32CE]: Ditto. - * gl/unsetenv.c (__set_errno) [W32CE]: Ditto. + * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): + Update to new API (2, 1.1.0). - * configure.ac (HAVE_W32CE_SYSTEM): New ac_define and - am_conditional. - (signal.h, getenv): Check for them. +2009-12-21 Werner Koch - * autogen.sh: New option --build-w32ce. Remove obsolete option - --without-included-gettext. + Release 2.0.14. 2009-12-08 Werner Koch - * configure.ac (USE_DNS_CERT): Support ADNS. + * configure.ac (USE_DNS_CERT): Support via ADNS. 2009-12-07 Werner Koch @@ -237,34 +82,6 @@ resolver. (USE_ADNS): Fallback macro for PKA and CERT lookups. -2009-10-20 Marcus Brinkmann - - * configure.ac: Check for fusermount and encfs. - -2009-10-16 Marcus Brinkmann - - * configure.ac: Check for libassuan instead of libassuan-pth. - -2009-10-12 Werner Koch - - * configure.ac: Use -O3 because newer gcc versions require that - for uninitialized variable warnings. - -2009-09-23 Werner Koch - - * configure.ac (HAVE_ASSUAN_SET_IO_MONITOR): Remove test. - (_ASSUAN_ONLY_GPG_ERRORS): Remove. - -2009-09-23 Marcus Brinkmann - - * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): - Update to new API (2, 1.1.0). - -2009-09-21 Werner Koch - - Start a new development branch in the SVN trunk. The stable one - is now known in the SVN as branches/GNUPG-STABLE-2-0. - 2009-09-04 Werner Koch Release 2.0.13. @@ -659,7 +476,7 @@ 2006-09-06 Werner Koch * configure.ac: Define _ASSUAN_ONLY_GPG_ERRORS. Require Assuan - 0.9 and libgpg-error 1.4. + 0.9 and libgpg-error 1.4 2006-08-31 Werner Koch @@ -1183,13 +1000,13 @@ 2002-10-19 Werner Koch - * configure.ac: Bumped version number to GnuPG 1.9.0-cvs. + * configure.ac: Bumped version number to 1.9.0-cvs. NewPG (Aegypten project) to GnuPG merge. 2002-09-20 Werner Koch - Released NewPG 0.9.2. + Released 0.9.2. 2002-09-05 Neal H. Walfield @@ -1203,14 +1020,14 @@ 2002-08-23 Werner Koch - Released NewPG 0.9.1. + Released 0.9.1. * acinclude.m4 (AM_PATH_LIBGCRYPT): Updated from Libgcrypt. (AM_PATH_OPENSC): Strip non-digits from the micro version. 2002-08-21 Werner Koch - Released NewPG 0.9.0. + Released 0.9.0. * configure.ac: Changed the default homedir to .gnupg. * README-alpha: Removed. @@ -1226,7 +1043,7 @@ 2002-08-10 Werner Koch - Released NewPG 0.3.10. + Released 0.3.10. * configure.ac (NEED_LIBKSBA_VERSION): Require 0.4.4. Add support for gettext. @@ -1237,7 +1054,7 @@ 2002-07-01 Werner Koch - Released NewPG 0.3.9. + Released 0.3.9. * README: Short note on how to export in pkcs-12 format. @@ -1254,7 +1071,7 @@ 2002-06-25 Werner Koch - Released NewPG 0.3.8. + Released 0.3.8. * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.1.8. @@ -1264,7 +1081,7 @@ 2002-06-04 Werner Koch - Released NewPG 0.3.7. + Released 0.3.7. 2002-05-21 Werner Koch @@ -1273,11 +1090,11 @@ 2002-05-14 Werner Koch * doc/: New - * configure.ac, Makefile.am: Added doc/. + * configure.ac, Makefile.am: Added doc/ 2002-05-03 Werner Koch - Released NewPG 0.3.6. + Released 0.3.6. 2002-04-25 Werner Koch @@ -1289,7 +1106,7 @@ 2002-04-15 Werner Koch - Released NewPG 0.3.5. + Released 0.3.5. * NEWS: Started to describe release notes. @@ -1297,11 +1114,11 @@ 2002-04-01 Werner Koch - Released NewPG 0.3.4. + Released 0.3.4. 2002-03-18 Werner Koch - Released NewPG 0.3.3. + Released 0.3.3. 2002-03-08 Werner Koch @@ -1309,11 +1126,11 @@ 2002-03-06 Werner Koch - Released NewPG 0.3.2. + Released 0.3.2. 2002-03-04 Werner Koch - Released NewPG 0.3.1. + Released 0.3.1. * README: Explained some options and files. @@ -1335,7 +1152,7 @@ 2002-02-07 Werner Koch - Released NewPG 0.3.0. + Released 0.3.0. * configure.ac: Require libgcrypt 1.1.6. @@ -1361,7 +1178,7 @@ 2001-12-18 Werner Koch - Released NewPG 0.0.0. + Released 0.0.0. 2001-12-17 Werner Koch @@ -1378,7 +1195,7 @@ * configure.ac (HAVE_JNLIB_LOGGING): always define it. - Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007. + Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives @@ -1388,7 +1205,3 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -Local Variables: -buffer-read-only: t -End: diff -Nru gnupg2-2.1.6/common/agent-opt.c gnupg2-2.0.28/common/agent-opt.c --- gnupg2-2.1.6/common/agent-opt.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/common/agent-opt.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,71 +0,0 @@ -/* agent-opt.c - Helper for certain agent options - * Copyright (C) 2013 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * This file is free software; you can redistribute it and/or modify - * it under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include -#include -#include - -#include "shareddefs.h" - - -/* Parse VALUE and return an integer representing a pinentry_mode_t. - (-1) is returned for an invalid VALUE. */ -int -parse_pinentry_mode (const char *value) -{ - int result; - - if (!strcmp (value, "ask") || !strcmp (value, "default")) - result = PINENTRY_MODE_ASK; - else if (!strcmp (value, "cancel")) - result = PINENTRY_MODE_CANCEL; - else if (!strcmp (value, "error")) - result = PINENTRY_MODE_ERROR; - else if (!strcmp (value, "loopback")) - result = PINENTRY_MODE_LOOPBACK; - else - result = -1; - - return result; -} - -/* Return the string representation for the pinentry MODE. Returns - "?" for an invalid mode. */ -const char * -str_pinentry_mode (pinentry_mode_t mode) -{ - switch (mode) - { - case PINENTRY_MODE_ASK: return "ask"; - case PINENTRY_MODE_CANCEL: return "cancel"; - case PINENTRY_MODE_ERROR: return "error"; - case PINENTRY_MODE_LOOPBACK: return "loopback"; - } - return "?"; -} diff -Nru gnupg2-2.1.6/common/argparse.c gnupg2-2.0.28/common/argparse.c --- gnupg2-2.1.6/common/argparse.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/common/argparse.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,1602 +0,0 @@ -/* [argparse.c wk 17.06.97] Argument Parser for option handling - * Copyright (C) 1998-2001, 2006-2008, 2012 Free Software Foundation, Inc. - * Copyright (C) 1997-2001, 2006-2008, 2013-2015 Werner Koch - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify it - * under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. - * - * GnuPG is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copies of the GNU General Public License - * and the GNU Lesser General Public License along with this program; - * if not, see . - */ - -/* This file may be used as part of GnuPG or standalone. A GnuPG - build is detected by the presence of the macro GNUPG_MAJOR_VERSION. - Some feature are only availalbe in the GnuPG build mode. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#include -#include -#include - -#ifdef GNUPG_MAJOR_VERSION -# include "util.h" -# include "common-defs.h" -# include "i18n.h" -# include "mischelp.h" -# include "stringhelp.h" -# include "logging.h" -# include "utf8conv.h" -#endif /*GNUPG_MAJOR_VERSION*/ - -#include "argparse.h" - -/* GnuPG uses GPLv3+ but a standalone version of this defaults to - GPLv2+ because that is the license of this file. Change this if - you include it in a program which uses GPLv3. If you don't want to - set a a copyright string for your usage() you may also hardcode it - here. */ -#ifndef GNUPG_MAJOR_VERSION - -# define ARGPARSE_GPL_VERSION 2 -# define ARGPARSE_CRIGHT_STR "Copyright (C) YEAR NAME" - -#else /* Used by GnuPG */ - -# define ARGPARSE_GPL_VERSION 3 -# define ARGPARSE_CRIGHT_STR "Copyright (C) 2015 Free Software Foundation, Inc." - -#endif /*GNUPG_MAJOR_VERSION*/ - -/* Replacements for standalone builds. */ -#ifndef GNUPG_MAJOR_VERSION -# ifndef _ -# define _(a) (a) -# endif -# ifndef DIM -# define DIM(v) (sizeof(v)/sizeof((v)[0])) -# endif -# define xtrymalloc(a) malloc ((a)) -# define xtryrealloc(a,b) realloc ((a), (b)) -# define xtrystrdup(a) strdup ((a)) -# define xfree(a) free ((a)) -# define log_error my_log_error -# define log_bug my_log_bug -# define trim_spaces(a) my_trim_spaces ((a)) -# define map_static_macro_string(a) (a) -#endif /*!GNUPG_MAJOR_VERSION*/ - - -#define ARGPARSE_STR(v) #v -#define ARGPARSE_STR2(v) ARGPARSE_STR(v) - - -/* Replacements for standalone builds. */ -#ifndef GNUPG_MAJOR_VERSION -static void -my_log_error (const char *fmt, ...) -{ - va_list arg_ptr ; - - va_start (arg_ptr, fmt); - fprintf (stderr, "%s: ", strusage (11)); - vfprintf (stderr, fmt, arg_ptr); - va_end (arg_ptr); -} - -static void -my_log_bug (const char *fmt, ...) -{ - va_list arg_ptr ; - - va_start (arg_ptr, fmt); - fprintf (stderr, "%s: Ohhhh jeeee: ", strusage (11)); - vfprintf (stderr, fmt, arg_ptr); - va_end (arg_ptr); - abort (); -} - -static char * -my_trim_spaces (char *str) -{ - char *string, *p, *mark; - - string = str; - /* Find first non space character. */ - for (p=string; *p && isspace (*(unsigned char*)p) ; p++) - ; - /* Move characters. */ - for ((mark = NULL); (*string = *p); string++, p++) - if (isspace (*(unsigned char*)p)) - { - if (!mark) - mark = string; - } - else - mark = NULL; - if (mark) - *mark = '\0' ; /* Remove trailing spaces. */ - - return str ; -} - -#endif /*!GNUPG_MAJOR_VERSION*/ - - - -/********************************* - * @Summary arg_parse - * #include "argparse.h" - * - * typedef struct { - * char *argc; pointer to argc (value subject to change) - * char ***argv; pointer to argv (value subject to change) - * unsigned flags; Global flags (DO NOT CHANGE) - * int err; print error about last option - * 1 = warning, 2 = abort - * int r_opt; return option - * int r_type; type of return value (0 = no argument found) - * union { - * int ret_int; - * long ret_long - * ulong ret_ulong; - * char *ret_str; - * } r; Return values - * struct { - * int idx; - * const char *last; - * void *aliases; - * } internal; DO NOT CHANGE - * } ARGPARSE_ARGS; - * - * typedef struct { - * int short_opt; - * const char *long_opt; - * unsigned flags; - * } ARGPARSE_OPTS; - * - * int arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts ); - * - * @Description - * This is my replacement for getopt(). See the example for a typical usage. - * Global flags are: - * Bit 0 : Do not remove options form argv - * Bit 1 : Do not stop at last option but return other args - * with r_opt set to -1. - * Bit 2 : Assume options and real args are mixed. - * Bit 3 : Do not use -- to stop option processing. - * Bit 4 : Do not skip the first arg. - * Bit 5 : allow usage of long option with only one dash - * Bit 6 : ignore --version - * all other bits must be set to zero, this value is modified by the - * function, so assume this is write only. - * Local flags (for each option): - * Bit 2-0 : 0 = does not take an argument - * 1 = takes int argument - * 2 = takes string argument - * 3 = takes long argument - * 4 = takes ulong argument - * Bit 3 : argument is optional (r_type will the be set to 0) - * Bit 4 : allow 0x etc. prefixed values. - * Bit 6 : Ignore this option - * Bit 7 : This is a command and not an option - * You stop the option processing by setting opts to NULL, the function will - * then return 0. - * @Return Value - * Returns the args.r_opt or 0 if ready - * r_opt may be -2/-7 to indicate an unknown option/command. - * @See Also - * ArgExpand - * @Notes - * You do not need to process the options 'h', '--help' or '--version' - * because this function includes standard help processing; but if you - * specify '-h', '--help' or '--version' you have to do it yourself. - * The option '--' stops argument processing; if bit 1 is set the function - * continues to return normal arguments. - * To process float args or unsigned args you must use a string args and do - * the conversion yourself. - * @Example - * - * ARGPARSE_OPTS opts[] = { - * { 'v', "verbose", 0 }, - * { 'd', "debug", 0 }, - * { 'o', "output", 2 }, - * { 'c', "cross-ref", 2|8 }, - * { 'm', "my-option", 1|8 }, - * { 300, "ignored-long-option, ARGPARSE_OP_IGNORE}, - * { 500, "have-no-short-option-for-this-long-option", 0 }, - * {0} }; - * ARGPARSE_ARGS pargs = { &argc, &argv, 0 } - * - * while( ArgParse( &pargs, &opts) ) { - * switch( pargs.r_opt ) { - * case 'v': opt.verbose++; break; - * case 'd': opt.debug++; break; - * case 'o': opt.outfile = pargs.r.ret_str; break; - * case 'c': opt.crf = pargs.r_type? pargs.r.ret_str:"a.crf"; break; - * case 'm': opt.myopt = pargs.r_type? pargs.r.ret_int : 1; break; - * case 500: opt.a_long_one++; break - * default : pargs.err = 1; break; -- force warning output -- - * } - * } - * if( argc > 1 ) - * log_fatal( "Too many args"); - * - */ - -typedef struct alias_def_s *ALIAS_DEF; -struct alias_def_s { - ALIAS_DEF next; - char *name; /* malloced buffer with name, \0, value */ - const char *value; /* ptr into name */ -}; - - -/* Object to store the names for the --ignore-invalid-option option. - This is a simple linked list. */ -typedef struct iio_item_def_s *IIO_ITEM_DEF; -struct iio_item_def_s -{ - IIO_ITEM_DEF next; - char name[1]; /* String with the long option name. */ -}; - -static const char *(*strusage_handler)( int ) = NULL; -static int (*custom_outfnc) (int, const char *); - -static int set_opt_arg(ARGPARSE_ARGS *arg, unsigned flags, char *s); -static void show_help(ARGPARSE_OPTS *opts, unsigned flags); -static void show_version(void); -static int writestrings (int is_error, const char *string, ...) -#if __GNUC__ >= 4 - __attribute__ ((sentinel(0))) -#endif - ; - - -void -argparse_register_outfnc (int (*fnc)(int, const char *)) -{ - custom_outfnc = fnc; -} - - -/* Write STRING and all following const char * arguments either to - stdout or, if IS_ERROR is set, to stderr. The list of strings must - be terminated by a NULL. */ -static int -writestrings (int is_error, const char *string, ...) -{ - va_list arg_ptr; - const char *s; - int count = 0; - - if (string) - { - s = string; - va_start (arg_ptr, string); - do - { - if (custom_outfnc) - custom_outfnc (is_error? 2:1, s); - else - fputs (s, is_error? stderr : stdout); - count += strlen (s); - } - while ((s = va_arg (arg_ptr, const char *))); - va_end (arg_ptr); - } - return count; -} - - -static void -flushstrings (int is_error) -{ - if (custom_outfnc) - custom_outfnc (is_error? 2:1, NULL); - else - fflush (is_error? stderr : stdout); -} - - -static void -initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno ) -{ - if( !(arg->flags & (1<<15)) ) - { - /* Initialize this instance. */ - arg->internal.idx = 0; - arg->internal.last = NULL; - arg->internal.inarg = 0; - arg->internal.stopped = 0; - arg->internal.aliases = NULL; - arg->internal.cur_alias = NULL; - arg->internal.iio_list = NULL; - arg->err = 0; - arg->flags |= 1<<15; /* Mark as initialized. */ - if ( *arg->argc < 0 ) - log_bug ("invalid argument for arg_parse\n"); - } - - - if (arg->err) - { - /* Last option was erroneous. */ - const char *s; - - if (filename) - { - if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG ) - s = _("argument not expected"); - else if ( arg->r_opt == ARGPARSE_READ_ERROR ) - s = _("read error"); - else if ( arg->r_opt == ARGPARSE_KEYWORD_TOO_LONG ) - s = _("keyword too long"); - else if ( arg->r_opt == ARGPARSE_MISSING_ARG ) - s = _("missing argument"); - else if ( arg->r_opt == ARGPARSE_INVALID_ARG ) - s = _("invalid argument"); - else if ( arg->r_opt == ARGPARSE_INVALID_COMMAND ) - s = _("invalid command"); - else if ( arg->r_opt == ARGPARSE_INVALID_ALIAS ) - s = _("invalid alias definition"); - else if ( arg->r_opt == ARGPARSE_OUT_OF_CORE ) - s = _("out of core"); - else - s = _("invalid option"); - log_error ("%s:%u: %s\n", filename, *lineno, s); - } - else - { - s = arg->internal.last? arg->internal.last:"[??]"; - - if ( arg->r_opt == ARGPARSE_MISSING_ARG ) - log_error (_("missing argument for option \"%.50s\"\n"), s); - else if ( arg->r_opt == ARGPARSE_INVALID_ARG ) - log_error (_("invalid argument for option \"%.50s\"\n"), s); - else if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG ) - log_error (_("option \"%.50s\" does not expect an argument\n"), s); - else if ( arg->r_opt == ARGPARSE_INVALID_COMMAND ) - log_error (_("invalid command \"%.50s\"\n"), s); - else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_OPTION ) - log_error (_("option \"%.50s\" is ambiguous\n"), s); - else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_COMMAND ) - log_error (_("command \"%.50s\" is ambiguous\n"),s ); - else if ( arg->r_opt == ARGPARSE_OUT_OF_CORE ) - log_error ("%s\n", _("out of core\n")); - else - log_error (_("invalid option \"%.50s\"\n"), s); - } - if (arg->err != ARGPARSE_PRINT_WARNING) - exit (2); - arg->err = 0; - } - - /* Zero out the return value union. */ - arg->r.ret_str = NULL; - arg->r.ret_long = 0; -} - - -static void -store_alias( ARGPARSE_ARGS *arg, char *name, char *value ) -{ - /* TODO: replace this dummy function with a rea one - * and fix the probelms IRIX has with (ALIAS_DEV)arg.. - * used as lvalue - */ - (void)arg; - (void)name; - (void)value; -#if 0 - ALIAS_DEF a = xmalloc( sizeof *a ); - a->name = name; - a->value = value; - a->next = (ALIAS_DEF)arg->internal.aliases; - (ALIAS_DEF)arg->internal.aliases = a; -#endif -} - - -/* Return true if KEYWORD is in the ignore-invalid-option list. */ -static int -ignore_invalid_option_p (ARGPARSE_ARGS *arg, const char *keyword) -{ - IIO_ITEM_DEF item = arg->internal.iio_list; - - for (; item; item = item->next) - if (!strcmp (item->name, keyword)) - return 1; - return 0; -} - - -/* Add the keywords up to the next LF to the list of to be ignored - options. After returning FP will either be at EOF or the next - character read wll be the first of a new line. The function - returns 0 on success or true on malloc failure. */ -static int -ignore_invalid_option_add (ARGPARSE_ARGS *arg, FILE *fp) -{ - IIO_ITEM_DEF item; - int c; - char name[100]; - int namelen = 0; - int ready = 0; - enum { skipWS, collectNAME, skipNAME, addNAME} state = skipWS; - - while (!ready) - { - c = getc (fp); - if (c == '\n') - ready = 1; - else if (c == EOF) - { - c = '\n'; - ready = 1; - } - again: - switch (state) - { - case skipWS: - if (!isascii (c) || !isspace(c)) - { - namelen = 0; - state = collectNAME; - goto again; - } - break; - - case collectNAME: - if (isspace (c)) - { - state = addNAME; - goto again; - } - else if (namelen < DIM(name)-1) - name[namelen++] = c; - else /* Too long. */ - state = skipNAME; - break; - - case skipNAME: - if (isspace (c)) - { - state = skipWS; - goto again; - } - break; - - case addNAME: - name[namelen] = 0; - if (!ignore_invalid_option_p (arg, name)) - { - item = xtrymalloc (sizeof *item + namelen); - if (!item) - return 1; - strcpy (item->name, name); - item->next = (IIO_ITEM_DEF)arg->internal.iio_list; - arg->internal.iio_list = item; - } - state = skipWS; - goto again; - } - } - return 0; -} - - -/* Clear the entire ignore-invalid-option list. */ -static void -ignore_invalid_option_clear (ARGPARSE_ARGS *arg) -{ - IIO_ITEM_DEF item, tmpitem; - - for (item = arg->internal.iio_list; item; item = tmpitem) - { - tmpitem = item->next; - xfree (item); - } - arg->internal.iio_list = NULL; -} - - - -/**************** - * Get options from a file. - * Lines starting with '#' are comment lines. - * Syntax is simply a keyword and the argument. - * Valid keywords are all keywords from the long_opt list without - * the leading dashes. The special keywords "help", "warranty" and "version" - * are not valid here. - * The special keyword "alias" may be used to store alias definitions, - * which are later expanded like long options. - * The option - * ignore-invalid-option OPTIONNAMEs - * is recognized and updates a list of option which should be ignored if they - * are not defined. - * Caller must free returned strings. - * If called with FP set to NULL command line args are parse instead. - * - * Q: Should we allow the syntax - * keyword = value - * and accept for boolean options a value of 1/0, yes/no or true/false? - * Note: Abbreviation of options is here not allowed. - */ -int -optfile_parse (FILE *fp, const char *filename, unsigned *lineno, - ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) -{ - int state, i, c; - int idx=0; - char keyword[100]; - char *buffer = NULL; - size_t buflen = 0; - int in_alias=0; - - if (!fp) /* Divert to to arg_parse() in this case. */ - return arg_parse (arg, opts); - - initialize (arg, filename, lineno); - - /* Find the next keyword. */ - state = i = 0; - for (;;) - { - c = getc (fp); - if (c == '\n' || c== EOF ) - { - if ( c != EOF ) - ++*lineno; - if (state == -1) - break; - else if (state == 2) - { - keyword[i] = 0; - for (i=0; opts[i].short_opt; i++ ) - { - if (opts[i].long_opt && !strcmp (opts[i].long_opt, keyword)) - break; - } - idx = i; - arg->r_opt = opts[idx].short_opt; - if ((opts[idx].flags & ARGPARSE_OPT_IGNORE)) - { - state = i = 0; - continue; - } - else if (!opts[idx].short_opt ) - { - if (!strcmp (keyword, "ignore-invalid-option")) - { - /* No argument - ignore this meta option. */ - state = i = 0; - continue; - } - else if (ignore_invalid_option_p (arg, keyword)) - { - /* This invalid option is in the iio list. */ - state = i = 0; - continue; - } - arg->r_opt = ((opts[idx].flags & ARGPARSE_OPT_COMMAND) - ? ARGPARSE_INVALID_COMMAND - : ARGPARSE_INVALID_OPTION); - } - else if (!(opts[idx].flags & ARGPARSE_TYPE_MASK)) - arg->r_type = 0; /* Does not take an arg. */ - else if ((opts[idx].flags & ARGPARSE_OPT_OPTIONAL) ) - arg->r_type = 0; /* Arg is optional. */ - else - arg->r_opt = ARGPARSE_MISSING_ARG; - - break; - } - else if (state == 3) - { - /* No argument found. */ - if (in_alias) - arg->r_opt = ARGPARSE_MISSING_ARG; - else if (!(opts[idx].flags & ARGPARSE_TYPE_MASK)) - arg->r_type = 0; /* Does not take an arg. */ - else if ((opts[idx].flags & ARGPARSE_OPT_OPTIONAL)) - arg->r_type = 0; /* No optional argument. */ - else - arg->r_opt = ARGPARSE_MISSING_ARG; - - break; - } - else if (state == 4) - { - /* Has an argument. */ - if (in_alias) - { - if (!buffer) - arg->r_opt = ARGPARSE_UNEXPECTED_ARG; - else - { - char *p; - - buffer[i] = 0; - p = strpbrk (buffer, " \t"); - if (p) - { - *p++ = 0; - trim_spaces (p); - } - if (!p || !*p) - { - xfree (buffer); - arg->r_opt = ARGPARSE_INVALID_ALIAS; - } - else - { - store_alias (arg, buffer, p); - } - } - } - else if (!(opts[idx].flags & ARGPARSE_TYPE_MASK)) - arg->r_opt = ARGPARSE_UNEXPECTED_ARG; - else - { - char *p; - - if (!buffer) - { - keyword[i] = 0; - buffer = xtrystrdup (keyword); - if (!buffer) - arg->r_opt = ARGPARSE_OUT_OF_CORE; - } - else - buffer[i] = 0; - - if (buffer) - { - trim_spaces (buffer); - p = buffer; - if (*p == '"') - { - /* Remove quotes. */ - p++; - if (*p && p[strlen(p)-1] == '\"' ) - p[strlen(p)-1] = 0; - } - if (!set_opt_arg (arg, opts[idx].flags, p)) - xfree (buffer); - } - } - break; - } - else if (c == EOF) - { - ignore_invalid_option_clear (arg); - if (ferror (fp)) - arg->r_opt = ARGPARSE_READ_ERROR; - else - arg->r_opt = 0; /* EOF. */ - break; - } - state = 0; - i = 0; - } - else if (state == -1) - ; /* Skip. */ - else if (state == 0 && isascii (c) && isspace(c)) - ; /* Skip leading white space. */ - else if (state == 0 && c == '#' ) - state = 1; /* Start of a comment. */ - else if (state == 1) - ; /* Skip comments. */ - else if (state == 2 && isascii (c) && isspace(c)) - { - /* Check keyword. */ - keyword[i] = 0; - for (i=0; opts[i].short_opt; i++ ) - if (opts[i].long_opt && !strcmp (opts[i].long_opt, keyword)) - break; - idx = i; - arg->r_opt = opts[idx].short_opt; - if ((opts[idx].flags & ARGPARSE_OPT_IGNORE)) - { - state = 1; /* Process like a comment. */ - } - else if (!opts[idx].short_opt) - { - if (!strcmp (keyword, "alias")) - { - in_alias = 1; - state = 3; - } - else if (!strcmp (keyword, "ignore-invalid-option")) - { - if (ignore_invalid_option_add (arg, fp)) - { - arg->r_opt = ARGPARSE_OUT_OF_CORE; - break; - } - state = i = 0; - ++*lineno; - } - else if (ignore_invalid_option_p (arg, keyword)) - state = 1; /* Process like a comment. */ - else - { - arg->r_opt = ((opts[idx].flags & ARGPARSE_OPT_COMMAND) - ? ARGPARSE_INVALID_COMMAND - : ARGPARSE_INVALID_OPTION); - state = -1; /* Skip rest of line and leave. */ - } - } - else - state = 3; - } - else if (state == 3) - { - /* Skip leading spaces of the argument. */ - if (!isascii (c) || !isspace(c)) - { - i = 0; - keyword[i++] = c; - state = 4; - } - } - else if (state == 4) - { - /* Collect the argument. */ - if (buffer) - { - if (i < buflen-1) - buffer[i++] = c; - else - { - char *tmp; - size_t tmplen = buflen + 50; - - tmp = xtryrealloc (buffer, tmplen); - if (tmp) - { - buflen = tmplen; - buffer = tmp; - buffer[i++] = c; - } - else - { - xfree (buffer); - arg->r_opt = ARGPARSE_OUT_OF_CORE; - break; - } - } - } - else if (i < DIM(keyword)-1) - keyword[i++] = c; - else - { - size_t tmplen = DIM(keyword) + 50; - buffer = xtrymalloc (tmplen); - if (buffer) - { - buflen = tmplen; - memcpy(buffer, keyword, i); - buffer[i++] = c; - } - else - { - arg->r_opt = ARGPARSE_OUT_OF_CORE; - break; - } - } - } - else if (i >= DIM(keyword)-1) - { - arg->r_opt = ARGPARSE_KEYWORD_TOO_LONG; - state = -1; /* Skip rest of line and leave. */ - } - else - { - keyword[i++] = c; - state = 2; - } - } - - return arg->r_opt; -} - - - -static int -find_long_option( ARGPARSE_ARGS *arg, - ARGPARSE_OPTS *opts, const char *keyword ) -{ - int i; - size_t n; - - (void)arg; - - /* Would be better if we can do a binary search, but it is not - possible to reorder our option table because we would mess - up our help strings - What we can do is: Build a nice option - lookup table wehn this function is first invoked */ - if( !*keyword ) - return -1; - for(i=0; opts[i].short_opt; i++ ) - if( opts[i].long_opt && !strcmp( opts[i].long_opt, keyword) ) - return i; -#if 0 - { - ALIAS_DEF a; - /* see whether it is an alias */ - for( a = args->internal.aliases; a; a = a->next ) { - if( !strcmp( a->name, keyword) ) { - /* todo: must parse the alias here */ - args->internal.cur_alias = a; - return -3; /* alias available */ - } - } - } -#endif - /* not found, see whether it is an abbreviation */ - /* aliases may not be abbreviated */ - n = strlen( keyword ); - for(i=0; opts[i].short_opt; i++ ) { - if( opts[i].long_opt && !strncmp( opts[i].long_opt, keyword, n ) ) { - int j; - for(j=i+1; opts[j].short_opt; j++ ) { - if( opts[j].long_opt - && !strncmp( opts[j].long_opt, keyword, n ) ) - return -2; /* abbreviation is ambiguous */ - } - return i; - } - } - return -1; /* Not found. */ -} - -int -arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) -{ - int idx; - int argc; - char **argv; - char *s, *s2; - int i; - - initialize( arg, NULL, NULL ); - argc = *arg->argc; - argv = *arg->argv; - idx = arg->internal.idx; - - if (!idx && argc && !(arg->flags & ARGPARSE_FLAG_ARG0)) - { - /* Skip the first argument. */ - argc--; argv++; idx++; - } - - next_one: - if (!argc) - { - /* No more args. */ - arg->r_opt = 0; - goto leave; /* Ready. */ - } - - s = *argv; - arg->internal.last = s; - - if (arg->internal.stopped && (arg->flags & ARGPARSE_FLAG_ALL)) - { - arg->r_opt = ARGPARSE_IS_ARG; /* Not an option but an argument. */ - arg->r_type = 2; - arg->r.ret_str = s; - argc--; argv++; idx++; /* set to next one */ - } - else if( arg->internal.stopped ) - { - arg->r_opt = 0; - goto leave; /* Ready. */ - } - else if ( *s == '-' && s[1] == '-' ) - { - /* Long option. */ - char *argpos; - - arg->internal.inarg = 0; - if (!s[2] && !(arg->flags & ARGPARSE_FLAG_NOSTOP)) - { - /* Stop option processing. */ - arg->internal.stopped = 1; - arg->flags |= ARGPARSE_FLAG_STOP_SEEN; - argc--; argv++; idx++; - goto next_one; - } - - argpos = strchr( s+2, '=' ); - if ( argpos ) - *argpos = 0; - i = find_long_option ( arg, opts, s+2 ); - if ( argpos ) - *argpos = '='; - - if ( i < 0 && !strcmp ( "help", s+2) ) - show_help (opts, arg->flags); - else if ( i < 0 && !strcmp ( "version", s+2) ) - { - if (!(arg->flags & ARGPARSE_FLAG_NOVERSION)) - { - show_version (); - exit(0); - } - } - else if ( i < 0 && !strcmp( "warranty", s+2)) - { - writestrings (0, strusage (16), "\n", NULL); - exit (0); - } - else if ( i < 0 && !strcmp( "dump-options", s+2) ) - { - for (i=0; opts[i].short_opt; i++ ) - { - if (opts[i].long_opt && !(opts[i].flags & ARGPARSE_OPT_IGNORE)) - writestrings (0, "--", opts[i].long_opt, "\n", NULL); - } - writestrings (0, "--dump-options\n--help\n--version\n--warranty\n", - NULL); - exit (0); - } - - if ( i == -2 ) - arg->r_opt = ARGPARSE_AMBIGUOUS_OPTION; - else if ( i == -1 ) - { - arg->r_opt = ARGPARSE_INVALID_OPTION; - arg->r.ret_str = s+2; - } - else - arg->r_opt = opts[i].short_opt; - if ( i < 0 ) - ; - else if ( (opts[i].flags & ARGPARSE_TYPE_MASK) ) - { - if ( argpos ) - { - s2 = argpos+1; - if ( !*s2 ) - s2 = NULL; - } - else - s2 = argv[1]; - if ( !s2 && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) ) - { - arg->r_type = ARGPARSE_TYPE_NONE; /* Argument is optional. */ - } - else if ( !s2 ) - { - arg->r_opt = ARGPARSE_MISSING_ARG; - } - else if ( !argpos && *s2 == '-' - && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) ) - { - /* The argument is optional and the next seems to be an - option. We do not check this possible option but - assume no argument */ - arg->r_type = ARGPARSE_TYPE_NONE; - } - else - { - set_opt_arg (arg, opts[i].flags, s2); - if ( !argpos ) - { - argc--; argv++; idx++; /* Skip one. */ - } - } - } - else - { - /* Does not take an argument. */ - if ( argpos ) - arg->r_type = ARGPARSE_UNEXPECTED_ARG; - else - arg->r_type = 0; - } - argc--; argv++; idx++; /* Set to next one. */ - } - else if ( (*s == '-' && s[1]) || arg->internal.inarg ) - { - /* Short option. */ - int dash_kludge = 0; - - i = 0; - if ( !arg->internal.inarg ) - { - arg->internal.inarg++; - if ( (arg->flags & ARGPARSE_FLAG_ONEDASH) ) - { - for (i=0; opts[i].short_opt; i++ ) - if ( opts[i].long_opt && !strcmp (opts[i].long_opt, s+1)) - { - dash_kludge = 1; - break; - } - } - } - s += arg->internal.inarg; - - if (!dash_kludge ) - { - for (i=0; opts[i].short_opt; i++ ) - if ( opts[i].short_opt == *s ) - break; - } - - if ( !opts[i].short_opt && ( *s == 'h' || *s == '?' ) ) - show_help (opts, arg->flags); - - arg->r_opt = opts[i].short_opt; - if (!opts[i].short_opt ) - { - arg->r_opt = (opts[i].flags & ARGPARSE_OPT_COMMAND)? - ARGPARSE_INVALID_COMMAND:ARGPARSE_INVALID_OPTION; - arg->internal.inarg++; /* Point to the next arg. */ - arg->r.ret_str = s; - } - else if ( (opts[i].flags & ARGPARSE_TYPE_MASK) ) - { - if ( s[1] && !dash_kludge ) - { - s2 = s+1; - set_opt_arg (arg, opts[i].flags, s2); - } - else - { - s2 = argv[1]; - if ( !s2 && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) ) - { - arg->r_type = ARGPARSE_TYPE_NONE; - } - else if ( !s2 ) - { - arg->r_opt = ARGPARSE_MISSING_ARG; - } - else if ( *s2 == '-' && s2[1] - && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) ) - { - /* The argument is optional and the next seems to - be an option. We do not check this possible - option but assume no argument. */ - arg->r_type = ARGPARSE_TYPE_NONE; - } - else - { - set_opt_arg (arg, opts[i].flags, s2); - argc--; argv++; idx++; /* Skip one. */ - } - } - s = "x"; /* This is so that !s[1] yields false. */ - } - else - { - /* Does not take an argument. */ - arg->r_type = ARGPARSE_TYPE_NONE; - arg->internal.inarg++; /* Point to the next arg. */ - } - if ( !s[1] || dash_kludge ) - { - /* No more concatenated short options. */ - arg->internal.inarg = 0; - argc--; argv++; idx++; - } - } - else if ( arg->flags & ARGPARSE_FLAG_MIXED ) - { - arg->r_opt = ARGPARSE_IS_ARG; - arg->r_type = 2; - arg->r.ret_str = s; - argc--; argv++; idx++; /* Set to next one. */ - } - else - { - arg->internal.stopped = 1; /* Stop option processing. */ - goto next_one; - } - - leave: - *arg->argc = argc; - *arg->argv = argv; - arg->internal.idx = idx; - return arg->r_opt; -} - - -/* Returns: -1 on error, 0 for an integer type and 1 for a non integer - type argument. */ -static int -set_opt_arg (ARGPARSE_ARGS *arg, unsigned flags, char *s) -{ - int base = (flags & ARGPARSE_OPT_PREFIX)? 0 : 10; - long l; - - switch ( (arg->r_type = (flags & ARGPARSE_TYPE_MASK)) ) - { - case ARGPARSE_TYPE_LONG: - case ARGPARSE_TYPE_INT: - errno = 0; - l = strtol (s, NULL, base); - if ((l == LONG_MIN || l == LONG_MAX) && errno == ERANGE) - { - arg->r_opt = ARGPARSE_INVALID_ARG; - return -1; - } - if (arg->r_type == ARGPARSE_TYPE_LONG) - arg->r.ret_long = l; - else if ( (l < 0 && l < INT_MIN) || l > INT_MAX ) - { - arg->r_opt = ARGPARSE_INVALID_ARG; - return -1; - } - else - arg->r.ret_int = (int)l; - return 0; - - case ARGPARSE_TYPE_ULONG: - while (isascii (*s) && isspace(*s)) - s++; - if (*s == '-') - { - arg->r.ret_ulong = 0; - arg->r_opt = ARGPARSE_INVALID_ARG; - return -1; - } - errno = 0; - arg->r.ret_ulong = strtoul (s, NULL, base); - if (arg->r.ret_ulong == ULONG_MAX && errno == ERANGE) - { - arg->r_opt = ARGPARSE_INVALID_ARG; - return -1; - } - return 0; - - case ARGPARSE_TYPE_STRING: - default: - arg->r.ret_str = s; - return 1; - } -} - - -static size_t -long_opt_strlen( ARGPARSE_OPTS *o ) -{ - size_t n = strlen (o->long_opt); - - if ( o->description && *o->description == '|' ) - { - const char *s; - int is_utf8 = is_native_utf8 (); - - s=o->description+1; - if ( *s != '=' ) - n++; - /* For a (mostly) correct length calculation we exclude - continuation bytes (10xxxxxx) if we are on a native utf8 - terminal. */ - for (; *s && *s != '|'; s++ ) - if ( is_utf8 && (*s&0xc0) != 0x80 ) - n++; - } - return n; -} - - -/**************** - * Print formatted help. The description string has some special - * meanings: - * - A description string which is "@" suppresses help output for - * this option - * - a description,ine which starts with a '@' and is followed by - * any other characters is printed as is; this may be used for examples - * ans such. - * - A description which starts with a '|' outputs the string between this - * bar and the next one as arguments of the long option. - */ -static void -show_help (ARGPARSE_OPTS *opts, unsigned int flags) -{ - const char *s; - char tmp[2]; - - show_version (); - writestrings (0, "\n", NULL); - s = strusage (42); - if (s && *s == '1') - { - s = strusage (40); - writestrings (1, s, NULL); - if (*s && s[strlen(s)] != '\n') - writestrings (1, "\n", NULL); - } - s = strusage(41); - writestrings (0, s, "\n", NULL); - if ( opts[0].description ) - { - /* Auto format the option description. */ - int i,j, indent; - - /* Get max. length of long options. */ - for (i=indent=0; opts[i].short_opt; i++ ) - { - if ( opts[i].long_opt ) - if ( !opts[i].description || *opts[i].description != '@' ) - if ( (j=long_opt_strlen(opts+i)) > indent && j < 35 ) - indent = j; - } - - /* Example: " -v, --verbose Viele Sachen ausgeben" */ - indent += 10; - if ( *opts[0].description != '@' ) - writestrings (0, "Options:", "\n", NULL); - for (i=0; opts[i].short_opt; i++ ) - { - s = map_static_macro_string (_( opts[i].description )); - if ( s && *s== '@' && !s[1] ) /* Hide this line. */ - continue; - if ( s && *s == '@' ) /* Unindented comment only line. */ - { - for (s++; *s; s++ ) - { - if ( *s == '\n' ) - { - if( s[1] ) - writestrings (0, "\n", NULL); - } - else - { - tmp[0] = *s; - tmp[1] = 0; - writestrings (0, tmp, NULL); - } - } - writestrings (0, "\n", NULL); - continue; - } - - j = 3; - if ( opts[i].short_opt < 256 ) - { - tmp[0] = opts[i].short_opt; - tmp[1] = 0; - writestrings (0, " -", tmp, NULL ); - if ( !opts[i].long_opt ) - { - if (s && *s == '|' ) - { - writestrings (0, " ", NULL); j++; - for (s++ ; *s && *s != '|'; s++, j++ ) - { - tmp[0] = *s; - tmp[1] = 0; - writestrings (0, tmp, NULL); - } - if ( *s ) - s++; - } - } - } - else - writestrings (0, " ", NULL); - if ( opts[i].long_opt ) - { - tmp[0] = opts[i].short_opt < 256?',':' '; - tmp[1] = 0; - j += writestrings (0, tmp, " --", opts[i].long_opt, NULL); - if (s && *s == '|' ) - { - if ( *++s != '=' ) - { - writestrings (0, " ", NULL); - j++; - } - for ( ; *s && *s != '|'; s++, j++ ) - { - tmp[0] = *s; - tmp[1] = 0; - writestrings (0, tmp, NULL); - } - if ( *s ) - s++; - } - writestrings (0, " ", NULL); - j += 3; - } - for (;j < indent; j++ ) - writestrings (0, " ", NULL); - if ( s ) - { - if ( *s && j > indent ) - { - writestrings (0, "\n", NULL); - for (j=0;j < indent; j++ ) - writestrings (0, " ", NULL); - } - for (; *s; s++ ) - { - if ( *s == '\n' ) - { - if ( s[1] ) - { - writestrings (0, "\n", NULL); - for (j=0; j < indent; j++ ) - writestrings (0, " ", NULL); - } - } - else - { - tmp[0] = *s; - tmp[1] = 0; - writestrings (0, tmp, NULL); - } - } - } - writestrings (0, "\n", NULL); - } - if ( (flags & ARGPARSE_FLAG_ONEDASH) ) - writestrings (0, "\n(A single dash may be used " - "instead of the double ones)\n", NULL); - } - if ( (s=strusage(19)) ) - { - writestrings (0, "\n", NULL); - writestrings (0, s, NULL); - } - flushstrings (0); - exit(0); -} - -static void -show_version () -{ - const char *s; - int i; - - /* Version line. */ - writestrings (0, strusage (11), NULL); - if ((s=strusage (12))) - writestrings (0, " (", s, ")", NULL); - writestrings (0, " ", strusage (13), "\n", NULL); - /* Additional version lines. */ - for (i=20; i < 30; i++) - if ((s=strusage (i))) - writestrings (0, s, "\n", NULL); - /* Copyright string. */ - if ((s=strusage (14))) - writestrings (0, s, "\n", NULL); - /* Licence string. */ - if( (s=strusage (10)) ) - writestrings (0, s, "\n", NULL); - /* Copying conditions. */ - if ( (s=strusage(15)) ) - writestrings (0, s, NULL); - /* Thanks. */ - if ((s=strusage(18))) - writestrings (0, s, NULL); - /* Additional program info. */ - for (i=30; i < 40; i++ ) - if ( (s=strusage (i)) ) - writestrings (0, s, NULL); - flushstrings (0); -} - - -void -usage (int level) -{ - const char *p; - - if (!level) - { - writestrings (1, strusage(11), " ", strusage(13), "; ", - strusage (14), "\n", NULL); - flushstrings (1); - } - else if (level == 1) - { - p = strusage (40); - writestrings (1, p, NULL); - if (*p && p[strlen(p)] != '\n') - writestrings (1, "\n", NULL); - exit (2); - } - else if (level == 2) - { - p = strusage (42); - if (p && *p == '1') - { - p = strusage (40); - writestrings (1, p, NULL); - if (*p && p[strlen(p)] != '\n') - writestrings (1, "\n", NULL); - } - writestrings (0, strusage(41), "\n", NULL); - exit (0); - } -} - -/* Level - * 0: Print copyright string to stderr - * 1: Print a short usage hint to stderr and terminate - * 2: Print a long usage hint to stdout and terminate - * 10: Return license info string - * 11: Return the name of the program - * 12: Return optional name of package which includes this program. - * 13: version string - * 14: copyright string - * 15: Short copying conditions (with LFs) - * 16: Long copying conditions (with LFs) - * 17: Optional printable OS name - * 18: Optional thanks list (with LFs) - * 19: Bug report info - *20..29: Additional lib version strings. - *30..39: Additional program info (with LFs) - * 40: short usage note (with LF) - * 41: long usage note (with LF) - * 42: Flag string: - * First char is '1': - * The short usage notes needs to be printed - * before the long usage note. - */ -const char * -strusage( int level ) -{ - const char *p = strusage_handler? strusage_handler(level) : NULL; - - if ( p ) - return map_static_macro_string (p); - - switch ( level ) - { - - case 10: -#if ARGPARSE_GPL_VERSION == 3 - p = ("License GPLv3+: GNU GPL version 3 or later " - ""); -#else - p = ("License GPLv2+: GNU GPL version 2 or later " - ""); -#endif - break; - case 11: p = "foo"; break; - case 13: p = "0.0"; break; - case 14: p = ARGPARSE_CRIGHT_STR; break; - case 15: p = -"This is free software: you are free to change and redistribute it.\n" -"There is NO WARRANTY, to the extent permitted by law.\n"; - break; - case 16: p = -"This is free software; you can redistribute it and/or modify\n" -"it under the terms of the GNU General Public License as published by\n" -"the Free Software Foundation; either version " -ARGPARSE_STR2(ARGPARSE_GPL_VERSION) -" of the License, or\n" -"(at your option) any later version.\n\n" -"It is distributed in the hope that it will be useful,\n" -"but WITHOUT ANY WARRANTY; without even the implied warranty of\n" -"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n" -"GNU General Public License for more details.\n\n" -"You should have received a copy of the GNU General Public License\n" -"along with this software. If not, see .\n"; - break; - case 40: /* short and long usage */ - case 41: p = ""; break; - } - - return p; -} - - -/* Set the usage handler. This function is basically a constructor. */ -void -set_strusage ( const char *(*f)( int ) ) -{ - strusage_handler = f; -} - - -#ifdef TEST -static struct { - int verbose; - int debug; - char *outfile; - char *crf; - int myopt; - int echo; - int a_long_one; -} opt; - -int -main(int argc, char **argv) -{ - ARGPARSE_OPTS opts[] = { - ARGPARSE_x('v', "verbose", NONE, 0, "Laut sein"), - ARGPARSE_s_n('e', "echo" , ("Zeile ausgeben, damit wir sehen, " - "was wir eingegeben haben")), - ARGPARSE_s_n('d', "debug", "Debug\nfalls mal etwas\nschief geht"), - ARGPARSE_s_s('o', "output", 0 ), - ARGPARSE_o_s('c', "cross-ref", "cross-reference erzeugen\n" ), - /* Note that on a non-utf8 terminal the ß might garble the output. */ - ARGPARSE_s_n('s', "street","|Straße|set the name of the street to Straße"), - ARGPARSE_o_i('m', "my-option", 0), - ARGPARSE_s_n(500, "a-long-option", 0 ), - ARGPARSE_end() - }; - ARGPARSE_ARGS pargs = { &argc, &argv, (ARGPARSE_FLAG_ALL - | ARGPARSE_FLAG_MIXED - | ARGPARSE_FLAG_ONEDASH) }; - int i; - - while (arg_parse (&pargs, opts)) - { - switch (pargs.r_opt) - { - case ARGPARSE_IS_ARG : - printf ("arg='%s'\n", pargs.r.ret_str); - break; - case 'v': opt.verbose++; break; - case 'e': opt.echo++; break; - case 'd': opt.debug++; break; - case 'o': opt.outfile = pargs.r.ret_str; break; - case 'c': opt.crf = pargs.r_type? pargs.r.ret_str:"a.crf"; break; - case 'm': opt.myopt = pargs.r_type? pargs.r.ret_int : 1; break; - case 500: opt.a_long_one++; break; - default : pargs.err = ARGPARSE_PRINT_WARNING; break; - } - } - for (i=0; i < argc; i++ ) - printf ("%3d -> (%s)\n", i, argv[i] ); - puts ("Options:"); - if (opt.verbose) - printf (" verbose=%d\n", opt.verbose ); - if (opt.debug) - printf (" debug=%d\n", opt.debug ); - if (opt.outfile) - printf (" outfile='%s'\n", opt.outfile ); - if (opt.crf) - printf (" crffile='%s'\n", opt.crf ); - if (opt.myopt) - printf (" myopt=%d\n", opt.myopt ); - if (opt.a_long_one) - printf (" a-long-one=%d\n", opt.a_long_one ); - if (opt.echo) - printf (" echo=%d\n", opt.echo ); - - return 0; -} -#endif /*TEST*/ - -/**** bottom of file ****/ diff -Nru gnupg2-2.1.6/common/argparse.h gnupg2-2.0.28/common/argparse.h --- gnupg2-2.1.6/common/argparse.h 2015-06-17 10:54:56.000000000 +0000 +++ gnupg2-2.0.28/common/argparse.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,203 +0,0 @@ -/* argparse.h - Argument parser for option handling. - * Copyright (C) 1998,1999,2000,2001,2006 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify it - * under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. - * - * GnuPG is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copies of the GNU General Public License - * and the GNU Lesser General Public License along with this program; - * if not, see . - */ - -#ifndef GNUPG_COMMON_ARGPARSE_H -#define GNUPG_COMMON_ARGPARSE_H - -#include - -typedef struct -{ - int *argc; /* Pointer to ARGC (value subject to change). */ - char ***argv; /* Pointer to ARGV (value subject to change). */ - unsigned int flags; /* Global flags. May be set prior to calling the - parser. The parser may change the value. */ - int err; /* Print error description for last option. - Either 0, ARGPARSE_PRINT_WARNING or - ARGPARSE_PRINT_ERROR. */ - - int r_opt; /* Returns option code. */ - int r_type; /* Returns type of option value. */ - union { - int ret_int; - long ret_long; - unsigned long ret_ulong; - char *ret_str; - } r; /* Return values */ - - struct { - int idx; - int inarg; - int stopped; - const char *last; - void *aliases; - const void *cur_alias; - void *iio_list; - } internal; /* Private - do not change. */ -} ARGPARSE_ARGS; - -typedef struct -{ - int short_opt; - const char *long_opt; - unsigned int flags; - const char *description; /* Optional option description. */ -} ARGPARSE_OPTS; - - -/* Global flags (ARGPARSE_ARGS). */ -#define ARGPARSE_FLAG_KEEP 1 /* Do not remove options form argv. */ -#define ARGPARSE_FLAG_ALL 2 /* Do not stop at last option but return - remaining args with R_OPT set to -1. */ -#define ARGPARSE_FLAG_MIXED 4 /* Assume options and args are mixed. */ -#define ARGPARSE_FLAG_NOSTOP 8 /* Do not stop processing at "--". */ -#define ARGPARSE_FLAG_ARG0 16 /* Do not skip the first arg. */ -#define ARGPARSE_FLAG_ONEDASH 32 /* Allow long options with one dash. */ -#define ARGPARSE_FLAG_NOVERSION 64 /* No output for "--version". */ - -#define ARGPARSE_FLAG_STOP_SEEN 256 /* Set to true if a "--" has been seen. */ - -/* Flags for each option (ARGPARSE_OPTS). The type code may be - ORed with the OPT flags. */ -#define ARGPARSE_TYPE_NONE 0 /* Does not take an argument. */ -#define ARGPARSE_TYPE_INT 1 /* Takes an int argument. */ -#define ARGPARSE_TYPE_STRING 2 /* Takes a string argument. */ -#define ARGPARSE_TYPE_LONG 3 /* Takes a long argument. */ -#define ARGPARSE_TYPE_ULONG 4 /* Takes an unsigned long argument. */ -#define ARGPARSE_OPT_OPTIONAL (1<<3) /* Argument is optional. */ -#define ARGPARSE_OPT_PREFIX (1<<4) /* Allow 0x etc. prefixed values. */ -#define ARGPARSE_OPT_IGNORE (1<<6) /* Ignore command or option. */ -#define ARGPARSE_OPT_COMMAND (1<<7) /* The argument is a command. */ - -#define ARGPARSE_TYPE_MASK 7 /* Mask for the type values (internal). */ - -/* A set of macros to make option definitions easier to read. */ -#define ARGPARSE_x(s,l,t,f,d) \ - { (s), (l), ARGPARSE_TYPE_ ## t | (f), (d) } - -#define ARGPARSE_s(s,l,t,d) \ - { (s), (l), ARGPARSE_TYPE_ ## t, (d) } -#define ARGPARSE_s_n(s,l,d) \ - { (s), (l), ARGPARSE_TYPE_NONE, (d) } -#define ARGPARSE_s_i(s,l,d) \ - { (s), (l), ARGPARSE_TYPE_INT, (d) } -#define ARGPARSE_s_s(s,l,d) \ - { (s), (l), ARGPARSE_TYPE_STRING, (d) } -#define ARGPARSE_s_l(s,l,d) \ - { (s), (l), ARGPARSE_TYPE_LONG, (d) } -#define ARGPARSE_s_u(s,l,d) \ - { (s), (l), ARGPARSE_TYPE_ULONG, (d) } - -#define ARGPARSE_o(s,l,t,d) \ - { (s), (l), (ARGPARSE_TYPE_ ## t | ARGPARSE_OPT_OPTIONAL), (d) } -#define ARGPARSE_o_n(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_NONE | ARGPARSE_OPT_OPTIONAL), (d) } -#define ARGPARSE_o_i(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_INT | ARGPARSE_OPT_OPTIONAL), (d) } -#define ARGPARSE_o_s(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_STRING | ARGPARSE_OPT_OPTIONAL), (d) } -#define ARGPARSE_o_l(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_LONG | ARGPARSE_OPT_OPTIONAL), (d) } -#define ARGPARSE_o_u(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_ULONG | ARGPARSE_OPT_OPTIONAL), (d) } - -#define ARGPARSE_p(s,l,t,d) \ - { (s), (l), (ARGPARSE_TYPE_ ## t | ARGPARSE_OPT_PREFIX), (d) } -#define ARGPARSE_p_n(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_NONE | ARGPARSE_OPT_PREFIX), (d) } -#define ARGPARSE_p_i(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_INT | ARGPARSE_OPT_PREFIX), (d) } -#define ARGPARSE_p_s(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_STRING | ARGPARSE_OPT_PREFIX), (d) } -#define ARGPARSE_p_l(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_LONG | ARGPARSE_OPT_PREFIX), (d) } -#define ARGPARSE_p_u(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_ULONG | ARGPARSE_OPT_PREFIX), (d) } - -#define ARGPARSE_op(s,l,t,d) \ - { (s), (l), (ARGPARSE_TYPE_ ## t \ - | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) } -#define ARGPARSE_op_n(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_NONE \ - | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) } -#define ARGPARSE_op_i(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_INT \ - | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) } -#define ARGPARSE_op_s(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_STRING \ - | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) } -#define ARGPARSE_op_l(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_LONG \ - | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) } -#define ARGPARSE_op_u(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_ULONG \ - | ARGPARSE_OPT_OPTIONAL | ARGPARSE_OPT_PREFIX), (d) } - -#define ARGPARSE_c(s,l,d) \ - { (s), (l), (ARGPARSE_TYPE_NONE | ARGPARSE_OPT_COMMAND), (d) } - -#define ARGPARSE_ignore(s,l) \ - { (s), (l), (ARGPARSE_OPT_IGNORE), "@" } - -#define ARGPARSE_group(s,d) \ - { (s), NULL, 0, (d) } - -#define ARGPARSE_end() { 0, NULL, 0, NULL } - - -/* Other constants. */ -#define ARGPARSE_PRINT_WARNING 1 -#define ARGPARSE_PRINT_ERROR 2 - - -/* Error values. */ -#define ARGPARSE_IS_ARG (-1) -#define ARGPARSE_INVALID_OPTION (-2) -#define ARGPARSE_MISSING_ARG (-3) -#define ARGPARSE_KEYWORD_TOO_LONG (-4) -#define ARGPARSE_READ_ERROR (-5) -#define ARGPARSE_UNEXPECTED_ARG (-6) -#define ARGPARSE_INVALID_COMMAND (-7) -#define ARGPARSE_AMBIGUOUS_OPTION (-8) -#define ARGPARSE_AMBIGUOUS_COMMAND (-9) -#define ARGPARSE_INVALID_ALIAS (-10) -#define ARGPARSE_OUT_OF_CORE (-11) -#define ARGPARSE_INVALID_ARG (-12) - - -int arg_parse (ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts); -int optfile_parse (FILE *fp, const char *filename, unsigned *lineno, - ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts); -void usage (int level); -const char *strusage (int level); -void set_strusage (const char *(*f)( int )); -void argparse_register_outfnc (int (*fnc)(int, const char *)); - -#endif /*GNUPG_COMMON_ARGPARSE_H*/ diff -Nru gnupg2-2.1.6/common/asshelp2.c gnupg2-2.0.28/common/asshelp2.c --- gnupg2-2.1.6/common/asshelp2.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/common/asshelp2.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ -/* asshelp2.c - More helper functions for Assuan - * Copyright (C) 2012 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * This file is free software; you can redistribute it and/or modify - * it under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include -#include -#include -#include -#include -#include - -#include "util.h" -#include "asshelp.h" - -/* Helper function to print an assuan status line using a printf - format string. */ -gpg_error_t -vprint_assuan_status (assuan_context_t ctx, - const char *keyword, - const char *format, va_list arg_ptr) -{ - int rc; - char *buf; - - rc = gpgrt_vasprintf (&buf, format, arg_ptr); - if (rc < 0) - return gpg_err_make (default_errsource, gpg_err_code_from_syserror ()); - rc = assuan_write_status (ctx, keyword, buf); - xfree (buf); - return rc; -} - - -/* Helper function to print an assuan status line using a printf - format string. */ -gpg_error_t -print_assuan_status (assuan_context_t ctx, - const char *keyword, - const char *format, ...) -{ - va_list arg_ptr; - gpg_error_t err; - - va_start (arg_ptr, format); - err = vprint_assuan_status (ctx, keyword, format, arg_ptr); - va_end (arg_ptr); - return err; -} diff -Nru gnupg2-2.1.6/common/asshelp.c gnupg2-2.0.28/common/asshelp.c --- gnupg2-2.1.6/common/asshelp.c 2015-07-01 08:11:37.000000000 +0000 +++ gnupg2-2.0.28/common/asshelp.c 2015-06-02 08:13:55.000000000 +0000 @@ -3,22 +3,12 @@ * * This file is part of GnuPG. * - * This file is free software; you can redistribute it and/or modify - * it under the terms of either + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. - * - * This file is distributed in the hope that it will be useful, + * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -37,89 +27,21 @@ #include #endif +#define JNLIB_NEED_LOG_LOGV #include "i18n.h" #include "util.h" #include "exechelp.h" #include "sysutils.h" -#include "status.h" +#include "status.h" #include "asshelp.h" /* The type we use for lock_agent_spawning. */ #ifdef HAVE_W32_SYSTEM -# define lock_spawn_t HANDLE +# define lock_agent_t HANDLE #else -# define lock_spawn_t dotlock_t +# define lock_agent_t DOTLOCK #endif -/* The time we wait until the agent or the dirmngr are ready for - operation after we started them before giving up. */ -#ifdef HAVE_W32CE_SYSTEM -# define SECS_TO_WAIT_FOR_AGENT 30 -# define SECS_TO_WAIT_FOR_DIRMNGR 30 -#else -# define SECS_TO_WAIT_FOR_AGENT 5 -# define SECS_TO_WAIT_FOR_DIRMNGR 5 -#endif - -/* A bitfield that specifies the assuan categories to log. This is - identical to the default log handler of libassuan. We need to do - it ourselves because we use a custom log handler and want to use - the same assuan variables to select the categories to log. */ -static int log_cats; -#define TEST_LOG_CAT(x) (!! (log_cats & (1 << (x - 1)))) - - -static int -my_libassuan_log_handler (assuan_context_t ctx, void *hook, - unsigned int cat, const char *msg) -{ - unsigned int dbgval; - - (void)ctx; - - if (! TEST_LOG_CAT (cat)) - return 0; - - dbgval = hook? *(unsigned int*)hook : 0; - if (!(dbgval & 1024)) - return 0; /* Assuan debugging is not enabled. */ - - if (msg) - log_string (GPGRT_LOG_DEBUG, msg); - - return 1; -} - - -/* Setup libassuan to use our own logging functions. Should be used - early at startup. */ -void -setup_libassuan_logging (unsigned int *debug_var_address) -{ - char *flagstr; - - flagstr = getenv ("ASSUAN_DEBUG"); - if (flagstr) - log_cats = atoi (flagstr); - else /* Default to log the control channel. */ - log_cats = (1 << (ASSUAN_LOG_CONTROL - 1)); - assuan_set_log_cb (my_libassuan_log_handler, debug_var_address); -} - -/* Change the Libassuan log categories to those given by NEWCATS. - NEWCATS is 0 the default category of ASSUAN_LOG_CONTROL is - selected. Note, that setup_libassuan_logging overrides the values - given here. */ -void -set_libassuan_log_cats (unsigned int newcats) -{ - if (newcats) - log_cats = newcats; - else /* Default to log the control channel. */ - log_cats = (1 << (ASSUAN_LOG_CONTROL - 1)); -} - - static gpg_error_t send_one_option (assuan_context_t ctx, gpg_err_source_t errsource, @@ -132,7 +54,7 @@ if (!value || !*value) err = 0; /* Avoid sending empty strings. */ - else if (asprintf (&optstr, "OPTION %s%s=%s", + else if (asprintf (&optstr, "OPTION %s%s=%s", use_putenv? "putenv=":"", name, value) < 0) err = gpg_error_from_syserror (); else @@ -158,7 +80,7 @@ { gpg_error_t err = 0; #if defined(HAVE_SETLOCALE) - char *old_lc = NULL; + char *old_lc = NULL; #endif char *dft_lc = NULL; const char *dft_ttyname; @@ -166,7 +88,7 @@ const char *name, *assname, *value; int is_default; - iterator = 0; + iterator = 0; while ((name = session_env_list_stdenvnames (&iterator, &assname))) { value = session_env_getenv_or_default (session_env, name, NULL); @@ -186,7 +108,7 @@ } - dft_ttyname = session_env_getenv_or_default (session_env, "GPG_TTY", + dft_ttyname = session_env_getenv_or_default (session_env, "GPG_TTY", &is_default); if (dft_ttyname && !is_default) dft_ttyname = NULL; /* We need the default value. */ @@ -204,7 +126,7 @@ #endif if (opt_lc_ctype || (dft_ttyname && dft_lc)) { - err = send_one_option (ctx, errsource, "lc-ctype", + err = send_one_option (ctx, errsource, "lc-ctype", opt_lc_ctype ? opt_lc_ctype : dft_lc, 0); } #if defined(HAVE_SETLOCALE) && defined(LC_CTYPE) @@ -230,7 +152,7 @@ #endif if (opt_lc_messages || (dft_ttyname && dft_lc)) { - err = send_one_option (ctx, errsource, "lc-messages", + err = send_one_option (ctx, errsource, "lc-messages", opt_lc_messages ? opt_lc_messages : dft_lc, 0); } #if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES) @@ -247,76 +169,51 @@ } -/* Lock a spawning process. The caller needs to provide the address - of a variable to store the lock information and the name or the - process. */ +/* Lock the agent spawning process. The caller needs to provide the + address of a variable to store the lock information. */ static gpg_error_t -lock_spawning (lock_spawn_t *lock, const char *homedir, const char *name, - int verbose) +lock_agent_spawning (lock_agent_t *lock, const char *homedir) { #ifdef HAVE_W32_SYSTEM int waitrc; - int timeout = (!strcmp (name, "agent") - ? SECS_TO_WAIT_FOR_AGENT - : SECS_TO_WAIT_FOR_DIRMNGR); (void)homedir; /* Not required. */ - *lock = CreateMutexW - (NULL, FALSE, - !strcmp (name, "agent")? L"spawn_"GNUPG_NAME"_agent_sentinel": - !strcmp (name, "dirmngr")? L"spawn_"GNUPG_NAME"_dirmngr_sentinel": - /* */ L"spawn_"GNUPG_NAME"_unknown_sentinel"); + *lock = CreateMutex (NULL, FALSE, "GnuPG_spawn_agent_sentinel"); if (!*lock) { - log_error ("failed to create the spawn_%s mutex: %s\n", - name, w32_strerror (-1)); + log_error ("failed to create the spawn_agent mutex: %s\n", + w32_strerror (-1)); return gpg_error (GPG_ERR_GENERAL); } - retry: - waitrc = WaitForSingleObject (*lock, 1000); + waitrc = WaitForSingleObject (*lock, 5000); if (waitrc == WAIT_OBJECT_0) return 0; - if (waitrc == WAIT_TIMEOUT && timeout) - { - timeout--; - if (verbose) - log_info ("another process is trying to start the %s ... (%ds)\n", - name, timeout); - goto retry; - } if (waitrc == WAIT_TIMEOUT) - log_info ("error waiting for the spawn_%s mutex: timeout\n", name); + log_info ("error waiting for the spawn_agent mutex: timeout\n"); else - log_info ("error waiting for the spawn_%s mutex: (code=%d) %s\n", - name, waitrc, w32_strerror (-1)); + log_info ("error waiting for the spawn_agent mutex: " + "(code=%d) %s\n", waitrc, w32_strerror (-1)); return gpg_error (GPG_ERR_GENERAL); #else /*!HAVE_W32_SYSTEM*/ char *fname; - (void)verbose; - *lock = NULL; - fname = make_absfilename_try - (homedir, - !strcmp (name, "agent")? "gnupg_spawn_agent_sentinel": - !strcmp (name, "dirmngr")? "gnupg_spawn_dirmngr_sentinel": - /* */ "gnupg_spawn_unknown_sentinel", - NULL); + fname = make_filename (homedir, "gnupg_spawn_agent_sentinel", NULL); if (!fname) return gpg_error_from_syserror (); - *lock = dotlock_create (fname, 0); + *lock = create_dotlock (fname); xfree (fname); if (!*lock) return gpg_error_from_syserror (); /* FIXME: We should use a timeout of 5000 here - however make_dotlock does not yet support values other than -1 and 0. */ - if (dotlock_take (*lock, -1)) + if (make_dotlock (*lock, -1)) return gpg_error_from_syserror (); return 0; @@ -326,27 +223,26 @@ /* Unlock the spawning process. */ static void -unlock_spawning (lock_spawn_t *lock, const char *name) +unlock_agent_spawning (lock_agent_t *lock) { if (*lock) { #ifdef HAVE_W32_SYSTEM if (!ReleaseMutex (*lock)) - log_error ("failed to release the spawn_%s mutex: %s\n", - name, w32_strerror (-1)); + log_error ("failed to release the spawn_agent mutex: %s\n", + w32_strerror (-1)); CloseHandle (*lock); #else /*!HAVE_W32_SYSTEM*/ - (void)name; - dotlock_destroy (*lock); + destroy_dotlock (*lock); #endif /*!HAVE_W32_SYSTEM*/ *lock = NULL; } } -/* Try to connect to the agent via socket or start it if it is not - running and AUTOSTART is set. Handle the server's initial - greeting. Returns a new assuan context at R_CTX or an error - code. */ + +/* Try to connect to the agent via socket or fork it off and work by + pipes. Handle the server's initial greeting. Returns a new assuan + context at R_CTX or an error code. */ gpg_error_t start_new_gpg_agent (assuan_context_t *r_ctx, gpg_err_source_t errsource, @@ -355,15 +251,17 @@ const char *opt_lc_ctype, const char *opt_lc_messages, session_env_t session_env, - int autostart, int verbose, int debug, + int verbose, int debug, gpg_error_t (*status_cb)(ctrl_t, int, ...), ctrl_t status_cb_arg) { - gpg_error_t err; + /* If we ever failed to connect via a socket we will force the use + of the pipe based server for the lifetime of the process. */ + static int force_pipe_server = 0; + + gpg_error_t err = 0; + char *infostr, *p; assuan_context_t ctx; - int did_success_msg = 0; - char *sockname; - const char *argv[6]; *r_ctx = NULL; @@ -374,328 +272,186 @@ return err; } - sockname = make_absfilename (homedir, GPG_AGENT_SOCK_NAME, NULL); - err = assuan_socket_connect (ctx, sockname, 0, 0); - if (err && autostart) - { - char *abs_homedir; - lock_spawn_t lock; - char *program = NULL; - const char *program_arg = NULL; - char *p; - const char *s; - int i; - - /* With no success start a new server. */ - if (!agent_program || !*agent_program) - agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT); - else if ((s=strchr (agent_program, '|')) && s[1] == '-' && s[2]=='-') + restart: + infostr = force_pipe_server? NULL : getenv ("GPG_AGENT_INFO"); + if (!infostr || !*infostr) + { + char *sockname; + const char *argv[3]; + pid_t pid; + int excode; + + /* First check whether we can connect at the standard + socket. */ + sockname = make_filename (homedir, "S.gpg-agent", NULL); + err = assuan_socket_connect (ctx, sockname, 0, 0); + + if (err) { - /* Hack to insert an additional option on the command line. */ - program = xtrystrdup (agent_program); - if (!program) + /* With no success start a new server. */ + if (verbose) + log_info (_("no running gpg-agent - starting one\n")); + + if (status_cb) + status_cb (status_cb_arg, STATUS_PROGRESS, + "starting_agent ? 0 0", NULL); + + if (fflush (NULL)) { - gpg_error_t tmperr = gpg_err_make (errsource, - gpg_err_code_from_syserror ()); + gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno)); + log_error ("error flushing pending output: %s\n", + strerror (errno)); xfree (sockname); - assuan_release (ctx); + assuan_release (ctx); return tmperr; } - p = strchr (program, '|'); - *p++ = 0; - program_arg = p; - } - - if (verbose) - log_info (_("no running gpg-agent - starting '%s'\n"), - agent_program); - - if (status_cb) - status_cb (status_cb_arg, STATUS_PROGRESS, - "starting_agent ? 0 0", NULL); - - /* We better pass an absolute home directory to the agent just - in case gpg-agent does not convert the passed name to an - absolute one (which it should do). */ - abs_homedir = make_absfilename_try (homedir, NULL); - if (!abs_homedir) - { - gpg_error_t tmperr = gpg_err_make (errsource, - gpg_err_code_from_syserror ()); - log_error ("error building filename: %s\n",gpg_strerror (tmperr)); - xfree (sockname); - assuan_release (ctx); - xfree (program); - return tmperr; - } - - if (fflush (NULL)) - { - gpg_error_t tmperr = gpg_err_make (errsource, - gpg_err_code_from_syserror ()); - log_error ("error flushing pending output: %s\n", - strerror (errno)); - xfree (sockname); - assuan_release (ctx); - xfree (abs_homedir); - xfree (program); - return tmperr; - } - - /* If the agent has been configured for use with a standard - socket, an environment variable is not required and thus - we we can savely start the agent here. */ - i = 0; - argv[i++] = "--homedir"; - argv[i++] = abs_homedir; - argv[i++] = "--use-standard-socket"; - if (program_arg) - argv[i++] = program_arg; - argv[i++] = "--daemon"; - argv[i++] = NULL; - - if (!(err = lock_spawning (&lock, homedir, "agent", verbose)) - && assuan_socket_connect (ctx, sockname, 0, 0)) - { - err = gnupg_spawn_process_detached (program? program : agent_program, - argv, NULL); + + if (!agent_program || !*agent_program) + agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT); + + argv[0] = "--use-standard-socket-p"; + argv[1] = NULL; + err = gnupg_spawn_process_fd (agent_program, argv, -1, -1, -1, &pid); if (err) - log_error ("failed to start agent '%s': %s\n", + log_debug ("starting `%s' for testing failed: %s\n", agent_program, gpg_strerror (err)); - else + else if ((err = gnupg_wait_process (agent_program, pid, &excode))) + { + if (excode == -1) + log_debug ("running `%s' for testing failed: %s\n", + agent_program, gpg_strerror (err)); + } + + if (!err && !excode) { - for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++) + /* If the agent has been configured for use with a + standard socket, an environment variable is not + required and thus we we can savely start the agent + here. */ + lock_agent_t lock; + + argv[0] = "--daemon"; + argv[1] = "--use-standard-socket"; + argv[2] = NULL; + + if (!(err = lock_agent_spawning (&lock, homedir)) + && assuan_socket_connect (ctx, sockname, 0, 0)) { - if (verbose) - log_info (_("waiting for the agent to come up ... (%ds)\n"), - SECS_TO_WAIT_FOR_AGENT - i); - gnupg_sleep (1); - err = assuan_socket_connect (ctx, sockname, 0, 0); - if (!err) + err = gnupg_spawn_process_detached (agent_program, argv,NULL); + if (err) + log_error ("failed to start agent `%s': %s\n", + agent_program, gpg_strerror (err)); + else { + int i; + if (verbose) + log_info (_("waiting %d seconds for the agent " + "to come up\n"), 5); + for (i=0; i < 5; i++) { - log_info (_("connection to agent established\n")); - did_success_msg = 1; + gnupg_sleep (1); + err = assuan_socket_connect (ctx, sockname, 0, 0); + if (!err) + break; } - break; } } - } - } - - unlock_spawning (&lock, "agent"); - xfree (abs_homedir); - xfree (program); - } - xfree (sockname); - if (err) - { - if (autostart || gpg_err_code (err) != GPG_ERR_ASS_CONNECT_FAILED) - log_error ("can't connect to the agent: %s\n", gpg_strerror (err)); - assuan_release (ctx); - return gpg_err_make (errsource, GPG_ERR_NO_AGENT); - } - - if (debug && !did_success_msg) - log_debug (_("connection to agent established\n")); - err = assuan_transact (ctx, "RESET", - NULL, NULL, NULL, NULL, NULL, NULL); - if (!err) - { - err = send_pinentry_environment (ctx, errsource, - opt_lc_ctype, opt_lc_messages, - session_env); - if (gpg_err_code (err) == GPG_ERR_FORBIDDEN - && gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT) - { - /* Check whether we are in restricted mode. */ - if (!assuan_transact (ctx, "GETINFO restricted", - NULL, NULL, NULL, NULL, NULL, NULL)) + unlock_agent_spawning (&lock); + } + else { - if (verbose) - log_info (_("connection to agent is in restricted mode\n")); - err = 0; + /* If using the standard socket is not the default we + start the agent as a pipe server which gives us most + of the required features except for passphrase + caching etc. */ + const char *pgmname; + int no_close_list[3]; + int i; + + if ( !(pgmname = strrchr (agent_program, '/'))) + pgmname = agent_program; + else + pgmname++; + + argv[0] = pgmname; + argv[1] = "--server"; + argv[2] = NULL; + + i=0; + if (log_get_fd () != -1) + no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); + no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); + no_close_list[i] = -1; + + /* Connect to the agent and perform initial handshaking. */ + err = assuan_pipe_connect (ctx, agent_program, argv, + no_close_list, NULL, NULL, 0); } } - } - if (err) - { - assuan_release (ctx); - return err; - } - - *r_ctx = ctx; - return 0; -} - - -/* Try to connect to the dirmngr via a socket. On platforms - supporting it, start it up if needed and if AUTOSTART is true. - Returns a new assuan context at R_CTX or an error code. */ -gpg_error_t -start_new_dirmngr (assuan_context_t *r_ctx, - gpg_err_source_t errsource, - const char *homedir, - const char *dirmngr_program, - int autostart, - int verbose, int debug, - gpg_error_t (*status_cb)(ctrl_t, int, ...), - ctrl_t status_cb_arg) -{ - gpg_error_t err; - assuan_context_t ctx; - const char *sockname; - int did_success_msg = 0; - - *r_ctx = NULL; - - err = assuan_new (&ctx); - if (err) - { - log_error ("error allocating assuan context: %s\n", gpg_strerror (err)); - return err; - } - - sockname = dirmngr_user_socket_name (); - if (sockname) - { - /* First try the local socket name and only if that fails try - the system socket. */ - err = assuan_socket_connect (ctx, sockname, 0, 0); - if (err) - sockname = dirmngr_sys_socket_name (); + xfree (sockname); } else - sockname = dirmngr_sys_socket_name (); - - err = assuan_socket_connect (ctx, sockname, 0, 0); - -#ifdef USE_DIRMNGR_AUTO_START - if (err && autostart) { - lock_spawn_t lock; - const char *argv[4]; - int try_system_daemon = 0; - char *abs_homedir; - - /* No connection: Try start a new Dirmngr. On Windows this will - fail because the Dirmngr is expected to be a system service. - However on WinCE we don't distinguish users and thus we can - start it. */ - - /* We prefer to start it as a user daemon. */ - sockname = dirmngr_user_socket_name (); - if (!sockname) - { - sockname = dirmngr_sys_socket_name (); - try_system_daemon = 1; - } - - if (!dirmngr_program || !*dirmngr_program) - dirmngr_program = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR); - - if (verbose) - log_info (_("no running Dirmngr - starting '%s'\n"), - dirmngr_program); - - if (status_cb) - status_cb (status_cb_arg, STATUS_PROGRESS, - "starting_dirmngr ? 0 0", NULL); + int prot; + int pid; - abs_homedir = make_absfilename (homedir, NULL); - if (!abs_homedir) + infostr = xstrdup (infostr); + if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr) { - gpg_error_t tmperr = gpg_err_make (errsource, - gpg_err_code_from_syserror ()); - log_error ("error building filename: %s\n",gpg_strerror (tmperr)); - assuan_release (ctx); - return tmperr; - } - - if (fflush (NULL)) + log_error (_("malformed GPG_AGENT_INFO environment variable\n")); + xfree (infostr); + force_pipe_server = 1; + goto restart; + } + *p++ = 0; + pid = atoi (p); + while (*p && *p != PATHSEP_C) + p++; + prot = *p? atoi (p+1) : 0; + if (prot != 1) { - gpg_error_t tmperr = gpg_err_make (errsource, - gpg_err_code_from_syserror ()); - log_error ("error flushing pending output: %s\n", - strerror (errno)); - assuan_release (ctx); - return tmperr; + log_error (_("gpg-agent protocol version %d is not supported\n"), + prot); + xfree (infostr); + force_pipe_server = 1; + goto restart; } - argv[0] = "--daemon"; - if (try_system_daemon) - argv[1] = NULL; - else - { /* Try starting as user daemon - dirmngr does this if the - home directory is given on the command line. */ - argv[1] = "--homedir"; - argv[2] = abs_homedir; - argv[3] = NULL; - } - - /* On the use of HOMEDIR for locking: Under Windows HOMEDIR is - not used thus it does not matter. Under Unix we should - TRY_SYSTEM_DAEMON should never be true because - dirmngr_user_socket_name() won't return NULL. */ - - if (!(err = lock_spawning (&lock, homedir, "dirmngr", verbose)) - && assuan_socket_connect (ctx, sockname, 0, 0)) + err = assuan_socket_connect (ctx, infostr, pid, 0); + xfree (infostr); + if (gpg_err_code (err) == GPG_ERR_ASS_CONNECT_FAILED) { - err = gnupg_spawn_process_detached (dirmngr_program, argv, NULL); - if (err) - log_error ("failed to start the dirmngr '%s': %s\n", - dirmngr_program, gpg_strerror (err)); - else - { - int i; - - for (i=0; i < SECS_TO_WAIT_FOR_DIRMNGR; i++) - { - if (verbose) - log_info (_("waiting for the dirmngr " - "to come up ... (%ds)\n"), - SECS_TO_WAIT_FOR_DIRMNGR - i); - gnupg_sleep (1); - err = assuan_socket_connect (ctx, sockname, 0, 0); - if (!err) - { - if (verbose) - { - log_info (_("connection to the dirmngr" - " established\n")); - did_success_msg = 1; - } - break; - } - } - } + log_info (_("can't connect to the agent - trying fall back\n")); + force_pipe_server = 1; + goto restart; } - - unlock_spawning (&lock, "dirmngr"); - xfree (abs_homedir); } -#else - (void)homedir; - (void)dirmngr_program; - (void)verbose; - (void)status_cb; - (void)status_cb_arg; -#endif /*USE_DIRMNGR_AUTO_START*/ if (err) { - if (autostart || gpg_err_code (err) != GPG_ERR_ASS_CONNECT_FAILED) - log_error ("connecting dirmngr at '%s' failed: %s\n", - sockname, gpg_strerror (err)); + log_error ("can't connect to the agent: %s\n", gpg_strerror (err)); assuan_release (ctx); - return gpg_err_make (errsource, GPG_ERR_NO_DIRMNGR); + return gpg_error (GPG_ERR_NO_AGENT); } - if (debug && !did_success_msg) - log_debug (_("connection to the dirmngr established\n")); + if (debug) + log_debug ("connection to agent established\n"); + + err = assuan_transact (ctx, "RESET", + NULL, NULL, NULL, NULL, NULL, NULL); + if (!err) + err = send_pinentry_environment (ctx, errsource, + opt_lc_ctype, opt_lc_messages, + session_env); + if (err) + { + assuan_release (ctx); + return err; + } *r_ctx = ctx; return 0; } + diff -Nru gnupg2-2.1.6/common/asshelp.h gnupg2-2.0.28/common/asshelp.h --- gnupg2-2.1.6/common/asshelp.h 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/common/asshelp.h 2015-06-02 08:13:55.000000000 +0000 @@ -3,22 +3,12 @@ * * This file is part of GnuPG. * - * This file is free software; you can redistribute it and/or modify - * it under the terms of either + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. - * - * This file is distributed in the hope that it will be useful, + * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -35,12 +25,6 @@ #include "session-env.h" -/*-- asshelp.c --*/ - -void setup_libassuan_logging (unsigned int *debug_var_address); -void set_libassuan_log_cats (unsigned int newcats); - - gpg_error_t send_pinentry_environment (assuan_context_t ctx, gpg_err_source_t errsource, @@ -48,7 +32,7 @@ const char *opt_lc_messages, session_env_t session_env); -/* This function is used by the call-agent.c modules to fire up a new +/* This fucntion is used by the call-agent.c modules to fire up a new agent. */ gpg_error_t start_new_gpg_agent (assuan_context_t *r_ctx, @@ -58,34 +42,9 @@ const char *opt_lc_ctype, const char *opt_lc_messages, session_env_t session_env, - int autostart, int verbose, int debug, + int verbose, int debug, gpg_error_t (*status_cb)(ctrl_t, int, ...), ctrl_t status_cb_arg); -/* This function is used to connect to the dirmngr. On some platforms - the function is able starts a dirmngr process if needed. */ -gpg_error_t -start_new_dirmngr (assuan_context_t *r_ctx, - gpg_err_source_t errsource, - const char *homedir, - const char *dirmngr_program, - int autostart, int verbose, int debug, - gpg_error_t (*status_cb)(ctrl_t, int, ...), - ctrl_t status_cb_arg); - - -/*-- asshelp2.c --*/ - -/* Helper function to print an assuan status line using a printf - format string. */ -gpg_error_t print_assuan_status (assuan_context_t ctx, - const char *keyword, - const char *format, - ...) GPGRT_GCC_A_PRINTF(3,4); -gpg_error_t vprint_assuan_status (assuan_context_t ctx, - const char *keyword, - const char *format, - va_list arg_ptr) GPGRT_GCC_A_PRINTF(3,0); - #endif /*GNUPG_COMMON_ASSHELP_H*/ diff -Nru gnupg2-2.1.6/common/audit.c gnupg2-2.0.28/common/audit.c --- gnupg2-2.1.6/common/audit.c 2015-06-17 06:39:24.000000000 +0000 +++ gnupg2-2.0.28/common/audit.c 2015-06-02 08:13:55.000000000 +0000 @@ -57,7 +57,7 @@ { const char *failure; /* If set a description of the internal failure. */ audit_type_t type; - + log_item_t log; /* The table with the log entries. */ size_t logsize; /* The allocated size for LOG. */ size_t logused; /* The used size of LOG. */ @@ -71,17 +71,17 @@ -static void writeout_para (audit_ctx_t ctx, - const char *format, ...) GPGRT_GCC_A_PRINTF(2,3); +static void writeout_para (audit_ctx_t ctx, + const char *format, ...) JNLIB_GCC_A_PRINTF(2,3); static void writeout_li (audit_ctx_t ctx, const char *oktext, - const char *format, ...) GPGRT_GCC_A_PRINTF(3,4); -static void writeout_rem (audit_ctx_t ctx, - const char *format, ...) GPGRT_GCC_A_PRINTF(2,3); + const char *format, ...) JNLIB_GCC_A_PRINTF(3,4); +static void writeout_rem (audit_ctx_t ctx, + const char *format, ...) JNLIB_GCC_A_PRINTF(2,3); /* Add NAME to the list of help tags. NAME needs to be a const string an this function merly stores this pointer. */ -static void +static void add_helptag (audit_ctx_t ctx, const char *name) { helptag_t item; @@ -127,7 +127,7 @@ /* Create a new audit context. In case of an error NULL is returned - and errno set appropriately. */ + and errno set appropriately. */ audit_ctx_t audit_new (void) { @@ -228,7 +228,7 @@ item->cert = NULL; return item; - + } /* Add a new event to the audit log. If CTX is NULL, this function @@ -329,7 +329,7 @@ does nothing. This version also adds the certificate CERT and the result of an operation to the log. */ void -audit_log_cert (audit_ctx_t ctx, audit_event_t event, +audit_log_cert (audit_ctx_t ctx, audit_event_t event, ksba_cert_t cert, gpg_error_t err) { log_item_t item; @@ -348,14 +348,14 @@ item->have_err = 1; if (cert) { - ksba_cert_ref (cert); + ksba_cert_ref (cert); item->cert = cert; } } /* Write TEXT to the outstream. */ -static void +static void writeout (audit_ctx_t ctx, const char *text) { if (ctx->use_html) @@ -376,12 +376,12 @@ /* Write TEXT to the outstream using a variable argument list. */ -static void +static void writeout_v (audit_ctx_t ctx, const char *format, va_list arg_ptr) { char *buf; - gpgrt_vasprintf (&buf, format, arg_ptr); + estream_vasprintf (&buf, format, arg_ptr); if (buf) { writeout (ctx, buf); @@ -440,7 +440,7 @@ } } - + /* Write TEXT as a list element. If OKTEXT is not NULL, append it to the last line. */ static void @@ -451,7 +451,7 @@ if (ctx->use_html && format && oktext) { - if (!strcmp (oktext, "Yes") + if (!strcmp (oktext, "Yes") || !strcmp (oktext, "good") ) color = "green"; else if (!strcmp (oktext, "No") @@ -530,13 +530,13 @@ if (color) es_fprintf (ctx->outstream, "", color); } - else + else writeout (ctx, ": "); writeout (ctx, oktext); if (color) es_fputs ("", ctx->outstream); } - + if (ctx->use_html) es_fputs ("\n", ctx->outstream); else @@ -579,7 +579,7 @@ look behind that event in the log. If STARTITEM is not NULL start search _after_that item. */ static log_item_t -find_next_log_item (audit_ctx_t ctx, log_item_t startitem, +find_next_log_item (audit_ctx_t ctx, log_item_t startitem, audit_event_t event, audit_event_t stopevent) { int idx; @@ -725,9 +725,9 @@ startitem = find_next_log_item (ctx, startitem, AUDIT_CHAIN_BEGIN,stopevent); writeout_li (ctx, startitem? "Yes":"No", _("Certificate chain available")); if (!startitem) - return; + return; - item = find_next_log_item (ctx, startitem, + item = find_next_log_item (ctx, startitem, AUDIT_CHAIN_ROOTCERT, AUDIT_CHAIN_END); if (!item) writeout_rem (ctx, "%s", _("root certificate missing")); @@ -736,7 +736,7 @@ list_cert (ctx, item->cert, 0); } item = startitem; - while ( ((item = find_next_log_item (ctx, item, + while ( ((item = find_next_log_item (ctx, item, AUDIT_CHAIN_CERT, AUDIT_CHAIN_END)))) { list_cert (ctx, item->cert, 1); @@ -769,7 +769,7 @@ { algo = gcry_cipher_map_name (item->string); if (algo) - writeout_rem (ctx, _("algorithm: %s"), gnupg_cipher_algo_name (algo)); + writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo)); else if (item->string && !strcmp (item->string, "1.2.840.113549.3.2")) writeout_rem (ctx, _("unsupported algorithm: %s"), "RC2"); else if (item->string) @@ -779,7 +779,7 @@ } item = find_log_item (ctx, AUDIT_GOT_RECIPIENTS, 0); - snprintf (numbuf, sizeof numbuf, "%d", + snprintf (numbuf, sizeof numbuf, "%d", item && item->have_intvalue? item->intvalue : 0); writeout_li (ctx, numbuf, "%s", _("Number of recipients")); @@ -830,7 +830,7 @@ writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); /* Write remarks with the data hash algorithms. We use a very simple scheme to avoid some duplicates. */ - loopitem = NULL; + loopitem = NULL; lastalgo = 0; while ((loopitem = find_next_log_item (ctx, loopitem, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG))) @@ -909,14 +909,14 @@ algo = item? item->intvalue : 0; writeout_li (ctx, algo?"Yes":"No", "%s", _("Encryption algorithm supported")); if (algo) - writeout_rem (ctx, _("algorithm: %s"), gnupg_cipher_algo_name (algo)); + writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo)); item = find_log_item (ctx, AUDIT_BAD_DATA_CIPHER_ALGO, 0); if (item && item->string) { algo = gcry_cipher_map_name (item->string); if (algo) - writeout_rem (ctx, _("algorithm: %s"), gnupg_cipher_algo_name (algo)); + writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo)); else if (item->string && !strcmp (item->string, "1.2.840.113549.3.2")) writeout_rem (ctx, _("unsupported algorithm: %s"), "RC2"); else if (item->string) @@ -1033,7 +1033,7 @@ writeout_rem (ctx, _("data hash algorithm: %s"), gcry_md_algo_name (item->intvalue)); else if (item->event == AUDIT_BAD_DATA_HASH_ALGO) - writeout_rem (ctx, _("bad data hash algorithm: %s"), + writeout_rem (ctx, _("bad data hash algorithm: %s"), item->string? item->string:"?"); } } @@ -1066,7 +1066,7 @@ gcry_md_algo_name (item->intvalue)); enter_li (ctx); - + /* List the certificate chain. */ list_certchain (ctx, loopitem, AUDIT_NEW_SIG); @@ -1075,12 +1075,12 @@ AUDIT_CHAIN_STATUS, AUDIT_NEW_SIG); if (item && item->have_err) { - writeout_li (ctx, item->err? "No":"Yes", + writeout_li (ctx, item->err? "No":"Yes", _("Certificate chain valid")); if (item->err) writeout_rem (ctx, "%s", gpg_strerror (item->err)); } - + /* Show whether the root certificate is fine. */ item = find_next_log_item (ctx, loopitem, AUDIT_ROOT_TRUSTED, AUDIT_CHAIN_STATUS); @@ -1115,9 +1115,9 @@ break; default: ok = gpg_strerror (item->err); break; } - + writeout_li (ctx, ok, "%s", _("CRL/OCSP check of certificates")); - if (item->err + if (item->err && gpg_err_code (item->err) != GPG_ERR_CERT_REVOKED && gpg_err_code (item->err) != GPG_ERR_NOT_ENABLED) add_helptag (ctx, "gpgsm.crl-problem"); @@ -1132,13 +1132,13 @@ /* Always list the certificates stored in the signature. */ item = NULL; count = 0; - while ( ((item = find_next_log_item (ctx, item, + while ( ((item = find_next_log_item (ctx, item, AUDIT_SAVE_CERT, AUDIT_NEW_SIG)))) count++; snprintf (numbuf, sizeof numbuf, "%d", count); writeout_li (ctx, numbuf, _("Included certificates")); item = NULL; - while ( ((item = find_next_log_item (ctx, item, + while ( ((item = find_next_log_item (ctx, item, AUDIT_SAVE_CERT, AUDIT_NEW_SIG)))) { char *name = get_cert_name (item->cert); @@ -1169,7 +1169,7 @@ const char *s; int show_raw = 0; char *orig_codeset; - + if (!ctx) return; @@ -1187,7 +1187,7 @@ clear_helptags (ctx); if (use_html) - es_fputs ("
\n", ctx->outstream); + es_fputs ("
\n", ctx->outstream); if (!ctx->log || !ctx->logused) { @@ -1201,31 +1201,31 @@ for (idx=0,maxlen=0; idx < DIM (eventstr_msgidx); idx++) { - n = strlen (eventstr_msgstr + eventstr_msgidx[idx]); + n = strlen (eventstr_msgstr + eventstr_msgidx[idx]); if (n > maxlen) maxlen = n; } - + if (use_html) es_fputs ("
\n", out);
       for (idx=0; idx < ctx->logused; idx++)
         {
-          es_fprintf (out, "log: %-*s",
+          es_fprintf (out, "log: %-*s", 
                       maxlen, event2str (ctx->log[idx].event));
           if (ctx->log[idx].have_intvalue)
-            es_fprintf (out, " i=%d", ctx->log[idx].intvalue);
+            es_fprintf (out, " i=%d", ctx->log[idx].intvalue); 
           if (ctx->log[idx].string)
             {
-              es_fputs (" s='", out);
-              writeout (ctx, ctx->log[idx].string);
-              es_fputs ("'", out);
+              es_fputs (" s=`", out); 
+              writeout (ctx, ctx->log[idx].string); 
+              es_fputs ("'", out); 
             }
           if (ctx->log[idx].cert)
-            es_fprintf (out, " has_cert");
+            es_fprintf (out, " has_cert"); 
           if (ctx->log[idx].have_err)
             {
-              es_fputs (" err='", out);
-              writeout (ctx, gpg_strerror (ctx->log[idx].err));
+              es_fputs (" err=`", out);
+              writeout (ctx, gpg_strerror (ctx->log[idx].err)); 
               es_fputs ("'", out);
             }
           es_fputs ("\n", out);
@@ -1304,7 +1304,7 @@
           xfree (text);
         }
       else
-        writeout_para (ctx, _("No help available for '%s'."), helptag->name);
+        writeout_para (ctx, _("No help available for `%s'."), helptag->name);
       if (use_html && ctx->helptags->next)
         es_fputs ("\n", ctx->outstream);
       if (helptag->next)
@@ -1321,3 +1321,4 @@
   clear_helptags (ctx);
   i18n_switchback (orig_codeset);
 }
+
diff -Nru gnupg2-2.1.6/common/audit-events.h gnupg2-2.0.28/common/audit-events.h
--- gnupg2-2.1.6/common/audit-events.h	2015-06-17 10:47:07.000000000 +0000
+++ gnupg2-2.0.28/common/audit-events.h	2015-06-02 12:35:16.000000000 +0000
@@ -29,7 +29,6 @@
   "dirmngr ready" "\0"
   "gpg ready" "\0"
   "gpgsm ready" "\0"
-  "g13 ready" "\0"
   "got data" "\0"
   "detached signature" "\0"
   "cert only sig" "\0"
@@ -74,43 +73,42 @@
     49,
     59,
     71,
-    81,
-    90,
-    109,
-    123,
-    138,
-    153,
-    170,
-    189,
-    210,
-    223,
-    234,
-    246,
+    80,
+    99,
+    113,
+    128,
+    143,
+    160,
+    179,
+    200,
+    213,
+    224,
+    236,
+    248,
     258,
-    268,
-    276,
-    285,
-    296,
+    266,
+    275,
+    286,
+    295,
     305,
-    315,
-    327,
-    345,
-    360,
-    372,
-    383,
+    317,
+    335,
+    350,
+    362,
+    373,
+    388,
     398,
-    408,
-    421,
+    411,
+    424,
     434,
-    444,
-    459,
-    471,
-    484,
+    449,
+    461,
+    474,
+    490,
     500,
-    510,
     
   };
 
 #define eventstr_msgidxof(code) (0 ? -1 \
-  : ((code >= 0) && (code <= 40)) ? (code - 0) \
+  : ((code >= 0) && (code <= 39)) ? (code - 0) \
   : -1)
diff -Nru gnupg2-2.1.6/common/audit.h gnupg2-2.0.28/common/audit.h
--- gnupg2-2.1.6/common/audit.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/audit.h	2015-06-02 08:13:55.000000000 +0000
@@ -22,6 +22,8 @@
 
 #include 
 
+#include "estream.h"
+
 struct audit_ctx_s;
 typedef struct audit_ctx_s *audit_ctx_t;
 
@@ -54,7 +56,7 @@
     /* Indicates whether the gpg-agent is available.  For some
        operations the agent is not required and thus no such event
        will be logged.  */
-
+    
     AUDIT_DIRMNGR_READY,   /* err */
     /* Indicates whether the Dirmngr is available.  For some
        operations the Dirmngr is not required and thus no such event
@@ -66,9 +68,6 @@
     AUDIT_GPGSM_READY, /* err */
     /* Indicates whether the Gpgsm engine is available. */
 
-    AUDIT_G13_READY, /* err */
-    /* Indicates whether the G13 engine is available. */
-
     AUDIT_GOT_DATA,
     /* Data to be processed has been seen.  */
 
@@ -113,7 +112,7 @@
     /* The program was used in an inappropriate way; For example by
        passing a data object while the signature does not expect one
        or vice versa.  */
-
+    
     AUDIT_SAVE_CERT,       /* cert, ok_err */
     /* Save the certificate received in a message. */
 
@@ -121,7 +120,7 @@
     /* Start the verification of a new signature for the last data
        object.  The argument is the signature number as used
        internally by the program.  */
-
+    
     AUDIT_SIG_NAME,        /* string */
     /* The name of a signer.  This is the name or other identification
        data as known from the signature and not the name from the
@@ -133,7 +132,7 @@
        audit information for one signature.  STRING gives the status:
 
          "error"       - there was a problem checking this or any signature.
-         "unsupported" - the signature type is not supported.
+         "unsupported" - the signature type is not supported. 
          "no-cert"     - The certificate of the signer was not found (the
                          S/N+issuer of the signer is already in the log).
          "bad"         - bad signature
@@ -143,7 +142,7 @@
     AUDIT_NEW_RECP,        /* int */
     /* A new recipient has been seen during decryption.  The argument
        is the recipient number as used internally by the program.  */
-
+    
     AUDIT_RECP_NAME,       /* string */
     /* The name of a recipient.  This is the name or other identification
        data as known from the decryption and not the name from the
@@ -167,7 +166,7 @@
     AUDIT_CHAIN_END,
     /* These 4 events are used to log the certificates making up a
        certificate chain.  ROOTCERT is used for the trustanchor and
-       CERT for all other certificates.  */
+       CERT for all other certificates.  */ 
 
     AUDIT_CHAIN_STATUS,  /* err */
     /* Tells the final status of the chain validation.  */
@@ -215,7 +214,7 @@
 void audit_log_ok (audit_ctx_t ctx, audit_event_t event, gpg_error_t err);
 void audit_log_i (audit_ctx_t ctx, audit_event_t event, int value);
 void audit_log_s (audit_ctx_t ctx, audit_event_t event, const char *value);
-void audit_log_cert (audit_ctx_t ctx, audit_event_t event,
+void audit_log_cert (audit_ctx_t ctx, audit_event_t event, 
                      ksba_cert_t cert, gpg_error_t err);
 
 void audit_print_result (audit_ctx_t ctx, estream_t stream, int use_html);
diff -Nru gnupg2-2.1.6/common/b64dec.c gnupg2-2.0.28/common/b64dec.c
--- gnupg2-2.1.6/common/b64dec.c	2015-06-30 20:18:56.000000000 +0000
+++ gnupg2-2.0.28/common/b64dec.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,24 +1,14 @@
 /* b64dec.c - Simple Base64 decoder.
- * Copyright (C) 2008, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2008 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -39,7 +29,7 @@
 
 
 /* The reverse base-64 list used for base-64 decoding. */
-static unsigned char const asctobin[128] =
+static unsigned char const asctobin[128] = 
   {
     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -59,7 +49,7 @@
     0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff
   };
 
-enum decoder_states
+enum decoder_states 
   {
     s_init, s_idle, s_lfseen, s_begin,
     s_b64_0, s_b64_1, s_b64_2, s_b64_3,
@@ -72,7 +62,7 @@
    plain base64 decoding is done.  If it is the empty string the
    decoder will skip everything until a "-----BEGIN " line has been
    seen, decoding ends at a "----END " line.
-
+   
    Not yet implemented: If TITLE is either "PGP" or begins with "PGP "
    the PGP armor lines are skipped as well.  */
 gpg_error_t
@@ -82,19 +72,16 @@
   if (title)
     {
       if (!strncmp (title, "PGP", 3) && (!title[3] || title[3] == ' '))
-        state->lasterr = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-      else
-        {
-          state->title = xtrystrdup (title);
-          if (!state->title)
-            state->lasterr = gpg_error_from_syserror ();
-          else
-            state->idx = s_init;
-        }
+        return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+
+      state->title = xtrystrdup (title);
+      if (!state->title)
+        return gpg_error_from_syserror ();
+      state->idx = s_init;
     }
   else
     state->idx = s_b64_0;
-  return state->lasterr;
+  return 0;
 }
 
 
@@ -106,19 +93,13 @@
 {
   enum decoder_states ds = state->idx;
   unsigned char val = state->radbuf[0];
-  int pos = state->quad_count;
+  int pos = state->quad_count; 
   char *d, *s;
 
-  if (state->lasterr)
-    return state->lasterr;
-
   if (state->stop_seen)
     {
       *r_nbytes = 0;
-      state->lasterr = gpg_error (GPG_ERR_EOF);
-      xfree (state->title);
-      state->title = NULL;
-      return state->lasterr;
+      return gpg_error (GPG_ERR_EOF);
     }
 
   for (s=d=buffer; length && !state->stop_seen; length--, s++)
@@ -153,7 +134,7 @@
           {
             int c;
 
-            if (*s == '-' && state->title)
+            if (*s == '-' && state->title) 
               {
                 /* Not a valid Base64 character: assume end
                    header.  */
@@ -168,7 +149,7 @@
               }
             else if (*s == '\n' || *s == ' ' || *s == '\r' || *s == '\t')
               ; /* Skip white spaces. */
-            else if ( (*s & 0x80)
+            else if ( (*s & 0x80) 
                       || (c = asctobin[*(unsigned char *)s]) == 255)
               {
                 /* Skip invalid encodings.  */
@@ -208,8 +189,8 @@
         case s_waitend:
           if ( *s == '\n')
             state->stop_seen = 1;
-          break;
-        default:
+          break; 
+        default: 
           BUG();
         }
     }
@@ -217,7 +198,7 @@
 
   state->idx = ds;
   state->radbuf[0] = val;
-  state->quad_count = pos;
+  state->quad_count = pos; 
   *r_nbytes = (d -(char*) buffer);
   return 0;
 }
@@ -229,10 +210,8 @@
 gpg_error_t
 b64dec_finish (struct b64state *state)
 {
-  if (state->lasterr)
-    return state->lasterr;
-
   xfree (state->title);
   state->title = NULL;
   return state->invalid_encoding? gpg_error(GPG_ERR_BAD_DATA): 0;
 }
+
diff -Nru gnupg2-2.1.6/common/b64enc.c gnupg2-2.0.28/common/b64enc.c
--- gnupg2-2.1.6/common/b64enc.c	2015-06-30 20:18:58.000000000 +0000
+++ gnupg2-2.0.28/common/b64enc.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,25 +1,14 @@
 /* b64enc.c - Simple Base64 encoder.
- * Copyright (C) 2001, 2003, 2004, 2008, 2010,
- *               2011 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2003, 2004, 2008 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -44,25 +33,25 @@
 #define B64ENC_USE_PGPCRC   32
 
 /* The base-64 character list */
-static unsigned char bintoasc[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-                                    "abcdefghijklmnopqrstuvwxyz"
-                                    "0123456789+/";
+static unsigned char bintoasc[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 
+                                    "abcdefghijklmnopqrstuvwxyz" 
+                                    "0123456789+/"; 
 
 /* Stuff required to create the OpenPGP CRC.  This crc_table has been
    created using this code:
 
    #include 
    #include 
-
+   
    #define CRCPOLY 0x864CFB
-
+   
    int
    main (void)
    {
      int i, j;
      uint32_t t;
      uint32_t crc_table[256];
-
+   
      crc_table[0] = 0;
      for (i=j=0; j < 128; j++ )
        {
@@ -80,7 +69,7 @@
              crc_table[i++] = t ^ CRCPOLY;
    	}
        }
-
+   
      puts ("static const u32 crc_table[256] = {");
      for (i=j=0; i < 256; i++)
        {
@@ -147,14 +136,20 @@
 };
 
 
-static gpg_error_t
-enc_start (struct b64state *state, FILE *fp, estream_t stream,
-           const char *title)
+/* Prepare for base-64 writing to the stream FP.  If TITLE is not NULL
+   and not an empty string, this string will be used as the title for
+   the armor lines, with TITLE being an empty string, we don't write
+   the header lines and furthermore even don't write any linefeeds.
+   If TITLE starts with "PGP " the OpenPGP CRC checksum will be
+   written as well.  With TITLE beeing NULL, we merely don't write
+   header but make sure that lines are not too long. Note, that we
+   don't write any output unless at least one byte get written using
+   b64enc_write. */
+gpg_error_t
+b64enc_start (struct b64state *state, FILE *fp, const char *title)
 {
   memset (state, 0, sizeof *state);
   state->fp = fp;
-  state->stream = stream;
-  state->lasterr = 0;
   if (title && !*title)
     state->flags |= B64ENC_NO_LINEFEEDS;
   else if (title)
@@ -166,42 +161,9 @@
         }
       state->title = xtrystrdup (title);
       if (!state->title)
-        state->lasterr = gpg_error_from_syserror ();
+        return gpg_error_from_syserror ();
     }
-  return state->lasterr;
-}
-
-
-/* Prepare for base-64 writing to the stream FP.  If TITLE is not NULL
-   and not an empty string, this string will be used as the title for
-   the armor lines, with TITLE being an empty string, we don't write
-   the header lines and furthermore even don't write any linefeeds.
-   If TITLE starts with "PGP " the OpenPGP CRC checksum will be
-   written as well.  With TITLE beeing NULL, we merely don't write
-   header but make sure that lines are not too long. Note, that we
-   don't write any output unless at least one byte get written using
-   b64enc_write. */
-gpg_error_t
-b64enc_start (struct b64state *state, FILE *fp, const char *title)
-{
-  return enc_start (state, fp, NULL, title);
-}
-
-/* Same as b64enc_start but takes an estream.  */
-gpg_error_t
-b64enc_start_es (struct b64state *state, estream_t fp, const char *title)
-{
-  return enc_start (state, NULL, fp, title);
-}
-
-
-static int
-my_fputs (const char *string, struct b64state *state)
-{
-  if (state->stream)
-    return es_fputs (string, state->stream);
-  else
-    return fputs (string, state->fp);
+  return 0;
 }
 
 
@@ -214,15 +176,13 @@
   unsigned char radbuf[4];
   int idx, quad_count;
   const unsigned char *p;
+  FILE *fp = state->fp;
 
-  if (state->lasterr)
-    return state->lasterr;
 
   if (!nbytes)
     {
-      if (buffer)
-        if (state->stream? es_fflush (state->stream) : fflush (state->fp))
-          goto write_error;
+      if (buffer && fflush (fp))
+        goto write_error;
       return 0;
     }
 
@@ -230,15 +190,15 @@
     {
       if (state->title)
         {
-          if ( my_fputs ("-----BEGIN ", state) == EOF
-               || my_fputs (state->title, state) == EOF
-               || my_fputs ("-----\n", state) == EOF)
+          if ( fputs ("-----BEGIN ", fp) == EOF
+               || fputs (state->title, fp) == EOF
+               || fputs ("-----\n", fp) == EOF)
             goto write_error;
-          if ( (state->flags & B64ENC_USE_PGPCRC)
-               && my_fputs ("\n", state) == EOF)
+          if ( (state->flags & B64ENC_USE_PGPCRC) 
+               && fputs ("\n", fp) == EOF)
             goto write_error;
         }
-
+        
       state->flags |= B64ENC_DID_HEADER;
     }
 
@@ -253,7 +213,7 @@
       u32 crc = state->crc;
 
       for (p=buffer, n=nbytes; n; p++, n-- )
-        crc = ((u32)crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ *p];
+        crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ *p];
       state->crc = (crc & 0x00ffffff);
     }
 
@@ -268,27 +228,16 @@
           tmp[1] = bintoasc[(((*radbuf<<4)&060)|((radbuf[1] >> 4)&017))&077];
           tmp[2] = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077];
           tmp[3] = bintoasc[radbuf[2]&077];
-          if (state->stream)
-            {
-              for (idx=0; idx < 4; idx++)
-                es_putc (tmp[idx], state->stream);
-              idx = 0;
-              if (es_ferror (state->stream))
-                goto write_error;
-            }
-          else
-            {
-              for (idx=0; idx < 4; idx++)
-                putc (tmp[idx], state->fp);
-              idx = 0;
-              if (ferror (state->fp))
-                goto write_error;
-            }
-          if (++quad_count >= (64/4))
+          for (idx=0; idx < 4; idx++)
+            putc (tmp[idx], fp);
+          idx = 0;
+          if (ferror (fp))
+            goto write_error;
+          if (++quad_count >= (64/4)) 
             {
               quad_count = 0;
               if (!(state->flags & B64ENC_NO_LINEFEEDS)
-                  && my_fputs ("\n", state) == EOF)
+                  && fputs ("\n", fp) == EOF)
                 goto write_error;
             }
         }
@@ -299,31 +248,23 @@
   return 0;
 
  write_error:
-  state->lasterr = gpg_error_from_syserror ();
-  if (state->title)
-    {
-      xfree (state->title);
-      state->title = NULL;
-    }
-  return state->lasterr;
+  return gpg_error_from_syserror ();
 }
 
-
 gpg_error_t
 b64enc_finish (struct b64state *state)
 {
   gpg_error_t err = 0;
   unsigned char radbuf[4];
   int idx, quad_count;
+  FILE *fp;
   char tmp[4];
 
-  if (state->lasterr)
-    return state->lasterr;
-
   if (!(state->flags & B64ENC_DID_HEADER))
     goto cleanup;
 
   /* Flush the base64 encoding */
+  fp = state->fp;
   idx = state->idx;
   quad_count = state->quad_count;
   assert (idx < 4);
@@ -338,34 +279,23 @@
           tmp[2] = '=';
           tmp[3] = '=';
         }
-      else
-        {
+      else 
+        { 
           tmp[1] = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077];
           tmp[2] = bintoasc[((radbuf[1] << 2) & 074) & 077];
           tmp[3] = '=';
         }
-      if (state->stream)
-        {
-          for (idx=0; idx < 4; idx++)
-            es_putc (tmp[idx], state->stream);
-          idx = 0;
-          if (es_ferror (state->stream))
-            goto write_error;
-        }
-      else
-        {
-          for (idx=0; idx < 4; idx++)
-            putc (tmp[idx], state->fp);
-          idx = 0;
-          if (ferror (state->fp))
-            goto write_error;
-        }
-
-      if (++quad_count >= (64/4))
+      for (idx=0; idx < 4; idx++)
+        putc (tmp[idx], fp);
+      idx = 0;
+      if (ferror (fp))
+        goto write_error;
+      
+      if (++quad_count >= (64/4)) 
         {
           quad_count = 0;
           if (!(state->flags & B64ENC_NO_LINEFEEDS)
-              && my_fputs ("\n", state) == EOF)
+              && fputs ("\n", fp) == EOF)
             goto write_error;
         }
     }
@@ -373,13 +303,13 @@
   /* Finish the last line and write the trailer. */
   if (quad_count
       && !(state->flags & B64ENC_NO_LINEFEEDS)
-      && my_fputs ("\n", state) == EOF)
+      && fputs ("\n", fp) == EOF)
     goto write_error;
-
+  
   if ( (state->flags & B64ENC_USE_PGPCRC) )
     {
       /* Write the CRC.  */
-      my_fputs ("=", state);
+      putc ('=', fp);
       radbuf[0] = state->crc >>16;
       radbuf[1] = state->crc >> 8;
       radbuf[2] = state->crc;
@@ -387,30 +317,20 @@
       tmp[1] = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077];
       tmp[2] = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077];
       tmp[3] = bintoasc[radbuf[2]&077];
-      if (state->stream)
-        {
-          for (idx=0; idx < 4; idx++)
-            es_putc (tmp[idx], state->stream);
-          if (es_ferror (state->stream))
-            goto write_error;
-        }
-      else
-        {
-          for (idx=0; idx < 4; idx++)
-            putc (tmp[idx], state->fp);
-          if (ferror (state->fp))
-            goto write_error;
-        }
+      for (idx=0; idx < 4; idx++)
+        putc (tmp[idx], fp);
+      if (ferror (fp))
+        goto write_error;
       if (!(state->flags & B64ENC_NO_LINEFEEDS)
-          && my_fputs ("\n", state) == EOF)
+          && fputs ("\n", fp) == EOF)
         goto write_error;
     }
 
   if (state->title)
     {
-      if ( my_fputs ("-----END ", state) == EOF
-           || my_fputs (state->title, state) == EOF
-           || my_fputs ("-----\n", state) == EOF)
+      if ( fputs ("-----END ", fp) == EOF
+           || fputs (state->title, fp) == EOF
+           || fputs ("-----\n", fp) == EOF)
         goto write_error;
     }
 
@@ -426,7 +346,6 @@
       state->title = NULL;
     }
   state->fp = NULL;
-  state->stream = NULL;
-  state->lasterr = err;
   return err;
 }
+
diff -Nru gnupg2-2.1.6/common/ChangeLog-2011 gnupg2-2.0.28/common/ChangeLog-2011
--- gnupg2-2.1.6/common/ChangeLog-2011	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/ChangeLog-2011	2015-06-02 08:13:55.000000000 +0000
@@ -1,569 +1,42 @@
-2011-12-01  Werner Koch  
+2011-12-02  Werner Koch  
 
 	NB: ChangeLog files are no longer manually maintained.  Starting
 	on December 1st, 2011 we put change information only in the GIT
 	commit log, and generate a top-level ChangeLog file from logs at
 	"make dist".  See doc/HACKING for details.
 
-2011-11-30  Werner Koch  
-
-        Rewrite dns-cert.c to not use the gpg-only iobuf stuff.
-        * dns-cert.c: Remove iobuf.h.
-        (get_dns_cert): Rename to _get_dns_cert.  Remove MAX_SIZE arg.
-	Change iobuf arg to a estream-t.  Rewrite function to make use of
-	estream instead of iobuf.  Require all parameters.  Return an
-	gpg_error_t error instead of the type.  Add arg ERRSOURCE.
-        * dns-cert.h (get_dns_cert): New macro to pass the error source to
-	_gpg_dns_cert.
-        * t-dns-cert.c (main): Adjust for changes in get_dns_cert.
-
-        * estream.c (es_fopenmem_init): New.
-	* estream.h (es_fopenmem_init): New.
-
-2011-11-29  Werner Koch  
-
-	* estream.c (func_mem_create): Don't set FUNC_REALLOC if GROW is
-	not set.  Require FUNC_REALLOC if DATA is NULL and FUNC_FREE is
-	given.
-
-	* dns-cert.c: Use new CERTTYPE_ constants for better readability.
-
-2011-11-28  Werner Koch  
-
-	* t-dns-cert.c (main): Increase MAX_SIZE to 64k.
-
-	* dns-cert.c (get_dns_cert): Factor test code out to ...
-	* t-dns-cert.c: new file.
-
-2011-10-24  Werner Koch  
-
-	* dotlock.h, dotlock.c: Add alternative to allow distribution of
-	these files under a modified BSD license
-
-2011-09-30  Werner Koch  
-
-	Change the license of all JNLIB parts from LPGLv3+ to to LGPLv3+
-	or GPLv2+.
-
-	* dotlock.h (DOTLOCK_EXT_SYM_PREFIX): New macro.
-
-2011-09-29  Werner Koch  
-
-	* dotlock.c (DOTLOCK_USE_PTHREAD): New macro.
-	[DOTLOCK_USE_PTHREAD] (all_lockfiles_mutex): New.
-	(LOCK_all_lockfiles, UNLOCK_all_lockfiles): New.  Use them to
-	protect access to all_lockfiles.
-	(dotlock_set_fd, dotlock_get_fd): New.
-
-2011-09-28  Werner Koch  
-
-	* dotlock.c (dotlock_take, dotlock_take_unix, dotlock_take_w32):
-	Implement arbitrary timeout values.
-	(dotlock_create): Add arg FLAGS for future extensions.
-
-2011-09-27  Werner Koch  
-
-	* dotlock.c (dotlock_take_unix): Check only the link count and not
-	the error return from link.
-	(use_hardlinks_p): New.
-	(dotlock_create_unix): Test for hardlinks.
-	(dotlock_take_unix): Implement O_EXCL locking.
-
-2011-09-23  Werner Koch  
-
-	* dotlock.c: Factor Unix and W32 specific code out into specific
-	functions.  Define HAVE_POSIX_SYSTEM.  Rearrange some functions.
-	(disable_dotlock): Rename to dotlock_disable.
-	(create_dotlock): Rename to dotlock_create.
-	(destroy_dotlock): Rename to dotlock_destroy.
-	(make_dotlock): Rename to dotlock_take.
-	(release_dotlock): Rename to dotlock_release.
-
-2011-09-22  Werner Koch  
-
-	* dotlock.c: Remove support for RISCOS.
-
-2011-08-10  Werner Koch  
-
-	* t-exechelp.c (test_close_all_fds): Don't use the DUMMY_FD var.
-
-	* pka.c (get_pka_info): Remove unused var.
-
-	* signal.c (got_fatal_signal): Remove unused var.
-
-	* estream.c (es_fread, es_fwrite): Remove unused var.
-
-2011-07-20  Werner Koch  
+2011-08-04  Werner Koch  
 
 	* ssh-utils.c, ssh-utils.h: New.
 	* t-ssh-utils.c: New.
 	* Makefile.am (t_ssh_utils_LDADD): New.
 	(module_tests): Add t-ssh-utils.c
 
-2011-06-01  Marcus Brinkmann  
-
-	* util.h: Undef snprintf before redefining it.
-
-2011-05-20  Werner Koch  
-
-	* util.h: Remove some error code substitutes.
-
-2011-04-25  Werner Koch  
-
-	* userids.c (classify_user_id): Add arg OPENPGP_HACK to fix
-	regression from 2009-12-08.
-
-2011-04-01  Werner Koch  
-
-	* sysutils.c (get_uint_nonce): New.
-
-2011-03-03  Werner Koch  
-
-	* estream.c (struct estream_list): Rename to estream_list_s and
-	simplify.  A double linked list is overkill for our purpose.
-	(do_list_add, do_list_remove): Adjust accordingly.
-	(_es_get_std_stream): Ditto.
-	(do_list_iterate, estream_iterator_t): Remove; it is used only at
-	one place.
-	(es_fflush): Replace iteration function.  Also lock each stream
-	while flushing all streams.
-
-2011-02-27  Werner Koch  
+2011-08-04  Werner Koch  
 
-	* gettime.c (isotime2epoch): Factor check code out to ..
-	(isotime_p): .. new.
-	(isotime_human_p): New.
-	(string2isotime): New.
-	* t-gettime.c (test_string2isotime): New.
-
-2011-02-11  Andrey Jivsov 
-
-	* openpgp-oid.c (openpgp_oid_to_str): Use unsigned int for
-	get_opaque.  Fixes a bug on 64 bit platforms.
-
-2011-02-08  Werner Koch  
-
-	* http.c (connect_server): Add arg R_HOST_NOT_FOUND.
-
-2011-02-07  Werner Koch  
-
-	* http.c (my_socket_new, my_socket_ref, my_socket_unref): New.
-	(cookie_close, cookie_read, cookie_write, http_close, _http_open)
-	(send_request): Replace use of an socket integer by the new socket
-	object.
-	(_http_raw_connect): New.
-	(fp_onclose_notification): New.
-	(_http_raw_connect, _http_wait_response, http_close): Register and
-	unregister this notification.
-	* http.h (http_raw_connect): New.
-
-	* http.h (parsed_uri_s): Add field IS_OPAQUE.
-	(http_req_t): Add HTTP_REQ_OPAQUE.
-	* http.c (do_parse_uri): Parse unknown schemes into PATH.
-	(my_socket_new, my_socket_ref, my_socket_unref): New.
-	(send_request): Simplify save_errno stuff.
-
-2011-02-03  Werner Koch  
-
-	* status.h (STATUS_DECRYPTION_INFO): New.
-
-	* argparse.c (strusage): Update copyright year.
-
-2011-01-31  Werner Koch  
-
-	* openpgp-oid.c: New.
-	* t-openpgp-oid.c: New.
+	* pka.c (get_pka_info): Remove set but unused variables ARCOUNT
+	and NSCOUNT.
+	* estream.c (es_fwrite, es_fread): Remove set but unused variable
+	ERR.
+
+2011-04-29  Werner Koch  
+
+	* estream.c (es_pth_kill): New.
+	(estream_pth_killed): New.
+	(ESTREAM_MUTEX_LOCK, ESTREAM_MUTEX_UNLOCK)
+	(ESTREAM_MUTEX_TRYLOCK, ESTREAM_MUTEX_INITIALIZE): Take care of
+	the killed status.
+	(ESTREAM_SYS_YIELD): Ditto.
+	(es_pth_read, es_pth_write): Ditto.
+	(es_init_do): Ditto.
 
 2011-01-20  Werner Koch  
 
-	Fix bug#1313.
-
-	* http.c (my_select): New.  Define to pth_select if building with Pth.
-	(start_server, write_server, cookie_read, cookie_write): Use it.
-	(my_connect): New.  Define to pth_connect if building with Pth.
-	(connect_server): Use it.
-	(my_accept): New.  Define to pth_accept if building with Pth.
-	(start_server): Use it.
-
-2011-01-20  Werner Koch  
-
-	* util.h (struct b64state): Add field LASTERR.
-	* b64enc.c (enc_start, b64enc_write, b64enc_finish): Handle
-	LASTERR.  This is to make sure that we don't leak strduped data.
-	* b64dec.c (b64dec_start, b64dec_proc, b64dec_finish): Ditto.
-
-	* http.c (escape_data): New.
-	(insert_escapes): Implement using escape_data.
-	(http_escape_data): New.
-
-2011-01-19  Werner Koch  
-
-	* homedir.c (gnupg_module_name): Use NAME_OF_INSTALLED_GPG instead
-	of "gpg2".
-
-2011-01-18  Werner Koch  
-
-	* iobuf.c (file_es_filter_ctx_t): New.
-	(file_es_filter): New.
-	(iobuf_esopen): New.
-
-	* membuf.c (clear_membuf, peek_membuf): New.
-
-	* util.h (GPG_ERR_NO_KEYSERVER): New.
-
-	* keyserver.h (keyserver_spec): Move from ../g10/options.h to here.
-
-	* http.c (do_parse_uri): Add arg NO_SCHEME_CHECK.  Change all
-	callers.  Support HKP and HKPS.
-	(_http_parse_uri): Do proper error management.
-	* http.h (parsed_uri_s): Add field IS_HTTP.
-	(http_parse_uri): Support NO_SCHEME_CHECK arg.
-
 	* estream.c (es_func_mem_write): Fix computation of NEWSIZE.
 
-2011-01-10  Werner Koch  
-
-	* session-env.c (update_var): Fix same value detection.  Fixes
-	bug#1311.
-
-2010-12-17  Werner Koch  
-
-	* asshelp.c (lock_spawning): Add arg VERBOSE.  Improve timeout
-	management.  Make callers pass a value for VERBOSE.
-	(lock_agent_spawning, unlock_agent_spawning): Remove.  Change
-	callers to use lock_spawning and unlock_spawning.
-
-2010-12-17  Marcus Brinkmann  
-
-	* homedir.c (gnupg_cachedir): Create /temp subdirectories.
-
-2010-12-02  Werner Koch  
-
-	* miscellaneous.c (gnupg_cipher_algo_name): New.  Replace all
-	users of gcry_cipher_algo_name by this one.
-
-	* logging.c (fun_cookie_s) [W32CE]: Add field USE_WRITEFILE.
-	(fun_writer) [W32CE]: Make use of it.
-	(set_file_fd) [W32CE]: Implement special filename "GPG2:".
-
-2010-11-25  Werner Koch  
-
-	* asshelp.c (start_new_gpg_agent): Change style of startup info.
-	(start_new_dirmngr): Ditto.
-
-2010-11-23  Werner Koch  
-
-	* asshelp.c (SECS_TO_WAIT_FOR_AGENT, SECS_TO_WAIT_FOR_DIRMNGR):
-	Use these constants.  For W32CE increase them to 30 seconds.
-	(start_new_gpg_agent): Print time to startup agent.
-	(start_new_dirmngr): Ditto.
-
-2010-11-04  Werner Koch  
-
-	* logging.c (do_logv) [W32]: Don't set a default log stream if the
-	registry entry is empty.
-
-2010-10-27  Werner Koch  
-
-	* gettime.c (gnupg_get_isotime): Compare to (time_t)-1.
-	(epoch2isotime): Ditto.
-	(IS_INVALID_TIME_T): New.
-	(asctimestamp): Use new macro.
-	(strtimestamp, isotimestamp): Ditto.  Use snprintf.
-
-2010-10-25  Werner Koch  
-
-	* logging.c (do_log): Rename to log_log and make global.
-
-2010-10-20  Werner Koch  
-
-	* i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Call textdomain.
-
-2010-10-14  Werner Koch  
-
-	* asshelp.c (start_new_gpg_agent): Print a notice once the agent
-	has been started.
-	(start_new_dirmngr): Likewise.
-
-2010-10-13  Werner Koch  
-
-	* miscellaneous.c (parse_version_number, parse_version_string)
-	(gnupg_compare_version): New.
-
-2010-10-04  Werner Koch  
-
-	* gettime.c (asctimestamp) [W32CE]: Do not print the timezone.
-
-2010-09-30  Werner Koch  
-
-	* util.h (GPG_ERR_FULLY_CANCELED): Add replacement.
-
-2010-09-17  Werner Koch  
-
-	* http.c (INADDR_NONE): Provide fallback.
-	* logging.c (INADDR_NONE): Ditto.
-
-2010-09-16  Werner Koch  
-
-	* util.h: Add GPG_ERR_MISSING_ISSUER_CERT.
-	* status.c (get_inv_recpsgnr_code): Ditto.
-
-2010-09-13  Werner Koch  
-
-	* homedir.c (gnupg_bindir) [W32CE]: Change to bin/.
-	(gnupg_libexecdir) [W32]: Call gnupg_bindir.
-	(gnupg_libdir, gnupg_datadir, gnupg_localedir) [W32]: Simplify by
-	using xstrconcat.
-	(gnupg_module_name): Ditto.
-	(w32_rootdir): Strip a trailing "bin".
-
-2010-09-02  Werner Koch  
-
-	* util.h (GPG_ERR_NOT_INITIALIZED): Define if not defined.
-
-2010-09-01  Marcus Brinkmann  
-
-	* estream.c (_es_set_std_fd): Disable debug output.
-
-2010-08-26  Werner Koch  
-
-	* estream.c (es_convert_mode): Rename to parse_mode.
-	(parse_mode): Add arg R_CMODE and parse key value pairs.  Use Use
-	664 as the default mode.  Change callers.
-	(ES_DEFAULT_OPEN_MODE): Remove.
-	(es_fopen, do_fpopen, do_w32open, es_freopen): Support a creation
-	mode.
-	(es_func_file_create): Rename to func_file_create and add arg CMODE.
-	(es_func_fd_create): Rename to func_fd_create.
-	(es_func_fp_create): Rename to func_fp_create.
-	(es_list_add): Rename to do_list_add.
-	(es_list_remove): Rename to do_list_remove.
-	(es_list_iterate): Rename to do_list_iterate.
-	(es_pth_read): Rename to do_pth_read.
-	(es_deinit): Rename to do_deinit.
-	(es_init_do): Rename to do_init.
-	(es_func_mem_create): Rename to func_mem_create.
-
-2010-08-23  Werner Koch  
-
-	* exechelp-w32ce.c: Rewrite all spawn stuff.
-
-	* exechelp-w32.c (close_all_fds) [W32]: Make it a dummy function.
-
-	* estream.c (es_onclose): New.
-	(notify_list_t, onclose): New.
-	(struct estream_internal): Add field ONCLOSE.
-	(es_initialize, es_deinitialize): Manage new field.
-	(do_close): Call onclose notify functions.
-
-2010-08-20  Werner Koch  
-
-	* exechelp-w32.c (create_inheritable_pipe): Change arg to HANDLE.
-
-	* estream.h (es_sysopen_t): New.
-	* estream.c (es_func_w32_create, es_func_w32_read)
-	(es_func_w32_write, es_func_w32_seek, es_func_w32_destroy)
-	(estream_functions_w32, estream_cookie_fd): New.  Only for W32.
-	(es_sysopen, es_sysopen_nc): New.
-	(do_w32open, do_sysopen): New.
-	(es_syshd, es_syshd_unlocked): New.
-	(struct estream_internal): Replace filed FD by SYSHD.
-	(es_initialize): Clear SYSHD_VALID.
-	(map_w32_to_errno): New.
-	(es_get_fd): Remove.
-	(es_fileno_unlocked): Re-implement using es_syshd.
-	(es_initialize, es_create): Replace arg FD by SYSHD.
-	(es_fopen, es_mopen, es_fopenmem, do_fdopen, do_fpopen)
-	(es_tmpfile): Use SYSHD instead of FD.
-	(es_destroy): Rename to do_close.
-
-2010-08-19  Werner Koch  
-
-	* exechelp-posix.c (create_pipe_and_estream): New.
-	(gnupg_spawn_process): Rework this function and its calling
-	convention; it is not used anyway.
-	* exechelp-w32.c (gnupg_spawn_process): Ditto.
-
-2010-08-18  Werner Koch  
-
-	* logging.c (writen): Add arg IS_SOCKET.
-	(fun_writer): Pass the is_socket flag.
-	(do_logv) [W32]: Allow for a default log stream
-
-	* estream.c (struct estream_internal): Remove obsolete fields
-	PRINT_FP, PRINT_ERRNO, PRINT_ERR and all remaining code cruft.
-
-2010-08-16  Werner Koch  
-
-	* estream.c (es_printf_unlocked, es_printf): New.
-
-	* asshelp.c (lock_agent_t): Rename to lock_spawn_t.
-	(lock_agent_spawning, unlock_agent_spawning): Factor code out to ...
-	(lock_spawning, unlock_spawning): .. new.
-	(start_new_gpg_agent): Make more use of ERRSOURCE.
-	(start_new_dirmngr): New.
-
-2010-08-13  Werner Koch  
-
-	* Makefile.am (audit-events.h, status-codes.h): Fix srcdir problem
-	amd depend on Makefile.am instead of Makefile.
-
-2010-08-12  Werner Koch  
-
-	* sysutils.c (gnupg_remove) [W32CE]: Fix returned error.
-
-2010-08-09  Werner Koch  
-
-	* logging.c (WITH_IPV6): New macro.
-	(parse_portno): New.  From libassuan.
-	(fun_writer): Support TCP logging on all platforms.
-	(sock_close): New.
-
-2010-08-06  Werner Koch  
-
-	* homedir.c (dirmngr_socket_name) [W32CE]: Base on default homedir.
-	(gnupg_cachedir) [W32CE]: Drop drive letter.
-
-	* http.c (http_open_document): Rename to _http_open_document and
-	add arg ERRSOURCE.  Pass ERRSOURCE to all called funcs.
-	(http_wait_response, http_open, http_parse_uri): Likewise.
-	(do_parse_uri, parse_response, store_header): Change to return an
-	gpg_err_code_t.  Change callers.
-	(send_request): Add arg ERRSOURCE.  Change callers.
-	* http.h (http_open_document, http_wait_response, http_open)
-	(http_parse_uri): Define as macro.
-
-2010-08-05  Werner Koch  
-
-	* estream.h (es_asprintf, es_vasprintf): Add lost prototyps.
-
-	* http.c: Require estream and make HTTP_USE_ESTREAM obsolete.  It
-	make the code unreadable and we require estream anyway for GnuPG.
-	(http_wait_response): Get use of cookies right.
-	(send_request): s/xtryasprintf/es_asprintf/ to allow standalone
-	use of the code.
-	(insert_escapes, connect_server): s/sprintf/snprintf/.
-	(parse_response): s/my_read_line/es_read_line/.
-	(my_read_line): Remove.
-	(write_server): Use pth_write.
-
-2010-07-26  Werner Koch  
-
-	* estream.c (es_func_fp_write) [W32]: Write smaller chunks.
-
-2010-07-25  Werner Koch  
-
-	* argparse.c (initialize): Use ARGPARSE_PRINT_WARNING constant.
-
-2010-07-24  Werner Koch  
-
-	* estream.c (es_set_binary): New.
-
-2010-07-19  Werner Koch  
-
-	* utf8conv.c (utf8_to_wchar): s/malloc/jnlib_malloc/.
-
-2010-07-16  Werner Koch  
-
-	* http.h (HTTP_FLAG_IGNORE_CL): Add flag .
-	* http.c (WITHOUT_GNU_PTH): Test macro for Pth support.
-	(http_parse_uri): s/xcalloc/xtrycalloc/.
-	(send_request): Replace of discrete allocation and sprintf by
-	xtryasprintf.
-	(http_wait_response): Replace HTTP_FLAG_NO_SHUTDOWN by
-	HTTP_FLAG_SHUTDOWN to change the default to no shutdown.
-	(cookie_read) [HAVE_PTH]: Use pth_read.
-	(longcounter_t): New.
-	(struct cookie_s): Add support for content length.  Turn flag
-	fields into bit types.
-	(parse_response): Parse content length header.
-	(cookie_read): Take care of the content length.
-
-2010-07-08  Werner Koch  
-
-	* estream.c (estream_functions_file): Remove and replace by
-	identical estream_functions_fd.
-
-2010-07-06  Werner Koch  
-
-	* util.h (b64state): Add field STREAM.
-	* b64enc.c (b64enc_start): Factor code out to ..
-	(enc_start): new.
-	(b64enc_start_es, my_fputs): New.
-	(b64enc_write, b64enc_finish): Support estream.
-
-2010-06-24  Werner Koch  
-
-	* asshelp.c (lock_agent_spawning) [W32]: Use CreateMutexW.
-	(start_new_gpg_agent): Use HANG option for gnupg_wait_progress.
-	Fixes regression from 2010-06-09.
-
-2010-06-21  Werner Koch  
+2011-01-11  Werner Koch  
 
-	* util.h (xfree_fnc): New.
-
-2010-06-18  Werner Koch  
-
-	* util.h (GPG_ERR_MISSING_KEY) [!GPG_ERR_MISSING_KEY]: New.
-
-	* sexputil.c (make_canon_sexp_pad): Add arg SECURE.
-
-2010-06-17  Werner Koch  
-
-	* sexputil.c (make_canon_sexp_pad): New.
-
-2010-06-14  Werner Koch  
-
-	* membuf.c (put_membuf): Add shortcut for !LEN.
-
-2010-06-11  Marcus Brinkmann  
-
-	* sysutils.c (translate_sys2libc_fd): Revert last change.
-	(translate_sys2libc_fd_int): Revert last change.
-
-2010-06-10  Marcus Brinkmann  
-
-	* sysutils.c (translate_sys2libc_fd) [HAVE_W32CE_SYSTEM]:
-	Implement.
-	(translate_sys2libc_fd_int) [HAVE_W32CE_SYSTEM]: Don't call
-	translate_sys2libc_fd.
-
-	* estream.c (_es_get_std_stream): Fix cut&paste bug.
-
-2010-06-09  Werner Koch  
-
-	* exechelp-posix.c, exechelp-w32.c
-	* exechelp-w32ce.c (gnupg_wait_process): Add new arg HANG.  Change
-	all callers.
-	(gnupg_release_process): New.  Use it after all calls to
-	gnupg_wait_process.
-
-	* util.h (GNUPG_MODULE_NAME_DIRMNGR_LDAP): New.
-	* homedir.c (gnupg_cachedir): New.
-	(w32_try_mkdir): New.
-	(dirmngr_socket_name): Change standard socket name.
-	(gnupg_module_name): Support GNUPG_MODULE_NAME_DIRMNGR_LDAP.
-
-	* logging.c (log_set_get_tid_callback): Replace by ...
-	(log_set_pid_suffix_cb): .. new.
-	(do_logv): Change accordingly.
-
-2010-06-08  Marcus Brinkmann  
-
-	* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
-	(t_common_ldadd): Add $(LIBASSUAN_LIBS).
-	* sysutils.c: Include .
-	(translate_sys2libc_fd_int): Cast to silence gcc warning.
-	* iobuf.c: Include 
-	(translate_file_handle): Fix syntax error.
-
-2010-06-08  Werner Koch  
-
-	* iobuf.c (translate_file_handle) [W32CE]: Handle rendezvous ids.
-
-2010-06-07  Werner Koch  
-
-	* sysutils.c [W32CE]: Finish pipe creation.
+        Estream changes as used by gnupg master from 2010-07-19.
 
 	* estream.c (es_fname_get, es_fname_set): New.
 	(fname_set_internal): New.
@@ -572,36 +45,21 @@
 	(_es_get_std_stream): Set stream name.
 	(es_fopen, es_freopen, es_deinitialize): Set fname.
 
-	* exechelp-posix.c (gnupg_spawn_process): Allow passing INFILE or
-	OUTFILE as NULL.
-	* exechelp-w32.c (gnupg_spawn_process): Ditto.
-	* exechelp-w32ce.c (gnupg_spawn_process): Return an error for
-	INFILE or OUTFILE passed as NULL.
-
-2010-06-01  Werner Koch  
-
-	* logging.c (log_get_stream): Make sture a log stream is available.
+2011-01-10  Thomas Mraz    (wk)
 
-2010-05-30  Werner Koch  
+	* pka.c (get_pka_info) [!USE_ADNS]: Turn ANSWER into a union to
+	avoid aliasing problems with modern compilers.  See bug#1307.
+	Reported by Steve Grubb.
 
-	* init.c (writestring_via_estream): New.
-	(init_common_subsystems): Register with argparse.
-
-	* argparse.c (argparse_register_outfnc): New.
-	(writestrings, flushstrings): New.  Use them instead of stdout or
-	stderr based functions.
+2011-01-10  Werner Koch  
 
-2010-05-04  Werner Koch  
+	* session-env.c (update_var): Fix same value test.  Fixes
+	bug#1311.
 
-	* estream.c (_es_get_std_stream): Re-use registered standard fds.
-	(IS_INVALID_FD, ESTREAM_SYS_YIELD): New.
-	(es_func_fd_read, es_func_fd_write, es_func_fd_seek)
-	(es_func_fd_destroy): Implement a dummy stream.
+2010-09-16  Werner Koch  
 
-	* exechelp-w32ce.c (build_w32_commandline): Add args FD0_ISNULL
-	and FD1_ISNULL.  Remove arg PGMNAME.  Change callers.
-	(gnupg_spawn_process_detached): Implement.
-	(gnupg_spawn_process_fd): Implement one special case for now.
+	* util.h: Add GPG_ERR_MISSING_ISSUER_CERT.
+	* status.c (get_inv_recpsgnr_code): Ditto.
 
 2010-05-03  Werner Koch  
 
@@ -609,321 +67,50 @@
 	(start_new_gpg_agent): Test for configured standard socket and
 	try to fire up the agent in this case.
 
-	* exechelp-posix.c (gnupg_wait_process): Do not log a message if
-	EXITCODE is given.
-	(gnupg_spawn_process_detached): Do not reuse PID for the second fork.
-
-2010-04-26  Werner Koch  
-
-	* utf8conv.c (load_libiconv) [W32CE]: No libiconv warning
-
-	* init.c (init_common_subsystems) [W32CE]: Register the sleep
-	function before es_init.
-
-2010-04-20  Werner Koch  
-
-	* estream.c (es_deinit): New.
-	(es_init_do): Install atexit handler to flush all streams.
-
-	* Makefile.am (common_sources): Add gettime.h.
-
-2010-04-20  Marcus Brinkmann  
-
-	* logging.c (do_log_ignore_arg): New helper function.
-	(log_string): Use it to remove ugly volatile hack that causes gcc
-	warning.
-	(log_flush): Likewise.
-	* sysutils.c (gnupg_unsetenv) [!HAVE_W32CE_SYSTEM]: Return something.
-	(gnupg_setenv) [!HAVE_W32CE_SYSTEM]: Likewise.
-	* pka.c (get_pka_info): Solve strict aliasing rule violation.
-	* t-exechelp.c (test_close_all_fds): Use dummy variables to
-	silence gcc warning.
-
-2010-04-15  Werner Koch  
-
-	* util.h: Factor time related functions out to ...
-	* gettime.h: New.
-	(gnupg_copy_time): Move to ...
-	* gettime.c (gnupg_copy_time): New.
-
-	* sysutils.c (gnupg_setenv) [!W32CE]: Add missing return.
-	(gnupg_unsetenv) [!W32CE]: Add missing return.
-
-2010-04-14  Werner Koch  
-
-	* Makefile.am (noinst_LIBRARIES) [W32CE]: Exclude libsimple-pwquery.
-
-	* w32help.h (umask) [W32CE]: New.
-
-	* sysutils.c (_gnupg_isatty): New.
-	* util.h (gnupg_isatty): New.
-
-	* asshelp.c (setup_libassuan_logging): Read ASSUAN_DEBUG envvar.
-	(my_libassuan_log_handler): Use it.
-	* sysutils.c (_gnupg_getenv): Implement ASSUAN_DEBUG.
-
-2010-04-08  Werner Koch  
-
-	* w32help.h (_setmode, setmode) [W32CE]: Provide prototype and
-	macro.
-
-2010-04-07  Werner Koch  
-
-	* mischelp.c (timegm): Replace unsetenv/putenv by gnupg_unsetenv.
-
-	* sysutils.c: Include setenv.h.
-	(gnupg_setenv, gnupg_unsetenv): New.
-
-
-2010-04-06  Werner Koch  
-
-	* sysutils.c (gnupg_mkdir): New.
-
-2010-03-29  Werner Koch  
-
-	* init.c (sleep_on_exit): Change to 400ms.
-
-2010-03-25  Werner Koch  
-
-	* init.c (sleep_on_exit) [W32CE]: New.
-	(init_common_subsystems): Call it.
-
-2010-03-24  Werner Koch  
-
-	* stringhelp.c (change_slashes, compare_filenames): Replace
-	HAVE_DRIVE_LETTERS by HAVE_DOSISH_SYSTEM.
-	(make_basename, make_dirname): Detect backslashes and drive
-	letters separately.
-
-	* dotlock.c (make_dotlock, create_dotlock, release_dotlock): Use
-	LockFileEx and UnlockFileEx to support W32CE.
-
-	* ttyio.c (USE_W32_CONSOLE): Replace all _WIN32 by this.
-	(init_ttyfp) [W32CE]: Use stderr.
-
-	* iobuf.c (FD_FOR_STDIN, FD_FOR_STDOUT) [W32CE]: Use estream.
-	(translate_file_handle) [W32CE]: Remove handle translation.
-
-2010-03-23  Werner Koch  
-
-	* sysutils.c (gnupg_remove): New.
-
-2010-03-22  Werner Koch  
-
-	* exechelp-w32ce.c (build_w32_commandline): Replace by code from
-	libassuan.
-	(create_inheritable_pipe): Use _assuan_w32ce_prepare_pipe.
-	(build_w32_commandline_copy, do_create_pipe): Remove.
-
-	* exechelp-posix.c (gnupg_spawn_process): Change to use estream
-	also for INFILE and STATUSFILE.
-	* exechelp-w32.c (gnupg_spawn_process): Ditto.
-
-2010-03-22  Werner Koch  
-
-	* exechelp.c: Remove after factoring all code out to ...
-	* exechelp-posix.c, exechelp-w32.c, exechelp-w32ce.c:  .. new.
-
-	* exechelp.c (create_inheritable_pipe_r)
-	(create_inheritable_pipe_w): Fold both into ...
-	(create_inheritable_pipe): .. New.  Change callers to use this.
-	(gnupg_create_inbound_pipe, gnupg_create_outbound_pipe): Factor
-	code out to ...
-	(do_create_pipe): .. New.
-
-	* init.c (parse_std_file_handles): Change to use rendezvous ids.
-
-2010-03-15  Werner Koch  
-
-	* init.c (init_common_subsystems): Add args ARGCP and
-	ARGVP.  Change all callers to provide them.
-	(parse_std_file_handles): New.
-
-	* t-sysutils.c (rewind) [W32CE]: Provide a replacement.
-
-	* Makefile.am (module_tests) [W32CE]: Don't build t-exechelp for now.
+	* exechelp.c (gnupg_spawn_process_detached): Do not reuse PID for
+	the second fork.
+	(gnupg_wait_process): Do not log a message if EXITCODE is given.
 
-	* sysutils.c (gnupg_allow_set_foregound_window) [W32CE]: Don't
-	call AllowSetForegroundWindow.
+2010-03-17  Werner Koch  
 
-	* logging.c (isatty) [W32CE]: New.
-	(fun_writer, set_file_fd): Use estream even for the internal error
-	messages.
-	(log_string, log_flush): Make DUMMY_ARG_PTR static.
-
-2010-03-15  Werner Koch  
-
-	* asshelp.c (send_pinentry_environment) [!HAVE_SETLOCALE]: Do not
-	define OLD_LC.
-	* http.c (connect_server) [!USE_DNS_SRV]: Mark SRVTAG unused.
-	* dns-cert.c (get_dns_cert) [!USE_DNS_CERT]: Mark args unused.
-	* pka.c (get_pka_info): Ditto.
-
-	* signal.c (pause_on_sigusr): Remove.  It was used in ancient gpg
-	version with shared memory IPC.  Last caller removed on	2006-04-18.
-	(do_block) [W32]: Mark arg unused.
-
-	* exechelp.c (w32_open_null): Use CreateFileW.
-
-	* init.c (init_common_subsystems): Add args ARGCP and ARGVP.
-	Change all callers to pass them.
-
-	* logging.c (S_IRGRP, S_IROTH, S_IWGRP, S_IWOTH) [W32]: New.
-	(fun_writer, set_file_fd) [W32]: Disable socket code.
-
-	* localename.c: Include gpg-error.h.
-
-	* util.h (GPG_ERR_NOT_ENABLED): Remove this temporary definition.
+	* asshelp.c (start_new_gpg_agent) [W32]: Use a named mutex to
+	avoid starting two agents.
 
 2010-03-12  Werner Koch  
 
 	* status.h (STATUS_ENTER): New.
 
-	* ttyio.c (tty_fprintf): Change to use estream.
-
-	* miscellaneous.c (print_utf8_string): Rename to print_utf8_buffer
-	and change FP arg to an estream.  Change all callers.
-	(print_utf8_string2): Ditto; new name is to print_utf8_buffer2.
-
-2010-03-11  Werner Koch  
-
-	* miscellaneous.c (print_string): Remove.
-
-	* estream.c (es_setvbuf): Fix parameter check.
-	(es_set_buffering): Allow a SIZE of 0.
-	* asshelp.c (setup_libassuan_logging, my_libassuan_log_handler): New.
-	* logging.c (do_logv): Add arg IGNORE_ARG_PTR.  Change all callers.
-	(log_string): New.
-	(log_flush): New.
-	(set_file_fd): Simplify by using estreams es_stderr.
-
-	* estream.h (es_stdout, es_stderr, es_stdin): New.
-
-2010-03-10  Werner Koch  
-
-	* estream.c (es_func_fp_read, es_func_fp_write, es_func_fp_seek)
-	(es_func_fp_destroy): Allow a NULL FP to implement a dummy stream.
-	(do_fpopen): Ditto.
-	(es_vfprintf_unlocked): New.
-	(es_fprintf_unlocked): Make public.
-	(es_fputs_unlocked): New.
-
-	* logging.h: Replace FILE* by estream_t.
-	* logging.c: Remove USE_FUNWRITER cpp conditional because we now
-	use estream.
-	(my_funopen_hook_ret_t, my_funopen_hook_size_t): Replace by
-	ssize_t.
-	(log_get_stream): Change to return an estream_t.
-	(set_file_fd): Always close the log stream because it can't be
-	assigned to stderr or stdout directly.  Use a dummy estream as
-	last resort log stream.
-	(log_test_fd, log_get_fd): Use es_fileno.
-	(log_get_stream): Assert that we have a log stream.
-	(do_logv): Use estream functions and lock the output.
-
-2010-03-10  Werner Koch  
-
-	* util.h: Replace jnlib path part by common.
-	(snprintf): Use the replacement macro on all platforms.
-
-	* Makefile.am (jnlib_sources): New.
-	(libcommon_a_SOURCES, libcommonpth_a_SOURCES): Add jnlib_sources.
-	(jnlib_tests): New.
-	(noinst_PROGRAMS, TESTS): Add jnlib_tests.
-	(t_common_ldadd): Remove libjnlib.a.
-
-	* README.jnlib, ChangeLog.jnlib, libjnlib-config.h, argparse.c
-	* argparse.h, dotlock.c, dotlock.h, dynload.h, logging.c
-	* logging.h, mischelp.c, mischelp.h, stringhelp.c, stringhelp.h
-	* strlist.c, strlist.h, types.h, utf8conv.c, utf8conv.h
-	* w32-afunix.c, w32-afunix.h, w32-reg.c, w32help.h, xmalloc.c
-	* xmalloc.h, t-stringhelp.c, t-support.c, t-support.h
-	* t-timestuff.c, t-w32-reg.c: Move from jnlib to here.
+2010-02-11  Marcus Brinkmann  
 
-	* init.c: Remove "estream.h".
-	* util.h: Include "estream.h".
+	From trunk 2009-10-16, 2009-11-02, 2009-11-05:
 
-	* xasprintf.c, ttyio.c: Remove "estream-printf.h".
-
-2010-03-08  Werner Koch  
-
-	* exechelp.c [!HAVE_SIGNAL_H]: Do not include signal.h.
-	(DETACHED_PROCESS, CREATE_NEW_PROCESS_GROUP) [W32CE]: Provide stubs.
-
-	* iobuf.h (iobuf_ioctl_t): New.  Use the new macros instead of the
-	hard wired values.
-	* iobuf.c (iobuf_append): Remove.
-	(iobuf_fdopen): Factor code out to ...
-	(do_iobuf_fdopen): ... new.
-	(iobuf_fdopen_nc): New.
-	(iobuf_open_fd_or_name): Implement using iobuf_fdopen_nc.
-
-	* iobuf.c (INVALID_FD): Replace by GNUPG_INVALID_FD.
-	(fp_or_fd_t): Replace by gnupg_fd_t.
-	(my_fileno): Replace by the FD2INT macro.
-	(FILEP_OR_FD_FOR_STDIN, FILEP_OR_FD_FOR_STDOUT): Rename to
-	FD_FOR_STDIN, FD_FOR_STDOUT.
-	(file_filter): Make full use of FD_FOR_STDIN.
-	(USE_SETMODE): Remove.  Not needed without stdio.
-	(my_fopen_ro, my_fopen): Replace unneeded macros.
-
-	* iobuf.c [FILE_FILTER_USES_STDIO]: Remove all code.  It has not
-	been used for a long time.
-
-	* exechelp.h: Include "estream.h".
-
-	* exechelp.c (gnupg_spawn_process): Change OUTFILE to an estream_t.
-
-2010-03-02  Werner Koch  
-
-	* estream.c, estream.h, estream-printf.c, estream-printf.h: Update
-	from libestream.
-
-2010-03-01  Werner Koch  
-
-	* signal.c [!HAVE_SIGNAL_H]: Don't include signal.h.
-
-	* iobuf.c (direct_open) [W32CE]: Make filename to wchar_t.
-	(iobuf_cancel) [W32CE]: Use DeleteFile.
-
-	* gettime.c (dump_isotime): Use "%s" to print "none".
-
-	* homedir.c (standard_homedir) [W32CE]: Use wchar_t to create the
-	directory.
-	(w32_rootdir) [W32CE]: Likewise.
-
-	* sysutils.c (translate_sys2libc_fd) [W32CE]: Add support.
-	(gnupg_tmpfile) [W32CE]: Ditto.
-	(_gnupg_getenv) [W32CE]: New.
+	* Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead
+	of LIBASSUAN_PTH_CFLAGS.
+	* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
+	type to gpg_error_t.
+	* asshelp.c (start_new_gpg_agent): Update use of
+	assuan_socket_connect and assuan_pipe_connect.  Convert posix FD
+	to assuan FD.
+	[HAVE_W32_SYSTEM]: Add missing argument in assuan_socket_connect
+	invocation.
+	* iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function
+	declaration.
 
-	* util.h (getpid, getenv) [W32CE]: New.
+2009-10-13  Werner Koch  
 
-	* i18n.c (i18n_switchto_utf8)
-	(i18n_switchback) [USE_SIMPLE_GETTEXT]: Use new function from
-	libgpg-error which supports proper restoring.
+	From trunk 2009-09-23:
 
-	* sysutils.c (get_session_marker): Simplified by using gcrypt.
+	* asshelp.c (start_new_gpg_agent): Allocate assuan context before
+	starting server.
 
-2009-12-08  Marcus Brinkmann  
+2009-12-21  Marcus Brinkmann    (wk)
 
 	* Makefile.am (audit-events.h, status.h) [!MAINTAINER_MODE]: No
 	longer include these rules if not in maintainer mode.
 
 2009-12-08  Werner Koch  
 
-	* userids.h, userids.c: New.
-	(classify_user_id): Merged from similar fucntions in sm/ and g10/.
-
-	* dns-cert.c (get_dns_cert): Add support for ADNS.
-
-2009-12-08  Marcus Brinkmann  
-
-	* asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD.
-
-	* asshelp.c (start_new_gpg_agent) [HAVE_W32_SYSTEM]: Add missing
-	argument in assuan_socket_connect invocation.
-	* iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function
-	declaration.
+	* dns-cert.c: Add support for ADNS.
 
 2009-12-07  Werner Koch  
 
@@ -937,54 +124,15 @@
 	* Makefile.am (audit-events.h, status-codes.h): Create files in
 	the source dir.  Fixes bug#1164.
 
-2009-12-02  Werner Koch  
+2009-12-03  Werner Koch  
 
+	From trunk:
 	* audit.c (proc_type_decrypt, proc_type_sign): Implemented.
 	(proc_type_verify): Print hash algo infos.
 	* audit.h (AUDIT_DATA_CIPHER_ALGO, AUDIT_BAD_DATA_CIPHER_ALSO)
 	(AUDIT_NEW_RECP, AUDIT_DECRYPTION_RESULT, AUDIT_RECP_RESULT)
 	(AUDIT_ATTR_HASH_ALGO, AUDIT_SIGNED_BY, AUDIT_SIGNING_DONE):
 
-2009-11-05  Marcus Brinkmann  
-
-	* asshelp.c (start_new_gpg_agent): Update use of
-	assuan_socket_connect and assuan_pipe_connect.
-
-2009-11-02  Marcus Brinkmann  
-
-	* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
-	type to gpg_error_t.
-
-2009-10-28  Werner Koch  
-
-	* status.h (STATUS_MOUNTPOINT): New.
-
-2009-10-16  Marcus Brinkmann  
-
-	* Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead
-	of LIBASSUAN_PTH_CFLAGS.
-
-2009-10-13  Werner Koch  
-
-	* exechelp.c (gnupg_kill_process): New.
-
-2009-09-29  Werner Koch  
-
-	* exechelp.c (create_inheritable_pipe): Rename to
-	create_inheritable_pipe_w.
-	(create_inheritable_pipe_r): New.
-	(gnupg_create_outbound_pipe): New.
-
-	* iobuf.h: Include "sysutils.h"
-
-	* iobuf.c (iobuf_open_fd_or_name): New.
-	(iobuf_get_fname_nonnull): New.
-
-2009-09-23  Marcus Brinkmann  
-
-	* asshelp.c (start_new_gpg_agent): Allocate assuan context before
-	starting server.
-
 2009-09-03  Werner Koch  
 
 	Update from libestream:
@@ -1108,7 +256,7 @@
 
 	* iobuf.c: Port David's changes from 1.4:
 	(fd_cache_invalidate): Pass return code from close back.
-	(direct_open, iobuf_ioctl): Check that return value.
+	(direct_open, iobuf_ioctl): Check that eturn value.
 	(fd_cache_synchronize): New.
 	(iobuf_ioctl): Add new sub command 4 (fsync).
 
@@ -2478,8 +1626,8 @@
 	(atoi_1,atoi_2,atoi_4,xtoi_1,xtoi_2): New.
 
 
- Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
-	   2009, 2010, 2011 Free Software Foundation, Inc.
+ Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+	   2008, 2009 Free Software Foundation, Inc.
 
  This file is free software; as a special exception the author gives
  unlimited permission to copy and/or distribute it, with or without
@@ -2488,7 +1636,3 @@
  This file is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-Local Variables:
-buffer-read-only: t
-End:
diff -Nru gnupg2-2.1.6/common/ChangeLog-2011.include gnupg2-2.0.28/common/ChangeLog-2011.include
--- gnupg2-2.1.6/common/ChangeLog-2011.include	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/ChangeLog-2011.include	1970-01-01 00:00:00.000000000 +0000
@@ -1,458 +0,0 @@
-# This is the ChangeLog-2011 from the former ../include directory.  It
-# was moved to here after the removal of the directory on 2014-01-29.
-
-2011-12-01  Werner Koch  
-
-	NB: ChangeLog files are no longer manually maintained.  Starting
-	on December 1st, 2011 we put change information only in the GIT
-	commit log, and generate a top-level ChangeLog file from logs at
-	"make dist".  See doc/HACKING for details.
-
-2011-02-01  Werner Koch  
-
-	* cipher.h (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY): Bump up to
-	accommodate gcrypt ECC keys.
-
-2011-01-21  Werner Koch  
-
-	* cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros
-	because we now require libgcrypt 1.4.6.
-	(GCRY_PK_ECDH): Add replacement.
-
-2009-08-20  Daiki Ueno    (wk)
-
-	* cipher.h (struct DEK): Add field S2K_CACHEID.
-
-2008-04-18  Werner Koch  
-
-	* cipher.h (CIPHER_ALGO_CAMELLIA256): Change ID to 13.
-	(CIPHER_ALGO_CAMELLIA192): New.
-
-2007-12-12  Werner Koch  
-
-	* cipher.h (CIPHER_ALGO_CAMELLIA128, CIPHER_ALGO_CAMELLIA256): New.
-
-2006-09-20  Werner Koch  
-
-	* errors.h, http.h, memory.h, mpi.h, util.h, i18n.h: Removed.
-	* Makefile.am: New.
-	* distfiles: Removed.
-
-2006-08-16  Werner Koch  
-
-	* keyserver.h:  Moved to ../common.
-	* http.h: Retired.
-
-2006-04-28  Werner Koch  
-
-	* cipher.h (DIGEST_ALGO_SHA224): Define it.
-
-2006-04-18  Werner Koch  
-
-	* keyserver.h, i18n.h, http.h, cipher.h: Updated to gpg 1.4.3.
-
-2003-09-04  David Shaw  
-
-	* cipher.h: Drop TIGER/192 support.
-
-	* types.h: Prefer using uint64_t when creating a 64-bit unsigned
-	type. This avoids a warning on compilers that support but complain
-	about unsigned long long.
-
-	* util.h: Make sure that only ascii is passed to isfoo
-	functions. (From Werner on stable branch).
-
-2003-09-04  Werner Koch  
-
-	* cipher.h (PUBKEY_USAGE_AUTH): Added.
-
-2003-07-03  Werner Koch  
-
-	* cipher.h (DBG_CIPHER,g10c_debug_mode): Removed.
-
-2003-06-11  Werner Koch  
-
-	* cipher.h: Include gcrypt.h and mapped cipher algo names to
-	gcrypt ones.  Removed twofish_old and skipjack.  Removed all
-	handle definitions and other raerely used stuff.  This file will
-	eventually be entirely removed.
-
-2003-06-10  Werner Koch  
-
-	* types.h (struct strlist): Removed.
-
-2003-05-24  David Shaw  
-
-	* cipher.h, i18n.h, iobuf.h, memory.h, mpi.h, types.h, util.h:
-	Edit all preprocessor instructions to remove whitespace before the
-	'#'.  This is not required by C89, but there are some compilers
-	out there that don't like it.
-
-2003-05-14  David Shaw  
-
-	* types.h: Add initializer macros for 64-bit unsigned type.
-
-2003-05-02  David Shaw  
-
-	* cipher.h: Add constants for compression algorithms.
-
-2003-03-11  David Shaw  
-
-	* http.h: Add HTTP_FLAG_TRY_SRV.
-
-2003-02-11  David Shaw  
-
-	* types.h: Try and use uint64_t for a 64-bit type.
-
-2003-02-04  David Shaw  
-
-	* cipher.h: Add constants for new SHAs.
-
-2002-11-13  David Shaw  
-
-	* util.h [__CYGWIN32__]: Don't need the registry prototypes.  From
-	Werner on stable branch.
-
-2002-11-06  David Shaw  
-
-	* util.h: Add wipememory2() macro (same as wipememory, but can
-	specify the byte to wipe with).
-
-2002-10-31  Stefan Bellon  
-
-	* util.h [__riscos__]: Prefixed all RISC OS prototypes with
-	riscos_*
-
-	* zlib-riscos.h: New. This is macro magic in order to make the
-	zlib library calls indeed call the RISC OS ZLib module.
-
-2002-10-31  David Shaw  
-
-	* util.h: Add wipememory() macro.
-
-2002-10-29  Stefan Bellon  
-
-	* util.h: Added parameter argument to make_basename() needed for
-	filetype support.
-	[__riscos__]: Added prototype.
-
-2002-10-28  Stefan Bellon  
-
-	* util.h [__riscos__]: Added prototypes for new filetype support.
-
-2002-10-19  David Shaw  
-
-	* distfiles, _regex.h: Add _regex.h from glibc 2.3.1.
-
-2002-10-14  David Shaw  
-
-	* keyserver.h: Go to KEYSERVER_PROTO_VERSION 1.
-
-2002-10-08  David Shaw  
-
-	* keyserver.h: Add new error code KEYSERVER_UNREACHABLE.
-
-2002-10-03  David Shaw  
-
-	* util.h: Add new log_warning logger command which can be switched
-	between log_info and log_error via log_set_strict.
-
-2002-09-24  David Shaw  
-
-	* keyserver.h: Add some new error codes for better GPA support.
-
-2002-09-10  Werner Koch  
-
-	* mpi.h (mpi_is_protected, mpi_set_protect_flag)
-	(mpi_clear_protect_flag): Removed.
-	(mpi_get_nbit_info, mpi_set_nbit_info): Removed.
-
-2002-08-13  David Shaw  
-
-	* cipher.h: Add AES aliases for RIJNDAEL algo numbers.
-
-2002-08-07  David Shaw  
-
-	* cipher.h: Add md_algo_present().
-
-2002-08-06  Stefan Bellon  
-
-	* util.h [__riscos__]: Added riscos_getchar().
-
-2002-06-21  Stefan Bellon  
-
-	* util.h [__riscos__]: Further moving away of RISC OS specific
-	stuff from general code.
-
-2002-06-20  Stefan Bellon  
-
-	* util.h [__riscos__]: Added riscos_set_filetype().
-
-2002-06-14  David Shaw  
-
-	* util.h: Add pop_strlist() from strgutil.c.
-
-2002-06-07  Stefan Bellon  
-
-	* util.h [__riscos__]: RISC OS needs strings.h for strcasecmp()
-	and strncasecmp().
-
-2002-05-22  Werner Koch  
-
-	* util.h: Add strncasecmp.  Removed stricmp and memicmp.
-
-2002-05-10  Stefan Bellon  
-
-	* mpi.h: New function mpi_debug_alloc_like for M_DEBUG.
-
-	* util.h [__riscos__]: Make use of __func__ that later
-	Norcroft compiler provides.
-
-	* memory.h: Fixed wrong definition of m_alloc_secure_clear.
-
-2002-04-23  David Shaw  
-
-	* util.h: New function answer_is_yes_no_default() to give a
-	default answer.
-
-2002-04-22  Stefan Bellon  
-
-	* util.h [__riscos__]: Removed riscos_open, riscos_fopen and
-	riscos_fstat as those special versions aren't needed anymore.
-
-2002-02-19  David Shaw  
-
-	* keyserver.h: Add KEYSERVER_NOT_SUPPORTED for unsupported actions
-	(say, a keyserver that has no way to search, or a readonly
-	keyserver that has no way to add).
-
-2002-01-02  Stefan Bellon  
-
-	* util.h [__riscos__]: Updated prototype list.
-
-	* types.h [__riscos__]: Changed comment wording.
-
-2001-12-27  David Shaw  
-
-	* KEYSERVER_SCHEME_NOT_FOUND should be 127 to match the POSIX
-	system() (via /bin/sh) way of signaling this.
-
-	* Added G10ERR_KEYSERVER
-
-2001-12-27  Werner Koch  
-
-	* util.h [MINGW32]: Fixed name of include file.
-
-2001-12-22  Timo Schulz 
-
-        * util.h (is_file_compressed): New.
-
-2001-12-19  Werner Koch  
-
-	* util.h [CYGWIN32]: Allow this as an alias for MINGW32. Include
-	stdarg.h becuase we use the va_list type.  By Disastry.
-
-2001-09-28  Werner Koch  
-
-	* cipher.h (PUBKEY_USAGE_CERT): New.
-
-2001-09-07  Werner Koch  
-
-	* util.h: Add strsep().
-
-2001-08-30  Werner Koch  
-
-	* cipher.h (DEK): Added use_mdc.
-
-2001-08-24  Werner Koch  
-
-	* cipher.h (md_write): Made buf arg const.
-
-2001-08-20  Werner Koch  
-
-	* cipher.h (DEK): Added algo_info_printed;
-
-	* util.h [__riscos__]: Added prototypes and made sure that we
-	never use __attribute__.
-	* cipher.h, iobuf.h, memory.h, mpi.h [__riscos__]: extern hack.
-	* i18n.h [__riscos__]: Use another include file
-
-2001-05-30  Werner Koch  
-
-	* ttyio.h (tty_printf): Add missing parenthesis for non gcc.
-	* http.h: Removed trailing comma to make old ccs happy.  Both are
-	by Albert Chin.
-
-2001-05-25  Werner Koch  
-
-	* ttyio.h (tty_printf): Add printf attribute.
-
-2001-04-23  Werner Koch  
-
-	* http.h: New flag HTTP_FLAG_NO_SHUTDOWN.
-
-2001-04-13  Werner Koch  
-
-	* iobuf.h: Removed iobuf_fopen.
-
-2001-03-01  Werner Koch  
-
-	* errors.h (G10ERR_UNU_SECKEY,G10ERR_UNU_PUBKEY): New
-
-2000-11-30  Werner Koch  
-
-	* iobuf.h (iobuf_translate_file_handle): Add prototype.
-
-2000-11-11  Paul Eggert  
-
-        * iobuf.h (iobuf_get_filelength): Now returns off_t, not u32.
-        (struct iobuf_struct, iobuf_set_limit,
-        iobuf_tell, iobuf_seek): Use off_t, not ulong, for file offsets.
-
-2000-10-12  Werner Koch  
-
-	* mpi.h: Changed the way mpi_limb_t is defined.
-
-Wed Sep  6 17:55:47 CEST 2000  Werner Koch  
-
-        * iobuf.c (IOBUF_FILELENGTH_LIMIT): New.
-
-2000-03-14 14:03:43  Werner Koch  (wk@habibti.openit.de)
-
-	* types.h (HAVE_U64_TYPEDEF): Defined depending on configure test.
-
-Thu Jan 13 19:31:58 CET 2000  Werner Koch  
-
-	* types.h (HAVE_U64_TYPEDEF): Add a test for _LONGLONG which fixes
-	this long living SGI bug.  Reported by Alec Habig.
-
-Sat Dec  4 12:30:28 CET 1999  Werner Koch  
-
-	* iobuf.h (IOBUFCTRL_CANCEL): Nww.
-
-Mon Oct  4 21:23:04 CEST 1999  Werner Koch  
-
-	* errors.h (G10ERR_NOT_PROCESSED): New.
-
-Wed Sep 15 16:22:17 CEST 1999  Werner Koch  
-
-
-	* i18n.h: Add support for simple-gettext.
-
-Tue Jun 29 21:44:25 CEST 1999  Werner Koch  
-
-
-	* util.h (stricmp): Use strcasecmp as replacement.
-
-Sat Jun 26 12:15:59 CEST 1999  Werner Koch  
-
-
-	* cipher.h (MD_HANDLE): Assigned a structure name.
-
-Fri Apr  9 12:26:25 CEST 1999  Werner Koch  
-
-	* cipher.h (BLOWFISH160): Removed.
-
-Tue Apr  6 19:58:12 CEST 1999  Werner Koch  
-
-	* cipher.h (DEK): increased max. key length to 32 bytes
-
-
-Sat Feb 20 21:40:49 CET 1999  Werner Koch  
-
-	* g10lib.h: Removed file and changed all files that includes this.
-
-Tue Feb 16 14:10:02 CET 1999  Werner Koch  
-
-	* types.h (STRLIST): Add field flags.
-
-Wed Feb 10 17:15:39 CET 1999  Werner Koch  
-
-	* cipher.h (CIPHER_ALGO_TWOFISH): Chnaged ID to 10 and renamed
-	the old experimenatl algorithm to xx_OLD.
-
-Thu Jan  7 18:00:58 CET 1999  Werner Koch  
-
-	* cipher.h (MD_BUFFER_SIZE): Removed.
-
-Mon Dec 14 21:18:49 CET 1998  Werner Koch  
-
-	* types.h: fix for SUNPRO_C
-
-Tue Dec  8 13:15:16 CET 1998  Werner Koch  
-
-	* mpi.h (MPI): Changed the structure name to gcry_mpi and
-	changed all users.
-
-Tue Oct 20 11:40:00 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* iobuf.h (iobuf_get_temp_buffer): New.
-
-Tue Oct 13 12:40:48 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* iobuf.h (iobuf_get): Now uses .nofast
-	(iobuf_get2): Removed.
-
-Mon Sep 14 09:17:22 1998  Werner Koch  (wk@(none))
-
-	* util.h (HAVE_ATEXIT): New.
-	(HAVE_RAISE): New.
-
-Mon Jul  6 10:41:55 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* cipher.h (PUBKEY_USAGE_): New.
-
-Mon Jul  6 09:49:51 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* iobuf.h (iobuf_set_error): New.
-	(iobuf_error): New.
-
-Sat Jun 13 17:31:32 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* g10lib.h: New as interface for the g10lib.
-
-Mon Jun  8 22:14:48 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* cipher.h (CIPHER_ALGO_CAST5): Changed name from .. CAST
-
-Thu May 21 13:25:51 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* cipher.h: removed ROT 5 and changed one id and add dummy
-
-Tue May 19 18:09:05 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* cipher.h (DIGEST_ALGO_TIGER): Chnaged id from 101 to 6.
-
-Mon May  4 16:37:17 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* cipher.h (PUBKEY_ALGO_ELGAMAL_E): New, with value of the
-	old one.
-	* (is_ELGAMAL, is_RSA): New macros
-
-Sun Apr 26 14:35:24 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* types.h: New type u64
-
-Mon Mar  9 12:59:55 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* cipher.h: Included dsa.h.
-
-Tue Mar  3 15:11:21 1998  Werner Koch  (wk@isil.d.shuttle.de)
-
-	* cipher.h (random.h): Add new header and move all relevalt
-	functions to this header.
-
-
- Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
-
- This file is free software; as a special exception the author gives
- unlimited permission to copy and/or distribute it, with or without
- modifications, as long as this notice is preserved.
-
- This file is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
- implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-Local Variables:
-buffer-read-only: t
-End:
diff -Nru gnupg2-2.1.6/common/ChangeLog.jnlib gnupg2-2.0.28/common/ChangeLog.jnlib
--- gnupg2-2.1.6/common/ChangeLog.jnlib	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/ChangeLog.jnlib	1970-01-01 00:00:00.000000000 +0000
@@ -1,783 +0,0 @@
-2011-12-01  Werner Koch  
-
-	NB: ChangeLog files are no longer manually maintained.  Starting
-	on December 1st, 2011 we put change information only in the GIT
-	commit log, and generate a top-level ChangeLog file from logs at
-	"make dist".  See doc/HACKING for details.
-
-	[Update 2015-04-24: README.jnlib has been removed and all
-	 references to JNLIB, except for this file, have been removed.]
-
-2010-03-10  Werner Koch  
-
-	See gnupg/common/ChangeLog for newer changes.
-
-	JNLIB has been merged into GnuPG's common directory.  README.jnlib
-	list the files making up JNLIB.
-
-	* README: Rename to README.jnlib
-	* ChangeLog: Rename to ChangeLog.jnlib.
-	* Makefile.am: Remove.
-
-2010-03-01  Werner Koch  
-
-	* t-w32-reg.c: New.
-
-	* w32-reg.c (read_w32_registry_string)
-	(write_w32_registry_string): Support W32CE.
-
-2010-02-26  Werner Koch  
-
-	* t-timestuff.c: New.
-
-	* dynload.h (dlopen, dlsym) [W32CE]: Map to wchar_t.
-
-	* mischelp.c (_jnlib_free): New.
-	(same_file_p) [W32CE]: Map to wchar_t.
-
-	* utf8conv.c (set_native_charset) [W32CE]: Do not use
-	GetConsoleOutputCP.
-	(wchar_to_utf8, utf8_to_wchar) [W32]: New.
-
-	* Makefile.am (t_jnlib_ldadd) [W32CE]: Add gpg-error.
-
-	* t-support.h (getenv) [HAVE_GETENV]: Add getenv stub.
-	[W32CE]: Include gpg-error.h
-	* t-support.c (gpg_err_code_from_errno)
-	(gpg_err_code_from_syserror) [GPG_ERROR_H]: Do not build.
-
-	* t-stringhelp.c (gethome) [!HAVE_GETPWUID]: Keep result of getenv.
-
-	* dotlock.c [!HAVE_SIGNAL_H]: Don't include signal.h.
-	(create_dotlock) [W32CE]: Map filename top wchar_t.
-
-	* libjnlib-config.h [USE_SIMPLE_GETTEXT]: Include gpg-error.h and
-	remove w32help.h.
-	(jnlib_set_errno): New.  Use it everywhere to set ERRNO.
-	(getenv) [!HAVE_GETENV]: New.
-	(getpid) [W32E]: New.
-
-	* stringhelp.c (get_pwdir) [!HAVE_PWD_H]: Mark unused args.
-	(w32_strerror) [W32CE]: Use a simple implementation.
-
-	* w32help.h [USE_SIMPLE_GETTEXT]: Remove all definitions; we are
-	now using the gpg-error included implementation.
-	* w32-gettext.c: Remove.
-
-	* mischelp.c (same_file_p): Fix bug in case the second file can't
-	be opened.
-
-2009-10-19  Werner Koch  
-
-	* strlist.c (add_to_strlist_try): New.
-
-2009-09-22  Werner Koch  
-
-	* dotlock.h (DOTLOCK): Rename to dotlock_t.  Change all users.
-
-2009-08-26  Werner Koch  
-
-	* stringhelp.c (do_make_filename): Factor some code out to ..
-	(get_pwdir): .. new.
-
-2009-08-26  Werner Koch  
-
-	* stringhelp.c [HAVE_PWD_H]: Include pwd.h.
-	(do_make_filename): New.
-	(make_filename, make_filename_try): Implement using the new
-	function.
-	* t-stringhelp.c (test_make_filename_try): New.
-	* t-support.c (gcry_strdup): Fix.
-
-	* stringhelp.h (make_filename, make_filename_try): Add sentinel
-	attribute.
-
-2009-08-25  Werner Koch  
-
-	* stringhelp.c: Include errno.h.
-	(do_strconcat): New.
-	(strconcat, xstrconcat): New.
-	* types.h (GNUPG_GCC_A_SENTINEL): New.
-	* t-stringhelp.c (test_strconcat, test_xstrconcat): New.
-	(main): Run them.
-
-2009-07-07  Werner Koch  
-
-	* stringhelp.c (make_filename_try): Use jnlib_malloc.
-
-	* dotlock.c (read_lockfile): Replace jnlib_xmalloc by jnlib_malloc.
-
-2009-06-04  Werner Koch  
-
-	* mischelp.h: Include SUN_LEN etc also for W32.
-
-2009-05-19  Werner Koch  
-
-	* mischelp.h: Define PF_LOCAL, AF_LOCAL and SUN_LEN if requested.
-	* logging.c (fun_writer): Use SUN_LEN to fix a Mac OS X freeze.
-
-2009-03-25  Werner Koch  
-
-	* logging.c (fun_closer): Never close fd 2.
-	(set_file_fd): Close logstream early.
-
-2009-02-25  Werner Koch  
-
-	* logging.c (get_tid_callback): New.
-	(do_logv): Use it.
-	(log_set_get_tid_callback): New.
-
-2009-01-22  Werner Koch  
-
-	* t-support.c (gpg_err_code_from_errno)
-	(gpg_err_code_from_syserror): New.
-
-2008-11-20  Werner Koch  
-
-	* argparse.c (arg_parse): Fix last change.
-
-2008-11-11  Werner Koch  
-
-	* argparse.h: Add a bunch of macros and constants.
-	* argparse.c: Use the new macros.  Re-indent the code.  Change
-	license back to LGPL 2.1.
-
-2008-11-04  Werner Koch  
-
-	* w32-gettext.c: Merged with code from libgpg-error and rewrote
-	most parts.
-
-	* Makefile.am (AM_CFLAGS): Add -DJNLIB_IN_JNLIB.
-
-2008-10-29  Werner Koch  
-
-	* stringhelp.c (make_filename): Implement using macros. Factor some
-	code out to ..
-	(change_slashes): New.
-	(make_filename_try): New.
-
-	* w32-gettext.c (gettext): Return if no domain is loaded.
-	Reported by Tom Pegios.
-
-2008-10-28  Werner Koch  
-
-	* w32-gettext.c (gettext): Try the binary search if the string was
-	not found in the hash table.
-
-2008-10-20  Werner Koch  
-
-	* w32-afunix.c (_w32_sock_connect): Mark ADDRLEN as unused.
-
-	* dotlock.c (release_dotlock): Do not mix declaration and code.
-
-	* stringhelp.c (make_basename): Silent gcc warning about unused arg.
-	* argparse.c (store_alias): Ditto.
-	(find_long_option):
-
-2008-10-15  Werner Koch  
-
-	* logging.c (do_logv) [W32]: Flush the log stream.
-
-2008-09-29  Werner Koch  
-
-	* argparse.c (ARGERR_): Use constants for error values.
-	(optfile_parse): Prettify.  Replace xmalloc and xrealloc by malloc
-	and realloc.
-	* libjnlib-config.h (jnlib_strdup, jnlib_realloc): New.
-
-2008-06-26  Werner Koch  
-
-	* stringhelp.c (print_sanitized_buffer2): Loose check for control
-	characters to better cope with utf-8.  The range 0x80..0x9f is
-	nowadays not anymore accidently used for control charaters.
-
-2008-06-13  Werner Koch  
-
-	* dotlock.c: Reformat code and implement locking for W32.
-	(create_dotlock): Use snprintf.
-
-2008-06-11  Werner Koch  
-
-	* utf8conv.c: Remove useless variable ACTIVE_CHARSET.  Suggested
-	by Petr Uzel.
-
-2008-05-26  Werner Koch  
-
-	* argparse.c (usage): Make sure to print a trailing LF for usage(1).
-
-2008-04-08  Werner Koch  
-
-	* w32-gettext.c (gettext_select_utf8): New.
-	(get_string): Support switching encodings.
-	(load_domain): Allocate space for DATA_NATIVE.
-
-2008-03-25  Werner Koch  
-
-	* w32-gettext.c (_nl_locale_name): New.  Taken from
-	../common/localename and GNU gettext's localename.c.
-	(set_gettext_file): Rewritten.
-	(gettext_localename): New.
-
-2008-03-17  Werner Koch  
-
-	* logging.c (my_funopen_hook_size_t): New.
-	(fun_writer): Use it to cope with fopencookie/funopen differences.
-	* dotlock.c (read_lockfile): Initialize PID.  Reported by Stéphane
-	Corthésy.
-
-2008-02-22  Werner Koch  
-
-	* argparse.c (strusage): Set copyright year to 2008.
-
-2007-11-19  Werner Koch  
-
-	* stringhelp.c (percent_escape): Factor code out to
-	(do_percent_escape): .. new.
-	(try_percent_escape): New.
-
-2007-10-01  Werner Koch  
-
-	* w32-afunix.c: Only keep the client related code.
-	(read_port_and_nonce): New.  Taken from Assuan.
-	(_w32_sock_connect): Rewritten.
-
-2007-08-29  Werner Koch  
-
-	* argparse.c (initialize): Make strings translatable and remove
-	extra LF.
-
-2007-08-24  Werner Koch  
-
-	* mischelp.c (same_file_p): New.
-	(libjnlib_dummy_mischelp_func): Remove as we now always have one
-	function.
-
-2007-08-09  Werner Koch  
-
-	* argparse.c (show_help): Expand the @EMAIL@ macro in the package
-	bug reporting address.
-
-2007-08-02  Werner Koch  
-
-	* t-stringhelp.c (test_compare_filenames): New.
-
-	* stringhelp.c (compare_filenames) [HAVE_DRIVE_LETTERS]: Fixed
-	comparison to take slash and backslash in account.
-	(make_filename): Avoid mixing / and \.
-
-2007-07-04  Werner Koch  
-
-	* utf8conv.c (load_libiconv): Remove URL from translatble string.
-
-	Switched JNLIB from LGPLv2.1 to LGPLv3.
-
-2007-07-01  Werner Koch  
-
-	* argparse.c (strusage): Use id 10 for the license string;
-	default to GPL3+.  Change long note to version 3 or later.
-	(show_version): Print the license info.
-
-2007-06-19  Werner Koch  
-
-	* Makefile.am: Add support for regression tests.
-	* t-support.h, t-support.c: New.
-	* t-stringhelp.c: New.
-
-	* stringhelp.c (percent_escape): Add arg EXTRA to make it a more
-	general function.  Changed all callers.
-
-2007-06-18  Werner Koch  
-
-	* w32-afunix.c (_w32_sock_bind): Changed to properly detect an
-	already used socket.
-
-2007-06-18  Marcus Brinkmann  
-
-	* stringhelp.h (percent_escape): New prototype.
-	* stringhelp.c (percent_escape): New function.
-
-2007-06-11  Werner Koch  
-
-	* utf8conv.c (jnlib_iconv_open, jnlib_iconv, jnlib_iconv_close): New.
-
-2007-06-06  Werner Koch  
-
-	* w32help.h: New.
-	* w32-gettext.c: New.  Taken from gnupg 1.4, added ngettext,
-	changed to use jnlib malloc functions and put under the LGPL.
-	* w32-reg.c: New.  Taken from../common/w32reg.c and changed to
-	LGPL.  Changed API to use the jnlib malloc functions.
-	* Makefile.am (libjnlib_a_SOURCES) [!W32]: Do not build the w32
-	specific modules.
-
-	* dotlock.c: Include stringhelp.h for stpcpy prototype.
-
-2007-06-04  Werner Koch  
-
-	* dynload.h: New.  Taken from ../common and changed to LGPL.
-
-	* utf8conv.c (load_libiconv): New.  Taken from GnuPG 1.4
-
-2007-05-30  Werner Koch  
-
-	* w32-pth.h, w32-pth.c: Remove.
-
-2007-04-25  Werner Koch  
-
-	* argparse.c (long_opt_strlen): Fixed for utf-8.
-
-2007-03-07  Werner Koch  
-
-	* argparse.c (strusage): Set copyright year to 2007.
-
-2007-01-25  Werner Koch  
-
-	* stringhelp.c (utf8_charcount): New.
-
-2006-11-29  Werner Koch  
-
-	* utf8conv.c (set_native_charset) [HAVE_W32_SYSTEM]: Fixed typo in
-	macro name.
-
-2006-11-15  Werner Koch  
-
-	* logging.c (my_funopen_hook_ret_t): New.
-	(fun_writer): Use it.
-
-2006-10-19  Werner Koch  
-
-	* stringhelp.c (memrchr) [!HAVE_MEMRCHR]: Provide a replacement.
-
-2006-09-27  Werner Koch  
-
-	* mischelp.c: New.
-	(timegm): Copied from gnupg 1.4, changed from GPL to LGPL.  Fixed
-	a memory leak.
-
-	* stringhelp.h (isascii): New.
-
-	* stringhelp.c (strsep): New. Copied from gnupg 1.4.5
-	util/strgutil.c.
-
-	* strlist.h (STRLIST): Removed deprecated typedef.
-
-	* types.h: Made cpp commands work with old compilers.  Also shows
-	up nicer with Emacs' font locking.
-
-	* w32-afunix.c (_w32_sock_connect): Set ERRNO for an invalid port.
-
-        Changed license from GPL to LGPL.  Note that all code has either
-	been written by me, David, employees of g10 Code or taken from
-	glibc.
-
-	* libjnlib-config.h, stringhelp.c, stringhelp.h:
-	* strlist.c, strlist.h,	utf8conv.c, utf8conv.h:
-	* argparse.c, argparse.h, logging.c, logging.h:
-	* dotlock.c, dotlock.h, types.h, mischelp.h:
-        * xmalloc.c, xmalloc.h, w32-pth.c, w32-pth.h:
-	* w32-afunix.c, w32-afunix.h: Tagged them to be long to jnlib
-	which is a part of GnuPG but also used by other projetcs.
-
-2006-09-22  Werner Koch  
-
-	* utf8conv.c: Reworked to match the gnupg 1.4.5 code.  This now
-	requires iconv support but this is reasonable for all modern
-	systems.
-
-2006-08-29  Werner Koch  
-
-	* logging.c (do_logv): Emit a missing LF for fatal errors.
-
-2006-06-28  Werner Koch  
-
-	* dotlock.c (make_dotlock, release_dotlock, read_lockfile)
-	(maybe_deadlock, destroy_dotlock, create_dotlock): Re-indented.
-	(create_dotlock): Repalces some log_fatal by log_error as it was
-	not intended that they should terminate.  Write the nodename to
-	the locking file. Code cleanups.
-	(read_lockfile): Reworked to read the node name.
-	(make_dotlock): Test for identical node name and delete lock stale
-	file.
-	(release_dotlock): Likewise.
-
-2006-05-23  Werner Koch  
-
-	* libjnlib-config.h (JNLIB_NEED_UTF8CONV): Fixed typo in name.
-
-	* dotlock.c (release_dotlock): Don't act if we don't have any
-	locks at all.
-	(destroy_dotlock): New.  From 1.4.3.
-	(dotlock_remove_lockfiles): Make use of destroy function.
-
-2006-05-19  Werner Koch  
-
-	* strlist.c (append_to_strlist2): Enabled.
-
-	* stringhelp.c (print_sanitized_buffer2): New.  Changed the rules
-	to match the behaviour of print_string2 from gnupg 1.4.3.
-	(print_sanitized_buffer): Use the new function.
-	(print_sanitized_string2): New.
-	(hextobyte): New.  Taken from gpg 1.4.3.
-
-2006-04-28  Werner Koch  
-
-	* stringhelp.c (print_sanitized_buffer): Fix bug where the count
-	got wrong for the \xNN representation.
-	(sanitize_buffer): Fix bug where some control characters lose part
-	of their \xNN representation.
-
-2006-04-20  Werner Koch  
-
-	* stringhelp.c (make_basename): New arg INPUTPATH for future
-	riscos compatibility.
-
-2006-04-18  Werner Koch  
-
-	* libjnlib-config.h (JNLIB_NEED_UTF8CONF): Defined.
-	* strlist.c (add_to_strlist2) [JNLIB_NEED_UTF8CONV]: Enabled.
-
-2005-06-15  Werner Koch  
-
-	* stringhelp.c (sanitize_buffer): Make P a void*.
-	(ascii_memistr, memistr): Ditto.
-	(ascii_memcasecmp): Ditto.
-	* logging.c (writen): Use void * for arg BUFFER.
-	* stringhelp.c (memistr): Fixed unsigned/signed pointer conflict.
-	(ascii_memistr): Ditto.
-	(ascii_memcasemem): Ditto.
-	* utf8conv.c (utf8_to_native): Ditto.
-	(utf8_to_native): Ditto.
-	* argparse.c (show_version): Removed non-required cast.
-
-2005-01-19  Werner Koch  
-
-	* logging.c (fun_writer): Don't fallback to stderr. Print to
-	stderr only if connected to a tty.
-
-2004-12-20  Werner Koch  
-
-	* w32-pth.c (do_pth_event_free): The events are hold in a ring
-	buffer.  Adjust for that.
-	(do_pth_event_body): Ditto.
-	(pth_event_isolate): Ditto.
-	(do_pth_wait): Ditto.
-	(_pth_event_count): Renamed to ..
-	(event_count): .. and adjusted as above.
-	(pth_init): Define 3 debug levels and change all debug calls to
-	make use of them.  This makes the moule now silent.
-
-2004-12-19  Werner Koch  
-
-	* w32-pth.c (pth_init): Enable debugging depending on env var.
-	(pth_self): New.
-	(pth_mutex_release, pth_mutex_acquire): Implemented directly using
-	the W32 API.
-
-2004-12-18  Werner Koch  
-
-	* w32-pth.c (pth_init): Reverse return values.  Use TRUE and FALSE
-	constants.
-	(pth_kill, pth_mutex_acquire, pth_attr_set, pth_join, pth_cancel):
-	Ditto.
-
-2004-12-15  Werner Koch  
-
-	* logging.c [W32]: Don't include unavailable headers.
-
-2004-12-14  Werner Koch  
-
-	* w32-pth.c (_pth_strerror): Renamed to ...
-	(w32_strerror): .. this. And let callers provide a buffer.
-	(spawn_helper_thread): Removed HD arg and hardwire the stack size
-	to 32k.
-	(do_pth_wait): Removed use of ATTR; not needed for the helper
-	threads.
-	(helper_thread): Renamed to ..
-	(launch_thread): .. this.  Release handle if not joinable.
-	(struct pth_priv_hd_s): Renamed to ...
-	(struct thread_info_s): .. this.  Add member JOINABLE and TH.
-
-2004-12-14  Timo Schulz  
-
-	* w32-pth.c (pth_kill): Just release the crit section if
-	pth_init was really called. And set all handles to NULL.
-	(_pth_strerror): New.
-	(do_pth_wait): Before we enter the loop we check if there
-	are too much events in the ring.
-
-2004-12-14  Werner Koch  
-
-	* w32-pth.h (pth_event_occured): Removed macro.
-	* w32-pth.c: Fixed license statement; its under the LGPL.
-	(enter_pth, leave_pth): Use them to bracket almost all public
-	functions.
-
-2004-12-13  Timo Schulz  
-
-	* w32-pth.c (enter_pth, leave_pth): New.
-	(pth_init): Initialize global mutex section.
-	(pth_kill): Release global mutex section.
-	(helper_thread): New.
-	(pth_spawn): Make sure only one thread is running.
-
-2004-12-13  Werner Koch  
-
-	* stringhelp.c (w32_strerror) [W32]: New.
-
-	* w32-pth.c, w32-pth.h: Added real code written by Timo	Schulz.
-	Not finished, though.
-
-2004-12-07  Werner Koch  
-
-	* w32-pth.c, w32-pth.h: New.
-
-2004-11-26  Werner Koch  
-
-	* logging.c [_WIN32]: Don't include socket headers.
-
-2004-11-30  Timo Schulz  
-
-	* w32-afunix.c: New. AF_UNIX emulation for W32.
-	* w32-afunix.h: Likewise.
-
-2004-11-22  Werner Koch  
-
-	* logging.c (log_test_fd): Add test on LOGSTREAM.  Reported by
-	Barry Schwartz.
-
-2004-11-18  Werner Koch  
-
-	* logging.c: Explicitly include sys/stat.h for the S_I* constants.
-
-2004-10-21  Werner Koch  
-
-	* logging.c (do_logv): Use set_log_stream to setup a default.
-	(log_set_file): Factored code out to ..
-	(set_file_fd): .. New function to allow using a file descriptor.
-	(log_set_fd): Make use of new fucntion.
-	(fun_writer): Reworked.
-
-2004-08-18  Werner Koch  
-
-	* stringhelp.c (print_sanitized_utf8_string): Actually implement
-	it.
-
-2004-06-21  Werner Koch  
-
-	* logging.c (log_set_file): Do not close an old logstream if it
-	used to be stderr or stdout.
-
-2004-05-05  Werner Koch  
-
-	* logging.c (log_set_file): Oops, don't close if LOGSTREAM is NULL.
-
-2004-04-30  Werner Koch  
-
-	* logging.c (log_set_file): Make sure the log stream will be
-	closed even if the stderr fileno will be assigned to a new socket.
-
-2004-04-16  Werner Koch  
-
-	* logging.h (JNLIB_LOG_WITH_PREFIX): Add constants for the flag
-	values.
-	* logging.c (log_set_prefix): New flag DETACHED.
-	(fun_writer): Take care of this flag.
-	(log_test_fd): New.
-
-2004-02-18  Werner Koch  
-
-	* stringhelp.c (print_sanitized_buffer): Don't care about
-	non-ASCII characaters.
-	(sanitize_buffer): Ditto.
-
-2004-02-12  Werner Koch  
-
-	* Makefile.am: Replaced INCLUDES by AM_CPPFLAGS.
-
-2004-01-05  Werner Koch  
-
-	* argparse.c (strusage): Changed default copyright year to 2004.
-
-2003-12-17  Werner Koch  
-
-	* argparse.c (initialize): Replaced use of non-literal format
-	args.  Suggested by Florian Weimer.
-
-2003-12-16  Werner Koch  
-
-	* logging.c (writen, fun_writer, fun_closer): New.
-	(log_set_file): Add feature to log to a socket.
-	(log_set_file, do_logv): Force printing with prefix and pid.
-
-2003-11-13  Werner Koch  
-
-	* strlist.c (strlist_copy): New.
-
-	* dotlock.c: Define DIRSEP_C et al. if not defined.
-
-2003-11-06  Werner Koch  
-
-	* strlist.h (strlist_t): New. STRLIST is now deprecated.
-
-2003-06-18  Werner Koch  
-
-	* strlist.c (strlist_pop): New.
-
-	* dotlock.c (dotlock_remove_lockfiles): Prefixed with dotlock_ and
-	made global.
-
-2003-06-17  Werner Koch  
-
-	* stringhelp.c (length_sans_trailing_chars)
-	(length_sans_trailing_ws): New.
-
-	* logging.c (log_inc_errorcount): New.
-
-	* stringhelp.c (print_sanitized_utf8_buffer): Implement utf8
-	conversion.
-	(sanitize_buffer): New. Based on gnupg 1.3.2 make_printable_string.
-
-	* dotlock.c: Updated to match the version from 1.3.2
-	* utf8conv.c: New.  Code taken from strgutil.c of gnupg 1.3.2.
-	* utf8conv.h: New.
-
-2003-06-16  Werner Koch  
-
-	* logging.c (do_logv): Hack to optionally suppress a leading space.
-
-	* stringhelp.c (ascii_strncasecmp): New.  Taken from gnupg 1.3.
-	(ascii_memistr): New. Taken from gnupg 1.3
-
-2003-06-13  Werner Koch  
-
-	* mischelp.h (wipememory2,wipememory): New. Taken from GnuPG 1.3.2.
-
-2002-06-04  Werner Koch  
-
-	* stringhelp.c (print_sanitized_utf8_string): New.  No real
-	implementation for now.
-	(print_sanitized_utf8_buffer): Ditto.
-
-2002-04-04  Werner Koch  
-
-	* logging.c (log_get_prefix): New.
-
-2002-03-15  Werner Koch  
-
-	* argparse.c (optfile_parse): Fixed missing argument handling.
-
-2002-02-25  Werner Koch  
-
-	* stringhelp.c (ascii_memcasemem): New.
-
-2002-02-14  Werner Koch  
-
-	* Makefile.am (INCLUDES): Add cflags for libgcrypt.
-
-2002-02-07  Werner Koch  
-
-	* logging.c (log_set_fd): New.
-
-	* stringhelp.c (print_sanitized_buffer): New.
-	(print_sanitized_string): New.
-
-2002-01-24  Werner Koch  
-
-	* argparse.c (strusage): Set default copyright notice year to 2002.
-
-	Fixed the copyright notice of this file, as it has always been
-	part of GnuPG and therefore belongs to the FSF.
-
-2001-11-01  Marcus Brinkmann  
-
-	* logging.c (log_printf): Do not initialize ARG_PTR with 0, we
-	don't know the correct type.  Instead, run va_start and va_end
-	unconditionally.
-	Reported by Jose Carlos Garcia Sogo .
-
-2002-01-19  Werner Koch  
-
-	* logging.c (log_get_stream): New.
-
-2001-12-05  Werner Koch  
-
-	* logging.c (log_set_prefix): New.
-	(do_logv): Include prefix and pid only if enabled. Print time only
-	when explicitly enabled.
-	(log_logv): New.
-	* logging.h: Include log_logv() only when requested.
-
-2001-11-06  Werner Koch  
-
-	* strlist.c, strlist.h: New. Taken from pgnupg/util/strgutil.c
-
-2001-08-30  Werner Koch  
-
-	* logging.c (log_printf): Don't pass NULL instead of arg_ptr.
-
-2001-07-19  Werner Koch  
-
-	* stringhelp.c (ascii_memistr,ascii_isupper,ascii_islower,
-	ascii_toupper,ascii_tolower, ascii_strcasecmp, ascii_memcasecmp): New.
-
-2000-07-26 10:02:51  Werner Koch  (wk@habibti.openit.de)
-
-	* stringhelp.c.: Add stdarg.h
-	* argparse.h: s/ulong/unsigned long/ although this should be defined
-        by types.h.
-
-2000-06-28 19:40:23  Werner Koch  (wk@habibti.openit.de)
-
-	* Makefile.am: Replaced second logging.c by .h
-
-2000-05-24 08:58:15  Werner Koch  (wk@habibti.openit.de)
-
-	* logging.c (log_get_errorcount): New.
-
-2000-05-24 08:44:47  Werner Koch  (wk@habibti.openit.de)
-
-	* stringhelp.c: Added a few filename related helper functions.
-
-2000-05-11 18:04:43  Werner Koch  (wk@habibti.openit.de)
-
-	* xmalloc.c (xstrcat2): Replaced stpcpy to quickly address W32
-	problems.
-
-2000-05-02 19:43:38  Werner Koch  (wk@habibti.openit.de)
-
-	* xmalloc.c (xstrcat2): New.
-
-Mon Jan 24 13:04:28 CET 2000  Werner Koch  
-
-	* README: New.
-	* Makefile.am: new.
-	* argparse.c, argparse.h, logging.c, logging.h:
-	* mischelp.h, stringhelp.c, stringhelp.h, xmalloc.c:
-	* xmalloc.h, dotlock.c: Moved from ../util to here.
-	* dotlock.h: New.
-	* libjnlib-config.h: New.
-
-	* logging.c (log_set_file): New.
-	(log_printf): New.
-	(do_logv): Add kludge to insert LFs.
-
-
-     ***********************************************************
-     * Please note that JNLIB is maintained as part of GnuPG.  *
-     * You may find it source-copied in other packages.        *
-     ***********************************************************
-
- Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
-	   2010 Free Software Foundation, Inc.
-
- This file is free software; as a special exception the author gives
- unlimited permission to copy and/or distribute it, with or without
- modifications, as long as this notice is preserved.
-
- This file is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
- implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-Local Variables:
-buffer-read-only: t
-End:
diff -Nru gnupg2-2.1.6/common/common-defs.h gnupg2-2.0.28/common/common-defs.h
--- gnupg2-2.1.6/common/common-defs.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/common-defs.h	2015-06-02 08:13:55.000000000 +0000
@@ -20,17 +20,6 @@
 #ifndef GNUPG_COMMON_COMMON_DEFS_H
 #define GNUPG_COMMON_COMMON_DEFS_H
 
-
-/* Dummy replacement for getenv.  */
-#ifndef HAVE_GETENV
-#define getenv(a)  (NULL)
-#endif
-
-#ifdef HAVE_W32CE_SYSTEM
-#define getpid() GetCurrentProcessId ()
-#endif
-
-
 /*-- ttyio.c --*/
 void tty_private_set_rl_hooks (void (*init_stream) (FILE *),
                                void (*set_completer) (rl_completion_func_t*),
diff -Nru gnupg2-2.1.6/common/convert.c gnupg2-2.0.28/common/convert.c
--- gnupg2-2.1.6/common/convert.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/convert.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -116,23 +106,23 @@
 {
   const unsigned char *s;
   char *p;
-
+  
   if (!stringbuf)
     {
       /* Not really correct for with_colon but we don't care about the
          one wasted byte. */
-      size_t n = with_colon? 3:2;
-      size_t nbytes = n * length + 1;
-      if (length &&  (nbytes-1) / n != length)
+      size_t n = with_colon? 3:2; 
+      size_t nbytes = n * length + 1; 
+      if (length &&  (nbytes-1) / n != length) 
         {
-          gpg_err_set_errno (ENOMEM);
+          errno = ENOMEM;
           return NULL;
         }
       stringbuf = xtrymalloc (nbytes);
       if (!stringbuf)
         return NULL;
     }
-
+  
   for (s = buffer, p = stringbuf; length; length--, s++)
     {
       if (with_colon && s != buffer)
@@ -175,26 +165,21 @@
 /* Convert HEXSTRING consisting of hex characters into string and
    store that at BUFFER.  HEXSTRING is either delimited by end of
    string or a white space character.  The function makes sure that
-   the resulting string in BUFFER is terminated by a Nul byte.  Note
-   that the retruned string may include embedded Nul bytes; the extra
-   Nul byte at the end is used to make sure tha the result can always
-   be used as a C-string.
-
+   the resulting string in BUFFER is terminated by a Nul character.
    BUFSIZE is the availabe length of BUFFER; if the converted result
-   plus a possible required extra Nul character does not fit into this
+   plus a possible required Nul character does not fit into this
    buffer, the function returns NULL and won't change the existing
-   content of BUFFER.  In-place conversion is possible as long as
+   conent of buffer.  In-place conversion is possible as long as
    BUFFER points to HEXSTRING.
-
-   If BUFFER is NULL and BUFSIZE is 0 the function scans HEXSTRING but
+   
+   If BUFFER is NULL and bufsize is 0 the function scans HEXSTRING but
    does not store anything.  This may be used to find the end of
-   HEXSTRING.
+   hexstring.
 
    On sucess the function returns a pointer to the next character
    after HEXSTRING (which is either end-of-string or a the next white
-   space).  If BUFLEN is not NULL the number of valid vytes in BUFFER
-   is stored there (an extra Nul byte is not counted); this will even
-   be done if BUFFER has been passed as NULL. */
+   space).  If BUFLEN is not NULL the strlen of buffer is stored
+   there; this will even be done if BUFFER has been passed as NULL. */
 const char *
 hex2str (const char *hexstring, char *buffer, size_t bufsize, size_t *buflen)
 {
@@ -208,10 +193,7 @@
   for (s=hexstring, count=0; hexdigitp (s) && hexdigitp (s+1); s += 2, count++)
     ;
   if (*s && (!isascii (*s) || !isspace (*s)) )
-    {
-      gpg_err_set_errno (EINVAL);
-      return NULL;   /* Not followed by Nul or white space.  */
-    }
+    return NULL;   /* Not followed by Nul or white space.  */
   /* We need to append a nul character.  However we don't want that if
      the hexstring already ends with "00".  */
   need_nul = ((s == hexstring) || !(s[-2] == '0' && s[-1] == '0'));
@@ -221,11 +203,8 @@
   if (buffer)
     {
       if (count > bufsize)
-        {
-          gpg_err_set_errno (EINVAL);
-          return NULL; /* Too long.  */
-        }
-
+        return NULL; /* Too long.  */
+      
       for (s=hexstring, idx=0; hexdigitp (s) && hexdigitp (s+1); s += 2)
         ((unsigned char*)buffer)[idx++] = xtoi_2 (s);
       if (need_nul)
@@ -233,7 +212,7 @@
     }
 
   if (buflen)
-    *buflen = count - need_nul;
+    *buflen = count - 1;
   return s;
 }
 
@@ -253,6 +232,7 @@
     {
       if (r_count)
         *r_count = 0;
+      errno = EINVAL;
       return NULL;
     }
   if (r_count)
@@ -264,3 +244,6 @@
     BUG ();
   return result;
 }
+
+
+
diff -Nru gnupg2-2.1.6/common/dns-cert.c gnupg2-2.0.28/common/dns-cert.c
--- gnupg2-2.1.6/common/dns-cert.c	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/common/dns-cert.c	2015-06-02 08:13:55.000000000 +0000
@@ -0,0 +1,342 @@
+/* dns-cert.c - DNS CERT code
+ * Copyright (C) 2005, 2006, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include 
+#include 
+#ifdef USE_DNS_CERT
+# ifdef HAVE_W32_SYSTEM
+#  include 
+# else
+#  include 
+#  include 
+#  include 
+# endif
+# include 
+#endif
+#ifdef USE_ADNS
+# include 
+# ifndef HAVE_ADNS_FREE
+#  define adns_free free
+# endif
+#endif
+
+#include "util.h"
+#include "iobuf.h"
+#include "dns-cert.h"
+
+/* Not every installation has gotten around to supporting CERTs
+   yet... */
+#ifndef T_CERT
+#define T_CERT 37
+#endif
+
+/* ADNS has no support for CERT yes. */
+#define my_adns_r_cert 37
+
+
+
+/* Returns -1 on error, 0 for no answer, 1 for PGP provided and 2 for
+   IPGP provided.  Note that this fucntion retruns the first CERT
+   found with a supported type; it is expected that only one CERT
+   record is used. */
+int
+get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
+              unsigned char **fpr, size_t *fpr_len, char **url)
+{
+#ifdef USE_DNS_CERT
+#ifdef USE_ADNS
+  adns_state state;
+  adns_answer *answer = NULL;
+  int rc;
+  unsigned int ctype;
+  int count;
+
+  rc = adns_init (&state, adns_if_noerrprint, NULL);
+  if (rc)
+    {
+      log_error ("error initializing adns: %s\n", strerror (errno));
+      return -1;
+    }
+
+  rc = adns_synchronous (state, name, (adns_r_unknown | my_adns_r_cert),
+                         adns_qf_quoteok_query, &answer);
+  if (rc)
+    {
+      /* log_error ("DNS query failed: %s\n", strerror (errno)); */
+      adns_finish (state);
+      return -1;
+    }
+  if (answer->status != adns_s_ok) 
+    {
+      /* log_error ("DNS query returned an error: %s (%s)\n", */
+      /*            adns_strerror (answer->status), */
+      /*            adns_errabbrev (answer->status)); */
+      adns_free (answer);
+      adns_finish (state);
+      return 0;
+    }
+
+  for (rc = 0, count=0; !rc && count < answer->nrrs; count++)
+    {
+      int datalen = answer->rrs.byteblock[count].len;
+      const unsigned char *data = answer->rrs.byteblock[count].data;
+
+      if (datalen < 5)
+        continue;  /* Truncated CERT record - skip.  */
+
+      ctype = ((data[0]<<8)|data[1]);
+      /* (key tag and algorithm fields are not required.) */
+      data += 5;
+      datalen -= 5;
+
+      if (ctype == 3 && datalen >= 11)
+        {
+          /* CERT type is PGP.  Gpg checks for a minimum length of 11,
+             thus we do the same.  */
+          *iobuf = iobuf_temp_with_content ((char*)data, datalen);
+          rc = 1;
+        }
+      else if (ctype == 6 && datalen && datalen < 1023 
+               && datalen >= data[0]+1 && fpr && fpr_len && url)
+        {
+          /* CERT type is IPGP.  We made sure tha the data is
+             plausible and that the caller requested the
+             information.  */
+          *fpr_len = data[0];
+          if (*fpr_len)
+            {
+              *fpr = xmalloc (*fpr_len);
+              memcpy (*fpr, data+1, *fpr_len);
+            }
+          else
+            *fpr = NULL;
+              
+          if (datalen > *fpr_len + 1)
+            {
+              *url = xmalloc (datalen - (*fpr_len+1) + 1);
+              memcpy (*url, data + (*fpr_len+1), datalen - (*fpr_len+1));
+              (*url)[datalen - (*fpr_len+1)] = '\0';
+            }
+          else
+            *url = NULL;
+          
+          rc = 2;
+        }
+    }
+  
+  adns_free (answer);
+  adns_finish (state);
+  return rc;
+
+#else /*!USE_ADNS*/
+
+  unsigned char *answer;
+  int r,ret=-1;
+  u16 count;
+
+  if(fpr)
+    *fpr=NULL;
+
+  if(url)
+    *url=NULL;
+
+  answer=xmalloc(max_size);
+
+  r=res_query(name,C_IN,T_CERT,answer,max_size);
+  /* Not too big, not too small, no errors and at least 1 answer. */
+  if(r>=sizeof(HEADER) && r<=max_size
+     && (((HEADER *)answer)->rcode)==NOERROR
+     && (count=ntohs(((HEADER *)answer)->ancount)))
+    {
+      int rc;
+      unsigned char *pt,*emsg;
+
+      emsg=&answer[r];
+
+      pt=&answer[sizeof(HEADER)];
+
+      /* Skip over the query */
+
+      rc=dn_skipname(pt,emsg);
+      if(rc==-1)
+	goto fail;
+
+      pt+=rc+QFIXEDSZ;
+
+      /* There are several possible response types for a CERT request.
+	 We're interested in the PGP (a key) and IPGP (a URI) types.
+	 Skip all others.  TODO: A key is better than a URI since
+	 we've gone through all this bother to fetch it, so favor that
+	 if we have both PGP and IPGP? */
+
+      while(count-->0 && pt=pt[0]+1
+		  && fpr && fpr_len && url)
+	    {
+	      /* IPGP type */
+	      *fpr_len=pt[0];
+
+	      if(*fpr_len)
+		{
+		  *fpr=xmalloc(*fpr_len);
+		  memcpy(*fpr,&pt[1],*fpr_len);
+		}
+	      else
+		*fpr=NULL;
+
+	      if(dlen>*fpr_len+1)
+		{
+		  *url=xmalloc(dlen-(*fpr_len+1)+1);
+		  memcpy(*url,&pt[*fpr_len+1],dlen-(*fpr_len+1));
+		  (*url)[dlen-(*fpr_len+1)]='\0';
+		}
+	      else
+		*url=NULL;
+
+	      ret=2;
+	      break;
+	    }
+
+	  /* Neither type matches, so go around to the next answer. */
+	  pt+=dlen;
+	}
+    }
+
+ fail:
+  xfree(answer);
+  return ret;
+#endif /*!USE_ADNS*/
+#else /* !USE_DNS_CERT */
+  return -1;
+#endif
+}
+
+
+
+/* Test with simon.josefsson.org */
+
+#ifdef TEST
+int
+main(int argc,char *argv[])
+{
+  unsigned char *fpr;
+  size_t fpr_len;
+  char *url;
+  int rc;
+  IOBUF iobuf;
+
+  if(argc!=2)
+    {
+      printf("cert-test [name]\n");
+      return 1;
+    }
+
+  printf("CERT lookup on %s\n",argv[1]);
+
+  rc=get_dns_cert (argv[1],16384,&iobuf,&fpr,&fpr_len,&url);
+  if(rc==-1)
+    printf("error\n");
+  else if(rc==0)
+    printf("no answer\n");
+  else if(rc==1)
+    {
+      printf("key found: %d bytes\n",(int)iobuf_get_temp_length(iobuf));
+      iobuf_close(iobuf);
+    }
+  else if(rc==2)
+    {
+      if(fpr)
+	{
+	  size_t i;
+	  printf("Fingerprint found (%d bytes): ",(int)fpr_len);
+	  for(i=0;i.
+ */
+#ifndef GNUPG_COMMON_DNS_CERT_H
+#define GNUPG_COMMON_DNS_CERT_H
+
+int get_dns_cert (const char *name, size_t max_size, IOBUF *iobuf,
+                  unsigned char **fpr, size_t *fpr_len, char **url);
+
+
+#endif /*GNUPG_COMMON_DNS_CERT_H*/
diff -Nru gnupg2-2.1.6/common/dotlock.c gnupg2-2.0.28/common/dotlock.c
--- gnupg2-2.1.6/common/dotlock.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/dotlock.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,1309 +0,0 @@
-/* dotlock.c - dotfile locking
- * Copyright (C) 1998, 2000, 2001, 2003, 2004,
- *               2005, 2006, 2008, 2010, 2011 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- *
- * ALTERNATIVELY, this file may be distributed under the terms of the
- * following license, in which case the provisions of this license are
- * required INSTEAD OF the GNU Lesser General License or the GNU
- * General Public License. If you wish to allow use of your version of
- * this file only under the terms of the GNU Lesser General License or
- * the GNU General Public License, and not to allow others to use your
- * version of this file under the terms of the following license,
- * indicate your decision by deleting this paragraph and the license
- * below.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, and the entire permission notice in its entirety,
- *    including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior
- *    written permission.
- *
- * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
-   Overview:
-   =========
-
-   This module implements advisory file locking in a portable way.
-   Due to the problems with POSIX fcntl locking a separate lock file
-   is used.  It would be possible to use fcntl locking on this lock
-   file and thus avoid the weird auto unlock bug of POSIX while still
-   having an unproved better performance of fcntl locking.  However
-   there are still problems left, thus we resort to use a hardlink
-   which has the well defined property that a link call will fail if
-   the target file already exists.
-
-   Given that hardlinks are also available on NTFS file systems since
-   Windows XP; it will be possible to enhance this module to use
-   hardlinks even on Windows and thus allow Windows and Posix clients
-   to use locking on the same directory.  This is not yet implemented;
-   instead we use a lockfile on Windows along with W32 style file
-   locking.
-
-   On FAT file systems hardlinks are not supported.  Thus this method
-   does not work.  Our solution is to use a O_EXCL locking instead.
-   Querying the type of the file system is not easy to do in a
-   portable way (e.g. Linux has a statfs, BSDs have a the same call
-   but using different structures and constants).  What we do instead
-   is to check at runtime whether link(2) works for a specific lock
-   file.
-
-
-   How to use:
-   ===========
-
-   At program initialization time, the module should be explicitly
-   initialized:
-
-      dotlock_create (NULL, 0);
-
-   This installs an atexit handler and may also initialize mutex etc.
-   It is optional for non-threaded applications.  Only the first call
-   has an effect.  This needs to be done before any extra threads are
-   started.
-
-   To create a lock file (which  prepares it but does not take the
-   lock) you do:
-
-     dotlock_t h
-
-     h = dotlock_create (fname, 0);
-     if (!h)
-       error ("error creating lock file: %s\n", strerror (errno));
-
-   It is important to handle the error.  For example on a read-only
-   file system a lock can't be created (but is usually not needed).
-   FNAME is the file you want to lock; the actual lockfile is that
-   name with the suffix ".lock" appended.  On success a handle to be
-   used with the other functions is returned or NULL on error.  Note
-   that the handle shall only be used by one thread at a time.  This
-   function creates a unique file temporary file (".#lk*") in the same
-   directory as FNAME and returns a handle for further operations.
-   The module keeps track of theses unique files so that they will be
-   unlinked using the atexit handler.  If you don't need the lock file
-   anymore, you may also explicitly remove it with a call to:
-
-     dotlock_destroy (h);
-
-   To actually lock the file, you use:
-
-     if (dotlock_take (h, -1))
-       error ("error taking lock: %s\n", strerror (errno));
-
-   This function will wait until the lock is acquired.  If an
-   unexpected error occurs if will return non-zero and set ERRNO.  If
-   you pass (0) instead of (-1) the function does not wait in case the
-   file is already locked but returns -1 and sets ERRNO to EACCES.
-   Any other positive value for the second parameter is considered a
-   timeout valuie in milliseconds.
-
-   To release the lock you call:
-
-     if (dotlock_release (h))
-       error ("error releasing lock: %s\n", strerror (errno));
-
-   or, if the lock file is not anymore needed, you may just call
-   dotlock_destroy.  However dotlock_release does some extra checks
-   before releasing the lock and prints diagnostics to help detecting
-   bugs.
-
-   If you want to explicitly destroy all lock files you may call
-
-     dotlock_remove_lockfiles ();
-
-   which is the core of the installed atexit handler.  In case your
-   application wants to disable locking completely it may call
-
-     disable_locking ()
-
-   before any locks are created.
-
-   There are two convenience functions to store an integer (e.g. a
-   file descriptor) value with the handle:
-
-     void dotlock_set_fd (dotlock_t h, int fd);
-     int  dotlock_get_fd (dotlock_t h);
-
-   If nothing has been stored dotlock_get_fd returns -1.
-
-
-
-   How to build:
-   =============
-
-   This module was originally developed for GnuPG but later changed to
-   allow its use without any GnuPG dependency.  If you want to use it
-   with you application you may simply use it and it should figure out
-   most things automagically.
-
-   You may use the common config.h file to pass macros, but take care
-   to pass -DHAVE_CONFIG_H to the compiler.  Macros used by this
-   module are:
-
-     DOTLOCK_USE_PTHREAD  - Define if POSIX threads are in use.
-
-     DOTLOCK_GLIB_LOGGING - Define this to use Glib logging functions.
-
-     DOTLOCK_EXT_SYM_PREFIX - Prefix all external symbols with the
-                              string to which this macro evaluates.
-
-     GNUPG_MAJOR_VERSION - Defined when used by GnuPG.
-
-     HAVE_DOSISH_SYSTEM  - Defined for Windows etc.  Will be
-                           automatically defined if a the target is
-                           Windows.
-
-     HAVE_POSIX_SYSTEM   - Internally defined to !HAVE_DOSISH_SYSTEM.
-
-     HAVE_SIGNAL_H       - Should be defined on Posix systems.  If config.h
-                           is not used defaults to defined.
-
-     DIRSEP_C            - Separation character for file name parts.
-                           Usually not redefined.
-
-     EXTSEP_S            - Separation string for file name suffixes.
-                           Usually not redefined.
-
-     HAVE_W32CE_SYSTEM   - Currently only used by GnuPG.
-
-   Note that there is a test program t-dotlock which has compile
-   instructions at its end.  At least for SMBFS and CIFS it is
-   important that 64 bit versions of stat are used; most programming
-   environments do this these days, just in case you want to compile
-   it on the command line, remember to pass -D_FILE_OFFSET_BITS=64
-
-
-   Bugs:
-   =====
-
-   On Windows this module is not yet thread-safe.
-
-
-   Miscellaneous notes:
-   ====================
-
-   On hardlinks:
-   - Hardlinks are supported under Windows with NTFS since XP/Server2003.
-   - In Linux 2.6.33 both SMBFS and CIFS seem to support hardlinks.
-   - NFS supports hard links.  But there are solvable problems.
-   - FAT does not support links
-
-   On the file locking API:
-   - CIFS on Linux 2.6.33 supports several locking methods.
-     SMBFS seems not to support locking.  No closer checks done.
-   - NFS supports Posix locks.  flock is emulated in the server.
-     However there are a couple of problems; see below.
-   - FAT does not support locks.
-   - An advantage of fcntl locking is that R/W locks can be
-     implemented which is not easy with a straight lock file.
-
-   On O_EXCL:
-   - Does not work reliable on NFS
-   - Should work on CIFS and SMBFS but how can we delete lockfiles?
-
-   On NFS problems:
-   - Locks vanish if the server crashes and reboots.
-   - Client crashes keep the lock in the server until the client
-     re-connects.
-   - Communication problems may return unreliable error codes.  The
-     MUA Postfix's workaround is to compare the link count after
-     seeing an error for link.  However that gives a race.  If using a
-     unique file to link to a lockfile and using stat to check the
-     link count instead of looking at the error return of link(2) is
-     the best solution.
-   - O_EXCL seems to have a race and may re-create a file anyway.
-
-*/
-
-#ifdef HAVE_CONFIG_H
-# include 
-#endif
-
-/* Some quick replacements for stuff we usually expect to be defined
-   in config.h.  Define HAVE_POSIX_SYSTEM for better readability. */
-#if !defined (HAVE_DOSISH_SYSTEM) && defined(_WIN32)
-# define HAVE_DOSISH_SYSTEM 1
-#endif
-#if !defined (HAVE_DOSISH_SYSTEM) && !defined (HAVE_POSIX_SYSTEM)
-# define HAVE_POSIX_SYSTEM 1
-#endif
-
-/* With no config.h assume that we have sitgnal.h.  */
-#if !defined (HAVE_CONFIG_H) && defined (HAVE_POSIX_SYSTEM)
-# define HAVE_SIGNAL_H 1
-#endif
-
-/* Standard headers.  */
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef  HAVE_DOSISH_SYSTEM
-# define WIN32_LEAN_AND_MEAN  /* We only need the OS core stuff.  */
-# include 
-#else
-# include 
-# include 
-# include 
-#endif
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_SIGNAL_H
-# include 
-#endif
-#ifdef DOTLOCK_USE_PTHREAD
-# include 
-#endif
-
-#ifdef DOTLOCK_GLIB_LOGGING
-# include 
-#endif
-
-#ifdef GNUPG_MAJOR_VERSION
-# include "util.h"
-# include "common-defs.h"
-# include "stringhelp.h"  /* For stpcpy and w32_strerror. */
-#endif
-#ifdef HAVE_W32CE_SYSTEM
-# include "utf8conv.h"  /* WindowsCE requires filename conversion.  */
-#endif
-
-#include "dotlock.h"
-
-
-/* Define constants for file name construction.  */
-#if !defined(DIRSEP_C) && !defined(EXTSEP_S)
-# ifdef HAVE_DOSISH_SYSTEM
-#  define DIRSEP_C '\\'
-#  define EXTSEP_S "."
-#else
-#  define DIRSEP_C '/'
-#  define EXTSEP_S "."
-# endif
-#endif
-
-/* In GnuPG we use wrappers around the malloc fucntions.  If they are
-   not defined we assume that this code is used outside of GnuPG and
-   fall back to the regular malloc functions.  */
-#ifndef xtrymalloc
-# define xtrymalloc(a)     malloc ((a))
-# define xtrycalloc(a,b)   calloc ((a), (b))
-# define xfree(a)	   free ((a))
-#endif
-
-/* Wrapper to set ERRNO (required for W32CE).  */
-#ifdef GPG_ERROR_VERSION
-#  define my_set_errno(e)  gpg_err_set_errno ((e))
-#else
-#  define my_set_errno(e)  do { errno = (e); } while (0)
-#endif
-
-/* Gettext macro replacement.  */
-#ifndef _
-# define _(a) (a)
-#endif
-
-#ifdef GNUPG_MAJOR_VERSION
-# define my_info_0(a)       log_info ((a))
-# define my_info_1(a,b)     log_info ((a), (b))
-# define my_info_2(a,b,c)   log_info ((a), (b), (c))
-# define my_info_3(a,b,c,d) log_info ((a), (b), (c), (d))
-# define my_error_0(a)      log_error ((a))
-# define my_error_1(a,b)    log_error ((a), (b))
-# define my_error_2(a,b,c)  log_error ((a), (b), (c))
-# define my_debug_1(a,b)    log_debug ((a), (b))
-# define my_fatal_0(a)      log_fatal ((a))
-#elif defined (DOTLOCK_GLIB_LOGGING)
-# define my_info_0(a)       g_message ((a))
-# define my_info_1(a,b)     g_message ((a), (b))
-# define my_info_2(a,b,c)   g_message ((a), (b), (c))
-# define my_info_3(a,b,c,d) g_message ((a), (b), (c), (d))
-# define my_error_0(a)      g_warning ((a))
-# define my_error_1(a,b)    g_warning ((a), (b))
-# define my_error_2(a,b,c)  g_warning ((a), (b), (c))
-# define my_debug_1(a,b)    g_debug ((a), (b))
-# define my_fatal_0(a)      g_error ((a))
-#else
-# define my_info_0(a)       fprintf (stderr, (a))
-# define my_info_1(a,b)     fprintf (stderr, (a), (b))
-# define my_info_2(a,b,c)   fprintf (stderr, (a), (b), (c))
-# define my_info_3(a,b,c,d) fprintf (stderr, (a), (b), (c), (d))
-# define my_error_0(a)      fprintf (stderr, (a))
-# define my_error_1(a,b)    fprintf (stderr, (a), (b))
-# define my_error_2(a,b,c)  fprintf (stderr, (a), (b), (c))
-# define my_debug_1(a,b)    fprintf (stderr, (a), (b))
-# define my_fatal_0(a)      do { fprintf (stderr,(a)); fflush (stderr); \
-                                 abort (); } while (0)
-#endif
-
-
-
-
-
-/* The object describing a lock.  */
-struct dotlock_handle
-{
-  struct dotlock_handle *next;
-  char *lockname;            /* Name of the actual lockfile.          */
-  unsigned int locked:1;     /* Lock status.                          */
-  unsigned int disable:1;    /* If true, locking is disabled.         */
-  unsigned int use_o_excl:1; /* Use open (O_EXCL) for locking.        */
-
-  int extra_fd;              /* A place for the caller to store an FD.  */
-
-#ifdef HAVE_DOSISH_SYSTEM
-  HANDLE lockhd;       /* The W32 handle of the lock file.      */
-#else /*!HAVE_DOSISH_SYSTEM */
-  char *tname;         /* Name of the lockfile template.        */
-  size_t nodename_off; /* Offset in TNAME of the nodename part. */
-  size_t nodename_len; /* Length of the nodename part.          */
-#endif /*!HAVE_DOSISH_SYSTEM */
-};
-
-
-/* A list of of all lock handles.  The volatile attribute might help
-   if used in an atexit handler.  */
-static volatile dotlock_t all_lockfiles;
-#ifdef DOTLOCK_USE_PTHREAD
-static pthread_mutex_t all_lockfiles_mutex = PTHREAD_MUTEX_INITIALIZER;
-# define LOCK_all_lockfiles() do {                               \
-        if (pthread_mutex_lock (&all_lockfiles_mutex))           \
-          my_fatal_0 ("locking all_lockfiles_mutex failed\n");   \
-      } while (0)
-# define UNLOCK_all_lockfiles() do {                             \
-        if (pthread_mutex_unlock (&all_lockfiles_mutex))         \
-          my_fatal_0 ("unlocking all_lockfiles_mutex failed\n"); \
-      } while (0)
-#else  /*!DOTLOCK_USE_PTHREAD*/
-# define LOCK_all_lockfiles()   do { } while (0)
-# define UNLOCK_all_lockfiles() do { } while (0)
-#endif /*!DOTLOCK_USE_PTHREAD*/
-
-/* If this has the value true all locking is disabled.  */
-static int never_lock;
-
-
-
-
-
-/* Entirely disable all locking.  This function should be called
-   before any locking is done.  It may be called right at startup of
-   the process as it only sets a global value.  */
-void
-dotlock_disable (void)
-{
-  never_lock = 1;
-}
-
-
-#ifdef HAVE_POSIX_SYSTEM
-static int
-maybe_deadlock (dotlock_t h)
-{
-  dotlock_t r;
-  int res = 0;
-
-  LOCK_all_lockfiles ();
-  for (r=all_lockfiles; r; r = r->next)
-    {
-      if ( r != h && r->locked )
-        {
-          res = 1;
-          break;
-        }
-    }
-  UNLOCK_all_lockfiles ();
-  return res;
-}
-#endif /*HAVE_POSIX_SYSTEM*/
-
-
-/* Read the lock file and return the pid, returns -1 on error.  True
-   will be stored in the integer at address SAME_NODE if the lock file
-   has been created on the same node. */
-#ifdef HAVE_POSIX_SYSTEM
-static int
-read_lockfile (dotlock_t h, int *same_node )
-{
-  char buffer_space[10+1+70+1]; /* 70 is just an estimated value; node
-                                   names are usually shorter. */
-  int fd;
-  int pid = -1;
-  char *buffer, *p;
-  size_t expected_len;
-  int res, nread;
-
-  *same_node = 0;
-  expected_len = 10 + 1 + h->nodename_len + 1;
-  if ( expected_len >= sizeof buffer_space)
-    {
-      buffer = xtrymalloc (expected_len);
-      if (!buffer)
-        return -1;
-    }
-  else
-    buffer = buffer_space;
-
-  if ( (fd = open (h->lockname, O_RDONLY)) == -1 )
-    {
-      int e = errno;
-      my_info_2 ("error opening lockfile '%s': %s\n",
-                 h->lockname, strerror(errno) );
-      if (buffer != buffer_space)
-        xfree (buffer);
-      my_set_errno (e); /* Need to return ERRNO here. */
-      return -1;
-    }
-
-  p = buffer;
-  nread = 0;
-  do
-    {
-      res = read (fd, p, expected_len - nread);
-      if (res == -1 && errno == EINTR)
-        continue;
-      if (res < 0)
-        {
-          my_info_1 ("error reading lockfile '%s'\n", h->lockname );
-          close (fd);
-          if (buffer != buffer_space)
-            xfree (buffer);
-          my_set_errno (0); /* Do not return an inappropriate ERRNO. */
-          return -1;
-        }
-      p += res;
-      nread += res;
-    }
-  while (res && nread != expected_len);
-  close(fd);
-
-  if (nread < 11)
-    {
-      my_info_1 ("invalid size of lockfile '%s'\n", h->lockname);
-      if (buffer != buffer_space)
-        xfree (buffer);
-      my_set_errno (0); /* Better don't return an inappropriate ERRNO. */
-      return -1;
-    }
-
-  if (buffer[10] != '\n'
-      || (buffer[10] = 0, pid = atoi (buffer)) == -1
-      || !pid )
-    {
-      my_error_2 ("invalid pid %d in lockfile '%s'\n", pid, h->lockname);
-      if (buffer != buffer_space)
-        xfree (buffer);
-      my_set_errno (0);
-      return -1;
-    }
-
-  if (nread == expected_len
-      && !memcmp (h->tname+h->nodename_off, buffer+11, h->nodename_len)
-      && buffer[11+h->nodename_len] == '\n')
-    *same_node = 1;
-
-  if (buffer != buffer_space)
-    xfree (buffer);
-  return pid;
-}
-#endif /*HAVE_POSIX_SYSTEM */
-
-
-/* Check whether the file system which stores TNAME supports
-   hardlinks.  Instead of using the non-portable statsfs call which
-   differs between various Unix versions, we do a runtime test.
-   Returns: 0 supports hardlinks; 1 no hardlink support, -1 unknown
-   (test error).  */
-#ifdef HAVE_POSIX_SYSTEM
-static int
-use_hardlinks_p (const char *tname)
-{
-  char *lname;
-  struct stat sb;
-  unsigned int nlink;
-  int res;
-
-  if (stat (tname, &sb))
-    return -1;
-  nlink = (unsigned int)sb.st_nlink;
-
-  lname = xtrymalloc (strlen (tname) + 1 + 1);
-  if (!lname)
-    return -1;
-  strcpy (lname, tname);
-  strcat (lname, "x");
-
-  /* We ignore the return value of link() because it is unreliable.  */
-  (void) link (tname, lname);
-
-  if (stat (tname, &sb))
-    res = -1;  /* Ooops.  */
-  else if (sb.st_nlink == nlink + 1)
-    res = 0;   /* Yeah, hardlinks are supported.  */
-  else
-    res = 1;   /* No hardlink support.  */
-
-  unlink (lname);
-  xfree (lname);
-  return res;
-}
-#endif /*HAVE_POSIX_SYSTEM */
-
-
-
-#ifdef  HAVE_POSIX_SYSTEM
-/* Locking core for Unix.  It used a temporary file and the link
-   system call to make locking an atomic operation. */
-static dotlock_t
-dotlock_create_unix (dotlock_t h, const char *file_to_lock)
-{
-  int  fd = -1;
-  char pidstr[16];
-  const char *nodename;
-  const char *dirpart;
-  int dirpartlen;
-  struct utsname utsbuf;
-  size_t tnamelen;
-
-  snprintf (pidstr, sizeof pidstr, "%10d\n", (int)getpid() );
-
-  /* Create a temporary file. */
-  if ( uname ( &utsbuf ) )
-    nodename = "unknown";
-  else
-    nodename = utsbuf.nodename;
-
-  if ( !(dirpart = strrchr (file_to_lock, DIRSEP_C)) )
-    {
-      dirpart = EXTSEP_S;
-      dirpartlen = 1;
-    }
-  else
-    {
-      dirpartlen = dirpart - file_to_lock;
-      dirpart = file_to_lock;
-    }
-
-  LOCK_all_lockfiles ();
-  h->next = all_lockfiles;
-  all_lockfiles = h;
-
-  tnamelen = dirpartlen + 6 + 30 + strlen(nodename) + 10 + 1;
-  h->tname = xtrymalloc (tnamelen + 1);
-  if (!h->tname)
-    {
-      all_lockfiles = h->next;
-      UNLOCK_all_lockfiles ();
-      xfree (h);
-      return NULL;
-    }
-  h->nodename_len = strlen (nodename);
-
-  snprintf (h->tname, tnamelen, "%.*s/.#lk%p.", dirpartlen, dirpart, h );
-  h->nodename_off = strlen (h->tname);
-  snprintf (h->tname+h->nodename_off, tnamelen - h->nodename_off,
-           "%s.%d", nodename, (int)getpid ());
-
-  do
-    {
-      my_set_errno (0);
-      fd = open (h->tname, O_WRONLY|O_CREAT|O_EXCL,
-                 S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR );
-    }
-  while (fd == -1 && errno == EINTR);
-
-  if ( fd == -1 )
-    {
-      all_lockfiles = h->next;
-      UNLOCK_all_lockfiles ();
-      my_error_2 (_("failed to create temporary file '%s': %s\n"),
-                  h->tname, strerror(errno));
-      xfree (h->tname);
-      xfree (h);
-      return NULL;
-    }
-  if ( write (fd, pidstr, 11 ) != 11 )
-    goto write_failed;
-  if ( write (fd, nodename, strlen (nodename) ) != strlen (nodename) )
-    goto write_failed;
-  if ( write (fd, "\n", 1 ) != 1 )
-    goto write_failed;
-  if ( close (fd) )
-    {
-      if ( errno == EINTR )
-        fd = -1;
-      goto write_failed;
-    }
-  fd = -1;
-
-  /* Check whether we support hard links.  */
-  switch (use_hardlinks_p (h->tname))
-    {
-    case 0: /* Yes.  */
-      break;
-    case 1: /* No.  */
-      unlink (h->tname);
-      h->use_o_excl = 1;
-      break;
-    default:
-      my_error_2 ("can't check whether hardlinks are supported for '%s': %s\n",
-                  h->tname, strerror(errno));
-      goto write_failed;
-    }
-
-  h->lockname = xtrymalloc (strlen (file_to_lock) + 6 );
-  if (!h->lockname)
-    {
-      all_lockfiles = h->next;
-      UNLOCK_all_lockfiles ();
-      unlink (h->tname);
-      xfree (h->tname);
-      xfree (h);
-      return NULL;
-    }
-  strcpy (stpcpy (h->lockname, file_to_lock), EXTSEP_S "lock");
-  UNLOCK_all_lockfiles ();
-  if (h->use_o_excl)
-    my_debug_1 ("locking for '%s' done via O_EXCL\n", h->lockname);
-
-  return h;
-
- write_failed:
-  all_lockfiles = h->next;
-  UNLOCK_all_lockfiles ();
-  my_error_2 (_("error writing to '%s': %s\n"), h->tname, strerror (errno));
-  if ( fd != -1 )
-    close (fd);
-  unlink (h->tname);
-  xfree (h->tname);
-  xfree (h);
-  return NULL;
-}
-#endif /*HAVE_POSIX_SYSTEM*/
-
-
-#ifdef HAVE_DOSISH_SYSTEM
-/* Locking core for Windows.  This version does not need a temporary
-   file but uses the plain lock file along with record locking.  We
-   create this file here so that we later only need to do the file
-   locking.  For error reporting it is useful to keep the name of the
-   file in the handle.  */
-static dotlock_t
-dotlock_create_w32 (dotlock_t h, const char *file_to_lock)
-{
-  LOCK_all_lockfiles ();
-  h->next = all_lockfiles;
-  all_lockfiles = h;
-
-  h->lockname = xtrymalloc ( strlen (file_to_lock) + 6 );
-  if (!h->lockname)
-    {
-      all_lockfiles = h->next;
-      UNLOCK_all_lockfiles ();
-      xfree (h);
-      return NULL;
-    }
-  strcpy (stpcpy(h->lockname, file_to_lock), EXTSEP_S "lock");
-
-  /* If would be nice if we would use the FILE_FLAG_DELETE_ON_CLOSE
-     along with FILE_SHARE_DELETE but that does not work due to a race
-     condition: Despite the OPEN_ALWAYS flag CreateFile may return an
-     error and we can't reliable create/open the lock file unless we
-     would wait here until it works - however there are other valid
-     reasons why a lock file can't be created and thus the process
-     would not stop as expected but spin until Windows crashes.  Our
-     solution is to keep the lock file open; that does not harm. */
-  {
-#ifdef HAVE_W32CE_SYSTEM
-    wchar_t *wname = utf8_to_wchar (h->lockname);
-
-    if (wname)
-      h->lockhd = CreateFile (wname,
-                              GENERIC_READ|GENERIC_WRITE,
-                              FILE_SHARE_READ|FILE_SHARE_WRITE,
-                              NULL, OPEN_ALWAYS, 0, NULL);
-    else
-      h->lockhd = INVALID_HANDLE_VALUE;
-    xfree (wname);
-#else
-    h->lockhd = CreateFile (h->lockname,
-                            GENERIC_READ|GENERIC_WRITE,
-                            FILE_SHARE_READ|FILE_SHARE_WRITE,
-                            NULL, OPEN_ALWAYS, 0, NULL);
-#endif
-  }
-  if (h->lockhd == INVALID_HANDLE_VALUE)
-    {
-      all_lockfiles = h->next;
-      UNLOCK_all_lockfiles ();
-      my_error_2 (_("can't create '%s': %s\n"), h->lockname, w32_strerror (-1));
-      xfree (h->lockname);
-      xfree (h);
-      return NULL;
-    }
-  return h;
-}
-#endif /*HAVE_DOSISH_SYSTEM*/
-
-
-/* Create a lockfile for a file name FILE_TO_LOCK and returns an
-   object of type dotlock_t which may be used later to actually acquire
-   the lock.  A cleanup routine gets installed to cleanup left over
-   locks or other files used internally by the lock mechanism.
-
-   Calling this function with NULL does only install the atexit
-   handler and may thus be used to assure that the cleanup is called
-   after all other atexit handlers.
-
-   This function creates a lock file in the same directory as
-   FILE_TO_LOCK using that name and a suffix of ".lock".  Note that on
-   POSIX systems a temporary file ".#lk..pid[.threadid] is
-   used.
-
-   FLAGS must be 0.
-
-   The function returns an new handle which needs to be released using
-   destroy_dotlock but gets also released at the termination of the
-   process.  On error NULL is returned.
- */
-
-dotlock_t
-dotlock_create (const char *file_to_lock, unsigned int flags)
-{
-  static int initialized;
-  dotlock_t h;
-
-  if ( !initialized )
-    {
-      atexit (dotlock_remove_lockfiles);
-      initialized = 1;
-    }
-
-  if ( !file_to_lock )
-    return NULL;  /* Only initialization was requested.  */
-
-  if (flags)
-    {
-      my_set_errno (EINVAL);
-      return NULL;
-    }
-
-  h = xtrycalloc (1, sizeof *h);
-  if (!h)
-    return NULL;
-  h->extra_fd = -1;
-
-  if (never_lock)
-    {
-      h->disable = 1;
-      LOCK_all_lockfiles ();
-      h->next = all_lockfiles;
-      all_lockfiles = h;
-      UNLOCK_all_lockfiles ();
-      return h;
-    }
-
-#ifdef HAVE_DOSISH_SYSTEM
-  return dotlock_create_w32 (h, file_to_lock);
-#else /*!HAVE_DOSISH_SYSTEM */
-  return dotlock_create_unix (h, file_to_lock);
-#endif /*!HAVE_DOSISH_SYSTEM*/
-}
-
-
-
-/* Convenience function to store a file descriptor (or any any other
-   integer value) in the context of handle H.  */
-void
-dotlock_set_fd (dotlock_t h, int fd)
-{
-  h->extra_fd = fd;
-}
-
-/* Convenience function to retrieve a file descriptor (or any any other
-   integer value) stored in the context of handle H.  */
-int
-dotlock_get_fd (dotlock_t h)
-{
-  return h->extra_fd;
-}
-
-
-
-#ifdef HAVE_POSIX_SYSTEM
-/* Unix specific code of destroy_dotlock.  */
-static void
-dotlock_destroy_unix (dotlock_t h)
-{
-  if (h->locked && h->lockname)
-    unlink (h->lockname);
-  if (h->tname && !h->use_o_excl)
-    unlink (h->tname);
-  xfree (h->tname);
-}
-#endif /*HAVE_POSIX_SYSTEM*/
-
-
-#ifdef HAVE_DOSISH_SYSTEM
-/* Windows specific code of destroy_dotlock.  */
-static void
-dotlock_destroy_w32 (dotlock_t h)
-{
-  if (h->locked)
-    {
-      OVERLAPPED ovl;
-
-      memset (&ovl, 0, sizeof ovl);
-      UnlockFileEx (h->lockhd, 0, 1, 0, &ovl);
-    }
-  CloseHandle (h->lockhd);
-}
-#endif /*HAVE_DOSISH_SYSTEM*/
-
-
-/* Destroy the locck handle H and release the lock.  */
-void
-dotlock_destroy (dotlock_t h)
-{
-  dotlock_t hprev, htmp;
-
-  if ( !h )
-    return;
-
-  /* First remove the handle from our global list of all locks. */
-  LOCK_all_lockfiles ();
-  for (hprev=NULL, htmp=all_lockfiles; htmp; hprev=htmp, htmp=htmp->next)
-    if (htmp == h)
-      {
-        if (hprev)
-          hprev->next = htmp->next;
-        else
-          all_lockfiles = htmp->next;
-        h->next = NULL;
-        break;
-      }
-  UNLOCK_all_lockfiles ();
-
-  /* Then destroy the lock. */
-  if (!h->disable)
-    {
-#ifdef HAVE_DOSISH_SYSTEM
-      dotlock_destroy_w32 (h);
-#else /* !HAVE_DOSISH_SYSTEM */
-      dotlock_destroy_unix (h);
-#endif /* HAVE_DOSISH_SYSTEM */
-      xfree (h->lockname);
-    }
-  xfree(h);
-}
-
-
-
-#ifdef HAVE_POSIX_SYSTEM
-/* Unix specific code of make_dotlock.  Returns 0 on success and -1 on
-   error.  */
-static int
-dotlock_take_unix (dotlock_t h, long timeout)
-{
-  int wtime = 0;
-  int sumtime = 0;
-  int pid;
-  int lastpid = -1;
-  int ownerchanged;
-  const char *maybe_dead="";
-  int same_node;
-
- again:
-  if (h->use_o_excl)
-    {
-      /* No hardlink support - use open(O_EXCL).  */
-      int fd;
-
-      do
-        {
-          my_set_errno (0);
-          fd = open (h->lockname, O_WRONLY|O_CREAT|O_EXCL,
-                     S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR );
-        }
-      while (fd == -1 && errno == EINTR);
-
-      if (fd == -1 && errno == EEXIST)
-        ; /* Lock held by another process.  */
-      else if (fd == -1)
-        {
-          my_error_2 ("lock not made: open(O_EXCL) of '%s' failed: %s\n",
-                      h->lockname, strerror (errno));
-          return -1;
-        }
-      else
-        {
-          char pidstr[16];
-
-          snprintf (pidstr, sizeof pidstr, "%10d\n", (int)getpid());
-          if (write (fd, pidstr, 11 ) == 11
-              && write (fd, h->tname + h->nodename_off,h->nodename_len)
-              == h->nodename_len
-              && write (fd, "\n", 1) == 1
-              && !close (fd))
-            {
-              h->locked = 1;
-              return 0;
-            }
-          /* Write error.  */
-          my_error_2 ("lock not made: writing to '%s' failed: %s\n",
-                      h->lockname, strerror (errno));
-          close (fd);
-          unlink (h->lockname);
-          return -1;
-        }
-    }
-  else /* Standard method:  Use hardlinks.  */
-    {
-      struct stat sb;
-
-      /* We ignore the return value of link() because it is unreliable.  */
-      (void) link (h->tname, h->lockname);
-
-      if (stat (h->tname, &sb))
-        {
-          my_error_1 ("lock not made: Oops: stat of tmp file failed: %s\n",
-                      strerror (errno));
-          /* In theory this might be a severe error: It is possible
-             that link succeeded but stat failed due to changed
-             permissions.  We can't do anything about it, though.  */
-          return -1;
-        }
-
-      if (sb.st_nlink == 2)
-        {
-          h->locked = 1;
-          return 0; /* Okay.  */
-        }
-    }
-
-  /* Check for stale lock files.  */
-  if ( (pid = read_lockfile (h, &same_node)) == -1 )
-    {
-      if ( errno != ENOENT )
-        {
-          my_info_0 ("cannot read lockfile\n");
-          return -1;
-        }
-      my_info_0 ("lockfile disappeared\n");
-      goto again;
-    }
-  else if ( pid == getpid() && same_node )
-    {
-      my_info_0 ("Oops: lock already held by us\n");
-      h->locked = 1;
-      return 0; /* okay */
-    }
-  else if ( same_node && kill (pid, 0) && errno == ESRCH )
-    {
-      /* Note: It is unlikley that we get a race here unless a pid is
-         reused too fast or a new process with the same pid as the one
-         of the stale file tries to lock right at the same time as we.  */
-      my_info_1 (_("removing stale lockfile (created by %d)\n"), pid);
-      unlink (h->lockname);
-      goto again;
-    }
-
-  if (lastpid == -1)
-    lastpid = pid;
-  ownerchanged = (pid != lastpid);
-
-  if (timeout)
-    {
-      struct timeval tv;
-
-      /* Wait until lock has been released.  We use increasing retry
-         intervals of 50ms, 100ms, 200ms, 400ms, 800ms, 2s, 4s and 8s
-         but reset it if the lock owner meanwhile changed.  */
-      if (!wtime || ownerchanged)
-        wtime = 50;
-      else if (wtime < 800)
-        wtime *= 2;
-      else if (wtime == 800)
-        wtime = 2000;
-      else if (wtime < 8000)
-        wtime *= 2;
-
-      if (timeout > 0)
-        {
-          if (wtime > timeout)
-            wtime = timeout;
-          timeout -= wtime;
-        }
-
-      sumtime += wtime;
-      if (sumtime >= 1500)
-        {
-          sumtime = 0;
-          my_info_3 (_("waiting for lock (held by %d%s) %s...\n"),
-                     pid, maybe_dead, maybe_deadlock(h)? _("(deadlock?) "):"");
-        }
-
-
-      tv.tv_sec = wtime / 1000;
-      tv.tv_usec = (wtime % 1000) * 1000;
-      select (0, NULL, NULL, NULL, &tv);
-      goto again;
-    }
-
-  my_set_errno (EACCES);
-  return -1;
-}
-#endif /*HAVE_POSIX_SYSTEM*/
-
-
-#ifdef HAVE_DOSISH_SYSTEM
-/* Windows specific code of make_dotlock.  Returns 0 on success and -1 on
-   error.  */
-static int
-dotlock_take_w32 (dotlock_t h, long timeout)
-{
-  int wtime = 0;
-  int w32err;
-  OVERLAPPED ovl;
-
- again:
-  /* Lock one byte at offset 0.  The offset is given by OVL.  */
-  memset (&ovl, 0, sizeof ovl);
-  if (LockFileEx (h->lockhd, (LOCKFILE_EXCLUSIVE_LOCK
-                              | LOCKFILE_FAIL_IMMEDIATELY), 0, 1, 0, &ovl))
-    {
-      h->locked = 1;
-      return 0; /* okay */
-    }
-
-  w32err = GetLastError ();
-  if (w32err != ERROR_LOCK_VIOLATION)
-    {
-      my_error_2 (_("lock '%s' not made: %s\n"),
-                  h->lockname, w32_strerror (w32err));
-      return -1;
-    }
-
-  if (timeout)
-    {
-      /* Wait until lock has been released.  We use retry intervals of
-         50ms, 100ms, 200ms, 400ms, 800ms, 2s, 4s and 8s.  */
-      if (!wtime)
-        wtime = 50;
-      else if (wtime < 800)
-        wtime *= 2;
-      else if (wtime == 800)
-        wtime = 2000;
-      else if (wtime < 8000)
-        wtime *= 2;
-
-      if (timeout > 0)
-        {
-          if (wtime > timeout)
-            wtime = timeout;
-          timeout -= wtime;
-        }
-
-      if (wtime >= 800)
-        my_info_1 (_("waiting for lock %s...\n"), h->lockname);
-
-      Sleep (wtime);
-      goto again;
-    }
-
-  return -1;
-}
-#endif /*HAVE_DOSISH_SYSTEM*/
-
-
-/* Take a lock on H.  A value of 0 for TIMEOUT returns immediately if
-   the lock can't be taked, -1 waits forever (hopefully not), other
-   values wait for TIMEOUT milliseconds.  Returns: 0 on success  */
-int
-dotlock_take (dotlock_t h, long timeout)
-{
-  int ret;
-
-  if ( h->disable )
-    return 0; /* Locks are completely disabled.  Return success. */
-
-  if ( h->locked )
-    {
-      my_debug_1 ("Oops, '%s' is already locked\n", h->lockname);
-      return 0;
-    }
-
-#ifdef HAVE_DOSISH_SYSTEM
-  ret = dotlock_take_w32 (h, timeout);
-#else /*!HAVE_DOSISH_SYSTEM*/
-  ret = dotlock_take_unix (h, timeout);
-#endif /*!HAVE_DOSISH_SYSTEM*/
-
-  return ret;
-}
-
-
-
-#ifdef HAVE_POSIX_SYSTEM
-/* Unix specific code of release_dotlock.  */
-static int
-dotlock_release_unix (dotlock_t h)
-{
-  int pid, same_node;
-
-  pid = read_lockfile (h, &same_node);
-  if ( pid == -1 )
-    {
-      my_error_0 ("release_dotlock: lockfile error\n");
-      return -1;
-    }
-  if ( pid != getpid() || !same_node )
-    {
-      my_error_1 ("release_dotlock: not our lock (pid=%d)\n", pid);
-      return -1;
-    }
-
-  if ( unlink( h->lockname ) )
-    {
-      my_error_1 ("release_dotlock: error removing lockfile '%s'\n",
-                  h->lockname);
-      return -1;
-    }
-  /* Fixme: As an extra check we could check whether the link count is
-     now really at 1. */
-  return 0;
-}
-#endif /*HAVE_POSIX_SYSTEM */
-
-
-#ifdef HAVE_DOSISH_SYSTEM
-/* Windows specific code of release_dotlock.  */
-static int
-dotlock_release_w32 (dotlock_t h)
-{
-  OVERLAPPED ovl;
-
-  memset (&ovl, 0, sizeof ovl);
-  if (!UnlockFileEx (h->lockhd, 0, 1, 0, &ovl))
-    {
-      my_error_2 ("release_dotlock: error removing lockfile '%s': %s\n",
-                  h->lockname, w32_strerror (-1));
-      return -1;
-    }
-
-  return 0;
-}
-#endif /*HAVE_DOSISH_SYSTEM */
-
-
-/* Release a lock.  Returns 0 on success.  */
-int
-dotlock_release (dotlock_t h)
-{
-  int ret;
-
-  /* To avoid atexit race conditions we first check whether there are
-     any locks left.  It might happen that another atexit handler
-     tries to release the lock while the atexit handler of this module
-     already ran and thus H is undefined.  */
-  LOCK_all_lockfiles ();
-  ret = !all_lockfiles;
-  UNLOCK_all_lockfiles ();
-  if (ret)
-    return 0;
-
-  if ( h->disable )
-    return 0;
-
-  if ( !h->locked )
-    {
-      my_debug_1 ("Oops, '%s' is not locked\n", h->lockname);
-      return 0;
-    }
-
-#ifdef HAVE_DOSISH_SYSTEM
-  ret = dotlock_release_w32 (h);
-#else
-  ret = dotlock_release_unix (h);
-#endif
-
-  if (!ret)
-    h->locked = 0;
-  return ret;
-}
-
-
-
-/* Remove all lockfiles.  This is called by the atexit handler
-   installed by this module but may also be called by other
-   termination handlers.  */
-void
-dotlock_remove_lockfiles (void)
-{
-  dotlock_t h, h2;
-
-  /* First set the lockfiles list to NULL so that for example
-     dotlock_release is ware that this fucntion is currently
-     running.  */
-  LOCK_all_lockfiles ();
-  h = all_lockfiles;
-  all_lockfiles = NULL;
-  UNLOCK_all_lockfiles ();
-
-  while ( h )
-    {
-      h2 = h->next;
-      dotlock_destroy (h);
-      h = h2;
-    }
-}
diff -Nru gnupg2-2.1.6/common/dotlock.h gnupg2-2.0.28/common/dotlock.h
--- gnupg2-2.1.6/common/dotlock.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/dotlock.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,112 +0,0 @@
-/* dotlock.h - dotfile locking declarations
- * Copyright (C) 2000, 2001, 2006, 2011 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- *
- * ALTERNATIVELY, this file may be distributed under the terms of the
- * following license, in which case the provisions of this license are
- * required INSTEAD OF the GNU Lesser General License or the GNU
- * General Public License. If you wish to allow use of your version of
- * this file only under the terms of the GNU Lesser General License or
- * the GNU General Public License, and not to allow others to use your
- * version of this file under the terms of the following license,
- * indicate your decision by deleting this paragraph and the license
- * below.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, and the entire permission notice in its entirety,
- *    including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior
- *    written permission.
- *
- * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef GNUPG_COMMON_DOTLOCK_H
-#define GNUPG_COMMON_DOTLOCK_H
-
-/* See dotlock.c for a description.  */
-
-#ifdef DOTLOCK_EXT_SYM_PREFIX
-# ifndef _DOTLOCK_PREFIX
-#  define _DOTLOCK_PREFIX1(x,y)  x ## y
-#  define _DOTLOCK_PREFIX2(x,y) _DOTLOCK_PREFIX1(x,y)
-#  define _DOTLOCK_PREFIX(x)    _DOTLOCK_PREFIX2(DOTLOCK_EXT_SYM_PREFIX,x)
-# endif /*_DOTLOCK_PREFIX*/
-# define dotlock_disable          _DOTLOCK_PREFIX(dotlock_disable)
-# define dotlock_create           _DOTLOCK_PREFIX(dotlock_create)
-# define dotlock_set_fd           _DOTLOCK_PREFIX(dotlock_set_fd)
-# define dotlock_get_fd           _DOTLOCK_PREFIX(dotlock_get_fd)
-# define dotlock_destroy          _DOTLOCK_PREFIX(dotlock_destroy)
-# define dotlock_take             _DOTLOCK_PREFIX(dotlock_take)
-# define dotlock_release          _DOTLOCK_PREFIX(dotlock_release)
-# define dotlock_remove_lockfiles _DOTLOCK_PREFIX(dotlock_remove_lockfiles)
-#endif /*DOTLOCK_EXT_SYM_PREFIX*/
-
-#ifdef __cplusplus
-extern "C"
-{
-#if 0
-}
-#endif
-#endif
-
-
-struct dotlock_handle;
-typedef struct dotlock_handle *dotlock_t;
-
-void dotlock_disable (void);
-dotlock_t dotlock_create (const char *file_to_lock, unsigned int flags);
-void dotlock_set_fd (dotlock_t h, int fd);
-int  dotlock_get_fd (dotlock_t h);
-void dotlock_destroy (dotlock_t h);
-int dotlock_take (dotlock_t h, long timeout);
-int dotlock_release (dotlock_t h);
-void dotlock_remove_lockfiles (void);
-
-#ifdef __cplusplus
-}
-#endif
-#endif /*GNUPG_COMMON_DOTLOCK_H*/
diff -Nru gnupg2-2.1.6/common/dynload.h gnupg2-2.0.28/common/dynload.h
--- gnupg2-2.1.6/common/dynload.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/dynload.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,97 +0,0 @@
-/* dynload.h - Wrapper functions for run-time dynamic loading
- *      Copyright (C) 2003, 2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifndef GNUPG_COMMON_DYNLOAD_H
-#define GNUPG_COMMON_DYNLOAD_H
-
-#ifndef __MINGW32__
-# include 
-#else
-# include 
-# include "utf8conv.h"
-# include "mischelp.h"
-# define RTLD_LAZY 0
-
-static inline void *
-dlopen (const char *name, int flag)
-{
-  void *hd;
-#ifdef HAVE_W32CE_SYSTEM
-  wchar_t *wname = utf8_to_wchar (name);
-  hd = wname? LoadLibrary (wname) : NULL;
-  xfree (wname);
-#else
-  hd = LoadLibrary (name);
-#endif
-  (void)flag;
-  return hd;
-}
-
-static inline void *
-dlsym (void *hd, const char *sym)
-{
-  if (hd && sym)
-    {
-#ifdef HAVE_W32CE_SYSTEM
-      wchar_t *wsym = utf8_to_wchar (sym);
-      void *fnc = wsym? GetProcAddress (hd, wsym) : NULL;
-      xfree (wsym);
-#else
-      void *fnc = GetProcAddress (hd, sym);
-#endif
-      if (!fnc)
-        return NULL;
-      return fnc;
-    }
-  return NULL;
-}
-
-
-static inline const char *
-dlerror (void)
-{
-  static char buf[32];
-  snprintf (buf, sizeof buf, "ec=%lu", GetLastError ());
-  return buf;
-}
-
-
-static inline int
-dlclose (void * hd)
-{
-  if (hd)
-    {
-      CloseHandle (hd);
-      return 0;
-    }
-  return -1;
-}
-# endif /*__MINGW32__*/
-#endif /*GNUPG_COMMON_DYNLOAD_H*/
diff -Nru gnupg2-2.1.6/common/estream.c gnupg2-2.0.28/common/estream.c
--- gnupg2-2.1.6/common/estream.c	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/common/estream.c	2015-06-02 08:13:55.000000000 +0000
@@ -0,0 +1,3823 @@
+/* estream.c - Extended Stream I/O Library
+ * Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010 g10 Code GmbH
+ *
+ * This file is part of Libestream.
+ *
+ * Libestream is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Libestream is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Libestream; if not, see .
+ *
+ * ALTERNATIVELY, Libestream may be distributed under the terms of the
+ * following license, in which case the provisions of this license are
+ * required INSTEAD OF the GNU General Public License. If you wish to
+ * allow use of your version of this file only under the terms of the
+ * GNU General Public License, and not to allow others to use your
+ * version of this file under the terms of the following license,
+ * indicate your decision by deleting this paragraph and the license
+ * below.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef USE_ESTREAM_SUPPORT_H
+# include 
+#endif
+
+#ifdef HAVE_CONFIG_H
+# include 
+#endif
+
+#if defined(_WIN32) && !defined(HAVE_W32_SYSTEM)
+# define HAVE_W32_SYSTEM 1
+# if defined(__MINGW32CE__) && !defined (HAVE_W32CE_SYSTEM)
+#  define HAVE_W32CE_SYSTEM
+# endif
+#endif
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#ifdef HAVE_W32_SYSTEM
+# ifdef HAVE_WINSOCK2_H
+#  include 
+# endif
+# include 
+#endif
+#ifdef HAVE_W32CE_SYSTEM
+# include  /* ERRNO replacement.  */
+#endif
+
+#ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth.  */
+# undef HAVE_PTH
+# undef USE_GNU_PTH
+#endif
+
+#ifdef HAVE_PTH
+# include 
+#endif
+
+/* This is for the special hack to use estream.c in GnuPG.  */
+#ifdef GNUPG_MAJOR_VERSION
+# include "../common/util.h"
+#endif
+
+#ifndef HAVE_MKSTEMP
+int mkstemp (char *template);
+#endif
+
+#ifndef HAVE_MEMRCHR
+void *memrchr (const void *block, int c, size_t size);
+#endif
+
+#include 
+#include 
+
+
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+#ifdef HAVE_W32CE_SYSTEM
+# define _set_errno(a)  gpg_err_set_errno ((a))
+/* Setmode is missing in cegcc but available since CE 5.0.  */
+int _setmode (int handle, int mode);
+# define setmode(a,b)   _setmode ((a),(b))
+#else
+# define _set_errno(a)  do { errno = (a); } while (0)
+#endif
+
+#ifdef HAVE_W32_SYSTEM
+# define IS_INVALID_FD(a) ((void*)(a) == (void*)(-1))
+#else
+# define IS_INVALID_FD(a) ((a) == -1)
+#endif
+
+
+/* Generally used types.  */
+
+typedef void *(*func_realloc_t) (void *mem, size_t size);
+typedef void (*func_free_t) (void *mem);
+
+
+
+
+/* Buffer management layer.  */
+
+#define BUFFER_BLOCK_SIZE  BUFSIZ
+#define BUFFER_UNREAD_SIZE 16
+
+
+
+/* Locking.  */
+
+#ifdef HAVE_PTH
+typedef pth_mutex_t estream_mutex_t;
+#else /*!HAVE_PTH*/
+typedef void *estream_mutex_t;
+#endif /*!HAVE_PTH*/
+
+static inline void
+dummy_mutex_call_void (estream_mutex_t mutex)
+{
+  (void)mutex;
+}
+
+static inline int
+dummy_mutex_call_int (estream_mutex_t mutex)
+{
+  (void)mutex;
+  return 0;
+}
+
+
+#ifdef HAVE_PTH
+
+static int estream_pth_killed;
+
+# define ESTREAM_MUTEX_INITIALIZER PTH_MUTEX_INIT
+# define ESTREAM_MUTEX_LOCK(mutex)                              \
+  (estream_pth_killed ? dummy_mutex_call_void ((mutex))         \
+   : (void)pth_mutex_acquire (&(mutex), 0, NULL))
+# define ESTREAM_MUTEX_UNLOCK(mutex)                            \
+  (estream_pth_killed ? dummy_mutex_call_int ((mutex))          \
+   : pth_mutex_release (&(mutex)))
+# define ESTREAM_MUTEX_TRYLOCK(mutex)                                   \
+  (estream_pth_killed ? dummy_mutex_call_int ((mutex))                  \
+   : ((pth_mutex_acquire (&(mutex), 1, NULL) == TRUE)? 0:-1))
+# define ESTREAM_MUTEX_INITIALIZE(mutex)                        \
+  (estream_pth_killed ? dummy_mutex_call_int ((mutex))          \
+   : pth_mutex_init (&(mutex)))
+
+#else /*!HAVE_PTH*/
+
+# define ESTREAM_MUTEX_INITIALIZER NULL
+# define ESTREAM_MUTEX_LOCK(mutex) dummy_mutex_call_void ((mutex))
+# define ESTREAM_MUTEX_UNLOCK(mutex) dummy_mutex_call_void ((mutex))
+# define ESTREAM_MUTEX_TRYLOCK(mutex) dummy_mutex_call_int ((mutex))
+# define ESTREAM_MUTEX_INITIALIZE(mutex) dummy_mutex_call_void ((mutex))
+
+#endif /*!HAVE_PTH*/
+
+/* Primitive system I/O.  */
+
+#ifdef HAVE_PTH
+# define ESTREAM_SYS_READ  es_pth_read
+# define ESTREAM_SYS_WRITE es_pth_write
+# define ESTREAM_SYS_YIELD() \
+  do { if (!estream_pth_killed) pth_yield (NULL); } while (0)
+#else
+# define ESTREAM_SYS_READ  read
+# define ESTREAM_SYS_WRITE write
+# define ESTREAM_SYS_YIELD() do { } while (0)
+#endif
+
+/* Misc definitions.  */
+
+#define ES_DEFAULT_OPEN_MODE (S_IRUSR | S_IWUSR)
+
+/* A private cookie function to implement an internal IOCTL
+   service.  */
+typedef int (*cookie_ioctl_function_t) (void *cookie, int cmd,
+                                       void *ptr, size_t *len);
+/* IOCTL commands for the private cookie function.  */
+#define COOKIE_IOCTL_SNATCH_BUFFER 1
+
+
+
+/* An internal stream object.  */
+struct estream_internal
+{
+  unsigned char buffer[BUFFER_BLOCK_SIZE];
+  unsigned char unread_buffer[BUFFER_UNREAD_SIZE];
+  estream_mutex_t lock;		 /* Lock. */
+  void *cookie;			 /* Cookie.                */
+  void *opaque;			 /* Opaque data.           */
+  unsigned int modeflags;	 /* Flags for the backend. */
+  char *printable_fname;         /* Malloced filename for es_fname_get.  */
+  off_t offset;
+  es_cookie_read_function_t func_read;
+  es_cookie_write_function_t func_write;
+  es_cookie_seek_function_t func_seek;
+  cookie_ioctl_function_t func_ioctl;
+  es_cookie_close_function_t func_close;
+  int strategy;
+  int fd;
+  struct
+  {
+    unsigned int err: 1;
+    unsigned int eof: 1;
+  } indicators;
+  unsigned int deallocate_buffer: 1;
+  unsigned int is_stdstream:1;   /* This is a standard stream.  */
+  unsigned int stdstream_fd:2;   /* 0, 1 or 2 for a standard stream.  */
+  unsigned int print_err: 1;     /* Error in print_fun_writer.  */
+  unsigned int printable_fname_inuse: 1;  /* es_fname_get has been used.  */
+  int print_errno;               /* Errno from print_fun_writer.  */
+  size_t print_ntotal;           /* Bytes written from in print_fun_writer. */
+  FILE *print_fp;                /* Stdio stream used by print_fun_writer.  */
+};
+
+
+typedef struct estream_internal *estream_internal_t;
+
+#define ESTREAM_LOCK(stream) ESTREAM_MUTEX_LOCK (stream->intern->lock)
+#define ESTREAM_UNLOCK(stream) ESTREAM_MUTEX_UNLOCK (stream->intern->lock)
+#define ESTREAM_TRYLOCK(stream) ESTREAM_MUTEX_TRYLOCK (stream->intern->lock)
+
+/* Stream list.  */
+
+typedef struct estream_list *estream_list_t;
+
+struct estream_list
+{
+  estream_t car;
+  estream_list_t cdr;
+  estream_list_t *prev_cdr;
+};
+
+static estream_list_t estream_list;
+static estream_mutex_t estream_list_lock;
+
+#define ESTREAM_LIST_LOCK   ESTREAM_MUTEX_LOCK   (estream_list_lock)
+#define ESTREAM_LIST_UNLOCK ESTREAM_MUTEX_UNLOCK (estream_list_lock)
+
+/* File descriptors registered to be used as the standard file handles. */
+static int custom_std_fds[3];
+static unsigned char custom_std_fds_valid[3];
+
+
+#ifndef EOPNOTSUPP
+# define EOPNOTSUPP ENOSYS
+#endif
+
+
+/* Local prototypes.  */
+static void fname_set_internal (estream_t stream, const char *fname, int quote);
+
+
+
+
+/* Macros.  */
+
+/* Calculate array dimension.  */
+#ifndef DIM
+#define DIM(array) (sizeof (array) / sizeof (*array))
+#endif
+
+#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
+
+
+/* Evaluate EXPRESSION, setting VARIABLE to the return code, if
+   VARIABLE is zero.  */
+#define SET_UNLESS_NONZERO(variable, tmp_variable, expression) \
+  do                                                           \
+    {                                                          \
+      tmp_variable = expression;                               \
+      if ((! variable) && tmp_variable)                        \
+        variable = tmp_variable;                               \
+    }                                                          \
+  while (0)
+
+
+/* Malloc wrappers to overcome problems on some older OSes.  */
+static void *
+mem_alloc (size_t n)
+{
+  if (!n)
+    n++;
+  return malloc (n);
+}
+
+static void *
+mem_realloc (void *p, size_t n)
+{
+  if (!p)
+    return mem_alloc (n);
+  return realloc (p, n);
+}
+
+static void
+mem_free (void *p)
+{
+  if (p)
+    free (p);
+}
+
+
+
+/*
+ * List manipulation.
+ */
+
+/* Add STREAM to the list of registered stream objects.  If
+   WITH_LOCKED_LIST is true we assumed that the list of streams is
+   already locked.  */
+static int
+es_list_add (estream_t stream, int with_locked_list)
+{
+  estream_list_t list_obj;
+  int ret;
+
+  list_obj = mem_alloc (sizeof (*list_obj));
+  if (! list_obj)
+    ret = -1;
+  else
+    {
+      if (!with_locked_list)
+        ESTREAM_LIST_LOCK;
+      list_obj->car = stream;
+      list_obj->cdr = estream_list;
+      list_obj->prev_cdr = &estream_list;
+      if (estream_list)
+	estream_list->prev_cdr = &list_obj->cdr;
+      estream_list = list_obj;
+      if (!with_locked_list)
+        ESTREAM_LIST_UNLOCK;
+      ret = 0;
+    }
+
+  return ret;
+}
+
+/* Remove STREAM from the list of registered stream objects.  */
+static void
+es_list_remove (estream_t stream, int with_locked_list)
+{
+  estream_list_t list_obj;
+
+  if (!with_locked_list)
+    ESTREAM_LIST_LOCK;
+  for (list_obj = estream_list; list_obj; list_obj = list_obj->cdr)
+    if (list_obj->car == stream)
+      {
+	*list_obj->prev_cdr = list_obj->cdr;
+	if (list_obj->cdr)
+	  list_obj->cdr->prev_cdr = list_obj->prev_cdr;
+	mem_free (list_obj);
+	break;
+      }
+  if (!with_locked_list)
+    ESTREAM_LIST_UNLOCK;
+}
+
+/* Type of an stream-iterator-function.  */
+typedef int (*estream_iterator_t) (estream_t stream);
+
+/* Iterate over list of registered streams, calling ITERATOR for each
+   of them.  */
+static int
+es_list_iterate (estream_iterator_t iterator)
+{
+  estream_list_t list_obj;
+  int ret = 0;
+
+  ESTREAM_LIST_LOCK;
+  for (list_obj = estream_list; list_obj; list_obj = list_obj->cdr)
+    ret |= (*iterator) (list_obj->car);
+  ESTREAM_LIST_UNLOCK;
+
+  return ret;
+}
+
+
+
+/*
+ * I/O Helper
+ *
+ * Unfortunately our Pth emulation for Windows expects system handles
+ * for pth_read and pth_write.  We use a simple approach to fix this:
+ * If the function returns an error we fall back to a vanilla read or
+ * write, assuming that we do I/O on a plain file where the operation
+ * can't block.
+ */
+#ifdef HAVE_PTH
+static int
+es_pth_read (int fd, void *buffer, size_t size)
+{
+  if (estream_pth_killed)
+    return read (fd, buffer, size);
+  else
+    {
+# ifdef HAVE_W32_SYSTEM
+      int rc = pth_read (fd, buffer, size);
+      if (rc == -1 && errno == EINVAL)
+        rc = read (fd, buffer, size);
+      return rc;
+# else /*!HAVE_W32_SYSTEM*/
+      return pth_read (fd, buffer, size);
+# endif /* !HAVE_W32_SYSTEM*/
+    }
+}
+
+static int
+es_pth_write (int fd, const void *buffer, size_t size)
+{
+  if (estream_pth_killed)
+    return write (fd, buffer, size);
+  else
+    {
+# ifdef HAVE_W32_SYSTEM
+      int rc = pth_write (fd, buffer, size);
+      if (rc == -1 && errno == EINVAL)
+        rc = write (fd, buffer, size);
+      return rc;
+# else /*!HAVE_W32_SYSTEM*/
+      return pth_write (fd, buffer, size);
+# endif /* !HAVE_W32_SYSTEM*/
+    }
+}
+#endif /*HAVE_PTH*/
+
+
+
+static void
+es_deinit (void)
+{
+  /* Flush all streams. */
+  es_fflush (NULL);
+}
+
+
+/* A replacement for pth_kill.  The reason we need this is that after
+   a pth_kill all our pth functions may not be used anymore.  Thus
+   applications using estream and pth need to use this function
+   instead of a plain pth_kill.  */
+int
+es_pth_kill (void)
+{
+#ifdef HAVE_PTH
+  int rc;
+
+  rc = pth_kill ();
+  if (rc)
+    estream_pth_killed = 1;
+  return rc;
+#else /*!HAVE_PTH*/
+  return 0;
+#endif /*!HAVE_PTH*/
+}
+
+
+/*
+ * Initialization.
+ */
+
+static int
+es_init_do (void)
+{
+  static int initialized;
+
+  if (!initialized)
+    {
+#ifdef HAVE_PTH
+      if (estream_pth_killed)
+        initialized = 1;
+      else
+        {
+          if (!pth_init () && errno != EPERM )
+            return -1;
+          if (pth_mutex_init (&estream_list_lock))
+            initialized = 1;
+        }
+#else
+      initialized = 1;
+#endif
+      atexit (es_deinit);
+    }
+  return 0;
+}
+
+
+
+/*
+ * I/O methods.
+ */
+
+/* Implementation of Memory I/O.  */
+
+/* Cookie for memory objects.  */
+typedef struct estream_cookie_mem
+{
+  unsigned int modeflags;	/* Open flags.  */
+  unsigned char *memory;	/* Allocated data buffer.  */
+  size_t memory_size;		/* Allocated size of MEMORY.  */
+  size_t memory_limit;          /* Caller supplied maximum allowed
+                                   allocation size or 0 for no limit.  */
+  size_t offset;		/* Current offset in MEMORY.  */
+  size_t data_len;		/* Used length of data in MEMORY.  */
+  size_t block_size;		/* Block size.  */
+  struct {
+    unsigned int grow: 1;	/* MEMORY is allowed to grow.  */
+  } flags;
+  func_realloc_t func_realloc;
+  func_free_t func_free;
+} *estream_cookie_mem_t;
+
+
+/* Create function for memory objects.  DATA is either NULL or a user
+   supplied buffer with the initial content of the memory buffer.  If
+   DATA is NULL, DATA_N and DATA_LEN need to be 0 as well.  If DATA is
+   not NULL, DATA_N gives the allocated size of DATA and DATA_LEN the
+   used length in DATA.  */
+static int
+es_func_mem_create (void *ES__RESTRICT *ES__RESTRICT cookie,
+		    unsigned char *ES__RESTRICT data, size_t data_n,
+		    size_t data_len,
+		    size_t block_size, unsigned int grow,
+		    func_realloc_t func_realloc, func_free_t func_free,
+		    unsigned int modeflags,
+                    size_t memory_limit)
+{
+  estream_cookie_mem_t mem_cookie;
+  int err;
+
+  if (!data && (data_n || data_len))
+    {
+      _set_errno (EINVAL);
+      return -1;
+    }
+
+  mem_cookie = mem_alloc (sizeof (*mem_cookie));
+  if (!mem_cookie)
+    err = -1;
+  else
+    {
+      mem_cookie->modeflags = modeflags;
+      mem_cookie->memory = data;
+      mem_cookie->memory_size = data_n;
+      mem_cookie->memory_limit = memory_limit;
+      mem_cookie->offset = 0;
+      mem_cookie->data_len = data_len;
+      mem_cookie->block_size = block_size;
+      mem_cookie->flags.grow = !!grow;
+      mem_cookie->func_realloc = func_realloc ? func_realloc : mem_realloc;
+      mem_cookie->func_free = func_free ? func_free : mem_free;
+      *cookie = mem_cookie;
+      err = 0;
+    }
+
+  return err;
+}
+
+
+/* Read function for memory objects.  */
+static ssize_t
+es_func_mem_read (void *cookie, void *buffer, size_t size)
+{
+  estream_cookie_mem_t mem_cookie = cookie;
+  ssize_t ret;
+
+  if (size > mem_cookie->data_len - mem_cookie->offset)
+    size = mem_cookie->data_len - mem_cookie->offset;
+
+  if (size)
+    {
+      memcpy (buffer, mem_cookie->memory + mem_cookie->offset, size);
+      mem_cookie->offset += size;
+    }
+
+  ret = size;
+  return ret;
+}
+
+
+/* Write function for memory objects.  */
+static ssize_t
+es_func_mem_write (void *cookie, const void *buffer, size_t size)
+{
+  estream_cookie_mem_t mem_cookie = cookie;
+  ssize_t ret;
+  size_t nleft;
+
+  if (!size)
+    return 0;  /* A flush is a NOP for memory objects.  */
+
+  if (mem_cookie->modeflags & O_APPEND)
+    {
+      /* Append to data.  */
+      mem_cookie->offset = mem_cookie->data_len;
+    }
+
+  assert (mem_cookie->memory_size >= mem_cookie->offset);
+  nleft = mem_cookie->memory_size - mem_cookie->offset;
+
+  /* If we are not allowed to grow limit the size to the left space.  */
+  if (!mem_cookie->flags.grow && size > nleft)
+    size = nleft;
+
+  /* Enlarge the memory buffer if needed.  */
+  if (size > nleft)
+    {
+      unsigned char *newbuf;
+      size_t newsize;
+
+      if (!mem_cookie->memory_size)
+        newsize = size;  /* Not yet allocated.  */
+      else
+        newsize = mem_cookie->memory_size + (size - nleft);
+      if (newsize < mem_cookie->offset)
+        {
+          _set_errno (EINVAL);
+          return -1;
+        }
+
+      /* Round up to the next block length.  BLOCK_SIZE should always
+         be set; we check anyway.  */
+      if (mem_cookie->block_size)
+        {
+          newsize += mem_cookie->block_size - 1;
+          if (newsize < mem_cookie->offset)
+            {
+              _set_errno (EINVAL);
+              return -1;
+            }
+          newsize /= mem_cookie->block_size;
+          newsize *= mem_cookie->block_size;
+        }
+
+      /* Check for a total limit.  */
+      if (mem_cookie->memory_limit && newsize > mem_cookie->memory_limit)
+        {
+          _set_errno (ENOSPC);
+          return -1;
+        }
+
+      newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize);
+      if (!newbuf)
+        return -1;
+
+      mem_cookie->memory = newbuf;
+      mem_cookie->memory_size = newsize;
+
+      assert (mem_cookie->memory_size >= mem_cookie->offset);
+      nleft = mem_cookie->memory_size - mem_cookie->offset;
+
+      assert (size <= nleft);
+    }
+
+  memcpy (mem_cookie->memory + mem_cookie->offset, buffer, size);
+  if (mem_cookie->offset + size > mem_cookie->data_len)
+    mem_cookie->data_len = mem_cookie->offset + size;
+  mem_cookie->offset += size;
+
+  ret = size;
+  return ret;
+}
+
+
+/* Seek function for memory objects.  */
+static int
+es_func_mem_seek (void *cookie, off_t *offset, int whence)
+{
+  estream_cookie_mem_t mem_cookie = cookie;
+  off_t pos_new;
+
+  switch (whence)
+    {
+    case SEEK_SET:
+      pos_new = *offset;
+      break;
+
+    case SEEK_CUR:
+      pos_new = mem_cookie->offset += *offset;
+      break;
+
+    case SEEK_END:
+      pos_new = mem_cookie->data_len += *offset;
+      break;
+
+    default:
+      _set_errno (EINVAL);
+      return -1;
+    }
+
+  if (pos_new > mem_cookie->memory_size)
+    {
+      size_t newsize;
+      void *newbuf;
+
+      if (!mem_cookie->flags.grow)
+	{
+	  _set_errno (ENOSPC);
+	  return -1;
+        }
+
+      newsize = pos_new + mem_cookie->block_size - 1;
+      if (newsize < pos_new)
+        {
+          _set_errno (EINVAL);
+          return -1;
+        }
+      newsize /= mem_cookie->block_size;
+      newsize *= mem_cookie->block_size;
+
+      if (mem_cookie->memory_limit && newsize > mem_cookie->memory_limit)
+        {
+          _set_errno (ENOSPC);
+          return -1;
+        }
+
+      newbuf = mem_cookie->func_realloc (mem_cookie->memory, newsize);
+      if (!newbuf)
+        return -1;
+
+      mem_cookie->memory = newbuf;
+      mem_cookie->memory_size = newsize;
+    }
+
+  if (pos_new > mem_cookie->data_len)
+    {
+      /* Fill spare space with zeroes.  */
+      memset (mem_cookie->memory + mem_cookie->data_len,
+              0, pos_new - mem_cookie->data_len);
+      mem_cookie->data_len = pos_new;
+    }
+
+  mem_cookie->offset = pos_new;
+  *offset = pos_new;
+
+  return 0;
+}
+
+
+/* An IOCTL function for memory objects.  */
+static int
+es_func_mem_ioctl (void *cookie, int cmd, void *ptr, size_t *len)
+{
+  estream_cookie_mem_t mem_cookie = cookie;
+  int ret;
+
+  if (cmd == COOKIE_IOCTL_SNATCH_BUFFER)
+    {
+      /* Return the internal buffer of the stream to the caller and
+         invalidate it for the stream.  */
+      *(void**)ptr = mem_cookie->memory;
+      *len = mem_cookie->offset;
+      mem_cookie->memory = NULL;
+      mem_cookie->memory_size = 0;
+      mem_cookie->offset = 0;
+      ret = 0;
+    }
+  else
+    {
+      _set_errno (EINVAL);
+      ret = -1;
+    }
+
+  return ret;
+}
+
+
+/* Destroy function for memory objects.  */
+static int
+es_func_mem_destroy (void *cookie)
+{
+  estream_cookie_mem_t mem_cookie = cookie;
+
+  if (cookie)
+    {
+      mem_cookie->func_free (mem_cookie->memory);
+      mem_free (mem_cookie);
+    }
+  return 0;
+}
+
+
+static es_cookie_io_functions_t estream_functions_mem =
+  {
+    es_func_mem_read,
+    es_func_mem_write,
+    es_func_mem_seek,
+    es_func_mem_destroy
+  };
+
+
+
+/* Implementation of fd I/O.  */
+
+/* Cookie for fd objects.  */
+typedef struct estream_cookie_fd
+{
+  int fd;        /* The file descriptor we are using for actual output.  */
+  int no_close;  /* If set we won't close the file descriptor.  */
+} *estream_cookie_fd_t;
+
+/* Create function for fd objects.  */
+static int
+es_func_fd_create (void **cookie, int fd, unsigned int modeflags, int no_close)
+{
+  estream_cookie_fd_t fd_cookie;
+  int err;
+
+  fd_cookie = mem_alloc (sizeof (*fd_cookie));
+  if (! fd_cookie)
+    err = -1;
+  else
+    {
+#ifdef HAVE_DOSISH_SYSTEM
+      /* Make sure it is in binary mode if requested.  */
+      if ( (modeflags & O_BINARY) )
+        setmode (fd, O_BINARY);
+#else
+      (void)modeflags;
+#endif
+      fd_cookie->fd = fd;
+      fd_cookie->no_close = no_close;
+      *cookie = fd_cookie;
+      err = 0;
+    }
+
+  return err;
+}
+
+/* Read function for fd objects.  */
+static ssize_t
+es_func_fd_read (void *cookie, void *buffer, size_t size)
+
+{
+  estream_cookie_fd_t file_cookie = cookie;
+  ssize_t bytes_read;
+
+  if (IS_INVALID_FD (file_cookie->fd))
+    {
+      ESTREAM_SYS_YIELD ();
+      bytes_read = 0;
+    }
+  else
+    {
+      do
+        bytes_read = ESTREAM_SYS_READ (file_cookie->fd, buffer, size);
+      while (bytes_read == -1 && errno == EINTR);
+    }
+
+  return bytes_read;
+}
+
+/* Write function for fd objects.  */
+static ssize_t
+es_func_fd_write (void *cookie, const void *buffer, size_t size)
+{
+  estream_cookie_fd_t file_cookie = cookie;
+  ssize_t bytes_written;
+
+  if (IS_INVALID_FD (file_cookie->fd))
+    {
+      ESTREAM_SYS_YIELD ();
+      bytes_written = size; /* Yeah:  Success writing to the bit bucket.  */
+    }
+  else
+    {
+      do
+        bytes_written = ESTREAM_SYS_WRITE (file_cookie->fd, buffer, size);
+      while (bytes_written == -1 && errno == EINTR);
+    }
+
+  return bytes_written;
+}
+
+/* Seek function for fd objects.  */
+static int
+es_func_fd_seek (void *cookie, off_t *offset, int whence)
+{
+  estream_cookie_fd_t file_cookie = cookie;
+  off_t offset_new;
+  int err;
+
+  if (IS_INVALID_FD (file_cookie->fd))
+    {
+      _set_errno (ESPIPE);
+      err = -1;
+    }
+  else
+    {
+      offset_new = lseek (file_cookie->fd, *offset, whence);
+      if (offset_new == -1)
+        err = -1;
+      else
+        {
+          *offset = offset_new;
+          err = 0;
+        }
+    }
+
+  return err;
+}
+
+/* Destroy function for fd objects.  */
+static int
+es_func_fd_destroy (void *cookie)
+{
+  estream_cookie_fd_t fd_cookie = cookie;
+  int err;
+
+  if (fd_cookie)
+    {
+      if (IS_INVALID_FD (fd_cookie->fd))
+        err = 0;
+      else
+        err = fd_cookie->no_close? 0 : close (fd_cookie->fd);
+      mem_free (fd_cookie);
+    }
+  else
+    err = 0;
+
+  return err;
+}
+
+
+static es_cookie_io_functions_t estream_functions_fd =
+  {
+    es_func_fd_read,
+    es_func_fd_write,
+    es_func_fd_seek,
+    es_func_fd_destroy
+  };
+
+
+
+
+/* Implementation of FILE* I/O.  */
+
+/* Cookie for fp objects.  */
+typedef struct estream_cookie_fp
+{
+  FILE *fp;      /* The file pointer we are using for actual output.  */
+  int no_close;  /* If set we won't close the file pointer.  */
+} *estream_cookie_fp_t;
+
+/* Create function for fd objects.  */
+static int
+es_func_fp_create (void **cookie, FILE *fp,
+                   unsigned int modeflags, int no_close)
+{
+  estream_cookie_fp_t fp_cookie;
+  int err;
+
+  fp_cookie = mem_alloc (sizeof *fp_cookie);
+  if (!fp_cookie)
+    err = -1;
+  else
+    {
+#ifdef HAVE_DOSISH_SYSTEM
+      /* Make sure it is in binary mode if requested.  */
+      if ( (modeflags & O_BINARY) )
+        setmode (fileno (fp), O_BINARY);
+#else
+      (void)modeflags;
+#endif
+      fp_cookie->fp = fp;
+      fp_cookie->no_close = no_close;
+      *cookie = fp_cookie;
+      err = 0;
+    }
+
+  return err;
+}
+
+/* Read function for FILE* objects.  */
+static ssize_t
+es_func_fp_read (void *cookie, void *buffer, size_t size)
+
+{
+  estream_cookie_fp_t file_cookie = cookie;
+  ssize_t bytes_read;
+
+  if (file_cookie->fp)
+    bytes_read = fread (buffer, 1, size, file_cookie->fp);
+  else
+    bytes_read = 0;
+  if (!bytes_read && ferror (file_cookie->fp))
+    return -1;
+  return bytes_read;
+}
+
+/* Write function for FILE* objects.  */
+static ssize_t
+es_func_fp_write (void *cookie, const void *buffer, size_t size)
+
+{
+  estream_cookie_fp_t file_cookie = cookie;
+  size_t bytes_written;
+
+
+  if (file_cookie->fp)
+    bytes_written = fwrite (buffer, 1, size, file_cookie->fp);
+  else
+    bytes_written = size; /* Successfully written to the bit bucket.  */
+  if (bytes_written != size)
+    return -1;
+  return bytes_written;
+}
+
+/* Seek function for FILE* objects.  */
+static int
+es_func_fp_seek (void *cookie, off_t *offset, int whence)
+{
+  estream_cookie_fp_t file_cookie = cookie;
+  long int offset_new;
+
+  if (!file_cookie->fp)
+    {
+      _set_errno (ESPIPE);
+      return -1;
+    }
+
+  if ( fseek (file_cookie->fp, (long int)*offset, whence) )
+    {
+      /* fprintf (stderr, "\nfseek failed: errno=%d (%s)\n", */
+      /*          errno,strerror (errno)); */
+      return -1;
+    }
+
+  offset_new = ftell (file_cookie->fp);
+  if (offset_new == -1)
+    {
+      /* fprintf (stderr, "\nftell failed: errno=%d (%s)\n",  */
+      /*          errno,strerror (errno)); */
+      return -1;
+    }
+  *offset = offset_new;
+  return 0;
+}
+
+/* Destroy function for FILE* objects.  */
+static int
+es_func_fp_destroy (void *cookie)
+{
+  estream_cookie_fp_t fp_cookie = cookie;
+  int err;
+
+  if (fp_cookie)
+    {
+      if (fp_cookie->fp)
+        {
+          fflush (fp_cookie->fp);
+          err = fp_cookie->no_close? 0 : fclose (fp_cookie->fp);
+        }
+      else
+        err = 0;
+      mem_free (fp_cookie);
+    }
+  else
+    err = 0;
+
+  return err;
+}
+
+
+static es_cookie_io_functions_t estream_functions_fp =
+  {
+    es_func_fp_read,
+    es_func_fp_write,
+    es_func_fp_seek,
+    es_func_fp_destroy
+  };
+
+
+
+
+/* Implementation of file I/O.  */
+
+/* Create function for file objects.  */
+static int
+es_func_file_create (void **cookie, int *filedes,
+		     const char *path, unsigned int modeflags)
+{
+  estream_cookie_fd_t file_cookie;
+  int err;
+  int fd;
+
+  err = 0;
+  fd = -1;
+
+  file_cookie = mem_alloc (sizeof (*file_cookie));
+  if (! file_cookie)
+    {
+      err = -1;
+      goto out;
+    }
+
+  fd = open (path, modeflags, ES_DEFAULT_OPEN_MODE);
+  if (fd == -1)
+    {
+      err = -1;
+      goto out;
+    }
+#ifdef HAVE_DOSISH_SYSTEM
+  /* Make sure it is in binary mode if requested.  */
+  if ( (modeflags & O_BINARY) )
+    setmode (fd, O_BINARY);
+#endif
+
+  file_cookie->fd = fd;
+  file_cookie->no_close = 0;
+  *cookie = file_cookie;
+  *filedes = fd;
+
+ out:
+
+  if (err)
+    mem_free (file_cookie);
+
+  return err;
+}
+
+
+static int
+es_convert_mode (const char *mode, unsigned int *modeflags)
+{
+  unsigned int omode, oflags;
+
+  switch (*mode)
+    {
+    case 'r':
+      omode = O_RDONLY;
+      oflags = 0;
+      break;
+    case 'w':
+      omode = O_WRONLY;
+      oflags = O_TRUNC | O_CREAT;
+      break;
+    case 'a':
+      omode = O_WRONLY;
+      oflags = O_APPEND | O_CREAT;
+      break;
+    default:
+      _set_errno (EINVAL);
+      return -1;
+    }
+  for (mode++; *mode; mode++)
+    {
+      switch (*mode)
+        {
+        case '+':
+          omode = O_RDWR;
+          break;
+        case 'b':
+          oflags |= O_BINARY;
+          break;
+        case 'x':
+          oflags |= O_EXCL;
+          break;
+        default: /* Ignore unknown flags.  */
+          break;
+        }
+    }
+
+  *modeflags = (omode | oflags);
+  return 0;
+}
+
+
+
+/*
+ * Low level stream functionality.
+ */
+
+static int
+es_fill (estream_t stream)
+{
+  size_t bytes_read = 0;
+  int err;
+
+  if (!stream->intern->func_read)
+    {
+      _set_errno (EOPNOTSUPP);
+      err = -1;
+    }
+  else
+    {
+      es_cookie_read_function_t func_read = stream->intern->func_read;
+      ssize_t ret;
+
+      ret = (*func_read) (stream->intern->cookie,
+			  stream->buffer, stream->buffer_size);
+      if (ret == -1)
+	{
+	  bytes_read = 0;
+	  err = -1;
+	}
+      else
+	{
+	  bytes_read = ret;
+	  err = 0;
+	}
+    }
+
+  if (err)
+    stream->intern->indicators.err = 1;
+  else if (!bytes_read)
+    stream->intern->indicators.eof = 1;
+
+  stream->intern->offset += stream->data_len;
+  stream->data_len = bytes_read;
+  stream->data_offset = 0;
+
+  return err;
+}
+
+static int
+es_flush (estream_t stream)
+{
+  es_cookie_write_function_t func_write = stream->intern->func_write;
+  int err;
+
+  assert (stream->flags.writing);
+
+  if (stream->data_offset)
+    {
+      size_t bytes_written;
+      size_t data_flushed;
+      ssize_t ret;
+
+      if (! func_write)
+	{
+	  err = EOPNOTSUPP;
+	  goto out;
+	}
+
+      /* Note: to prevent an endless loop caused by user-provided
+	 write-functions that pretend to have written more bytes than
+	 they were asked to write, we have to check for
+	 "(stream->data_offset - data_flushed) > 0" instead of
+	 "stream->data_offset - data_flushed".  */
+
+      data_flushed = 0;
+      err = 0;
+
+      while ((((ssize_t) (stream->data_offset - data_flushed)) > 0) && (! err))
+	{
+	  ret = (*func_write) (stream->intern->cookie,
+			       stream->buffer + data_flushed,
+			       stream->data_offset - data_flushed);
+	  if (ret == -1)
+	    {
+	      bytes_written = 0;
+	      err = -1;
+	    }
+	  else
+	    bytes_written = ret;
+
+	  data_flushed += bytes_written;
+	  if (err)
+	    break;
+	}
+
+      stream->data_flushed += data_flushed;
+      if (stream->data_offset == data_flushed)
+	{
+	  stream->intern->offset += stream->data_offset;
+	  stream->data_offset = 0;
+	  stream->data_flushed = 0;
+
+	  /* Propagate flush event.  */
+	  (*func_write) (stream->intern->cookie, NULL, 0);
+	}
+    }
+  else
+    err = 0;
+
+ out:
+
+  if (err)
+    stream->intern->indicators.err = 1;
+
+  return err;
+}
+
+/* Discard buffered data for STREAM.  */
+static void
+es_empty (estream_t stream)
+{
+  assert (!stream->flags.writing);
+  stream->data_len = 0;
+  stream->data_offset = 0;
+  stream->unread_data_len = 0;
+}
+
+/* Initialize STREAM.  */
+static void
+es_initialize (estream_t stream,
+	       void *cookie, int fd, es_cookie_io_functions_t functions,
+               unsigned int modeflags)
+{
+  stream->intern->cookie = cookie;
+  stream->intern->opaque = NULL;
+  stream->intern->offset = 0;
+  stream->intern->func_read = functions.func_read;
+  stream->intern->func_write = functions.func_write;
+  stream->intern->func_seek = functions.func_seek;
+  stream->intern->func_ioctl = NULL;
+  stream->intern->func_close = functions.func_close;
+  stream->intern->strategy = _IOFBF;
+  stream->intern->fd = fd;
+  stream->intern->print_err = 0;
+  stream->intern->print_errno = 0;
+  stream->intern->print_ntotal = 0;
+  stream->intern->print_fp = NULL;
+  stream->intern->indicators.err = 0;
+  stream->intern->indicators.eof = 0;
+  stream->intern->is_stdstream = 0;
+  stream->intern->stdstream_fd = 0;
+  stream->intern->deallocate_buffer = 0;
+  stream->intern->printable_fname = NULL;
+  stream->intern->printable_fname_inuse = 0;
+
+  stream->data_len = 0;
+  stream->data_offset = 0;
+  stream->data_flushed = 0;
+  stream->unread_data_len = 0;
+  /* Depending on the modeflags we set whether we start in writing or
+     reading mode.  This is required in case we are working on a
+     stream which is not seeekable (like stdout).  Without this
+     pre-initialization we would do a seek at the first write call and
+     as this will fail no utput will be delivered. */
+  if ((modeflags & O_WRONLY) || (modeflags & O_RDWR) )
+    stream->flags.writing = 1;
+  else
+    stream->flags.writing = 0;
+}
+
+/* Deinitialize STREAM.  */
+static int
+es_deinitialize (estream_t stream)
+{
+  es_cookie_close_function_t func_close;
+  int err, tmp_err;
+
+  if (stream->intern->print_fp)
+    {
+      int save_errno = errno;
+      fclose (stream->intern->print_fp);
+      stream->intern->print_fp = NULL;
+      _set_errno (save_errno);
+    }
+
+  func_close = stream->intern->func_close;
+
+  err = 0;
+  if (stream->flags.writing)
+    SET_UNLESS_NONZERO (err, tmp_err, es_flush (stream));
+  if (func_close)
+    SET_UNLESS_NONZERO (err, tmp_err, (*func_close) (stream->intern->cookie));
+
+  mem_free (stream->intern->printable_fname);
+  stream->intern->printable_fname = NULL;
+  stream->intern->printable_fname_inuse = 0;
+
+  return err;
+}
+
+/* Create a new stream object, initialize it.  */
+static int
+es_create (estream_t *stream, void *cookie, int fd,
+	   es_cookie_io_functions_t functions, unsigned int modeflags,
+           int with_locked_list)
+{
+  estream_internal_t stream_internal_new;
+  estream_t stream_new;
+  int err;
+
+  stream_new = NULL;
+  stream_internal_new = NULL;
+
+  stream_new = mem_alloc (sizeof (*stream_new));
+  if (! stream_new)
+    {
+      err = -1;
+      goto out;
+    }
+
+  stream_internal_new = mem_alloc (sizeof (*stream_internal_new));
+  if (! stream_internal_new)
+    {
+      err = -1;
+      goto out;
+    }
+
+  stream_new->buffer = stream_internal_new->buffer;
+  stream_new->buffer_size = sizeof (stream_internal_new->buffer);
+  stream_new->unread_buffer = stream_internal_new->unread_buffer;
+  stream_new->unread_buffer_size = sizeof (stream_internal_new->unread_buffer);
+  stream_new->intern = stream_internal_new;
+
+  ESTREAM_MUTEX_INITIALIZE (stream_new->intern->lock);
+  es_initialize (stream_new, cookie, fd, functions, modeflags);
+
+  err = es_list_add (stream_new, with_locked_list);
+  if (err)
+    goto out;
+
+  *stream = stream_new;
+
+ out:
+
+  if (err)
+    {
+      if (stream_new)
+	{
+	  es_deinitialize (stream_new);
+	  mem_free (stream_new);
+	}
+    }
+
+  return err;
+}
+
+/* Deinitialize a stream object and destroy it.  */
+static int
+es_destroy (estream_t stream, int with_locked_list)
+{
+  int err = 0;
+
+  if (stream)
+    {
+      es_list_remove (stream, with_locked_list);
+      err = es_deinitialize (stream);
+      mem_free (stream->intern);
+      mem_free (stream);
+    }
+
+  return err;
+}
+
+/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in
+   unbuffered-mode, storing the amount of bytes read in
+   *BYTES_READ.  */
+static int
+es_read_nbf (estream_t ES__RESTRICT stream,
+	     unsigned char *ES__RESTRICT buffer,
+	     size_t bytes_to_read, size_t *ES__RESTRICT bytes_read)
+{
+  es_cookie_read_function_t func_read = stream->intern->func_read;
+  size_t data_read;
+  ssize_t ret;
+  int err;
+
+  data_read = 0;
+  err = 0;
+
+  while (bytes_to_read - data_read)
+    {
+      ret = (*func_read) (stream->intern->cookie,
+			  buffer + data_read, bytes_to_read - data_read);
+      if (ret == -1)
+	{
+	  err = -1;
+	  break;
+	}
+      else if (ret)
+	data_read += ret;
+      else
+	break;
+    }
+
+  stream->intern->offset += data_read;
+  *bytes_read = data_read;
+
+  return err;
+}
+
+/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in
+   fully-buffered-mode, storing the amount of bytes read in
+   *BYTES_READ.  */
+static int
+es_read_fbf (estream_t ES__RESTRICT stream,
+	     unsigned char *ES__RESTRICT buffer,
+	     size_t bytes_to_read, size_t *ES__RESTRICT bytes_read)
+{
+  size_t data_available;
+  size_t data_to_read;
+  size_t data_read;
+  int err;
+
+  data_read = 0;
+  err = 0;
+
+  while ((bytes_to_read - data_read) && (! err))
+    {
+      if (stream->data_offset == stream->data_len)
+	{
+	  /* Nothing more to read in current container, try to
+	     fill container with new data.  */
+	  err = es_fill (stream);
+	  if (! err)
+	    if (! stream->data_len)
+	      /* Filling did not result in any data read.  */
+	      break;
+	}
+
+      if (! err)
+	{
+	  /* Filling resulted in some new data.  */
+
+	  data_to_read = bytes_to_read - data_read;
+	  data_available = stream->data_len - stream->data_offset;
+	  if (data_to_read > data_available)
+	    data_to_read = data_available;
+
+	  memcpy (buffer + data_read,
+		  stream->buffer + stream->data_offset, data_to_read);
+	  stream->data_offset += data_to_read;
+	  data_read += data_to_read;
+	}
+    }
+
+  *bytes_read = data_read;
+
+  return err;
+}
+
+/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in
+   line-buffered-mode, storing the amount of bytes read in
+   *BYTES_READ.  */
+static int
+es_read_lbf (estream_t ES__RESTRICT stream,
+	     unsigned char *ES__RESTRICT buffer,
+	     size_t bytes_to_read, size_t *ES__RESTRICT bytes_read)
+{
+  int err;
+
+  err = es_read_fbf (stream, buffer, bytes_to_read, bytes_read);
+
+  return err;
+}
+
+/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER, storing
+   *the amount of bytes read in BYTES_READ.  */
+static int
+es_readn (estream_t ES__RESTRICT stream,
+	  void *ES__RESTRICT buffer_arg,
+	  size_t bytes_to_read, size_t *ES__RESTRICT bytes_read)
+{
+  unsigned char *buffer = (unsigned char *)buffer_arg;
+  size_t data_read_unread, data_read;
+  int err;
+
+  data_read_unread = 0;
+  data_read = 0;
+  err = 0;
+
+  if (stream->flags.writing)
+    {
+      /* Switching to reading mode -> flush output.  */
+      err = es_flush (stream);
+      if (err)
+	goto out;
+      stream->flags.writing = 0;
+    }
+
+  /* Read unread data first.  */
+  while ((bytes_to_read - data_read_unread) && stream->unread_data_len)
+    {
+      buffer[data_read_unread]
+	= stream->unread_buffer[stream->unread_data_len - 1];
+      stream->unread_data_len--;
+      data_read_unread++;
+    }
+
+  switch (stream->intern->strategy)
+    {
+    case _IONBF:
+      err = es_read_nbf (stream,
+			 buffer + data_read_unread,
+			 bytes_to_read - data_read_unread, &data_read);
+      break;
+    case _IOLBF:
+      err = es_read_lbf (stream,
+			 buffer + data_read_unread,
+			 bytes_to_read - data_read_unread, &data_read);
+      break;
+    case _IOFBF:
+      err = es_read_fbf (stream,
+			 buffer + data_read_unread,
+			 bytes_to_read - data_read_unread, &data_read);
+      break;
+    }
+
+ out:
+
+  if (bytes_read)
+    *bytes_read = data_read_unread + data_read;
+
+  return err;
+}
+
+/* Try to unread DATA_N bytes from DATA into STREAM, storing the
+   amount of bytes successfully unread in *BYTES_UNREAD.  */
+static void
+es_unreadn (estream_t ES__RESTRICT stream,
+	    const unsigned char *ES__RESTRICT data, size_t data_n,
+	    size_t *ES__RESTRICT bytes_unread)
+{
+  size_t space_left;
+
+  space_left = stream->unread_buffer_size - stream->unread_data_len;
+
+  if (data_n > space_left)
+    data_n = space_left;
+
+  if (! data_n)
+    goto out;
+
+  memcpy (stream->unread_buffer + stream->unread_data_len, data, data_n);
+  stream->unread_data_len += data_n;
+  stream->intern->indicators.eof = 0;
+
+ out:
+
+  if (bytes_unread)
+    *bytes_unread = data_n;
+}
+
+/* Seek in STREAM.  */
+static int
+es_seek (estream_t ES__RESTRICT stream, off_t offset, int whence,
+	 off_t *ES__RESTRICT offset_new)
+{
+  es_cookie_seek_function_t func_seek = stream->intern->func_seek;
+  int err, ret;
+  off_t off;
+
+  if (! func_seek)
+    {
+      _set_errno (EOPNOTSUPP);
+      err = -1;
+      goto out;
+    }
+
+  if (stream->flags.writing)
+    {
+      /* Flush data first in order to prevent flushing it to the wrong
+	 offset.  */
+      err = es_flush (stream);
+      if (err)
+	goto out;
+      stream->flags.writing = 0;
+    }
+
+  off = offset;
+  if (whence == SEEK_CUR)
+    {
+      off = off - stream->data_len + stream->data_offset;
+      off -= stream->unread_data_len;
+    }
+
+  ret = (*func_seek) (stream->intern->cookie, &off, whence);
+  if (ret == -1)
+    {
+      err = -1;
+      goto out;
+    }
+
+  err = 0;
+  es_empty (stream);
+
+  if (offset_new)
+    *offset_new = off;
+
+  stream->intern->indicators.eof = 0;
+  stream->intern->offset = off;
+
+ out:
+
+  if (err)
+    stream->intern->indicators.err = 1;
+
+  return err;
+}
+
+/* Write BYTES_TO_WRITE bytes from BUFFER into STREAM in
+   unbuffered-mode, storing the amount of bytes written in
+   *BYTES_WRITTEN.  */
+static int
+es_write_nbf (estream_t ES__RESTRICT stream,
+	      const unsigned char *ES__RESTRICT buffer,
+	      size_t bytes_to_write, size_t *ES__RESTRICT bytes_written)
+{
+  es_cookie_write_function_t func_write = stream->intern->func_write;
+  size_t data_written;
+  ssize_t ret;
+  int err;
+
+  if (bytes_to_write && (! func_write))
+    {
+      err = EOPNOTSUPP;
+      goto out;
+    }
+
+  data_written = 0;
+  err = 0;
+
+  while (bytes_to_write - data_written)
+    {
+      ret = (*func_write) (stream->intern->cookie,
+			   buffer + data_written,
+			   bytes_to_write - data_written);
+      if (ret == -1)
+	{
+	  err = -1;
+	  break;
+	}
+      else
+	data_written += ret;
+    }
+
+  stream->intern->offset += data_written;
+  *bytes_written = data_written;
+
+ out:
+
+  return err;
+}
+
+/* Write BYTES_TO_WRITE bytes from BUFFER into STREAM in
+   fully-buffered-mode, storing the amount of bytes written in
+   *BYTES_WRITTEN.  */
+static int
+es_write_fbf (estream_t ES__RESTRICT stream,
+	      const unsigned char *ES__RESTRICT buffer,
+	      size_t bytes_to_write, size_t *ES__RESTRICT bytes_written)
+{
+  size_t space_available;
+  size_t data_to_write;
+  size_t data_written;
+  int err;
+
+  data_written = 0;
+  err = 0;
+
+  while ((bytes_to_write - data_written) && (! err))
+    {
+      if (stream->data_offset == stream->buffer_size)
+	/* Container full, flush buffer.  */
+	err = es_flush (stream);
+
+      if (! err)
+	{
+	  /* Flushing resulted in empty container.  */
+
+	  data_to_write = bytes_to_write - data_written;
+	  space_available = stream->buffer_size - stream->data_offset;
+	  if (data_to_write > space_available)
+	    data_to_write = space_available;
+
+	  memcpy (stream->buffer + stream->data_offset,
+		  buffer + data_written, data_to_write);
+	  stream->data_offset += data_to_write;
+	  data_written += data_to_write;
+	}
+    }
+
+  *bytes_written = data_written;
+
+  return err;
+}
+
+
+/* Write BYTES_TO_WRITE bytes from BUFFER into STREAM in
+   line-buffered-mode, storing the amount of bytes written in
+   *BYTES_WRITTEN.  */
+static int
+es_write_lbf (estream_t ES__RESTRICT stream,
+	      const unsigned char *ES__RESTRICT buffer,
+	      size_t bytes_to_write, size_t *ES__RESTRICT bytes_written)
+{
+  size_t data_flushed = 0;
+  size_t data_buffered = 0;
+  unsigned char *nlp;
+  int err = 0;
+
+  nlp = memrchr (buffer, '\n', bytes_to_write);
+  if (nlp)
+    {
+      /* Found a newline, directly write up to (including) this
+	 character.  */
+      err = es_flush (stream);
+      if (!err)
+	err = es_write_nbf (stream, buffer, nlp - buffer + 1, &data_flushed);
+    }
+
+  if (!err)
+    {
+      /* Write remaining data fully buffered.  */
+      err = es_write_fbf (stream, buffer + data_flushed,
+			  bytes_to_write - data_flushed, &data_buffered);
+    }
+
+  *bytes_written = data_flushed + data_buffered;
+  return err;
+}
+
+
+/* Write BYTES_TO_WRITE bytes from BUFFER into STREAM in, storing the
+   amount of bytes written in BYTES_WRITTEN.  */
+static int
+es_writen (estream_t ES__RESTRICT stream,
+	   const void *ES__RESTRICT buffer,
+	   size_t bytes_to_write, size_t *ES__RESTRICT bytes_written)
+{
+  size_t data_written;
+  int err;
+
+  data_written = 0;
+  err = 0;
+
+  if (!stream->flags.writing)
+    {
+      /* Switching to writing mode -> discard input data and seek to
+	 position at which reading has stopped.  We can do this only
+	 if a seek function has been registered. */
+      if (stream->intern->func_seek)
+        {
+          err = es_seek (stream, 0, SEEK_CUR, NULL);
+          if (err)
+            {
+              if (errno == ESPIPE)
+                err = 0;
+              else
+                goto out;
+            }
+        }
+    }
+
+  switch (stream->intern->strategy)
+    {
+    case _IONBF:
+      err = es_write_nbf (stream, buffer, bytes_to_write, &data_written);
+      break;
+
+    case _IOLBF:
+      err = es_write_lbf (stream, buffer, bytes_to_write, &data_written);
+      break;
+
+    case _IOFBF:
+      err = es_write_fbf (stream, buffer, bytes_to_write, &data_written);
+      break;
+    }
+
+ out:
+
+  if (bytes_written)
+    *bytes_written = data_written;
+  if (data_written)
+    if (!stream->flags.writing)
+      stream->flags.writing = 1;
+
+  return err;
+}
+
+
+static int
+es_peek (estream_t ES__RESTRICT stream, unsigned char **ES__RESTRICT data,
+	 size_t *ES__RESTRICT data_len)
+{
+  int err;
+
+  if (stream->flags.writing)
+    {
+      /* Switching to reading mode -> flush output.  */
+      err = es_flush (stream);
+      if (err)
+	goto out;
+      stream->flags.writing = 0;
+    }
+
+  if (stream->data_offset == stream->data_len)
+    {
+      /* Refill container.  */
+      err = es_fill (stream);
+      if (err)
+	goto out;
+    }
+
+  if (data)
+    *data = stream->buffer + stream->data_offset;
+  if (data_len)
+    *data_len = stream->data_len - stream->data_offset;
+  err = 0;
+
+ out:
+
+  return err;
+}
+
+
+/* Skip SIZE bytes of input data contained in buffer.  */
+static int
+es_skip (estream_t stream, size_t size)
+{
+  int err;
+
+  if (stream->data_offset + size > stream->data_len)
+    {
+      _set_errno (EINVAL);
+      err = -1;
+    }
+  else
+    {
+      stream->data_offset += size;
+      err = 0;
+    }
+
+  return err;
+}
+
+
+static int
+doreadline (estream_t ES__RESTRICT stream, size_t max_length,
+            char *ES__RESTRICT *ES__RESTRICT line,
+            size_t *ES__RESTRICT line_length)
+{
+  size_t space_left;
+  size_t line_size;
+  estream_t line_stream;
+  char *line_new;
+  void *line_stream_cookie;
+  char *newline;
+  unsigned char *data;
+  size_t data_len;
+  int err;
+
+  line_new = NULL;
+  line_stream = NULL;
+  line_stream_cookie = NULL;
+
+  err = es_func_mem_create (&line_stream_cookie, NULL, 0, 0,
+                            BUFFER_BLOCK_SIZE, 1,
+                            mem_realloc, mem_free,
+                            O_RDWR,
+                            0);
+  if (err)
+    goto out;
+
+  err = es_create (&line_stream, line_stream_cookie, -1,
+		   estream_functions_mem, O_RDWR, 0);
+  if (err)
+    goto out;
+
+  space_left = max_length;
+  line_size = 0;
+  while (1)
+    {
+      if (max_length && (space_left == 1))
+	break;
+
+      err = es_peek (stream, &data, &data_len);
+      if (err || (! data_len))
+	break;
+
+      if (data_len > (space_left - 1))
+	data_len = space_left - 1;
+
+      newline = memchr (data, '\n', data_len);
+      if (newline)
+	{
+	  data_len = (newline - (char *) data) + 1;
+	  err = es_write (line_stream, data, data_len, NULL);
+	  if (! err)
+	    {
+	      space_left -= data_len;
+	      line_size += data_len;
+	      es_skip (stream, data_len);
+	      break;
+	    }
+	}
+      else
+	{
+	  err = es_write (line_stream, data, data_len, NULL);
+	  if (! err)
+	    {
+	      space_left -= data_len;
+	      line_size += data_len;
+	      es_skip (stream, data_len);
+	    }
+	}
+      if (err)
+	break;
+    }
+  if (err)
+    goto out;
+
+  /* Complete line has been written to line_stream.  */
+
+  if ((max_length > 1) && (! line_size))
+    {
+      stream->intern->indicators.eof = 1;
+      goto out;
+    }
+
+  err = es_seek (line_stream, 0, SEEK_SET, NULL);
+  if (err)
+    goto out;
+
+  if (! *line)
+    {
+      line_new = mem_alloc (line_size + 1);
+      if (! line_new)
+	{
+	  err = -1;
+	  goto out;
+	}
+    }
+  else
+    line_new = *line;
+
+  err = es_read (line_stream, line_new, line_size, NULL);
+  if (err)
+    goto out;
+
+  line_new[line_size] = '\0';
+
+  if (! *line)
+    *line = line_new;
+  if (line_length)
+    *line_length = line_size;
+
+ out:
+
+  if (line_stream)
+    es_destroy (line_stream, 0);
+  else if (line_stream_cookie)
+    es_func_mem_destroy (line_stream_cookie);
+
+  if (err)
+    {
+      if (! *line)
+	mem_free (line_new);
+      stream->intern->indicators.err = 1;
+    }
+
+  return err;
+}
+
+
+/* Output fucntion used for estream_format.  */
+static int
+print_writer (void *outfncarg, const char *buf, size_t buflen)
+{
+  estream_t stream = outfncarg;
+  size_t nwritten;
+  int rc;
+
+  nwritten = 0;
+  rc = es_writen (stream, buf, buflen, &nwritten);
+  stream->intern->print_ntotal += nwritten;
+  return rc;
+}
+
+
+/* The core of our printf function.  This is called in locked state. */
+static int
+es_print (estream_t ES__RESTRICT stream,
+	  const char *ES__RESTRICT format, va_list ap)
+{
+  int rc;
+
+  stream->intern->print_ntotal = 0;
+  rc = estream_format (print_writer, stream, format, ap);
+  if (rc)
+    return -1;
+  return (int)stream->intern->print_ntotal;
+}
+
+
+static void
+es_set_indicators (estream_t stream, int ind_err, int ind_eof)
+{
+  if (ind_err != -1)
+    stream->intern->indicators.err = ind_err ? 1 : 0;
+  if (ind_eof != -1)
+    stream->intern->indicators.eof = ind_eof ? 1 : 0;
+}
+
+
+static int
+es_get_indicator (estream_t stream, int ind_err, int ind_eof)
+{
+  int ret = 0;
+
+  if (ind_err)
+    ret = stream->intern->indicators.err;
+  else if (ind_eof)
+    ret = stream->intern->indicators.eof;
+
+  return ret;
+}
+
+
+static int
+es_set_buffering (estream_t ES__RESTRICT stream,
+		  char *ES__RESTRICT buffer, int mode, size_t size)
+{
+  int err;
+
+  /* Flush or empty buffer depending on mode.  */
+  if (stream->flags.writing)
+    {
+      err = es_flush (stream);
+      if (err)
+	goto out;
+    }
+  else
+    es_empty (stream);
+
+  es_set_indicators (stream, -1, 0);
+
+  /* Free old buffer in case that was allocated by this function.  */
+  if (stream->intern->deallocate_buffer)
+    {
+      stream->intern->deallocate_buffer = 0;
+      mem_free (stream->buffer);
+      stream->buffer = NULL;
+    }
+
+  if (mode == _IONBF)
+    stream->buffer_size = 0;
+  else
+    {
+      void *buffer_new;
+
+      if (buffer)
+	buffer_new = buffer;
+      else
+	{
+          if (!size)
+            size = BUFSIZ;
+	  buffer_new = mem_alloc (size);
+	  if (! buffer_new)
+	    {
+	      err = -1;
+	      goto out;
+	    }
+	}
+
+      stream->buffer = buffer_new;
+      stream->buffer_size = size;
+      if (! buffer)
+	stream->intern->deallocate_buffer = 1;
+    }
+  stream->intern->strategy = mode;
+  err = 0;
+
+ out:
+
+  return err;
+}
+
+
+static off_t
+es_offset_calculate (estream_t stream)
+{
+  off_t offset;
+
+  offset = stream->intern->offset + stream->data_offset;
+  if (offset < stream->unread_data_len)
+    /* Offset undefined.  */
+    offset = 0;
+  else
+    offset -= stream->unread_data_len;
+
+  return offset;
+}
+
+
+static void
+es_opaque_ctrl (estream_t ES__RESTRICT stream, void *ES__RESTRICT opaque_new,
+		void **ES__RESTRICT opaque_old)
+{
+  if (opaque_old)
+    *opaque_old = stream->intern->opaque;
+  if (opaque_new)
+    stream->intern->opaque = opaque_new;
+}
+
+
+static int
+es_get_fd (estream_t stream)
+{
+  return stream->intern->fd;
+}
+
+
+
+/* API.  */
+
+int
+es_init (void)
+{
+  int err;
+
+  err = es_init_do ();
+
+  return err;
+}
+
+estream_t
+es_fopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode)
+{
+  unsigned int modeflags;
+  int create_called;
+  estream_t stream;
+  void *cookie;
+  int err;
+  int fd;
+
+  stream = NULL;
+  cookie = NULL;
+  create_called = 0;
+
+  err = es_convert_mode (mode, &modeflags);
+  if (err)
+    goto out;
+
+  err = es_func_file_create (&cookie, &fd, path, modeflags);
+  if (err)
+    goto out;
+
+  create_called = 1;
+  err = es_create (&stream, cookie, fd, estream_functions_fd, modeflags, 0);
+  if (err)
+    goto out;
+
+  if (stream && path)
+    fname_set_internal (stream, path, 1);
+
+ out:
+
+  if (err && create_called)
+    (*estream_functions_fd.func_close) (cookie);
+
+  return stream;
+}
+
+
+estream_t
+es_mopen (unsigned char *ES__RESTRICT data, size_t data_n, size_t data_len,
+	  unsigned int grow,
+	  func_realloc_t func_realloc, func_free_t func_free,
+	  const char *ES__RESTRICT mode)
+{
+  unsigned int modeflags;
+  int create_called;
+  estream_t stream;
+  void *cookie;
+  int err;
+
+  cookie = 0;
+  stream = NULL;
+  create_called = 0;
+
+  err = es_convert_mode (mode, &modeflags);
+  if (err)
+    goto out;
+
+  err = es_func_mem_create (&cookie, data, data_n, data_len,
+			    BUFFER_BLOCK_SIZE, grow,
+			    func_realloc, func_free, modeflags, 0);
+  if (err)
+    goto out;
+
+  create_called = 1;
+  err = es_create (&stream, cookie, -1, estream_functions_mem, modeflags, 0);
+
+ out:
+
+  if (err && create_called)
+    (*estream_functions_mem.func_close) (cookie);
+
+  return stream;
+}
+
+
+estream_t
+es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode)
+{
+  unsigned int modeflags;
+  estream_t stream = NULL;
+  void *cookie = NULL;
+
+  /* Memory streams are always read/write.  We use MODE only to get
+     the append flag.  */
+  if (es_convert_mode (mode, &modeflags))
+    return NULL;
+  modeflags |= O_RDWR;
+
+
+  if (es_func_mem_create (&cookie, NULL, 0, 0,
+                          BUFFER_BLOCK_SIZE, 1,
+                          mem_realloc, mem_free, modeflags,
+                          memlimit))
+    return NULL;
+
+  if (es_create (&stream, cookie, -1, estream_functions_mem, modeflags, 0))
+    (*estream_functions_mem.func_close) (cookie);
+
+  if (stream)
+    stream->intern->func_ioctl = es_func_mem_ioctl;
+
+  return stream;
+}
+
+
+/* This is the same as es_fopenmem but intializes the memory with a
+   copy of (DATA,DATALEN).  The stream is initally set to the
+   beginning.  If MEMLIMIT is not 0 but shorter than DATALEN it
+   DATALEN will be used as the value for MEMLIMIT.  */
+estream_t
+es_fopenmem_init (size_t memlimit, const char *ES__RESTRICT mode,
+                  const void *data, size_t datalen)
+{
+  estream_t stream;
+
+  if (memlimit && memlimit < datalen)
+    memlimit = datalen;
+
+  stream = es_fopenmem (memlimit, mode);
+  if (stream && data && datalen)
+    {
+      if (es_writen (stream, data, datalen, NULL))
+        {
+          int saveerrno = errno;
+          es_fclose (stream);
+          stream = NULL;
+          _set_errno (saveerrno);
+        }
+      else
+        {
+          es_seek (stream, 0L, SEEK_SET, NULL);
+          es_set_indicators (stream, 0, 0);
+        }
+    }
+  return stream;
+}
+
+
+estream_t
+es_fopencookie (void *ES__RESTRICT cookie,
+		const char *ES__RESTRICT mode,
+		es_cookie_io_functions_t functions)
+{
+  unsigned int modeflags;
+  estream_t stream;
+  int err;
+
+  stream = NULL;
+  modeflags = 0;
+
+  err = es_convert_mode (mode, &modeflags);
+  if (err)
+    goto out;
+
+  err = es_create (&stream, cookie, -1, functions, modeflags, 0);
+  if (err)
+    goto out;
+
+ out:
+
+  return stream;
+}
+
+
+estream_t
+do_fdopen (int filedes, const char *mode, int no_close, int with_locked_list)
+{
+  unsigned int modeflags;
+  int create_called;
+  estream_t stream;
+  void *cookie;
+  int err;
+
+  stream = NULL;
+  cookie = NULL;
+  create_called = 0;
+
+  err = es_convert_mode (mode, &modeflags);
+  if (err)
+    goto out;
+
+  err = es_func_fd_create (&cookie, filedes, modeflags, no_close);
+  if (err)
+    goto out;
+
+  create_called = 1;
+  err = es_create (&stream, cookie, filedes, estream_functions_fd,
+                   modeflags, with_locked_list);
+
+ out:
+
+  if (err && create_called)
+    (*estream_functions_fd.func_close) (cookie);
+
+  return stream;
+}
+
+estream_t
+es_fdopen (int filedes, const char *mode)
+{
+  return do_fdopen (filedes, mode, 0, 0);
+}
+
+/* A variant of es_fdopen which does not close FILEDES at the end.  */
+estream_t
+es_fdopen_nc (int filedes, const char *mode)
+{
+  return do_fdopen (filedes, mode, 1, 0);
+}
+
+
+estream_t
+do_fpopen (FILE *fp, const char *mode, int no_close, int with_locked_list)
+{
+  unsigned int modeflags;
+  int create_called;
+  estream_t stream;
+  void *cookie;
+  int err;
+
+  stream = NULL;
+  cookie = NULL;
+  create_called = 0;
+
+  err = es_convert_mode (mode, &modeflags);
+  if (err)
+    goto out;
+
+  if (fp)
+    fflush (fp);
+  err = es_func_fp_create (&cookie, fp, modeflags, no_close);
+  if (err)
+    goto out;
+
+  create_called = 1;
+  err = es_create (&stream, cookie, fp? fileno (fp):-1, estream_functions_fp,
+                   modeflags, with_locked_list);
+
+ out:
+
+  if (err && create_called)
+    (*estream_functions_fp.func_close) (cookie);
+
+  return stream;
+}
+
+
+/* Create an estream from the stdio stream FP.  This mechanism is
+   useful in case the stdio streams have special properties and may
+   not be mixed with fd based functions.  This is for example the case
+   under Windows where the 3 standard streams are associated with the
+   console whereas a duped and fd-opened stream of one of this stream
+   won't be associated with the console.  As this messes things up it
+   is easier to keep on using the standard I/O stream as a backend for
+   estream. */
+estream_t
+es_fpopen (FILE *fp, const char *mode)
+{
+  return do_fpopen (fp, mode, 0, 0);
+}
+
+
+/* Same as es_fpopen but does not close  FP at the end.  */
+estream_t
+es_fpopen_nc (FILE *fp, const char *mode)
+{
+  return do_fpopen (fp, mode, 1, 0);
+}
+
+
+/* Set custom standard descriptors to be used for stdin, stdout and
+   stderr.  This function needs to be called before any of the
+   standard streams are accessed.  */
+void
+_es_set_std_fd (int no, int fd)
+{
+  ESTREAM_LIST_LOCK;
+  if (no >= 0 && no < 3 && !custom_std_fds_valid[no])
+    {
+      custom_std_fds[no] = fd;
+      custom_std_fds_valid[no] = 1;
+    }
+  ESTREAM_LIST_UNLOCK;
+}
+
+
+/* Return the stream used for stdin, stdout or stderr.  */
+estream_t
+_es_get_std_stream (int fd)
+{
+  estream_list_t list_obj;
+  estream_t stream = NULL;
+
+  fd %= 3; /* We only allow 0, 1 or 2 but we don't want to return an error. */
+  ESTREAM_LIST_LOCK;
+  for (list_obj = estream_list; list_obj; list_obj = list_obj->cdr)
+    if (list_obj->car->intern->is_stdstream
+        && list_obj->car->intern->stdstream_fd == fd)
+      {
+	stream = list_obj->car;
+	break;
+      }
+  if (!stream)
+    {
+      /* Standard stream not yet created.  We first try to create them
+         from registered file descriptors.  */
+      if (!fd && custom_std_fds_valid[0])
+        stream = do_fdopen (custom_std_fds[0], "r", 1, 1);
+      else if (fd == 1 && custom_std_fds_valid[1])
+        stream = do_fdopen (custom_std_fds[1], "a", 1, 1);
+      else if (custom_std_fds_valid[2])
+        stream = do_fdopen (custom_std_fds[2], "a", 1, 1);
+
+      if (!stream)
+        {
+          /* Second try is to use the standard C streams.  */
+          if (!fd)
+            stream = do_fpopen (stdin, "r", 1, 1);
+          else if (fd == 1)
+            stream = do_fpopen (stdout, "a", 1, 1);
+          else
+            stream = do_fpopen (stderr, "a", 1, 1);
+        }
+
+      if (!stream)
+        {
+          /* Last try: Create a bit bucket.  */
+          stream = do_fpopen (NULL, fd? "a":"r", 0, 1);
+          if (!stream)
+            {
+              fprintf (stderr, "fatal: error creating a dummy estream"
+                       " for %d: %s\n", fd, strerror (errno));
+              abort();
+            }
+        }
+
+      stream->intern->is_stdstream = 1;
+      stream->intern->stdstream_fd = fd;
+      if (fd == 2)
+        es_set_buffering (stream, NULL, _IOLBF, 0);
+      fname_set_internal (stream,
+                          fd == 0? "[stdin]" :
+                          fd == 1? "[stdout]" : "[stderr]", 0);
+    }
+  ESTREAM_LIST_UNLOCK;
+  return stream;
+}
+
+
+estream_t
+es_freopen (const char *ES__RESTRICT path, const char *ES__RESTRICT mode,
+	    estream_t ES__RESTRICT stream)
+{
+  int err;
+
+  if (path)
+    {
+      unsigned int modeflags;
+      int create_called;
+      void *cookie;
+      int fd;
+
+      cookie = NULL;
+      create_called = 0;
+
+      ESTREAM_LOCK (stream);
+
+      es_deinitialize (stream);
+
+      err = es_convert_mode (mode, &modeflags);
+      if (err)
+	goto leave;
+
+      err = es_func_file_create (&cookie, &fd, path, modeflags);
+      if (err)
+	goto leave;
+
+      create_called = 1;
+      es_initialize (stream, cookie, fd, estream_functions_fd, modeflags);
+
+    leave:
+
+      if (err)
+	{
+	  if (create_called)
+	    es_func_fd_destroy (cookie);
+
+	  es_destroy (stream, 0);
+	  stream = NULL;
+	}
+      else
+        {
+          if (stream && path)
+            fname_set_internal (stream, path, 1);
+          ESTREAM_UNLOCK (stream);
+        }
+    }
+  else
+    {
+      /* FIXME?  We don't support re-opening at the moment.  */
+      _set_errno (EINVAL);
+      es_deinitialize (stream);
+      es_destroy (stream, 0);
+      stream = NULL;
+    }
+
+  return stream;
+}
+
+
+int
+es_fclose (estream_t stream)
+{
+  int err;
+
+  err = es_destroy (stream, 0);
+
+  return err;
+}
+
+
+/* This is a special version of es_fclose which can be used with
+   es_fopenmem to return the memory buffer.  This is feature is useful
+   to write to a memory buffer using estream.  Note that the function
+   does not close the stream if the stream does not support snatching
+   the buffer.  On error NULL is stored at R_BUFFER.  Note that if no
+   write operation has happened, NULL may also be stored at BUFFER on
+   success.  The caller needs to release the returned memory using
+   es_free.  */
+int
+es_fclose_snatch (estream_t stream, void **r_buffer, size_t *r_buflen)
+{
+  int err;
+
+  /* Note: There is no need to lock the stream in a close call.  The
+     object will be destroyed after the close and thus any other
+     contender for the lock would work on a closed stream.  */
+
+  if (r_buffer)
+    {
+      cookie_ioctl_function_t func_ioctl = stream->intern->func_ioctl;
+      size_t buflen;
+
+      *r_buffer = NULL;
+
+      if (!func_ioctl)
+        {
+          _set_errno (EOPNOTSUPP);
+          err = -1;
+          goto leave;
+        }
+
+      if (stream->flags.writing)
+        {
+          err = es_flush (stream);
+          if (err)
+            goto leave;
+          stream->flags.writing = 0;
+        }
+
+      err = func_ioctl (stream->intern->cookie, COOKIE_IOCTL_SNATCH_BUFFER,
+                        r_buffer, &buflen);
+      if (err)
+        goto leave;
+      if (r_buflen)
+        *r_buflen = buflen;
+    }
+
+  err = es_destroy (stream, 0);
+
+ leave:
+  if (err && r_buffer)
+    {
+      mem_free (*r_buffer);
+      *r_buffer = NULL;
+    }
+  return err;
+}
+
+
+int
+es_fileno_unlocked (estream_t stream)
+{
+  return es_get_fd (stream);
+}
+
+
+void
+es_flockfile (estream_t stream)
+{
+  ESTREAM_LOCK (stream);
+}
+
+
+int
+es_ftrylockfile (estream_t stream)
+{
+  return ESTREAM_TRYLOCK (stream);
+}
+
+
+void
+es_funlockfile (estream_t stream)
+{
+  ESTREAM_UNLOCK (stream);
+}
+
+
+int
+es_fileno (estream_t stream)
+{
+  int ret;
+
+  ESTREAM_LOCK (stream);
+  ret = es_fileno_unlocked (stream);
+  ESTREAM_UNLOCK (stream);
+
+  return ret;
+}
+
+
+int
+es_feof_unlocked (estream_t stream)
+{
+  return es_get_indicator (stream, 0, 1);
+}
+
+
+int
+es_feof (estream_t stream)
+{
+  int ret;
+
+  ESTREAM_LOCK (stream);
+  ret = es_feof_unlocked (stream);
+  ESTREAM_UNLOCK (stream);
+
+  return ret;
+}
+
+
+int
+es_ferror_unlocked (estream_t stream)
+{
+  return es_get_indicator (stream, 1, 0);
+}
+
+
+int
+es_ferror (estream_t stream)
+{
+  int ret;
+
+  ESTREAM_LOCK (stream);
+  ret = es_ferror_unlocked (stream);
+  ESTREAM_UNLOCK (stream);
+
+  return ret;
+}
+
+
+void
+es_clearerr_unlocked (estream_t stream)
+{
+  es_set_indicators (stream, 0, 0);
+}
+
+
+void
+es_clearerr (estream_t stream)
+{
+  ESTREAM_LOCK (stream);
+  es_clearerr_unlocked (stream);
+  ESTREAM_UNLOCK (stream);
+}
+
+
+static int
+do_fflush (estream_t stream)
+{
+  int err;
+
+  if (stream->flags.writing)
+    err = es_flush (stream);
+  else
+    {
+      es_empty (stream);
+      err = 0;
+    }
+
+  return err;
+}
+
+
+int
+es_fflush (estream_t stream)
+{
+  int err;
+
+  if (stream)
+    {
+      ESTREAM_LOCK (stream);
+      err = do_fflush (stream);
+      ESTREAM_UNLOCK (stream);
+    }
+  else
+    err = es_list_iterate (do_fflush);
+
+  return err ? EOF : 0;
+}
+
+
+int
+es_fseek (estream_t stream, long int offset, int whence)
+{
+  int err;
+
+  ESTREAM_LOCK (stream);
+  err = es_seek (stream, offset, whence, NULL);
+  ESTREAM_UNLOCK (stream);
+
+  return err;
+}
+
+
+int
+es_fseeko (estream_t stream, off_t offset, int whence)
+{
+  int err;
+
+  ESTREAM_LOCK (stream);
+  err = es_seek (stream, offset, whence, NULL);
+  ESTREAM_UNLOCK (stream);
+
+  return err;
+}
+
+
+long int
+es_ftell (estream_t stream)
+{
+  long int ret;
+
+  ESTREAM_LOCK (stream);
+  ret = es_offset_calculate (stream);
+  ESTREAM_UNLOCK (stream);
+
+  return ret;
+}
+
+
+off_t
+es_ftello (estream_t stream)
+{
+  off_t ret = -1;
+
+  ESTREAM_LOCK (stream);
+  ret = es_offset_calculate (stream);
+  ESTREAM_UNLOCK (stream);
+
+  return ret;
+}
+
+
+void
+es_rewind (estream_t stream)
+{
+  ESTREAM_LOCK (stream);
+  es_seek (stream, 0L, SEEK_SET, NULL);
+  es_set_indicators (stream, 0, -1);
+  ESTREAM_UNLOCK (stream);
+}
+
+
+int
+_es_getc_underflow (estream_t stream)
+{
+  int err;
+  unsigned char c;
+  size_t bytes_read;
+
+  err = es_readn (stream, &c, 1, &bytes_read);
+
+  return (err || (! bytes_read)) ? EOF : c;
+}
+
+
+int
+_es_putc_overflow (int c, estream_t stream)
+{
+  unsigned char d = c;
+  int err;
+
+  err = es_writen (stream, &d, 1, NULL);
+
+  return err ? EOF : c;
+}
+
+
+int
+es_fgetc (estream_t stream)
+{
+  int ret;
+
+  ESTREAM_LOCK (stream);
+  ret = es_getc_unlocked (stream);
+  ESTREAM_UNLOCK (stream);
+
+  return ret;
+}
+
+
+int
+es_fputc (int c, estream_t stream)
+{
+  int ret;
+
+  ESTREAM_LOCK (stream);
+  ret = es_putc_unlocked (c, stream);
+  ESTREAM_UNLOCK (stream);
+
+  return ret;
+}
+
+
+int
+es_ungetc (int c, estream_t stream)
+{
+  unsigned char data = (unsigned char) c;
+  size_t data_unread;
+
+  ESTREAM_LOCK (stream);
+  es_unreadn (stream, &data, 1, &data_unread);
+  ESTREAM_UNLOCK (stream);
+
+  return data_unread ? c : EOF;
+}
+
+
+int
+es_read (estream_t ES__RESTRICT stream,
+	 void *ES__RESTRICT buffer, size_t bytes_to_read,
+	 size_t *ES__RESTRICT bytes_read)
+{
+  int err;
+
+  if (bytes_to_read)
+    {
+      ESTREAM_LOCK (stream);
+      err = es_readn (stream, buffer, bytes_to_read, bytes_read);
+      ESTREAM_UNLOCK (stream);
+    }
+  else
+    err = 0;
+
+  return err;
+}
+
+
+int
+es_write (estream_t ES__RESTRICT stream,
+	  const void *ES__RESTRICT buffer, size_t bytes_to_write,
+	  size_t *ES__RESTRICT bytes_written)
+{
+  int err;
+
+  if (bytes_to_write)
+    {
+      ESTREAM_LOCK (stream);
+      err = es_writen (stream, buffer, bytes_to_write, bytes_written);
+      ESTREAM_UNLOCK (stream);
+    }
+  else
+    err = 0;
+
+  return err;
+}
+
+
+size_t
+es_fread (void *ES__RESTRICT ptr, size_t size, size_t nitems,
+	  estream_t ES__RESTRICT stream)
+{
+  size_t ret, bytes;
+
+  if (size * nitems)
+    {
+      ESTREAM_LOCK (stream);
+      es_readn (stream, ptr, size * nitems, &bytes);
+      ESTREAM_UNLOCK (stream);
+
+      ret = bytes / size;
+    }
+  else
+    ret = 0;
+
+  return ret;
+}
+
+
+size_t
+es_fwrite (const void *ES__RESTRICT ptr, size_t size, size_t nitems,
+	   estream_t ES__RESTRICT stream)
+{
+  size_t ret, bytes;
+
+  if (size * nitems)
+    {
+      ESTREAM_LOCK (stream);
+      es_writen (stream, ptr, size * nitems, &bytes);
+      ESTREAM_UNLOCK (stream);
+
+      ret = bytes / size;
+    }
+  else
+    ret = 0;
+
+  return ret;
+}
+
+
+char *
+es_fgets (char *ES__RESTRICT buffer, int length, estream_t ES__RESTRICT stream)
+{
+  unsigned char *s = (unsigned char*)buffer;
+  int c;
+
+  if (!length)
+    return NULL;
+
+  c = EOF;
+  ESTREAM_LOCK (stream);
+  while (length > 1 && (c = es_getc_unlocked (stream)) != EOF && c != '\n')
+    {
+      *s++ = c;
+      length--;
+    }
+  ESTREAM_UNLOCK (stream);
+
+  if (c == EOF && s == (unsigned char*)buffer)
+    return NULL; /* Nothing read.  */
+
+  if (c != EOF && length > 1)
+    *s++ = c;
+
+  *s = 0;
+  return buffer;
+}
+
+
+int
+es_fputs_unlocked (const char *ES__RESTRICT s, estream_t ES__RESTRICT stream)
+{
+  size_t length;
+  int err;
+
+  length = strlen (s);
+  err = es_writen (stream, s, length, NULL);
+  return err ? EOF : 0;
+}
+
+int
+es_fputs (const char *ES__RESTRICT s, estream_t ES__RESTRICT stream)
+{
+  size_t length;
+  int err;
+
+  length = strlen (s);
+  ESTREAM_LOCK (stream);
+  err = es_writen (stream, s, length, NULL);
+  ESTREAM_UNLOCK (stream);
+
+  return err ? EOF : 0;
+}
+
+
+ssize_t
+es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr, size_t *ES__RESTRICT n,
+	    estream_t ES__RESTRICT stream)
+{
+  char *line = NULL;
+  size_t line_n = 0;
+  int err;
+
+  ESTREAM_LOCK (stream);
+  err = doreadline (stream, 0, &line, &line_n);
+  ESTREAM_UNLOCK (stream);
+  if (err)
+    goto out;
+
+  if (*n)
+    {
+      /* Caller wants us to use his buffer.  */
+
+      if (*n < (line_n + 1))
+	{
+	  /* Provided buffer is too small -> resize.  */
+
+	  void *p;
+
+	  p = mem_realloc (*lineptr, line_n + 1);
+	  if (! p)
+	    err = -1;
+	  else
+	    {
+	      if (*lineptr != p)
+		*lineptr = p;
+	    }
+	}
+
+      if (! err)
+	{
+	  memcpy (*lineptr, line, line_n + 1);
+	  if (*n != line_n)
+	    *n = line_n;
+	}
+      mem_free (line);
+    }
+  else
+    {
+      /* Caller wants new buffers.  */
+      *lineptr = line;
+      *n = line_n;
+    }
+
+ out:
+
+  return err ? err : (ssize_t)line_n;
+}
+
+
+
+/* Same as fgets() but if the provided buffer is too short a larger
+   one will be allocated.  This is similar to getline. A line is
+   considered a byte stream ending in a LF.
+
+   If MAX_LENGTH is not NULL, it shall point to a value with the
+   maximum allowed allocation.
+
+   Returns the length of the line. EOF is indicated by a line of
+   length zero. A truncated line is indicated my setting the value at
+   MAX_LENGTH to 0.  If the returned value is less then 0 not enough
+   memory was enable or another error occurred; ERRNO is then set
+   accordingly.
+
+   If a line has been truncated, the file pointer is moved forward to
+   the end of the line so that the next read starts with the next
+   line.  Note that MAX_LENGTH must be re-initialzied in this case.
+
+   The caller initially needs to provide the address of a variable,
+   initialized to NULL, at ADDR_OF_BUFFER and don't change this value
+   anymore with the following invocations.  LENGTH_OF_BUFFER should be
+   the address of a variable, initialized to 0, which is also
+   maintained by this function.  Thus, both paramaters should be
+   considered the state of this function.
+
+   Note: The returned buffer is allocated with enough extra space to
+   allow the caller to append a CR,LF,Nul.  The buffer should be
+   released using es_free.
+ */
+ssize_t
+es_read_line (estream_t stream,
+              char **addr_of_buffer, size_t *length_of_buffer,
+              size_t *max_length)
+{
+  int c;
+  char  *buffer = *addr_of_buffer;
+  size_t length = *length_of_buffer;
+  size_t nbytes = 0;
+  size_t maxlen = max_length? *max_length : 0;
+  char *p;
+
+  if (!buffer)
+    {
+      /* No buffer given - allocate a new one. */
+      length = 256;
+      buffer = mem_alloc (length);
+      *addr_of_buffer = buffer;
+      if (!buffer)
+        {
+          *length_of_buffer = 0;
+          if (max_length)
+            *max_length = 0;
+          return -1;
+        }
+      *length_of_buffer = length;
+    }
+
+  if (length < 4)
+    {
+      /* This should never happen. If it does, the function has been
+         called with wrong arguments. */
+      _set_errno (EINVAL);
+      return -1;
+    }
+  length -= 3; /* Reserve 3 bytes for CR,LF,EOL. */
+
+  ESTREAM_LOCK (stream);
+  p = buffer;
+  while  ((c = es_getc_unlocked (stream)) != EOF)
+    {
+      if (nbytes == length)
+        {
+          /* Enlarge the buffer. */
+          if (maxlen && length > maxlen)
+            {
+              /* We are beyond our limit: Skip the rest of the line. */
+              while (c != '\n' && (c=es_getc_unlocked (stream)) != EOF)
+                ;
+              *p++ = '\n'; /* Always append a LF (we reserved some space). */
+              nbytes++;
+              if (max_length)
+                *max_length = 0; /* Indicate truncation. */
+              break; /* the while loop. */
+            }
+          length += 3; /* Adjust for the reserved bytes. */
+          length += length < 1024? 256 : 1024;
+          *addr_of_buffer = mem_realloc (buffer, length);
+          if (!*addr_of_buffer)
+            {
+              int save_errno = errno;
+              mem_free (buffer);
+              *length_of_buffer = 0;
+              if (max_length)
+                *max_length = 0;
+              ESTREAM_UNLOCK (stream);
+              _set_errno (save_errno);
+              return -1;
+            }
+          buffer = *addr_of_buffer;
+          *length_of_buffer = length;
+          length -= 3;
+          p = buffer + nbytes;
+	}
+      *p++ = c;
+      nbytes++;
+      if (c == '\n')
+        break;
+    }
+  *p = 0; /* Make sure the line is a string. */
+  ESTREAM_UNLOCK (stream);
+
+  return nbytes;
+}
+
+/* Wrapper around free() to match the memory allocation system used
+   by estream.  Should be used for all buffers returned to the caller
+   by libestream. */
+void
+es_free (void *a)
+{
+  mem_free (a);
+}
+
+
+int
+es_vfprintf_unlocked (estream_t ES__RESTRICT stream,
+                      const char *ES__RESTRICT format,
+                      va_list ap)
+{
+  return es_print (stream, format, ap);
+}
+
+
+int
+es_vfprintf (estream_t ES__RESTRICT stream, const char *ES__RESTRICT format,
+	     va_list ap)
+{
+  int ret;
+
+  ESTREAM_LOCK (stream);
+  ret = es_print (stream, format, ap);
+  ESTREAM_UNLOCK (stream);
+
+  return ret;
+}
+
+
+int
+es_fprintf_unlocked (estream_t ES__RESTRICT stream,
+                     const char *ES__RESTRICT format, ...)
+{
+  int ret;
+
+  va_list ap;
+  va_start (ap, format);
+  ret = es_print (stream, format, ap);
+  va_end (ap);
+
+  return ret;
+}
+
+
+int
+es_fprintf (estream_t ES__RESTRICT stream,
+	    const char *ES__RESTRICT format, ...)
+{
+  int ret;
+
+  va_list ap;
+  va_start (ap, format);
+  ESTREAM_LOCK (stream);
+  ret = es_print (stream, format, ap);
+  ESTREAM_UNLOCK (stream);
+  va_end (ap);
+
+  return ret;
+}
+
+/* A variant of asprintf.  The function returns the allocated buffer
+   or NULL on error; ERRNO is set in the error case.  The caller
+   should use es_free to release the buffer.  This function actually
+   belongs into estream-printf but we put it here as a convenience
+   and because es_free is required anyway.  */
+char *
+es_asprintf (const char *ES__RESTRICT format, ...)
+{
+  int rc;
+  va_list ap;
+  char *buf;
+
+  va_start (ap, format);
+  rc = estream_vasprintf (&buf, format, ap);
+  va_end (ap);
+  if (rc < 0)
+    return NULL;
+  return buf;
+}
+
+
+/* A variant of vasprintf.  The function returns the allocated buffer
+   or NULL on error; ERRNO is set in the error case.  The caller
+   should use es_free to release the buffer.  This function actually
+   belongs into estream-printf but we put it here as a convenience
+   and because es_free is required anyway.  */
+char *
+es_vasprintf (const char *ES__RESTRICT format, va_list ap)
+{
+  int rc;
+  char *buf;
+
+  rc = estream_vasprintf (&buf, format, ap);
+  if (rc < 0)
+    return NULL;
+  return buf;
+}
+
+
+static int
+tmpfd (void)
+{
+#ifdef HAVE_W32_SYSTEM
+  int attempts, n;
+#ifdef HAVE_W32CE_SYSTEM
+  wchar_t buffer[MAX_PATH+9+12+1];
+# define mystrlen(a) wcslen (a)
+  wchar_t *name, *p;
+#else
+  char buffer[MAX_PATH+9+12+1];
+# define mystrlen(a) strlen (a)
+  char *name, *p;
+#endif
+  HANDLE file;
+  int pid = GetCurrentProcessId ();
+  unsigned int value;
+  int i;
+
+  n = GetTempPath (MAX_PATH+1, buffer);
+  if (!n || n > MAX_PATH || mystrlen (buffer) > MAX_PATH)
+    {
+      _set_errno (ENOENT);
+      return -1;
+    }
+  p = buffer + mystrlen (buffer);
+#ifdef HAVE_W32CE_SYSTEM
+  wcscpy (p, L"_estream");
+#else
+  strcpy (p, "_estream");
+#endif
+  p += 8;
+  /* We try to create the directory but don't care about an error as
+     it may already exist and the CreateFile would throw an error
+     anyway.  */
+  CreateDirectory (buffer, NULL);
+  *p++ = '\\';
+  name = p;
+  for (attempts=0; attempts < 10; attempts++)
+    {
+      p = name;
+      value = (GetTickCount () ^ ((pid<<16) & 0xffff0000));
+      for (i=0; i < 8; i++)
+        {
+          *p++ = tohex (((value >> 28) & 0x0f));
+          value <<= 4;
+        }
+#ifdef HAVE_W32CE_SYSTEM
+      wcscpy (p, L".tmp");
+#else
+      strcpy (p, ".tmp");
+#endif
+      file = CreateFile (buffer,
+                         GENERIC_READ | GENERIC_WRITE,
+                         0,
+                         NULL,
+                         CREATE_NEW,
+                         FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE,
+                         NULL);
+      if (file != INVALID_HANDLE_VALUE)
+        {
+#ifdef HAVE_W32CE_SYSTEM
+          int fd = (int)file;
+#else
+          int fd = _open_osfhandle ((long)file, 0);
+          if (fd == -1)
+            {
+              CloseHandle (file);
+              return -1;
+            }
+#endif
+          return fd;
+        }
+      Sleep (1); /* One ms as this is the granularity of GetTickCount.  */
+    }
+  _set_errno (ENOENT);
+  return -1;
+#else /*!HAVE_W32_SYSTEM*/
+  FILE *fp;
+  int fp_fd;
+  int fd;
+
+  fp = NULL;
+  fd = -1;
+
+  fp = tmpfile ();
+  if (! fp)
+    goto out;
+
+  fp_fd = fileno (fp);
+  fd = dup (fp_fd);
+
+ out:
+
+  if (fp)
+    fclose (fp);
+
+  return fd;
+#endif /*!HAVE_W32_SYSTEM*/
+}
+
+estream_t
+es_tmpfile (void)
+{
+  unsigned int modeflags;
+  int create_called;
+  estream_t stream;
+  void *cookie;
+  int err;
+  int fd;
+
+  create_called = 0;
+  stream = NULL;
+  modeflags = O_RDWR | O_TRUNC | O_CREAT;
+  cookie = NULL;
+
+  fd = tmpfd ();
+  if (fd == -1)
+    {
+      err = -1;
+      goto out;
+    }
+
+  err = es_func_fd_create (&cookie, fd, modeflags, 0);
+  if (err)
+    goto out;
+
+  create_called = 1;
+  err = es_create (&stream, cookie, fd, estream_functions_fd, modeflags, 0);
+
+ out:
+
+  if (err)
+    {
+      if (create_called)
+	es_func_fd_destroy (cookie);
+      else if (fd != -1)
+	close (fd);
+      stream = NULL;
+    }
+
+  return stream;
+}
+
+
+int
+es_setvbuf (estream_t ES__RESTRICT stream,
+	    char *ES__RESTRICT buf, int type, size_t size)
+{
+  int err;
+
+  if ((type == _IOFBF || type == _IOLBF || type == _IONBF)
+      && (!buf || size || type == _IONBF))
+    {
+      ESTREAM_LOCK (stream);
+      err = es_set_buffering (stream, buf, type, size);
+      ESTREAM_UNLOCK (stream);
+    }
+  else
+    {
+      _set_errno (EINVAL);
+      err = -1;
+    }
+
+  return err;
+}
+
+
+void
+es_setbuf (estream_t ES__RESTRICT stream, char *ES__RESTRICT buf)
+{
+  ESTREAM_LOCK (stream);
+  es_set_buffering (stream, buf, buf ? _IOFBF : _IONBF, BUFSIZ);
+  ESTREAM_UNLOCK (stream);
+}
+
+void
+es_opaque_set (estream_t stream, void *opaque)
+{
+  ESTREAM_LOCK (stream);
+  es_opaque_ctrl (stream, opaque, NULL);
+  ESTREAM_UNLOCK (stream);
+}
+
+
+void *
+es_opaque_get (estream_t stream)
+{
+  void *opaque;
+
+  ESTREAM_LOCK (stream);
+  es_opaque_ctrl (stream, NULL, &opaque);
+  ESTREAM_UNLOCK (stream);
+
+  return opaque;
+}
+
+
+static void
+fname_set_internal (estream_t stream, const char *fname, int quote)
+{
+  if (stream->intern->printable_fname
+      && !stream->intern->printable_fname_inuse)
+    {
+      mem_free (stream->intern->printable_fname);
+      stream->intern->printable_fname = NULL;
+    }
+  if (stream->intern->printable_fname)
+    return; /* Can't change because it is in use.  */
+
+  if (*fname != '[')
+    quote = 0;
+  else
+    quote = !!quote;
+
+  stream->intern->printable_fname = mem_alloc (strlen (fname) + quote + 1);
+  if (fname)
+    {
+      if (quote)
+        stream->intern->printable_fname[0] = '\\';
+      strcpy (stream->intern->printable_fname+quote, fname);
+    }
+}
+
+
+/* Set the filename attribute of STREAM.  There is no error return.
+   as long as STREAM is valid.  This function is called internally by
+   functions which open a filename.  */
+void
+es_fname_set (estream_t stream, const char *fname)
+{
+  if (fname)
+    {
+      ESTREAM_LOCK (stream);
+      fname_set_internal (stream, fname, 1);
+      ESTREAM_UNLOCK (stream);
+    }
+}
+
+
+/* Return the filename attribute of STREAM.  In case no filename has
+   been set, "[?]" will be returned.  The returned file name is valid
+   as long as STREAM is valid.  */
+const char *
+es_fname_get (estream_t stream)
+{
+  const char *fname;
+
+  ESTREAM_LOCK (stream);
+  fname = stream->intern->printable_fname;
+  if (fname)
+    stream->intern->printable_fname_inuse = 1;
+  ESTREAM_UNLOCK (stream);
+  if (!fname)
+    fname = "[?]";
+  return fname;
+}
+
+
+/* Print a BUFFER to STREAM while replacing all control characters and
+   the characters in DELIMITERS by standard C escape sequences.
+   Returns 0 on success or -1 on error.  If BYTES_WRITTEN is not NULL
+   the number of bytes actually written are stored at this
+   address.  */
+int
+es_write_sanitized (estream_t ES__RESTRICT stream,
+                    const void * ES__RESTRICT buffer, size_t length,
+                    const char * delimiters,
+                    size_t * ES__RESTRICT bytes_written)
+{
+  const unsigned char *p = buffer;
+  size_t count = 0;
+  int ret;
+
+  ESTREAM_LOCK (stream);
+  for (; length; length--, p++, count++)
+    {
+      if (*p < 0x20
+          || *p == 0x7f
+          || (delimiters
+              && (strchr (delimiters, *p) || *p == '\\')))
+        {
+          es_putc_unlocked ('\\', stream);
+          count++;
+          if (*p == '\n')
+            {
+              es_putc_unlocked ('n', stream);
+              count++;
+            }
+          else if (*p == '\r')
+            {
+              es_putc_unlocked ('r', stream);
+              count++;
+            }
+          else if (*p == '\f')
+            {
+              es_putc_unlocked ('f', stream);
+              count++;
+            }
+          else if (*p == '\v')
+            {
+              es_putc_unlocked ('v', stream);
+              count++;
+            }
+          else if (*p == '\b')
+            {
+              es_putc_unlocked ('b', stream);
+              count++;
+            }
+          else if (!*p)
+            {
+              es_putc_unlocked('0', stream);
+              count++;
+            }
+          else
+            {
+              es_fprintf_unlocked (stream, "x%02x", *p);
+              count += 3;
+            }
+	}
+      else
+        {
+          es_putc_unlocked (*p, stream);
+          count++;
+        }
+    }
+
+  if (bytes_written)
+    *bytes_written = count;
+  ret =  es_ferror_unlocked (stream)? -1 : 0;
+  ESTREAM_UNLOCK (stream);
+
+  return ret;
+}
+
+
+/* Write LENGTH bytes of BUFFER to STREAM as a hex encoded string.
+   RESERVED must be 0.  Returns 0 on success or -1 on error.  If
+   BYTES_WRITTEN is not NULL the number of bytes actually written are
+   stored at this address.  */
+int
+es_write_hexstring (estream_t ES__RESTRICT stream,
+                    const void *ES__RESTRICT buffer, size_t length,
+                    int reserved, size_t *ES__RESTRICT bytes_written )
+{
+  int ret;
+  const unsigned char *s;
+  size_t count = 0;
+
+  (void)reserved;
+
+#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
+
+  if (!length)
+    return 0;
+
+  ESTREAM_LOCK (stream);
+
+  for (s = buffer; length; s++, length--)
+    {
+      es_putc_unlocked ( tohex ((*s>>4)&15), stream);
+      es_putc_unlocked ( tohex (*s&15), stream);
+      count += 2;
+    }
+
+  if (bytes_written)
+    *bytes_written = count;
+  ret = es_ferror_unlocked (stream)? -1 : 0;
+
+  ESTREAM_UNLOCK (stream);
+
+  return ret;
+
+#undef tohex
+}
+
+
+
+#ifdef GNUPG_MAJOR_VERSION
+/* Special estream function to print an UTF8 string in the native
+   encoding.  The interface is the same as es_write_sanitized, however
+   only one delimiter may be supported.
+
+   THIS IS NOT A STANDARD ESTREAM FUNCTION AND ONLY USED BY GNUPG!. */
+int
+es_write_sanitized_utf8_buffer (estream_t stream,
+                                const void *buffer, size_t length,
+                                const char *delimiters, size_t *bytes_written)
+{
+  const char *p = buffer;
+  size_t i;
+
+  /* We can handle plain ascii simpler, so check for it first. */
+  for (i=0; i < length; i++ )
+    {
+      if ( (p[i] & 0x80) )
+        break;
+    }
+  if (i < length)
+    {
+      int delim = delimiters? *delimiters : 0;
+      char *buf;
+      int ret;
+
+      /*(utf8 conversion already does the control character quoting). */
+      buf = utf8_to_native (p, length, delim);
+      if (bytes_written)
+        *bytes_written = strlen (buf);
+      ret = es_fputs (buf, stream);
+      xfree (buf);
+      return ret == EOF? ret : (int)i;
+    }
+  else
+    return es_write_sanitized (stream, p, length, delimiters, bytes_written);
+}
+#endif /*GNUPG_MAJOR_VERSION*/
diff -Nru gnupg2-2.1.6/common/estream.h gnupg2-2.0.28/common/estream.h
--- gnupg2-2.1.6/common/estream.h	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/common/estream.h	2015-06-02 08:13:55.000000000 +0000
@@ -0,0 +1,384 @@
+/* estream.h - Extended stream I/O Library
+ * Copyright (C) 2004, 2005, 2006, 2007, 2010 g10 Code GmbH
+ *
+ * This file is part of Libestream.
+ *
+ * Libestream is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Libestream is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Libestream; if not, see .
+ *
+ * ALTERNATIVELY, Libestream may be distributed under the terms of the
+ * following license, in which case the provisions of this license are
+ * required INSTEAD OF the GNU General Public License. If you wish to
+ * allow use of your version of this file only under the terms of the
+ * GNU General Public License, and not to allow others to use your
+ * version of this file under the terms of the following license,
+ * indicate your decision by deleting this paragraph and the license
+ * below.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ESTREAM_H
+#define ESTREAM_H
+
+#include 
+#include 
+#include 
+
+/* To use this file with libraries the following macro is useful:
+
+     #define _ESTREAM_EXT_SYM_PREFIX _foo_
+
+       This prefixes all external symbols with "_foo_".
+
+ */
+
+
+#ifdef _ESTREAM_EXT_SYM_PREFIX
+#ifndef _ESTREAM_PREFIX
+#define _ESTREAM_PREFIX1(x,y)  x ## y
+#define _ESTREAM_PREFIX2(x,y) _ESTREAM_PREFIX1(x,y)
+#define _ESTREAM_PREFIX(x)    _ESTREAM_PREFIX2(_ESTREAM_EXT_SYM_PREFIX,x)
+#endif /*_ESTREAM_PREFIX*/
+#define es_fopen              _ESTREAM_PREFIX(es_fopen)
+#define es_mopen              _ESTREAM_PREFIX(es_mopen)
+#define es_fopenmem           _ESTREAM_PREFIX(es_fopenmem)
+#define es_fopenmem_init      _ESTREAM_PREFIX(es_fopenmem_init)
+#define es_fdopen             _ESTREAM_PREFIX(es_fdopen)
+#define es_fdopen_nc          _ESTREAM_PREFIX(es_fdopen_nc)
+#define es_fpopen             _ESTREAM_PREFIX(es_fpopen)
+#define es_fpopen_nc          _ESTREAM_PREFIX(es_fpopen_nc)
+#define _es_set_std_fd        _ESTREAM_PREFIX(_es_set_std_fd)
+#define _es_get_std_stream    _ESTREAM_PREFIX(_es_get_std_stream)
+#define es_freopen            _ESTREAM_PREFIX(es_freopen)
+#define es_fopencookie        _ESTREAM_PREFIX(es_fopencookie)
+#define es_fclose             _ESTREAM_PREFIX(es_fclose)
+#define es_fclose_snatch      _ESTREAM_PREFIX(es_fclose_snatch)
+#define es_fileno             _ESTREAM_PREFIX(es_fileno)
+#define es_fileno_unlocked    _ESTREAM_PREFIX(es_fileno_unlocked)
+#define es_flockfile          _ESTREAM_PREFIX(es_flockfile)
+#define es_ftrylockfile       _ESTREAM_PREFIX(es_ftrylockfile)
+#define es_funlockfile        _ESTREAM_PREFIX(es_funlockfile)
+#define es_feof               _ESTREAM_PREFIX(es_feof)
+#define es_feof_unlocked      _ESTREAM_PREFIX(es_feof_unlocked)
+#define es_ferror             _ESTREAM_PREFIX(es_ferror)
+#define es_ferror_unlocked    _ESTREAM_PREFIX(es_ferror_unlocked)
+#define es_clearerr           _ESTREAM_PREFIX(es_clearerr)
+#define es_clearerr_unlocked  _ESTREAM_PREFIX(es_clearerr_unlocked)
+#define es_fflush             _ESTREAM_PREFIX(es_fflush)
+#define es_fseek              _ESTREAM_PREFIX(es_fseek)
+#define es_fseeko             _ESTREAM_PREFIX(es_fseeko)
+#define es_ftell              _ESTREAM_PREFIX(es_ftell)
+#define es_ftello             _ESTREAM_PREFIX(es_ftello)
+#define es_rewind             _ESTREAM_PREFIX(es_rewind)
+#define es_fgetc              _ESTREAM_PREFIX(es_fgetc)
+#define es_fputc              _ESTREAM_PREFIX(es_fputc)
+#define _es_getc_underflow    _ESTREAM_PREFIX(_es_getc_underflow)
+#define _es_putc_overflow     _ESTREAM_PREFIX(_es_putc_overflow)
+#define es_ungetc             _ESTREAM_PREFIX(es_ungetc)
+#define es_read               _ESTREAM_PREFIX(es_read)
+#define es_write              _ESTREAM_PREFIX(es_write)
+#define es_write_sanitized    _ESTREAM_PREFIX(es_write_sanitized)
+#define es_write_hexstring    _ESTREAM_PREFIX(es_write_hexstring)
+#define es_fread              _ESTREAM_PREFIX(es_fread)
+#define es_fwrite             _ESTREAM_PREFIX(es_fwrite)
+#define es_fgets              _ESTREAM_PREFIX(es_fgets)
+#define es_fputs              _ESTREAM_PREFIX(es_fputs)
+#define es_fputs_unlocked     _ESTREAM_PREFIX(es_fputs_unlocked)
+#define es_getline            _ESTREAM_PREFIX(es_getline)
+#define es_read_line          _ESTREAM_PREFIX(es_read_line)
+#define es_free               _ESTREAM_PREFIX(es_free)
+#define es_fprintf            _ESTREAM_PREFIX(es_fprintf)
+#define es_fprintf_unlocked   _ESTREAM_PREFIX(es_fprintf_unlocked)
+#define es_vfprintf           _ESTREAM_PREFIX(es_vfprint)
+#define es_vfprintf_unlocked  _ESTREAM_PREFIX(es_vfprint_unlocked)
+#define es_setvbuf            _ESTREAM_PREFIX(es_setvbuf)
+#define es_setbuf             _ESTREAM_PREFIX(es_setbuf)
+#define es_tmpfile            _ESTREAM_PREFIX(es_tmpfile)
+#define es_opaque_set         _ESTREAM_PREFIX(es_opaque_set)
+#define es_opaque_get         _ESTREAM_PREFIX(es_opaque_get)
+#define es_fname_set          _ESTREAM_PREFIX(es_fname_set)
+#define es_fname_get          _ESTREAM_PREFIX(es_fname_get)
+#define es_write_sanitized_utf8_buffer  \
+              _ESTREAM_PREFIX(es_write_sanitized_utf8_buffer)
+#endif /*_ESTREAM_EXT_SYM_PREFIX*/
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0
+}
+#endif
+#endif
+
+
+/* Forward declaration for the (opaque) internal type.  */
+struct estream_internal;
+
+/* The definition of this struct is entirely private.  You must not
+   use it for anything.  It is only here so some functions can be
+   implemented as macros.  */
+struct es__stream
+{
+  /* The layout of this struct must never change.  It may be grown,
+     but only if all functions which access the new members are
+     versioned.  */
+
+  /* A pointer to the stream buffer.  */
+  unsigned char *buffer;
+
+  /* The size of the buffer in bytes.  */
+  size_t buffer_size;
+
+  /* The length of the usable data in the buffer, only valid when in
+     read mode (see flags).  */
+  size_t data_len;
+
+  /* The current position of the offset pointer, valid in read and
+     write mode.  */
+  size_t data_offset;
+
+  size_t data_flushed;
+  unsigned char *unread_buffer;
+  size_t unread_buffer_size;
+
+  /* The number of unread bytes.  */
+  size_t unread_data_len;
+
+  /* Various flags.  */
+  struct {
+    unsigned int writing: 1;
+    unsigned int reserved: 7;
+  } flags;
+
+  /* A pointer to our internal data for this stream.  */
+  struct estream_internal *intern;
+};
+
+/* The opaque type for an estream.  */
+typedef struct es__stream *estream_t;
+
+
+typedef ssize_t (*es_cookie_read_function_t) (void *cookie,
+					      void *buffer, size_t size);
+typedef ssize_t (*es_cookie_write_function_t) (void *cookie,
+					       const void *buffer,
+					       size_t size);
+typedef int (*es_cookie_seek_function_t) (void *cookie,
+					  off_t *pos, int whence);
+typedef int (*es_cookie_close_function_t) (void *cookie);
+
+typedef struct es_cookie_io_functions
+{
+  es_cookie_read_function_t func_read;
+  es_cookie_write_function_t func_write;
+  es_cookie_seek_function_t func_seek;
+  es_cookie_close_function_t func_close;
+} es_cookie_io_functions_t;
+
+
+#ifndef _ESTREAM_GCC_A_PRINTF
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+# define _ESTREAM_GCC_A_PRINTF( f, a )  __attribute__ ((format (printf,f,a)))
+#else
+# define _ESTREAM_GCC_A_PRINTF( f, a )
+#endif
+#endif /*_ESTREAM_GCC_A_PRINTF*/
+
+
+#ifndef ES__RESTRICT
+#  if defined __GNUC__ && defined __GNUC_MINOR__
+#    if  (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 92))
+#      define ES__RESTRICT __restrict__
+#    endif
+#  endif
+#endif
+#ifndef ES__RESTRICT
+#  define ES__RESTRICT
+#endif
+
+int es_init (void);
+
+int es_pth_kill (void);
+
+estream_t es_fopen (const char *ES__RESTRICT path,
+		    const char *ES__RESTRICT mode);
+estream_t es_mopen (unsigned char *ES__RESTRICT data,
+		    size_t data_n, size_t data_len,
+		    unsigned int grow,
+		    void *(*func_realloc) (void *mem, size_t size),
+		    void (*func_free) (void *mem),
+		    const char *ES__RESTRICT mode);
+estream_t es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode);
+estream_t es_fopenmem_init (size_t memlimit, const char *ES__RESTRICT mode,
+                            const void *data, size_t datalen);
+estream_t es_fdopen (int filedes, const char *mode);
+estream_t es_fdopen_nc (int filedes, const char *mode);
+estream_t es_fpopen (FILE *fp, const char *mode);
+estream_t es_fpopen_nc (FILE *fp, const char *mode);
+estream_t es_freopen (const char *ES__RESTRICT path,
+		      const char *ES__RESTRICT mode,
+		      estream_t ES__RESTRICT stream);
+estream_t es_fopencookie (void *ES__RESTRICT cookie,
+			  const char *ES__RESTRICT mode,
+			  es_cookie_io_functions_t functions);
+int es_fclose (estream_t stream);
+int es_fclose_snatch (estream_t stream, void **r_buffer, size_t *r_buflen);
+int es_fileno (estream_t stream);
+int es_fileno_unlocked (estream_t stream);
+
+void _es_set_std_fd (int no, int fd);
+estream_t _es_get_std_stream (int fd);
+
+#define es_stdin  _es_get_std_stream (0)
+#define es_stdout _es_get_std_stream (1)
+#define es_stderr _es_get_std_stream (2)
+
+
+void es_flockfile (estream_t stream);
+int es_ftrylockfile (estream_t stream);
+void es_funlockfile (estream_t stream);
+
+int es_feof (estream_t stream);
+int es_feof_unlocked (estream_t stream);
+int es_ferror (estream_t stream);
+int es_ferror_unlocked (estream_t stream);
+void es_clearerr (estream_t stream);
+void es_clearerr_unlocked (estream_t stream);
+
+int es_fflush (estream_t stream);
+int es_fseek (estream_t stream, long int offset, int whence);
+int es_fseeko (estream_t stream, off_t offset, int whence);
+long int es_ftell (estream_t stream);
+off_t es_ftello (estream_t stream);
+void es_rewind (estream_t stream);
+
+int es_fgetc (estream_t stream);
+int es_fputc (int c, estream_t stream);
+
+int _es_getc_underflow (estream_t stream);
+int _es_putc_overflow (int c, estream_t stream);
+
+#define es_getc_unlocked(stream)				\
+  (((!(stream)->flags.writing)					\
+    && ((stream)->data_offset < (stream)->data_len)		\
+    && (! (stream)->unread_data_len))				\
+  ? ((int) (stream)->buffer[((stream)->data_offset)++])		\
+  : _es_getc_underflow ((stream)))
+
+#define es_putc_unlocked(c, stream)				\
+  (((stream)->flags.writing					\
+    && ((stream)->data_offset < (stream)->buffer_size)		\
+    && (c != '\n'))						\
+  ? ((int) ((stream)->buffer[((stream)->data_offset)++] = (c)))	\
+  : _es_putc_overflow ((c), (stream)))
+
+#define es_getc(stream)    es_fgetc (stream)
+#define es_putc(c, stream) es_fputc (c, stream)
+
+int es_ungetc (int c, estream_t stream);
+
+int es_read (estream_t ES__RESTRICT stream,
+	     void *ES__RESTRICT buffer, size_t bytes_to_read,
+	     size_t *ES__RESTRICT bytes_read);
+int es_write (estream_t ES__RESTRICT stream,
+	      const void *ES__RESTRICT buffer, size_t bytes_to_write,
+	      size_t *ES__RESTRICT bytes_written);
+int es_write_sanitized (estream_t ES__RESTRICT stream,
+                        const void *ES__RESTRICT buffer, size_t length,
+                        const char *delimiters,
+                        size_t *ES__RESTRICT bytes_written);
+int es_write_hexstring (estream_t ES__RESTRICT stream,
+                        const void *ES__RESTRICT buffer, size_t length,
+                        int reserved, size_t *ES__RESTRICT bytes_written);
+
+size_t es_fread (void *ES__RESTRICT ptr, size_t size, size_t nitems,
+		 estream_t ES__RESTRICT stream);
+size_t es_fwrite (const void *ES__RESTRICT ptr, size_t size, size_t memb,
+		  estream_t ES__RESTRICT stream);
+
+char *es_fgets (char *ES__RESTRICT s, int n, estream_t ES__RESTRICT stream);
+int es_fputs (const char *ES__RESTRICT s, estream_t ES__RESTRICT stream);
+int es_fputs_unlocked (const char *ES__RESTRICT s,
+                       estream_t ES__RESTRICT stream);
+
+ssize_t es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr,
+		    size_t *ES__RESTRICT n,
+		    estream_t stream);
+ssize_t es_read_line (estream_t stream,
+                      char **addr_of_buffer, size_t *length_of_buffer,
+                      size_t *max_length);
+void es_free (void *a);
+
+int es_fprintf (estream_t ES__RESTRICT stream,
+		const char *ES__RESTRICT format, ...)
+     _ESTREAM_GCC_A_PRINTF(2,3);
+int es_fprintf_unlocked (estream_t ES__RESTRICT stream,
+                         const char *ES__RESTRICT format, ...)
+     _ESTREAM_GCC_A_PRINTF(2,3);
+
+int es_vfprintf (estream_t ES__RESTRICT stream,
+		 const char *ES__RESTRICT format, va_list ap)
+     _ESTREAM_GCC_A_PRINTF(2,0);
+int es_vfprintf_unlocked (estream_t ES__RESTRICT stream,
+                          const char *ES__RESTRICT format, va_list ap)
+     _ESTREAM_GCC_A_PRINTF(2,0);
+
+int es_setvbuf (estream_t ES__RESTRICT stream,
+		char *ES__RESTRICT buf, int mode, size_t size);
+void es_setbuf (estream_t ES__RESTRICT stream, char *ES__RESTRICT buf);
+
+estream_t es_tmpfile (void);
+
+void es_opaque_set (estream_t ES__RESTRICT stream, void *ES__RESTRICT opaque);
+void *es_opaque_get (estream_t stream);
+
+void es_fname_set (estream_t stream, const char *fname);
+const char *es_fname_get (estream_t stream);
+
+
+#ifdef GNUPG_MAJOR_VERSION
+int es_write_sanitized_utf8_buffer (estream_t stream,
+                                    const void *buffer, size_t length,
+                                    const char *delimiters,
+                                    size_t *bytes_written);
+#endif /*GNUPG_MAJOR_VERSION*/
+
+#ifdef __cplusplus
+}
+#endif
+#endif /*ESTREAM_H*/
diff -Nru gnupg2-2.1.6/common/estream-printf.c gnupg2-2.0.28/common/estream-printf.c
--- gnupg2-2.1.6/common/estream-printf.c	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/common/estream-printf.c	2015-06-02 08:13:55.000000000 +0000
@@ -0,0 +1,1790 @@
+/* estream-printf.c - Versatile C-99 compliant printf formatting
+ * Copyright (C) 2007, 2008, 2009 g10 Code GmbH
+ *
+ * This file is part of Libestream.
+ *
+ * Libestream is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Libestream is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Libestream; if not, see .
+ */
+
+/*  Required autoconf tests:
+
+    AC_TYPE_LONG_LONG_INT            defines HAVE_LONG_LONG_INT
+    AC_TYPE_LONG_DOUBLE              defines HAVE_LONG_DOUBLE
+    AC_TYPE_INTMAX_T                 defines HAVE_INTMAX_T
+    AC_TYPE_UINTMAX_T                defines HAVE_UINTMAX_T
+    AC_CHECK_TYPES([ptrdiff_t])      defines HAVE_PTRDIFF_T
+    AC_CHECK_SIZEOF([unsigned long]) defines SIZEOF_UNSIGNED_LONG
+    AC_CHECK_SIZEOF([void *])        defines SIZEOF_VOID_P
+                                             HAVE_LANGINFO_THOUSANDS_SEP
+
+    Note that the file estream.m4 provides the autoconf macro
+    ESTREAM_PRINTF_INIT which runs all required checks.
+    See estream-printf.h for ways to tune this code.
+
+  Missing stuff:  wchar and wint_t
+                  thousands_sep in pr_float.
+
+*/
+
+#ifdef HAVE_CONFIG_H
+# include 
+#endif
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#if defined(HAVE_INTMAX_T) || defined(HAVE_UINTMAX_T)
+# ifdef HAVE_STDINT_H
+#  include 
+# endif
+#endif
+#ifdef HAVE_LANGINFO_THOUSANDS_SEP
+#include 
+#endif
+#ifdef _ESTREAM_PRINTF_EXTRA_INCLUDE
+# include _ESTREAM_PRINTF_EXTRA_INCLUDE
+#endif
+#include "estream-printf.h"
+
+/* #define DEBUG 1 */
+
+
+/* Allow redefinition of asprintf used malloc functions.  */
+#if defined(_ESTREAM_PRINTF_MALLOC)
+#define my_printf_malloc(a) _ESTREAM_PRINTF_MALLOC((a))
+#else
+#define my_printf_malloc(a) malloc((a))
+#endif
+#if defined(_ESTREAM_PRINTF_FREE)
+#define my_printf_free(a)   _ESTREAM_PRINTF_FREE((a))
+#else
+#define my_printf_free(a)   free((a))
+#endif
+
+
+/* Calculate array dimension.  */
+#ifndef DIM
+#define DIM(array) (sizeof (array) / sizeof (*array))
+#endif
+
+
+/* We allow for that many args without requiring malloced memory. */
+#define DEFAULT_MAX_ARGSPECS  5
+
+/* We allow for that many values without requiring malloced memory. */
+#define DEFAULT_MAX_VALUES  8
+
+/* We allocate this many new array argspec elements each time.  */
+#define ARGSPECS_BUMP_VALUE   10
+
+/* Special values for the field width and the precision.  */
+#define NO_FIELD_VALUE   (-1)
+#define STAR_FIELD_VALUE (-2)
+
+/* Bit valuues used for the conversion flags. */
+#define FLAG_GROUPING   1
+#define FLAG_LEFT_JUST  2
+#define FLAG_PLUS_SIGN  4
+#define FLAG_SPACE_PLUS 8
+#define FLAG_ALT_CONV   16
+#define FLAG_ZERO_PAD   32
+
+/* Constants used the length modifiers.  */
+typedef enum
+  {
+    LENMOD_NONE = 0,
+    LENMOD_CHAR,     /* "hh" */
+    LENMOD_SHORT,    /* "h"  */
+    LENMOD_LONG,     /* "l"  */
+    LENMOD_LONGLONG, /* "ll" */
+    LENMOD_INTMAX,   /* "j"  */
+    LENMOD_SIZET,    /* "z"  */
+    LENMOD_PTRDIFF,  /* "t"  */
+    LENMOD_LONGDBL   /* "L"  */
+  } lenmod_t;
+
+/* All the conversion specifiers.  */
+typedef enum
+  {
+    CONSPEC_UNKNOWN = 0,
+    CONSPEC_DECIMAL,
+    CONSPEC_OCTAL,
+    CONSPEC_UNSIGNED,
+    CONSPEC_HEX,
+    CONSPEC_HEX_UP,
+    CONSPEC_FLOAT,
+    CONSPEC_FLOAT_UP,
+    CONSPEC_EXP,
+    CONSPEC_EXP_UP,
+    CONSPEC_F_OR_G,
+    CONSPEC_F_OR_G_UP,
+    CONSPEC_HEX_EXP,
+    CONSPEC_HEX_EXP_UP,
+    CONSPEC_CHAR,
+    CONSPEC_STRING,
+    CONSPEC_POINTER,
+    CONSPEC_STRERROR,
+    CONSPEC_BYTES_SO_FAR
+  } conspec_t;
+
+
+/* Constants describing all the suppoorted types.  Note that we list
+   all the types we know about even if certain types are not available
+   on this system. */
+typedef enum
+  {
+    VALTYPE_UNSUPPORTED = 0,  /* Artificial type for error detection.  */
+    VALTYPE_CHAR,
+    VALTYPE_SCHAR,
+    VALTYPE_UCHAR,
+    VALTYPE_SHORT,
+    VALTYPE_USHORT,
+    VALTYPE_INT,
+    VALTYPE_UINT,
+    VALTYPE_LONG,
+    VALTYPE_ULONG,
+    VALTYPE_LONGLONG,
+    VALTYPE_ULONGLONG,
+    VALTYPE_DOUBLE,
+    VALTYPE_LONGDOUBLE,
+    VALTYPE_STRING,
+    VALTYPE_INTMAX,
+    VALTYPE_UINTMAX,
+    VALTYPE_SIZE,
+    VALTYPE_PTRDIFF,
+    VALTYPE_POINTER,
+    VALTYPE_CHAR_PTR,
+    VALTYPE_SCHAR_PTR,
+    VALTYPE_SHORT_PTR,
+    VALTYPE_INT_PTR,
+    VALTYPE_LONG_PTR,
+    VALTYPE_LONGLONG_PTR,
+    VALTYPE_INTMAX_PTR,
+    VALTYPE_SIZE_PTR,
+    VALTYPE_PTRDIFF_PTR
+  } valtype_t;
+
+
+/* A union used to store the actual values. */
+typedef union
+{
+  char a_char;
+  signed char a_schar;
+  unsigned char a_uchar;
+  short a_short;
+  unsigned short a_ushort;
+  int a_int;
+  unsigned int a_uint;
+  long int a_long;
+  unsigned long int a_ulong;
+#ifdef HAVE_LONG_LONG_INT
+  long long int a_longlong;
+  unsigned long long int a_ulonglong;
+#endif
+  double a_double;
+#ifdef HAVE_LONG_DOUBLE
+  long double a_longdouble;
+#endif
+  const char *a_string;
+#ifdef HAVE_INTMAX_T
+  intmax_t a_intmax;
+#endif
+#ifdef HAVE_UINTMAX_T
+  intmax_t a_uintmax;
+#endif
+  size_t a_size;
+#ifdef HAVE_PTRDIFF_T
+  ptrdiff_t a_ptrdiff;
+#endif
+  void *a_void_ptr;
+  char *a_char_ptr;
+  signed char *a_schar_ptr;
+  short *a_short_ptr;
+  int  *a_int_ptr;
+  long *a_long_ptr;
+#ifdef HAVE_LONG_LONG_INT
+  long long int *a_longlong_ptr;
+#endif
+#ifdef HAVE_INTMAX_T
+  intmax_t *a_intmax_ptr;
+#endif
+  size_t *a_size_ptr;
+#ifdef HAVE_PTRDIFF_T
+  ptrdiff_t *a_ptrdiff_ptr;
+#endif
+} value_t;
+
+/* An object used to keep track of a format option and arguments. */
+struct argspec_s
+{
+  size_t length;       /* The length of these args including the percent.  */
+  unsigned int flags;  /* The conversion flags (bits defined by FLAG_foo).  */
+  int width;           /* The field width.  */
+  int precision;       /* The precision.  */
+  lenmod_t lenmod;     /* The length modifier.  */
+  conspec_t conspec;   /* The conversion specifier.  */
+  int arg_pos;         /* The position of the argument.  This one may
+                          be -1 to indicate that no value is expected
+                          (e.g. for "%m").  */
+  int width_pos;       /* The position of the argument for a field
+                          width star's value. 0 for not used.  */
+  int precision_pos;   /* The position of the argument for the a
+                          precision star's value.  0 for not used. */
+  valtype_t vt;        /* The type of the corresponding argument.  */
+};
+typedef struct argspec_s *argspec_t;
+
+/* An object to build up a table of values and their types.  */
+struct valueitem_s
+{
+  valtype_t vt;  /* The type of the value.  */
+  value_t value; /* The value.  */
+};
+typedef struct valueitem_s *valueitem_t;
+
+
+#ifdef DEBUG
+static void
+dump_argspecs (argspec_t arg, size_t argcount)
+{
+  int idx;
+
+  for (idx=0; argcount; argcount--, arg++, idx++)
+    fprintf (stderr,
+             "%2d: len=%u flags=%u width=%d prec=%d mod=%d "
+             "con=%d vt=%d pos=%d-%d-%d\n",
+             idx,
+             (unsigned int)arg->length,
+             arg->flags,
+             arg->width,
+             arg->precision,
+             arg->lenmod,
+             arg->conspec,
+             arg->vt,
+             arg->arg_pos,
+             arg->width_pos,
+             arg->precision_pos);
+}
+#endif /*DEBUG*/
+
+
+/* Set the vt field for ARG.  */
+static void
+compute_type (argspec_t arg)
+{
+  switch (arg->conspec)
+    {
+    case CONSPEC_UNKNOWN:
+      arg->vt = VALTYPE_UNSUPPORTED;
+      break;
+
+    case CONSPEC_DECIMAL:
+      switch (arg->lenmod)
+        {
+        case LENMOD_CHAR: arg->vt = VALTYPE_SCHAR; break;
+        case LENMOD_SHORT: arg->vt = VALTYPE_SHORT; break;
+        case LENMOD_LONG: arg->vt = VALTYPE_LONG; break;
+        case LENMOD_LONGLONG: arg->vt = VALTYPE_LONGLONG; break;
+        case LENMOD_INTMAX: arg->vt = VALTYPE_INTMAX; break;
+        case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;
+        case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF; break;
+        default: arg->vt = VALTYPE_INT; break;
+        }
+      break;
+
+    case CONSPEC_OCTAL:
+    case CONSPEC_UNSIGNED:
+    case CONSPEC_HEX:
+    case CONSPEC_HEX_UP:
+      switch (arg->lenmod)
+        {
+        case LENMOD_CHAR: arg->vt = VALTYPE_UCHAR; break;
+        case LENMOD_SHORT: arg->vt = VALTYPE_USHORT; break;
+        case LENMOD_LONG: arg->vt = VALTYPE_ULONG; break;
+        case LENMOD_LONGLONG: arg->vt = VALTYPE_ULONGLONG; break;
+        case LENMOD_INTMAX: arg->vt = VALTYPE_UINTMAX; break;
+        case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;
+        case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF; break;
+        default: arg->vt = VALTYPE_UINT; break;
+        }
+      break;
+
+    case CONSPEC_FLOAT:
+    case CONSPEC_FLOAT_UP:
+    case CONSPEC_EXP:
+    case CONSPEC_EXP_UP:
+    case CONSPEC_F_OR_G:
+    case CONSPEC_F_OR_G_UP:
+    case CONSPEC_HEX_EXP:
+    case CONSPEC_HEX_EXP_UP:
+      switch (arg->lenmod)
+        {
+        case LENMOD_LONGDBL: arg->vt = VALTYPE_LONGDOUBLE; break;
+        case LENMOD_LONG: arg->vt = VALTYPE_DOUBLE; break;
+        default: arg->vt = VALTYPE_DOUBLE; break;
+        }
+      break;
+
+    case CONSPEC_CHAR:
+      arg->vt = VALTYPE_INT;
+      break;
+
+    case CONSPEC_STRING:
+      arg->vt = VALTYPE_STRING;
+      break;
+
+    case CONSPEC_POINTER:
+      arg->vt = VALTYPE_POINTER;
+      break;
+
+    case CONSPEC_STRERROR:
+      arg->vt = VALTYPE_STRING;
+      break;
+
+    case CONSPEC_BYTES_SO_FAR:
+      switch (arg->lenmod)
+        {
+        case LENMOD_CHAR: arg->vt = VALTYPE_SCHAR_PTR; break;
+        case LENMOD_SHORT: arg->vt = VALTYPE_SHORT_PTR; break;
+        case LENMOD_LONG: arg->vt = VALTYPE_LONG_PTR; break;
+        case LENMOD_LONGLONG: arg->vt = VALTYPE_LONGLONG_PTR; break;
+        case LENMOD_INTMAX: arg->vt = VALTYPE_INTMAX_PTR; break;
+        case LENMOD_SIZET: arg->vt = VALTYPE_SIZE_PTR; break;
+        case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF_PTR; break;
+        default: arg->vt = VALTYPE_INT_PTR; break;
+        }
+      break;
+
+    }
+}
+
+
+
+/* Parse the FORMAT string and populate the specification array stored
+   at the address ARGSPECS_ADDR.  The caller has provided enough space
+   to store up to MAX_ARGSPECS in that buffer.  The function may
+   however ignore the provided buffer and malloc a larger one.  On
+   success the addrrss of that larger buffer will be stored at
+   ARGSPECS_ADDR.  The actual number of specifications will be
+   returned at R_ARGSPECS_COUNT. */
+static int
+parse_format (const char *format,
+              argspec_t *argspecs_addr, size_t max_argspecs,
+              size_t *r_argspecs_count)
+{
+  const char *s;
+  argspec_t argspecs = *argspecs_addr;
+  argspec_t arg;
+  size_t argcount = 0;
+
+  if (!format)
+    goto leave_einval;
+
+  for (; *format; format++)
+    {
+      unsigned int flags;
+      int width, precision;
+      lenmod_t lenmod;
+      conspec_t conspec;
+      int arg_pos, width_pos, precision_pos;
+
+      if (*format != '%')
+        continue;
+      s = ++format;
+      if (!*s)
+        goto leave_einval;
+      if (*s == '%')
+        continue; /* Just a quoted percent.  */
+
+      /* First check whether there is a positional argument.  */
+      arg_pos = 0; /* No positional argument given.  */
+      if (*s >= '1' && *s <= '9')
+        {
+          const char *save_s = s;
+
+          arg_pos = (*s++ - '0');
+          for (; *s >= '0' && *s <= '9'; s++)
+            arg_pos = 10*arg_pos + (*s - '0');
+          if (arg_pos < 0)
+            goto leave_einval; /* Overflow during conversion.  */
+          if (*s == '$')
+            s++;
+          else
+            {
+              arg_pos = 0;
+              s = save_s;
+            }
+        }
+
+      /* Parse the flags.  */
+      flags = 0;
+      for ( ; *s; s++)
+        {
+          switch (*s)
+            {
+            case '\'': flags |= FLAG_GROUPING; break;
+            case '-': flags |= FLAG_LEFT_JUST; break;
+            case '+': flags |= FLAG_PLUS_SIGN; break;
+            case ' ': flags |= FLAG_SPACE_PLUS; break;
+            case '#': flags |= FLAG_ALT_CONV; break;
+            case '0': flags |= FLAG_ZERO_PAD; break;
+            default:
+              goto flags_parsed;
+            }
+        }
+    flags_parsed:
+
+      /* Parse the field width.  */
+      width_pos = 0;
+      if (*s == '*')
+        {
+          width = STAR_FIELD_VALUE;
+          s++;
+          /* If we have a positional argument, another one might also
+             be used to give the position of the star's value. */
+          if (arg_pos && *s >= '1' && *s <= '9')
+            {
+              width_pos = (*s++ - '0');
+              for (; *s >= '0' && *s <= '9'; s++)
+                width_pos = 10*width_pos + (*s - '0');
+              if (width_pos < 1)
+                goto leave_einval; /* Overflow during conversion.  */
+              if (*s != '$')
+                goto leave_einval; /* Not followed by $.  */
+              s++;
+            }
+        }
+      else if ( *s >= '0' && *s <= '9')
+        {
+          width = (*s++ - '0');
+          for (; *s >= '0' && *s <= '9'; s++)
+            {
+              if (!width && *s == '0')
+                goto leave_einval; /* Leading zeroes are not allowed.
+                                      Fixme: check what other
+                                      implementations do. */
+              width = 10*width + (*s - '0');
+            }
+          if (width < 0)
+            goto leave_einval; /* Overflow during conversion.  */
+        }
+      else
+        width = NO_FIELD_VALUE;
+
+      /* Parse the precision.  */
+      precision_pos = 0;
+      precision = NO_FIELD_VALUE;
+      if (*s == '.')
+        {
+          int ignore_value = (s[1] == '-');
+
+          s++;
+          if (*s == '*')
+            {
+              precision = STAR_FIELD_VALUE;
+              s++;
+              /* If we have a positional argument, another one might also
+                 be used to give the position of the star's value. */
+              if (arg_pos && *s >= '1' && *s <= '9')
+                {
+                  precision_pos = (*s++ - '0');
+                  for (; *s >= '0' && *s <= '9'; s++)
+                    precision_pos = 10*precision_pos + (*s - '0');
+                  if (precision_pos < 1)
+                    goto leave_einval; /* Overflow during conversion.  */
+                  if (*s != '$')
+                    goto leave_einval; /* Not followed by $.  */
+                  s++;
+                }
+            }
+          else if ( *s >= '0' && *s <= '9')
+            {
+              precision = (*s++ - '0');
+              for (; *s >= '0' && *s <= '9'; s++)
+                {
+                  if (!precision && *s == '0')
+                    goto leave_einval; /* Leading zeroes are not allowed.
+                                          Fixme: check what other
+                                          implementations do. */
+                  precision = 10*precision + (*s - '0');
+                }
+              if (precision < 0)
+                goto leave_einval; /* Overflow during conversion.  */
+            }
+          else
+            precision = 0;
+          if (ignore_value)
+            precision = NO_FIELD_VALUE;
+        }
+
+      /* Parse the length modifiers.  */
+      switch (*s)
+        {
+        case 'h':
+          if (s[1] == 'h')
+            {
+              lenmod = LENMOD_CHAR;
+              s++;
+            }
+          else
+            lenmod = LENMOD_SHORT;
+          s++;
+          break;
+        case 'l':
+          if (s[1] == 'l')
+            {
+              lenmod = LENMOD_LONGLONG;
+              s++;
+            }
+          else
+            lenmod = LENMOD_LONG;
+          s++;
+          break;
+        case 'j': lenmod = LENMOD_INTMAX; s++; break;
+        case 'z': lenmod = LENMOD_SIZET; s++; break;
+        case 't': lenmod = LENMOD_PTRDIFF; s++; break;
+        case 'L': lenmod = LENMOD_LONGDBL; s++; break;
+        default:  lenmod = LENMOD_NONE; break;
+        }
+
+      /* Parse the conversion specifier.  */
+      switch (*s)
+        {
+        case 'd':
+        case 'i': conspec = CONSPEC_DECIMAL; break;
+        case 'o': conspec = CONSPEC_OCTAL; break;
+        case 'u': conspec = CONSPEC_UNSIGNED; break;
+        case 'x': conspec = CONSPEC_HEX; break;
+        case 'X': conspec = CONSPEC_HEX_UP; break;
+        case 'f': conspec = CONSPEC_FLOAT; break;
+        case 'F': conspec = CONSPEC_FLOAT_UP; break;
+        case 'e': conspec = CONSPEC_EXP; break;
+        case 'E': conspec = CONSPEC_EXP_UP; break;
+        case 'g': conspec = CONSPEC_F_OR_G; break;
+        case 'G': conspec = CONSPEC_F_OR_G_UP; break;
+        case 'a': conspec = CONSPEC_HEX_EXP; break;
+        case 'A': conspec = CONSPEC_HEX_EXP_UP; break;
+        case 'c': conspec = CONSPEC_CHAR; break;
+        case 's': conspec = CONSPEC_STRING; break;
+        case 'p': conspec = CONSPEC_POINTER; break;
+        case 'n': conspec = CONSPEC_BYTES_SO_FAR; break;
+        case 'C': conspec = CONSPEC_CHAR; lenmod = LENMOD_LONG; break;
+        case 'S': conspec = CONSPEC_STRING; lenmod = LENMOD_LONG; break;
+        case 'm': conspec = CONSPEC_STRERROR; arg_pos = -1; break;
+        default: conspec = CONSPEC_UNKNOWN;
+        }
+
+      /* Save the args. */
+      if (argcount >= max_argspecs)
+        {
+          /* We either need to allocate a new array instead of the
+             caller provided one or realloc the array.  Instead of
+             using realloc we allocate a new one and release the
+             original one then. */
+          size_t n, newmax;
+          argspec_t newarg;
+
+          newmax = max_argspecs + ARGSPECS_BUMP_VALUE;
+          if (newmax <= max_argspecs)
+            goto leave_einval;  /* Too many arguments. */
+          newarg = calloc (newmax, sizeof *newarg);
+          if (!newarg)
+            goto leave;
+          for (n=0; n < argcount; n++)
+            newarg[n] = argspecs[n];
+          if (argspecs != *argspecs_addr)
+            free (argspecs);
+          argspecs = newarg;
+          max_argspecs = newmax;
+        }
+
+      arg = argspecs + argcount;
+      arg->length = s - format + 2;
+      arg->flags = flags;
+      arg->width = width;
+      arg->precision = precision;
+      arg->lenmod = lenmod;
+      arg->conspec = conspec;
+      arg->arg_pos = arg_pos;
+      arg->width_pos = width_pos;
+      arg->precision_pos = precision_pos;
+      compute_type (arg);
+      argcount++;
+      format = s;
+    }
+
+  *argspecs_addr = argspecs;
+  *r_argspecs_count = argcount;
+  return 0; /* Success.  */
+
+ leave_einval:
+  errno = EINVAL;
+ leave:
+  if (argspecs != *argspecs_addr)
+    free (argspecs);
+  *argspecs_addr = NULL;
+  return -1;
+}
+
+
+/* This function reads all the values as specified by VALUETABLE into
+   VALUETABLE.  The values are expected in VAARGS.  The function
+   returns -1 if a specified type is not supported. */
+static int
+read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs)
+{
+  int validx;
+
+  for (validx=0; validx < valuetable_len; validx++)
+    {
+      value_t *value = &valuetable[validx].value;
+      valtype_t vt = valuetable[validx].vt;
+
+      switch (vt)
+        {
+        case VALTYPE_CHAR: value->a_char = va_arg (vaargs, int); break;
+        case VALTYPE_CHAR_PTR:
+          value->a_char_ptr = va_arg (vaargs, char *);
+          break;
+        case VALTYPE_SCHAR: value->a_schar = va_arg (vaargs, int); break;
+        case VALTYPE_SCHAR_PTR:
+          value->a_schar_ptr = va_arg (vaargs, signed char *);
+          break;
+        case VALTYPE_UCHAR: value->a_uchar = va_arg (vaargs, int); break;
+        case VALTYPE_SHORT: value->a_short = va_arg (vaargs, int); break;
+        case VALTYPE_USHORT: value->a_ushort = va_arg (vaargs, int); break;
+        case VALTYPE_SHORT_PTR:
+          value->a_short_ptr = va_arg (vaargs, short *);
+          break;
+        case VALTYPE_INT:
+          value->a_int = va_arg (vaargs, int);
+          break;
+        case VALTYPE_INT_PTR:
+          value->a_int_ptr = va_arg (vaargs, int *);
+          break;
+        case VALTYPE_UINT:
+          value->a_uint = va_arg (vaargs, unsigned int);
+          break;
+        case VALTYPE_LONG:
+          value->a_long = va_arg (vaargs, long);
+          break;
+        case VALTYPE_ULONG:
+          value->a_ulong = va_arg (vaargs, unsigned long);
+          break;
+        case VALTYPE_LONG_PTR:
+          value->a_long_ptr = va_arg (vaargs, long *);
+          break;
+#ifdef HAVE_LONG_LONG_INT
+        case VALTYPE_LONGLONG:
+          value->a_longlong = va_arg (vaargs, long long int);
+          break;
+        case VALTYPE_ULONGLONG:
+          value->a_ulonglong = va_arg (vaargs, unsigned long long int);
+          break;
+        case VALTYPE_LONGLONG_PTR:
+          value->a_longlong_ptr = va_arg (vaargs, long long *);
+          break;
+#endif
+        case VALTYPE_DOUBLE:
+          value->a_double = va_arg (vaargs, double);
+          break;
+#ifdef HAVE_LONG_DOUBLE
+        case VALTYPE_LONGDOUBLE:
+          value->a_longdouble = va_arg (vaargs, long double);
+          break;
+#endif
+        case VALTYPE_STRING:
+          value->a_string = va_arg (vaargs, const char *);
+          break;
+        case VALTYPE_POINTER:
+          value->a_void_ptr = va_arg (vaargs, void *);
+          break;
+#ifdef HAVE_INTMAX_T
+        case VALTYPE_INTMAX:
+          value->a_intmax = va_arg (vaargs, intmax_t);
+          break;
+        case VALTYPE_INTMAX_PTR:
+          value->a_intmax_ptr = va_arg (vaargs, intmax_t *);
+          break;
+#endif
+#ifdef HAVE_UINTMAX_T
+        case VALTYPE_UINTMAX:
+          value->a_uintmax = va_arg (vaargs, uintmax_t);
+          break;
+#endif
+        case VALTYPE_SIZE:
+          value->a_size = va_arg (vaargs, size_t);
+          break;
+        case VALTYPE_SIZE_PTR:
+          value->a_size_ptr = va_arg (vaargs, size_t *);
+          break;
+#ifdef HAVE_PTRDIFF_T
+        case VALTYPE_PTRDIFF:
+          value->a_ptrdiff = va_arg (vaargs, ptrdiff_t);
+          break;
+        case VALTYPE_PTRDIFF_PTR:
+          value->a_ptrdiff_ptr = va_arg (vaargs, ptrdiff_t *);
+          break;
+#endif
+        default: /* Unsupported type.  */
+          return -1;
+        }
+    }
+  return 0;
+}
+
+
+
+/* Output COUNT padding characters PADCHAR and update NBYTES by the
+   number of bytes actually written.  */
+static int
+pad_out (estream_printf_out_t outfnc, void *outfncarg,
+         int padchar, int count, size_t *nbytes)
+{
+  char buf[32];
+  size_t n;
+  int rc;
+
+  while (count > 0)
+    {
+      n = (count <= sizeof buf)? count : sizeof buf;
+      memset (buf, padchar, n);
+      rc = outfnc (outfncarg, buf, n);
+      if (rc)
+        return rc;
+      *nbytes += n;
+      count -= n;
+    }
+
+  return 0;
+}
+
+
+/* "d,i,o,u,x,X" formatting.  OUTFNC and OUTFNCARG describes the
+   output routine, ARG gives the argument description and VALUE the
+   actual value (its type is available through arg->vt).  */
+static int
+pr_integer (estream_printf_out_t outfnc, void *outfncarg,
+            argspec_t arg, value_t value, size_t *nbytes)
+{
+  int rc;
+#ifdef HAVE_LONG_LONG_INT
+  unsigned long long aulong;
+#else
+  unsigned long aulong;
+#endif
+  char numbuf[100];
+  char *p, *pend;
+  size_t n;
+  char signchar = 0;
+  int n_prec;  /* Number of extra precision digits required.  */
+  int n_extra; /* Extra number of prefix or sign characters.  */
+
+  if (arg->conspec == CONSPEC_DECIMAL)
+    {
+#ifdef HAVE_LONG_LONG_INT
+      long long along;
+#else
+      long along;
+#endif
+
+      switch (arg->vt)
+        {
+        case VALTYPE_SHORT: along = value.a_short; break;
+        case VALTYPE_INT: along = value.a_int; break;
+        case VALTYPE_LONG: along = value.a_long; break;
+#ifdef HAVE_LONG_LONG_INT
+        case VALTYPE_LONGLONG: along = value.a_longlong; break;
+        case VALTYPE_SIZE: along = value.a_size; break;
+# ifdef HAVE_INTMAX_T
+        case VALTYPE_INTMAX: along = value.a_intmax; break;
+# endif
+# ifdef HAVE_PTRDIFF_T
+        case VALTYPE_PTRDIFF: along = value.a_ptrdiff; break;
+# endif
+#endif /*HAVE_LONG_LONG_INT*/
+        default:
+          return -1;
+        }
+      if (along < 0)
+        {
+          aulong = -along;
+          signchar = '-';
+        }
+      else
+        aulong = along;
+    }
+  else
+    {
+      switch (arg->vt)
+        {
+        case VALTYPE_USHORT: aulong = value.a_ushort; break;
+        case VALTYPE_UINT: aulong = value.a_uint; break;
+        case VALTYPE_ULONG: aulong = value.a_ulong; break;
+#ifdef HAVE_LONG_LONG_INT
+        case VALTYPE_ULONGLONG: aulong = value.a_ulonglong; break;
+        case VALTYPE_SIZE: aulong = value.a_size; break;
+# ifdef HAVE_UINTMAX_T
+        case VALTYPE_UINTMAX: aulong = value.a_uintmax; break;
+# endif
+# ifdef HAVE_PTRDIFF_T
+        case VALTYPE_PTRDIFF: aulong = value.a_ptrdiff; break;
+# endif
+#endif /*HAVE_LONG_LONG_INT*/
+        default:
+          return -1;
+        }
+    }
+
+  if (signchar == '-')
+    ;
+  else if ((arg->flags & FLAG_PLUS_SIGN))
+    signchar = '+';
+  else if ((arg->flags & FLAG_SPACE_PLUS))
+    signchar = ' ';
+
+  n_extra = !!signchar;
+
+  /* We build the string up backwards.  */
+  p = pend = numbuf + DIM(numbuf);
+  if ((!aulong && !arg->precision))
+    ;
+  else if (arg->conspec == CONSPEC_DECIMAL
+           || arg->conspec == CONSPEC_UNSIGNED)
+    {
+      int grouping = -1;
+      const char * grouping_string =
+#ifdef HAVE_LANGINFO_THOUSANDS_SEP
+        nl_langinfo(THOUSANDS_SEP);
+#else
+        "'";
+#endif
+
+      do
+        {
+          if ((arg->flags & FLAG_GROUPING)
+              && (++grouping == 3) && *grouping_string)
+            {
+              *--p = *grouping_string;
+              grouping = 0;
+            }
+          *--p = '0' + (aulong % 10);
+          aulong /= 10;
+        }
+      while (aulong);
+    }
+  else if (arg->conspec == CONSPEC_OCTAL)
+    {
+      do
+        {
+          *--p = '0' + (aulong % 8);
+          aulong /= 8;
+        }
+      while (aulong);
+      if ((arg->flags & FLAG_ALT_CONV) && *p != '0')
+        *--p = '0';
+    }
+  else /* HEX or HEXUP */
+    {
+      const char *digits = ((arg->conspec == CONSPEC_HEX)
+                            ? "0123456789abcdef" : "0123456789ABCDEF");
+      do
+        {
+          *--p = digits[(aulong % 16)];
+          aulong /= 16;
+        }
+      while (aulong);
+      if ((arg->flags & FLAG_ALT_CONV))
+        n_extra += 2;
+    }
+
+  n = pend - p;
+
+  if ((arg->flags & FLAG_ZERO_PAD)
+      && arg->precision == NO_FIELD_VALUE && !(arg->flags & FLAG_LEFT_JUST)
+      && n && arg->width - n_extra > n )
+    n_prec = arg->width - n_extra - n;
+  else if (arg->precision > 0 && arg->precision > n)
+    n_prec = arg->precision - n;
+  else
+    n_prec = 0;
+
+  if (!(arg->flags & FLAG_LEFT_JUST)
+      && arg->width >= 0 && arg->width - n_extra > n
+      && arg->width - n_extra - n >= n_prec )
+    {
+      rc = pad_out (outfnc, outfncarg, ' ',
+                    arg->width - n_extra - n - n_prec, nbytes);
+      if (rc)
+        return rc;
+    }
+
+  if (signchar)
+    {
+      rc = outfnc (outfncarg, &signchar, 1);
+      if (rc)
+        return rc;
+      *nbytes += 1;
+    }
+
+  if ((arg->flags & FLAG_ALT_CONV)
+      && (arg->conspec == CONSPEC_HEX || arg->conspec == CONSPEC_HEX_UP))
+    {
+      rc = outfnc (outfncarg, arg->conspec == CONSPEC_HEX? "0x": "0X", 2);
+      if (rc)
+        return rc;
+      *nbytes += 2;
+    }
+
+  if (n_prec)
+    {
+      rc = pad_out (outfnc, outfncarg, '0', n_prec, nbytes);
+      if (rc)
+        return rc;
+    }
+
+  rc = outfnc (outfncarg, p, pend - p);
+  if (rc)
+    return rc;
+  *nbytes += pend - p;
+
+  if ((arg->flags & FLAG_LEFT_JUST)
+      && arg->width >= 0 && arg->width - n_extra - n_prec > n)
+    {
+      rc = pad_out (outfnc, outfncarg, ' ',
+                    arg->width - n_extra - n_prec - n, nbytes);
+      if (rc)
+        return rc;
+    }
+
+  return 0;
+}
+
+
+/* "e,E,f,F,g,G,a,A" formatting.  OUTFNC and OUTFNCARG describes the
+   output routine, ARG gives the argument description and VALUE the
+   actual value (its type is available through arg->vt).  For
+   portability reasons sprintf is used for the actual formatting.
+   This is useful because sprint is the only standard function to
+   convert a floating number into its ascii representation.  To avoid
+   using malloc we just pass the precision to sprintf and do the final
+   formatting with our own code.  */
+static int
+pr_float (estream_printf_out_t outfnc, void *outfncarg,
+          argspec_t arg, value_t value, size_t *nbytes)
+{
+  int rc;
+#ifdef HAVE_LONG_DOUBLE
+  long double adblfloat = 0; /* Just to please gcc.  */
+  int use_dbl = 0;
+#endif
+  double afloat;
+  char numbuf[350];
+  char formatstr[20];
+  char *p, *pend;
+  size_t n;
+  char signchar = 0;
+  int n_extra;  /* Extra number of prefix or sign characters.  */
+
+  switch (arg->vt)
+    {
+    case VALTYPE_DOUBLE: afloat = value.a_double; break;
+#ifdef HAVE_LONG_DOUBLE
+    case VALTYPE_LONGDOUBLE:
+      afloat = 0;  /* Just to please gcc.  */
+      adblfloat = value.a_longdouble;
+      use_dbl=1; break;
+#endif
+    default:
+      return -1;
+    }
+
+  /* We build the string using sprint.  */
+  p = formatstr + sizeof formatstr;
+  *--p = 0;
+  switch (arg->conspec)
+    {
+    case CONSPEC_FLOAT:      *--p = 'f'; break;
+    case CONSPEC_FLOAT_UP:   *--p = 'F'; break;
+    case CONSPEC_EXP:        *--p = 'e'; break;
+    case CONSPEC_EXP_UP:     *--p = 'E'; break;
+    case CONSPEC_F_OR_G:     *--p = 'g'; break;
+    case CONSPEC_F_OR_G_UP:  *--p = 'G'; break;
+    case CONSPEC_HEX_EXP:    *--p = 'a'; break;
+    case CONSPEC_HEX_EXP_UP: *--p = 'A'; break;
+    default:
+      return -1; /* Actually a bug.  */
+    }
+#ifdef HAVE_LONG_DOUBLE
+  if (use_dbl)
+    *--p = 'L';
+#endif
+  if (arg->precision != NO_FIELD_VALUE)
+    {
+      /* Limit it to a meaningful value so that even a stupid sprintf
+         won't overflow our buffer.  */
+      n = arg->precision <= 100? arg->precision : 100;
+      do
+        {
+          *--p = '0' + (n % 10);
+          n /= 10;
+        }
+      while (n);
+      *--p = '.';
+    }
+  if ((arg->flags & FLAG_ALT_CONV))
+    *--p = '#';
+  *--p = '%';
+#ifdef HAVE_LONG_DOUBLE
+  if (use_dbl)
+    sprintf (numbuf, p, adblfloat);
+  else
+#endif /*HAVE_LONG_DOUBLE*/
+    sprintf (numbuf, p, afloat);
+  p = numbuf;
+  n = strlen (numbuf);
+  pend = p + n;
+
+  if (*p =='-')
+    {
+      signchar = '-';
+      p++;
+      n--;
+    }
+  else if ((arg->flags & FLAG_PLUS_SIGN))
+    signchar = '+';
+  else if ((arg->flags & FLAG_SPACE_PLUS))
+    signchar = ' ';
+
+  n_extra = !!signchar;
+
+  if (!(arg->flags & FLAG_LEFT_JUST)
+      && arg->width >= 0 && arg->width - n_extra > n)
+    {
+      rc = pad_out (outfnc, outfncarg, ' ', arg->width - n_extra - n, nbytes);
+      if (rc)
+        return rc;
+    }
+
+  if (signchar)
+    {
+      rc = outfnc (outfncarg, &signchar, 1);
+      if (rc)
+        return rc;
+      *nbytes += 1;
+    }
+
+  rc = outfnc (outfncarg, p, pend - p);
+  if (rc)
+    return rc;
+  *nbytes += pend - p;
+
+  if ((arg->flags & FLAG_LEFT_JUST)
+      && arg->width >= 0 && arg->width - n_extra > n)
+    {
+      rc = pad_out (outfnc, outfncarg, ' ', arg->width - n_extra - n, nbytes);
+      if (rc)
+        return rc;
+    }
+
+  return 0;
+}
+
+
+/* "c" formatting.  */
+static int
+pr_char (estream_printf_out_t outfnc, void *outfncarg,
+            argspec_t arg, value_t value, size_t *nbytes)
+{
+  int rc;
+  char buf[1];
+
+  if (arg->vt != VALTYPE_INT)
+    return -1;
+  buf[0] = (unsigned int)value.a_int;
+  rc = outfnc (outfncarg, buf, 1);
+  if(rc)
+    return rc;
+  *nbytes += 1;
+
+  return 0;
+}
+
+
+/* "s" formatting.  */
+static int
+pr_string (estream_printf_out_t outfnc, void *outfncarg,
+            argspec_t arg, value_t value, size_t *nbytes)
+{
+  int rc;
+  size_t n;
+  const char *string, *s;
+
+  if (arg->vt != VALTYPE_STRING)
+    return -1;
+  string = value.a_string;
+  if (!string)
+    string = "(null)";
+  if (arg->precision >= 0)
+    {
+      /* Test for nul after N so that we can pass a non-nul terminated
+         string.  */
+      for (n=0,s=string; n < arg->precision && *s; s++)
+        n++;
+    }
+  else
+    n = strlen (string);
+
+  if (!(arg->flags & FLAG_LEFT_JUST)
+      && arg->width >= 0 && arg->width > n )
+    {
+      rc = pad_out (outfnc, outfncarg, ' ', arg->width - n, nbytes);
+      if (rc)
+        return rc;
+    }
+
+  rc = outfnc (outfncarg, string, n);
+  if (rc)
+    return rc;
+  *nbytes += n;
+
+  if ((arg->flags & FLAG_LEFT_JUST)
+      && arg->width >= 0 && arg->width > n)
+    {
+      rc = pad_out (outfnc, outfncarg, ' ', arg->width - n, nbytes);
+      if (rc)
+        return rc;
+    }
+
+  return 0;
+}
+
+
+/* "p" formatting.  */
+static int
+pr_pointer (estream_printf_out_t outfnc, void *outfncarg,
+            argspec_t arg, value_t value, size_t *nbytes)
+{
+  int rc;
+#if defined(HAVE_LONG_LONG_INT) && (SIZEOF_UNSIGNED_LONG < SIZEOF_VOID_P)
+  unsigned long long aulong;
+#else
+  unsigned long aulong;
+#endif
+  char numbuf[100];
+  char *p, *pend;
+
+  if (arg->vt != VALTYPE_POINTER)
+    return -1;
+  /* We assume that a pointer can be converted to an unsigned long.
+     That is not correct for a 64 bit Windows, but then we assume that
+     long long is supported and usable for storing a pointer.  */
+#if defined(HAVE_LONG_LONG_INT) && (SIZEOF_UNSIGNED_LONG < SIZEOF_VOID_P)
+  aulong = (unsigned long long)value.a_void_ptr;
+#else
+  aulong = (unsigned long)value.a_void_ptr;
+#endif
+
+  p = pend = numbuf + DIM(numbuf);
+  do
+    {
+      *--p = "0123456789abcdefx"[(aulong % 16)];
+      aulong /= 16;
+    }
+  while (aulong);
+  while ((pend-p) < 2*sizeof (aulong))
+    *--p = '0';
+  *--p = 'x';
+  *--p = '0';
+
+  rc = outfnc (outfncarg, p, pend - p);
+  if (rc)
+    return rc;
+  *nbytes += pend - p;
+
+  return 0;
+}
+
+/* "n" pesudo format operation.  */
+static int
+pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg,
+                 argspec_t arg, value_t value, size_t *nbytes)
+{
+  (void)outfnc;
+  (void)outfncarg;
+
+  switch (arg->vt)
+    {
+    case VALTYPE_SCHAR_PTR:
+      *value.a_schar_ptr = (signed char)(unsigned int)(*nbytes);
+      break;
+    case VALTYPE_SHORT_PTR:
+      *value.a_short_ptr = (short)(unsigned int)(*nbytes);
+      break;
+    case VALTYPE_LONG_PTR:
+      *value.a_long_ptr = (long)(*nbytes);
+      break;
+#ifdef HAVE_LONG_LONG_INT
+    case VALTYPE_LONGLONG_PTR:
+      *value.a_longlong_ptr = (long long)(*nbytes);
+      break;
+#endif
+#ifdef HAVE_INTMAX_T
+    case VALTYPE_INTMAX_PTR:
+      *value.a_intmax_ptr = (intmax_t)(*nbytes);
+      break;
+#endif
+    case VALTYPE_SIZE_PTR:
+      *value.a_size_ptr = (*nbytes);
+      break;
+#ifdef HAVE_PTRDIFF_T
+    case VALTYPE_PTRDIFF_PTR:
+      *value.a_ptrdiff_ptr = (ptrdiff_t)(*nbytes);
+      break;
+#endif
+    case VALTYPE_INT_PTR:
+      *value.a_int_ptr = (int)(*nbytes);
+      break;
+    default:
+      return -1; /* An unsupported type has been used.  */
+    }
+
+  return 0;
+}
+
+
+
+/* Run the actual formatting.  OUTFNC and OUTFNCARG are the output
+   functions.  FORMAT is format string ARGSPECS is the parsed format
+   string, ARGSPECS_LEN the number of items in ARGSPECS.  VALUETABLE
+   holds the values and may be directly addressed using the position
+   arguments given by ARGSPECS.  MYERRNO is used for the "%m"
+   conversion. NBYTES well be updated to reflect the number of bytes
+   send to the output function. */
+static int
+do_format (estream_printf_out_t outfnc, void *outfncarg,
+           const char *format, argspec_t argspecs, size_t argspecs_len,
+           valueitem_t valuetable, int myerrno, size_t *nbytes)
+{
+  int rc = 0;
+  const char *s;
+  argspec_t arg = argspecs;
+  int argidx = 0; /* Only used for assertion.  */
+  size_t n;
+  value_t value;
+
+  s = format;
+  while ( *s )
+    {
+      if (*s != '%')
+        {
+          s++;
+          continue;
+        }
+      if (s != format)
+        {
+          rc = outfnc (outfncarg, format, (n=s-format));
+          if (rc)
+            return rc;
+          *nbytes += n;
+        }
+      if (s[1] == '%')
+        {
+          /* Note that this code ignores one trailing percent escape -
+             this is however okay as the args parser must have
+             detected this already.  */
+          rc = outfnc (outfncarg, s, 1);
+          if (rc)
+            return rc;
+          *nbytes += 1;
+          s += 2;
+          format = s;
+          continue;
+        }
+
+      /* Save the next start.  */
+      s += arg->length;
+      format = s;
+
+      assert (argidx < argspecs_len);
+      argidx++;
+
+      /* Apply indirect field width and precision values.  */
+      if (arg->width == STAR_FIELD_VALUE)
+        {
+          assert (valuetable[arg->width_pos-1].vt == VALTYPE_INT);
+          arg->width = valuetable[arg->width_pos-1].value.a_int;
+          if (arg->width < 0)
+            {
+              arg->width = -arg->width;
+              arg->flags |= FLAG_LEFT_JUST;
+            }
+        }
+      if (arg->precision == STAR_FIELD_VALUE)
+        {
+          assert (valuetable[arg->precision_pos-1].vt == VALTYPE_INT);
+          arg->precision = valuetable[arg->precision_pos-1].value.a_int;
+          if (arg->precision < 0)
+            arg->precision = NO_FIELD_VALUE;
+        }
+
+      if (arg->arg_pos == -1 && arg->conspec == CONSPEC_STRERROR)
+        value.a_string = strerror (myerrno);
+      else
+        {
+          assert (arg->vt == valuetable[arg->arg_pos-1].vt);
+          value = valuetable[arg->arg_pos-1].value;
+        }
+
+      switch (arg->conspec)
+        {
+        case CONSPEC_UNKNOWN: assert (!"bug"); break;
+
+        case CONSPEC_DECIMAL:
+        case CONSPEC_UNSIGNED:
+        case CONSPEC_OCTAL:
+        case CONSPEC_HEX:
+        case CONSPEC_HEX_UP:
+          rc = pr_integer (outfnc, outfncarg, arg, value, nbytes);
+          break;
+        case CONSPEC_FLOAT:
+        case CONSPEC_FLOAT_UP:
+        case CONSPEC_EXP:
+        case CONSPEC_EXP_UP:
+        case CONSPEC_F_OR_G:
+        case CONSPEC_F_OR_G_UP:
+        case CONSPEC_HEX_EXP:
+        case CONSPEC_HEX_EXP_UP:
+          rc = pr_float (outfnc, outfncarg, arg, value, nbytes);
+          break;
+        case CONSPEC_CHAR:
+          rc = pr_char (outfnc, outfncarg, arg, value, nbytes);
+          break;
+        case CONSPEC_STRING:
+        case CONSPEC_STRERROR:
+          rc = pr_string (outfnc, outfncarg, arg, value, nbytes);
+          break;
+        case CONSPEC_POINTER:
+          rc = pr_pointer (outfnc, outfncarg, arg, value, nbytes);
+          break;
+        case CONSPEC_BYTES_SO_FAR:
+          rc = pr_bytes_so_far (outfnc, outfncarg, arg, value, nbytes);
+          break;
+        }
+      if (rc)
+        return rc;
+      arg++;
+    }
+
+  /* Print out any trailing stuff. */
+  n = s - format;
+  rc = n? outfnc (outfncarg, format, n) : 0;
+  if (!rc)
+    *nbytes += n;
+
+  return rc;
+}
+
+
+
+
+/* The versatile printf formatting routine.  It expects a callback
+   function OUTFNC and an opaque argument OUTFNCARG used for actual
+   output of the formatted stuff.  FORMAT is the format specification
+   and VAARGS a variable argumemt list matching the arguments of
+   FORMAT.  */
+int
+estream_format (estream_printf_out_t outfnc,
+                void *outfncarg,
+                const char *format, va_list vaargs)
+{
+  /* Buffer to hold the argspecs and a pointer to it.*/
+  struct argspec_s argspecs_buffer[DEFAULT_MAX_ARGSPECS];
+  argspec_t argspecs = argspecs_buffer;
+  size_t argspecs_len;  /* Number of specifications in ARGSPECS.  */
+
+  /* Buffer to hold the description for the values.  */
+  struct valueitem_s valuetable_buffer[DEFAULT_MAX_VALUES];
+  valueitem_t valuetable = valuetable_buffer;
+
+  int rc;     /* Return code. */
+  size_t argidx; /* Used to index the argspecs array.  */
+  size_t validx; /* Used to index the valuetable.  */
+  int max_pos;/* Highest argument position.  */
+
+  size_t nbytes = 0; /* Keep track of the number of bytes passed to
+                        the output function.  */
+
+  int myerrno = errno; /* Save the errno for use with "%m". */
+
+
+  /* Parse the arguments to come up with descriptive list.  We can't
+     do this on the fly because we need to support positional
+     arguments. */
+  rc = parse_format (format, &argspecs, DIM(argspecs_buffer), &argspecs_len);
+  if (rc)
+    goto leave;
+
+  /* Check that all ARG_POS fields are set.  */
+  for (argidx=0,max_pos=0; argidx < argspecs_len; argidx++)
+    {
+      if (argspecs[argidx].arg_pos != -1
+          && argspecs[argidx].arg_pos > max_pos)
+        max_pos = argspecs[argidx].arg_pos;
+      if (argspecs[argidx].width_pos > max_pos)
+        max_pos = argspecs[argidx].width_pos;
+      if (argspecs[argidx].precision_pos > max_pos)
+        max_pos = argspecs[argidx].precision_pos;
+    }
+  if (!max_pos)
+    {
+      /* Fill in all the positions.  */
+      for (argidx=0; argidx < argspecs_len; argidx++)
+        {
+          if (argspecs[argidx].width == STAR_FIELD_VALUE)
+            argspecs[argidx].width_pos = ++max_pos;
+          if (argspecs[argidx].precision == STAR_FIELD_VALUE)
+            argspecs[argidx].precision_pos = ++max_pos;
+          if (argspecs[argidx].arg_pos != -1 )
+            argspecs[argidx].arg_pos = ++max_pos;
+        }
+    }
+  else
+    {
+      /* Check that they are all filled.   More test are done later.  */
+      for (argidx=0; argidx < argspecs_len; argidx++)
+        {
+          if (!argspecs[argidx].arg_pos
+              || (argspecs[argidx].width == STAR_FIELD_VALUE
+                  && !argspecs[argidx].width_pos)
+              || (argspecs[argidx].precision == STAR_FIELD_VALUE
+                  && !argspecs[argidx].precision_pos))
+            goto leave_einval;
+        }
+    }
+  /* Check that there is no overflow in max_pos and that it has a
+     reasonable length.  There may never be more elements than the
+     number of characters in FORMAT.  */
+  if (max_pos < 0 || max_pos >= strlen (format))
+    goto leave_einval;
+
+#ifdef DEBUG
+    dump_argspecs (argspecs, argspecs_len);
+#endif
+
+  /* Allocate a table to hold the values.  If it is small enough we
+     use a stack allocated buffer.  */
+  if (max_pos > DIM(valuetable_buffer))
+    {
+      valuetable = calloc (max_pos, sizeof *valuetable);
+      if (!valuetable)
+        goto leave_error;
+    }
+  else
+    {
+      for (validx=0; validx < DIM(valuetable_buffer); validx++)
+        valuetable[validx].vt = VALTYPE_UNSUPPORTED;
+    }
+  for (argidx=0; argidx < argspecs_len; argidx++)
+    {
+      if (argspecs[argidx].arg_pos != - 1)
+        {
+          validx = argspecs[argidx].arg_pos - 1;
+          if (valuetable[validx].vt)
+            goto leave_einval; /* Already defined. */
+          valuetable[validx].vt = argspecs[argidx].vt;
+        }
+      if (argspecs[argidx].width == STAR_FIELD_VALUE)
+        {
+          validx = argspecs[argidx].width_pos - 1;
+          if (valuetable[validx].vt)
+            goto leave_einval; /* Already defined.  */
+          valuetable[validx].vt = VALTYPE_INT;
+        }
+      if (argspecs[argidx].precision == STAR_FIELD_VALUE)
+        {
+          validx = argspecs[argidx].precision_pos - 1;
+          if (valuetable[validx].vt)
+            goto leave_einval; /* Already defined.  */
+          valuetable[validx].vt = VALTYPE_INT;
+        }
+    }
+
+  /* Read all the arguments.  This will error out for unsupported
+     types and for not given positional arguments. */
+  rc = read_values (valuetable, max_pos, vaargs);
+  if (rc)
+    goto leave_einval;
+
+/*   for (validx=0; validx < max_pos; validx++) */
+/*     fprintf (stderr, "%2d: vt=%d\n", validx, valuetable[validx].vt); */
+
+  /* Everything has been collected, go ahead with the formatting.  */
+  rc = do_format (outfnc, outfncarg, format,
+                  argspecs, argspecs_len, valuetable, myerrno, &nbytes);
+
+  goto leave;
+
+ leave_einval:
+  errno = EINVAL;
+ leave_error:
+  rc = -1;
+ leave:
+  if (valuetable != valuetable_buffer)
+    free (valuetable);
+  if (argspecs != argspecs_buffer)
+    free (argspecs);
+  return rc;
+}
+
+
+
+
+/* A simple output handler utilizing stdio.  */
+static int
+plain_stdio_out (void *outfncarg, const char *buf, size_t buflen)
+{
+  FILE *fp = (FILE*)outfncarg;
+
+  if ( fwrite (buf, buflen, 1, fp) != 1 )
+    return -1;
+  return 0;
+}
+
+
+/* A replacement for printf.  */
+int
+estream_printf (const char *format, ...)
+{
+  int rc;
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format);
+  rc = estream_format (plain_stdio_out, stderr, format, arg_ptr);
+  va_end (arg_ptr);
+
+  return rc;
+}
+
+/* A replacement for fprintf.  */
+int
+estream_fprintf (FILE *fp, const char *format, ...)
+{
+  int rc;
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format);
+  rc = estream_format (plain_stdio_out, fp, format, arg_ptr);
+  va_end (arg_ptr);
+
+  return rc;
+}
+
+/* A replacement for vfprintf.  */
+int
+estream_vfprintf (FILE *fp, const char *format, va_list arg_ptr)
+{
+  return estream_format (plain_stdio_out, fp, format, arg_ptr);
+}
+
+
+
+/* Communication object used between estream_snprintf and
+   fixed_buffer_out.  */
+struct fixed_buffer_parm_s
+{
+  size_t size;    /* Size of the buffer.  */
+  size_t count;   /* Number of bytes requested for output.  */
+  size_t used;    /* Used size of the buffer.  */
+  char *buffer;   /* Provided buffer.  */
+};
+
+/* A simple malloced buffer output handler.  */
+static int
+fixed_buffer_out (void *outfncarg, const char *buf, size_t buflen)
+{
+  struct fixed_buffer_parm_s *parm = outfncarg;
+
+  parm->count += buflen;
+
+  if (!parm->buffer)
+    ;
+  else if (parm->used + buflen < parm->size)
+    {
+      /* Handle the common case that everything fits into the buffer
+         separately.  */
+      memcpy (parm->buffer + parm->used, buf, buflen);
+      parm->used += buflen;
+    }
+  else
+    {
+      /* The slow version of above.  */
+      for ( ;buflen && parm->used < parm->size; buflen--)
+        parm->buffer[parm->used++] = *buf++;
+    }
+
+  return 0;
+}
+
+
+/* A replacement for vsnprintf. */
+int
+estream_vsnprintf (char *buf, size_t bufsize,
+                   const char *format, va_list arg_ptr)
+{
+  struct fixed_buffer_parm_s parm;
+  int rc;
+
+  parm.size = bufsize;
+  parm.count = 0;
+  parm.used = 0;
+  parm.buffer = bufsize?buf:NULL;
+  rc = estream_format (fixed_buffer_out, &parm, format, arg_ptr);
+  if (!rc)
+    rc = fixed_buffer_out (&parm, "", 1); /* Print terminating Nul.  */
+  if (rc == -1)
+    return -1;
+  if (bufsize && buf && parm.size && parm.count >= parm.size)
+    buf[parm.size-1] = 0;
+
+  parm.count--; /* Do not count the trailing nul.  */
+  return (int)parm.count; /* Return number of bytes which would have
+                             been written.  */
+}
+
+/* A replacement for snprintf.  */
+int
+estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
+{
+  int rc;
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format);
+  rc = estream_vsnprintf (buf, bufsize, format, arg_ptr);
+  va_end (arg_ptr);
+
+  return rc;
+}
+
+
+
+/* Communication object used between estream_asprintf and
+   dynamic_buffer_out.  */
+struct dynamic_buffer_parm_s
+{
+  int error_flag; /* Internal helper.  */
+  size_t alloced; /* Allocated size of the buffer.  */
+  size_t used;    /* Used size of the buffer.  */
+  char *buffer;   /* Malloced buffer.  */
+};
+
+/* A simple malloced buffer output handler.  */
+static int
+dynamic_buffer_out (void *outfncarg, const char *buf, size_t buflen)
+{
+  struct dynamic_buffer_parm_s *parm = outfncarg;
+
+  if (parm->error_flag)
+    {
+      /* Just in case some formatting routine did not checked for an
+         error. */
+      errno = parm->error_flag;
+      return -1;
+    }
+
+  if (parm->used + buflen >= parm->alloced)
+    {
+      char *p;
+
+      parm->alloced += buflen + 512;
+      p = realloc (parm->buffer, parm->alloced);
+      if (!p)
+        {
+          parm->error_flag = errno ? errno : ENOMEM;
+          /* Wipe out what we already accumulated.  This is useful in
+             case sensitive data is formated.  */
+          memset (parm->buffer, 0, parm->used);
+          return -1;
+        }
+      parm->buffer = p;
+    }
+  memcpy (parm->buffer + parm->used, buf, buflen);
+  parm->used += buflen;
+
+  return 0;
+}
+
+
+/* A replacement for vasprintf.  As with the BSD of vasprintf version -1
+   will be returned on error and NULL stored at BUFP.  On success the
+   number of bytes printed will be returned. */
+int
+estream_vasprintf (char **bufp, const char *format, va_list arg_ptr)
+{
+  struct dynamic_buffer_parm_s parm;
+  int rc;
+
+  parm.error_flag = 0;
+  parm.alloced = 512;
+  parm.used = 0;
+  parm.buffer = my_printf_malloc (parm.alloced);
+  if (!parm.buffer)
+    {
+      *bufp = NULL;
+      return -1;
+    }
+
+  rc = estream_format (dynamic_buffer_out, &parm, format, arg_ptr);
+  if (!rc)
+    rc = dynamic_buffer_out (&parm, "", 1); /* Print terminating Nul.  */
+  /* Fixme: Should we shrink the resulting buffer?  */
+  if (rc != -1 && parm.error_flag)
+    {
+      rc = -1;
+      errno = parm.error_flag;
+    }
+  if (rc == -1)
+    {
+      memset (parm.buffer, 0, parm.used);
+      my_printf_free (parm.buffer);
+      *bufp = NULL;
+      return -1;
+    }
+  assert (parm.used);   /* We have at least the terminating Nul.  */
+  *bufp = parm.buffer;
+  return parm.used - 1; /* Do not include that Nul. */
+}
+
+/* A replacement for asprintf.  As with the BSD of asprintf version -1
+   will be returned on error and NULL stored at BUFP.  On success the
+   number of bytes printed will be returned. */
+int
+estream_asprintf (char **bufp, const char *format, ...)
+{
+  int rc;
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format);
+  rc = estream_vasprintf (bufp, format, arg_ptr);
+  va_end (arg_ptr);
+
+  return rc;
+}
+
+
diff -Nru gnupg2-2.1.6/common/estream-printf.h gnupg2-2.0.28/common/estream-printf.h
--- gnupg2-2.1.6/common/estream-printf.h	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/common/estream-printf.h	2015-06-02 08:13:55.000000000 +0000
@@ -0,0 +1,110 @@
+/* estream-printf.h - Versatile C-99 compliant printf formatting.
+ * Copyright (C) 2007 g10 Code GmbH
+ *
+ * This file is part of Libestream.
+ *
+ * Libestream is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Libestream is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Libestream; if not, see .
+ */
+
+#ifndef ESTREAM_PRINTF_H
+#define ESTREAM_PRINTF_H
+
+#include 
+#include 
+
+/* To use this file with libraries the following macro is useful:
+
+     #define _ESTREAM_EXT_SYM_PREFIX _foo_
+   
+       This prefixes all external symbols with "_foo_".
+
+   For the implementation of the code (estream-printf.c) the following
+   macros may be used to tune the implementation for certain systems:
+
+     #define _ESTREAM_PRINTF_MALLOC foo_malloc
+     #define _ESTREAM_PRINTF_FREE   foo_free
+
+       Make estream_asprintf and estream_vasprintf use foo_malloc and
+       foo_free instead of the standard malloc and free functions to
+       allocate the memory returned to the caller.
+
+     #define  _ESTREAM_PRINTF_EXTRA_INCLUDE "foo.h"
+
+       This includes the file "foo.h" which may provide prototypes for
+       the custom memory allocation functions.
+ */
+
+
+#ifdef _ESTREAM_EXT_SYM_PREFIX
+#ifndef _ESTREAM_PREFIX
+#define _ESTREAM_PREFIX1(x,y)  x ## y
+#define _ESTREAM_PREFIX2(x,y) _ESTREAM_PREFIX1(x,y)
+#define _ESTREAM_PREFIX(x)    _ESTREAM_PREFIX2(_ESTREAM_EXT_SYM_PREFIX,x)
+#endif /*_ESTREAM_PREFIX*/
+#define estream_printf_out_t  _ESTREAM_PREFIX(estream_printf_out_t)
+#define estream_format        _ESTREAM_PREFIX(estream_format)
+#define estream_printf        _ESTREAM_PREFIX(estream_printf)
+#define estream_fprintf       _ESTREAM_PREFIX(estream_fprintf)
+#define estream_vfprintf      _ESTREAM_PREFIX(estream_vfprintf)
+#define estream_snprintf      _ESTREAM_PREFIX(estream_snprintf)
+#define estream_vsnprintf     _ESTREAM_PREFIX(estream_vsnprintf)
+#define estream_asprintf      _ESTREAM_PREFIX(estream_asprintf)
+#define estream_vasprintf     _ESTREAM_PREFIX(estream_vasprintf)
+#endif /*_ESTREAM_EXT_SYM_PREFIX*/
+
+#ifndef _ESTREAM_GCC_A_PRINTF
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+# define _ESTREAM_GCC_A_PRINTF( f, a )  __attribute__ ((format (printf,f,a)))
+#else
+# define _ESTREAM_GCC_A_PRINTF( f, a )
+#endif
+#endif /*_ESTREAM_GCC_A_PRINTF*/
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0
+}
+#endif
+#endif
+
+
+typedef int (*estream_printf_out_t)
+     (void *outfncarg,  const char *buf, size_t buflen);
+
+int estream_format (estream_printf_out_t outfnc, void *outfncarg,
+                    const char *format, va_list vaargs) 
+     _ESTREAM_GCC_A_PRINTF(3,0);
+int estream_printf (const char *format, ...) 
+     _ESTREAM_GCC_A_PRINTF(1,2);
+int estream_fprintf (FILE *fp, const char *format, ... )
+     _ESTREAM_GCC_A_PRINTF(2,3);
+int estream_vfprintf (FILE *fp, const char *format, va_list arg_ptr)
+     _ESTREAM_GCC_A_PRINTF(2,0);
+int estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
+     _ESTREAM_GCC_A_PRINTF(3,4);
+int estream_vsnprintf (char *buf,size_t bufsize, 
+                       const char *format, va_list arg_ptr) 
+     _ESTREAM_GCC_A_PRINTF(3,0);
+int estream_asprintf (char **bufp, const char *format, ...)
+     _ESTREAM_GCC_A_PRINTF(2,3);
+int estream_vasprintf (char **bufp, const char *format, va_list arg_ptr)
+     _ESTREAM_GCC_A_PRINTF(2,0);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif /*ESTREAM_PRINTF_H*/
diff -Nru gnupg2-2.1.6/common/exaudit.awk gnupg2-2.0.28/common/exaudit.awk
--- gnupg2-2.1.6/common/exaudit.awk	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/exaudit.awk	2015-06-02 08:13:55.000000000 +0000
@@ -30,7 +30,7 @@
 /AUDIT_NULL_EVENT/   { okay = 1 }
 !okay                { next }
 /AUDIT_LAST_EVENT/   { exit }
-/AUDIT_[A-Za-z_]+/  {
+/AUDIT_[A-Za-z_]+/  { 
   sub (/[,\/\*]+/, "", $1);
   desc = tolower (substr($1,7));
   gsub (/_/," ",desc);
diff -Nru gnupg2-2.1.6/common/exechelp.c gnupg2-2.0.28/common/exechelp.c
--- gnupg2-2.1.6/common/exechelp.c	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/common/exechelp.c	2015-06-02 08:13:55.000000000 +0000
@@ -0,0 +1,1033 @@
+/* exechelp.c - fork and exec helpers
+ * Copyright (C) 2004, 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include  
+#include 
+
+#ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth.  */
+#undef HAVE_PTH
+#undef USE_GNU_PTH
+#endif
+
+#ifdef USE_GNU_PTH      
+#include 
+#endif
+#ifndef HAVE_W32_SYSTEM
+#include 
+#endif
+
+#ifdef HAVE_GETRLIMIT
+#include 
+#include 
+#endif /*HAVE_GETRLIMIT*/
+
+#ifdef HAVE_STAT
+# include 
+#endif
+
+
+#include "util.h"
+#include "i18n.h"
+#include "sysutils.h"
+#include "exechelp.h"
+
+/* Define to 1 do enable debugging.  */
+#define DEBUG_W32_SPAWN 1
+
+
+/* We have the usual problem here: Some modules are linked against pth
+   and some are not.  However we want to use pth_fork and pth_waitpid
+   here. Using a weak symbol works but is not portable - we should
+   provide a an explicit dummy pth module instead of using the
+   pragma.  */ 
+#ifndef _WIN32
+#pragma weak pth_fork
+#pragma weak pth_waitpid
+#endif
+
+#ifdef HAVE_W32_SYSTEM
+/* It seems Vista doesn't grok X_OK and so fails access() tests.
+   Previous versions interpreted X_OK as F_OK anyway, so we'll just
+   use F_OK directly. */
+#undef X_OK
+#define X_OK F_OK
+#endif /* HAVE_W32_SYSTEM */
+
+
+#ifdef HAVE_W32_SYSTEM
+/* We assume that a HANDLE can be represented by an int which should
+   be true for all i386 systems (HANDLE is defined as void *) and
+   these are the only systems for which Windows is available.  Further
+   we assume that -1 denotes an invalid handle.  */
+# define fd_to_handle(a)  ((HANDLE)(a))
+# define handle_to_fd(a)  ((int)(a))
+# define pid_to_handle(a) ((HANDLE)(a))
+# define handle_to_pid(a) ((int)(a))
+#endif
+
+
+/* Return the maximum number of currently allowed open file
+   descriptors.  Only useful on POSIX systems but returns a value on
+   other systems too.  */
+int
+get_max_fds (void)
+{
+  int max_fds = -1;
+#ifdef HAVE_GETRLIMIT
+  struct rlimit rl;
+
+# ifdef RLIMIT_NOFILE
+  if (!getrlimit (RLIMIT_NOFILE, &rl))
+    max_fds = rl.rlim_max;
+# endif
+
+# ifdef RLIMIT_OFILE
+  if (max_fds == -1 && !getrlimit (RLIMIT_OFILE, &rl))
+    max_fds = rl.rlim_max;
+
+# endif
+#endif /*HAVE_GETRLIMIT*/
+
+#ifdef _SC_OPEN_MAX
+  if (max_fds == -1)
+    {
+      long int scres = sysconf (_SC_OPEN_MAX);
+      if (scres >= 0)
+        max_fds = scres;
+    }
+#endif
+
+#ifdef _POSIX_OPEN_MAX
+  if (max_fds == -1)
+    max_fds = _POSIX_OPEN_MAX;
+#endif
+
+#ifdef OPEN_MAX
+  if (max_fds == -1)
+    max_fds = OPEN_MAX;
+#endif
+
+  if (max_fds == -1)
+    max_fds = 256;  /* Arbitrary limit.  */
+
+  return max_fds;
+}
+
+
+/* Close all file descriptors starting with descriptor FIRST.  If
+   EXCEPT is not NULL, it is expected to be a list of file descriptors
+   which shall not be closed.  This list shall be sorted in ascending
+   order with the end marked by -1.  */
+void
+close_all_fds (int first, int *except)
+{
+  int max_fd = get_max_fds ();
+  int fd, i, except_start;
+
+  if (except)
+    {
+      except_start = 0;
+      for (fd=first; fd < max_fd; fd++)
+        {
+          for (i=except_start; except[i] != -1; i++)
+            {
+              if (except[i] == fd)
+                {
+                  /* If we found the descriptor in the exception list
+                     we can start the next compare run at the next
+                     index because the exception list is ordered.  */
+                except_start = i + 1;
+                break;
+                }
+            }
+          if (except[i] == -1)
+            close (fd);
+        }
+    }
+  else
+    {
+      for (fd=first; fd < max_fd; fd++)
+        close (fd);
+    }
+
+  errno = 0;
+}
+
+
+/* Returns an array with all currently open file descriptors.  The end
+   of the array is marked by -1.  The caller needs to release this
+   array using the *standard free* and not with xfree.  This allow the
+   use of this fucntion right at startup even before libgcrypt has
+   been initialized.  Returns NULL on error and sets ERRNO
+   accordingly.  */
+int *
+get_all_open_fds (void)
+{
+  int *array;
+  size_t narray;
+  int fd, max_fd, idx;
+#ifndef HAVE_STAT
+  array = calloc (1, sizeof *array);
+  if (array)
+    array[0] = -1;
+#else /*HAVE_STAT*/
+  struct stat statbuf;
+
+  max_fd = get_max_fds ();
+  narray = 32;  /* If you change this change also t-exechelp.c.  */
+  array = calloc (narray, sizeof *array);
+  if (!array)
+    return NULL;
+  
+  /* Note:  The list we return is ordered.  */
+  for (idx=0, fd=0; fd < max_fd; fd++)
+    if (!(fstat (fd, &statbuf) == -1 && errno == EBADF))
+      {
+        if (idx+1 >= narray)
+          {
+            int *tmp;
+
+            narray += (narray < 256)? 32:256;
+            tmp = realloc (array, narray * sizeof *array);
+            if (!tmp)
+              {
+                free (array);
+                return NULL;
+              }
+            array = tmp;
+          }
+        array[idx++] = fd;
+      }
+  array[idx] = -1;
+#endif /*HAVE_STAT*/
+  return array;
+}
+
+
+
+#ifdef HAVE_W32_SYSTEM
+/* Helper function to build_w32_commandline. */
+static char *
+build_w32_commandline_copy (char *buffer, const char *string)
+{
+  char *p = buffer;
+  const char *s;
+
+  if (!*string) /* Empty string. */
+    p = stpcpy (p, "\"\"");
+  else if (strpbrk (string, " \t\n\v\f\""))
+    {
+      /* Need top do some kind of quoting.  */
+      p = stpcpy (p, "\"");
+      for (s=string; *s; s++)
+        {
+          *p++ = *s;
+          if (*s == '\"')
+            *p++ = *s;
+        }
+      *p++ = '\"';
+      *p = 0;
+    }
+  else
+    p = stpcpy (p, string);
+
+  return p;
+}
+
+/* Build a command line for use with W32's CreateProcess.  On success
+   CMDLINE gets the address of a newly allocated string.  */
+static gpg_error_t
+build_w32_commandline (const char *pgmname, const char * const *argv, 
+                       char **cmdline)
+{
+  int i, n;
+  const char *s;
+  char *buf, *p;
+
+  *cmdline = NULL;
+  n = 0;
+  s = pgmname;
+  n += strlen (s) + 1 + 2;  /* (1 space, 2 quoting */
+  for (; *s; s++)
+    if (*s == '\"')
+      n++;  /* Need to double inner quotes.  */
+  for (i=0; (s=argv[i]); i++)
+    {
+      n += strlen (s) + 1 + 2;  /* (1 space, 2 quoting */
+      for (; *s; s++)
+        if (*s == '\"')
+          n++;  /* Need to double inner quotes.  */
+    }
+  n++;
+
+  buf = p = xtrymalloc (n);
+  if (!buf)
+    return gpg_error_from_syserror ();
+
+  p = build_w32_commandline_copy (p, pgmname);
+  for (i=0; argv[i]; i++) 
+    {
+      *p++ = ' ';
+      p = build_w32_commandline_copy (p, argv[i]);
+    }
+
+  *cmdline= buf;
+  return 0;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+#ifdef HAVE_W32_SYSTEM
+/* Create  pipe where the write end is inheritable.  */
+static int
+create_inheritable_pipe (int filedes[2])
+{
+  HANDLE r, w, h;
+  SECURITY_ATTRIBUTES sec_attr;
+
+  memset (&sec_attr, 0, sizeof sec_attr );
+  sec_attr.nLength = sizeof sec_attr;
+  sec_attr.bInheritHandle = FALSE;
+    
+  if (!CreatePipe (&r, &w, &sec_attr, 0))
+    return -1;
+
+  if (!DuplicateHandle (GetCurrentProcess(), w,
+                        GetCurrentProcess(), &h, 0,
+                        TRUE, DUPLICATE_SAME_ACCESS ))
+    {
+      log_error ("DuplicateHandle failed: %s\n", w32_strerror (-1));
+      CloseHandle (r);
+      CloseHandle (w);
+      return -1;
+    }
+  CloseHandle (w);
+  w = h;
+
+  filedes[0] = handle_to_fd (r);
+  filedes[1] = handle_to_fd (w);
+  return 0;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+#ifdef HAVE_W32_SYSTEM
+static HANDLE
+w32_open_null (int for_write)
+{
+  HANDLE hfile;
+
+  hfile = CreateFile ("nul",
+                      for_write? GENERIC_WRITE : GENERIC_READ,
+                      FILE_SHARE_READ | FILE_SHARE_WRITE,
+                      NULL, OPEN_EXISTING, 0, NULL);
+  if (hfile == INVALID_HANDLE_VALUE)
+    log_debug ("can't open `nul': %s\n", w32_strerror (-1));
+  return hfile;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+#ifndef HAVE_W32_SYSTEM
+/* The exec core used right after the fork. This will never return. */
+static void
+do_exec (const char *pgmname, const char *argv[],
+         int fd_in, int fd_out, int fd_err,
+         void (*preexec)(void) )
+{
+  char **arg_list;
+  int i, j;
+  int fds[3];
+
+  fds[0] = fd_in;
+  fds[1] = fd_out;
+  fds[2] = fd_err;
+
+  /* Create the command line argument array.  */
+  i = 0;
+  if (argv)
+    while (argv[i])
+      i++;
+  arg_list = xcalloc (i+2, sizeof *arg_list);
+  arg_list[0] = strrchr (pgmname, '/');
+  if (arg_list[0])
+    arg_list[0]++;
+  else
+    arg_list[0] = xstrdup (pgmname);
+  if (argv)
+    for (i=0,j=1; argv[i]; i++, j++)
+      arg_list[j] = (char*)argv[i];
+
+  /* Assign /dev/null to unused FDs. */
+  for (i=0; i <= 2; i++)
+    {
+      if (fds[i] == -1 )
+        {
+          fds[i] = open ("/dev/null", i? O_WRONLY : O_RDONLY);
+          if (fds[i] == -1)
+            log_fatal ("failed to open `%s': %s\n",
+                       "/dev/null", strerror (errno));
+        }
+    }
+
+  /* Connect the standard files.  */
+  for (i=0; i <= 2; i++)
+    {
+      if (fds[i] != i && dup2 (fds[i], i) == -1)
+        log_fatal ("dup2 std%s failed: %s\n",
+                   i==0?"in":i==1?"out":"err", strerror (errno));
+    }
+
+  /* Close all other files. */
+  close_all_fds (3, NULL);
+  
+  if (preexec)
+    preexec ();
+  execv (pgmname, arg_list);
+  /* No way to print anything, as we have closed all streams. */
+  _exit (127);
+}
+#endif /*!HAVE_W32_SYSTEM*/
+
+
+/* Portable function to create a pipe.  Under Windows the write end is
+   inheritable.  */
+gpg_error_t
+gnupg_create_inbound_pipe (int filedes[2])
+{
+  gpg_error_t err = 0;
+#if HAVE_W32_SYSTEM
+  int fds[2];
+
+  filedes[0] = filedes[1] = -1;
+  err = gpg_error (GPG_ERR_GENERAL);
+  if (!create_inheritable_pipe (fds))
+    {
+      filedes[0] = _open_osfhandle (fds[0], 0);
+      if (filedes[0] == -1)
+        {
+          log_error ("failed to translate osfhandle %p\n", (void*)fds[0]);
+          CloseHandle (fd_to_handle (fds[1]));
+        }
+      else 
+        {
+          filedes[1] = _open_osfhandle (fds[1], 1);
+          if (filedes[1] == -1)
+            {
+              log_error ("failed to translate osfhandle %p\n", (void*)fds[1]);
+              close (filedes[0]);
+              filedes[0] = -1;
+              CloseHandle (fd_to_handle (fds[1]));
+            }
+          else
+            err = 0;
+        }
+    }
+#else
+  if (pipe (filedes) == -1)
+    {
+      err = gpg_error_from_syserror ();
+      filedes[0] = filedes[1] = -1;
+    }
+#endif
+  return err;
+}
+
+
+/* Fork and exec the PGMNAME, connect the file descriptor of INFILE to
+   stdin, write the output to OUTFILE, return a new stream in
+   STATUSFILE for stderr and the pid of the process in PID. The
+   arguments for the process are expected in the NULL terminated array
+   ARGV.  The program name itself should not be included there.  If
+   PREEXEC is not NULL, that function will be called right before the
+   exec.  Calling gnupg_wait_process is required.
+
+   FLAGS is a bit vector with just one bit defined for now:
+
+   Bit 7: If set the process will be started as a background process.
+          This flag is only useful under W32 systems, so that no new
+          console is created and pops up a console window when
+          starting the server
+ 
+   Bit 6: On W32 run AllowSetForegroundWindow for the child.  Due to
+          error problems this actually allows SetForegroundWindow for
+          childs of this process.
+
+   Returns 0 on success or an error code. */
+gpg_error_t
+gnupg_spawn_process (const char *pgmname, const char *argv[],
+                     FILE *infile, FILE *outfile,
+                     void (*preexec)(void), unsigned int flags,
+                     FILE **statusfile, pid_t *pid)
+{
+#ifdef HAVE_W32_SYSTEM
+  gpg_error_t err;
+  SECURITY_ATTRIBUTES sec_attr;
+  PROCESS_INFORMATION pi = 
+    {
+      NULL,      /* Returns process handle.  */
+      0,         /* Returns primary thread handle.  */
+      0,         /* Returns pid.  */
+      0          /* Returns tid.  */
+    };
+  STARTUPINFO si;
+  int cr_flags;
+  char *cmdline;
+  int fd, fdout, rp[2];
+
+  (void)preexec;
+
+  /* Setup return values.  */
+  *statusfile = NULL;
+  *pid = (pid_t)(-1);
+  fflush (infile);
+  rewind (infile);
+  fd = _get_osfhandle (fileno (infile));
+  fdout = _get_osfhandle (fileno (outfile));
+  if (fd == -1 || fdout == -1)
+    log_fatal ("no file descriptor for file passed to gnupg_spawn_process\n");
+
+  /* Prepare security attributes.  */
+  memset (&sec_attr, 0, sizeof sec_attr );
+  sec_attr.nLength = sizeof sec_attr;
+  sec_attr.bInheritHandle = FALSE;
+  
+  /* Build the command line.  */
+  err = build_w32_commandline (pgmname, argv, &cmdline);
+  if (err)
+    return err; 
+
+  /* Create a pipe.  */
+  if (create_inheritable_pipe (rp))
+    {
+      err = gpg_error (GPG_ERR_GENERAL);
+      log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
+      xfree (cmdline);
+      return err;
+    }
+  
+  /* Start the process.  Note that we can't run the PREEXEC function
+     because this would change our own environment. */
+  memset (&si, 0, sizeof si);
+  si.cb = sizeof (si);
+  si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
+  si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
+  si.hStdInput  = fd_to_handle (fd);
+  si.hStdOutput = fd_to_handle (fdout);
+  si.hStdError  = fd_to_handle (rp[1]);
+
+  cr_flags = (CREATE_DEFAULT_ERROR_MODE
+              | ((flags & 128)? DETACHED_PROCESS : 0)
+              | GetPriorityClass (GetCurrentProcess ())
+              | CREATE_SUSPENDED); 
+/*   log_debug ("CreateProcess, path=`%s' cmdline=`%s'\n", pgmname, cmdline); */
+  if (!CreateProcess (pgmname,       /* Program to start.  */
+                      cmdline,       /* Command line arguments.  */
+                      &sec_attr,     /* Process security attributes.  */
+                      &sec_attr,     /* Thread security attributes.  */
+                      TRUE,          /* Inherit handles.  */
+                      cr_flags,      /* Creation flags.  */
+                      NULL,          /* Environment.  */
+                      NULL,          /* Use current drive/directory.  */
+                      &si,           /* Startup information. */
+                      &pi            /* Returns process information.  */
+                      ))
+    {
+      log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
+      xfree (cmdline);
+      CloseHandle (fd_to_handle (rp[0]));
+      CloseHandle (fd_to_handle (rp[1]));
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+  xfree (cmdline);
+  cmdline = NULL;
+
+  /* Close the other end of the pipe.  */
+  CloseHandle (fd_to_handle (rp[1]));
+  
+/*   log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */
+/*              " dwProcessID=%d dwThreadId=%d\n", */
+/*              pi.hProcess, pi.hThread, */
+/*              (int) pi.dwProcessId, (int) pi.dwThreadId); */
+  
+  /* Fixme: For unknown reasons AllowSetForegroundWindow returns an
+     invalid argument error if we pass the correct processID to
+     it.  As a workaround we use -1 (ASFW_ANY).  */
+  if ( (flags & 64) )
+    gnupg_allow_set_foregound_window ((pid_t)(-1)/*pi.dwProcessId*/);
+
+  /* Process has been created suspended; resume it now. */
+  ResumeThread (pi.hThread);
+  CloseHandle (pi.hThread); 
+
+  {
+    int x;
+
+    x = _open_osfhandle (rp[0], 0);
+    if (x == -1)
+      log_error ("failed to translate osfhandle %p\n", (void*)rp[0] );
+    else 
+      *statusfile = fdopen (x, "r");
+  }
+  if (!*statusfile)
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("can't fdopen pipe for reading: %s\n"), gpg_strerror (err));
+      CloseHandle (pi.hProcess);
+      return err;
+    }
+
+  *pid = handle_to_pid (pi.hProcess);
+  return 0;
+
+#else /* !HAVE_W32_SYSTEM */
+  gpg_error_t err;
+  int fd, fdout, rp[2];
+
+  (void)flags; /* Currently not used.  */
+
+  *statusfile = NULL;
+  *pid = (pid_t)(-1);
+  fflush (infile);
+  rewind (infile);
+  fd = fileno (infile);
+  fdout = fileno (outfile);
+  if (fd == -1 || fdout == -1)
+    log_fatal ("no file descriptor for file passed to gnupg_spawn_process\n");
+
+  if (pipe (rp) == -1)
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("error creating a pipe: %s\n"), strerror (errno));
+      return err;
+    }
+
+#ifdef USE_GNU_PTH      
+  *pid = pth_fork? pth_fork () : fork ();
+#else
+  *pid = fork ();
+#endif
+  if (*pid == (pid_t)(-1))
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("error forking process: %s\n"), strerror (errno));
+      close (rp[0]);
+      close (rp[1]);
+      return err;
+    }
+
+  if (!*pid)
+    { 
+      gcry_control (GCRYCTL_TERM_SECMEM);
+      /* Run child. */
+      do_exec (pgmname, argv, fd, fdout, rp[1], preexec);
+      /*NOTREACHED*/
+    }
+
+  /* Parent. */
+  close (rp[1]);
+
+  *statusfile = fdopen (rp[0], "r");
+  if (!*statusfile)
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("can't fdopen pipe for reading: %s\n"), strerror (errno));
+      kill (*pid, SIGTERM);
+      *pid = (pid_t)(-1);
+      return err;
+    }
+
+  return 0;
+#endif /* !HAVE_W32_SYSTEM */
+}
+
+
+
+/* Simplified version of gnupg_spawn_process.  This function forks and
+   then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout
+   and ERRFD to stderr (any of them may be -1 to connect them to
+   /dev/null).  The arguments for the process are expected in the NULL
+   terminated array ARGV.  The program name itself should not be
+   included there.  Calling gnupg_wait_process is required.
+
+   Returns 0 on success or an error code. */
+gpg_error_t
+gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
+                        int infd, int outfd, int errfd, pid_t *pid)
+{
+#ifdef HAVE_W32_SYSTEM
+  gpg_error_t err;
+  SECURITY_ATTRIBUTES sec_attr;
+  PROCESS_INFORMATION pi = { NULL, 0, 0, 0 };
+  STARTUPINFO si;
+  char *cmdline;
+  int i;
+  HANDLE stdhd[3];
+
+  /* Setup return values.  */
+  *pid = (pid_t)(-1);
+
+  /* Prepare security attributes.  */
+  memset (&sec_attr, 0, sizeof sec_attr );
+  sec_attr.nLength = sizeof sec_attr;
+  sec_attr.bInheritHandle = FALSE;
+  
+  /* Build the command line.  */
+  err = build_w32_commandline (pgmname, argv, &cmdline);
+  if (err)
+    return err; 
+
+  memset (&si, 0, sizeof si);
+  si.cb = sizeof (si);
+  si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
+  si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
+  stdhd[0] = infd  == -1? w32_open_null (0) : INVALID_HANDLE_VALUE;
+  stdhd[1] = outfd == -1? w32_open_null (1) : INVALID_HANDLE_VALUE;
+  stdhd[2] = errfd == -1? w32_open_null (1) : INVALID_HANDLE_VALUE;
+  si.hStdInput  = infd  == -1? stdhd[0] : (void*)_get_osfhandle (infd);
+  si.hStdOutput = outfd == -1? stdhd[1] : (void*)_get_osfhandle (outfd);
+  si.hStdError  = errfd == -1? stdhd[2] : (void*)_get_osfhandle (errfd);
+
+/*   log_debug ("CreateProcess, path=`%s' cmdline=`%s'\n", pgmname, cmdline); */
+  if (!CreateProcess (pgmname,       /* Program to start.  */
+                      cmdline,       /* Command line arguments.  */
+                      &sec_attr,     /* Process security attributes.  */
+                      &sec_attr,     /* Thread security attributes.  */
+                      TRUE,          /* Inherit handles.  */
+                      (CREATE_DEFAULT_ERROR_MODE
+                       | GetPriorityClass (GetCurrentProcess ())
+                       | CREATE_SUSPENDED | DETACHED_PROCESS),
+                      NULL,          /* Environment.  */
+                      NULL,          /* Use current drive/directory.  */
+                      &si,           /* Startup information. */
+                      &pi            /* Returns process information.  */
+                      ))
+    {
+      log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
+      err = gpg_error (GPG_ERR_GENERAL);
+    }
+  else
+    err = 0;
+  xfree (cmdline);
+  for (i=0; i < 3; i++)
+    if (stdhd[i] != INVALID_HANDLE_VALUE)
+      CloseHandle (stdhd[i]);
+  if (err)
+    return err;
+
+/*   log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */
+/*              " dwProcessID=%d dwThreadId=%d\n", */
+/*              pi.hProcess, pi.hThread, */
+/*              (int) pi.dwProcessId, (int) pi.dwThreadId); */
+
+  /* Process has been created suspended; resume it now. */
+  ResumeThread (pi.hThread);
+  CloseHandle (pi.hThread); 
+
+  *pid = handle_to_pid (pi.hProcess);
+  return 0;
+
+#else /* !HAVE_W32_SYSTEM */
+  gpg_error_t err;
+
+#ifdef USE_GNU_PTH      
+  *pid = pth_fork? pth_fork () : fork ();
+#else
+  *pid = fork ();
+#endif
+  if (*pid == (pid_t)(-1))
+    {
+      err = gpg_error_from_syserror ();
+      log_error (_("error forking process: %s\n"), strerror (errno));
+      return err;
+    }
+
+  if (!*pid)
+    { 
+      gcry_control (GCRYCTL_TERM_SECMEM);
+      /* Run child. */
+      do_exec (pgmname, argv, infd, outfd, errfd, NULL);
+      /*NOTREACHED*/
+    }
+
+  return 0;
+#endif /* !HAVE_W32_SYSTEM */
+}
+
+
+/* Wait for the process identified by PID to terminate. PGMNAME should
+   be the same as supplied to the spawn function and is only used for
+   diagnostics. Returns 0 if the process succeeded, GPG_ERR_GENERAL
+   for any failures of the spawned program or other error codes.  If
+   EXITCODE is not NULL the exit code of the process is stored at this
+   address or -1 if it could not be retrieved. */
+gpg_error_t
+gnupg_wait_process (const char *pgmname, pid_t pid, int *exitcode)
+{
+  gpg_err_code_t ec;
+
+#ifdef HAVE_W32_SYSTEM
+  HANDLE proc = fd_to_handle (pid);
+  int code;
+  DWORD exc;
+
+  if (exitcode)
+    *exitcode = -1;
+
+  if (pid == (pid_t)(-1))
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  /* FIXME: We should do a pth_waitpid here.  However this has not yet
+     been implemented.  A special W32 pth system call would even be
+     better.  */
+  code = WaitForSingleObject (proc, INFINITE);
+  switch (code) 
+    {
+      case WAIT_FAILED:
+        log_error (_("waiting for process %d to terminate failed: %s\n"),
+                   (int)pid, w32_strerror (-1));
+        ec = GPG_ERR_GENERAL;
+        break;
+
+      case WAIT_OBJECT_0:
+        if (!GetExitCodeProcess (proc, &exc))
+          {
+            log_error (_("error getting exit code of process %d: %s\n"),
+                         (int)pid, w32_strerror (-1) );
+            ec = GPG_ERR_GENERAL;
+          }
+        else if (exc)
+          {
+            log_error (_("error running `%s': exit status %d\n"),
+                       pgmname, (int)exc );
+            if (exitcode)
+              *exitcode = (int)exc;
+            ec = GPG_ERR_GENERAL;
+          }
+        else
+          {
+            if (exitcode)
+              *exitcode = 0;
+            ec = 0;
+          }
+        CloseHandle (proc);
+        break;
+
+      default:
+        log_error ("WaitForSingleObject returned unexpected "
+                   "code %d for pid %d\n", code, (int)pid );
+        ec = GPG_ERR_GENERAL;
+        break;
+    }
+
+#else /* !HAVE_W32_SYSTEM */
+  int i, status;
+
+  if (exitcode)
+    *exitcode = -1;
+
+  if (pid == (pid_t)(-1))
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+#ifdef USE_GNU_PTH
+  i = pth_waitpid ? pth_waitpid (pid, &status, 0) : waitpid (pid, &status, 0);
+#else
+  while ( (i=waitpid (pid, &status, 0)) == -1 && errno == EINTR)
+    ;
+#endif
+  if (i == (pid_t)(-1))
+    {
+      log_error (_("waiting for process %d to terminate failed: %s\n"),
+                 (int)pid, strerror (errno));
+      ec = gpg_err_code_from_errno (errno);
+    }
+  else if (WIFEXITED (status) && WEXITSTATUS (status) == 127)
+    {
+      log_error (_("error running `%s': probably not installed\n"), pgmname);
+      ec = GPG_ERR_CONFIGURATION;
+    }
+  else if (WIFEXITED (status) && WEXITSTATUS (status))
+    {
+      
+      if (!exitcode)
+        log_error (_("error running `%s': exit status %d\n"), pgmname,
+                   WEXITSTATUS (status));
+      else
+        *exitcode = WEXITSTATUS (status);
+      ec = GPG_ERR_GENERAL;
+    }
+  else if (!WIFEXITED (status))
+    {
+      log_error (_("error running `%s': terminated\n"), pgmname);
+      ec = GPG_ERR_GENERAL;
+    }
+  else 
+    {
+      if (exitcode)
+        *exitcode = 0;
+      ec = 0;
+    }
+#endif /* !HAVE_W32_SYSTEM */
+
+  return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
+}
+
+
+/* Spawn a new process and immediatley detach from it.  The name of
+   the program to exec is PGMNAME and its arguments are in ARGV (the
+   programname is automatically passed as first argument).
+   Environment strings in ENVP are set.  An error is returned if
+   pgmname is not executable; to make this work it is necessary to
+   provide an absolute file name.  All standard file descriptors are
+   connected to /dev/null. */
+gpg_error_t
+gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
+                              const char *envp[] )
+{
+#ifdef HAVE_W32_SYSTEM
+  gpg_error_t err;
+  SECURITY_ATTRIBUTES sec_attr;
+  PROCESS_INFORMATION pi = 
+    {
+      NULL,      /* Returns process handle.  */
+      0,         /* Returns primary thread handle.  */
+      0,         /* Returns pid.  */
+      0          /* Returns tid.  */
+    };
+  STARTUPINFO si;
+  int cr_flags;
+  char *cmdline;
+
+
+  /* FIXME: We don't make use of ENVP yet.  It is currently only used
+     to pass the GPG_AGENT_INFO variable to gpg-agent.  As the default
+     on windows is to use a standard socket, this does not really
+     matter.  */
+  (void)envp;
+
+  if (access (pgmname, X_OK))
+    return gpg_error_from_syserror ();
+
+  /* Prepare security attributes.  */
+  memset (&sec_attr, 0, sizeof sec_attr );
+  sec_attr.nLength = sizeof sec_attr;
+  sec_attr.bInheritHandle = FALSE;
+  
+  /* Build the command line.  */
+  err = build_w32_commandline (pgmname, argv, &cmdline);
+  if (err)
+    return err; 
+
+  /* Start the process.  */
+  memset (&si, 0, sizeof si);
+  si.cb = sizeof (si);
+  si.dwFlags = STARTF_USESHOWWINDOW;
+  si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
+
+  cr_flags = (CREATE_DEFAULT_ERROR_MODE
+              | GetPriorityClass (GetCurrentProcess ())
+              | CREATE_NEW_PROCESS_GROUP
+              | DETACHED_PROCESS); 
+/*   log_debug ("CreateProcess(detached), path=`%s' cmdline=`%s'\n", */
+/*              pgmname, cmdline); */
+  if (!CreateProcess (pgmname,       /* Program to start.  */
+                      cmdline,       /* Command line arguments.  */
+                      &sec_attr,     /* Process security attributes.  */
+                      &sec_attr,     /* Thread security attributes.  */
+                      FALSE,         /* Inherit handles.  */
+                      cr_flags,      /* Creation flags.  */
+                      NULL,          /* Environment.  */
+                      NULL,          /* Use current drive/directory.  */
+                      &si,           /* Startup information. */
+                      &pi            /* Returns process information.  */
+                      ))
+    {
+      log_error ("CreateProcess(detached) failed: %s\n", w32_strerror (-1));
+      xfree (cmdline);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+  xfree (cmdline);
+  cmdline = NULL;
+
+/*   log_debug ("CreateProcess(detached) ready: hProcess=%p hThread=%p" */
+/*              " dwProcessID=%d dwThreadId=%d\n", */
+/*              pi.hProcess, pi.hThread, */
+/*              (int) pi.dwProcessId, (int) pi.dwThreadId); */
+
+  CloseHandle (pi.hThread); 
+
+  return 0;
+
+#else
+  pid_t pid;
+  int i;
+
+  if (getuid() != geteuid())
+    return gpg_error (GPG_ERR_BUG);
+
+  if (access (pgmname, X_OK))
+    return gpg_error_from_syserror ();
+
+#ifdef USE_GNU_PTH      
+  pid = pth_fork? pth_fork () : fork ();
+#else
+  pid = fork ();
+#endif
+  if (pid == (pid_t)(-1))
+    {
+      log_error (_("error forking process: %s\n"), strerror (errno));
+      return gpg_error_from_syserror ();
+    }
+  if (!pid)
+    {
+      pid_t pid2; 
+
+      gcry_control (GCRYCTL_TERM_SECMEM);
+      if (setsid() == -1 || chdir ("/"))
+        _exit (1);
+      pid2 = fork (); /* Double fork to let init takes over the new child. */
+      if (pid2 == (pid_t)(-1))
+        _exit (1);
+      if (pid2)
+        _exit (0);  /* Let the parent exit immediately. */
+
+      if (envp)
+        for (i=0; envp[i]; i++)
+          putenv (xstrdup (envp[i]));
+      
+      do_exec (pgmname, argv, -1, -1, -1, NULL);
+
+      /*NOTREACHED*/
+    }
+  
+  if (waitpid (pid, NULL, 0) == -1)
+    log_error ("waitpid failed in gnupg_spawn_process_detached: %s",
+               strerror (errno));
+
+  return 0;
+#endif /* !HAVE_W32_SYSTEM*/
+}
diff -Nru gnupg2-2.1.6/common/exechelp.h gnupg2-2.0.28/common/exechelp.h
--- gnupg2-2.1.6/common/exechelp.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/exechelp.h	2015-06-02 08:13:55.000000000 +0000
@@ -1,24 +1,14 @@
 /* exechelp.h - Definitions for the fork and exec helpers
- * Copyright (C) 2004, 2009, 2010 Free Software Foundation, Inc.
+ *	Copyright (C) 2004, 2009 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -30,7 +20,6 @@
 #ifndef GNUPG_COMMON_EXECHELP_H
 #define GNUPG_COMMON_EXECHELP_H
 
-
 /* Return the maximum number of currently allowed file descriptors.
    Only useful on POSIX systems.  */
 int get_max_fds (void);
@@ -55,50 +44,20 @@
    inheritable.  */
 gpg_error_t gnupg_create_inbound_pipe (int filedes[2]);
 
-/* Portable function to create a pipe.  Under Windows the read end is
-   inheritable.  */
-gpg_error_t gnupg_create_outbound_pipe (int filedes[2]);
-
 
-/* Fork and exec the PGMNAME.  If INFP is NULL connect /dev/null to
-   stdin of the new process; if it is not NULL connect the file
-   descriptor retrieved from INFP to stdin.  If R_OUTFP is NULL
-   connect stdout of the new process to /dev/null; if it is not NULL
-   store the address of a pointer to a new estream there.  If R_ERRFP
-   is NULL connect stderr of the new process to /dev/null; if it is
-   not NULL store the address of a pointer to a new estream there.  On
-   success the pid of the new process is stored at PID.  On error -1
-   is stored at PID and if R_OUTFP or R_ERRFP are not NULL, NULL is
-   stored there.
-
-   The arguments for the process are expected in the NULL terminated
-   array ARGV.  The program name itself should not be included there.
-   If PREEXEC is not NULL, the given function will be called right
-   before the exec.
-
-   Returns 0 on success or an error code.  Calling gnupg_wait_process
-   and gnupg_release_process is required if the function succeeded.
-
-   FLAGS is a bit vector:
-
-   Bit 7: If set the process will be started as a background process.
-          This flag is only useful under W32 (but not W32CE) systems,
-          so that no new console is created and pops up a console
-          window when starting the server.  Does not work on W32CE.
-
-   Bit 6: On W32 (but not on W32CE) run AllowSetForegroundWindow for
-          the child.  Note that due to unknown problems this actually
-          allows SetForegroundWindow for all childs of this process.
-
- */
-gpg_error_t
-gnupg_spawn_process (const char *pgmname, const char *argv[],
-                     gpg_err_source_t errsource,
-                     void (*preexec)(void), unsigned int flags,
-                     estream_t infp,
-                     estream_t *r_outfp,
-                     estream_t *r_errfp,
-                     pid_t *pid);
+/* Fork and exec the PGMNAME, connect the file descriptor of INFILE to
+   stdin, write the output to OUTFILE, return a new stream in
+   STATUSFILE for stderr and the pid of the process in PID. The
+   arguments for the process are expected in the NULL terminated array
+   ARGV.  The program name itself should not be included there.  If
+   PREEXEC is not NULL, that function will be called right before the
+   exec.  FLAGS is currently only useful for W32, see the source for
+   details.  Calling gnupg_wait_process is required.  Returns 0 on
+   success or an error code. */
+gpg_error_t gnupg_spawn_process (const char *pgmname, const char *argv[],
+                                 FILE *infile, FILE *outfile,
+                                 void (*preexec)(void), unsigned int flags,
+                                 FILE **statusfile, pid_t *pid);
 
 
 /* Simplified version of gnupg_spawn_process.  This function forks and
@@ -106,52 +65,21 @@
    and ERRFD to stderr (any of them may be -1 to connect them to
    /dev/null).  The arguments for the process are expected in the NULL
    terminated array ARGV.  The program name itself should not be
-   included there.  Calling gnupg_wait_process and
-   gnupg_release_process is required.  Returns 0 on success or an
-   error code. */
-gpg_error_t gnupg_spawn_process_fd (const char *pgmname,
+   included there.  Calling gnupg_wait_process is required.  Returns 0
+   on success or an error code. */
+gpg_error_t gnupg_spawn_process_fd (const char *pgmname, 
                                     const char *argv[],
                                     int infd, int outfd, int errfd,
                                     pid_t *pid);
 
 
-/* If HANG is true, waits for the process identified by PID to exit;
-   if HANG is false, checks whether the process has terminated.
-   PGMNAME should be the same as supplied to the spawn function and is
-   only used for diagnostics.  Return values:
-
-   0
-       The process exited successful.  0 is stored at R_EXITCODE.
-
-   GPG_ERR_GENERAL
-       The process exited without success.  The exit code of process
-       is then stored at R_EXITCODE.  An exit code of -1 indicates
-       that the process terminated abnormally (e.g. due to a signal).
-
-   GPG_ERR_TIMEOUT
-       The process is still running (returned only if HANG is false).
-
-   GPG_ERR_INV_VALUE
-       An invalid PID has been specified.
-
-   Other error codes may be returned as well.  Unless otherwise noted,
-   -1 will be stored at R_EXITCODE.  R_EXITCODE may be passed as NULL
-   if the exit code is not required (in that case an error messge will
-   be printed).  Note that under Windows PID is not the process id but
-   the handle of the process.  */
-gpg_error_t gnupg_wait_process (const char *pgmname, pid_t pid, int hang,
-                                int *r_exitcode);
-
-
-/* Kill a process; that is send an appropriate signal to the process.
-   gnupg_wait_process must be called to actually remove the process
-   from the system.  An invalid PID is ignored.  */
-void gnupg_kill_process (pid_t pid);
-
-/* Release the process identified by PID.  This function is actually
-   only required for Windows but it does not harm to always call it.
-   It is a nop if PID is invalid.  */
-void gnupg_release_process (pid_t pid);
+/* Wait for the process identified by PID to terminate. PGMNAME should
+   be the same as supplied to the spawn fucntion and is only used for
+   diagnostics.  Returns 0 if the process succeded, GPG_ERR_GENERAL
+   for any failures of the spawned program or other error codes.  If
+   EXITCODE is not NULL the exit code of the process is stored at this
+   address or -1 if it could not be retrieved.  */
+gpg_error_t gnupg_wait_process (const char *pgmname, pid_t pid, int *exitcode);
 
 
 /* Spawn a new process and immediatley detach from it.  The name of
diff -Nru gnupg2-2.1.6/common/exechelp-posix.c gnupg2-2.0.28/common/exechelp-posix.c
--- gnupg2-2.1.6/common/exechelp-posix.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/exechelp-posix.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,618 +0,0 @@
-/* exechelp.c - Fork and exec helpers for POSIX
- * Copyright (C) 2004, 2007, 2008, 2009,
- *               2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#if defined(HAVE_W32_SYSTEM) || defined (HAVE_W32CE_SYSTEM)
-#error This code is only used on POSIX
-#endif
-
-#include 
-#include 
-#ifdef HAVE_STDINT_H
-# include 
-#endif
-#include 
-#include 
-#include 
-#ifdef HAVE_SIGNAL_H
-# include 
-#endif
-#include 
-#include 
-
-#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
-#undef HAVE_NPTH
-#undef USE_NPTH
-#endif
-
-#ifdef HAVE_NPTH
-#include 
-#endif
-#include 
-
-#ifdef HAVE_GETRLIMIT
-#include 
-#include 
-#endif /*HAVE_GETRLIMIT*/
-
-#ifdef HAVE_STAT
-# include 
-#endif
-
-#include "util.h"
-#include "i18n.h"
-#include "sysutils.h"
-#include "exechelp.h"
-
-
-/* Return the maximum number of currently allowed open file
-   descriptors.  Only useful on POSIX systems but returns a value on
-   other systems too.  */
-int
-get_max_fds (void)
-{
-  int max_fds = -1;
-#ifdef HAVE_GETRLIMIT
-  struct rlimit rl;
-
-# ifdef RLIMIT_NOFILE
-  if (!getrlimit (RLIMIT_NOFILE, &rl))
-    max_fds = rl.rlim_max;
-# endif
-
-# ifdef RLIMIT_OFILE
-  if (max_fds == -1 && !getrlimit (RLIMIT_OFILE, &rl))
-    max_fds = rl.rlim_max;
-
-# endif
-#endif /*HAVE_GETRLIMIT*/
-
-#ifdef _SC_OPEN_MAX
-  if (max_fds == -1)
-    {
-      long int scres = sysconf (_SC_OPEN_MAX);
-      if (scres >= 0)
-        max_fds = scres;
-    }
-#endif
-
-#ifdef _POSIX_OPEN_MAX
-  if (max_fds == -1)
-    max_fds = _POSIX_OPEN_MAX;
-#endif
-
-#ifdef OPEN_MAX
-  if (max_fds == -1)
-    max_fds = OPEN_MAX;
-#endif
-
-  if (max_fds == -1)
-    max_fds = 256;  /* Arbitrary limit.  */
-
-  /* AIX returns INT32_MAX instead of a proper value.  We assume that
-     this is always an error and use an arbitrary limit.  */
-#ifdef INT32_MAX
-  if (max_fds == INT32_MAX)
-    max_fds = 256;
-#endif
-
-  return max_fds;
-}
-
-
-/* Close all file descriptors starting with descriptor FIRST.  If
-   EXCEPT is not NULL, it is expected to be a list of file descriptors
-   which shall not be closed.  This list shall be sorted in ascending
-   order with the end marked by -1.  */
-void
-close_all_fds (int first, int *except)
-{
-  int max_fd = get_max_fds ();
-  int fd, i, except_start;
-
-  if (except)
-    {
-      except_start = 0;
-      for (fd=first; fd < max_fd; fd++)
-        {
-          for (i=except_start; except[i] != -1; i++)
-            {
-              if (except[i] == fd)
-                {
-                  /* If we found the descriptor in the exception list
-                     we can start the next compare run at the next
-                     index because the exception list is ordered.  */
-                except_start = i + 1;
-                break;
-                }
-            }
-          if (except[i] == -1)
-            close (fd);
-        }
-    }
-  else
-    {
-      for (fd=first; fd < max_fd; fd++)
-        close (fd);
-    }
-
-  gpg_err_set_errno (0);
-}
-
-
-/* Returns an array with all currently open file descriptors.  The end
-   of the array is marked by -1.  The caller needs to release this
-   array using the *standard free* and not with xfree.  This allow the
-   use of this fucntion right at startup even before libgcrypt has
-   been initialized.  Returns NULL on error and sets ERRNO
-   accordingly.  */
-int *
-get_all_open_fds (void)
-{
-  int *array;
-  size_t narray;
-  int fd, max_fd, idx;
-#ifndef HAVE_STAT
-  array = calloc (1, sizeof *array);
-  if (array)
-    array[0] = -1;
-#else /*HAVE_STAT*/
-  struct stat statbuf;
-
-  max_fd = get_max_fds ();
-  narray = 32;  /* If you change this change also t-exechelp.c.  */
-  array = calloc (narray, sizeof *array);
-  if (!array)
-    return NULL;
-
-  /* Note:  The list we return is ordered.  */
-  for (idx=0, fd=0; fd < max_fd; fd++)
-    if (!(fstat (fd, &statbuf) == -1 && errno == EBADF))
-      {
-        if (idx+1 >= narray)
-          {
-            int *tmp;
-
-            narray += (narray < 256)? 32:256;
-            tmp = realloc (array, narray * sizeof *array);
-            if (!tmp)
-              {
-                free (array);
-                return NULL;
-              }
-            array = tmp;
-          }
-        array[idx++] = fd;
-      }
-  array[idx] = -1;
-#endif /*HAVE_STAT*/
-  return array;
-}
-
-
-/* The exec core used right after the fork. This will never return. */
-static void
-do_exec (const char *pgmname, const char *argv[],
-         int fd_in, int fd_out, int fd_err,
-         void (*preexec)(void) )
-{
-  char **arg_list;
-  int i, j;
-  int fds[3];
-
-  fds[0] = fd_in;
-  fds[1] = fd_out;
-  fds[2] = fd_err;
-
-  /* Create the command line argument array.  */
-  i = 0;
-  if (argv)
-    while (argv[i])
-      i++;
-  arg_list = xcalloc (i+2, sizeof *arg_list);
-  arg_list[0] = strrchr (pgmname, '/');
-  if (arg_list[0])
-    arg_list[0]++;
-  else
-    arg_list[0] = xstrdup (pgmname);
-  if (argv)
-    for (i=0,j=1; argv[i]; i++, j++)
-      arg_list[j] = (char*)argv[i];
-
-  /* Assign /dev/null to unused FDs. */
-  for (i=0; i <= 2; i++)
-    {
-      if (fds[i] == -1 )
-        {
-          fds[i] = open ("/dev/null", i? O_WRONLY : O_RDONLY);
-          if (fds[i] == -1)
-            log_fatal ("failed to open '%s': %s\n",
-                       "/dev/null", strerror (errno));
-        }
-    }
-
-  /* Connect the standard files.  */
-  for (i=0; i <= 2; i++)
-    {
-      if (fds[i] != i && dup2 (fds[i], i) == -1)
-        log_fatal ("dup2 std%s failed: %s\n",
-                   i==0?"in":i==1?"out":"err", strerror (errno));
-    }
-
-  /* Close all other files. */
-  close_all_fds (3, NULL);
-
-  if (preexec)
-    preexec ();
-  execv (pgmname, arg_list);
-  /* No way to print anything, as we have closed all streams. */
-  _exit (127);
-}
-
-
-static gpg_error_t
-do_create_pipe (int filedes[2])
-{
-  gpg_error_t err = 0;
-
-  if (pipe (filedes) == -1)
-    {
-      err = gpg_error_from_syserror ();
-      filedes[0] = filedes[1] = -1;
-    }
-
-  return err;
-}
-
-/* Portable function to create a pipe.  Under Windows the write end is
-   inheritable.  */
-gpg_error_t
-gnupg_create_inbound_pipe (int filedes[2])
-{
-  return do_create_pipe (filedes);
-}
-
-
-/* Portable function to create a pipe.  Under Windows the read end is
-   inheritable.  */
-gpg_error_t
-gnupg_create_outbound_pipe (int filedes[2])
-{
-  return do_create_pipe (filedes);
-}
-
-
-
-static gpg_error_t
-create_pipe_and_estream (int filedes[2], estream_t *r_fp,
-                         gpg_err_source_t errsource)
-{
-  gpg_error_t err;
-
-  if (pipe (filedes) == -1)
-    {
-      err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
-      log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
-      filedes[0] = filedes[1] = -1;
-      *r_fp = NULL;
-      return err;
-    }
-
-  *r_fp = es_fdopen (filedes[0], "r");
-  if (!*r_fp)
-    {
-      err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
-      log_error (_("error creating a stream for a pipe: %s\n"),
-                 gpg_strerror (err));
-      close (filedes[0]);
-      close (filedes[1]);
-      filedes[0] = filedes[1] = -1;
-      return err;
-    }
-  return 0;
-}
-
-
-
-/* Fork and exec the PGMNAME, see exechelp.h for details.  */
-gpg_error_t
-gnupg_spawn_process (const char *pgmname, const char *argv[],
-                     gpg_err_source_t errsource,
-                     void (*preexec)(void), unsigned int flags,
-                     estream_t infp,
-                     estream_t *r_outfp,
-                     estream_t *r_errfp,
-                     pid_t *pid)
-{
-  gpg_error_t err;
-  int infd = -1;
-  int outpipe[2] = {-1, -1};
-  int errpipe[2] = {-1, -1};
-  estream_t outfp = NULL;
-  estream_t errfp = NULL;
-
-  (void)flags; /* Currently not used.  */
-
-  if (r_outfp)
-    *r_outfp = NULL;
-  if (r_errfp)
-    *r_errfp = NULL;
-  *pid = (pid_t)(-1); /* Always required.  */
-
-  if (infp)
-    {
-      es_fflush (infp);
-      es_rewind (infp);
-      infd = es_fileno (infp);
-      if (infd == -1)
-        return gpg_err_make (errsource, GPG_ERR_INV_VALUE);
-    }
-
-  if (r_outfp)
-    {
-      err = create_pipe_and_estream (outpipe, &outfp, errsource);
-      if (err)
-        return err;
-    }
-
-  if (r_errfp)
-    {
-      err = create_pipe_and_estream (errpipe, &errfp, errsource);
-      if (err)
-        {
-          if (outfp)
-            es_fclose (outfp);
-          else if (outpipe[0] != -1)
-            close (outpipe[0]);
-          if (outpipe[1] != -1)
-            close (outpipe[1]);
-          return err;
-        }
-    }
-
-
-  *pid = fork ();
-  if (*pid == (pid_t)(-1))
-    {
-      err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
-      log_error (_("error forking process: %s\n"), gpg_strerror (err));
-
-      if (outfp)
-        es_fclose (outfp);
-      else if (outpipe[0] != -1)
-        close (outpipe[0]);
-      if (outpipe[1] != -1)
-        close (outpipe[1]);
-
-      if (errfp)
-        es_fclose (errfp);
-      else if (errpipe[0] != -1)
-        close (errpipe[0]);
-      if (errpipe[1] != -1)
-        close (errpipe[1]);
-      return err;
-    }
-
-  if (!*pid)
-    {
-      /* This is the child. */
-      gcry_control (GCRYCTL_TERM_SECMEM);
-      es_fclose (outfp);
-      es_fclose (errfp);
-      do_exec (pgmname, argv, infd, outpipe[1], errpipe[1], preexec);
-      /*NOTREACHED*/
-    }
-
-  /* This is the parent. */
-  if (outpipe[1] != -1)
-    close (outpipe[1]);
-  if (errpipe[1] != -1)
-    close (errpipe[1]);
-
-  if (r_outfp)
-    *r_outfp = outfp;
-  if (r_errfp)
-    *r_errfp = errfp;
-
-  return 0;
-}
-
-
-
-/* Simplified version of gnupg_spawn_process.  This function forks and
-   then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout
-   and ERRFD to stderr (any of them may be -1 to connect them to
-   /dev/null).  The arguments for the process are expected in the NULL
-   terminated array ARGV.  The program name itself should not be
-   included there.  Calling gnupg_wait_process is required.
-
-   Returns 0 on success or an error code. */
-gpg_error_t
-gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
-                        int infd, int outfd, int errfd, pid_t *pid)
-{
-  gpg_error_t err;
-
-  *pid = fork ();
-  if (*pid == (pid_t)(-1))
-    {
-      err = gpg_error_from_syserror ();
-      log_error (_("error forking process: %s\n"), strerror (errno));
-      return err;
-    }
-
-  if (!*pid)
-    {
-      gcry_control (GCRYCTL_TERM_SECMEM);
-      /* Run child. */
-      do_exec (pgmname, argv, infd, outfd, errfd, NULL);
-      /*NOTREACHED*/
-    }
-
-  return 0;
-}
-
-
-/* See exechelp.h for the description.  */
-gpg_error_t
-gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode)
-{
-  gpg_err_code_t ec;
-  int i, status;
-
-  if (r_exitcode)
-    *r_exitcode = -1;
-
-  if (pid == (pid_t)(-1))
-    return gpg_error (GPG_ERR_INV_VALUE);
-
-#ifdef USE_NPTH
-  i = npth_waitpid (pid, &status, hang? 0:WNOHANG);
-#else
-  while ((i=waitpid (pid, &status, hang? 0:WNOHANG)) == (pid_t)(-1)
-	 && errno == EINTR);
-#endif
-
-  if (i == (pid_t)(-1))
-    {
-      ec = gpg_err_code_from_errno (errno);
-      log_error (_("waiting for process %d to terminate failed: %s\n"),
-                 (int)pid, strerror (errno));
-    }
-  else if (!i)
-    {
-      ec = GPG_ERR_TIMEOUT; /* Still running.  */
-    }
-  else if (WIFEXITED (status) && WEXITSTATUS (status) == 127)
-    {
-      log_error (_("error running '%s': probably not installed\n"), pgmname);
-      ec = GPG_ERR_CONFIGURATION;
-    }
-  else if (WIFEXITED (status) && WEXITSTATUS (status))
-    {
-      if (!r_exitcode)
-        log_error (_("error running '%s': exit status %d\n"), pgmname,
-                   WEXITSTATUS (status));
-      else
-        *r_exitcode = WEXITSTATUS (status);
-      ec = GPG_ERR_GENERAL;
-    }
-  else if (!WIFEXITED (status))
-    {
-      log_error (_("error running '%s': terminated\n"), pgmname);
-      ec = GPG_ERR_GENERAL;
-    }
-  else
-    {
-      if (r_exitcode)
-        *r_exitcode = 0;
-      ec = 0;
-    }
-
-  return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
-}
-
-
-void
-gnupg_release_process (pid_t pid)
-{
-  (void)pid;
-}
-
-
-/* Spawn a new process and immediately detach from it.  The name of
-   the program to exec is PGMNAME and its arguments are in ARGV (the
-   programname is automatically passed as first argument).
-   Environment strings in ENVP are set.  An error is returned if
-   pgmname is not executable; to make this work it is necessary to
-   provide an absolute file name.  All standard file descriptors are
-   connected to /dev/null. */
-gpg_error_t
-gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
-                              const char *envp[] )
-{
-  pid_t pid;
-  int i;
-
-  if (getuid() != geteuid())
-    return gpg_error (GPG_ERR_BUG);
-
-  if (access (pgmname, X_OK))
-    return gpg_error_from_syserror ();
-
-  pid = fork ();
-  if (pid == (pid_t)(-1))
-    {
-      log_error (_("error forking process: %s\n"), strerror (errno));
-      return gpg_error_from_syserror ();
-    }
-  if (!pid)
-    {
-      pid_t pid2;
-
-      gcry_control (GCRYCTL_TERM_SECMEM);
-      if (setsid() == -1 || chdir ("/"))
-        _exit (1);
-
-      pid2 = fork (); /* Double fork to let init take over the new child. */
-      if (pid2 == (pid_t)(-1))
-        _exit (1);
-      if (pid2)
-        _exit (0);  /* Let the parent exit immediately. */
-
-      if (envp)
-        for (i=0; envp[i]; i++)
-          putenv (xstrdup (envp[i]));
-
-      do_exec (pgmname, argv, -1, -1, -1, NULL);
-
-      /*NOTREACHED*/
-    }
-
-  if (waitpid (pid, NULL, 0) == -1)
-    log_error ("waitpid failed in gnupg_spawn_process_detached: %s",
-               strerror (errno));
-
-  return 0;
-}
-
-
-/* Kill a process; that is send an appropriate signal to the process.
-   gnupg_wait_process must be called to actually remove the process
-   from the system.  An invalid PID is ignored.  */
-void
-gnupg_kill_process (pid_t pid)
-{
-  if (pid != (pid_t)(-1))
-    {
-      kill (pid, SIGTERM);
-    }
-}
diff -Nru gnupg2-2.1.6/common/exechelp-w32.c gnupg2-2.0.28/common/exechelp-w32.c
--- gnupg2-2.1.6/common/exechelp-w32.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/exechelp-w32.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,828 +0,0 @@
-/* exechelp-w32.c - Fork and exec helpers for W32.
- * Copyright (C) 2004, 2007, 2008, 2009,
- *               2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#if !defined(HAVE_W32_SYSTEM) || defined (HAVE_W32CE_SYSTEM)
-#error This code is only used on W32.
-#endif
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_SIGNAL_H
-# include 
-#endif
-#include 
-#include 
-
-#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
-#undef HAVE_NPTH
-#undef USE_NPTH
-#endif
-
-#ifdef HAVE_NPTH
-#include 
-#endif
-
-#ifdef HAVE_STAT
-# include 
-#endif
-
-
-#include "util.h"
-#include "i18n.h"
-#include "sysutils.h"
-#include "exechelp.h"
-
-/* Define to 1 do enable debugging.  */
-#define DEBUG_W32_SPAWN 1
-
-
-/* It seems Vista doesn't grok X_OK and so fails access() tests.
-   Previous versions interpreted X_OK as F_OK anyway, so we'll just
-   use F_OK directly. */
-#undef X_OK
-#define X_OK F_OK
-
-/* We assume that a HANDLE can be represented by an int which should
-   be true for all i386 systems (HANDLE is defined as void *) and
-   these are the only systems for which Windows is available.  Further
-   we assume that -1 denotes an invalid handle.  */
-# define fd_to_handle(a)  ((HANDLE)(a))
-# define handle_to_fd(a)  ((int)(a))
-# define pid_to_handle(a) ((HANDLE)(a))
-# define handle_to_pid(a) ((int)(a))
-
-
-/* Return the maximum number of currently allowed open file
-   descriptors.  Only useful on POSIX systems but returns a value on
-   other systems too.  */
-int
-get_max_fds (void)
-{
-  int max_fds = -1;
-
-#ifdef OPEN_MAX
-  if (max_fds == -1)
-    max_fds = OPEN_MAX;
-#endif
-
-  if (max_fds == -1)
-    max_fds = 256;  /* Arbitrary limit.  */
-
-  return max_fds;
-}
-
-
-/* Under Windows this is a dummy function.  */
-void
-close_all_fds (int first, int *except)
-{
-  (void)first;
-  (void)except;
-}
-
-
-/* Returns an array with all currently open file descriptors.  The end
-   of the array is marked by -1.  The caller needs to release this
-   array using the *standard free* and not with xfree.  This allow the
-   use of this fucntion right at startup even before libgcrypt has
-   been initialized.  Returns NULL on error and sets ERRNO
-   accordingly.  */
-int *
-get_all_open_fds (void)
-{
-  int *array;
-  size_t narray;
-  int fd, max_fd, idx;
-#ifndef HAVE_STAT
-  array = calloc (1, sizeof *array);
-  if (array)
-    array[0] = -1;
-#else /*HAVE_STAT*/
-  struct stat statbuf;
-
-  max_fd = get_max_fds ();
-  narray = 32;  /* If you change this change also t-exechelp.c.  */
-  array = calloc (narray, sizeof *array);
-  if (!array)
-    return NULL;
-
-  /* Note:  The list we return is ordered.  */
-  for (idx=0, fd=0; fd < max_fd; fd++)
-    if (!(fstat (fd, &statbuf) == -1 && errno == EBADF))
-      {
-        if (idx+1 >= narray)
-          {
-            int *tmp;
-
-            narray += (narray < 256)? 32:256;
-            tmp = realloc (array, narray * sizeof *array);
-            if (!tmp)
-              {
-                free (array);
-                return NULL;
-              }
-            array = tmp;
-          }
-        array[idx++] = fd;
-      }
-  array[idx] = -1;
-#endif /*HAVE_STAT*/
-  return array;
-}
-
-
-/* Helper function to build_w32_commandline. */
-static char *
-build_w32_commandline_copy (char *buffer, const char *string)
-{
-  char *p = buffer;
-  const char *s;
-
-  if (!*string) /* Empty string. */
-    p = stpcpy (p, "\"\"");
-  else if (strpbrk (string, " \t\n\v\f\""))
-    {
-      /* Need to do some kind of quoting.  */
-      p = stpcpy (p, "\"");
-      for (s=string; *s; s++)
-        {
-          *p++ = *s;
-          if (*s == '\"')
-            *p++ = *s;
-        }
-      *p++ = '\"';
-      *p = 0;
-    }
-  else
-    p = stpcpy (p, string);
-
-  return p;
-}
-
-/* Build a command line for use with W32's CreateProcess.  On success
-   CMDLINE gets the address of a newly allocated string.  */
-static gpg_error_t
-build_w32_commandline (const char *pgmname, const char * const *argv,
-                       char **cmdline)
-{
-  int i, n;
-  const char *s;
-  char *buf, *p;
-
-  *cmdline = NULL;
-  n = 0;
-  s = pgmname;
-  n += strlen (s) + 1 + 2;  /* (1 space, 2 quoting */
-  for (; *s; s++)
-    if (*s == '\"')
-      n++;  /* Need to double inner quotes.  */
-  for (i=0; (s=argv[i]); i++)
-    {
-      n += strlen (s) + 1 + 2;  /* (1 space, 2 quoting */
-      for (; *s; s++)
-        if (*s == '\"')
-          n++;  /* Need to double inner quotes.  */
-    }
-  n++;
-
-  buf = p = xtrymalloc (n);
-  if (!buf)
-    return gpg_error_from_syserror ();
-
-  p = build_w32_commandline_copy (p, pgmname);
-  for (i=0; argv[i]; i++)
-    {
-      *p++ = ' ';
-      p = build_w32_commandline_copy (p, argv[i]);
-    }
-
-  *cmdline= buf;
-  return 0;
-}
-
-
-/* Create pipe where one end is inheritable: With an INHERIT_IDX of 0
-   the read end is inheritable, with 1 the write end is inheritable.  */
-static int
-create_inheritable_pipe (HANDLE filedes[2], int inherit_idx)
-{
-  HANDLE r, w, h;
-  SECURITY_ATTRIBUTES sec_attr;
-
-  memset (&sec_attr, 0, sizeof sec_attr );
-  sec_attr.nLength = sizeof sec_attr;
-  sec_attr.bInheritHandle = FALSE;
-
-  if (!CreatePipe (&r, &w, &sec_attr, 0))
-    return -1;
-
-  if (!DuplicateHandle (GetCurrentProcess(), inherit_idx? w : r,
-                        GetCurrentProcess(), &h, 0,
-                        TRUE, DUPLICATE_SAME_ACCESS ))
-    {
-      log_error ("DuplicateHandle failed: %s\n", w32_strerror (-1));
-      CloseHandle (r);
-      CloseHandle (w);
-      return -1;
-    }
-
-  if (inherit_idx)
-    {
-      CloseHandle (w);
-      w = h;
-    }
-  else
-    {
-      CloseHandle (r);
-      r = h;
-    }
-
-  filedes[0] = r;
-  filedes[1] = w;
-  return 0;
-}
-
-
-static HANDLE
-w32_open_null (int for_write)
-{
-  HANDLE hfile;
-
-  hfile = CreateFileW (L"nul",
-                       for_write? GENERIC_WRITE : GENERIC_READ,
-                       FILE_SHARE_READ | FILE_SHARE_WRITE,
-                       NULL, OPEN_EXISTING, 0, NULL);
-  if (hfile == INVALID_HANDLE_VALUE)
-    log_debug ("can't open 'nul': %s\n", w32_strerror (-1));
-  return hfile;
-}
-
-
-static gpg_error_t
-do_create_pipe (int filedes[2], int inherit_idx)
-{
-  gpg_error_t err = 0;
-  HANDLE fds[2];
-
-  filedes[0] = filedes[1] = -1;
-  err = gpg_error (GPG_ERR_GENERAL);
-  if (!create_inheritable_pipe (fds, inherit_idx))
-    {
-      filedes[0] = _open_osfhandle (handle_to_fd (fds[0]), 0);
-      if (filedes[0] == -1)
-        {
-          log_error ("failed to translate osfhandle %p\n", fds[0]);
-          CloseHandle (fds[1]);
-        }
-      else
-        {
-          filedes[1] = _open_osfhandle (handle_to_fd (fds[1]), 1);
-          if (filedes[1] == -1)
-            {
-              log_error ("failed to translate osfhandle %p\n", fds[1]);
-              close (filedes[0]);
-              filedes[0] = -1;
-              CloseHandle (fds[1]);
-            }
-          else
-            err = 0;
-        }
-    }
-  return err;
-}
-
-/* Portable function to create a pipe.  Under Windows the write end is
-   inheritable.  */
-gpg_error_t
-gnupg_create_inbound_pipe (int filedes[2])
-{
-  return do_create_pipe (filedes, 1);
-}
-
-
-/* Portable function to create a pipe.  Under Windows the read end is
-   inheritable.  */
-gpg_error_t
-gnupg_create_outbound_pipe (int filedes[2])
-{
-  return do_create_pipe (filedes, 0);
-}
-
-
-/* Fork and exec the PGMNAME, see exechelp.h for details.  */
-gpg_error_t
-gnupg_spawn_process (const char *pgmname, const char *argv[],
-                     gpg_err_source_t errsource,
-                     void (*preexec)(void), unsigned int flags,
-                     estream_t infp,
-                     estream_t *r_outfp,
-                     estream_t *r_errfp,
-                     pid_t *pid)
-{
-  gpg_error_t err;
-  SECURITY_ATTRIBUTES sec_attr;
-  PROCESS_INFORMATION pi =
-    {
-      NULL,      /* Returns process handle.  */
-      0,         /* Returns primary thread handle.  */
-      0,         /* Returns pid.  */
-      0          /* Returns tid.  */
-    };
-  STARTUPINFO si;
-  int cr_flags;
-  char *cmdline;
-  HANDLE inhandle = INVALID_HANDLE_VALUE;
-  HANDLE outpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE};
-  HANDLE errpipe[2] = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE};
-  estream_t outfp = NULL;
-  estream_t errfp = NULL;
-  HANDLE nullhd[3] = {INVALID_HANDLE_VALUE,
-                      INVALID_HANDLE_VALUE,
-                      INVALID_HANDLE_VALUE};
-  int i;
-  es_syshd_t syshd;
-
-  if (r_outfp)
-    *r_outfp = NULL;
-  if (r_errfp)
-    *r_errfp = NULL;
-  *pid = (pid_t)(-1); /* Always required.  */
-
-  if (infp)
-    {
-      es_fflush (infp);
-      es_rewind (infp);
-      es_syshd (infp, &syshd);
-      switch (syshd.type)
-        {
-        case ES_SYSHD_FD:
-          inhandle = (HANDLE)_get_osfhandle (syshd.u.fd);
-          break;
-        case ES_SYSHD_SOCK:
-          inhandle = (HANDLE)_get_osfhandle (syshd.u.sock);
-          break;
-        case ES_SYSHD_HANDLE:
-          inhandle = syshd.u.handle;
-          break;
-        default:
-          inhandle = INVALID_HANDLE_VALUE;
-          break;
-        }
-      if (inhandle == INVALID_HANDLE_VALUE)
-        return gpg_err_make (errsource, GPG_ERR_INV_VALUE);
-      /* FIXME: In case we can't get a system handle (e.g. due to
-         es_fopencookie we should create a piper and a feeder
-         thread.  */
-    }
-
-  if (r_outfp)
-    {
-      if (create_inheritable_pipe (outpipe, 1))
-        {
-          err = gpg_err_make (errsource, GPG_ERR_GENERAL);
-          log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
-          return err;
-        }
-
-      syshd.type = ES_SYSHD_HANDLE;
-      syshd.u.handle = outpipe[0];
-      outfp = es_sysopen (&syshd, "r");
-      if (!outfp)
-        {
-          err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
-          log_error (_("error creating a stream for a pipe: %s\n"),
-                     gpg_strerror (err));
-          CloseHandle (outpipe[0]);
-          CloseHandle (outpipe[1]);
-          outpipe[0] = outpipe[1] = INVALID_HANDLE_VALUE;
-          return err;
-        }
-    }
-
-  if (r_errfp)
-    {
-      if (create_inheritable_pipe (errpipe, 1))
-        {
-          err = gpg_err_make (errsource, GPG_ERR_GENERAL);
-          log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
-          return err;
-        }
-
-      syshd.type = ES_SYSHD_HANDLE;
-      syshd.u.handle = errpipe[0];
-      errfp = es_sysopen (&syshd, "r");
-      if (!errfp)
-        {
-          err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
-          log_error (_("error creating a stream for a pipe: %s\n"),
-                     gpg_strerror (err));
-          CloseHandle (errpipe[0]);
-          CloseHandle (errpipe[1]);
-          errpipe[0] = errpipe[1] = INVALID_HANDLE_VALUE;
-          if (outfp)
-            es_fclose (outfp);
-          else if (outpipe[0] != INVALID_HANDLE_VALUE)
-            CloseHandle (outpipe[0]);
-          if (outpipe[1] != INVALID_HANDLE_VALUE)
-            CloseHandle (outpipe[1]);
-          return err;
-        }
-    }
-
-  /* Prepare security attributes.  */
-  memset (&sec_attr, 0, sizeof sec_attr );
-  sec_attr.nLength = sizeof sec_attr;
-  sec_attr.bInheritHandle = FALSE;
-
-  /* Build the command line.  */
-  err = build_w32_commandline (pgmname, argv, &cmdline);
-  if (err)
-    return err;
-
-  if (inhandle != INVALID_HANDLE_VALUE)
-    nullhd[0] = w32_open_null (0);
-  if (outpipe[1] != INVALID_HANDLE_VALUE)
-    nullhd[1] = w32_open_null (0);
-  if (errpipe[1] != INVALID_HANDLE_VALUE)
-    nullhd[2] = w32_open_null (0);
-
-  /* Start the process.  Note that we can't run the PREEXEC function
-     because this might change our own environment. */
-  (void)preexec;
-
-  memset (&si, 0, sizeof si);
-  si.cb = sizeof (si);
-  si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
-  si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
-  si.hStdInput  =   inhandle == INVALID_HANDLE_VALUE? nullhd[0] : inhandle;
-  si.hStdOutput = outpipe[1] == INVALID_HANDLE_VALUE? nullhd[1] : outpipe[1];
-  si.hStdError  = errpipe[1] == INVALID_HANDLE_VALUE? nullhd[2] : errpipe[1];
-
-  cr_flags = (CREATE_DEFAULT_ERROR_MODE
-              | ((flags & 128)? DETACHED_PROCESS : 0)
-              | GetPriorityClass (GetCurrentProcess ())
-              | CREATE_SUSPENDED);
-/*   log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline); */
-  if (!CreateProcess (pgmname,       /* Program to start.  */
-                      cmdline,       /* Command line arguments.  */
-                      &sec_attr,     /* Process security attributes.  */
-                      &sec_attr,     /* Thread security attributes.  */
-                      TRUE,          /* Inherit handles.  */
-                      cr_flags,      /* Creation flags.  */
-                      NULL,          /* Environment.  */
-                      NULL,          /* Use current drive/directory.  */
-                      &si,           /* Startup information. */
-                      &pi            /* Returns process information.  */
-                      ))
-    {
-      log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
-      xfree (cmdline);
-      if (outfp)
-        es_fclose (outfp);
-      else if (outpipe[0] != INVALID_HANDLE_VALUE)
-        CloseHandle (outpipe[0]);
-      if (outpipe[1] != INVALID_HANDLE_VALUE)
-        CloseHandle (outpipe[1]);
-      if (errfp)
-        es_fclose (errfp);
-      else if (errpipe[0] != INVALID_HANDLE_VALUE)
-        CloseHandle (errpipe[0]);
-      if (errpipe[1] != INVALID_HANDLE_VALUE)
-        CloseHandle (errpipe[1]);
-      return gpg_err_make (errsource, GPG_ERR_GENERAL);
-    }
-  xfree (cmdline);
-  cmdline = NULL;
-
-  /* Close the inherited handles to /dev/null.  */
-  for (i=0; i < DIM (nullhd); i++)
-    if (nullhd[i] != INVALID_HANDLE_VALUE)
-      CloseHandle (nullhd[i]);
-
-  /* Close the inherited ends of the pipes.  */
-  if (outpipe[1] != INVALID_HANDLE_VALUE)
-    CloseHandle (outpipe[1]);
-  if (errpipe[1] != INVALID_HANDLE_VALUE)
-    CloseHandle (errpipe[1]);
-
-  /* log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */
-  /*            " dwProcessID=%d dwThreadId=%d\n", */
-  /*            pi.hProcess, pi.hThread, */
-  /*            (int) pi.dwProcessId, (int) pi.dwThreadId); */
-  /* log_debug ("                     outfp=%p errfp=%p\n", outfp, errfp); */
-
-  /* Fixme: For unknown reasons AllowSetForegroundWindow returns an
-     invalid argument error if we pass it the correct processID.  As a
-     workaround we use -1 (ASFW_ANY).  */
-  if ( (flags & 64) )
-    gnupg_allow_set_foregound_window ((pid_t)(-1)/*pi.dwProcessId*/);
-
-  /* Process has been created suspended; resume it now. */
-  ResumeThread (pi.hThread);
-  CloseHandle (pi.hThread);
-
-  if (r_outfp)
-    *r_outfp = outfp;
-  if (r_errfp)
-    *r_errfp = errfp;
-
-  *pid = handle_to_pid (pi.hProcess);
-  return 0;
-
-}
-
-
-
-/* Simplified version of gnupg_spawn_process.  This function forks and
-   then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout
-   and ERRFD to stderr (any of them may be -1 to connect them to
-   /dev/null).  The arguments for the process are expected in the NULL
-   terminated array ARGV.  The program name itself should not be
-   included there.  Calling gnupg_wait_process is required.
-
-   Returns 0 on success or an error code. */
-gpg_error_t
-gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
-                        int infd, int outfd, int errfd, pid_t *pid)
-{
-  gpg_error_t err;
-  SECURITY_ATTRIBUTES sec_attr;
-  PROCESS_INFORMATION pi = { NULL, 0, 0, 0 };
-  STARTUPINFO si;
-  char *cmdline;
-  int i;
-  HANDLE stdhd[3];
-
-  /* Setup return values.  */
-  *pid = (pid_t)(-1);
-
-  /* Prepare security attributes.  */
-  memset (&sec_attr, 0, sizeof sec_attr );
-  sec_attr.nLength = sizeof sec_attr;
-  sec_attr.bInheritHandle = FALSE;
-
-  /* Build the command line.  */
-  err = build_w32_commandline (pgmname, argv, &cmdline);
-  if (err)
-    return err;
-
-  memset (&si, 0, sizeof si);
-  si.cb = sizeof (si);
-  si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
-  si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
-  stdhd[0] = infd  == -1? w32_open_null (0) : INVALID_HANDLE_VALUE;
-  stdhd[1] = outfd == -1? w32_open_null (1) : INVALID_HANDLE_VALUE;
-  stdhd[2] = errfd == -1? w32_open_null (1) : INVALID_HANDLE_VALUE;
-  si.hStdInput  = infd  == -1? stdhd[0] : (void*)_get_osfhandle (infd);
-  si.hStdOutput = outfd == -1? stdhd[1] : (void*)_get_osfhandle (outfd);
-  si.hStdError  = errfd == -1? stdhd[2] : (void*)_get_osfhandle (errfd);
-
-/*   log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline); */
-  if (!CreateProcess (pgmname,       /* Program to start.  */
-                      cmdline,       /* Command line arguments.  */
-                      &sec_attr,     /* Process security attributes.  */
-                      &sec_attr,     /* Thread security attributes.  */
-                      TRUE,          /* Inherit handles.  */
-                      (CREATE_DEFAULT_ERROR_MODE
-                       | GetPriorityClass (GetCurrentProcess ())
-                       | CREATE_SUSPENDED | DETACHED_PROCESS),
-                      NULL,          /* Environment.  */
-                      NULL,          /* Use current drive/directory.  */
-                      &si,           /* Startup information. */
-                      &pi            /* Returns process information.  */
-                      ))
-    {
-      log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
-      err = gpg_error (GPG_ERR_GENERAL);
-    }
-  else
-    err = 0;
-  xfree (cmdline);
-  for (i=0; i < 3; i++)
-    if (stdhd[i] != INVALID_HANDLE_VALUE)
-      CloseHandle (stdhd[i]);
-  if (err)
-    return err;
-
-/*   log_debug ("CreateProcess ready: hProcess=%p hThread=%p" */
-/*              " dwProcessID=%d dwThreadId=%d\n", */
-/*              pi.hProcess, pi.hThread, */
-/*              (int) pi.dwProcessId, (int) pi.dwThreadId); */
-
-  /* Process has been created suspended; resume it now. */
-  ResumeThread (pi.hThread);
-  CloseHandle (pi.hThread);
-
-  *pid = handle_to_pid (pi.hProcess);
-  return 0;
-
-}
-
-
-/* See exechelp.h for a description.  */
-gpg_error_t
-gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *r_exitcode)
-{
-  gpg_err_code_t ec;
-  HANDLE proc = fd_to_handle (pid);
-  int code;
-  DWORD exc;
-
-  if (r_exitcode)
-    *r_exitcode = -1;
-
-  if (pid == (pid_t)(-1))
-    return gpg_error (GPG_ERR_INV_VALUE);
-
-  /* FIXME: We should do a pth_waitpid here.  However this has not yet
-     been implemented.  A special W32 pth system call would even be
-     better.  */
-  code = WaitForSingleObject (proc, hang? INFINITE : 0);
-  switch (code)
-    {
-    case WAIT_TIMEOUT:
-      ec = GPG_ERR_TIMEOUT;
-      break;
-
-    case WAIT_FAILED:
-      log_error (_("waiting for process %d to terminate failed: %s\n"),
-                 (int)pid, w32_strerror (-1));
-      ec = GPG_ERR_GENERAL;
-      break;
-
-    case WAIT_OBJECT_0:
-      if (!GetExitCodeProcess (proc, &exc))
-        {
-          log_error (_("error getting exit code of process %d: %s\n"),
-                     (int)pid, w32_strerror (-1) );
-          ec = GPG_ERR_GENERAL;
-        }
-      else if (exc)
-        {
-          log_error (_("error running '%s': exit status %d\n"),
-                     pgmname, (int)exc );
-          if (r_exitcode)
-            *r_exitcode = (int)exc;
-          ec = GPG_ERR_GENERAL;
-        }
-      else
-        {
-          if (r_exitcode)
-            *r_exitcode = 0;
-          ec = 0;
-        }
-      break;
-
-    default:
-      log_error ("WaitForSingleObject returned unexpected "
-                 "code %d for pid %d\n", code, (int)pid );
-      ec = GPG_ERR_GENERAL;
-      break;
-    }
-
-  return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
-}
-
-
-
-void
-gnupg_release_process (pid_t pid)
-{
-  if (pid != (pid_t)INVALID_HANDLE_VALUE)
-    {
-      HANDLE process = (HANDLE)pid;
-
-      CloseHandle (process);
-    }
-}
-
-
-/* Spawn a new process and immediatley detach from it.  The name of
-   the program to exec is PGMNAME and its arguments are in ARGV (the
-   programname is automatically passed as first argument).
-   Environment strings in ENVP are set.  An error is returned if
-   pgmname is not executable; to make this work it is necessary to
-   provide an absolute file name.  All standard file descriptors are
-   connected to /dev/null. */
-gpg_error_t
-gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
-                              const char *envp[] )
-{
-  gpg_error_t err;
-  SECURITY_ATTRIBUTES sec_attr;
-  PROCESS_INFORMATION pi =
-    {
-      NULL,      /* Returns process handle.  */
-      0,         /* Returns primary thread handle.  */
-      0,         /* Returns pid.  */
-      0          /* Returns tid.  */
-    };
-  STARTUPINFO si;
-  int cr_flags;
-  char *cmdline;
-
-
-  /* We don't use ENVP.  */
-  (void)envp;
-
-  if (access (pgmname, X_OK))
-    return gpg_error_from_syserror ();
-
-  /* Prepare security attributes.  */
-  memset (&sec_attr, 0, sizeof sec_attr );
-  sec_attr.nLength = sizeof sec_attr;
-  sec_attr.bInheritHandle = FALSE;
-
-  /* Build the command line.  */
-  err = build_w32_commandline (pgmname, argv, &cmdline);
-  if (err)
-    return err;
-
-  /* Start the process.  */
-  memset (&si, 0, sizeof si);
-  si.cb = sizeof (si);
-  si.dwFlags = STARTF_USESHOWWINDOW;
-  si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
-
-  cr_flags = (CREATE_DEFAULT_ERROR_MODE
-              | GetPriorityClass (GetCurrentProcess ())
-              | CREATE_NEW_PROCESS_GROUP
-              | DETACHED_PROCESS);
-/*   log_debug ("CreateProcess(detached), path='%s' cmdline='%s'\n", */
-/*              pgmname, cmdline); */
-  if (!CreateProcess (pgmname,       /* Program to start.  */
-                      cmdline,       /* Command line arguments.  */
-                      &sec_attr,     /* Process security attributes.  */
-                      &sec_attr,     /* Thread security attributes.  */
-                      FALSE,         /* Inherit handles.  */
-                      cr_flags,      /* Creation flags.  */
-                      NULL,          /* Environment.  */
-                      NULL,          /* Use current drive/directory.  */
-                      &si,           /* Startup information. */
-                      &pi            /* Returns process information.  */
-                      ))
-    {
-      log_error ("CreateProcess(detached) failed: %s\n", w32_strerror (-1));
-      xfree (cmdline);
-      return gpg_error (GPG_ERR_GENERAL);
-    }
-  xfree (cmdline);
-  cmdline = NULL;
-
-/*   log_debug ("CreateProcess(detached) ready: hProcess=%p hThread=%p" */
-/*              " dwProcessID=%d dwThreadId=%d\n", */
-/*              pi.hProcess, pi.hThread, */
-/*              (int) pi.dwProcessId, (int) pi.dwThreadId); */
-
-  CloseHandle (pi.hThread);
-
-  return 0;
-}
-
-
-/* Kill a process; that is send an appropriate signal to the process.
-   gnupg_wait_process must be called to actually remove the process
-   from the system.  An invalid PID is ignored.  */
-void
-gnupg_kill_process (pid_t pid)
-{
-  if (pid != (pid_t) INVALID_HANDLE_VALUE)
-    {
-      HANDLE process = (HANDLE) pid;
-
-      /* Arbitrary error code.  */
-      TerminateProcess (process, 1);
-    }
-}
diff -Nru gnupg2-2.1.6/common/exechelp-w32ce.c gnupg2-2.0.28/common/exechelp-w32ce.c
--- gnupg2-2.1.6/common/exechelp-w32ce.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/exechelp-w32ce.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,861 +0,0 @@
-/* exechelp-w32.c - Fork and exec helpers for W32CE.
- * Copyright (C) 2004, 2007, 2008, 2009,
- *               2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#if !defined(HAVE_W32_SYSTEM) && !defined (HAVE_W32CE_SYSTEM)
-#error This code is only used on W32CE.
-#endif
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_SIGNAL_H
-# include 
-#endif
-#include 
-#include 
-
-#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
-#undef HAVE_NPTH
-#undef USE_NPTH
-#endif
-
-#ifdef HAVE_NPTH
-#include 
-#endif
-
-#ifdef HAVE_STAT
-# include 
-#endif
-
-#include 
-
-#include "util.h"
-#include "i18n.h"
-#include "sysutils.h"
-#include "exechelp.h"
-
-
-/* It seems Vista doesn't grok X_OK and so fails access() tests.
-   Previous versions interpreted X_OK as F_OK anyway, so we'll just
-   use F_OK directly. */
-#undef X_OK
-#define X_OK F_OK
-
-
-/* We assume that a HANDLE can be represented by an int which should
-   be true for all i386 systems (HANDLE is defined as void *) and
-   these are the only systems for which Windows is available.  Further
-   we assume that -1 denotes an invalid handle.  */
-#define fd_to_handle(a)  ((HANDLE)(a))
-#define handle_to_fd(a)  ((int)(a))
-#define pid_to_handle(a) ((HANDLE)(a))
-#define handle_to_pid(a) ((int)(a))
-
-
-#ifdef USE_NPTH
-/* The data passed to the feeder_thread.  */
-struct feeder_thread_parms
-{
-  estream_t stream;
-  volatile int stream_valid;
-  HANDLE hd;
-  int direction;
-};
-
-
-/* The thread started by start_feede3.  */
-static void *
-feeder_thread (void *arg)
-{
-  struct feeder_thread_parms *parm = arg;
-  char buffer[4096];
-  int rc;
-
-  if (parm->direction)
-    {
-      size_t nread = 0;
-      DWORD nwritten;
-
-      log_debug ("feeder_thread estream->pipe: stream=%p pipe=%p\n",
-                 parm->stream, parm->hd);
-      while (parm->stream_valid
-             && !es_read (parm->stream, buffer, sizeof buffer, &nread))
-        {
-          do
-            {
-              pth_enter ();
-              rc = WriteFile (parm->hd, buffer, nread, &nwritten, NULL);
-              pth_leave ();
-              if (!rc)
-                {
-                  log_debug ("feeder(%p): WriteFile error: rc=%d\n",
-                             parm->hd, (int)GetLastError ());
-                  goto leave;
-                }
-              nread -= nwritten;
-            }
-          while (nread);
-        }
-      if (!parm->stream_valid)
-        log_debug ("feeder(%p): closed by other thread\n", parm->hd);
-      else if (nread)
-        log_debug ("feeder(%p): es_read error: %s\n",
-                   parm->hd, strerror (errno));
-    }
-  else
-    {
-      DWORD nread = 0;
-      size_t nwritten;
-
-      log_debug ("feeder_thread pipe->estream: stream=%p pipe=%p\n",
-                 parm->stream, parm->hd);
-      while ( (pth_enter (),
-               (rc = ReadFile (parm->hd, buffer, sizeof buffer, &nread, NULL)),
-               pth_leave (),
-               rc) && nread)
-        {
-          log_debug ("feeder_thread pipe->estream: read %d bytes\n",
-                     (int)nread);
-          do
-            {
-              if (parm->stream_valid
-                  && es_write (parm->stream, buffer, nread, &nwritten))
-                {
-                  log_debug ("feeder(%p): es_write error: %s\n",
-                             parm->hd, strerror (errno));
-                  goto leave;
-                }
-              log_debug ("feeder_thread pipe->estream: es_wrote %d bytes\n",
-                         (int)nwritten);
-              nread -= nwritten;
-            }
-          while (nread && parm->stream_valid);
-        }
-      if (!parm->stream_valid)
-        log_debug ("feeder(%p): closed by other thread\n", parm->hd);
-      else if (nread)
-        log_debug ("feeder(%p): ReadFile error: rc=%d\n",
-                   parm->hd, (int)GetLastError ());
-      else
-        log_debug ("feeder(%p): eof\n", parm->hd);
-    }
-
-leave:
-  log_debug ("feeder(%p): waiting for es_fclose\n", parm->hd);
-  while (parm->stream_valid)
-    pth_yield (NULL);
-  log_debug ("feeder(%p): about to close the pipe handle\n", parm->hd);
-  CloseHandle (parm->hd);
-  log_debug ("feeder(%p): pipe handle closed\n", parm->hd);
-  xfree (parm);
-  return NULL;
-}
-#endif /*USE_NPTH*/
-
-#ifdef USE_NPTH
-static void
-feeder_onclose_notification (estream_t stream, void *opaque)
-{
-  struct feeder_thread_parms *parm = opaque;
-  (void)stream;
-  log_debug ("feeder(%p): received onclose note\n", parm->hd);
-  parm->stream_valid = 0;
-}
-#endif /*USE_NPTH*/
-
-/* Fire up a thread to copy data between STREAM and a pipe's
-   descriptor FD.  With DIRECTION set to true the copy takes place
-   from the stream to the pipe, otherwise from the pipe to the
-   stream.  */
-static gpg_error_t
-start_feeder (estream_t stream, HANDLE hd, int direction)
-{
-#ifdef USE_NPTH
-  gpg_error_t err;
-  struct feeder_thread_parms *parm;
-  pth_attr_t tattr;
-
-  parm = xtrymalloc (sizeof *parm);
-  if (!parm)
-    return gpg_error_from_syserror ();
-  parm->stream = stream;
-  parm->stream_valid = 1;
-  parm->hd = hd;
-  parm->direction = direction;
-
-  if (es_onclose (stream, 1, feeder_onclose_notification, parm))
-    {
-      err = gpg_error_from_syserror ();
-      xfree (parm);
-      return err;
-    }
-
-  tattr = pth_attr_new ();
-  pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
-  pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 64*1024);
-  pth_attr_set (tattr, PTH_ATTR_NAME, "exec-feeder");
-
-  log_debug ("spawning new feeder(%p, %p, %d)\n", stream, hd, direction);
-  if(!pth_spawn (tattr, feeder_thread, parm))
-    {
-      err = gpg_error_from_syserror ();
-      es_onclose (stream, 0, feeder_onclose_notification, parm);
-      xfree (parm);
-    }
-  else
-    err = 0;
-  pth_attr_destroy (tattr);
-
-  return err;
-#else
-  (void)stream;
-  (void)hd;
-  (void)direction;
-  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);  /* No Pth.  */
-#endif
-}
-
-
-
-/* Return the maximum number of currently allowed open file
-   descriptors.  Only useful on POSIX systems but returns a value on
-   other systems too.  */
-int
-get_max_fds (void)
-{
-  int max_fds = -1;
-
-#ifdef OPEN_MAX
-  if (max_fds == -1)
-    max_fds = OPEN_MAX;
-#endif
-
-  if (max_fds == -1)
-    max_fds = 256;  /* Arbitrary limit.  */
-
-  return max_fds;
-}
-
-
-/* Under Windows this is a dummy function.  */
-void
-close_all_fds (int first, int *except)
-{
-  (void)first;
-  (void)except;
-}
-
-
-/* Returns an array with all currently open file descriptors.  The end
-   of the array is marked by -1.  The caller needs to release this
-   array using the *standard free* and not with xfree.  This allow the
-   use of this function right at startup even before libgcrypt has
-   been initialized.  Returns NULL on error and sets ERRNO
-   accordingly.  */
-int *
-get_all_open_fds (void)
-{
-  int *array;
-  size_t narray;
-  int fd, max_fd, idx;
-#ifndef HAVE_STAT
-  array = calloc (1, sizeof *array);
-  if (array)
-    array[0] = -1;
-#else /*HAVE_STAT*/
-  struct stat statbuf;
-
-  max_fd = get_max_fds ();
-  narray = 32;  /* If you change this change also t-exechelp.c.  */
-  array = calloc (narray, sizeof *array);
-  if (!array)
-    return NULL;
-
-  /* Note:  The list we return is ordered.  */
-  for (idx=0, fd=0; fd < max_fd; fd++)
-    if (!(fstat (fd, &statbuf) == -1 && errno == EBADF))
-      {
-        if (idx+1 >= narray)
-          {
-            int *tmp;
-
-            narray += (narray < 256)? 32:256;
-            tmp = realloc (array, narray * sizeof *array);
-            if (!tmp)
-              {
-                free (array);
-                return NULL;
-              }
-            array = tmp;
-          }
-        array[idx++] = fd;
-      }
-  array[idx] = -1;
-#endif /*HAVE_STAT*/
-  return array;
-}
-
-
-
-static char *
-copy_quoted (char *p, const char *string)
-{
-  const char *s;
-
-  if (!*string) /* Empty string. */
-    p = stpcpy (p, "\"\"");
-  else if (strpbrk (string, " \t\n\v\f\"")) /* Need quotes.  */
-    {
-      p = stpcpy (p, "\"");
-      for (s = string; *s; s++)
-        {
-          *p++ = *s;
-          if (*s == '\"')
-            *p++ = *s;
-        }
-      *p++ = '\"';
-      *p = 0;
-    }
-  else /* Copy verbatim.  */
-    p = stpcpy (p, string);
-
-  return p;
-}
-
-
-/* Build a command line for use with W32's CreateProcess.  On success
-   CMDLINE gets the address of a newly allocated string.  */
-static int
-build_w32_commandline (const char * const *argv,
-		       int rvid0, int rvid1, int rvid2,
-                       char **cmdline)
-{
-  int i, n;
-  const char *s;
-  char *buf, *p;
-  char fdbuf[3*30];
-
-  p = fdbuf;
-  *p = 0;
-
-  if (rvid0)
-    snprintf (p, 25, "-&S0=%d ", rvid0);
-  else
-    strcpy (p, "-&S0=null ");
-  p += strlen (p);
-
-  if (rvid1)
-    snprintf (p, 25, "-&S1=%d ", rvid1);
-  else
-    strcpy (p, "-&S1=null ");
-  p += strlen (p);
-
-  if (rvid2)
-    snprintf (p, 25, "-&S2=%d ", rvid2);
-  else
-    strcpy (p, "-&S2=null ");
-  p += strlen (p);
-
-  *cmdline = NULL;
-  n = strlen (fdbuf);
-  for (i=0; (s = argv[i]); i++)
-    {
-      n += strlen (s) + 1 + 2;  /* (1 space, 2 quoting) */
-      for (; *s; s++)
-        if (*s == '\"')
-          n++;  /* Need to double inner quotes.  */
-    }
-  n++;
-
-  buf = p = xtrymalloc (n);
-  if (! buf)
-    return -1;
-
-  p = stpcpy (p, fdbuf);
-  for (i = 0; argv[i]; i++)
-    {
-      *p++ = ' ';
-      p = copy_quoted (p, argv[i]);
-    }
-
-  *cmdline = buf;
-  return 0;
-}
-
-
-/* Create pipe where one end is inheritable: With an INHERIT_IDX of 0
-   the read end is inheritable, with 1 the write end is inheritable.
-   Note that the inheritable ends are rendezvous ids and no file
-   descriptors or handles. */
-static gpg_error_t
-create_inheritable_pipe (int filedes[2], int inherit_idx)
-{
-  HANDLE hd;
-  int rvid;
-
-  filedes[0] = filedes[1] = -1;
-  hd = _assuan_w32ce_prepare_pipe (&rvid, !inherit_idx);
-  if (hd == INVALID_HANDLE_VALUE)
-    {
-      log_error ("_assuan_w32ce_prepare_pipe failed: %s\n", w32_strerror (-1));
-      gpg_err_set_errno (EIO);
-      return gpg_error_from_syserror ();
-    }
-
-  if (inherit_idx)
-    {
-      filedes[0] = handle_to_fd (hd);
-      filedes[1] = rvid;
-    }
-  else
-    {
-      filedes[0] = rvid;
-      filedes[1] = handle_to_fd (hd);
-    }
-  return 0;
-}
-
-
-/* Portable function to create a pipe.  Under Windows the write end is
-   inheritable (i.e. an rendezvous id).  */
-gpg_error_t
-gnupg_create_inbound_pipe (int filedes[2])
-{
-  return create_inheritable_pipe (filedes, 1);
-}
-
-
-/* Portable function to create a pipe.  Under Windows the read end is
-   inheritable (i.e. an rendezvous id).  */
-gpg_error_t
-gnupg_create_outbound_pipe (int filedes[2])
-{
-  return create_inheritable_pipe (filedes, 0);
-}
-
-
-static int
-create_process (const char *pgmname, const char *cmdline,
-                PROCESS_INFORMATION *pi)
-{
-  int res;
-  wchar_t *wpgmname, *wcmdline;
-
-  wpgmname = utf8_to_wchar (pgmname);
-  if (!wpgmname)
-    return 0;
-  wcmdline = utf8_to_wchar (cmdline);
-  if (!wcmdline)
-    {
-      xfree (wpgmname);
-      return 0;
-    }
-  res = CreateProcess (wpgmname,      /* Program to start.  */
-                       wcmdline,      /* Command line arguments.  */
-                       NULL,          /* Process security attributes.  */
-                       NULL,          /* Thread security attributes.  */
-                       FALSE,          /* Inherit handles.  */
-                       CREATE_SUSPENDED, /* Creation flags.  */
-                       NULL,          /* Environment.  */
-                       NULL,          /* Use current drive/directory.  */
-                       NULL,          /* Startup information. */
-                       pi);           /* Returns process information.  */
-  xfree (wcmdline);
-  xfree (wpgmname);
-  return res;
-}
-
-
-/* Fork and exec the PGMNAME, see exechelp.h for details.  */
-gpg_error_t
-gnupg_spawn_process (const char *pgmname, const char *argv[],
-                     gpg_err_source_t errsource,
-                     void (*preexec)(void), unsigned int flags,
-                     estream_t infp,
-                     estream_t *r_outfp,
-                     estream_t *r_errfp,
-                     pid_t *pid)
-{
-  gpg_error_t err;
-  PROCESS_INFORMATION pi = {NULL };
-  char *cmdline;
-  es_syshd_t syshd;
-  struct {
-    HANDLE hd;
-    int rvid;
-  } inpipe = {INVALID_HANDLE_VALUE, 0};
-  struct {
-    HANDLE hd;
-    int rvid;
-  } outpipe = {INVALID_HANDLE_VALUE, 0};
-  struct {
-    HANDLE hd;
-    int rvid;
-  } errpipe = {INVALID_HANDLE_VALUE, 0};
-  estream_t outfp = NULL;
-  estream_t errfp = NULL;
-
-  (void)preexec;
-  (void)flags;
-
-  /* Setup return values.  */
-  if (r_outfp)
-    *r_outfp = NULL;
-  if (r_errfp)
-    *r_errfp = NULL;
-  *pid = (pid_t)(-1); /* Always required.  */
-
-  log_debug ("%s: enter\n", __func__);
-  if (infp)
-    {
-      es_fflush (infp);
-      es_rewind (infp);
-
-      /* Create a pipe to copy our infile to the stdin of the child
-         process.  On success inpipe.hd is owned by the feeder.  */
-      inpipe.hd = _assuan_w32ce_prepare_pipe (&inpipe.rvid, 1);
-      if (inpipe.hd == INVALID_HANDLE_VALUE)
-        {
-          log_error ("_assuan_w32ce_prepare_pipe failed: %s\n",
-                     w32_strerror (-1));
-          gpg_err_set_errno (EIO);
-          return gpg_error_from_syserror ();
-        }
-      log_debug ("%s: inpipe %p created; hd=%p rvid=%d\n", __func__,
-                 infp, inpipe.hd, inpipe.rvid);
-      err = start_feeder (infp, inpipe.hd, 1);
-      if (err)
-        {
-          log_error ("error spawning feeder: %s\n", gpg_strerror (err));
-          CloseHandle (inpipe.hd);
-          return err;
-        }
-      inpipe.hd = INVALID_HANDLE_VALUE; /* Now owned by the feeder.  */
-      log_debug ("%s: inpipe %p created; feeder started\n", __func__,
-                 infp);
-    }
-
-  if (r_outfp)
-    {
-      /* Create a pipe to make the stdout of the child process
-         available as a stream.  */
-      outpipe.hd = _assuan_w32ce_prepare_pipe (&outpipe.rvid, 0);
-      if (outpipe.hd == INVALID_HANDLE_VALUE)
-        {
-          log_error ("_assuan_w32ce_prepare_pipe failed: %s\n",
-                     w32_strerror (-1));
-          gpg_err_set_errno (EIO);
-          /* Fixme release other stuff/kill feeder.  */
-          return gpg_error_from_syserror ();
-        }
-      syshd.type = ES_SYSHD_HANDLE;
-      syshd.u.handle = outpipe.hd;
-      err = 0;
-      outfp = es_sysopen (&syshd, "r");
-      if (!outfp)
-        {
-          err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
-          log_error ("error opening pipe stream: %s\n", gpg_strerror (err));
-          CloseHandle (outpipe.hd);
-          return err;
-        }
-      log_debug ("%s: outpipe %p created; hd=%p rvid=%d\n", __func__,
-                 outfp, outpipe.hd, outpipe.rvid);
-      outpipe.hd = INVALID_HANDLE_VALUE; /* Now owned by the OUTFP.  */
-    }
-
-  if (r_errfp)
-    {
-      /* Create a pipe to make the stderr of the child process
-         available as a stream.  */
-      errpipe.hd = _assuan_w32ce_prepare_pipe (&errpipe.rvid, 0);
-      if (errpipe.hd == INVALID_HANDLE_VALUE)
-        {
-          log_error ("_assuan_w32ce_prepare_pipe failed: %s\n",
-                     w32_strerror (-1));
-          gpg_err_set_errno (EIO);
-          /* Fixme release other stuff/kill feeder.  */
-          return gpg_error_from_syserror ();
-        }
-      syshd.type = ES_SYSHD_HANDLE;
-      syshd.u.handle = errpipe.hd;
-      err = 0;
-      errfp = es_sysopen (&syshd, "r");
-      if (!errfp)
-        {
-          err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
-          log_error ("error opening pipe stream: %s\n", gpg_strerror (err));
-          CloseHandle (errpipe.hd);
-          return err;
-        }
-      log_debug ("%s: errpipe %p created; hd=%p rvid=%d\n", __func__,
-                 errfp, errpipe.hd, errpipe.rvid);
-      errpipe.hd = INVALID_HANDLE_VALUE; /* Now owned by the ERRFP.  */
-    }
-
-
-
-  /* Build the command line.  */
-  err = build_w32_commandline (argv, inpipe.rvid, outpipe.rvid, errpipe.rvid,
-                               &cmdline);
-  if (err)
-    {
-      /* Fixme release other stuff/kill feeder.  */
-      CloseHandle (errpipe.hd);
-      return err;
-    }
-
-  log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline);
-  if (!create_process (pgmname, cmdline, &pi))
-    {
-      log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
-      xfree (cmdline);
-      /* Fixme release other stuff/kill feeder.  */
-      CloseHandle (errpipe.hd);
-      return gpg_error (GPG_ERR_GENERAL);
-    }
-  xfree (cmdline);
-  cmdline = NULL;
-
-  /* Note: The other end of the pipe is a rendezvous id and thus there
-     is no need for a close.  */
-
-  log_debug ("CreateProcess ready: hProcess=%p hThread=%p"
-             " dwProcessID=%d dwThreadId=%d\n",
-             pi.hProcess, pi.hThread,
-             (int) pi.dwProcessId, (int) pi.dwThreadId);
-
-
-  /* Process has been created suspended; resume it now. */
-  ResumeThread (pi.hThread);
-  CloseHandle (pi.hThread);
-
-  if (r_outfp)
-    *r_outfp = outfp;
-  if (r_errfp)
-    *r_errfp = errfp;
-  *pid = handle_to_pid (pi.hProcess);
-  return 0;
-}
-
-
-
-/* Simplified version of gnupg_spawn_process.  This function forks and
-   then execs PGMNAME, while connecting INFD to stdin, OUTFD to stdout
-   and ERRFD to stderr (any of them may be -1 to connect them to
-   /dev/null).  The arguments for the process are expected in the NULL
-   terminated array ARGV.  The program name itself should not be
-   included there.  Calling gnupg_wait_process is required.
-
-   Returns 0 on success or an error code. */
-gpg_error_t
-gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
-                        int infd, int outfd, int errfd, pid_t *pid)
-{
-  gpg_error_t err;
-  PROCESS_INFORMATION pi = {NULL};
-  char *cmdline;
-
-  /* Setup return values.  */
-  *pid = (pid_t)(-1);
-
-  if (infd != -1 || outfd != -1 || errfd != -1)
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-
-  /* Build the command line.  */
-  err = build_w32_commandline (argv, 0, 0, 0, &cmdline);
-  if (err)
-    return err;
-
-  log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline);
-  if (!create_process (pgmname, cmdline, &pi))
-    {
-      log_error ("CreateProcess(fd) failed: %s\n", w32_strerror (-1));
-      xfree (cmdline);
-      return gpg_error (GPG_ERR_GENERAL);
-    }
-  xfree (cmdline);
-  cmdline = NULL;
-
-  log_debug ("CreateProcess(fd) ready: hProcess=%p hThread=%p"
-             " dwProcessID=%d dwThreadId=%d\n",
-             pi.hProcess, pi.hThread,
-             (int) pi.dwProcessId, (int) pi.dwThreadId);
-
-  /* Process has been created suspended; resume it now. */
-  ResumeThread (pi.hThread);
-  CloseHandle (pi.hThread);
-
-  *pid = handle_to_pid (pi.hProcess);
-  return 0;
-}
-
-
-/* See exechelp.h for a description.  */
-gpg_error_t
-gnupg_wait_process (const char *pgmname, pid_t pid, int hang, int *exitcode)
-{
-  gpg_err_code_t ec;
-  HANDLE proc = fd_to_handle (pid);
-  int code;
-  DWORD exc;
-
-  if (exitcode)
-    *exitcode = -1;
-
-  if (pid == (pid_t)(-1))
-    return gpg_error (GPG_ERR_INV_VALUE);
-
-  /* FIXME: We should do a pth_waitpid here.  However this has not yet
-     been implemented.  A special W32 pth system call would even be
-     better.  */
-  code = WaitForSingleObject (proc, hang? INFINITE : 0);
-  switch (code)
-    {
-    case WAIT_TIMEOUT:
-      ec = GPG_ERR_TIMEOUT;
-      break;
-
-    case WAIT_FAILED:
-      log_error (_("waiting for process %d to terminate failed: %s\n"),
-                 (int)pid, w32_strerror (-1));
-      ec = GPG_ERR_GENERAL;
-      break;
-
-    case WAIT_OBJECT_0:
-      if (!GetExitCodeProcess (proc, &exc))
-        {
-          log_error (_("error getting exit code of process %d: %s\n"),
-                     (int)pid, w32_strerror (-1) );
-          ec = GPG_ERR_GENERAL;
-          }
-      else if (exc)
-        {
-          log_error (_("error running '%s': exit status %d\n"),
-                       pgmname, (int)exc );
-          if (exitcode)
-            *exitcode = (int)exc;
-          ec = GPG_ERR_GENERAL;
-        }
-      else
-        {
-          if (exitcode)
-            *exitcode = 0;
-          ec = 0;
-        }
-      break;
-
-    default:
-      log_error ("WaitForSingleObject returned unexpected "
-                 "code %d for pid %d\n", code, (int)pid );
-      ec = GPG_ERR_GENERAL;
-      break;
-    }
-
-  return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
-}
-
-
-void
-gnupg_release_process (pid_t pid)
-{
-  if (pid != (pid_t)INVALID_HANDLE_VALUE)
-    {
-      HANDLE process = (HANDLE)pid;
-
-      CloseHandle (process);
-    }
-}
-
-
-/* Spawn a new process and immediatley detach from it.  The name of
-   the program to exec is PGMNAME and its arguments are in ARGV (the
-   programname is automatically passed as first argument).
-   Environment strings in ENVP are set.  An error is returned if
-   pgmname is not executable; to make this work it is necessary to
-   provide an absolute file name.  All standard file descriptors are
-   connected to /dev/null. */
-gpg_error_t
-gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
-                              const char *envp[] )
-{
-  gpg_error_t err;
-  char *cmdline;
-  PROCESS_INFORMATION pi = {NULL };
-
-  (void)envp;
-
-  /* Build the command line.  */
-  err = build_w32_commandline (argv, 0, 0, 0, &cmdline);
-  if (err)
-    return err;
-
-  /* Note: There is no detached flag under CE.  */
-  log_debug ("CreateProcess, path='%s' cmdline='%s'\n", pgmname, cmdline);
-  if (!create_process (pgmname, cmdline, &pi))
-    {
-      log_error ("CreateProcess(detached) failed: %s\n", w32_strerror (-1));
-      xfree (cmdline);
-      return gpg_error (GPG_ERR_GENERAL);
-    }
-  xfree (cmdline);
-  cmdline = NULL;
-
-  log_debug ("CreateProcess(detached) ready: hProcess=%p hThread=%p"
-             " dwProcessID=%d dwThreadId=%d\n",
-             pi.hProcess, pi.hThread,
-             (int) pi.dwProcessId, (int) pi.dwThreadId);
-
-  /* Process has been created suspended; resume it now. */
-  ResumeThread (pi.hThread);
-  CloseHandle (pi.hThread);
-
-  return 0;
-}
-
-
-/* Kill a process; that is send an appropriate signal to the process.
-   gnupg_wait_process must be called to actually remove the process
-   from the system.  An invalid PID is ignored.  */
-void
-gnupg_kill_process (pid_t pid)
-{
-  if (pid != (pid_t) INVALID_HANDLE_VALUE)
-    {
-      HANDLE process = (HANDLE) pid;
-
-      /* Arbitrary error code.  */
-      TerminateProcess (process, 1);
-    }
-}
diff -Nru gnupg2-2.1.6/common/exstatus.awk gnupg2-2.0.28/common/exstatus.awk
--- gnupg2-2.1.6/common/exstatus.awk	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/exstatus.awk	2015-06-02 08:13:55.000000000 +0000
@@ -26,7 +26,7 @@
 topheader == 1             { print $0 }
 topheader == 1 && /\*\//   { topheader = 2; print "" }
 
-/^[ \t]+STATUS_[A-Za-z_]+/  {
+/^[ \t]+STATUS_[A-Za-z_]+/  { 
   sub (/[,\/\*]+/, "", $1);
   desc = substr($1,8);
   printf "%d\t%s\t%s\n", code, $1, desc;
@@ -37,3 +37,4 @@
 END {
   print "# end of status codes."
 }
+
diff -Nru gnupg2-2.1.6/common/gc-opt-flags.h gnupg2-2.0.28/common/gc-opt-flags.h
--- gnupg2-2.1.6/common/gc-opt-flags.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/gc-opt-flags.h	2015-06-02 08:13:55.000000000 +0000
@@ -4,7 +4,7 @@
  * This file is free software; as a special exception the author gives
  * unlimited permission to copy and/or distribute it, with or without
  * modifications, as long as this notice is preserved.
- *
+ * 
  * This file is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY, to the extent permitted by law; without even
  * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
@@ -36,11 +36,5 @@
    a default, which is described by the value of the ARGDEF field.  */
 #define GC_OPT_FLAG_NO_ARG_DESC	(1UL << 6)
 
-/* The NO_CHANGE flag for an option indicates that the user should not
-   be allowed to change this option using the standard gpgconf method.
-   Frontends using gpgconf should grey out such options, so that only
-   the current value is displayed.  */
-#define GC_OPT_FLAG_NO_CHANGE   (1UL <<7)
-
 
 #endif /*GNUPG_GC_OPT_FLAGS_H*/
diff -Nru gnupg2-2.1.6/common/get-passphrase.c gnupg2-2.0.28/common/get-passphrase.c
--- gnupg2-2.1.6/common/get-passphrase.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/get-passphrase.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -89,7 +79,7 @@
      pth.  We will need a context for each thread or serialize the
      access to the agent.  */
   if (agent_ctx)
-    return 0;
+    return 0; 
 
   err = start_new_gpg_agent (&agent_ctx,
                              agentargs.errsource,
@@ -98,7 +88,7 @@
                              agentargs.lc_ctype,
                              agentargs.lc_messages,
                              agentargs.session_env,
-                             1, agentargs.verbosity, 0, NULL, NULL);
+                             agentargs.verbosity, 0, NULL, NULL);
   if (!err)
     {
       /* Tell the agent that we support Pinentry notifications.  No
@@ -124,7 +114,7 @@
       /* We do not return errors to avoid breaking other code.  */
     }
   else
-    log_debug ("ignoring gpg-agent inquiry '%s'\n", line);
+    log_debug ("ignoring gpg-agent inquiry `%s'\n", line);
 
   return 0;
 }
@@ -139,7 +129,7 @@
     put_membuf (data, buffer, length);
   return 0;
 }
-
+  
 
 /* Ask for a passphrase via gpg-agent.  On success the caller needs to
    free the string stored at R_PASSPHRASE.  On error NULL will be
@@ -168,8 +158,8 @@
   gpg_error_t err;
   char line[ASSUAN_LINELENGTH];
   const char *arg1 = NULL;
-  char *arg2 = NULL;
-  char *arg3 = NULL;
+  char *arg2 = NULL;  
+  char *arg3 = NULL; 
   char *arg4 = NULL;
   membuf_t data;
 
@@ -180,7 +170,7 @@
     return err;
 
   /* Check that the gpg-agent understands the repeat option.  */
-  if (assuan_transact (agent_ctx,
+  if (assuan_transact (agent_ctx, 
                        "GETINFO cmd_has_option GET_PASSPHRASE repeat",
                        NULL, NULL, NULL, NULL, NULL, NULL))
     return gpg_error (GPG_ERR_NOT_SUPPORTED);
@@ -196,10 +186,10 @@
     if (!(arg4 = percent_plus_escape (desc_msg)))
       goto no_mem;
 
-  snprintf (line, DIM(line)-1,
-            "GET_PASSPHRASE --data %s--repeat=%d -- %s %s %s %s",
+  snprintf (line, DIM(line)-1, 
+            "GET_PASSPHRASE --data %s--repeat=%d -- %s %s %s %s", 
             check_quality? "--check ":"",
-            repeat,
+            repeat, 
             arg1? arg1:"X",
             arg2? arg2:"X",
             arg3? arg3:"X",
@@ -213,10 +203,10 @@
     init_membuf_secure (&data, 64);
   else
     init_membuf (&data, 64);
-  err = assuan_transact (agent_ctx, line,
+  err = assuan_transact (agent_ctx, line, 
                          membuf_data_cb, &data,
                          default_inq_cb, NULL, NULL, NULL);
-
+  
   /* Older Pinentries return the old assuan error code for canceled
      which gets translated bt libassuan to GPG_ERR_ASS_CANCELED and
      not to the code for a user cancel.  Fix this here. */
@@ -234,7 +224,7 @@
         wipememory (p, n);
       xfree (p);
     }
-  else
+  else 
     {
       put_membuf (&data, "", 1);
       *r_passphrase = get_membuf (&data, NULL);
diff -Nru gnupg2-2.1.6/common/get-passphrase.h gnupg2-2.0.28/common/get-passphrase.h
--- gnupg2-2.1.6/common/get-passphrase.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/get-passphrase.h	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
diff -Nru gnupg2-2.1.6/common/gettime.c gnupg2-2.0.28/common/gettime.c
--- gnupg2-2.1.6/common/gettime.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/gettime.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,24 +1,14 @@
 /* gettime.c - Wrapper for time functions
- * Copyright (C) 1998, 2002, 2007, 2011 Free Software Foundation, Inc.
+ *	Copyright (C) 1998, 2002, 2007 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -37,15 +27,6 @@
 
 #include "util.h"
 #include "i18n.h"
-#include "gettime.h"
-
-#ifdef HAVE_UNSIGNED_TIME_T
-# define IS_INVALID_TIME_T(a) ((a) == (time_t)(-1))
-#else
-  /* Error or 32 bit time_t and value after 2038-01-19.  */
-# define IS_INVALID_TIME_T(a) ((a) < 0)
-#endif
-
 
 static unsigned long timewarp;
 static enum { NORMAL = 0, FROZEN, FUTURE, PAST } timemode;
@@ -56,8 +37,8 @@
 
 /* Wrapper for the time(3).  We use this here so we can fake the time
    for tests */
-time_t
-gnupg_get_time ()
+time_t 
+gnupg_get_time () 
 {
   time_t current = time (NULL);
   if (timemode == NORMAL)
@@ -71,49 +52,27 @@
 }
 
 
-/* Wrapper around gmtime_r.
-
-   On systems without gmtime_r this implementation works within gnupg
-   because we use only one thread a time.  FIXME: An independent
-   library may use gmtime in one of its own thread (or via
-   npth_enter/npth_leave) - in this case we run into a problem.  The
-   solution would be to use a mutex here.  */
-struct tm *
-gnupg_gmtime (const time_t *timep, struct tm *result)
-{
-#ifdef HAVE_GMTIME_R
-  return gmtime_r (timep, result);
-#else
-  struct tm *tp;
-
-  tp = gmtime (timep);
-  if (tp)
-    memcpy (result, tp, sizeof *result);
-  return tp;
-#endif
-}
-
-
 /* Return the current time (possibly faked) in ISO format. */
 void
 gnupg_get_isotime (gnupg_isotime_t timebuf)
 {
   time_t atime = gnupg_get_time ();
-
-  if (atime == (time_t)(-1))
+    
+  if (atime < 0)
     *timebuf = 0;
-  else
+  else 
     {
       struct tm *tp;
+#ifdef HAVE_GMTIME_R
       struct tm tmbuf;
-
-      tp = gnupg_gmtime (&atime, &tmbuf);
-      if (!tp)
-        *timebuf = 0;
-      else
-        snprintf (timebuf, 16, "%04d%02d%02dT%02d%02d%02d",
-                  1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday,
-                  tp->tm_hour, tp->tm_min, tp->tm_sec);
+      
+      tp = gmtime_r (&atime, &tmbuf);
+#else
+      tp = gmtime (&atime);
+#endif
+      snprintf (timebuf, 16, "%04d%02d%02dT%02d%02d%02d",
+                1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+                tp->tm_hour, tp->tm_min, tp->tm_sec);
     }
 }
 
@@ -160,7 +119,7 @@
 
 /* This function is used by gpg because OpenPGP defines the timestamp
    as an unsigned 32 bit value. */
-u32
+u32 
 make_timestamp (void)
 {
   time_t t = gnupg_get_time ();
@@ -211,166 +170,29 @@
     return stamp;
 }
 
-
-int
-isotime_p (const char *string)
+/* Scan am ISO timestamp and return an Epoch based timestamp.  The only
+   supported format is "yyyymmddThhmmss" delimited by white space, nul, a
+   colon or a comma.  Returns (time_t)(-1) for an invalid string.  */
+time_t
+isotime2epoch (const char *string)
 {
   const char *s;
+  int year, month, day, hour, minu, sec;
+  struct tm tmbuf;
   int i;
 
   if (!*string)
-    return 0;
+    return (time_t)(-1);
   for (s=string, i=0; i < 8; i++, s++)
     if (!digitp (s))
-      return 0;
+      return (time_t)(-1);
   if (*s != 'T')
-      return 0;
+      return (time_t)(-1);
   for (s++, i=9; i < 15; i++, s++)
     if (!digitp (s))
-      return 0;
+      return (time_t)(-1);
   if ( !(!*s || (isascii (*s) && isspace(*s)) || *s == ':' || *s == ','))
-    return 0;  /* Wrong delimiter.  */
-
-  return 1;
-}
-
-
-/* Scan a string and return true if the string represents the human
-   readable format of an ISO time.  This format is:
-      yyyy-mm-dd[ hh[:mm[:ss]]]
-   Scanning stops at the second space or at a comma.  If DATE_ONLY is
-   true the time part is not expected and the scanning stops at the
-   first space or at a comma. */
-int
-isotime_human_p (const char *string, int date_only)
-{
-  const char *s;
-  int i;
-
-  if (!*string)
-    return 0;
-  for (s=string, i=0; i < 4; i++, s++)
-    if (!digitp (s))
-      return 0;
-  if (*s != '-')
-    return 0;
-  s++;
-  if (!digitp (s) || !digitp (s+1) || s[2] != '-')
-    return 0;
-  i = atoi_2 (s);
-  if (i < 1 || i > 12)
-    return 0;
-  s += 3;
-  if (!digitp (s) || !digitp (s+1))
-    return 0;
-  i = atoi_2 (s);
-  if (i < 1 || i > 31)
-    return 0;
-  s += 2;
-  if (!*s || *s == ',')
-    return 1; /* Okay; only date given.  */
-  if (!spacep (s))
-    return 0;
-  if (date_only)
-    return 1; /* Okay; only date was requested.  */
-  s++;
-  if (spacep (s))
-    return 1; /* Okay, second space stops scanning.  */
-  if (!digitp (s) || !digitp (s+1))
-    return 0;
-  i = atoi_2 (s);
-  if (i < 0 || i > 23)
-    return 0;
-  s += 2;
-  if (!*s || *s == ',')
-    return 1; /* Okay; only date and hour given.  */
-  if (*s != ':')
-    return 0;
-  s++;
-  if (!digitp (s) || !digitp (s+1))
-    return 0;
-  i = atoi_2 (s);
-  if (i < 0 || i > 59)
-    return 0;
-  s += 2;
-  if (!*s || *s == ',')
-    return 1; /* Okay; only date, hour and minute given.  */
-  if (*s != ':')
-    return 0;
-  s++;
-  if (!digitp (s) || !digitp (s+1))
-    return 0;
-  i = atoi_2 (s);
-  if (i < 0 || i > 60)
-    return 0;
-  s += 2;
-  if (!*s || *s == ',' || spacep (s))
-    return 1; /* Okay; date, hour and minute and second given.  */
-
-  return 0; /* Unexpected delimiter.  */
-}
-
-/* Convert a standard isotime or a human readable variant into an
-   isotime structure.  The allowed formats are those described by
-   isotime_p and isotime_human_p.  The function returns 0 on failure
-   or the length of the scanned string on success.  */
-size_t
-string2isotime (gnupg_isotime_t atime, const char *string)
-{
-  gnupg_isotime_t dummyatime;
-
-  if (!atime)
-    atime = dummyatime;
-
-  atime[0] = 0;
-  if (isotime_p (string))
-    {
-      memcpy (atime, string, 15);
-      atime[15] = 0;
-      return 15;
-    }
-  if (!isotime_human_p (string, 0))
-    return 0;
-  atime[0] = string[0];
-  atime[1] = string[1];
-  atime[2] = string[2];
-  atime[3] = string[3];
-  atime[4] = string[5];
-  atime[5] = string[6];
-  atime[6] = string[8];
-  atime[7] = string[9];
-  atime[8] = 'T';
-  memset (atime+9, '0', 6);
-  atime[15] = 0;
-  if (!spacep (string+10))
-    return 10;
-  if (spacep (string+11))
-    return 11; /* As per def, second space stops scanning.  */
-  atime[9] = string[11];
-  atime[10] = string[12];
-  if (string[13] != ':')
-    return 13;
-  atime[11] = string[14];
-  atime[12] = string[15];
-  if (string[16] != ':')
-    return 16;
-  atime[13] = string[17];
-  atime[14] = string[18];
-  return 19;
-}
-
-
-/* Scan an ISO timestamp and return an Epoch based timestamp.  The only
-   supported format is "yyyymmddThhmmss" delimited by white space, nul, a
-   colon or a comma.  Returns (time_t)(-1) for an invalid string.  */
-time_t
-isotime2epoch (const char *string)
-{
-  int year, month, day, hour, minu, sec;
-  struct tm tmbuf;
-
-  if (!isotime_p (string))
-    return (time_t)(-1);
+    return (time_t)(-1);  /* Wrong delimiter.  */
 
   year  = atoi_4 (string);
   month = atoi_2 (string + 4);
@@ -400,14 +222,14 @@
 void
 epoch2isotime (gnupg_isotime_t timebuf, time_t atime)
 {
-  if (atime == (time_t)(-1))
+  if (atime < 0)
     *timebuf = 0;
-  else
+  else 
     {
       struct tm *tp;
 #ifdef HAVE_GMTIME_R
       struct tm tmbuf;
-
+      
       tp = gmtime_r (&atime, &tmbuf);
 #else
       tp = gmtime (&atime);
@@ -419,138 +241,6 @@
 }
 
 
-/* Parse a short ISO date string (YYYY-MM-DD) into a TM structure.
-   Returns 0 on success.  */
-int
-isodate_human_to_tm (const char *string, struct tm *t)
-{
-  int year, month, day;
-
-  if (!isotime_human_p (string, 1))
-    return -1;
-
-  year  = atoi_4 (string);
-  month = atoi_2 (string + 5);
-  day   = atoi_2 (string + 8);
-
-  /* Basic checks.  */
-  if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31)
-    return -1;
-
-  memset (t, 0, sizeof *t);
-  t->tm_sec  = 0;
-  t->tm_min  = 0;
-  t->tm_hour = 0;
-  t->tm_mday = day;
-  t->tm_mon  = month-1;
-  t->tm_year = year - 1900;
-  t->tm_isdst = -1;
-  return 0;
-}
-
-
-/* This function is a copy of gpgme/src/conversion.c:_gpgme_timegm.
-   If you change it, then update the other one too.  */
-#ifdef HAVE_W32_SYSTEM
-static time_t
-_win32_timegm (struct tm *tm)
-{
-  /* This one is thread safe.  */
-  SYSTEMTIME st;
-  FILETIME ft;
-  unsigned long long cnsecs;
-
-  st.wYear   = tm->tm_year + 1900;
-  st.wMonth  = tm->tm_mon  + 1;
-  st.wDay    = tm->tm_mday;
-  st.wHour   = tm->tm_hour;
-  st.wMinute = tm->tm_min;
-  st.wSecond = tm->tm_sec;
-  st.wMilliseconds = 0; /* Not available.  */
-  st.wDayOfWeek = 0;    /* Ignored.  */
-
-  /* System time is UTC thus the conversion is pretty easy.  */
-  if (!SystemTimeToFileTime (&st, &ft))
-    {
-      gpg_err_set_errno (EINVAL);
-      return (time_t)(-1);
-    }
-
-  cnsecs = (((unsigned long long)ft.dwHighDateTime << 32)
-	    | ft.dwLowDateTime);
-  cnsecs -= 116444736000000000ULL; /* The filetime epoch is 1601-01-01.  */
-  return (time_t)(cnsecs / 10000000ULL);
-}
-#endif
-
-
-/* Parse the string TIMESTAMP into a time_t.  The string may either be
-   seconds since Epoch or in the ISO 8601 format like
-   "20390815T143012".  Returns 0 for an empty string or seconds since
-   Epoch. Leading spaces are skipped. If ENDP is not NULL, it will
-   point to the next non-parsed character in TIMESTRING.
-
-   This function is a copy of
-   gpgme/src/conversion.c:_gpgme_parse_timestamp.  If you change it,
-   then update the other one too.  */
-time_t
-parse_timestamp (const char *timestamp, char **endp)
-{
-  /* Need to skip leading spaces, because that is what strtoul does
-     but not our ISO 8601 checking code. */
-  while (*timestamp && *timestamp== ' ')
-    timestamp++;
-  if (!*timestamp)
-    return 0;
-
-  if (strlen (timestamp) >= 15 && timestamp[8] == 'T')
-    {
-      struct tm buf;
-      int year;
-
-      year = atoi_4 (timestamp);
-      if (year < 1900)
-        return (time_t)(-1);
-
-      if (endp)
-        *endp = (char*)(timestamp + 15);
-
-      /* Fixme: We would better use a configure test to see whether
-         mktime can handle dates beyond 2038. */
-      if (sizeof (time_t) <= 4 && year >= 2038)
-        return (time_t)2145914603; /* 2037-12-31 23:23:23 */
-
-      memset (&buf, 0, sizeof buf);
-      buf.tm_year = year - 1900;
-      buf.tm_mon = atoi_2 (timestamp+4) - 1;
-      buf.tm_mday = atoi_2 (timestamp+6);
-      buf.tm_hour = atoi_2 (timestamp+9);
-      buf.tm_min = atoi_2 (timestamp+11);
-      buf.tm_sec = atoi_2 (timestamp+13);
-
-#ifdef HAVE_W32_SYSTEM
-      return _win32_timegm (&buf);
-#else
-#ifdef HAVE_TIMEGM
-      return timegm (&buf);
-#else
-      {
-        time_t tim;
-
-        putenv ("TZ=UTC");
-        tim = mktime (&buf);
-#ifdef __GNUC__
-#warning fixme: we must somehow reset TZ here.  It is not threadsafe anyway.
-#endif
-        return tim;
-      }
-#endif /* !HAVE_TIMEGM */
-#endif /* !HAVE_W32_SYSTEM */
-    }
-  else
-    return (time_t)strtoul (timestamp, endp, 10);
-}
-
 
 
 u32
@@ -588,66 +278,25 @@
 }
 
 
-
-/* Return a malloced string with the time elapsed between NOW and
-   SINCE.  May return NULL on error. */
-char *
-elapsed_time_string (time_t since, time_t now)
-{
-  char *result;
-  double diff;
-  unsigned long value;
-  unsigned int days, hours, minutes, seconds;
-
-  if (!now)
-    now = gnupg_get_time ();
-
-  diff = difftime (now, since);
-  if (diff < 0)
-    return xtrystrdup ("time-warp");
-
-  seconds = (unsigned long)diff % 60;
-  value = (unsigned long)(diff / 60);
-  minutes = value % 60;
-  value /= 60;
-  hours = value % 24;
-  value /= 24;
-  days = value % 365;
-
-  if (days)
-    result = xtryasprintf ("%ud%uh%um%us", days, hours, minutes, seconds);
-  else if (hours)
-    result = xtryasprintf ("%uh%um%us", hours, minutes, seconds);
-  else if (minutes)
-    result = xtryasprintf ("%um%us", minutes, seconds);
-  else
-    result = xtryasprintf ("%us", seconds);
-
-  return result;
-}
-
-
 /*
  * Note: this function returns GMT
  */
 const char *
-strtimestamp (u32 stamp)
+strtimestamp( u32 stamp )
 {
-  static char buffer[11+5];
-  struct tm *tp;
-  time_t atime = stamp;
-
-  if (IS_INVALID_TIME_T (atime))
-    {
-      strcpy (buffer, "????" "-??" "-??");
-    }
-  else
-    {
-      tp = gmtime( &atime );
-      snprintf (buffer, sizeof buffer, "%04d-%02d-%02d",
+    static char buffer[11+5];
+    struct tm *tp;
+    time_t atime = stamp;
+    
+    if (atime < 0) {
+        strcpy (buffer, "????" "-??" "-??");
+    }
+    else {
+        tp = gmtime( &atime );
+        sprintf(buffer,"%04d-%02d-%02d",
                 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
     }
-  return buffer;
+    return buffer;
 }
 
 
@@ -660,17 +309,17 @@
   static char buffer[25+5];
   struct tm *tp;
   time_t atime = stamp;
-
-  if (IS_INVALID_TIME_T (atime))
+  
+  if (atime < 0)
     {
       strcpy (buffer, "????" "-??" "-??" " " "??" ":" "??" ":" "??");
     }
   else
     {
       tp = gmtime ( &atime );
-      snprintf (buffer, sizeof buffer, "%04d-%02d-%02d %02d:%02d:%02d",
-                1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
-                tp->tm_hour, tp->tm_min, tp->tm_sec);
+      sprintf (buffer,"%04d-%02d-%02d %02d:%02d:%02d",
+               1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+               tp->tm_hour, tp->tm_min, tp->tm_sec);
     }
   return buffer;
 }
@@ -680,46 +329,41 @@
  * Note: this function returns local time
  */
 const char *
-asctimestamp (u32 stamp)
+asctimestamp( u32 stamp )
 {
-  static char buffer[50];
+    static char buffer[50];
 #if defined (HAVE_STRFTIME) && defined (HAVE_NL_LANGINFO)
-  static char fmt[50];
+      static char fmt[50];
 #endif
-  struct tm *tp;
-  time_t atime = stamp;
+    struct tm *tp;
+    time_t atime = stamp;
 
-  if (IS_INVALID_TIME_T (atime))
-    {
-      strcpy (buffer, "????" "-??" "-??");
-      return buffer;
+    if (atime < 0) {
+        strcpy (buffer, "????" "-??" "-??");
+        return buffer;
     }
 
-  tp = localtime( &atime );
+    tp = localtime( &atime );
 #ifdef HAVE_STRFTIME
-# if defined(HAVE_NL_LANGINFO)
-  mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt)-3 );
-  if (!strstr( fmt, "%Z" ))
-    strcat( fmt, " %Z");
-  /* NOTE: gcc -Wformat-noliteral will complain here.  I have found no
-     way to suppress this warning.  */
-  strftime (buffer, DIM(buffer)-1, fmt, tp);
-# elif defined(HAVE_W32CE_SYSTEM)
-  /* tzset is not available but %Z nevertheless prints a default
-     nonsense timezone ("WILDABBR").  Thus we don't print the time
-     zone at all.  */
-  strftime (buffer, DIM(buffer)-1, "%c", tp);
-# else
-   /* FIXME: we should check whether the locale appends a " %Z" These
-    * locales from glibc don't put the " %Z": fi_FI hr_HR ja_JP lt_LT
-    * lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN.  */
-  strftime (buffer, DIM(buffer)-1, "%c %Z", tp);
-# endif
-  buffer[DIM(buffer)-1] = 0;
+#if defined(HAVE_NL_LANGINFO)
+      mem2str( fmt, nl_langinfo(D_T_FMT), DIM(fmt)-3 );
+      if( strstr( fmt, "%Z" ) == NULL )
+	strcat( fmt, " %Z");
+      /* NOTE: gcc -Wformat-noliteral will complain here.  I have
+         found no way to suppress this warning .*/
+      strftime (buffer, DIM(buffer)-1, fmt, tp);
 #else
-  mem2str( buffer, asctime(tp), DIM(buffer) );
+      /* FIXME: we should check whether the locale appends a " %Z"
+       * These locales from glibc don't put the " %Z":
+       * fi_FI hr_HR ja_JP lt_LT lv_LV POSIX ru_RU ru_SU sv_FI sv_SE zh_CN
+       */
+      strftime( buffer, DIM(buffer)-1, "%c %Z", tp );
 #endif
-  return buffer;
+    buffer[DIM(buffer)-1] = 0;
+#else
+    mem2str( buffer, asctime(tp), DIM(buffer) );
+#endif
+    return buffer;
 }
 
 
@@ -740,7 +384,7 @@
 days_per_month (int y, int m)
 {
   int s;
-
+    
   switch(m)
     {
     case 1: case 3: case 5: case 7: case 8: case 10: case 12:
@@ -800,19 +444,19 @@
   m = (delta / 31) + 1;
   while( (delta = jd - date2jd (y, m, d)) > days_per_month (y,m))
     if (++m > 12)
-      {
+      { 
         m = 1;
         y++;
       }
 
   d = delta + 1 ;
   if (d > days_per_month (y, m))
-    {
+    { 
       d = 1;
       m++;
     }
   if (m > 12)
-    {
+    { 
       m = 1;
       y++;
     }
@@ -839,7 +483,7 @@
 
   if (!*atime)
     return gpg_error (GPG_ERR_NO_VALUE);
-
+  
   for (s=atime, i=0; i < 8; i++, s++)
     if (!digitp (s))
       return gpg_error (GPG_ERR_INV_TIME);
@@ -852,35 +496,17 @@
 }
 
 
-/* Dump the ISO time T to the log stream without a LF.  */
 void
 dump_isotime (const gnupg_isotime_t t)
 {
   if (!t || !*t)
-    log_printf ("%s", _("[none]"));
+    log_printf (_("[none]"));
   else
     log_printf ("%.4s-%.2s-%.2s %.2s:%.2s:%s",
                 t, t+4, t+6, t+9, t+11, t+13);
 }
 
 
-/* Copy one ISO date to another, this is inline so that we can do a
-   minimal sanity check.  A null date (empty string) is allowed.  */
-void
-gnupg_copy_time (gnupg_isotime_t d, const gnupg_isotime_t s)
-{
-  if (*s)
-    {
-      if ((strlen (s) != 15 || s[8] != 'T'))
-        BUG();
-      memcpy (d, s, 15);
-      d[15] = 0;
-    }
-  else
-    *d = 0;
-}
-
-
 /* Add SECONDS to ATIME.  SECONDS may not be negative and is limited
    to about the equivalent of 62 years which should be more then
    enough for our purposes. */
@@ -906,7 +532,7 @@
   sec   = atoi_2 (atime+13);
 
   if (year <= 1582) /* The julian date functions don't support this. */
-    return gpg_error (GPG_ERR_INV_VALUE);
+    return gpg_error (GPG_ERR_INV_VALUE); 
 
   sec    += nseconds;
   minute += sec/60;
@@ -915,14 +541,14 @@
   minute %= 60;
   ndays  = hour/24;
   hour   %= 24;
-
+  
   jd = date2jd (year, month, day) + ndays;
   jd2date (jd, &year, &month, &day);
 
   if (year > 9999 || month > 12 || day > 31
       || year < 0 || month < 1 || day < 1)
-    return gpg_error (GPG_ERR_INV_VALUE);
-
+    return gpg_error (GPG_ERR_INV_VALUE); 
+    
   snprintf (atime, 16, "%04d%02d%02dT%02d%02d%02d",
             year, month, day, hour, minute, sec);
   return 0;
@@ -951,15 +577,15 @@
   sec   = atoi_2 (atime+13);
 
   if (year <= 1582) /* The julian date functions don't support this. */
-    return gpg_error (GPG_ERR_INV_VALUE);
+    return gpg_error (GPG_ERR_INV_VALUE); 
 
   jd = date2jd (year, month, day) + ndays;
   jd2date (jd, &year, &month, &day);
 
   if (year > 9999 || month > 12 || day > 31
       || year < 0 || month < 1 || day < 1)
-    return gpg_error (GPG_ERR_INV_VALUE);
-
+    return gpg_error (GPG_ERR_INV_VALUE); 
+    
   snprintf (atime, 16, "%04d%02d%02dT%02d%02d%02d",
             year, month, day, hour, minute, sec);
   return 0;
diff -Nru gnupg2-2.1.6/common/gettime.h gnupg2-2.0.28/common/gettime.h
--- gnupg2-2.1.6/common/gettime.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/gettime.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,59 +0,0 @@
-/* gettime.h - Wrapper for time functions
- * Copyright (C) 2010, 2012 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef GNUPG_COMMON_GETTIME_H
-#define GNUPG_COMMON_GETTIME_H
-
-#include       /* We need time_t. */
-#include  /* We need gpg_error_t. */
-
-
-/* A type to hold the ISO time.  Note that this is the same as
-   the KSBA type ksba_isotime_t. */
-typedef char gnupg_isotime_t[16];
-
-time_t gnupg_get_time (void);
-struct tm *gnupg_gmtime (const time_t *timep, struct tm *result);
-void   gnupg_get_isotime (gnupg_isotime_t timebuf);
-void   gnupg_set_time (time_t newtime, int freeze);
-int    gnupg_faked_time_p (void);
-u32    make_timestamp (void);
-char *elapsed_time_string (time_t since, time_t now);
-
-u32    scan_isodatestr (const char *string);
-int    isotime_p (const char *string);
-int    isotime_human_p (const char *string, int date_only);
-size_t string2isotime (gnupg_isotime_t atime, const char *string);
-time_t isotime2epoch (const char *string);
-void   epoch2isotime (gnupg_isotime_t timebuf, time_t atime);
-int    isodate_human_to_tm (const char *string, struct tm *t);
-time_t parse_timestamp (const char *timestamp, char **endp);
-u32    add_days_to_timestamp (u32 stamp, u16 days);
-const char *strtimevalue (u32 stamp);
-const char *strtimestamp (u32 stamp); /* GMT */
-const char *isotimestamp (u32 stamp); /* GMT */
-const char *asctimestamp (u32 stamp); /* localized */
-gpg_error_t add_seconds_to_isotime (gnupg_isotime_t atime, int nseconds);
-gpg_error_t add_days_to_isotime (gnupg_isotime_t atime, int ndays);
-gpg_error_t check_isotime (const gnupg_isotime_t atime);
-void dump_isotime (const gnupg_isotime_t atime);
-void gnupg_copy_time (gnupg_isotime_t d, const gnupg_isotime_t s);
-
-
-#endif /*GNUPG_COMMON_GETTIME_H*/
diff -Nru gnupg2-2.1.6/common/gpgrlhelp.c gnupg2-2.0.28/common/gpgrlhelp.c
--- gnupg2-2.1.6/common/gpgrlhelp.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/gpgrlhelp.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -92,6 +82,10 @@
                             cleanup_after_signal,
                             readline,
                             add_history);
-  rl_readline_name = GNUPG_NAME;
+  rl_readline_name = "GnuPG";
 #endif
 }
+
+
+
+
diff -Nru gnupg2-2.1.6/common/helpfile.c gnupg2-2.0.28/common/helpfile.c
--- gnupg2-2.1.6/common/helpfile.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/helpfile.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -54,7 +44,7 @@
       if (errno != ENOENT)
         {
           err = gpg_error_from_syserror ();
-          log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
+          log_error (_("can't open `%s': %s\n"), fname, gpg_strerror (err));
         }
       return NULL;
     }
@@ -62,7 +52,7 @@
   while (fgets (line, DIM(line)-1, fp))
     {
       lnr++;
-
+      
       if (!*line || line[strlen(line)-1] != '\n')
         {
           /* Eat until end of line. */
@@ -70,12 +60,12 @@
             ;
           err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG
                            : GPG_ERR_INCOMPLETE_LINE);
-          log_error (_("file '%s', line %d: %s\n"),
+          log_error (_("file `%s', line %d: %s\n"),
                      fname, lnr, gpg_strerror (err));
         }
       else
         line[strlen(line)-1] = 0; /* Chop the LF. */
-
+      
     again:
       if (!in_item)
         {
@@ -86,7 +76,7 @@
             continue;
           if (*line != '.' || spacep(line+1))
             {
-              log_info (_("file '%s', line %d: %s\n"),
+              log_info (_("file `%s', line %d: %s\n"),
                         fname, lnr, _("ignoring garbage line"));
               continue;
             }
@@ -106,7 +96,7 @@
       if (*line == '#')
         continue;
       if (*line == '.')
-        {
+        { 
           if (spacep(line+1))
             p = line + 2;
           else
@@ -133,10 +123,10 @@
   if ( !err && ferror (fp) )
     {
       err = gpg_error_from_syserror ();
-      log_error (_("error reading '%s', line %d: %s\n"),
+      log_error (_("error reading `%s', line %d: %s\n"),
                  fname, lnr, gpg_strerror (err));
     }
-
+  
   fclose (fp);
   if (is_membuf_ready (&mb))
     {
@@ -192,7 +182,7 @@
       else
         result = NULL;
     }
-
+  
   if (!result && (!only_current_locale || !*locname) )
     {
       /* Last try: Search in file without any locale info.  ("help.txt") */
@@ -214,18 +204,18 @@
      /etc/gnupg/help.txt
      /usr/share/gnupg/help.LL.txt
      /usr/share/gnupg/help.txt
-
+     
    Here LL denotes the two digit language code of the current locale.
    If ONLY_CURRENT_LOCALE is set, the fucntion won;t fallback to the
    english valiant ("help.txt") unless that locale has been requested.
-
+   
    The help file needs to be encoded in UTF-8, lines with a '#' in the
    first column are comment lines and entirely ignored.  Help keys are
    identified by a key consisting of a single word with a single dot
    as the first character.  All key lines listed without any
    intervening lines (except for comment lines) lead to the same help
    text.  Lines following the key lines make up the actual hep texts.
-
+   
 */
 
 char *
@@ -259,7 +249,7 @@
   if (!key || !*key)
     return NULL;
 
-  result = findkey_locale (key, locname, only_current_locale,
+  result = findkey_locale (key, locname, only_current_locale, 
                            gnupg_sysconfdir ());
   if (!result)
     result = findkey_locale (key, locname, only_current_locale,
diff -Nru gnupg2-2.1.6/common/homedir.c gnupg2-2.0.28/common/homedir.c
--- gnupg2-2.1.6/common/homedir.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/homedir.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,25 +1,15 @@
 /* homedir.c - Setup the home directory.
- * Copyright (C) 2004, 2006, 2007, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc.
  * Copyright (C) 2013 Werner Koch
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -32,12 +22,11 @@
 #include 
 #include 
 #include 
-#include 
 
 #ifdef HAVE_W32_SYSTEM
-#include    /* Due to the stupid mingw64 requirement to
-                           include this header before windows.h which
-                           is often implicitly included.  */
+# ifdef HAVE_WINSOCK2_H
+#  include 
+# endif
 #include 
 #ifndef CSIDL_APPDATA
 #define CSIDL_APPDATA 0x001a
@@ -58,50 +47,32 @@
 #include "util.h"
 #include "sysutils.h"
 
+
 #ifdef HAVE_W32_SYSTEM
 /* A flag used to indicate that a control file for gpgconf has been
    detected.  Under Windows the presence of this file indicates a
    portable installations and triggers several changes:
 
    - The GNUGHOME directory is fixed relative to installation
-     directory.  All other means to set the home directory are ignore.
+     directory.  All other means to set the home directory are
+     ignored.
 
-   - All registry variables will be ignored.
+   - All registry variables are ignored.
 
    This flag is not used on Unix systems.
  */
 static int w32_portable_app;
-#endif /*HAVE_W32_SYSTEM*/
 
-#ifdef HAVE_W32_SYSTEM
 /* This flag is true if this process' binary has been installed under
-   bin and not in the root directory as often used before GnuPG 2.1. */
+   bin and not in the root directory. */
 static int w32_bin_is_bin;
-#endif /*HAVE_W32_SYSTEM*/
-
 
-#ifdef HAVE_W32_SYSTEM
+/* Just a little prototype.  */
 static const char *w32_rootdir (void);
-#endif
 
+#endif /*HAVE_W32_SYSTEM*/
 
 
-#ifdef HAVE_W32_SYSTEM
-static void
-w32_try_mkdir (const char *dir)
-{
-#ifdef HAVE_W32CE_SYSTEM
-  wchar_t *wdir = utf8_to_wchar (dir);
-  if (wdir)
-    {
-      CreateDirectory (wdir, NULL);
-      xfree (wdir);
-    }
-#else
-  CreateDirectory (dir, NULL);
-#endif
-}
-#endif
 
 
 /* This is a helper function to load a Windows function from either of
@@ -184,7 +155,7 @@
 
               /* Try to create the directory if it does not yet exists.  */
               if (access (dir, F_OK))
-                w32_try_mkdir (dir);
+                CreateDirectory (dir, NULL);
             }
           else
             dir = GNUPG_DEFAULT_HOMEDIR;
@@ -222,8 +193,7 @@
             {
               char *tmp;
 
-              tmp = read_w32_registry_string (NULL,
-                                              GNUPG_REGISTRY_DIR,
+              tmp = read_w32_registry_string (NULL, "Software\\GNU\\GnuPG",
                                               "HomeDir");
               if (tmp && !*tmp)
                 {
@@ -265,20 +235,14 @@
         {
           /* gpgconf.ctl file found.  Record this fact.  */
           w32_portable_app = 1;
-          {
-            unsigned int flags;
-            log_get_prefix (&flags);
-            log_set_prefix (NULL, (flags | GPGRT_LOG_NO_REGISTRY));
-          }
+
           /* FIXME: We should read the file to detect special flags
-             and print a warning if we don't understand them  */
+             and print a warning if we don't understand them.  */
         }
     }
   xfree (fname);
 }
 
-
-/* Determine the root directory of the gnupg installation on Windows.  */
 static const char *
 w32_rootdir (void)
 {
@@ -288,16 +252,10 @@
   if (!got_dir)
     {
       char *p;
-      int rc;
-      wchar_t wdir [MAX_PATH+5];
 
-      rc = GetModuleFileNameW (NULL, wdir, MAX_PATH);
-      if (rc && WideCharToMultiByte (CP_UTF8, 0, wdir, -1, dir, MAX_PATH-4,
-                                     NULL, NULL) < 0)
-        rc = 0;
-      if (!rc)
+      if ( !GetModuleFileName ( NULL, dir, MAX_PATH) )
         {
-          log_debug ("GetModuleFileName failed: %s\n", w32_strerror (-1));
+          log_debug ("GetModuleFileName failed: %s\n", w32_strerror (0));
           *dir = 0;
         }
       got_dir = 1;
@@ -311,6 +269,7 @@
           /* If we are installed below "bin" we strip that and use
              the top directory instead.  */
           p = strrchr (dir, DIRSEP_C);
+
           if (p && !strcmp (p+1, "bin"))
             {
               *p = 0;
@@ -319,7 +278,7 @@
         }
       if (!p)
         {
-          log_debug ("bad filename '%s' returned for this process\n", dir);
+          log_debug ("bad filename `%s' returned for this process\n", dir);
           *dir = 0;
         }
     }
@@ -342,8 +301,8 @@
 
       /* Make sure that w32_rootdir has been called so that we are
          able to check the portable application flag.  The common dir
-         is the identical to the rootdir.  In that case there is also
-         no need to strdup its value.  */
+         is identical to the rootdir.  In that case there is also no
+         need to strdup its value.  */
       rdir = w32_rootdir ();
       if (w32_portable_app)
         return rdir;
@@ -370,8 +329,6 @@
 #endif /*HAVE_W32_SYSTEM*/
 
 
-
-
 /* Return the name of the sysconfdir.  This is a static string.  This
    function is required because under Windows we can't simply compile
    it in.  */
@@ -399,13 +356,7 @@
 const char *
 gnupg_bindir (void)
 {
-#if defined (HAVE_W32CE_SYSTEM)
-  static char *name;
-
-  if (!name)
-    name = xstrconcat (w32_rootdir (), DIRSEP_S "bin", NULL);
-  return name;
-#elif defined(HAVE_W32_SYSTEM)
+#ifdef HAVE_W32_SYSTEM
   const char *rdir;
 
   rdir = w32_rootdir ();
@@ -444,7 +395,13 @@
   static char *name;
 
   if (!name)
-    name = xstrconcat (w32_rootdir (), DIRSEP_S "lib" DIRSEP_S "gnupg", NULL);
+    {
+      const char *s1, *s2;
+      s1 = w32_rootdir ();
+      s2 = DIRSEP_S "lib" DIRSEP_S "gnupg";
+      name = xmalloc (strlen (s1) + strlen (s2) + 1);
+      strcpy (stpcpy (name, s1), s2);
+    }
   return name;
 #else /*!HAVE_W32_SYSTEM*/
   return GNUPG_LIBDIR;
@@ -458,7 +415,13 @@
   static char *name;
 
   if (!name)
-    name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "gnupg", NULL);
+    {
+      const char *s1, *s2;
+      s1 = w32_rootdir ();
+      s2 = DIRSEP_S "share" DIRSEP_S "gnupg";
+      name = xmalloc (strlen (s1) + strlen (s2) + 1);
+      strcpy (stpcpy (name, s1), s2);
+    }
   return name;
 #else /*!HAVE_W32_SYSTEM*/
   return GNUPG_DATADIR;
@@ -473,187 +436,66 @@
   static char *name;
 
   if (!name)
-    name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "locale",
-                       NULL);
-  return name;
-#else /*!HAVE_W32_SYSTEM*/
-  return LOCALEDIR;
-#endif /*!HAVE_W32_SYSTEM*/
-}
-
-
-/* Return the name of the cache directory.  The name is allocated in a
-   static area on the first use.  Windows only: If the directory does
-   not exist it is created.  */
-const char *
-gnupg_cachedir (void)
-{
-#ifdef HAVE_W32_SYSTEM
-  static const char *dir;
-
-  if (!dir)
     {
-      const char *rdir;
-
-      rdir = w32_rootdir ();
-      if (w32_portable_app)
-        {
-          dir = xstrconcat (rdir,
-                            DIRSEP_S, "var",
-                            DIRSEP_S, "cache",
-                            DIRSEP_S, "gnupg", NULL);
-        }
-      else
-        {
-          char path[MAX_PATH];
-          const char *s1[] = { "GNU", "cache", "gnupg", NULL };
-          int s1_len;
-          const char **comp;
-
-          s1_len = 0;
-          for (comp = s1; *comp; comp++)
-            s1_len += 1 + strlen (*comp);
-
-          if (w32_shgetfolderpath (NULL, CSIDL_LOCAL_APPDATA|CSIDL_FLAG_CREATE,
-                                   NULL, 0, path) >= 0)
-            {
-              char *tmp = xmalloc (strlen (path) + s1_len + 1);
-              char *p;
-
-              p = stpcpy (tmp, path);
-              for (comp = s1; *comp; comp++)
-                {
-                  p = stpcpy (p, "\\");
-                  p = stpcpy (p, *comp);
-
-                  if (access (tmp, F_OK))
-                    w32_try_mkdir (tmp);
-                }
-
-              dir = tmp;
-            }
-          else
-            {
-              dir = "c:\\temp\\cache\\gnupg";
-#ifdef HAVE_W32CE_SYSTEM
-              dir += 2;
-              w32_try_mkdir ("\\temp\\cache");
-              w32_try_mkdir ("\\temp\\cache\\gnupg");
-#endif
-            }
-        }
+      const char *s1, *s2;
+      s1 = w32_rootdir ();
+      s2 = DIRSEP_S "share" DIRSEP_S "locale";
+      name = xmalloc (strlen (s1) + strlen (s2) + 1);
+      strcpy (stpcpy (name, s1), s2);
     }
-  return dir;
+  return name;
 #else /*!HAVE_W32_SYSTEM*/
-  return GNUPG_LOCALSTATEDIR "/cache/" PACKAGE_NAME;
+  return LOCALEDIR;
 #endif /*!HAVE_W32_SYSTEM*/
 }
 
 
-/* Return the system socket name used by DirMngr.  */
+/* Return the default socket name used by DirMngr. */
 const char *
-dirmngr_sys_socket_name (void)
+dirmngr_socket_name (void)
 {
 #ifdef HAVE_W32_SYSTEM
   static char *name;
 
   if (!name)
     {
-      char *p;
-# ifdef HAVE_W32CE_SYSTEM
-      const char *s1, *s2;
+      char s1[MAX_PATH];
+      const char *s2;
 
-      s1 = default_homedir ();
-# else
-      char s1buf[MAX_PATH];
-      const char *s1, *s2;
-
-      s1 = default_homedir ();
-      if (!w32_portable_app)
-        {
-          /* We need something akin CSIDL_COMMON_PROGRAMS, but local
-             (non-roaming).  This is because the file needs to be on
-             the local machine and makes only sense on that machine.
-             CSIDL_WINDOWS seems to be the only location which
-             guarantees that. */
-          if (w32_shgetfolderpath (NULL, CSIDL_WINDOWS, NULL, 0, s1buf) < 0)
-            strcpy (s1buf, "C:\\WINDOWS");
-          s1 = s1buf;
-        }
-# endif
-      s2 = DIRSEP_S DIRMNGR_SOCK_NAME;
+      /* We need something akin CSIDL_COMMON_PROGRAMS, but local
+	 (non-roaming).  */
+      if (w32_shgetfolderpath (NULL, CSIDL_WINDOWS, NULL, 0, s1) < 0)
+	strcpy (s1, "C:\\WINDOWS");
+      s2 = DIRSEP_S "S.dirmngr";
       name = xmalloc (strlen (s1) + strlen (s2) + 1);
       strcpy (stpcpy (name, s1), s2);
-      for (p=name; *p; p++)
-        if (*p == '/')
-          *p = '\\';
     }
   return name;
 #else /*!HAVE_W32_SYSTEM*/
-  return GNUPG_LOCALSTATEDIR "/run/" PACKAGE_NAME "/"DIRMNGR_SOCK_NAME;
+  return "/var/run/dirmngr/socket";
 #endif /*!HAVE_W32_SYSTEM*/
 }
 
 
-/* Return the user socket name used by DirMngr.  If a user specific
-   dirmngr installation is not supported, NULL is returned.  */
-const char *
-dirmngr_user_socket_name (void)
-{
-  static char *name;
-
-  if (!name)
-    name = make_absfilename (default_homedir (), DIRMNGR_SOCK_NAME, NULL);
-  return name;
-}
-
-
-/* Return the default pinentry name.  If RESET is true the internal
-   cache is first flushed.  */
-static const char *
-get_default_pinentry_name (int reset)
-{
-  static char *name;
-
-  if (reset)
-    {
-      xfree (name);
-      name = NULL;
-    }
-
-  if (!name)
-    {
-      name = xstrconcat (gnupg_bindir (),
-                         DIRSEP_S "pinentry" EXEEXT_S, NULL);
-      if (access (name, F_OK) && errno == ENOENT)
-        {
-          char *name2;
-          name2 = xstrconcat (gnupg_bindir (),
-                              DIRSEP_S "pinentry-basic" EXEEXT_S, NULL);
-          if (access (name2, F_OK))
-            xfree (name2); /* Does not exist.  */
-          else /* Switch to pinentry-basic.  */
-            {
-              xfree (name);
-              name = name2;
-            }
-        }
-    }
-  return name;
-}
-
 
 /* Return the file name of a helper tool.  WHICH is one of the
    GNUPG_MODULE_NAME_foo constants.  */
 const char *
 gnupg_module_name (int which)
 {
-#define X(a,b) do {                                                     \
-    static char *name;                                                  \
-    if (!name)                                                          \
-      name = xstrconcat (gnupg_ ## a (), DIRSEP_S b EXEEXT_S, NULL);    \
-    return name;                                                        \
-  } while (0)
+  const char *s, *s2;
+
+#define X(a,b) do {                                          \
+        static char *name;                                   \
+        if (!name)                                           \
+          {                                                  \
+            s = gnupg_ ## a ();                              \
+            s2 = DIRSEP_S b EXEEXT_S;                        \
+            name = xmalloc (strlen (s) + strlen (s2) + 1);   \
+            strcpy (stpcpy (name, s), s2);                   \
+          }                                                  \
+        return name;                                         \
+      } while (0)
 
   switch (which)
     {
@@ -666,9 +508,9 @@
 
     case GNUPG_MODULE_NAME_PINENTRY:
 #ifdef GNUPG_DEFAULT_PINENTRY
-      return GNUPG_DEFAULT_PINENTRY;  /* (Set by a configure option) */
+      return GNUPG_DEFAULT_PINENTRY;
 #else
-      return get_default_pinentry_name (0);
+      X(bindir, "pinentry");
 #endif
 
     case GNUPG_MODULE_NAME_SCDAEMON:
@@ -682,7 +524,7 @@
 #ifdef GNUPG_DEFAULT_DIRMNGR
       return GNUPG_DEFAULT_DIRMNGR;
 #else
-      X(bindir, DIRMNGR_NAME);
+      X(bindir, "dirmngr");
 #endif
 
     case GNUPG_MODULE_NAME_PROTECT_TOOL:
@@ -692,13 +534,6 @@
       X(libexecdir, "gpg-protect-tool");
 #endif
 
-    case GNUPG_MODULE_NAME_DIRMNGR_LDAP:
-#ifdef GNUPG_DEFAULT_DIRMNGR_LDAP
-      return GNUPG_DEFAULT_DIRMNGR_LDAP;
-#else
-      X(libexecdir, "dirmngr_ldap");
-#endif
-
     case GNUPG_MODULE_NAME_CHECK_PATTERN:
       X(libexecdir, "gpg-check-pattern");
 
@@ -706,7 +541,7 @@
       X(bindir, "gpgsm");
 
     case GNUPG_MODULE_NAME_GPG:
-      X(bindir, NAME_OF_INSTALLED_GPG);
+      X(bindir, "gpg2");
 
     case GNUPG_MODULE_NAME_CONNECT_AGENT:
       X(bindir, "gpg-connect-agent");
@@ -719,12 +554,3 @@
     }
 #undef X
 }
-
-
-/* Flush some of the cached module names.  This is for example used by
-   gpg-agent to allow configuring a different pinentry.  */
-void
-gnupg_module_name_flush_some (void)
-{
-  (void)get_default_pinentry_name (1);
-}
diff -Nru gnupg2-2.1.6/common/host2net.h gnupg2-2.0.28/common/host2net.h
--- gnupg2-2.1.6/common/host2net.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/host2net.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,112 +0,0 @@
-/* host2net.h - Endian conversion macros
- * Copyright (C) 1998, 2014, 2015  Werner Koch
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef GNUPG_COMMON_HOST2NET_H
-#define GNUPG_COMMON_HOST2NET_H
-
-#include "types.h"
-
-#define ulongtobuf( p, a ) do { 			  \
-			    ((byte*)p)[0] = a >> 24;	\
-			    ((byte*)p)[1] = a >> 16;	\
-			    ((byte*)p)[2] = a >>  8;	\
-			    ((byte*)p)[3] = a	   ;	\
-			} while(0)
-#define ushorttobuf( p, a ) do {			   \
-			    ((byte*)p)[0] = a >>  8;	\
-			    ((byte*)p)[1] = a	   ;	\
-			} while(0)
-
-
-static inline unsigned long
-buf16_to_ulong (const void *buffer)
-{
-  const unsigned char *p = buffer;
-
-  return (((unsigned long)p[0] << 8) | p[1]);
-}
-
-static inline unsigned int
-buf16_to_uint (const void *buffer)
-{
-  const unsigned char *p = buffer;
-
-  return (((unsigned int)p[0] << 8) | p[1]);
-}
-
-static inline unsigned short
-buf16_to_ushort (const void *buffer)
-{
-  const unsigned char *p = buffer;
-
-  return (((unsigned short)p[0] << 8) | p[1]);
-}
-
-static inline u16
-buf16_to_u16 (const void *buffer)
-{
-  const unsigned char *p = buffer;
-
-  return (((u16)p[0] << 8) | p[1]);
-}
-
-static inline size_t
-buf32_to_size_t (const void *buffer)
-{
-  const unsigned char *p = buffer;
-
-  return (((size_t)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
-}
-
-static inline unsigned long
-buf32_to_ulong (const void *buffer)
-{
-  const unsigned char *p = buffer;
-
-  return (((unsigned long)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
-}
-
-static inline unsigned int
-buf32_to_uint (const void *buffer)
-{
-  const unsigned char *p = buffer;
-
-  return (((unsigned int)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
-}
-
-static inline u32
-buf32_to_u32 (const void *buffer)
-{
-  const unsigned char *p = buffer;
-
-  return (((u32)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]);
-}
-
-
-#endif /*GNUPG_COMMON_HOST2NET_H*/
diff -Nru gnupg2-2.1.6/common/http.c gnupg2-2.0.28/common/http.c
--- gnupg2-2.1.6/common/http.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/http.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,27 +1,15 @@
 /* http.c  -  HTTP protocol handler
- * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010,
- *               2011 Free Software Foundation, Inc.
- * Copyright (C) 2014 Werner Koch
- * Copyright (C) 2015 g10 Code GmbH
+ * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006,
+ *               2009, 2012, 2013 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -33,16 +21,13 @@
 /* Simple HTTP client implementation.  We try to keep the code as
    self-contained as possible.  There are some contraints however:
 
-  - estream is required.  We now require estream because it provides a
-    very useful and portable asprintf implementation and the fopencookie
-    function.
   - stpcpy is required
   - fixme: list other requirements.
 
 
-  - With HTTP_USE_NTBTLS or HTTP_USE_GNUTLS support for https is
-    provided (this also requires estream).
-
+  - With HTTP_USE_ESTREAM defined, all I/O is done through estream.
+  - With HTTP_USE_GNUTLS support for https is provided (this also
+    requires estream).
   - With HTTP_NO_WSASTARTUP the socket initialization is not done
     under Windows.  This is useful if the socket layer has already
     been initialized elsewhere.  This also avoids the installation of
@@ -75,37 +60,31 @@
 # include 
 #endif /*!HAVE_W32_SYSTEM*/
 
-#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
-# undef USE_NPTH
-#endif
-
-#ifdef USE_NPTH
-# include 
-#endif
-
-#if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_NTBTLS)
-# error Both, HTTP_USE_GNUTLS and HTTP_USE_NTBTLS, are defined.
-#endif
-
-#ifdef HTTP_USE_NTBTLS
-# include 
-#elif HTTP_USE_GNUTLS
+#ifdef HTTP_USE_GNUTLS
 # include 
-# include 
+/* For non-understandable reasons GNUTLS dropped the _t suffix from
+   all types. yes, ISO-C might be read as this but there are still
+   other name space conflicts and using _t is actually a Good
+   Thing. */
+typedef gnutls_session gnutls_session_t;
+typedef gnutls_transport_ptr gnutls_transport_ptr_t;
 #endif /*HTTP_USE_GNUTLS*/
 
+#ifdef TEST
+#undef USE_DNS_SRV
+#endif
 
 #include "util.h"
 #include "i18n.h"
 #include "http.h"
 #ifdef USE_DNS_SRV
-# include "srv.h"
+#include "srv.h"
 #else /*!USE_DNS_SRV*/
-  /* If we are not compiling with SRV record support we provide stub
-     data structures. */
-# ifndef MAXDNAME
-#  define MAXDNAME 1025
-# endif
+/* If we are not compiling with SRV record support we provide stub
+   data structures. */
+#ifndef MAXDNAME
+#define MAXDNAME 1025
+#endif
 struct srventry
 {
   unsigned short priority;
@@ -117,16 +96,6 @@
 #endif/*!USE_DNS_SRV*/
 
 
-#ifdef USE_NPTH
-# define my_select(a,b,c,d,e)  npth_select ((a), (b), (c), (d), (e))
-# define my_connect(a,b,c)     npth_connect ((a), (b), (c))
-# define my_accept(a,b,c)      npth_accept ((a), (b), (c))
-#else
-# define my_select(a,b,c,d,e)  select ((a), (b), (c), (d), (e))
-# define my_connect(a,b,c)     connect ((a), (b), (c))
-# define my_accept(a,b,c)      accept ((a), (b), (c))
-#endif
-
 #ifdef HAVE_W32_SYSTEM
 #define sock_close(a)  closesocket(a)
 #else
@@ -136,9 +105,6 @@
 #ifndef EAGAIN
 #define EAGAIN  EWOULDBLOCK
 #endif
-#ifndef INADDR_NONE  /* Slowaris is missing that.  */
-#define INADDR_NONE  ((unsigned long)(-1))
-#endif /*INADDR_NONE*/
 
 #define HTTP_PROXY_ENV           "http_proxy"
 #define MAX_LINELEN 20000  /* Max. length of a HTTP header line. */
@@ -147,60 +113,38 @@
                         "01234567890@"                 \
                         "!\"#$%&'()*+,-./:;<=>?[\\]^_{|}~"
 
-/* A long counter type.  */
-#ifdef HAVE_STRTOULL
-typedef unsigned long long longcounter_t;
-# define counter_strtoul(a) strtoull ((a), NULL, 10)
+/* Define a prefix to map stream functions to the estream library. */
+#ifdef HTTP_USE_ESTREAM
+#define P_ES(a)  es_ ## a
 #else
-typedef unsigned long longcounter_t;
-# define counter_strtoul(a) strtoul ((a), NULL, 10)
+#define P_ES(a)  a
 #endif
-
-#if HTTP_USE_NTBTLS
-typedef ntbtls_t         tls_session_t;
-# define USE_TLS 1
-#elif HTTP_USE_GNUTLS
-typedef gnutls_session_t tls_session_t;
-# define USE_TLS 1
-#else
-typedef void *tls_session_t;
-# undef USE_TLS
+#ifndef HTTP_USE_GNUTLS
+typedef void * gnutls_session_t;
+#endif
+#if defined(HTTP_USE_GNUTLS) && !defined(HTTP_USE_ESTREAM)
+#error Use of GNUTLS also requires support for Estream
 #endif
 
-static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part,
-                                    int no_scheme_check, int force_tls);
-static gpg_error_t parse_uri (parsed_uri_t *ret_uri, const char *uri,
-                              int no_scheme_check, int force_tls);
+static gpg_error_t do_parse_uri (parsed_uri_t uri, int only_local_part);
 static int remove_escapes (char *string);
 static int insert_escapes (char *buffer, const char *string,
                            const char *special);
 static uri_tuple_t parse_tuple (char *string);
-static gpg_error_t send_request (http_t hd, const char *httphost,
-                                 const char *auth,const char *proxy,
-				 const char *srvtag,strlist_t headers);
+static gpg_error_t send_request (http_t hd, const char *auth,const char *proxy,
+				 struct http_srv *srv,strlist_t headers);
 static char *build_rel_path (parsed_uri_t uri);
 static gpg_error_t parse_response (http_t hd);
 
 static int connect_server (const char *server, unsigned short port,
-                           unsigned int flags, const char *srvtag,
-                           int *r_host_not_found);
+                           unsigned int flags, struct http_srv *srv);
 static gpg_error_t write_server (int sock, const char *data, size_t length);
 
+#ifdef HTTP_USE_ESTREAM
 static ssize_t cookie_read (void *cookie, void *buffer, size_t size);
 static ssize_t cookie_write (void *cookie, const void *buffer, size_t size);
 static int cookie_close (void *cookie);
 
-
-/* A socket object used to a allow ref counting of sockets.  */
-struct my_socket_s
-{
-  int fd;       /* The actual socket - shall never be -1.  */
-  int refcount; /* Number of references to this socket.  */
-};
-typedef struct my_socket_s *my_socket_t;
-
-
-/* Cookie function structure and cookie object.  */
 static es_cookie_io_functions_t cookie_functions =
   {
     cookie_read,
@@ -211,42 +155,17 @@
 
 struct cookie_s
 {
-  /* Socket object or NULL if already closed. */
-  my_socket_t sock;
-
-  /* The session object or NULL if not used. */
-  http_session_t session;
-
-  /* True if TLS is to be used.  */
-  int use_tls;
-
-  /* The remaining content length and a flag telling whether to use
-     the content length.  */
-  longcounter_t content_length;
-  unsigned int content_length_valid:1;
+  int fd;  /* File descriptor or -1 if already closed. */
+  gnutls_session_t tls_session;  /* TLS session context or NULL if not used. */
+  int keep_socket; /* Flag to communicate with teh close handler. */
 };
 typedef struct cookie_s *cookie_t;
 
-/* The session object. */
-struct http_session_s
-{
-  int refcount;    /* Number of references to this object.  */
+#endif /*HTTP_USE_ESTREAM*/
+
 #ifdef HTTP_USE_GNUTLS
-  gnutls_certificate_credentials_t certcred;
+static gpg_error_t (*tls_callback) (http_t, gnutls_session_t, int);
 #endif /*HTTP_USE_GNUTLS*/
-#ifdef USE_TLS
-  tls_session_t tls_session;
-  struct {
-    int done;      /* Verifciation has been done.  */
-    int rc;        /* TLS verification return code.  */
-    unsigned int status; /* Verification status.  */
-  } verify;
-  char *servername; /* Malloced server name.  */
-#endif /*USE_TLS*/
-  /* A callback function to log details of TLS certifciates.  */
-  void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
-                       const void **, size_t *);
-};
 
 
 /* An object to save header lines. */
@@ -263,14 +182,18 @@
 struct http_context_s
 {
   unsigned int status_code;
-  my_socket_t sock;
-  unsigned int in_data:1;
-  unsigned int is_http_0_9:1;
+  int sock;
+  int in_data;
+#ifdef HTTP_USE_ESTREAM
   estream_t fp_read;
   estream_t fp_write;
   void *write_cookie;
-  void *read_cookie;
-  http_session_t session;
+#else /*!HTTP_USE_ESTREAM*/
+  FILE *fp_read;
+  FILE *fp_write;
+#endif /*!HTTP_USE_ESTREAM*/
+  void *tls_context;
+  int is_http_0_9;
   parsed_uri_t uri;
   http_req_t req_type;
   char *buffer;          /* Line buffer. */
@@ -280,12 +203,6 @@
 };
 
 
-/* The global callback for the verification fucntion.  */
-static gpg_error_t (*tls_callback) (http_t, http_session_t, int);
-
-/* The list of files with trusted CA certificates.  */
-static strlist_t tls_ca_certlist;
-
 
 
 #if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
@@ -335,102 +252,6 @@
 #endif /*HAVE_W32_SYSTEM && !HTTP_NO_WSASTARTUP*/
 
 
-/* Create a new socket object.  Returns NULL and closes FD if not
-   enough memory is available.  */
-static my_socket_t
-_my_socket_new (int lnr, int fd)
-{
-  my_socket_t so;
-
-  so = xtrymalloc (sizeof *so);
-  if (!so)
-    {
-      int save_errno = errno;
-      sock_close (fd);
-      gpg_err_set_errno (save_errno);
-      return NULL;
-    }
-  so->fd = fd;
-  so->refcount = 1;
-  /* log_debug ("http.c:socket_new(%d): object %p for fd %d created\n", */
-  /*            lnr, so, so->fd); */
-  (void)lnr;
-  return so;
-}
-#define my_socket_new(a) _my_socket_new (__LINE__, (a))
-
-/* Bump up the reference counter for the socket object SO.  */
-static my_socket_t
-_my_socket_ref (int lnr, my_socket_t so)
-{
-  so->refcount++;
-  /* log_debug ("http.c:socket_ref(%d) object %p for fd %d refcount now %d\n", */
-  /*            lnr, so, so->fd, so->refcount); */
-  (void)lnr;
-  return so;
-}
-#define my_socket_ref(a) _my_socket_ref (__LINE__,(a))
-
-
-/* Bump down the reference counter for the socket object SO.  If SO
-   has no more references, close the socket and release the
-   object.  */
-static void
-_my_socket_unref (int lnr, my_socket_t so,
-                  void (*preclose)(void*), void *preclosearg)
-{
-  if (so)
-    {
-      so->refcount--;
-      /* log_debug ("http.c:socket_unref(%d): object %p for fd %d ref now %d\n", */
-      /*            lnr, so, so->fd, so->refcount); */
-      (void)lnr;
-      if (!so->refcount)
-        {
-          if (preclose)
-            preclose (preclosearg);
-          sock_close (so->fd);
-          xfree (so);
-        }
-    }
-}
-#define my_socket_unref(a,b,c) _my_socket_unref (__LINE__,(a),(b),(c))
-
-
-#if defined (USE_NPTH) && defined(HTTP_USE_GNUTLS)
-static ssize_t
-my_npth_read (gnutls_transport_ptr_t ptr, void *buffer, size_t size)
-{
-  my_socket_t sock = ptr;
-  return npth_read (sock->fd, buffer, size);
-}
-static ssize_t
-my_npth_write (gnutls_transport_ptr_t ptr, const void *buffer, size_t size)
-{
-  my_socket_t sock = ptr;
-  return npth_write (sock->fd, buffer, size);
-}
-#endif /*USE_NPTH && HTTP_USE_GNUTLS*/
-
-
-
-
-/* This notification function is called by estream whenever stream is
-   closed.  Its purpose is to mark the closing in the handle so
-   that a http_close won't accidentally close the estream.  The function
-   http_close removes this notification so that it won't be called if
-   http_close was used before an es_fclose.  */
-static void
-fp_onclose_notification (estream_t stream, void *opaque)
-{
-  http_t hd = opaque;
-
-  if (hd->fp_read && hd->fp_read == stream)
-    hd->fp_read = NULL;
-  else if (hd->fp_write && hd->fp_write == stream)
-    hd->fp_write = NULL;
-}
-
 
 /*
  * Helper function to create an HTTP header with hex encoded data.  A
@@ -440,13 +261,13 @@
  */
 static char *
 make_header_line (const char *prefix, const char *suffix,
-                  const void *data, size_t len )
+                   const void *data, size_t len )
 {
   static unsigned char bintoasc[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
     "abcdefghijklmnopqrstuvwxyz"
     "0123456789+/";
-  const unsigned char *s = data;
+  const unsigned int *s = data;
   char *buffer, *p;
 
   buffer = xtrymalloc (strlen (prefix) + (len+2)/3*4 + strlen (suffix) + 1);
@@ -459,7 +280,6 @@
       *p++ = bintoasc[(((s[0] <<4)&060)|((s[1] >> 4)&017))&077];
       *p++ = bintoasc[(((s[1]<<2)&074)|((s[2]>>6)&03))&077];
       *p++ = bintoasc[s[2]&077];
-      *p = 0;
     }
   if ( len == 2 )
     {
@@ -475,7 +295,6 @@
       *p++ = '=';
       *p++ = '=';
     }
-  *p = 0;
   strcpy (p, suffix);
   return buffer;
 }
@@ -483,218 +302,25 @@
 
 
 
-/* Register a non-standard global TLS callback function.  If no
-   verification is desired a callback needs to be registered which
-   always returns NULL.  */
-void
-http_register_tls_callback (gpg_error_t (*cb)(http_t, http_session_t, int))
-{
-  tls_callback = cb;
-}
-
-
-/* Register a CA certificate for future use.  The certificate is
-   expected to be in FNAME.  PEM format is assume if FNAME has a
-   suffix of ".pem".  If FNAME is NULL the list of CA files is
-   removed.  */
-void
-http_register_tls_ca (const char *fname)
-{
-  strlist_t sl;
-
-  if (!fname)
-    {
-      free_strlist (tls_ca_certlist);
-      tls_ca_certlist = NULL;
-    }
-  else
-    {
-      sl = add_to_strlist (&tls_ca_certlist, fname);
-      if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
-        sl->flags = 1;
-    }
-}
-
-
-/* Release a session.  Take care not to release it while it is being
-   used by a http context object.  */
-static void
-session_unref (int lnr, http_session_t sess)
-{
-  if (!sess)
-    return;
-
-  sess->refcount--;
-  /* log_debug ("http.c:session_unref(%d): sess %p ref now %d\n", */
-  /*            lnr, sess, sess->refcount); */
-  (void)lnr;
-  if (sess->refcount)
-    return;
-
-#ifdef USE_TLS
-# ifdef HTTP_USE_GNUTLS
-  if (sess->tls_session)
-    {
-      my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session);
-      my_socket_unref (sock, NULL, NULL);
-      gnutls_deinit (sess->tls_session);
-    }
-  if (sess->certcred)
-    gnutls_certificate_free_credentials (sess->certcred);
-# endif /*HTTP_USE_GNUTLS*/
-  xfree (sess->servername);
-#endif /*USE_TLS*/
-
-  xfree (sess);
-}
-#define http_session_unref(a) session_unref (__LINE__, (a))
-
-void
-http_session_release (http_session_t sess)
-{
-  http_session_unref (sess);
-}
-
-
-/* Create a new session object which is currently used to enable TLS
-   support.  It may eventually allow reusing existing connections.  */
-gpg_error_t
-http_session_new (http_session_t *r_session, const char *tls_priority)
-{
-  gpg_error_t err;
-  http_session_t sess;
-
-  *r_session = NULL;
-
-  sess = xtrycalloc (1, sizeof *sess);
-  if (!sess)
-    return gpg_error_from_syserror ();
-  sess->refcount = 1;
-
-#if HTTP_USE_NTBTLS
-  {
-    (void)tls_priority;
-
-    err = ntbtls_new (&sess->tls_session, NTBTLS_CLIENT);
-    if (err)
-      {
-        log_error ("ntbtls_new failed: %s\n", gpg_strerror (err));
-        goto leave;
-      }
-  }
-#elif HTTP_USE_GNUTLS
-  {
-    const char *errpos;
-    int rc;
-    strlist_t sl;
-
-    rc = gnutls_certificate_allocate_credentials (&sess->certcred);
-    if (rc < 0)
-      {
-        log_error ("gnutls_certificate_allocate_credentials failed: %s\n",
-                   gnutls_strerror (rc));
-        err = gpg_error (GPG_ERR_GENERAL);
-        goto leave;
-      }
-
-    for (sl = tls_ca_certlist; sl; sl = sl->next)
-      {
-        rc = gnutls_certificate_set_x509_trust_file
-          (sess->certcred, sl->d,
-           (sl->flags & 1)? GNUTLS_X509_FMT_PEM : GNUTLS_X509_FMT_DER);
-        if (rc < 0)
-          log_info ("setting CA from file '%s' failed: %s\n",
-                    sl->d, gnutls_strerror (rc));
-      }
-
-    rc = gnutls_init (&sess->tls_session, GNUTLS_CLIENT);
-    if (rc < 0)
-      {
-        log_error ("gnutls_init failed: %s\n", gnutls_strerror (rc));
-        err = gpg_error (GPG_ERR_GENERAL);
-        goto leave;
-      }
-    /* A new session has the transport ptr set to (void*(-1), we need
-       it to be NULL.  */
-    gnutls_transport_set_ptr (sess->tls_session, NULL);
-
-    rc = gnutls_priority_set_direct (sess->tls_session,
-                                     tls_priority? tls_priority : "NORMAL",
-                                     &errpos);
-    if (rc < 0)
-      {
-        log_error ("gnutls_priority_set_direct failed at '%s': %s\n",
-                   errpos, gnutls_strerror (rc));
-        err = gpg_error (GPG_ERR_GENERAL);
-        goto leave;
-      }
-
-    rc = gnutls_credentials_set (sess->tls_session,
-                                 GNUTLS_CRD_CERTIFICATE, sess->certcred);
-    if (rc < 0)
-      {
-        log_error ("gnutls_credentials_set failed: %s\n", gnutls_strerror (rc));
-        err = gpg_error (GPG_ERR_GENERAL);
-        goto leave;
-      }
-  }
-#else /*!HTTP_USE_GNUTLS*/
-  {
-    (void)tls_priority;
-  }
-#endif /*!HTTP_USE_GNUTLS*/
-
-  /* log_debug ("http.c:session_new: sess %p created\n", sess); */
-  err = 0;
-
-#if USE_TLS
- leave:
-#endif /*USE_TLS*/
-  if (err)
-    http_session_unref (sess);
-  else
-    *r_session = sess;
-
-  return err;
-}
-
-
-/* Increment the reference count for session SESS.  Passing NULL for
-   SESS is allowed. */
-http_session_t
-http_session_ref (http_session_t sess)
-{
-  if (sess)
-    {
-      sess->refcount++;
-      /* log_debug ("http.c:session_ref: sess %p ref now %d\n", sess, */
-      /*            sess->refcount); */
-    }
-  return sess;
-}
-
-
 void
-http_session_set_log_cb (http_session_t sess,
-                         void (*cb)(http_session_t, gpg_error_t,
-                                    const char *hostname,
-                                    const void **certs, size_t *certlens))
+http_register_tls_callback ( gpg_error_t (*cb) (http_t, void *, int) )
 {
-  sess->cert_log_cb = cb;
+#ifdef HTTP_USE_GNUTLS
+  tls_callback = (gpg_error_t (*) (http_t, gnutls_session_t, int))cb;
+#else
+  (void)cb;
+#endif
 }
 
 
 
-
-/* Start a HTTP retrieval and on success store at R_HD a context
-   pointer for completing the request and to wait for the response.
-   If HTTPHOST is not NULL it is used hor the Host header instead of a
-   Host header derived from the URL. */
+/* Start a HTTP retrieval and return on success in R_HD a context
+   pointer for completing the the request and to wait for the
+   response. */
 gpg_error_t
 http_open (http_t *r_hd, http_req_t reqtype, const char *url,
-           const char *httphost,
            const char *auth, unsigned int flags, const char *proxy,
-           http_session_t session, const char *srvtag, strlist_t headers)
+           void *tls_context, struct http_srv *srv, strlist_t headers)
 {
   gpg_error_t err;
   http_t hd;
@@ -702,28 +328,30 @@
   *r_hd = NULL;
 
   if (!(reqtype == HTTP_REQ_GET || reqtype == HTTP_REQ_POST))
-    return gpg_err_make (default_errsource, GPG_ERR_INV_ARG);
+    return gpg_error (GPG_ERR_INV_ARG);
 
   /* Create the handle. */
   hd = xtrycalloc (1, sizeof *hd);
   if (!hd)
     return gpg_error_from_syserror ();
+  hd->sock = -1;
   hd->req_type = reqtype;
   hd->flags = flags;
-  hd->session = http_session_ref (session);
+  hd->tls_context = tls_context;
 
-  err = parse_uri (&hd->uri, url, 0, !!(flags & HTTP_FLAG_FORCE_TLS));
+  err = http_parse_uri (&hd->uri, url);
   if (!err)
-    err = send_request (hd, httphost, auth, proxy, srvtag, headers);
+    err = send_request (hd, auth, proxy, srv, headers);
 
   if (err)
     {
-      my_socket_unref (hd->sock, NULL, NULL);
+      if (!hd->fp_read && !hd->fp_write && hd->sock != -1)
+        sock_close (hd->sock);
       if (hd->fp_read)
-        es_fclose (hd->fp_read);
+        P_ES(fclose) (hd->fp_read);
       if (hd->fp_write)
-        es_fclose (hd->fp_write);
-      http_session_unref (hd->session);
+        P_ES(fclose) (hd->fp_write);
+      http_release_parsed_uri (hd->uri);
       xfree (hd);
     }
   else
@@ -732,116 +360,22 @@
 }
 
 
-/* This function is useful to connect to a generic TCP service using
-   this http abstraction layer.  This has the advantage of providing
-   service tags and an estream interface.  */
-gpg_error_t
-http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
-                  unsigned int flags, const char *srvtag)
-{
-  gpg_error_t err = 0;
-  int sock;
-  http_t hd;
-  cookie_t cookie;
-  int hnf;
-
-  *r_hd = NULL;
-
-  /* Create the handle. */
-  hd = xtrycalloc (1, sizeof *hd);
-  if (!hd)
-    return gpg_error_from_syserror ();
-  hd->req_type = HTTP_REQ_OPAQUE;
-  hd->flags = flags;
-
-  /* Connect.  */
-  sock = connect_server (server, port, hd->flags, srvtag, &hnf);
-  if (sock == -1)
-    {
-      err = gpg_err_make (default_errsource,
-                          (hnf? GPG_ERR_UNKNOWN_HOST
-                              : gpg_err_code_from_syserror ()));
-      xfree (hd);
-      return err;
-    }
-  hd->sock = my_socket_new (sock);
-  if (!hd->sock)
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      xfree (hd);
-      return err;
-    }
-
-  /* Setup estreams for reading and writing.  */
-  cookie = xtrycalloc (1, sizeof *cookie);
-  if (!cookie)
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      goto leave;
-    }
-  cookie->sock = my_socket_ref (hd->sock);
-  hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
-  if (!hd->fp_write)
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      my_socket_unref (cookie->sock, NULL, NULL);
-      xfree (cookie);
-      goto leave;
-    }
-  hd->write_cookie = cookie; /* Cookie now owned by FP_WRITE.  */
-
-  cookie = xtrycalloc (1, sizeof *cookie);
-  if (!cookie)
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      goto leave;
-    }
-  cookie->sock = my_socket_ref (hd->sock);
-  hd->fp_read = es_fopencookie (cookie, "r", cookie_functions);
-  if (!hd->fp_read)
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      my_socket_unref (cookie->sock, NULL, NULL);
-      xfree (cookie);
-      goto leave;
-    }
-  hd->read_cookie = cookie; /* Cookie now owned by FP_READ.  */
-
-  /* Register close notification to interlock the use of es_fclose in
-     http_close and in user code.  */
-  err = es_onclose (hd->fp_write, 1, fp_onclose_notification, hd);
-  if (!err)
-    err = es_onclose (hd->fp_read, 1, fp_onclose_notification, hd);
-
- leave:
-  if (err)
-    {
-      if (hd->fp_read)
-        es_fclose (hd->fp_read);
-      if (hd->fp_write)
-        es_fclose (hd->fp_write);
-      my_socket_unref (hd->sock, NULL, NULL);
-      xfree (hd);
-    }
-  else
-    *r_hd = hd;
-  return err;
-}
-
-
-
-
 void
 http_start_data (http_t hd)
 {
   if (!hd->in_data)
     {
+#ifdef HTTP_USE_ESTREAM
       es_fputs ("\r\n", hd->fp_write);
       es_fflush (hd->fp_write);
+#else
+      fflush (hd->fp_write);
+      write_server (hd->sock, "\r\n", 2);
+#endif
       hd->in_data = 1;
     }
   else
-    es_fflush (hd->fp_write);
+    P_ES(fflush) (hd->fp_write);
 }
 
 
@@ -849,54 +383,70 @@
 http_wait_response (http_t hd)
 {
   gpg_error_t err;
-  cookie_t cookie;
 
   /* Make sure that we are in the data. */
   http_start_data (hd);
 
-  /* Close the write stream.  Note that the reference counted socket
-     object keeps the actual system socket open.  */
-  cookie = hd->write_cookie;
-  if (!cookie)
-    return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
-
-  es_fclose (hd->fp_write);
+  /* We dup the socket, to cope with the fact that fclose closes the
+     underlying socket. In TLS mode we don't do that because we can't
+     close the socket gnutls is working on; instead we make sure that
+     the fclose won't close the socket in this case. */
+#ifdef HTTP_USE_ESTREAM
+  if (hd->write_cookie)
+    {
+      /* The write cookie is only set in the TLS case. */
+      cookie_t cookie = hd->write_cookie;
+      cookie->keep_socket = 1;
+    }
+  else
+#endif /*HTTP_USE_ESTREAM*/
+    {
+#ifdef HAVE_W32_SYSTEM
+      HANDLE handle = (HANDLE)hd->sock;
+      if (!DuplicateHandle (GetCurrentProcess(), handle,
+			    GetCurrentProcess(), &handle, 0,
+			    TRUE, DUPLICATE_SAME_ACCESS ))
+	return gpg_error_from_syserror ();
+      hd->sock = (int)handle;
+#else
+      hd->sock = dup (hd->sock);
+#endif
+      if (hd->sock == -1)
+        return gpg_error_from_syserror ();
+    }
+  P_ES(fclose) (hd->fp_write);
   hd->fp_write = NULL;
-  /* The close has released the cookie and thus we better set it to NULL.  */
+#ifdef HTTP_USE_ESTREAM
   hd->write_cookie = NULL;
+#endif
 
-  /* Shutdown one end of the socket is desired.  As per HTTP/1.0 this
-     is not required but some very old servers (e.g. the original pksd
-     key server didn't worked without it.  */
-  if ((hd->flags & HTTP_FLAG_SHUTDOWN))
-    shutdown (hd->sock->fd, 1);
   hd->in_data = 0;
 
-  /* Create a new cookie and a stream for reading.  */
-  cookie = xtrycalloc (1, sizeof *cookie);
-  if (!cookie)
-    return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-  cookie->sock = my_socket_ref (hd->sock);
-  cookie->session = http_session_ref (hd->session);
-  cookie->use_tls = hd->uri->use_tls;
+#ifdef HTTP_USE_ESTREAM
+  {
+    cookie_t cookie;
+
+    cookie = xtrycalloc (1, sizeof *cookie);
+    if (!cookie)
+      return gpg_error_from_syserror ();
+    cookie->fd = hd->sock;
+    if (hd->uri->use_tls)
+      cookie->tls_session = hd->tls_context;
 
-  hd->read_cookie = cookie;
-  hd->fp_read = es_fopencookie (cookie, "r", cookie_functions);
+    hd->fp_read = es_fopencookie (cookie, "r", cookie_functions);
+    if (!hd->fp_read)
+      {
+        xfree (cookie);
+        return gpg_error_from_syserror ();
+      }
+  }
+#else /*!HTTP_USE_ESTREAM*/
+  hd->fp_read = fdopen (hd->sock, "r");
   if (!hd->fp_read)
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      my_socket_unref (cookie->sock, NULL, NULL);
-      http_session_unref (cookie->session);
-      xfree (cookie);
-      hd->read_cookie = NULL;
-      return err;
-    }
+    return gpg_error_from_syserror ();
+#endif /*!HTTP_USE_ESTREAM*/
 
   err = parse_response (hd);
-
-  if (!err)
-    err = es_onclose (hd->fp_read, 1, fp_onclose_notification, hd);
-
   return err;
 }
 
@@ -908,13 +458,13 @@
 gpg_error_t
 http_open_document (http_t *r_hd, const char *document,
                     const char *auth, unsigned int flags, const char *proxy,
-                    http_session_t session,
-                    const char *srvtag, strlist_t headers)
+                    void *tls_context, struct http_srv *srv,
+		    strlist_t headers)
 {
   gpg_error_t err;
 
-  err = http_open (r_hd, HTTP_REQ_GET, document, NULL, auth, flags,
-                   proxy, session, srvtag, headers);
+  err = http_open (r_hd, HTTP_REQ_GET, document, auth, flags,
+                   proxy, tls_context, srv, headers);
   if (err)
     return err;
 
@@ -931,20 +481,12 @@
 {
   if (!hd)
     return;
-
-  /* First remove the close notifications for the streams.  */
-  if (hd->fp_read)
-    es_onclose (hd->fp_read, 0, fp_onclose_notification, hd);
-  if (hd->fp_write)
-    es_onclose (hd->fp_write, 0, fp_onclose_notification, hd);
-
-  /* Now we can close the streams.  */
-  my_socket_unref (hd->sock, NULL, NULL);
+  if (!hd->fp_read && !hd->fp_write && hd->sock != -1)
+    sock_close (hd->sock);
   if (hd->fp_read && !keep_read_stream)
-    es_fclose (hd->fp_read);
+    P_ES(fclose) (hd->fp_read);
   if (hd->fp_write)
-    es_fclose (hd->fp_write);
-  http_session_unref (hd->session);
+    P_ES(fclose) (hd->fp_write);
   http_release_parsed_uri (hd->uri);
   while (hd->headers)
     {
@@ -958,79 +500,50 @@
 }
 
 
+#ifdef HTTP_USE_ESTREAM
 estream_t
 http_get_read_ptr (http_t hd)
 {
   return hd?hd->fp_read:NULL;
 }
-
 estream_t
 http_get_write_ptr (http_t hd)
 {
   return hd?hd->fp_write:NULL;
 }
-
-unsigned int
-http_get_status_code (http_t hd)
+#else /*!HTTP_USE_ESTREAM*/
+FILE *
+http_get_read_ptr (http_t hd)
 {
-  return hd?hd->status_code:0;
+  return hd?hd->fp_read:NULL;
 }
-
-/* Return information pertaining to TLS.  If TLS is not in use for HD,
-   NULL is returned.  WHAT is used ask for specific information:
-
-     (NULL) := Only check whether TLS is is use.  Returns an
-               unspecified string if TLS is in use.  That string may
-               even be the empty string.
- */
-const char *
-http_get_tls_info (http_t hd, const char *what)
+FILE *
+http_get_write_ptr (http_t hd)
 {
-  (void)what;
-
-  if (!hd)
-    return NULL;
-
-  return hd->uri->use_tls? "":NULL;
+  return hd?hd->fp_write:NULL;
 }
-
-
-
-static gpg_error_t
-parse_uri (parsed_uri_t *ret_uri, const char *uri,
-           int no_scheme_check, int force_tls)
+#endif /*!HTTP_USE_ESTREAM*/
+unsigned int
+http_get_status_code (http_t hd)
 {
-  gpg_err_code_t ec;
-
-  *ret_uri = xtrycalloc (1, sizeof **ret_uri + strlen (uri));
-  if (!*ret_uri)
-    return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-  strcpy ((*ret_uri)->buffer, uri);
-  ec = do_parse_uri (*ret_uri, 0, no_scheme_check, force_tls);
-  if (ec)
-    {
-      xfree (*ret_uri);
-      *ret_uri = NULL;
-    }
-  return gpg_err_make (default_errsource, ec);
+  return hd?hd->status_code:0;
 }
 
 
+
 /*
  * Parse an URI and put the result into the newly allocated RET_URI.
- * On success the caller must use http_release_parsed_uri() to
- * releases the resources.  If NO_SCHEME_CHECK is set, the function
- * tries to parse the URL in the same way it would do for an HTTP
- * style URI.
+ * The caller must always use release_parsed_uri() to releases the
+ * resources (even on error).
  */
 gpg_error_t
-http_parse_uri (parsed_uri_t *ret_uri, const char *uri,
-                int no_scheme_check)
+http_parse_uri (parsed_uri_t * ret_uri, const char *uri)
 {
-  return parse_uri (ret_uri, uri, no_scheme_check, 0);
+  *ret_uri = xcalloc (1, sizeof **ret_uri + strlen (uri));
+  strcpy ((*ret_uri)->buffer, uri);
+  return do_parse_uri (*ret_uri, 0);
 }
 
-
 void
 http_release_parsed_uri (parsed_uri_t uri)
 {
@@ -1048,9 +561,8 @@
 }
 
 
-static gpg_err_code_t
-do_parse_uri (parsed_uri_t uri, int only_local_part,
-              int no_scheme_check, int force_tls)
+static gpg_error_t
+do_parse_uri (parsed_uri_t uri, int only_local_part)
 {
   uri_tuple_t *tail;
   char *p, *p2, *p3, *pp;
@@ -1064,51 +576,42 @@
   uri->port = 0;
   uri->params = uri->query = NULL;
   uri->use_tls = 0;
-  uri->is_http = 0;
-  uri->opaque = 0;
-  uri->v6lit = 0;
 
   /* A quick validity check. */
   if (strspn (p, VALID_URI_CHARS) != n)
-    return GPG_ERR_BAD_URI;	/* Invalid characters found. */
+    return gpg_error (GPG_ERR_BAD_URI);	/* Invalid characters found. */
 
   if (!only_local_part)
     {
       /* Find the scheme. */
       if (!(p2 = strchr (p, ':')) || p2 == p)
-	return GPG_ERR_BAD_URI; /* No scheme. */
+	return gpg_error (GPG_ERR_BAD_URI); /* No scheme. */
       *p2++ = 0;
       for (pp=p; *pp; pp++)
        *pp = tolower (*(unsigned char*)pp);
       uri->scheme = p;
-      if (!strcmp (uri->scheme, "http") && !force_tls)
-        {
-          uri->port = 80;
-          uri->is_http = 1;
-        }
-      else if (!strcmp (uri->scheme, "hkp") && !force_tls)
-        {
-          uri->port = 11371;
-          uri->is_http = 1;
-        }
-#ifdef USE_TLS
-      else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps")
-               || (force_tls && (!strcmp (uri->scheme, "http")
-                                 || !strcmp (uri->scheme,"hkp"))))
+      if (!strcmp (uri->scheme, "http"))
+        uri->port = 80;
+#ifdef HTTP_USE_GNUTLS
+      else if (!strcmp (uri->scheme, "https"))
         {
           uri->port = 443;
-          uri->is_http = 1;
           uri->use_tls = 1;
         }
-#endif /*USE_TLS*/
-      else if (!no_scheme_check)
-	return GPG_ERR_INV_URI; /* Unsupported scheme */
+#endif
+      else
+	return gpg_error (GPG_ERR_INV_URI); /* Unsupported scheme */
 
       p = p2;
 
-      if (*p == '/' && p[1] == '/' ) /* There seems to be a hostname. */
+      /* Find the hostname */
+      if (*p != '/')
+	return gpg_error (GPG_ERR_INV_URI); /* Does not start with a slash. */
+
+      p++;
+      if (*p == '/') /* There seems to be a hostname. */
 	{
-          p += 2;
+	  p++;
 	  if ((p2 = strchr (p, '/')))
 	    *p2++ = 0;
 
@@ -1129,7 +632,6 @@
 	      *p3++ = '\0';
 	      /* worst case, uri->host should have length 0, points to \0 */
 	      uri->host = p + 1;
-              uri->v6lit = 1;
 	      p = p3;
 	    }
 	  else
@@ -1142,20 +644,11 @@
 	    }
 
 	  if ((n = remove_escapes (uri->host)) < 0)
-	    return GPG_ERR_BAD_URI;
+	    return gpg_error (GPG_ERR_BAD_URI);
 	  if (n != strlen (uri->host))
-	    return GPG_ERR_BAD_URI;	/* Hostname incudes a Nul. */
+	    return gpg_error (GPG_ERR_BAD_URI);	/* Hostname incudes a Nul. */
 	  p = p2 ? p2 : NULL;
 	}
-      else if (uri->is_http)
-	return GPG_ERR_INV_URI; /* No Leading double slash for HTTP.  */
-      else
-        {
-          uri->opaque = 1;
-          uri->path = p;
-          return 0;
-        }
-
     } /* End global URI part. */
 
   /* Parse the pathname part */
@@ -1170,9 +663,9 @@
 
   uri->path = p;
   if ((n = remove_escapes (p)) < 0)
-    return GPG_ERR_BAD_URI;
+    return gpg_error (GPG_ERR_BAD_URI);
   if (n != strlen (p))
-    return GPG_ERR_BAD_URI;	/* Path includes a Nul. */
+    return gpg_error (GPG_ERR_BAD_URI);	/* Path includes a Nul. */
   p = p2 ? p2 : NULL;
 
   if (!p || !*p)
@@ -1187,7 +680,7 @@
       if ((p2 = strchr (p, '&')))
 	*p2++ = 0;
       if (!(elem = parse_tuple (p)))
-	return GPG_ERR_BAD_URI;
+	return gpg_error (GPG_ERR_BAD_URI);
       *tail = elem;
       tail = &elem->next;
 
@@ -1249,41 +742,16 @@
 }
 
 
-/* If SPECIAL is NULL this function escapes in forms mode.  */
-static size_t
-escape_data (char *buffer, const void *data, size_t datalen,
-             const char *special)
+static int
+insert_escapes (char *buffer, const char *string,
+		const char *special)
 {
-  int forms = !special;
-  const unsigned char *s;
-  size_t n = 0;
-
-  if (forms)
-    special = "%;?&=";
+  const unsigned char *s = (const unsigned char*)string;
+  int n = 0;
 
-  for (s = data; datalen; s++, datalen--)
+  for (; *s; s++)
     {
-      if (forms && *s == ' ')
-        {
-	  if (buffer)
-	    *buffer++ = '+';
-	  n++;
-        }
-      else if (forms && *s == '\n')
-        {
-	  if (buffer)
-	    memcpy (buffer, "%0D%0A", 6);
-	  n += 6;
-        }
-      else if (forms && *s == '\r' && datalen > 1 && s[1] == '\n')
-        {
-	  if (buffer)
-	    memcpy (buffer, "%0D%0A", 6);
-	  n += 6;
-          s++;
-          datalen--;
-        }
-      else if (strchr (VALID_URI_CHARS, *s) && !strchr (special, *s))
+      if (strchr (VALID_URI_CHARS, *s) && !strchr (special, *s))
 	{
 	  if (buffer)
 	    *(unsigned char*)buffer++ = *s;
@@ -1293,7 +761,7 @@
 	{
 	  if (buffer)
 	    {
-	      snprintf (buffer, 4, "%%%02X", *s);
+	      sprintf (buffer, "%%%02X", *s);
 	      buffer += 3;
 	    }
 	  n += 3;
@@ -1303,20 +771,11 @@
 }
 
 
-static int
-insert_escapes (char *buffer, const char *string,
-		const char *special)
-{
-  return escape_data (buffer, string, strlen (string), special);
-}
-
-
 /* Allocate a new string from STRING using standard HTTP escaping as
    well as escaping of characters given in SPECIALS.  A common pattern
    for SPECIALS is "%;?&=". However it depends on the needs, for
    example "+" and "/: often needs to be escaped too.  Returns NULL on
-   failure and sets ERRNO.  If SPECIAL is NULL a dedicated forms
-   encoding mode is used. */
+   failure and sets ERRNO. */
 char *
 http_escape_string (const char *string, const char *specials)
 {
@@ -1333,27 +792,6 @@
   return buf;
 }
 
-/* Allocate a new string from {DATA,DATALEN} using standard HTTP
-   escaping as well as escaping of characters given in SPECIALS.  A
-   common pattern for SPECIALS is "%;?&=".  However it depends on the
-   needs, for example "+" and "/: often needs to be escaped too.
-   Returns NULL on failure and sets ERRNO.  If SPECIAL is NULL a
-   dedicated forms encoding mode is used. */
-char *
-http_escape_data (const void *data, size_t datalen, const char *specials)
-{
-  int n;
-  char *buf;
-
-  n = escape_data (NULL, data, datalen, specials);
-  buf = xtrymalloc (n+1);
-  if (buf)
-    {
-      escape_data (buf, data, datalen, specials);
-      buf[n] = 0;
-    }
-  return buf;
-}
 
 
 static uri_tuple_t
@@ -1394,41 +832,15 @@
 }
 
 
-/* Return true if STRING is likely "hostname:port" or only "hostname".  */
-static int
-is_hostname_port (const char *string)
-{
-  int colons = 0;
-
-  if (!string || !*string)
-    return 0;
-  for (; *string; string++)
-    {
-      if (*string == ':')
-        {
-          if (colons)
-            return 0;
-          if (!string[1])
-            return 0;
-          colons++;
-        }
-      else if (!colons && strchr (" \t\f\n\v_@[]/", *string))
-        return 0; /* Invalid characters in hostname. */
-      else if (colons && !digitp (string))
-        return 0; /* Not a digit in the port.  */
-    }
-  return 1;
-}
-
-
 /*
  * Send a HTTP request to the server
  * Returns 0 if the request was successful
  */
 static gpg_error_t
-send_request (http_t hd, const char *httphost, const char *auth,
-	      const char *proxy, const char *srvtag, strlist_t headers)
+send_request (http_t hd, const char *auth,
+	      const char *proxy, struct http_srv *srv, strlist_t headers)
 {
+  gnutls_session_t tls_session;
   gpg_error_t err;
   const char *server;
   char *request, *p;
@@ -1436,96 +848,36 @@
   const char *http_proxy = NULL;
   char *proxy_authstr = NULL;
   char *authstr = NULL;
-  int sock;
-  int hnf;
-
-  if (hd->uri->use_tls && !hd->session)
-    {
-      log_error ("TLS requested but no session object provided\n");
-      return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
-    }
-#ifdef USE_TLS
-  if (hd->uri->use_tls && !hd->session->tls_session)
+  int save_errno;
+
+  tls_session = hd->tls_context;
+  if (hd->uri->use_tls && !tls_session)
     {
-      log_error ("TLS requested but no GNUTLS context available\n");
-      return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
+      log_error ("TLS requested but no GNUTLS context provided\n");
+      return gpg_error (GPG_ERR_INTERNAL);
     }
-#endif /*USE_TLS*/
 
   server = *hd->uri->host ? hd->uri->host : "localhost";
   port = hd->uri->port ? hd->uri->port : 80;
 
-  /* Try to use SNI.  */
-#ifdef USE_TLS
-  if (hd->uri->use_tls)
-    {
-# if HTTP_USE_GNUTLS
-      int rc;
-# endif
-
-      xfree (hd->session->servername);
-      hd->session->servername = xtrystrdup (httphost? httphost : server);
-      if (!hd->session->servername)
-        {
-          err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-          return err;
-        }
-
-# if HTTP_USE_NTBTLS
-      err = ntbtls_set_hostname (hd->session->tls_session,
-                                 hd->session->servername);
-      if (err)
-        {
-          log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
-          return err;
-        }
-# elif HTTP_USE_GNUTLS
-      rc = gnutls_server_name_set (hd->session->tls_session,
-                                   GNUTLS_NAME_DNS,
-                                   hd->session->servername,
-                                   strlen (hd->session->servername));
-      if (rc < 0)
-        log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
-# endif /*HTTP_USE_GNUTLS*/
-    }
-#endif /*USE_TLS*/
-
   if ( (proxy && *proxy)
        || ( (hd->flags & HTTP_FLAG_TRY_PROXY)
             && (http_proxy = getenv (HTTP_PROXY_ENV))
             && *http_proxy ))
     {
       parsed_uri_t uri;
-      int save_errno;
 
       if (proxy)
 	http_proxy = proxy;
 
-      err = parse_uri (&uri, http_proxy, 1, 0);
-      if (gpg_err_code (err) == GPG_ERR_INV_URI
-          && is_hostname_port (http_proxy))
-        {
-          /* Retry assuming a "hostname:port" string.  */
-          char *tmpname = strconcat ("http://", http_proxy, NULL);
-          if (tmpname && !parse_uri (&uri, tmpname, 0, 0))
-            err = 0;
-          xfree (tmpname);
-        }
-
-      if (err)
-        ;
-      else if (!strcmp (uri->scheme, "http") || !strcmp (uri->scheme, "socks4"))
-        ;
-      else if (!strcmp (uri->scheme, "socks5h"))
-        err = gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
-      else
-        err = gpg_err_make (default_errsource, GPG_ERR_INV_URI);
-
+      err = http_parse_uri (&uri, http_proxy);
       if (err)
 	{
 	  log_error ("invalid HTTP proxy (%s): %s\n",
 		     http_proxy, gpg_strerror (err));
-	  return gpg_err_make (default_errsource, GPG_ERR_CONFIGURATION);
+	  http_release_parsed_uri (uri);
+	  return gpg_error (GPG_ERR_CONFIGURATION);
+
 	}
 
       if (uri->auth)
@@ -1536,123 +888,60 @@
                                             uri->auth, strlen(uri->auth));
           if (!proxy_authstr)
             {
-              err = gpg_err_make (default_errsource,
-                                  gpg_err_code_from_syserror ());
+              err = gpg_error_from_syserror ();
               http_release_parsed_uri (uri);
               return err;
             }
         }
 
-      sock = connect_server (*uri->host ? uri->host : "localhost",
-                             uri->port ? uri->port : 80,
-                             hd->flags, srvtag, &hnf);
+      hd->sock = connect_server (*uri->host ? uri->host : "localhost",
+				 uri->port ? uri->port : 80,
+                                 hd->flags, srv);
       save_errno = errno;
       http_release_parsed_uri (uri);
-      if (sock == -1)
-        gpg_err_set_errno (save_errno);
     }
   else
     {
-      sock = connect_server (server, port, hd->flags, srvtag, &hnf);
+      hd->sock = connect_server (server, port, hd->flags, srv);
+      save_errno = errno;
     }
 
-  if (sock == -1)
+  if (hd->sock == -1)
     {
       xfree (proxy_authstr);
-      return gpg_err_make (default_errsource,
-                           (hnf? GPG_ERR_UNKNOWN_HOST
-                               : gpg_err_code_from_syserror ()));
+      return (save_errno
+              ? gpg_error_from_errno (save_errno)
+              : gpg_error (GPG_ERR_NOT_FOUND));
     }
-  hd->sock = my_socket_new (sock);
-  if (!hd->sock)
-    {
-      xfree (proxy_authstr);
-      return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-    }
-
-
-
-#if HTTP_USE_NTBTLS
-  if (hd->uri->use_tls)
-    {
-      my_socket_ref (hd->sock);
 
-      while ((err = ntbtls_handshake (hd->session->tls_session)))
-        {
-          switch (err)
-            {
-            default:
-              log_info ("TLS handshake failed: %s <%s>\n",
-                        gpg_strerror (err), gpg_strsource (err));
-              xfree (proxy_authstr);
-              return err;
-            }
-        }
-
-      hd->session->verify.done = 0;
-      if (tls_callback)
-        err = tls_callback (hd, hd->session, 0);
-      else
-        err = http_verify_server_credentials (hd->session);
-      if (err)
-        {
-          log_info ("TLS connection authentication failed: %s <%s>\n",
-                    gpg_strerror (err), gpg_strsource (err));
-          xfree (proxy_authstr);
-          return err;
-        }
-    }
-#elif HTTP_USE_GNUTLS
+#ifdef HTTP_USE_GNUTLS
   if (hd->uri->use_tls)
     {
       int rc;
 
-      my_socket_ref (hd->sock);
-      gnutls_transport_set_ptr (hd->session->tls_session, hd->sock);
-#ifdef USE_NPTH
-      gnutls_transport_set_pull_function (hd->session->tls_session,
-                                          my_npth_read);
-      gnutls_transport_set_push_function (hd->session->tls_session,
-                                          my_npth_write);
-#endif
-
+      gnutls_transport_set_ptr (tls_session, (gnutls_transport_ptr_t)hd->sock);
       do
         {
-          rc = gnutls_handshake (hd->session->tls_session);
+          rc = gnutls_handshake (tls_session);
         }
       while (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN);
       if (rc < 0)
         {
-          if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED
-              || rc == GNUTLS_E_FATAL_ALERT_RECEIVED)
-            {
-              gnutls_alert_description_t alertno;
-              const char *alertstr;
-
-              alertno = gnutls_alert_get (hd->session->tls_session);
-              alertstr = gnutls_alert_get_name (alertno);
-              log_info ("TLS handshake failed: %s (alert %d)\n",
-                        alertstr, (int)alertno);
-              if (alertno == GNUTLS_A_UNRECOGNIZED_NAME && server)
-                log_info ("  (sent server name '%s')\n", server);
-            }
-          else
-            log_info ("TLS handshake failed: %s\n", gnutls_strerror (rc));
+          log_info ("TLS handshake failed: %s\n", gnutls_strerror (rc));
           xfree (proxy_authstr);
-          return gpg_err_make (default_errsource, GPG_ERR_NETWORK);
+          return gpg_error (GPG_ERR_NETWORK);
         }
 
-      hd->session->verify.done = 0;
       if (tls_callback)
-        err = tls_callback (hd, hd->session, 0);
-      else
-        err = http_verify_server_credentials (hd->session);
-      if (err)
         {
-          log_info ("TLS connection authentication failed: %s\n",
-                    gpg_strerror (err));
-          xfree (proxy_authstr);
-          return err;
+          err = tls_callback (hd, tls_session, 0);
+          if (err)
+            {
+              log_info ("TLS connection authentication failed: %s\n",
+                        gpg_strerror (err));
+              xfree (proxy_authstr);
+              return err;
+            }
         }
     }
 #endif /*HTTP_USE_GNUTLS*/
@@ -1667,7 +956,7 @@
           if (!myauth)
             {
               xfree (proxy_authstr);
-              return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+              return gpg_error_from_syserror ();
             }
           remove_escapes (myauth);
         }
@@ -1677,7 +966,7 @@
           myauth = hd->uri->auth;
         }
 
-      authstr = make_header_line ("Authorization: Basic ", "\r\n",
+      authstr = make_header_line ("Authorization: Basic %s", "\r\n",
                                   myauth, strlen (myauth));
       if (auth)
         xfree (myauth);
@@ -1685,58 +974,58 @@
       if (!authstr)
         {
           xfree (proxy_authstr);
-          return gpg_err_make (default_errsource,
-                               gpg_err_code_from_syserror ());
+          return gpg_error_from_syserror ();
         }
     }
 
   p = build_rel_path (hd->uri);
   if (!p)
-    return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+    return gpg_error_from_syserror ();
+
+  request = xtrymalloc (2 * strlen (server)
+                        + strlen (p)
+                        + (authstr?strlen(authstr):0)
+                        + (proxy_authstr?strlen(proxy_authstr):0)
+                        + 100);
+  if (!request)
+    {
+      err = gpg_error_from_syserror ();
+      xfree (p);
+      xfree (authstr);
+      xfree (proxy_authstr);
+      return err;
+    }
 
   if (http_proxy && *http_proxy)
     {
-      request = es_bsprintf
-        ("%s %s://%s:%hu%s%s HTTP/1.0\r\n%s%s",
-         hd->req_type == HTTP_REQ_GET ? "GET" :
-         hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
-         hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
-         hd->uri->use_tls? "https" : "http",
-         httphost? httphost : server,
-         port, *p == '/' ? "" : "/", p,
-         authstr ? authstr : "",
-         proxy_authstr ? proxy_authstr : "");
+      sprintf (request, "%s http://%s:%hu%s%s HTTP/1.0\r\n%s%s",
+	       hd->req_type == HTTP_REQ_GET ? "GET" :
+	       hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
+	       hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
+	       server, port, *p == '/' ? "" : "/", p,
+	       authstr ? authstr : "",
+               proxy_authstr ? proxy_authstr : "");
     }
   else
     {
       char portstr[35];
 
-      if (port == 80)
+      if (port == 80 || (srv && srv->used_server))
         *portstr = 0;
       else
-        snprintf (portstr, sizeof portstr, ":%u", port);
+        sprintf (portstr, ":%u", port);
 
-      request = es_bsprintf
-        ("%s %s%s HTTP/1.0\r\nHost: %s%s\r\n%s",
-         hd->req_type == HTTP_REQ_GET ? "GET" :
-         hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
-         hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
-         *p == '/' ? "" : "/", p,
-         httphost? httphost : server,
-         portstr,
-         authstr? authstr:"");
+      sprintf (request, "%s %s%s HTTP/1.0\r\nHost: %s%s\r\n%s",
+	       hd->req_type == HTTP_REQ_GET ? "GET" :
+	       hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
+	       hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
+	       *p == '/' ? "" : "/", p, server, portstr,
+               authstr? authstr:"");
     }
   xfree (p);
-  if (!request)
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      xfree (authstr);
-      xfree (proxy_authstr);
-      return err;
-    }
 
-  /* log_debug ("request:\n%s\nEND request\n", request); */
 
+#ifdef HTTP_USE_ESTREAM
   /* First setup estream so that we can write even the first line
      using estream.  This is also required for the sake of gnutls. */
   {
@@ -1745,44 +1034,68 @@
     cookie = xtrycalloc (1, sizeof *cookie);
     if (!cookie)
       {
-        err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+        err = gpg_error_from_syserror ();
         goto leave;
       }
-    cookie->sock = my_socket_ref (hd->sock);
-    hd->write_cookie = cookie;
-    cookie->use_tls = hd->uri->use_tls;
-    cookie->session = http_session_ref (hd->session);
+    cookie->fd = hd->sock;
+    if (hd->uri->use_tls)
+      {
+        cookie->tls_session = tls_session;
+        hd->write_cookie = cookie;
+      }
 
     hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
     if (!hd->fp_write)
       {
-        err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-        my_socket_unref (cookie->sock, NULL, NULL);
         xfree (cookie);
-        hd->write_cookie = NULL;
+        err = gpg_error_from_syserror ();
       }
     else if (es_fputs (request, hd->fp_write) || es_fflush (hd->fp_write))
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+      err = gpg_error_from_syserror ();
     else
       err = 0;
 
+  if(err==0)
+    for(;headers;headers=headers->next)
+      {
+	if ((es_fputs (headers->d, hd->fp_write) || es_fflush (hd->fp_write))
+	    || (es_fputs("\r\n",hd->fp_write) || es_fflush(hd->fp_write)))
+	  {
+	    err = gpg_error_from_syserror ();
+	    break;
+	  }
+      }
+  }
+
+ leave:
+
+#else /*!HTTP_USE_ESTREAM*/
+  /* We send out the start of the request through our own send
+     function and only then assign a stdio stream.  This allows for
+     better error reporting that through standard stdio means. */
+  err = write_server (hd->sock, request, strlen (request));
+
+  if(err==0)
+    for(;headers;headers=headers->next)
+      {
+	err = write_server( hd->sock, headers->d, strlen(headers->d) );
+	if(err)
+	  break;
+	err = write_server( hd->sock, "\r\n", 2 );
+	if(err)
+	  break;
+      }
+
   if (!err)
     {
-      for (;headers; headers=headers->next)
-        {
-          if ((es_fputs (headers->d, hd->fp_write) || es_fflush (hd->fp_write))
-              || (es_fputs("\r\n",hd->fp_write) || es_fflush(hd->fp_write)))
-            {
-              err = gpg_err_make (default_errsource,
-                                  gpg_err_code_from_syserror ());
-              break;
-            }
-        }
+      hd->fp_write = fdopen (hd->sock, "w");
+      if (!hd->fp_write)
+        err = gpg_error_from_syserror ();
     }
-  }
 
- leave:
-  es_free (request);
+#endif /*!HTTP_USE_ESTREAM*/
+
+  xfree (request);
   xfree (authstr);
   xfree (proxy_authstr);
 
@@ -1842,6 +1155,97 @@
 }
 
 
+
+/*
+   Same as fgets() but if the buffer is too short a larger one will be
+   allocated up to some limit *MAX_LENGTH.  A line is considered a
+   byte stream ending in a LF.  Returns the length of the line. EOF is
+   indicated by a line of length zero. The last LF may be missing due
+   to an EOF.  If MAX_LENGTH is zero on return, the line has been
+   truncated.  If the returned buffer is NULL, not enough memory was
+   enable to increase it, the return value will also be 0 and some
+   bytes might have been lost which should be no problem becuase
+   out-of-memory is pretty fatal for most applications.
+
+   If a line has been truncated, the file pointer is internally moved
+   forward to the end of the line.
+
+   Note: The returned buffer is allocated with enough extra space to
+   append a CR,LF,Nul
+ */
+static size_t
+my_read_line (
+#ifdef HTTP_USE_ESTREAM
+              estream_t fp,
+#else
+              FILE *fp,
+#endif
+              char **addr_of_buffer,
+              size_t *length_of_buffer, size_t *max_length)
+{
+  int c;
+  char *buffer = *addr_of_buffer;
+  size_t length = *length_of_buffer;
+  size_t nbytes = 0;
+  size_t maxlen = *max_length;
+  char *p;
+
+  if (!buffer) /* Must allocate a new buffer. */
+    {
+      length = 256;
+      buffer = xtrymalloc (length);
+      *addr_of_buffer = buffer;
+      if (!buffer)
+	{
+	  *length_of_buffer = *max_length = 0;
+	  return 0;
+	}
+      *length_of_buffer = length;
+    }
+
+  length -= 3; /* Reserve 3 bytes (cr,lf,eol). */
+  p = buffer;
+  while ((c = P_ES(getc) (fp)) != EOF)
+    {
+      if (nbytes == length) /* Increase the buffer. */
+	{
+	  if (length > maxlen) /* Limit reached. */
+	    {
+	      /* Skip the rest of the line. */
+	      while (c != '\n' && (c = P_ES(getc) (fp)) != EOF)
+		;
+	      *p++ = '\n'; /* Always append a LF (we reserved some space). */
+	      nbytes++;
+	      *max_length = 0; /* Indicate truncation */
+	      break; /*(the while loop)*/
+	    }
+	  length += 3; /* Adjust for the reserved bytes. */
+	  length += length < 1024 ? 256 : 1024;
+	  *addr_of_buffer = xtryrealloc (buffer, length);
+	  if (!*addr_of_buffer)
+	    {
+	      int save_errno = errno;
+	      xfree (buffer);
+	      *length_of_buffer = *max_length = 0;
+	      errno = save_errno;
+	      return 0;
+	    }
+	  buffer = *addr_of_buffer;
+	  *length_of_buffer = length;
+	  length -= 3; /* And re-adjust for the reservation. */
+	  p = buffer + nbytes;
+	}
+      *p++ = c;
+      nbytes++;
+      if (c == '\n')
+	break;
+    }
+  *p = 0; /* Make sure the line is a string. */
+
+  return nbytes;
+}
+
+
 /* Transform a header name into a standard capitalized format; e.g.
    "Content-Type".  Conversion stops at the colon.  As usual we don't
    use the localized versions of ctype.h. */
@@ -1869,7 +1273,7 @@
 /* Store an HTTP header line in LINE away.  Line continuation is
    supported as well as merging of headers with the same name. This
    function may modify LINE. */
-static gpg_err_code_t
+static gpg_error_t
 store_header (http_t hd, char *line)
 {
   size_t n;
@@ -1884,17 +1288,17 @@
         line[--n] = 0;
     }
   if (!n)  /* we are never called to hit this. */
-    return GPG_ERR_BUG;
+    return gpg_error (GPG_ERR_BUG);
   if (*line == ' ' || *line == '\t')
     {
       /* Continuation. This won't happen too often as it is not
          recommended.  We use a straightforward implementaion. */
       if (!hd->headers)
-        return GPG_ERR_PROTOCOL_VIOLATION;
+        return gpg_error (GPG_ERR_PROTOCOL_VIOLATION);
       n += strlen (hd->headers->value);
       p = xtrymalloc (n+1);
       if (!p)
-        return gpg_err_code_from_syserror ();
+        return gpg_error_from_syserror ();
       strcpy (stpcpy (p, hd->headers->value), line);
       xfree (hd->headers->value);
       hd->headers->value = p;
@@ -1904,7 +1308,7 @@
   capitalize_header_name (line);
   p = strchr (line, ':');
   if (!p)
-    return GPG_ERR_PROTOCOL_VIOLATION;
+    return gpg_error (GPG_ERR_PROTOCOL_VIOLATION);
   *p++ = 0;
   while (*p == ' ' || *p == '\t')
     p++;
@@ -1919,7 +1323,7 @@
          it is a comma separated list and merge them.  */
       p = xtrymalloc (strlen (h->value) + 1 + strlen (value)+ 1);
       if (!p)
-        return gpg_err_code_from_syserror ();
+        return gpg_error_from_syserror ();
       strcpy (stpcpy (stpcpy (p, h->value), ","), value);
       xfree (h->value);
       h->value = p;
@@ -1929,13 +1333,13 @@
   /* Append a new header. */
   h = xtrymalloc (sizeof *h + strlen (line));
   if (!h)
-    return gpg_err_code_from_syserror ();
+    return gpg_error_from_syserror ();
   strcpy (h->name, line);
   h->value = xtrymalloc (strlen (value)+1);
   if (!h->value)
     {
       xfree (h);
-      return gpg_err_code_from_syserror ();
+      return gpg_error_from_syserror ();
     }
   strcpy (h->value, value);
   h->next = hd->headers;
@@ -1946,10 +1350,12 @@
 
 
 /* Return the header NAME from the last response.  The returned value
-   is valid as along as HD has not been closed and no other request
-   has been send. If the header was not found, NULL is returned.  NAME
+   is valid as along as HD has not been closed and no othe request has
+   been send. If the header was not found, NULL is returned.  Name
    must be canonicalized, that is the first letter of each dash
-   delimited part must be uppercase and all other letters lowercase.  */
+   delimited part must be uppercase and all other letters lowercase.
+   Note that the context must have been opened with the
+   HTTP_FLAG_NEED_HEADER. */
 const char *
 http_get_header (http_t hd, const char *name)
 {
@@ -1962,41 +1368,16 @@
 }
 
 
-/* Return a newly allocated and NULL terminated array with pointers to
-   header names.  The array must be released with xfree() and its
-   content is only values as long as no other request has been
-   send.  */
-const char **
-http_get_header_names (http_t hd)
-{
-  const char **array;
-  size_t n;
-  header_t h;
-
-  for (n=0, h = hd->headers; h; h = h->next)
-    n++;
-  array = xtrycalloc (n+1, sizeof *array);
-  if (array)
-    {
-      for (n=0, h = hd->headers; h; h = h->next)
-        array[n++] = h->name;
-    }
-
-  return array;
-}
-
 
 /*
  * Parse the response from a server.
  * Returns: Errorcode and sets some files in the handle
  */
-static gpg_err_code_t
+static gpg_error_t
 parse_response (http_t hd)
 {
   char *line, *p, *p2;
   size_t maxlen, len;
-  cookie_t cookie = hd->read_cookie;
-  const char *s;
 
   /* Delete old header lines.  */
   while (hd->headers)
@@ -2011,17 +1392,16 @@
   do
     {
       maxlen = MAX_LINELEN;
-      len = es_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
+      len = my_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
       line = hd->buffer;
       if (!line)
-	return gpg_err_code_from_syserror (); /* Out of core. */
+	return gpg_error_from_syserror (); /* Out of core. */
       if (!maxlen)
-	return GPG_ERR_TRUNCATED; /* Line has been truncated. */
+	return gpg_error (GPG_ERR_TRUNCATED); /* Line has been truncated. */
       if (!len)
-	return GPG_ERR_EOF;
-
-      if ((hd->flags & HTTP_FLAG_LOG_RESP))
-        log_info ("RESP: '%.*s'\n",
+	return gpg_error (GPG_ERR_EOF);
+      if ( (hd->flags & HTTP_FLAG_LOG_RESP) )
+        log_info ("RESP: `%.*s'\n",
                   (int)strlen(line)-(*line&&line[1]?2:0),line);
     }
   while (!*line);
@@ -2056,39 +1436,28 @@
   do
     {
       maxlen = MAX_LINELEN;
-      len = es_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
+      len = my_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
       line = hd->buffer;
       if (!line)
-	return gpg_err_code_from_syserror (); /* Out of core. */
+	return gpg_error_from_syserror (); /* Out of core. */
       /* Note, that we can silently ignore truncated lines. */
       if (!len)
-	return GPG_ERR_EOF;
+	return gpg_error (GPG_ERR_EOF);
       /* Trim line endings of empty lines. */
       if ((*line == '\r' && line[1] == '\n') || *line == '\n')
 	*line = 0;
-      if ((hd->flags & HTTP_FLAG_LOG_RESP))
-        log_info ("RESP: '%.*s'\n",
+      if ( (hd->flags & HTTP_FLAG_LOG_RESP) )
+        log_info ("RESP: `%.*s'\n",
                   (int)strlen(line)-(*line&&line[1]?2:0),line);
-      if (*line)
+      if ( (hd->flags & HTTP_FLAG_NEED_HEADER) && *line )
         {
-          gpg_err_code_t ec = store_header (hd, line);
-          if (ec)
-            return ec;
+          gpg_error_t err = store_header (hd, line);
+          if (err)
+            return err;
         }
     }
   while (len && *line);
 
-  cookie->content_length_valid = 0;
-  if (!(hd->flags & HTTP_FLAG_IGNORE_CL))
-    {
-      s = http_get_header (hd, "Content-Length");
-      if (s)
-        {
-          cookie->content_length_valid = 1;
-          cookie->content_length = counter_strtoul (s);
-        }
-    }
-
   return 0;
 }
 
@@ -2135,14 +1504,14 @@
       FD_ZERO (&rfds);
       FD_SET (fd, &rfds);
 
-      if (my_select (fd + 1, &rfds, NULL, NULL, NULL) <= 0)
+      if (select (fd + 1, &rfds, NULL, NULL, NULL) <= 0)
 	continue;		/* ignore any errors */
 
       if (!FD_ISSET (fd, &rfds))
 	continue;
 
       addrlen = sizeof peer;
-      client = my_accept (fd, (struct sockaddr *) &peer, &addrlen);
+      client = accept (fd, (struct sockaddr *) &peer, &addrlen);
       if (client == -1)
 	continue;		/* oops */
 
@@ -2173,21 +1542,22 @@
    error.  ERRNO is set on error. */
 static int
 connect_server (const char *server, unsigned short port,
-                unsigned int flags, const char *srvtag, int *r_host_not_found)
+                unsigned int flags, struct http_srv *srv)
 {
   int sock = -1;
   int srvcount = 0;
+  int fakesrv = 0;
   int hostfound = 0;
-  int anyhostaddr = 0;
-  int srv, connected;
+  int srvindex, connected;
+  int chosen = -1;
   int last_errno = 0;
   struct srventry *serverlist = NULL;
-#ifdef HAVE_W32_SYSTEM
-  unsigned long inaddr;
-#endif
 
-  *r_host_not_found = 0;
+  /* Not currently using the flags */
+  (void)flags;
+
 #ifdef HAVE_W32_SYSTEM
+  unsigned long inaddr;
 
 #ifndef HTTP_NO_WSASTARTUP
   init_sockets ();
@@ -2212,7 +1582,7 @@
       addr.sin_port = htons(port);
       memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr));
 
-      if (!my_connect (sock,(struct sockaddr *)&addr,sizeof(addr)) )
+      if (!connect (sock,(struct sockaddr *)&addr,sizeof(addr)) )
 	return sock;
       sock_close(sock);
       return -1;
@@ -2221,21 +1591,18 @@
 
 #ifdef USE_DNS_SRV
   /* Do the SRV thing */
-  if (srvtag)
+  if (srv && srv->srvtag)
     {
       /* We're using SRV, so append the tags. */
-      if (1+strlen (srvtag) + 6 + strlen (server) + 1 <= MAXDNAME)
+      if (1+strlen (srv->srvtag) + 6 + strlen (server) + 1 <= MAXDNAME)
 	{
 	  char srvname[MAXDNAME];
 
-	  stpcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
+	  stpcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srv->srvtag),
                            "._tcp."), server);
 	  srvcount = getsrv (srvname, &serverlist);
 	}
     }
-#else
-  (void)flags;
-  (void)srvtag;
 #endif /*USE_DNS_SRV*/
 
   if (!serverlist)
@@ -2249,29 +1616,25 @@
       strncpy (serverlist->target, server, MAXDNAME);
       serverlist->target[MAXDNAME-1] = '\0';
       srvcount = 1;
+      fakesrv = 1;
     }
 
 #ifdef HAVE_GETADDRINFO
   connected = 0;
-  for (srv=0; srv < srvcount && !connected; srv++)
+  for (srvindex=0; srvindex < srvcount && !connected; srvindex++)
     {
       struct addrinfo hints, *res, *ai;
       char portstr[35];
 
-      snprintf (portstr, sizeof portstr, "%hu", port);
+      sprintf (portstr, "%hu", serverlist[srvindex].port);
       memset (&hints, 0, sizeof (hints));
       hints.ai_socktype = SOCK_STREAM;
-      if (getaddrinfo (serverlist[srv].target, portstr, &hints, &res))
+      if (getaddrinfo (serverlist[srvindex].target, portstr, &hints, &res))
         continue; /* Not found - try next one. */
       hostfound = 1;
 
       for (ai = res; ai && !connected; ai = ai->ai_next)
         {
-          if (ai->ai_family == AF_INET && (flags & HTTP_FLAG_IGNORE_IPv4))
-            continue;
-          if (ai->ai_family == AF_INET6 && (flags & HTTP_FLAG_IGNORE_IPv6))
-            continue;
-
           if (sock != -1)
             sock_close (sock);
           sock = socket (ai->ai_family, ai->ai_socktype, ai->ai_protocol);
@@ -2285,17 +1648,19 @@
               return -1;
             }
 
-          anyhostaddr = 1;
-          if (my_connect (sock, ai->ai_addr, ai->ai_addrlen))
+          if (connect (sock, ai->ai_addr, ai->ai_addrlen))
             last_errno = errno;
           else
-            connected = 1;
+            {
+	      connected = 1;
+	      chosen = srvindex;
+	    }
         }
       freeaddrinfo (res);
     }
 #else /* !HAVE_GETADDRINFO */
   connected = 0;
-  for (srv=0; srv < srvcount && !connected; srv++)
+  for (srvindex=0; srvindex < srvcount && !connected; srvindex++)
     {
       int i;
       struct hostent *host = NULL;
@@ -2304,7 +1669,7 @@
       /* Note: This code is not thread-safe.  */
 
       memset (&addr, 0, sizeof (addr));
-      host = gethostbyname (serverlist[srv].target);
+      host = gethostbyname (serverlist[srvindex].target);
       if (!host)
         continue;
       hostfound = 1;
@@ -2314,7 +1679,7 @@
       sock = socket (host->h_addrtype, SOCK_STREAM, 0);
       if (sock == -1)
         {
-          log_error ("error creating socket: %s\n", strerror (errno));
+          log_error (_("error creating socket: %s\n"), strerror (errno));
           xfree (serverlist);
           return -1;
         }
@@ -2322,16 +1687,16 @@
       addr.sin_family = host->h_addrtype;
       if (addr.sin_family != AF_INET)
 	{
-	  log_error ("unknown address family for '%s'\n",
-                     serverlist[srv].target);
+	  log_error ("unknown address family for `%s'\n",
+                     serverlist[srvindex].target);
           xfree (serverlist);
 	  return -1;
 	}
-      addr.sin_port = htons (serverlist[srv].port);
+      addr.sin_port = htons (serverlist[srvindex].port);
       if (host->h_length != 4)
         {
-          log_error ("illegal address length for '%s'\n",
-                     serverlist[srv].target);
+          log_error ("illegal address length for `%s'\n",
+                     serverlist[srvindex].target);
           xfree (serverlist);
           return -1;
         }
@@ -2339,44 +1704,42 @@
       /* Try all A records until one responds. */
       for (i = 0; host->h_addr_list[i] && !connected; i++)
         {
-          anyhostaddr = 1;
           memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length);
-          if (my_connect (sock, (struct sockaddr *) &addr, sizeof (addr)))
+          if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)))
             last_errno = errno;
           else
             {
               connected = 1;
+	      chosen = srvindex;
               break;
             }
         }
     }
 #endif /* !HAVE_GETADDRINFO */
 
+  if(!fakesrv && chosen >- 1 && srv)
+    {
+      srv->used_server = xstrdup (serverlist[chosen].target);
+      srv->used_port = serverlist[chosen].port;
+    }
+
   xfree (serverlist);
 
   if (!connected)
     {
-      if (!hostfound)
-        log_error ("can't connect to '%s': %s\n",
-                   server, "host not found");
-      else if (!anyhostaddr)
-        log_error ("can't connect to '%s': %s\n",
-                   server, "no IP address for host");
-      else
-        {
 #ifdef HAVE_W32_SYSTEM
-        log_error ("can't connect to '%s': ec=%d\n",
-                   server, (int)WSAGetLastError());
+      log_error ("can't connect to `%s': %s%sec=%d\n",
+                   server,
+                   hostfound? "":_("host not found"),
+                   hostfound? "":" - ", (int)WSAGetLastError());
 #else
-        log_error ("can't connect to '%s': %s\n",
-                   server, strerror (last_errno));
+      log_error ("can't connect to `%s': %s\n",
+                 server,
+                 hostfound? strerror (last_errno):"host not found");
 #endif
-        }
-      if (!hostfound || (hostfound && !anyhostaddr))
-        *r_host_not_found = 1;
       if (sock != -1)
 	sock_close (sock);
-      gpg_err_set_errno (last_errno);
+      errno = last_errno;
       return -1;
     }
   return sock;
@@ -2387,30 +1750,21 @@
 write_server (int sock, const char *data, size_t length)
 {
   int nleft;
-  int nwritten;
 
   nleft = length;
   while (nleft > 0)
     {
-#if defined(HAVE_W32_SYSTEM)
-# if defined(USE_NPTH)
-      npth_unprotect ();
-# endif
+#ifdef HAVE_W32_SYSTEM
+      int nwritten;
+
       nwritten = send (sock, data, nleft, 0);
-# if defined(USE_NPTH)
-      npth_protect ();
-# endif
       if ( nwritten == SOCKET_ERROR )
         {
           log_info ("network write failed: ec=%d\n", (int)WSAGetLastError ());
           return gpg_error (GPG_ERR_NETWORK);
         }
 #else /*!HAVE_W32_SYSTEM*/
-# ifdef USE_NPTH
-      nwritten = npth_write (sock, data, nleft);
-# else
-      nwritten = write (sock, data, nleft);
-# endif
+      int nwritten = write (sock, data, nleft);
       if (nwritten == -1)
 	{
 	  if (errno == EINTR)
@@ -2421,7 +1775,7 @@
 
 	      tv.tv_sec = 0;
 	      tv.tv_usec = 50000;
-	      my_select (0, NULL, NULL, NULL, &tv);
+	      select (0, NULL, NULL, NULL, &tv);
 	      continue;
 	    }
 	  log_info ("network write failed: %s\n", strerror (errno));
@@ -2437,6 +1791,7 @@
 
 
 
+#ifdef HTTP_USE_ESTREAM
 /* Read handler for estream.  */
 static ssize_t
 cookie_read (void *cookie, void *buffer, size_t size)
@@ -2444,19 +1799,11 @@
   cookie_t c = cookie;
   int nread;
 
-  if (c->content_length_valid)
-    {
-      if (!c->content_length)
-        return 0; /* EOF */
-      if (c->content_length < size)
-        size = c->content_length;
-    }
-
 #ifdef HTTP_USE_GNUTLS
-  if (c->use_tls && c->session && c->session->tls_session)
+  if (c->tls_session)
     {
     again:
-      nread = gnutls_record_recv (c->session->tls_session, buffer, size);
+      nread = gnutls_record_recv (c->tls_session, buffer, size);
       if (nread < 0)
         {
           if (nread == GNUTLS_E_INTERRUPTED)
@@ -2467,13 +1814,13 @@
 
               tv.tv_sec = 0;
               tv.tv_usec = 50000;
-              my_select (0, NULL, NULL, NULL, &tv);
+              select (0, NULL, NULL, NULL, &tv);
               goto again;
             }
           if (nread == GNUTLS_E_REHANDSHAKE)
             goto again; /* A client is allowed to just ignore this request. */
           log_info ("TLS network read failed: %s\n", gnutls_strerror (nread));
-          gpg_err_set_errno (EIO);
+          errno = EIO;
           return -1;
         }
     }
@@ -2484,54 +1831,31 @@
         {
 #ifdef HAVE_W32_SYSTEM
           /* Under Windows we need to use recv for a socket.  */
-# if defined(USE_NPTH)
-          npth_unprotect ();
-# endif
-          nread = recv (c->sock->fd, buffer, size, 0);
-# if defined(USE_NPTH)
-          npth_protect ();
-# endif
-
-#else /*!HAVE_W32_SYSTEM*/
-
-# ifdef USE_NPTH
-          nread = npth_read (c->sock->fd, buffer, size);
-# else
-          nread = read (c->sock->fd, buffer, size);
-# endif
-
-#endif /*!HAVE_W32_SYSTEM*/
+          nread = recv (c->fd, buffer, size, 0);
+#else
+          nread = read (c->fd, buffer, size);
+#endif
         }
       while (nread == -1 && errno == EINTR);
     }
 
-  if (c->content_length_valid && nread > 0)
-    {
-      if (nread < c->content_length)
-        c->content_length -= nread;
-      else
-        c->content_length = 0;
-    }
-
   return nread;
 }
 
 /* Write handler for estream.  */
 static ssize_t
-cookie_write (void *cookie, const void *buffer_arg, size_t size)
+cookie_write (void *cookie, const void *buffer, size_t size)
 {
-  const char *buffer = buffer_arg;
   cookie_t c = cookie;
   int nwritten = 0;
 
 #ifdef HTTP_USE_GNUTLS
-  if (c->use_tls && c->session && c->session->tls_session)
+  if (c->tls_session)
     {
       int nleft = size;
       while (nleft > 0)
         {
-          nwritten = gnutls_record_send (c->session->tls_session,
-                                         buffer, nleft);
+          nwritten = gnutls_record_send (c->tls_session, buffer, nleft);
           if (nwritten <= 0)
             {
               if (nwritten == GNUTLS_E_INTERRUPTED)
@@ -2542,12 +1866,12 @@
 
                   tv.tv_sec = 0;
                   tv.tv_usec = 50000;
-                  my_select (0, NULL, NULL, NULL, &tv);
+                  select (0, NULL, NULL, NULL, &tv);
                   continue;
                 }
               log_info ("TLS network write failed: %s\n",
                         gnutls_strerror (nwritten));
-              gpg_err_set_errno (EIO);
+              errno = EIO;
               return -1;
             }
           nleft -= nwritten;
@@ -2557,9 +1881,9 @@
   else
 #endif /*HTTP_USE_GNUTLS*/
     {
-      if ( write_server (c->sock->fd, buffer, size) )
+      if ( write_server (c->fd, buffer, size) )
         {
-          gpg_err_set_errno (EIO);
+          errno = EIO;
           nwritten = -1;
         }
       else
@@ -2569,31 +1893,6 @@
   return nwritten;
 }
 
-
-#ifdef HTTP_USE_GNUTLS
-/* Wrapper for gnutls_bye used by my_socket_unref.  */
-static void
-send_gnutls_bye (void *opaque)
-{
-  tls_session_t tls_session = opaque;
-  int ret;
-
- again:
-  do
-    ret = gnutls_bye (tls_session, GNUTLS_SHUT_RDWR);
-  while (ret == GNUTLS_E_INTERRUPTED);
-  if (ret == GNUTLS_E_AGAIN)
-    {
-      struct timeval tv;
-
-      tv.tv_sec = 0;
-      tv.tv_usec = 50000;
-      my_select (0, NULL, NULL, NULL, &tv);
-      goto again;
-    }
-}
-#endif /*HTTP_USE_GNUTLS*/
-
 /* Close handler for estream.  */
 static int
 cookie_close (void *cookie)
@@ -2604,162 +1903,180 @@
     return 0;
 
 #ifdef HTTP_USE_GNUTLS
-  if (c->use_tls && c->session && c->session->tls_session)
-    my_socket_unref (c->sock, send_gnutls_bye, c->session->tls_session);
-  else
+  if (c->tls_session && !c->keep_socket)
+    {
+      gnutls_bye (c->tls_session, GNUTLS_SHUT_RDWR);
+    }
 #endif /*HTTP_USE_GNUTLS*/
-    if (c->sock)
-      my_socket_unref (c->sock, NULL, NULL);
+  if (c->fd != -1 && !c->keep_socket)
+    sock_close (c->fd);
 
-  if (c->session)
-    http_session_unref (c->session);
   xfree (c);
   return 0;
 }
+#endif /*HTTP_USE_ESTREAM*/
 
 
 
 
-/* Verify the credentials of the server.  Returns 0 on success and
-   store the result in the session object.  */
-gpg_error_t
-http_verify_server_credentials (http_session_t sess)
+/**** Test code ****/
+#ifdef TEST
+
+static gpg_error_t
+verify_callback (http_t hd, void *tls_context, int reserved)
 {
-#if HTTP_USE_NTBTLS
-  (void)sess;
-  return 0;  /* FIXME!! */
-#elif HTTP_USE_GNUTLS
-  static const char const errprefix[] = "TLS verification of peer failed";
-  int rc;
-  unsigned int status;
-  const char *hostname;
-  const gnutls_datum_t *certlist;
-  unsigned int certlistlen;
-  gnutls_x509_crt_t cert;
-  gpg_error_t err = 0;
+  log_info ("verification of certificates skipped\n");
+  return 0;
+}
 
-  sess->verify.done = 1;
-  sess->verify.status = 0;
-  sess->verify.rc = GNUTLS_E_CERTIFICATE_ERROR;
 
-  if (gnutls_certificate_type_get (sess->tls_session) != GNUTLS_CRT_X509)
-    {
-      log_error ("%s: %s\n", errprefix, "not an X.509 certificate");
-      sess->verify.rc = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
-      return gpg_error (GPG_ERR_GENERAL);
-    }
 
-  rc = gnutls_certificate_verify_peers2 (sess->tls_session, &status);
-  if (rc)
-    {
-      log_error ("%s: %s\n", errprefix, gnutls_strerror (rc));
-      if (!err)
-        err = gpg_error (GPG_ERR_GENERAL);
-    }
-  else if (status)
-    {
-      log_error ("%s: status=0x%04x\n", errprefix, status);
-#if GNUTLS_VERSION_NUMBER >= 0x030104
-      {
-        gnutls_datum_t statusdat;
+/* static void */
+/* my_gnutls_log (int level, const char *text) */
+/* { */
+/*   fprintf (stderr, "gnutls:L%d: %s", level, text); */
+/* } */
 
-        if (!gnutls_certificate_verification_status_print
-            (status, GNUTLS_CRT_X509, &statusdat, 0))
-          {
-            log_info ("%s: %s\n", errprefix, statusdat.data);
-            gnutls_free (statusdat.data);
-          }
-      }
-#endif /*gnutls >= 3.1.4*/
+int
+main (int argc, char **argv)
+{
+  int rc;
+  parsed_uri_t uri;
+  uri_tuple_t r;
+  http_t hd;
+  int c;
+  gnutls_session_t tls_session = NULL;
+#ifdef HTTP_USE_GNUTLS
+  gnutls_certificate_credentials certcred;
+  const int certprio[] = { GNUTLS_CRT_X509, 0 };
+#endif /*HTTP_USE_GNUTLS*/
+  header_t hdr;
 
-      sess->verify.status = status;
-      if (!err)
-        err = gpg_error (GPG_ERR_GENERAL);
+#ifdef HTTP_USE_ESTREAM
+  es_init ();
+#endif
+  log_set_prefix ("http-test", 1 | 4);
+  if (argc == 1)
+    {
+      /*start_server (); */
+      return 0;
     }
 
-  hostname = sess->servername;
-  if (!hostname || !strchr (hostname, '.'))
+  if (argc != 2)
     {
-      log_error ("%s: %s\n", errprefix, "hostname missing");
-      if (!err)
-        err = gpg_error (GPG_ERR_GENERAL);
+      fprintf (stderr, "usage: http-test uri\n");
+      return 1;
     }
+  argc--;
+  argv++;
 
-  certlist = gnutls_certificate_get_peers (sess->tls_session, &certlistlen);
-  if (!certlistlen)
-    {
-      log_error ("%s: %s\n", errprefix, "server did not send a certificate");
-      if (!err)
-        err = gpg_error (GPG_ERR_GENERAL);
+#ifdef HTTP_USE_GNUTLS
+  rc = gnutls_global_init ();
+  if (rc)
+    log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
+  rc = gnutls_certificate_allocate_credentials (&certcred);
+  if (rc)
+    log_error ("gnutls_certificate_allocate_credentials failed: %s\n",
+               gnutls_strerror (rc));
+/*   rc = gnutls_certificate_set_x509_trust_file */
+/*     (certcred, "ca.pem", GNUTLS_X509_FMT_PEM); */
+/*   if (rc) */
+/*     log_error ("gnutls_certificate_set_x509_trust_file failed: %s\n", */
+/*                gnutls_strerror (rc)); */
+  rc = gnutls_init (&tls_session, GNUTLS_CLIENT);
+  if (rc)
+    log_error ("gnutls_init failed: %s\n", gnutls_strerror (rc));
+  rc = gnutls_set_default_priority (tls_session);
+  if (rc)
+    log_error ("gnutls_set_default_priority failed: %s\n",
+               gnutls_strerror (rc));
+  rc = gnutls_certificate_type_set_priority (tls_session, certprio);
+  if (rc)
+    log_error ("gnutls_certificate_type_set_priority failed: %s\n",
+               gnutls_strerror (rc));
+  rc = gnutls_credentials_set (tls_session, GNUTLS_CRD_CERTIFICATE, certcred);
+  if (rc)
+    log_error ("gnutls_credentials_set failed: %s\n", gnutls_strerror (rc));
+/*   gnutls_global_set_log_function (my_gnutls_log); */
+/*   gnutls_global_set_log_level (4); */
 
-      /* Need to stop here.  */
-      if (err)
-        return err;
-    }
+  http_register_tls_callback (verify_callback);
+#endif /*HTTP_USE_GNUTLS*/
 
-  rc = gnutls_x509_crt_init (&cert);
-  if (rc < 0)
+  rc = http_parse_uri (&uri, *argv);
+  if (rc)
     {
-      if (!err)
-        err = gpg_error (GPG_ERR_GENERAL);
-      if (err)
-        return err;
+      log_error ("`%s': %s\n", *argv, gpg_strerror (rc));
+      http_release_parsed_uri (uri);
+      return 1;
     }
 
-  rc = gnutls_x509_crt_import (cert, &certlist[0], GNUTLS_X509_FMT_DER);
-  if (rc < 0)
+  printf ("Scheme: %s\n", uri->scheme);
+  printf ("Host  : %s\n", uri->host);
+  printf ("Port  : %u\n", uri->port);
+  printf ("Path  : %s\n", uri->path);
+  for (r = uri->params; r; r = r->next)
     {
-      log_error ("%s: %s: %s\n", errprefix, "error importing certificate",
-                 gnutls_strerror (rc));
-      if (!err)
-        err = gpg_error (GPG_ERR_GENERAL);
+      printf ("Params: %s", r->name);
+      if (!r->no_value)
+	{
+	  printf ("=%s", r->value);
+	  if (strlen (r->value) != r->valuelen)
+	    printf (" [real length=%d]", (int) r->valuelen);
+	}
+      putchar ('\n');
     }
-
-  if (!gnutls_x509_crt_check_hostname (cert, hostname))
+  for (r = uri->query; r; r = r->next)
     {
-      log_error ("%s: %s\n", errprefix, "hostname does not match");
-      if (!err)
-        err = gpg_error (GPG_ERR_GENERAL);
+      printf ("Query : %s", r->name);
+      if (!r->no_value)
+	{
+	  printf ("=%s", r->value);
+	  if (strlen (r->value) != r->valuelen)
+	    printf (" [real length=%d]", (int) r->valuelen);
+	}
+      putchar ('\n');
     }
+  http_release_parsed_uri (uri);
+  uri = NULL;
 
-  gnutls_x509_crt_deinit (cert);
-
-  if (!err)
-    sess->verify.rc = 0;
-
-  if (sess->cert_log_cb)
+  rc = http_open_document (&hd, *argv, NULL, HTTP_FLAG_NEED_HEADER,
+                           NULL, tls_session);
+  if (rc)
     {
-      const void *bufarr[10];
-      size_t buflenarr[10];
-      size_t n;
-
-      for (n = 0; n < certlistlen && n < DIM (bufarr)-1; n++)
-        {
-          bufarr[n] = certlist[n].data;
-          buflenarr[n] = certlist[n].size;
-        }
-      bufarr[n] = NULL;
-      buflenarr[n] = 0;
-      sess->cert_log_cb (sess, err, hostname, bufarr, buflenarr);
+      log_error ("can't get `%s': %s\n", *argv, gpg_strerror (rc));
+      return 1;
+    }
+  log_info ("open_http_document succeeded; status=%u\n",
+            http_get_status_code (hd));
+  for (hdr = hd->headers; hdr; hdr = hdr->next)
+    printf ("HDR: %s: %s\n", hdr->name, hdr->value);
+  switch (http_get_status_code (hd))
+    {
+    case 200:
+      while ((c = P_ES(getc) (http_get_read_ptr (hd))) != EOF)
+        putchar (c);
+      break;
+    case 301:
+    case 302:
+      printf ("Redirected to `%s'\n", http_get_header (hd, "Location"));
+      break;
     }
+  http_close (hd, 0);
 
-  return err;
-#else /*!HTTP_USE_GNUTLS*/
-  (void)sess;
-  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-#endif
+#ifdef HTTP_USE_GNUTLS
+  gnutls_deinit (tls_session);
+  gnutls_certificate_free_credentials (certcred);
+  gnutls_global_deinit ();
+#endif /*HTTP_USE_GNUTLS*/
+
+  return 0;
 }
+#endif /*TEST*/
 
-/* Return the first query variable with the specified key.  If there
-   is no such variable, return NULL.  */
-struct uri_tuple_s *
-uri_query_lookup (parsed_uri_t uri, const char *key)
-{
-  struct uri_tuple_s *t;
-
-  for (t = uri->query; t; t = t->next)
-    if (strcmp (t->name, key) == 0)
-      return t;
 
-  return NULL;
-}
+/*
+Local Variables:
+compile-command: "gcc -I.. -I../gl -DTEST -DHAVE_CONFIG_H -Wall -O2 -g -o http-test http.c -L. -lcommon -L../jnlib -ljnlib -lgcrypt -lpth -lgnutls"
+End:
+*/
diff -Nru gnupg2-2.1.6/common/http.h gnupg2-2.0.28/common/http.h
--- gnupg2-2.1.6/common/http.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/http.h	2015-06-02 08:13:55.000000000 +0000
@@ -1,26 +1,15 @@
 /* http.h  -  HTTP protocol handler
- * Copyright (C) 1999, 2000, 2001, 2003, 2006,
- *               2010 Free Software Foundation, Inc.
- * Copyright (C) 2015  g10 Code GmbH
- *
+ * Copyright (C) 1999, 2000, 2001, 2003,
+ *               2006, 2012, 2013 Free Software Foundation, Inc.
+ *     
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -29,12 +18,14 @@
  * along with this program; if not, see .
  */
 #ifndef GNUPG_COMMON_HTTP_H
-#define GNUPG_COMMON_HTTP_H
+#define GNUPG_COMMON_HTTP_H 
 
 #include 
+#ifdef HTTP_USE_ESTREAM
+#include "estream.h"
+#endif
 
-struct uri_tuple_s
-{
+struct uri_tuple_s {
   struct uri_tuple_s *next;
   const char *name;	/* A pointer into name. */
   char  *value;         /* A pointer to value (a Nul is always appended). */
@@ -44,15 +35,12 @@
 };
 typedef struct uri_tuple_s *uri_tuple_t;
 
-struct parsed_uri_s
+struct parsed_uri_s 
 {
   /* All these pointers point into BUFFER; most stuff is not escaped. */
-  char *scheme;	        /* Pointer to the scheme string (always lowercase). */
-  unsigned int is_http:1; /* This is a HTTP style URI.   */
-  unsigned int use_tls:1; /* Whether TLS should be used. */
-  unsigned int opaque:1;/* Unknown scheme; PATH has the rest.  */
-  unsigned int v6lit:1; /* Host was given as a literal v6 address.  */
-  char *auth;           /* username/password for basic auth.  */
+  char *scheme;	        /* Pointer to the scheme string (lowercase). */
+  int use_tls;          /* Whether TLS should be used. */
+  char *auth;           /* username/password for basic auth */
   char *host; 	        /* Host (converted to lowercase). */
   unsigned short port;  /* Port (always set if the host is set). */
   char *path; 	        /* Path. */
@@ -62,68 +50,46 @@
 };
 typedef struct parsed_uri_s *parsed_uri_t;
 
-struct uri_tuple_s *uri_query_lookup (parsed_uri_t uri, const char *key);
-
-typedef enum
+typedef enum 
   {
     HTTP_REQ_GET  = 1,
     HTTP_REQ_HEAD = 2,
-    HTTP_REQ_POST = 3,
-    HTTP_REQ_OPAQUE = 4  /* Internal use.  */
-  }
+    HTTP_REQ_POST = 3
+  } 
 http_req_t;
 
 /* We put the flag values into an enum, so that gdb can display them. */
 enum
-  {
-    HTTP_FLAG_TRY_PROXY = 1,     /* Try to use a proxy.  */
-    HTTP_FLAG_SHUTDOWN = 2,      /* Close sending end after the request.  */
-    HTTP_FLAG_LOG_RESP = 8,      /* Log the server respone.  */
-    HTTP_FLAG_FORCE_TLS = 16,    /* Force the use opf TLS.  */
-    HTTP_FLAG_IGNORE_CL = 32,    /* Ignore content-length.  */
-    HTTP_FLAG_IGNORE_IPv4 = 64,  /* Do not use IPv4.  */
-    HTTP_FLAG_IGNORE_IPv6 = 128  /* Do not use IPv6.  */
+  { 
+    HTTP_FLAG_TRY_PROXY = 1,
+    HTTP_FLAG_LOG_RESP = 2,
+    HTTP_FLAG_NEED_HEADER = 4
   };
 
-
-struct http_session_s;
-typedef struct http_session_s *http_session_t;
-
 struct http_context_s;
 typedef struct http_context_s *http_t;
 
-void http_register_tls_callback (gpg_error_t (*cb)(http_t,http_session_t,int));
-void http_register_tls_ca (const char *fname);
-
-gpg_error_t http_session_new (http_session_t *r_session,
-                              const char *tls_priority);
-http_session_t http_session_ref (http_session_t sess);
-void http_session_release (http_session_t sess);
-
-void http_session_set_log_cb (http_session_t sess,
-                              void (*cb)(http_session_t, gpg_error_t,
-                                         const char *,
-                                         const void **, size_t *));
+void http_register_tls_callback (gpg_error_t (*cb) (http_t, void *, int));
 
-
-gpg_error_t http_parse_uri (parsed_uri_t *ret_uri, const char *uri,
-                            int no_scheme_check);
+gpg_error_t http_parse_uri (parsed_uri_t *ret_uri, const char *uri);
 
 void http_release_parsed_uri (parsed_uri_t uri);
 
-gpg_error_t http_raw_connect (http_t *r_hd,
-                              const char *server, unsigned short port,
-                              unsigned int flags, const char *srvtag);
+struct http_srv
+{
+  const char *srvtag;
+  char *used_server;
+  unsigned short used_port;
+};
 
 gpg_error_t http_open (http_t *r_hd, http_req_t reqtype,
                        const char *url,
-                       const char *httphost,
                        const char *auth,
                        unsigned int flags,
                        const char *proxy,
-                       http_session_t session,
-                       const char *srvtag,
-                       strlist_t headers);
+                       void *tls_context,
+		       struct http_srv *srv,
+		       strlist_t headers);
 
 void http_start_data (http_t hd);
 
@@ -136,20 +102,21 @@
                                 const char *auth,
                                 unsigned int flags,
                                 const char *proxy,
-                                http_session_t session,
-                                const char *srvtag,
-                                strlist_t headers);
+                                void *tls_context,
+				struct http_srv *srv,
+				strlist_t headers);
 
+#ifdef HTTP_USE_ESTREAM
 estream_t http_get_read_ptr (http_t hd);
 estream_t http_get_write_ptr (http_t hd);
+#else /*!HTTP_USE_ESTREAM*/
+FILE *http_get_read_ptr (http_t hd);
+FILE *http_get_write_ptr (http_t hd);
+#endif /*!HTTP_USE_ESTREAM*/
 unsigned int http_get_status_code (http_t hd);
-const char *http_get_tls_info (http_t hd, const char *what);
 const char *http_get_header (http_t hd, const char *name);
-const char **http_get_header_names (http_t hd);
-gpg_error_t http_verify_server_credentials (http_session_t sess);
 
 char *http_escape_string (const char *string, const char *specials);
-char *http_escape_data (const void *data, size_t datalen, const char *specials);
 
 
 #endif /*GNUPG_COMMON_HTTP_H*/
diff -Nru gnupg2-2.1.6/common/i18n.c gnupg2-2.0.28/common/i18n.c
--- gnupg2-2.1.6/common/i18n.c	2015-07-01 09:50:18.000000000 +0000
+++ gnupg2-2.0.28/common/i18n.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,23 +1,14 @@
 /* i18n.c - gettext initialization
- * Copyright (C) 2007, 2010 Free Software Foundation, Inc.
- * Copyright (C) 2015 g10 Code GmbH
+ *	Copyright (C) 2007 Free Software Foundation, Inc.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * This file is part of GnuPG.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -38,43 +29,11 @@
 #include "i18n.h"
 
 
-/* An object to store pointers to static strings and there static
-   translation.  A linked list is not optimal but given that we only
-   have a few dozen messages it should be acceptable. */
-struct msg_cache_s
-{
-  struct msg_cache_s *next;
-  const char *key;
-  const char *value;
-};
-
-/* A object to store an lc_messages string and a link to the cache
-   object.  */
-struct msg_cache_heads_s
-{
-  struct msg_cache_heads_s *next;
-  struct msg_cache_s *cache;
-  char lc_messages[1];
-};
-
-/* Out static cache of translated messages.  We need this because
-   there is no gettext API to return a translation depending on the
-   locale.  Switching the locale for each access to a translatable
-   string seems to be too expensive.  Note that this is used only for
-   strings in gpg-agent which are passed to Pinentry.  All other
-   strings are using the regular gettext interface.  Note that we can
-   never release this memory because consumers take the result as
-   static strings.  */
-static struct msg_cache_heads_s *msgcache;
-
-
-
 void
 i18n_init (void)
 {
 #ifdef USE_SIMPLE_GETTEXT
   bindtextdomain (PACKAGE_GT, gnupg_localedir ());
-  textdomain (PACKAGE_GT);
 #else
 # ifdef ENABLE_NLS
   setlocale (LC_ALL, "" );
@@ -92,8 +51,8 @@
 i18n_switchto_utf8 (void)
 {
 #ifdef USE_SIMPLE_GETTEXT
-  /* Return an arbitrary pointer as true value.  */
-  return gettext_use_utf8 (1) ? (char*)(-1) : NULL;
+  gettext_select_utf8 (1);
+  return NULL;
 #elif defined(ENABLE_NLS)
   char *orig_codeset = bind_textdomain_codeset (PACKAGE_GT, NULL);
 # ifdef HAVE_LANGINFO_CODESET
@@ -109,7 +68,7 @@
       if (!bind_textdomain_codeset (PACKAGE_GT, "utf-8"))
         {
 	  xfree (orig_codeset);
-	  orig_codeset = NULL;
+	  orig_codeset = NULL; 
 	}
     }
   return orig_codeset;
@@ -123,7 +82,8 @@
 i18n_switchback (char *saved_codeset)
 {
 #ifdef USE_SIMPLE_GETTEXT
-  gettext_use_utf8 (!!saved_codeset);
+  (void)saved_codeset;
+  gettext_select_utf8 (0);
 #elif defined(ENABLE_NLS)
   if (saved_codeset)
     {
@@ -145,83 +105,3 @@
   i18n_switchback (saved);
   return result;
 }
-
-
-/* A variant of gettext which allows to specify the local to use for
-   translating the message.  The function assumes that utf-8 is used
-   for the encoding.  */
-const char *
-i18n_localegettext (const char *lc_messages, const char *string)
-{
-#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)             \
-  && !defined(USE_SIMPLE_GETTEXT) && defined(ENABLE_NLS)
-  const char *result = NULL;
-  char *saved = NULL;
-  struct msg_cache_heads_s *mh;
-  struct msg_cache_s *mc;
-
-  if (!lc_messages)
-    goto leave;
-
-  /* Lookup in the cache.  */
-  for (mh = msgcache; mh; mh = mh->next)
-    if (!strcmp (mh->lc_messages, lc_messages))
-      break;
-  if (mh)
-    {
-      /* A cache entry for this local exists - find the string.
-         Because the system is designed for static strings it is
-         sufficient to compare the pointers.  */
-      for (mc = mh->cache; mc; mc = mc->next)
-        if (mc->key == string)
-          {
-            /* Cache hit.  */
-            result = mc->value;
-            goto leave;
-          }
-    }
-
-  /* Cached miss.  Change the locale, translate, reset locale.  */
-  saved = setlocale (LC_MESSAGES, NULL);
-  if (!saved)
-    goto leave;
-  saved = xtrystrdup (saved);
-  if (!saved)
-    goto leave;
-  if (!setlocale (LC_MESSAGES, lc_messages))
-    goto leave;
-
-  bindtextdomain (PACKAGE_GT, LOCALEDIR);
-  result = gettext (string);
-  setlocale (LC_MESSAGES, saved);
-  bindtextdomain (PACKAGE_GT, LOCALEDIR);
-
-  /* Cache the result.  */
-  if (!mh)
-    {
-      /* First use of this locale - create an entry.  */
-      mh = xtrymalloc (sizeof *mh + strlen (lc_messages));
-      if (!mh)
-        goto leave;
-      strcpy (mh->lc_messages, lc_messages);
-      mh->cache = NULL;
-      mh->next = msgcache;
-      msgcache = mh;
-    }
-  mc = xtrymalloc (sizeof *mc);
-  if (!mc)
-    goto leave;
-  mc->key = string;
-  mc->value = result;
-  mc->next = mh->cache;
-  mh->cache = mc;
-
- leave:
-  xfree (saved);
-  return result? result : _(string);
-
-#else /*!(HAVE_SETLOCALE && LC_MESSAGES ...)*/
-  (void)lc_messages;
-  return _(string);
-#endif /*!(HAVE_SETLOCALE && LC_MESSAGES ...)*/
-}
diff -Nru gnupg2-2.1.6/common/i18n.h gnupg2-2.0.28/common/i18n.h
--- gnupg2-2.1.6/common/i18n.h	2015-06-30 20:23:31.000000000 +0000
+++ gnupg2-2.0.28/common/i18n.h	2015-06-02 08:13:55.000000000 +0000
@@ -4,7 +4,7 @@
  * This file is free software; as a special exception the author gives
  * unlimited permission to copy and/or distribute it, with or without
  * modifications, as long as this notice is preserved.
- *
+ * 
  * This file is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY, to the extent permitted by law; without even
  * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
@@ -16,12 +16,12 @@
 
 
 #ifdef USE_SIMPLE_GETTEXT
-# include "../common/w32help.h"
+# include "../jnlib/w32help.h"
 # define _(a) gettext (a)
 # define N_(a) (a)
 #else
 # ifdef HAVE_LOCALE_H
-#  include 
+#  include 	
 # endif
 # ifdef ENABLE_NLS
 #  include 
@@ -38,26 +38,10 @@
 # endif
 #endif /*!USE_SIMPLE_GETTEXT*/
 
-#ifndef GNUPG_GCC_ATTR_FORMAT_ARG
-#if __GNUC__ >= 3 /* Actually 2.8 but testing the major is easier.  */
-# define GNUPG_GCC_ATTR_FORMAT_ARG(a)  __attribute__ ((__format_arg__ (a)))
-#else
-# define GNUPG_GCC_ATTR_FORMAT_ARG(a)
-#endif
-#endif
-
 void i18n_init (void);
 char *i18n_switchto_utf8 (void);
 void i18n_switchback (char *saved_codeset);
 const char *i18n_utf8 (const char *string);
-const char *i18n_localegettext (const char *lc_messages, const char *string)
-                                GNUPG_GCC_ATTR_FORMAT_ARG(2);
-
-/* If a module wants a local L_() fucntion we define it here.  */
-#ifdef LunderscoreIMPL
-LunderscorePROTO
-LunderscoreIMPL
-#endif
 
 
 #endif /*GNUPG_COMMON_I18N_H*/
diff -Nru gnupg2-2.1.6/common/init.c gnupg2-2.0.28/common/init.c
--- gnupg2-2.1.6/common/init.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/init.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -29,257 +19,56 @@
 
 #include 
 
-#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
-#undef HAVE_NPTH
-#undef USE_NPTH
+#ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth.  */
+#undef HAVE_PTH
+#undef USE_GNU_PTH
 #endif
 
 #ifdef HAVE_W32_SYSTEM
 # ifdef HAVE_WINSOCK2_H
 #  include 
 # endif
-# include 
+#include 
 #endif
-#ifdef HAVE_NPTH
-# include 
-#endif
-#ifdef HAVE_W32CE_SYSTEM
-# include  /* For _assuan_w32ce_finish_pipe. */
+#ifdef HAVE_PTH
+#include 
 #endif
 
+#include "estream.h"
 #include "util.h"
 
-/* This object is used to register memory cleanup functions.
-   Technically they are not needed but they can avoid frequent
-   questions about un-released memory.  Note that we use the system
-   malloc and not any wrappers.  */
-struct mem_cleanup_item_s;
-typedef struct mem_cleanup_item_s *mem_cleanup_item_t;
-
-struct mem_cleanup_item_s
-{
-  mem_cleanup_item_t next;
-  void (*func) (void);
-};
-
-static mem_cleanup_item_t mem_cleanup_list;
-
-
-/* The default error source of the application.  This is different
-   from GPG_ERR_SOURCE_DEFAULT in that it does not depend on the
-   source file and thus is usable in code shared by applications.
-   Note that we need to initialize it because otherwise some linkers
-   (OS X at least) won't find the symbol when linking the t-*.c
-   files.  */
-gpg_err_source_t default_errsource = 0;
-
-
-#ifdef HAVE_W32CE_SYSTEM
-static void parse_std_file_handles (int *argcp, char ***argvp);
-static void
-sleep_on_exit (void)
-{
-  /* The sshd on CE swallows some of the command output.  Sleeping a
-     while usually helps.  */
-  Sleep (400);
-}
-#endif /*HAVE_W32CE_SYSTEM*/
-
-
-static void
-run_mem_cleanup (void)
-{
-  mem_cleanup_item_t next;
-
-  while (mem_cleanup_list)
-    {
-      next = mem_cleanup_list->next;
-      mem_cleanup_list->func ();
-      free (mem_cleanup_list);
-      mem_cleanup_list = next;
-    }
-}
-
-
-void
-register_mem_cleanup_func (void (*func)(void))
-{
-  mem_cleanup_item_t item;
-
-  item = malloc (sizeof *item);
-  if (item)
-    {
-      item->func = func;
-      item->next = mem_cleanup_list;
-      mem_cleanup_list = item;
-    }
-}
-
-
-/* If STRING is not NULL write string to es_stdout or es_stderr.  MODE
-   must be 1 or 2.  If STRING is NULL flush the respective stream.  */
-static int
-writestring_via_estream (int mode, const char *string)
-{
-  if (mode == 1 || mode == 2)
-    {
-      if (string)
-        return es_fputs (string, mode == 1? es_stdout : es_stderr);
-      else
-        return es_fflush (mode == 1? es_stdout : es_stderr);
-    }
-  else
-    return -1;
-}
-
-
-/* This function should be the first called after main.  */
-void
-early_system_init (void)
-{
-}
-
 
 /* This function is to be used early at program startup to make sure
    that some subsystems are initialized.  This is in particular
    important for W32 to initialize the sockets so that our socket
    emulation code used directly as well as in libassuan may be used.
    It should best be called before any I/O is done so that setup
-   required for logging is ready.  ARGCP and ARGVP are the addresses
-   of the parameters given to main.  This function may modify them.
-
-   This function should be called only via the macro
-   init_common_subsystems.
-
-   CAUTION: This might be called while running suid(root).  */
+   required for logging is ready.  CAUTION: This might be called while
+   running suid(root). */
 void
-_init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp)
+init_common_subsystems (void)
 {
-  /* Store the error source in a global variable. */
-  default_errsource = errsource;
-
-  atexit (run_mem_cleanup);
-
   /* Try to auto set the character set.  */
   set_native_charset (NULL);
 
 #ifdef HAVE_W32_SYSTEM
   /* For W32 we need to initialize the socket layer.  This is because
      we use recv and send in libassuan as well as at some other
-     places.  */
-  {
-    WSADATA wsadat;
-
-    WSAStartup (0x202, &wsadat);
-  }
-#endif
-
-#ifdef HAVE_W32CE_SYSTEM
-  /* Register the sleep exit function before the estream init so that
-     the sleep will be called after the estream registered atexit
-     function which flushes the left open estream streams and in
-     particular es_stdout.  */
-  atexit (sleep_on_exit);
+     places.  If we are building with PTH we let pth_init do it.  We
+     can't do much on error so we ignore them.  An error would anyway
+     later pop up if one of the socket functions is used. */
+# ifdef HAVE_PTH
+  pth_init ();
+# else
+ {
+   WSADATA wsadat;
+
+   WSAStartup (0x202, &wsadat);
+ }
+# endif /*!HAVE_PTH*/
 #endif
 
   /* Initialize the Estream library. */
-  gpgrt_init ();
-  gpgrt_set_alloc_func (gcry_realloc);
-#ifdef USE_NPTH
-  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-#endif
-
-  /* Special hack for Windows CE: We extract some options from arg
-     to setup the standard handles.  */
-#ifdef HAVE_W32CE_SYSTEM
-  parse_std_file_handles (argcp, argvp);
-#else
-  (void)argcp;
-  (void)argvp;
-#endif
-
-  /* Access the standard estreams as early as possible.  If we don't
-     do this the original stdio streams may have been closed when
-     _es_get_std_stream is first use and in turn it would connect to
-     the bit bucket.  */
-  {
-    int i;
-    for (i=0; i < 3; i++)
-      (void)_gpgrt_get_std_stream (i);
-  }
-
-  /* --version et al shall use estream as well.  */
-  argparse_register_outfnc (writestring_via_estream);
+  es_init ();
 }
 
-
-
-/* WindowsCE uses a very strange way of handling the standard streams.
-   There is a function SetStdioPath to associate a standard stream
-   with a file or a device but what we really want is to use pipes as
-   standard streams.  Despite that we implement pipes using a device,
-   we would have some limitations on the number of open pipes due to
-   the 3 character limit of device file name.  Thus we don't take this
-   path.  Another option would be to install a file system driver with
-   support for pipes; this would allow us to get rid of the device
-   name length limitation.  However, with GnuPG we can get away be
-   redefining the standard streams and passing the handles to be used
-   on the command line.  This has also the advantage that it makes
-   creating a process much easier and does not require the
-   SetStdioPath set and restore game.  The caller needs to pass the
-   rendezvous ids using up to three options:
-
-     -&S0= -&S1= -&S2=
-
-   They are all optional but they must be the first arguments on the
-   command line.  Parsing stops as soon as an invalid option is found.
-   These rendezvous ids are then used to finish the pipe creation.*/
-#ifdef HAVE_W32CE_SYSTEM
-static void
-parse_std_file_handles (int *argcp, char ***argvp)
-{
-  int argc = *argcp;
-  char **argv = *argvp;
-  const char *s;
-  assuan_fd_t fd;
-  int i;
-  int fixup = 0;
-
-  if (!argc)
-    return;
-
-  for (argc--, argv++; argc; argc--, argv++)
-    {
-      s = *argv;
-      if (*s == '-' && s[1] == '&' && s[2] == 'S'
-          && (s[3] == '0' || s[3] == '1' || s[3] == '2')
-          && s[4] == '='
-          && (strchr ("-01234567890", s[5]) || !strcmp (s+5, "null")))
-        {
-          if (s[5] == 'n')
-            fd = ASSUAN_INVALID_FD;
-          else
-            fd = _assuan_w32ce_finish_pipe (atoi (s+5), s[3] != '0');
-          _es_set_std_fd (s[3] - '0', (int)fd);
-          fixup++;
-        }
-      else
-        break;
-    }
-
-  if (fixup)
-    {
-      argc = *argcp;
-      argc -= fixup;
-      *argcp = argc;
-
-      argv = *argvp;
-      for (i=1; i < argc; i++)
-        argv[i] = argv[i + fixup];
-      for (; i < argc + fixup; i++)
-        argv[i] = NULL;
-    }
-
-
-}
-#endif /*HAVE_W32CE_SYSTEM*/
diff -Nru gnupg2-2.1.6/common/init.h gnupg2-2.0.28/common/init.h
--- gnupg2-2.1.6/common/init.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/init.h	2015-06-02 08:13:55.000000000 +0000
@@ -1,24 +1,14 @@
 /* init.h - Definitions for init fucntions.
- * Copyright (C) 2007, 2012 Free Software Foundation, Inc.
+ *	Copyright (C) 2007 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -30,18 +20,7 @@
 #ifndef GNUPG_COMMON_INIT_H
 #define GNUPG_COMMON_INIT_H
 
-#ifndef GPG_ERR_SOURCE_DEFAULT
-# error GPG_ERR_SOURCE_DEFAULT is not defined
-#elseif GPG_ERR_SOURCE_DEFAULT == GPG_ERR_SOURCE_UNKNOWN
-# error GPG_ERR_SOURCE_DEFAULT has default value
-#endif
-
-void register_mem_cleanup_func (void (*func)(void));
+void init_common_subsystems (void);
 
-void early_system_init (void);
-void _init_common_subsystems (gpg_err_source_t errsource,
-                              int *argcp, char ***argvp);
-#define init_common_subsystems(a,b)                             \
-  _init_common_subsystems (GPG_ERR_SOURCE_DEFAULT, (a), (b))
 
 #endif /*GNUPG_COMMON_INIT_H*/
diff -Nru gnupg2-2.1.6/common/iobuf.c gnupg2-2.0.28/common/iobuf.c
--- gnupg2-2.1.6/common/iobuf.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/iobuf.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,25 +1,15 @@
 /* iobuf.c  -  File Handling for OpenPGP.
- * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2006, 2007, 2008,
- *               2009, 2010, 2011  Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2006,
+ *               2007, 2008, 2009  Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -50,10 +40,9 @@
 # include 
 #endif /* __riscos__ */
 
-#include 
-
 #include "util.h"
 #include "sysutils.h"
+#include "../include/host2net.h"
 #include "iobuf.h"
 
 /*-- Begin configurable part.  --*/
@@ -63,6 +52,10 @@
    test "armored_key_8192" in armor.test! */
 #define IOBUF_BUFFER_SIZE  8192
 
+/* We don't want to use the STDIO based backend.  If you change this
+   be aware that there is no fsync support for the stdio backend.  */
+#undef FILE_FILTER_USES_STDIO
+
 /* To avoid a potential DoS with compression packets we better limit
    the number of filters in a chain.  */
 #define MAX_NESTING_FILTER 64
@@ -70,52 +63,89 @@
 /*-- End configurable part.  --*/
 
 
+/* Under W32 the default is to use the setmode call.  Define a macro
+   which allows us to enable this call.  */
 #ifdef HAVE_W32_SYSTEM
-# ifdef HAVE_W32CE_SYSTEM
-#  define FD_FOR_STDIN  (es_fileno (es_stdin))
-#  define FD_FOR_STDOUT (es_fileno (es_stdout))
-# else
-#  define FD_FOR_STDIN  (GetStdHandle (STD_INPUT_HANDLE))
-#  define FD_FOR_STDOUT (GetStdHandle (STD_OUTPUT_HANDLE))
-# endif
-#else /*!HAVE_W32_SYSTEM*/
-# define FD_FOR_STDIN  (0)
-# define FD_FOR_STDOUT (1)
-#endif /*!HAVE_W32_SYSTEM*/
+# define USE_SETMODE 1
+#endif /*HAVE_W32_SYSTEM*/
 
 
-/* The context used by the file filter.  */
-typedef struct
-{
-  gnupg_fd_t fp;       /* Open file pointer or handle.  */
-  int keep_open;
-  int no_cache;
-  int eof_seen;
-  int print_only_name; /* Flags indicating that fname is not a real file.  */
-  char fname[1];       /* Name of the file.  */
-} file_filter_ctx_t;
+/* Definition of constants and macros used by our file filter
+   implementation.  What we define here are 3 macros to make the
+   appropriate calls:
+
+   my_fileno
+     Is expanded to fileno(a) if using a stdion backend and to a if we
+     are using the low-level backend.
+
+   my_fopen
+     Is defined to fopen for the stdio backend and to direct_open if
+     we are using the low-evel backend.
+
+   my_fopen_ro
+     Is defined to fopen for the stdio backend and to fd_cache_open if
+     we are using the low-evel backend.
+
+   fp_or_fd_t
+     Is the type we use for the backend stream or file descriptor.
+
+   INVALID_FP, FILEP_OR_FD_FOR_STDIN, FILEP_OR_FD_FOR_STDOUT
+     Are macros defined depending on the used backend.
+
+*/
+#ifdef FILE_FILTER_USES_STDIO
+# define my_fileno(a)     fileno ((a))
+# define my_fopen_ro(a,b) fopen ((a),(b))
+# define my_fopen(a,b)    fopen ((a),(b))
+  typedef FILE *fp_or_fd_t;
+# define INVALID_FP              NULL
+# define FILEP_OR_FD_FOR_STDIN   (stdin)
+# define FILEP_OR_FD_FOR_STDOUT  (stdout)
+#else /*!FILE_FILTER_USES_STDIO*/
+# define my_fopen_ro(a,b) fd_cache_open ((a),(b))
+# define my_fopen(a,b)    direct_open ((a),(b))
+# ifdef HAVE_W32_SYSTEM
+   /* (We assume that a HANDLE first into an int.)  */
+#  define my_fileno(a)  ((int)(a))
+   typedef HANDLE fp_or_fd_t;
+#  define INVALID_FP             ((HANDLE)-1)
+#  define FILEP_OR_FD_FOR_STDIN  (GetStdHandle (STD_INPUT_HANDLE))
+#  define FILEP_OR_FD_FOR_STDOUT (GetStdHandle (STD_OUTPUT_HANDLE))
+#  undef USE_SETMODE
+# else /*!HAVE_W32_SYSTEM*/
+#  define my_fileno(a)  (a)
+   typedef int fp_or_fd_t;
+#  define INVALID_FP             (-1)
+#  define FILEP_OR_FD_FOR_STDIN  (0)
+#  define FILEP_OR_FD_FOR_STDOUT (1)
+# endif /*!HAVE_W32_SYSTEM*/
+#endif /*!FILE_FILTER_USES_STDIO*/
 
-/* The context used by the estream filter.  */
+/* The context used by the file filter.  */
 typedef struct
 {
-  estream_t fp;        /* Open estream handle.  */
+  fp_or_fd_t fp;       /* Open file pointer or handle.  */
   int keep_open;
   int no_cache;
   int eof_seen;
   int print_only_name; /* Flags indicating that fname is not a real file.  */
   char fname[1];       /* Name of the file.  */
-} file_es_filter_ctx_t;
+}
+file_filter_ctx_t;
 
 
-/* Object to control the "close cache".  */
+/* If we are not using stdio as the backend we make use of a "close
+   cache".  */
+#ifndef FILE_FILTER_USES_STDIO
 struct close_cache_s
 {
   struct close_cache_s *next;
-  gnupg_fd_t fp;
+  fp_or_fd_t fp;
   char fname[1];
 };
 typedef struct close_cache_s *close_cache_t;
 static close_cache_t close_cache;
+#endif /*!FILE_FILTER_USES_STDIO*/
 
 
 
@@ -128,8 +158,8 @@
   int eof_seen;
   int print_only_name;	/* Flag indicating that fname is not a real file.  */
   char fname[1];	/* Name of the file */
-
-} sock_filter_ctx_t;
+}
+sock_filter_ctx_t;
 #endif /*HAVE_W32_SYSTEM*/
 
 /* The first partial length header block must be of size 512
@@ -165,6 +195,7 @@
 
 
 
+#ifndef FILE_FILTER_USES_STDIO
 /* This is a replacement for strcmp.  Under W32 it does not
    distinguish between backslash and slash.  */
 static int
@@ -198,7 +229,7 @@
 
   for (cc = close_cache; cc; cc = cc->next)
     {
-      if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname))
+      if (cc->fp != INVALID_FP && !fd_cache_strcmp (cc->fname, fname))
 	{
 	  if (DBG_IOBUF)
 	    log_debug ("                did (%s)\n", cc->fname);
@@ -208,7 +239,7 @@
 #else
 	  rc = close (cc->fp);
 #endif
-	  cc->fp = GNUPG_INVALID_FD;
+	  cc->fp = INVALID_FP;
 	}
     }
   return rc;
@@ -231,7 +262,7 @@
 
   for (cc=close_cache; cc; cc = cc->next )
     {
-      if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname))
+      if (cc->fp != INVALID_FP && !fd_cache_strcmp (cc->fname, fname))
 	{
 	  if (DBG_IOBUF)
 	    log_debug ("                 did (%s)\n", cc->fname);
@@ -247,8 +278,8 @@
 }
 
 
-static gnupg_fd_t
-direct_open (const char *fname, const char *mode, int mode700)
+static fp_or_fd_t
+direct_open (const char *fname, const char *mode)
 {
 #ifdef HAVE_W32_SYSTEM
   unsigned long da, cd, sm;
@@ -263,7 +294,7 @@
   if (strchr (mode, '+'))
     {
       if (fd_cache_invalidate (fname))
-        return GNUPG_INVALID_FD;
+        return INVALID_FP;
       da = GENERIC_READ | GENERIC_WRITE;
       cd = OPEN_EXISTING;
       sm = FILE_SHARE_READ | FILE_SHARE_WRITE;
@@ -271,7 +302,7 @@
   else if (strchr (mode, 'w'))
     {
       if (fd_cache_invalidate (fname))
-        return GNUPG_INVALID_FD;
+        return INVALID_FP;
       da = GENERIC_WRITE;
       cd = CREATE_ALWAYS;
       sm = FILE_SHARE_WRITE;
@@ -283,42 +314,23 @@
       sm = FILE_SHARE_READ;
     }
 
-#ifdef HAVE_W32CE_SYSTEM
-  {
-    wchar_t *wfname = utf8_to_wchar (fname);
-    if (wfname)
-      {
-        hfile = CreateFile (wfname, da, sm, NULL, cd,
-                            FILE_ATTRIBUTE_NORMAL, NULL);
-        xfree (wfname);
-      }
-    else
-      hfile = INVALID_HANDLE_VALUE;
-  }
-#else
   hfile = CreateFile (fname, da, sm, NULL, cd, FILE_ATTRIBUTE_NORMAL, NULL);
-#endif
   return hfile;
-
 #else /*!HAVE_W32_SYSTEM*/
-
   int oflag;
-  int cflag = S_IRUSR | S_IWUSR;
-
-  if (!mode700)
-    cflag |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
+  int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
 
   /* Note, that we do not handle all mode combinations */
   if (strchr (mode, '+'))
     {
       if (fd_cache_invalidate (fname))
-        return GNUPG_INVALID_FD;
+        return INVALID_FP;
       oflag = O_RDWR;
     }
   else if (strchr (mode, 'w'))
     {
       if (fd_cache_invalidate (fname))
-        return GNUPG_INVALID_FD;
+        return INVALID_FP;
       oflag = O_WRONLY | O_CREAT | O_TRUNC;
     }
   else
@@ -329,18 +341,21 @@
   if (strchr (mode, 'b'))
     oflag |= O_BINARY;
 #endif
-
-#ifdef __riscos__
+  /* No we need to distinguish between POSIX and RISC OS.  */
+#ifndef __riscos__
+  return open (fname, oflag, cflag);
+#else
   {
     struct stat buf;
+    int rc = stat (fname, &buf);
 
     /* Don't allow iobufs on directories */
-    if (!stat (fname, &buf) && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode))
+    if (!rc && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode))
       return __set_errno (EISDIR);
+    else
+      return open (fname, oflag, cflag);
   }
 #endif
-  return open (fname, oflag, cflag);
-
 #endif /*!HAVE_W32_SYSTEM*/
 }
 
@@ -350,7 +365,7 @@
  * Note that this caching strategy only works if the process does not chdir.
  */
 static void
-fd_cache_close (const char *fname, gnupg_fd_t fp)
+fd_cache_close (const char *fname, fp_or_fd_t fp)
 {
   close_cache_t cc;
 
@@ -369,7 +384,7 @@
   /* try to reuse a slot */
   for (cc = close_cache; cc; cc = cc->next)
     {
-      if (cc->fp == GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname))
+      if (cc->fp == INVALID_FP && !fd_cache_strcmp (cc->fname, fname))
 	{
 	  cc->fp = fp;
 	  if (DBG_IOBUF)
@@ -390,7 +405,7 @@
 /*
  * Do an direct_open on FNAME but first try to reuse one from the fd_cache
  */
-static gnupg_fd_t
+static fp_or_fd_t
 fd_cache_open (const char *fname, const char *mode)
 {
   close_cache_t cc;
@@ -398,10 +413,10 @@
   assert (fname);
   for (cc = close_cache; cc; cc = cc->next)
     {
-      if (cc->fp != GNUPG_INVALID_FD && !fd_cache_strcmp (cc->fname, fname))
+      if (cc->fp != INVALID_FP && !fd_cache_strcmp (cc->fname, fname))
 	{
-	  gnupg_fd_t fp = cc->fp;
-	  cc->fp = GNUPG_INVALID_FD;
+	  fp_or_fd_t fp = cc->fp;
+	  cc->fp = INVALID_FP;
 	  if (DBG_IOBUF)
 	    log_debug ("fd_cache_open (%s) using cached fp\n", fname);
 #ifdef HAVE_W32_SYSTEM
@@ -409,13 +424,13 @@
 	    {
 	      log_error ("rewind file failed on handle %p: ec=%d\n",
 			 fp, (int) GetLastError ());
-	      fp = GNUPG_INVALID_FD;
+	      fp = INVALID_FP;
 	    }
 #else
 	  if (lseek (fp, 0, SEEK_SET) == (off_t) - 1)
 	    {
 	      log_error ("can't rewind fd %d: %s\n", fp, strerror (errno));
-	      fp = GNUPG_INVALID_FD;
+	      fp = INVALID_FP;
 	    }
 #endif
 	  return fp;
@@ -423,9 +438,11 @@
     }
   if (DBG_IOBUF)
     log_debug ("fd_cache_open (%s) not cached\n", fname);
-  return direct_open (fname, mode, 0);
+  return direct_open (fname, mode);
 }
 
+#endif /*FILE_FILTER_USES_STDIO */
+
 
 /****************
  * Read data from a file into buf which has an allocated length of *LEN.
@@ -456,13 +473,78 @@
 	     size_t * ret_len)
 {
   file_filter_ctx_t *a = opaque;
-  gnupg_fd_t f = a->fp;
+  fp_or_fd_t f = a->fp;
   size_t size = *ret_len;
   size_t nbytes = 0;
   int rc = 0;
 
   (void)chain; /* Not used.  */
 
+#ifdef FILE_FILTER_USES_STDIO
+  if (control == IOBUFCTRL_UNDERFLOW)
+    {
+      assert (size);  /* We need a buffer. */
+      if (feof (f))
+	{
+          /* On terminals you could easily read as many EOFs as you
+             call fread() or fgetc() repeatly.  Every call will block
+             until you press CTRL-D. So we catch this case before we
+             call fread() again.  */
+	  rc = -1;
+	  *ret_len = 0;
+	}
+      else
+	{
+	  clearerr (f);
+	  nbytes = fread (buf, 1, size, f);
+	  if (feof (f) && !nbytes)
+	    {
+	      rc = -1;	/* Okay: we can return EOF now. */
+	    }
+	  else if (ferror (f) && errno != EPIPE)
+	    {
+	      rc = gpg_error_from_syserror ();
+	      log_error ("%s: read error: %s\n", a->fname, strerror (errno));
+	    }
+	  *ret_len = nbytes;
+	}
+    }
+  else if (control == IOBUFCTRL_FLUSH)
+    {
+      if (size)
+	{
+	  clearerr (f);
+	  nbytes = fwrite (buf, 1, size, f);
+	  if (ferror (f))
+	    {
+	      rc = gpg_error_from_syserror ();
+	      log_error ("%s: write error: %s\n", a->fname, strerror (errno));
+	    }
+	}
+      *ret_len = nbytes;
+    }
+  else if (control == IOBUFCTRL_INIT)
+    {
+      a->keep_open = a->no_cache = 0;
+    }
+  else if (control == IOBUFCTRL_DESC)
+    {
+      *(char **) buf = "file_filter";
+    }
+  else if (control == IOBUFCTRL_FREE)
+    {
+      if (f != stdin && f != stdout)
+	{
+	  if (DBG_IOBUF)
+	    log_debug ("%s: close fd %d\n", a->fname, fileno (f));
+	  if (!a->keep_open)
+	    fclose (f);
+	}
+      f = NULL;
+      xfree (a); /* We can free our context now. */
+    }
+#else /* !stdio implementation */
+
   if (control == IOBUFCTRL_UNDERFLOW)
     {
       assert (size); /* We need a buffer.  */
@@ -592,107 +674,27 @@
     }
   else if (control == IOBUFCTRL_FREE)
     {
-      if (f != FD_FOR_STDIN && f != FD_FOR_STDOUT)
+#ifdef HAVE_W32_SYSTEM
+      if (f != FILEP_OR_FD_FOR_STDIN && f != FILEP_OR_FD_FOR_STDOUT)
 	{
 	  if (DBG_IOBUF)
-	    log_debug ("%s: close fd/handle %d\n", a->fname, FD2INT (f));
+	    log_debug ("%s: close handle %p\n", a->fname, f);
 	  if (!a->keep_open)
 	    fd_cache_close (a->no_cache ? NULL : a->fname, f);
 	}
-      f = GNUPG_INVALID_FD;
-      xfree (a); /* We can free our context now. */
-    }
-
-  return rc;
-}
-
-
-/* Similar to file_filter but using the estream system.  */
-static int
-file_es_filter (void *opaque, int control, iobuf_t chain, byte * buf,
-                size_t * ret_len)
-{
-  file_es_filter_ctx_t *a = opaque;
-  estream_t f = a->fp;
-  size_t size = *ret_len;
-  size_t nbytes = 0;
-  int rc = 0;
-
-  (void)chain; /* Not used.  */
-
-  if (control == IOBUFCTRL_UNDERFLOW)
-    {
-      assert (size); /* We need a buffer.  */
-      if (a->eof_seen)
-	{
-	  rc = -1;
-	  *ret_len = 0;
-	}
-      else
-	{
-          nbytes = 0;
-          rc = es_read (f, buf, size, &nbytes);
-	  if (rc == -1)
-	    {			/* error */
-              rc = gpg_error_from_syserror ();
-              log_error ("%s: read error: %s\n", a->fname, strerror (errno));
-	    }
-	  else if (!nbytes)
-	    {			/* eof */
-	      a->eof_seen = 1;
-	      rc = -1;
-	    }
-	  *ret_len = nbytes;
-	}
-    }
-  else if (control == IOBUFCTRL_FLUSH)
-    {
-      if (size)
-	{
-	  byte *p = buf;
-	  size_t nwritten;
-
-	  nbytes = size;
-	  do
-	    {
-              nwritten = 0;
-              if (es_write (f, p, nbytes, &nwritten))
-                {
-                  rc = gpg_error_from_syserror ();
-                  log_error ("%s: write error: %s\n",
-                             a->fname, strerror (errno));
-                  break;
-                }
-              p += nwritten;
-              nbytes -= nwritten;
-	    }
-	  while (nbytes);
-	  nbytes = p - buf;
-	}
-      *ret_len = nbytes;
-    }
-  else if (control == IOBUFCTRL_INIT)
-    {
-      a->eof_seen = 0;
-      a->no_cache = 0;
-    }
-  else if (control == IOBUFCTRL_DESC)
-    {
-      *(char **) buf = "estream_filter";
-    }
-  else if (control == IOBUFCTRL_FREE)
-    {
-      if (f != es_stdin && f != es_stdout)
+#else
+      if ((int) f != 0 && (int) f != 1)
 	{
 	  if (DBG_IOBUF)
-	    log_debug ("%s: es_fclose %p\n", a->fname, f);
+	    log_debug ("%s: close fd %d\n", a->fname, f);
 	  if (!a->keep_open)
-	    es_fclose (f);
+	    fd_cache_close (a->no_cache ? NULL : a->fname, f);
 	}
-      f = NULL;
+      f = INVALID_FP;
+#endif
       xfree (a); /* We can free our context now. */
     }
-
+#endif /* !stdio implementation. */
   return rc;
 }
 
@@ -1083,7 +1085,7 @@
 	a->filter (a->filter_ov, IOBUFCTRL_DESC, NULL,
 		   (byte *) & desc, &dummy_len);
 
-      log_debug ("iobuf chain: %d.%d '%s' filter_eof=%d start=%d len=%d\n",
+      log_debug ("iobuf chain: %d.%d `%s' filter_eof=%d start=%d len=%d\n",
 		 a->no, a->subno, desc?desc:"?", a->filter_eof,
 		 (int) a->d.start, (int) a->d.len);
     }
@@ -1141,7 +1143,7 @@
 	log_error ("iobuf_flush failed on close: %s\n", gpg_strerror (rc));
 
       if (DBG_IOBUF)
-	log_debug ("iobuf-%d.%d: close '%s'\n", a->no, a->subno,
+	log_debug ("iobuf-%d.%d: close `%s'\n", a->no, a->subno,
                    a->desc?a->desc:"?");
       if (a->filter && (rc = a->filter (a->filter_ov, IOBUFCTRL_FREE,
 					a->chain, NULL, &dummy_len)))
@@ -1194,14 +1196,7 @@
     {
       /* Argg, MSDOS does not allow to remove open files.  So
        * we have to do it here */
-#ifdef HAVE_W32CE_SYSTEM
-      wchar_t *wtmp = utf8_to_wchar (remove_name);
-      if (wtmp)
-        DeleteFile (wtmp);
-      xfree (wtmp);
-#else
       remove (remove_name);
-#endif
       xfree (remove_name);
     }
 #endif
@@ -1228,12 +1223,9 @@
 iobuf_temp_with_content (const char *buffer, size_t length)
 {
   iobuf_t a;
-  int i;
 
   a = iobuf_alloc (3, length);
-  /* memcpy (a->d.buf, buffer, length); */
-  for (i=0; i < length; i++)
-    a->d.buf[i] = buffer[i];
+  memcpy (a->d.buf, buffer, length);
   a->d.len = length;
 
   return a;
@@ -1286,10 +1278,18 @@
 {
   iobuf_t a;
 
-  if (fd == GNUPG_INVALID_FD)
+  if (fd == -1)
     a = iobuf_open (fname);
   else
-    a = iobuf_fdopen_nc (FD2INT(fd), mode);
+    {
+      int fd2;
+
+      fd2 = dup (fd);
+      if (fd2 == -1)
+        a = NULL;
+      else
+        a = iobuf_fdopen (fd2, mode);
+    }
   return a;
 }
 
@@ -1302,7 +1302,7 @@
 iobuf_open (const char *fname)
 {
   iobuf_t a;
-  gnupg_fd_t fp;
+  fp_or_fd_t fp;
   file_filter_ctx_t *fcx;
   size_t len = 0;
   int print_only = 0;
@@ -1310,13 +1310,16 @@
 
   if (!fname || (*fname == '-' && !fname[1]))
     {
-      fp = FD_FOR_STDIN;
+      fp = FILEP_OR_FD_FOR_STDIN;
+#ifdef USE_SETMODE
+      setmode (my_fileno (fp), O_BINARY);
+#endif
       fname = "[stdin]";
       print_only = 1;
     }
   else if ((fd = check_special_filename (fname)) != -1)
     return iobuf_fdopen (translate_file_handle (fd, 0), "rb");
-  else if ((fp = fd_cache_open (fname, "rb")) == GNUPG_INVALID_FD)
+  else if ((fp = my_fopen_ro (fname, "rb")) == INVALID_FP)
     return NULL;
   a = iobuf_alloc (1, IOBUF_BUFFER_SIZE);
   fcx = xmalloc (sizeof *fcx + strlen (fname));
@@ -1330,76 +1333,42 @@
   file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
   file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
   if (DBG_IOBUF)
-    log_debug ("iobuf-%d.%d: open '%s' fd=%d\n",
-	       a->no, a->subno, fname, FD2INT (fcx->fp));
+    log_debug ("iobuf-%d.%d: open `%s' fd=%d\n",
+	       a->no, a->subno, fname, (int) my_fileno (fcx->fp));
 
   return a;
 }
 
-
-static iobuf_t
-do_iobuf_fdopen (int fd, const char *mode, int keep_open)
+/****************
+ * Create a head iobuf for reading from a file
+ * returns: NULL if an error occures and sets errno
+ */
+iobuf_t
+iobuf_fdopen (int fd, const char *mode)
 {
   iobuf_t a;
-  gnupg_fd_t fp;
+  fp_or_fd_t fp;
   file_filter_ctx_t *fcx;
   size_t len;
 
-  fp = INT2FD (fd);
-
+#ifdef FILE_FILTER_USES_STDIO
+  if (!(fp = fdopen (fd, mode)))
+    return NULL;
+#else
+  fp = (fp_or_fd_t) fd;
+#endif
   a = iobuf_alloc (strchr (mode, 'w') ? 2 : 1, IOBUF_BUFFER_SIZE);
   fcx = xmalloc (sizeof *fcx + 20);
   fcx->fp = fp;
   fcx->print_only_name = 1;
-  fcx->keep_open = keep_open;
   sprintf (fcx->fname, "[fd %d]", fd);
   a->filter = file_filter;
   a->filter_ov = fcx;
   file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
   file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
   if (DBG_IOBUF)
-    log_debug ("iobuf-%d.%d: fdopen%s '%s'\n",
-               a->no, a->subno, keep_open? "_nc":"", fcx->fname);
-  iobuf_ioctl (a, IOBUF_IOCTL_NO_CACHE, 1, NULL);
-  return a;
-}
-
-
-/* Create a head iobuf for reading or writing from/to a file Returns:
- * NULL and sets ERRNO if an error occured.  */
-iobuf_t
-iobuf_fdopen (int fd, const char *mode)
-{
-  return do_iobuf_fdopen (fd, mode, 0);
-}
-
-iobuf_t
-iobuf_fdopen_nc (int fd, const char *mode)
-{
-  return do_iobuf_fdopen (fd, mode, 1);
-}
-
-
-iobuf_t
-iobuf_esopen (estream_t estream, const char *mode, int keep_open)
-{
-  iobuf_t a;
-  file_es_filter_ctx_t *fcx;
-  size_t len;
-
-  a = iobuf_alloc (strchr (mode, 'w') ? 2 : 1, IOBUF_BUFFER_SIZE);
-  fcx = xtrymalloc (sizeof *fcx + 30);
-  fcx->fp = estream;
-  fcx->print_only_name = 1;
-  fcx->keep_open = keep_open;
-  sprintf (fcx->fname, "[fd %p]", estream);
-  a->filter = file_es_filter;
-  a->filter_ov = fcx;
-  file_es_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
-  file_es_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
-  if (DBG_IOBUF)
-    log_debug ("iobuf-%d.%d: esopen%s '%s'\n",
-               a->no, a->subno, keep_open? "_nc":"", fcx->fname);
+    log_debug ("iobuf-%d.%d: fdopen `%s'\n", a->no, a->subno, fcx->fname);
+  iobuf_ioctl (a, 3, 1, NULL);	/* disable fd caching */
   return a;
 }
 
@@ -1422,8 +1391,8 @@
   sock_filter (scx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
   sock_filter (scx, IOBUFCTRL_INIT, NULL, NULL, &len);
   if (DBG_IOBUF)
-    log_debug ("iobuf-%d.%d: sockopen '%s'\n", a->no, a->subno, scx->fname);
-  iobuf_ioctl (a, IOBUF_IOCTL_NO_CACHE, 1, NULL);
+    log_debug ("iobuf-%d.%d: sockopen `%s'\n", a->no, a->subno, scx->fname);
+  iobuf_ioctl (a, 3, 1, NULL);	/* disable fd caching */
 #else
   a = iobuf_fdopen (fd, mode);
 #endif
@@ -1431,14 +1400,13 @@
 }
 
 /****************
- * Create an iobuf for writing to a file; the file will be created.
- * With MODE700 set the file is created with that mode (Unix only).
+ * create an iobuf for writing to a file; the file will be created.
  */
 iobuf_t
-iobuf_create (const char *fname, int mode700)
+iobuf_create (const char *fname)
 {
   iobuf_t a;
-  gnupg_fd_t fp;
+  fp_or_fd_t fp;
   file_filter_ctx_t *fcx;
   size_t len;
   int print_only = 0;
@@ -1446,13 +1414,16 @@
 
   if (!fname || (*fname == '-' && !fname[1]))
     {
-      fp = FD_FOR_STDOUT;
+      fp = FILEP_OR_FD_FOR_STDOUT;
+#ifdef USE_SETMODE
+      setmode (my_fileno (fp), O_BINARY);
+#endif
       fname = "[stdout]";
       print_only = 1;
     }
   else if ((fd = check_special_filename (fname)) != -1)
     return iobuf_fdopen (translate_file_handle (fd, 1), "wb");
-  else if ((fp = direct_open (fname, "wb", mode700)) == GNUPG_INVALID_FD)
+  else if ((fp = my_fopen (fname, "wb")) == INVALID_FP)
     return NULL;
   a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
   fcx = xmalloc (sizeof *fcx + strlen (fname));
@@ -1466,24 +1437,58 @@
   file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
   file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
   if (DBG_IOBUF)
-    log_debug ("iobuf-%d.%d: create '%s'\n", a->no, a->subno,
+    log_debug ("iobuf-%d.%d: create `%s'\n", a->no, a->subno,
                a->desc?a->desc:"?");
 
   return a;
 }
 
+/****************
+ * append to an iobuf; if the file does not exist, create it.
+ * cannot be used for stdout.
+ * Note: This is not used.
+ */
+#if 0				/* not used */
+iobuf_t
+iobuf_append (const char *fname)
+{
+  iobuf_t a;
+  FILE *fp;
+  file_filter_ctx_t *fcx;
+  size_t len;
+
+  if (!fname)
+    return NULL;
+  else if (!(fp = my_fopen (fname, "ab")))
+    return NULL;
+  a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
+  fcx = m_alloc (sizeof *fcx + strlen (fname));
+  fcx->fp = fp;
+  strcpy (fcx->fname, fname);
+  a->real_fname = m_strdup (fname);
+  a->filter = file_filter;
+  a->filter_ov = fcx;
+  file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
+  file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
+  if (DBG_IOBUF)
+    log_debug ("iobuf-%d.%d: append `%s'\n", a->no, a->subno,
+               a->desc?a->desc:"?");
+
+  return a;
+}
+#endif
 
 iobuf_t
 iobuf_openrw (const char *fname)
 {
   iobuf_t a;
-  gnupg_fd_t fp;
+  fp_or_fd_t fp;
   file_filter_ctx_t *fcx;
   size_t len;
 
   if (!fname)
     return NULL;
-  else if ((fp = direct_open (fname, "r+b", 0)) == GNUPG_INVALID_FD)
+  else if ((fp = my_fopen (fname, "r+b")) == INVALID_FP)
     return NULL;
   a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
   fcx = xmalloc (sizeof *fcx + strlen (fname));
@@ -1495,7 +1500,7 @@
   file_filter (fcx, IOBUFCTRL_DESC, NULL, (byte *) & a->desc, &len);
   file_filter (fcx, IOBUFCTRL_INIT, NULL, NULL, &len);
   if (DBG_IOBUF)
-    log_debug ("iobuf-%d.%d: openrw '%s'\n", a->no, a->subno,
+    log_debug ("iobuf-%d.%d: openrw `%s'\n", a->no, a->subno,
                a->desc?a->desc:"?");
 
   return a;
@@ -1503,15 +1508,12 @@
 
 
 int
-iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval)
+iobuf_ioctl (iobuf_t a, int cmd, int intval, void *ptrval)
 {
-  if (cmd == IOBUF_IOCTL_KEEP_OPEN)
-    {
-      /* Keep system filepointer/descriptor open.  This was used in
-         the past by http.c; this ioctl is not directly used
-         anymore.  */
+  if (cmd == 1)
+    {				/* keep system filepointer/descriptor open */
       if (DBG_IOBUF)
-	log_debug ("iobuf-%d.%d: ioctl '%s' keep_open=%d\n",
+	log_debug ("iobuf-%d.%d: ioctl `%s' keep=%d\n",
 		   a ? a->no : -1, a ? a->subno : -1,
                    a && a->desc ? a->desc : "?",
 		   intval);
@@ -1531,22 +1533,24 @@
 	  }
 #endif
     }
-  else if (cmd == IOBUF_IOCTL_INVALIDATE_CACHE)
-    {
+  else if (cmd == 2)
+    {				/* invalidate cache */
       if (DBG_IOBUF)
-	log_debug ("iobuf-*.*: ioctl '%s' invalidate\n",
+	log_debug ("iobuf-*.*: ioctl `%s' invalidate\n",
 		   ptrval ? (char *) ptrval : "?");
       if (!a && !intval && ptrval)
 	{
+#ifndef FILE_FILTER_USES_STDIO
 	  if (fd_cache_invalidate (ptrval))
             return -1;
+#endif
 	  return 0;
 	}
     }
-  else if (cmd == IOBUF_IOCTL_NO_CACHE)
-    {
+  else if (cmd == 3)
+    {				/* disallow/allow caching */
       if (DBG_IOBUF)
-	log_debug ("iobuf-%d.%d: ioctl '%s' no_cache=%d\n",
+	log_debug ("iobuf-%d.%d: ioctl `%s' no_cache=%d\n",
 		   a ? a->no : -1, a ? a->subno : -1,
                    a && a->desc? a->desc : "?",
 		   intval);
@@ -1566,17 +1570,21 @@
 	  }
 #endif
     }
-  else if (cmd == IOBUF_IOCTL_FSYNC)
+  else if (cmd == 4)
     {
       /* Do a fsync on the open fd and return any errors to the caller
          of iobuf_ioctl.  Note that we work on a file name here. */
       if (DBG_IOBUF)
-        log_debug ("iobuf-*.*: ioctl '%s' fsync\n",
+        log_debug ("iobuf-*.*: ioctl `%s' fsync\n",
                    ptrval? (const char*)ptrval:"");
 
 	if (!a && !intval && ptrval)
 	  {
+#ifndef FILE_FILTER_USES_STDIO
 	    return fd_cache_synchronize (ptrval);
+#else
+	    return 0;
+#endif
 	  }
       }
 
@@ -1670,7 +1678,7 @@
 
   if (DBG_IOBUF)
     {
-      log_debug ("iobuf-%d.%d: push '%s'\n", a->no, a->subno,
+      log_debug ("iobuf-%d.%d: push `%s'\n", a->no, a->subno,
                  a->desc?a->desc:"?");
       print_chain (a);
     }
@@ -1698,7 +1706,7 @@
     BUG ();
 
   if (DBG_IOBUF)
-    log_debug ("iobuf-%d.%d: pop '%s'\n", a->no, a->subno,
+    log_debug ("iobuf-%d.%d: pop `%s'\n", a->no, a->subno,
                a->desc?a->desc:"?");
   if (!a->filter)
     {				/* this is simple */
@@ -1785,7 +1793,7 @@
 	{
 	  iobuf_t b = a->chain;
 	  if (DBG_IOBUF)
-	    log_debug ("iobuf-%d.%d: pop '%s' in underflow\n",
+	    log_debug ("iobuf-%d.%d: pop `%s' in underflow\n",
 		       a->no, a->subno, a->desc?a->desc:"?");
 	  xfree (a->d.buf);
 	  xfree (a->real_fname);
@@ -2193,9 +2201,9 @@
     if ( !a->chain && a->filter == file_filter )
       {
         file_filter_ctx_t *b = a->filter_ov;
-        gnupg_fd_t fp = b->fp;
+        fp_or_fd_t fp = b->fp;
 
-#if defined(HAVE_W32_SYSTEM)
+#if defined(HAVE_W32_SYSTEM) && !defined(FILE_FILTER_USES_STDIO)
         ulong size;
         static int (* __stdcall get_file_size_ex) (void *handle,
                                                    LARGE_INTEGER *r_size);
@@ -2239,7 +2247,7 @@
         log_error ("GetFileSize for handle %p failed: %s\n",
                    fp, w32_strerror (0));
 #else
-        if ( !fstat (FD2INT (fp), &st) )
+        if ( !fstat(my_fileno(fp), &st) )
           return st.st_size;
         log_error("fstat() failed: %s\n", strerror(errno) );
 #endif
@@ -2262,9 +2270,9 @@
     if (!a->chain && a->filter == file_filter)
       {
         file_filter_ctx_t *b = a->filter_ov;
-        gnupg_fd_t fp = b->fp;
+        fp_or_fd_t fp = b->fp;
 
-        return FD2INT (fp);
+        return my_fileno (fp);
       }
 
   return -1;
@@ -2331,7 +2339,7 @@
 	}
       clearerr (fp);
     }
-  else if (a->use != 3)  /* Not a temp stream.  */
+  else
     {
       for (; a; a = a->chain)
 	{
@@ -2343,6 +2351,13 @@
 	}
       if (!a)
 	return -1;
+#ifdef FILE_FILTER_USES_STDIO
+      if (fseeko (b->fp, newpos, SEEK_SET))
+	{
+	  log_error ("can't fseek: %s\n", strerror (errno));
+	  return -1;
+	}
+#else
 #ifdef HAVE_W32_SYSTEM
       if (SetFilePointer (b->fp, newpos, NULL, FILE_BEGIN) == 0xffffffff)
 	{
@@ -2357,9 +2372,9 @@
 	  return -1;
 	}
 #endif
+#endif
     }
-  if (a->use != 3)
-    a->d.len = 0;	/* Discard the buffer  unless it is a temp stream.  */
+  a->d.len = 0;			/* discard buffer */
   a->d.start = 0;
   a->nbytes = 0;
   a->nlimit = 0;
@@ -2381,9 +2396,7 @@
 
 
 /****************
- * Retrieve the real filename.  This is the filename actually used on
- * disk and not a made up one.  Returns NULL if no real filename is
- * available.
+ * Retrieve the real filename
  */
 const char *
 iobuf_get_real_fname (iobuf_t a)
@@ -2404,7 +2417,7 @@
 
 
 /****************
- * Retrieve the filename.  This name should only be used in diagnostics.
+ * Retrieve the filename
  */
 const char *
 iobuf_get_fname (iobuf_t a)
@@ -2418,16 +2431,6 @@
   return NULL;
 }
 
-/* Same as iobuf_get_fname but never returns NULL.  */
-const char *
-iobuf_get_fname_nonnull (iobuf_t a)
-{
-  const char *fname;
-
-  fname = iobuf_get_fname (a);
-  return fname? fname : "[?]";
-}
-
 
 /****************
  * enable partial block mode as described in the OpenPGP draft.
@@ -2524,12 +2527,10 @@
 static int
 translate_file_handle (int fd, int for_write)
 {
-#if defined(HAVE_W32CE_SYSTEM)
-  /* This is called only with one of the special filenames.  Under
-     W32CE the FD here is not a file descriptor but a rendezvous id,
-     thus we need to finish the pipe first.  */
-  fd = _assuan_w32ce_finish_pipe (fd, for_write);
-#elif defined(HAVE_W32_SYSTEM)
+#ifdef HAVE_W32_SYSTEM
+# ifdef FILE_FILTER_USES_STDIO
+  fd = translate_sys2libc_fd (fd, for_write);
+# else
   {
     int x;
 
@@ -2550,6 +2551,7 @@
 
     fd = x;
   }
+# endif
 #else
   (void)for_write;
 #endif
diff -Nru gnupg2-2.1.6/common/iobuf.h gnupg2-2.0.28/common/iobuf.h
--- gnupg2-2.1.6/common/iobuf.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/iobuf.h	2015-06-02 08:13:55.000000000 +0000
@@ -1,25 +1,14 @@
 /* iobuf.h - I/O buffer
- * Copyright (C) 1998, 1999, 2000, 2001, 2003,
- *               2010 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
  *
- * This file is part of GnuPG.
+ * This file is part of GNUPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GNUPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -31,12 +20,12 @@
 #ifndef GNUPG_COMMON_IOBUF_H
 #define GNUPG_COMMON_IOBUF_H
 
-#include "../common/types.h"
-#include "../common/sysutils.h"
+#include "../include/types.h" /* fixme: should be moved elsewhere. */
+
 
 #define DBG_IOBUF   iobuf_debug_mode
 
-/* Filter control modes.  */
+
 #define IOBUFCTRL_INIT	    1
 #define IOBUFCTRL_FREE	    2
 #define IOBUFCTRL_UNDERFLOW 3
@@ -45,17 +34,6 @@
 #define IOBUFCTRL_CANCEL    6
 #define IOBUFCTRL_USER	    16
 
-
-/* Command codes for iobuf_ioctl.  */
-typedef enum
-  {
-    IOBUF_IOCTL_KEEP_OPEN        = 1, /* Uses intval.  */
-    IOBUF_IOCTL_INVALIDATE_CACHE = 2, /* Uses ptrval.  */
-    IOBUF_IOCTL_NO_CACHE         = 3, /* Uses intval.  */
-    IOBUF_IOCTL_FSYNC            = 4  /* Uses ptrval.  */
-  } iobuf_ioctl_t;
-
-
 typedef struct iobuf_struct *iobuf_t;
 typedef struct iobuf_struct *IOBUF;  /* Compatibility with gpg 1.4. */
 
@@ -107,17 +85,13 @@
 iobuf_t iobuf_alloc (int use, size_t bufsize);
 iobuf_t iobuf_temp (void);
 iobuf_t iobuf_temp_with_content (const char *buffer, size_t length);
-iobuf_t iobuf_open_fd_or_name (gnupg_fd_t fd, const char *fname,
-                               const char *mode);
 iobuf_t iobuf_open (const char *fname);
 iobuf_t iobuf_fdopen (int fd, const char *mode);
-iobuf_t iobuf_fdopen_nc (int fd, const char *mode);
-iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open);
 iobuf_t iobuf_sockopen (int fd, const char *mode);
-iobuf_t iobuf_create (const char *fname, int mode700);
+iobuf_t iobuf_create (const char *fname);
 iobuf_t iobuf_append (const char *fname);
 iobuf_t iobuf_openrw (const char *fname);
-int iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval);
+int iobuf_ioctl (iobuf_t a, int cmd, int intval, void *ptrval);
 int iobuf_close (iobuf_t iobuf);
 int iobuf_cancel (iobuf_t iobuf);
 
@@ -157,17 +131,16 @@
 int  iobuf_get_fd (iobuf_t a);
 const char *iobuf_get_real_fname (iobuf_t a);
 const char *iobuf_get_fname (iobuf_t a);
-const char *iobuf_get_fname_nonnull (iobuf_t a);
 
 void iobuf_set_partial_block_mode (iobuf_t a, size_t len);
 
 void iobuf_skip_rest (iobuf_t a, unsigned long n, int partial);
 
 
-/* Get a byte from the iobuf; must check for eof prior to this
- * function.  This function returns values in the range 0 .. 255 or -1
- * to indicate EOF.  iobuf_get_noeof() does not return -1 to indicate
- * EOF, but masks the returned value to be in the range 0 .. 255.
+/* get a byte form the iobuf; must check for eof prior to this function
+ * this function returns values in the range 0 .. 255 or -1 to indicate EOF
+ * iobuf_get_noeof() does not return -1 to indicate EOF, but masks the
+ * returned value to be in the range 0 ..255.
  */
 #define iobuf_get(a)  \
      (	((a)->nofast || (a)->d.start >= (a)->d.len )?  \
diff -Nru gnupg2-2.1.6/common/keyserver.h gnupg2-2.0.28/common/keyserver.h
--- gnupg2-2.1.6/common/keyserver.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/keyserver.h	2015-06-02 08:13:55.000000000 +0000
@@ -1,5 +1,5 @@
 /* keyserver.h - Public definitions for gpg keyserver helpers.
- * Copyright (C) 2001, 2002, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2002 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -34,30 +34,9 @@
 #define KEYSERVER_KEY_EXISTS       7 /* key already exists */
 #define KEYSERVER_KEY_INCOMPLETE   8 /* key incomplete (EOF) */
 #define KEYSERVER_UNREACHABLE      9 /* unable to contact keyserver */
+#define KEYSERVER_TIMEOUT         10 /* timeout while accessing keyserver */
 
 /* Must be 127 due to shell internal magic. */
 #define KEYSERVER_SCHEME_NOT_FOUND 127
 
-/* Object to hold information pertaining to a keyserver; it further
-   allows to build a list of keyservers.  Note that g10/options.h has
-   a typedef for this.  FIXME: We should make use of the
-   parse_uri_t. */
-struct keyserver_spec
-{
-  struct keyserver_spec *next;
-  char *uri;
-  char *scheme;
-  char *auth;
-  char *host;
-  char *port;
-  char *path;
-  char *opaque;
-  strlist_t options;
-  struct
-  {
-    unsigned int direct_uri:1;
-  } flags;
-};
-
-
 #endif /*GNUPG_COMMON_KEYSERVER_H*/
diff -Nru gnupg2-2.1.6/common/localename.c gnupg2-2.0.28/common/localename.c
--- gnupg2-2.1.6/common/localename.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/localename.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,33 +1,23 @@
 /* localename.c - Determine the current selected locale.
- * Copyright (C) 1995-1999, 2000-2003, 2007,
- *               2008 Free Software Foundation, Inc.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public
- * License along with this program; if not, see .
- */
+   Copyright (C) 1995-1999, 2000-2003, 2007, 
+                 2008 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public License
+   as published by the Free Software Foundation; either version 2.1,
+   or (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this program; if not, see .
+*/
 /* Written by Ulrich Drepper , 1995.  */
 /* Win32 code written by Tor Lillqvist .  */
-/* Modified for GpgOL use by Werner Koch , 2005.  */
+/* Modified for GpgOL use by Werner Koch , 2005.  */ 
 /* Modified for GnuPG use by Werner Koch , 2007 */
 
 #ifdef HAVE_CONFIG_H
@@ -39,9 +29,8 @@
 #ifdef HAVE_LOCALE_H
 #include 
 #endif
-#include  /* We need gettext_localename for W32. */
 
-#include "../common/w32help.h"
+#include "../jnlib/w32help.h"
 
 /* XPG3 defines the result of 'setlocale (category, NULL)' as:
    "Directs 'setlocale()' to query 'category' and return the current
@@ -54,7 +43,7 @@
 #endif
 
 /* Use a dummy value for LC_MESSAGES in case it is not defined.  This
-   works because we always test for HAVE_LC_MESSAGES and the core
+   works becuase we always test for HAVE_LC_MESSAGES and the core
    fucntion takes the category as a string as well.  */
 #ifndef HAVE_LC_MESSAGES
 #define LC_MESSAGES 0
@@ -78,7 +67,7 @@
 # if defined HAVE_SETLOCALE && defined HAVE_LC_MESSAGES && defined HAVE_LOCALE_NULL
   (void)categoryname;
   retval = setlocale (category, NULL);
-# else
+# else 
   /* Setting of LC_ALL overwrites all other.  */
   retval = getenv ("LC_ALL");
   if (retval == NULL || retval[0] == '\0')
@@ -112,7 +101,7 @@
   const char *s;
 
 #ifdef HAVE_W32_SYSTEM
-  /* We use the localename function libgpg-error.  */
+  /* We use the localname function from ../jnlib/w32-gettext.c. */
   s = gettext_localename ();
 #else
   s = do_nl_locale_name (LC_MESSAGES, "LC_MESSAGES");
@@ -124,3 +113,4 @@
 
   return s;
 }
+
diff -Nru gnupg2-2.1.6/common/logging.c gnupg2-2.0.28/common/logging.c
--- gnupg2-2.1.6/common/logging.c	2015-06-20 12:54:54.000000000 +0000
+++ gnupg2-2.0.28/common/logging.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,936 +0,0 @@
-/* logging.c - Useful logging functions
- * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
- *               2009, 2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_W32_SYSTEM
-# ifdef HAVE_WINSOCK2_H
-#  include 
-# endif
-# include 
-#else /*!HAVE_W32_SYSTEM*/
-# include 
-# include 
-# include 
-# include 
-#endif /*!HAVE_W32_SYSTEM*/
-#include 
-#include 
-#include 
-
-
-#define GNUPG_COMMON_NEED_AFLOCAL 1
-#include "util.h"
-#include "i18n.h"
-#include "common-defs.h"
-#include "logging.h"
-
-#ifdef HAVE_W32_SYSTEM
-# define S_IRGRP S_IRUSR
-# define S_IROTH S_IRUSR
-# define S_IWGRP S_IWUSR
-# define S_IWOTH S_IWUSR
-#endif
-
-
-#ifdef HAVE_W32CE_SYSTEM
-# define isatty(a)  (0)
-#endif
-
-#undef WITH_IPV6
-#if defined (AF_INET6) && defined(PF_INET) \
-    && defined (INET6_ADDRSTRLEN) && defined(HAVE_INET_PTON)
-# define WITH_IPV6 1
-#endif
-
-#ifndef EAFNOSUPPORT
-# define EAFNOSUPPORT EINVAL
-#endif
-#ifndef INADDR_NONE  /* Slowaris is missing that.  */
-#define INADDR_NONE  ((unsigned long)(-1))
-#endif /*INADDR_NONE*/
-
-#ifdef HAVE_W32_SYSTEM
-#define sock_close(a)  closesocket(a)
-#else
-#define sock_close(a)  close(a)
-#endif
-
-
-static estream_t logstream;
-static int log_socket = -1;
-static char prefix_buffer[80];
-static int with_time;
-static int with_prefix;
-static int with_pid;
-#ifdef HAVE_W32_SYSTEM
-static int no_registry;
-#endif
-static int (*get_pid_suffix_cb)(unsigned long *r_value);
-static int running_detached;
-static int force_prefixes;
-
-static int missing_lf;
-static int errorcount;
-
-
-int
-log_get_errorcount (int clear)
-{
-    int n = errorcount;
-    if( clear )
-	errorcount = 0;
-    return n;
-}
-
-void
-log_inc_errorcount (void)
-{
-   errorcount++;
-}
-
-
-/* The following 3 functions are used by es_fopencookie to write logs
-   to a socket.  */
-struct fun_cookie_s
-{
-  int fd;
-  int quiet;
-  int want_socket;
-  int is_socket;
-#ifdef HAVE_W32CE_SYSTEM
-  int use_writefile;
-#endif
-  char name[1];
-};
-
-
-/* Write NBYTES of BUFFER to file descriptor FD. */
-static int
-writen (int fd, const void *buffer, size_t nbytes, int is_socket)
-{
-  const char *buf = buffer;
-  size_t nleft = nbytes;
-  int nwritten;
-#ifndef HAVE_W32_SYSTEM
-  (void)is_socket; /* Not required.  */
-#endif
-
-  while (nleft > 0)
-    {
-#ifdef HAVE_W32_SYSTEM
-      if (is_socket)
-        nwritten = send (fd, buf, nleft, 0);
-      else
-#endif
-        nwritten = write (fd, buf, nleft);
-
-      if (nwritten < 0 && errno == EINTR)
-        continue;
-      if (nwritten < 0)
-        return -1;
-      nleft -= nwritten;
-      buf = buf + nwritten;
-    }
-
-  return 0;
-}
-
-
-/* Returns true if STR represents a valid port number in decimal
-   notation and no garbage is following.  */
-static int
-parse_portno (const char *str, unsigned short *r_port)
-{
-  unsigned int value;
-
-  for (value=0; *str && (*str >= '0' && *str <= '9'); str++)
-    {
-      value = value * 10 + (*str - '0');
-      if (value > 65535)
-        return 0;
-    }
-  if (*str || !value)
-    return 0;
-
-  *r_port = value;
-  return 1;
-}
-
-
-static ssize_t
-fun_writer (void *cookie_arg, const void *buffer, size_t size)
-{
-  struct fun_cookie_s *cookie = cookie_arg;
-
-  /* FIXME: Use only estream with a callback for socket writing.  This
-     avoids the ugly mix of fd and estream code.  */
-
-  /* Note that we always try to reconnect to the socket but print
-     error messages only the first time an error occured.  If
-     RUNNING_DETACHED is set we don't fall back to stderr and even do
-     not print any error messages.  This is needed because detached
-     processes often close stderr and by writing to file descriptor 2
-     we might send the log message to a file not intended for logging
-     (e.g. a pipe or network connection). */
-  if (cookie->want_socket && cookie->fd == -1)
-    {
-#ifdef WITH_IPV6
-      struct sockaddr_in6 srvr_addr_in6;
-#endif
-      struct sockaddr_in srvr_addr_in;
-#ifndef HAVE_W32_SYSTEM
-      struct sockaddr_un srvr_addr_un;
-#endif
-      size_t addrlen;
-      struct sockaddr *srvr_addr = NULL;
-      unsigned short port = 0;
-      int af = AF_LOCAL;
-      int pf = PF_LOCAL;
-      const char *name = cookie->name;
-
-      /* Not yet open or meanwhile closed due to an error. */
-      cookie->is_socket = 0;
-
-      /* Check whether this is a TCP socket or a local socket.  */
-      if (!strncmp (name, "tcp://", 6) && name[6])
-        {
-          name += 6;
-          af = AF_INET;
-          pf = PF_INET;
-        }
-#ifndef HAVE_W32_SYSTEM
-      else if (!strncmp (name, "socket://", 9) && name[9])
-        name += 9;
-#endif
-
-      if (af == AF_LOCAL)
-        {
-#ifdef HAVE_W32_SYSTEM
-          addrlen = 0;
-#else
-          memset (&srvr_addr, 0, sizeof srvr_addr);
-          srvr_addr_un.sun_family = af;
-          strncpy (srvr_addr_un.sun_path,
-                   name, sizeof (srvr_addr_un.sun_path)-1);
-          srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0;
-          srvr_addr = (struct sockaddr *)&srvr_addr_un;
-          addrlen = SUN_LEN (&srvr_addr_un);
-#endif
-        }
-      else
-        {
-          char *addrstr, *p;
-#ifdef HAVE_INET_PTON
-          void *addrbuf = NULL;
-#endif /*HAVE_INET_PTON*/
-
-          addrstr = xtrymalloc (strlen (name) + 1);
-          if (!addrstr)
-            addrlen = 0; /* This indicates an error.  */
-          else if (*name == '[')
-            {
-              /* Check for IPv6 literal address.  */
-              strcpy (addrstr, name+1);
-              p = strchr (addrstr, ']');
-              if (!p || p[1] != ':' || !parse_portno (p+2, &port))
-                {
-                  gpg_err_set_errno (EINVAL);
-                  addrlen = 0;
-                }
-              else
-                {
-                  *p = 0;
-#ifdef WITH_IPV6
-                  af = AF_INET6;
-                  pf = PF_INET6;
-                  memset (&srvr_addr_in6, 0, sizeof srvr_addr_in6);
-                  srvr_addr_in6.sin6_family = af;
-                  srvr_addr_in6.sin6_port = htons (port);
-#ifdef HAVE_INET_PTON
-                  addrbuf = &srvr_addr_in6.sin6_addr;
-#endif /*HAVE_INET_PTON*/
-                  srvr_addr = (struct sockaddr *)&srvr_addr_in6;
-                  addrlen = sizeof srvr_addr_in6;
-#else
-                  gpg_err_set_errno (EAFNOSUPPORT);
-                  addrlen = 0;
-#endif
-                }
-            }
-          else
-            {
-              /* Check for IPv4 literal address.  */
-              strcpy (addrstr, name);
-              p = strchr (addrstr, ':');
-              if (!p || !parse_portno (p+1, &port))
-                {
-                  gpg_err_set_errno (EINVAL);
-                  addrlen = 0;
-                }
-              else
-                {
-                  *p = 0;
-                  memset (&srvr_addr_in, 0, sizeof srvr_addr_in);
-                  srvr_addr_in.sin_family = af;
-                  srvr_addr_in.sin_port = htons (port);
-#ifdef HAVE_INET_PTON
-                  addrbuf = &srvr_addr_in.sin_addr;
-#endif /*HAVE_INET_PTON*/
-                  srvr_addr = (struct sockaddr *)&srvr_addr_in;
-                  addrlen = sizeof srvr_addr_in;
-                }
-            }
-
-          if (addrlen)
-            {
-#ifdef HAVE_INET_PTON
-              if (inet_pton (af, addrstr, addrbuf) != 1)
-                addrlen = 0;
-#else /*!HAVE_INET_PTON*/
-              /* We need to use the old function.  If we are here v6
-                 support isn't enabled anyway and thus we can do fine
-                 without.  Note that Windows has a compatible inet_pton
-                 function named inetPton, but only since Vista.  */
-              srvr_addr_in.sin_addr.s_addr = inet_addr (addrstr);
-              if (srvr_addr_in.sin_addr.s_addr == INADDR_NONE)
-                addrlen = 0;
-#endif /*!HAVE_INET_PTON*/
-            }
-
-          xfree (addrstr);
-        }
-
-      cookie->fd = addrlen? socket (pf, SOCK_STREAM, 0) : -1;
-      if (cookie->fd == -1)
-        {
-          if (!cookie->quiet && !running_detached
-              && isatty (es_fileno (es_stderr)))
-            es_fprintf (es_stderr, "failed to create socket for logging: %s\n",
-                        strerror(errno));
-        }
-      else
-        {
-          if (connect (cookie->fd, srvr_addr, addrlen) == -1)
-            {
-              if (!cookie->quiet && !running_detached
-                  && isatty (es_fileno (es_stderr)))
-                es_fprintf (es_stderr, "can't connect to '%s': %s\n",
-                            cookie->name, strerror(errno));
-              sock_close (cookie->fd);
-              cookie->fd = -1;
-            }
-        }
-
-      if (cookie->fd == -1)
-        {
-          if (!running_detached)
-            {
-              /* Due to all the problems with apps not running
-                 detached but being called with stderr closed or used
-                 for a different purposes, it does not make sense to
-                 switch to stderr.  We therefore disable it. */
-              if (!cookie->quiet)
-                {
-                  /* fputs ("switching logging to stderr\n", stderr);*/
-                  cookie->quiet = 1;
-                }
-              cookie->fd = -1; /*fileno (stderr);*/
-            }
-        }
-      else /* Connection has been established. */
-        {
-          cookie->quiet = 0;
-          cookie->is_socket = 1;
-        }
-    }
-
-  log_socket = cookie->fd;
-  if (cookie->fd != -1)
-    {
-#ifdef HAVE_W32CE_SYSTEM
-      if (cookie->use_writefile)
-        {
-          DWORD nwritten;
-
-          WriteFile ((HANDLE)cookie->fd, buffer, size, &nwritten, NULL);
-          return (ssize_t)size; /* Okay.  */
-        }
-#endif
-      if (!writen (cookie->fd, buffer, size, cookie->is_socket))
-        return (ssize_t)size; /* Okay. */
-    }
-
-  if (!running_detached && cookie->fd != -1
-      && isatty (es_fileno (es_stderr)))
-    {
-      if (*cookie->name)
-        es_fprintf (es_stderr, "error writing to '%s': %s\n",
-                    cookie->name, strerror(errno));
-      else
-        es_fprintf (es_stderr, "error writing to file descriptor %d: %s\n",
-                    cookie->fd, strerror(errno));
-    }
-  if (cookie->is_socket && cookie->fd != -1)
-    {
-      sock_close (cookie->fd);
-      cookie->fd = -1;
-      log_socket = -1;
-    }
-
-  return (ssize_t)size;
-}
-
-
-static int
-fun_closer (void *cookie_arg)
-{
-  struct fun_cookie_s *cookie = cookie_arg;
-
-  if (cookie->fd != -1 && cookie->fd != 2)
-    sock_close (cookie->fd);
-  xfree (cookie);
-  log_socket = -1;
-  return 0;
-}
-
-
-/* Common function to either set the logging to a file or a file
-   descriptor. */
-static void
-set_file_fd (const char *name, int fd)
-{
-  estream_t fp;
-  int want_socket;
-#ifdef HAVE_W32CE_SYSTEM
-  int use_writefile = 0;
-#endif
-  struct fun_cookie_s *cookie;
-
-  /* Close an open log stream.  */
-  if (logstream)
-    {
-      es_fclose (logstream);
-      logstream = NULL;
-    }
-
-  /* Figure out what kind of logging we want.  */
-  if (name && !strcmp (name, "-"))
-    {
-      name = NULL;
-      fd = es_fileno (es_stderr);
-    }
-
-  want_socket = 0;
-  if (name && !strncmp (name, "tcp://", 6) && name[6])
-    want_socket = 1;
-#ifndef HAVE_W32_SYSTEM
-  else if (name && !strncmp (name, "socket://", 9) && name[9])
-    want_socket = 2;
-#endif /*HAVE_W32_SYSTEM*/
-#ifdef HAVE_W32CE_SYSTEM
-  else if (name && !strcmp (name, "GPG2:"))
-    {
-      HANDLE hd;
-
-      ActivateDevice (L"Drivers\\"GNUPG_NAME"_Log", 0);
-      /* Ignore a filename and write the debug output to the GPG2:
-         device.  */
-      hd = CreateFile (L"GPG2:", GENERIC_WRITE,
-                       FILE_SHARE_READ | FILE_SHARE_WRITE,
-                       NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
-      fd = (hd == INVALID_HANDLE_VALUE)? -1 : (int)hd;
-      name = NULL;
-      force_prefixes = 1;
-      use_writefile = 1;
-    }
-#endif /*HAVE_W32CE_SYSTEM*/
-
-  /* Setup a new stream.  */
-
-  /* The xmalloc below is justified because we can expect that this
-     function is called only during initialization and there is no
-     easy way out of this error condition.  */
-  cookie = xmalloc (sizeof *cookie + (name? strlen (name):0));
-  strcpy (cookie->name, name? name:"");
-  cookie->quiet = 0;
-  cookie->is_socket = 0;
-  cookie->want_socket = want_socket;
-#ifdef HAVE_W32CE_SYSTEM
-  cookie->use_writefile = use_writefile;
-#endif
-  if (!name)
-    cookie->fd = fd;
-  else if (want_socket)
-    cookie->fd = -1;
-  else
-    {
-      do
-        cookie->fd = open (name, O_WRONLY|O_APPEND|O_CREAT,
-                           (S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR|S_IWGRP|S_IWOTH));
-      while (cookie->fd == -1 && errno == EINTR);
-    }
-  log_socket = cookie->fd;
-
-  {
-    es_cookie_io_functions_t io = { NULL };
-    io.func_write = fun_writer;
-    io.func_close = fun_closer;
-
-    fp = es_fopencookie (cookie, "w", io);
-  }
-
-  /* On error default to a stderr based estream.  */
-  if (!fp)
-    fp = es_stderr;
-
-  es_setvbuf (fp, NULL, _IOLBF, 0);
-
-  logstream = fp;
-
-  /* We always need to print the prefix and the pid for socket mode,
-     so that the server reading the socket can do something
-     meaningful. */
-  force_prefixes = want_socket;
-
-  missing_lf = 0;
-}
-
-
-/* Set the file to write log to.  The special names NULL and "-" may
-   be used to select stderr and names formatted like
-   "socket:///home/foo/mylogs" may be used to write the logging to the
-   socket "/home/foo/mylogs".  If the connection to the socket fails
-   or a write error is detected, the function writes to stderr and
-   tries the next time again to connect the socket.
-  */
-void
-log_set_file (const char *name)
-{
-  set_file_fd (name? name: "-", -1);
-}
-
-void
-log_set_fd (int fd)
-{
-  set_file_fd (NULL, fd);
-}
-
-
-void
-log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value))
-{
-  get_pid_suffix_cb = cb;
-}
-
-
-void
-log_set_prefix (const char *text, unsigned int flags)
-{
-  if (text)
-    {
-      strncpy (prefix_buffer, text, sizeof (prefix_buffer)-1);
-      prefix_buffer[sizeof (prefix_buffer)-1] = 0;
-    }
-
-  with_prefix = (flags & GPGRT_LOG_WITH_PREFIX);
-  with_time = (flags & GPGRT_LOG_WITH_TIME);
-  with_pid  = (flags & GPGRT_LOG_WITH_PID);
-  running_detached = (flags & GPGRT_LOG_RUN_DETACHED);
-#ifdef HAVE_W32_SYSTEM
-  no_registry = (flags & GPGRT_LOG_NO_REGISTRY);
-#endif
-}
-
-
-const char *
-log_get_prefix (unsigned int *flags)
-{
-  if (flags)
-    {
-      *flags = 0;
-      if (with_prefix)
-        *flags |= GPGRT_LOG_WITH_PREFIX;
-      if (with_time)
-        *flags |= GPGRT_LOG_WITH_TIME;
-      if (with_pid)
-        *flags |= GPGRT_LOG_WITH_PID;
-      if (running_detached)
-        *flags |= GPGRT_LOG_RUN_DETACHED;
-#ifdef HAVE_W32_SYSTEM
-      if (no_registry)
-        *flags |= GPGRT_LOG_NO_REGISTRY;
-#endif
-    }
-  return prefix_buffer;
-}
-
-/* This function returns true if the file descriptor FD is in use for
-   logging.  This is preferable over a test using log_get_fd in that
-   it allows the logging code to use more then one file descriptor.  */
-int
-log_test_fd (int fd)
-{
-  if (logstream)
-    {
-      int tmp = es_fileno (logstream);
-      if ( tmp != -1 && tmp == fd)
-        return 1;
-    }
-  if (log_socket != -1 && log_socket == fd)
-    return 1;
-  return 0;
-}
-
-int
-log_get_fd ()
-{
-  return logstream? es_fileno(logstream) : -1;
-}
-
-estream_t
-log_get_stream ()
-{
-  if (!logstream)
-    {
-      log_set_file (NULL); /* Make sure a log stream has been set.  */
-      assert (logstream);
-    }
-  return logstream;
-}
-
-static void
-do_logv (int level, int ignore_arg_ptr, const char *fmt, va_list arg_ptr)
-{
-  if (!logstream)
-    {
-#ifdef HAVE_W32_SYSTEM
-      char *tmp;
-
-      tmp = (no_registry
-             ? NULL
-             : read_w32_registry_string (NULL, GNUPG_REGISTRY_DIR,
-                                         "DefaultLogFile"));
-      log_set_file (tmp && *tmp? tmp : NULL);
-      xfree (tmp);
-#else
-      log_set_file (NULL); /* Make sure a log stream has been set.  */
-#endif
-      assert (logstream);
-    }
-
-  es_flockfile (logstream);
-  if (missing_lf && level != GPGRT_LOG_CONT)
-    es_putc_unlocked ('\n', logstream );
-  missing_lf = 0;
-
-  if (level != GPGRT_LOG_CONT)
-    { /* Note this does not work for multiple line logging as we would
-       * need to print to a buffer first */
-      if (with_time && !force_prefixes)
-        {
-          struct tm *tp;
-          time_t atime = time (NULL);
-
-          tp = localtime (&atime);
-          es_fprintf_unlocked (logstream, "%04d-%02d-%02d %02d:%02d:%02d ",
-                               1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
-                               tp->tm_hour, tp->tm_min, tp->tm_sec );
-        }
-      if (with_prefix || force_prefixes)
-        es_fputs_unlocked (prefix_buffer, logstream);
-      if (with_pid || force_prefixes)
-        {
-          unsigned long pidsuf;
-          int pidfmt;
-
-          if (get_pid_suffix_cb && (pidfmt=get_pid_suffix_cb (&pidsuf)))
-            es_fprintf_unlocked (logstream, pidfmt == 1? "[%u.%lu]":"[%u.%lx]",
-                                 (unsigned int)getpid (), pidsuf);
-          else
-            es_fprintf_unlocked (logstream, "[%u]", (unsigned int)getpid ());
-        }
-      if (!with_time || force_prefixes)
-        es_putc_unlocked (':', logstream);
-      /* A leading backspace suppresses the extra space so that we can
-         correctly output, programname, filename and linenumber. */
-      if (fmt && *fmt == '\b')
-        fmt++;
-      else
-        es_putc_unlocked (' ', logstream);
-    }
-
-  switch (level)
-    {
-    case GPGRT_LOG_BEGIN: break;
-    case GPGRT_LOG_CONT: break;
-    case GPGRT_LOG_INFO: break;
-    case GPGRT_LOG_WARN: break;
-    case GPGRT_LOG_ERROR: break;
-    case GPGRT_LOG_FATAL: es_fputs_unlocked ("Fatal: ",logstream ); break;
-    case GPGRT_LOG_BUG:   es_fputs_unlocked ("Ohhhh jeeee: ", logstream); break;
-    case GPGRT_LOG_DEBUG: es_fputs_unlocked ("DBG: ", logstream ); break;
-    default:
-      es_fprintf_unlocked (logstream,"[Unknown log level %d]: ", level);
-      break;
-    }
-
-  if (fmt)
-    {
-      if (ignore_arg_ptr)
-        es_fputs_unlocked (fmt, logstream);
-      else
-        es_vfprintf_unlocked (logstream, fmt, arg_ptr);
-      if (*fmt && fmt[strlen(fmt)-1] != '\n')
-        missing_lf = 1;
-    }
-
-  if (level == GPGRT_LOG_FATAL)
-    {
-      if (missing_lf)
-        es_putc_unlocked ('\n', logstream);
-      es_funlockfile (logstream);
-      exit (2);
-    }
-  else if (level == GPGRT_LOG_BUG)
-    {
-      if (missing_lf)
-        es_putc_unlocked ('\n', logstream );
-      es_funlockfile (logstream);
-      abort ();
-    }
-  else
-    es_funlockfile (logstream);
-}
-
-
-void
-log_log (int level, const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt) ;
-  do_logv (level, 0, fmt, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-void
-log_logv (int level, const char *fmt, va_list arg_ptr)
-{
-  do_logv (level, 0, fmt, arg_ptr);
-}
-
-
-static void
-do_log_ignore_arg (int level, const char *str, ...)
-{
-  va_list arg_ptr;
-  va_start (arg_ptr, str);
-  do_logv (level, 1, str, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-void
-log_string (int level, const char *string)
-{
-  /* We need a dummy arg_ptr, but there is no portable way to create
-     one.  So we call the do_logv function through a variadic wrapper.
-     MB: Why not just use "%s"?  */
-  do_log_ignore_arg (level, string);
-}
-
-
-void
-log_info (const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_INFO, 0, fmt, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-void
-log_error (const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_ERROR, 0, fmt, arg_ptr);
-  va_end (arg_ptr);
-  /* Protect against counter overflow.  */
-  if (errorcount < 30000)
-    errorcount++;
-}
-
-
-void
-log_fatal (const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_FATAL, 0, fmt, arg_ptr);
-  va_end (arg_ptr);
-  abort (); /* Never called; just to make the compiler happy.  */
-}
-
-
-void
-log_bug (const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_BUG, 0, fmt, arg_ptr);
-  va_end (arg_ptr);
-  abort (); /* Never called; just to make the compiler happy.  */
-}
-
-
-void
-log_debug (const char *fmt, ...)
-{
-  va_list arg_ptr ;
-
-  va_start (arg_ptr, fmt);
-  do_logv (GPGRT_LOG_DEBUG, 0, fmt, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-void
-log_printf (const char *fmt, ...)
-{
-  va_list arg_ptr;
-
-  va_start (arg_ptr, fmt);
-  do_logv (fmt ? GPGRT_LOG_CONT : GPGRT_LOG_BEGIN, 0, fmt, arg_ptr);
-  va_end (arg_ptr);
-}
-
-
-/* Flush the log - this is useful to make sure that the trailing
-   linefeed has been printed.  */
-void
-log_flush (void)
-{
-  do_log_ignore_arg (GPGRT_LOG_CONT, NULL);
-}
-
-
-/* Print a hexdump of BUFFER.  With TEXT of NULL print just the raw
-   dump, with TEXT just an empty string, print a trailing linefeed,
-   otherwise print an entire debug line. */
-void
-log_printhex (const char *text, const void *buffer, size_t length)
-{
-  if (text && *text)
-    log_debug ("%s ", text);
-  if (length)
-    {
-      const unsigned char *p = buffer;
-      log_printf ("%02X", *p);
-      for (length--, p++; length--; p++)
-        log_printf (" %02X", *p);
-    }
-  if (text)
-    log_printf ("\n");
-}
-
-
-/*
-void
-log_printcanon () {}
-is found in sexputils.c
-*/
-
-/*
-void
-log_printsexp () {}
-is found in sexputils.c
-*/
-
-
-void
-log_clock (const char *string)
-{
-#if 0
-  static unsigned long long initial;
-  struct timespec tv;
-  unsigned long long now;
-
-  if (clock_gettime (CLOCK_REALTIME, &tv))
-    {
-      log_debug ("error getting the realtime clock value\n");
-      return;
-    }
-  now = tv.tv_sec * 1000000000ull;
-  now += tv.tv_nsec;
-
-  if (!initial)
-    initial = now;
-
-  log_debug ("[%6llu] %s", (now - initial)/1000, string);
-#else
-  /* You need to link with -ltr to enable the above code.  */
-  log_debug ("[not enabled in the source] %s", string);
-#endif
-}
-
-
-#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
-void
-bug_at( const char *file, int line, const char *func )
-{
-  log_log (GPGRT_LOG_BUG, ("... this is a bug (%s:%d:%s)\n"), file, line, func);
-  abort (); /* Never called; just to make the compiler happy.  */
-}
-#else
-void
-bug_at( const char *file, int line )
-{
-  log_log (GPGRT_LOG_BUG, _("you found a bug ... (%s:%d)\n"), file, line);
-  abort (); /* Never called; just to make the compiler happy.  */
-}
-#endif
diff -Nru gnupg2-2.1.6/common/logging.h gnupg2-2.0.28/common/logging.h
--- gnupg2-2.1.6/common/logging.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/logging.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,99 +0,0 @@
-/* logging.h
- * Copyright (C) 1999, 2000, 2001, 2004, 2006,
- *               2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifndef GNUPG_COMMON_LOGGING_H
-#define GNUPG_COMMON_LOGGING_H
-
-#include 
-#include 
-#include "mischelp.h"
-#include "w32help.h"
-
-int  log_get_errorcount (int clear);
-void log_inc_errorcount (void);
-void log_set_file( const char *name );
-void log_set_fd (int fd);
-void log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value));
-void log_set_prefix (const char *text, unsigned int flags);
-const char *log_get_prefix (unsigned int *flags);
-int log_test_fd (int fd);
-int  log_get_fd(void);
-estream_t log_get_stream (void);
-
-#ifdef GPGRT_GCC_M_FUNCTION
-  void bug_at( const char *file, int line, const char *func ) GPGRT_GCC_A_NR;
-# define BUG() bug_at( __FILE__ , __LINE__, __FUNCTION__ )
-#else
-  void bug_at( const char *file, int line );
-# define BUG() bug_at( __FILE__ , __LINE__ )
-#endif
-
-/* Flag values for log_set_prefix. */
-#define GPGRT_LOG_WITH_PREFIX  1
-#define GPGRT_LOG_WITH_TIME    2
-#define GPGRT_LOG_WITH_PID     4
-#define GPGRT_LOG_RUN_DETACHED 256
-#define GPGRT_LOG_NO_REGISTRY  512
-
-/* Log levels as used by log_log.  */
-enum jnlib_log_levels {
-    GPGRT_LOG_BEGIN,
-    GPGRT_LOG_CONT,
-    GPGRT_LOG_INFO,
-    GPGRT_LOG_WARN,
-    GPGRT_LOG_ERROR,
-    GPGRT_LOG_FATAL,
-    GPGRT_LOG_BUG,
-    GPGRT_LOG_DEBUG
-};
-void log_log (int level, const char *fmt, ...) GPGRT_GCC_A_PRINTF(2,3);
-void log_logv (int level, const char *fmt, va_list arg_ptr);
-void log_string (int level, const char *string);
-
-
-void log_bug( const char *fmt, ... )	GPGRT_GCC_A_NR_PRINTF(1,2);
-void log_fatal( const char *fmt, ... )	GPGRT_GCC_A_NR_PRINTF(1,2);
-void log_error( const char *fmt, ... )	GPGRT_GCC_A_PRINTF(1,2);
-void log_info( const char *fmt, ... )	GPGRT_GCC_A_PRINTF(1,2);
-void log_debug( const char *fmt, ... )	GPGRT_GCC_A_PRINTF(1,2);
-void log_printf( const char *fmt, ... ) GPGRT_GCC_A_PRINTF(1,2);
-void log_flush (void);
-
-/* Print a hexdump of BUFFER.  With TEXT passes as NULL print just the
-   raw dump, with TEXT being an empty string, print a trailing
-   linefeed, otherwise print an entire debug line with TEXT followed
-   by the hexdump and a final LF.  */
-void log_printhex (const char *text, const void *buffer, size_t length);
-
-void log_clock (const char *string);
-
-
-#endif /*GNUPG_COMMON_LOGGING_H*/
diff -Nru gnupg2-2.1.6/common/Makefile.am gnupg2-2.0.28/common/Makefile.am
--- gnupg2-2.1.6/common/Makefile.am	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/Makefile.am	2015-06-02 08:13:55.000000000 +0000
@@ -1,5 +1,5 @@
 # Makefile for common gnupg modules
-# Copyright (C) 2001, 2003, 2007, 2010 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2003, 2007 Free Software Foundation, Inc.
 #
 # This file is part of GnuPG.
 #
@@ -18,15 +18,11 @@
 
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk ChangeLog-2011 \
-             audit-events.h status-codes.h ChangeLog.jnlib \
-	     ChangeLog-2011.include w32info-rc.h.in gnupg.ico tls-ca.pem
-
-noinst_LIBRARIES = libcommon.a libcommonpth.a libgpgrl.a \
-                   libcommontls.a libcommontlsnpth.a
-if !HAVE_W32CE_SYSTEM
-noinst_LIBRARIES += libsimple-pwquery.a
-endif
+EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk \
+             audit-events.h status-codes.h ChangeLog-2011 \
+	     w32info-rc.h.in gnupg.ico
+
+noinst_LIBRARIES = libcommon.a libcommonpth.a libsimple-pwquery.a libgpgrl.a
 noinst_PROGRAMS = $(module_tests) $(module_maint_tests)
 TESTS = $(module_tests)
 
@@ -34,26 +30,16 @@
 
 MAINTAINERCLEANFILES = audit-events.h status-codes.h
 
-AM_CPPFLAGS =
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl
 
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
 
 include $(top_srcdir)/am/cmacros.am
 
-
 common_sources = \
 	common-defs.h \
 	util.h i18n.c i18n.h \
-	types.h host2net.h dynload.h w32help.h \
-	mapstrings.c stringhelp.c stringhelp.h \
-	strlist.c strlist.h \
-	utf8conv.c utf8conv.h \
-	argparse.c argparse.h \
-	logging.c logging.h  \
-	dotlock.c dotlock.h  \
-        mischelp.c mischelp.h \
 	status.c status.h\
-	shareddefs.h \
 	openpgpdefs.h \
 	gc-opt-flags.h \
 	keyserver.h \
@@ -63,81 +49,52 @@
 	sexputil.c \
 	sysutils.c sysutils.h \
 	homedir.c \
-	gettime.c gettime.h \
+	gettime.c \
 	yesno.c \
-	b64enc.c b64dec.c zb32.c \
+	b64enc.c b64dec.c \
+	zb32.c \
 	convert.c \
 	percent.c \
-	mbox-util.c mbox-util.h \
 	miscellaneous.c \
 	xasprintf.c \
 	xreadline.c \
 	membuf.c membuf.h \
 	iobuf.c iobuf.h \
 	ttyio.c ttyio.h \
-	asshelp.c asshelp2.c asshelp.h \
-	exechelp.h \
+	asshelp.c asshelp.h \
+	exechelp.c exechelp.h \
 	signal.c \
+	estream.c estream.h estream-printf.c estream-printf.h \
 	audit.c audit.h \
 	srv.h \
+	dns-cert.c dns-cert.h \
+	pka.c pka.h \
+	http.c http.h \
 	localename.c \
 	session-env.c session-env.h \
-	userids.c userids.h \
-	openpgp-oid.c \
 	ssh-utils.c ssh-utils.h \
-	agent-opt.c \
 	helpfile.c
 
-if HAVE_W32_SYSTEM
-common_sources += w32-reg.c w32-afunix.c w32-afunix.h
-endif
-
-# Sources possible requiring a TLS library are put into a separate
-# conveince library.
-tls_sources = \
-	http.c http.h
-
-
-# To make the code easier to read we have split home some code into
-# separate source files.
-if HAVE_W32_SYSTEM
-if HAVE_W32CE_SYSTEM
-common_sources += exechelp-w32ce.c
-else
-common_sources += exechelp-w32.c
-endif
-else
-common_sources += exechelp-posix.c
-endif
-
-# Sources only useful without NPTH.
-without_npth_sources = \
+# Sources only useful without PTH.
+without_pth_sources = \
         get-passphrase.c get-passphrase.h
 
 
-libcommon_a_SOURCES = $(common_sources) $(without_npth_sources)
+libcommon_a_SOURCES = $(common_sources) $(without_pth_sources)
 if USE_DNS_SRV
 libcommon_a_SOURCES += srv.c
 endif
-libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_NPTH=1
+libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_GNU_PTH=1
 
 libcommonpth_a_SOURCES = $(common_sources)
 if USE_DNS_SRV
 libcommonpth_a_SOURCES += srv.c
 endif
-libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
-
-libcommontls_a_SOURCES = $(tls_sources)
-libcommontls_a_CFLAGS = $(AM_CFLAGS) $(LIBGNUTLS_CFLAGS) -DWITHOUT_NPTH=1
+libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
 
-libcommontlsnpth_a_SOURCES = $(tls_sources)
-libcommontlsnpth_a_CFLAGS = $(AM_CFLAGS) $(LIBGNUTLS_CFLAGS) $(NPTH_CFLAGS)
-
-if !HAVE_W32CE_SYSTEM
 libsimple_pwquery_a_SOURCES = \
 	simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h
 libsimple_pwquery_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
-endif
 
 libgpgrl_a_SOURCES = \
         gpgrlhelp.c
@@ -151,53 +108,29 @@
 # is a distributed built source.  If we would not do that we may end
 # up with two files and then it is not clear which version of the
 # files will be picked up.
-audit-events.h: Makefile.am mkstrtable.awk exaudit.awk audit.h
+audit-events.h: Makefile mkstrtable.awk exaudit.awk audit.h
 	$(AWK) -f $(srcdir)/exaudit.awk $(srcdir)/audit.h \
 	  | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
 		   -v namespace=eventstr_  > $(srcdir)/audit-events.h
 
 # Create the status-codes.h include file from status.h
-status-codes.h: Makefile.am mkstrtable.awk exstatus.awk status.h
+status-codes.h: Makefile mkstrtable.awk exstatus.awk status.h
 	$(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \
 	  | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
 		   -v namespace=statusstr_  > $(srcdir)/status-codes.h
+
 endif
 
+
 #
 # Module tests
 #
-module_tests = t-stringhelp t-timestuff \
-               t-convert t-percent t-gettime t-sysutils t-sexputil \
-	       t-session-env t-openpgp-oid t-ssh-utils \
-	       t-mapstrings t-zb32 t-mbox-util
-if !HAVE_W32CE_SYSTEM
-module_tests += t-exechelp
-endif
-if HAVE_W32_SYSTEM
-module_tests += t-w32-reg
-endif
-
-if MAINTAINER_MODE
-module_maint_tests = t-helpfile t-b64 t-http
-else
-module_maint_tests =
-endif
-
-t_extra_src = t-support.h
+module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil t-exechelp \
+	       t-session-env t-ssh-utils
+module_maint_tests = t-helpfile t-b64
 
-t_common_cflags = $(KSBA_CFLAGS) $(LIBGCRYPT_CFLAGS) \
-                  $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
-t_common_ldadd = libcommon.a \
-                 $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
-	         $(LIBINTL) $(LIBICONV)
-
-
-# Common tests
-t_stringhelp_SOURCES = t-stringhelp.c $(t_extra_src)
-t_stringhelp_LDADD = $(t_common_ldadd)
-
-t_timestuff_SOURCES = t-timestuff.c $(t_extra_src)
-t_timestuff_LDADD = $(t_common_ldadd)
+t_common_ldadd = libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a \
+                 $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
 
 t_convert_LDADD = $(t_common_ldadd)
 t_percent_LDADD = $(t_common_ldadd)
@@ -208,23 +141,4 @@
 t_b64_LDADD = $(t_common_ldadd)
 t_exechelp_LDADD = $(t_common_ldadd)
 t_session_env_LDADD = $(t_common_ldadd)
-t_openpgp_oid_LDADD = $(t_common_ldadd)
 t_ssh_utils_LDADD = $(t_common_ldadd)
-t_mapstrings_LDADD = $(t_common_ldadd)
-t_zb32_LDADD = $(t_common_ldadd)
-t_mbox_util_LDADD = $(t_common_ldadd)
-
-# System specific test
-if HAVE_W32_SYSTEM
-t_w32_reg_SOURCES = t-w32-reg.c $(t_extra_src)
-t_w32_reg_LDADD   = $(t_common_ldadd)
-endif
-
-# http tests
-t_http_SOURCES = t-http.c
-t_http_CFLAGS  = $(t_common_cflags) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS)
-t_http_LDADD   = libcommontls.a $(t_common_ldadd) \
-	         $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
-
-# All programs should depend on the created libs.
-$(PROGRAMS) : libcommon.a libcommonpth.a libcommontls.a libcommontlsnpth.a
diff -Nru gnupg2-2.1.6/common/Makefile.in gnupg2-2.0.28/common/Makefile.in
--- gnupg2-2.1.6/common/Makefile.in	2015-07-01 12:17:03.000000000 +0000
+++ gnupg2-2.0.28/common/Makefile.in	2015-06-02 12:34:28.000000000 +0000
@@ -15,7 +15,7 @@
 @SET_MAKE@
 
 # Makefile for common gnupg modules
-# Copyright (C) 2001, 2003, 2007, 2010 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2003, 2007 Free Software Foundation, Inc.
 #
 # This file is part of GnuPG.
 #
@@ -115,59 +115,55 @@
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@HAVE_W32CE_SYSTEM_FALSE@am__append_1 = libsimple-pwquery.a
-noinst_PROGRAMS = $(am__EXEEXT_3) $(am__EXEEXT_4)
-TESTS = $(am__EXEEXT_3)
+noinst_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2)
+TESTS = $(am__EXEEXT_1)
 DIST_COMMON = $(top_srcdir)/am/cmacros.am $(srcdir)/Makefile.in \
-	$(srcdir)/Makefile.am $(top_srcdir)/build-aux/mkinstalldirs \
-	$(srcdir)/w32info-rc.h.in $(top_srcdir)/build-aux/depcomp \
-	README
-@HAVE_DOSISH_SYSTEM_FALSE@am__append_2 = -DGNUPG_BINDIR="\"$(bindir)\""            \
+	$(srcdir)/Makefile.am $(top_srcdir)/scripts/mkinstalldirs \
+	$(srcdir)/w32info-rc.h.in $(top_srcdir)/scripts/depcomp README
+@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\""            \
 @HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LIBEXECDIR="\"$(libexecdir)\""    \
 @HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\""  \
 @HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
-@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" \
-@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LOCALSTATEDIR="\"$(localstatedir)\""
+@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\""
 
 
 # If a specific protect tool program has been defined, pass its name
 # to cc.  Note that these macros should not be used directly but via
 # the gnupg_module_name function.
-@GNUPG_AGENT_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
-@GNUPG_PINENTRY_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
-@GNUPG_SCDAEMON_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_8 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
-@HAVE_W32_SYSTEM_TRUE@am__append_9 = w32-reg.c w32-afunix.c w32-afunix.h
-
-# To make the code easier to read we have split home some code into
-# separate source files.
-@HAVE_W32CE_SYSTEM_TRUE@@HAVE_W32_SYSTEM_TRUE@am__append_10 = exechelp-w32ce.c
-@HAVE_W32CE_SYSTEM_FALSE@@HAVE_W32_SYSTEM_TRUE@am__append_11 = exechelp-w32.c
-@HAVE_W32_SYSTEM_FALSE@am__append_12 = exechelp-posix.c
-@USE_DNS_SRV_TRUE@am__append_13 = srv.c
-@USE_DNS_SRV_TRUE@am__append_14 = srv.c
-@HAVE_W32CE_SYSTEM_FALSE@am__append_15 = t-exechelp
-@HAVE_W32_SYSTEM_TRUE@am__append_16 = t-w32-reg
+@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
+@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
+@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
+@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
+@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
+@USE_DNS_SRV_TRUE@am__append_7 = srv.c
+@USE_DNS_SRV_TRUE@am__append_8 = srv.c
 subdir = common
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
-	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/absolute-header.m4 \
+	$(top_srcdir)/gl/m4/alloca.m4 $(top_srcdir)/gl/m4/allocsa.m4 \
+	$(top_srcdir)/gl/m4/eealloc.m4 \
+	$(top_srcdir)/gl/m4/gnulib-comp.m4 \
+	$(top_srcdir)/gl/m4/gnulib-tool.m4 \
+	$(top_srcdir)/gl/m4/mkdtemp.m4 $(top_srcdir)/gl/m4/setenv.m4 \
+	$(top_srcdir)/gl/m4/stdint.m4 $(top_srcdir)/gl/m4/strpbrk.m4 \
+	$(top_srcdir)/gl/m4/unistd_h.m4 $(top_srcdir)/m4/autobuild.m4 \
+	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/estream.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/gnupg-pth.m4 \
 	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
 	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
 	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
 	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
 	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
+	$(top_srcdir)/m4/libcurl.m4 $(top_srcdir)/m4/libgcrypt.m4 \
+	$(top_srcdir)/m4/longdouble.m4 $(top_srcdir)/m4/nls.m4 \
 	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
-	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
-	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/m4/tar-ustar.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/size_max.m4 \
+	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/xsize.m4 \
 	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES = w32info-rc.h
 CONFIG_CLEAN_VPATH_FILES =
@@ -180,91 +176,55 @@
 libcommon_a_AR = $(AR) $(ARFLAGS)
 libcommon_a_LIBADD =
 am__libcommon_a_SOURCES_DIST = common-defs.h util.h i18n.c i18n.h \
-	types.h host2net.h dynload.h w32help.h mapstrings.c \
-	stringhelp.c stringhelp.h strlist.c strlist.h utf8conv.c \
-	utf8conv.h argparse.c argparse.h logging.c logging.h dotlock.c \
-	dotlock.h mischelp.c mischelp.h status.c status.h shareddefs.h \
-	openpgpdefs.h gc-opt-flags.h keyserver.h sexp-parse.h tlv.c \
-	tlv.h init.c init.h sexputil.c sysutils.c sysutils.h homedir.c \
-	gettime.c gettime.h yesno.c b64enc.c b64dec.c zb32.c convert.c \
-	percent.c mbox-util.c mbox-util.h miscellaneous.c xasprintf.c \
+	status.c status.h openpgpdefs.h gc-opt-flags.h keyserver.h \
+	sexp-parse.h tlv.c tlv.h init.c init.h sexputil.c sysutils.c \
+	sysutils.h homedir.c gettime.c yesno.c b64enc.c b64dec.c \
+	zb32.c convert.c percent.c miscellaneous.c xasprintf.c \
 	xreadline.c membuf.c membuf.h iobuf.c iobuf.h ttyio.c ttyio.h \
-	asshelp.c asshelp2.c asshelp.h exechelp.h signal.c audit.c \
-	audit.h srv.h localename.c session-env.c session-env.h \
-	userids.c userids.h openpgp-oid.c ssh-utils.c ssh-utils.h \
-	agent-opt.c helpfile.c w32-reg.c w32-afunix.c w32-afunix.h \
-	exechelp-w32ce.c exechelp-w32.c exechelp-posix.c \
-	get-passphrase.c get-passphrase.h srv.c
-@HAVE_W32_SYSTEM_TRUE@am__objects_1 = libcommon_a-w32-reg.$(OBJEXT) \
-@HAVE_W32_SYSTEM_TRUE@	libcommon_a-w32-afunix.$(OBJEXT)
-@HAVE_W32CE_SYSTEM_TRUE@@HAVE_W32_SYSTEM_TRUE@am__objects_2 = libcommon_a-exechelp-w32ce.$(OBJEXT)
-@HAVE_W32CE_SYSTEM_FALSE@@HAVE_W32_SYSTEM_TRUE@am__objects_3 = libcommon_a-exechelp-w32.$(OBJEXT)
-@HAVE_W32_SYSTEM_FALSE@am__objects_4 =  \
-@HAVE_W32_SYSTEM_FALSE@	libcommon_a-exechelp-posix.$(OBJEXT)
-am__objects_5 = libcommon_a-i18n.$(OBJEXT) \
-	libcommon_a-mapstrings.$(OBJEXT) \
-	libcommon_a-stringhelp.$(OBJEXT) libcommon_a-strlist.$(OBJEXT) \
-	libcommon_a-utf8conv.$(OBJEXT) libcommon_a-argparse.$(OBJEXT) \
-	libcommon_a-logging.$(OBJEXT) libcommon_a-dotlock.$(OBJEXT) \
-	libcommon_a-mischelp.$(OBJEXT) libcommon_a-status.$(OBJEXT) \
-	libcommon_a-tlv.$(OBJEXT) libcommon_a-init.$(OBJEXT) \
-	libcommon_a-sexputil.$(OBJEXT) libcommon_a-sysutils.$(OBJEXT) \
-	libcommon_a-homedir.$(OBJEXT) libcommon_a-gettime.$(OBJEXT) \
-	libcommon_a-yesno.$(OBJEXT) libcommon_a-b64enc.$(OBJEXT) \
-	libcommon_a-b64dec.$(OBJEXT) libcommon_a-zb32.$(OBJEXT) \
-	libcommon_a-convert.$(OBJEXT) libcommon_a-percent.$(OBJEXT) \
-	libcommon_a-mbox-util.$(OBJEXT) \
+	asshelp.c asshelp.h exechelp.c exechelp.h signal.c estream.c \
+	estream.h estream-printf.c estream-printf.h audit.c audit.h \
+	srv.h dns-cert.c dns-cert.h pka.c pka.h http.c http.h \
+	localename.c session-env.c session-env.h ssh-utils.c \
+	ssh-utils.h helpfile.c get-passphrase.c get-passphrase.h srv.c
+am__objects_1 = libcommon_a-i18n.$(OBJEXT) \
+	libcommon_a-status.$(OBJEXT) libcommon_a-tlv.$(OBJEXT) \
+	libcommon_a-init.$(OBJEXT) libcommon_a-sexputil.$(OBJEXT) \
+	libcommon_a-sysutils.$(OBJEXT) libcommon_a-homedir.$(OBJEXT) \
+	libcommon_a-gettime.$(OBJEXT) libcommon_a-yesno.$(OBJEXT) \
+	libcommon_a-b64enc.$(OBJEXT) libcommon_a-b64dec.$(OBJEXT) \
+	libcommon_a-zb32.$(OBJEXT) libcommon_a-convert.$(OBJEXT) \
+	libcommon_a-percent.$(OBJEXT) \
 	libcommon_a-miscellaneous.$(OBJEXT) \
 	libcommon_a-xasprintf.$(OBJEXT) \
 	libcommon_a-xreadline.$(OBJEXT) libcommon_a-membuf.$(OBJEXT) \
 	libcommon_a-iobuf.$(OBJEXT) libcommon_a-ttyio.$(OBJEXT) \
-	libcommon_a-asshelp.$(OBJEXT) libcommon_a-asshelp2.$(OBJEXT) \
-	libcommon_a-signal.$(OBJEXT) libcommon_a-audit.$(OBJEXT) \
+	libcommon_a-asshelp.$(OBJEXT) libcommon_a-exechelp.$(OBJEXT) \
+	libcommon_a-signal.$(OBJEXT) libcommon_a-estream.$(OBJEXT) \
+	libcommon_a-estream-printf.$(OBJEXT) \
+	libcommon_a-audit.$(OBJEXT) libcommon_a-dns-cert.$(OBJEXT) \
+	libcommon_a-pka.$(OBJEXT) libcommon_a-http.$(OBJEXT) \
 	libcommon_a-localename.$(OBJEXT) \
 	libcommon_a-session-env.$(OBJEXT) \
-	libcommon_a-userids.$(OBJEXT) \
-	libcommon_a-openpgp-oid.$(OBJEXT) \
-	libcommon_a-ssh-utils.$(OBJEXT) \
-	libcommon_a-agent-opt.$(OBJEXT) libcommon_a-helpfile.$(OBJEXT) \
-	$(am__objects_1) $(am__objects_2) $(am__objects_3) \
-	$(am__objects_4)
-am__objects_6 = libcommon_a-get-passphrase.$(OBJEXT)
-@USE_DNS_SRV_TRUE@am__objects_7 = libcommon_a-srv.$(OBJEXT)
-am_libcommon_a_OBJECTS = $(am__objects_5) $(am__objects_6) \
-	$(am__objects_7)
+	libcommon_a-ssh-utils.$(OBJEXT) libcommon_a-helpfile.$(OBJEXT)
+am__objects_2 = libcommon_a-get-passphrase.$(OBJEXT)
+@USE_DNS_SRV_TRUE@am__objects_3 = libcommon_a-srv.$(OBJEXT)
+am_libcommon_a_OBJECTS = $(am__objects_1) $(am__objects_2) \
+	$(am__objects_3)
 libcommon_a_OBJECTS = $(am_libcommon_a_OBJECTS)
 libcommonpth_a_AR = $(AR) $(ARFLAGS)
 libcommonpth_a_LIBADD =
 am__libcommonpth_a_SOURCES_DIST = common-defs.h util.h i18n.c i18n.h \
-	types.h host2net.h dynload.h w32help.h mapstrings.c \
-	stringhelp.c stringhelp.h strlist.c strlist.h utf8conv.c \
-	utf8conv.h argparse.c argparse.h logging.c logging.h dotlock.c \
-	dotlock.h mischelp.c mischelp.h status.c status.h shareddefs.h \
-	openpgpdefs.h gc-opt-flags.h keyserver.h sexp-parse.h tlv.c \
-	tlv.h init.c init.h sexputil.c sysutils.c sysutils.h homedir.c \
-	gettime.c gettime.h yesno.c b64enc.c b64dec.c zb32.c convert.c \
-	percent.c mbox-util.c mbox-util.h miscellaneous.c xasprintf.c \
+	status.c status.h openpgpdefs.h gc-opt-flags.h keyserver.h \
+	sexp-parse.h tlv.c tlv.h init.c init.h sexputil.c sysutils.c \
+	sysutils.h homedir.c gettime.c yesno.c b64enc.c b64dec.c \
+	zb32.c convert.c percent.c miscellaneous.c xasprintf.c \
 	xreadline.c membuf.c membuf.h iobuf.c iobuf.h ttyio.c ttyio.h \
-	asshelp.c asshelp2.c asshelp.h exechelp.h signal.c audit.c \
-	audit.h srv.h localename.c session-env.c session-env.h \
-	userids.c userids.h openpgp-oid.c ssh-utils.c ssh-utils.h \
-	agent-opt.c helpfile.c w32-reg.c w32-afunix.c w32-afunix.h \
-	exechelp-w32ce.c exechelp-w32.c exechelp-posix.c srv.c
-@HAVE_W32_SYSTEM_TRUE@am__objects_8 =  \
-@HAVE_W32_SYSTEM_TRUE@	libcommonpth_a-w32-reg.$(OBJEXT) \
-@HAVE_W32_SYSTEM_TRUE@	libcommonpth_a-w32-afunix.$(OBJEXT)
-@HAVE_W32CE_SYSTEM_TRUE@@HAVE_W32_SYSTEM_TRUE@am__objects_9 = libcommonpth_a-exechelp-w32ce.$(OBJEXT)
-@HAVE_W32CE_SYSTEM_FALSE@@HAVE_W32_SYSTEM_TRUE@am__objects_10 = libcommonpth_a-exechelp-w32.$(OBJEXT)
-@HAVE_W32_SYSTEM_FALSE@am__objects_11 = libcommonpth_a-exechelp-posix.$(OBJEXT)
-am__objects_12 = libcommonpth_a-i18n.$(OBJEXT) \
-	libcommonpth_a-mapstrings.$(OBJEXT) \
-	libcommonpth_a-stringhelp.$(OBJEXT) \
-	libcommonpth_a-strlist.$(OBJEXT) \
-	libcommonpth_a-utf8conv.$(OBJEXT) \
-	libcommonpth_a-argparse.$(OBJEXT) \
-	libcommonpth_a-logging.$(OBJEXT) \
-	libcommonpth_a-dotlock.$(OBJEXT) \
-	libcommonpth_a-mischelp.$(OBJEXT) \
+	asshelp.c asshelp.h exechelp.c exechelp.h signal.c estream.c \
+	estream.h estream-printf.c estream-printf.h audit.c audit.h \
+	srv.h dns-cert.c dns-cert.h pka.c pka.h http.c http.h \
+	localename.c session-env.c session-env.h ssh-utils.c \
+	ssh-utils.h helpfile.c srv.c
+am__objects_4 = libcommonpth_a-i18n.$(OBJEXT) \
 	libcommonpth_a-status.$(OBJEXT) libcommonpth_a-tlv.$(OBJEXT) \
 	libcommonpth_a-init.$(OBJEXT) \
 	libcommonpth_a-sexputil.$(OBJEXT) \
@@ -275,62 +235,46 @@
 	libcommonpth_a-b64dec.$(OBJEXT) libcommonpth_a-zb32.$(OBJEXT) \
 	libcommonpth_a-convert.$(OBJEXT) \
 	libcommonpth_a-percent.$(OBJEXT) \
-	libcommonpth_a-mbox-util.$(OBJEXT) \
 	libcommonpth_a-miscellaneous.$(OBJEXT) \
 	libcommonpth_a-xasprintf.$(OBJEXT) \
 	libcommonpth_a-xreadline.$(OBJEXT) \
 	libcommonpth_a-membuf.$(OBJEXT) libcommonpth_a-iobuf.$(OBJEXT) \
 	libcommonpth_a-ttyio.$(OBJEXT) \
 	libcommonpth_a-asshelp.$(OBJEXT) \
-	libcommonpth_a-asshelp2.$(OBJEXT) \
-	libcommonpth_a-signal.$(OBJEXT) libcommonpth_a-audit.$(OBJEXT) \
+	libcommonpth_a-exechelp.$(OBJEXT) \
+	libcommonpth_a-signal.$(OBJEXT) \
+	libcommonpth_a-estream.$(OBJEXT) \
+	libcommonpth_a-estream-printf.$(OBJEXT) \
+	libcommonpth_a-audit.$(OBJEXT) \
+	libcommonpth_a-dns-cert.$(OBJEXT) libcommonpth_a-pka.$(OBJEXT) \
+	libcommonpth_a-http.$(OBJEXT) \
 	libcommonpth_a-localename.$(OBJEXT) \
 	libcommonpth_a-session-env.$(OBJEXT) \
-	libcommonpth_a-userids.$(OBJEXT) \
-	libcommonpth_a-openpgp-oid.$(OBJEXT) \
 	libcommonpth_a-ssh-utils.$(OBJEXT) \
-	libcommonpth_a-agent-opt.$(OBJEXT) \
-	libcommonpth_a-helpfile.$(OBJEXT) $(am__objects_8) \
-	$(am__objects_9) $(am__objects_10) $(am__objects_11)
-@USE_DNS_SRV_TRUE@am__objects_13 = libcommonpth_a-srv.$(OBJEXT)
-am_libcommonpth_a_OBJECTS = $(am__objects_12) $(am__objects_13)
+	libcommonpth_a-helpfile.$(OBJEXT)
+@USE_DNS_SRV_TRUE@am__objects_5 = libcommonpth_a-srv.$(OBJEXT)
+am_libcommonpth_a_OBJECTS = $(am__objects_4) $(am__objects_5)
 libcommonpth_a_OBJECTS = $(am_libcommonpth_a_OBJECTS)
-libcommontls_a_AR = $(AR) $(ARFLAGS)
-libcommontls_a_LIBADD =
-am__objects_14 = libcommontls_a-http.$(OBJEXT)
-am_libcommontls_a_OBJECTS = $(am__objects_14)
-libcommontls_a_OBJECTS = $(am_libcommontls_a_OBJECTS)
-libcommontlsnpth_a_AR = $(AR) $(ARFLAGS)
-libcommontlsnpth_a_LIBADD =
-am__objects_15 = libcommontlsnpth_a-http.$(OBJEXT)
-am_libcommontlsnpth_a_OBJECTS = $(am__objects_15)
-libcommontlsnpth_a_OBJECTS = $(am_libcommontlsnpth_a_OBJECTS)
 libgpgrl_a_AR = $(AR) $(ARFLAGS)
 libgpgrl_a_LIBADD =
 am_libgpgrl_a_OBJECTS = gpgrlhelp.$(OBJEXT)
 libgpgrl_a_OBJECTS = $(am_libgpgrl_a_OBJECTS)
 libsimple_pwquery_a_AR = $(AR) $(ARFLAGS)
 libsimple_pwquery_a_LIBADD =
-am__libsimple_pwquery_a_SOURCES_DIST = simple-pwquery.c \
-	simple-pwquery.h asshelp.c asshelp.h
-@HAVE_W32CE_SYSTEM_FALSE@am_libsimple_pwquery_a_OBJECTS = libsimple_pwquery_a-simple-pwquery.$(OBJEXT) \
-@HAVE_W32CE_SYSTEM_FALSE@	libsimple_pwquery_a-asshelp.$(OBJEXT)
+am_libsimple_pwquery_a_OBJECTS =  \
+	libsimple_pwquery_a-simple-pwquery.$(OBJEXT) \
+	libsimple_pwquery_a-asshelp.$(OBJEXT)
 libsimple_pwquery_a_OBJECTS = $(am_libsimple_pwquery_a_OBJECTS)
-@HAVE_W32CE_SYSTEM_FALSE@am__EXEEXT_1 = t-exechelp$(EXEEXT)
-@HAVE_W32_SYSTEM_TRUE@am__EXEEXT_2 = t-w32-reg$(EXEEXT)
-am__EXEEXT_3 = t-stringhelp$(EXEEXT) t-timestuff$(EXEEXT) \
-	t-convert$(EXEEXT) t-percent$(EXEEXT) t-gettime$(EXEEXT) \
-	t-sysutils$(EXEEXT) t-sexputil$(EXEEXT) t-session-env$(EXEEXT) \
-	t-openpgp-oid$(EXEEXT) t-ssh-utils$(EXEEXT) \
-	t-mapstrings$(EXEEXT) t-zb32$(EXEEXT) t-mbox-util$(EXEEXT) \
-	$(am__EXEEXT_1) $(am__EXEEXT_2)
-@MAINTAINER_MODE_TRUE@am__EXEEXT_4 = t-helpfile$(EXEEXT) \
-@MAINTAINER_MODE_TRUE@	t-b64$(EXEEXT) t-http$(EXEEXT)
+am__EXEEXT_1 = t-convert$(EXEEXT) t-percent$(EXEEXT) \
+	t-gettime$(EXEEXT) t-sysutils$(EXEEXT) t-sexputil$(EXEEXT) \
+	t-exechelp$(EXEEXT) t-session-env$(EXEEXT) \
+	t-ssh-utils$(EXEEXT)
+am__EXEEXT_2 = t-helpfile$(EXEEXT) t-b64$(EXEEXT)
 PROGRAMS = $(noinst_PROGRAMS)
 t_b64_SOURCES = t-b64.c
 t_b64_OBJECTS = t-b64.$(OBJEXT)
 am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = libcommon.a $(am__DEPENDENCIES_1) \
+am__DEPENDENCIES_2 = libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 t_b64_DEPENDENCIES = $(am__DEPENDENCIES_2)
@@ -346,22 +290,6 @@
 t_helpfile_SOURCES = t-helpfile.c
 t_helpfile_OBJECTS = t-helpfile.$(OBJEXT)
 t_helpfile_DEPENDENCIES = $(am__DEPENDENCIES_2)
-am_t_http_OBJECTS = t_http-t-http.$(OBJEXT)
-t_http_OBJECTS = $(am_t_http_OBJECTS)
-t_http_DEPENDENCIES = libcommontls.a $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-t_http_LINK = $(CCLD) $(t_http_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
-	$(LDFLAGS) -o $@
-t_mapstrings_SOURCES = t-mapstrings.c
-t_mapstrings_OBJECTS = t-mapstrings.$(OBJEXT)
-t_mapstrings_DEPENDENCIES = $(am__DEPENDENCIES_2)
-t_mbox_util_SOURCES = t-mbox-util.c
-t_mbox_util_OBJECTS = t-mbox-util.$(OBJEXT)
-t_mbox_util_DEPENDENCIES = $(am__DEPENDENCIES_2)
-t_openpgp_oid_SOURCES = t-openpgp-oid.c
-t_openpgp_oid_OBJECTS = t-openpgp-oid.$(OBJEXT)
-t_openpgp_oid_DEPENDENCIES = $(am__DEPENDENCIES_2)
 t_percent_SOURCES = t-percent.c
 t_percent_OBJECTS = t-percent.$(OBJEXT)
 t_percent_DEPENDENCIES = $(am__DEPENDENCIES_2)
@@ -374,24 +302,9 @@
 t_ssh_utils_SOURCES = t-ssh-utils.c
 t_ssh_utils_OBJECTS = t-ssh-utils.$(OBJEXT)
 t_ssh_utils_DEPENDENCIES = $(am__DEPENDENCIES_2)
-am__objects_16 =
-am_t_stringhelp_OBJECTS = t-stringhelp.$(OBJEXT) $(am__objects_16)
-t_stringhelp_OBJECTS = $(am_t_stringhelp_OBJECTS)
-t_stringhelp_DEPENDENCIES = $(am__DEPENDENCIES_2)
 t_sysutils_SOURCES = t-sysutils.c
 t_sysutils_OBJECTS = t-sysutils.$(OBJEXT)
 t_sysutils_DEPENDENCIES = $(am__DEPENDENCIES_2)
-am_t_timestuff_OBJECTS = t-timestuff.$(OBJEXT) $(am__objects_16)
-t_timestuff_OBJECTS = $(am_t_timestuff_OBJECTS)
-t_timestuff_DEPENDENCIES = $(am__DEPENDENCIES_2)
-am__t_w32_reg_SOURCES_DIST = t-w32-reg.c t-support.h
-@HAVE_W32_SYSTEM_TRUE@am_t_w32_reg_OBJECTS = t-w32-reg.$(OBJEXT) \
-@HAVE_W32_SYSTEM_TRUE@	$(am__objects_16)
-t_w32_reg_OBJECTS = $(am_t_w32_reg_OBJECTS)
-@HAVE_W32_SYSTEM_TRUE@t_w32_reg_DEPENDENCIES = $(am__DEPENDENCIES_2)
-t_zb32_SOURCES = t-zb32.c
-t_zb32_OBJECTS = t-zb32.$(OBJEXT)
-t_zb32_DEPENDENCIES = $(am__DEPENDENCIES_2)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -405,7 +318,7 @@
 am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
 am__depfiles_maybe = depfiles
 am__mv = mv -f
 AM_V_lt = $(am__v_lt_@AM_V@)
@@ -425,22 +338,14 @@
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
 SOURCES = $(libcommon_a_SOURCES) $(libcommonpth_a_SOURCES) \
-	$(libcommontls_a_SOURCES) $(libcommontlsnpth_a_SOURCES) \
 	$(libgpgrl_a_SOURCES) $(libsimple_pwquery_a_SOURCES) t-b64.c \
-	t-convert.c t-exechelp.c t-gettime.c t-helpfile.c \
-	$(t_http_SOURCES) t-mapstrings.c t-mbox-util.c t-openpgp-oid.c \
-	t-percent.c t-session-env.c t-sexputil.c t-ssh-utils.c \
-	$(t_stringhelp_SOURCES) t-sysutils.c $(t_timestuff_SOURCES) \
-	$(t_w32_reg_SOURCES) t-zb32.c
+	t-convert.c t-exechelp.c t-gettime.c t-helpfile.c t-percent.c \
+	t-session-env.c t-sexputil.c t-ssh-utils.c t-sysutils.c
 DIST_SOURCES = $(am__libcommon_a_SOURCES_DIST) \
-	$(am__libcommonpth_a_SOURCES_DIST) $(libcommontls_a_SOURCES) \
-	$(libcommontlsnpth_a_SOURCES) $(libgpgrl_a_SOURCES) \
-	$(am__libsimple_pwquery_a_SOURCES_DIST) t-b64.c t-convert.c \
-	t-exechelp.c t-gettime.c t-helpfile.c $(t_http_SOURCES) \
-	t-mapstrings.c t-mbox-util.c t-openpgp-oid.c t-percent.c \
-	t-session-env.c t-sexputil.c t-ssh-utils.c \
-	$(t_stringhelp_SOURCES) t-sysutils.c $(t_timestuff_SOURCES) \
-	$(am__t_w32_reg_SOURCES_DIST) t-zb32.c
+	$(am__libcommonpth_a_SOURCES_DIST) $(libgpgrl_a_SOURCES) \
+	$(libsimple_pwquery_a_SOURCES) t-b64.c t-convert.c \
+	t-exechelp.c t-gettime.c t-helpfile.c t-percent.c \
+	t-session-env.c t-sexputil.c t-ssh-utils.c t-sysutils.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -488,7 +393,11 @@
   fi; \
 }
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ABSOLUTE_STDINT_H = @ABSOLUTE_STDINT_H@
 ACLOCAL = @ACLOCAL@
+ADNSLIBS = @ADNSLIBS@
+ALLOCA = @ALLOCA@
+ALLOCA_H = @ALLOCA_H@
 AMTAR = @AMTAR@
 AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
 AR = @AR@
@@ -496,12 +405,16 @@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
+BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@
+BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@
+BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@
+BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@
+BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@
 BUILD_FILEVERSION = @BUILD_FILEVERSION@
 BUILD_HOSTNAME = @BUILD_HOSTNAME@
 BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
 BUILD_REVISION = @BUILD_REVISION@
 BUILD_TIMESTAMP = @BUILD_TIMESTAMP@
-BUILD_VERSION = @BUILD_VERSION@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CC_FOR_BUILD = @CC_FOR_BUILD@
@@ -517,25 +430,39 @@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
-ENCFS = @ENCFS@
 EXEEXT = @EXEEXT@
-FUSERMOUNT = @FUSERMOUNT@
+FAQPROG = @FAQPROG@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
-GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
 GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
 GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
 GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
 GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_KDNS = @GPGKEYS_KDNS@
 GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
 GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
 GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
 GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
 GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
 GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
 GREP = @GREP@
+HAVE_INTTYPES_H = @HAVE_INTTYPES_H@
+HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@
+HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@
+HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@
+HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@
+HAVE_STDINT_H = @HAVE_STDINT_H@
+HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@
+HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@
+HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@
+HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@
+HAVE_WCHAR_H = @HAVE_WCHAR_H@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -546,18 +473,19 @@
 KSBA_CFLAGS = @KSBA_CFLAGS@
 KSBA_CONFIG = @KSBA_CONFIG@
 KSBA_LIBS = @KSBA_LIBS@
-LBER_LIBS = @LBER_LIBS@
 LDAPLIBS = @LDAPLIBS@
 LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
 LDFLAGS = @LDFLAGS@
 LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
 LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
 LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
 LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
 LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
 LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
-LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
-LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBGNU_LIBDEPS = @LIBGNU_LIBDEPS@
+LIBGNU_LTLIBDEPS = @LIBGNU_LTLIBDEPS@
 LIBICONV = @LIBICONV@
 LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
@@ -576,12 +504,6 @@
 MSGFMT_015 = @MSGFMT_015@
 MSGMERGE = @MSGMERGE@
 NETLIBS = @NETLIBS@
-NPTH_CFLAGS = @NPTH_CFLAGS@
-NPTH_CONFIG = @NPTH_CONFIG@
-NPTH_LIBS = @NPTH_LIBS@
-NTBTLS_CFLAGS = @NTBTLS_CFLAGS@
-NTBTLS_CONFIG = @NTBTLS_CONFIG@
-NTBTLS_LIBS = @NTBTLS_LIBS@
 OBJEXT = @OBJEXT@
 PACKAGE = @PACKAGE@
 PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
@@ -593,28 +515,37 @@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 POSUB = @POSUB@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@
 RANLIB = @RANLIB@
+SED = @SED@
 SENDMAIL = @SENDMAIL@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 SHRED = @SHRED@
+SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@
+SIZE_T_SUFFIX = @SIZE_T_SUFFIX@
+STDINT_H = @STDINT_H@
 STRIP = @STRIP@
 SYSROOT = @SYSROOT@
 SYS_SOCKET_H = @SYS_SOCKET_H@
 TAR = @TAR@
+UNISTD_H = @UNISTD_H@
 USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
 W32SOCKLIBS = @W32SOCKLIBS@
+WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@
 WINDRES = @WINDRES@
+WINT_T_SUFFIX = @WINT_T_SUFFIX@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
 ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
 abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
 abs_top_builddir = @abs_top_builddir@
@@ -665,77 +596,76 @@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk ChangeLog-2011 \
-             audit-events.h status-codes.h ChangeLog.jnlib \
-	     ChangeLog-2011.include w32info-rc.h.in gnupg.ico tls-ca.pem
+EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk \
+             audit-events.h status-codes.h ChangeLog-2011 \
+	     w32info-rc.h.in gnupg.ico
 
-noinst_LIBRARIES = libcommon.a libcommonpth.a libgpgrl.a \
-	libcommontls.a libcommontlsnpth.a $(am__append_1)
+noinst_LIBRARIES = libcommon.a libcommonpth.a libsimple-pwquery.a libgpgrl.a
 BUILT_SOURCES = audit-events.h status-codes.h
 MAINTAINERCLEANFILES = audit-events.h status-codes.h
-
-# NB: AM_CFLAGS may also be used by tools running on the build
-# platform to create source files.
-AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(am__append_2) \
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl \
+	-DLOCALEDIR=\"$(localedir)\" $(am__append_1) $(am__append_2) \
 	$(am__append_3) $(am__append_4) $(am__append_5) \
-	$(am__append_6) $(am__append_7) $(am__append_8)
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS)
-@HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
-
-# Under Windows we use LockFileEx.  WindowsCE provides this only on
-# the WindowsMobile 6 platform and thus we need to use the coredll6
-# import library.  We also want to use a stacksize of 256k instead of
-# the 2MB which is the default with cegcc.  256k is the largest stack
-# we use with pth.
-@HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6
-@HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = 
-@HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000
+	$(am__append_6)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
 resource_objs = 
 
 # Convenience macros
 libcommon = ../common/libcommon.a
 libcommonpth = ../common/libcommonpth.a
-libcommontls = ../common/libcommontls.a
-libcommontlsnpth = ../common/libcommontlsnpth.a
-common_sources = common-defs.h util.h i18n.c i18n.h types.h host2net.h \
-	dynload.h w32help.h mapstrings.c stringhelp.c stringhelp.h \
-	strlist.c strlist.h utf8conv.c utf8conv.h argparse.c \
-	argparse.h logging.c logging.h dotlock.c dotlock.h mischelp.c \
-	mischelp.h status.c status.h shareddefs.h openpgpdefs.h \
-	gc-opt-flags.h keyserver.h sexp-parse.h tlv.c tlv.h init.c \
-	init.h sexputil.c sysutils.c sysutils.h homedir.c gettime.c \
-	gettime.h yesno.c b64enc.c b64dec.c zb32.c convert.c percent.c \
-	mbox-util.c mbox-util.h miscellaneous.c xasprintf.c \
-	xreadline.c membuf.c membuf.h iobuf.c iobuf.h ttyio.c ttyio.h \
-	asshelp.c asshelp2.c asshelp.h exechelp.h signal.c audit.c \
-	audit.h srv.h localename.c session-env.c session-env.h \
-	userids.c userids.h openpgp-oid.c ssh-utils.c ssh-utils.h \
-	agent-opt.c helpfile.c $(am__append_9) $(am__append_10) \
-	$(am__append_11) $(am__append_12)
-
-# Sources possible requiring a TLS library are put into a separate
-# conveince library.
-tls_sources = \
-	http.c http.h
+common_sources = \
+	common-defs.h \
+	util.h i18n.c i18n.h \
+	status.c status.h\
+	openpgpdefs.h \
+	gc-opt-flags.h \
+	keyserver.h \
+	sexp-parse.h \
+	tlv.c tlv.h \
+	init.c init.h \
+	sexputil.c \
+	sysutils.c sysutils.h \
+	homedir.c \
+	gettime.c \
+	yesno.c \
+	b64enc.c b64dec.c \
+	zb32.c \
+	convert.c \
+	percent.c \
+	miscellaneous.c \
+	xasprintf.c \
+	xreadline.c \
+	membuf.c membuf.h \
+	iobuf.c iobuf.h \
+	ttyio.c ttyio.h \
+	asshelp.c asshelp.h \
+	exechelp.c exechelp.h \
+	signal.c \
+	estream.c estream.h estream-printf.c estream-printf.h \
+	audit.c audit.h \
+	srv.h \
+	dns-cert.c dns-cert.h \
+	pka.c pka.h \
+	http.c http.h \
+	localename.c \
+	session-env.c session-env.h \
+	ssh-utils.c ssh-utils.h \
+	helpfile.c
 
 
-# Sources only useful without NPTH.
-without_npth_sources = \
+# Sources only useful without PTH.
+without_pth_sources = \
         get-passphrase.c get-passphrase.h
 
-libcommon_a_SOURCES = $(common_sources) $(without_npth_sources) \
-	$(am__append_13)
-libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_NPTH=1
-libcommonpth_a_SOURCES = $(common_sources) $(am__append_14)
-libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
-libcommontls_a_SOURCES = $(tls_sources)
-libcommontls_a_CFLAGS = $(AM_CFLAGS) $(LIBGNUTLS_CFLAGS) -DWITHOUT_NPTH=1
-libcommontlsnpth_a_SOURCES = $(tls_sources)
-libcommontlsnpth_a_CFLAGS = $(AM_CFLAGS) $(LIBGNUTLS_CFLAGS) $(NPTH_CFLAGS)
-@HAVE_W32CE_SYSTEM_FALSE@libsimple_pwquery_a_SOURCES = \
-@HAVE_W32CE_SYSTEM_FALSE@	simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h
+libcommon_a_SOURCES = $(common_sources) $(without_pth_sources) \
+	$(am__append_7)
+libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_GNU_PTH=1
+libcommonpth_a_SOURCES = $(common_sources) $(am__append_8)
+libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
+libsimple_pwquery_a_SOURCES = \
+	simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h
 
-@HAVE_W32CE_SYSTEM_FALSE@libsimple_pwquery_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
+libsimple_pwquery_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
 libgpgrl_a_SOURCES = \
         gpgrlhelp.c
 
@@ -743,26 +673,13 @@
 #
 # Module tests
 #
-module_tests = t-stringhelp t-timestuff t-convert t-percent t-gettime \
-	t-sysutils t-sexputil t-session-env t-openpgp-oid t-ssh-utils \
-	t-mapstrings t-zb32 t-mbox-util $(am__append_15) \
-	$(am__append_16)
-@MAINTAINER_MODE_FALSE@module_maint_tests = 
-@MAINTAINER_MODE_TRUE@module_maint_tests = t-helpfile t-b64 t-http
-t_extra_src = t-support.h
-t_common_cflags = $(KSBA_CFLAGS) $(LIBGCRYPT_CFLAGS) \
-                  $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
-
-t_common_ldadd = libcommon.a \
-                 $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
-	         $(LIBINTL) $(LIBICONV)
-
-
-# Common tests
-t_stringhelp_SOURCES = t-stringhelp.c $(t_extra_src)
-t_stringhelp_LDADD = $(t_common_ldadd)
-t_timestuff_SOURCES = t-timestuff.c $(t_extra_src)
-t_timestuff_LDADD = $(t_common_ldadd)
+module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil t-exechelp \
+	       t-session-env t-ssh-utils
+
+module_maint_tests = t-helpfile t-b64
+t_common_ldadd = libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a \
+                 $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
+
 t_convert_LDADD = $(t_common_ldadd)
 t_percent_LDADD = $(t_common_ldadd)
 t_gettime_LDADD = $(t_common_ldadd)
@@ -772,22 +689,7 @@
 t_b64_LDADD = $(t_common_ldadd)
 t_exechelp_LDADD = $(t_common_ldadd)
 t_session_env_LDADD = $(t_common_ldadd)
-t_openpgp_oid_LDADD = $(t_common_ldadd)
 t_ssh_utils_LDADD = $(t_common_ldadd)
-t_mapstrings_LDADD = $(t_common_ldadd)
-t_zb32_LDADD = $(t_common_ldadd)
-t_mbox_util_LDADD = $(t_common_ldadd)
-
-# System specific test
-@HAVE_W32_SYSTEM_TRUE@t_w32_reg_SOURCES = t-w32-reg.c $(t_extra_src)
-@HAVE_W32_SYSTEM_TRUE@t_w32_reg_LDADD = $(t_common_ldadd)
-
-# http tests
-t_http_SOURCES = t-http.c
-t_http_CFLAGS = $(t_common_cflags) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS)
-t_http_LDADD = libcommontls.a $(t_common_ldadd) \
-	         $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
-
 all: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) all-am
 
@@ -840,16 +742,6 @@
 	$(AM_V_AR)$(libcommonpth_a_AR) libcommonpth.a $(libcommonpth_a_OBJECTS) $(libcommonpth_a_LIBADD)
 	$(AM_V_at)$(RANLIB) libcommonpth.a
 
-libcommontls.a: $(libcommontls_a_OBJECTS) $(libcommontls_a_DEPENDENCIES) $(EXTRA_libcommontls_a_DEPENDENCIES) 
-	$(AM_V_at)-rm -f libcommontls.a
-	$(AM_V_AR)$(libcommontls_a_AR) libcommontls.a $(libcommontls_a_OBJECTS) $(libcommontls_a_LIBADD)
-	$(AM_V_at)$(RANLIB) libcommontls.a
-
-libcommontlsnpth.a: $(libcommontlsnpth_a_OBJECTS) $(libcommontlsnpth_a_DEPENDENCIES) $(EXTRA_libcommontlsnpth_a_DEPENDENCIES) 
-	$(AM_V_at)-rm -f libcommontlsnpth.a
-	$(AM_V_AR)$(libcommontlsnpth_a_AR) libcommontlsnpth.a $(libcommontlsnpth_a_OBJECTS) $(libcommontlsnpth_a_LIBADD)
-	$(AM_V_at)$(RANLIB) libcommontlsnpth.a
-
 libgpgrl.a: $(libgpgrl_a_OBJECTS) $(libgpgrl_a_DEPENDENCIES) $(EXTRA_libgpgrl_a_DEPENDENCIES) 
 	$(AM_V_at)-rm -f libgpgrl.a
 	$(AM_V_AR)$(libgpgrl_a_AR) libgpgrl.a $(libgpgrl_a_OBJECTS) $(libgpgrl_a_LIBADD)
@@ -883,22 +775,6 @@
 	@rm -f t-helpfile$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(t_helpfile_OBJECTS) $(t_helpfile_LDADD) $(LIBS)
 
-t-http$(EXEEXT): $(t_http_OBJECTS) $(t_http_DEPENDENCIES) $(EXTRA_t_http_DEPENDENCIES) 
-	@rm -f t-http$(EXEEXT)
-	$(AM_V_CCLD)$(t_http_LINK) $(t_http_OBJECTS) $(t_http_LDADD) $(LIBS)
-
-t-mapstrings$(EXEEXT): $(t_mapstrings_OBJECTS) $(t_mapstrings_DEPENDENCIES) $(EXTRA_t_mapstrings_DEPENDENCIES) 
-	@rm -f t-mapstrings$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(t_mapstrings_OBJECTS) $(t_mapstrings_LDADD) $(LIBS)
-
-t-mbox-util$(EXEEXT): $(t_mbox_util_OBJECTS) $(t_mbox_util_DEPENDENCIES) $(EXTRA_t_mbox_util_DEPENDENCIES) 
-	@rm -f t-mbox-util$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(t_mbox_util_OBJECTS) $(t_mbox_util_LDADD) $(LIBS)
-
-t-openpgp-oid$(EXEEXT): $(t_openpgp_oid_OBJECTS) $(t_openpgp_oid_DEPENDENCIES) $(EXTRA_t_openpgp_oid_DEPENDENCIES) 
-	@rm -f t-openpgp-oid$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(t_openpgp_oid_OBJECTS) $(t_openpgp_oid_LDADD) $(LIBS)
-
 t-percent$(EXEEXT): $(t_percent_OBJECTS) $(t_percent_DEPENDENCIES) $(EXTRA_t_percent_DEPENDENCIES) 
 	@rm -f t-percent$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(t_percent_OBJECTS) $(t_percent_LDADD) $(LIBS)
@@ -915,26 +791,10 @@
 	@rm -f t-ssh-utils$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(t_ssh_utils_OBJECTS) $(t_ssh_utils_LDADD) $(LIBS)
 
-t-stringhelp$(EXEEXT): $(t_stringhelp_OBJECTS) $(t_stringhelp_DEPENDENCIES) $(EXTRA_t_stringhelp_DEPENDENCIES) 
-	@rm -f t-stringhelp$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(t_stringhelp_OBJECTS) $(t_stringhelp_LDADD) $(LIBS)
-
 t-sysutils$(EXEEXT): $(t_sysutils_OBJECTS) $(t_sysutils_DEPENDENCIES) $(EXTRA_t_sysutils_DEPENDENCIES) 
 	@rm -f t-sysutils$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(t_sysutils_OBJECTS) $(t_sysutils_LDADD) $(LIBS)
 
-t-timestuff$(EXEEXT): $(t_timestuff_OBJECTS) $(t_timestuff_DEPENDENCIES) $(EXTRA_t_timestuff_DEPENDENCIES) 
-	@rm -f t-timestuff$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(t_timestuff_OBJECTS) $(t_timestuff_LDADD) $(LIBS)
-
-t-w32-reg$(EXEEXT): $(t_w32_reg_OBJECTS) $(t_w32_reg_DEPENDENCIES) $(EXTRA_t_w32_reg_DEPENDENCIES) 
-	@rm -f t-w32-reg$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(t_w32_reg_OBJECTS) $(t_w32_reg_LDADD) $(LIBS)
-
-t-zb32$(EXEEXT): $(t_zb32_OBJECTS) $(t_zb32_DEPENDENCIES) $(EXTRA_t_zb32_DEPENDENCIES) 
-	@rm -f t-zb32$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(t_zb32_OBJECTS) $(t_zb32_LDADD) $(LIBS)
-
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
@@ -942,101 +802,75 @@
 	-rm -f *.tab.c
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gpgrlhelp.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-agent-opt.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-argparse.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-asshelp.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-asshelp2.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-audit.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-b64dec.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-b64enc.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-convert.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-dotlock.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-exechelp-posix.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-exechelp-w32.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-exechelp-w32ce.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-dns-cert.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-estream-printf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-estream.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-exechelp.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-get-passphrase.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-gettime.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-helpfile.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-homedir.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-http.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-i18n.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-init.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-iobuf.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-localename.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-logging.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-mapstrings.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-mbox-util.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-membuf.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-miscellaneous.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-mischelp.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-openpgp-oid.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-percent.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-pka.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-session-env.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-sexputil.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-signal.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-srv.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-ssh-utils.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-status.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-stringhelp.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-strlist.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-sysutils.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-tlv.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-ttyio.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-userids.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-utf8conv.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-w32-afunix.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-w32-reg.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-xasprintf.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-xreadline.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-yesno.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommon_a-zb32.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-agent-opt.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-argparse.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-asshelp.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-asshelp2.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-audit.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-b64dec.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-b64enc.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-convert.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-dotlock.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-exechelp-posix.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-exechelp-w32.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-exechelp-w32ce.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-dns-cert.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-estream-printf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-estream.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-exechelp.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-gettime.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-helpfile.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-homedir.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-http.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-i18n.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-init.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-iobuf.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-localename.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-logging.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-mapstrings.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-mbox-util.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-membuf.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-miscellaneous.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-mischelp.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-openpgp-oid.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-percent.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-pka.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-session-env.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-sexputil.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-signal.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-srv.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-ssh-utils.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-status.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-stringhelp.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-strlist.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-sysutils.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-tlv.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-ttyio.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-userids.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-utf8conv.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-w32-afunix.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-w32-reg.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-xasprintf.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-xreadline.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-yesno.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommonpth_a-zb32.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommontls_a-http.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcommontlsnpth_a-http.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libsimple_pwquery_a-asshelp.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-b64.Po@am__quote@
@@ -1044,19 +878,11 @@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-exechelp.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-gettime.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-helpfile.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-mapstrings.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-mbox-util.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-openpgp-oid.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-percent.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-session-env.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-sexputil.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-ssh-utils.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-stringhelp.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-sysutils.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-timestuff.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-w32-reg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-zb32.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_http-t-http.Po@am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -1086,118 +912,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-i18n.obj `if test -f 'i18n.c'; then $(CYGPATH_W) 'i18n.c'; else $(CYGPATH_W) '$(srcdir)/i18n.c'; fi`
 
-libcommon_a-mapstrings.o: mapstrings.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-mapstrings.o -MD -MP -MF $(DEPDIR)/libcommon_a-mapstrings.Tpo -c -o libcommon_a-mapstrings.o `test -f 'mapstrings.c' || echo '$(srcdir)/'`mapstrings.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-mapstrings.Tpo $(DEPDIR)/libcommon_a-mapstrings.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mapstrings.c' object='libcommon_a-mapstrings.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-mapstrings.o `test -f 'mapstrings.c' || echo '$(srcdir)/'`mapstrings.c
-
-libcommon_a-mapstrings.obj: mapstrings.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-mapstrings.obj -MD -MP -MF $(DEPDIR)/libcommon_a-mapstrings.Tpo -c -o libcommon_a-mapstrings.obj `if test -f 'mapstrings.c'; then $(CYGPATH_W) 'mapstrings.c'; else $(CYGPATH_W) '$(srcdir)/mapstrings.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-mapstrings.Tpo $(DEPDIR)/libcommon_a-mapstrings.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mapstrings.c' object='libcommon_a-mapstrings.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-mapstrings.obj `if test -f 'mapstrings.c'; then $(CYGPATH_W) 'mapstrings.c'; else $(CYGPATH_W) '$(srcdir)/mapstrings.c'; fi`
-
-libcommon_a-stringhelp.o: stringhelp.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-stringhelp.o -MD -MP -MF $(DEPDIR)/libcommon_a-stringhelp.Tpo -c -o libcommon_a-stringhelp.o `test -f 'stringhelp.c' || echo '$(srcdir)/'`stringhelp.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-stringhelp.Tpo $(DEPDIR)/libcommon_a-stringhelp.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='stringhelp.c' object='libcommon_a-stringhelp.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-stringhelp.o `test -f 'stringhelp.c' || echo '$(srcdir)/'`stringhelp.c
-
-libcommon_a-stringhelp.obj: stringhelp.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-stringhelp.obj -MD -MP -MF $(DEPDIR)/libcommon_a-stringhelp.Tpo -c -o libcommon_a-stringhelp.obj `if test -f 'stringhelp.c'; then $(CYGPATH_W) 'stringhelp.c'; else $(CYGPATH_W) '$(srcdir)/stringhelp.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-stringhelp.Tpo $(DEPDIR)/libcommon_a-stringhelp.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='stringhelp.c' object='libcommon_a-stringhelp.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-stringhelp.obj `if test -f 'stringhelp.c'; then $(CYGPATH_W) 'stringhelp.c'; else $(CYGPATH_W) '$(srcdir)/stringhelp.c'; fi`
-
-libcommon_a-strlist.o: strlist.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-strlist.o -MD -MP -MF $(DEPDIR)/libcommon_a-strlist.Tpo -c -o libcommon_a-strlist.o `test -f 'strlist.c' || echo '$(srcdir)/'`strlist.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-strlist.Tpo $(DEPDIR)/libcommon_a-strlist.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='strlist.c' object='libcommon_a-strlist.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-strlist.o `test -f 'strlist.c' || echo '$(srcdir)/'`strlist.c
-
-libcommon_a-strlist.obj: strlist.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-strlist.obj -MD -MP -MF $(DEPDIR)/libcommon_a-strlist.Tpo -c -o libcommon_a-strlist.obj `if test -f 'strlist.c'; then $(CYGPATH_W) 'strlist.c'; else $(CYGPATH_W) '$(srcdir)/strlist.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-strlist.Tpo $(DEPDIR)/libcommon_a-strlist.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='strlist.c' object='libcommon_a-strlist.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-strlist.obj `if test -f 'strlist.c'; then $(CYGPATH_W) 'strlist.c'; else $(CYGPATH_W) '$(srcdir)/strlist.c'; fi`
-
-libcommon_a-utf8conv.o: utf8conv.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-utf8conv.o -MD -MP -MF $(DEPDIR)/libcommon_a-utf8conv.Tpo -c -o libcommon_a-utf8conv.o `test -f 'utf8conv.c' || echo '$(srcdir)/'`utf8conv.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-utf8conv.Tpo $(DEPDIR)/libcommon_a-utf8conv.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utf8conv.c' object='libcommon_a-utf8conv.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-utf8conv.o `test -f 'utf8conv.c' || echo '$(srcdir)/'`utf8conv.c
-
-libcommon_a-utf8conv.obj: utf8conv.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-utf8conv.obj -MD -MP -MF $(DEPDIR)/libcommon_a-utf8conv.Tpo -c -o libcommon_a-utf8conv.obj `if test -f 'utf8conv.c'; then $(CYGPATH_W) 'utf8conv.c'; else $(CYGPATH_W) '$(srcdir)/utf8conv.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-utf8conv.Tpo $(DEPDIR)/libcommon_a-utf8conv.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utf8conv.c' object='libcommon_a-utf8conv.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-utf8conv.obj `if test -f 'utf8conv.c'; then $(CYGPATH_W) 'utf8conv.c'; else $(CYGPATH_W) '$(srcdir)/utf8conv.c'; fi`
-
-libcommon_a-argparse.o: argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-argparse.o -MD -MP -MF $(DEPDIR)/libcommon_a-argparse.Tpo -c -o libcommon_a-argparse.o `test -f 'argparse.c' || echo '$(srcdir)/'`argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-argparse.Tpo $(DEPDIR)/libcommon_a-argparse.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='argparse.c' object='libcommon_a-argparse.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-argparse.o `test -f 'argparse.c' || echo '$(srcdir)/'`argparse.c
-
-libcommon_a-argparse.obj: argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-argparse.obj -MD -MP -MF $(DEPDIR)/libcommon_a-argparse.Tpo -c -o libcommon_a-argparse.obj `if test -f 'argparse.c'; then $(CYGPATH_W) 'argparse.c'; else $(CYGPATH_W) '$(srcdir)/argparse.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-argparse.Tpo $(DEPDIR)/libcommon_a-argparse.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='argparse.c' object='libcommon_a-argparse.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-argparse.obj `if test -f 'argparse.c'; then $(CYGPATH_W) 'argparse.c'; else $(CYGPATH_W) '$(srcdir)/argparse.c'; fi`
-
-libcommon_a-logging.o: logging.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-logging.o -MD -MP -MF $(DEPDIR)/libcommon_a-logging.Tpo -c -o libcommon_a-logging.o `test -f 'logging.c' || echo '$(srcdir)/'`logging.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-logging.Tpo $(DEPDIR)/libcommon_a-logging.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='logging.c' object='libcommon_a-logging.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-logging.o `test -f 'logging.c' || echo '$(srcdir)/'`logging.c
-
-libcommon_a-logging.obj: logging.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-logging.obj -MD -MP -MF $(DEPDIR)/libcommon_a-logging.Tpo -c -o libcommon_a-logging.obj `if test -f 'logging.c'; then $(CYGPATH_W) 'logging.c'; else $(CYGPATH_W) '$(srcdir)/logging.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-logging.Tpo $(DEPDIR)/libcommon_a-logging.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='logging.c' object='libcommon_a-logging.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-logging.obj `if test -f 'logging.c'; then $(CYGPATH_W) 'logging.c'; else $(CYGPATH_W) '$(srcdir)/logging.c'; fi`
-
-libcommon_a-dotlock.o: dotlock.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-dotlock.o -MD -MP -MF $(DEPDIR)/libcommon_a-dotlock.Tpo -c -o libcommon_a-dotlock.o `test -f 'dotlock.c' || echo '$(srcdir)/'`dotlock.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-dotlock.Tpo $(DEPDIR)/libcommon_a-dotlock.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dotlock.c' object='libcommon_a-dotlock.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-dotlock.o `test -f 'dotlock.c' || echo '$(srcdir)/'`dotlock.c
-
-libcommon_a-dotlock.obj: dotlock.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-dotlock.obj -MD -MP -MF $(DEPDIR)/libcommon_a-dotlock.Tpo -c -o libcommon_a-dotlock.obj `if test -f 'dotlock.c'; then $(CYGPATH_W) 'dotlock.c'; else $(CYGPATH_W) '$(srcdir)/dotlock.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-dotlock.Tpo $(DEPDIR)/libcommon_a-dotlock.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dotlock.c' object='libcommon_a-dotlock.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-dotlock.obj `if test -f 'dotlock.c'; then $(CYGPATH_W) 'dotlock.c'; else $(CYGPATH_W) '$(srcdir)/dotlock.c'; fi`
-
-libcommon_a-mischelp.o: mischelp.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-mischelp.o -MD -MP -MF $(DEPDIR)/libcommon_a-mischelp.Tpo -c -o libcommon_a-mischelp.o `test -f 'mischelp.c' || echo '$(srcdir)/'`mischelp.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-mischelp.Tpo $(DEPDIR)/libcommon_a-mischelp.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mischelp.c' object='libcommon_a-mischelp.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-mischelp.o `test -f 'mischelp.c' || echo '$(srcdir)/'`mischelp.c
-
-libcommon_a-mischelp.obj: mischelp.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-mischelp.obj -MD -MP -MF $(DEPDIR)/libcommon_a-mischelp.Tpo -c -o libcommon_a-mischelp.obj `if test -f 'mischelp.c'; then $(CYGPATH_W) 'mischelp.c'; else $(CYGPATH_W) '$(srcdir)/mischelp.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-mischelp.Tpo $(DEPDIR)/libcommon_a-mischelp.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mischelp.c' object='libcommon_a-mischelp.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-mischelp.obj `if test -f 'mischelp.c'; then $(CYGPATH_W) 'mischelp.c'; else $(CYGPATH_W) '$(srcdir)/mischelp.c'; fi`
-
 libcommon_a-status.o: status.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-status.o -MD -MP -MF $(DEPDIR)/libcommon_a-status.Tpo -c -o libcommon_a-status.o `test -f 'status.c' || echo '$(srcdir)/'`status.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-status.Tpo $(DEPDIR)/libcommon_a-status.Po
@@ -1380,20 +1094,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-percent.obj `if test -f 'percent.c'; then $(CYGPATH_W) 'percent.c'; else $(CYGPATH_W) '$(srcdir)/percent.c'; fi`
 
-libcommon_a-mbox-util.o: mbox-util.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-mbox-util.o -MD -MP -MF $(DEPDIR)/libcommon_a-mbox-util.Tpo -c -o libcommon_a-mbox-util.o `test -f 'mbox-util.c' || echo '$(srcdir)/'`mbox-util.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-mbox-util.Tpo $(DEPDIR)/libcommon_a-mbox-util.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mbox-util.c' object='libcommon_a-mbox-util.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-mbox-util.o `test -f 'mbox-util.c' || echo '$(srcdir)/'`mbox-util.c
-
-libcommon_a-mbox-util.obj: mbox-util.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-mbox-util.obj -MD -MP -MF $(DEPDIR)/libcommon_a-mbox-util.Tpo -c -o libcommon_a-mbox-util.obj `if test -f 'mbox-util.c'; then $(CYGPATH_W) 'mbox-util.c'; else $(CYGPATH_W) '$(srcdir)/mbox-util.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-mbox-util.Tpo $(DEPDIR)/libcommon_a-mbox-util.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mbox-util.c' object='libcommon_a-mbox-util.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-mbox-util.obj `if test -f 'mbox-util.c'; then $(CYGPATH_W) 'mbox-util.c'; else $(CYGPATH_W) '$(srcdir)/mbox-util.c'; fi`
-
 libcommon_a-miscellaneous.o: miscellaneous.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-miscellaneous.o -MD -MP -MF $(DEPDIR)/libcommon_a-miscellaneous.Tpo -c -o libcommon_a-miscellaneous.o `test -f 'miscellaneous.c' || echo '$(srcdir)/'`miscellaneous.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-miscellaneous.Tpo $(DEPDIR)/libcommon_a-miscellaneous.Po
@@ -1492,19 +1192,19 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-asshelp.obj `if test -f 'asshelp.c'; then $(CYGPATH_W) 'asshelp.c'; else $(CYGPATH_W) '$(srcdir)/asshelp.c'; fi`
 
-libcommon_a-asshelp2.o: asshelp2.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-asshelp2.o -MD -MP -MF $(DEPDIR)/libcommon_a-asshelp2.Tpo -c -o libcommon_a-asshelp2.o `test -f 'asshelp2.c' || echo '$(srcdir)/'`asshelp2.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-asshelp2.Tpo $(DEPDIR)/libcommon_a-asshelp2.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='asshelp2.c' object='libcommon_a-asshelp2.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-asshelp2.o `test -f 'asshelp2.c' || echo '$(srcdir)/'`asshelp2.c
-
-libcommon_a-asshelp2.obj: asshelp2.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-asshelp2.obj -MD -MP -MF $(DEPDIR)/libcommon_a-asshelp2.Tpo -c -o libcommon_a-asshelp2.obj `if test -f 'asshelp2.c'; then $(CYGPATH_W) 'asshelp2.c'; else $(CYGPATH_W) '$(srcdir)/asshelp2.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-asshelp2.Tpo $(DEPDIR)/libcommon_a-asshelp2.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='asshelp2.c' object='libcommon_a-asshelp2.obj' libtool=no @AMDEPBACKSLASH@
+libcommon_a-exechelp.o: exechelp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-exechelp.o -MD -MP -MF $(DEPDIR)/libcommon_a-exechelp.Tpo -c -o libcommon_a-exechelp.o `test -f 'exechelp.c' || echo '$(srcdir)/'`exechelp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-exechelp.Tpo $(DEPDIR)/libcommon_a-exechelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp.c' object='libcommon_a-exechelp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-exechelp.o `test -f 'exechelp.c' || echo '$(srcdir)/'`exechelp.c
+
+libcommon_a-exechelp.obj: exechelp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-exechelp.obj -MD -MP -MF $(DEPDIR)/libcommon_a-exechelp.Tpo -c -o libcommon_a-exechelp.obj `if test -f 'exechelp.c'; then $(CYGPATH_W) 'exechelp.c'; else $(CYGPATH_W) '$(srcdir)/exechelp.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-exechelp.Tpo $(DEPDIR)/libcommon_a-exechelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp.c' object='libcommon_a-exechelp.obj' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-asshelp2.obj `if test -f 'asshelp2.c'; then $(CYGPATH_W) 'asshelp2.c'; else $(CYGPATH_W) '$(srcdir)/asshelp2.c'; fi`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-exechelp.obj `if test -f 'exechelp.c'; then $(CYGPATH_W) 'exechelp.c'; else $(CYGPATH_W) '$(srcdir)/exechelp.c'; fi`
 
 libcommon_a-signal.o: signal.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-signal.o -MD -MP -MF $(DEPDIR)/libcommon_a-signal.Tpo -c -o libcommon_a-signal.o `test -f 'signal.c' || echo '$(srcdir)/'`signal.c
@@ -1520,6 +1220,34 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-signal.obj `if test -f 'signal.c'; then $(CYGPATH_W) 'signal.c'; else $(CYGPATH_W) '$(srcdir)/signal.c'; fi`
 
+libcommon_a-estream.o: estream.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-estream.o -MD -MP -MF $(DEPDIR)/libcommon_a-estream.Tpo -c -o libcommon_a-estream.o `test -f 'estream.c' || echo '$(srcdir)/'`estream.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-estream.Tpo $(DEPDIR)/libcommon_a-estream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='estream.c' object='libcommon_a-estream.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-estream.o `test -f 'estream.c' || echo '$(srcdir)/'`estream.c
+
+libcommon_a-estream.obj: estream.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-estream.obj -MD -MP -MF $(DEPDIR)/libcommon_a-estream.Tpo -c -o libcommon_a-estream.obj `if test -f 'estream.c'; then $(CYGPATH_W) 'estream.c'; else $(CYGPATH_W) '$(srcdir)/estream.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-estream.Tpo $(DEPDIR)/libcommon_a-estream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='estream.c' object='libcommon_a-estream.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-estream.obj `if test -f 'estream.c'; then $(CYGPATH_W) 'estream.c'; else $(CYGPATH_W) '$(srcdir)/estream.c'; fi`
+
+libcommon_a-estream-printf.o: estream-printf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-estream-printf.o -MD -MP -MF $(DEPDIR)/libcommon_a-estream-printf.Tpo -c -o libcommon_a-estream-printf.o `test -f 'estream-printf.c' || echo '$(srcdir)/'`estream-printf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-estream-printf.Tpo $(DEPDIR)/libcommon_a-estream-printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='estream-printf.c' object='libcommon_a-estream-printf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-estream-printf.o `test -f 'estream-printf.c' || echo '$(srcdir)/'`estream-printf.c
+
+libcommon_a-estream-printf.obj: estream-printf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-estream-printf.obj -MD -MP -MF $(DEPDIR)/libcommon_a-estream-printf.Tpo -c -o libcommon_a-estream-printf.obj `if test -f 'estream-printf.c'; then $(CYGPATH_W) 'estream-printf.c'; else $(CYGPATH_W) '$(srcdir)/estream-printf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-estream-printf.Tpo $(DEPDIR)/libcommon_a-estream-printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='estream-printf.c' object='libcommon_a-estream-printf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-estream-printf.obj `if test -f 'estream-printf.c'; then $(CYGPATH_W) 'estream-printf.c'; else $(CYGPATH_W) '$(srcdir)/estream-printf.c'; fi`
+
 libcommon_a-audit.o: audit.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-audit.o -MD -MP -MF $(DEPDIR)/libcommon_a-audit.Tpo -c -o libcommon_a-audit.o `test -f 'audit.c' || echo '$(srcdir)/'`audit.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-audit.Tpo $(DEPDIR)/libcommon_a-audit.Po
@@ -1534,6 +1262,48 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-audit.obj `if test -f 'audit.c'; then $(CYGPATH_W) 'audit.c'; else $(CYGPATH_W) '$(srcdir)/audit.c'; fi`
 
+libcommon_a-dns-cert.o: dns-cert.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-dns-cert.o -MD -MP -MF $(DEPDIR)/libcommon_a-dns-cert.Tpo -c -o libcommon_a-dns-cert.o `test -f 'dns-cert.c' || echo '$(srcdir)/'`dns-cert.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-dns-cert.Tpo $(DEPDIR)/libcommon_a-dns-cert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dns-cert.c' object='libcommon_a-dns-cert.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-dns-cert.o `test -f 'dns-cert.c' || echo '$(srcdir)/'`dns-cert.c
+
+libcommon_a-dns-cert.obj: dns-cert.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-dns-cert.obj -MD -MP -MF $(DEPDIR)/libcommon_a-dns-cert.Tpo -c -o libcommon_a-dns-cert.obj `if test -f 'dns-cert.c'; then $(CYGPATH_W) 'dns-cert.c'; else $(CYGPATH_W) '$(srcdir)/dns-cert.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-dns-cert.Tpo $(DEPDIR)/libcommon_a-dns-cert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dns-cert.c' object='libcommon_a-dns-cert.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-dns-cert.obj `if test -f 'dns-cert.c'; then $(CYGPATH_W) 'dns-cert.c'; else $(CYGPATH_W) '$(srcdir)/dns-cert.c'; fi`
+
+libcommon_a-pka.o: pka.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-pka.o -MD -MP -MF $(DEPDIR)/libcommon_a-pka.Tpo -c -o libcommon_a-pka.o `test -f 'pka.c' || echo '$(srcdir)/'`pka.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-pka.Tpo $(DEPDIR)/libcommon_a-pka.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pka.c' object='libcommon_a-pka.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-pka.o `test -f 'pka.c' || echo '$(srcdir)/'`pka.c
+
+libcommon_a-pka.obj: pka.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-pka.obj -MD -MP -MF $(DEPDIR)/libcommon_a-pka.Tpo -c -o libcommon_a-pka.obj `if test -f 'pka.c'; then $(CYGPATH_W) 'pka.c'; else $(CYGPATH_W) '$(srcdir)/pka.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-pka.Tpo $(DEPDIR)/libcommon_a-pka.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pka.c' object='libcommon_a-pka.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-pka.obj `if test -f 'pka.c'; then $(CYGPATH_W) 'pka.c'; else $(CYGPATH_W) '$(srcdir)/pka.c'; fi`
+
+libcommon_a-http.o: http.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-http.o -MD -MP -MF $(DEPDIR)/libcommon_a-http.Tpo -c -o libcommon_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-http.Tpo $(DEPDIR)/libcommon_a-http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='http.c' object='libcommon_a-http.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
+
+libcommon_a-http.obj: http.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-http.obj -MD -MP -MF $(DEPDIR)/libcommon_a-http.Tpo -c -o libcommon_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-http.Tpo $(DEPDIR)/libcommon_a-http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='http.c' object='libcommon_a-http.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
+
 libcommon_a-localename.o: localename.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-localename.o -MD -MP -MF $(DEPDIR)/libcommon_a-localename.Tpo -c -o libcommon_a-localename.o `test -f 'localename.c' || echo '$(srcdir)/'`localename.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-localename.Tpo $(DEPDIR)/libcommon_a-localename.Po
@@ -1562,34 +1332,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-session-env.obj `if test -f 'session-env.c'; then $(CYGPATH_W) 'session-env.c'; else $(CYGPATH_W) '$(srcdir)/session-env.c'; fi`
 
-libcommon_a-userids.o: userids.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-userids.o -MD -MP -MF $(DEPDIR)/libcommon_a-userids.Tpo -c -o libcommon_a-userids.o `test -f 'userids.c' || echo '$(srcdir)/'`userids.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-userids.Tpo $(DEPDIR)/libcommon_a-userids.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='userids.c' object='libcommon_a-userids.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-userids.o `test -f 'userids.c' || echo '$(srcdir)/'`userids.c
-
-libcommon_a-userids.obj: userids.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-userids.obj -MD -MP -MF $(DEPDIR)/libcommon_a-userids.Tpo -c -o libcommon_a-userids.obj `if test -f 'userids.c'; then $(CYGPATH_W) 'userids.c'; else $(CYGPATH_W) '$(srcdir)/userids.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-userids.Tpo $(DEPDIR)/libcommon_a-userids.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='userids.c' object='libcommon_a-userids.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-userids.obj `if test -f 'userids.c'; then $(CYGPATH_W) 'userids.c'; else $(CYGPATH_W) '$(srcdir)/userids.c'; fi`
-
-libcommon_a-openpgp-oid.o: openpgp-oid.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-openpgp-oid.o -MD -MP -MF $(DEPDIR)/libcommon_a-openpgp-oid.Tpo -c -o libcommon_a-openpgp-oid.o `test -f 'openpgp-oid.c' || echo '$(srcdir)/'`openpgp-oid.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-openpgp-oid.Tpo $(DEPDIR)/libcommon_a-openpgp-oid.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-oid.c' object='libcommon_a-openpgp-oid.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-openpgp-oid.o `test -f 'openpgp-oid.c' || echo '$(srcdir)/'`openpgp-oid.c
-
-libcommon_a-openpgp-oid.obj: openpgp-oid.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-openpgp-oid.obj -MD -MP -MF $(DEPDIR)/libcommon_a-openpgp-oid.Tpo -c -o libcommon_a-openpgp-oid.obj `if test -f 'openpgp-oid.c'; then $(CYGPATH_W) 'openpgp-oid.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-oid.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-openpgp-oid.Tpo $(DEPDIR)/libcommon_a-openpgp-oid.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-oid.c' object='libcommon_a-openpgp-oid.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-openpgp-oid.obj `if test -f 'openpgp-oid.c'; then $(CYGPATH_W) 'openpgp-oid.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-oid.c'; fi`
-
 libcommon_a-ssh-utils.o: ssh-utils.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-ssh-utils.o -MD -MP -MF $(DEPDIR)/libcommon_a-ssh-utils.Tpo -c -o libcommon_a-ssh-utils.o `test -f 'ssh-utils.c' || echo '$(srcdir)/'`ssh-utils.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-ssh-utils.Tpo $(DEPDIR)/libcommon_a-ssh-utils.Po
@@ -1604,20 +1346,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-ssh-utils.obj `if test -f 'ssh-utils.c'; then $(CYGPATH_W) 'ssh-utils.c'; else $(CYGPATH_W) '$(srcdir)/ssh-utils.c'; fi`
 
-libcommon_a-agent-opt.o: agent-opt.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-agent-opt.o -MD -MP -MF $(DEPDIR)/libcommon_a-agent-opt.Tpo -c -o libcommon_a-agent-opt.o `test -f 'agent-opt.c' || echo '$(srcdir)/'`agent-opt.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-agent-opt.Tpo $(DEPDIR)/libcommon_a-agent-opt.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='agent-opt.c' object='libcommon_a-agent-opt.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-agent-opt.o `test -f 'agent-opt.c' || echo '$(srcdir)/'`agent-opt.c
-
-libcommon_a-agent-opt.obj: agent-opt.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-agent-opt.obj -MD -MP -MF $(DEPDIR)/libcommon_a-agent-opt.Tpo -c -o libcommon_a-agent-opt.obj `if test -f 'agent-opt.c'; then $(CYGPATH_W) 'agent-opt.c'; else $(CYGPATH_W) '$(srcdir)/agent-opt.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-agent-opt.Tpo $(DEPDIR)/libcommon_a-agent-opt.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='agent-opt.c' object='libcommon_a-agent-opt.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-agent-opt.obj `if test -f 'agent-opt.c'; then $(CYGPATH_W) 'agent-opt.c'; else $(CYGPATH_W) '$(srcdir)/agent-opt.c'; fi`
-
 libcommon_a-helpfile.o: helpfile.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-helpfile.o -MD -MP -MF $(DEPDIR)/libcommon_a-helpfile.Tpo -c -o libcommon_a-helpfile.o `test -f 'helpfile.c' || echo '$(srcdir)/'`helpfile.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-helpfile.Tpo $(DEPDIR)/libcommon_a-helpfile.Po
@@ -1632,76 +1360,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-helpfile.obj `if test -f 'helpfile.c'; then $(CYGPATH_W) 'helpfile.c'; else $(CYGPATH_W) '$(srcdir)/helpfile.c'; fi`
 
-libcommon_a-w32-reg.o: w32-reg.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-w32-reg.o -MD -MP -MF $(DEPDIR)/libcommon_a-w32-reg.Tpo -c -o libcommon_a-w32-reg.o `test -f 'w32-reg.c' || echo '$(srcdir)/'`w32-reg.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-w32-reg.Tpo $(DEPDIR)/libcommon_a-w32-reg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='w32-reg.c' object='libcommon_a-w32-reg.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-w32-reg.o `test -f 'w32-reg.c' || echo '$(srcdir)/'`w32-reg.c
-
-libcommon_a-w32-reg.obj: w32-reg.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-w32-reg.obj -MD -MP -MF $(DEPDIR)/libcommon_a-w32-reg.Tpo -c -o libcommon_a-w32-reg.obj `if test -f 'w32-reg.c'; then $(CYGPATH_W) 'w32-reg.c'; else $(CYGPATH_W) '$(srcdir)/w32-reg.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-w32-reg.Tpo $(DEPDIR)/libcommon_a-w32-reg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='w32-reg.c' object='libcommon_a-w32-reg.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-w32-reg.obj `if test -f 'w32-reg.c'; then $(CYGPATH_W) 'w32-reg.c'; else $(CYGPATH_W) '$(srcdir)/w32-reg.c'; fi`
-
-libcommon_a-w32-afunix.o: w32-afunix.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-w32-afunix.o -MD -MP -MF $(DEPDIR)/libcommon_a-w32-afunix.Tpo -c -o libcommon_a-w32-afunix.o `test -f 'w32-afunix.c' || echo '$(srcdir)/'`w32-afunix.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-w32-afunix.Tpo $(DEPDIR)/libcommon_a-w32-afunix.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='w32-afunix.c' object='libcommon_a-w32-afunix.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-w32-afunix.o `test -f 'w32-afunix.c' || echo '$(srcdir)/'`w32-afunix.c
-
-libcommon_a-w32-afunix.obj: w32-afunix.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-w32-afunix.obj -MD -MP -MF $(DEPDIR)/libcommon_a-w32-afunix.Tpo -c -o libcommon_a-w32-afunix.obj `if test -f 'w32-afunix.c'; then $(CYGPATH_W) 'w32-afunix.c'; else $(CYGPATH_W) '$(srcdir)/w32-afunix.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-w32-afunix.Tpo $(DEPDIR)/libcommon_a-w32-afunix.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='w32-afunix.c' object='libcommon_a-w32-afunix.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-w32-afunix.obj `if test -f 'w32-afunix.c'; then $(CYGPATH_W) 'w32-afunix.c'; else $(CYGPATH_W) '$(srcdir)/w32-afunix.c'; fi`
-
-libcommon_a-exechelp-w32ce.o: exechelp-w32ce.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-exechelp-w32ce.o -MD -MP -MF $(DEPDIR)/libcommon_a-exechelp-w32ce.Tpo -c -o libcommon_a-exechelp-w32ce.o `test -f 'exechelp-w32ce.c' || echo '$(srcdir)/'`exechelp-w32ce.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-exechelp-w32ce.Tpo $(DEPDIR)/libcommon_a-exechelp-w32ce.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-w32ce.c' object='libcommon_a-exechelp-w32ce.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-exechelp-w32ce.o `test -f 'exechelp-w32ce.c' || echo '$(srcdir)/'`exechelp-w32ce.c
-
-libcommon_a-exechelp-w32ce.obj: exechelp-w32ce.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-exechelp-w32ce.obj -MD -MP -MF $(DEPDIR)/libcommon_a-exechelp-w32ce.Tpo -c -o libcommon_a-exechelp-w32ce.obj `if test -f 'exechelp-w32ce.c'; then $(CYGPATH_W) 'exechelp-w32ce.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-w32ce.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-exechelp-w32ce.Tpo $(DEPDIR)/libcommon_a-exechelp-w32ce.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-w32ce.c' object='libcommon_a-exechelp-w32ce.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-exechelp-w32ce.obj `if test -f 'exechelp-w32ce.c'; then $(CYGPATH_W) 'exechelp-w32ce.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-w32ce.c'; fi`
-
-libcommon_a-exechelp-w32.o: exechelp-w32.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-exechelp-w32.o -MD -MP -MF $(DEPDIR)/libcommon_a-exechelp-w32.Tpo -c -o libcommon_a-exechelp-w32.o `test -f 'exechelp-w32.c' || echo '$(srcdir)/'`exechelp-w32.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-exechelp-w32.Tpo $(DEPDIR)/libcommon_a-exechelp-w32.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-w32.c' object='libcommon_a-exechelp-w32.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-exechelp-w32.o `test -f 'exechelp-w32.c' || echo '$(srcdir)/'`exechelp-w32.c
-
-libcommon_a-exechelp-w32.obj: exechelp-w32.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-exechelp-w32.obj -MD -MP -MF $(DEPDIR)/libcommon_a-exechelp-w32.Tpo -c -o libcommon_a-exechelp-w32.obj `if test -f 'exechelp-w32.c'; then $(CYGPATH_W) 'exechelp-w32.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-w32.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-exechelp-w32.Tpo $(DEPDIR)/libcommon_a-exechelp-w32.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-w32.c' object='libcommon_a-exechelp-w32.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-exechelp-w32.obj `if test -f 'exechelp-w32.c'; then $(CYGPATH_W) 'exechelp-w32.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-w32.c'; fi`
-
-libcommon_a-exechelp-posix.o: exechelp-posix.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-exechelp-posix.o -MD -MP -MF $(DEPDIR)/libcommon_a-exechelp-posix.Tpo -c -o libcommon_a-exechelp-posix.o `test -f 'exechelp-posix.c' || echo '$(srcdir)/'`exechelp-posix.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-exechelp-posix.Tpo $(DEPDIR)/libcommon_a-exechelp-posix.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-posix.c' object='libcommon_a-exechelp-posix.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-exechelp-posix.o `test -f 'exechelp-posix.c' || echo '$(srcdir)/'`exechelp-posix.c
-
-libcommon_a-exechelp-posix.obj: exechelp-posix.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-exechelp-posix.obj -MD -MP -MF $(DEPDIR)/libcommon_a-exechelp-posix.Tpo -c -o libcommon_a-exechelp-posix.obj `if test -f 'exechelp-posix.c'; then $(CYGPATH_W) 'exechelp-posix.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-posix.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-exechelp-posix.Tpo $(DEPDIR)/libcommon_a-exechelp-posix.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-posix.c' object='libcommon_a-exechelp-posix.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -c -o libcommon_a-exechelp-posix.obj `if test -f 'exechelp-posix.c'; then $(CYGPATH_W) 'exechelp-posix.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-posix.c'; fi`
-
 libcommon_a-get-passphrase.o: get-passphrase.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommon_a_CFLAGS) $(CFLAGS) -MT libcommon_a-get-passphrase.o -MD -MP -MF $(DEPDIR)/libcommon_a-get-passphrase.Tpo -c -o libcommon_a-get-passphrase.o `test -f 'get-passphrase.c' || echo '$(srcdir)/'`get-passphrase.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommon_a-get-passphrase.Tpo $(DEPDIR)/libcommon_a-get-passphrase.Po
@@ -1744,118 +1402,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-i18n.obj `if test -f 'i18n.c'; then $(CYGPATH_W) 'i18n.c'; else $(CYGPATH_W) '$(srcdir)/i18n.c'; fi`
 
-libcommonpth_a-mapstrings.o: mapstrings.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-mapstrings.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-mapstrings.Tpo -c -o libcommonpth_a-mapstrings.o `test -f 'mapstrings.c' || echo '$(srcdir)/'`mapstrings.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-mapstrings.Tpo $(DEPDIR)/libcommonpth_a-mapstrings.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mapstrings.c' object='libcommonpth_a-mapstrings.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-mapstrings.o `test -f 'mapstrings.c' || echo '$(srcdir)/'`mapstrings.c
-
-libcommonpth_a-mapstrings.obj: mapstrings.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-mapstrings.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-mapstrings.Tpo -c -o libcommonpth_a-mapstrings.obj `if test -f 'mapstrings.c'; then $(CYGPATH_W) 'mapstrings.c'; else $(CYGPATH_W) '$(srcdir)/mapstrings.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-mapstrings.Tpo $(DEPDIR)/libcommonpth_a-mapstrings.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mapstrings.c' object='libcommonpth_a-mapstrings.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-mapstrings.obj `if test -f 'mapstrings.c'; then $(CYGPATH_W) 'mapstrings.c'; else $(CYGPATH_W) '$(srcdir)/mapstrings.c'; fi`
-
-libcommonpth_a-stringhelp.o: stringhelp.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-stringhelp.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-stringhelp.Tpo -c -o libcommonpth_a-stringhelp.o `test -f 'stringhelp.c' || echo '$(srcdir)/'`stringhelp.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-stringhelp.Tpo $(DEPDIR)/libcommonpth_a-stringhelp.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='stringhelp.c' object='libcommonpth_a-stringhelp.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-stringhelp.o `test -f 'stringhelp.c' || echo '$(srcdir)/'`stringhelp.c
-
-libcommonpth_a-stringhelp.obj: stringhelp.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-stringhelp.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-stringhelp.Tpo -c -o libcommonpth_a-stringhelp.obj `if test -f 'stringhelp.c'; then $(CYGPATH_W) 'stringhelp.c'; else $(CYGPATH_W) '$(srcdir)/stringhelp.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-stringhelp.Tpo $(DEPDIR)/libcommonpth_a-stringhelp.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='stringhelp.c' object='libcommonpth_a-stringhelp.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-stringhelp.obj `if test -f 'stringhelp.c'; then $(CYGPATH_W) 'stringhelp.c'; else $(CYGPATH_W) '$(srcdir)/stringhelp.c'; fi`
-
-libcommonpth_a-strlist.o: strlist.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-strlist.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-strlist.Tpo -c -o libcommonpth_a-strlist.o `test -f 'strlist.c' || echo '$(srcdir)/'`strlist.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-strlist.Tpo $(DEPDIR)/libcommonpth_a-strlist.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='strlist.c' object='libcommonpth_a-strlist.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-strlist.o `test -f 'strlist.c' || echo '$(srcdir)/'`strlist.c
-
-libcommonpth_a-strlist.obj: strlist.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-strlist.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-strlist.Tpo -c -o libcommonpth_a-strlist.obj `if test -f 'strlist.c'; then $(CYGPATH_W) 'strlist.c'; else $(CYGPATH_W) '$(srcdir)/strlist.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-strlist.Tpo $(DEPDIR)/libcommonpth_a-strlist.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='strlist.c' object='libcommonpth_a-strlist.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-strlist.obj `if test -f 'strlist.c'; then $(CYGPATH_W) 'strlist.c'; else $(CYGPATH_W) '$(srcdir)/strlist.c'; fi`
-
-libcommonpth_a-utf8conv.o: utf8conv.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-utf8conv.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-utf8conv.Tpo -c -o libcommonpth_a-utf8conv.o `test -f 'utf8conv.c' || echo '$(srcdir)/'`utf8conv.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-utf8conv.Tpo $(DEPDIR)/libcommonpth_a-utf8conv.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utf8conv.c' object='libcommonpth_a-utf8conv.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-utf8conv.o `test -f 'utf8conv.c' || echo '$(srcdir)/'`utf8conv.c
-
-libcommonpth_a-utf8conv.obj: utf8conv.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-utf8conv.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-utf8conv.Tpo -c -o libcommonpth_a-utf8conv.obj `if test -f 'utf8conv.c'; then $(CYGPATH_W) 'utf8conv.c'; else $(CYGPATH_W) '$(srcdir)/utf8conv.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-utf8conv.Tpo $(DEPDIR)/libcommonpth_a-utf8conv.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='utf8conv.c' object='libcommonpth_a-utf8conv.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-utf8conv.obj `if test -f 'utf8conv.c'; then $(CYGPATH_W) 'utf8conv.c'; else $(CYGPATH_W) '$(srcdir)/utf8conv.c'; fi`
-
-libcommonpth_a-argparse.o: argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-argparse.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-argparse.Tpo -c -o libcommonpth_a-argparse.o `test -f 'argparse.c' || echo '$(srcdir)/'`argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-argparse.Tpo $(DEPDIR)/libcommonpth_a-argparse.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='argparse.c' object='libcommonpth_a-argparse.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-argparse.o `test -f 'argparse.c' || echo '$(srcdir)/'`argparse.c
-
-libcommonpth_a-argparse.obj: argparse.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-argparse.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-argparse.Tpo -c -o libcommonpth_a-argparse.obj `if test -f 'argparse.c'; then $(CYGPATH_W) 'argparse.c'; else $(CYGPATH_W) '$(srcdir)/argparse.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-argparse.Tpo $(DEPDIR)/libcommonpth_a-argparse.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='argparse.c' object='libcommonpth_a-argparse.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-argparse.obj `if test -f 'argparse.c'; then $(CYGPATH_W) 'argparse.c'; else $(CYGPATH_W) '$(srcdir)/argparse.c'; fi`
-
-libcommonpth_a-logging.o: logging.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-logging.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-logging.Tpo -c -o libcommonpth_a-logging.o `test -f 'logging.c' || echo '$(srcdir)/'`logging.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-logging.Tpo $(DEPDIR)/libcommonpth_a-logging.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='logging.c' object='libcommonpth_a-logging.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-logging.o `test -f 'logging.c' || echo '$(srcdir)/'`logging.c
-
-libcommonpth_a-logging.obj: logging.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-logging.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-logging.Tpo -c -o libcommonpth_a-logging.obj `if test -f 'logging.c'; then $(CYGPATH_W) 'logging.c'; else $(CYGPATH_W) '$(srcdir)/logging.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-logging.Tpo $(DEPDIR)/libcommonpth_a-logging.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='logging.c' object='libcommonpth_a-logging.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-logging.obj `if test -f 'logging.c'; then $(CYGPATH_W) 'logging.c'; else $(CYGPATH_W) '$(srcdir)/logging.c'; fi`
-
-libcommonpth_a-dotlock.o: dotlock.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-dotlock.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-dotlock.Tpo -c -o libcommonpth_a-dotlock.o `test -f 'dotlock.c' || echo '$(srcdir)/'`dotlock.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-dotlock.Tpo $(DEPDIR)/libcommonpth_a-dotlock.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dotlock.c' object='libcommonpth_a-dotlock.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-dotlock.o `test -f 'dotlock.c' || echo '$(srcdir)/'`dotlock.c
-
-libcommonpth_a-dotlock.obj: dotlock.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-dotlock.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-dotlock.Tpo -c -o libcommonpth_a-dotlock.obj `if test -f 'dotlock.c'; then $(CYGPATH_W) 'dotlock.c'; else $(CYGPATH_W) '$(srcdir)/dotlock.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-dotlock.Tpo $(DEPDIR)/libcommonpth_a-dotlock.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dotlock.c' object='libcommonpth_a-dotlock.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-dotlock.obj `if test -f 'dotlock.c'; then $(CYGPATH_W) 'dotlock.c'; else $(CYGPATH_W) '$(srcdir)/dotlock.c'; fi`
-
-libcommonpth_a-mischelp.o: mischelp.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-mischelp.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-mischelp.Tpo -c -o libcommonpth_a-mischelp.o `test -f 'mischelp.c' || echo '$(srcdir)/'`mischelp.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-mischelp.Tpo $(DEPDIR)/libcommonpth_a-mischelp.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mischelp.c' object='libcommonpth_a-mischelp.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-mischelp.o `test -f 'mischelp.c' || echo '$(srcdir)/'`mischelp.c
-
-libcommonpth_a-mischelp.obj: mischelp.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-mischelp.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-mischelp.Tpo -c -o libcommonpth_a-mischelp.obj `if test -f 'mischelp.c'; then $(CYGPATH_W) 'mischelp.c'; else $(CYGPATH_W) '$(srcdir)/mischelp.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-mischelp.Tpo $(DEPDIR)/libcommonpth_a-mischelp.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mischelp.c' object='libcommonpth_a-mischelp.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-mischelp.obj `if test -f 'mischelp.c'; then $(CYGPATH_W) 'mischelp.c'; else $(CYGPATH_W) '$(srcdir)/mischelp.c'; fi`
-
 libcommonpth_a-status.o: status.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-status.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-status.Tpo -c -o libcommonpth_a-status.o `test -f 'status.c' || echo '$(srcdir)/'`status.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-status.Tpo $(DEPDIR)/libcommonpth_a-status.Po
@@ -2038,20 +1584,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-percent.obj `if test -f 'percent.c'; then $(CYGPATH_W) 'percent.c'; else $(CYGPATH_W) '$(srcdir)/percent.c'; fi`
 
-libcommonpth_a-mbox-util.o: mbox-util.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-mbox-util.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-mbox-util.Tpo -c -o libcommonpth_a-mbox-util.o `test -f 'mbox-util.c' || echo '$(srcdir)/'`mbox-util.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-mbox-util.Tpo $(DEPDIR)/libcommonpth_a-mbox-util.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mbox-util.c' object='libcommonpth_a-mbox-util.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-mbox-util.o `test -f 'mbox-util.c' || echo '$(srcdir)/'`mbox-util.c
-
-libcommonpth_a-mbox-util.obj: mbox-util.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-mbox-util.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-mbox-util.Tpo -c -o libcommonpth_a-mbox-util.obj `if test -f 'mbox-util.c'; then $(CYGPATH_W) 'mbox-util.c'; else $(CYGPATH_W) '$(srcdir)/mbox-util.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-mbox-util.Tpo $(DEPDIR)/libcommonpth_a-mbox-util.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mbox-util.c' object='libcommonpth_a-mbox-util.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-mbox-util.obj `if test -f 'mbox-util.c'; then $(CYGPATH_W) 'mbox-util.c'; else $(CYGPATH_W) '$(srcdir)/mbox-util.c'; fi`
-
 libcommonpth_a-miscellaneous.o: miscellaneous.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-miscellaneous.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-miscellaneous.Tpo -c -o libcommonpth_a-miscellaneous.o `test -f 'miscellaneous.c' || echo '$(srcdir)/'`miscellaneous.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-miscellaneous.Tpo $(DEPDIR)/libcommonpth_a-miscellaneous.Po
@@ -2150,19 +1682,19 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-asshelp.obj `if test -f 'asshelp.c'; then $(CYGPATH_W) 'asshelp.c'; else $(CYGPATH_W) '$(srcdir)/asshelp.c'; fi`
 
-libcommonpth_a-asshelp2.o: asshelp2.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-asshelp2.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-asshelp2.Tpo -c -o libcommonpth_a-asshelp2.o `test -f 'asshelp2.c' || echo '$(srcdir)/'`asshelp2.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-asshelp2.Tpo $(DEPDIR)/libcommonpth_a-asshelp2.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='asshelp2.c' object='libcommonpth_a-asshelp2.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-asshelp2.o `test -f 'asshelp2.c' || echo '$(srcdir)/'`asshelp2.c
-
-libcommonpth_a-asshelp2.obj: asshelp2.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-asshelp2.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-asshelp2.Tpo -c -o libcommonpth_a-asshelp2.obj `if test -f 'asshelp2.c'; then $(CYGPATH_W) 'asshelp2.c'; else $(CYGPATH_W) '$(srcdir)/asshelp2.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-asshelp2.Tpo $(DEPDIR)/libcommonpth_a-asshelp2.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='asshelp2.c' object='libcommonpth_a-asshelp2.obj' libtool=no @AMDEPBACKSLASH@
+libcommonpth_a-exechelp.o: exechelp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-exechelp.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-exechelp.Tpo -c -o libcommonpth_a-exechelp.o `test -f 'exechelp.c' || echo '$(srcdir)/'`exechelp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-exechelp.Tpo $(DEPDIR)/libcommonpth_a-exechelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp.c' object='libcommonpth_a-exechelp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-exechelp.o `test -f 'exechelp.c' || echo '$(srcdir)/'`exechelp.c
+
+libcommonpth_a-exechelp.obj: exechelp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-exechelp.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-exechelp.Tpo -c -o libcommonpth_a-exechelp.obj `if test -f 'exechelp.c'; then $(CYGPATH_W) 'exechelp.c'; else $(CYGPATH_W) '$(srcdir)/exechelp.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-exechelp.Tpo $(DEPDIR)/libcommonpth_a-exechelp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp.c' object='libcommonpth_a-exechelp.obj' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-asshelp2.obj `if test -f 'asshelp2.c'; then $(CYGPATH_W) 'asshelp2.c'; else $(CYGPATH_W) '$(srcdir)/asshelp2.c'; fi`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-exechelp.obj `if test -f 'exechelp.c'; then $(CYGPATH_W) 'exechelp.c'; else $(CYGPATH_W) '$(srcdir)/exechelp.c'; fi`
 
 libcommonpth_a-signal.o: signal.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-signal.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-signal.Tpo -c -o libcommonpth_a-signal.o `test -f 'signal.c' || echo '$(srcdir)/'`signal.c
@@ -2178,6 +1710,34 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-signal.obj `if test -f 'signal.c'; then $(CYGPATH_W) 'signal.c'; else $(CYGPATH_W) '$(srcdir)/signal.c'; fi`
 
+libcommonpth_a-estream.o: estream.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-estream.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-estream.Tpo -c -o libcommonpth_a-estream.o `test -f 'estream.c' || echo '$(srcdir)/'`estream.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-estream.Tpo $(DEPDIR)/libcommonpth_a-estream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='estream.c' object='libcommonpth_a-estream.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-estream.o `test -f 'estream.c' || echo '$(srcdir)/'`estream.c
+
+libcommonpth_a-estream.obj: estream.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-estream.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-estream.Tpo -c -o libcommonpth_a-estream.obj `if test -f 'estream.c'; then $(CYGPATH_W) 'estream.c'; else $(CYGPATH_W) '$(srcdir)/estream.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-estream.Tpo $(DEPDIR)/libcommonpth_a-estream.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='estream.c' object='libcommonpth_a-estream.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-estream.obj `if test -f 'estream.c'; then $(CYGPATH_W) 'estream.c'; else $(CYGPATH_W) '$(srcdir)/estream.c'; fi`
+
+libcommonpth_a-estream-printf.o: estream-printf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-estream-printf.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-estream-printf.Tpo -c -o libcommonpth_a-estream-printf.o `test -f 'estream-printf.c' || echo '$(srcdir)/'`estream-printf.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-estream-printf.Tpo $(DEPDIR)/libcommonpth_a-estream-printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='estream-printf.c' object='libcommonpth_a-estream-printf.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-estream-printf.o `test -f 'estream-printf.c' || echo '$(srcdir)/'`estream-printf.c
+
+libcommonpth_a-estream-printf.obj: estream-printf.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-estream-printf.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-estream-printf.Tpo -c -o libcommonpth_a-estream-printf.obj `if test -f 'estream-printf.c'; then $(CYGPATH_W) 'estream-printf.c'; else $(CYGPATH_W) '$(srcdir)/estream-printf.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-estream-printf.Tpo $(DEPDIR)/libcommonpth_a-estream-printf.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='estream-printf.c' object='libcommonpth_a-estream-printf.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-estream-printf.obj `if test -f 'estream-printf.c'; then $(CYGPATH_W) 'estream-printf.c'; else $(CYGPATH_W) '$(srcdir)/estream-printf.c'; fi`
+
 libcommonpth_a-audit.o: audit.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-audit.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-audit.Tpo -c -o libcommonpth_a-audit.o `test -f 'audit.c' || echo '$(srcdir)/'`audit.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-audit.Tpo $(DEPDIR)/libcommonpth_a-audit.Po
@@ -2192,6 +1752,48 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-audit.obj `if test -f 'audit.c'; then $(CYGPATH_W) 'audit.c'; else $(CYGPATH_W) '$(srcdir)/audit.c'; fi`
 
+libcommonpth_a-dns-cert.o: dns-cert.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-dns-cert.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-dns-cert.Tpo -c -o libcommonpth_a-dns-cert.o `test -f 'dns-cert.c' || echo '$(srcdir)/'`dns-cert.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-dns-cert.Tpo $(DEPDIR)/libcommonpth_a-dns-cert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dns-cert.c' object='libcommonpth_a-dns-cert.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-dns-cert.o `test -f 'dns-cert.c' || echo '$(srcdir)/'`dns-cert.c
+
+libcommonpth_a-dns-cert.obj: dns-cert.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-dns-cert.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-dns-cert.Tpo -c -o libcommonpth_a-dns-cert.obj `if test -f 'dns-cert.c'; then $(CYGPATH_W) 'dns-cert.c'; else $(CYGPATH_W) '$(srcdir)/dns-cert.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-dns-cert.Tpo $(DEPDIR)/libcommonpth_a-dns-cert.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dns-cert.c' object='libcommonpth_a-dns-cert.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-dns-cert.obj `if test -f 'dns-cert.c'; then $(CYGPATH_W) 'dns-cert.c'; else $(CYGPATH_W) '$(srcdir)/dns-cert.c'; fi`
+
+libcommonpth_a-pka.o: pka.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-pka.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-pka.Tpo -c -o libcommonpth_a-pka.o `test -f 'pka.c' || echo '$(srcdir)/'`pka.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-pka.Tpo $(DEPDIR)/libcommonpth_a-pka.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pka.c' object='libcommonpth_a-pka.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-pka.o `test -f 'pka.c' || echo '$(srcdir)/'`pka.c
+
+libcommonpth_a-pka.obj: pka.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-pka.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-pka.Tpo -c -o libcommonpth_a-pka.obj `if test -f 'pka.c'; then $(CYGPATH_W) 'pka.c'; else $(CYGPATH_W) '$(srcdir)/pka.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-pka.Tpo $(DEPDIR)/libcommonpth_a-pka.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pka.c' object='libcommonpth_a-pka.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-pka.obj `if test -f 'pka.c'; then $(CYGPATH_W) 'pka.c'; else $(CYGPATH_W) '$(srcdir)/pka.c'; fi`
+
+libcommonpth_a-http.o: http.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-http.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-http.Tpo -c -o libcommonpth_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-http.Tpo $(DEPDIR)/libcommonpth_a-http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='http.c' object='libcommonpth_a-http.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
+
+libcommonpth_a-http.obj: http.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-http.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-http.Tpo -c -o libcommonpth_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-http.Tpo $(DEPDIR)/libcommonpth_a-http.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='http.c' object='libcommonpth_a-http.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
+
 libcommonpth_a-localename.o: localename.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-localename.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-localename.Tpo -c -o libcommonpth_a-localename.o `test -f 'localename.c' || echo '$(srcdir)/'`localename.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-localename.Tpo $(DEPDIR)/libcommonpth_a-localename.Po
@@ -2220,34 +1822,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-session-env.obj `if test -f 'session-env.c'; then $(CYGPATH_W) 'session-env.c'; else $(CYGPATH_W) '$(srcdir)/session-env.c'; fi`
 
-libcommonpth_a-userids.o: userids.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-userids.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-userids.Tpo -c -o libcommonpth_a-userids.o `test -f 'userids.c' || echo '$(srcdir)/'`userids.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-userids.Tpo $(DEPDIR)/libcommonpth_a-userids.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='userids.c' object='libcommonpth_a-userids.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-userids.o `test -f 'userids.c' || echo '$(srcdir)/'`userids.c
-
-libcommonpth_a-userids.obj: userids.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-userids.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-userids.Tpo -c -o libcommonpth_a-userids.obj `if test -f 'userids.c'; then $(CYGPATH_W) 'userids.c'; else $(CYGPATH_W) '$(srcdir)/userids.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-userids.Tpo $(DEPDIR)/libcommonpth_a-userids.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='userids.c' object='libcommonpth_a-userids.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-userids.obj `if test -f 'userids.c'; then $(CYGPATH_W) 'userids.c'; else $(CYGPATH_W) '$(srcdir)/userids.c'; fi`
-
-libcommonpth_a-openpgp-oid.o: openpgp-oid.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-openpgp-oid.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-openpgp-oid.Tpo -c -o libcommonpth_a-openpgp-oid.o `test -f 'openpgp-oid.c' || echo '$(srcdir)/'`openpgp-oid.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-openpgp-oid.Tpo $(DEPDIR)/libcommonpth_a-openpgp-oid.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-oid.c' object='libcommonpth_a-openpgp-oid.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-openpgp-oid.o `test -f 'openpgp-oid.c' || echo '$(srcdir)/'`openpgp-oid.c
-
-libcommonpth_a-openpgp-oid.obj: openpgp-oid.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-openpgp-oid.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-openpgp-oid.Tpo -c -o libcommonpth_a-openpgp-oid.obj `if test -f 'openpgp-oid.c'; then $(CYGPATH_W) 'openpgp-oid.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-oid.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-openpgp-oid.Tpo $(DEPDIR)/libcommonpth_a-openpgp-oid.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='openpgp-oid.c' object='libcommonpth_a-openpgp-oid.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-openpgp-oid.obj `if test -f 'openpgp-oid.c'; then $(CYGPATH_W) 'openpgp-oid.c'; else $(CYGPATH_W) '$(srcdir)/openpgp-oid.c'; fi`
-
 libcommonpth_a-ssh-utils.o: ssh-utils.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-ssh-utils.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-ssh-utils.Tpo -c -o libcommonpth_a-ssh-utils.o `test -f 'ssh-utils.c' || echo '$(srcdir)/'`ssh-utils.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-ssh-utils.Tpo $(DEPDIR)/libcommonpth_a-ssh-utils.Po
@@ -2262,20 +1836,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-ssh-utils.obj `if test -f 'ssh-utils.c'; then $(CYGPATH_W) 'ssh-utils.c'; else $(CYGPATH_W) '$(srcdir)/ssh-utils.c'; fi`
 
-libcommonpth_a-agent-opt.o: agent-opt.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-agent-opt.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-agent-opt.Tpo -c -o libcommonpth_a-agent-opt.o `test -f 'agent-opt.c' || echo '$(srcdir)/'`agent-opt.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-agent-opt.Tpo $(DEPDIR)/libcommonpth_a-agent-opt.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='agent-opt.c' object='libcommonpth_a-agent-opt.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-agent-opt.o `test -f 'agent-opt.c' || echo '$(srcdir)/'`agent-opt.c
-
-libcommonpth_a-agent-opt.obj: agent-opt.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-agent-opt.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-agent-opt.Tpo -c -o libcommonpth_a-agent-opt.obj `if test -f 'agent-opt.c'; then $(CYGPATH_W) 'agent-opt.c'; else $(CYGPATH_W) '$(srcdir)/agent-opt.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-agent-opt.Tpo $(DEPDIR)/libcommonpth_a-agent-opt.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='agent-opt.c' object='libcommonpth_a-agent-opt.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-agent-opt.obj `if test -f 'agent-opt.c'; then $(CYGPATH_W) 'agent-opt.c'; else $(CYGPATH_W) '$(srcdir)/agent-opt.c'; fi`
-
 libcommonpth_a-helpfile.o: helpfile.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-helpfile.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-helpfile.Tpo -c -o libcommonpth_a-helpfile.o `test -f 'helpfile.c' || echo '$(srcdir)/'`helpfile.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-helpfile.Tpo $(DEPDIR)/libcommonpth_a-helpfile.Po
@@ -2290,76 +1850,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-helpfile.obj `if test -f 'helpfile.c'; then $(CYGPATH_W) 'helpfile.c'; else $(CYGPATH_W) '$(srcdir)/helpfile.c'; fi`
 
-libcommonpth_a-w32-reg.o: w32-reg.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-w32-reg.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-w32-reg.Tpo -c -o libcommonpth_a-w32-reg.o `test -f 'w32-reg.c' || echo '$(srcdir)/'`w32-reg.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-w32-reg.Tpo $(DEPDIR)/libcommonpth_a-w32-reg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='w32-reg.c' object='libcommonpth_a-w32-reg.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-w32-reg.o `test -f 'w32-reg.c' || echo '$(srcdir)/'`w32-reg.c
-
-libcommonpth_a-w32-reg.obj: w32-reg.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-w32-reg.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-w32-reg.Tpo -c -o libcommonpth_a-w32-reg.obj `if test -f 'w32-reg.c'; then $(CYGPATH_W) 'w32-reg.c'; else $(CYGPATH_W) '$(srcdir)/w32-reg.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-w32-reg.Tpo $(DEPDIR)/libcommonpth_a-w32-reg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='w32-reg.c' object='libcommonpth_a-w32-reg.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-w32-reg.obj `if test -f 'w32-reg.c'; then $(CYGPATH_W) 'w32-reg.c'; else $(CYGPATH_W) '$(srcdir)/w32-reg.c'; fi`
-
-libcommonpth_a-w32-afunix.o: w32-afunix.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-w32-afunix.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-w32-afunix.Tpo -c -o libcommonpth_a-w32-afunix.o `test -f 'w32-afunix.c' || echo '$(srcdir)/'`w32-afunix.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-w32-afunix.Tpo $(DEPDIR)/libcommonpth_a-w32-afunix.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='w32-afunix.c' object='libcommonpth_a-w32-afunix.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-w32-afunix.o `test -f 'w32-afunix.c' || echo '$(srcdir)/'`w32-afunix.c
-
-libcommonpth_a-w32-afunix.obj: w32-afunix.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-w32-afunix.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-w32-afunix.Tpo -c -o libcommonpth_a-w32-afunix.obj `if test -f 'w32-afunix.c'; then $(CYGPATH_W) 'w32-afunix.c'; else $(CYGPATH_W) '$(srcdir)/w32-afunix.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-w32-afunix.Tpo $(DEPDIR)/libcommonpth_a-w32-afunix.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='w32-afunix.c' object='libcommonpth_a-w32-afunix.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-w32-afunix.obj `if test -f 'w32-afunix.c'; then $(CYGPATH_W) 'w32-afunix.c'; else $(CYGPATH_W) '$(srcdir)/w32-afunix.c'; fi`
-
-libcommonpth_a-exechelp-w32ce.o: exechelp-w32ce.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-exechelp-w32ce.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-exechelp-w32ce.Tpo -c -o libcommonpth_a-exechelp-w32ce.o `test -f 'exechelp-w32ce.c' || echo '$(srcdir)/'`exechelp-w32ce.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-exechelp-w32ce.Tpo $(DEPDIR)/libcommonpth_a-exechelp-w32ce.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-w32ce.c' object='libcommonpth_a-exechelp-w32ce.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-exechelp-w32ce.o `test -f 'exechelp-w32ce.c' || echo '$(srcdir)/'`exechelp-w32ce.c
-
-libcommonpth_a-exechelp-w32ce.obj: exechelp-w32ce.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-exechelp-w32ce.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-exechelp-w32ce.Tpo -c -o libcommonpth_a-exechelp-w32ce.obj `if test -f 'exechelp-w32ce.c'; then $(CYGPATH_W) 'exechelp-w32ce.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-w32ce.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-exechelp-w32ce.Tpo $(DEPDIR)/libcommonpth_a-exechelp-w32ce.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-w32ce.c' object='libcommonpth_a-exechelp-w32ce.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-exechelp-w32ce.obj `if test -f 'exechelp-w32ce.c'; then $(CYGPATH_W) 'exechelp-w32ce.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-w32ce.c'; fi`
-
-libcommonpth_a-exechelp-w32.o: exechelp-w32.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-exechelp-w32.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-exechelp-w32.Tpo -c -o libcommonpth_a-exechelp-w32.o `test -f 'exechelp-w32.c' || echo '$(srcdir)/'`exechelp-w32.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-exechelp-w32.Tpo $(DEPDIR)/libcommonpth_a-exechelp-w32.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-w32.c' object='libcommonpth_a-exechelp-w32.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-exechelp-w32.o `test -f 'exechelp-w32.c' || echo '$(srcdir)/'`exechelp-w32.c
-
-libcommonpth_a-exechelp-w32.obj: exechelp-w32.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-exechelp-w32.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-exechelp-w32.Tpo -c -o libcommonpth_a-exechelp-w32.obj `if test -f 'exechelp-w32.c'; then $(CYGPATH_W) 'exechelp-w32.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-w32.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-exechelp-w32.Tpo $(DEPDIR)/libcommonpth_a-exechelp-w32.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-w32.c' object='libcommonpth_a-exechelp-w32.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-exechelp-w32.obj `if test -f 'exechelp-w32.c'; then $(CYGPATH_W) 'exechelp-w32.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-w32.c'; fi`
-
-libcommonpth_a-exechelp-posix.o: exechelp-posix.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-exechelp-posix.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-exechelp-posix.Tpo -c -o libcommonpth_a-exechelp-posix.o `test -f 'exechelp-posix.c' || echo '$(srcdir)/'`exechelp-posix.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-exechelp-posix.Tpo $(DEPDIR)/libcommonpth_a-exechelp-posix.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-posix.c' object='libcommonpth_a-exechelp-posix.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-exechelp-posix.o `test -f 'exechelp-posix.c' || echo '$(srcdir)/'`exechelp-posix.c
-
-libcommonpth_a-exechelp-posix.obj: exechelp-posix.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-exechelp-posix.obj -MD -MP -MF $(DEPDIR)/libcommonpth_a-exechelp-posix.Tpo -c -o libcommonpth_a-exechelp-posix.obj `if test -f 'exechelp-posix.c'; then $(CYGPATH_W) 'exechelp-posix.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-posix.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-exechelp-posix.Tpo $(DEPDIR)/libcommonpth_a-exechelp-posix.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='exechelp-posix.c' object='libcommonpth_a-exechelp-posix.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-exechelp-posix.obj `if test -f 'exechelp-posix.c'; then $(CYGPATH_W) 'exechelp-posix.c'; else $(CYGPATH_W) '$(srcdir)/exechelp-posix.c'; fi`
-
 libcommonpth_a-srv.o: srv.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -MT libcommonpth_a-srv.o -MD -MP -MF $(DEPDIR)/libcommonpth_a-srv.Tpo -c -o libcommonpth_a-srv.o `test -f 'srv.c' || echo '$(srcdir)/'`srv.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommonpth_a-srv.Tpo $(DEPDIR)/libcommonpth_a-srv.Po
@@ -2374,34 +1864,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommonpth_a_CFLAGS) $(CFLAGS) -c -o libcommonpth_a-srv.obj `if test -f 'srv.c'; then $(CYGPATH_W) 'srv.c'; else $(CYGPATH_W) '$(srcdir)/srv.c'; fi`
 
-libcommontls_a-http.o: http.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommontls_a_CFLAGS) $(CFLAGS) -MT libcommontls_a-http.o -MD -MP -MF $(DEPDIR)/libcommontls_a-http.Tpo -c -o libcommontls_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommontls_a-http.Tpo $(DEPDIR)/libcommontls_a-http.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='http.c' object='libcommontls_a-http.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommontls_a_CFLAGS) $(CFLAGS) -c -o libcommontls_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
-
-libcommontls_a-http.obj: http.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommontls_a_CFLAGS) $(CFLAGS) -MT libcommontls_a-http.obj -MD -MP -MF $(DEPDIR)/libcommontls_a-http.Tpo -c -o libcommontls_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommontls_a-http.Tpo $(DEPDIR)/libcommontls_a-http.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='http.c' object='libcommontls_a-http.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommontls_a_CFLAGS) $(CFLAGS) -c -o libcommontls_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
-
-libcommontlsnpth_a-http.o: http.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommontlsnpth_a_CFLAGS) $(CFLAGS) -MT libcommontlsnpth_a-http.o -MD -MP -MF $(DEPDIR)/libcommontlsnpth_a-http.Tpo -c -o libcommontlsnpth_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommontlsnpth_a-http.Tpo $(DEPDIR)/libcommontlsnpth_a-http.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='http.c' object='libcommontlsnpth_a-http.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommontlsnpth_a_CFLAGS) $(CFLAGS) -c -o libcommontlsnpth_a-http.o `test -f 'http.c' || echo '$(srcdir)/'`http.c
-
-libcommontlsnpth_a-http.obj: http.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommontlsnpth_a_CFLAGS) $(CFLAGS) -MT libcommontlsnpth_a-http.obj -MD -MP -MF $(DEPDIR)/libcommontlsnpth_a-http.Tpo -c -o libcommontlsnpth_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libcommontlsnpth_a-http.Tpo $(DEPDIR)/libcommontlsnpth_a-http.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='http.c' object='libcommontlsnpth_a-http.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcommontlsnpth_a_CFLAGS) $(CFLAGS) -c -o libcommontlsnpth_a-http.obj `if test -f 'http.c'; then $(CYGPATH_W) 'http.c'; else $(CYGPATH_W) '$(srcdir)/http.c'; fi`
-
 libsimple_pwquery_a-simple-pwquery.o: simple-pwquery.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsimple_pwquery_a_CFLAGS) $(CFLAGS) -MT libsimple_pwquery_a-simple-pwquery.o -MD -MP -MF $(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Tpo -c -o libsimple_pwquery_a-simple-pwquery.o `test -f 'simple-pwquery.c' || echo '$(srcdir)/'`simple-pwquery.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Tpo $(DEPDIR)/libsimple_pwquery_a-simple-pwquery.Po
@@ -2430,20 +1892,6 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsimple_pwquery_a_CFLAGS) $(CFLAGS) -c -o libsimple_pwquery_a-asshelp.obj `if test -f 'asshelp.c'; then $(CYGPATH_W) 'asshelp.c'; else $(CYGPATH_W) '$(srcdir)/asshelp.c'; fi`
 
-t_http-t-http.o: t-http.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_http_CFLAGS) $(CFLAGS) -MT t_http-t-http.o -MD -MP -MF $(DEPDIR)/t_http-t-http.Tpo -c -o t_http-t-http.o `test -f 't-http.c' || echo '$(srcdir)/'`t-http.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_http-t-http.Tpo $(DEPDIR)/t_http-t-http.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='t-http.c' object='t_http-t-http.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_http_CFLAGS) $(CFLAGS) -c -o t_http-t-http.o `test -f 't-http.c' || echo '$(srcdir)/'`t-http.c
-
-t_http-t-http.obj: t-http.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_http_CFLAGS) $(CFLAGS) -MT t_http-t-http.obj -MD -MP -MF $(DEPDIR)/t_http-t-http.Tpo -c -o t_http-t-http.obj `if test -f 't-http.c'; then $(CYGPATH_W) 't-http.c'; else $(CYGPATH_W) '$(srcdir)/t-http.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/t_http-t-http.Tpo $(DEPDIR)/t_http-t-http.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='t-http.c' object='t_http-t-http.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(t_http_CFLAGS) $(CFLAGS) -c -o t_http-t-http.obj `if test -f 't-http.c'; then $(CYGPATH_W) 't-http.c'; else $(CYGPATH_W) '$(srcdir)/t-http.c'; fi`
-
 ID: $(am__tagged_files)
 	$(am__define_uniq_tagged_files); mkid -fID $$unique
 tags: tags-am
@@ -2756,20 +2204,17 @@
 # is a distributed built source.  If we would not do that we may end
 # up with two files and then it is not clear which version of the
 # files will be picked up.
-@MAINTAINER_MODE_TRUE@audit-events.h: Makefile.am mkstrtable.awk exaudit.awk audit.h
+@MAINTAINER_MODE_TRUE@audit-events.h: Makefile mkstrtable.awk exaudit.awk audit.h
 @MAINTAINER_MODE_TRUE@	$(AWK) -f $(srcdir)/exaudit.awk $(srcdir)/audit.h \
 @MAINTAINER_MODE_TRUE@	  | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
 @MAINTAINER_MODE_TRUE@		   -v namespace=eventstr_  > $(srcdir)/audit-events.h
 
 # Create the status-codes.h include file from status.h
-@MAINTAINER_MODE_TRUE@status-codes.h: Makefile.am mkstrtable.awk exstatus.awk status.h
+@MAINTAINER_MODE_TRUE@status-codes.h: Makefile mkstrtable.awk exstatus.awk status.h
 @MAINTAINER_MODE_TRUE@	$(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \
 @MAINTAINER_MODE_TRUE@	  | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
 @MAINTAINER_MODE_TRUE@		   -v namespace=statusstr_  > $(srcdir)/status-codes.h
 
-# All programs should depend on the created libs.
-$(PROGRAMS) : libcommon.a libcommonpth.a libcommontls.a libcommontlsnpth.a
-
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff -Nru gnupg2-2.1.6/common/mapstrings.c gnupg2-2.0.28/common/mapstrings.c
--- gnupg2-2.1.6/common/mapstrings.c	2015-06-30 18:32:51.000000000 +0000
+++ gnupg2-2.0.28/common/mapstrings.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,167 +0,0 @@
-/* mapstrings.c - Static string mapping
- * Copyright (C) 2014 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-
-#include "util.h"
-#include "stringhelp.h"
-#include "membuf.h"
-
-
-static struct {
-  const char *name;
-  const char *value;
-} macros[] = {
-#ifdef PACKAGE_BUGREPORT
-  { "EMAIL", PACKAGE_BUGREPORT },
-#else
-  { "EMAIL", "bug@example.org" },
-#endif
-  { "GNUPG",     GNUPG_NAME },
-  { "GPG",       GPG_NAME },
-  { "GPGSM",     GPGSM_NAME },
-  { "GPG_AGENT", GPG_AGENT_NAME },
-  { "SCDAEMON",  SCDAEMON_NAME },
-  { "DIRMNGR",   DIRMNGR_NAME },
-  { "G13",       G13_NAME },
-  { "GPGCONF",   GPGCONF_NAME },
-  { "GPGTAR",    GPGTAR_NAME }
-};
-
-
-
-/* A list to remember already done mappings.  */
-struct mapping_s
-{
-  struct mapping_s *next;
-  const char *key;
-  const char *value;
-};
-static struct mapping_s *mappings;
-
-
-/* If STRING has already been mapped, return the mapped string.  If
-   not return NULL.  */
-static const char *
-already_mapped (const char *string)
-{
-  struct mapping_s *m;
-
-  for (m=mappings; m; m = m->next)
-    if (m->key == string && !strcmp (m->key, string))
-      return m->value;
-  return NULL;
-}
-
-
-/* Store NEWSTRING under key STRING and return NEWSTRING.  */
-static const char *
-store_mapping (const char *string, char *newstring)
-{
-  struct mapping_s *m;
-
-  m = xmalloc (sizeof *m);
-  m->key = string;
-  m->value = newstring;
-  m->next = mappings;
-  mappings = m;
-  return newstring;
-}
-
-
-/* Find the first macro in STRING.  Return a pointer to the
-   replacement value, set BEGPTR to the leading '@', and set ENDPTR to
-   the terminating '@'.  If no macro is found return NULL.  */
-const char *
-find_macro (const char *string,  const char **begptr,
-            const char **endptr)
-{
-  const char *s, *s2, *s3;
-  int idx;
-
-  s = string;
-  if (!s)
-    return NULL;
-
-  for (; (s2 = strchr (s, '@')); s = s2)
-    {
-      s2++;
-      if (*s2 >= 'A' && *s2 <= 'Z' && (s3 = (strchr (s2, '@'))))
-        {
-          for (idx=0; idx < DIM (macros); idx++)
-            if (strlen (macros[idx].name) == (s3 - s2)
-                && !memcmp (macros[idx].name, s2, (s3 - s2)))
-              {
-                *begptr = s2 - 1;
-                *endptr = s3;
-                return macros[idx].value;
-              }
-        }
-    }
-  return NULL;
-}
-
-
-/* If STRING includes known @FOO@ macros, replace these macros and
-   return a new static string.  Warning: STRING must have been
-   allocated statically.  Note that this function allocates memory
-   which will not be released (similar to gettext).  */
-const char *
-map_static_macro_string (const char *string)
-{
-  const char *s, *s2, *s3, *value;
-  membuf_t mb;
-  char *p;
-
-  if ((s = already_mapped (string)))
-    return s;
-  s = string;
-  value = find_macro (s, &s2, &s3);
-  if (!value)
-    return string; /* No macros at all.  */
-
-  init_membuf (&mb, strlen (string) + 100);
-  do
-    {
-      put_membuf (&mb, s, s2 - s);
-      put_membuf_str (&mb, value);
-      s = s3 + 1;
-    }
-  while ((value = find_macro (s, &s2, &s3)));
-  put_membuf_str (&mb, s);
-  put_membuf (&mb, "", 1);
-
-  p = get_membuf_shrink (&mb, NULL);
-  if (!p)
-    log_fatal ("map_static_macro_string failed: %s\n", strerror (errno));
-
-  return store_mapping (string, p);
-}
diff -Nru gnupg2-2.1.6/common/mbox-util.c gnupg2-2.0.28/common/mbox-util.c
--- gnupg2-2.1.6/common/mbox-util.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/mbox-util.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,249 +0,0 @@
-/* mbox-util.c - Mail address helper functions
- * Copyright (C) 1998-2010 Free Software Foundation, Inc.
- * Copyright (C) 1998-2015 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "util.h"
-#include "mbox-util.h"
-
-
-static int
-string_count_chr (const char *string, int c)
-{
-  int count;
-
-  for (count=0; *string; string++ )
-    if ( *string == c )
-      count++;
-  return count;
-}
-
-static int
-mem_count_chr (const void *buffer, int c, size_t length)
-{
-  const char *s = buffer;
-  int count;
-
-  for (count=0; length; length--, s++)
-    if (*s == c)
-      count++;
-  return count;
-}
-
-
-/* This is a case-sensitive version of our memistr.  I wonder why no
-   standard function memstr exists but I better do not use the name
-   memstr to avoid future conflicts.  */
-static const char *
-my_memstr (const void *buffer, size_t buflen, const char *sub)
-{
-  const unsigned char *buf = buffer;
-  const unsigned char *t = (const unsigned char *)buf;
-  const unsigned char *s = (const unsigned char *)sub;
-  size_t n = buflen;
-
-  for ( ; n ; t++, n-- )
-    {
-      if (*t == *s)
-        {
-          for (buf = t++, buflen = n--, s++; n && *t ==*s; t++, s++, n--)
-            ;
-          if (!*s)
-            return (const char*)buf;
-          t = (const unsigned char *)buf;
-          s = (const unsigned char *)sub ;
-          n = buflen;
-	}
-    }
-  return NULL;
-}
-
-
-
-static int
-string_has_ctrl_or_space (const char *string)
-{
-  for (; *string; string++ )
-    if (!(*string & 0x80) && *string <= 0x20)
-      return 1;
-  return 0;
-}
-
-
-/* Return true if STRING has two consecutive '.' after an '@'
-   sign.  */
-static int
-has_dotdot_after_at (const char *string)
-{
-  string = strchr (string, '@');
-  if (!string)
-    return 0; /* No at-sign.  */
-  string++;
-  return !!strstr (string, "..");
-}
-
-
-/* Check whether BUFFER has characters not valid in an RFC-822
-   address.  LENGTH gives the length of BUFFER.
-
-   To cope with OpenPGP we ignore non-ascii characters so that for
-   example umlauts are legal in an email address.  An OpenPGP user ID
-   must be utf-8 encoded but there is no strict requirement for
-   RFC-822.  Thus to avoid IDNA encoding we put the address verbatim
-   as utf-8 into the user ID under the assumption that mail programs
-   handle IDNA at a lower level and take OpenPGP user IDs as utf-8.
-   Note that we can't do an utf-8 encoding checking here because in
-   keygen.c this function is called with the native encoding and
-   native to utf-8 encoding is only done later.  */
-int
-has_invalid_email_chars (const void *buffer, size_t length)
-{
-  const unsigned char *s = buffer;
-  int at_seen=0;
-  const char *valid_chars=
-    "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
-
-  for ( ; length && *s; length--, s++ )
-    {
-      if ((*s & 0x80))
-        continue; /* We only care about ASCII.  */
-      if (*s == '@')
-        at_seen=1;
-      else if (!at_seen && !(strchr (valid_chars, *s)
-                             || strchr ("!#$%&'*+/=?^`{|}~", *s)))
-        return 1;
-      else if (at_seen && !strchr (valid_chars, *s))
-        return 1;
-    }
-  return 0;
-}
-
-
-/* Same as is_valid_mailbox (see below) but operates on non-nul
-   terminated buffer.  */
-int
-is_valid_mailbox_mem (const void *name_arg, size_t namelen)
-{
-  const char *name = name_arg;
-
-  return !( !name
-            || !namelen
-            || has_invalid_email_chars (name, namelen)
-            || mem_count_chr (name, '@', namelen) != 1
-            || *name == '@'
-            || name[namelen-1] == '@'
-            || name[namelen-1] == '.'
-            || my_memstr (name, namelen, ".."));
-}
-
-
-/* Check whether NAME represents a valid mailbox according to
-   RFC822. Returns true if so. */
-int
-is_valid_mailbox (const char *name)
-{
-  return name? is_valid_mailbox_mem (name, strlen (name)) : 0;
-}
-
-
-/* Return the mailbox (local-part@domain) form a standard user id.
-   All plain ASCII characters in the result are converted to
-   lowercase.  Caller must free the result.  Returns NULL if no valid
-   mailbox was found (or we are out of memory). */
-char *
-mailbox_from_userid (const char *userid)
-{
-  const char *s, *s_end;
-  size_t len;
-  char *result = NULL;
-
-  s = strchr (userid, '<');
-  if (s)
-    {
-      /* Seems to be a standard user id.  */
-      s++;
-      s_end = strchr (s, '>');
-      if (s_end && s_end > s)
-        {
-          len = s_end - s;
-          result = xtrymalloc (len + 1);
-          if (!result)
-            return NULL; /* Ooops - out of core.  */
-          strncpy (result, s, len);
-          result[len] = 0;
-          /* Apply some basic checks on the address.  We do not use
-             is_valid_mailbox because those checks are too strict.  */
-          if (string_count_chr (result, '@') != 1  /* Need exactly one '@.  */
-              || *result == '@'           /* local-part missing.  */
-              || result[len-1] == '@'     /* domain missing.  */
-              || result[len-1] == '.'     /* ends with a dot.  */
-              || string_has_ctrl_or_space (result)
-              || has_dotdot_after_at (result))
-            {
-              xfree (result);
-              result = NULL;
-              errno = EINVAL;
-            }
-        }
-      else
-        errno = EINVAL;
-    }
-  else if (is_valid_mailbox (userid))
-    {
-      /* The entire user id is a mailbox.  Return that one.  Note that
-         this fallback method has some restrictions on the valid
-         syntax of the mailbox.  However, those who want weird
-         addresses should know about it and use the regular <...>
-         syntax.  */
-      result = xtrystrdup (userid);
-    }
-  else
-    errno = EINVAL;
-
-  return result? ascii_strlwr (result): NULL;
-}
-
-
-/* Check whether UID is a valid standard user id of the form
-     "Heinrich Heine "
-   and return true if this is the case. */
-int
-is_valid_user_id (const char *uid)
-{
-  if (!uid || !*uid)
-    return 0;
-
-  return 1;
-}
diff -Nru gnupg2-2.1.6/common/mbox-util.h gnupg2-2.0.28/common/mbox-util.h
--- gnupg2-2.1.6/common/mbox-util.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/mbox-util.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,39 +0,0 @@
-/* mbox-util.h - Defs for mail address helper functions
- * Copyright (C) 2015 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-#ifndef GNUPG_COMMON_MBOX_UTIL_H
-#define GNUPG_COMMON_MBOX_UTIL_H
-
-int has_invalid_email_chars (const void *buffer, size_t length);
-int is_valid_mailbox (const char *name);
-int is_valid_mailbox_mem (const void *buffer, size_t length);
-char *mailbox_from_userid (const char *userid);
-int is_valid_user_id (const char *uid);
-
-
-#endif /*GNUPG_COMMON_MBOX_UTIL_H*/
diff -Nru gnupg2-2.1.6/common/membuf.c gnupg2-2.0.28/common/membuf.c
--- gnupg2-2.1.6/common/membuf.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/membuf.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,25 +1,14 @@
 /* membuf.c - A simple implementation of a dynamic buffer.
- * Copyright (C) 2001, 2003, 2009, 2011 Free Software Foundation, Inc.
- * Copyright (C) 2013 Werner Koch
+ * Copyright (C) 2001, 2003, 2009 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -31,7 +20,6 @@
 #include 
 #include 
 #include 
-#include 
 
 #include "membuf.h"
 
@@ -68,36 +56,16 @@
 }
 
 
-/* Shift the the content of the membuf MB by AMOUNT bytes.  The next
-   operation will then behave as if AMOUNT bytes had not been put into
-   the buffer.  If AMOUNT is greater than the actual accumulated
-   bytes, the membuf is basically reset to its initial state.  */
-void
-clear_membuf (membuf_t *mb, size_t amount)
-{
-  /* No need to clear if we are already out of core.  */
-  if (mb->out_of_core)
-    return;
-  if (amount >= mb->len)
-    mb->len = 0;
-  else
-    {
-      mb->len -= amount;
-      memmove (mb->buf, mb->buf+amount, mb->len);
-    }
-}
-
-
 void
 put_membuf (membuf_t *mb, const void *buf, size_t len)
 {
-  if (mb->out_of_core || !len)
+  if (mb->out_of_core)
     return;
 
   if (mb->len + len >= mb->size)
     {
       char *p;
-
+      
       mb->size += len + 1024;
       p = xtryrealloc (mb->buf, mb->size);
       if (!p)
@@ -106,7 +74,7 @@
           /* Wipe out what we already accumulated.  This is required
              in case we are storing sensitive data here.  The membuf
              API does not provide another way to cleanup after an
-             error. */
+             error. */ 
           wipememory (mb->buf, mb->len);
           return;
         }
@@ -124,26 +92,6 @@
 }
 
 
-void
-put_membuf_printf (membuf_t *mb, const char *format, ...)
-{
-  int rc;
-  va_list arg_ptr;
-  char *buf;
-
-  va_start (arg_ptr, format);
-  rc = gpgrt_vasprintf (&buf, format, arg_ptr);
-  if (rc < 0)
-    mb->out_of_core = errno ? errno : ENOMEM;
-  va_end (arg_ptr);
-  if (rc >= 0)
-    {
-      put_membuf (mb, buf, strlen (buf));
-      xfree (buf);
-    }
-}
-
-
 void *
 get_membuf (membuf_t *mb, size_t *len)
 {
@@ -157,7 +105,7 @@
           xfree (mb->buf);
           mb->buf = NULL;
         }
-      gpg_err_set_errno (mb->out_of_core);
+      errno = mb->out_of_core;
       return NULL;
     }
 
@@ -168,50 +116,3 @@
   mb->out_of_core = ENOMEM; /* hack to make sure it won't get reused. */
   return p;
 }
-
-
-/* Same as get_membuf but shrinks the reallocated space to the
-   required size.  */
-void *
-get_membuf_shrink (membuf_t *mb, size_t *len)
-{
-  void *p, *pp;
-  size_t dummylen;
-
-  if (!len)
-    len = &dummylen;
-
-  p = get_membuf (mb, len);
-  if (!p)
-    return NULL;
-  if (*len)
-    {
-      pp = xtryrealloc (p, *len);
-      if (pp)
-        p = pp;
-    }
-
-  return p;
-}
-
-
-/* Peek at the membuf MB.  On success a pointer to the buffer is
-   returned which is valid until the next operation on MB.  If LEN is
-   not NULL the current LEN of the buffer is stored there.  On error
-   NULL is returned and ERRNO is set.  */
-const void *
-peek_membuf (membuf_t *mb, size_t *len)
-{
-  const char *p;
-
-  if (mb->out_of_core)
-    {
-      gpg_err_set_errno (mb->out_of_core);
-      return NULL;
-    }
-
-  p = mb->buf;
-  if (len)
-    *len = mb->len;
-  return p;
-}
diff -Nru gnupg2-2.1.6/common/membuf.h gnupg2-2.0.28/common/membuf.h
--- gnupg2-2.1.6/common/membuf.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/membuf.h	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -30,16 +20,14 @@
 #ifndef GNUPG_COMMON_MEMBUF_H
 #define GNUPG_COMMON_MEMBUF_H
 
-#include "mischelp.h"
-
 /* The definition of the structure is private, we only need it here,
    so it can be allocated on the stack. */
-struct private_membuf_s
+struct private_membuf_s 
 {
-  size_t len;
-  size_t size;
-  char *buf;
-  int out_of_core;
+  size_t len;      
+  size_t size;     
+  char *buf;       
+  int out_of_core; 
 };
 
 typedef struct private_membuf_s membuf_t;
@@ -51,13 +39,9 @@
 
 void init_membuf (membuf_t *mb, int initiallen);
 void init_membuf_secure (membuf_t *mb, int initiallen);
-void clear_membuf (membuf_t *mb, size_t amount);
 void put_membuf  (membuf_t *mb, const void *buf, size_t len);
 void put_membuf_str (membuf_t *mb, const char *string);
-void put_membuf_printf (membuf_t *mb, const char *format,
-                        ...) GPGRT_GCC_A_PRINTF(2,3);
 void *get_membuf (membuf_t *mb, size_t *len);
-void *get_membuf_shrink (membuf_t *mb, size_t *len);
-const void *peek_membuf (membuf_t *mb, size_t *len);
+
 
 #endif /*GNUPG_COMMON_MEMBUF_H*/
diff -Nru gnupg2-2.1.6/common/miscellaneous.c gnupg2-2.0.28/common/miscellaneous.c
--- gnupg2-2.1.6/common/miscellaneous.c	2015-06-23 07:13:45.000000000 +0000
+++ gnupg2-2.0.28/common/miscellaneous.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -29,30 +19,31 @@
 
 #include 
 #include 
-#include 
 #include 
 
+#define JNLIB_NEED_LOG_LOGV
 #include "util.h"
 #include "iobuf.h"
 #include "i18n.h"
 
+
 /* Used by libgcrypt for logging.  */
 static void
 my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
 {
   (void)dummy;
-
+  
   /* Map the log levels.  */
   switch (level)
     {
-    case GCRY_LOG_CONT: level = GPGRT_LOG_CONT; break;
-    case GCRY_LOG_INFO: level = GPGRT_LOG_INFO; break;
-    case GCRY_LOG_WARN: level = GPGRT_LOG_WARN; break;
-    case GCRY_LOG_ERROR:level = GPGRT_LOG_ERROR; break;
-    case GCRY_LOG_FATAL:level = GPGRT_LOG_FATAL; break;
-    case GCRY_LOG_BUG:  level = GPGRT_LOG_BUG; break;
-    case GCRY_LOG_DEBUG:level = GPGRT_LOG_DEBUG; break;
-    default:            level = GPGRT_LOG_ERROR; break;
+    case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break;
+    case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break;
+    case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break;
+    case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break;
+    case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break;
+    case GCRY_LOG_BUG:  level = JNLIB_LOG_BUG; break;
+    case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break;
+    default:            level = JNLIB_LOG_ERROR; break;  
     }
   log_logv (level, fmt, arg_ptr);
 }
@@ -106,36 +97,6 @@
 }
 
 
-/* A wrapper around gcry_cipher_algo_name to return the string
-   "AES-128" instead of "AES".  Given that we have an alias in
-   libgcrypt for it, it does not harm to too much to return this other
-   string.  Some users complained that we print "AES" but "AES192"
-   and "AES256".  We can't fix that in libgcrypt but it is pretty
-   safe to do it in an application. */
-const char *
-gnupg_cipher_algo_name (int algo)
-{
-  const char *s;
-
-  s = gcry_cipher_algo_name (algo);
-  if (!strcmp (s, "AES"))
-    s = "AES128";
-  return s;
-}
-
-
-void
-obsolete_option (const char *configname, unsigned int configlineno,
-                 const char *name)
-{
-  if (configname)
-    log_info (_("%s:%u: obsolete option \"%s\" - it has no effect\n"),
-              configname, configlineno, name);
-  else
-    log_info (_("WARNING: \"%s%s\" is an obsolete option - it has no effect\n"),
-              "--", name);
-}
-
 
 /* Decide whether the filename is stdout or a real filename and return
  * an appropriate string.  */
@@ -158,63 +119,23 @@
     return s;
 }
 
-
-static int
-do_print_utf8_buffer (estream_t stream,
-                      const void *buffer, size_t length,
-                      const char *delimiters, size_t *bytes_written)
-{
-  const char *p = buffer;
-  size_t i;
-
-  /* We can handle plain ascii simpler, so check for it first. */
-  for (i=0; i < length; i++ )
-    {
-      if ( (p[i] & 0x80) )
-        break;
-    }
-  if (i < length)
-    {
-      int delim = delimiters? *delimiters : 0;
-      char *buf;
-      int ret;
-
-      /*(utf8 conversion already does the control character quoting). */
-      buf = utf8_to_native (p, length, delim);
-      if (bytes_written)
-        *bytes_written = strlen (buf);
-      ret = es_fputs (buf, stream);
-      xfree (buf);
-      return ret == EOF? ret : (int)i;
-    }
-  else
-    return es_write_sanitized (stream, p, length, delimiters, bytes_written);
-}
-
-
+/* fixme: Globally replace it by print_sanitized_buffer. */
 void
-print_utf8_buffer3 (estream_t stream, const void *p, size_t n,
-                    const char *delim)
+print_string( FILE *fp, const byte *p, size_t n, int delim )
 {
-  do_print_utf8_buffer (stream, p, n, delim, NULL);
+  print_sanitized_buffer (fp, p, n, delim);
 }
 
-
 void
-print_utf8_buffer2 (estream_t stream, const void *p, size_t n, int delim)
+print_utf8_string2 ( FILE *fp, const byte *p, size_t n, int delim )
 {
-  char tmp[2];
-
-  tmp[0] = delim;
-  tmp[1] = 0;
-  do_print_utf8_buffer (stream, p, n, tmp, NULL);
+  print_sanitized_utf8_buffer (fp, p, n, delim);
 }
 
-
 void
-print_utf8_buffer (estream_t stream, const void *p, size_t n)
+print_utf8_string( FILE *fp, const byte *p, size_t n )
 {
-  do_print_utf8_buffer (stream, p, n, NULL, NULL);
+    print_utf8_string2 (fp, p, n, 0);
 }
 
 /* Write LENGTH bytes of BUFFER to FP as a hex encoded string.
@@ -262,7 +183,7 @@
         { 3, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
         { 4, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
     };
-
+    
     if ( iobuf_is_pipe_filename (s) || !ret_rc )
         return 0; /* We can't check stdin or no file was given */
 
@@ -290,7 +211,7 @@
         }
     }
 
-leave:
+leave:    
     iobuf_close( a );
     return rc;
 }
@@ -318,171 +239,3 @@
 }
 
 
-
-/* Parse the first portion of the version number S and store it at
-   NUMBER.  On success, the function returns a pointer into S starting
-   with the first character, which is not part of the initial number
-   portion; on failure, NULL is returned.  */
-static const char*
-parse_version_number (const char *s, int *number)
-{
-  int val = 0;
-
-  if (*s == '0' && digitp (s+1))
-    return NULL; /* Leading zeros are not allowed.  */
-  for (; digitp (s); s++ )
-    {
-      val *= 10;
-      val += *s - '0';
-    }
-  *number = val;
-  return val < 0? NULL : s;
-}
-
-/* Break up the complete string representation of the version number S,
-   which is expected to have this format:
-
-      ...
-
-   The major, minor and micro number components will be stored at
-   MAJOR, MINOR and MICRO. On success, a pointer to the last
-   component, the patch level, will be returned; on failure, NULL will
-   be returned.  */
-static const char *
-parse_version_string (const char *s, int *major, int *minor, int *micro)
-{
-  s = parse_version_number (s, major);
-  if (!s || *s != '.')
-    return NULL;
-  s++;
-  s = parse_version_number (s, minor);
-  if (!s || *s != '.')
-    return NULL;
-  s++;
-  s = parse_version_number (s, micro);
-  if (!s)
-    return NULL;
-  return s; /* Patchlevel.  */
-}
-
-/* Return true if version string is at least version B. */
-int
-gnupg_compare_version (const char *a, const char *b)
-{
-  int a_major, a_minor, a_micro;
-  int b_major, b_minor, b_micro;
-  const char *a_plvl, *b_plvl;
-
-  if (!a || !b)
-    return 0;
-
-  /* Parse version A.  */
-  a_plvl = parse_version_string (a, &a_major, &a_minor, &a_micro);
-  if (!a_plvl )
-    return 0; /* Invalid version number.  */
-
-  /* Parse version B.  */
-  b_plvl = parse_version_string (b, &b_major, &b_minor, &b_micro);
-  if (!b_plvl )
-    return 0; /* Invalid version number.  */
-
-  /* Compare version numbers.  */
-  return (a_major > b_major
-          || (a_major == b_major && a_minor > b_minor)
-          || (a_major == b_major && a_minor == b_minor
-              && a_micro > b_micro)
-          || (a_major == b_major && a_minor == b_minor
-              && a_micro == b_micro
-              && strcmp (a_plvl, b_plvl) >= 0));
-}
-
-
-
-/* Parse an --debug style argument.  We allow the use of number values
- * in the usual C notation or a string with comma separated keywords.
- *
- * Returns: 0 on success or -1 and ERRNO set on error.  On success the
- *          supplied variable is updated by the parsed flags.
- *
- * If STRING is NULL the enabled debug flags are printed.
- */
-int
-parse_debug_flag (const char *string, unsigned int *debugvar,
-                  const struct debug_flags_s *flags)
-
-{
-  unsigned long result = 0;
-  int i, j;
-
-  if (!string)
-    {
-      if (debugvar)
-        {
-          log_info ("enabled debug flags:");
-          for (i=0; flags[i].name; i++)
-            if ((*debugvar & flags[i].flag))
-              log_printf (" %s", flags[i].name);
-          log_printf ("\n");
-        }
-      return 0;
-    }
-
-  while (spacep (string))
-    string++;
-  if (*string == '-')
-    {
-      errno = EINVAL;
-      return -1;
-    }
-
-  if (!strcmp (string, "?") || !strcmp (string, "help"))
-    {
-      log_info ("available debug flags:\n");
-      for (i=0; flags[i].name; i++)
-        log_info (" %5u %s\n", flags[i].flag, flags[i].name);
-      if (flags[i].flag != 77)
-        exit (0);
-    }
-  else if (digitp (string))
-    {
-      errno = 0;
-      result = strtoul (string, NULL, 0);
-      if (result == ULONG_MAX && errno == ERANGE)
-        return -1;
-    }
-  else
-    {
-      char **words;
-      words = strtokenize (string, ",");
-      if (!words)
-        return -1;
-      for (i=0; words[i]; i++)
-        {
-          if (*words[i])
-            {
-              for (j=0; flags[j].name; j++)
-                if (!strcmp (words[i], flags[j].name))
-                  {
-                    result |= flags[j].flag;
-                    break;
-                  }
-              if (!flags[j].name)
-                {
-                  if (!strcmp (words[i], "none"))
-                    {
-                      *debugvar = 0;
-                      result = 0;
-                    }
-                  else if (!strcmp (words[i], "all"))
-                    result = ~0;
-                  else
-                    log_info (_("unknown debug flag '%s' ignored\n"), words[i]);
-                }
-            }
-        }
-      xfree (words);
-    }
-
-  *debugvar |= result;
-  return 0;
-}
diff -Nru gnupg2-2.1.6/common/mischelp.c gnupg2-2.0.28/common/mischelp.c
--- gnupg2-2.1.6/common/mischelp.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/mischelp.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,194 +0,0 @@
-/* mischelp.c - Miscellaneous helper functions
- * Copyright (C) 1998, 2000, 2001, 2006, 2007 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_W32_SYSTEM
-# define WIN32_LEAN_AND_MEAN
-# include 
-#else /*!HAVE_W32_SYSTEM*/
-# include 
-# include 
-# include 
-#endif /*!HAVE_W32_SYSTEM*/
-#include 
-
-#include "util.h"
-#include "common-defs.h"
-#include "stringhelp.h"
-#include "utf8conv.h"
-#include "mischelp.h"
-
-
-/* Check whether the files NAME1 and NAME2 are identical.  This is for
-   example achieved by comparing the inode numbers of the files.  */
-int
-same_file_p (const char *name1, const char *name2)
-{
-  int yes;
-
-  /* First try a shortcut.  */
-  if (!compare_filenames (name1, name2))
-    yes = 1;
-  else
-    {
-#ifdef HAVE_W32_SYSTEM
-      HANDLE file1, file2;
-      BY_HANDLE_FILE_INFORMATION info1, info2;
-
-#ifdef HAVE_W32CE_SYSTEM
-      {
-        wchar_t *wname = utf8_to_wchar (name1);
-        if (wname)
-          file1 = CreateFile (wname, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
-        else
-          file1 = INVALID_HANDLE_VALUE;
-        xfree (wname);
-      }
-#else
-      file1 = CreateFile (name1, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
-#endif
-      if (file1 == INVALID_HANDLE_VALUE)
-        yes = 0; /* If we can't open the file, it is not the same.  */
-      else
-        {
-#ifdef HAVE_W32CE_SYSTEM
-          {
-            wchar_t *wname = utf8_to_wchar (name2);
-            if (wname)
-              file2 = CreateFile (wname, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
-            else
-              file2 = INVALID_HANDLE_VALUE;
-            xfree (wname);
-          }
-#else
-          file2 = CreateFile (name2, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
-#endif
-          if (file2 == INVALID_HANDLE_VALUE)
-            yes = 0; /* If we can't open the file, it is not the same.  */
-          else
-            {
-              yes = (GetFileInformationByHandle (file1, &info1)
-                     && GetFileInformationByHandle (file2, &info2)
-                     && info1.dwVolumeSerialNumber==info2.dwVolumeSerialNumber
-                     && info1.nFileIndexHigh == info2.nFileIndexHigh
-                     && info1.nFileIndexLow == info2.nFileIndexLow);
-              CloseHandle (file2);
-            }
-          CloseHandle (file1);
-        }
-#else /*!HAVE_W32_SYSTEM*/
-      struct stat info1, info2;
-
-      yes = (!stat (name1, &info1) && !stat (name2, &info2)
-             && info1.st_dev == info2.st_dev && info1.st_ino == info2.st_ino);
-#endif /*!HAVE_W32_SYSTEM*/
-    }
-  return yes;
-}
-
-
-/*
-  timegm() is a GNU function that might not be available everywhere.
-  It's basically the inverse of gmtime() - you give it a struct tm,
-  and get back a time_t.  It differs from mktime() in that it handles
-  the case where the struct tm is UTC and the local environment isn't.
-
-  Note, that this replacement implementation might not be thread-safe!
-
-  Some BSDs don't handle the putenv("foo") case properly, so we use
-  unsetenv if the platform has it to remove environment variables.
-*/
-#ifndef HAVE_TIMEGM
-time_t
-timegm (struct tm *tm)
-{
-#ifdef HAVE_W32_SYSTEM
-  /* This one is thread safe.  */
-  SYSTEMTIME st;
-  FILETIME ft;
-  unsigned long long cnsecs;
-
-  st.wYear   = tm->tm_year + 1900;
-  st.wMonth  = tm->tm_mon  + 1;
-  st.wDay    = tm->tm_mday;
-  st.wHour   = tm->tm_hour;
-  st.wMinute = tm->tm_min;
-  st.wSecond = tm->tm_sec;
-  st.wMilliseconds = 0; /* Not available.  */
-  st.wDayOfWeek = 0;    /* Ignored.  */
-
-  /* System time is UTC thus the conversion is pretty easy.  */
-  if (!SystemTimeToFileTime (&st, &ft))
-    {
-      gpg_err_set_errno (EINVAL);
-      return (time_t)(-1);
-    }
-
-  cnsecs = (((unsigned long long)ft.dwHighDateTime << 32)
-            | ft.dwLowDateTime);
-  cnsecs -= 116444736000000000ULL; /* The filetime epoch is 1601-01-01.  */
-  return (time_t)(cnsecs / 10000000ULL);
-
-#else /* (Non thread safe implementation!) */
-
-  time_t answer;
-  char *zone;
-
-  zone=getenv("TZ");
-  putenv("TZ=UTC");
-  tzset();
-  answer=mktime(tm);
-  if(zone)
-    {
-      static char *old_zone;
-
-      if (!old_zone)
-        {
-          old_zone = malloc(3+strlen(zone)+1);
-          if (old_zone)
-            {
-              strcpy(old_zone,"TZ=");
-              strcat(old_zone,zone);
-            }
-	}
-      if (old_zone)
-        putenv (old_zone);
-    }
-  else
-    gnupg_unsetenv("TZ");
-
-  tzset();
-  return answer;
-#endif
-}
-#endif /*!HAVE_TIMEGM*/
diff -Nru gnupg2-2.1.6/common/mischelp.h gnupg2-2.0.28/common/mischelp.h
--- gnupg2-2.1.6/common/mischelp.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/mischelp.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,121 +0,0 @@
-/* mischelp.h - Miscellaneous helper macros and functions
- * Copyright (C) 1999, 2000, 2001, 2002, 2003,
- *               2006, 2007, 2009  Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifndef GNUPG_COMMON_MISCHELP_H
-#define GNUPG_COMMON_MISCHELP_H
-
-
-/* Check whether the files NAME1 and NAME2 are identical.  This is for
-   example achieved by comparing the inode numbers of the files.  */
-int same_file_p (const char *name1, const char *name2);
-
-
-#ifndef HAVE_TIMEGM
-#include 
-time_t timegm (struct tm *tm);
-#endif /*!HAVE_TIMEGM*/
-
-
-#define DIM(v)		     (sizeof(v)/sizeof((v)[0]))
-#define DIMof(type,member)   DIM(((type *)0)->member)
-
-
-#undef GPGRT_GCC_HAVE_PUSH_PRAGMA
-#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
-# define GPGRT_GCC_M_FUNCTION 1  /* __FUNCTION__ macro is available.  */
-# define GPGRT_GCC_A_NR 	     __attribute__ ((noreturn))
-# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4 )
-#   define GPGRT_GCC_HAVE_PUSH_PRAGMA 1
-#   define GPGRT_GCC_A_PRINTF( f, a ) \
-                    __attribute__ ((format (__gnu_printf__,f,a)))
-#   define GPGRT_GCC_A_NR_PRINTF( f, a ) \
-		    __attribute__ ((noreturn, format (__gnu_printf__,f,a)))
-# else
-#   define GPGRT_GCC_A_PRINTF( f, a )  __attribute__ ((format (printf,f,a)))
-#   define GPGRT_GCC_A_NR_PRINTF( f, a ) \
-			    __attribute__ ((noreturn, format (printf,f,a)))
-# endif
-#else
-# define GPGRT_GCC_A_NR
-# define GPGRT_GCC_A_PRINTF( f, a )
-# define GPGRT_GCC_A_NR_PRINTF( f, a )
-#endif
-
-
-/* To avoid that a compiler optimizes certain memset calls away, these
-   macros may be used instead. */
-#define wipememory2(_ptr,_set,_len) do { \
-              volatile char *_vptr=(volatile char *)(_ptr); \
-              size_t _vlen=(_len); \
-              while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
-                  } while(0)
-#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
-
-
-/* Include hacks which are mainly required for Slowaris.  */
-#ifdef GNUPG_COMMON_NEED_AFLOCAL
-#ifndef HAVE_W32_SYSTEM
-# include 
-# include 
-#else
-# ifdef HAVE_WINSOCK2_H
-#  include 
-# endif
-# include 
-#endif
-
-#ifndef PF_LOCAL
-# ifdef PF_UNIX
-#  define PF_LOCAL PF_UNIX
-# else
-#  define PF_LOCAL AF_UNIX
-# endif
-#endif /*PF_LOCAL*/
-#ifndef AF_LOCAL
-# define AF_LOCAL AF_UNIX
-#endif /*AF_UNIX*/
-
-/* We used to avoid this macro in GnuPG and inlined the AF_LOCAL name
-   length computation directly with the little twist of adding 1 extra
-   byte.  It seems that this was needed once on an old HP/UX box and
-   there are also rumours that 4.3 Reno and DEC systems need it.  This
-   one-off buglet did not harm any current system until it came to Mac
-   OS X where the kernel (as of May 2009) exhibited a strange bug: The
-   systems basically froze in the connect call if the passed name
-   contained an invalid directory part.  Ignore the old Unices.  */
-#ifndef SUN_LEN
-# define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path) \
-	               + strlen ((ptr)->sun_path))
-#endif /*SUN_LEN*/
-#endif /*GNUPG_COMMON_NEED_AFLOCAL*/
-
-
-#endif /*GNUPG_COMMON_MISCHELP_H*/
diff -Nru gnupg2-2.1.6/common/mkstrtable.awk gnupg2-2.0.28/common/mkstrtable.awk
--- gnupg2-2.1.6/common/mkstrtable.awk	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/mkstrtable.awk	2015-06-02 08:13:55.000000000 +0000
@@ -1,6 +1,6 @@
 # mkstrtable.awk
 # Copyright (C) 2003, 2004 g10 Code GmbH
-#
+# 
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License as
 # published by the Free Software Foundation; either version 2 of
@@ -181,5 +181,5 @@
     print "  : " stop + 1 " - " skip ")";
   else
     print "  : -1)";
-
+    
  }
diff -Nru gnupg2-2.1.6/common/openpgpdefs.h gnupg2-2.0.28/common/openpgpdefs.h
--- gnupg2-2.1.6/common/openpgpdefs.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/openpgpdefs.h	2015-06-02 08:13:55.000000000 +0000
@@ -1,24 +1,15 @@
 /* openpgpdefs.h - Constants from the OpenPGP standard (rfc2440)
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
  *               2006 Free Software Foundation, Inc.
- * Copyright (C) 2014 Werner Koch
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * This file is part of GnuPG.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -30,7 +21,7 @@
 #ifndef GNUPG_COMMON_OPENPGPDEFS_H
 #define GNUPG_COMMON_OPENPGPDEFS_H
 
-typedef enum
+typedef enum 
   {
     PKT_NONE	      = 0,
     PKT_PUBKEY_ENC    = 1,  /* Public key encrypted packet. */
@@ -53,11 +44,11 @@
     PKT_MDC 	      = 19, /* Manipulation detection code packet. */
     PKT_COMMENT	      = 61, /* new comment packet (GnuPG specific). */
     PKT_GPG_CONTROL   = 63  /* internal control packet (GnuPG specific). */
-  }
+  } 
 pkttype_t;
 
 
-typedef enum
+typedef enum 
   {
     SIGSUBPKT_TEST_CRITICAL = -3,
     SIGSUBPKT_LIST_UNHASHED = -2,
@@ -85,71 +76,12 @@
     SIGSUBPKT_SIGNERS_UID   = 28, /* Signer's user id. */
     SIGSUBPKT_REVOC_REASON  = 29, /* Reason for revocation. */
     SIGSUBPKT_FEATURES      = 30, /* Feature flags. */
-
+                              
     SIGSUBPKT_SIGNATURE     = 32, /* Embedded signature. */
-
+                              
     SIGSUBPKT_FLAG_CRITICAL = 128
-  }
+  } 
 sigsubpkttype_t;
 
 
-typedef enum
-  {
-    CIPHER_ALGO_NONE	    =  0,
-    CIPHER_ALGO_IDEA	    =  1,
-    CIPHER_ALGO_3DES	    =  2,
-    CIPHER_ALGO_CAST5	    =  3,
-    CIPHER_ALGO_BLOWFISH    =  4, /* 128 bit */
-    /* 5 & 6 are reserved */
-    CIPHER_ALGO_AES         =  7,
-    CIPHER_ALGO_AES192      =  8,
-    CIPHER_ALGO_AES256      =  9,
-    CIPHER_ALGO_TWOFISH	    = 10, /* 256 bit */
-    CIPHER_ALGO_CAMELLIA128 = 11,
-    CIPHER_ALGO_CAMELLIA192 = 12,
-    CIPHER_ALGO_CAMELLIA256 = 13
-  }
-cipher_algo_t;
-
-
-typedef enum
-  {
-    PUBKEY_ALGO_RSA         =  1,
-    PUBKEY_ALGO_RSA_E       =  2, /* RSA encrypt only (legacy). */
-    PUBKEY_ALGO_RSA_S       =  3, /* RSA sign only (legacy).    */
-    PUBKEY_ALGO_ELGAMAL_E   = 16, /* Elgamal encrypt only.      */
-    PUBKEY_ALGO_DSA         = 17,
-    PUBKEY_ALGO_ECDH        = 18, /* RFC-6637  */
-    PUBKEY_ALGO_ECDSA       = 19, /* RFC-6637  */
-    PUBKEY_ALGO_ELGAMAL     = 20, /* Elgamal encrypt+sign (legacy).  */
-    /*                        21     reserved by OpenPGP.            */
-    PUBKEY_ALGO_EDDSA       = 22  /* EdDSA (not yet assigned).       */
-  }
-pubkey_algo_t;
-
-
-typedef enum
-  {
-    DIGEST_ALGO_MD5         =  1,
-    DIGEST_ALGO_SHA1        =  2,
-    DIGEST_ALGO_RMD160      =  3,
-    /* 4, 5, 6, and 7 are reserved. */
-    DIGEST_ALGO_SHA256      =  8,
-    DIGEST_ALGO_SHA384      =  9,
-    DIGEST_ALGO_SHA512      = 10,
-    DIGEST_ALGO_SHA224      = 11
-  }
-digest_algo_t;
-
-
-typedef enum
-  {
-    COMPRESS_ALGO_NONE      =  0,
-    COMPRESS_ALGO_ZIP       =  1,
-    COMPRESS_ALGO_ZLIB      =  2,
-    COMPRESS_ALGO_BZIP2     =  3
-  }
-compress_algo_t;
-
-
 #endif /*GNUPG_COMMON_OPENPGPDEFS_H*/
diff -Nru gnupg2-2.1.6/common/openpgp-oid.c gnupg2-2.0.28/common/openpgp-oid.c
--- gnupg2-2.1.6/common/openpgp-oid.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/openpgp-oid.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,389 +0,0 @@
-/* openpgp-oids.c - OID helper for OpenPGP
- * Copyright (C) 2011 Free Software Foundation, Inc.
- * Copyright (C) 2013 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "util.h"
-
-
-/* A table with all our supported OpenPGP curves.  */
-static struct {
-  const char *name;   /* Standard name.  */
-  const char *oidstr; /* IETF formatted OID.  */
-  unsigned int nbits; /* Nominal bit length of the curve.  */
-  const char *alias;  /* NULL or alternative name of the curve.  */
-} oidtable[] = {
-
-  { "Ed25519",         "1.3.6.1.4.1.11591.15.1", 255, "ed25519" },
-
-  { "NIST P-256",      "1.2.840.10045.3.1.7",    256, "nistp256" },
-  { "NIST P-384",      "1.3.132.0.34",           384, "nistp384" },
-  { "NIST P-521",      "1.3.132.0.35",           521, "nistp521" },
-
-  { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7",   256 },
-  { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11",  384 },
-  { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13",  512 },
-
-  { "secp256k1",       "1.3.132.0.10",           256 },
-
-  { NULL, NULL, 0}
-};
-
-
-/* The OID for Curve Ed25519 in OpenPGP format.  */
-static const char oid_ed25519[] =
-  { 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01 };
-
-
-/* Helper for openpgp_oid_from_str.  */
-static size_t
-make_flagged_int (unsigned long value, char *buf, size_t buflen)
-{
-  int more = 0;
-  int shift;
-
-  /* fixme: figure out the number of bits in an ulong and start with
-     that value as shift (after making it a multiple of 7) a more
-     straigtforward implementation is to do it in reverse order using
-     a temporary buffer - saves a lot of compares */
-  for (more=0, shift=28; shift > 0; shift -= 7)
-    {
-      if (more || value >= (1<> shift);
-          value -= (value >> shift) << shift;
-          more = 1;
-        }
-    }
-  buf[buflen++] = value;
-  return buflen;
-}
-
-
-/* Convert the OID given in dotted decimal form in STRING to an DER
- * encoding and store it as an opaque value at R_MPI.  The format of
- * the DER encoded is not a regular ASN.1 object but the modified
- * format as used by OpenPGP for the ECC curve description.  On error
- * the function returns and error code an NULL is stored at R_BUG.
- * Note that scanning STRING stops at the first white space
- * character.  */
-gpg_error_t
-openpgp_oid_from_str (const char *string, gcry_mpi_t *r_mpi)
-{
-  unsigned char *buf;
-  size_t buflen;
-  unsigned long val1, val;
-  const char *endp;
-  int arcno;
-
-  *r_mpi = NULL;
-
-  if (!string || !*string)
-    return gpg_error (GPG_ERR_INV_VALUE);
-
-  /* We can safely assume that the encoded OID is shorter than the string. */
-  buf = xtrymalloc (1 + strlen (string) + 2);
-  if (!buf)
-    return gpg_error_from_syserror ();
-  /* Save the first byte for the length.  */
-  buflen = 1;
-
-  val1 = 0; /* Avoid compiler warning.  */
-  arcno = 0;
-  do {
-    arcno++;
-    val = strtoul (string, (char**)&endp, 10);
-    if (!digitp (string) || !(*endp == '.' || !*endp))
-      {
-        xfree (buf);
-        return gpg_error (GPG_ERR_INV_OID_STRING);
-      }
-    if (*endp == '.')
-      string = endp+1;
-
-    if (arcno == 1)
-      {
-        if (val > 2)
-          break; /* Not allowed, error catched below.  */
-        val1 = val;
-      }
-    else if (arcno == 2)
-      { /* Need to combine the first two arcs in one octet.  */
-        if (val1 < 2)
-          {
-            if (val > 39)
-              {
-                xfree (buf);
-                return gpg_error (GPG_ERR_INV_OID_STRING);
-              }
-            buf[buflen++] = val1*40 + val;
-          }
-        else
-          {
-            val += 80;
-            buflen = make_flagged_int (val, buf, buflen);
-          }
-      }
-    else
-      {
-        buflen = make_flagged_int (val, buf, buflen);
-      }
-  } while (*endp == '.');
-
-  if (arcno == 1 || buflen < 2 || buflen > 254 )
-    { /* It is not possible to encode only the first arc.  */
-      xfree (buf);
-      return gpg_error (GPG_ERR_INV_OID_STRING);
-    }
-
-  *buf = buflen - 1;
-  *r_mpi = gcry_mpi_set_opaque (NULL, buf, buflen * 8);
-  if (!*r_mpi)
-    {
-      xfree (buf);
-      return gpg_error_from_syserror ();
-    }
-  return 0;
-}
-
-
-/* Return a malloced string represenation of the OID in the opaque MPI
-   A.  In case of an error NULL is returned and ERRNO is set.  */
-char *
-openpgp_oid_to_str (gcry_mpi_t a)
-{
-  const unsigned char *buf;
-  size_t length;
-  unsigned int lengthi;
-  char *string, *p;
-  int n = 0;
-  unsigned long val, valmask;
-
-  valmask = (unsigned long)0xfe << (8 * (sizeof (valmask) - 1));
-
-  if (!a
-      || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE)
-      || !(buf = gcry_mpi_get_opaque (a, &lengthi)))
-    {
-      gpg_err_set_errno (EINVAL);
-      return NULL;
-    }
-
-  buf = gcry_mpi_get_opaque (a, &lengthi);
-  length = (lengthi+7)/8;
-
-  /* The first bytes gives the length; check consistency.  */
-  if (!length || buf[0] != length -1)
-    {
-      gpg_err_set_errno (EINVAL);
-      return NULL;
-    }
-  /* Skip length byte.  */
-  length--;
-  buf++;
-
-  /* To calculate the length of the string we can safely assume an
-     upper limit of 3 decimal characters per byte.  Two extra bytes
-     account for the special first octect */
-  string = p = xtrymalloc (length*(1+3)+2+1);
-  if (!string)
-    return NULL;
-  if (!length)
-    {
-      *p = 0;
-      return string;
-    }
-
-  if (buf[0] < 40)
-    p += sprintf (p, "0.%d", buf[n]);
-  else if (buf[0] < 80)
-    p += sprintf (p, "1.%d", buf[n]-40);
-  else {
-    val = buf[n] & 0x7f;
-    while ( (buf[n]&0x80) && ++n < length )
-      {
-        if ( (val & valmask) )
-          goto badoid;  /* Overflow.  */
-        val <<= 7;
-        val |= buf[n] & 0x7f;
-      }
-    if (val < 80)
-      goto badoid;
-    val -= 80;
-    sprintf (p, "2.%lu", val);
-    p += strlen (p);
-  }
-  for (n++; n < length; n++)
-    {
-      val = buf[n] & 0x7f;
-      while ( (buf[n]&0x80) && ++n < length )
-        {
-          if ( (val & valmask) )
-            goto badoid;  /* Overflow.  */
-          val <<= 7;
-          val |= buf[n] & 0x7f;
-        }
-      sprintf (p, ".%lu", val);
-      p += strlen (p);
-    }
-
-  *p = 0;
-  return string;
-
- badoid:
-  /* Return a special OID (gnu.gnupg.badoid) to indicate the error
-     case.  The OID is broken and thus we return one which can't do
-     any harm.  Formally this does not need to be a bad OID but an OID
-     with an arc that can't be represented in a 32 bit word is more
-     than likely corrupt.  */
-  xfree (string);
-  return xtrystrdup ("1.3.6.1.4.1.11591.2.12242973");
-}
-
-
-
-/* Return true if A represents the OID for Ed25519.  */
-int
-openpgp_oid_is_ed25519 (gcry_mpi_t a)
-{
-  const unsigned char *buf;
-  unsigned int nbits;
-  size_t n;
-
-  if (!a || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
-    return 0;
-
-  buf = gcry_mpi_get_opaque (a, &nbits);
-  n = (nbits+7)/8;
-  return (n == DIM (oid_ed25519)
-          && !memcmp (buf, oid_ed25519, DIM (oid_ed25519)));
-}
-
-
-
-/* Map the Libgcrypt ECC curve NAME to an OID.  If R_NBITS is not NULL
-   store the bit size of the curve there.  Returns NULL for unknown
-   curve names.  */
-const char *
-openpgp_curve_to_oid (const char *name, unsigned int *r_nbits)
-{
-  int i;
-  unsigned int nbits = 0;
-  const char *oidstr = NULL;
-
-  if (name)
-    {
-      for (i=0; oidtable[i].name; i++)
-        if (!strcmp (oidtable[i].name, name)
-            || (oidtable[i].alias && !strcmp (oidtable[i].alias, name)))
-          {
-            oidstr = oidtable[i].oidstr;
-            nbits  = oidtable[i].nbits;
-            break;
-          }
-      if (!oidtable[i].name)
-        {
-          /* If not found assume the input is already an OID and check
-             whether we support it.  */
-          for (i=0; oidtable[i].name; i++)
-            if (!strcmp (name, oidtable[i].oidstr))
-              {
-                oidstr = oidtable[i].oidstr;
-                nbits  = oidtable[i].nbits;
-                break;
-              }
-        }
-    }
-
-  if (r_nbits)
-    *r_nbits = nbits;
-  return oidstr;
-}
-
-
-/* Map an OpenPGP OID to the Libgcrypt curve NAME.  Returns "?" for
-   unknown curve names.  We prefer an alias name here which is more
-   suitable for printing.  */
-const char *
-openpgp_oid_to_curve (const char *oidstr)
-{
-  int i;
-
-  if (!oidstr)
-    return "";
-
-  for (i=0; oidtable[i].name; i++)
-    if (!strcmp (oidtable[i].oidstr, oidstr))
-      return oidtable[i].alias? oidtable[i].alias : oidtable[i].name;
-
-  return "?";
-}
-
-
-/* Return true if the curve with NAME is supported.  */
-static int
-curve_supported_p (const char *name)
-{
-  int result = 0;
-  gcry_sexp_t keyparms;
-
-  if (!gcry_sexp_build (&keyparms, NULL, "(public-key(ecc(curve %s)))", name))
-    {
-      result = !!gcry_pk_get_curve (keyparms, 0, NULL);
-      gcry_sexp_release (keyparms);
-    }
-  return result;
-}
-
-
-/* Enumerate available and supported OpenPGP curves.  The caller needs
-   to set the integer variable at ITERP to zero and keep on calling
-   this fucntion until NULL is returned.  */
-const char *
-openpgp_enum_curves (int *iterp)
-{
-  int idx = *iterp;
-
-  while (idx >= 0 && idx < DIM (oidtable) && oidtable[idx].name)
-    {
-      if (curve_supported_p (oidtable[idx].name))
-        {
-          *iterp = idx + 1;
-          return oidtable[idx].alias? oidtable[idx].alias : oidtable[idx].name;
-        }
-      idx++;
-    }
-  *iterp = idx;
-  return NULL;
-}
diff -Nru gnupg2-2.1.6/common/percent.c gnupg2-2.0.28/common/percent.c
--- gnupg2-2.1.6/common/percent.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/percent.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -56,13 +46,13 @@
 
   for (length=1, s=string; *s; s++)
     {
-      if (*s == '+' || *s == '\"' || *s == '%'
+      if (*s == '+' || *s == '\"' || *s == '%' 
           || *(const unsigned char *)s < 0x20)
         length += 3;
       else
         length++;
     }
-
+  
   buffer = p = xtrymalloc (length);
   if (!buffer)
     return NULL;
@@ -92,7 +82,7 @@
    done if WITHPLUS is true.  An escaped Nul character will be
    replaced by NULREPL.  */
 static size_t
-do_unescape (unsigned char *buffer, const unsigned char *string,
+do_unescape (unsigned char *buffer, const unsigned char *string, 
              int withplus, int nulrepl)
 {
   unsigned char *p = buffer;
@@ -100,7 +90,7 @@
   while (*string)
     {
       if (*string == '%' && string[1] && string[2])
-        {
+        { 
           string++;
           *p = xtoi_2 (string);
           if (!*p)
@@ -129,7 +119,7 @@
   while (*string)
     {
       if (*string == '%' && string[1] && string[2])
-        {
+        { 
           string++;
           string++;
         }
@@ -191,7 +181,7 @@
   while (*string)
     {
       if (*string == '%' && string[1] && string[2])
-        {
+        { 
           string++;
           *p = xtoi_2 (string);
           if (!*p)
@@ -236,3 +226,4 @@
 {
   return do_unescape_inplace (string, 0, nulrepl);
 }
+
diff -Nru gnupg2-2.1.6/common/pka.c gnupg2-2.0.28/common/pka.c
--- gnupg2-2.1.6/common/pka.c	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/common/pka.c	2015-06-02 08:13:55.000000000 +0000
@@ -0,0 +1,323 @@
+/* pka.c - DNS Public Key Association RR access
+ * Copyright (C) 2005, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include 
+
+#include 
+#include 
+#include 
+
+#ifdef USE_DNS_PKA
+#include 
+#ifdef _WIN32
+#include 
+#else
+#include 
+#include 
+#include 
+#endif
+#endif /* USE_DNS_PKA */
+#ifdef USE_ADNS
+# include 
+# ifndef HAVE_ADNS_FREE
+#  define adns_free free
+# endif
+#endif
+
+#include "util.h"
+#include "pka.h"
+
+#ifdef USE_DNS_PKA
+/* Parse the TXT resource record. Format is:
+
+   v=pka1;fpr=a4d94e92b0986ab5ee9dcd755de249965b0358a2;uri=string
+
+   For simplicity white spaces are not allowed.  Because we expect to
+   use a new RRTYPE for this in the future we define the TXT really
+   strict for simplicity: No white spaces, case sensitivity of the
+   names, order must be as given above.  Only URI is optional.
+
+   This function modifies BUFFER.  On success 0 is returned, the 20
+   byte fingerprint stored at FPR and BUFFER contains the URI or an
+   empty string.
+*/
+static int
+parse_txt_record (char *buffer, unsigned char *fpr)
+{
+  char *p, *pend;
+  int i;
+
+  p = buffer;
+  pend = strchr (p, ';');
+  if (!pend)
+    return -1;
+  *pend++ = 0;
+  if (strcmp (p, "v=pka1"))
+    return -1; /* Wrong or missing version. */
+
+  p = pend;
+  pend = strchr (p, ';');
+  if (pend)
+    *pend++ = 0;
+  if (strncmp (p, "fpr=", 4))
+    return -1; /* Missing fingerprint part. */
+  p += 4;
+  for (i=0; i < 20 && hexdigitp (p) && hexdigitp (p+1); i++, p += 2)
+    fpr[i] = xtoi_2 (p);
+  if (i != 20)
+    return -1; /* Fingerprint consists not of exactly 40 hexbytes. */
+
+  p = pend;
+  if (!p || !*p)
+    {
+      *buffer = 0;
+      return 0; /* Success (no URI given). */
+    }
+  if (strncmp (p, "uri=", 4))
+    return -1; /* Unknown part. */
+  p += 4;
+  /* There is an URI, copy it to the start of the buffer. */
+  while (*p)
+    *buffer++ = *p++;
+  *buffer = 0;
+  return 0;
+}
+
+
+/* For the given email ADDRESS lookup the PKA information in the DNS.
+
+   On success the 20 byte SHA-1 fingerprint is stored at FPR and the
+   URI will be returned in an allocated buffer.  Note that the URI
+   might be an zero length string as this information is optional.
+   Caller must xfree the returned string.
+
+   On error NULL is returned and the 20 bytes at FPR are not
+   defined. */
+char *
+get_pka_info (const char *address, unsigned char *fpr)
+{
+#ifdef USE_ADNS
+  int rc;
+  adns_state state;
+  const char *domain;
+  char *name;
+  adns_answer *answer = NULL;
+  char *buffer = NULL;
+
+  domain = strrchr (address, '@');
+  if (!domain || domain == address || !domain[1])
+    return NULL; /* Invalid mail address given.  */
+  name = xtrymalloc (strlen (address) + 5 + 1);
+  if (!name)
+    return NULL;
+  memcpy (name, address, domain - address);
+  strcpy (stpcpy (name + (domain-address), "._pka."), domain+1);
+
+  rc = adns_init (&state, adns_if_noerrprint, NULL);
+  if (rc)
+    {
+      log_error ("error initializing adns: %s\n", strerror (errno));
+      xfree (name);
+      return NULL;
+    }
+
+  rc = adns_synchronous (state, name, adns_r_txt, adns_qf_quoteok_query,
+                         &answer);
+  xfree (name);
+  if (rc)
+    {
+      log_error ("DNS query failed: %s\n", strerror (errno));
+      adns_finish (state);
+      return NULL;
+    }
+  if (answer->status != adns_s_ok
+      || answer->type != adns_r_txt || !answer->nrrs)
+    {
+      /* log_error ("DNS query returned an error: %s (%s)\n", */
+      /*            adns_strerror (answer->status), */
+      /*            adns_errabbrev (answer->status)); */
+      adns_free (answer);
+      adns_finish (state);
+      return NULL;
+    }
+
+  /* We use a PKA records iff there is exactly one record.  */
+  if (answer->nrrs == 1 && answer->rrs.manyistr[0]->i != -1)
+    {
+      buffer = xtrystrdup (answer->rrs.manyistr[0]->str);
+      if (parse_txt_record (buffer, fpr))
+        {
+          xfree (buffer);
+          buffer = NULL;   /* Not a valid gpg trustdns RR. */
+        }
+    }
+
+  adns_free (answer);
+  adns_finish (state);
+  return buffer;
+
+#else /*!USE_ADNS*/
+  union
+    {
+      signed char p[PACKETSZ];
+      HEADER h;
+    } answer;
+  int anslen;
+  int qdcount, ancount;
+  int rc;
+  unsigned char *p, *pend;
+  const char *domain;
+  char *name;
+
+
+  domain = strrchr (address, '@');
+  if (!domain || domain == address || !domain[1])
+    return NULL; /* invalid mail address given. */
+
+  name = xtrymalloc (strlen (address) + 5 + 1);
+  if (!name)
+    return NULL;
+  memcpy (name, address, domain - address);
+  strcpy (stpcpy (name + (domain-address), "._pka."), domain+1);
+
+  anslen = res_query (name, C_IN, T_TXT, answer.p, PACKETSZ);
+  xfree (name);
+  if (anslen < sizeof(HEADER))
+    return NULL; /* DNS resolver returned a too short answer. */
+  if ( (rc=answer.h.rcode) != NOERROR )
+    return NULL; /* DNS resolver returned an error. */
+
+  /* We assume that PACKETSZ is large enough and don't do dynmically
+     expansion of the buffer. */
+  if (anslen > PACKETSZ)
+    return NULL; /* DNS resolver returned a too long answer */
+
+  qdcount = ntohs (answer.h.qdcount);
+  ancount = ntohs (answer.h.ancount);
+
+  if (!ancount)
+    return NULL; /* Got no answer. */
+
+  p = answer.p + sizeof (HEADER);
+  pend = answer.p + anslen; /* Actually points directly behind the buffer. */
+
+  while (qdcount-- && p < pend)
+    {
+      rc = dn_skipname (p, pend);
+      if (rc == -1)
+        return NULL;
+      p += rc + QFIXEDSZ;
+    }
+
+  if (ancount > 1)
+    return NULL; /* more than one possible gpg trustdns record - none used. */
+
+  while (ancount-- && p <= pend)
+    {
+      unsigned int type, class, txtlen, n;
+      char *buffer, *bufp;
+
+      rc = dn_skipname (p, pend);
+      if (rc == -1)
+        return NULL;
+      p += rc;
+      if (p >= pend - 10)
+        return NULL; /* RR too short. */
+
+      type = *p++ << 8;
+      type |= *p++;
+      class = *p++ << 8;
+      class |= *p++;
+      p += 4;
+      txtlen = *p++ << 8;
+      txtlen |= *p++;
+      if (type != T_TXT || class != C_IN)
+        return NULL; /* Answer does not match the query. */
+
+      buffer = bufp = xmalloc (txtlen + 1);
+      while (txtlen && p < pend)
+        {
+          for (n = *p++, txtlen--; txtlen && n && p < pend; txtlen--, n--)
+            *bufp++ = *p++;
+        }
+      *bufp = 0;
+      if (parse_txt_record (buffer, fpr))
+        {
+          xfree (buffer);
+          return NULL; /* Not a valid gpg trustdns RR. */
+        }
+      return buffer;
+    }
+
+  return NULL;
+#endif /*!USE_ADNS*/
+}
+
+#else /* !USE_DNS_PKA */
+
+/* Dummy version of the function if we can't use the resolver
+   functions. */
+char *
+get_pka_info (const char *address, unsigned char *fpr)
+{
+  return NULL;
+}
+#endif /* !USE_DNS_PKA */
+
+
+#ifdef TEST
+int
+main(int argc,char *argv[])
+{
+  unsigned char fpr[20];
+  char *uri;
+  int i;
+
+  if (argc < 2)
+    {
+      fprintf (stderr, "usage: pka mail-addresses\n");
+      return 1;
+    }
+  argc--;
+  argv++;
+
+  for (; argc; argc--, argv++)
+    {
+      uri = get_pka_info ( *argv, fpr );
+      printf ("%s", *argv);
+      if (uri)
+        {
+          putchar (' ');
+          for (i=0; i < 20; i++)
+            printf ("%02X", fpr[i]);
+          if (*uri)
+            printf (" %s", uri);
+          xfree (uri);
+        }
+      putchar ('\n');
+    }
+  return 0;
+}
+#endif /* TEST */
+
+/*
+Local Variables:
+compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv ../tools/no-libgcrypt.o ../jnlib/libjnlib.a"
+End:
+*/
diff -Nru gnupg2-2.1.6/common/pka.h gnupg2-2.0.28/common/pka.h
--- gnupg2-2.1.6/common/pka.h	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/common/pka.h	2015-06-02 08:13:55.000000000 +0000
@@ -0,0 +1,25 @@
+/* pka.h - DNS Public Key Association RR access definitions
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+#ifndef GNUPG_COMMON_PKA_H
+#define GNUPG_COMMON_PKA_H
+
+char *get_pka_info (const char *address, unsigned char *fpr);
+
+
+#endif /*GNUPG_COMMON_PKA_H*/
diff -Nru gnupg2-2.1.6/common/session-env.c gnupg2-2.0.28/common/session-env.c
--- gnupg2-2.1.6/common/session-env.c	2015-07-01 08:11:20.000000000 +0000
+++ gnupg2-2.0.28/common/session-env.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,24 +1,14 @@
-/* session-env.c - Session environment helper functions.
+/* se4ssiobn-env.c - session environment helper functions.
  * Copyright (C) 2009 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -56,11 +46,11 @@
 };
 
 
-/* A list of environment variables we pass from the actual user
+/* A list of environment vribales we pass from the acual user
   (e.g. gpgme) down to the pinentry.  We do not handle the locale
   settings because they do not only depend on envvars.  */
-static struct
-{
+static struct 
+{ 
   const char *name;
   const char *assname;  /* Name used by Assuan or NULL.  */
 } stdenvnames[] = {
@@ -72,13 +62,9 @@
                                       modules (eg "@im=SCIM").  */
   { "GTK_IM_MODULE" },           /* Used by gtk to select gtk input
                                     modules (eg "scim-bridge").  */
-  { "DBUS_SESSION_BUS_ADDRESS" },/* Used by GNOME3 to talk to gcr over
-                                    dbus */
   { "QT_IM_MODULE" },            /* Used by Qt to select qt input
                                       modules (eg "xim").  */
-  { "INSIDE_EMACS" },            /* Set by Emacs before running a
-                                    process.  */
-  { "PINENTRY_USER_DATA", "pinentry-user-data"}
+  { "PINENTRY_USER_DATA", "pinentry-user-data"} 
                                  /* Used for communication with
                                     non-standard Pinentries.  */
 };
@@ -123,7 +109,7 @@
   se = xtrycalloc (1, sizeof *se);
   if (se)
     {
-      se->arraysize = (lastallocatedarraysize?
+      se->arraysize = (lastallocatedarraysize? 
                        lastallocatedarraysize : INITIAL_ARRAYSIZE);
       se->array = xtrycalloc (se->arraysize, sizeof *se->array);
       if (!se->array)
@@ -146,7 +132,7 @@
   if (!se)
     return;
 
-  if (se->arraysize > INITIAL_ARRAYSIZE
+  if (se->arraysize > INITIAL_ARRAYSIZE 
       && se->arraysize <= MAXDEFAULT_ARRAYSIZE
       && se->arraysize > lastallocatedarraysize)
     lastallocatedarraysize = se->arraysize;
@@ -263,7 +249,7 @@
 session_env_putenv (session_env_t se, const char *string)
 {
   const char *s;
-
+  
   if (!string || !*string)
     return gpg_error (GPG_ERR_INV_VALUE);
   s = strchr (string, '=');
@@ -315,7 +301,7 @@
 /* Return the value of the environment variable NAME from the SE
    object.  The returned value is valid as long as SE is valid and as
    long it has not been removed or updated by a call to
-   session_env_putenv.  If the variable does not exist, the function
+   session_env_putenv.  If the variable does not exist, the fucntion
    tries to return the value trough a call to getenv; if that returns
    a value, this value is recorded and and used.  If no value could be
    found, returns NULL.  The caller must not change the returned
@@ -339,14 +325,11 @@
           *r_default = 1;
         return se->array[idx]->value;
       }
-
-  /* Get the default value with an additional fallback for GPG_TTY.  */
+  
+  /* Get the default value with and additional fallback for GPG_TTY.  */
   defvalue = getenv (name);
-  if ((!defvalue || !*defvalue) && !strcmp (name, "GPG_TTY")
-      && gnupg_ttyname (0))
-    {
-      defvalue = gnupg_ttyname (0);
-    }
+  if ((!defvalue || !*defvalue) && !strcmp (name, "GPG_TTY") && ttyname (0))
+    defvalue = ttyname (0);
   if (defvalue)
     {
       /* Record the default value for later use so that we are safe
@@ -356,7 +339,7 @@
          explicit error anyway and the following scan would then fail
          anyway. */
       update_var (se, name, strlen (name), defvalue, 1);
-
+      
       for (idx=0; idx < se->arrayused; idx++)
         if (se->array[idx] && !strcmp (se->array[idx]->name, name))
           {
@@ -376,7 +359,7 @@
    R_DEFAULT is not NULL, the default flag is stored on return.  The
    default flag indicates that the value has been taken from the
    process' environment.  The caller must not change the returned
-   name or value.  */
+   name or value.  */ 
 char *
 session_env_listenv (session_env_t se, int *iterator,
                      const char **r_value, int *r_default)
@@ -398,3 +381,5 @@
       }
   return NULL;
 }
+
+
diff -Nru gnupg2-2.1.6/common/session-env.h gnupg2-2.0.28/common/session-env.h
--- gnupg2-2.1.6/common/session-env.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/session-env.h	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -33,20 +23,20 @@
 struct session_environment_s;
 typedef struct session_environment_s *session_env_t;
 
-const char *session_env_list_stdenvnames (int *iterator,
+const char *session_env_list_stdenvnames (int *iterator, 
                                           const char **r_assname);
 
 session_env_t session_env_new (void);
 void session_env_release (session_env_t se);
 
 gpg_error_t session_env_putenv (session_env_t se, const char *string);
-gpg_error_t session_env_setenv (session_env_t se,
+gpg_error_t session_env_setenv (session_env_t se, 
                                 const char *name, const char *value);
 
 char *session_env_getenv (session_env_t se, const char *name);
 char *session_env_getenv_or_default (session_env_t se, const char *name,
                                      int *r_default);
-char *session_env_listenv (session_env_t se, int *iterator,
+char *session_env_listenv (session_env_t se, int *iterator, 
                            const char **r_value, int *r_default);
 
 
diff -Nru gnupg2-2.1.6/common/sexp-parse.h gnupg2-2.0.28/common/sexp-parse.h
--- gnupg2-2.1.6/common/sexp-parse.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/sexp-parse.h	2015-06-02 08:13:55.000000000 +0000
@@ -1,22 +1,14 @@
-/* sexp-parse.h - S-expression helper functions
+/* sexp-parse.h - S-Exp helper functions
  * Copyright (C) 2002, 2003, 2007 Free Software Foundation, Inc.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * This file is part of GnuPG.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -30,7 +22,6 @@
 
 #include 
 
-
 /* Return the length of the next S-Exp part and update the pointer to
    the first data byte.  0 is returned on error */
 static inline size_t
@@ -60,7 +51,7 @@
   const unsigned char *s = *buf;
   size_t n;
   int d = *depth;
-
+  
   while (d > 0)
     {
       if (*s == '(')
@@ -79,7 +70,7 @@
             return gpg_error (GPG_ERR_INV_SEXP);
           n = snext (&s);
           if (!n)
-            return gpg_error (GPG_ERR_INV_SEXP);
+            return gpg_error (GPG_ERR_INV_SEXP); 
           s += n;
         }
     }
@@ -91,7 +82,7 @@
 
 /* Check whether the the string at the address BUF points to matches
    the token.  Return true on match and update BUF to point behind the
-   token.  Return false and do not update the buffer if it does not
+   token.  Return false and dont update tha buffer if it does not
    match. */
 static inline int
 smatch (unsigned char const **buf, size_t buflen, const char *token)
@@ -132,6 +123,6 @@
     *length = (help_buffer + help_buflen) - p;
   return p;
 }
-
+    
 
 #endif /*SEXP_PARSE_H*/
diff -Nru gnupg2-2.1.6/common/sexputil.c gnupg2-2.0.28/common/sexputil.c
--- gnupg2-2.1.6/common/sexputil.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/sexputil.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,25 +1,14 @@
 /* sexputil.c - Utility functions for S-expressions.
  * Copyright (C) 2005, 2007, 2009 Free Software Foundation, Inc.
- * Copyright (C) 2013 Werner Koch
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -47,92 +36,7 @@
 #include "sexp-parse.h"
 
 
-/* Return a malloced string with the S-expression CANON in advanced
-   format.  Returns NULL on error.  */
-static char *
-sexp_to_string (gcry_sexp_t sexp)
-{
-  size_t n;
-  char *result;
-
-  if (!sexp)
-    return NULL;
-  n = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
-  if (!n)
-    return NULL;
-  result = xtrymalloc (n);
-  if (!result)
-    return NULL;
-  n = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, result, n);
-  if (!n)
-    BUG ();
-
-  return result;
-}
-
-
-/* Return a malloced string with the S-expression CANON in advanced
-   format.  Returns NULL on error.  */
-char *
-canon_sexp_to_string (const unsigned char *canon, size_t canonlen)
-{
-  size_t n;
-  gcry_sexp_t sexp;
-  char *result;
-
-  n = gcry_sexp_canon_len (canon, canonlen, NULL, NULL);
-  if (!n)
-    return NULL;
-  if (gcry_sexp_sscan (&sexp, NULL, canon, n))
-    return NULL;
-  result = sexp_to_string (sexp);
-  gcry_sexp_release (sexp);
-  return result;
-}
-
-
-/* Print the canonical encoded S-expression in SEXP in advanced
-   format.  SEXPLEN may be passed as 0 is SEXP is known to be valid.
-   With TEXT of NULL print just the raw S-expression, with TEXT just
-   an empty string, print a trailing linefeed, otherwise print an
-   entire debug line. */
-void
-log_printcanon (const char *text, const unsigned char *sexp, size_t sexplen)
-{
-  if (text && *text)
-    log_debug ("%s ", text);
-  if (sexp)
-    {
-      char *buf = canon_sexp_to_string (sexp, sexplen);
-      log_printf ("%s", buf? buf : "[invalid S-expression]");
-      xfree (buf);
-    }
-  if (text)
-    log_printf ("\n");
-}
-
-
-/* Print the gcryp S-expression in SEXP in advanced format.  With TEXT
-   of NULL print just the raw S-expression, with TEXT just an empty
-   string, print a trailing linefeed, otherwise print an entire debug
-   line. */
-void
-log_printsexp (const char *text, gcry_sexp_t sexp)
-{
-  if (text && *text)
-    log_debug ("%s ", text);
-  if (sexp)
-    {
-      char *buf = sexp_to_string (sexp);
-      log_printf ("%s", buf? buf : "[invalid S-expression]");
-      xfree (buf);
-    }
-  if (text)
-    log_printf ("\n");
-}
-
-
-/* Helper function to create a canonical encoded S-expression from a
+/* Helper function to create a a canonical encoded S-expression from a
    Libgcrypt S-expression object.  The function returns 0 on success
    and the malloced canonical S-expression is stored at R_BUFFER and
    the allocated length at R_BUFLEN.  On error an error code is
@@ -148,7 +52,7 @@
   *r_buffer = NULL;
   if (r_buflen)
     *r_buflen = 0;;
-
+  
   len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, NULL, 0);
   if (!len)
     return gpg_error (GPG_ERR_BUG);
@@ -167,36 +71,6 @@
 }
 
 
-/* Same as make_canon_sexp but pad the buffer to multiple of 64
-   bits.  If SECURE is set, secure memory will be allocated.  */
-gpg_error_t
-make_canon_sexp_pad (gcry_sexp_t sexp, int secure,
-                     unsigned char **r_buffer, size_t *r_buflen)
-{
-  size_t len;
-  unsigned char *buf;
-
-  *r_buffer = NULL;
-  if (r_buflen)
-    *r_buflen = 0;;
-
-  len = gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, NULL, 0);
-  if (!len)
-    return gpg_error (GPG_ERR_BUG);
-  len += (8 - len % 8) % 8;
-  buf = secure? xtrycalloc_secure (1, len) : xtrycalloc (1, len);
-  if (!buf)
-    return gpg_error_from_syserror ();
-  if (!gcry_sexp_sprint (sexp, GCRYSEXP_FMT_CANON, buf, len))
-    return gpg_error (GPG_ERR_BUG);
-
-  *r_buffer = buf;
-  if (r_buflen)
-    *r_buflen = len;
-
-  return 0;
-}
-
 /* Return the so called "keygrip" which is the SHA-1 hash of the
    public key parameters expressed in a way depended on the algorithm.
 
@@ -225,7 +99,7 @@
 
 
 /* Compare two simple S-expressions like "(3:foo)".  Returns 0 if they
-   are identical or !0 if they are not.  Note that this function can't
+   are identical or !0 if they are not.  Not that this function can't
    be used for sorting. */
 int
 cmp_simple_canon_sexp (const unsigned char *a_orig,
@@ -262,7 +136,7 @@
 }
 
 
-/* Create a simple S-expression from the hex string at LINE.  Returns
+/* Create a simple S-expression from the hex string at LIBNE.  Returns
    a newly allocated buffer with that canonical encoded S-expression
    or NULL in case of an error.  On return the number of characters
    scanned in LINE will be stored at NSCANNED.  This fucntions stops
@@ -285,7 +159,7 @@
     *nscanned = n;
   if (!n)
     return NULL;
-  len = ((n+1) & ~0x01)/2;
+  len = ((n+1) & ~0x01)/2; 
   numbufp = smklen (numbuf, sizeof numbuf, len, &numbuflen);
   buf = xtrymalloc (1 + numbuflen + len + 1 + 1);
   if (!buf)
@@ -348,7 +222,7 @@
     return 0; /* Algorithm string is missing or too long.  */
   memcpy (buffer, s, n);
   buffer[n] = 0;
-
+  
   return gcry_md_map_name (buffer);
 }
 
@@ -370,16 +244,16 @@
   char mlen_str[35];
   char elen_str[35];
   unsigned char *keybuf, *p;
-  const char part1[] = "(10:public-key(3:rsa(1:n";
-  const char part2[] = ")(1:e";
-  const char part3[] = ")))";
+  const char const part1[] = "(10:public-key(3:rsa(1:n";
+  const char const part2[] = ")(1:e";
+  const char const part3[] = ")))";
 
   /* Remove leading zeroes.  */
   for (; mlen && !*m; mlen--, m++)
     ;
   for (; elen && !*e; elen--, e++)
     ;
-
+      
   /* Insert a leading zero if the number would be zero or interpreted
      as negative.  */
   if (!mlen || (m[0] & 0x80))
@@ -396,7 +270,7 @@
                        + strlen (part3) + 1);
   if (!keybuf)
     return NULL;
-
+  
   p = stpcpy (keybuf, part1);
   p = stpcpy (p, mlen_str);
   if (m_extra)
@@ -410,7 +284,7 @@
   memcpy (p, e, elen);
   p += elen;
   p = stpcpy (p, part3);
-
+ 
   if (r_len)
     *r_len = p - keybuf;
 
@@ -418,7 +292,7 @@
 }
 
 
-/* Return the parameters of a public RSA key expressed as an
+/* Return the so parameters of a public RSA key expressed as an
    canonical encoded S-expression.  */
 gpg_error_t
 get_rsa_pk_from_canon_sexp (const unsigned char *keydata, size_t keydatalen,
@@ -469,8 +343,8 @@
 
           switch (*tok)
             {
-            case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break;
-            case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break;
+            case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break; 
+            case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break; 
             default:  mpi = NULL;   mpi_len = NULL; break;
             }
           if (mpi && *mpi)
@@ -512,18 +386,17 @@
 
 
 /* Return the algo of a public RSA expressed as an canonical encoded
-   S-expression.  The return value is a statically allocated
-   string.  On error that string is set to NULL. */
+   S-expression.  On error the algo is set to 0. */
 gpg_error_t
 get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen,
-                             const char **r_algo)
+                             int *r_algo)
 {
   gpg_error_t err;
   const unsigned char *buf, *tok;
   size_t buflen, toklen;
   int depth;
-
-  *r_algo = NULL;
+    
+  *r_algo = 0;
 
   buf = keydata;
   buflen = keydatalen;
@@ -542,17 +415,15 @@
     return gpg_error (GPG_ERR_BAD_PUBKEY);
 
   if (toklen == 3 && !memcmp ("rsa", tok, toklen))
-    *r_algo = "rsa";
+    *r_algo = GCRY_PK_RSA;
   else if (toklen == 3 && !memcmp ("dsa", tok, toklen))
-    *r_algo = "dsa";
+    *r_algo = GCRY_PK_DSA;
   else if (toklen == 3 && !memcmp ("elg", tok, toklen))
-    *r_algo = "elg";
+    *r_algo = GCRY_PK_ELG;
   else if (toklen == 5 && !memcmp ("ecdsa", tok, toklen))
-    *r_algo = "ecdsa";
-  else if (toklen == 5 && !memcmp ("eddsa", tok, toklen))
-    *r_algo = "eddsa";
+    *r_algo = GCRY_PK_ECDSA;
   else
-    return gpg_error (GPG_ERR_PUBKEY_ALGO);
+    return  gpg_error (GPG_ERR_PUBKEY_ALGO);
 
   return 0;
 }
diff -Nru gnupg2-2.1.6/common/shareddefs.h gnupg2-2.0.28/common/shareddefs.h
--- gnupg2-2.1.6/common/shareddefs.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/shareddefs.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,48 +0,0 @@
-/* shareddefs.h - Constants and helpers useful for all modules
- * Copyright (C) 2013 Free Software Foundation, Inc.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef GNUPG_COMMON_SHAREDDEFS_H
-#define GNUPG_COMMON_SHAREDDEFS_H
-
-/* Values for the pinentry mode.  */
-typedef enum
-  {
-    PINENTRY_MODE_ASK = 0, /* Ask via pinentry (default).  */
-    PINENTRY_MODE_CANCEL,  /* Always return a cancel error.  */
-    PINENTRY_MODE_ERROR,   /* Return error code for no pinentry.  */
-    PINENTRY_MODE_LOOPBACK /* Use an inquiry to get the value.    */
-  }
-pinentry_mode_t;
-
-
-/*-- agent-opt.c --*/
-int parse_pinentry_mode (const char *value);
-const char *str_pinentry_mode (pinentry_mode_t mode);
-
-
-
-#endif /*GNUPG_COMMON_SHAREDDEFS_H*/
diff -Nru gnupg2-2.1.6/common/signal.c gnupg2-2.0.28/common/signal.c
--- gnupg2-2.1.6/common/signal.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/signal.c	2015-06-02 08:13:55.000000000 +0000
@@ -4,22 +4,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -31,9 +21,7 @@
 #include 
 #include 
 #include 
-#ifdef HAVE_SIGNAL_H
-# include 
-#endif
+#include 
 #include 
 #include 
 #include 
@@ -55,7 +43,7 @@
 {
 # ifdef HAVE_SIGACTION
   struct sigaction oact, nact;
-
+  
   if (check_ign)
     {
       /* we don't want to change an IGN handler */
@@ -68,11 +56,11 @@
   sigemptyset (&nact.sa_mask);
   nact.sa_flags = 0;
   sigaction ( sig, &nact, NULL);
-# else
+# else 
   RETSIGTYPE (*ohandler)(int);
-
+  
   ohandler = signal (sig, handler);
-  if (check_ign && ohandler == SIG_IGN)
+  if (check_ign && ohandler == SIG_IGN) 
     {
       /* Change it back if it was already set to IGN */
       signal (sig, SIG_IGN);
@@ -104,18 +92,18 @@
   if (caught_fatal_sig)
     raise (sig);
   caught_fatal_sig = 1;
-
+  
   if (cleanup_fnc)
     cleanup_fnc ();
   /* Better don't translate these messages. */
-  (void)write (2, "\n", 1 );
+  write (2, "\n", 1 );
   s = log_get_prefix (NULL);
   if (s)
-    (void)write(2, s, strlen (s));
-  (void)write (2, ": signal ", 9 );
+    write(2, s, strlen (s));
+  write (2, ": signal ", 9 );
   s = get_signal_name(sig);
   if (s)
-    (void) write (2, s, strlen(s) );
+    write (2, s, strlen(s) );
   else
     {
       /* We are in a signal handler so we can't use any kind of printf
@@ -125,8 +113,8 @@
          things are messed up because we modify its value.  Although
          this is a bug in that system, we will protect against it.  */
       if (sig < 0 || sig >= 100000)
-        (void)write (2, "?", 1);
-      else
+        write (2, "?", 1);
+      else 
         {
           int i, value, any=0;
 
@@ -134,7 +122,7 @@
             {
               if (value >= i || ((any || i==1) && !(value/i)))
                 {
-                  (void)write (2, "0123456789"+(value/i), 1);
+                  write (2, "0123456789"+(value/i), 1);
                   if ((value/i))
                     any = 1;
                   value %= i;
@@ -142,8 +130,8 @@
             }
         }
     }
-  (void)write (2, " caught ... exiting\n", 20);
-
+  write (2, " caught ... exiting\n", 20);
+  
   /* Reset action to default action and raise signal again */
   init_one_signal (sig, SIG_DFL, 0);
   /* Fixme: remove_lockfiles ();*/
@@ -180,13 +168,38 @@
 #endif
 }
 
+void
+gnupg_pause_on_sigusr (int which)
+{
+#ifndef HAVE_DOSISH_SYSTEM
+# ifdef HAVE_SIGPROCMASK
+  sigset_t mask, oldmask;
+
+  assert (which == 1);
+  sigemptyset( &mask );
+  sigaddset( &mask, SIGUSR1 );
+  
+  sigprocmask( SIG_BLOCK, &mask, &oldmask );
+  while (!caught_sigusr1)
+    sigsuspend (&oldmask);
+  caught_sigusr1 = 0;
+  sigprocmask (SIG_UNBLOCK, &mask, NULL);
+# else 
+  assert (which == 1);
+  sighold (SIGUSR1);
+  while (!caught_sigusr1)
+    sigpause(SIGUSR1);
+  caught_sigusr1 = 0;
+  sigrelease(SIGUSR1);
+# endif /*!HAVE_SIGPROCMASK*/
+#endif
+}
+
 
 static void
-do_block (int block)
+do_block( int block )
 {
-#ifdef HAVE_DOSISH_SYSTEM
-  (void)block;
-#else /*!HAVE_DOSISH_SYSTEM*/
+#ifndef HAVE_DOSISH_SYSTEM
   static int is_blocked;
 #ifdef HAVE_SIGPROCMASK
   static sigset_t oldmask;
@@ -232,7 +245,7 @@
       is_blocked = 0;
     }
 #endif /*!HAVE_SIGPROCMASK*/
-#endif /*!HAVE_DOSISH_SYSTEM*/
+#endif /*HAVE_DOSISH_SYSTEM*/
 }
 
 
diff -Nru gnupg2-2.1.6/common/simple-pwquery.c gnupg2-2.0.28/common/simple-pwquery.c
--- gnupg2-2.1.6/common/simple-pwquery.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/simple-pwquery.c	2015-06-02 08:13:55.000000000 +0000
@@ -40,16 +40,20 @@
 #include 
 #endif
 
-#define GNUPG_COMMON_NEED_AFLOCAL
-#include "../common/mischelp.h"
+#define JNLIB_NEED_AFLOCAL
+#include "../jnlib/mischelp.h"
 #ifdef HAVE_W32_SYSTEM
-#include "../common/w32-afunix.h"
+#include "../jnlib/w32-afunix.h"
 #endif
 
 
 #define SIMPLE_PWQUERY_IMPLEMENTATION 1
 #include "simple-pwquery.h"
 
+#if defined(SPWQ_USE_LOGGING) && !defined(HAVE_JNLIB_LOGGING)
+# undef SPWQ_USE_LOGGING
+#endif
+
 #ifndef _
 #define _(a) (a)
 #endif
@@ -65,12 +69,13 @@
 #endif
 
 
-/* Name of the socket to be used.  This is a kludge to keep on using
-   the existsing code despite that we only support a standard socket.  */
+/* Name of the socket to be used if GPG_AGENT_INFO has not been
+   set. No default socket is used if this is NULL.  */
 static char *default_gpg_agent_info;
 
 
 
+
 
 
 #ifndef HAVE_STPCPY
@@ -94,7 +99,7 @@
 {
   size_t nleft = nbytes;
   int nwritten;
-
+  
   while (nleft > 0)
     {
 #ifdef HAVE_W32_SYSTEM
@@ -116,7 +121,7 @@
       nleft -= nwritten;
       buf = (const char*)buf + nwritten;
     }
-
+    
   return 0;
 }
 
@@ -150,7 +155,7 @@
       nleft -= n;
       buf += n;
       nread += n;
-
+      
       for (; n && *p != '\n'; n--, p++)
         ;
       if (n)
@@ -161,7 +166,7 @@
         }
     }
 
-  return nread;
+  return nread; 
 }
 
 
@@ -172,8 +177,8 @@
   char buf[200];
   int nread;
   char *line;
-  int i;
-
+  int i; 
+  
   line = spwq_malloc (7 + strlen (name) + 1 + strlen (value) + 2);
   if (!line)
     return SPWQ_OUT_OF_CORE;
@@ -183,15 +188,15 @@
   spwq_free (line);
   if (i)
     return i;
-
+  
   /* get response */
   nread = readline (fd, buf, DIM(buf)-1);
   if (nread < 0)
     return -nread;
   if (nread < 3)
     return SPWQ_PROTOCOL_ERROR;
-
-  if (buf[0] == 'O' && buf[1] == 'K' && (buf[2] == ' ' || buf[2] == '\n'))
+  
+  if (buf[0] == 'O' && buf[1] == 'K' && (buf[2] == ' ' || buf[2] == '\n')) 
     return 0; /* okay */
 
   return SPWQ_ERR_RESPONSE;
@@ -199,7 +204,7 @@
 
 
 /* Send all available options to the agent. */
-static int
+static int 
 agent_send_all_options (int fd)
 {
   char *dft_display = NULL;
@@ -217,7 +222,7 @@
     }
 
   dft_ttyname = getenv ("GPG_TTY");
-#if !defined(HAVE_W32_SYSTEM) && !defined(HAVE_BROKEN_TTYNAME)
+#ifndef HAVE_W32_SYSTEM
   if ((!dft_ttyname || !*dft_ttyname) && ttyname (0))
     dft_ttyname = ttyname (0);
 #endif
@@ -234,7 +239,7 @@
         return rc;
     }
 
-#if defined(HAVE_SETLOCALE)
+#if defined(HAVE_SETLOCALE) 
   {
     char *old_lc = NULL;
     char *dft_lc = NULL;
@@ -319,15 +324,18 @@
   char *infostr, *p;
   struct sockaddr_un client_addr;
   size_t len;
+  int prot;
   char line[200];
   int nread;
 
   *rfd = -1;
-  infostr = default_gpg_agent_info;
-  if ( !infostr || !*infostr )
+  infostr = getenv ( "GPG_AGENT_INFO" );
+  if ( !infostr || !*infostr ) 
+    infostr = default_gpg_agent_info;
+  if ( !infostr || !*infostr ) 
     {
 #ifdef SPWQ_USE_LOGGING
-      log_error (_("no gpg-agent running in this session\n"));
+      log_error (_("gpg-agent is not available in this session\n"));
 #endif
       return SPWQ_NO_AGENT;
     }
@@ -338,34 +346,45 @@
   infostr = p;
 
   if ( !(p = strchr ( infostr, PATHSEP_C)) || p == infostr
-       || (p-infostr)+1 >= sizeof client_addr.sun_path )
+       || (p-infostr)+1 >= sizeof client_addr.sun_path ) 
     {
+#ifdef SPWQ_USE_LOGGING
+      log_error ( _("malformed GPG_AGENT_INFO environment variable\n"));
+#endif
       return SPWQ_NO_AGENT;
     }
   *p++ = 0;
 
   while (*p && *p != PATHSEP_C)
     p++;
+  prot = *p? atoi (p+1) : 0;
+  if ( prot != 1)
+    {
+#ifdef SPWQ_USE_LOGGING
+      log_error (_("gpg-agent protocol version %d is not supported\n"),prot);
+#endif
+      return SPWQ_PROTOCOL_ERROR;
+    }
 
-#ifdef HAVE_W32_SYSTEM
+#ifdef HAVE_W32_SYSTEM       
   fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);
 #else
   fd = socket (AF_UNIX, SOCK_STREAM, 0);
 #endif
-  if (fd == -1)
+  if (fd == -1) 
     {
 #ifdef SPWQ_USE_LOGGING
       log_error ("can't create socket: %s\n", strerror(errno) );
 #endif
       return SPWQ_SYS_ERROR;
     }
-
+    
   memset (&client_addr, 0, sizeof client_addr);
   client_addr.sun_family = AF_UNIX;
   strcpy (client_addr.sun_path, infostr);
   len = SUN_LEN (&client_addr);
-
-#ifdef HAVE_W32_SYSTEM
+    
+#ifdef HAVE_W32_SYSTEM       
   rc = _w32_sock_connect (fd, (struct sockaddr*)&client_addr, len );
 #else
   rc = connect (fd, (struct sockaddr*)&client_addr, len );
@@ -373,7 +392,7 @@
   if (rc == -1)
     {
 #ifdef SPWQ_USE_LOGGING
-      log_error ( _("can't connect to '%s': %s\n"), infostr, strerror (errno));
+      log_error ( _("can't connect to `%s': %s\n"), infostr, strerror (errno));
 #endif
       close (fd );
       return SPWQ_IO_ERROR;
@@ -381,7 +400,7 @@
 
   nread = readline (fd, line, DIM(line));
   if (nread < 3 || !(line[0] == 'O' && line[1] == 'K'
-                     && (line[2] == '\n' || line[2] == ' ')) )
+                     && (line[2] == '\n' || line[2] == ' ')) ) 
     {
 #ifdef SPWQ_USE_LOGGING
       log_error ( _("communication problem with gpg-agent\n"));
@@ -415,7 +434,7 @@
   int i;
   const unsigned char *s = (unsigned char *)text;
   char *p = buffer;
-
+  
 
   for (i=0; s[i]; i++)
     {
@@ -434,7 +453,7 @@
 
 
 /* Set the name of the default socket to NAME.  */
-int
+int 
 simple_pw_set_socket (const char *name)
 {
   spwq_free (default_gpg_agent_info);
@@ -463,7 +482,7 @@
    errorcode; this error code might be 0 if the user canceled the
    operation.  The function returns NULL to indicate an error.  */
 char *
-simple_pwquery (const char *cacheid,
+simple_pwquery (const char *cacheid, 
                 const char *tryagain,
                 const char *prompt,
                 const char *description,
@@ -475,7 +494,7 @@
   char *result = NULL;
   char *pw = NULL;
   char *p;
-  int rc, i;
+  int rc, i; 
 
   rc = agent_open (&fd);
   if (rc)
@@ -536,11 +555,11 @@
       rc = SPWQ_PROTOCOL_ERROR;
       goto leave;
     }
-
-  if (pw[0] == 'O' && pw[1] == 'K' && pw[2] == ' ')
+      
+  if (pw[0] == 'O' && pw[1] == 'K' && pw[2] == ' ') 
     { /* we got a passphrase - convert it back from hex */
       size_t pwlen = 0;
-
+      
       for (i=3; i < nread && hexdigitp (pw+i); i+=2)
         pw[pwlen++] = xtoi_2 (pw+i);
       pw[pwlen] = 0; /* make a C String */
@@ -550,7 +569,7 @@
   else if ((nread > 7 && !memcmp (pw, "ERR 111", 7)
             && (pw[7] == ' ' || pw[7] == '\n') )
            || ((nread > 4 && !memcmp (pw, "ERR ", 4)
-                && (strtoul (pw+4, NULL, 0) & 0xffff) == 99)) )
+                && (strtoul (pw+4, NULL, 0) & 0xffff) == 99)) ) 
     {
       /* 111 is the old Assuan code for canceled which might still
          be in use by old installations. 99 is GPG_ERR_CANCELED as
@@ -569,14 +588,14 @@
         default: rc = SPWQ_GENERAL_ERROR; break;
         }
     }
-  else
+  else 
     {
 #ifdef SPWQ_USE_LOGGING
       log_error (_("problem with the agent\n"));
 #endif
       rc = SPWQ_ERR_RESPONSE;
     }
-
+        
  leave:
   if (errorcode)
     *errorcode = rc;
@@ -640,13 +659,13 @@
       rc = SPWQ_PROTOCOL_ERROR;
       goto leave;
     }
-
-  if (response[0] == 'O' && response[1] == 'K')
+  
+  if (response[0] == 'O' && response[1] == 'K') 
     /* OK, do nothing.  */;
   else if ((nread > 7 && !memcmp (response, "ERR 111", 7)
             && (response[7] == ' ' || response[7] == '\n') )
            || ((nread > 4 && !memcmp (response, "ERR ", 4)
-                && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) )
+                && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) ) 
     {
       /* 111 is the old Assuan code for canceled which might still
          be in use by old installations. 99 is GPG_ERR_CANCELED as
@@ -656,14 +675,14 @@
       log_info (_("canceled by user\n") );
 #endif
     }
-  else
+  else 
     {
 #ifdef SPWQ_USE_LOGGING
       log_error (_("problem with the agent\n"));
 #endif
       rc = SPWQ_ERR_RESPONSE;
     }
-
+        
  leave:
   if (fd != -1)
     close (fd);
diff -Nru gnupg2-2.1.6/common/simple-pwquery.h gnupg2-2.0.28/common/simple-pwquery.h
--- gnupg2-2.1.6/common/simple-pwquery.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/simple-pwquery.h	2015-06-02 08:13:55.000000000 +0000
@@ -24,9 +24,11 @@
 
 /* Include whatever files you need.  */
 #include 
-#include "../common/logging.h"
+#include "../jnlib/logging.h"
 
-/* Try to write error message using the standard gnupg log mechanism.  */
+/* Try to write error message using the standard log mechanism.  The
+   current implementation requires that the HAVE_JNLIB_LOGGING is also
+   defined. */
 #define SPWQ_USE_LOGGING  1
 
 /* Memory allocation functions used by the implementation.  Note, that
@@ -48,7 +50,7 @@
    If ERRORCODE is not NULL it should point a variable receiving an
    errorcode; this errocode might be 0 if the user canceled the
    operation.  The function returns NULL to indicate an error. */
-char *simple_pwquery (const char *cacheid,
+char *simple_pwquery (const char *cacheid, 
                       const char *tryagain,
                       const char *prompt,
                       const char *description,
@@ -69,7 +71,7 @@
 
 #define SPWQ_OUT_OF_CORE 1
 #define SPWQ_IO_ERROR 2
-#define SPWQ_PROTOCOL_ERROR 3
+#define SPWQ_PROTOCOL_ERROR 3 
 #define SPWQ_ERR_RESPONSE 4
 #define SPWQ_NO_AGENT 5
 #define SPWQ_SYS_ERROR 6
@@ -106,8 +108,8 @@
            default:                                         \
              return gpg_error (GPG_ERR_GENERAL);            \
            }                                                \
-       }
-/* End of MAP_SPWQ_ERROR_IMPL.  */
+       }                                                      
+/* End of MAP_SPWQ_ERROR_IMPL.  */       
 
 
 #endif /*SIMPLE_PWQUERY_H*/
diff -Nru gnupg2-2.1.6/common/srv.c gnupg2-2.0.28/common/srv.c
--- gnupg2-2.1.6/common/srv.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/srv.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,24 +1,14 @@
 /* srv.c - DNS SRV code
  * Copyright (C) 2003, 2009 Free Software Foundation, Inc.
  *
- * This file is part of GnuPG.
+ * This file is part of GNUPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GNUPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -30,10 +20,7 @@
 #include 
 #include 
 #ifdef _WIN32
-# ifdef HAVE_WINSOCK2_H
-#  include 
-# endif
-# include 
+#include 
 #else
 #include 
 #include 
@@ -45,10 +32,12 @@
 #include 
 #ifdef USE_ADNS
 # include 
+# ifndef HAVE_ADNS_FREE
+#  define adns_free free
+# endif
 #endif
 
 #include "util.h"
-#include "host2net.h"
 #include "srv.h"
 
 /* Not every installation has gotten around to supporting SRVs
@@ -83,7 +72,7 @@
   {
     adns_state state;
     adns_answer *answer = NULL;
-
+    
     rc = adns_init (&state, adns_if_noerrprint, NULL);
     if (rc)
       {
@@ -99,12 +88,12 @@
         adns_finish (state);
         return -1;
       }
-    if (answer->status != adns_s_ok
+    if (answer->status != adns_s_ok 
         || answer->type != adns_r_srv || !answer->nrrs)
       {
-        log_error ("DNS query returned an error or no records: %s (%s)\n",
-                   adns_strerror (answer->status),
-                   adns_errabbrev (answer->status));
+        /* log_error ("DNS query returned an error or no records: %s (%s)\n", */
+        /*            adns_strerror (answer->status), */
+        /*            adns_errabbrev (answer->status)); */
         adns_free (answer);
         adns_finish (state);
         return 0;
@@ -120,7 +109,7 @@
             log_info ("hostname in SRV record too long - skipped\n");
             continue;
           }
-
+      
         newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
         if (!newlist)
           goto fail;
@@ -128,7 +117,7 @@
         memset (&(*list)[srvcount], 0, sizeof(struct srventry));
         srv = &(*list)[srvcount];
         srvcount++;
-
+      
         srv->priority = answer->rrs.srvha[count].priority;
         srv->weight   = answer->rrs.srvha[count].weight;
         srv->port     = answer->rrs.srvha[count].port;
@@ -145,29 +134,29 @@
     unsigned char *pt, *emsg;
     int r;
     u16 dlen;
-
+    
     r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
     if (r < sizeof (HEADER) || r > sizeof answer)
       return -1;
     if (header->rcode != NOERROR || !(count=ntohs (header->ancount)))
       return 0; /* Error or no record found.  */
-
+    
     emsg = &answer[r];
     pt = &answer[sizeof(HEADER)];
-
+  
     /* Skip over the query */
     rc = dn_skipname (pt, emsg);
     if (rc == -1)
       goto fail;
-
+  
     pt += rc + QFIXEDSZ;
-
+  
     while (count-- > 0 && pt < emsg)
       {
         struct srventry *srv=NULL;
         u16 type,class;
         struct srventry *newlist;
-
+      
         newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
         if (!newlist)
           goto fail;
@@ -175,39 +164,38 @@
         memset(&(*list)[srvcount],0,sizeof(struct srventry));
         srv=&(*list)[srvcount];
         srvcount++;
-
+      
         rc = dn_skipname(pt,emsg); /* the name we just queried for */
         if (rc == -1)
           goto fail;
         pt+=rc;
-
+      
         /* Truncated message? */
         if((emsg-pt)<16)
           goto fail;
-
-        type = buf16_to_u16 (pt);
-        pt += 2;
+      
+        type=*pt++ << 8;
+        type|=*pt++;
         /* We asked for SRV and got something else !? */
         if(type!=T_SRV)
           goto fail;
-
-        class = buf16_to_u16 (pt);
-        pt += 2;
+      
+        class=*pt++ << 8;
+        class|=*pt++;
         /* We asked for IN and got something else !? */
         if(class!=C_IN)
           goto fail;
-
-        pt += 4; /* ttl */
-        dlen = buf16_to_u16 (pt);
-        pt += 2;
-
-        srv->priority = buf16_to_ushort (pt);
-        pt += 2;
-        srv->weight = buf16_to_ushort (pt);
-        pt += 2;
-        srv->port = buf16_to_ushort (pt);
-        pt += 2;
-
+      
+        pt+=4; /* ttl */
+        dlen=*pt++ << 8;
+        dlen|=*pt++;
+        srv->priority=*pt++ << 8;
+        srv->priority|=*pt++;
+        srv->weight=*pt++ << 8;
+        srv->weight|=*pt++;
+        srv->port=*pt++ << 8;
+        srv->port|=*pt++;
+      
         /* Get the name.  2782 doesn't allow name compression, but
            dn_expand still works to pull the name out of the
            packet. */
@@ -227,17 +215,17 @@
       }
   }
 #endif /*!USE_ADNS*/
-
+  
   /* Now we have an array of all the srv records. */
-
+  
   /* Order by priority */
   qsort(*list,srvcount,sizeof(struct srventry),priosort);
-
+  
   /* For each priority, move the zero-weighted items first. */
   for (i=0; i < srvcount; i++)
     {
       int j;
-
+      
       for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
         {
           if((*list)[j].weight==0)
@@ -246,12 +234,12 @@
               if(j!=i)
                 {
                   struct srventry temp;
-
+                  
                   memcpy (&temp,&(*list)[j],sizeof(struct srventry));
                   memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry));
                   memcpy (&(*list)[i],&temp,sizeof(struct srventry));
                 }
-
+              
               break;
             }
         }
@@ -267,15 +255,15 @@
     {
       int j;
       float prio_count=0,chose;
-
+      
       for (j=i; j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
         {
           prio_count+=(*list)[j].weight;
           (*list)[j].run_count=prio_count;
         }
-
+      
       chose=prio_count*rand()/RAND_MAX;
-
+      
       for (j=i;j
-#  endif
 #  include 
 # else
 #  include 
diff -Nru gnupg2-2.1.6/common/ssh-utils.c gnupg2-2.0.28/common/ssh-utils.c
--- gnupg2-2.1.6/common/ssh-utils.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/ssh-utils.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -37,40 +27,15 @@
 #include "ssh-utils.h"
 
 
-/* Return true if KEYPARMS holds an EdDSA key.  */
-static int
-is_eddsa (gcry_sexp_t keyparms)
-{
-  int result = 0;
-  gcry_sexp_t list;
-  const char *s;
-  size_t n;
-  int i;
-
-  list = gcry_sexp_find_token (keyparms, "flags", 0);
-  for (i = list ? gcry_sexp_length (list)-1 : 0; i > 0; i--)
-    {
-      s = gcry_sexp_nth_data (list, i, &n);
-      if (!s)
-        continue; /* Not a data element. */
-
-      if (n == 5 && !memcmp (s, "eddsa", 5))
-        {
-          result = 1;
-          break;
-        }
-    }
-  gcry_sexp_release (list);
-  return result;
-}
-
 
 /* Return the Secure Shell type fingerprint for KEY.  The length of
    the fingerprint is returned at R_LEN and the fingerprint itself at
    R_FPR.  In case of a error code is returned and NULL stored at
-   R_FPR.  */
+   R_FPR.  This function is usually called via the ssh_get_fingerprint
+   macro which makes sure to use the correct value for ERRSOURCE. */
 static gpg_error_t
-get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
+get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
+                 gpg_err_source_t errsource, int as_string)
 {
   gpg_error_t err;
   gcry_sexp_t list = NULL;
@@ -80,7 +45,6 @@
   int idx;
   const char *elems;
   gcry_md_hd_t md = NULL;
-  int blobmode = 0;
 
   *r_fpr = NULL;
   *r_len = 0;
@@ -95,7 +59,7 @@
     list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
   if (!list)
     {
-      err = gpg_err_make (default_errsource, GPG_ERR_UNKNOWN_SEXP);
+      err = gpg_err_make (errsource, GPG_ERR_UNKNOWN_SEXP);
       goto leave;
     }
 
@@ -107,7 +71,7 @@
   name = gcry_sexp_nth_string (list, 0);
   if (!name)
     {
-      err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
+      err = gpg_err_make (errsource, GPG_ERR_INV_SEXP);
       goto leave;
     }
 
@@ -121,116 +85,82 @@
       elems = "en";
       gcry_md_write (md, "\0\0\0\x07ssh-rsa", 11);
       break;
-
     case GCRY_PK_DSA:
       elems = "pqgy";
       gcry_md_write (md, "\0\0\0\x07ssh-dss", 11);
       break;
-
+#if GCRYPT_VERSION_NUMBER >= 0x010600
     case GCRY_PK_ECC:
-      if (is_eddsa (list))
-        {
-          elems = "q";
-          blobmode = 1;
-          /* For now there is just one curve, thus no need to switch
-             on it.  */
-          gcry_md_write (md, "\0\0\0\x0b" "ssh-ed25519", 15);
-        }
+#endif
+    case GCRY_PK_ECDSA:
+      /* We only support the 3 standard curves for now.  It is just a
+         quick hack.  */
+      elems = "q";
+      gcry_md_write (md, "\0\0\0\x13" "ecdsa-sha2-nistp", 20);
+      l2 = gcry_sexp_find_token (list, "curve", 0);
+      if (!l2)
+        elems = "";
       else
         {
-          /* We only support the 3 standard curves for now.  It is
-             just a quick hack.  */
-          elems = "q";
-          gcry_md_write (md, "\0\0\0\x13" "ecdsa-sha2-nistp", 20);
-          l2 = gcry_sexp_find_token (list, "curve", 0);
-          if (!l2)
+          gcry_free (name);
+          name = gcry_sexp_nth_string (l2, 1);
+          gcry_sexp_release (l2);
+          l2 = NULL;
+          if (!name)
             elems = "";
+          else if (!strcmp (name, "NIST P-256") || !strcmp (name, "nistp256"))
+            gcry_md_write (md, "256\0\0\0\x08nistp256", 15);
+          else if (!strcmp (name, "NIST P-384") || !strcmp (name, "nistp384"))
+            gcry_md_write (md, "384\0\0\0\x08nistp521", 15);
+          else if (!strcmp (name, "NIST P-521") || !strcmp (name, "nistp521"))
+            gcry_md_write (md, "521\0\0\0\x08nistp521", 15);
           else
-            {
-              gcry_free (name);
-              name = gcry_sexp_nth_string (l2, 1);
-              gcry_sexp_release (l2);
-              l2 = NULL;
-              if (!name)
-                elems = "";
-              else if (!strcmp (name, "NIST P-256")||!strcmp (name, "nistp256"))
-                gcry_md_write (md, "256\0\0\0\x08nistp256", 15);
-              else if (!strcmp (name, "NIST P-384")||!strcmp (name, "nistp384"))
-                gcry_md_write (md, "384\0\0\0\x08nistp521", 15);
-              else if (!strcmp (name, "NIST P-521")||!strcmp (name, "nistp521"))
-                gcry_md_write (md, "521\0\0\0\x08nistp521", 15);
-              else
-                elems = "";
-            }
-          if (!*elems)
-            err = gpg_err_make (default_errsource, GPG_ERR_UNKNOWN_CURVE);
+            elems = "";
         }
+      if (!*elems)
+        err = gpg_err_make (errsource, GPG_ERR_UNKNOWN_CURVE);
       break;
-
     default:
       elems = "";
-      err = gpg_err_make (default_errsource, GPG_ERR_PUBKEY_ALGO);
+      err = gpg_err_make (errsource, GPG_ERR_PUBKEY_ALGO);
       break;
     }
   if (err)
     goto leave;
 
-
   for (idx = 0, s = elems; *s; s++, idx++)
     {
+      gcry_mpi_t a;
+      unsigned char *buf;
+      size_t buflen;
+
       l2 = gcry_sexp_find_token (list, s, 1);
       if (!l2)
         {
-          err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
+          err = gpg_err_make (errsource, GPG_ERR_INV_SEXP);
           goto leave;
         }
-      if (blobmode)
+      a = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
+      gcry_sexp_release (l2);
+      l2 = NULL;
+      if (!a)
         {
-          const char *blob;
-          size_t bloblen;
-          unsigned char lenbuf[4];
-
-          blob = gcry_sexp_nth_data (l2, 1, &bloblen);
-          if (!blob)
-            {
-              err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
-              goto leave;
-            }
-          lenbuf[0] = bloblen >> 24;
-          lenbuf[1] = bloblen >> 16;
-          lenbuf[2] = bloblen >>  8;
-          lenbuf[3] = bloblen;
-          gcry_md_write (md, lenbuf, 4);
-          gcry_md_write (md, blob, bloblen);
+          err = gpg_err_make (errsource, GPG_ERR_INV_SEXP);
+          goto leave;
         }
-      else
-        {
-          gcry_mpi_t a;
-          unsigned char *buf;
-          size_t buflen;
 
-          a = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
-          gcry_sexp_release (l2);
-          l2 = NULL;
-          if (!a)
-            {
-              err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
-              goto leave;
-            }
-
-          err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a);
-          gcry_mpi_release (a);
-          if (err)
-            goto leave;
-          gcry_md_write (md, buf, buflen);
-          gcry_free (buf);
-        }
+      err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a);
+      gcry_mpi_release (a);
+      if (err)
+        goto leave;
+      gcry_md_write (md, buf, buflen);
+      gcry_free (buf);
     }
 
   *r_fpr = gcry_malloc (as_string? 61:20);
   if (!*r_fpr)
     {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+      err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
       goto leave;
     }
 
@@ -258,25 +188,31 @@
 /* Return the Secure Shell type fingerprint for KEY.  The length of
    the fingerprint is returned at R_LEN and the fingerprint itself at
    R_FPR.  In case of an error an error code is returned and NULL
-   stored at R_FPR.  */
+   stored at R_FPR.  This function is usually called via the
+   ssh_get_fingerprint macro which makes sure to use the correct value
+   for ERRSOURCE. */
 gpg_error_t
-ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len)
+_ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
+                      gpg_err_source_t errsource)
 {
-  return get_fingerprint (key, r_fpr, r_len, 0);
+  return get_fingerprint (key, r_fpr, r_len, errsource, 0);
 }
 
 
 /* Return the Secure Shell type fingerprint for KEY as a string.  The
    fingerprint is mallcoed and stored at R_FPRSTR.  In case of an
-   error an error code is returned and NULL stored at R_FPRSTR.  */
+   error an error code is returned and NULL stored at R_FPRSTR.  This
+   function is usually called via the ssh_get_fingerprint_string macro
+   which makes sure to use the correct value for ERRSOURCE. */
 gpg_error_t
-ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr)
+_ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr,
+                             gpg_err_source_t errsource)
 {
   gpg_error_t err;
   size_t dummy;
   void *string;
 
-  err = get_fingerprint (key, &string, &dummy, 1);
+  err = get_fingerprint (key, &string, &dummy, errsource, 1);
   *r_fprstr = string;
   return err;
 }
diff -Nru gnupg2-2.1.6/common/ssh-utils.h gnupg2-2.0.28/common/ssh-utils.h
--- gnupg2-2.1.6/common/ssh-utils.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/ssh-utils.h	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -31,9 +21,16 @@
 #define GNUPG_COMMON_SSH_UTILS_H
 
 
-gpg_error_t ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len);
+gpg_error_t _ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
+                                  gpg_err_source_t errsource);
+#define ssh_get_fingerprint(a,b,c)                              \
+  _ssh_get_fingerprint ((a), (b), (c), GPG_ERR_SOURCE_DEFAULT)
+
+gpg_error_t _ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr,
+                                         gpg_err_source_t errsource);
+#define ssh_get_fingerprint_string(a,b)                         \
+  _ssh_get_fingerprint_string ((a), (b), GPG_ERR_SOURCE_DEFAULT)
 
-gpg_error_t ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr);
 
 
 #endif /*GNUPG_COMMON_SSH_UTILS_H*/
diff -Nru gnupg2-2.1.6/common/status.c gnupg2-2.0.28/common/status.c
--- gnupg2-2.1.6/common/status.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/status.c	2015-06-02 08:13:55.000000000 +0000
@@ -27,7 +27,7 @@
 
 /* Return the status string for code NO. */
 const char *
-get_status_string ( int no )
+get_status_string ( int no ) 
 {
   int idx = statusstr_msgidxof (no);
   if (idx == -1)
@@ -41,7 +41,7 @@
 get_inv_recpsgnr_code (gpg_error_t err)
 {
   const char *errstr;
-
+  
   switch (gpg_err_code (err))
     {
     case GPG_ERR_NO_PUBKEY:       errstr = "1"; break;
diff -Nru gnupg2-2.1.6/common/status-codes.h gnupg2-2.0.28/common/status-codes.h
--- gnupg2-2.1.6/common/status-codes.h	2015-06-17 10:47:07.000000000 +0000
+++ gnupg2-2.0.28/common/status-codes.h	2015-06-02 12:35:16.000000000 +0000
@@ -30,6 +30,7 @@
   "BADSIG" "\0"
   "ERRSIG" "\0"
   "BADARMOR" "\0"
+  "RSA_OR_IDEA" "\0"
   "TRUST_UNDEFINED" "\0"
   "TRUST_NEVER" "\0"
   "TRUST_MARGINAL" "\0"
@@ -76,6 +77,8 @@
   "NOTATION_NAME" "\0"
   "NOTATION_DATA" "\0"
   "POLICY_URL" "\0"
+  "BEGIN_STREAM" "\0"
+  "END_STREAM" "\0"
   "KEY_CREATED" "\0"
   "USERID_HINT" "\0"
   "UNEXPECTED" "\0"
@@ -86,6 +89,7 @@
   "ALREADY_SIGNED" "\0"
   "KEYEXPIRED" "\0"
   "KEYREVOKED" "\0"
+  "SIGEXPIRED" "\0"
   "EXPSIG" "\0"
   "EXPKEYSIG" "\0"
   "ATTRIBUTE" "\0"
@@ -103,8 +107,6 @@
   "PKA_TRUST_BAD" "\0"
   "PKA_TRUST_GOOD" "\0"
   "TRUNCATED" "\0"
-  "MOUNTPOINT" "\0"
-  "PINENTRY_LAUNCHED" "\0"
   "ERROR" "\0"
   "SUCCESS";
 
@@ -118,85 +120,87 @@
     33,
     40,
     49,
-    65,
+    61,
     77,
-    92,
+    89,
     104,
-    119,
-    135,
-    144,
-    151,
-    158,
-    165,
-    180,
-    190,
-    200,
-    220,
-    236,
-    254,
-    270,
-    289,
-    305,
-    313,
-    320,
-    327,
-    336,
-    346,
-    361,
-    372,
-    385,
-    396,
-    406,
-    417,
-    434,
-    449,
-    466,
-    481,
-    495,
-    510,
-    519,
-    528,
-    539,
-    546,
-    555,
+    116,
+    131,
+    147,
+    156,
+    163,
+    170,
+    177,
+    192,
+    202,
+    212,
+    232,
+    248,
+    266,
+    282,
+    301,
+    317,
+    325,
+    332,
+    339,
+    348,
+    358,
+    373,
+    384,
+    397,
+    408,
+    418,
+    429,
+    446,
+    461,
+    478,
+    493,
+    507,
+    522,
+    531,
+    540,
+    551,
+    558,
     567,
     579,
-    593,
-    607,
-    618,
+    591,
+    605,
+    619,
     630,
-    642,
-    653,
-    662,
-    671,
-    679,
-    687,
-    702,
-    713,
-    724,
-    731,
-    741,
-    751,
-    761,
-    768,
-    782,
-    792,
-    809,
-    825,
-    845,
-    854,
-    868,
-    882,
+    643,
+    654,
+    666,
+    678,
+    689,
+    698,
+    707,
+    715,
+    723,
+    738,
+    749,
+    760,
+    771,
+    778,
+    788,
+    798,
+    808,
+    815,
+    829,
+    839,
+    856,
+    872,
+    892,
     901,
     915,
-    930,
-    940,
-    951,
-    969,
-    975,
+    929,
+    948,
+    962,
+    977,
+    987,
+    993,
     
   };
 
 #define statusstr_msgidxof(code) (0 ? -1 \
-  : ((code >= 0) && (code <= 83)) ? (code - 0) \
+  : ((code >= 0) && (code <= 85)) ? (code - 0) \
   : -1)
diff -Nru gnupg2-2.1.6/common/status.h gnupg2-2.0.28/common/status.h
--- gnupg2-2.1.6/common/status.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/status.h	2015-06-02 08:13:55.000000000 +0000
@@ -20,7 +20,7 @@
 #ifndef GNUPG_COMMON_STATUS_H
 #define GNUPG_COMMON_STATUS_H
 
-enum
+enum 
   {
     STATUS_ENTER,
     STATUS_LEAVE,
@@ -32,12 +32,14 @@
 
     STATUS_BADARMOR,
 
+    STATUS_RSA_OR_IDEA,
+
     STATUS_TRUST_UNDEFINED,
     STATUS_TRUST_NEVER,
     STATUS_TRUST_MARGINAL,
     STATUS_TRUST_FULLY,
     STATUS_TRUST_ULTIMATE,
-
+  
     STATUS_NEED_PASSPHRASE,
     STATUS_VALIDSIG,
     STATUS_SIG_ID,
@@ -57,20 +59,20 @@
     STATUS_ERRMDC,
     STATUS_IMPORTED,
     STATUS_IMPORT_OK,
-    STATUS_IMPORT_PROBLEM,
+    STATUS_IMPORT_PROBLEM, 
     STATUS_IMPORT_RES,
     STATUS_IMPORT_CHECK,
 
     STATUS_FILE_START,
     STATUS_FILE_DONE,
     STATUS_FILE_ERROR,
-
+  
     STATUS_BEGIN_DECRYPTION,
     STATUS_END_DECRYPTION,
     STATUS_BEGIN_ENCRYPTION,
     STATUS_END_ENCRYPTION,
     STATUS_BEGIN_SIGNING,
-
+  
     STATUS_DELETE_PROBLEM,
 
     STATUS_GET_BOOL,
@@ -84,6 +86,8 @@
     STATUS_NOTATION_NAME,
     STATUS_NOTATION_DATA,
     STATUS_POLICY_URL,
+    STATUS_BEGIN_STREAM,
+    STATUS_END_STREAM,
     STATUS_KEY_CREATED,
     STATUS_USERID_HINT,
     STATUS_UNEXPECTED,
@@ -95,6 +99,7 @@
     STATUS_ALREADY_SIGNED,
     STATUS_KEYEXPIRED,
     STATUS_KEYREVOKED,
+    STATUS_SIGEXPIRED,
     STATUS_EXPSIG,
     STATUS_EXPKEYSIG,
 
@@ -120,10 +125,6 @@
     STATUS_PKA_TRUST_GOOD,
 
     STATUS_TRUNCATED,
-    STATUS_MOUNTPOINT,
-
-    STATUS_PINENTRY_LAUNCHED,
-
     STATUS_ERROR,
     STATUS_SUCCESS
 };
diff -Nru gnupg2-2.1.6/common/stringhelp.c gnupg2-2.0.28/common/stringhelp.c
--- gnupg2-2.1.6/common/stringhelp.c	2015-06-22 17:25:56.000000000 +0000
+++ gnupg2-2.0.28/common/stringhelp.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,1303 +0,0 @@
-/* stringhelp.c -  standard string helper functions
- * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007,
- *               2008, 2009, 2010  Free Software Foundation, Inc.
- * Copyright (C) 2014 Werner Koch
- * Copyright (C) 2015  g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_PWD_H
-# include 
-#endif
-#include 
-#include 
-#ifdef HAVE_W32_SYSTEM
-# ifdef HAVE_WINSOCK2_H
-#  include 
-# endif
-# include 
-#endif
-#include 
-
-#include "util.h"
-#include "common-defs.h"
-#include "utf8conv.h"
-#include "sysutils.h"
-#include "stringhelp.h"
-
-#define tohex_lower(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'a'))
-
-/* Sometimes we want to avoid mixing slashes and backslashes on W32
-   and prefer backslashes.  There is usual no problem with mixing
-   them, however a very few W32 API calls can't grok plain slashes.
-   Printing filenames with mixed slashes also looks a bit strange.
-   This function has no effext on POSIX. */
-static inline char *
-change_slashes (char *name)
-{
-#ifdef HAVE_DOSISH_SYSTEM
-  char *p;
-
-  if (strchr (name, '\\'))
-    {
-      for (p=name; *p; p++)
-        if (*p == '/')
-          *p = '\\';
-    }
-#endif /*HAVE_DOSISH_SYSTEM*/
-  return name;
-}
-
-
-/*
- * Check whether STRING starts with KEYWORD.  The keyword is
- * delimited by end of string, a space or a tab.  Returns NULL if not
- * found or a pointer into STRING to the next non-space character
- * after the KEYWORD (which may be end of string).
- */
-char *
-has_leading_keyword (const char *string, const char *keyword)
-{
-  size_t n = strlen (keyword);
-
-  if (!strncmp (string, keyword, n)
-      && (!string[n] || string[n] == ' ' || string[n] == '\t'))
-    {
-      string += n;
-      while (*string == ' ' || *string == '\t')
-        string++;
-      return (char*)string;
-    }
-  return NULL;
-}
-
-
-/*
- * Look for the substring SUB in buffer and return a pointer to that
- * substring in BUFFER or NULL if not found.
- * Comparison is case-insensitive.
- */
-const char *
-memistr (const void *buffer, size_t buflen, const char *sub)
-{
-  const unsigned char *buf = buffer;
-  const unsigned char *t = (const unsigned char *)buffer;
-  const unsigned char *s = (const unsigned char *)sub;
-  size_t n = buflen;
-
-  for ( ; n ; t++, n-- )
-    {
-      if ( toupper (*t) == toupper (*s) )
-        {
-          for ( buf=t++, buflen = n--, s++;
-                n && toupper (*t) == toupper (*s); t++, s++, n-- )
-            ;
-          if (!*s)
-            return (const char*)buf;
-          t = buf;
-          s = (const unsigned char *)sub ;
-          n = buflen;
-	}
-    }
-  return NULL;
-}
-
-const char *
-ascii_memistr ( const void *buffer, size_t buflen, const char *sub )
-{
-  const unsigned char *buf = buffer;
-  const unsigned char *t = (const unsigned char *)buf;
-  const unsigned char *s = (const unsigned char *)sub;
-  size_t n = buflen;
-
-  for ( ; n ; t++, n-- )
-    {
-      if (ascii_toupper (*t) == ascii_toupper (*s) )
-        {
-          for ( buf=t++, buflen = n--, s++;
-                n && ascii_toupper (*t) == ascii_toupper (*s); t++, s++, n-- )
-            ;
-          if (!*s)
-            return (const char*)buf;
-          t = (const unsigned char *)buf;
-          s = (const unsigned char *)sub ;
-          n = buflen;
-	}
-    }
-  return NULL;
-}
-
-/* This function is similar to strncpy().  However it won't copy more
-   than N - 1 characters and makes sure that a '\0' is appended. With
-   N given as 0, nothing will happen.  With DEST given as NULL, memory
-   will be allocated using xmalloc (i.e. if it runs out of core
-   the function terminates).  Returns DES or a pointer to the
-   allocated memory.
- */
-char *
-mem2str( char *dest , const void *src , size_t n )
-{
-    char *d;
-    const char *s;
-
-    if( n ) {
-	if( !dest )
-	    dest = xmalloc( n ) ;
-	d = dest;
-	s = src ;
-	for(n--; n && *s; n-- )
-	    *d++ = *s++;
-	*d = '\0' ;
-    }
-
-    return dest ;
-}
-
-
-/****************
- * remove leading and trailing white spaces
- */
-char *
-trim_spaces( char *str )
-{
-    char *string, *p, *mark;
-
-    string = str;
-    /* find first non space character */
-    for( p=string; *p && isspace( *(byte*)p ) ; p++ )
-	;
-    /* move characters */
-    for( (mark = NULL); (*string = *p); string++, p++ )
-	if( isspace( *(byte*)p ) ) {
-	    if( !mark )
-		mark = string ;
-	}
-	else
-	    mark = NULL ;
-    if( mark )
-	*mark = '\0' ;  /* remove trailing spaces */
-
-    return str ;
-}
-
-/****************
- * remove trailing white spaces
- */
-char *
-trim_trailing_spaces( char *string )
-{
-    char *p, *mark;
-
-    for( mark = NULL, p = string; *p; p++ ) {
-	if( isspace( *(byte*)p ) ) {
-	    if( !mark )
-		mark = p;
-	}
-	else
-	    mark = NULL;
-    }
-    if( mark )
-	*mark = '\0' ;
-
-    return string ;
-}
-
-
-unsigned
-trim_trailing_chars( byte *line, unsigned len, const char *trimchars )
-{
-    byte *p, *mark;
-    unsigned n;
-
-    for(mark=NULL, p=line, n=0; n < len; n++, p++ ) {
-	if( strchr(trimchars, *p ) ) {
-	    if( !mark )
-		mark = p;
-	}
-	else
-	    mark = NULL;
-    }
-
-    if( mark ) {
-	*mark = 0;
-	return mark - line;
-    }
-    return len;
-}
-
-/****************
- * remove trailing white spaces and return the length of the buffer
- */
-unsigned
-trim_trailing_ws( byte *line, unsigned len )
-{
-    return trim_trailing_chars( line, len, " \t\r\n" );
-}
-
-size_t
-length_sans_trailing_chars (const unsigned char *line, size_t len,
-                            const char *trimchars )
-{
-  const unsigned char *p, *mark;
-  size_t n;
-
-  for( mark=NULL, p=line, n=0; n < len; n++, p++ )
-    {
-      if (strchr (trimchars, *p ))
-        {
-          if( !mark )
-            mark = p;
-        }
-      else
-        mark = NULL;
-    }
-
-  if (mark)
-    return mark - line;
-  return len;
-}
-
-/*
- *  Return the length of line ignoring trailing white-space.
- */
-size_t
-length_sans_trailing_ws (const unsigned char *line, size_t len)
-{
-  return length_sans_trailing_chars (line, len, " \t\r\n");
-}
-
-
-
-/*
- * Extract from a given path the filename component.  This function
- * terminates the process on memory shortage.
- */
-char *
-make_basename(const char *filepath, const char *inputpath)
-{
-#ifdef __riscos__
-    return riscos_make_basename(filepath, inputpath);
-#else
-    char *p;
-
-    (void)inputpath; /* Only required for riscos.  */
-
-    if ( !(p=strrchr(filepath, '/')) )
-#ifdef HAVE_DOSISH_SYSTEM
-	if ( !(p=strrchr(filepath, '\\')) )
-#endif
-#ifdef HAVE_DRIVE_LETTERS
-	    if ( !(p=strrchr(filepath, ':')) )
-#endif
-	      {
-		return xstrdup(filepath);
-	      }
-
-    return xstrdup(p+1);
-#endif
-}
-
-
-
-/*
- * Extract from a given filename the path prepended to it.  If there
- * isn't a path prepended to the filename, a dot is returned ('.').
- * This function terminates the process on memory shortage.
- */
-char *
-make_dirname(const char *filepath)
-{
-    char *dirname;
-    int  dirname_length;
-    char *p;
-
-    if ( !(p=strrchr(filepath, '/')) )
-#ifdef HAVE_DOSISH_SYSTEM
-	if ( !(p=strrchr(filepath, '\\')) )
-#endif
-#ifdef HAVE_DRIVE_LETTERS
-	    if ( !(p=strrchr(filepath, ':')) )
-#endif
-	      {
-		return xstrdup(".");
-	      }
-
-    dirname_length = p-filepath;
-    dirname = xmalloc(dirname_length+1);
-    strncpy(dirname, filepath, dirname_length);
-    dirname[dirname_length] = 0;
-
-    return dirname;
-}
-
-
-
-static char *
-get_pwdir (int xmode, const char *name)
-{
-  char *result = NULL;
-#ifdef HAVE_PWD_H
-  struct passwd *pwd = NULL;
-
-  if (name)
-    {
-#ifdef HAVE_GETPWNAM
-      /* Fixme: We should use getpwnam_r if available.  */
-      pwd = getpwnam (name);
-#endif
-    }
-  else
-    {
-#ifdef HAVE_GETPWUID
-      /* Fixme: We should use getpwuid_r if available.  */
-      pwd = getpwuid (getuid());
-#endif
-    }
-  if (pwd)
-    {
-      if (xmode)
-        result = xstrdup (pwd->pw_dir);
-      else
-        result = xtrystrdup (pwd->pw_dir);
-    }
-#else /*!HAVE_PWD_H*/
-  /* No support at all.  */
-  (void)xmode;
-  (void)name;
-#endif /*HAVE_PWD_H*/
-  return result;
-}
-
-
-/* xmode 0 := Return NULL on error
-         1 := Terminate on error
-         2 := Make sure that name is absolute; return NULL on error
-         3 := Make sure that name is absolute; terminate on error
- */
-static char *
-do_make_filename (int xmode, const char *first_part, va_list arg_ptr)
-{
-  const char *argv[32];
-  int argc;
-  size_t n;
-  int skip = 1;
-  char *home_buffer = NULL;
-  char *name, *home, *p;
-  int want_abs;
-
-  want_abs = !!(xmode & 2);
-  xmode &= 1;
-
-  n = strlen (first_part) + 1;
-  argc = 0;
-  while ( (argv[argc] = va_arg (arg_ptr, const char *)) )
-    {
-      n += strlen (argv[argc]) + 1;
-      if (argc >= DIM (argv)-1)
-        {
-          if (xmode)
-            BUG ();
-          gpg_err_set_errno (EINVAL);
-          return NULL;
-        }
-      argc++;
-    }
-  n++;
-
-  home = NULL;
-  if (*first_part == '~')
-    {
-      if (first_part[1] == '/' || !first_part[1])
-        {
-          /* This is the "~/" or "~" case.  */
-          home = getenv("HOME");
-          if (!home)
-            home = home_buffer = get_pwdir (xmode, NULL);
-          if (home && *home)
-            n += strlen (home);
-        }
-      else
-        {
-          /* This is the "~username/" or "~username" case.  */
-          char *user;
-
-          if (xmode)
-            user = xstrdup (first_part+1);
-          else
-            {
-              user = xtrystrdup (first_part+1);
-              if (!user)
-                return NULL;
-            }
-          p = strchr (user, '/');
-          if (p)
-            *p = 0;
-          skip = 1 + strlen (user);
-
-          home = home_buffer = get_pwdir (xmode, user);
-          xfree (user);
-          if (home)
-            n += strlen (home);
-          else
-            skip = 1;
-        }
-    }
-
-  if (xmode)
-    name = xmalloc (n);
-  else
-    {
-      name = xtrymalloc (n);
-      if (!name)
-        {
-          xfree (home_buffer);
-          return NULL;
-        }
-    }
-
-  if (home)
-    p = stpcpy (stpcpy (name, home), first_part + skip);
-  else
-    p = stpcpy (name, first_part);
-
-  xfree (home_buffer);
-  for (argc=0; argv[argc]; argc++)
-    p = stpcpy (stpcpy (p, "/"), argv[argc]);
-
-  if (want_abs)
-    {
-#ifdef HAVE_DRIVE_LETTERS
-      p = strchr (name, ':');
-      if (p)
-        p++;
-      else
-        p = name;
-#else
-      p = name;
-#endif
-      if (*p != '/'
-#ifdef HAVE_DRIVE_LETTERS
-          && *p != '\\'
-#endif
-          )
-        {
-          home = gnupg_getcwd ();
-          if (!home)
-            {
-              if (xmode)
-                {
-                  fprintf (stderr, "\nfatal: getcwd failed: %s\n",
-                           strerror (errno));
-                  exit(2);
-                }
-              xfree (name);
-              return NULL;
-            }
-          n = strlen (home) + 1 + strlen (name) + 1;
-          if (xmode)
-            home_buffer = xmalloc (n);
-          else
-            {
-              home_buffer = xtrymalloc (n);
-              if (!home_buffer)
-                {
-                  xfree (name);
-                  return NULL;
-                }
-            }
-          if (p == name)
-            p = home_buffer;
-          else /* Windows case.  */
-            {
-              memcpy (home_buffer, p, p - name + 1);
-              p = home_buffer + (p - name + 1);
-            }
-          strcpy (stpcpy (stpcpy (p, home), "/"), name);
-          xfree (name);
-          name = home_buffer;
-          /* Let's do a simple compression to catch the most common
-             case of using "." for gpg's --homedir option.  */
-          n = strlen (name);
-          if (n > 2 && name[n-2] == '/' && name[n-1] == '.')
-            name[n-2] = 0;
-        }
-    }
-  return change_slashes (name);
-}
-
-/* Construct a filename from the NULL terminated list of parts.  Tilde
-   expansion is done for the first argument.  This function terminates
-   the process on memory shortage. */
-char *
-make_filename (const char *first_part, ... )
-{
-  va_list arg_ptr;
-  char *result;
-
-  va_start (arg_ptr, first_part);
-  result = do_make_filename (1, first_part, arg_ptr);
-  va_end (arg_ptr);
-  return result;
-}
-
-/* Construct a filename from the NULL terminated list of parts.  Tilde
-   expansion is done for the first argument.  This function may return
-   NULL on error. */
-char *
-make_filename_try (const char *first_part, ... )
-{
-  va_list arg_ptr;
-  char *result;
-
-  va_start (arg_ptr, first_part);
-  result = do_make_filename (0, first_part, arg_ptr);
-  va_end (arg_ptr);
-  return result;
-}
-
-/* Construct an absolute filename from the NULL terminated list of
-   parts.  Tilde expansion is done for the first argument.  This
-   function terminates the process on memory shortage. */
-char *
-make_absfilename (const char *first_part, ... )
-{
-  va_list arg_ptr;
-  char *result;
-
-  va_start (arg_ptr, first_part);
-  result = do_make_filename (3, first_part, arg_ptr);
-  va_end (arg_ptr);
-  return result;
-}
-
-/* Construct an absolute filename from the NULL terminated list of
-   parts.  Tilde expansion is done for the first argument.  This
-   function may return NULL on error. */
-char *
-make_absfilename_try (const char *first_part, ... )
-{
-  va_list arg_ptr;
-  char *result;
-
-  va_start (arg_ptr, first_part);
-  result = do_make_filename (2, first_part, arg_ptr);
-  va_end (arg_ptr);
-  return result;
-}
-
-
-
-/* Compare whether the filenames are identical.  This is a
-   special version of strcmp() taking the semantics of filenames in
-   account.  Note that this function works only on the supplied names
-   without considering any context like the current directory.  See
-   also same_file_p(). */
-int
-compare_filenames (const char *a, const char *b)
-{
-#ifdef HAVE_DOSISH_SYSTEM
-  for ( ; *a && *b; a++, b++ )
-    {
-      if (*a != *b
-          && (toupper (*(const unsigned char*)a)
-              != toupper (*(const unsigned char*)b) )
-          && !((*a == '/' && *b == '\\') || (*a == '\\' && *b == '/')))
-        break;
-    }
-  if ((*a == '/' && *b == '\\') || (*a == '\\' && *b == '/'))
-    return 0;
-  else
-    return (toupper (*(const unsigned char*)a)
-            - toupper (*(const unsigned char*)b));
-#else
-    return strcmp(a,b);
-#endif
-}
-
-
-/* Convert 2 hex characters at S to a byte value.  Return this value
-   or -1 if there is an error. */
-int
-hextobyte (const char *s)
-{
-  int c;
-
-  if ( *s >= '0' && *s <= '9' )
-    c = 16 * (*s - '0');
-  else if ( *s >= 'A' && *s <= 'F' )
-    c = 16 * (10 + *s - 'A');
-  else if ( *s >= 'a' && *s <= 'f' )
-    c = 16 * (10 + *s - 'a');
-  else
-    return -1;
-  s++;
-  if ( *s >= '0' && *s <= '9' )
-    c += *s - '0';
-  else if ( *s >= 'A' && *s <= 'F' )
-    c += 10 + *s - 'A';
-  else if ( *s >= 'a' && *s <= 'f' )
-    c += 10 + *s - 'a';
-  else
-    return -1;
-  return c;
-}
-
-
-/* Create a string from the buffer P_ARG of length N which is suitable
-   for printing.  Caller must release the created string using xfree.
-   This function terminates the process on memory shortage.  */
-char *
-sanitize_buffer (const void *p_arg, size_t n, int delim)
-{
-  const unsigned char *p = p_arg;
-  size_t save_n, buflen;
-  const unsigned char *save_p;
-  char *buffer, *d;
-
-  /* First count length. */
-  for (save_n = n, save_p = p, buflen=1 ; n; n--, p++ )
-    {
-      if ( *p < 0x20 || *p == 0x7f || *p == delim  || (delim && *p=='\\'))
-        {
-          if ( *p=='\n' || *p=='\r' || *p=='\f'
-               || *p=='\v' || *p=='\b' || !*p )
-            buflen += 2;
-          else
-            buflen += 5;
-	}
-      else
-        buflen++;
-    }
-  p = save_p;
-  n = save_n;
-  /* And now make the string */
-  d = buffer = xmalloc( buflen );
-  for ( ; n; n--, p++ )
-    {
-      if (*p < 0x20 || *p == 0x7f || *p == delim || (delim && *p=='\\')) {
-        *d++ = '\\';
-        if( *p == '\n' )
-          *d++ = 'n';
-        else if( *p == '\r' )
-          *d++ = 'r';
-        else if( *p == '\f' )
-          *d++ = 'f';
-        else if( *p == '\v' )
-          *d++ = 'v';
-        else if( *p == '\b' )
-          *d++ = 'b';
-        else if( !*p )
-          *d++ = '0';
-        else {
-          sprintf(d, "x%02x", *p );
-          d += 3;
-        }
-      }
-      else
-        *d++ = *p;
-    }
-  *d = 0;
-  return buffer;
-}
-
-
-/* Given a string containing an UTF-8 encoded text, return the number
-   of characters in this string.  It differs from strlen in that it
-   only counts complete UTF-8 characters.  Note, that this function
-   does not take combined characters into account.  */
-size_t
-utf8_charcount (const char *s)
-{
-  size_t n;
-
-  for (n=0; *s; s++)
-    if ( (*s&0xc0) != 0x80 ) /* Exclude continuation bytes: 10xxxxxx */
-      n++;
-
-  return n;
-}
-
-
-/****************************************************
- **********  W32 specific functions  ****************
- ****************************************************/
-
-#ifdef HAVE_W32_SYSTEM
-const char *
-w32_strerror (int ec)
-{
-  static char strerr[256];
-
-  if (ec == -1)
-    ec = (int)GetLastError ();
-#ifdef HAVE_W32CE_SYSTEM
-  /* There is only a wchar_t FormatMessage.  It does not make much
-     sense to play the conversion game; we print only the code.  */
-  snprintf (strerr, sizeof strerr, "ec=%d", (int)GetLastError ());
-#else
-  FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, NULL, ec,
-                 MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT),
-                 strerr, DIM (strerr)-1, NULL);
-#endif
-  return strerr;
-}
-#endif /*HAVE_W32_SYSTEM*/
-
-
-/****************************************************
- ******** Locale insensitive ctype functions ********
- ****************************************************/
-/* FIXME: replace them by a table lookup and macros */
-int
-ascii_isupper (int c)
-{
-    return c >= 'A' && c <= 'Z';
-}
-
-int
-ascii_islower (int c)
-{
-    return c >= 'a' && c <= 'z';
-}
-
-int
-ascii_toupper (int c)
-{
-    if (c >= 'a' && c <= 'z')
-        c &= ~0x20;
-    return c;
-}
-
-int
-ascii_tolower (int c)
-{
-    if (c >= 'A' && c <= 'Z')
-        c |= 0x20;
-    return c;
-}
-
-/* Lowercase all ASCII characters in S.  */
-char *
-ascii_strlwr (char *s)
-{
-  char *p = s;
-
-  for (p=s; *p; p++ )
-    if (isascii (*p) && *p >= 'A' && *p <= 'Z')
-      *p |= 0x20;
-
-  return s;
-}
-
-int
-ascii_strcasecmp( const char *a, const char *b )
-{
-    if (a == b)
-        return 0;
-
-    for (; *a && *b; a++, b++) {
-	if (*a != *b && ascii_toupper(*a) != ascii_toupper(*b))
-	    break;
-    }
-    return *a == *b? 0 : (ascii_toupper (*a) - ascii_toupper (*b));
-}
-
-int
-ascii_strncasecmp (const char *a, const char *b, size_t n)
-{
-  const unsigned char *p1 = (const unsigned char *)a;
-  const unsigned char *p2 = (const unsigned char *)b;
-  unsigned char c1, c2;
-
-  if (p1 == p2 || !n )
-    return 0;
-
-  do
-    {
-      c1 = ascii_tolower (*p1);
-      c2 = ascii_tolower (*p2);
-
-      if ( !--n || c1 == '\0')
-	break;
-
-      ++p1;
-      ++p2;
-    }
-  while (c1 == c2);
-
-  return c1 - c2;
-}
-
-
-int
-ascii_memcasecmp (const void *a_arg, const void *b_arg, size_t n )
-{
-  const char *a = a_arg;
-  const char *b = b_arg;
-
-  if (a == b)
-    return 0;
-  for ( ; n; n--, a++, b++ )
-    {
-      if( *a != *b  && ascii_toupper (*a) != ascii_toupper (*b) )
-        return *a == *b? 0 : (ascii_toupper (*a) - ascii_toupper (*b));
-    }
-  return 0;
-}
-
-int
-ascii_strcmp( const char *a, const char *b )
-{
-    if (a == b)
-        return 0;
-
-    for (; *a && *b; a++, b++) {
-	if (*a != *b )
-	    break;
-    }
-    return *a == *b? 0 : (*(signed char *)a - *(signed char *)b);
-}
-
-
-void *
-ascii_memcasemem (const void *haystack, size_t nhaystack,
-                  const void *needle, size_t nneedle)
-{
-
-  if (!nneedle)
-    return (void*)haystack; /* finding an empty needle is really easy */
-  if (nneedle <= nhaystack)
-    {
-      const char *a = haystack;
-      const char *b = a + nhaystack - nneedle;
-
-      for (; a <= b; a++)
-        {
-          if ( !ascii_memcasecmp (a, needle, nneedle) )
-            return (void *)a;
-        }
-    }
-  return NULL;
-}
-
-/*********************************************
- ********** missing string functions *********
- *********************************************/
-
-#ifndef HAVE_STPCPY
-char *
-stpcpy(char *a,const char *b)
-{
-    while( *b )
-	*a++ = *b++;
-    *a = 0;
-
-    return (char*)a;
-}
-#endif
-
-#ifndef HAVE_STRPBRK
-/* Find the first occurrence in S of any character in ACCEPT.
-   Code taken from glibc-2.6/string/strpbrk.c (LGPLv2.1+) and modified. */
-char *
-strpbrk (const char *s, const char *accept)
-{
-  while (*s != '\0')
-    {
-      const char *a = accept;
-      while (*a != '\0')
-	if (*a++ == *s)
-	  return (char *) s;
-      ++s;
-    }
-
-  return NULL;
-}
-#endif /*!HAVE_STRPBRK*/
-
-
-#ifndef HAVE_STRSEP
-/* Code taken from glibc-2.2.1/sysdeps/generic/strsep.c. */
-char *
-strsep (char **stringp, const char *delim)
-{
-  char *begin, *end;
-
-  begin = *stringp;
-  if (begin == NULL)
-    return NULL;
-
-  /* A frequent case is when the delimiter string contains only one
-     character.  Here we don't need to call the expensive 'strpbrk'
-     function and instead work using 'strchr'.  */
-  if (delim[0] == '\0' || delim[1] == '\0')
-    {
-      char ch = delim[0];
-
-      if (ch == '\0')
-        end = NULL;
-      else
-        {
-          if (*begin == ch)
-            end = begin;
-          else if (*begin == '\0')
-            end = NULL;
-          else
-            end = strchr (begin + 1, ch);
-        }
-    }
-  else
-    /* Find the end of the token.  */
-    end = strpbrk (begin, delim);
-
-  if (end)
-    {
-      /* Terminate the token and set *STRINGP past NUL character.  */
-      *end++ = '\0';
-      *stringp = end;
-    }
-  else
-    /* No more delimiters; this is the last token.  */
-    *stringp = NULL;
-
-  return begin;
-}
-#endif /*HAVE_STRSEP*/
-
-
-#ifndef HAVE_STRLWR
-char *
-strlwr(char *s)
-{
-    char *p;
-    for(p=s; *p; p++ )
-	*p = tolower(*p);
-    return s;
-}
-#endif
-
-
-#ifndef HAVE_STRCASECMP
-int
-strcasecmp( const char *a, const char *b )
-{
-    for( ; *a && *b; a++, b++ ) {
-	if( *a != *b && toupper(*a) != toupper(*b) )
-	    break;
-    }
-    return *(const byte*)a - *(const byte*)b;
-}
-#endif
-
-
-/****************
- * mingw32/cpd has a memicmp()
- */
-#ifndef HAVE_MEMICMP
-int
-memicmp( const char *a, const char *b, size_t n )
-{
-    for( ; n; n--, a++, b++ )
-	if( *a != *b  && toupper(*(const byte*)a) != toupper(*(const byte*)b) )
-	    return *(const byte *)a - *(const byte*)b;
-    return 0;
-}
-#endif
-
-
-#ifndef HAVE_MEMRCHR
-void *
-memrchr (const void *buffer, int c, size_t n)
-{
-  const unsigned char *p = buffer;
-
-  for (p += n; n ; n--)
-    if (*--p == c)
-      return (void *)p;
-  return NULL;
-}
-#endif /*HAVE_MEMRCHR*/
-
-
-/* Percent-escape the string STR by replacing colons with '%3a'.  If
-   EXTRA is not NULL all characters in EXTRA are also escaped.  */
-static char *
-do_percent_escape (const char *str, const char *extra, int die)
-{
-  int i, j;
-  char *ptr;
-
-  if (!str)
-    return NULL;
-
-  for (i=j=0; str[i]; i++)
-    if (str[i] == ':' || str[i] == '%' || (extra && strchr (extra, str[i])))
-      j++;
-  if (die)
-    ptr = xmalloc (i + 2 * j + 1);
-  else
-    {
-      ptr = xtrymalloc (i + 2 * j + 1);
-      if (!ptr)
-        return NULL;
-    }
-  i = 0;
-  while (*str)
-    {
-      if (*str == ':')
-	{
-	  ptr[i++] = '%';
-	  ptr[i++] = '3';
-	  ptr[i++] = 'a';
-	}
-      else if (*str == '%')
-	{
-	  ptr[i++] = '%';
-	  ptr[i++] = '2';
-	  ptr[i++] = '5';
-	}
-      else if (extra && strchr (extra, *str))
-        {
-	  ptr[i++] = '%';
-          ptr[i++] = tohex_lower ((*str>>4)&15);
-          ptr[i++] = tohex_lower (*str&15);
-        }
-      else
-	ptr[i++] = *str;
-      str++;
-    }
-  ptr[i] = '\0';
-
-  return ptr;
-}
-
-/* Percent-escape the string STR by replacing colons with '%3a'.  If
-   EXTRA is not NULL all characters in EXTRA are also escaped.  This
-   function terminates the process on memory shortage.  */
-char *
-percent_escape (const char *str, const char *extra)
-{
-  return do_percent_escape (str, extra, 1);
-}
-
-/* Same as percent_escape but return NULL instead of exiting on memory
-   error. */
-char *
-try_percent_escape (const char *str, const char *extra)
-{
-  return do_percent_escape (str, extra, 0);
-}
-
-
-
-static char *
-do_strconcat (const char *s1, va_list arg_ptr)
-{
-  const char *argv[48];
-  size_t argc;
-  size_t needed;
-  char *buffer, *p;
-
-  argc = 0;
-  argv[argc++] = s1;
-  needed = strlen (s1);
-  while (((argv[argc] = va_arg (arg_ptr, const char *))))
-    {
-      needed += strlen (argv[argc]);
-      if (argc >= DIM (argv)-1)
-        {
-          gpg_err_set_errno (EINVAL);
-          return NULL;
-        }
-      argc++;
-    }
-  needed++;
-  buffer = xtrymalloc (needed);
-  if (buffer)
-    {
-      for (p = buffer, argc=0; argv[argc]; argc++)
-        p = stpcpy (p, argv[argc]);
-    }
-  return buffer;
-}
-
-
-/* Concatenate the string S1 with all the following strings up to a
-   NULL.  Returns a malloced buffer with the new string or NULL on a
-   malloc error or if too many arguments are given.  */
-char *
-strconcat (const char *s1, ...)
-{
-  va_list arg_ptr;
-  char *result;
-
-  if (!s1)
-    result = xtrystrdup ("");
-  else
-    {
-      va_start (arg_ptr, s1);
-      result = do_strconcat (s1, arg_ptr);
-      va_end (arg_ptr);
-    }
-  return result;
-}
-
-/* Same as strconcat but terminate the process with an error message
-   if something goes wrong.  */
-char *
-xstrconcat (const char *s1, ...)
-{
-  va_list arg_ptr;
-  char *result;
-
-  if (!s1)
-    result = xstrdup ("");
-  else
-    {
-      va_start (arg_ptr, s1);
-      result = do_strconcat (s1, arg_ptr);
-      va_end (arg_ptr);
-    }
-  if (!result)
-    {
-      if (errno == EINVAL)
-        fputs ("\nfatal: too many args for xstrconcat\n", stderr);
-      else
-        fputs ("\nfatal: out of memory\n", stderr);
-      exit (2);
-    }
-  return result;
-}
-
-/* Split a string into fields at DELIM.  REPLACEMENT is the character
-   to replace the delimiter with (normally: '\0' so that each field is
-   NUL terminated).  The caller is responsible for freeing the result.
-   Note: this function modifies STRING!  If you need the original
-   value, then you should pass a copy to this function.
-
-   If malloc fails, this function returns NULL.  */
-char **
-strsplit (char *string, char delim, char replacement, int *count)
-{
-  int fields = 1;
-  char *t;
-  char **result;
-
-  /* First, count the number of fields.  */
-  for (t = strchr (string, delim); t; t = strchr (t + 1, delim))
-    fields ++;
-
-  result = xtrycalloc (sizeof (*result), (fields + 1));
-  if (! result)
-    return NULL;
-
-  result[0] = string;
-  fields = 1;
-  for (t = strchr (string, delim); t; t = strchr (t + 1, delim))
-    {
-      result[fields ++] = t + 1;
-      *t = replacement;
-    }
-
-  if (count)
-    *count = fields;
-
-  return result;
-}
-
-
-/* Tokenize STRING using the set of delimiters in DELIM.  Leading
- * spaces and tabs are removed from all tokens.  The caller must xfree
- * the result.
- *
- * Returns: A malloced and NULL delimited array with the tokens.  On
- *          memory error NULL is returned and ERRNO is set.
- */
-char **
-strtokenize (const char *string, const char *delim)
-{
-  const char *s;
-  size_t fields;
-  size_t bytes, n;
-  char *buffer;
-  char *p, *px, *pend;
-  char **result;
-
-  /* Count the number of fields.  */
-  for (fields = 1, s = strpbrk (string, delim); s; s = strpbrk (s + 1, delim))
-    fields++;
-  fields++; /* Add one for the terminating NULL.  */
-
-  /* Allocate an array for all fields, a terminating NULL, and space
-     for a copy of the string.  */
-  bytes = fields * sizeof *result;
-  if (bytes / sizeof *result != fields)
-    {
-      gpg_err_set_errno (ENOMEM);
-      return NULL;
-    }
-  n = strlen (string) + 1;
-  bytes += n;
-  if (bytes < n)
-    {
-      gpg_err_set_errno (ENOMEM);
-      return NULL;
-    }
-  result = xtrymalloc (bytes);
-  if (!result)
-    return NULL;
-  buffer = (char*)(result + fields);
-
-  /* Copy and parse the string.  */
-  strcpy (buffer, string);
-  for (n = 0, p = buffer; (pend = strpbrk (p, delim)); p = pend + 1)
-    {
-      *pend = 0;
-      while (spacep (p))
-        p++;
-      for (px = pend - 1; px >= p && spacep (px); px--)
-        *px = 0;
-      result[n++] = p;
-    }
-  while (spacep (p))
-    p++;
-  for (px = p + strlen (p) - 1; px >= p && spacep (px); px--)
-    *px = 0;
-  result[n++] = p;
-  result[n] = NULL;
-
-  assert ((char*)(result + n + 1) == buffer);
-
-  return result;
-}
diff -Nru gnupg2-2.1.6/common/stringhelp.h gnupg2-2.0.28/common/stringhelp.h
--- gnupg2-2.1.6/common/stringhelp.h	2015-06-22 17:25:51.000000000 +0000
+++ gnupg2-2.0.28/common/stringhelp.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,155 +0,0 @@
-/* stringhelp.h
- * Copyright (C) 1998, 1999, 2000, 2001, 2003,
- *               2006, 2007, 2009  Free Software Foundation, Inc.
- *               2015  g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifndef GNUPG_COMMON_STRINGHELP_H
-#define GNUPG_COMMON_STRINGHELP_H
-
-#include "types.h"
-
-/*-- stringhelp.c --*/
-char *has_leading_keyword (const char *string, const char *keyword);
-
-const char *memistr (const void *buf, size_t buflen, const char *sub);
-char *mem2str( char *, const void *, size_t);
-char *trim_spaces( char *string );
-char *trim_trailing_spaces( char *string );
-unsigned int trim_trailing_chars( unsigned char *line, unsigned len,
-					      const char *trimchars);
-unsigned int trim_trailing_ws( unsigned char *line, unsigned len );
-size_t length_sans_trailing_chars (const unsigned char *line, size_t len,
-                                   const char *trimchars );
-size_t length_sans_trailing_ws (const unsigned char *line, size_t len);
-
-
-char *make_basename(const char *filepath, const char *inputpath);
-char *make_dirname(const char *filepath);
-char *make_filename( const char *first_part, ... ) GNUPG_GCC_A_SENTINEL(0);
-char *make_filename_try (const char *first_part, ... ) GNUPG_GCC_A_SENTINEL(0);
-char *make_absfilename (const char *first_part, ...) GNUPG_GCC_A_SENTINEL(0);
-char *make_absfilename_try (const char *first_part,
-                            ...) GNUPG_GCC_A_SENTINEL(0);
-int compare_filenames( const char *a, const char *b );
-
-int hextobyte (const char *s);
-
-char *sanitize_buffer (const void *p, size_t n, int delim);
-
-
-size_t utf8_charcount (const char *s);
-
-
-#ifdef HAVE_W32_SYSTEM
-const char *w32_strerror (int ec);
-#endif
-
-
-int ascii_isupper (int c);
-int ascii_islower (int c);
-int ascii_toupper (int c);
-int ascii_tolower (int c);
-char *ascii_strlwr (char *s);
-int ascii_strcasecmp( const char *a, const char *b );
-int ascii_strncasecmp (const char *a, const char *b, size_t n);
-int ascii_memcasecmp( const void *a, const void *b, size_t n );
-const char *ascii_memistr ( const void *buf, size_t buflen, const char *sub);
-void *ascii_memcasemem (const void *haystack, size_t nhaystack,
-                        const void *needle, size_t nneedle);
-
-
-#ifndef HAVE_MEMICMP
-int memicmp( const char *a, const char *b, size_t n );
-#endif
-#ifndef HAVE_STPCPY
-char *stpcpy(char *a,const char *b);
-#endif
-#ifndef HAVE_STRPBRK
-char *strpbrk (const char *s, const char *accept);
-#endif
-#ifndef HAVE_STRSEP
-char *strsep (char **stringp, const char *delim);
-#endif
-#ifndef HAVE_STRLWR
-char *strlwr(char *a);
-#endif
-#ifndef HAVE_STRTOUL
-#  define strtoul(a,b,c)  ((unsigned long)strtol((a),(b),(c)))
-#endif
-#ifndef HAVE_MEMMOVE
-#  define memmove(d, s, n) bcopy((s), (d), (n))
-#endif
-#ifndef HAVE_STRICMP
-#  define stricmp(a,b)	 strcasecmp( (a), (b) )
-#endif
-#ifndef HAVE_MEMRCHR
-void *memrchr (const void *buffer, int c, size_t n);
-#endif
-
-
-#ifndef HAVE_ISASCII
-static inline int
-isascii (int c)
-{
-  return (((c) & ~0x7f) == 0);
-}
-#endif /* !HAVE_ISASCII */
-
-
-#ifndef STR
-#  define STR(v) #v
-#endif
-#define STR2(v) STR(v)
-
-/* Percent-escape the string STR by replacing colons with '%3a'.  If
-   EXTRA is not NULL, also replace all characters given in EXTRA.  The
-   "try_" variant fails with NULL if not enough memory can be
-   allocated.  */
-char *percent_escape (const char *str, const char *extra);
-char *try_percent_escape (const char *str, const char *extra);
-
-
-/* Concatenate the string S1 with all the following strings up to a
-   NULL.  Returns a malloced buffer with the new string or NULL on a
-   malloc error or if too many arguments are given.  */
-char *strconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0);
-/* Ditto, but die on error.  */
-char *xstrconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0);
-
-char **strsplit (char *string, char delim, char replacement, int *count);
-
-/* Tokenize STRING using the set of delimiters in DELIM.  */
-char **strtokenize (const char *string, const char *delim);
-
-
-/*-- mapstrings.c --*/
-const char *map_static_macro_string (const char *string);
-
-#endif /*GNUPG_COMMON_STRINGHELP_H*/
diff -Nru gnupg2-2.1.6/common/strlist.c gnupg2-2.0.28/common/strlist.c
--- gnupg2-2.1.6/common/strlist.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/strlist.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,223 +0,0 @@
-/* strlist.c -  string helpers
- * Copyright (C) 1998, 2000, 2001, 2006 Free Software Foundation, Inc.
- * Copyright (C) 2015  g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "util.h"
-#include "common-defs.h"
-#include "strlist.h"
-#include "utf8conv.h"
-
-void
-free_strlist( strlist_t sl )
-{
-    strlist_t sl2;
-
-    for(; sl; sl = sl2 ) {
-	sl2 = sl->next;
-	xfree(sl);
-    }
-}
-
-
-/* Add STRING to the LIST at the front.  This function terminates the
-   process on memory shortage.  */
-strlist_t
-add_to_strlist( strlist_t *list, const char *string )
-{
-    strlist_t sl;
-
-    sl = xmalloc( sizeof *sl + strlen(string));
-    sl->flags = 0;
-    strcpy(sl->d, string);
-    sl->next = *list;
-    *list = sl;
-    return sl;
-}
-
-
-/* Add STRING to the LIST at the front.  This function returns NULL
-   and sets ERRNO on memory shortage.  */
-strlist_t
-add_to_strlist_try (strlist_t *list, const char *string)
-{
-  strlist_t sl;
-
-  sl = xtrymalloc (sizeof *sl + strlen (string));
-  if (sl)
-    {
-      sl->flags = 0;
-      strcpy (sl->d, string);
-      sl->next = *list;
-      *list = sl;
-    }
-  return sl;
-}
-
-
-/* Same as add_to_strlist() but if IS_UTF8 is *not* set, a conversion
-   to UTF-8 is done.  This function terminates the process on memory
-   shortage.  */
-strlist_t
-add_to_strlist2( strlist_t *list, const char *string, int is_utf8 )
-{
-  strlist_t sl;
-
-  if (is_utf8)
-    sl = add_to_strlist( list, string );
-  else
-    {
-      char *p = native_to_utf8( string );
-      sl = add_to_strlist( list, p );
-      xfree ( p );
-    }
-  return sl;
-}
-
-
-/* Add STRING to the LIST at the end.  This function terminates the
-   process on memory shortage.  */
-strlist_t
-append_to_strlist( strlist_t *list, const char *string )
-{
-    strlist_t r, sl;
-
-    sl = xmalloc( sizeof *sl + strlen(string));
-    sl->flags = 0;
-    strcpy(sl->d, string);
-    sl->next = NULL;
-    if( !*list )
-	*list = sl;
-    else {
-	for( r = *list; r->next; r = r->next )
-	    ;
-	r->next = sl;
-    }
-    return sl;
-}
-
-
-strlist_t
-append_to_strlist2( strlist_t *list, const char *string, int is_utf8 )
-{
-  strlist_t sl;
-
-  if( is_utf8 )
-    sl = append_to_strlist( list, string );
-  else
-    {
-      char *p = native_to_utf8 (string);
-      sl = append_to_strlist( list, p );
-      xfree( p );
-    }
-  return sl;
-}
-
-
-/* Return a copy of LIST.  This function terminates the process on
-   memory shortage.*/
-strlist_t
-strlist_copy (strlist_t list)
-{
-  strlist_t newlist = NULL, sl, *last;
-
-  last = &newlist;
-  for (; list; list = list->next)
-    {
-      sl = xmalloc (sizeof *sl + strlen (list->d));
-      sl->flags = list->flags;
-      strcpy(sl->d, list->d);
-      sl->next = NULL;
-      *last = sl;
-      last = &sl;
-    }
-  return newlist;
-}
-
-
-
-strlist_t
-strlist_prev( strlist_t head, strlist_t node )
-{
-    strlist_t n;
-
-    for(n=NULL; head && head != node; head = head->next )
-	n = head;
-    return n;
-}
-
-strlist_t
-strlist_last( strlist_t node )
-{
-    if( node )
-	for( ; node->next ; node = node->next )
-	    ;
-    return node;
-}
-
-
-/* Remove the first item from LIST and return its content in an
-   allocated buffer.  This function terminates the process on memory
-   shortage.  */
-char *
-strlist_pop (strlist_t *list)
-{
-  char *str=NULL;
-  strlist_t sl=*list;
-
-  if(sl)
-    {
-      str = xmalloc(strlen(sl->d)+1);
-      strcpy(str,sl->d);
-
-      *list=sl->next;
-      xfree(sl);
-    }
-
-  return str;
-}
-
-/* Return the first element of the string list HAYSTACK whose string
-   matches NEEDLE.  If no elements match, return NULL.  */
-strlist_t
-strlist_find (strlist_t haystack, const char *needle)
-{
-  for (;
-       haystack;
-       haystack = haystack->next)
-    if (strcmp (haystack->d, needle) == 0)
-      return haystack;
-  return NULL;
-}
diff -Nru gnupg2-2.1.6/common/strlist.h gnupg2-2.0.28/common/strlist.h
--- gnupg2-2.1.6/common/strlist.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/strlist.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,64 +0,0 @@
-/* strlist.h
- *	Copyright (C) 1998, 2000, 2001, 2006 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifndef GNUPG_COMMON_STRLIST_H
-#define GNUPG_COMMON_STRLIST_H
-
-struct string_list
-{
-  struct string_list *next;
-  unsigned int flags;
-  char d[1];
-};
-typedef struct string_list *strlist_t;
-
-void    free_strlist (strlist_t sl);
-strlist_t add_to_strlist (strlist_t *list, const char *string);
-strlist_t add_to_strlist_try (strlist_t *list, const char *string);
-
-strlist_t add_to_strlist2( strlist_t *list, const char *string, int is_utf8);
-
-strlist_t append_to_strlist (strlist_t *list, const char *string);
-strlist_t append_to_strlist2 (strlist_t *list, const char *string,
-                              int is_utf8);
-
-strlist_t strlist_copy (strlist_t list);
-
-strlist_t strlist_prev (strlist_t head, strlist_t node);
-strlist_t strlist_last (strlist_t node);
-char * strlist_pop (strlist_t *list);
-
-strlist_t strlist_find (strlist_t haystack, const char *needle);
-
-
-#define FREE_STRLIST(a) do { free_strlist((a)); (a) = NULL ; } while(0)
-
-
-#endif /*GNUPG_COMMON_STRLIST_H*/
diff -Nru gnupg2-2.1.6/common/sysutils.c gnupg2-2.0.28/common/sysutils.c
--- gnupg2-2.1.6/common/sysutils.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/sysutils.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,26 +1,16 @@
 /* sysutils.c -  system helpers
- * Copyright (C) 1991-2001, 2003-2004,
- *               2006-2008  Free Software Foundation, Inc.
- * Copyright (C) 2013-2014 Werner Koch
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004,
+ *               2007, 2008  Free Software Foundation, Inc.
+ * Copyright (C) 2013 Werner Koch
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -31,14 +21,13 @@
 
 #include 
 
-#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
-# undef HAVE_NPTH
-# undef USE_NPTH
+#ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth.  */
+# undef HAVE_PTH
+# undef USE_GNU_PTH
 #endif
 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -55,21 +44,19 @@
 # include 
 #endif
 #ifdef HAVE_W32_SYSTEM
-# if WINVER < 0x0500
-#   define WINVER 0x0500  /* Required for AllowSetForegroundWindow.  */
+# ifndef WINVER
+#  define WINVER 0x0500  /* Required for AllowSetForegroundWindow.  */
 # endif
 # ifdef HAVE_WINSOCK2_H
 #  include 
 # endif
 # include 
 #endif
-#ifdef HAVE_NPTH
-# include 
+#ifdef HAVE_PTH
+# include 
 #endif
 #include 
 
-#include 
-
 #include "util.h"
 #include "i18n.h"
 
@@ -149,33 +136,33 @@
 
 
 
-/* Return a string which is used as a kind of process ID.  */
+/* Return a string which is used as a kind of process ID */
 const byte *
-get_session_marker (size_t *rlen)
+get_session_marker( size_t *rlen )
 {
-  static byte marker[SIZEOF_UNSIGNED_LONG*2];
-  static int initialized;
+    static byte marker[SIZEOF_UNSIGNED_LONG*2];
+    static int initialized;
 
-  if (!initialized)
-    {
-      gcry_create_nonce (marker, sizeof marker);
-      initialized = 1;
+    if ( !initialized ) {
+        volatile ulong aa, bb; /* we really want the uninitialized value */
+        ulong a, b;
+
+        initialized = 1;
+        /* Although this marker is guessable it is not easy to use
+         * for a faked control packet because an attacker does not
+         * have enough control about the time the verification does
+         * take place.  Of course, we can add just more random but
+         * than we need the random generator even for verification
+         * tasks - which does not make sense. */
+        a = aa ^ (ulong)getpid();
+        b = bb ^ (ulong)time(NULL);
+        memcpy( marker, &a, SIZEOF_UNSIGNED_LONG );
+        memcpy( marker+SIZEOF_UNSIGNED_LONG, &b, SIZEOF_UNSIGNED_LONG );
     }
-  *rlen = sizeof (marker);
-  return marker;
+    *rlen = sizeof(marker);
+    return marker;
 }
 
-/* Return a random number in an unsigned int. */
-unsigned int
-get_uint_nonce (void)
-{
-  unsigned int value;
-
-  gcry_create_nonce (&value, sizeof value);
-  return value;
-}
-
-
 
 #if 0 /* not yet needed - Note that this will require inclusion of
          cmacros.am in Makefile.am */
@@ -274,8 +261,18 @@
 void
 gnupg_sleep (unsigned int seconds)
 {
-#ifdef USE_NPTH
-  npth_sleep (seconds);
+#ifdef HAVE_PTH
+  /* With Pth we force a regular sleep for seconds == 0 so that also
+     the process will give up its timeslot.  */
+  if (!seconds)
+    {
+# ifdef HAVE_W32_SYSTEM
+      Sleep (0);
+# else
+      sleep (0);
+# endif
+    }
+  pth_sleep (seconds);
 #else
   /* Fixme:  make sure that a sleep won't wake up to early.  */
 # ifdef HAVE_W32_SYSTEM
@@ -295,10 +292,7 @@
 int
 translate_sys2libc_fd (gnupg_fd_t fd, int for_write)
 {
-#if defined(HAVE_W32CE_SYSTEM)
-  (void)for_write;
-  return (int) fd;
-#elif defined(HAVE_W32_SYSTEM)
+#ifdef HAVE_W32_SYSTEM
   int x;
 
   if (fd == GNUPG_INVALID_FD)
@@ -317,16 +311,11 @@
 }
 
 /* This is the same as translate_sys2libc_fd but takes an integer
-   which is assumed to be such an system handle.  On WindowsCE the
-   passed FD is a rendezvous ID and the function finishes the pipe
-   creation. */
+   which is assumed to be such an system handle.  */
 int
 translate_sys2libc_fd_int (int fd, int for_write)
 {
-#if HAVE_W32CE_SYSTEM
-  fd = (int) _assuan_w32ce_finish_pipe (fd, for_write);
-  return translate_sys2libc_fd ((void*)fd, for_write);
-#elif HAVE_W32_SYSTEM
+#ifdef HAVE_W32_SYSTEM
   if (fd <= 2)
     return fd;	/* Do not do this for error, stdin, stdout, stderr. */
 
@@ -348,15 +337,8 @@
 {
 #ifdef HAVE_W32_SYSTEM
   int attempts, n;
-#ifdef HAVE_W32CE_SYSTEM
-  wchar_t buffer[MAX_PATH+7+12+1];
-# define mystrlen(a) wcslen (a)
-  wchar_t *name, *p;
-#else
   char buffer[MAX_PATH+7+12+1];
-# define mystrlen(a) strlen (a)
   char *name, *p;
-#endif
   HANDLE file;
   int pid = GetCurrentProcessId ();
   unsigned int value;
@@ -368,18 +350,13 @@
   sec_attr.bInheritHandle = TRUE;
 
   n = GetTempPath (MAX_PATH+1, buffer);
-  if (!n || n > MAX_PATH || mystrlen (buffer) > MAX_PATH)
+  if (!n || n > MAX_PATH || strlen (buffer) > MAX_PATH)
     {
-      gpg_err_set_errno (ENOENT);
+      errno = ENOENT;
       return NULL;
     }
-  p = buffer + mystrlen (buffer);
-#ifdef HAVE_W32CE_SYSTEM
-  wcscpy (p, L"_gnupg");
-  p += 7;
-#else
+  p = buffer + strlen (buffer);
   p = stpcpy (p, "_gnupg");
-#endif
   /* We try to create the directory but don't care about an error as
      it may already exist and the CreateFile would throw an error
      anyway.  */
@@ -395,11 +372,7 @@
           *p++ = tohex (((value >> 28) & 0x0f));
           value <<= 4;
         }
-#ifdef HAVE_W32CE_SYSTEM
-      wcscpy (p, L".tmp");
-#else
       strcpy (p, ".tmp");
-#endif
       file = CreateFile (buffer,
                          GENERIC_READ | GENERIC_WRITE,
                          0,
@@ -410,10 +383,6 @@
       if (file != INVALID_HANDLE_VALUE)
         {
           FILE *fp;
-#ifdef HAVE_W32CE_SYSTEM
-          int fd = (int)file;
-          fp = _wfdopen (fd, L"w+b");
-#else
           int fd = _open_osfhandle ((long)file, 0);
           if (fd == -1)
             {
@@ -421,21 +390,19 @@
               return NULL;
             }
           fp = fdopen (fd, "w+b");
-#endif
           if (!fp)
             {
               int save = errno;
               close (fd);
-              gpg_err_set_errno (save);
+              errno = save;
               return NULL;
             }
           return fp;
         }
       Sleep (1); /* One ms as this is the granularity of GetTickCount.  */
     }
-  gpg_err_set_errno (ENOENT);
+  errno = ENOENT;
   return NULL;
-#undef mystrlen
 #else /*!HAVE_W32_SYSTEM*/
   return tmpfile ();
 #endif /*!HAVE_W32_SYSTEM*/
@@ -523,330 +490,13 @@
   if (!pid)
     log_info ("%s called with invalid pid %lu\n",
               "gnupg_allow_set_foregound_window", (unsigned long)pid);
-#if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
+#ifdef HAVE_W32_SYSTEM
   else if (!AllowSetForegroundWindow ((pid_t)pid == (pid_t)(-1)?ASFW_ANY:pid))
     log_info ("AllowSetForegroundWindow(%lu) failed: %s\n",
                (unsigned long)pid, w32_strerror (-1));
 #endif
 }
 
-int
-gnupg_remove (const char *fname)
-{
-#ifdef HAVE_W32CE_SYSTEM
-  int rc;
-  wchar_t *wfname;
-
-  wfname = utf8_to_wchar (fname);
-  if (!wfname)
-    rc = 0;
-  else
-    {
-      rc = DeleteFile (wfname);
-      xfree (wfname);
-    }
-  if (!rc)
-    return -1; /* ERRNO is automagically provided by gpg-error.h.  */
-  return 0;
-#else
-  return remove (fname);
-#endif
-}
-
-
-/* A wrapper around mkdir which takes a string for the mode argument.
-   This makes it easier to handle the mode argument which is not
-   defined on all systems.  The format of the modestring is
-
-      "-rwxrwxrwx"
-
-   '-' is a don't care or not set.  'r', 'w', 'x' are read allowed,
-   write allowed, execution allowed with the first group for the user,
-   the second for the group and the third for all others.  If the
-   string is shorter than above the missing mode characters are meant
-   to be not set.  */
-int
-gnupg_mkdir (const char *name, const char *modestr)
-{
-#ifdef HAVE_W32CE_SYSTEM
-  wchar_t *wname;
-  (void)modestr;
-
-  wname = utf8_to_wchar (name);
-  if (!wname)
-    return -1;
-  if (!CreateDirectoryW (wname, NULL))
-    {
-      xfree (wname);
-      return -1;  /* ERRNO is automagically provided by gpg-error.h.  */
-    }
-  xfree (wname);
-  return 0;
-#elif MKDIR_TAKES_ONE_ARG
-  (void)modestr;
-  /* Note: In the case of W32 we better use CreateDirectory and try to
-     set appropriate permissions.  However using mkdir is easier
-     because this sets ERRNO.  */
-  return mkdir (name);
-#else
-  mode_t mode = 0;
-
-  if (modestr && *modestr)
-    {
-      modestr++;
-      if (*modestr && *modestr++ == 'r')
-        mode |= S_IRUSR;
-      if (*modestr && *modestr++ == 'w')
-        mode |= S_IWUSR;
-      if (*modestr && *modestr++ == 'x')
-        mode |= S_IXUSR;
-      if (*modestr && *modestr++ == 'r')
-        mode |= S_IRGRP;
-      if (*modestr && *modestr++ == 'w')
-        mode |= S_IWGRP;
-      if (*modestr && *modestr++ == 'x')
-        mode |= S_IXGRP;
-      if (*modestr && *modestr++ == 'r')
-        mode |= S_IROTH;
-      if (*modestr && *modestr++ == 'w')
-        mode |= S_IWOTH;
-      if (*modestr && *modestr++ == 'x')
-        mode |= S_IXOTH;
-    }
-  return mkdir (name, mode);
-#endif
-}
-
-
-/* Our version of mkdtemp.  The API is identical to POSIX.1-2008
-   version.  We do not use a system provided mkdtemp because we have a
-   good RNG instantly available and this way we don't have diverging
-   versions.  */
-char *
-gnupg_mkdtemp (char *tmpl)
-{
-  /* A lower bound on the number of temporary files to attempt to
-     generate.  The maximum total number of temporary file names that
-     can exist for a given template is 62**6 (5*36**3 for Windows).
-     It should never be necessary to try all these combinations.
-     Instead if a reasonable number of names is tried (we define
-     reasonable as 62**3 or 5*36**3) fail to give the system
-     administrator the chance to remove the problems.  */
-#ifdef HAVE_W32_SYSTEM
-  static const char letters[] =
-    "abcdefghijklmnopqrstuvwxyz0123456789";
-# define NUMBER_OF_LETTERS 36
-# define ATTEMPTS_MIN (5 * 36 * 36 * 36)
-#else
-  static const char letters[] =
-    "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-# define NUMBER_OF_LETTERS 62
-# define ATTEMPTS_MIN (62 * 62 * 62)
-#endif
-  int len;
-  char *XXXXXX;
-  uint64_t value;
-  unsigned int count;
-  int save_errno = errno;
-  /* The number of times to attempt to generate a temporary file.  To
-     conform to POSIX, this must be no smaller than TMP_MAX.  */
-#if ATTEMPTS_MIN < TMP_MAX
-  unsigned int attempts = TMP_MAX;
-#else
-  unsigned int attempts = ATTEMPTS_MIN;
-#endif
-
-  len = strlen (tmpl);
-  if (len < 6 || strcmp (&tmpl[len - 6], "XXXXXX"))
-    {
-      gpg_err_set_errno (EINVAL);
-      return NULL;
-    }
-
-  /* This is where the Xs start.  */
-  XXXXXX = &tmpl[len - 6];
-
-  /* Get a random start value.  */
-  gcry_create_nonce (&value, sizeof value);
-
-  /* Loop until a directory was created.  */
-  for (count = 0; count < attempts; value += 7777, ++count)
-    {
-      uint64_t v = value;
-
-      /* Fill in the random bits.  */
-      XXXXXX[0] = letters[v % NUMBER_OF_LETTERS];
-      v /= NUMBER_OF_LETTERS;
-      XXXXXX[1] = letters[v % NUMBER_OF_LETTERS];
-      v /= NUMBER_OF_LETTERS;
-      XXXXXX[2] = letters[v % NUMBER_OF_LETTERS];
-      v /= NUMBER_OF_LETTERS;
-      XXXXXX[3] = letters[v % NUMBER_OF_LETTERS];
-      v /= NUMBER_OF_LETTERS;
-      XXXXXX[4] = letters[v % NUMBER_OF_LETTERS];
-      v /= NUMBER_OF_LETTERS;
-      XXXXXX[5] = letters[v % NUMBER_OF_LETTERS];
-
-      if (!gnupg_mkdir (tmpl, "-rwx"))
-        {
-          gpg_err_set_errno (save_errno);
-          return tmpl;
-        }
-      if (errno != EEXIST)
-	return NULL;
-    }
-
-  /* We got out of the loop because we ran out of combinations to try.  */
-  gpg_err_set_errno (EEXIST);
-  return NULL;
-}
-
-
-int
-gnupg_setenv (const char *name, const char *value, int overwrite)
-{
-#ifdef HAVE_W32CE_SYSTEM
-  (void)name;
-  (void)value;
-  (void)overwrite;
-  return 0;
-#elif defined(HAVE_W32_SYSTEM)
-  if (!overwrite)
-    {
-      char tmpbuf[10];
-      if (GetEnvironmentVariable (name, tmpbuf, sizeof tmpbuf))
-        return 0; /* Exists but overwrite was not requested.  */
-    }
-  if (!SetEnvironmentVariable (name, value))
-    {
-      gpg_err_set_errno (EINVAL); /* (Might also be ENOMEM.) */
-      return -1;
-    }
-  return 0;
-#elif defined(HAVE_SETENV)
-  return setenv (name, value, overwrite);
-#else
-  char *buf;
-
-  (void)overwrite;
-  if (!name || !value)
-    {
-      gpg_err_set_errno (EINVAL);
-      return -1;
-    }
-  buf = xtrymalloc (strlen (name) + 1 + strlen (value) + 1);
-  if (!buf)
-    return -1;
-  strcpy (stpcpy (stpcpy (buf, name), "="), value);
-#if __GNUC__
-# warning no setenv - using putenv but leaking memory.
-#endif
-  return putenv (buf);
-#endif
-}
-
-
-int
-gnupg_unsetenv (const char *name)
-{
-#ifdef HAVE_W32CE_SYSTEM
-  (void)name;
-  return 0;
-#elif defined(HAVE_W32_SYSTEM)
-  if (!SetEnvironmentVariable (name, NULL))
-    {
-      gpg_err_set_errno (EINVAL); /* (Might also be ENOMEM.) */
-      return -1;
-    }
-  return 0;
-#elif defined(HAVE_UNSETENV)
-  return unsetenv (name);
-#else
-  char *buf;
-
-  if (!name)
-    {
-      gpg_err_set_errno (EINVAL);
-      return -1;
-    }
-  buf = xtrystrdup (name);
-  if (!buf)
-    return -1;
-#if __GNUC__
-# warning no unsetenv - trying putenv but leaking memory.
-#endif
-  return putenv (buf);
-#endif
-}
-
-
-/* Return the current working directory as a malloced string.  Return
-   NULL and sets ERRNo on error.  */
-char *
-gnupg_getcwd (void)
-{
-  char *buffer;
-  size_t size = 100;
-
-  for (;;)
-    {
-      buffer = xtrymalloc (size+1);
-      if (!buffer)
-        return NULL;
-#ifdef HAVE_W32CE_SYSTEM
-      strcpy (buffer, "/");  /* Always "/".  */
-      return buffer;
-#else
-      if (getcwd (buffer, size) == buffer)
-        return buffer;
-      xfree (buffer);
-      if (errno != ERANGE)
-        return NULL;
-      size *= 2;
-#endif
-    }
-}
-
-
-
-#ifdef HAVE_W32CE_SYSTEM
-/* There is a isatty function declaration in cegcc but it does not
-   make sense, thus we redefine it.  */
-int
-_gnupg_isatty (int fd)
-{
-  (void)fd;
-  return 0;
-}
-#endif
-
-
-#ifdef HAVE_W32CE_SYSTEM
-/* Replacement for getenv which takes care of the our use of getenv.
-   The code is not thread safe but we expect it to work in all cases
-   because it is called for the first time early enough.  */
-char *
-_gnupg_getenv (const char *name)
-{
-  static int initialized;
-  static char *assuan_debug;
-
-  if (!initialized)
-    {
-      assuan_debug = read_w32_registry_string (NULL,
-                                               "\\Software\\GNU\\libassuan",
-                                               "debug");
-      initialized = 1;
-    }
-
-  if (!strcmp (name, "ASSUAN_DEBUG"))
-    return assuan_debug;
-  else
-    return NULL;
-}
-
-#endif /*HAVE_W32CE_SYSTEM*/
-
 
 #ifdef HAVE_W32_SYSTEM
 /* Return the user's security identifier from the current process.  */
diff -Nru gnupg2-2.1.6/common/sysutils.h gnupg2-2.0.28/common/sysutils.h
--- gnupg2-2.1.6/common/sysutils.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/sysutils.h	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -51,7 +41,6 @@
 int  disable_core_dumps (void);
 int  enable_core_dumps (void);
 const unsigned char *get_session_marker (size_t *rlen);
-unsigned int get_uint_nonce (void);
 /*int check_permissions (const char *path,int extension,int checkonly);*/
 void gnupg_sleep (unsigned int seconds);
 int translate_sys2libc_fd (gnupg_fd_t fd, int for_write);
@@ -59,17 +48,12 @@
 FILE *gnupg_tmpfile (void);
 void gnupg_reopen_std (const char *pgmname);
 void gnupg_allow_set_foregound_window (pid_t pid);
-int  gnupg_remove (const char *fname);
-int  gnupg_mkdir (const char *name, const char *modestr);
-char *gnupg_mkdtemp (char *template);
-int  gnupg_setenv (const char *name, const char *value, int overwrite);
-int  gnupg_unsetenv (const char *name);
-char *gnupg_getcwd (void);
+
 
 #ifdef HAVE_W32_SYSTEM
 void *w32_get_user_sid (void);
 
-#include "../common/w32help.h"
+# include "../jnlib/w32help.h"
 
 #endif /*HAVE_W32_SYSTEM*/
 
diff -Nru gnupg2-2.1.6/common/t-b64.c gnupg2-2.0.28/common/t-b64.c
--- gnupg2-2.1.6/common/t-b64.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-b64.c	2015-06-02 08:13:55.000000000 +0000
@@ -17,7 +17,7 @@
  * along with this program; if not, see .
  */
 
-/*
+/* 
 
    As of now this is only a test program for manual tests.
 
@@ -77,7 +77,7 @@
   fp = fname ? fopen (fname, "r") : stdin;
   if (!fp)
     {
-      fprintf (stderr, "%s:%d: can't open '%s': %s\n",
+      fprintf (stderr, "%s:%d: can't open `%s': %s\n",
                __FILE__, __LINE__, fname? fname:"[stdin]", strerror (errno));
       fail (0);
     }
@@ -113,7 +113,7 @@
   fp = fname ? fopen (fname, "r") : stdin;
   if (!fp)
     {
-      fprintf (stderr, "%s:%d: can't open '%s': %s\n",
+      fprintf (stderr, "%s:%d: can't open `%s': %s\n",
                __FILE__, __LINE__, fname? fname:"[stdin]", strerror (errno));
       fail (0);
     }
@@ -179,3 +179,4 @@
 
   return !!errcount;
 }
+
diff -Nru gnupg2-2.1.6/common/t-convert.c gnupg2-2.0.28/common/t-convert.c
--- gnupg2-2.1.6/common/t-convert.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-convert.c	2015-06-02 08:13:55.000000000 +0000
@@ -27,7 +27,7 @@
 #define pass()  do { ; } while(0)
 #define fail(a)  do { fprintf (stderr, "%s:%d: test %d failed\n",\
                                __FILE__,__LINE__, (a));          \
-    /*exit (1)*/;                                                \
+                     exit (1);                                   \
                    } while(0)
 
 
@@ -72,8 +72,8 @@
   unsigned char buffer[20];
   int len;
   int i;
-
-
+  
+  
   for (i=0; valid[i]; i++)
     {
       len = hex2bin (valid[i], buffer, sizeof buffer);
@@ -87,7 +87,7 @@
     fail (0);
   if (hex2bin (valid[2], buffer, sizeof buffer) != 41)
     fail (0);
-
+  
   for (i=0; invalid[i]; i++)
     {
       len = hex2bin (invalid[i], buffer, sizeof buffer);
@@ -107,7 +107,7 @@
     fail (0);
   if (hex2bin (valid2[1], buffer, 1) != 3)
     fail (0);
-
+  
   for (i=0; invalid2[i]; i++)
     {
       len = hex2bin (invalid2[i], buffer, 1);
@@ -164,8 +164,8 @@
   unsigned char buffer[20];
   int len;
   int i;
-
-
+  
+  
   for (i=0; valid[i]; i++)
     {
       len = hexcolon2bin (valid[i], buffer, sizeof buffer);
@@ -179,7 +179,7 @@
     fail (0);
   if (hexcolon2bin (valid[3], buffer, sizeof buffer) != 41)
     fail (0);
-
+  
   for (i=0; invalid[i]; i++)
     {
       len = hexcolon2bin (invalid[i], buffer, sizeof buffer);
@@ -199,7 +199,7 @@
     fail (0);
   if (hexcolon2bin (valid2[1], buffer, 1) != 3)
     fail (0);
-
+  
   for (i=0; invalid2[i]; i++)
     {
       len = hexcolon2bin (invalid2[i], buffer, 1);
@@ -234,10 +234,10 @@
     fail (0);
   if (strcmp (p, hexstuff))
     fail (0);
-
+  
   p = bin2hex (stuff, (size_t)(-1), NULL);
   if (p)
-    fail (0);
+    fail (0); 
   if (errno != ENOMEM)
     fail (1);
 }
@@ -263,13 +263,13 @@
 
   p = bin2hexcolon (stuff, 20, NULL);
   if (!p)
-    fail (0);
+    fail (0); 
   if (strcmp (p, hexstuff))
     fail (0);
-
+  
   p = bin2hexcolon (stuff, (size_t)(-1), NULL);
   if (p)
-    fail (0);
+    fail (0); 
   if (errno != ENOMEM)
     fail (1);
 }
@@ -282,74 +282,73 @@
   static struct {
     const char *hex;
     const char *str;
-    int len; /* Length of STR.  This may included embedded nuls.  */
     int off;
     int no_alloc_test;
   } tests[] = {
     /* Simple tests.  */
     { "112233445566778899aabbccddeeff1122",
       "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
-      17, 34 },
+      34 },
     { "112233445566778899aabbccddeeff1122 blah",
       "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
-      17, 34 },
+      34 },
     { "112233445566778899aabbccddeeff1122\tblah",
       "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
-      17, 34 },
+      34 },
     { "112233445566778899aabbccddeeff1122\nblah",
       "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
-      17, 34 },
+      34 },
     /* Valid tests yielding an empty string.  */
     { "00",
       "",
-      1, 2 },
+      2 },
     { "00 x",
       "",
-      1, 2 },
+      2 },
     { "",
       "",
-      0, 0 },
+      0 },
     { " ",
       "",
-      0, 0 },
+      0 },
     /* Test trailing Nul feature.  */
-    { "112233445566778899aabbccddeeff1100",
-      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x00",
-      17, 34 },
-    { "112233445566778899aabbccddeeff1100 ",
-      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x00",
-      17, 34 },
+    { "112233445566778899aabbccddeeff112200",
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
+      36 },
+    { "112233445566778899aabbccddeeff112200 ",
+      "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
+      36 },
     /* Test buffer size. (buffer is of length 20)  */
     { "6162636465666768696A6b6c6D6e6f70717273",
       "abcdefghijklmnopqrs",
-      19, 38 },
+      38 },
     { "6162636465666768696A6b6c6D6e6f7071727300",
       "abcdefghijklmnopqrs",
-      20, 40 },
+      40 },
     { "6162636465666768696A6b6c6D6e6f7071727374",
       NULL,
-      0, 0, 1 },
+      0, 1 },
     { "6162636465666768696A6b6c6D6e6f707172737400",
       NULL,
-      0, 0, 1 },
+      0, 1 },
     { "6162636465666768696A6b6c6D6e6f707172737475",
       NULL,
-      0, 0, 1 },
+      0, 1 },
 
     /* Invalid tests. */
-    { "112233445566778899aabbccddeeff1122334",      NULL, 0, 0 },
-    { "112233445566778899AABBCCDDEEFF1122334",      NULL, 0, 0 },
-    { "112233445566778899AABBCCDDEEFG11223344",     NULL, 0, 0 },
-    { "0:0112233445566778899aabbccddeeff11223344",  NULL, 0, 0 },
-    { "112233445566778899aabbccddeeff11223344:",    NULL, 0, 0 },
-    { "112233445566778899aabbccddeeff112233445",    NULL, 0, 0 },
-    { "112233445566778899aabbccddeeff1122334455",   NULL, 0, 0, 1 },
-    { "112233445566778899aabbccddeeff11223344blah", NULL, 0, 0 },
-    { "0",    NULL, 0, 0 },
-    { "00:",  NULL, 0, 0 },
-    { "00x",  NULL, 0, 0 },
+    { "112233445566778899aabbccddeeff1122334",      NULL, 0 },
+    { "112233445566778899AABBCCDDEEFF1122334",      NULL, 0 },
+    { "112233445566778899AABBCCDDEEFG11223344",     NULL, 0 },
+    { "0:0112233445566778899aabbccddeeff11223344",  NULL, 0 },
+    { "112233445566778899aabbccddeeff11223344:",    NULL, 0 },
+    { "112233445566778899aabbccddeeff112233445",    NULL, 0 },
+    { "112233445566778899aabbccddeeff1122334455",   NULL, 0, 1 },
+    { "112233445566778899aabbccddeeff11223344blah", NULL, 0 },
+    { "0",    NULL, 0 },
+    { "00:",  NULL, 0 },
+    { "00x",  NULL, 0 },
 
-    { NULL, NULL, 0, 0 }
+    { NULL, NULL, 0 }
   };
 
   int idx;
@@ -370,7 +369,7 @@
             fail (idx);
           else if (tail - tests[idx].hex != tests[idx].off)
             fail (idx);
-          else if (tests[idx].len != count)
+          else if (strlen (buffer) != count)
             fail (idx);
         }
       else
@@ -385,10 +384,10 @@
   for (idx=0; tests[idx].hex; idx++)
     {
       char tmpbuf[100];
-
+      
       assert (strlen (tests[idx].hex)+1 < sizeof tmpbuf);
       strcpy (tmpbuf, tests[idx].hex);
-
+      
       /* Note: we still need to use 20 as buffer length because our
          tests assume that. */
       tail = hex2str (tmpbuf, tmpbuf, 20, &count);
@@ -401,7 +400,7 @@
             fail (idx);
           else if (tail - tmpbuf != tests[idx].off)
             fail (idx);
-          else if (tests[idx].len != count)
+          else if (strlen (tmpbuf) != count)
             fail (idx);
         }
       else
@@ -450,7 +449,7 @@
 {
   (void)argc;
   (void)argv;
-
+  
   test_hex2bin ();
   test_hexcolon2bin ();
   test_bin2hex ();
@@ -459,3 +458,4 @@
 
   return 0;
 }
+
diff -Nru gnupg2-2.1.6/common/t-exechelp.c gnupg2-2.0.28/common/t-exechelp.c
--- gnupg2-2.1.6/common/t-exechelp.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-exechelp.c	2015-06-02 08:13:55.000000000 +0000
@@ -149,7 +149,7 @@
             print_open_fds (array);
           free (array);
         }
-
+      
       /* Check whether the except list works.  */
       close_all_fds (3, except);
       array = xget_all_open_fds ();
@@ -180,8 +180,9 @@
       verbose = 1;
       argc--; argv++;
     }
-
+  
   test_close_all_fds ();
 
   return 0;
 }
+
diff -Nru gnupg2-2.1.6/common/t-gettime.c gnupg2-2.0.28/common/t-gettime.c
--- gnupg2-2.1.6/common/t-gettime.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-gettime.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,5 +1,5 @@
 /* t-gettime.c - Module test for gettime.c
- *	Copyright (C) 2007, 2011 Free Software Foundation, Inc.
+ *	Copyright (C) 2007 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -67,8 +67,8 @@
         {
           fail (idx);
           if (verbose)
-            fprintf (stderr, "string '%s' exp: %ld got: %ld\n",
-                     array[idx].string, (long)array[idx].expected,
+            fprintf (stderr, "string `%s' exp: %ld got: %ld\n",
+                     array[idx].string, (long)array[idx].expected, 
                      (long)val);
         }
       if (array[idx].expected != INVALID)
@@ -77,7 +77,7 @@
           if (strlen (tbuf) != 15)
             {
               if (verbose)
-                fprintf (stderr, "string '%s', time-t %ld, revert: '%s'\n",
+                fprintf (stderr, "string `%s', time-t %ld, revert: `%s'\n",
                          array[idx].string, (long)val, tbuf);
               fail (idx);
             }
@@ -89,164 +89,6 @@
 
 
 
-static void
-test_string2isotime (void)
-{
-  struct {
-    const char *string;
-    size_t result;
-    const char *expected;
-  } array [] = {
-    { "19700101T000001",      15, "19700101T000001" },
-    { "19700101T235959",      15, "19700101T235959" },
-    { "19980815T143712",      15, "19980815T143712" },
-    { "19700101T000000",      15, "19700101T000000" },
-    { "19691231T235959",      15, "19691231T235959" },
-    { "19000101T000000",      15, "19000101T000000" },
-    { "",                      0, ""                },
-    { "19000101T00000",        0, ""                },
-    { "20010101t123456",       0, ""                },
-    { "20010101T123456",      15, "20010101T123456" },
-    { "20070629T160000",      15, "20070629T160000" },
-    { "20070629T160000:",     15, "20070629T160000" },
-    { "20070629T160000,",     15, "20070629T160000" },
-    { "20070629T160000 ",     15, "20070629T160000" },
-    { "20070629T160000\n",    15,"20070629T160000"  },
-    { "20070629T160000.",      0, ""                },
-    { "1066-03-20",           10, "10660320T000000" },
-    { "1066-03-20,",          10, "10660320T000000" },
-    { "1066-03-20:",           0, ""                },
-    { "1066-03-20 00",        13, "10660320T000000" },
-    { "1066-03-20 01",        13, "10660320T010000" },
-    { "1066-03-20 23",        13, "10660320T230000" },
-    { "1066-03-20 24",         0, ""                },
-    { "1066-03-20 00:",        0, ""                },
-    { "1066-03-20 00:3",       0, ""                },
-    { "1066-03-20 00:31",     16, "10660320T003100" },
-    { "1066-03-20 00:31:47",  19, "10660320T003147" },
-    { "1066-03-20 00:31:47 ", 19, "10660320T003147" },
-    { "1066-03-20 00:31:47,", 19, "10660320T003147" },
-    { "1066-03-20 00:31:47:",  0, ""                },
-    { "1-03-20 00:31:47:",     0, ""                },
-    { "10-03-20 00:31:47:",    0, ""                },
-    { "106-03-20 00:31:47:",   0, ""                },
-    { "1066-23-20 00:31:47:",  0, ""                },
-    { "1066-00-20 00:31:47:",  0, ""                },
-    { "1066-0-20 00:31:47:",   0, ""                },
-    { "1066-01-2 00:31:47:",   0, ""                },
-    { "1066-01-2  00:31:47:",  0, ""                },
-    { "1066-01-32 00:31:47:",  0, ""                },
-    { "1066-01-00 00:31:47:",  0, ""                },
-    { "1066-03-20  00:31:47:",11, "10660320T000000" },
-    { "1066-03-2000:31:47:",   0, ""                },
-    { "10666-03-20 00:31:47:", 0, ""                },
-    { NULL, 0 }
-  };
-  int idx;
-  size_t result;
-  gnupg_isotime_t tbuf;
-
-  for (idx=0; array[idx].string; idx++)
-    {
-      result = string2isotime (tbuf, array[idx].string);
-      if (result != array[idx].result)
-        {
-          fail (idx);
-          if (verbose)
-            fprintf (stderr, "string '%s' expected: %d, got: %d\n",
-                     array[idx].string, (int)array[idx].result, (int)result);
-        }
-      else if (result && strlen (tbuf) != 15)
-        {
-          fail (idx);
-          if (verbose)
-            fprintf (stderr, "string '%s' invalid isotime returned\n",
-                     array[idx].string);
-        }
-      else if (result && strcmp (array[idx].expected, tbuf))
-        {
-          fail (idx);
-          if (verbose)
-            fprintf (stderr, "string '%s' bad isotime '%s' returned\n",
-                     array[idx].string, tbuf);
-        }
-    }
-}
-
-
-static void
-test_isodate_human_to_tm (void)
-{
-  struct {
-    const char *string;
-    int okay;
-    int year, mon, mday;
-  } array [] = {
-    { "1970-01-01",      1, 1970,  1,  1 },
-    { "1970-02-01",      1, 1970,  2,  1 },
-    { "1970-12-31",      1, 1970, 12, 31 },
-    { "1971-01-01",      1, 1971,  1,  1 },
-    { "1998-08-15",      1, 1998,  8, 15 },
-    { "2015-04-10",      1, 2015,  4, 10 },
-    { "2015-04-10 11:30",1, 2015,  4, 10 },
-    { "1969-12-31",      0,    0,  0,  0 },
-    { "1900-01-01",      0,    0,  0,  0 },
-    { "",                0,    0,  0,  0 },
-    { "1970-12-32",      0,    0,  0,  0 },
-    { "1970-13-01",      0,    0,  0,  0 },
-    { "1970-01-00",      0,    0,  0,  0 },
-    { "1970-00-01",      0,    0,  0,  0 },
-    { "1970-00-01",      0,    0,  0,  0 },
-    { "1970",            0,    0,  0,  0 },
-    { "1970-01",         0,    0,  0,  0 },
-    { "1970-01-1",       0,    0,  0,  0 },
-    { "1970-1--01",      0,    0,  0,  0 },
-    { "1970-01-01,",     1, 1970,  1,  1 },
-    { "1970-01-01 ",     1, 1970,  1,  1 },
-    { "1970-01-01\t",    1, 1970,  1,  1 },
-    { "1970-01-01;",     0,    0,  0,  0 },
-    { "1970-01-01:",     0,    0,  0,  0 },
-    { "1970_01-01",      0,    0,  0,  0 },
-    { "1970-01_01",      0,    0,  0,  0 },
-    { NULL, 0 }
-  };
-  int idx;
-  int okay;
-  struct tm tmbuf;
-
-  for (idx=0; array[idx].string; idx++)
-    {
-      okay = !isodate_human_to_tm (array[idx].string, &tmbuf);
-      if (okay != array[idx].okay)
-        {
-          fail (idx);
-          if (verbose)
-            fprintf (stderr, "string '%s' expected: %d, got: %d\n",
-                     array[idx].string, (int)array[idx].okay, okay);
-        }
-      else if (!okay)
-        ;
-      else if (tmbuf.tm_year + 1900 != array[idx].year
-               || tmbuf.tm_mon +1   != array[idx].mon
-               || tmbuf.tm_mday     != array[idx].mday)
-        {
-          fail (idx);
-          if (verbose)
-            fprintf (stderr, "string '%s' returned %04d-%02d-%02d\n",
-                     array[idx].string,
-                     tmbuf.tm_year + 1900, tmbuf.tm_mon + 1, tmbuf.tm_mday);
-        }
-      else if (tmbuf.tm_sec || tmbuf.tm_min || tmbuf.tm_hour
-               || tmbuf.tm_isdst != -1)
-        {
-          fail (idx);
-          if (verbose)
-            fprintf (stderr, "string '%s' returned bad time part\n",
-                     array[idx].string);
-        }
-    }
-}
-
 
 int
 main (int argc, char **argv)
@@ -255,8 +97,7 @@
     verbose = 1;
 
   test_isotime2epoch ();
-  test_string2isotime ();
-  test_isodate_human_to_tm ();
 
   return !!errcount;
 }
+
diff -Nru gnupg2-2.1.6/common/t-helpfile.c gnupg2-2.0.28/common/t-helpfile.c
--- gnupg2-2.1.6/common/t-helpfile.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-helpfile.c	2015-06-02 08:13:55.000000000 +0000
@@ -52,15 +52,16 @@
   result = gnupg_get_help_string (argc? argv[0]:NULL, 0);
   if (!result)
     {
-      fprintf (stderr,
-               "Error: nothing found for '%s'\n", argc?argv[0]:"(null)");
+      fprintf (stderr, 
+               "Error: nothing found for `%s'\n", argc?argv[0]:"(null)");
       errcount++;
     }
   else
     {
-      printf ("key '%s' result='%s'\n", argc?argv[0]:"(null)", result);
+      printf ("key `%s' result=`%s'\n", argc?argv[0]:"(null)", result);
       xfree (result);
     }
 
   return !!errcount;
 }
+
diff -Nru gnupg2-2.1.6/common/t-http.c gnupg2-2.0.28/common/t-http.c
--- gnupg2-2.1.6/common/t-http.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-http.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,381 +0,0 @@
-/* t-http.c
- * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010,
- *               2011 Free Software Foundation, Inc.
- * Copyright (C) 2014 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "util.h"
-#include "logging.h"
-#include "http.h"
-
-
-#if HTTP_USE_NTBTLS
-# include 
-#elif HTTP_USE_GNUTLS
-# include   /* For init, logging, and deinit.  */
-#endif /*HTTP_USE_GNUTLS*/
-
-#define PGM "t-http"
-
-static int verbose;
-static int debug;
-static int no_verify;
-
-/* static void */
-/* read_dh_params (const char *fname) */
-/* { */
-/*   gpg_error_t err; */
-/*   int rc; */
-/*   FILE *fp; */
-/*   struct stat st; */
-/*   char *buf; */
-/*   size_t buflen; */
-/*   gnutls_datum_t datum; */
-
-/*   fp = fopen (fname, "rb"); */
-/*   if (!fp) */
-/*     { */
-/*       err = gpg_error_from_syserror (); */
-/*       log_fatal ("can't open '%s': %s\n", fname, gpg_strerror (err)); */
-/*     } */
-
-/*   if (fstat (fileno(fp), &st)) */
-/*     { */
-/*       err = gpg_error_from_syserror (); */
-/*       log_fatal ("can't stat '%s': %s\n", fname, gpg_strerror (err)); */
-/*     } */
-
-/*   buflen = st.st_size; */
-/*   buf = xmalloc (buflen+1); */
-/*   if (fread (buf, buflen, 1, fp) != 1) */
-/*     { */
-/*       err = gpg_error_from_syserror (); */
-/*       log_fatal ("error reading '%s': %s\n", fname, gpg_strerror (err)); */
-/*     } */
-/*   fclose (fp); */
-
-/*   datum.size = buflen; */
-/*   datum.data = buf; */
-
-/*   rc = gnutls_dh_params_import_pkcs3 (dh_params, &datum, GNUTLS_X509_FMT_PEM); */
-/*   if (rc < 0) */
-/*     log_fatal ("gnutls_dh_param_import failed: %s\n", gnutls_strerror (rc)); */
-
-/*   xfree (buf); */
-/* } */
-
-
-
-#if HTTP_USE_GNUTLS
-static gpg_error_t
-verify_callback (http_t hd, http_session_t session, int reserved)
-{
-  (void)hd;
-  (void)reserved;
-  return no_verify? 0 : http_verify_server_credentials (session);
-}
-#endif
-
-#if HTTP_USE_GNUTLS
-static void
-my_gnutls_log (int level, const char *text)
-{
-  fprintf (stderr, "gnutls:L%d: %s", level, text);
-}
-#endif
-
-/* Prepend FNAME with the srcdir environment variable's value and
-   return an allocated filename. */
-static char *
-prepend_srcdir (const char *fname)
-{
-  static const char *srcdir;
-  char *result;
-
-  if (!srcdir && !(srcdir = getenv ("srcdir")))
-    srcdir = ".";
-
-  result = xmalloc (strlen (srcdir) + 1 + strlen (fname) + 1);
-  strcpy (result, srcdir);
-  strcat (result, "/");
-  strcat (result, fname);
-  return result;
-}
-
-
-int
-main (int argc, char **argv)
-{
-  int last_argc = -1;
-  gpg_error_t err;
-  int rc;
-  parsed_uri_t uri;
-  uri_tuple_t r;
-  http_t hd;
-  int c;
-  unsigned int my_http_flags = 0;
-  int no_out = 0;
-  int tls_dbg = 0;
-  const char *cafile = NULL;
-  http_session_t session = NULL;
-
-  gpgrt_init ();
-  log_set_prefix (PGM, 1 | 4);
-  if (argc)
-    { argc--; argv++; }
-  while (argc && last_argc != argc )
-    {
-      last_argc = argc;
-      if (!strcmp (*argv, "--"))
-        {
-          argc--; argv++;
-          break;
-        }
-      else if (!strcmp (*argv, "--help"))
-        {
-          fputs ("usage: " PGM " URL\n"
-                 "Options:\n"
-                 "  --verbose         print timings etc.\n"
-                 "  --debug           flyswatter\n"
-                 "  --gnutls-debug N  use GNUTLS debug level N\n"
-                 "  --cacert FNAME    expect CA certificate in file FNAME\n"
-                 "  --no-verify       do not verify the certificate\n"
-                 "  --force-tls       use HTTP_FLAG_FORCE_TLS\n"
-                 "  --no-out          do not print the content\n",
-                 stdout);
-          exit (0);
-        }
-      else if (!strcmp (*argv, "--verbose"))
-        {
-          verbose++;
-          argc--; argv++;
-        }
-      else if (!strcmp (*argv, "--debug"))
-        {
-          verbose += 2;
-          debug++;
-          argc--; argv++;
-        }
-      else if (!strcmp (*argv, "--gnutls-debug"))
-        {
-          argc--; argv++;
-          if (argc)
-            {
-              tls_dbg = atoi (*argv);
-              argc--; argv++;
-            }
-        }
-      else if (!strcmp (*argv, "--cacert"))
-        {
-          argc--; argv++;
-          if (argc)
-            {
-              cafile = *argv;
-              argc--; argv++;
-            }
-        }
-      else if (!strcmp (*argv, "--no-verify"))
-        {
-          no_verify = 1;
-          argc--; argv++;
-        }
-      else if (!strcmp (*argv, "--force-tls"))
-        {
-          my_http_flags |= HTTP_FLAG_FORCE_TLS;
-          argc--; argv++;
-        }
-      else if (!strcmp (*argv, "--no-out"))
-        {
-          no_out = 1;
-          argc--; argv++;
-        }
-      else if (!strncmp (*argv, "--", 2))
-        {
-          fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
-          exit (1);
-        }
-    }
-  if (argc != 1)
-    {
-      fprintf (stderr, PGM ": no or too many URLS given\n");
-      exit (1);
-    }
-
-  if (!cafile)
-    cafile = prepend_srcdir ("tls-ca.pem");
-
-#if HTTP_USE_NTBTLS
-
-  (void)err;
-
-  ntbtls_set_debug (tls_dbg, NULL, NULL);
-
-#elif HTTP_USE_GNUTLS
-
-  rc = gnutls_global_init ();
-  if (rc)
-    log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
-
-  http_register_tls_callback (verify_callback);
-  http_register_tls_ca (cafile);
-
-  err = http_session_new (&session, NULL);
-  if (err)
-    log_error ("http_session_new failed: %s\n", gpg_strerror (err));
-
-  /* rc = gnutls_dh_params_init(&dh_params); */
-  /* if (rc) */
-  /*   log_error ("gnutls_dh_params_init failed: %s\n", gnutls_strerror (rc)); */
-  /* read_dh_params ("dh_param.pem"); */
-
-  /* rc = gnutls_certificate_set_x509_trust_file */
-  /*   (certcred, "ca.pem", GNUTLS_X509_FMT_PEM); */
-  /* if (rc) */
-  /*   log_error ("gnutls_certificate_set_x509_trust_file failed: %s\n", */
-  /*              gnutls_strerror (rc)); */
-
-  /* gnutls_certificate_set_dh_params (certcred, dh_params); */
-
-  gnutls_global_set_log_function (my_gnutls_log);
-  if (tls_dbg)
-    gnutls_global_set_log_level (tls_dbg);
-
-#endif /*HTTP_USE_GNUTLS*/
-
-  rc = http_parse_uri (&uri, *argv, 1);
-  if (rc)
-    {
-      log_error ("'%s': %s\n", *argv, gpg_strerror (rc));
-      return 1;
-    }
-
-  printf ("Scheme: %s\n", uri->scheme);
-  if (uri->opaque)
-    printf ("Value : %s\n", uri->path);
-  else
-    {
-      printf ("Auth  : %s\n", uri->auth? uri->auth:"[none]");
-      printf ("Host  : %s\n", uri->host);
-      printf ("Port  : %u\n", uri->port);
-      printf ("Path  : %s\n", uri->path);
-      for (r = uri->params; r; r = r->next)
-        {
-          printf ("Params: %s", r->name);
-          if (!r->no_value)
-            {
-              printf ("=%s", r->value);
-              if (strlen (r->value) != r->valuelen)
-                printf (" [real length=%d]", (int) r->valuelen);
-            }
-          putchar ('\n');
-        }
-      for (r = uri->query; r; r = r->next)
-        {
-          printf ("Query : %s", r->name);
-          if (!r->no_value)
-            {
-              printf ("=%s", r->value);
-              if (strlen (r->value) != r->valuelen)
-                printf (" [real length=%d]", (int) r->valuelen);
-            }
-          putchar ('\n');
-        }
-      printf ("TLS   : %s\n",
-              uri->use_tls? "yes":
-              (my_http_flags&HTTP_FLAG_FORCE_TLS)? "forced" : "no");
-
-    }
-  fflush (stdout);
-  http_release_parsed_uri (uri);
-  uri = NULL;
-
-  rc = http_open_document (&hd, *argv, NULL, my_http_flags,
-                           NULL, session, NULL, NULL);
-  if (rc)
-    {
-      log_error ("can't get '%s': %s\n", *argv, gpg_strerror (rc));
-      return 1;
-    }
-  log_info ("open_http_document succeeded; status=%u\n",
-            http_get_status_code (hd));
-
-  {
-    const char **names;
-    int i;
-
-    names = http_get_header_names (hd);
-    if (!names)
-      log_fatal ("http_get_header_names failed: %s\n",
-                 gpg_strerror (gpg_error_from_syserror ()));
-    for (i = 0; names[i]; i++)
-      printf ("HDR: %s: %s\n", names[i], http_get_header (hd, names[i]));
-    xfree (names);
-  }
-  fflush (stdout);
-
-  switch (http_get_status_code (hd))
-    {
-    case 200:
-    case 400:
-    case 401:
-    case 403:
-    case 404:
-      {
-        unsigned long count = 0;
-        while ((c = es_getc (http_get_read_ptr (hd))) != EOF)
-          {
-            count++;
-            if (!no_out)
-              putchar (c);
-          }
-        log_info ("Received bytes: %lu\n", count);
-      }
-      break;
-    case 301:
-    case 302:
-    case 307:
-      log_info ("Redirected to: %s\n", http_get_header (hd, "Location"));
-      break;
-    }
-  http_close (hd, 0);
-
-  http_session_release (session);
-#ifdef HTTP_USE_GNUTLS
-  gnutls_global_deinit ();
-#endif /*HTTP_USE_GNUTLS*/
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/common/tls-ca.pem gnupg2-2.0.28/common/tls-ca.pem
--- gnupg2-2.1.6/common/tls-ca.pem	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/tls-ca.pem	1970-01-01 00:00:00.000000000 +0000
@@ -1,30 +0,0 @@
-Issuer ...: /CN=UTN-USERFirst-Hardware/OU=http:\x2f\x2fwww.usertrust.com/O=The USERTRUST Network/L=Salt Lake City/ST=UT/C=US
-Serial ...: 44BE0C8B500024B411D3362AFE650AFD
-Subject ..: /CN=UTN-USERFirst-Hardware/OU=http:\x2f\x2fwww.usertrust.com/O=The USERTRUST Network/L=Salt Lake City/ST=UT/C=US
-
------BEGIN CERTIFICATE-----
-MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
-lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
-Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
-dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
-SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG
-A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
-MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
-d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh
-cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn
-0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ
-M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a
-MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd
-oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI
-DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy
-oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
-VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0
-dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy
-bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF
-BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
-//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli
-CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE
-CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
-3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
-KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
------END CERTIFICATE-----
diff -Nru gnupg2-2.1.6/common/tlv.c gnupg2-2.0.28/common/tlv.c
--- gnupg2-2.1.6/common/tlv.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/tlv.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -44,7 +34,6 @@
 #include 
 #endif
 
-#include "util.h"
 #include "tlv.h"
 
 static const unsigned char *
@@ -56,7 +45,7 @@
   size_t len;
   int this_tag;
   int composite;
-
+    
   for (;;)
     {
       buffer = s;
@@ -96,7 +85,7 @@
         { /* Two byte length follows. */
           if (n < 2)
             return NULL; /* We expected 2 more bytes with the length. */
-          len = ((size_t)s[0] << 8) | s[1];
+          len = (s[0] << 8) | s[1];
           s += 2; n -= 2;
         }
       else
@@ -108,7 +97,7 @@
              nesting. */
           const unsigned char *tmp_s;
           size_t tmp_len;
-
+          
           tmp_s = do_find_tlv (s, len, tag, &tmp_len, nestlevel+1);
           if (tmp_s)
             {
@@ -162,10 +151,11 @@
    and the length part from the TLV triplet.  Update BUFFER and SIZE
    on success. */
 gpg_error_t
-parse_ber_header (unsigned char const **buffer, size_t *size,
-                  int *r_class, int *r_tag,
-                  int *r_constructed, int *r_ndef,
-                  size_t *r_length, size_t *r_nhdr)
+_parse_ber_header (unsigned char const **buffer, size_t *size,
+                   int *r_class, int *r_tag, 
+                   int *r_constructed, int *r_ndef,
+                   size_t *r_length, size_t *r_nhdr,
+                   gpg_err_source_t errsource)
 {
   int c;
   unsigned long tag;
@@ -178,7 +168,7 @@
 
   /* Get the tag. */
   if (!length)
-    return gpg_err_make (default_errsource, GPG_ERR_EOF);
+    return gpg_err_make (errsource, GPG_ERR_EOF);
   c = *buf++; length--; ++*r_nhdr;
 
   *r_class = (c & 0xc0) >> 6;
@@ -192,7 +182,7 @@
         {
           tag <<= 7;
           if (!length)
-            return gpg_err_make (default_errsource, GPG_ERR_EOF);
+            return gpg_err_make (errsource, GPG_ERR_EOF);
           c = *buf++; length--; ++*r_nhdr;
           tag |= c & 0x7f;
 
@@ -203,7 +193,7 @@
 
   /* Get the length. */
   if (!length)
-    return gpg_err_make (default_errsource, GPG_ERR_EOF);
+    return gpg_err_make (errsource, GPG_ERR_EOF);
   c = *buf++; length--; ++*r_nhdr;
 
   if ( !(c & 0x80) )
@@ -211,30 +201,30 @@
   else if (c == 0x80)
     *r_ndef = 1;
   else if (c == 0xff)
-    return gpg_err_make (default_errsource, GPG_ERR_BAD_BER);
+    return gpg_err_make (errsource, GPG_ERR_BAD_BER);
   else
     {
       unsigned long len = 0;
       int count = c & 0x7f;
 
       if (count > sizeof (len) || count > sizeof (size_t))
-        return gpg_err_make (default_errsource, GPG_ERR_BAD_BER);
+        return gpg_err_make (errsource, GPG_ERR_BAD_BER);
 
       for (; count; count--)
         {
           len <<= 8;
           if (!length)
-            return gpg_err_make (default_errsource, GPG_ERR_EOF);
+            return gpg_err_make (errsource, GPG_ERR_EOF);
           c = *buf++; length--; ++*r_nhdr;
           len |= c & 0xff;
         }
       *r_length = len;
     }
-
+  
   /* Without this kludge some example certs can't be parsed. */
   if (*r_class == CLASS_UNIVERSAL && !*r_tag)
     *r_length = 0;
-
+  
   *buffer = buf;
   *size = length;
   return 0;
@@ -244,29 +234,30 @@
 /* FIXME: The following function should not go into this file but for
    now it is easier to keep it here. */
 
-/* Return the next token of an canonical encoded S-expression.  BUF
+/* Return the next token of an canconical encoded S-expression.  BUF
    is the pointer to the S-expression and BUFLEN is a pointer to the
    length of this S-expression (used to validate the syntax).  Both
    are updated to reflect the new position.  The token itself is
-   returned as a pointer into the original buffer at TOK and TOKLEN.
+   returned as a pointer into the orginal buffer at TOK and TOKLEN.
    If a parentheses is the next token, TOK will be set to NULL.
-   TOKLEN is checked to be within the bounds.  On error an error code
-   is returned and no pointer is not guaranteed to point to
-   a meaningful value.  DEPTH should be initialized to 0 and will
+   TOKLEN is checked to be within the bounds.  On error a error code
+   is returned and all pointers should are not guaranteed to point to
+   a meanigful value. DEPTH should be initialized to 0 and will
    reflect on return the actual depth of the tree. To detect the end
    of the S-expression it is advisable to check DEPTH after a
-   successful return.
+   successful return:
 
    depth = 0;
    while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
           && depth)
      process_token (tok, toklen);
-   if (err)
+   if (err)  
      handle_error ();
  */
 gpg_error_t
-parse_sexp (unsigned char const **buf, size_t *buflen,
-            int *depth, unsigned char const **tok, size_t *toklen)
+_parse_sexp (unsigned char const **buf, size_t *buflen,
+             int *depth, unsigned char const **tok, size_t *toklen,
+             gpg_err_source_t errsource)
 {
   const unsigned char *s;
   size_t n, vlen;
@@ -276,7 +267,7 @@
   *tok = NULL;
   *toklen = 0;
   if (!n)
-    return *depth ? gpg_err_make (default_errsource, GPG_ERR_INV_SEXP) : 0;
+    return *depth ? gpg_err_make (errsource, GPG_ERR_INV_SEXP) : 0;
   if (*s == '(')
     {
       s++; n--;
@@ -288,7 +279,7 @@
   if (*s == ')')
     {
       if (!*depth)
-        return gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
+        return gpg_err_make (errsource, GPG_ERR_INV_SEXP);
       *toklen = 1;
       s++; n--;
       (*depth)--;
@@ -299,10 +290,10 @@
   for (vlen=0; n && *s && *s != ':' && (*s >= '0' && *s <= '9'); s++, n--)
     vlen = vlen*10 + (*s - '0');
   if (!n || *s != ':')
-    return gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
+    return gpg_err_make (errsource, GPG_ERR_INV_SEXP);
   s++; n--;
   if (vlen > n)
-    return gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
+    return gpg_err_make (errsource, GPG_ERR_INV_SEXP);
   *tok = s;
   *toklen = vlen;
   s += vlen;
@@ -311,3 +302,4 @@
   *buflen = n;
   return 0;
 }
+
diff -Nru gnupg2-2.1.6/common/tlv.h gnupg2-2.0.28/common/tlv.h
--- gnupg2-2.1.6/common/tlv.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/tlv.h	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -90,26 +80,33 @@
 /* ASN.1 BER parser: Parse BUFFER of length SIZE and return the tag
    and the length part from the TLV triplet.  Update BUFFER and SIZE
    on success. */
-gpg_error_t parse_ber_header (unsigned char const **buffer, size_t *size,
-                               int *r_class, int *r_tag,
+gpg_error_t _parse_ber_header (unsigned char const **buffer, size_t *size,
+                               int *r_class, int *r_tag, 
                                int *r_constructed,
-                              int *r_ndef, size_t *r_length, size_t *r_nhdr);
+                               int *r_ndef, size_t *r_length, size_t *r_nhdr,
+                               gpg_err_source_t errsource);
+#define parse_ber_header(a,b,c,d,e,f,g,h) \
+        _parse_ber_header ((a),(b),(c),(d),(e),(f),(g),(h),\
+                           GPG_ERR_SOURCE_DEFAULT)
 
 
-/* Return the next token of an canonical encoded S-expression.  BUF
+/* Return the next token of an canconical encoded S-expression.  BUF
    is the pointer to the S-expression and BUFLEN is a pointer to the
    length of this S-expression (used to validate the syntax).  Both
    are updated to reflect the new position.  The token itself is
-   returned as a pointer into the original buffer at TOK and TOKLEN.
+   returned as a pointer into the orginal buffer at TOK and TOKLEN.
    If a parentheses is the next token, TOK will be set to NULL.
-   TOKLEN is checked to be within the bounds.  On error an error code
-   is returned and no pointer is not guaranteed to point to
-   a meaningful value.  DEPTH should be initialized to 0 and will
+   TOKLEN is checked to be within the bounds.  On error a error code
+   is returned and all pointers should are not guaranteed to point to
+   a meanigful value. DEPTH should be initialized to 0 and will
    reflect on return the actual depth of the tree. To detect the end
    of the S-expression it is advisable to check DEPTH after a
    successful return. */
-gpg_error_t parse_sexp (unsigned char const **buf, size_t *buflen,
-                        int *depth, unsigned char const **tok, size_t *toklen);
+gpg_error_t _parse_sexp (unsigned char const **buf, size_t *buflen,
+                         int *depth, unsigned char const **tok, size_t *toklen,
+                         gpg_err_source_t errsource);
+#define parse_sexp(a,b,c,d,e) \
+        _parse_sexp ((a),(b),(c),(d),(e), GPG_ERR_SOURCE_DEFAULT)
 
 
 
diff -Nru gnupg2-2.1.6/common/t-mapstrings.c gnupg2-2.0.28/common/t-mapstrings.c
--- gnupg2-2.1.6/common/t-mapstrings.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-mapstrings.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,101 +0,0 @@
-/* t-mapstrings.c - Regression tests for mapstrings.c
- * Copyright (C) 2014 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-
-#include "stringhelp.h"
-
-#include "t-support.h"
-
-static void
-test_map_static_macro_string (void)
-{
-  static struct {
-    const char *string;
-    const char *expected;
-    const char *lastresult;
-  } tests[] = {
-    { "@GPG@ (@GNUPG@)",
-      GPG_NAME " (" GNUPG_NAME ")" },
-    { "@GPG@(@GNUPG@)",
-      GPG_NAME "(" GNUPG_NAME ")" },
-    { "@GPG@@GNUPG@",
-      GPG_NAME  GNUPG_NAME },
-    { " @GPG@@GNUPG@",
-      " " GPG_NAME  GNUPG_NAME },
-    { " @GPG@@GNUPG@ ",
-      " " GPG_NAME  GNUPG_NAME " " },
-    { " @GPG@GNUPG@ ",
-      " " GPG_NAME "GNUPG@ " },
-    { " @ GPG@GNUPG@ ",
-      " @ GPG" GNUPG_NAME " " },
-    { "--@GPGTAR@",
-      "--" GPGTAR_NAME }
-  };
-  int testno;
-  const char *result;
-
-  for (testno=0; testno < DIM(tests); testno++)
-    {
-      result = map_static_macro_string (tests[testno].string);
-      if (!result)
-        fail (testno);
-      if (strcmp (result, tests[testno].expected))
-        fail (testno);
-      if (!tests[testno].lastresult)
-        tests[testno].lastresult = result;
-    }
-
-  /* A second time to check that the same string is been returned.  */
-  for (testno=0; testno < DIM(tests); testno++)
-    {
-      result = map_static_macro_string (tests[testno].string);
-      if (!result)
-        fail (testno);
-      if (strcmp (result, tests[testno].expected))
-        fail (testno);
-      if (result != tests[testno].lastresult)
-        fail (testno);
-    }
-}
-
-
-int
-main (int argc, char **argv)
-{
-  (void)argc;
-  (void)argv;
-
-  test_map_static_macro_string ();
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/common/t-mbox-util.c gnupg2-2.0.28/common/t-mbox-util.c
--- gnupg2-2.1.6/common/t-mbox-util.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-mbox-util.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,103 +0,0 @@
-/* t-mbox-util.c - Module test for mbox-util.c
- * Copyright (C) 2015 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-
-#include "util.h"
-#include "mbox-util.h"
-
-#define pass()  do { ; } while(0)
-#define fail(a)  do { fprintf (stderr, "%s:%d: test %d failed\n",\
-                               __FILE__,__LINE__, (a));          \
-                       exit (1);                                 \
-                    } while(0)
-
-
-static void
-run_test (void)
-{
-  static struct
-  {
-    const char *userid;
-    const char *mbox;
-  } testtbl[] =
-    {
-      { "Werner Koch ", "wk@gnupg.org" },
-      { "", "wk@gnupg.org" },
-      { "wk@gnupg.org", "wk@gnupg.org" },
-      { "wk@gnupg.org ", NULL },
-      { " wk@gnupg.org", NULL },
-      { "Werner Koch (test) ", "wk@gnupg.org" },
-      { "Werner Koch  (test)", "wk@gnupg.org" },
-      { "Werner Koch ", NULL },
-      { "Werner Koch ", NULL },
-      { "", "foo@example.org" },
-      { "", "foo.@example.org" },
-      { "<.foo.@example.org>", ".foo.@example.org" },
-      { "", "foo..@example.org" },
-      { "", "foo..bar@example.org" },
-      { "", NULL },
-      { "", NULL },
-      { "", NULL },
-      { "<@example.org>", NULL },
-      { "", NULL },
-      { "<@foo@example.org>", NULL },
-      { " ()", "foo@example.org" },
-      { " ()", "fo()o@example.org" },
-      { " ()", "fo()o@example.org" },
-      { "fo()o@example.org", NULL},
-      { "Mr. Foo ", "foo@example.org"},
-      { NULL, NULL }
-    };
-  int idx;
-
-  for (idx=0; testtbl[idx].userid; idx++)
-    {
-      char *mbox = mailbox_from_userid (testtbl[idx].userid);
-
-      if (!testtbl[idx].mbox)
-        {
-          if (mbox)
-            fail (idx);
-        }
-      else if (!mbox)
-        fail (idx);
-      else if (strcmp (mbox, testtbl[idx].mbox))
-        fail (idx);
-    }
-}
-
-
-int
-main (int argc, char **argv)
-{
-  (void)argc;
-  (void)argv;
-
-  run_test ();
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/common/t-openpgp-oid.c gnupg2-2.0.28/common/t-openpgp-oid.c
--- gnupg2-2.1.6/common/t-openpgp-oid.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-openpgp-oid.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,238 +0,0 @@
-/* t-openpgp-oid.c - Module test for openpgp-oid.c
- *	Copyright (C) 2011 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-
-#include "util.h"
-
-#define pass()  do { ; } while(0)
-#define fail(a,e)                                                       \
-  do { fprintf (stderr, "%s:%d: test %d failed (%s)\n",                 \
-                __FILE__,__LINE__, (a), gpg_strerror (e));              \
-    exit (1);                                                           \
-  } while(0)
-
-
-#define BADOID "1.3.6.1.4.1.11591.2.12242973"
-
-
-static int verbose;
-
-
-
-static void
-test_openpgp_oid_from_str (void)
-{
-   static char *sample_oids[] =
-    {
-      "0.0",
-      "1.0",
-      "1.2.3",
-      "1.2.840.10045.3.1.7",
-      "1.3.132.0.34",
-      "1.3.132.0.35",
-      NULL
-    };
-  gpg_error_t err;
-  gcry_mpi_t a;
-  int idx;
-  char *string;
-  unsigned char *p;
-  unsigned int nbits;
-  size_t length;
-
-  err = openpgp_oid_from_str ("", &a);
-  if (gpg_err_code (err) != GPG_ERR_INV_VALUE)
-    fail (0, err);
-  gcry_mpi_release (a);
-
-  err = openpgp_oid_from_str (".", &a);
-  if (gpg_err_code (err) != GPG_ERR_INV_OID_STRING)
-    fail (0, err);
-  gcry_mpi_release (a);
-
-  err = openpgp_oid_from_str ("0", &a);
-  if (gpg_err_code (err) != GPG_ERR_INV_OID_STRING)
-    fail (0, err);
-  gcry_mpi_release (a);
-
-  for (idx=0; sample_oids[idx]; idx++)
-    {
-      err = openpgp_oid_from_str (sample_oids[idx], &a);
-      if (err)
-        fail (idx, err);
-
-      string = openpgp_oid_to_str (a);
-      if (!string)
-        fail (idx, gpg_error_from_syserror ());
-      if (strcmp (string, sample_oids[idx]))
-        fail (idx, 0);
-      xfree (string);
-
-      p = gcry_mpi_get_opaque (a, &nbits);
-      length = (nbits+7)/8;
-      if (!p || !length || p[0] != length - 1)
-        fail (idx, 0);
-
-      gcry_mpi_release (a);
-    }
-
-}
-
-
-static void
-test_openpgp_oid_to_str (void)
-{
-  static struct {
-    const char *string;
-    unsigned char der[10];
-  } samples[] = {
-    { "1.2.840.10045.3.1.7",
-      {8, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 }},
-
-    { "1.3.132.0.34",
-      {5, 0x2B, 0x81, 0x04, 0x00, 0x22 }},
-
-    { "1.3.132.0.35",
-      { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 }},
-
-    { BADOID,
-      { 9, 0x80, 0x02, 0x70, 0x50, 0x25, 0x46, 0xfd, 0x0c, 0xc0 }},
-
-    { BADOID,
-      { 1, 0x80 }},
-
-    { NULL }};
-  gcry_mpi_t a;
-  int idx;
-  char *string;
-  unsigned char *p;
-
-  for (idx=0; samples[idx].string; idx++)
-    {
-      p = xmalloc (samples[idx].der[0]+1);
-      memcpy (p, samples[idx].der, samples[idx].der[0]+1);
-      a = gcry_mpi_set_opaque (NULL, p, (samples[idx].der[0]+1)*8);
-      if (!a)
-        fail (idx, gpg_error_from_syserror ());
-
-      string = openpgp_oid_to_str (a);
-      if (!string)
-        fail (idx, gpg_error_from_syserror ());
-      if (strcmp (string, samples[idx].string))
-        fail (idx, 0);
-      xfree (string);
-      gcry_mpi_release (a);
-    }
-
-}
-
-
-static void
-test_openpgp_oid_is_ed25519 (void)
-{
-  static struct
-  {
-    int yes;
-    const char *oidstr;
-  } samples[] = {
-    { 0, "0.0" },
-    { 0, "1.3.132.0.35" },
-    { 0, "1.3.6.1.4.1.3029.1.5.0" },
-    { 0, "1.3.6.1.4.1.3029.1.5.1" }, /* Used during Libgcrypt development. */
-    { 0, "1.3.6.1.4.1.3029.1.5.2" },
-    { 0, "1.3.6.1.4.1.3029.1.5.1.0" },
-    { 0, "1.3.6.1.4.1.3029.1.5" },
-    { 0, "1.3.6.1.4.1.11591.15.0" },
-    { 1, "1.3.6.1.4.1.11591.15.1" }, /* Your the one we want.  */
-    { 0, "1.3.6.1.4.1.11591.15.2" },
-    { 0, "1.3.6.1.4.1.11591.15.1.0" },
-    { 0, "1.3.6.1.4.1.11591.15" },
-    { 0, NULL },
-  };
-  gpg_error_t err;
-  gcry_mpi_t a;
-  int idx;
-
-  for (idx=0; samples[idx].oidstr; idx++)
-    {
-      err = openpgp_oid_from_str (samples[idx].oidstr, &a);
-      if (err)
-        fail (idx, err);
-
-      if (openpgp_oid_is_ed25519 (a) != samples[idx].yes)
-        fail (idx, 0);
-
-      gcry_mpi_release (a);
-    }
-
-}
-
-
-static void
-test_openpgp_enum_curves (void)
-{
-  int iter = 0;
-  const char *name;
-  int p256 = 0;
-  int p384 = 0;
-  int p521 = 0;
-
-  while ((name = openpgp_enum_curves (&iter)))
-    {
-      if (verbose)
-        printf ("curve: %s\n", name);
-      if (!strcmp (name, "nistp256"))
-        p256++;
-      else if (!strcmp (name, "nistp384"))
-        p384++;
-      else if (!strcmp (name, "nistp521"))
-        p521++;
-    }
-
-  if (p256 != 1 || p384 != 1 || p521 != 1)
-    {
-      /* We can only check the basic RFC-6637 requirements.  */
-      fputs ("standard ECC curve missing\n", stderr);
-      exit (1);
-    }
-}
-
-
-int
-main (int argc, char **argv)
-{
-  if (argc)
-    { argc--; argv++; }
-  if (argc && !strcmp (argv[0], "--verbose"))
-    {
-      verbose = 1;
-      argc--; argv++;
-    }
-
-  test_openpgp_oid_from_str ();
-  test_openpgp_oid_to_str ();
-  test_openpgp_oid_is_ed25519 ();
-  test_openpgp_enum_curves ();
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/common/t-percent.c gnupg2-2.0.28/common/t-percent.c
--- gnupg2-2.1.6/common/t-percent.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-percent.c	2015-06-02 08:13:55.000000000 +0000
@@ -37,31 +37,31 @@
     const char *string;
     const char *expect;
   } tbl[] = {
-    {
+    { 
       "",
-      ""
-    }, {
+      "" 
+    }, { 
       "a",
       "a",
-    }, {
+    }, { 
       " ",
       "+",
-    }, {
+    }, { 
       "  ",
       "++"
-    }, {
+    }, { 
       "+ +",
       "%2B+%2B"
-    }, {
+    }, { 
       "\" \"",
       "%22+%22"
-    }, {
+    }, { 
       "%22",
       "%2522"
-    }, {
+    }, { 
       "%% ",
       "%25%25+"
-    }, {
+    }, { 
       "\n ABC\t",
       "%0A+ABC%09"
     }, { NULL, NULL }
@@ -69,7 +69,7 @@
   char *buf, *buf2;
   int i;
   size_t len;
-
+  
   for (i=0; tbl[i].string; i++)
     {
       buf = percent_plus_escape (tbl[i].string);
@@ -105,10 +105,11 @@
 {
   (void)argc;
   (void)argv;
-
+  
   /* FIXME: We escape_unescape is not tested - only
      percent_plus_unescape.  */
   test_percent_plus_escape ();
 
   return 0;
 }
+
diff -Nru gnupg2-2.1.6/common/t-session-env.c gnupg2-2.0.28/common/t-session-env.c
--- gnupg2-2.1.6/common/t-session-env.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-session-env.c	2015-06-02 08:13:55.000000000 +0000
@@ -46,7 +46,7 @@
   while ( (name = session_env_listenv (se, &iterator, &value, &def)) )
     if (verbose)
       printf ("  %s%s=%s\n",  def? "[def] ":"      ", name, value);
-
+          
 }
 
 
@@ -150,7 +150,7 @@
       fprintf (stderr, "failed to get default of HOME\n");
       exit (1);
     }
-
+      
   s = session_env_getenv (se, "HOME");
   if (s)
     fail(0);  /* This is a default value, thus we should not see it.  */
@@ -194,7 +194,7 @@
   /* Check that the other object is clean.  */
   {
     int iterator = 0;
-
+    
     if (session_env_listenv (se_0, &iterator, NULL, NULL))
       fail (0);
   }
@@ -211,7 +211,7 @@
   for (idx=0; idx < 500; idx++)
     {
       char buf[100];
-
+      
       snprintf (buf, sizeof buf, "FOO_%d=Value for %x", idx, idx);
       err = session_env_putenv (se, buf);
       if (err)
@@ -230,7 +230,7 @@
   for (idx=0; idx < 500; idx++)
     {
       char buf[100];
-
+      
       snprintf (buf, sizeof buf, "FOO_%d", idx);
       err = session_env_putenv (se, buf);
       if (err)
@@ -243,7 +243,7 @@
   /* Check that all are deleted.  */
   {
     int iterator = 0;
-
+    
     if (session_env_listenv (se, &iterator, NULL, NULL))
       fail (0);
   }
@@ -252,7 +252,7 @@
   for (idx=0; idx < 500; idx++)
     {
       char buf[100];
-
+      
       if (!(idx % 10))
         {
           if ( !(idx % 3))
@@ -266,7 +266,7 @@
     }
 
   listall (se);
-
+  
   session_env_release (se);
 
   session_env_release (se_0);
@@ -291,3 +291,4 @@
 
   return 0;
 }
+
diff -Nru gnupg2-2.1.6/common/t-sexputil.c gnupg2-2.0.28/common/t-sexputil.c
--- gnupg2-2.1.6/common/t-sexputil.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-sexputil.c	2015-06-02 08:13:55.000000000 +0000
@@ -35,7 +35,7 @@
 {
   int algo;
   /* A real world example.  */
-  unsigned char example1_rsa_sha1[] =
+  unsigned char example1_rsa_sha1[] = 
     ("\x28\x37\x3A\x73\x69\x67\x2D\x76\x61\x6C\x28\x33\x3A\x72\x73\x61"
      "\x28\x31\x3A\x73\x31\x32\x38\x3A\x17\xD2\xE9\x5F\xB4\x24\xD4\x1E"
      "\x8C\xEE\x94\xDA\x41\x42\x1F\x26\x5E\xF4\x6D\xEC\x5B\xBD\x5B\x89"
@@ -48,7 +48,7 @@
      "\x27\xAC\x43\x45\xFA\x04\xD1\x22\x29\x29\x28\x34\x3A\x68\x61\x73"
      "\x68\x34\x3A\x73\x68\x61\x31\x29\x29");
   /* The same but without the hash algo. */
-  unsigned char example1_rsa[] =
+  unsigned char example1_rsa[] = 
     ("\x28\x37\x3A\x73\x69\x67\x2D\x76\x61\x6C\x28\x33\x3A\x72\x73\x61"
      "\x28\x31\x3A\x73\x31\x32\x38\x3A\x17\xD2\xE9\x5F\xB4\x24\xD4\x1E"
      "\x8C\xEE\x94\xDA\x41\x42\x1F\x26\x5E\xF4\x6D\xEC\x5B\xBD\x5B\x89"
@@ -105,7 +105,7 @@
       "\x3d\x14\xbb\xea\x63\x65\xa7\xf1\xf2\xf8\x97\x74\xa7\x29\x28\x31"
       "\x3a\x65\x34\x3a\x40\x00\x00\x81\x29\x29\x29",
       171
-    },
+    }, 
     {
       "\x63\xB4\x12\x48\x08\x48\xC0\x76\xAA\x8E\xF1\xF8\x7F\x5E\x9B\x89",
       16,
@@ -116,7 +116,7 @@
       "\x48\xc0\x76\xaa\x8e\xf1\xf8\x7f\x5e\x9b\x89\x29\x28\x31\x3a\x65"
       "\x31\x3a\x03\x29\x29\x29",
       54,
-    },
+    }, 
     {
       "",
       0,
@@ -149,7 +149,7 @@
           fprintf (stderr, "%s:%d: out of core\n", __FILE__, __LINE__);
           exit (1);
         }
-
+      
       if (length != tests[idx].resultlen)
         fail (idx);
       if (memcmp (sexp, tests[idx].result, tests[idx].resultlen))
@@ -189,3 +189,4 @@
 
   return 0;
 }
+
diff -Nru gnupg2-2.1.6/common/t-ssh-utils.c gnupg2-2.0.28/common/t-ssh-utils.c
--- gnupg2-2.1.6/common/t-ssh-utils.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-ssh-utils.c	2015-06-02 08:13:55.000000000 +0000
@@ -120,14 +120,14 @@
   fp = fopen (fname, "rb");
   if (!fp)
     {
-      fprintf (stderr, "%s:%d: can't open '%s': %s\n",
+      fprintf (stderr, "%s:%d: can't open `%s': %s\n",
                __FILE__, __LINE__, fname, strerror (errno));
       exit (1);
     }
 
   if (fstat (fileno(fp), &st))
     {
-      fprintf (stderr, "%s:%d: can't stat '%s': %s\n",
+      fprintf (stderr, "%s:%d: can't stat `%s': %s\n",
                __FILE__, __LINE__, fname, strerror (errno));
       exit (1);
     }
@@ -136,7 +136,7 @@
   buf = xmalloc (buflen+1);
   if (fread (buf, buflen, 1, fp) != 1)
     {
-      fprintf (stderr, "%s:%d: error reading '%s': %s\n",
+      fprintf (stderr, "%s:%d: error reading `%s': %s\n",
                __FILE__, __LINE__, fname, strerror (errno));
       exit (1);
     }
diff -Nru gnupg2-2.1.6/common/t-stringhelp.c gnupg2-2.0.28/common/t-stringhelp.c
--- gnupg2-2.1.6/common/t-stringhelp.c	2015-06-22 17:19:28.000000000 +0000
+++ gnupg2-2.0.28/common/t-stringhelp.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,698 +0,0 @@
-/* t-stringhelp.c - Regression tests for stringhelp.c
- * Copyright (C) 2007 Free Software Foundation, Inc.
- *               2015  g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_PWD_H
-# include 
-#endif
-#include 
-#include 
-
-#include "stringhelp.h"
-
-#include "t-support.h"
-
-
-static char *home_buffer;
-
-
-const char *
-gethome (void)
-{
-  if (!home_buffer)
-    {
-      char *home = getenv("HOME");
-
-      if(home)
-        home_buffer = xstrdup (home);
-#if defined(HAVE_GETPWUID) && defined(HAVE_PWD_H)
-      else
-        {
-          struct passwd *pwd;
-
-          pwd = getpwuid (getuid());
-          if (pwd)
-            home_buffer = xstrdup (pwd->pw_dir);
-        }
-#endif
-    }
-  return home_buffer;
-}
-
-
-static char *
-mygetcwd (void)
-{
-  char *buffer;
-  size_t size = 100;
-
-  for (;;)
-    {
-      buffer = xmalloc (size+1);
-#ifdef HAVE_W32CE_SYSTEM
-      strcpy (buffer, "/");  /* Always "/".  */
-      return buffer;
-#else
-      if (getcwd (buffer, size) == buffer)
-        return buffer;
-      xfree (buffer);
-      if (errno != ERANGE)
-        {
-          fprintf (stderr,"error getting current cwd: %s\n",
-                   strerror (errno));
-          exit (2);
-        }
-      size *= 2;
-#endif
-    }
-}
-
-
-static void
-test_percent_escape (void)
-{
-  char *result;
-  static struct {
-    const char *extra;
-    const char *value;
-    const char *expected;
-  } tests[] =
-    {
-      { NULL, "", "" },
-      { NULL, "%", "%25" },
-      { NULL, "%%", "%25%25" },
-      { NULL, " %", " %25" },
-      { NULL, ":", "%3a" },
-      { NULL, " :", " %3a" },
-      { NULL, ": ", "%3a " },
-      { NULL, " : ", " %3a " },
-      { NULL, "::", "%3a%3a" },
-      { NULL, ": :", "%3a %3a" },
-      { NULL, "%:", "%25%3a" },
-      { NULL, ":%", "%3a%25" },
-      { "\\\n:", ":%", "%3a%25" },
-      { "\\\n:", "\\:%", "%5c%3a%25" },
-      { "\\\n:", "\n:%", "%0a%3a%25" },
-      { "\\\n:", "\xff:%", "\xff%3a%25" },
-      { "\\\n:", "\xfe:%", "\xfe%3a%25" },
-      { "\\\n:", "\x01:%", "\x01%3a%25" },
-      { "\x01",  "\x01:%", "%01%3a%25" },
-      { "\xfe",  "\xfe:%", "%fe%3a%25" },
-      { "\xfe",  "\xff:%", "\xff%3a%25" },
-
-      { NULL, NULL, NULL }
-    };
-  int testno;
-
-  result = percent_escape (NULL, NULL);
-  if (result)
-    fail (0);
-  for (testno=0; tests[testno].value; testno++)
-    {
-      result = percent_escape (tests[testno].value, tests[testno].extra);
-      if (!result)
-        fail (testno);
-      if (strcmp (result, tests[testno].expected))
-        fail (testno);
-      xfree (result);
-    }
-
-}
-
-
-static void
-test_compare_filenames (void)
-{
-  struct {
-    const char *a;
-    const char *b;
-    int result;
-  } tests[] = {
-    { "", "", 0 },
-    { "", "a", -1 },
-    { "a", "", 1 },
-    { "a", "a", 0 },
-    { "a", "aa", -1 },
-    { "aa", "a", 1 },
-    { "a",  "b", -1  },
-
-#ifdef HAVE_W32_SYSTEM
-    { "a", "A", 0 },
-    { "A", "a", 0 },
-    { "foo/bar", "foo\\bar", 0 },
-    { "foo\\bar", "foo/bar", 0 },
-    { "foo\\", "foo/", 0 },
-    { "foo/", "foo\\", 0 },
-#endif /*HAVE_W32_SYSTEM*/
-    { NULL, NULL, 0}
-  };
-  int testno, result;
-
-  for (testno=0; tests[testno].a; testno++)
-    {
-      result = compare_filenames (tests[testno].a, tests[testno].b);
-      result = result < 0? -1 : result > 0? 1 : 0;
-      if (result != tests[testno].result)
-        fail (testno);
-    }
-}
-
-
-static void
-test_strconcat (void)
-{
-  char *out;
-
-  out = strconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", NULL);
-  if (!out)
-    fail (0);
-  else
-    xfree (out);
-  out = strconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", NULL);
-  if (out)
-    fail (0);
-  else if (errno != EINVAL)
-    fail (0);
-
-  out = strconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", NULL);
-  if (out)
-    fail (0);
-  else if (errno != EINVAL)
-    fail (0);
-
-#if __GNUC__ < 4 /* gcc 4.0 has a sentinel attribute.  */
-  out = strconcat (NULL);
-  if (!out || *out)
-    fail (1);
-#endif
-  out = strconcat (NULL, NULL);
-  if (!out || *out)
-    fail (1);
-  out = strconcat ("", NULL);
-  if (!out || *out)
-    fail (1);
-  xfree (out);
-
-  out = strconcat ("", "", NULL);
-  if (!out || *out)
-    fail (2);
-  xfree (out);
-
-  out = strconcat ("a", "b", NULL);
-  if (!out || strcmp (out, "ab"))
-    fail (3);
-  xfree (out);
-  out = strconcat ("a", "b", "c", NULL);
-  if (!out || strcmp (out, "abc"))
-    fail (3);
-  xfree (out);
-
-  out = strconcat ("a", "b", "cc", NULL);
-  if (!out || strcmp (out, "abcc"))
-    fail (4);
-  xfree (out);
-  out = strconcat ("a1", "b1", "c1", NULL);
-  if (!out || strcmp (out, "a1b1c1"))
-    fail (4);
-  xfree (out);
-
-  out = strconcat ("", " long b ", "", "--even-longer--", NULL);
-  if (!out || strcmp (out, " long b --even-longer--"))
-    fail (5);
-  xfree (out);
-
-  out = strconcat ("", " long b ", "", "--even-longer--", NULL);
-  if (!out || strcmp (out, " long b --even-longer--"))
-    fail (5);
-  xfree (out);
-}
-
-static void
-test_xstrconcat (void)
-{
-  char *out;
-
-  out = xstrconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                   "1", "2", "3", "4", "5", "6", "7", NULL);
-  if (!out)
-    fail (0);
-
-#if __GNUC__ < 4 /* gcc 4.0 has a sentinel attribute.  */
-  out = xstrconcat (NULL);
-  if (!out)
-    fail (1);
-#endif
-  out = xstrconcat (NULL, NULL);
-  if (!out)
-    fail (1);
-  out = xstrconcat ("", NULL);
-  if (!out || *out)
-    fail (1);
-  xfree (out);
-
-  out = xstrconcat ("", "", NULL);
-  if (!out || *out)
-    fail (2);
-  xfree (out);
-
-  out = xstrconcat ("a", "b", NULL);
-  if (!out || strcmp (out, "ab"))
-    fail (3);
-  xfree (out);
-  out = xstrconcat ("a", "b", "c", NULL);
-  if (!out || strcmp (out, "abc"))
-    fail (3);
-  xfree (out);
-
-  out = xstrconcat ("a", "b", "cc", NULL);
-  if (!out || strcmp (out, "abcc"))
-    fail (4);
-  xfree (out);
-  out = xstrconcat ("a1", "b1", "c1", NULL);
-  if (!out || strcmp (out, "a1b1c1"))
-    fail (4);
-  xfree (out);
-
-  out = xstrconcat ("", " long b ", "", "--even-longer--", NULL);
-  if (!out || strcmp (out, " long b --even-longer--"))
-    fail (5);
-  xfree (out);
-
-  out = xstrconcat ("", " long b ", "", "--even-longer--", NULL);
-  if (!out || strcmp (out, " long b --even-longer--"))
-    fail (5);
-  xfree (out);
-}
-
-
-static void
-test_make_filename_try (void)
-{
-  char *out;
-  const char *home = gethome ();
-  size_t homelen = home? strlen (home):0;
-
-  out = make_filename_try ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                           "1", "2", "3", NULL);
-  if (out)
-    fail (0);
-  else if (errno != EINVAL)
-    fail (0);
-  xfree (out);
-  out = make_filename_try ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                           "1", "2", "3", "4", NULL);
-  if (out)
-    fail (0);
-  else if (errno != EINVAL)
-    fail (0);
-  xfree (out);
-
-  out = make_filename_try ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
-                           "1", "2", NULL);
-  if (!out || strcmp (out,
-                      "1/2/3/4/5/6/7/8/9/10/"
-                      "1/2/3/4/5/6/7/8/9/10/"
-                      "1/2/3/4/5/6/7/8/9/10/"
-                      "1/2"))
-    fail (0);
-  xfree (out);
-
-  out = make_filename_try ("foo", "~/bar", "baz/cde", NULL);
-  if (!out || strcmp (out, "foo/~/bar/baz/cde"))
-    fail (1);
-  xfree (out);
-
-  out = make_filename_try ("foo", "~/bar", "baz/cde/", NULL);
-  if (!out || strcmp (out, "foo/~/bar/baz/cde/"))
-    fail (1);
-  xfree (out);
-
-  out = make_filename_try ("/foo", "~/bar", "baz/cde/", NULL);
-  if (!out || strcmp (out, "/foo/~/bar/baz/cde/"))
-    fail (1);
-  xfree (out);
-
-  out = make_filename_try ("//foo", "~/bar", "baz/cde/", NULL);
-  if (!out || strcmp (out, "//foo/~/bar/baz/cde/"))
-    fail (1);
-  xfree (out);
-
-  out = make_filename_try ("", "~/bar", "baz/cde", NULL);
-  if (!out || strcmp (out, "/~/bar/baz/cde"))
-    fail (1);
-  xfree (out);
-
-
-  out = make_filename_try ("~/foo", "bar", NULL);
-  if (!out)
-    fail (2);
-  if (home)
-    {
-      if (strlen (out) < homelen + 7)
-        fail (2);
-      if (strncmp (out, home, homelen))
-        fail (2);
-      if (strcmp (out+homelen, "/foo/bar"))
-        fail (2);
-    }
-  else
-    {
-      if (strcmp (out, "~/foo/bar"))
-        fail (2);
-    }
-  xfree (out);
-
-  out = make_filename_try ("~", "bar", NULL);
-  if (!out)
-    fail (2);
-  if (home)
-    {
-      if (strlen (out) < homelen + 3)
-        fail (2);
-      if (strncmp (out, home, homelen))
-        fail (2);
-      if (strcmp (out+homelen, "/bar"))
-        fail (2);
-    }
-  else
-    {
-      if (strcmp (out, "~/bar"))
-        fail (2);
-    }
-  xfree (out);
-}
-
-
-static void
-test_make_absfilename_try (void)
-{
-  char *out;
-  char *cwd = mygetcwd ();
-  size_t cwdlen = strlen (cwd);
-
-  out = make_absfilename_try ("foo", "bar", NULL);
-  if (!out)
-    fail (0);
-  if (strlen (out) < cwdlen + 7)
-    fail (0);
-  if (strncmp (out, cwd, cwdlen))
-    fail (0);
-  if (strcmp (out+cwdlen, "/foo/bar"))
-    fail (0);
-  xfree (out);
-
-  out = make_absfilename_try ("./foo", NULL);
-  if (!out)
-    fail (1);
-  if (strlen (out) < cwdlen + 5)
-    fail (1);
-  if (strncmp (out, cwd, cwdlen))
-    fail (1);
-  if (strcmp (out+cwdlen, "/./foo"))
-    fail (1);
-  xfree (out);
-
-  out = make_absfilename_try (".", NULL);
-  if (!out)
-    fail (2);
-  if (strlen (out) < cwdlen)
-    fail (2);
-  if (strncmp (out, cwd, cwdlen))
-    fail (2);
-  if (strcmp (out+cwdlen, ""))
-    fail (2);
-  xfree (out);
-
-  xfree (cwd);
-}
-
-static void
-test_strsplit (void)
-{
-  struct {
-    const char *s;
-    char delim;
-    char replacement;
-    const char *fields_expected[10];
-  } tv[] = {
-    {
-      "a:bc:cde:fghi:jklmn::foo:", ':', '\0',
-      { "a", "bc", "cde", "fghi", "jklmn", "", "foo", "", NULL }
-    },
-    {
-      ",a,bc,,def,", ',', '!',
-      { "!a!bc!!def!", "a!bc!!def!", "bc!!def!", "!def!", "def!", "", NULL }
-    },
-    {
-      "", ':', ',',
-      { "", NULL }
-    }
-  };
-
-  int tidx;
-
-  for (tidx = 0; tidx < DIM(tv); tidx++)
-    {
-      char *s2;
-      int field_count;
-      char **fields;
-      int field_count_expected;
-      int i;
-
-      /* Count the fields.  */
-      for (field_count_expected = 0;
-           tv[tidx].fields_expected[field_count_expected];
-           field_count_expected ++)
-        ;
-
-      /* We need to copy s since strsplit modifies it in place.  */
-      s2 = xstrdup (tv[tidx].s);
-      fields = strsplit (s2, tv[tidx].delim, tv[tidx].replacement,
-                         &field_count);
-
-      if (field_count != field_count_expected)
-        fail (tidx * 1000);
-
-      for (i = 0; i < field_count_expected; i ++)
-        if (strcmp (tv[tidx].fields_expected[i], fields[i]) != 0)
-          {
-            printf ("For field %d, expected '%s', but got '%s'\n",
-                    i, tv[tidx].fields_expected[i], fields[i]);
-            fail (tidx * 1000 + i + 1);
-          }
-
-      xfree (s2);
-    }
-}
-
-
-
-static void
-test_strtokenize (void)
-{
-  struct {
-    const char *s;
-    const char *delim;
-    const char *fields_expected[10];
-  } tv[] = {
-    {
-      "", ":",
-      { "", NULL }
-    },
-    {
-      "a", ":",
-      { "a", NULL }
-    },
-    {
-      ":", ":",
-      { "", "", NULL }
-    },
-    {
-      "::", ":",
-      { "", "", "", NULL }
-    },
-    {
-      "a:b:c", ":",
-      { "a", "b", "c", NULL }
-    },
-    {
-      "a:b:", ":",
-      { "a", "b", "", NULL }
-    },
-    {
-      "a:b", ":",
-      { "a", "b", NULL }
-    },
-    {
-      "aa:b:cd", ":",
-      { "aa", "b", "cd", NULL }
-    },
-    {
-      "aa::b:cd", ":",
-      { "aa", "", "b", "cd", NULL }
-    },
-    {
-      "::b:cd", ":",
-      { "", "", "b", "cd", NULL }
-    },
-    {
-      "aa:   : b:cd ", ":",
-      { "aa", "", "b", "cd", NULL }
-    },
-    {
-      "  aa:   : b:  cd ", ":",
-      { "aa", "", "b", "cd", NULL }
-    },
-    {
-      "  ", ":",
-      { "", NULL }
-    },
-    {
-      "  :", ":",
-      { "", "", NULL }
-    },
-    {
-      "  : ", ":",
-      { "", "", NULL }
-    },
-    {
-      ": ", ":",
-      { "", "", NULL }
-    },
-    {
-      ": x ", ":",
-      { "", "x", NULL }
-    },
-    {
-      "a:bc:cde:fghi:jklmn::foo:", ":",
-      { "a", "bc", "cde", "fghi", "jklmn", "", "foo", "", NULL }
-    },
-    {
-      ",a,bc,,def,", ",",
-      { "", "a", "bc", "", "def", "", NULL }
-    },
-    {
-      " a ", " ",
-      { "", "a", "", NULL }
-    },
-    {
-      " ", " ",
-      { "", "", NULL }
-    },
-    {
-      "", " ",
-      { "", NULL }
-    }
-  };
-
-  int tidx;
-
-  for (tidx = 0; tidx < DIM(tv); tidx++)
-    {
-      char **fields;
-      int field_count;
-      int field_count_expected;
-      int i;
-
-      for (field_count_expected = 0;
-           tv[tidx].fields_expected[field_count_expected];
-           field_count_expected ++)
-        ;
-
-      fields = strtokenize (tv[tidx].s, tv[tidx].delim);
-      if (!fields)
-        fail (tidx * 1000);
-      else
-        {
-          for (field_count = 0; fields[field_count]; field_count++)
-            ;
-          if (field_count != field_count_expected)
-            fail (tidx * 1000);
-          else
-            {
-              for (i = 0; i < field_count_expected; i++)
-                if (strcmp (tv[tidx].fields_expected[i], fields[i]))
-                  {
-                    printf ("For field %d, expected '%s', but got '%s'\n",
-                            i, tv[tidx].fields_expected[i], fields[i]);
-                    fail (tidx * 1000 + i + 1);
-                  }
-            }
-          }
-
-      xfree (fields);
-    }
-}
-
-
-int
-main (int argc, char **argv)
-{
-  (void)argc;
-  (void)argv;
-
-  test_percent_escape ();
-  test_compare_filenames ();
-  test_strconcat ();
-  test_xstrconcat ();
-  test_make_filename_try ();
-  test_make_absfilename_try ();
-  test_strsplit ();
-  test_strtokenize ();
-
-  xfree (home_buffer);
-  return 0;
-}
diff -Nru gnupg2-2.1.6/common/t-support.h gnupg2-2.0.28/common/t-support.h
--- gnupg2-2.1.6/common/t-support.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-support.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,76 +0,0 @@
-/* t-support.h - Helper for the regression tests
- * Copyright (C) 2007  Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifndef GNUPG_COMMON_T_SUPPORT_H
-#define GNUPG_COMMON_T_SUPPORT_H 1
-
-#ifdef GCRYPT_VERSION
-#error The regression tests should not include with gcrypt.h
-#endif
-
-#ifdef HAVE_W32CE_SYSTEM
-#include   /* Defines strerror.  */
-#endif
-
-
-#ifndef HAVE_GETENV
-# define getenv(a)  (NULL)
-#endif
-
-#ifndef DIM
-# define DIM(v)		     (sizeof(v)/sizeof((v)[0]))
-# define DIMof(type,member)   DIM(((type *)0)->member)
-#endif
-
-
-/* Replacement prototypes. */
-void *gcry_xmalloc (size_t n);
-void *gcry_xcalloc (size_t n, size_t m);
-void *gcry_xrealloc (void *a, size_t n);
-char *gcry_xstrdup (const char * a);
-void  gcry_free (void *a);
-
-/* Map the used xmalloc functions to those implemented by t-support.c */
-#define xmalloc(a)    gcry_xmalloc ( (a) )
-#define xcalloc(a,b)  gcry_xcalloc ( (a), (b) )
-#define xrealloc(a,n) gcry_xrealloc ( (a), (n) )
-#define xstrdup(a)    gcry_xstrdup ( (a) )
-#define xfree(a)      gcry_free ( (a) )
-
-
-/* Macros to print the result of a test.  */
-#define pass()  do { ; } while(0)
-#define fail(a)  do { fprintf (stderr, "%s:%d: test %d failed\n",\
-                               __FILE__,__LINE__, (a));          \
-                     exit (1);                                   \
-                   } while(0)
-
-
-#endif /*GNUPG_COMMON_T_SUPPORT_H*/
diff -Nru gnupg2-2.1.6/common/t-sysutils.c gnupg2-2.0.28/common/t-sysutils.c
--- gnupg2-2.1.6/common/t-sysutils.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-sysutils.c	2015-06-02 08:13:55.000000000 +0000
@@ -24,10 +24,6 @@
 #include "util.h"
 #include "sysutils.h"
 
-#ifdef HAVE_W32CE_SYSTEM
-# define rewind(f) do { fseek (f, 0, SEEK_SET); clearerr (f); } while (0)
-#endif
-
 #define pass()  do { ; } while(0)
 #define fail(a)  do { fprintf (stderr, "%s:%d: test %d failed\n",\
                                __FILE__,__LINE__, (a));          \
@@ -83,7 +79,7 @@
     verbose = 1;
 
   test_gnupg_tmpfile ();
-  /* Fixme: Add tests for setenv and unsetenv.  */
 
   return !!errcount;
 }
+
diff -Nru gnupg2-2.1.6/common/t-timestuff.c gnupg2-2.0.28/common/t-timestuff.c
--- gnupg2-2.1.6/common/t-timestuff.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-timestuff.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,172 +0,0 @@
-/* t-timestuff.c - Regression tests for time functions
- * Copyright (C) 2007 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "mischelp.h"
-
-#include "t-support.h"
-
-
-static int
-cmp_time_s (struct tm *a, struct tm *b)
-{
-  if (a->tm_year != b->tm_year
-      || a->tm_mon  != b->tm_mon
-      || a->tm_mday != b->tm_mday
-      || a->tm_hour != b->tm_hour
-      || a->tm_min  != b->tm_min
-      || a->tm_sec  != b->tm_sec
-      || a->tm_wday != b->tm_wday
-      || a->tm_yday != b->tm_yday
-      || !a->tm_isdst != !b->tm_isdst)
-    return -1;
-  return 0;
-}
-
-
-
-static void
-test_timegm (void)
-{
-  static struct {
-    int year, mon, mday, hour, min, sec;
-  } tvalues[] = {
-    { -1 },
-    { -2,  1 },
-    { -2,  2 },
-    { -2,  86399 },
-    { -2,  86400 },
-    { -2,  0x7ffffffe },
-    { -2,  0x7fffffff },
-    /* Note: Because we use mktime below we can only start with the
-       day after Epoch.  */
-    { 1970, 0, 2, 0, 0 , 1},
-    { 1970, 0, 2, 0, 0 , 2},
-    { 1970, 0, 2, 12, 0 , 0},
-    { 1970, 0, 2, 23, 59 , 59},
-    { 1999, 11, 31, 23, 59 , 59},
-    { 2000, 0, 1, 0, 0, 0},
-    { 2000, 0, 1, 0, 0, 1},
-    { 2010, 11, 31, 23, 59 , 59},
-    { 2010, 0, 1, 0, 0, 0},
-    { 2010, 0, 1, 0, 0, 1},
-    /* On GNU based 32 bit systems the end of all ticks will be on
-       20380119T031408 (unless Uli takes compassion on us and changes
-       time_t to a u64).  We check that the previous day is okay.  */
-    { 2038, 0, 18, 23, 59, 59}
-
-  };
-  int tidx;
-  time_t now, atime;
-  struct tm tbuf, tbuf2, *tp;
-
-  for (tidx=0; tidx < DIM (tvalues); tidx++)
-    {
-      if (tvalues[tidx].year == -1)
-        {
-          now = time (NULL);
-        }
-      else if (tvalues[tidx].year == -2)
-        {
-          now = tvalues[tidx].mon;
-        }
-      else
-        {
-          memset (&tbuf, 0, sizeof tbuf);
-          tbuf.tm_year = tvalues[tidx].year - 1900;
-          tbuf.tm_mon  = tvalues[tidx].mon;
-          tbuf.tm_mday = tvalues[tidx].mday;
-          tbuf.tm_hour = tvalues[tidx].hour;
-          tbuf.tm_min  = tvalues[tidx].min;
-          tbuf.tm_sec  = tvalues[tidx].sec;
-#ifdef HAVE_TIMEGM
-          now = timegm (&tbuf);
-#else
-          now = mktime (&tbuf);
-#endif
-        }
-      if (now == (time_t)(-1))
-        fail (tidx);
-
-      tp = gmtime (&now);
-      if (!tp)
-        fail (tidx);
-      tbuf = *tp;
-      tbuf2 = tbuf;
-#ifdef HAVE_TIMEGM
-      atime = timegm (&tbuf);
-#else
-      atime = mktime (&tbuf);
-#endif
-      if (atime == (time_t)(-1))
-        fail (tidx);
-      if (atime != now)
-        fail (tidx);
-
-      tp = gmtime (&atime);
-      if (!tp)
-        fail (tidx);
-      if (cmp_time_s (tp, &tbuf))
-        fail (tidx);
-      if (cmp_time_s (tp, &tbuf2))
-        fail (tidx);
-    }
-}
-
-
-
-int
-main (int argc, char **argv)
-{
-  (void)argc;
-  (void)argv;
-
-  /* If we do not have timegm, we use mktime.  However, we need to use
-     UTC in this case so that the 20380118T235959 test does not fail
-     for other timezones.  */
-#ifndef HAVE_TIMEGM
-# ifdef HAVE_SETENV
-  setenv ("TZ", "UTC", 1);
-#else
-  putenv (xstrdup ("TZ=UTC"));
-#endif
-  tzset ();
-#endif
-
-  test_timegm ();
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/common/ttyio.c gnupg2-2.0.28/common/ttyio.c
--- gnupg2-2.1.6/common/ttyio.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/ttyio.c	2015-06-02 08:13:55.000000000 +0000
@@ -1,25 +1,15 @@
 /* ttyio.c -  tty i/O functions
  * Copyright (C) 1998,1999,2000,2001,2002,2003,2004,2006,2007,
- *               2009, 2010 Free Software Foundation, Inc.
+ *               2009 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -34,25 +24,20 @@
 #include 
 #include 
 #include 
-
-#if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
-# define USE_W32_CONSOLE 1
-#endif
-
 #ifdef HAVE_TCGETATTR
-#include 
+# include 
 #else
-#ifdef HAVE_TERMIO_H
-/* simulate termios with termio */
-#include 
-#define termios termio
-#define tcsetattr ioctl
-#define TCSAFLUSH TCSETAF
-#define tcgetattr(A,B) ioctl(A,TCGETA,B)
-#define HAVE_TCGETATTR
-#endif
+# ifdef HAVE_TERMIO_H
+   /* Simulate termios with termio.  */
+#  include 
+#  define termios termio
+#  define tcsetattr ioctl
+#  define TCSAFLUSH TCSETAF
+#  define tcgetattr(A,B) ioctl(A,TCGETA,B)
+#  define HAVE_TCGETATTR
+# endif
 #endif
-#ifdef USE_W32_CONSOLE
+#ifdef _WIN32 /* use the odd Win32 functions */
 # ifdef HAVE_WINSOCK2_H
 #  include 
 # endif
@@ -66,12 +51,12 @@
 
 #include "util.h"
 #include "ttyio.h"
+#include "estream-printf.h"
 #include "common-defs.h"
 
 #define CONTROL_D ('D' - 'A' + 1)
 
-
-#ifdef USE_W32_CONSOLE
+#ifdef _WIN32 /* use the odd Win32 functions */
 static struct {
     HANDLE in, out;
 } con;
@@ -135,7 +120,7 @@
     }
 #endif /*HAVE_CTERMID*/
   /* Assume the standard tty on memory error or when tehre is no
-     ctermid. */
+     certmid. */
   return name? name : "/dev/tty";
 }
 
@@ -159,7 +144,7 @@
     if( initialized )
 	return;
 
-#if defined(USE_W32_CONSOLE)
+#if defined(_WIN32)
     {
 	SECURITY_ATTRIBUTES sa;
 
@@ -187,12 +172,10 @@
     ttyfp = stdout; /* Fixme: replace by the real functions: see wklib */
     if (my_rl_init_stream)
       my_rl_init_stream (ttyfp);
-#elif defined (HAVE_W32CE_SYSTEM)
-    ttyfp = stderr;
 #else
     ttyfp = batchmode? stderr : fopen (tty_get_ttyname (), "r+");
     if( !ttyfp ) {
-	log_error("cannot open '%s': %s\n", tty_get_ttyname (),
+	log_error("cannot open `%s': %s\n", tty_get_ttyname (),
                   strerror(errno) );
 	exit(2);
     }
@@ -237,7 +220,7 @@
 	init_ttyfp();
 
     va_start( arg_ptr, fmt ) ;
-#ifdef USE_W32_CONSOLE
+#ifdef _WIN32
     {
         char *buf = NULL;
         int n;
@@ -265,14 +248,14 @@
 /* Same as tty_printf but if FP is not NULL, behave like a regular
    fprintf. */
 void
-tty_fprintf (estream_t fp, const char *fmt, ... )
+tty_fprintf (FILE *fp, const char *fmt, ... )
 {
   va_list arg_ptr;
 
   if (fp)
     {
       va_start (arg_ptr, fmt) ;
-      es_vfprintf (fp, fmt, arg_ptr );
+      vfprintf (fp, fmt, arg_ptr );
       va_end (arg_ptr);
       return;
     }
@@ -280,131 +263,83 @@
   if (no_terminal)
     return;
 
-  if (!initialized)
-    init_ttyfp ();
+  if( !initialized )
+    init_ttyfp();
+
+    va_start( arg_ptr, fmt ) ;
+#ifdef _WIN32
+    {
+        char *buf = NULL;
+        int n;
+	DWORD nwritten;
+
+	n = vasprintf(&buf, fmt, arg_ptr);
+	if( !buf )
+	    log_bug("vasprintf() failed\n");
 
-  va_start (arg_ptr, fmt);
-#ifdef USE_W32_CONSOLE
-  {
-    char *buf = NULL;
-    int n;
-    DWORD nwritten;
-
-    n = vasprintf(&buf, fmt, arg_ptr);
-    if (!buf)
-      log_bug("vasprintf() failed\n");
-
-    if (!WriteConsoleA( con.out, buf, n, &nwritten, NULL ))
-      log_fatal("WriteConsole failed: rc=%d", (int)GetLastError() );
-    if (n != nwritten)
-      log_fatal("WriteConsole failed: %d != %d\n", n, (int)nwritten );
-    last_prompt_len += n;
-    xfree (buf);
-  }
+	if( !WriteConsoleA( con.out, buf, n, &nwritten, NULL ) )
+	    log_fatal("WriteConsole failed: rc=%d", (int)GetLastError() );
+	if( n != nwritten )
+	    log_fatal("WriteConsole failed: %d != %d\n", n, (int)nwritten );
+	last_prompt_len += n;
+        xfree (buf);
+    }
 #else
-  last_prompt_len += vfprintf(ttyfp,fmt,arg_ptr) ;
-  fflush(ttyfp);
+    last_prompt_len += vfprintf(ttyfp,fmt,arg_ptr) ;
+    fflush(ttyfp);
 #endif
-  va_end(arg_ptr);
+    va_end(arg_ptr);
 }
 
 
 /****************
- * Print a string, but filter all control characters out.  If FP is
- * not NULL print to that stream instead to the tty.
+ * Print a string, but filter all control characters out.
  */
 void
-tty_print_string (estream_t fp, const byte *p, size_t n )
+tty_print_string ( const byte *p, size_t n )
 {
-    if (no_terminal && !fp)
+    if (no_terminal)
 	return;
 
-    if( !initialized & !fp)
+    if( !initialized )
 	init_ttyfp();
 
-#ifdef USE_W32_CONSOLE
+#ifdef _WIN32
     /* not so effective, change it if you want */
-    if (fp)
-      {
-        for( ; n; n--, p++ )
-          {
-            if( iscntrl( *p ) )
-              {
-                if( *p == '\n' )
-                  tty_fprintf (fp, "\\n");
-                else if( !*p )
-                  tty_fprintf (fp, "\\0");
-                else
-                  tty_fprintf (fp, "\\x%02x", *p);
-              }
-            else
-              tty_fprintf (fp, "%c", *p);
-          }
-      }
-    else
-      {
-        for( ; n; n--, p++ )
-          {
-            if( iscntrl( *p ) )
-              {
-                if( *p == '\n' )
-                  tty_printf ("\\n");
-                else if( !*p )
-                  tty_printf ("\\0");
-                else
-                  tty_printf ("\\x%02x", *p);
-              }
-            else
-              tty_printf ("%c", *p);
-          }
-      }
+    for( ; n; n--, p++ )
+	if( iscntrl( *p ) ) {
+	    if( *p == '\n' )
+		tty_printf("\\n");
+	    else if( !*p )
+		tty_printf("\\0");
+	    else
+		tty_printf("\\x%02x", *p);
+	}
+	else
+	    tty_printf("%c", *p);
 #else
-    if (fp)
-      {
-        for( ; n; n--, p++ )
-          {
-            if (iscntrl (*p))
-              {
-                es_putc ('\\', fp);
-                if ( *p == '\n' )
-                  es_putc ('n', fp);
-                else if ( !*p )
-                  es_putc ('0', fp);
-                else
-                  es_fprintf (fp, "x%02x", *p);
-              }
-            else
-              es_putc (*p, fp);
-          }
-      }
-    else
-      {
-        for (; n; n--, p++)
-          {
-            if (iscntrl (*p))
-              {
-                putc ('\\', ttyfp);
-                if ( *p == '\n' )
-                  putc ('n', ttyfp);
-                else if ( !*p )
-                  putc ('0', ttyfp);
-                else
-                  fprintf (ttyfp, "x%02x", *p );
-              }
-            else
-              putc (*p, ttyfp);
-          }
-      }
+    for( ; n; n--, p++ )
+	if( iscntrl( *p ) ) {
+	    putc('\\', ttyfp);
+	    if( *p == '\n' )
+		putc('n', ttyfp);
+	    else if( !*p )
+		putc('0', ttyfp);
+	    else
+		fprintf(ttyfp, "x%02x", *p );
+	}
+	else
+	    putc(*p, ttyfp);
 #endif
 }
 
 void
-tty_print_utf8_string2 (estream_t fp, const byte *p, size_t n, size_t max_n)
+tty_print_utf8_string2( const byte *p, size_t n, size_t max_n )
 {
     size_t i;
     char *buf;
 
-    if (no_terminal && !fp)
+    if (no_terminal)
 	return;
 
     /* we can handle plain ascii simpler, so check for it first */
@@ -418,22 +353,21 @@
 	    buf[max_n] = 0;
 	}
 	/*(utf8 conversion already does the control character quoting)*/
-	tty_fprintf (fp, "%s", buf);
-	xfree (buf);
+	tty_printf("%s", buf );
+	xfree( buf );
     }
     else {
 	if( max_n && (n > max_n) ) {
 	    n = max_n;
 	}
-	tty_print_string (fp, p, n );
+	tty_print_string( p, n );
     }
 }
 
-
 void
 tty_print_utf8_string( const byte *p, size_t n )
 {
-  tty_print_utf8_string2 (NULL, p, n, 0);
+    tty_print_utf8_string2( p, n, 0 );
 }
 
 
@@ -464,7 +398,7 @@
     buf = xmalloc((n=50));
     i = 0;
 
-#ifdef USE_W32_CONSOLE
+#ifdef _WIN32 /* windoze version */
     if( hidden )
 	SetConsoleMode(con.in, HID_INPMODE );
 
@@ -498,17 +432,9 @@
     if( hidden )
 	SetConsoleMode(con.in, DEF_INPMODE );
 
-#elif defined(__riscos__) || defined(HAVE_W32CE_SYSTEM)
+#elif defined(__riscos__)
     do {
-#ifdef HAVE_W32CE_SYSTEM
-      /* Using getchar is not a correct solution but for now it
-         doesn't matter becuase we have no real console at all.  We
-         should rework this as soon as we have switched this entire
-         module to estream.  */
-        c = getchar();
-#else
         c = riscos_getchar();
-#endif
         if (c == 0xa || c == 0xd) { /* Return || Enter */
             c = (int) '\n';
         } else if (c == 0x8 || c == 0x7f) { /* Backspace || Delete */
@@ -546,7 +472,7 @@
         }
     } while (c != '\n');
     i = (i>0) ? i-1 : 0;
-#else /* Other systems. */
+#else /* unix version */
     if( hidden ) {
 #ifdef HAVE_TCGETATTR
 	struct termios term;
@@ -587,6 +513,7 @@
 	i = 1;
     }
 
+
     if( hidden ) {
 #ifdef HAVE_TCGETATTR
 	if( tcsetattr(fileno(ttyfp), TCSAFLUSH, &termsave) )
@@ -648,7 +575,7 @@
   char *answer;
 
   va_start (arg_ptr, promptfmt);
-  if (gpgrt_vasprintf (&prompt, promptfmt, arg_ptr) < 0)
+  if (estream_vasprintf (&prompt, promptfmt, arg_ptr) < 0)
     log_fatal ("estream_vasprintf failed: %s\n", strerror (errno));
   va_end (arg_ptr);
   answer = tty_get (prompt);
@@ -678,7 +605,7 @@
 	last_prompt_len = 0;
     if( !last_prompt_len )
 	return;
-#ifdef USE_W32_CONSOLE
+#ifdef _WIN32
     tty_printf("\r%*s\r", last_prompt_len, "");
 #else
     {
diff -Nru gnupg2-2.1.6/common/ttyio.h gnupg2-2.0.28/common/ttyio.h
--- gnupg2-2.1.6/common/ttyio.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/ttyio.h	2015-06-02 08:13:55.000000000 +0000
@@ -4,22 +4,12 @@
  *
  * This file is part of GNUPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GNUPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -38,19 +28,18 @@
 #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
 void tty_printf (const char *fmt, ... )
                  __attribute__ ((format (printf,1,2)));
-void tty_fprintf (estream_t fp, const char *fmt, ... )
+void tty_fprintf (FILE *fp, const char *fmt, ... )
                  __attribute__ ((format (printf,2,3)));
 char *tty_getf (const char *promptfmt, ... )
                  __attribute__ ((format (printf,1,2)));
 #else
 void tty_printf (const char *fmt, ... );
-void tty_fprintf (estream_t fp, const char *fmt, ... );
+void tty_fprintf (FILE *fp, const char *fmt, ... );
 char *tty_getf (const char *promptfmt, ... );
 #endif
-void tty_print_string (estream_t fp, const unsigned char *p, size_t n);
+void tty_print_string (const unsigned char *p, size_t n);
 void tty_print_utf8_string (const unsigned char *p, size_t n);
-void tty_print_utf8_string2 (estream_t fp,
-                             const unsigned char *p, size_t n, size_t max_n);
+void tty_print_utf8_string2 (const unsigned char *p, size_t n, size_t max_n);
 char *tty_get (const char *prompt);
 char *tty_get_hidden (const char *prompt);
 void tty_kill_prompt (void);
diff -Nru gnupg2-2.1.6/common/t-w32-reg.c gnupg2-2.0.28/common/t-w32-reg.c
--- gnupg2-2.1.6/common/t-w32-reg.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-w32-reg.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,80 +0,0 @@
-/* t-w32-reg.c - Regression tests for W32 registry functions
- * Copyright (C) 2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "mischelp.h"
-
-#include "t-support.h"
-#include "w32help.h"
-
-
-static void
-test_read_registry (void)
-{
-  char *string;
-
-#ifdef HAVE_W32CE_SYSTEM
-  string = read_w32_registry_string ("HKEY_CLASSES_ROOT",
-                                     "BOOTSTRAP\\CLSID", NULL);
-  if (!string)
-    fail (0);
-  fprintf (stderr, "Bootstrap clsid: %s\n", string);
-  xfree (string);
-#endif
-
-  string = read_w32_registry_string
-    ("HKEY_CURRENT_USER",
-     "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
-     "User Agent");
-  if (!string)
-    fail (0);
-  fprintf (stderr, "User agent: %s\n", string);
-  xfree (string);
-}
-
-
-
-
-int
-main (int argc, char **argv)
-{
-  (void)argc;
-  (void)argv;
-
-  test_read_registry ();
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/common/types.h gnupg2-2.0.28/common/types.h
--- gnupg2-2.1.6/common/types.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/types.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,126 +0,0 @@
-/* types.h - define some extra types
- *	Copyright (C) 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifndef GNUPG_COMMON_TYPES_H
-#define GNUPG_COMMON_TYPES_H
-
-#ifdef HAVE_INTTYPES_H
-# include 
-#endif
-
-/* The AC_CHECK_SIZEOF() in configure fails for some machines.
- * we provide some fallback values here */
-#if !SIZEOF_UNSIGNED_SHORT
-#  undef SIZEOF_UNSIGNED_SHORT
-#  define SIZEOF_UNSIGNED_SHORT 2
-#endif
-#if !SIZEOF_UNSIGNED_INT
-#  undef SIZEOF_UNSIGNED_INT
-#  define SIZEOF_UNSIGNED_INT 4
-#endif
-#if !SIZEOF_UNSIGNED_LONG
-#  undef SIZEOF_UNSIGNED_LONG
-#  define SIZEOF_UNSIGNED_LONG 4
-#endif
-
-
-#include 
-
-
-/* We use byte as an abbreviation for unsigned char.  On some
-   platforms this needs special treatment:
-
-   - RISC OS:
-     Norcroft C treats char  = unsigned char  as legal assignment
-                   but char* = unsigned char* as illegal assignment
-     and the same applies to the signed variants as well.  Thus we use
-     char which is anyway unsigned.
-
-   - Windows:
-     Windows typedefs byte in the RPC headers but we need to avoid a
-     warning about a double definition.
- */
-#ifndef HAVE_BYTE_TYPEDEF
-#  undef byte	    /* There might be a macro with this name.  */
-#  ifdef __riscos__
-     typedef char byte;
-#  elif !(defined(_WIN32) && defined(cbNDRContext))
-     typedef unsigned char byte;
-#  endif
-#  define HAVE_BYTE_TYPEDEF
-#endif /*!HAVE_BYTE_TYPEDEF*/
-
-#ifndef HAVE_USHORT_TYPEDEF
-#  undef ushort     /* There might be a macro with this name.  */
-   typedef unsigned short ushort;
-#  define HAVE_USHORT_TYPEDEF
-#endif
-
-#ifndef HAVE_ULONG_TYPEDEF
-#  undef ulong	    /* There might be a macro with this name.  */
-   typedef unsigned long ulong;
-#  define HAVE_ULONG_TYPEDEF
-#endif
-
-#ifndef HAVE_U16_TYPEDEF
-#  undef u16	    /* There might be a macro with this name.  */
-#  if SIZEOF_UNSIGNED_INT == 2
-     typedef unsigned int   u16;
-#  elif SIZEOF_UNSIGNED_SHORT == 2
-     typedef unsigned short u16;
-#  else
-#    error no typedef for u16
-#  endif
-#  define HAVE_U16_TYPEDEF
-#endif
-
-#ifndef HAVE_U32_TYPEDEF
-#  undef u32        /* There might be a macro with this name.  */
-#  if SIZEOF_UNSIGNED_INT == 4
-     typedef unsigned int u32;
-#  elif SIZEOF_UNSIGNED_LONG == 4
-     typedef unsigned long u32;
-#  else
-#    error no typedef for u32
-#  endif
-#  define HAVE_U32_TYPEDEF
-#endif
-
-
-/* Some GCC attributes.  Note that we use also define some in
-   mischelp.h, but this header and types.h are not always included.
-   Should eventually be put into one file (e.g. nlib-common.h).  */
-#if __GNUC__ >= 4
-# define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a)))
-#else
-# define GNUPG_GCC_A_SENTINEL(a)
-#endif
-
-#endif /*GNUPG_COMMON_TYPES_H*/
diff -Nru gnupg2-2.1.6/common/t-zb32.c gnupg2-2.0.28/common/t-zb32.c
--- gnupg2-2.1.6/common/t-zb32.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/t-zb32.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,113 +0,0 @@
-/* t-zb32.c - Module tests for zb32.c
- * Copyright (C) 2014  Werner Koch
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "util.h"
-
-#define pass()  do { ; } while(0)
-#define fail(a)  do { fprintf (stderr, "%s:%d: test %d failed\n",\
-                               __FILE__,__LINE__, (a));          \
-                     errcount++;                                 \
-                   } while(0)
-
-static int errcount;
-
-
-static void
-test_zb32enc (void)
-{
-  static struct {
-    size_t datalen;
-    char *data;
-    const char *expected;
-  } tests[] = {
-    /* From the DESIGN document.  */
-    {  1, "\x00", "y" },
-    {  1, "\x80", "o" },
-    {  2, "\x40", "e" },
-    {  2, "\xc0", "a" },
-    { 10, "\x00\x00", "yy" },
-    { 10, "\x80\x80", "on" },
-    { 20, "\x8b\x88\x80", "tqre" },
-    { 24, "\xf0\xbf\xc7", "6n9hq" },
-    { 24, "\xd4\x7a\x04", "4t7ye" },
-    /* The next vector is strange: The DESIGN document from 2007 gives
-       "8ik66o" as result, the revision from 2009 gives "6im5sd".  I
-       look at it for quite some time and came to the conclusion that
-       "6im54d" is the right encoding.  */
-    { 30, "\xf5\x57\xbd\x0c", "6im54d" },
-    /* From ccrtp's Java code.  */
-    { 40, "\x01\x01\x01\x01\x01", "yryonyeb" },
-    { 15, "\x01\x01", "yry" },
-    { 80, "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01", "yryonyebyryonyeb" },
-    { 15, "\x81\x81", "ogy" },
-    { 16, "\x81\x81", "ogyo" },
-    { 20, "\x81\x81\x81", "ogya" },
-    { 64, "\x81\x81\x81\x81\x81\x81\x81\x81", "ogyadycbogyan" },
-    /* More tests.  */
-    { 160, "\x80\x61\x58\x70\xF5\xBA\xD6\x90\x33\x36"
-      /* */"\x86\xD0\xF2\xAD\x85\xAC\x1E\x42\xB3\x67",
-      /* */"oboioh8izmmjyc3so5exfmcfioxrfc58" },
-    { 0,  "", "" }
-  };
-  int tidx;
-  char *output;
-
-  for (tidx = 0; tidx < DIM(tests); tidx++)
-    {
-      output = zb32_encode (tests[tidx].data, tests[tidx].datalen);
-      if (!output)
-        {
-          fprintf (stderr, "%s:%d: error encoding test %d: %s\n",
-                   __FILE__, __LINE__, tidx, strerror (errno));
-          exit (1);
-        }
-      /* puts (output); */
-      if (strcmp (output, tests[tidx].expected))
-        fail (tidx);
-      xfree (output);
-    }
-}
-
-
-int
-main (int argc, char **argv)
-{
-  (void)argc;
-  (void)argv;
-
-  test_zb32enc ();
-
-  return !!errcount;
-}
diff -Nru gnupg2-2.1.6/common/userids.c gnupg2-2.0.28/common/userids.c
--- gnupg2-2.1.6/common/userids.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/userids.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,376 +0,0 @@
-/* userids.c - Utility functions for user ids.
- * Copyright (C) 2001, 2003, 2004, 2006,
- *               2009 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-
-#include "util.h"
-#include "userids.h"
-
-
-/* Parse the user-id NAME and build a search description for it.
- * Returns 0 on success or an error code.  DESC may be NULL to merely
- * check the validity of a user-id.
- *
- * Some used rules:
- * - If the username starts with 8,9,16 or 17 hex-digits (the first one
- *   must be in the range 0..9), this is considered a keyid; depending
- *   on the length a short or complete one.
- * - If the username starts with 32,33,40 or 41 hex-digits (the first one
- *   must be in the range 0..9), this is considered a fingerprint.
- * - If the username starts with a left angle, we assume it is a complete
- *   email address and look only at this part.
- * - If the username starts with a colon we assume it is a unified
- *   key specfification.
- * - If the username starts with a '.', we assume it is the ending
- *   part of an email address
- * - If the username starts with an '@', we assume it is a part of an
- *   email address
- * - If the userid start with an '=' an exact compare is done.
- * - If the userid starts with a '*' a case insensitive substring search is
- *   done (This is the default).
- * - If the userid starts with a '+' we will compare individual words
- *   and a match requires that all the words are in the userid.
- *   Words are delimited by white space or "()<>[]{}.@-+_,;/&!"
- *   (note that you can't search for these characters). Compare
- *   is not case sensitive.
- * - If the userid starts with a '&' a 40 hex digits keygrip is expected.
- */
-
-gpg_error_t
-classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
-{
-  const char *s;
-  int hexprefix = 0;
-  int hexlength;
-  int mode = 0;
-  KEYDB_SEARCH_DESC dummy_desc;
-
-  if (!desc)
-    desc = &dummy_desc;
-
-  /* Clear the structure so that the mode field is set to zero unless
-     we set it to the correct value right at the end of this
-     function. */
-  memset (desc, 0, sizeof *desc);
-
-  /* Skip leading spaces.  */
-  for(s = name; *s && spacep (s); s++ )
-    ;
-
-  switch (*s)
-    {
-    case 0:  /* Empty string is an error.  */
-      return gpg_error (GPG_ERR_INV_USER_ID);
-
-    case '.': /* An email address, compare from end.  Note that this
-                 has not yet been implemented in the search code.  */
-      mode = KEYDB_SEARCH_MODE_MAILEND;
-      s++;
-      desc->u.name = s;
-      break;
-
-    case '<': /* An email address.  */
-      mode = KEYDB_SEARCH_MODE_MAIL;
-      /* FIXME: The keyring code in g10 assumes that the mail name is
-         prefixed with an '<'.  However the keybox code used for sm/
-         assumes it has been removed.  For now we use this simple hack
-         to overcome the problem.  */
-      if (!openpgp_hack)
-        s++;
-      desc->u.name = s;
-      break;
-
-    case '@':  /* Part of an email address.  */
-      mode = KEYDB_SEARCH_MODE_MAILSUB;
-      s++;
-      desc->u.name = s;
-      break;
-
-    case '=':  /* Exact compare.  */
-      mode = KEYDB_SEARCH_MODE_EXACT;
-      s++;
-      desc->u.name = s;
-      break;
-
-    case '*':  /* Case insensitive substring search.  */
-      mode = KEYDB_SEARCH_MODE_SUBSTR;
-      s++;
-      desc->u.name = s;
-      break;
-
-    case '+':  /* Compare individual words.  Note that this has not
-                  yet been implemented in the search code.  */
-      mode = KEYDB_SEARCH_MODE_WORDS;
-      s++;
-      desc->u.name = s;
-      break;
-
-    case '/': /* Subject's DN.  */
-      s++;
-      if (!*s || spacep (s)) /* No DN or prefixed with a space.  */
-        return gpg_error (GPG_ERR_INV_USER_ID);
-      desc->u.name = s;
-      mode = KEYDB_SEARCH_MODE_SUBJECT;
-      break;
-
-    case '#': /* S/N with optional issuer id or just issuer id.  */
-      {
-        const char *si;
-
-        s++;
-        if ( *s == '/')
-          { /* "#/" indicates an issuer's DN.  */
-            s++;
-            if (!*s || spacep (s)) /* No DN or prefixed with a space.  */
-              return gpg_error (GPG_ERR_INV_USER_ID);
-            desc->u.name = s;
-            mode = KEYDB_SEARCH_MODE_ISSUER;
-          }
-        else
-          { /* Serialnumber + optional issuer ID.  */
-            for (si=s; *si && *si != '/'; si++)
-              {
-                 /* Check for an invalid digit in the serial number. */
-                if (!strchr("01234567890abcdefABCDEF", *si))
-                  return gpg_error (GPG_ERR_INV_USER_ID);
-              }
-            desc->sn = (const unsigned char*)s;
-            desc->snlen = -1;
-            if (!*si)
-              mode = KEYDB_SEARCH_MODE_SN;
-            else
-              {
-                s = si+1;
-                if (!*s || spacep (s))  /* No DN or prefixed with a space.  */
-                  return gpg_error (GPG_ERR_INV_USER_ID);
-                desc->u.name = s;
-                mode = KEYDB_SEARCH_MODE_ISSUER_SN;
-              }
-          }
-      }
-      break;
-
-    case ':': /* Unified fingerprint. */
-      {
-        const char *se, *si;
-        int i;
-
-        se = strchr (++s,':');
-        if (!se)
-          return gpg_error (GPG_ERR_INV_USER_ID);
-        for (i=0,si=s; si < se; si++, i++ )
-          {
-            if (!strchr("01234567890abcdefABCDEF", *si))
-              return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid digit.  */
-          }
-        if (i != 32 && i != 40)
-          return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid length of fpr.  */
-        for (i=0,si=s; si < se; i++, si +=2)
-          desc->u.fpr[i] = hextobyte(si);
-        for (; i < 20; i++)
-          desc->u.fpr[i]= 0;
-        s = se + 1;
-        mode = KEYDB_SEARCH_MODE_FPR;
-      }
-      break;
-
-    case '&': /* Keygrip*/
-      {
-        if (hex2bin (s+1, desc->u.grip, 20) < 0)
-          return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid. */
-        mode = KEYDB_SEARCH_MODE_KEYGRIP;
-      }
-      break;
-
-    default:
-      if (s[0] == '0' && s[1] == 'x')
-        {
-          hexprefix = 1;
-          s += 2;
-        }
-
-      hexlength = strspn(s, "0123456789abcdefABCDEF");
-      if (hexlength >= 8 && s[hexlength] =='!')
-        {
-          desc->exact = 1;
-          hexlength++; /* Just for the following check.  */
-        }
-
-      /* Check if a hexadecimal number is terminated by EOS or blank.  */
-      if (hexlength && s[hexlength] && !spacep (s+hexlength))
-        {
-          if (hexprefix) /* A "0x" prefix without a correct
-                            termination is an error.  */
-            return gpg_error (GPG_ERR_INV_USER_ID);
-          /* The first characters looked like a hex number, but the
-             entire string is not.  */
-          hexlength = 0;
-        }
-
-      if (desc->exact)
-        hexlength--; /* Remove the bang.  */
-
-      if (hexlength == 8
-          || (!hexprefix && hexlength == 9 && *s == '0'))
-        {
-          /* Short keyid.  */
-          if (hexlength == 9)
-            s++;
-          desc->u.kid[1] = strtoul( s, NULL, 16 );
-          mode = KEYDB_SEARCH_MODE_SHORT_KID;
-        }
-      else if (hexlength == 16
-               || (!hexprefix && hexlength == 17 && *s == '0'))
-        {
-          /* Long keyid.  */
-          char buf[9];
-          if (hexlength == 17)
-            s++;
-          mem2str (buf, s, 9);
-          desc->u.kid[0] = strtoul (buf, NULL, 16);
-          desc->u.kid[1] = strtoul (s+8, NULL, 16);
-          mode = KEYDB_SEARCH_MODE_LONG_KID;
-        }
-      else if (hexlength == 32
-               || (!hexprefix && hexlength == 33 && *s == '0'))
-        {
-          /* MD5 fingerprint.  */
-          int i;
-          if (hexlength == 33)
-            s++;
-          memset (desc->u.fpr+16, 0, 4);
-          for (i=0; i < 16; i++, s+=2)
-            {
-              int c = hextobyte(s);
-              if (c == -1)
-                return gpg_error (GPG_ERR_INV_USER_ID);
-              desc->u.fpr[i] = c;
-            }
-          mode = KEYDB_SEARCH_MODE_FPR16;
-        }
-      else if (hexlength == 40
-               || (!hexprefix && hexlength == 41 && *s == '0'))
-        {
-          /* SHA1/RMD160 fingerprint.  */
-          int i;
-          if (hexlength == 41)
-            s++;
-          for (i=0; i < 20; i++, s+=2)
-            {
-              int c = hextobyte(s);
-              if (c == -1)
-                return gpg_error (GPG_ERR_INV_USER_ID);
-              desc->u.fpr[i] = c;
-            }
-          mode = KEYDB_SEARCH_MODE_FPR20;
-        }
-      else if (!hexprefix)
-        {
-          /* The fingerprint in an X.509 listing is often delimited by
-             colons, so we try to single this case out. */
-          mode = 0;
-          hexlength = strspn (s, ":0123456789abcdefABCDEF");
-          if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
-            {
-              int i;
-
-              for (i=0; i < 20; i++, s += 3)
-                {
-                  int c = hextobyte(s);
-                  if (c == -1 || (i < 19 && s[2] != ':'))
-                    break;
-                  desc->u.fpr[i] = c;
-                }
-              if (i == 20)
-                mode = KEYDB_SEARCH_MODE_FPR20;
-            }
-          if (!mode)
-            {
-              /* Still not found.  Now check for a space separated
-                 OpenPGP v4 fingerprint like:
-                   8061 5870 F5BA D690 3336  86D0 F2AD 85AC 1E42 B367
-                 or
-                   8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367
-               */
-              hexlength = strspn (s, " 0123456789abcdefABCDEF");
-              if (s[hexlength] && s[hexlength] != ' ')
-                hexlength = 0; /* Followed by non-space.  */
-              while (hexlength && s[hexlength-1] == ' ')
-                hexlength--;   /* Trim trailing spaces.  */
-              if ((hexlength == 49 || hexlength == 50)
-                  && (!s[hexlength] || s[hexlength] == ' '))
-                {
-                  int i, c;
-
-                  for (i=0; i < 20; i++)
-                    {
-                      if (i && !(i % 2))
-                        {
-                          if (*s != ' ')
-                            break;
-                          s++;
-                          /* Skip the double space in the middle but
-                             don't require it to help copying
-                             fingerprints from sources which fold
-                             multiple space to one.  */
-                          if (i == 10 && *s == ' ')
-                            s++;
-                        }
-
-                      c = hextobyte(s);
-                      if (c == -1)
-                        break;
-                      desc->u.fpr[i] = c;
-                      s += 2;
-                    }
-                  if (i == 20)
-                    mode = KEYDB_SEARCH_MODE_FPR20;
-                }
-            }
-          if (!mode) /* Default to substring search.  */
-            {
-              desc->exact = 0;
-              desc->u.name = s;
-              mode = KEYDB_SEARCH_MODE_SUBSTR;
-            }
-        }
-      else
-	{
-          /* Hex number with a prefix but with a wrong length.  */
-          return gpg_error (GPG_ERR_INV_USER_ID);
-        }
-    }
-
-  desc->mode = mode;
-  return 0;
-}
diff -Nru gnupg2-2.1.6/common/userids.h gnupg2-2.0.28/common/userids.h
--- gnupg2-2.1.6/common/userids.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/userids.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,39 +0,0 @@
-/* userids.h - Utility functions for user ids.
- * Copyright (C) 2009 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef GNUPG_COMMON_USERIDS_H
-#define GNUPG_COMMON_USERIDS_H
-
-#include "../kbx/keybox-search-desc.h"
-
-gpg_error_t classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc,
-                              int openpgp_hack);
-
-
-#endif /*GNUPG_COMMON_USERIDS_H*/
diff -Nru gnupg2-2.1.6/common/utf8conv.c gnupg2-2.0.28/common/utf8conv.c
--- gnupg2-2.1.6/common/utf8conv.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/utf8conv.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,787 +0,0 @@
-/* utf8conf.c -  UTF8 character set conversion
- * Copyright (C) 1994, 1998, 1999, 2000, 2001, 2003, 2006,
- *               2008, 2010  Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_LANGINFO_CODESET
-#include 
-#endif
-#include 
-#ifndef HAVE_ANDROID_SYSTEM
-# include 
-#endif
-
-#include "util.h"
-#include "common-defs.h"
-#include "i18n.h"
-#include "stringhelp.h"
-#include "utf8conv.h"
-
-#ifndef MB_LEN_MAX
-#define MB_LEN_MAX 16
-#endif
-
-static const char *active_charset_name = "iso-8859-1";
-static int no_translation;     /* Set to true if we let simply pass through. */
-static int use_iconv;          /* iconv conversion functions required. */
-
-
-#ifdef HAVE_ANDROID_SYSTEM
-/* Fake stuff to get things building.  */
-typedef void *iconv_t;
-#define ICONV_CONST
-
-static iconv_t
-iconv_open (const char *tocode, const char *fromcode)
-{
-  (void)tocode;
-  (void)fromcode;
-  return (iconv_t)(-1);
-}
-
-static size_t
-iconv (iconv_t cd, char **inbuf, size_t *inbytesleft,
-       char **outbuf, size_t *outbytesleft)
-{
-  (void)cd;
-  (void)inbuf;
-  (void)inbytesleft;
-  (void)outbuf;
-  (void)outbytesleft;
-  return (size_t)(0);
-}
-
-static int
-iconv_close (iconv_t cd)
-{
-  (void)cd;
-  return 0;
-}
-#endif /*HAVE_ANDROID_SYSTEM*/
-
-
-/* Error handler for iconv failures. This is needed to not clutter the
-   output with repeated diagnostics about a missing conversion. */
-static void
-handle_iconv_error (const char *to, const char *from, int use_fallback)
-{
-  if (errno == EINVAL)
-    {
-      static int shown1, shown2;
-      int x;
-
-      if (to && !strcmp (to, "utf-8"))
-        {
-          x = shown1;
-          shown1 = 1;
-        }
-      else
-        {
-          x = shown2;
-          shown2 = 1;
-        }
-
-      if (!x)
-        log_info (_("conversion from '%s' to '%s' not available\n"),
-                  from, to);
-    }
-  else
-    {
-      static int shown;
-
-      if (!shown)
-        log_info (_("iconv_open failed: %s\n"), strerror (errno));
-      shown = 1;
-    }
-
-  if (use_fallback)
-    {
-      /* To avoid further error messages we fallback to Latin-1 for the
-         native encoding.  This is justified as one can expect that on a
-         utf-8 enabled system nl_langinfo() will work and thus we won't
-         never get to here.  Thus Latin-1 seems to be a reasonable
-         default.  */
-      active_charset_name = "iso-8859-1";
-      no_translation = 0;
-      use_iconv = 0;
-    }
-}
-
-
-
-int
-set_native_charset (const char *newset)
-{
-  const char *full_newset;
-
-  if (!newset)
-    {
-#ifdef HAVE_ANDROID_SYSTEM
-      newset = "utf-8";
-#elif defined HAVE_W32_SYSTEM
-      static char codepage[30];
-      unsigned int cpno;
-      const char *aliases;
-
-      /* We are a console program thus we need to use the
-         GetConsoleOutputCP function and not the the GetACP which
-         would give the codepage for a GUI program.  Note this is not
-         a bulletproof detection because GetConsoleCP might return a
-         different one for console input.  Not sure how to cope with
-         that.  If the console Code page is not known we fall back to
-         the system code page.  */
-#ifndef HAVE_W32CE_SYSTEM
-      cpno = GetConsoleOutputCP ();
-      if (!cpno)
-#endif
-        cpno = GetACP ();
-      sprintf (codepage, "CP%u", cpno );
-      /* Resolve alias.  We use a long string string and not the usual
-         array to optimize if the code is taken to a DSO.  Taken from
-         libiconv 1.9.2. */
-      newset = codepage;
-      for (aliases = ("CP936"   "\0" "GBK" "\0"
-                      "CP1361"  "\0" "JOHAB" "\0"
-                      "CP20127" "\0" "ASCII" "\0"
-                      "CP20866" "\0" "KOI8-R" "\0"
-                      "CP21866" "\0" "KOI8-RU" "\0"
-                      "CP28591" "\0" "ISO-8859-1" "\0"
-                      "CP28592" "\0" "ISO-8859-2" "\0"
-                      "CP28593" "\0" "ISO-8859-3" "\0"
-                      "CP28594" "\0" "ISO-8859-4" "\0"
-                      "CP28595" "\0" "ISO-8859-5" "\0"
-                      "CP28596" "\0" "ISO-8859-6" "\0"
-                      "CP28597" "\0" "ISO-8859-7" "\0"
-                      "CP28598" "\0" "ISO-8859-8" "\0"
-                      "CP28599" "\0" "ISO-8859-9" "\0"
-                      "CP28605" "\0" "ISO-8859-15" "\0"
-                      "CP65001" "\0" "UTF-8" "\0");
-           *aliases;
-           aliases += strlen (aliases) + 1, aliases += strlen (aliases) + 1)
-        {
-          if (!strcmp (codepage, aliases) ||(*aliases == '*' && !aliases[1]))
-            {
-              newset = aliases + strlen (aliases) + 1;
-              break;
-            }
-        }
-
-#else /*!HAVE_W32_SYSTEM && !HAVE_ANDROID_SYSTEM*/
-
-#ifdef HAVE_LANGINFO_CODESET
-      newset = nl_langinfo (CODESET);
-#else /*!HAVE_LANGINFO_CODESET*/
-      /* Try to get the used charset from environment variables.  */
-      static char codepage[30];
-      const char *lc, *dot, *mod;
-
-      strcpy (codepage, "iso-8859-1");
-      lc = getenv ("LC_ALL");
-      if (!lc || !*lc)
-        {
-          lc = getenv ("LC_CTYPE");
-          if (!lc || !*lc)
-            lc = getenv ("LANG");
-        }
-      if (lc && *lc)
-        {
-          dot = strchr (lc, '.');
-          if (dot)
-            {
-              mod = strchr (++dot, '@');
-              if (!mod)
-                mod = dot + strlen (dot);
-              if (mod - dot < sizeof codepage && dot != mod)
-                {
-                  memcpy (codepage, dot, mod - dot);
-                  codepage [mod - dot] = 0;
-                }
-            }
-        }
-      newset = codepage;
-#endif /*!HAVE_LANGINFO_CODESET*/
-#endif /*!HAVE_W32_SYSTEM && !HAVE_ANDROID_SYSTEM*/
-    }
-
-  full_newset = newset;
-  if (strlen (newset) > 3 && !ascii_memcasecmp (newset, "iso", 3))
-    {
-      newset += 3;
-      if (*newset == '-' || *newset == '_')
-        newset++;
-    }
-
-  /* Note that we silently assume that plain ASCII is actually meant
-     as Latin-1.  This makes sense because many Unix system don't have
-     their locale set up properly and thus would get annoying error
-     messages and we have to handle all the "bug" reports. Latin-1 has
-     always been the character set used for 8 bit characters on Unix
-     systems. */
-  if ( !*newset
-       || !ascii_strcasecmp (newset, "8859-1" )
-       || !ascii_strcasecmp (newset, "646" )
-       || !ascii_strcasecmp (newset, "ASCII" )
-       || !ascii_strcasecmp (newset, "ANSI_X3.4-1968" )
-       )
-    {
-      active_charset_name = "iso-8859-1";
-      no_translation = 0;
-      use_iconv = 0;
-    }
-  else if ( !ascii_strcasecmp (newset, "utf8" )
-            || !ascii_strcasecmp(newset, "utf-8") )
-    {
-      active_charset_name = "utf-8";
-      no_translation = 1;
-      use_iconv = 0;
-    }
-  else
-    {
-      iconv_t cd;
-
-      cd = iconv_open (full_newset, "utf-8");
-      if (cd == (iconv_t)-1)
-        {
-          handle_iconv_error (full_newset, "utf-8", 0);
-          return -1;
-        }
-      iconv_close (cd);
-      cd = iconv_open ("utf-8", full_newset);
-      if (cd == (iconv_t)-1)
-        {
-          handle_iconv_error ("utf-8", full_newset, 0);
-          return -1;
-        }
-      iconv_close (cd);
-      active_charset_name = full_newset;
-      no_translation = 0;
-      use_iconv = 1;
-    }
-  return 0;
-}
-
-const char *
-get_native_charset ()
-{
-  return active_charset_name;
-}
-
-/* Return true if the native charset is utf-8.  */
-int
-is_native_utf8 (void)
-{
-  return no_translation;
-}
-
-
-/* Convert string, which is in native encoding to UTF8 and return a
-   new allocated UTF-8 string.  This function terminates the process
-   on memory shortage.  */
-char *
-native_to_utf8 (const char *orig_string)
-{
-  const unsigned char *string = (const unsigned char *)orig_string;
-  const unsigned char *s;
-  char *buffer;
-  unsigned char *p;
-  size_t length = 0;
-
-  if (no_translation)
-    {
-      /* Already utf-8 encoded. */
-      buffer = xstrdup (orig_string);
-    }
-  else if (!use_iconv)
-    {
-      /* For Latin-1 we can avoid the iconv overhead. */
-      for (s = string; *s; s++)
-	{
-	  length++;
-	  if (*s & 0x80)
-	    length++;
-	}
-      buffer = xmalloc (length + 1);
-      for (p = (unsigned char *)buffer, s = string; *s; s++)
-	{
-	  if ( (*s & 0x80 ))
-	    {
-	      *p++ = 0xc0 | ((*s >> 6) & 3);
-	      *p++ = 0x80 | (*s & 0x3f);
-	    }
-	  else
-	    *p++ = *s;
-	}
-      *p = 0;
-    }
-  else
-    {
-      /* Need to use iconv.  */
-      iconv_t cd;
-      const char *inptr;
-      char *outptr;
-      size_t inbytes, outbytes;
-
-      cd = iconv_open ("utf-8", active_charset_name);
-      if (cd == (iconv_t)-1)
-        {
-          handle_iconv_error ("utf-8", active_charset_name, 1);
-          return native_to_utf8 (string);
-        }
-
-      for (s=string; *s; s++ )
-        {
-          length++;
-          if ((*s & 0x80))
-            length += 5; /* We may need up to 6 bytes for the utf8 output. */
-        }
-      buffer = xmalloc (length + 1);
-
-      inptr = string;
-      inbytes = strlen (string);
-      outptr = buffer;
-      outbytes = length;
-      if ( iconv (cd, (ICONV_CONST char **)&inptr, &inbytes,
-                  &outptr, &outbytes) == (size_t)-1)
-        {
-          static int shown;
-
-          if (!shown)
-            log_info (_("conversion from '%s' to '%s' failed: %s\n"),
-                      active_charset_name, "utf-8", strerror (errno));
-          shown = 1;
-          /* We don't do any conversion at all but use the strings as is. */
-          strcpy (buffer, string);
-        }
-      else /* Success.  */
-        {
-          *outptr = 0;
-          /* We could realloc the buffer now but I doubt that it makes
-             much sense given that it will get freed anyway soon
-             after.  */
-        }
-      iconv_close (cd);
-    }
-  return buffer;
-}
-
-
-
-static char *
-do_utf8_to_native (const char *string, size_t length, int delim,
-                   int with_iconv)
-{
-  int nleft;
-  int i;
-  unsigned char encbuf[8];
-  int encidx;
-  const unsigned char *s;
-  size_t n;
-  char *buffer = NULL;
-  char *p = NULL;
-  unsigned long val = 0;
-  size_t slen;
-  int resync = 0;
-
-  /* First pass (p==NULL): count the extended utf-8 characters.  */
-  /* Second pass (p!=NULL): create string.  */
-  for (;;)
-    {
-      for (slen = length, nleft = encidx = 0, n = 0,
-             s = (const unsigned char *)string;
-           slen;
-	   s++, slen--)
-	{
-	  if (resync)
-	    {
-	      if (!(*s < 128 || (*s >= 0xc0 && *s <= 0xfd)))
-		{
-		  /* Still invalid. */
-		  if (p)
-		    {
-		      sprintf (p, "\\x%02x", *s);
-		      p += 4;
-		    }
-		  n += 4;
-		  continue;
-		}
-	      resync = 0;
-	    }
-	  if (!nleft)
-	    {
-	      if (!(*s & 0x80))
-		{
-                  /* Plain ascii. */
-		  if ( delim != -1
-                       && (*s < 0x20 || *s == 0x7f || *s == delim
-                           || (delim && *s == '\\')))
-		    {
-		      n++;
-		      if (p)
-			*p++ = '\\';
-		      switch (*s)
-			{
-                        case '\n': n++; if ( p ) *p++ = 'n'; break;
-                        case '\r': n++; if ( p ) *p++ = 'r'; break;
-                        case '\f': n++; if ( p ) *p++ = 'f'; break;
-                        case '\v': n++; if ( p ) *p++ = 'v'; break;
-                        case '\b': n++; if ( p ) *p++ = 'b'; break;
-                        case    0: n++; if ( p ) *p++ = '0'; break;
-			default:
-			  n += 3;
-			  if (p)
-			    {
-			      sprintf (p, "x%02x", *s);
-			      p += 3;
-			    }
-			  break;
-			}
-		    }
-		  else
-		    {
-		      if (p)
-			*p++ = *s;
-		      n++;
-		    }
-		}
-	      else if ((*s & 0xe0) == 0xc0) /* 110x xxxx */
-		{
-		  val = *s & 0x1f;
-		  nleft = 1;
-		  encidx = 0;
-		  encbuf[encidx++] = *s;
-		}
-	      else if ((*s & 0xf0) == 0xe0) /* 1110 xxxx */
-		{
-		  val = *s & 0x0f;
-		  nleft = 2;
-		  encidx = 0;
-		  encbuf[encidx++] = *s;
-		}
-	      else if ((*s & 0xf8) == 0xf0) /* 1111 0xxx */
-		{
-		  val = *s & 0x07;
-		  nleft = 3;
-		  encidx = 0;
-		  encbuf[encidx++] = *s;
-		}
-	      else if ((*s & 0xfc) == 0xf8) /* 1111 10xx */
-		{
-		  val = *s & 0x03;
-		  nleft = 4;
-		  encidx = 0;
-		  encbuf[encidx++] = *s;
-		}
-	      else if ((*s & 0xfe) == 0xfc) /* 1111 110x */
-		{
-		  val = *s & 0x01;
-		  nleft = 5;
-		  encidx = 0;
-		  encbuf[encidx++] = *s;
-		}
-	      else /* Invalid encoding: print as \xNN. */
-		{
-		  if (p)
-		    {
-		      sprintf (p, "\\x%02x", *s);
-		      p += 4;
-		    }
-		  n += 4;
-		  resync = 1;
-		}
-	    }
-	  else if (*s < 0x80 || *s >= 0xc0) /* Invalid utf-8 */
-	    {
-	      if (p)
-		{
-		  for (i = 0; i < encidx; i++)
-		    {
-		      sprintf (p, "\\x%02x", encbuf[i]);
-		      p += 4;
-		    }
-		  sprintf (p, "\\x%02x", *s);
-		  p += 4;
-		}
-	      n += 4 + 4 * encidx;
-	      nleft = 0;
-	      encidx = 0;
-	      resync = 1;
-	    }
-	  else
-	    {
-	      encbuf[encidx++] = *s;
-	      val <<= 6;
-	      val |= *s & 0x3f;
-	      if (!--nleft)  /* Ready. */
-		{
-		  if (no_translation)
-		    {
-		      if (p)
-			{
-			  for (i = 0; i < encidx; i++)
-			    *p++ = encbuf[i];
-			}
-		      n += encidx;
-		      encidx = 0;
-		    }
-                  else if (with_iconv)
-                    {
-                      /* Our strategy for using iconv is a bit strange
-                         but it better keeps compatibility with
-                         previous versions in regard to how invalid
-                         encodings are displayed.  What we do is to
-                         keep the utf-8 as is and have the real
-                         translation step then at the end.  Yes, I
-                         know that this is ugly.  However we are short
-                         of the 1.4 release and for this branch we
-                         should not mess too much around with iconv
-                         things.  One reason for this is that we don't
-                         know enough about non-GNU iconv
-                         implementation and want to minimize the risk
-                         of breaking the code on too many platforms.  */
-                        if ( p )
-                          {
-                            for (i=0; i < encidx; i++ )
-                              *p++ = encbuf[i];
-                          }
-                        n += encidx;
-                        encidx = 0;
-                    }
-		  else 	/* Latin-1 case. */
-                    {
-		      if (val >= 0x80 && val < 256)
-			{
-                          /* We can simply print this character */
-			  n++;
-			  if (p)
-			    *p++ = val;
-			}
-		      else
-			{
-                          /* We do not have a translation: print utf8. */
-			  if (p)
-			    {
-			      for (i = 0; i < encidx; i++)
-				{
-				  sprintf (p, "\\x%02x", encbuf[i]);
-				  p += 4;
-				}
-			    }
-			  n += encidx * 4;
-			  encidx = 0;
-			}
-		    }
-		}
-
-	    }
-	}
-      if (!buffer)
-	{
-          /* Allocate the buffer after the first pass. */
-	  buffer = p = xmalloc (n + 1);
-	}
-      else if (with_iconv)
-        {
-          /* Note: See above for comments.  */
-          iconv_t cd;
-          const char *inptr;
-          char *outbuf, *outptr;
-          size_t inbytes, outbytes;
-
-          *p = 0;  /* Terminate the buffer. */
-
-          cd = iconv_open (active_charset_name, "utf-8");
-          if (cd == (iconv_t)-1)
-            {
-              handle_iconv_error (active_charset_name, "utf-8", 1);
-              xfree (buffer);
-              return utf8_to_native (string, length, delim);
-            }
-
-          /* Allocate a new buffer large enough to hold all possible
-             encodings. */
-          n = p - buffer + 1;
-          inbytes = n - 1;;
-          inptr = buffer;
-          outbytes = n * MB_LEN_MAX;
-          if (outbytes / MB_LEN_MAX != n)
-            BUG (); /* Actually an overflow. */
-          outbuf = outptr = xmalloc (outbytes);
-          if ( iconv (cd, (ICONV_CONST char **)&inptr, &inbytes,
-                      &outptr, &outbytes) == (size_t)-1)
-            {
-              static int shown;
-
-              if (!shown)
-                log_info (_("conversion from '%s' to '%s' failed: %s\n"),
-                          "utf-8", active_charset_name, strerror (errno));
-              shown = 1;
-              /* Didn't worked out.  Try again but without iconv.  */
-              xfree (buffer);
-              buffer = NULL;
-              xfree (outbuf);
-              outbuf = do_utf8_to_native (string, length, delim, 0);
-            }
-            else /* Success.  */
-              {
-                *outptr = 0; /* Make sure it is a string. */
-                /* We could realloc the buffer now but I doubt that it
-                   makes much sense given that it will get freed
-                   anyway soon after.  */
-                xfree (buffer);
-              }
-          iconv_close (cd);
-          return outbuf;
-        }
-      else /* Not using iconv. */
-	{
-	  *p = 0; /* Make sure it is a string. */
-	  return buffer;
-	}
-    }
-}
-
-/* Convert string, which is in UTF-8 to native encoding.  Replace
-   illegal encodings by some "\xnn" and quote all control
-   characters. A character with value DELIM will always be quoted, it
-   must be a vanilla ASCII character.  A DELIM value of -1 is special:
-   it disables all quoting of control characters.  This function
-   terminates the process on memory shortage.  */
-char *
-utf8_to_native (const char *string, size_t length, int delim)
-{
-  return do_utf8_to_native (string, length, delim, use_iconv);
-}
-
-
-
-
-/* Wrapper function for iconv_open, required for W32 as we dlopen that
-   library on that system.  */
-jnlib_iconv_t
-jnlib_iconv_open (const char *tocode, const char *fromcode)
-{
-  return (jnlib_iconv_t)iconv_open (tocode, fromcode);
-}
-
-
-/* Wrapper function for iconv, required for W32 as we dlopen that
-   library on that system.  */
-size_t
-jnlib_iconv (jnlib_iconv_t cd,
-             const char **inbuf, size_t *inbytesleft,
-             char **outbuf, size_t *outbytesleft)
-{
-  return iconv ((iconv_t)cd, (char**)inbuf, inbytesleft, outbuf, outbytesleft);
-}
-
-/* Wrapper function for iconv_close, required for W32 as we dlopen that
-   library on that system.  */
-int
-jnlib_iconv_close (jnlib_iconv_t cd)
-{
-  return iconv_close ((iconv_t)cd);
-}
-
-
-#ifdef HAVE_W32_SYSTEM
-/* Return a malloced string encoded in UTF-8 from the wide char input
-   string STRING.  Caller must free this value.  Returns NULL and sets
-   ERRNO on failure.  Calling this function with STRING set to NULL is
-   not defined.  */
-char *
-wchar_to_utf8 (const wchar_t *string)
-{
-  int n;
-  char *result;
-
-  n = WideCharToMultiByte (CP_UTF8, 0, string, -1, NULL, 0, NULL, NULL);
-  if (n < 0)
-    {
-      gpg_err_set_errno (EINVAL);
-      return NULL;
-    }
-
-  result = xtrymalloc (n+1);
-  if (!result)
-    return NULL;
-
-  n = WideCharToMultiByte (CP_UTF8, 0, string, -1, result, n, NULL, NULL);
-  if (n < 0)
-    {
-      xfree (result);
-      gpg_err_set_errno (EINVAL);
-      result = NULL;
-    }
-  return result;
-}
-
-
-/* Return a malloced wide char string from an UTF-8 encoded input
-   string STRING.  Caller must free this value.  Returns NULL and sets
-   ERRNO on failure.  Calling this function with STRING set to NULL is
-   not defined.  */
-wchar_t *
-utf8_to_wchar (const char *string)
-{
-  int n;
-  size_t nbytes;
-  wchar_t *result;
-
-  n = MultiByteToWideChar (CP_UTF8, 0, string, -1, NULL, 0);
-  if (n < 0)
-    {
-      gpg_err_set_errno (EINVAL);
-      return NULL;
-    }
-
-  nbytes = (size_t)(n+1) * sizeof(*result);
-  if (nbytes / sizeof(*result) != (n+1))
-    {
-      gpg_err_set_errno (ENOMEM);
-      return NULL;
-    }
-  result = xtrymalloc (nbytes);
-  if (!result)
-    return NULL;
-
-  n = MultiByteToWideChar (CP_UTF8, 0, string, -1, result, n);
-  if (n < 0)
-    {
-      xfree (result);
-      gpg_err_set_errno (EINVAL);
-      result = NULL;
-    }
-  return result;
-}
-#endif /*HAVE_W32_SYSTEM*/
diff -Nru gnupg2-2.1.6/common/utf8conv.h gnupg2-2.0.28/common/utf8conv.h
--- gnupg2-2.1.6/common/utf8conv.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/utf8conv.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,56 +0,0 @@
-/* utf8conf.h
- *	Copyright (C) 2003, 2006 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifndef GNUPG_COMMON_UTF8CONF_H
-#define GNUPG_COMMON_UTF8CONF_H
-
-int set_native_charset (const char *newset);
-const char *get_native_charset (void);
-int is_native_utf8 (void);
-
-char *native_to_utf8 (const char *string);
-char *utf8_to_native (const char *string, size_t length, int delim);
-
-
-/* Silly wrappers, required for W32 portability.  */
-typedef void *jnlib_iconv_t;
-
-jnlib_iconv_t jnlib_iconv_open (const char *tocode, const char *fromcode);
-size_t jnlib_iconv (jnlib_iconv_t cd, const char **inbuf, size_t *inbytesleft,
-                    char **outbuf, size_t *outbytesleft);
-int jnlib_iconv_close (jnlib_iconv_t cd);
-
-#ifdef HAVE_W32_SYSTEM
-char *wchar_to_utf8 (const wchar_t *string);
-wchar_t *utf8_to_wchar (const char *string);
-#endif /*HAVE_W32_SYSTEM*/
-
-
-#endif /*GNUPG_COMMON_UTF8CONF_H*/
diff -Nru gnupg2-2.1.6/common/util.h gnupg2-2.0.28/common/util.h
--- gnupg2-2.1.6/common/util.h	2015-06-30 20:18:00.000000000 +0000
+++ gnupg2-2.0.28/common/util.h	2015-06-02 08:13:55.000000000 +0000
@@ -3,176 +3,64 @@
  *
  * This file is part of GnuPG.
  *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
  */
 
 #ifndef GNUPG_COMMON_UTIL_H
 #define GNUPG_COMMON_UTIL_H
 
 #include  /* We need this for the memory function protos. */
+#include    /* We need time_t. */
 #include   /* We need errno.  */
-#include  /* We need gpg_error_t and estream. */
+#include  /* We need gpg_error_t. */
 
-/* These error codes are used but not defined in the required
-   libgpg-error version.  Define them here. */
-#if GPG_ERROR_VERSION_NUMBER < 0x011200  /* 1.18 */
-# define GPG_ERR_LEGACY_KEY     222
-# define GPG_ERR_OBJ_TERM_STATE 225
-# define GPG_ERR_FORBIDDEN      251
-#endif
-#if GPG_ERROR_VERSION_NUMBER < 0x011300  /* 1.19 */
-# define GPG_ERR_LDAP_GENERAL               721
-# define GPG_ERR_LDAP_ATTR_GENERAL          722
-# define GPG_ERR_LDAP_NAME_GENERAL          723
-# define GPG_ERR_LDAP_SECURITY_GENERAL      724
-# define GPG_ERR_LDAP_SERVICE_GENERAL       725
-# define GPG_ERR_LDAP_UPDATE_GENERAL        726
-# define GPG_ERR_LDAP_E_GENERAL             727
-# define GPG_ERR_LDAP_X_GENERAL             728
-# define GPG_ERR_LDAP_OTHER_GENERAL         729
-# define GPG_ERR_LDAP_X_CONNECTING          750
-# define GPG_ERR_LDAP_REFERRAL_LIMIT        751
-# define GPG_ERR_LDAP_CLIENT_LOOP           752
-# define GPG_ERR_LDAP_NO_RESULTS            754
-# define GPG_ERR_LDAP_CONTROL_NOT_FOUND     755
-# define GPG_ERR_LDAP_NOT_SUPPORTED         756
-# define GPG_ERR_LDAP_CONNECT               757
-# define GPG_ERR_LDAP_NO_MEMORY             758
-# define GPG_ERR_LDAP_PARAM                 759
-# define GPG_ERR_LDAP_USER_CANCELLED        760
-# define GPG_ERR_LDAP_FILTER                761
-# define GPG_ERR_LDAP_AUTH_UNKNOWN          762
-# define GPG_ERR_LDAP_TIMEOUT               763
-# define GPG_ERR_LDAP_DECODING              764
-# define GPG_ERR_LDAP_ENCODING              765
-# define GPG_ERR_LDAP_LOCAL                 766
-# define GPG_ERR_LDAP_SERVER_DOWN           767
-# define GPG_ERR_LDAP_SUCCESS               768
-# define GPG_ERR_LDAP_OPERATIONS            769
-# define GPG_ERR_LDAP_PROTOCOL              770
-# define GPG_ERR_LDAP_TIMELIMIT             771
-# define GPG_ERR_LDAP_SIZELIMIT             772
-# define GPG_ERR_LDAP_COMPARE_FALSE         773
-# define GPG_ERR_LDAP_COMPARE_TRUE          774
-# define GPG_ERR_LDAP_UNSUPPORTED_AUTH      775
-# define GPG_ERR_LDAP_STRONG_AUTH_RQRD      776
-# define GPG_ERR_LDAP_PARTIAL_RESULTS       777
-# define GPG_ERR_LDAP_REFERRAL              778
-# define GPG_ERR_LDAP_ADMINLIMIT            779
-# define GPG_ERR_LDAP_UNAVAIL_CRIT_EXTN     780
-# define GPG_ERR_LDAP_CONFIDENT_RQRD        781
-# define GPG_ERR_LDAP_SASL_BIND_INPROG      782
-# define GPG_ERR_LDAP_NO_SUCH_ATTRIBUTE     784
-# define GPG_ERR_LDAP_UNDEFINED_TYPE        785
-# define GPG_ERR_LDAP_BAD_MATCHING          786
-# define GPG_ERR_LDAP_CONST_VIOLATION       787
-# define GPG_ERR_LDAP_TYPE_VALUE_EXISTS     788
-# define GPG_ERR_LDAP_INV_SYNTAX            789
-# define GPG_ERR_LDAP_NO_SUCH_OBJ           800
-# define GPG_ERR_LDAP_ALIAS_PROBLEM         801
-# define GPG_ERR_LDAP_INV_DN_SYNTAX         802
-# define GPG_ERR_LDAP_IS_LEAF               803
-# define GPG_ERR_LDAP_ALIAS_DEREF           804
-# define GPG_ERR_LDAP_X_PROXY_AUTH_FAIL     815
-# define GPG_ERR_LDAP_BAD_AUTH              816
-# define GPG_ERR_LDAP_INV_CREDENTIALS       817
-# define GPG_ERR_LDAP_INSUFFICIENT_ACC      818
-# define GPG_ERR_LDAP_BUSY                  819
-# define GPG_ERR_LDAP_UNAVAILABLE           820
-# define GPG_ERR_LDAP_UNWILL_TO_PERFORM     821
-# define GPG_ERR_LDAP_LOOP_DETECT           822
-# define GPG_ERR_LDAP_NAMING_VIOLATION      832
-# define GPG_ERR_LDAP_OBJ_CLS_VIOLATION     833
-# define GPG_ERR_LDAP_NOT_ALLOW_NONLEAF     834
-# define GPG_ERR_LDAP_NOT_ALLOW_ON_RDN      835
-# define GPG_ERR_LDAP_ALREADY_EXISTS        836
-# define GPG_ERR_LDAP_NO_OBJ_CLASS_MODS     837
-# define GPG_ERR_LDAP_RESULTS_TOO_LARGE     838
-# define GPG_ERR_LDAP_AFFECTS_MULT_DSAS     839
-# define GPG_ERR_LDAP_VLV                   844
-# define GPG_ERR_LDAP_OTHER                 848
-# define GPG_ERR_LDAP_CUP_RESOURCE_LIMIT    881
-# define GPG_ERR_LDAP_CUP_SEC_VIOLATION     882
-# define GPG_ERR_LDAP_CUP_INV_DATA          883
-# define GPG_ERR_LDAP_CUP_UNSUP_SCHEME      884
-# define GPG_ERR_LDAP_CUP_RELOAD            885
-# define GPG_ERR_LDAP_CANCELLED             886
-# define GPG_ERR_LDAP_NO_SUCH_OPERATION     887
-# define GPG_ERR_LDAP_TOO_LATE              888
-# define GPG_ERR_LDAP_CANNOT_CANCEL         889
-# define GPG_ERR_LDAP_ASSERTION_FAILED      890
-# define GPG_ERR_LDAP_PROX_AUTH_DENIED      891
-#endif /*GPG_ERROR_VERSION_NUMBER < 0x011300*/
 
 /* Hash function used with libksba. */
 #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
 
 /* Get all the stuff from jnlib. */
-#include "../common/logging.h"
-#include "../common/argparse.h"
-#include "../common/stringhelp.h"
-#include "../common/mischelp.h"
-#include "../common/strlist.h"
-#include "../common/dotlock.h"
-#include "../common/utf8conv.h"
-#include "../common/dynload.h"
+#include "../jnlib/logging.h"
+#include "../jnlib/argparse.h"
+#include "../jnlib/stringhelp.h"
+#include "../jnlib/mischelp.h"
+#include "../jnlib/strlist.h"
+#include "../jnlib/dotlock.h"
+#include "../jnlib/utf8conv.h"
+#include "../jnlib/dynload.h"
 
-#include "gettime.h"
+#include "init.h"
 
 /* Redefine asprintf by our estream version which uses our own memory
    allocator..  */
-#define asprintf gpgrt_asprintf
-#define vasprintf gpgrt_vasprintf
-
-/* Due to a bug in mingw32's snprintf related to the 'l' modifier and
-   for increased portability we use our snprintf on all systems. */
-#undef snprintf
-#define snprintf gpgrt_snprintf
+#include "estream-printf.h"
+#define asprintf estream_asprintf
+#define vasprintf estream_vasprintf
+
+/* Due to a bug in mingw32's snprintf related to the 'l' modifier we
+   better use our snprintf.  */
+#ifdef HAVE_W32_SYSTEM
+#define snprintf estream_snprintf
+#endif
 
 
 /* GCC attributes.  */
-#ifndef GNUPG_GCC_ATTR_FORMAT_ARG
-#if __GNUC__ >= 3 /* Actually 2.8 but testing the major is easier.  */
-# define GNUPG_GCC_ATTR_FORMAT_ARG(a)  __attribute__ ((__format_arg__ (a)))
-#else
-# define GNUPG_GCC_ATTR_FORMAT_ARG(a)
-#endif
-#endif
-
 #if __GNUC__ >= 4
 # define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a)))
 #else
 # define GNUPG_GCC_A_SENTINEL(a)
 #endif
 
-#if __GNUC__ >= 4
-# define GNUPG_GCC_A_USED __attribute__ ((used))
-#else
-# define GNUPG_GCC_A_USED
-#endif
-
 
 /* We need this type even if we are not using libreadline and or we
    did not include libreadline in the current file. */
@@ -189,7 +77,6 @@
 #define xtryrealloc(a,b) gcry_realloc ((a),(b))
 #define xtrystrdup(a)    gcry_strdup ((a))
 #define xfree(a)         gcry_free ((a))
-#define xfree_fnc        gcry_free
 
 #define xmalloc(a)       gcry_xmalloc ((a))
 #define xmalloc_secure(a)  gcry_xmalloc_secure ((a))
@@ -202,12 +89,6 @@
 #define xmalloc_clear(a) gcry_xcalloc (1, (a))
 #define xmalloc_secure_clear(a) gcry_xcalloc_secure (1, (a))
 
-/* The default error source of the application.  This is different
-   from GPG_ERR_SOURCE_DEFAULT in that it does not depend on the
-   source file and thus is usable in code shared by applications.
-   Defined by init.c.  */
-extern gpg_err_source_t default_errsource;
-
 /* Convenience function to return a gpg-error code for memory
    allocation failures.  This function makes sure that an error will
    be returned even if accidently ERRNO is not set.  */
@@ -217,9 +98,50 @@
   return gpg_error_from_syserror ();
 }
 
+/* A type to hold the ISO time.  Note that this this is the same as
+   the the KSBA type ksba_isotime_t. */
+typedef char gnupg_isotime_t[16];
+
+
+/*-- gettime.c --*/
+time_t gnupg_get_time (void);
+void   gnupg_get_isotime (gnupg_isotime_t timebuf);
+void   gnupg_set_time (time_t newtime, int freeze);
+int    gnupg_faked_time_p (void);
+u32    make_timestamp (void);
+u32    scan_isodatestr (const char *string);
+time_t isotime2epoch (const char *string);
+void   epoch2isotime (gnupg_isotime_t timebuf, time_t atime);
+u32    add_days_to_timestamp (u32 stamp, u16 days);
+const char *strtimevalue (u32 stamp);
+const char *strtimestamp (u32 stamp); /* GMT */
+const char *isotimestamp (u32 stamp); /* GMT */
+const char *asctimestamp (u32 stamp); /* localized */
+gpg_error_t add_seconds_to_isotime (gnupg_isotime_t atime, int nseconds);
+gpg_error_t add_days_to_isotime (gnupg_isotime_t atime, int ndays);
+gpg_error_t check_isotime (const gnupg_isotime_t atime);
+void dump_isotime (const gnupg_isotime_t atime);
+
+/* Copy one ISO date to another, this is inline so that we can do a
+   minimal sanity check.  A null date (empty string) is allowed.  */
+static inline void
+gnupg_copy_time (gnupg_isotime_t d, const gnupg_isotime_t s)
+{
+  if (*s)
+    {
+      if ((strlen (s) != 15 || s[8] != 'T'))
+        BUG();
+      memcpy (d, s, 15);
+      d[15] = 0;
+    }
+  else
+    *d = 0;
+}
+
 
 /*-- signal.c --*/
 void gnupg_init_signals (int mode, void (*fast_cleanup)(void));
+void gnupg_pause_on_sigusr (int which);
 void gnupg_block_all_signals (void);
 void gnupg_unblock_all_signals (void);
 
@@ -242,18 +164,14 @@
   int idx;
   int quad_count;
   FILE *fp;
-  estream_t stream;
   char *title;
   unsigned char radbuf[4];
   u32 crc;
   int stop_seen:1;
   int invalid_encoding:1;
-  gpg_error_t lasterr;
 };
 
 gpg_error_t b64enc_start (struct b64state *state, FILE *fp, const char *title);
-gpg_error_t b64enc_start_es (struct b64state *state, estream_t fp,
-                             const char *title);
 gpg_error_t b64enc_write (struct b64state *state,
                           const void *buffer, size_t nbytes);
 gpg_error_t b64enc_finish (struct b64state *state);
@@ -269,15 +187,8 @@
 
 
 /*-- sexputil.c */
-char *canon_sexp_to_string (const unsigned char *canon, size_t canonlen);
-void log_printcanon (const char *text,
-                     const unsigned char *sexp, size_t sexplen);
-void log_printsexp (const char *text, gcry_sexp_t sexp);
-
 gpg_error_t make_canon_sexp (gcry_sexp_t sexp,
                              unsigned char **r_buffer, size_t *r_buflen);
-gpg_error_t make_canon_sexp_pad (gcry_sexp_t sexp, int secure,
-                                 unsigned char **r_buffer, size_t *r_buflen);
 gpg_error_t keygrip_from_canon_sexp (const unsigned char *key, size_t keylen,
                                      unsigned char *grip);
 int cmp_simple_canon_sexp (const unsigned char *a, const unsigned char *b);
@@ -295,7 +206,7 @@
                                         size_t *r_elen);
 gpg_error_t get_pk_algo_from_canon_sexp (const unsigned char *keydata,
                                          size_t keydatalen,
-                                         const char **r_algo);
+                                         int *r_algo);
 
 /*-- convert.c --*/
 int hex2bin (const char *string, void *buffer, size_t length);
@@ -314,15 +225,6 @@
 size_t percent_plus_unescape_inplace (char *string, int nulrepl);
 size_t percent_unescape_inplace (char *string, int nulrepl);
 
-/*-- openpgp-oid.c --*/
-gpg_error_t openpgp_oid_from_str (const char *string, gcry_mpi_t *r_mpi);
-char *openpgp_oid_to_str (gcry_mpi_t a);
-int openpgp_oid_is_ed25519 (gcry_mpi_t a);
-const char *openpgp_curve_to_oid (const char *name, unsigned int *r_nbits);
-const char *openpgp_oid_to_curve (const char *oid);
-const char *openpgp_enum_curves (int *idxp);
-
-
 
 /*-- homedir.c --*/
 const char *standard_homedir (void);
@@ -333,9 +235,7 @@
 const char *gnupg_libdir (void);
 const char *gnupg_datadir (void);
 const char *gnupg_localedir (void);
-const char *gnupg_cachedir (void);
-const char *dirmngr_sys_socket_name (void);
-const char *dirmngr_user_socket_name (void);
+const char *dirmngr_socket_name (void);
 
 /* All module names.  We also include gpg and gpgsm for the sake for
    gpgconf. */
@@ -349,9 +249,7 @@
 #define GNUPG_MODULE_NAME_GPG           8
 #define GNUPG_MODULE_NAME_CONNECT_AGENT 9
 #define GNUPG_MODULE_NAME_GPGCONF       10
-#define GNUPG_MODULE_NAME_DIRMNGR_LDAP  11
 const char *gnupg_module_name (int which);
-void gnupg_module_name_flush_some (void);
 
 
 
@@ -371,22 +269,15 @@
 void setup_libgcrypt_logging (void);
 
 /* Same as estream_asprintf but die on memory failure.  */
-char *xasprintf (const char *fmt, ...) GPGRT_GCC_A_PRINTF(1,2);
+char *xasprintf (const char *fmt, ...) JNLIB_GCC_A_PRINTF(1,2);
 /* This is now an alias to estream_asprintf.  */
-char *xtryasprintf (const char *fmt, ...) GPGRT_GCC_A_PRINTF(1,2);
-
-/* Replacement for gcry_cipher_algo_name.  */
-const char *gnupg_cipher_algo_name (int algo);
-
-void obsolete_option (const char *configname, unsigned int configlineno,
-                      const char *name);
+char *xtryasprintf (const char *fmt, ...) JNLIB_GCC_A_PRINTF(1,2);
 
 const char *print_fname_stdout (const char *s);
 const char *print_fname_stdin (const char *s);
-void print_utf8_buffer3 (estream_t fp, const void *p, size_t n,
-                         const char *delim);
-void print_utf8_buffer2 (estream_t fp, const void *p, size_t n, int delim);
-void print_utf8_buffer (estream_t fp, const void *p, size_t n);
+void print_string (FILE *fp, const byte *p, size_t n, int delim);
+void print_utf8_string2 ( FILE *fp, const byte *p, size_t n, int delim);
+void print_utf8_string (FILE *fp, const byte *p, size_t n);
 void print_hexstring (FILE *fp, const void *buffer, size_t length,
                       int reserved);
 char *make_printable_string (const void *p, size_t n, int delim);
@@ -395,46 +286,17 @@
 
 int match_multistr (const char *multistr,const char *match);
 
-int gnupg_compare_version (const char *a, const char *b);
-
-struct debug_flags_s
-{
-  unsigned int flag;
-  const char *name;
-};
-int parse_debug_flag (const char *string, unsigned int *debugvar,
-                      const struct debug_flags_s *flags);
-
 
 /*-- Simple replacement functions. */
-
-/* We use the gnupg_ttyname macro to be safe not to run into conflicts
-   which an extisting but broken ttyname.  */
-#if !defined(HAVE_TTYNAME) || defined(HAVE_BROKEN_TTYNAME)
-# define gnupg_ttyname(n) _gnupg_ttyname ((n))
+#ifndef HAVE_TTYNAME
 /* Systems without ttyname (W32) will merely return NULL. */
 static inline char *
-_gnupg_ttyname (int fd)
+ttyname (int fd)
 {
   (void)fd;
   return NULL;
 }
-#else /*HAVE_TTYNAME*/
-# define gnupg_ttyname(n) ttyname ((n))
-#endif /*HAVE_TTYNAME */
-
-#ifdef HAVE_W32CE_SYSTEM
-#define getpid() GetCurrentProcessId ()
-char *_gnupg_getenv (const char *name); /* See sysutils.c */
-#define getenv(a)  _gnupg_getenv ((a))
-char *_gnupg_setenv (const char *name); /* See sysutils.c */
-#define setenv(a,b,c)  _gnupg_setenv ((a),(b),(c))
-int _gnupg_isatty (int fd);
-#define gnupg_isatty(a)  _gnupg_isatty ((a))
-#else
-#define gnupg_isatty(a)  isatty ((a))
-#endif
-
+#endif /* !HAVE_TTYNAME */
 
 
 /*-- Macros to replace ctype ones to avoid locale problems. --*/
diff -Nru gnupg2-2.1.6/common/w32-afunix.c gnupg2-2.0.28/common/w32-afunix.c
--- gnupg2-2.1.6/common/w32-afunix.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/w32-afunix.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,148 +0,0 @@
-/* w32-afunix.c - AF_UNIX emulation for Windows (Client only).
- * Copyright (C) 2004, 2006 g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-/* Use of this code is deprecated - you better use the socket wrappers
-   from libassuan. */
-
-#ifdef _WIN32
-#include 
-#include 
-#define WIN32_LEAN_AND_MEAN
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "w32-afunix.h"
-
-
-
-/* The buffer for NONCE needs to be at least 16 bytes.  Returns 0 on
-   success. */
-static int
-read_port_and_nonce (const char *fname, unsigned short *port, char *nonce)
-{
-  FILE *fp;
-  char buffer[50], *p;
-  size_t nread;
-  int aval;
-
-  fp = fopen (fname, "rb");
-  if (!fp)
-    return -1;
-  nread = fread (buffer, 1, sizeof buffer - 1, fp);
-  fclose (fp);
-  if (!nread)
-    {
-      gpg_err_set_errno (EIO);
-      return -1;
-    }
-  buffer[nread] = 0;
-  aval = atoi (buffer);
-  if (aval < 1 || aval > 65535)
-    {
-      gpg_err_set_errno (EINVAL);
-      return -1;
-    }
-  *port = (unsigned int)aval;
-  for (p=buffer; nread && *p != '\n'; p++, nread--)
-    ;
-  if (*p != '\n' || nread != 17)
-    {
-      gpg_err_set_errno (EINVAL);
-      return -1;
-    }
-  p++; nread--;
-  memcpy (nonce, p, 16);
-  return 0;
-}
-
-
-
-int
-_w32_close (int fd)
-{
-  int rc = closesocket (fd);
-  if (rc && WSAGetLastError () == WSAENOTSOCK)
-      rc = close (fd);
-  return rc;
-}
-
-
-int
-_w32_sock_new (int domain, int type, int proto)
-{
-  if (domain == AF_UNIX || domain == AF_LOCAL)
-    domain = AF_INET;
-  return socket (domain, type, proto);
-}
-
-
-int
-_w32_sock_connect (int sockfd, struct sockaddr *addr, int addrlen)
-{
-  struct sockaddr_in myaddr;
-  struct sockaddr_un *unaddr;
-  unsigned short port;
-  char nonce[16];
-  int ret;
-
-  (void)addrlen;
-
-  unaddr = (struct sockaddr_un *)addr;
-  if (read_port_and_nonce (unaddr->sun_path, &port, nonce))
-    return -1;
-
-  myaddr.sin_family = AF_INET;
-  myaddr.sin_port = htons (port);
-  myaddr.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
-
-  /* Set return values.  */
-  unaddr->sun_family = myaddr.sin_family;
-  unaddr->sun_port = myaddr.sin_port;
-  unaddr->sun_addr.s_addr = myaddr.sin_addr.s_addr;
-
-  ret = connect (sockfd, (struct sockaddr *)&myaddr, sizeof myaddr);
-  if (!ret)
-    {
-      /* Send the nonce. */
-      ret = send (sockfd, nonce, 16, 0);
-      if (ret >= 0 && ret != 16)
-        {
-          gpg_err_set_errno (EIO);
-          ret = -1;
-        }
-    }
-  return ret;
-}
-
-
-#endif /*_WIN32*/
diff -Nru gnupg2-2.1.6/common/w32-afunix.h gnupg2-2.0.28/common/w32-afunix.h
--- gnupg2-2.1.6/common/w32-afunix.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/w32-afunix.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,63 +0,0 @@
-/* w32-afunix.h - AF_UNIX emulation for Windows
- *	Copyright (C) 2004, 2006 g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifdef _WIN32
-#ifndef W32AFUNIX_DEFS_H
-#define W32AFUNIX_DEFS_H
-
-#include 
-#include 
-#include 
-#include 
-
-/* We can easiliy replace this code by the socket wrappers from libassuan.  */
-#warning Please do not use this module anymore
-
-#define DIRSEP_C '\\'
-
-#define AF_LOCAL AF_UNIX
-/* We need to prefix the structure with a sockaddr_in header so we can
-   use it later for sendto and recvfrom. */
-struct sockaddr_un
-{
-  short          sun_family;
-  unsigned short sun_port;
-  struct         in_addr sun_addr;
-  char           sun_path[108-2-4]; /* Path name.  */
-};
-
-
-int _w32_close (int fd);
-int _w32_sock_new (int domain, int type, int proto);
-int _w32_sock_connect (int sockfd, struct sockaddr *addr, int addrlen);
-
-
-#endif /*W32AFUNIX_DEFS_H*/
-#endif /*_WIN32*/
diff -Nru gnupg2-2.1.6/common/w32help.h gnupg2-2.0.28/common/w32help.h
--- gnupg2-2.1.6/common/w32help.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/w32help.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,56 +0,0 @@
-/* w32help.h - W32 speicif functions
- * Copyright (C) 2007  Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifndef GNUPG_COMMON_W32HELP_H
-#define GNUPG_COMMON_W32HELP_H
-#ifdef HAVE_W32_SYSTEM
-
-/*-- w32-reg.c --*/
-char *read_w32_registry_string (const char *root,
-				const char *dir, const char *name );
-
-/* Other stuff.  */
-#ifdef HAVE_W32CE_SYSTEM
-/* Setmode is missing in cegcc but available since CE 5.0.  */
-int _setmode (int handle, int mode);
-# define setmode(a,b)   _setmode ((a),(b))
-
-static inline int
-umask (int a)
-{
-  (void)a;
-  return 0;
-}
-
-
-#endif /*HAVE_W32CE_SYSTEM*/
-
-#endif /*HAVE_W32_SYSTEM*/
-#endif /*GNUPG_COMMON_MISCHELP_H*/
diff -Nru gnupg2-2.1.6/common/w32info-rc.h.in gnupg2-2.0.28/common/w32info-rc.h.in
--- gnupg2-2.1.6/common/w32info-rc.h.in	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/w32info-rc.h.in	2015-06-02 08:13:55.000000000 +0000
@@ -17,7 +17,7 @@
 GNU General Public License as published by the Free Software Foundation; \
 either version 3 of the License, or (at your option) any later version.\0"
 
-#define W32INFO_COMPANYNAME "The GnuPG Project\0"
+#define W32INFO_COMPANYNAME "g10 Code GmbH\0"
 
 #define W32INFO_VI_FILEVERSION    @BUILD_FILEVERSION@
 #define W32INFO_VI_PRODUCTVERSION @BUILD_FILEVERSION@
@@ -29,4 +29,4 @@
 #define W32INFO_PRODUCTVERSION "@VERSION@\0"
 
 #define W32INFO_LEGALCOPYRIGHT "Copyright \xa9 \
-2015 Free Software Foundation, Inc.\0"
+2013 Free Software Foundation, Inc.\0"
diff -Nru gnupg2-2.1.6/common/w32-reg.c gnupg2-2.0.28/common/w32-reg.c
--- gnupg2-2.1.6/common/w32-reg.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/w32-reg.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,230 +0,0 @@
-/* w32-reg.c -  MS-Windows Registry access
- * Copyright (C) 1999, 2002, 2007 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * GnuPG is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#include 
-#ifdef HAVE_W32_SYSTEM
- /* This module is only used in this environment */
-
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_WINSOCK2_H
-# include 
-#endif
-#include 
-
-#include "util.h"
-#include "common-defs.h"
-#include "utf8conv.h"
-#include "w32help.h"
-
-
-static HKEY
-get_root_key(const char *root)
-{
-  HKEY root_key;
-
-  if (!root)
-    root_key = HKEY_CURRENT_USER;
-  else if (!strcmp( root, "HKEY_CLASSES_ROOT" ) )
-    root_key = HKEY_CLASSES_ROOT;
-  else if (!strcmp( root, "HKEY_CURRENT_USER" ) )
-    root_key = HKEY_CURRENT_USER;
-  else if (!strcmp( root, "HKEY_LOCAL_MACHINE" ) )
-    root_key = HKEY_LOCAL_MACHINE;
-  else if (!strcmp( root, "HKEY_USERS" ) )
-    root_key = HKEY_USERS;
-  else if (!strcmp( root, "HKEY_PERFORMANCE_DATA" ) )
-    root_key = HKEY_PERFORMANCE_DATA;
-  else if (!strcmp( root, "HKEY_CURRENT_CONFIG" ) )
-    root_key = HKEY_CURRENT_CONFIG;
-  else
-    return NULL;
-
-  return root_key;
-}
-
-
-/* Return a string from the Win32 Registry or NULL in case of error.
-   Caller must release the return value.  A NULL for root is an alias
-   for HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE in turn.  */
-char *
-read_w32_registry_string (const char *root, const char *dir, const char *name)
-{
-#ifdef HAVE_W32CE_SYSTEM
-  HKEY root_key, key_handle;
-  DWORD n1, nbytes, type;
-  char *result = NULL;
-  wchar_t *wdir, *wname;
-
-  if ( !(root_key = get_root_key(root) ) )
-    return NULL;
-
-  wdir = utf8_to_wchar (dir);
-  if (!wdir)
-    return NULL;
-
-  if (RegOpenKeyEx (root_key, wdir, 0, KEY_READ, &key_handle) )
-    {
-      if (root)
-        {
-          xfree (wdir);
-          return NULL; /* No need for a RegClose, so return immediately. */
-        }
-      /* It seems to be common practise to fall back to HKLM. */
-      if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, wdir, 0, KEY_READ, &key_handle) )
-        {
-          xfree (wdir);
-          return NULL; /* Still no need for a RegClose. */
-        }
-    }
-  xfree (wdir);
-
-  if (name)
-    {
-      wname = utf8_to_wchar (name);
-      if (!wname)
-        goto leave;
-    }
-  else
-    wname = NULL;
-
-  nbytes = 2;
-  if (RegQueryValueEx (key_handle, wname, 0, NULL, NULL, &nbytes))
-    goto leave;
-  result = xtrymalloc ((n1=nbytes+2));
-  if (!result)
-    goto leave;
-  if (RegQueryValueEx (key_handle, wname, 0, &type, result, &n1))
-    {
-      xfree (result);
-      result = NULL;
-      goto leave;
-    }
-  result[nbytes] = 0;   /* Make sure it is a string.  */
-  result[nbytes+1] = 0;
-  if (type == REG_SZ || type == REG_EXPAND_SZ)
-    {
-      wchar_t *tmp = (void*)result;
-      result = wchar_to_utf8 (tmp);
-      xfree (tmp);
-    }
-
- leave:
-  xfree (wname);
-  RegCloseKey (key_handle);
-  return result;
-#else /*!HAVE_W32CE_SYSTEM*/
-  HKEY root_key, key_handle;
-  DWORD n1, nbytes, type;
-  char *result = NULL;
-
-  if ( !(root_key = get_root_key(root) ) )
-    return NULL;
-
-  if (RegOpenKeyEx (root_key, dir, 0, KEY_READ, &key_handle) )
-    {
-      if (root)
-        return NULL; /* No need for a RegClose, so return immediately. */
-      /* It seems to be common practise to fall back to HKLM. */
-      if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, dir, 0, KEY_READ, &key_handle) )
-        return NULL; /* Still no need for a RegClose. */
-    }
-
-  nbytes = 1;
-  if (RegQueryValueEx( key_handle, name, 0, NULL, NULL, &nbytes ) )
-    goto leave;
-  result = xtrymalloc ((n1=nbytes+1));
-  if (!result)
-    goto leave;
-  if (RegQueryValueEx( key_handle, name, 0, &type, result, &n1 ))
-    {
-      xfree (result);
-      result = NULL;
-      goto leave;
-    }
-  result[nbytes] = 0; /* Make sure it is a string.  */
-  if (type == REG_EXPAND_SZ && strchr (result, '%'))
-    {
-      char *tmp;
-
-      n1 += 1000;
-      tmp = xtrymalloc (n1+1);
-      if (!tmp)
-        goto leave;
-      nbytes = ExpandEnvironmentStrings (result, tmp, n1);
-      if (nbytes && nbytes > n1)
-        {
-          xfree (tmp);
-          n1 = nbytes;
-          tmp = xtrymalloc (n1 + 1);
-          if (!tmp)
-            goto leave;
-          nbytes = ExpandEnvironmentStrings (result, tmp, n1);
-          if (nbytes && nbytes > n1)
-            {
-              /* Oops - truncated, better don't expand at all.  */
-              xfree (tmp);
-              goto leave;
-            }
-          tmp[nbytes] = 0;
-          xfree (result);
-          result = tmp;
-        }
-      else if (nbytes)
-        {
-          /* Okay, reduce the length.  */
-          tmp[nbytes] = 0;
-          xfree (result);
-          result = xtrymalloc (strlen (tmp)+1);
-          if (!result)
-            result = tmp;
-            else
-              {
-                strcpy (result, tmp);
-                xfree (tmp);
-              }
-        }
-      else
-        {
-          /* Error - don't expand.  */
-          xfree (tmp);
-        }
-    }
-
- leave:
-  RegCloseKey (key_handle);
-  return result;
-#endif /*!HAVE_W32CE_SYSTEM*/
-}
-
-
-#endif /*HAVE_W32_SYSTEM*/
diff -Nru gnupg2-2.1.6/common/xasprintf.c gnupg2-2.0.28/common/xasprintf.c
--- gnupg2-2.1.6/common/xasprintf.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/xasprintf.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -32,14 +22,16 @@
 #include 
 
 #include "util.h"
+#include "iobuf.h"
+#include "estream-printf.h"
+
+#if !defined(_ESTREAM_PRINTF_MALLOC) || !defined(_ESTREAM_PRINTF_FREE)
+#error Need to define ESTREAM_PRINTF_MALLOC and _FREE
+#endif
 
 /* Same as asprintf but return an allocated buffer suitable to be
    freed using xfree.  This function simply dies on memory failure,
-   thus no extra check is required.
-
-   FIXME: We should remove these functions in favor of gpgrt_bsprintf
-   and a xgpgrt_bsprintf or rename them to xbsprintf and
-   xtrybsprintf.  */
+   thus no extra check is required. */
 char *
 xasprintf (const char *fmt, ...)
 {
@@ -47,7 +39,7 @@
   char *buf;
 
   va_start (ap, fmt);
-  if (gpgrt_vasprintf (&buf, fmt, ap) < 0)
+  if (estream_vasprintf (&buf, fmt, ap) < 0)
     log_fatal ("estream_asprintf failed: %s\n", strerror (errno));
   va_end (ap);
   return buf;
@@ -62,7 +54,7 @@
   char *buf;
 
   va_start (ap, fmt);
-  rc = gpgrt_vasprintf (&buf, fmt, ap);
+  rc = estream_vasprintf (&buf, fmt, ap);
   va_end (ap);
   if (rc < 0)
     return NULL;
diff -Nru gnupg2-2.1.6/common/xreadline.c gnupg2-2.0.28/common/xreadline.c
--- gnupg2-2.1.6/common/xreadline.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/common/xreadline.c	2015-06-02 08:13:55.000000000 +0000
@@ -3,22 +3,12 @@
  *
  * This file is part of GnuPG.
  *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
  *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
+ * GnuPG is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -40,7 +30,7 @@
    considered a byte stream ending in a LF.
 
    If MAX_LENGTH is not NULL, it shall point to a value with the
-   maximum allowed allocation.
+   maximum allowed allocation.  
 
    Returns the length of the line. EOF is indicated by a line of
    length zero. A truncated line is indicated by setting the value at
@@ -55,7 +45,7 @@
    append a CR,LF,Nul
  */
 ssize_t
-read_line (FILE *fp,
+read_line (FILE *fp, 
            char **addr_of_buffer, size_t *length_of_buffer,
            size_t *max_length)
 {
@@ -104,16 +94,16 @@
           if (!*addr_of_buffer)
             {
               int save_errno = errno;
-              xfree (buffer);
+              xfree (buffer); 
               *length_of_buffer = 0;
               if (max_length)
                 *max_length = 0;
-              gpg_err_set_errno (save_errno);
+              errno = save_errno;
               return -1;
             }
           buffer = *addr_of_buffer;
           *length_of_buffer = length;
-          length -= 3;
+          length -= 3; 
           p = buffer + nbytes;
 	}
       *p++ = c;
diff -Nru gnupg2-2.1.6/common/yesno.c gnupg2-2.0.28/common/yesno.c
--- gnupg2-2.1.6/common/yesno.c	2015-06-30 20:19:02.000000000 +0000
+++ gnupg2-2.0.28/common/yesno.c	2015-06-02 08:13:55.000000000 +0000
@@ -104,7 +104,7 @@
 }
 
 /*
-   Return 1 for okay, 0 for for cancel or DEF_ANSWER for default.
+   Return 1 for okay, 0 for for cancel or DEF_ANSWER for default. 
  */
 int
 answer_is_okay_cancel (const char *s, int def_answer)
@@ -115,7 +115,7 @@
   const char *long_cancel = _("cancel|cancel");
   const char *short_okay = _("oO");
   const char *short_cancel = _("cC");
-
+  
   /* Note: We have to use the locale dependent compare. */
   if ( match_multistr(long_okay,s) )
     return 1;
@@ -138,3 +138,4 @@
     return 0;
   return def_answer;
 }
+
diff -Nru gnupg2-2.1.6/config.h.in gnupg2-2.0.28/config.h.in
--- gnupg2-2.1.6/config.h.in	2015-06-17 10:47:07.000000000 +0000
+++ gnupg2-2.0.28/config.h.in	2015-06-02 08:37:25.000000000 +0000
@@ -5,47 +5,49 @@
 #define GNUPG_CONFIG_H_INCLUDED
 
 
+/* Define this to an absolute name of . */
+#undef ABSOLUTE_STDINT_H
+
 /* Defined if the host has big endian byte ordering */
 #undef BIG_ENDIAN_HOST
 
 /* an Apple OSXism */
 #undef BIND_8_COMPAT
 
-/* GIT commit id revision used to build this package */
-#undef BUILD_REVISION
-
-/* The time this package was configured for a build */
-#undef BUILD_TIMESTAMP
+/* Define to the number of bits in type 'ptrdiff_t'. */
+#undef BITSIZEOF_PTRDIFF_T
 
-/* Defined if GPG-AGENT is to be build */
-#undef BUILD_WITH_AGENT
+/* Define to the number of bits in type 'sig_atomic_t'. */
+#undef BITSIZEOF_SIG_ATOMIC_T
 
-/* Defined if SCDAEMON is to be build */
-#undef BUILD_WITH_DIRMNGR
+/* Define to the number of bits in type 'size_t'. */
+#undef BITSIZEOF_SIZE_T
 
-/* Defined if G13 is to be build */
-#undef BUILD_WITH_G13
+/* Define to the number of bits in type 'wchar_t'. */
+#undef BITSIZEOF_WCHAR_T
 
-/* Defined if GPG is to be build */
-#undef BUILD_WITH_GPG
+/* Define to the number of bits in type 'wint_t'. */
+#undef BITSIZEOF_WINT_T
 
-/* Defined if GPGSM is to be build */
-#undef BUILD_WITH_GPGSM
+/* GIT commit id revision used to build this package */
+#undef BUILD_REVISION
 
-/* Defined if SCDAEMON is to be build */
-#undef BUILD_WITH_SCDAEMON
+/* The time this package was configured for a build */
+#undef BUILD_TIMESTAMP
 
-/* The displayed name of dirmngr */
-#undef DIRMNGR_DISP_NAME
+/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
+   systems. This function is required for `alloca.c' support on those systems.
+   */
+#undef CRAY_STACKSEG_END
 
-/* The name of the dirmngr info envvar */
-#undef DIRMNGR_INFO_NAME
+/* Define to 1 if using `alloca.c'. */
+#undef C_ALLOCA
 
-/* The name of the dirmngr */
-#undef DIRMNGR_NAME
+/* define to disable keyserver helpers */
+#undef DISABLE_KEYSERVER_HELPERS
 
-/* The name of the dirmngr socket */
-#undef DIRMNGR_SOCK_NAME
+/* Defined to disable exec-path for keyserver helpers */
+#undef DISABLE_KEYSERVER_PATH
 
 /* define to disable photo viewing */
 #undef DISABLE_PHOTO_VIEWER
@@ -53,9 +55,6 @@
 /* Define to disable regular expression support */
 #undef DISABLE_REGEX
 
-/* Define to include smartcard support */
-#undef ENABLE_CARD_SUPPORT
-
 /* Define to 1 if translation of program messages to the user's native
    language is requested. */
 #undef ENABLE_NLS
@@ -63,147 +62,38 @@
 /* Define to enable SELinux support */
 #undef ENABLE_SELINUX_HACKS
 
-/* defines the filename of the encfs program */
-#undef ENCFS
-
 /* The executable file extension, if any */
 #undef EXEEXT
 
 /* if set, restrict photo-viewer to this */
 #undef FIXED_PHOTO_VIEWER
 
-/* defines the filename of the fusermount program */
-#undef FUSERMOUNT
-
-/* The displayed name of g13 */
-#undef G13_DISP_NAME
-
-/* The name of the g13 tool */
-#undef G13_NAME
-
-/* version of the libassuan library */
+/* version of the libbassuan library */
 #undef GNUPG_LIBASSUAN_VERSION
 
-/* The name of the project */
-#undef GNUPG_NAME
-
-/* The directory part of the W32 registry keys */
-#undef GNUPG_REGISTRY_DIR
-
-/* The displayed name of gpgconf */
-#undef GPGCONF_DISP_NAME
-
-/* The name of the gpgconf tool */
-#undef GPGCONF_NAME
-
-/* The standard binary file suffix */
-#undef GPGEXT_GPG
-
-/* The displayed name of gpgsm */
-#undef GPGSM_DISP_NAME
-
-/* The name of the S/MIME tool */
-#undef GPGSM_NAME
-
-/* The name of the gpgtar tool */
-#undef GPGTAR_NAME
-
-/* The displayed name of gpg-agent */
-#undef GPG_AGENT_DISP_NAME
-
-/* The name of the agent */
-#undef GPG_AGENT_NAME
-
-/* The name of the agent socket */
-#undef GPG_AGENT_SOCK_NAME
-
-/* The name of the agent socket for ssh */
-#undef GPG_AGENT_SSH_SOCK_NAME
-
-/* The displayed name of gpg */
-#undef GPG_DISP_NAME
-
-/* The name of the OpenPGP tool */
-#undef GPG_NAME
-
-/* Define to support the AES128 cipher */
-#undef GPG_USE_AES128
-
-/* Define to support the AES192 cipher */
-#undef GPG_USE_AES192
-
-/* Define to support the AES256 cipher */
-#undef GPG_USE_AES256
-
-/* Define to support the BLOWFISH cipher */
-#undef GPG_USE_BLOWFISH
-
-/* Define to support the CAMELLIA128 cipher */
-#undef GPG_USE_CAMELLIA128
-
-/* Define to support the CAMELLIA192 cipher */
-#undef GPG_USE_CAMELLIA192
-
-/* Define to support the CAMELLIA256 cipher */
-#undef GPG_USE_CAMELLIA256
-
-/* Define to support the CAST5 cipher */
-#undef GPG_USE_CAST5
-
-/* Define to support the ECDH public key */
-#undef GPG_USE_ECDH
-
-/* Define to support the ECDSA public key */
-#undef GPG_USE_ECDSA
-
-/* Define to support the EdDSA public key */
-#undef GPG_USE_EDDSA
-
-/* Define to support the IDEA cipher */
-#undef GPG_USE_IDEA
-
-/* Define to support the MD5 hash */
-#undef GPG_USE_MD5
-
-/* Define to support the RIPE-MD160 hash */
-#undef GPG_USE_RMD160
-
-/* Define to support the RSA public key */
-#undef GPG_USE_RSA
-
-/* Define to support the SHA-224 hash */
-#undef GPG_USE_SHA224
-
-/* Define to support the SHA-384 hash */
-#undef GPG_USE_SHA384
-
-/* Define to support the SHA-512 hash */
-#undef GPG_USE_SHA512
-
-/* Define to support the TWOFISH cipher */
-#undef GPG_USE_TWOFISH
+/* Define to 1 if you have the `adns_free' function. */
+#undef HAVE_ADNS_FREE
 
 /* Define to 1 if you have the  header file. */
 #undef HAVE_ADNS_H
 
-/* Defined if we build for an Android system */
-#undef HAVE_ANDROID_SYSTEM
+/* Define to 1 if you have `alloca' after including , a header that
+   may be supplied by this distribution. */
+#undef HAVE_ALLOCA
+
+/* Define HAVE_ALLOCA_H for backward compatibility with older code that
+   includes  only if HAVE_ALLOCA_H is defined. */
+#undef HAVE_ALLOCA_H
 
 /* Define to 1 if you have the `atexit' function. */
 #undef HAVE_ATEXIT
 
-/* Defined if ttyname does not work properly */
-#undef HAVE_BROKEN_TTYNAME
-
 /* Defined if a `byte' is typedef'd */
 #undef HAVE_BYTE_TYPEDEF
 
 /* Defined if the bz2 compression library is available */
 #undef HAVE_BZIP2
 
-/* Define to 1 if you have the `canonicalize_file_name' function. */
-#undef HAVE_CANONICALIZE_FILE_NAME
-
 /* Define to 1 if you have the Mac OS X function CFLocaleCopyCurrent in the
    CoreFoundation framework. */
 #undef HAVE_CFLOCALECOPYCURRENT
@@ -237,13 +127,15 @@
 #undef HAVE_DOPRNT
 
 /* Defined if we run on some of the PCDOS like systems (DOS, Windoze. OS/2)
-   with special properties like no file modes, case insensitive file names and
-   preferred use of backslashes as directory name separators. */
+   with special properties like no file modes */
 #undef HAVE_DOSISH_SYSTEM
 
-/* Defined if the OS supports drive letters. */
+/* defined if we must run on a stupid file system */
 #undef HAVE_DRIVE_LETTERS
 
+/* Define if you have the declaration of environ. */
+#undef HAVE_ENVIRON_DECL
+
 /* Define to 1 if you have the `fcntl' function. */
 #undef HAVE_FCNTL
 
@@ -277,9 +169,6 @@
 /* Define to 1 if you have the `getaddrinfo' function. */
 #undef HAVE_GETADDRINFO
 
-/* Define to 1 if you have the `getenv' function. */
-#undef HAVE_GETENV
-
 /* Define to 1 if you have the  header file. */
 #undef HAVE_GETOPT_H
 
@@ -313,8 +202,8 @@
 /* Define to 1 if you have the `inet_ntop' function. */
 #undef HAVE_INET_NTOP
 
-/* Define to 1 if you have the `inet_pton' function. */
-#undef HAVE_INET_PTON
+/* Define to 1 if the system has the type `intmax_t'. */
+#undef HAVE_INTMAX_T
 
 /* Define to 1 if you have the  header file. */
 #undef HAVE_INTTYPES_H
@@ -328,8 +217,8 @@
 /* Define to 1 if you have the  header file. */
 #undef HAVE_LANGINFO_H
 
-/* defined if liblber is available */
-#undef HAVE_LBER
+/* Define if you have  and nl_langinfo(THOUSANDS_SEP). */
+#undef HAVE_LANGINFO_THOUSANDS_SEP
 
 /* Define if your  file defines LC_MESSAGES. */
 #undef HAVE_LC_MESSAGES
@@ -349,6 +238,9 @@
 /* Define to 1 if you have the `ldap_start_tls_sA' function. */
 #undef HAVE_LDAP_START_TLS_SA
 
+/* Define to 1 if you have a functional curl library. */
+#undef HAVE_LIBCURL
+
 /* Define to 1 if you have a fully functional readline library. */
 #undef HAVE_LIBREADLINE
 
@@ -361,8 +253,11 @@
 /* Define to 1 if you have the  header file. */
 #undef HAVE_LOCALE_H
 
-/* Define to 1 if you have the `lstat' function. */
-#undef HAVE_LSTAT
+/* Define to 1 if the system has the type `long double'. */
+#undef HAVE_LONG_DOUBLE
+
+/* Define to 1 if the system has the type 'long long int'. */
+#undef HAVE_LONG_LONG_INT
 
 /* Define to 1 if you have the `memicmp' function. */
 #undef HAVE_MEMICMP
@@ -376,18 +271,24 @@
 /* Define to 1 if you have the `memrchr' function. */
 #undef HAVE_MEMRCHR
 
+/* Define to 1 if you have the `mkdtemp' function. */
+#undef HAVE_MKDTEMP
+
 /* Define to 1 if you have the `mmap' function. */
 #undef HAVE_MMAP
 
 /* Define to 1 if you have the `nl_langinfo' function. */
 #undef HAVE_NL_LANGINFO
 
-/* Defined if the New Portable Thread Library is available */
-#undef HAVE_NPTH
-
 /* Define to 1 if you have the `pipe' function. */
 #undef HAVE_PIPE
 
+/* Defined if the GNU Pth is available */
+#undef HAVE_PTH
+
+/* Define to 1 if the system has the type `ptrdiff_t'. */
+#undef HAVE_PTRDIFF_T
+
 /* Define to 1 if you have the  header file. */
 #undef HAVE_PTY_H
 
@@ -400,6 +301,9 @@
 /* Define to 1 if you have the `rand' function. */
 #undef HAVE_RAND
 
+/* Define to 1 if you have the  header file. */
+#undef HAVE_SEARCH_H
+
 /* Define to 1 if you have the `setenv' function. */
 #undef HAVE_SETENV
 
@@ -412,8 +316,14 @@
 /* Define to 1 if you have the `sigaction' function. */
 #undef HAVE_SIGACTION
 
-/* Define to 1 if you have the  header file. */
-#undef HAVE_SIGNAL_H
+/* Define to 1 if 'sig_atomic_t' is a signed integer type. */
+#undef HAVE_SIGNED_SIG_ATOMIC_T
+
+/* Define to 1 if 'wchar_t' is a signed integer type. */
+#undef HAVE_SIGNED_WCHAR_T
+
+/* Define to 1 if 'wint_t' is a signed integer type. */
+#undef HAVE_SIGNED_WINT_T
 
 /* Define to 1 if you have the `sigprocmask' function. */
 #undef HAVE_SIGPROCMASK
@@ -472,14 +382,14 @@
 /* Define to 1 if you have the `strtoul' function. */
 #undef HAVE_STRTOUL
 
-/* Define to 1 if you have the `strtoull' function. */
-#undef HAVE_STRTOULL
-
 /* Define to 1 if the system has the type `struct sigaction'. */
 #undef HAVE_STRUCT_SIGACTION
 
-/* Define to 1 if you have the  header file. */
-#undef HAVE_SYS_SELECT_H
+/* Define to 1 if you have the  header file. */
+#undef HAVE_SYS_BITYPES_H
+
+/* Define to 1 if you have the  header file. */
+#undef HAVE_SYS_INTTYPES_H
 
 /* Define to 1 if you have the  header file. */
 #undef HAVE_SYS_SOCKET_H
@@ -487,6 +397,9 @@
 /* Define to 1 if you have the  header file. */
 #undef HAVE_SYS_STAT_H
 
+/* Define to 1 if you have the  header file. */
+#undef HAVE_SYS_TIME_H
+
 /* Define to 1 if you have the  header file. */
 #undef HAVE_SYS_TYPES_H
 
@@ -502,6 +415,12 @@
 /* Define to 1 if you have the `times' function. */
 #undef HAVE_TIMES
 
+/* Define to 1 if you have the  header file. */
+#undef HAVE_TIME_H
+
+/* Define to 1 if you have the `tsearch' function. */
+#undef HAVE_TSEARCH
+
 /* Define to 1 if you have the `ttyname' function. */
 #undef HAVE_TTYNAME
 
@@ -511,6 +430,9 @@
 /* Defined if a `u32' is typedef'd */
 #undef HAVE_U32_TYPEDEF
 
+/* Define to 1 if the system has the type `uintmax_t'. */
+#undef HAVE_UINTMAX_T
+
 /* Defined if a `ulong' is typedef'd */
 #undef HAVE_ULONG_TYPEDEF
 
@@ -520,8 +442,8 @@
 /* Define to 1 if you have the `unsetenv' function. */
 #undef HAVE_UNSETENV
 
-/* Defined if time_t is an unsigned type */
-#undef HAVE_UNSIGNED_TIME_T
+/* Define to 1 if the system has the type 'unsigned long long int'. */
+#undef HAVE_UNSIGNED_LONG_LONG_INT
 
 /* Define to 1 if you have the `usb_create_match' function. */
 #undef HAVE_USB_CREATE_MATCH
@@ -541,9 +463,6 @@
 /* Define to 1 if you have the `vprintf' function. */
 #undef HAVE_VPRINTF
 
-/* Defined if we run on WindowsCE */
-#undef HAVE_W32CE_SYSTEM
-
 /* Defined if we run on a W32 API based system */
 #undef HAVE_W32_SYSTEM
 
@@ -553,6 +472,9 @@
 /* Define to 1 if you have the `waitpid' function. */
 #undef HAVE_WAITPID
 
+/* Define to 1 if you have the  header file. */
+#undef HAVE_WCHAR_H
+
 /* Define to 1 if you have the  header file. */
 #undef HAVE_WINSOCK2_H
 
@@ -565,30 +487,75 @@
 /* Define to 1 if you have the  header file. */
 #undef HAVE_WS2TCPIP_H
 
-/* Defined if ZIP and ZLIB are supported */
-#undef HAVE_ZIP
-
-/* Enable GNUTLS support in http.c */
-#undef HTTP_USE_GNUTLS
-
-/* Enable NTBTLS support in http.c */
-#undef HTTP_USE_NTBTLS
-
 /* Define as const if the declaration of iconv() needs const. */
 #undef ICONV_CONST
 
 /* Defined if this is not a regular release */
 #undef IS_DEVELOPMENT_VERSION
 
+/* Defined if libcurl supports AsynchDNS */
+#undef LIBCURL_FEATURE_ASYNCHDNS
+
+/* Defined if libcurl supports IDN */
+#undef LIBCURL_FEATURE_IDN
+
+/* Defined if libcurl supports IPv6 */
+#undef LIBCURL_FEATURE_IPV6
+
+/* Defined if libcurl supports KRB4 */
+#undef LIBCURL_FEATURE_KRB4
+
+/* Defined if libcurl supports libz */
+#undef LIBCURL_FEATURE_LIBZ
+
+/* Defined if libcurl supports NTLM */
+#undef LIBCURL_FEATURE_NTLM
+
+/* Defined if libcurl supports SSL */
+#undef LIBCURL_FEATURE_SSL
+
+/* Defined if libcurl supports SSPI */
+#undef LIBCURL_FEATURE_SSPI
+
+/* Defined if libcurl supports DICT */
+#undef LIBCURL_PROTOCOL_DICT
+
+/* Defined if libcurl supports FILE */
+#undef LIBCURL_PROTOCOL_FILE
+
+/* Defined if libcurl supports FTP */
+#undef LIBCURL_PROTOCOL_FTP
+
+/* Defined if libcurl supports FTPS */
+#undef LIBCURL_PROTOCOL_FTPS
+
+/* Defined if libcurl supports HTTP */
+#undef LIBCURL_PROTOCOL_HTTP
+
+/* Defined if libcurl supports HTTPS */
+#undef LIBCURL_PROTOCOL_HTTPS
+
+/* Defined if libcurl supports LDAP */
+#undef LIBCURL_PROTOCOL_LDAP
+
+/* Defined if libcurl supports TELNET */
+#undef LIBCURL_PROTOCOL_TELNET
+
+/* Defined if libcurl supports TFTP */
+#undef LIBCURL_PROTOCOL_TFTP
+
+/* The version of the libcurl library in packed hex form */
+#undef LIBCURL_VERNUM
+
 /* Defined if the host has little endian byte ordering */
 #undef LITTLE_ENDIAN_HOST
 
+/* If malloc(0) is != NULL, define this to 1. Otherwise define this to 0. */
+#undef MALLOC_0_IS_NONNULL
+
 /* Defined if mkdir() does not take permission flags */
 #undef MKDIR_TAKES_ONE_ARG
 
-/* The name of the installed GPG tool */
-#undef NAME_OF_INSTALLED_GPG
-
 /* Required version of Libksba */
 #undef NEED_KSBA_VERSION
 
@@ -598,15 +565,9 @@
 /* Required version of Libgcrypt */
 #undef NEED_LIBGCRYPT_VERSION
 
-/* Required version of NTBTLS */
-#undef NEED_NTBTLS_VERSION
-
 /* Define to disable all external program execution */
 #undef NO_EXEC
 
-/* Define to include only trust-model always */
-#undef NO_TRUST_MODELS
-
 /* Name of this package */
 #undef PACKAGE
 
@@ -637,30 +598,29 @@
 /* A human readable text with the name of the OS */
 #undef PRINTABLE_OS_NAME
 
+/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type
+   'ptrdiff_t'. */
+#undef PTRDIFF_T_SUFFIX
+
 /* Define as the return type of signal handlers (`int' or `void'). */
 #undef RETSIGTYPE
 
-/* Defined if we should run the tests */
-#undef RUN_TESTS
-
-/* The displayed name of scdaemon */
-#undef SCDAEMON_DISP_NAME
-
-/* The name of the scdaemon */
-#undef SCDAEMON_NAME
-
-/* The name of the SCdaemon socket */
-#undef SCDAEMON_SOCK_NAME
-
 /* Size of secure memory buffer */
 #undef SECMEM_BUFFER_SIZE
 
 /* defines the filename of the shred program */
 #undef SHRED
 
+/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type
+   'sig_atomic_t'. */
+#undef SIG_ATOMIC_T_SUFFIX
+
 /* The size of `time_t', as computed by sizeof. */
 #undef SIZEOF_TIME_T
 
+/* The size of `uint64_t', as computed by sizeof. */
+#undef SIZEOF_UINT64_T
+
 /* The size of `unsigned int', as computed by sizeof. */
 #undef SIZEOF_UNSIGNED_INT
 
@@ -673,6 +633,28 @@
 /* The size of `unsigned short', as computed by sizeof. */
 #undef SIZEOF_UNSIGNED_SHORT
 
+/* The size of `void *', as computed by sizeof. */
+#undef SIZEOF_VOID_P
+
+/* Define as the maximum value of type 'size_t', if the system doesn't define
+   it. */
+#undef SIZE_MAX
+
+/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type
+   'size_t'. */
+#undef SIZE_T_SUFFIX
+
+/* If using the C implementation of alloca, define if you know the
+   direction of stack growth for your system; otherwise it will be
+   automatically deduced at runtime.
+	STACK_DIRECTION > 0 => grows toward higher addresses
+	STACK_DIRECTION < 0 => grows toward lower addresses
+	STACK_DIRECTION = 0 => direction of growth unknown */
+#undef STACK_DIRECTION
+
+/* Define to 1 if the `S_IS*' macros in  do not work properly. */
+#undef STAT_MACROS_BROKEN
+
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 
@@ -682,31 +664,28 @@
 /* Use ADNS as resolver library. */
 #undef USE_ADNS
 
-/* Define to enable auto starting of the dirmngr */
-#undef USE_DIRMNGR_AUTO_START
-
 /* define to use DNS CERT */
 #undef USE_DNS_CERT
 
+/* define to use our experimental DNS PKA */
+#undef USE_DNS_PKA
+
 /* define to use DNS SRV */
 #undef USE_DNS_SRV
 
-/* Defined if LDAP is support */
-#undef USE_LDAP
-
-/* Build dirmngr with LDAP wrapper process */
-#undef USE_LDAPWRAPPER
+/* Defined if the GNU Portable Thread Library should be used */
+#undef USE_GNU_PTH
 
-/* Defined if support for nPth is requested and nPth is available */
-#undef USE_NPTH
-
-/* Set this to limit filenames to the 8.3 format */
+/* set this to limit filenames to the 8.3 format */
 #undef USE_ONLY_8DOT3
 
-/* Because the Unix gettext has too much overhead on MingW32 systems and these
+/* because the Unix gettext has too much overhead on MingW32 systems and these
    systems lack Posix functions, we use a simplified version of gettext */
 #undef USE_SIMPLE_GETTEXT
 
+/* Use a standard socket for the agent by default */
+#undef USE_STANDARD_SOCKET
+
 /* Enable extensions on AIX 3, Interix.  */
 #ifndef _ALL_SOURCE
 # undef _ALL_SOURCE
@@ -732,6 +711,17 @@
 /* Version of this package */
 #undef VERSION
 
+/* Define if unsetenv() returns void, not int. */
+#undef VOID_UNSETENV
+
+/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type
+   'wchar_t'. */
+#undef WCHAR_T_SUFFIX
+
+/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type
+   'wint_t'. */
+#undef WINT_T_SUFFIX
+
 /* Enable large inode numbers on Mac OS X 10.5.  */
 #ifndef _DARWIN_USE_64_BIT_INODE
 # define _DARWIN_USE_64_BIT_INODE 1
@@ -759,12 +749,19 @@
 /* Define to empty if `const' does not conform to ANSI C. */
 #undef const
 
+/* Define curl_free() as free() if our version of curl lacks curl_free. */
+#undef curl_free
+
 /* Define to `__inline__' or `__inline' if that's what the C compiler
    calls it, or to nothing if 'inline' is not supported under any name.  */
 #ifndef __cplusplus
 #undef inline
 #endif
 
+/* Define to the widest signed integer type if  and  do
+   not define. */
+#undef intmax_t
+
 /* Define to `int' if  does not define. */
 #undef mode_t
 
@@ -777,6 +774,10 @@
 /* type to use in place of socklen_t if not defined */
 #undef socklen_t
 
+/* Define to the widest unsigned integer type if  and 
+   do not define. */
+#undef uintmax_t
+
 /* Define as `fork' if `vfork' does not work. */
 #undef vfork
 
@@ -820,39 +821,27 @@
 #define SAFE_VERSION_DASH '-'
 
 /* Some global constants. */
-#ifdef HAVE_DOSISH_SYSTEM
-# ifdef HAVE_DRIVE_LETTERS
-#  define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
-# else
-#  define GNUPG_DEFAULT_HOMEDIR "/gnupg"
-# endif
+#ifdef HAVE_DRIVE_LETTERS
+#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
 #elif defined(__VMS)
-#define GNUPG_DEFAULT_HOMEDIR "/SYS$LOGIN/gnupg"
+#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
 #else
 #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
 #endif
-#define GNUPG_PRIVATE_KEYS_DIR  "private-keys-v1.d"
-#define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d"
+#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
 
 /* For some systems (DOS currently), we hardcode the path here.  For
    POSIX systems the values are constructed by the Makefiles, so that
    the values may be overridden by the make invocations; this is to
-   comply with the GNU coding standards.  Note that these values are
-   only defaults.  */
-#ifdef HAVE_DOSISH_SYSTEM
-# ifdef HAVE_DRIVE_LETTERS
-#  define GNUPG_BINDIR      "c:\\gnupg"
-#  define GNUPG_LIBEXECDIR  "c:\\gnupg"
-#  define GNUPG_LIBDIR      "c:\\gnupg"
-#  define GNUPG_DATADIR     "c:\\gnupg"
-#  define GNUPG_SYSCONFDIR  "c:\\gnupg"
-# else
-#  define GNUPG_BINDIR      "\\gnupg"
-#  define GNUPG_LIBEXECDIR  "\\gnupg"
-#  define GNUPG_LIBDIR      "\\gnupg"
-#  define GNUPG_DATADIR     "\\gnupg"
-#  define GNUPG_SYSCONFDIR  "\\gnupg"
-# endif
+   comply with the GNU coding standards. */
+#ifdef HAVE_DRIVE_LETTERS
+ /* FIXME: We need to use a function to determine these values depending
+    on the actual installation directory. */
+#define GNUPG_BINDIR      "c:\\gnupg"
+#define GNUPG_LIBEXECDIR  "c:\\gnupg"
+#define GNUPG_LIBDIR      "c:\\gnupg"
+#define GNUPG_DATADIR     "c:\\gnupg"
+#define GNUPG_SYSCONFDIR  "c:\\gnupg"
 #endif
 
 /* Derive some other constants. */
@@ -884,14 +873,12 @@
 # endif
 #endif
 
-/* Provide the es_ macro for estream.  */
-#define GPGRT_ENABLE_ES_MACROS 1
 
 /* Tell libgcrypt not to use its own libgpg-error implementation. */
 #define USE_LIBGPG_ERROR 1
 
-/* Tell Libgcrypt not to include deprecated definitions.  */
-#define GCRYPT_NO_DEPRECATED 1
+/* We use jnlib, so tell other modules about it.  */
+#define HAVE_JNLIB_LOGGING 1
 
 /* Our HTTP code is used in estream mode.  */
 #define HTTP_USE_ESTREAM 1
@@ -901,11 +888,24 @@
    handler.  */
 #define HTTP_NO_WSASTARTUP
 
-/* Under Windows we use the gettext code from libgpg-error.  */
-#define GPG_ERR_ENABLE_GETTEXT_MACROS
+/* We always include support for the OpenPGP card.  */
+#define ENABLE_CARD_SUPPORT 1
+
+/* We don't want the old assuan codes anymore. */
+#define _ASSUAN_ONLY_GPG_ERRORS 1
+
+/* We don't need any of the old gcrypt functions.  */
+#define GCRYPT_NO_DEPRECATED 1
 
-/* Under WindowsCE we use the strerror replacement from libgpg-error.  */
-#define GPG_ERR_ENABLE_ERRNO_MACROS
+/* We explicitly need to disable PTH's soft mapping as Debian
+   currently enables it by default for no reason. */
+#define PTH_SYSCALL_SOFT 0
+
+/* We want to use the libgcrypt provided memory allocation for
+   asprintf.  */
+#define _ESTREAM_PRINTF_MALLOC        gcry_malloc
+#define _ESTREAM_PRINTF_FREE          gcry_free
+#define _ESTREAM_PRINTF_EXTRA_INCLUDE "util.h"
 
 #endif /*GNUPG_CONFIG_H_INCLUDED*/
 
diff -Nru gnupg2-2.1.6/configure gnupg2-2.0.28/configure
--- gnupg2-2.1.6/configure	2015-07-01 12:17:05.000000000 +0000
+++ gnupg2-2.0.28/configure	2015-06-02 12:34:29.000000000 +0000
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for gnupg 2.1.6.
+# Generated by GNU Autoconf 2.69 for gnupg 2.0.28.
 #
 # Report bugs to .
 #
@@ -580,8 +580,8 @@
 # Identity of this package.
 PACKAGE_NAME='gnupg'
 PACKAGE_TARNAME='gnupg'
-PACKAGE_VERSION='2.1.6'
-PACKAGE_STRING='gnupg 2.1.6'
+PACKAGE_VERSION='2.0.28'
+PACKAGE_STRING='gnupg 2.0.28'
 PACKAGE_BUGREPORT='http://bugs.gnupg.org'
 PACKAGE_URL=''
 
@@ -627,18 +627,12 @@
 ac_subst_vars='am__EXEEXT_FALSE
 am__EXEEXT_TRUE
 LTLIBOBJS
-LIBOBJS
 BUILD_HOSTNAME
 BUILD_TIMESTAMP
 BUILD_FILEVERSION
-BUILD_VERSION
 BUILD_REVISION
 RUN_GPG_TESTS_FALSE
 RUN_GPG_TESTS_TRUE
-NO_TRUST_MODELS_FALSE
-NO_TRUST_MODELS_TRUE
-ENABLE_CARD_SUPPORT_FALSE
-ENABLE_CARD_SUPPORT_TRUE
 BUILD_GPGTAR_FALSE
 BUILD_GPGTAR_TRUE
 BUILD_SYMCRYPTRUN_FALSE
@@ -647,10 +641,6 @@
 BUILD_DOC_TRUE
 BUILD_TOOLS_FALSE
 BUILD_TOOLS_TRUE
-BUILD_DIRMNGR_FALSE
-BUILD_DIRMNGR_TRUE
-BUILD_G13_FALSE
-BUILD_G13_TRUE
 BUILD_SCDAEMON_FALSE
 BUILD_SCDAEMON_TRUE
 BUILD_AGENT_FALSE
@@ -659,6 +649,7 @@
 BUILD_GPGSM_TRUE
 BUILD_GPG_FALSE
 BUILD_GPG_TRUE
+GPGKEYS_KDNS
 W32SOCKLIBS
 NETLIBS
 CROSS_COMPILING_FALSE
@@ -669,6 +660,37 @@
 ENABLE_BZIP2_SUPPORT_TRUE
 DISABLE_REGEX_FALSE
 DISABLE_REGEX_TRUE
+LIBGNU_LTLIBDEPS
+LIBGNU_LIBDEPS
+UNISTD_H
+STDINT_H
+WINT_T_SUFFIX
+WCHAR_T_SUFFIX
+SIZE_T_SUFFIX
+SIG_ATOMIC_T_SUFFIX
+PTRDIFF_T_SUFFIX
+HAVE_SIGNED_WINT_T
+HAVE_SIGNED_WCHAR_T
+HAVE_SIGNED_SIG_ATOMIC_T
+BITSIZEOF_WINT_T
+BITSIZEOF_WCHAR_T
+BITSIZEOF_SIZE_T
+BITSIZEOF_SIG_ATOMIC_T
+BITSIZEOF_PTRDIFF_T
+HAVE_SYS_BITYPES_H
+HAVE_SYS_INTTYPES_H
+HAVE_STDINT_H
+ABSOLUTE_STDINT_H
+HAVE_SYS_TYPES_H
+HAVE_INTTYPES_H
+HAVE_WCHAR_H
+HAVE_UNSIGNED_LONG_LONG_INT
+HAVE_LONG_LONG_INT
+LIBOBJS
+ALLOCA_H
+ALLOCA
+GL_COND_LIBTOOL_FALSE
+GL_COND_LIBTOOL_TRUE
 SYS_SOCKET_H
 BUILD_INCLUDED_LIBINTL
 USE_INCLUDED_LIBINTL
@@ -687,35 +709,29 @@
 MSGFMT
 GETTEXT_MACRO_VERSION
 USE_NLS
+SED
 LTLIBICONV
 LIBICONV
+GPGKEYS_MAILTO
 SENDMAIL
-USE_LDAPWRAPPER_FALSE
-USE_LDAPWRAPPER_TRUE
-USE_LDAP_FALSE
-USE_LDAP_TRUE
-LBER_LIBS
+GPGKEYS_CURL
+FAKE_CURL_FALSE
+FAKE_CURL_TRUE
+LIBCURL
+LIBCURL_CPPFLAGS
+_libcurl_config
 LDAP_CPPFLAGS
 LDAPLIBS
 GPGKEYS_LDAP
 USE_DNS_SRV_FALSE
 USE_DNS_SRV_TRUE
 DNSLIBS
-LIBGNUTLS_LIBS
-LIBGNUTLS_CFLAGS
-PKG_CONFIG_LIBDIR
-PKG_CONFIG_PATH
-PKG_CONFIG
-NTBTLS_LIBS
-NTBTLS_CFLAGS
-NTBTLS_CONFIG
-NPTH_LIBS
-NPTH_CFLAGS
-NPTH_CONFIG
+ADNSLIBS
+PTH_LIBS
+PTH_CFLAGS
+PTH_CONFIG
 SHRED
 LIBUTIL_LIBS
-FUSERMOUNT
-ENCFS
 DL_LIBS
 LIBUSB_LIBS
 KSBA_LIBS
@@ -732,12 +748,8 @@
 GPG_ERROR_LIBS
 GPG_ERROR_CFLAGS
 GPG_ERROR_CONFIG
-RUN_TESTS_FALSE
-RUN_TESTS_TRUE
-HAVE_ANDROID_SYSTEM_FALSE
-HAVE_ANDROID_SYSTEM_TRUE
-HAVE_W32CE_SYSTEM_FALSE
-HAVE_W32CE_SYSTEM_TRUE
+GPGKEYS_FINGER
+GPGKEYS_HKP
 HAVE_W32_SYSTEM_FALSE
 HAVE_W32_SYSTEM_TRUE
 USE_SIMPLE_GETTEXT_FALSE
@@ -748,6 +760,9 @@
 HAVE_USTAR_FALSE
 HAVE_USTAR_TRUE
 TAR
+WORKING_FAQPROG_FALSE
+WORKING_FAQPROG_TRUE
+FAQPROG
 WINDRES
 PERL
 AR
@@ -757,9 +772,6 @@
 MAINT
 MAINTAINER_MODE_FALSE
 MAINTAINER_MODE_TRUE
-GNUPG_DIRMNGR_LDAP_PGM_FALSE
-GNUPG_DIRMNGR_LDAP_PGM_TRUE
-GNUPG_DIRMNGR_LDAP_PGM
 GNUPG_PROTECT_TOOL_PGM_FALSE
 GNUPG_PROTECT_TOOL_PGM_TRUE
 GNUPG_PROTECT_TOOL_PGM
@@ -876,9 +888,8 @@
 enable_dependency_tracking
 enable_gpg
 enable_gpgsm
+enable_agent
 enable_scdaemon
-enable_g13
-enable_dirmngr
 enable_tools
 enable_doc
 enable_symcryptrun
@@ -888,57 +899,39 @@
 with_scdaemon_pgm
 with_dirmngr_pgm
 with_protect_tool_pgm
-with_dirmngr_ldap_pgm
-enable_gpg2_is_gpg
+enable_agent_only
 enable_selinux_support
 enable_large_secmem
-enable_trust_models
-enable_gpg_rsa
-enable_gpg_ecdh
-enable_gpg_ecdsa
-enable_gpg_eddsa
-enable_gpg_idea
-enable_gpg_cast5
-enable_gpg_blowfish
-enable_gpg_aes128
-enable_gpg_aes192
-enable_gpg_aes256
-enable_gpg_twofish
-enable_gpg_camellia128
-enable_gpg_camellia192
-enable_gpg_camellia256
-enable_gpg_md5
-enable_gpg_rmd160
-enable_gpg_sha224
-enable_gpg_sha384
-enable_gpg_sha512
-enable_zip
 enable_bzip2
 enable_exec
 enable_photo_viewers
 with_photo_viewer
+enable_keyserver_helpers
+enable_ldap
+enable_hkp
+enable_finger
+enable_generic
+enable_mailto
+enable_keyserver_path
 enable_key_cache
 with_capabilities
-enable_card_support
 enable_ccid_driver
-enable_dirmngr_auto_start
 enable_maintainer_mode
 enable_largefile
 with_tar
+enable_standard_socket
 with_libgpg_error_prefix
 with_gpg_error_prefix
 with_libgcrypt_prefix
 with_libassuan_prefix
 with_ksba_prefix
-with_npth_prefix
-enable_ntbtls
-with_ntbtls_prefix
-enable_gnutls
+with_pth_prefix
 with_adns
 enable_dns_srv
+enable_dns_pka
 enable_dns_cert
-enable_ldap
 with_ldap
+with_libcurl
 with_mailprog
 with_gnu_ld
 enable_rpath
@@ -963,12 +956,7 @@
 CPPFLAGS
 CPP
 SYSROOT
-CC_FOR_BUILD
-PKG_CONFIG
-PKG_CONFIG_PATH
-PKG_CONFIG_LIBDIR
-LIBGNUTLS_CFLAGS
-LIBGNUTLS_LIBS'
+CC_FOR_BUILD'
 
 
 # Initialize some variables set by options.
@@ -1509,7 +1497,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures gnupg 2.1.6 to adapt to many kinds of systems.
+\`configure' configures gnupg 2.0.28 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1579,7 +1567,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of gnupg 2.1.6:";;
+     short | recursive ) echo "Configuration of gnupg 2.0.28:";;
    esac
   cat <<\_ACEOF
 
@@ -1595,58 +1583,38 @@
                           speeds up one-time build
   --disable-gpg           do not build the gpg program
   --disable-gpgsm         do not build the gpgsm program
+  --disable-agent         do not build the agent program
   --disable-scdaemon      do not build the scdaemon program
-  --disable-g13           do not build the g13 program
-  --disable-dirmngr       do not build the dirmngr program
   --disable-tools         do not build the tools program
   --disable-doc           do not build the doc program
   --enable-symcryptrun    build the symcryptrun program
-  --disable-gpgtar        do not build the gpgtar program
-  --enable-gpg2-is-gpg    Set installed name of gpg2 to gpg
+  --enable-gpgtar         build the gpgtar program
+  --enable-agent-only     build only the gpg-agent
   --enable-selinux-support
                           enable SELinux support
   --enable-large-secmem   allocate extra secure memory
-  --disable-trust-models  disable all trust models except "always"
-  --disable-gpg-rsa       disable the RSA public key algorithm in gpg
-  --disable-gpg-ecdh      disable the ECDH public key algorithm in gpg
-  --disable-gpg-ecdsa     disable the ECDSA public key algorithm in gpg
-  --disable-gpg-eddsa     disable the EdDSA public key algorithm in gpg
-  --disable-gpg-idea      disable the IDEA cipher algorithm in gpg
-  --disable-gpg-cast5     disable the CAST5 cipher algorithm in gpg
-  --disable-gpg-blowfish  disable the BLOWFISH cipher algorithm in gpg
-  --disable-gpg-aes128    disable the AES128 cipher algorithm in gpg
-  --disable-gpg-aes192    disable the AES192 cipher algorithm in gpg
-  --disable-gpg-aes256    disable the AES256 cipher algorithm in gpg
-  --disable-gpg-twofish   disable the TWOFISH cipher algorithm in gpg
-  --disable-gpg-camellia128
-                          disable the CAMELLIA128 cipher algorithm in gpg
-  --disable-gpg-camellia192
-                          disable the CAMELLIA192 cipher algorithm in gpg
-  --disable-gpg-camellia256
-                          disable the CAMELLIA256 cipher algorithm in gpg
-  --disable-gpg-md5       disable the MD5 hash algorithm in gpg
-  --disable-gpg-rmd160    disable the RIPE-MD160 hash algorithm in gpg
-  --disable-gpg-sha224    disable the SHA-224 hash algorithm in gpg
-  --disable-gpg-sha384    disable the SHA-384 hash algorithm in gpg
-  --disable-gpg-sha512    disable the SHA-512 hash algorithm in gpg
-  --disable-zip           disable the ZIP and ZLIB compression algorithm
   --disable-bzip2         disable the BZIP2 compression algorithm
   --disable-exec          disable all external program execution
   --disable-photo-viewers disable photo ID viewers
+  --disable-keyserver-helpers  disable all external keyserver support
+  --disable-ldap          disable LDAP keyserver interface only
+  --disable-hkp           disable HKP keyserver interface only
+  --disable-finger        disable finger key fetching interface only
+  --disable-generic       disable generic object key fetching interface only
+  --enable-mailto         enable email keyserver interface only
+  --disable-keyserver-path
+                          disable the exec-path option for keyserver helpers
   --enable-key-cache=SIZE Set key cache to SIZE (default 4096)
-  --disable-card-support  disable smartcard support
   --disable-ccid-driver   disable the internal CCID driver
-  --disable-dirmngr-auto-start
-                          disable auto starting of the dirmngr
   --enable-maintainer-mode
                           enable make rules and dependencies not useful (and
                           sometimes confusing) to the casual installer
   --disable-largefile     omit support for large files
-  --disable-ntbtls        disable the use of NTBTLS as TLS library
-  --disable-gnutls        disable GNUTLS as fallback TLS library
+  --enable-standard-socket
+                          use a standard socket for the agent by default
   --disable-dns-srv       disable the use of DNS SRV in HKP and HTTP
+  --disable-dns-pka       disable the use of PKA records in DNS
   --disable-dns-cert      disable the use of CERT records in DNS
-  --disable-ldap          disable LDAP support
   --disable-rpath         do not hardcode runtime library paths
   --disable-nls           do not use Native Language Support
   --disable-endian-check  disable the endian check and trust the OS provided
@@ -1663,7 +1631,6 @@
   --with-scdaemon-pgm=PATH  Use PATH as the default for the scdaemon)
   --with-dirmngr-pgm=PATH  Use PATH as the default for the dirmngr)
   --with-protect-tool-pgm=PATH  Use PATH as the default for the protect-tool)
-  --with-dirmngr-ldap-pgm=PATH  Use PATH as the default for the dirmnge ldap wrapper)
   --with-photo-viewer=FIXED_VIEWER  set a fixed photo ID viewer
   --with-capabilities     use linux capabilities default=no
   --with-tar=PATH         look for a tar program in PATH
@@ -1675,13 +1642,12 @@
   --with-libassuan-prefix=PFX
                           prefix where LIBASSUAN is installed (optional)
   --with-ksba-prefix=PFX  prefix where KSBA is installed (optional)
-  --with-npth-prefix=PFX  prefix where NPTH is installed (optional)
-  --with-ntbtls-prefix=PFX
-                          prefix where NTBTLS is installed (optional)
+  --with-pth-prefix=PFX   prefix where GNU Pth is installed
   --with-adns=DIR         look for the adns library in DIR
   --with-ldap=DIR         look for the LDAP library in DIR
+  --with-libcurl=DIR      look for the curl library in DIR
   --with-mailprog=NAME    use "NAME -t" for mail transport
-  --with-gnu-ld           assume the C compiler uses GNU ld default=no
+  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
   --with-libiconv-prefix[=DIR]  search for libiconv in DIR/include and DIR/lib
   --without-libiconv-prefix     don't search for libiconv in includedir and libdir
   --with-libintl-prefix[=DIR]  search for libintl in DIR/include and DIR/lib
@@ -1703,15 +1669,6 @@
   SYSROOT     locate config scripts also below that directory
   CC_FOR_BUILD
               build system C compiler
-  PKG_CONFIG  path to pkg-config utility
-  PKG_CONFIG_PATH
-              directories to add to pkg-config's search path
-  PKG_CONFIG_LIBDIR
-              path overriding pkg-config's built-in search path
-  LIBGNUTLS_CFLAGS
-              C compiler flags for LIBGNUTLS, overriding pkg-config
-  LIBGNUTLS_LIBS
-              linker flags for LIBGNUTLS, overriding pkg-config
 
 Use these variables to override the choices made by `configure' or to help
 it to find libraries and programs with nonstandard names/locations.
@@ -1779,7 +1736,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-gnupg configure 2.1.6
+gnupg configure 2.0.28
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2431,7 +2388,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by gnupg $as_me 2.1.6, which was
+It was created by gnupg $as_me 2.0.28, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2713,6 +2670,10 @@
 
 gt_needs="$gt_needs need-ngettext"
 as_fn_append ac_header_list " sys/socket.h"
+as_fn_append ac_header_list " sys/time.h"
+as_fn_append ac_header_list " unistd.h"
+as_fn_append ac_header_list " wchar.h"
+as_fn_append ac_header_list " stdint.h"
 # Check that the precious variables saved in the cache have kept the same
 # value.
 ac_cache_corrupted=false
@@ -2782,26 +2743,16 @@
 
 
 
-NEED_GPG_ERROR_VERSION=1.16
+NEED_GPG_ERROR_VERSION=1.11
 
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.6.0
+NEED_LIBGCRYPT_VERSION=1.5.0
 
 NEED_LIBASSUAN_API=2
-NEED_LIBASSUAN_VERSION=2.1.0
+NEED_LIBASSUAN_VERSION=2.0.0
 
 NEED_KSBA_API=1
-NEED_KSBA_VERSION=1.2.0
-
-NEED_NTBTLS_API=1
-NEED_NTBTLS_VERSION=0.1.0
-
-NEED_NPTH_API=1
-NEED_NPTH_VERSION=0.91
-
-
-NEED_GNUTLS_VERSION=3.0
-
+NEED_KSBA_VERSION=1.0.7
 
 development_version=no
 PACKAGE=$PACKAGE_NAME
@@ -2809,7 +2760,7 @@
 VERSION=$PACKAGE_VERSION
 
 ac_aux_dir=
-for ac_dir in build-aux "$srcdir"/build-aux; do
+for ac_dir in scripts "$srcdir"/scripts; do
   if test -f "$ac_dir/install-sh"; then
     ac_aux_dir=$ac_dir
     ac_install_sh="$ac_aux_dir/install-sh -c"
@@ -2825,7 +2776,7 @@
   fi
 done
 if test -z "$ac_aux_dir"; then
-  as_fn_error $? "cannot find install-sh, install.sh, or shtool in build-aux \"$srcdir\"/build-aux" "$LINENO" 5
+  as_fn_error $? "cannot find install-sh, install.sh, or shtool in scripts \"$srcdir\"/scripts" "$LINENO" 5
 fi
 
 # These three variables are undocumented and unsupported,
@@ -3326,7 +3277,7 @@
 
 # Define the identity of the package.
  PACKAGE='gnupg'
- VERSION='2.1.6'
+ VERSION='2.0.28'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -5019,21 +4970,15 @@
 have_libgcrypt=no
 have_libassuan=no
 have_ksba=no
-have_ntbtls=no
-have_gnutls=no
-have_npth=no
+have_pth=no
 have_libusb=no
 have_adns=no
-gnupg_have_ldap="n/a"
 
-use_zip=yes
 use_bzip2=yes
 use_exec=yes
-use_trust_models=yes
-card_support=yes
+disable_keyserver_path=no
 use_ccid_driver=yes
-dirmngr_auto_start=yes
-use_tls_library=no
+use_standard_socket=no
 large_secmem=no
 
 build_gpg=yes
@@ -5072,59 +5017,39 @@
            ;;
    esac
 
-# The agent is a required part and can't be disabled anymore.
 build_agent=yes
-build_scdaemon=yes
-
-      # Check whether --enable-scdaemon was given.
-if test "${enable_scdaemon+set}" = set; then :
-  enableval=$enable_scdaemon; build_scdaemon=$enableval
-else
-  build_scdaemon=yes
-fi
-
-
-   case "$build_scdaemon" in
-         no|yes)
-           ;;
-         *)
-           as_fn_error $? "only yes or no allowed for feature --enable-scdaemon" "$LINENO" 5
-           ;;
-   esac
-
-build_g13=yes
 
-      # Check whether --enable-g13 was given.
-if test "${enable_g13+set}" = set; then :
-  enableval=$enable_g13; build_g13=$enableval
+      # Check whether --enable-agent was given.
+if test "${enable_agent+set}" = set; then :
+  enableval=$enable_agent; build_agent=$enableval
 else
-  build_g13=yes
+  build_agent=yes
 fi
 
 
-   case "$build_g13" in
+   case "$build_agent" in
          no|yes)
            ;;
          *)
-           as_fn_error $? "only yes or no allowed for feature --enable-g13" "$LINENO" 5
+           as_fn_error $? "only yes or no allowed for feature --enable-agent" "$LINENO" 5
            ;;
    esac
 
-build_dirmngr=yes
+build_scdaemon=yes
 
-      # Check whether --enable-dirmngr was given.
-if test "${enable_dirmngr+set}" = set; then :
-  enableval=$enable_dirmngr; build_dirmngr=$enableval
+      # Check whether --enable-scdaemon was given.
+if test "${enable_scdaemon+set}" = set; then :
+  enableval=$enable_scdaemon; build_scdaemon=$enableval
 else
-  build_dirmngr=yes
+  build_scdaemon=yes
 fi
 
 
-   case "$build_dirmngr" in
+   case "$build_scdaemon" in
          no|yes)
            ;;
          *)
-           as_fn_error $? "only yes or no allowed for feature --enable-dirmngr" "$LINENO" 5
+           as_fn_error $? "only yes or no allowed for feature --enable-scdaemon" "$LINENO" 5
            ;;
    esac
 
@@ -5182,13 +5107,13 @@
            ;;
    esac
 
-build_gpgtar=yes
+build_gpgtar=no
 
       # Check whether --enable-gpgtar was given.
 if test "${enable_gpgtar+set}" = set; then :
   enableval=$enable_gpgtar; build_gpgtar=$enableval
 else
-  build_gpgtar=yes
+  build_gpgtar=no
 fi
 
 
@@ -5205,6 +5130,7 @@
 
 
 
+
 cat >>confdefs.h <<_ACEOF
 #define PACKAGE "$PACKAGE"
 _ACEOF
@@ -5235,12 +5161,6 @@
 _ACEOF
 
 
-cat >>confdefs.h <<_ACEOF
-#define NEED_NTBTLS_VERSION "$NEED_NTBTLS_VERSION"
-_ACEOF
-
-
-
 
 # The default is to use the modules from this package and the few
 # other packages in a standard place; i.e where this package gets
@@ -5351,49 +5271,14 @@
       && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
 
 
-# Check whether --with-dirmngr-ldap-pgm was given.
-if test "${with_dirmngr_ldap_pgm+set}" = set; then :
-  withval=$with_dirmngr_ldap_pgm; GNUPG_DIRMNGR_LDAP_PGM="$withval"
-else
-  GNUPG_DIRMNGR_LDAP_PGM=""
-fi
-
-
- if test -n "$GNUPG_DIRMNGR_LDAP_PGM"; then
-  GNUPG_DIRMNGR_LDAP_PGM_TRUE=
-  GNUPG_DIRMNGR_LDAP_PGM_FALSE='#'
-else
-  GNUPG_DIRMNGR_LDAP_PGM_TRUE='#'
-  GNUPG_DIRMNGR_LDAP_PGM_FALSE=
-fi
-
-show_gnupg_dirmngr_ldap_pgm="(default)"
-test -n "$GNUPG_DIRMNGR_LDAP_PGM" \
-      && show_gnupg_dirmngr_ldap_pgm="$GNUPG_DIRMNGR_LDAP_PGM"
-
-#
-# On some platforms gpg2 is usually installed as gpg without using a
-# symlink.  For correct operation of gpgconf it needs to know the
-# installed name of gpg.  This option sets "gpg2"'s installed name to
-# just "gpg".  Note that it might be required to rename gpg2 to gpg
-# manually after the build process.
-#
-# Check whether --enable-gpg2-is-gpg was given.
-if test "${enable_gpg2_is_gpg+set}" = set; then :
-  enableval=$enable_gpg2_is_gpg; gpg2_is_gpg=$enableval
-fi
-
-if test "$gpg2_is_gpg" = "yes"; then
-   name_of_installed_gpg=gpg
-else
-   name_of_installed_gpg=gpg2
+# Some folks want to use only the agent from this packet.  Make it
+# easier for them by providing the configure option
+# --enable-only-agent.
+# Check whether --enable-agent-only was given.
+if test "${enable_agent_only+set}" = set; then :
+  enableval=$enable_agent_only; build_agent_only=$enableval
 fi
 
-cat >>confdefs.h <<_ACEOF
-#define NAME_OF_INSTALLED_GPG "$name_of_installed_gpg"
-_ACEOF
-
-
 
 # SELinux support includes tracking of sensitive files to avoid
 # leaking their contents through processing these files by gpg itself
@@ -5432,574 +5317,271 @@
 _ACEOF
 
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable trust models" >&5
-$as_echo_n "checking whether to enable trust models... " >&6; }
-# Check whether --enable-trust-models was given.
-if test "${enable_trust_models+set}" = set; then :
-  enableval=$enable_trust_models; use_trust_models=$enableval
-fi
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_trust_models" >&5
-$as_echo "$use_trust_models" >&6; }
-if test "$use_trust_models" = no ; then
+# Allow disabling of bzib2 support.
+# It is defined only after we confirm the library is available later
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the BZIP2 compression algorithm" >&5
+$as_echo_n "checking whether to enable the BZIP2 compression algorithm... " >&6; }
+# Check whether --enable-bzip2 was given.
+if test "${enable_bzip2+set}" = set; then :
+  enableval=$enable_bzip2; use_bzip2=$enableval
+fi
 
-$as_echo "#define NO_TRUST_MODELS 1" >>confdefs.h
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_bzip2" >&5
+$as_echo "$use_bzip2" >&6; }
 
+# Configure option to allow or disallow execution of external
+# programs, like a photo viewer.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable external program execution" >&5
+$as_echo_n "checking whether to enable external program execution... " >&6; }
+# Check whether --enable-exec was given.
+if test "${enable_exec+set}" = set; then :
+  enableval=$enable_exec; use_exec=$enableval
 fi
 
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_exec" >&5
+$as_echo "$use_exec" >&6; }
+if test "$use_exec" = no ; then
 
-#
-# Options to disable algorithm
-#
+$as_echo "#define NO_EXEC 1" >>confdefs.h
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the RSA public key for gpg" >&5
-$as_echo_n "checking whether to enable the RSA public key for gpg... " >&6; }
-   # Check whether --enable-gpg-rsa was given.
-if test "${enable_gpg_rsa+set}" = set; then :
-  enableval=$enable_gpg_rsa;
-else
-  enableval=yes
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_RSA 1" >>confdefs.h
+if test "$use_exec" = yes ; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable photo ID viewing" >&5
+$as_echo_n "checking whether to enable photo ID viewing... " >&6; }
+  # Check whether --enable-photo-viewers was given.
+if test "${enable_photo_viewers+set}" = set; then :
+  enableval=$enable_photo_viewers; if test "$enableval" = no ; then
 
-   fi
+$as_echo "#define DISABLE_PHOTO_VIEWER 1" >>confdefs.h
 
-# Elgamal is a MUST algorithm
-# DSA is a MUST algorithm
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the ECDH public key for gpg" >&5
-$as_echo_n "checking whether to enable the ECDH public key for gpg... " >&6; }
-   # Check whether --enable-gpg-ecdh was given.
-if test "${enable_gpg_ecdh+set}" = set; then :
-  enableval=$enable_gpg_ecdh;
+      fi
 else
   enableval=yes
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+  gnupg_cv_enable_photo_viewers=$enableval
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
 $as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
 
-$as_echo "#define GPG_USE_ECDH 1" >>confdefs.h
+  if test "$gnupg_cv_enable_photo_viewers" = yes ; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use a fixed photo ID viewer" >&5
+$as_echo_n "checking whether to use a fixed photo ID viewer... " >&6; }
 
-   fi
+# Check whether --with-photo-viewer was given.
+if test "${with_photo_viewer+set}" = set; then :
+  withval=$with_photo_viewer; if test "$withval" = yes ; then
+           withval=no
+        elif test "$withval" != no ; then
+
+cat >>confdefs.h <<_ACEOF
+#define FIXED_PHOTO_VIEWER "$withval"
+_ACEOF
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the ECDSA public key for gpg" >&5
-$as_echo_n "checking whether to enable the ECDSA public key for gpg... " >&6; }
-   # Check whether --enable-gpg-ecdsa was given.
-if test "${enable_gpg_ecdsa+set}" = set; then :
-  enableval=$enable_gpg_ecdsa;
+        fi
 else
-  enableval=yes
+  withval=no
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+$as_echo "$withval" >&6; }
+  fi
 
-$as_echo "#define GPG_USE_ECDSA 1" >>confdefs.h
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable external keyserver helpers" >&5
+$as_echo_n "checking whether to enable external keyserver helpers... " >&6; }
+  # Check whether --enable-keyserver-helpers was given.
+if test "${enable_keyserver_helpers+set}" = set; then :
+  enableval=$enable_keyserver_helpers; if test "$enableval" = no ; then
 
-   fi
+$as_echo "#define DISABLE_KEYSERVER_HELPERS 1" >>confdefs.h
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the EdDSA public key for gpg" >&5
-$as_echo_n "checking whether to enable the EdDSA public key for gpg... " >&6; }
-   # Check whether --enable-gpg-eddsa was given.
-if test "${enable_gpg_eddsa+set}" = set; then :
-  enableval=$enable_gpg_eddsa;
+      fi
 else
   enableval=yes
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+  gnupg_cv_enable_keyserver_helpers=$enableval
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
 $as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
 
-$as_echo "#define GPG_USE_EDDSA 1" >>confdefs.h
-
-   fi
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the IDEA cipher for gpg" >&5
-$as_echo_n "checking whether to enable the IDEA cipher for gpg... " >&6; }
-   # Check whether --enable-gpg-idea was given.
-if test "${enable_gpg_idea+set}" = set; then :
-  enableval=$enable_gpg_idea;
+  if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
+    # LDAP is defined only after we confirm the library is available later
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether LDAP keyserver support is requested" >&5
+$as_echo_n "checking whether LDAP keyserver support is requested... " >&6; }
+    # Check whether --enable-ldap was given.
+if test "${enable_ldap+set}" = set; then :
+  enableval=$enable_ldap; try_ldap=$enableval
 else
-  enableval=yes
+  try_ldap=yes
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_IDEA 1" >>confdefs.h
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $try_ldap" >&5
+$as_echo "$try_ldap" >&6; }
 
-   fi
-
-# 3DES is a MUST algorithm
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the CAST5 cipher for gpg" >&5
-$as_echo_n "checking whether to enable the CAST5 cipher for gpg... " >&6; }
-   # Check whether --enable-gpg-cast5 was given.
-if test "${enable_gpg_cast5+set}" = set; then :
-  enableval=$enable_gpg_cast5;
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether HKP keyserver support is requested" >&5
+$as_echo_n "checking whether HKP keyserver support is requested... " >&6; }
+    # Check whether --enable-hkp was given.
+if test "${enable_hkp+set}" = set; then :
+  enableval=$enable_hkp; try_hkp=$enableval
 else
-  enableval=yes
+  try_hkp=yes
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_CAST5 1" >>confdefs.h
-
-   fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $try_hkp" >&5
+$as_echo "$try_hkp" >&6; }
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the BLOWFISH cipher for gpg" >&5
-$as_echo_n "checking whether to enable the BLOWFISH cipher for gpg... " >&6; }
-   # Check whether --enable-gpg-blowfish was given.
-if test "${enable_gpg_blowfish+set}" = set; then :
-  enableval=$enable_gpg_blowfish;
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether finger key fetching support is requested" >&5
+$as_echo_n "checking whether finger key fetching support is requested... " >&6; }
+    # Check whether --enable-finger was given.
+if test "${enable_finger+set}" = set; then :
+  enableval=$enable_finger; try_finger=$enableval
 else
-  enableval=yes
+  try_finger=yes
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_BLOWFISH 1" >>confdefs.h
-
-   fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $try_finger" >&5
+$as_echo "$try_finger" >&6; }
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the AES128 cipher for gpg" >&5
-$as_echo_n "checking whether to enable the AES128 cipher for gpg... " >&6; }
-   # Check whether --enable-gpg-aes128 was given.
-if test "${enable_gpg_aes128+set}" = set; then :
-  enableval=$enable_gpg_aes128;
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether generic object key fetching support is requested" >&5
+$as_echo_n "checking whether generic object key fetching support is requested... " >&6; }
+    # Check whether --enable-generic was given.
+if test "${enable_generic+set}" = set; then :
+  enableval=$enable_generic; try_generic=$enableval
 else
-  enableval=yes
+  try_generic=yes
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_AES128 1" >>confdefs.h
-
-   fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $try_generic" >&5
+$as_echo "$try_generic" >&6; }
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the AES192 cipher for gpg" >&5
-$as_echo_n "checking whether to enable the AES192 cipher for gpg... " >&6; }
-   # Check whether --enable-gpg-aes192 was given.
-if test "${enable_gpg_aes192+set}" = set; then :
-  enableval=$enable_gpg_aes192;
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether email keyserver support is requested" >&5
+$as_echo_n "checking whether email keyserver support is requested... " >&6; }
+    # Check whether --enable-mailto was given.
+if test "${enable_mailto+set}" = set; then :
+  enableval=$enable_mailto; try_mailto=$enableval
 else
-  enableval=yes
+  try_mailto=no
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_AES192 1" >>confdefs.h
-
-   fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $try_mailto" >&5
+$as_echo "$try_mailto" >&6; }
+  fi
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the AES256 cipher for gpg" >&5
-$as_echo_n "checking whether to enable the AES256 cipher for gpg... " >&6; }
-   # Check whether --enable-gpg-aes256 was given.
-if test "${enable_gpg_aes256+set}" = set; then :
-  enableval=$enable_gpg_aes256;
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether keyserver exec-path is enabled" >&5
+$as_echo_n "checking whether keyserver exec-path is enabled... " >&6; }
+  # Check whether --enable-keyserver-path was given.
+if test "${enable_keyserver_path+set}" = set; then :
+  enableval=$enable_keyserver_path; if test "$enableval" = no ; then
+              disable_keyserver_path=yes
+           fi
 else
   enableval=yes
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
 $as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_AES256 1" >>confdefs.h
+fi
 
-   fi
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the TWOFISH cipher for gpg" >&5
-$as_echo_n "checking whether to enable the TWOFISH cipher for gpg... " >&6; }
-   # Check whether --enable-gpg-twofish was given.
-if test "${enable_gpg_twofish+set}" = set; then :
-  enableval=$enable_gpg_twofish;
+#
+# Check for the key/uid cache size.  This can't be zero, but can be
+# pretty small on embedded systems.  This is used for the gpg part.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for the size of the key and uid cache" >&5
+$as_echo_n "checking for the size of the key and uid cache... " >&6; }
+# Check whether --enable-key-cache was given.
+if test "${enable_key_cache+set}" = set; then :
+  enableval=$enable_key_cache;
 else
-  enableval=yes
+  enableval=4096
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_TWOFISH 1" >>confdefs.h
+if test "$enableval" = "no"; then
+   enableval=5
+elif test "$enableval" = "yes" || test "$enableval" = ""; then
+   enableval=4096
+fi
+key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
+if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
+   as_fn_error $? "invalid key-cache size" "$LINENO" 5
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $key_cache_size" >&5
+$as_echo "$key_cache_size" >&6; }
 
-   fi
+cat >>confdefs.h <<_ACEOF
+#define PK_UID_CACHE_SIZE $key_cache_size
+_ACEOF
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the CAMELLIA128 cipher for gpg" >&5
-$as_echo_n "checking whether to enable the CAMELLIA128 cipher for gpg... " >&6; }
-   # Check whether --enable-gpg-camellia128 was given.
-if test "${enable_gpg_camellia128+set}" = set; then :
-  enableval=$enable_gpg_camellia128;
-else
-  enableval=yes
-fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
 
-$as_echo "#define GPG_USE_CAMELLIA128 1" >>confdefs.h
 
-   fi
+#
+# Check whether we want to use Linux capabilities
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether use of capabilities is requested" >&5
+$as_echo_n "checking whether use of capabilities is requested... " >&6; }
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the CAMELLIA192 cipher for gpg" >&5
-$as_echo_n "checking whether to enable the CAMELLIA192 cipher for gpg... " >&6; }
-   # Check whether --enable-gpg-camellia192 was given.
-if test "${enable_gpg_camellia192+set}" = set; then :
-  enableval=$enable_gpg_camellia192;
+# Check whether --with-capabilities was given.
+if test "${with_capabilities+set}" = set; then :
+  withval=$with_capabilities; use_capabilities="$withval"
 else
-  enableval=yes
+  use_capabilities=no
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_CAMELLIA192 1" >>confdefs.h
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_capabilities" >&5
+$as_echo "$use_capabilities" >&6; }
 
-   fi
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the CAMELLIA256 cipher for gpg" >&5
-$as_echo_n "checking whether to enable the CAMELLIA256 cipher for gpg... " >&6; }
-   # Check whether --enable-gpg-camellia256 was given.
-if test "${enable_gpg_camellia256+set}" = set; then :
-  enableval=$enable_gpg_camellia256;
-else
-  enableval=yes
+#
+# Allow disabling of internal CCID support.
+# It is defined only after we confirm the library is available later
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the internal CCID driver" >&5
+$as_echo_n "checking whether to enable the internal CCID driver... " >&6; }
+# Check whether --enable-ccid-driver was given.
+if test "${enable_ccid_driver+set}" = set; then :
+  enableval=$enable_ccid_driver; use_ccid_driver=$enableval
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_ccid_driver" >&5
+$as_echo "$use_ccid_driver" >&6; }
 
-$as_echo "#define GPG_USE_CAMELLIA256 1" >>confdefs.h
 
-   fi
+#
+# To avoid double inclusion of config.h which might happen at some
+# places, we add the usual double inclusion protection at the top of
+# config.h.
+#
 
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the MD5 hash for gpg" >&5
-$as_echo_n "checking whether to enable the MD5 hash for gpg... " >&6; }
-   # Check whether --enable-gpg-md5 was given.
-if test "${enable_gpg_md5+set}" = set; then :
-  enableval=$enable_gpg_md5;
-else
-  enableval=yes
-fi
+#
+# Stuff which goes at the bottom of config.h.
+#
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
 
-$as_echo "#define GPG_USE_MD5 1" >>confdefs.h
 
-   fi
 
-# SHA1 is a MUST algorithm
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the RIPE-MD160 hash for gpg" >&5
-$as_echo_n "checking whether to enable the RIPE-MD160 hash for gpg... " >&6; }
-   # Check whether --enable-gpg-rmd160 was given.
-if test "${enable_gpg_rmd160+set}" = set; then :
-  enableval=$enable_gpg_rmd160;
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5
+$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; }
+    # Check whether --enable-maintainer-mode was given.
+if test "${enable_maintainer_mode+set}" = set; then :
+  enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval
 else
-  enableval=yes
+  USE_MAINTAINER_MODE=no
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_RMD160 1" >>confdefs.h
-
-   fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the SHA-224 hash for gpg" >&5
-$as_echo_n "checking whether to enable the SHA-224 hash for gpg... " >&6; }
-   # Check whether --enable-gpg-sha224 was given.
-if test "${enable_gpg_sha224+set}" = set; then :
-  enableval=$enable_gpg_sha224;
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5
+$as_echo "$USE_MAINTAINER_MODE" >&6; }
+   if test $USE_MAINTAINER_MODE = yes; then
+  MAINTAINER_MODE_TRUE=
+  MAINTAINER_MODE_FALSE='#'
 else
-  enableval=yes
+  MAINTAINER_MODE_TRUE='#'
+  MAINTAINER_MODE_FALSE=
 fi
 
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_SHA224 1" >>confdefs.h
-
-   fi
-
-# SHA256 is a MUST algorithm for GnuPG.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the SHA-384 hash for gpg" >&5
-$as_echo_n "checking whether to enable the SHA-384 hash for gpg... " >&6; }
-   # Check whether --enable-gpg-sha384 was given.
-if test "${enable_gpg_sha384+set}" = set; then :
-  enableval=$enable_gpg_sha384;
-else
-  enableval=yes
-fi
-
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_SHA384 1" >>confdefs.h
-
-   fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the SHA-512 hash for gpg" >&5
-$as_echo_n "checking whether to enable the SHA-512 hash for gpg... " >&6; }
-   # Check whether --enable-gpg-sha512 was given.
-if test "${enable_gpg_sha512+set}" = set; then :
-  enableval=$enable_gpg_sha512;
-else
-  enableval=yes
-fi
-
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-   if test x"$enableval" = xyes ; then
-
-$as_echo "#define GPG_USE_SHA512 1" >>confdefs.h
-
-   fi
-
-
-
-# Allow disabling of zip support.
-# This is in general not a good idea because according to rfc4880 OpenPGP
-# implementations SHOULD support ZLIB.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the ZIP and ZLIB compression algorithm" >&5
-$as_echo_n "checking whether to enable the ZIP and ZLIB compression algorithm... " >&6; }
-# Check whether --enable-zip was given.
-if test "${enable_zip+set}" = set; then :
-  enableval=$enable_zip; use_zip=$enableval
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_zip" >&5
-$as_echo "$use_zip" >&6; }
-
-# Allow disabling of bzib2 support.
-# It is defined only after we confirm the library is available later
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the BZIP2 compression algorithm" >&5
-$as_echo_n "checking whether to enable the BZIP2 compression algorithm... " >&6; }
-# Check whether --enable-bzip2 was given.
-if test "${enable_bzip2+set}" = set; then :
-  enableval=$enable_bzip2; use_bzip2=$enableval
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_bzip2" >&5
-$as_echo "$use_bzip2" >&6; }
-
-# Configure option to allow or disallow execution of external
-# programs, like a photo viewer.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable external program execution" >&5
-$as_echo_n "checking whether to enable external program execution... " >&6; }
-# Check whether --enable-exec was given.
-if test "${enable_exec+set}" = set; then :
-  enableval=$enable_exec; use_exec=$enableval
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_exec" >&5
-$as_echo "$use_exec" >&6; }
-if test "$use_exec" = no ; then
-
-$as_echo "#define NO_EXEC 1" >>confdefs.h
-
-fi
-
-if test "$use_exec" = yes ; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable photo ID viewing" >&5
-$as_echo_n "checking whether to enable photo ID viewing... " >&6; }
-  # Check whether --enable-photo-viewers was given.
-if test "${enable_photo_viewers+set}" = set; then :
-  enableval=$enable_photo_viewers; if test "$enableval" = no ; then
-
-$as_echo "#define DISABLE_PHOTO_VIEWER 1" >>confdefs.h
-
-      fi
-else
-  enableval=yes
-fi
-
-  gnupg_cv_enable_photo_viewers=$enableval
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-
-  if test "$gnupg_cv_enable_photo_viewers" = yes ; then
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use a fixed photo ID viewer" >&5
-$as_echo_n "checking whether to use a fixed photo ID viewer... " >&6; }
-
-# Check whether --with-photo-viewer was given.
-if test "${with_photo_viewer+set}" = set; then :
-  withval=$with_photo_viewer; if test "$withval" = yes ; then
-           withval=no
-        elif test "$withval" != no ; then
-
-cat >>confdefs.h <<_ACEOF
-#define FIXED_PHOTO_VIEWER "$withval"
-_ACEOF
-
-        fi
-else
-  withval=no
-fi
-
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-$as_echo "$withval" >&6; }
-  fi
-fi
-
-
-#
-# Check for the key/uid cache size.  This can't be zero, but can be
-# pretty small on embedded systems.  This is used for the gpg part.
-#
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for the size of the key and uid cache" >&5
-$as_echo_n "checking for the size of the key and uid cache... " >&6; }
-# Check whether --enable-key-cache was given.
-if test "${enable_key_cache+set}" = set; then :
-  enableval=$enable_key_cache;
-else
-  enableval=4096
-fi
-
-if test "$enableval" = "no"; then
-   enableval=5
-elif test "$enableval" = "yes" || test "$enableval" = ""; then
-   enableval=4096
-fi
-key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
-if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
-   as_fn_error $? "invalid key-cache size" "$LINENO" 5
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $key_cache_size" >&5
-$as_echo "$key_cache_size" >&6; }
-
-cat >>confdefs.h <<_ACEOF
-#define PK_UID_CACHE_SIZE $key_cache_size
-_ACEOF
-
-
-
-
-#
-# Check whether we want to use Linux capabilities
-#
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether use of capabilities is requested" >&5
-$as_echo_n "checking whether use of capabilities is requested... " >&6; }
-
-# Check whether --with-capabilities was given.
-if test "${with_capabilities+set}" = set; then :
-  withval=$with_capabilities; use_capabilities="$withval"
-else
-  use_capabilities=no
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_capabilities" >&5
-$as_echo "$use_capabilities" >&6; }
-
-#
-# Check whether to disable the card support
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether smartcard support is requested" >&5
-$as_echo_n "checking whether smartcard support is requested... " >&6; }
-# Check whether --enable-card-support was given.
-if test "${enable_card_support+set}" = set; then :
-  enableval=$enable_card_support; card_support=$enableval
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $card_support" >&5
-$as_echo "$card_support" >&6; }
-if test "$card_support" = yes ; then
-
-$as_echo "#define ENABLE_CARD_SUPPORT 1" >>confdefs.h
-
-else
-  build_scdaemon=no
-fi
-
-#
-# Allow disabling of internal CCID support.
-# It is defined only after we confirm the library is available later
-#
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable the internal CCID driver" >&5
-$as_echo_n "checking whether to enable the internal CCID driver... " >&6; }
-# Check whether --enable-ccid-driver was given.
-if test "${enable_ccid_driver+set}" = set; then :
-  enableval=$enable_ccid_driver; use_ccid_driver=$enableval
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_ccid_driver" >&5
-$as_echo "$use_ccid_driver" >&6; }
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to auto start dirmngr" >&5
-$as_echo_n "checking whether to auto start dirmngr... " >&6; }
-# Check whether --enable-dirmngr-auto-start was given.
-if test "${enable_dirmngr_auto_start+set}" = set; then :
-  enableval=$enable_dirmngr_auto_start; dirmngr_auto_start=$enableval
-fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dirmngr_auto_start" >&5
-$as_echo "$dirmngr_auto_start" >&6; }
-if test "$dirmngr_auto_start" = yes ; then
-
-$as_echo "#define USE_DIRMNGR_AUTO_START 1" >>confdefs.h
-
-fi
-
-
-#
-# To avoid double inclusion of config.h which might happen at some
-# places, we add the usual double inclusion protection at the top of
-# config.h.
-#
-
-
-#
-# Stuff which goes at the bottom of config.h.
-#
-
-
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5
-$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; }
-    # Check whether --enable-maintainer-mode was given.
-if test "${enable_maintainer_mode+set}" = set; then :
-  enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval
-else
-  USE_MAINTAINER_MODE=no
-fi
-
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5
-$as_echo "$USE_MAINTAINER_MODE" >&6; }
-   if test $USE_MAINTAINER_MODE = yes; then
-  MAINTAINER_MODE_TRUE=
-  MAINTAINER_MODE_FALSE='#'
-else
-  MAINTAINER_MODE_TRUE='#'
-  MAINTAINER_MODE_FALSE=
-fi
-
-  MAINT=$MAINTAINER_MODE_TRUE
+  MAINT=$MAINTAINER_MODE_TRUE
 
 
 
@@ -6121,45 +5703,6 @@
 
 MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
 
-# Check whether --enable-silent-rules was given.
-if test "${enable_silent_rules+set}" = set; then :
-  enableval=$enable_silent_rules;
-fi
-
-case $enable_silent_rules in # (((
-  yes) AM_DEFAULT_VERBOSITY=0;;
-   no) AM_DEFAULT_VERBOSITY=1;;
-    *) AM_DEFAULT_VERBOSITY=1;;
-esac
-am_make=${MAKE-make}
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
-$as_echo_n "checking whether $am_make supports nested variables... " >&6; }
-if ${am_cv_make_support_nested_variables+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if $as_echo 'TRUE=$(BAR$(V))
-BAR0=false
-BAR1=true
-V=1
-am__doit:
-	@$(TRUE)
-.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then
-  am_cv_make_support_nested_variables=yes
-else
-  am_cv_make_support_nested_variables=no
-fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
-$as_echo "$am_cv_make_support_nested_variables" >&6; }
-if test $am_cv_make_support_nested_variables = yes; then
-    AM_V='$(V)'
-  AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
-else
-  AM_V=$AM_DEFAULT_VERBOSITY
-  AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
-fi
-AM_BACKSLASH='\'
-
 for ac_prog in gawk mawk nawk awk
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
@@ -7440,6 +6983,9 @@
 
 
 
+
+
+
 # Check whether --enable-largefile was given.
 if test "${enable_largefile+set}" = set; then :
   enableval=$enable_largefile;
@@ -7640,9 +7186,31 @@
 
 fi
 
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for faqprog.pl" >&5
+$as_echo_n "checking for faqprog.pl... " >&6; }
+    if faqprog.pl -V 2>/dev/null | grep '^faqprog.pl ' >/dev/null 2>&1; then
+        working_faqprog=yes
+        FAQPROG="faqprog.pl"
+    else
+	working_faqprog=no
+        FAQPROG=": "
+    fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $working_faqprog" >&5
+$as_echo "$working_faqprog" >&6; }
 
+     if test "$working_faqprog" = "yes" ; then
+  WORKING_FAQPROG_TRUE=
+  WORKING_FAQPROG_FALSE='#'
+else
+  WORKING_FAQPROG_TRUE='#'
+  WORKING_FAQPROG_FALSE=
+fi
 
-# Check whether --with-tar was given.
+
+
+
+
+# Check whether --with-tar was given.
 if test "${with_tar+set}" = set; then :
   withval=$with_tar; _do_tar=$withval
 fi
@@ -7728,7 +7296,7 @@
 
 # We need to compile and run a program on the build machine.  A
 # comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
-# the AC archive is broken for autoconf 2.57.  Given that there is no
+# the AC archive is broken for autoconf 2.57.  Given that tehre is no
 # newer version of that macro, we assume that it is also broken for
 # autoconf 2.61 and thus we use a simple but usually sufficient
 # approach.
@@ -7746,15 +7314,9 @@
 
 
 try_gettext=yes
-require_iconv=yes
 have_dosish_system=no
 have_w32_system=no
-have_w32ce_system=no
-have_android_system=no
-run_tests=yes
 use_simple_gettext=no
-use_ldapwrapper=yes
-mmap_needed=yes
 case "${host}" in
     *-mingw32*)
         # special stuff for Windoze NT
@@ -7763,25 +7325,16 @@
 $as_echo "#define USE_ONLY_8DOT3 1" >>confdefs.h
 
 
+$as_echo "#define HAVE_DRIVE_LETTERS 1" >>confdefs.h
+
+
 $as_echo "#define USE_SIMPLE_GETTEXT 1" >>confdefs.h
 
+        disable_keyserver_path=yes
         have_dosish_system=yes
         have_w32_system=yes
-        run_tests=no
-        use_ldapwrapper=no  # Fixme: Do this only for CE.
-        case "${host}" in
-          *-mingw32ce*)
-            have_w32ce_system=yes
-            ;;
-          *)
-
-$as_echo "#define HAVE_DRIVE_LETTERS 1" >>confdefs.h
-
-            ;;
-        esac
         try_gettext="no"
 	use_simple_gettext=yes
-	mmap_needed=no
         ;;
     i?86-emx-os2 | i?86-*-os2*emx )
         # OS/2 with the EMX environment
@@ -7801,6 +7354,12 @@
         try_gettext="no"
         ;;
 
+    *-*-freebsd*)
+       # FreeBSD
+       CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+       LDFLAGS="$LDFLAGS -L/usr/local/lib"
+       ;;
+
     *-*-hpux*)
         if test -z "$GCC" ; then
             CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
@@ -7824,13 +7383,6 @@
         ;;
     m68k-atari-mint)
         ;;
-    *-linux-androideabi)
-        have_android_system=yes
-        # Android is fully utf-8 and we do not want to use iconv to
-        # keeps things simple
-        require_iconv=no
-        run_tests=no
-        ;;
     *)
        ;;
 esac
@@ -7862,11 +7414,6 @@
 
 $as_echo "#define HAVE_W32_SYSTEM 1" >>confdefs.h
 
-   if test "$have_w32ce_system" = yes; then
-
-$as_echo "#define HAVE_W32CE_SYSTEM 1" >>confdefs.h
-
-   fi
 fi
  if test "$have_w32_system" = yes; then
   HAVE_W32_SYSTEM_TRUE=
@@ -7876,42 +7423,39 @@
   HAVE_W32_SYSTEM_FALSE=
 fi
 
- if test "$have_w32ce_system" = yes; then
-  HAVE_W32CE_SYSTEM_TRUE=
-  HAVE_W32CE_SYSTEM_FALSE='#'
-else
-  HAVE_W32CE_SYSTEM_TRUE='#'
-  HAVE_W32CE_SYSTEM_FALSE=
-fi
-
 
-if test "$have_android_system" = yes; then
+if test "$disable_keyserver_path" = yes; then
 
-$as_echo "#define HAVE_ANDROID_SYSTEM 1" >>confdefs.h
+$as_echo "#define DISABLE_KEYSERVER_PATH 1" >>confdefs.h
 
 fi
- if test "$have_android_system" = yes; then
-  HAVE_ANDROID_SYSTEM_TRUE=
-  HAVE_ANDROID_SYSTEM_FALSE='#'
-else
-  HAVE_ANDROID_SYSTEM_TRUE='#'
-  HAVE_ANDROID_SYSTEM_FALSE=
-fi
 
+#
+# Allows enabling the use of a standard socket by default This is
+# gpg-agent's option --[no-]use-standard-socket.  For Windows we force
+# the use of this.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use a standard socket by default" >&5
+$as_echo_n "checking whether to use a standard socket by default... " >&6; }
+# Check whether --enable-standard-socket was given.
+if test "${enable_standard_socket+set}" = set; then :
+  enableval=$enable_standard_socket; use_standard_socket=$enableval
+fi
 
-if test "$run_tests" = yes; then
+tmp=""
+if test "$use_standard_socket" != yes; then
+  if test "$have_w32_system" = yes; then
+    use_standard_socket=yes
+    tmp=" (forced)"
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_standard_socket$tmp" >&5
+$as_echo "$use_standard_socket$tmp" >&6; }
+if test "$use_standard_socket" = yes; then
 
-$as_echo "#define RUN_TESTS 1" >>confdefs.h
+$as_echo "#define USE_STANDARD_SOCKET 1" >>confdefs.h
 
 fi
- if test "$run_tests" = yes; then
-  RUN_TESTS_TRUE=
-  RUN_TESTS_FALSE='#'
-else
-  RUN_TESTS_TRUE='#'
-  RUN_TESTS_FALSE=
-fi
-
 
 
 # (These need to go after AC_PROG_CC so that $EXEEXT is defined)
@@ -7921,6 +7465,17 @@
 _ACEOF
 
 
+if test x"$try_hkp" = xyes ; then
+  GPGKEYS_HKP="gpg2keys_hkp$EXEEXT"
+
+fi
+
+if test x"$try_finger" = xyes ; then
+  GPGKEYS_FINGER="gpg2keys_finger$EXEEXT"
+
+fi
+
+
 
 #
 # Checks for libraries.
@@ -8643,7 +8198,6 @@
 
 #
 # Check wether it is necessary to link against libdl.
-# (For example to load libpcsclite)
 #
 gnupg_dlopen_save_libs="$LIBS"
 LIBS=""
@@ -8707,106 +8261,6 @@
 
 LIBS="$gnupg_dlopen_save_libs"
 
-# Checks for g13
-
-# Extract the first word of "encfs", so it can be a program name with args.
-set dummy encfs; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_ENCFS+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $ENCFS in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_ENCFS="$ENCFS" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_ENCFS="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  test -z "$ac_cv_path_ENCFS" && ac_cv_path_ENCFS="/usr/bin/encfs"
-  ;;
-esac
-fi
-ENCFS=$ac_cv_path_ENCFS
-if test -n "$ENCFS"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ENCFS" >&5
-$as_echo "$ENCFS" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define ENCFS "${ENCFS}"
-_ACEOF
-
-
-# Extract the first word of "fusermount", so it can be a program name with args.
-set dummy fusermount; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_FUSERMOUNT+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $FUSERMOUNT in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_FUSERMOUNT="$FUSERMOUNT" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_FUSERMOUNT="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  test -z "$ac_cv_path_FUSERMOUNT" && ac_cv_path_FUSERMOUNT="/usr/bin/fusermount"
-  ;;
-esac
-fi
-FUSERMOUNT=$ac_cv_path_FUSERMOUNT
-if test -n "$FUSERMOUNT"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FUSERMOUNT" >&5
-$as_echo "$FUSERMOUNT" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define FUSERMOUNT "${FUSERMOUNT}"
-_ACEOF
-
-
-
-# Checks for dirmngr
-
-
 #
 # Checks for symcryptrun:
 #
@@ -8907,30 +8361,32 @@
 
 
 
+
 #
-# Check whether the nPth library is available
+# Check whether the GNU Pth library is available
+# Note, that we include a Pth emulation for W32.
 #
 
-# Check whether --with-npth-prefix was given.
-if test "${with_npth_prefix+set}" = set; then :
-  withval=$with_npth_prefix; npth_config_prefix="$withval"
+# Check whether --with-pth-prefix was given.
+if test "${with_pth_prefix+set}" = set; then :
+  withval=$with_pth_prefix; pth_config_prefix="$withval"
 else
-  npth_config_prefix=""
+  pth_config_prefix=""
 fi
 
-  if test "x$npth_config_prefix" != x ; then
-      NPTH_CONFIG="$npth_config_prefix/bin/npth-config"
+  if test x$pth_config_prefix != x ; then
+     PTH_CONFIG="$pth_config_prefix/bin/pth-config"
   fi
-  # Extract the first word of "npth-config", so it can be a program name with args.
-set dummy npth-config; ac_word=$2
+  # Extract the first word of "pth-config", so it can be a program name with args.
+set dummy pth-config; ac_word=$2
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
 $as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_NPTH_CONFIG+:} false; then :
+if ${ac_cv_path_PTH_CONFIG+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-  case $NPTH_CONFIG in
+  case $PTH_CONFIG in
   [\\/]* | ?:[\\/]*)
-  ac_cv_path_NPTH_CONFIG="$NPTH_CONFIG" # Let the user override the test with a path.
+  ac_cv_path_PTH_CONFIG="$PTH_CONFIG" # Let the user override the test with a path.
   ;;
   *)
   as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -8940,7 +8396,7 @@
   test -z "$as_dir" && as_dir=.
     for ac_exec_ext in '' $ac_executable_extensions; do
   if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_NPTH_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    ac_cv_path_PTH_CONFIG="$as_dir/$ac_word$ac_exec_ext"
     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
@@ -8948,741 +8404,347 @@
   done
 IFS=$as_save_IFS
 
-  test -z "$ac_cv_path_NPTH_CONFIG" && ac_cv_path_NPTH_CONFIG="no"
+  test -z "$ac_cv_path_PTH_CONFIG" && ac_cv_path_PTH_CONFIG="no"
   ;;
 esac
 fi
-NPTH_CONFIG=$ac_cv_path_NPTH_CONFIG
-if test -n "$NPTH_CONFIG"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NPTH_CONFIG" >&5
-$as_echo "$NPTH_CONFIG" >&6; }
+PTH_CONFIG=$ac_cv_path_PTH_CONFIG
+if test -n "$PTH_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTH_CONFIG" >&5
+$as_echo "$PTH_CONFIG" >&6; }
 else
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
 fi
 
 
+  tmp=1.3.7
+  if test "$PTH_CONFIG" != "no"; then
 
-  if test "$NPTH_CONFIG" != "no" ; then
-    npth_version=`$NPTH_CONFIG --version`
-  fi
-  npth_version_major=`echo $npth_version | \
-               sed 's/\([0-9]*\)\.\([0-9]*\).*/\1/'`
-  npth_version_minor=`echo $npth_version | \
-               sed 's/\([0-9]*\)\.\([0-9]*\).*/\2/'`
-
-   tmp="$NEED_NPTH_API:$NEED_NPTH_VERSION"
-  if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
-     req_npth_api=`echo "$tmp"     | sed 's/\(.*\):\(.*\)/\1/'`
-     min_npth_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
-  else
-     req_npth_api=1
-     min_npth_version="$tmp"
-  fi
+    _pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print $3}'`
+    _req_version="$tmp"
 
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NPTH - version >= $min_npth_version" >&5
-$as_echo_n "checking for NPTH - version >= $min_npth_version... " >&6; }
-  ok=no
-  if test "$NPTH_CONFIG" != "no" ; then
-    req_major=`echo $min_npth_version | \
-               sed 's/\([0-9]*\)\.\([0-9]*\)/\1/'`
-    req_minor=`echo $min_npth_version | \
-               sed 's/\([0-9]*\)\.\([0-9]*\)/\2/'`
-    if test "$npth_version_major" -gt "$req_major"; then
-        ok=yes
-    else
-        if test "$npth_version_major" -eq "$req_major"; then
-            if test "$npth_version_minor" -gt "$req_minor"; then
-               ok=yes
-            else
-               if test "$npth_version_minor" -eq "$req_minor"; then
-                  ok=yes
-               fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PTH - version >= $_req_version" >&5
+$as_echo_n "checking for PTH - version >= $_req_version... " >&6; }
+    for _var in _pth_version _req_version; do
+        eval "_val=\"\$${_var}\""
+        _major=`echo $_val | sed 's/\([0-9]*\)\.\([0-9]*\)\([ab.]\)\([0-9]*\)/\1/'`
+        _minor=`echo $_val | sed 's/\([0-9]*\)\.\([0-9]*\)\([ab.]\)\([0-9]*\)/\2/'`
+        _rtype=`echo $_val | sed 's/\([0-9]*\)\.\([0-9]*\)\([ab.]\)\([0-9]*\)/\3/'`
+        _micro=`echo $_val | sed 's/\([0-9]*\)\.\([0-9]*\)\([ab.]\)\([0-9]*\)/\4/'`
+        case $_rtype in
+            "a" ) _rtype=0 ;;
+            "b" ) _rtype=1 ;;
+            "." ) _rtype=2 ;;
+        esac
+        _hex=`echo dummy | awk '{ printf("%d%02d%1d%02d", major, minor, rtype, micro); }' \
+              "major=$_major" "minor=$_minor" "rtype=$_rtype" "micro=$_micro"`
+        eval "${_var}_hex=\"\$_hex\""
+    done
+    have_pth=no
+    if test ".$_pth_version_hex" != .; then
+        if test ".$_req_version_hex" != .; then
+            if test $_pth_version_hex -ge $_req_version_hex; then
+                have_pth=yes
             fi
         fi
     fi
-  fi
-  if test $ok = yes; then
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($npth_version)" >&5
-$as_echo "yes ($npth_version)" >&6; }
-  else
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+    if test $have_pth = yes; then
+       { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+       { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether PTH installation is sane" >&5
+$as_echo_n "checking whether PTH installation is sane... " >&6; }
+       if ${gnupg_cv_pth_is_sane+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+
+         _gnupg_pth_save_cflags=$CFLAGS
+         _gnupg_pth_save_ldflags=$LDFLAGS
+         _gnupg_pth_save_libs=$LIBS
+         CFLAGS="$CFLAGS `$PTH_CONFIG --cflags`"
+         LDFLAGS="$LDFLAGS `$PTH_CONFIG --ldflags`"
+         LIBS="$LIBS `$PTH_CONFIG --libs --all`"
+         cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+
+int
+main ()
+{
+ pth_init ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  gnupg_cv_pth_is_sane=yes
+else
+  gnupg_cv_pth_is_sane=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+         CFLAGS=$_gnupg_pth_save_cflags
+         LDFLAGS=$_gnupg_pth_save_ldflags
+         LIBS=$_gnupg_pth_save_libs
+
+fi
+
+       if test $gnupg_cv_pth_is_sane != yes; then
+          have_pth=no
+       fi
+       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_pth_is_sane" >&5
+$as_echo "$gnupg_cv_pth_is_sane" >&6; }
+    else
+       { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
-  fi
-  if test $ok = yes; then
-     # If we have a recent NPTH, we should also check that the
-     # API is compatible.
-     if test "$req_npth_api" -gt 0 ; then
-        tmp=`$NPTH_CONFIG --api-version 2>/dev/null || echo 0`
-        if test "$tmp" -gt 0 ; then
-           { $as_echo "$as_me:${as_lineno-$LINENO}: checking NPTH API version" >&5
-$as_echo_n "checking NPTH API version... " >&6; }
-           if test "$req_npth_api" -eq "$tmp" ; then
-             { $as_echo "$as_me:${as_lineno-$LINENO}: result: okay" >&5
-$as_echo "okay" >&6; }
-           else
-             ok=no
-             { $as_echo "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_npth_api got=$tmp" >&5
-$as_echo "does not match. want=$req_npth_api got=$tmp" >&6; }
-           fi
-        fi
-     fi
-  fi
-  if test $ok = yes; then
-    NPTH_CFLAGS=`$NPTH_CONFIG --cflags`
-    NPTH_LIBS=`$NPTH_CONFIG --libs`
-    have_npth=yes
-    npth_config_host=`$NPTH_CONFIG --host 2>/dev/null || echo none`
-    if test x"$npth_config_host" != xnone ; then
-      if test x"$npth_config_host" != x"$host" ; then
-        { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
-***
-*** The config script $NPTH_CONFIG was
-*** built for $npth_config_host and thus may not match the
-*** used host $host.
-*** You may want to use the configure option --with-npth-prefix
-*** to specify a matching config script.
-***" >&5
-$as_echo "$as_me: WARNING:
-***
-*** The config script $NPTH_CONFIG was
-*** built for $npth_config_host and thus may not match the
-*** used host $host.
-*** You may want to use the configure option --with-npth-prefix
-*** to specify a matching config script.
-***" >&2;}
-      fi
     fi
-  else
-    NPTH_CFLAGS=""
-    NPTH_LIBS=""
-    have_npth=no
-  fi
 
+    if test $have_pth = yes; then
+       PTH_CFLAGS=`$PTH_CONFIG --cflags`
+       PTH_LIBS=`$PTH_CONFIG --ldflags`
+       PTH_LIBS="$PTH_LIBS `$PTH_CONFIG --libs --all`"
 
+$as_echo "#define HAVE_PTH 1" >>confdefs.h
+
+    fi
+  fi
 
-if test "$have_npth" = "yes"; then
 
-$as_echo "#define HAVE_NPTH 1" >>confdefs.h
 
+if test "$have_pth" = "yes"; then
 
-$as_echo "#define USE_NPTH 1" >>confdefs.h
+$as_echo "#define USE_GNU_PTH 1" >>confdefs.h
 
 else
   { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
 ***
-*** To support concurrent access for example in gpg-agent and the SCdaemon
-*** we need the support of the New Portable Threads Library.
+*** To support concurrent access to the gpg-agent and the SCdaemon
+*** we need the support of the GNU Portable Threads Library.
+*** Download it from ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you might want to try
+***   apt-get install libpth-dev
 ***" >&5
 $as_echo "$as_me: WARNING:
 ***
-*** To support concurrent access for example in gpg-agent and the SCdaemon
-*** we need the support of the New Portable Threads Library.
+*** To support concurrent access to the gpg-agent and the SCdaemon
+*** we need the support of the GNU Portable Threads Library.
+*** Download it from ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you might want to try
+***   apt-get install libpth-dev
 ***" >&2;}
 fi
 
 
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for networking options" >&5
+$as_echo "$as_me: checking for networking options" >&6;}
+
 #
-# NTBTLS is our TLS library.  If it is not available fallback to
-# GNUTLS.
+# Must check for network library requirements before doing link tests
+# for ldap, for example. If ldap libs are static (or dynamic and without
+# ELF runtime link paths), then link will fail and LDAP support won't
+# be detected.
 #
-# Check whether --enable-ntbtls was given.
-if test "${enable_ntbtls+set}" = set; then :
-  enableval=$enable_ntbtls; try_ntbtls=$enableval
+ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname"
+if test "x$ac_cv_func_gethostbyname" = xyes; then :
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5
+$as_echo_n "checking for gethostbyname in -lnsl... " >&6; }
+if ${ac_cv_lib_nsl_gethostbyname+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gethostbyname ();
+int
+main ()
+{
+return gethostbyname ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_nsl_gethostbyname=yes
 else
-  try_ntbtls=yes
+  ac_cv_lib_nsl_gethostbyname=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5
+$as_echo "$ac_cv_lib_nsl_gethostbyname" >&6; }
+if test "x$ac_cv_lib_nsl_gethostbyname" = xyes; then :
+  NETLIBS="-lnsl $NETLIBS"
 fi
 
-if test x"$try_ntbtls" = xyes ; then
+fi
 
+ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt"
+if test "x$ac_cv_func_setsockopt" = xyes; then :
 
-# Check whether --with-ntbtls-prefix was given.
-if test "${with_ntbtls_prefix+set}" = set; then :
-  withval=$with_ntbtls_prefix; ntbtls_config_prefix="$withval"
 else
-  ntbtls_config_prefix=""
-fi
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5
+$as_echo_n "checking for setsockopt in -lsocket... " >&6; }
+if ${ac_cv_lib_socket_setsockopt+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
 
-  if test x"${NTBTLS_CONFIG}" = x ; then
-     if test x"${ntbtls_config_prefix}" != x ; then
-        NTBTLS_CONFIG="${ntbtls_config_prefix}/bin/ntbtls-config"
-     else
-       case "${SYSROOT}" in
-         /*)
-           if test -x "${SYSROOT}/bin/ntbtls-config" ; then
-             NTBTLS_CONFIG="${SYSROOT}/bin/ntbtls-config"
-           fi
-           ;;
-         '')
-           ;;
-          *)
-           { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&5
-$as_echo "$as_me: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&2;}
-           ;;
-       esac
-     fi
-  fi
-
-  # Extract the first word of "ntbtls-config", so it can be a program name with args.
-set dummy ntbtls-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_NTBTLS_CONFIG+:} false; then :
-  $as_echo_n "(cached) " >&6
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setsockopt ();
+int
+main ()
+{
+return setsockopt ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_socket_setsockopt=yes
 else
-  case $NTBTLS_CONFIG in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_NTBTLS_CONFIG="$NTBTLS_CONFIG" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_NTBTLS_CONFIG="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  test -z "$ac_cv_path_NTBTLS_CONFIG" && ac_cv_path_NTBTLS_CONFIG="no"
-  ;;
-esac
+  ac_cv_lib_socket_setsockopt=no
 fi
-NTBTLS_CONFIG=$ac_cv_path_NTBTLS_CONFIG
-if test -n "$NTBTLS_CONFIG"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NTBTLS_CONFIG" >&5
-$as_echo "$NTBTLS_CONFIG" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5
+$as_echo "$ac_cv_lib_socket_setsockopt" >&6; }
+if test "x$ac_cv_lib_socket_setsockopt" = xyes; then :
+  NETLIBS="-lsocket $NETLIBS"
 fi
 
+fi
 
-  tmp="$NEED_NTBTLS_API:$NEED_NTBTLS_VERSION"
-  if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
-     req_ntbtls_api=`echo "$tmp"     | sed 's/\(.*\):\(.*\)/\1/'`
-     min_ntbtls_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
-  else
-     req_ntbtls_api=0
-     min_ntbtls_version="$tmp"
-  fi
-
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NTBTLS - version >= $min_ntbtls_version" >&5
-$as_echo_n "checking for NTBTLS - version >= $min_ntbtls_version... " >&6; }
-  ok=no
-  if test "$NTBTLS_CONFIG" != "no" ; then
-    req_major=`echo $min_ntbtls_version | \
-               sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'`
-    req_minor=`echo $min_ntbtls_version | \
-               sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'`
-    req_micro=`echo $min_ntbtls_version | \
-               sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'`
-    ntbtls_config_version=`$NTBTLS_CONFIG --version`
-    major=`echo $ntbtls_config_version | \
-               sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'`
-    minor=`echo $ntbtls_config_version | \
-               sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'`
-    micro=`echo $ntbtls_config_version | \
-               sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'`
-    if test "$major" -gt "$req_major"; then
-        ok=yes
-    else
-        if test "$major" -eq "$req_major"; then
-            if test "$minor" -gt "$req_minor"; then
-               ok=yes
-            else
-               if test "$minor" -eq "$req_minor"; then
-                   if test "$micro" -ge "$req_micro"; then
-                     ok=yes
-                   fi
-               fi
-            fi
-        fi
-    fi
-  fi
-  if test $ok = yes; then
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($ntbtls_config_version)" >&5
-$as_echo "yes ($ntbtls_config_version)" >&6; }
-  else
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-  fi
-  if test $ok = yes; then
-     # If we have a recent ntbtls, we should also check that the
-     # API is compatible
-     if test "$req_ntbtls_api" -gt 0 ; then
-        tmp=`$NTBTLS_CONFIG --api-version 2>/dev/null || echo 0`
-        if test "$tmp" -gt 0 ; then
-           { $as_echo "$as_me:${as_lineno-$LINENO}: checking NTBTLS API version" >&5
-$as_echo_n "checking NTBTLS API version... " >&6; }
-           if test "$req_ntbtls_api" -eq "$tmp" ; then
-             { $as_echo "$as_me:${as_lineno-$LINENO}: result: okay" >&5
-$as_echo "okay" >&6; }
-           else
-             ok=no
-             { $as_echo "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_ntbtls_api got=$tmp" >&5
-$as_echo "does not match. want=$req_ntbtls_api got=$tmp" >&6; }
-           fi
-        fi
-     fi
-  fi
-  if test $ok = yes; then
-    NTBTLS_CFLAGS=`$NTBTLS_CONFIG --cflags`
-    NTBTLS_LIBS=`$NTBTLS_CONFIG --libs`
-    have_ntbtls=yes
-    ntbtls_config_host=`$NTBTLS_CONFIG --host 2>/dev/null || echo none`
-    if test x"$ntbtls_config_host" != xnone ; then
-      if test x"$ntbtls_config_host" != x"$host" ; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
-***
-*** The config script $NTBTLS_CONFIG was
-*** built for $ntbtls_config_host and thus may not match the
-*** used host $host.
-*** You may want to use the configure option --with-ntbtls-prefix
-*** to specify a matching config script or use \$SYSROOT.
-***" >&5
-$as_echo "$as_me: WARNING:
-***
-*** The config script $NTBTLS_CONFIG was
-*** built for $ntbtls_config_host and thus may not match the
-*** used host $host.
-*** You may want to use the configure option --with-ntbtls-prefix
-*** to specify a matching config script or use \$SYSROOT.
-***" >&2;}
-        gpg_config_script_warn="$gpg_config_script_warn ntbtls"
-      fi
-    fi
-  else
-    NTBTLS_CFLAGS=""
-    NTBTLS_LIBS=""
-    have_ntbtls=no
-  fi
 
 
+#
+# Check for ADNS.
+#
+_cppflags="${CPPFLAGS}"
+_ldflags="${LDFLAGS}"
 
+# Check whether --with-adns was given.
+if test "${with_adns+set}" = set; then :
+  withval=$with_adns; if test -d "$withval"; then
+               CPPFLAGS="${CPPFLAGS} -I$withval/include"
+               LDFLAGS="${LDFLAGS} -L$withval/lib"
+             fi
 fi
-if test "$have_ntbtls" = yes ; then
-   use_tls_library=ntbtls
 
-$as_echo "#define HTTP_USE_NTBTLS 1" >>confdefs.h
+if test "$with_adns" != "no"; then
+  for ac_header in adns.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "adns.h" "ac_cv_header_adns_h" "$ac_includes_default"
+if test "x$ac_cv_header_adns_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_ADNS_H 1
+_ACEOF
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for adns_init in -ladns" >&5
+$as_echo_n "checking for adns_init in -ladns... " >&6; }
+if ${ac_cv_lib_adns_adns_init+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ladns  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
 
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char adns_init ();
+int
+main ()
+{
+return adns_init ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_adns_adns_init=yes
 else
-  # Check whether --enable-gnutls was given.
-if test "${enable_gnutls+set}" = set; then :
-  enableval=$enable_gnutls; try_gnutls=$enableval
+  ac_cv_lib_adns_adns_init=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_adns_adns_init" >&5
+$as_echo "$ac_cv_lib_adns_adns_init" >&6; }
+if test "x$ac_cv_lib_adns_adns_init" = xyes; then :
+  have_adns=yes
 else
-  try_gnutls=yes
+  CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
 fi
 
-  if test x"$try_gnutls" = xyes ; then
-
-
-
-
-
-
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
-	if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
-set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PKG_CONFIG+:} false; then :
-  $as_echo_n "(cached) " >&6
 else
-  case $PKG_CONFIG in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
+  CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
+fi
+
 done
-  done
-IFS=$as_save_IFS
 
-  ;;
-esac
 fi
-PKG_CONFIG=$ac_cv_path_PKG_CONFIG
-if test -n "$PKG_CONFIG"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-$as_echo "$PKG_CONFIG" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+if test "$have_adns" = "yes"; then
+  ADNSLIBS="-ladns"
 fi
 
+# Newer adns versions feature a free function to be used under W32.
+for ac_func in adns_free
+do :
+  ac_fn_c_check_func "$LINENO" "adns_free" "ac_cv_func_adns_free"
+if test "x$ac_cv_func_adns_free" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_ADNS_FREE 1
+_ACEOF
 
 fi
-if test -z "$ac_cv_path_PKG_CONFIG"; then
-  ac_pt_PKG_CONFIG=$PKG_CONFIG
-  # Extract the first word of "pkg-config", so it can be a program name with args.
-set dummy pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $ac_pt_PKG_CONFIG in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
 done
-  done
-IFS=$as_save_IFS
 
-  ;;
-esac
-fi
-ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
-if test -n "$ac_pt_PKG_CONFIG"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-$as_echo "$ac_pt_PKG_CONFIG" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
 
-  if test "x$ac_pt_PKG_CONFIG" = x; then
-    PKG_CONFIG=""
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
-    PKG_CONFIG=$ac_pt_PKG_CONFIG
-  fi
+
+#
+# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
+#
+if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
+  # Check whether --enable-dns-srv was given.
+if test "${enable_dns_srv+set}" = set; then :
+  enableval=$enable_dns_srv; use_dns_srv=$enableval
 else
-  PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+  use_dns_srv=yes
 fi
 
 fi
-if test -n "$PKG_CONFIG"; then
-	_pkg_min_version=0.9.0
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
-$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
-	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
-		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-	else
-		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-		PKG_CONFIG=""
-	fi
-fi
 
-pkg_failed=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBGNUTLS" >&5
-$as_echo_n "checking for LIBGNUTLS... " >&6; }
-
-if test -n "$LIBGNUTLS_CFLAGS"; then
-    pkg_cv_LIBGNUTLS_CFLAGS="$LIBGNUTLS_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
-    if test -n "$PKG_CONFIG" && \
-    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gnutls >= \$NEED_GNUTLS_VERSION\""; } >&5
-  ($PKG_CONFIG --exists --print-errors "gnutls >= $NEED_GNUTLS_VERSION") 2>&5
-  ac_status=$?
-  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; }; then
-  pkg_cv_LIBGNUTLS_CFLAGS=`$PKG_CONFIG --cflags "gnutls >= $NEED_GNUTLS_VERSION" 2>/dev/null`
-		      test "x$?" != "x0" && pkg_failed=yes
-else
-  pkg_failed=yes
-fi
- else
-    pkg_failed=untried
-fi
-if test -n "$LIBGNUTLS_LIBS"; then
-    pkg_cv_LIBGNUTLS_LIBS="$LIBGNUTLS_LIBS"
- elif test -n "$PKG_CONFIG"; then
-    if test -n "$PKG_CONFIG" && \
-    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gnutls >= \$NEED_GNUTLS_VERSION\""; } >&5
-  ($PKG_CONFIG --exists --print-errors "gnutls >= $NEED_GNUTLS_VERSION") 2>&5
-  ac_status=$?
-  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; }; then
-  pkg_cv_LIBGNUTLS_LIBS=`$PKG_CONFIG --libs "gnutls >= $NEED_GNUTLS_VERSION" 2>/dev/null`
-		      test "x$?" != "x0" && pkg_failed=yes
+# Check whether --enable-dns-pka was given.
+if test "${enable_dns_pka+set}" = set; then :
+  enableval=$enable_dns_pka; use_dns_pka=$enableval
 else
-  pkg_failed=yes
-fi
- else
-    pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
-   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
-        _pkg_short_errors_supported=yes
-else
-        _pkg_short_errors_supported=no
-fi
-        if test $_pkg_short_errors_supported = yes; then
-	        LIBGNUTLS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "gnutls >= $NEED_GNUTLS_VERSION" 2>&1`
-        else
-	        LIBGNUTLS_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "gnutls >= $NEED_GNUTLS_VERSION" 2>&1`
-        fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$LIBGNUTLS_PKG_ERRORS" >&5
-
-	have_gnutls=no
-elif test $pkg_failed = untried; then
-     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-	have_gnutls=no
-else
-	LIBGNUTLS_CFLAGS=$pkg_cv_LIBGNUTLS_CFLAGS
-	LIBGNUTLS_LIBS=$pkg_cv_LIBGNUTLS_LIBS
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-	have_gnutls=yes
-fi
-  fi
-  if test "$have_gnutls" = "yes"; then
-
-
-    use_tls_library=gnutls
-
-$as_echo "#define HTTP_USE_GNUTLS 1" >>confdefs.h
-
-  else
-    tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
-    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
-***
-*** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
-***
-*** $tmp" >&5
-$as_echo "$as_me: WARNING:
-***
-*** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
-***
-*** $tmp" >&2;}
-  fi
-fi
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for networking options" >&5
-$as_echo "$as_me: checking for networking options" >&6;}
-
-#
-# Must check for network library requirements before doing link tests
-# for ldap, for example. If ldap libs are static (or dynamic and without
-# ELF runtime link paths), then link will fail and LDAP support won't
-# be detected.
-#
-ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname"
-if test "x$ac_cv_func_gethostbyname" = xyes; then :
-
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5
-$as_echo_n "checking for gethostbyname in -lnsl... " >&6; }
-if ${ac_cv_lib_nsl_gethostbyname+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lnsl  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char gethostbyname ();
-int
-main ()
-{
-return gethostbyname ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_nsl_gethostbyname=yes
-else
-  ac_cv_lib_nsl_gethostbyname=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5
-$as_echo "$ac_cv_lib_nsl_gethostbyname" >&6; }
-if test "x$ac_cv_lib_nsl_gethostbyname" = xyes; then :
-  NETLIBS="-lnsl $NETLIBS"
-fi
-
-fi
-
-ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt"
-if test "x$ac_cv_func_setsockopt" = xyes; then :
-
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5
-$as_echo_n "checking for setsockopt in -lsocket... " >&6; }
-if ${ac_cv_lib_socket_setsockopt+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsocket  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char setsockopt ();
-int
-main ()
-{
-return setsockopt ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_socket_setsockopt=yes
-else
-  ac_cv_lib_socket_setsockopt=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5
-$as_echo "$ac_cv_lib_socket_setsockopt" >&6; }
-if test "x$ac_cv_lib_socket_setsockopt" = xyes; then :
-  NETLIBS="-lsocket $NETLIBS"
-fi
-
-fi
-
-
-
-#
-# Check for ADNS.
-#
-_cppflags="${CPPFLAGS}"
-_ldflags="${LDFLAGS}"
-
-# Check whether --with-adns was given.
-if test "${with_adns+set}" = set; then :
-  withval=$with_adns; if test -d "$withval"; then
-               CPPFLAGS="${CPPFLAGS} -I$withval/include"
-               LDFLAGS="${LDFLAGS} -L$withval/lib"
-             fi
-fi
-
-if test "$with_adns" != "no"; then
-  for ac_header in adns.h
-do :
-  ac_fn_c_check_header_mongrel "$LINENO" "adns.h" "ac_cv_header_adns_h" "$ac_includes_default"
-if test "x$ac_cv_header_adns_h" = xyes; then :
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_ADNS_H 1
-_ACEOF
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for adns_free in -ladns" >&5
-$as_echo_n "checking for adns_free in -ladns... " >&6; }
-if ${ac_cv_lib_adns_adns_free+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ladns  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char adns_free ();
-int
-main ()
-{
-return adns_free ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_adns_adns_free=yes
-else
-  ac_cv_lib_adns_adns_free=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_adns_adns_free" >&5
-$as_echo "$ac_cv_lib_adns_adns_free" >&6; }
-if test "x$ac_cv_lib_adns_adns_free" = xyes; then :
-  have_adns=yes
-else
-  CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
-fi
-
-else
-  CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
-fi
-
-done
-
-fi
-if test "$have_adns" = "yes"; then
-  ADNSLIBS="-ladns"
-fi
-
-
-#
-# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
-#
-# Check whether --enable-dns-srv was given.
-if test "${enable_dns_srv+set}" = set; then :
-  enableval=$enable_dns_srv; use_dns_srv=$enableval
-else
-  use_dns_srv=yes
+  use_dns_pka=yes
 fi
 
 
@@ -9694,7 +8756,8 @@
 fi
 
 
-if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
+if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
+   || test x"$use_dns_cert" = xyes; then
   _dns_save_libs=$LIBS
   LIBS=""
   # the double underscore thing is a glibc-ism?
@@ -10125,6 +9188,12 @@
 
      fi
 
+     if test x"$use_dns_pka" = xyes ; then
+
+$as_echo "#define USE_DNS_PKA 1" >>confdefs.h
+
+     fi
+
      if test x"$use_dns_cert" = xyes ; then
 
 $as_echo "#define USE_DNS_CERT 1" >>confdefs.h
@@ -10150,6 +9219,11 @@
 
         fi
 
+        if test x"$use_dns_pka" = xyes ; then
+           $as_echo "#define USE_DNS_PKA 1" >>confdefs.h
+
+        fi
+
         if test x"$use_dns_cert" = xyes ; then
 
 $as_echo "#define USE_DNS_CERT 1" >>confdefs.h
@@ -10157,6 +9231,7 @@
         fi
      else
         use_dns_srv=no
+        use_dns_pka=no
         use_dns_cert=no
      fi
   fi
@@ -10179,24 +9254,14 @@
 #
 # Check for LDAP
 #
-# Note that running the check changes the variable
-# gnupg_have_ldap from "n/a" to "no" or "yes".
-
-# Check whether --enable-ldap was given.
-if test "${enable_ldap+set}" = set; then :
-  enableval=$enable_ldap; if test "$enableval" = "no"; then gnupg_have_ldap=no; fi
-fi
-
-
-if test "$gnupg_have_ldap" != "no" ; then
-  if test "$build_dirmngr" = "yes" ; then
+if test "$try_ldap" = yes ; then
 
 # Try and link a LDAP test program to weed out unusable LDAP
 # libraries.  -lldap [-llber [-lresolv]] is for older OpenLDAPs.
 # OpenLDAP, circa 1999, was terrible with creating weird dependencies.
 # If all else fails, the user can play guess-the-dependency by using
 # something like ./configure LDAPLIBS="-Lfoo -lbar"
-gnupg_have_ldap=no
+
 
 # Check whether --with-ldap was given.
 if test "${with_ldap+set}" = set; then :
@@ -10286,7 +9351,6 @@
         test "$gnupg_cv_func_ldaplber_init" = yes ; then
        LDAPLIBS="$LDAP_LDFLAGS $MY_LDAPLIBS"
        GPGKEYS_LDAP="gpg2keys_ldap$EXEEXT"
-       gnupg_have_ldap=yes
 
        for ac_func in ldap_get_option ldap_set_option
 do :
@@ -10360,99 +9424,378 @@
   LDFLAGS=$_ldap_save_ldflags
 fi
 
-     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ber_free in -llber" >&5
-$as_echo_n "checking for ber_free in -llber... " >&6; }
-if ${ac_cv_lib_lber_ber_free+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-llber  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char ber_free ();
-int
-main ()
-{
-return ber_free ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_lber_ber_free=yes
-else
-  ac_cv_lib_lber_ber_free=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lber_ber_free" >&5
-$as_echo "$ac_cv_lib_lber_ber_free" >&6; }
-if test "x$ac_cv_lib_lber_ber_free" = xyes; then :
-   LBER_LIBS="$LBER_LIBS -llber"
 
-$as_echo "#define HAVE_LBER 1" >>confdefs.h
+#
+# Check for curl.  We fake the curl API if libcurl isn't installed.
+# We require 7.10 or later as we use curl_version_info().
+#
 
-                    have_lber=yes
 
-fi
 
-  fi
-fi
 
-if test "$gnupg_have_ldap" = "no"; then
-    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
-***
-*** Building without LDAP support.
-*** No CRL access or X.509 certificate search available.
-***" >&5
-$as_echo "$as_me: WARNING:
-***
-*** Building without LDAP support.
-*** No CRL access or X.509 certificate search available.
-***" >&2;}
-fi
 
- if test "$gnupg_have_ldap" = yes; then
-  USE_LDAP_TRUE=
-  USE_LDAP_FALSE='#'
-else
-  USE_LDAP_TRUE='#'
-  USE_LDAP_FALSE=
-fi
 
-if test "$gnupg_have_ldap" = yes ; then
 
-$as_echo "#define USE_LDAP 1" >>confdefs.h
 
-else
- use_ldapwrapper=no
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-libcurl was given.
+if test "${with_libcurl+set}" = set; then :
+  withval=$with_libcurl; _libcurl_with=$withval
+else
+  _libcurl_with=yes
+fi
+
+
+  if test "$_libcurl_with" != "no" ; then
+
+     for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AWK+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_AWK="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$AWK" && break
+done
+
+
+     _libcurl_version_parse="eval $AWK '{split(\$NF,A,\".\"); X=256*256*A[1]+256*A[2]+A[3]; print X;}'"
+     # More recent versions of curl-config have a direct --vernum
+     # option, but we'd like this code to work with older versions as
+     # well, so just convert --version.
+     _libcurl_vernum_parse="eval $AWK '{printf \"0x%06X\",\$NF}'"
+
+     _libcurl_try_link=yes
+
+     if test -d "$_libcurl_with" ; then
+        LIBCURL_CPPFLAGS="-I$withval/include"
+        _libcurl_ldflags="-L$withval/lib"
+        if test -x "$withval/bin/curl-config" ; then
+          _libcurl_config="$withval/bin/curl-config"
+        else
+          _libcurl_config=
+        fi
+     else
+	# Extract the first word of "curl-config", so it can be a program name with args.
+set dummy curl-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path__libcurl_config+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $_libcurl_config in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path__libcurl_config="$_libcurl_config" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path__libcurl_config="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+_libcurl_config=$ac_cv_path__libcurl_config
+if test -n "$_libcurl_config"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_libcurl_config" >&5
+$as_echo "$_libcurl_config" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+     fi
+
+     if test x$_libcurl_config != "x" ; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the version of libcurl" >&5
+$as_echo_n "checking for the version of libcurl... " >&6; }
+if ${libcurl_cv_lib_curl_version+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  libcurl_cv_lib_curl_version=`$_libcurl_config --version | $AWK '{print $2}'`
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libcurl_cv_lib_curl_version" >&5
+$as_echo "$libcurl_cv_lib_curl_version" >&6; }
+
+	_libcurl_version=`echo $libcurl_cv_lib_curl_version | $_libcurl_version_parse`
+	_libcurl_wanted=`echo 7.10 | $_libcurl_version_parse`
+
+        if test $_libcurl_wanted -gt 0 ; then
+	   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libcurl >= version 7.10" >&5
+$as_echo_n "checking for libcurl >= version 7.10... " >&6; }
+if ${libcurl_cv_lib_version_ok+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+
+   	      if test $_libcurl_version -ge $_libcurl_wanted ; then
+	         libcurl_cv_lib_version_ok=yes
+      	      else
+	         libcurl_cv_lib_version_ok=no
+  	      fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libcurl_cv_lib_version_ok" >&5
+$as_echo "$libcurl_cv_lib_version_ok" >&6; }
+        fi
+
+	if test $_libcurl_wanted -eq 0 || test x$libcurl_cv_lib_version_ok = xyes ; then
+           if test x"$LIBCURL_CPPFLAGS" = "x" ; then
+              LIBCURL_CPPFLAGS=`$_libcurl_config --cflags`
+           fi
+           if test x"$LIBCURL" = "x" ; then
+              LIBCURL=`$_libcurl_config --libs`
+
+              # This is so silly, but Apple actually has a bug in their
+	      # curl-config script.  Fixed in Tiger, but there are still
+	      # lots of Panther installs around.
+              case "${host}" in
+                 powerpc-apple-darwin7*)
+                    LIBCURL=`echo $LIBCURL | sed -e 's|-arch i386||g'`
+                 ;;
+              esac
+           fi
+
+	   # All curl-config scripts support --feature
+	   _libcurl_features=`$_libcurl_config --feature`
+
+           # Is it modern enough to have --protocols? (7.12.4)
+	   if test $_libcurl_version -ge 461828 ; then
+              _libcurl_protocols=`$_libcurl_config --protocols`
+           fi
+	else
+           _libcurl_try_link=no
+	fi
+
+	unset _libcurl_wanted
+     fi
+
+     if test $_libcurl_try_link = yes ; then
+
+        # we didn't find curl-config, so let's see if the user-supplied
+        # link line (or failing that, "-lcurl") is enough.
+        LIBCURL=${LIBCURL-"$_libcurl_ldflags -lcurl"}
+
+        { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether libcurl is usable" >&5
+$as_echo_n "checking whether libcurl is usable... " >&6; }
+if ${libcurl_cv_lib_curl_usable+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+
+           _libcurl_save_cppflags=$CPPFLAGS
+           CPPFLAGS="$LIBCURL_CPPFLAGS $CPPFLAGS"
+           _libcurl_save_libs=$LIBS
+           LIBS="$LIBCURL $LIBS"
+
+           cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+int
+main ()
+{
+
+/* Try and use a few common options to force a failure if we are
+   missing symbols or cannot link. */
+int x;
+curl_easy_setopt(NULL,CURLOPT_URL,NULL);
+x=CURL_ERROR_SIZE;
+x=CURLOPT_WRITEFUNCTION;
+x=CURLOPT_FILE;
+x=CURLOPT_ERRORBUFFER;
+x=CURLOPT_STDERR;
+x=CURLOPT_VERBOSE;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  libcurl_cv_lib_curl_usable=yes
+else
+  libcurl_cv_lib_curl_usable=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+
+           CPPFLAGS=$_libcurl_save_cppflags
+           LIBS=$_libcurl_save_libs
+           unset _libcurl_save_cppflags
+           unset _libcurl_save_libs
+
 fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libcurl_cv_lib_curl_usable" >&5
+$as_echo "$libcurl_cv_lib_curl_usable" >&6; }
+
+        if test $libcurl_cv_lib_curl_usable = yes ; then
+
+	   # Does curl_free() exist in this version of libcurl?
+	   # If not, fake it with free()
 
-if test "$use_ldapwrapper" = yes; then
+           _libcurl_save_cppflags=$CPPFLAGS
+           CPPFLAGS="$CPPFLAGS $LIBCURL_CPPFLAGS"
+           _libcurl_save_libs=$LIBS
+           LIBS="$LIBS $LIBCURL"
 
-$as_echo "#define USE_LDAPWRAPPER 1" >>confdefs.h
+           ac_fn_c_check_func "$LINENO" "curl_free" "ac_cv_func_curl_free"
+if test "x$ac_cv_func_curl_free" = xyes; then :
+
+else
+
+$as_echo "#define curl_free free" >>confdefs.h
 
 fi
- if test "$use_ldapwrapper" = yes; then
-  USE_LDAPWRAPPER_TRUE=
-  USE_LDAPWRAPPER_FALSE='#'
+
+
+           CPPFLAGS=$_libcurl_save_cppflags
+           LIBS=$_libcurl_save_libs
+           unset _libcurl_save_cppflags
+           unset _libcurl_save_libs
+
+
+$as_echo "#define HAVE_LIBCURL 1" >>confdefs.h
+
+
+
+
+	   _libcurl_vernum=`echo $_libcurl_version | $_libcurl_vernum_parse`
+
+
+cat >>confdefs.h <<_ACEOF
+#define LIBCURL_VERNUM $_libcurl_vernum
+_ACEOF
+
+
+           for _libcurl_feature in $_libcurl_features ; do
+	      cat >>confdefs.h <<_ACEOF
+#define `$as_echo "libcurl_feature_$_libcurl_feature" | $as_tr_cpp` 1
+_ACEOF
+
+	      eval `$as_echo "libcurl_feature_$_libcurl_feature" | $as_tr_sh`=yes
+           done
+
+	   if test "x$_libcurl_protocols" = "x" ; then
+
+	      # We don't have --protocols, so just assume that all
+	      # protocols are available
+	      _libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT"
+
+	      if test x$libcurl_feature_SSL = xyes ; then
+	         _libcurl_protocols="$_libcurl_protocols HTTPS"
+
+		 # FTPS wasn't standards-compliant until version
+		 # 7.11.0
+		 if test $_libcurl_version -ge 461568; then
+		    _libcurl_protocols="$_libcurl_protocols FTPS"
+		 fi
+	      fi
+	   fi
+
+	   for _libcurl_protocol in $_libcurl_protocols ; do
+	      cat >>confdefs.h <<_ACEOF
+#define `$as_echo "libcurl_protocol_$_libcurl_protocol" | $as_tr_cpp` 1
+_ACEOF
+
+	      eval `$as_echo "libcurl_protocol_$_libcurl_protocol" | $as_tr_sh`=yes
+           done
+	else
+	   unset LIBCURL
+	   unset LIBCURL_CPPFLAGS
+        fi
+     fi
+
+     unset _libcurl_try_link
+     unset _libcurl_version_parse
+     unset _libcurl_config
+     unset _libcurl_feature
+     unset _libcurl_features
+     unset _libcurl_protocol
+     unset _libcurl_protocols
+     unset _libcurl_version
+     unset _libcurl_vernum
+     unset _libcurl_ldflags
+  fi
+
+  if test x$_libcurl_with = xno || test x$libcurl_cv_lib_curl_usable != xyes ; then
+     # This is the IF-NO path
+     fake_curl=yes
+  else
+     # This is the IF-YES path
+     :
+  fi
+
+  unset _libcurl_with
+
+ if test x"$fake_curl" = xyes; then
+  FAKE_CURL_TRUE=
+  FAKE_CURL_FALSE='#'
 else
-  USE_LDAPWRAPPER_TRUE='#'
-  USE_LDAPWRAPPER_FALSE=
+  FAKE_CURL_TRUE='#'
+  FAKE_CURL_FALSE=
 fi
 
 
+# Generic, for us, means curl
 
+if test x"$try_generic" = xyes ; then
+   GPGKEYS_CURL="gpg2keys_curl$EXEEXT"
 
+fi
 
 #
 # Check for sendmail
@@ -10460,6 +9803,7 @@
 # This isn't necessarily sendmail itself, but anything that gives a
 # sendmail-ish interface to the outside world.  That includes Exim,
 # Postfix, etc.  Basically, anything that can handle "sendmail -t".
+if test "$try_mailto" = yes ; then
 
 # Check whether --with-mailprog was given.
 if test "${with_mailprog+set}" = set; then :
@@ -10468,7 +9812,8 @@
   with_mailprog=yes
 fi
 
-if test x"$with_mailprog" = xyes ; then
+
+  if test x"$with_mailprog" = xyes ; then
     # Extract the first word of "sendmail", so it can be a program name with args.
 set dummy sendmail; ac_word=$2
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
@@ -10510,23 +9855,26 @@
 fi
 
 
-elif test x"$with_mailprog" != xno ; then
+    if test "$ac_cv_path_SENDMAIL" ; then
+      GPGKEYS_MAILTO="gpg2keys_mailto"
+    fi
+  elif test x"$with_mailprog" != xno ; then
     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a mail transport program" >&5
 $as_echo_n "checking for a mail transport program... " >&6; }
     SENDMAIL=$with_mailprog
 
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_mailprog" >&5
 $as_echo "$with_mailprog" >&6; }
+    GPGKEYS_MAILTO="gpg2keys_mailto"
+  fi
 fi
 
 
+
 #
 # Construct a printable name of the OS
 #
 case "${host}" in
-    *-mingw32ce*)
-        PRINTABLE_OS_NAME="W32CE"
-        ;;
     *-mingw32*)
         PRINTABLE_OS_NAME="MingW32"
         ;;
@@ -10557,7 +9905,7 @@
 #
 # Checking for iconv
 #
-if test "$require_iconv" = yes; then
+missing_iconv=no
 
       if test "X$prefix" = "XNONE"; then
     acl_final_prefix="$ac_default_prefix"
@@ -10575,6 +9923,7 @@
   prefix="$acl_save_prefix"
 
 
+
 # Check whether --with-gnu-ld was given.
 if test "${with_gnu_ld+set}" = set; then :
   withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
@@ -10585,21 +9934,21 @@
 # Prepare PATH_SEPARATOR.
 # The user is always right.
 if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conf$$.sh
-  echo  "exit 0"   >>conf$$.sh
-  chmod +x conf$$.sh
-  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conf$$.sh
+  # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
+  # contains only /bin. Note that ksh looks also at the FPATH variable,
+  # so we have to set that as well for the test.
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
+    && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
+           || PATH_SEPARATOR=';'
+       }
 fi
+
 ac_prog=ld
 if test "$GCC" = yes; then
   # Check if gcc -print-prog-name=ld gives a path.
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by GCC" >&5
-$as_echo_n "checking for ld used by GCC... " >&6; }
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
   case $host in
   *-*-mingw*)
     # gcc leaves a trailing carriage return which upsets mingw
@@ -10609,12 +9958,12 @@
   esac
   case $ac_prog in
     # Accept absolute paths.
-    [\\/]* | [A-Za-z]:[\\/]*)
+    [\\/]* | ?:[\\/]*)
       re_direlt='/[^/][^/]*/\.\./'
-      # Canonicalize the path of ld
-      ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
-      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
+      # Canonicalize the pathname of ld
+      ac_prog=`echo "$ac_prog"| sed 's%\\\\%/%g'`
+      while echo "$ac_prog" | grep "$re_direlt" > /dev/null 2>&1; do
+        ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
       done
       test -z "$LD" && LD="$ac_prog"
       ;;
@@ -10638,23 +9987,26 @@
   $as_echo_n "(cached) " >&6
 else
   if test -z "$LD"; then
-  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+  acl_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
   for ac_dir in $PATH; do
+    IFS="$acl_save_ifs"
     test -z "$ac_dir" && ac_dir=.
     if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
       acl_cv_path_LD="$ac_dir/$ac_prog"
       # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some GNU ld's only accept -v.
+      # but apparently some variants of GNU ld only accept -v.
       # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in
+      case `"$acl_cv_path_LD" -v 2>&1 &6
 else
-  # I'd rather use --version here, but apparently some GNU ld's only accept -v.
+  # I'd rather use --version here, but apparently some GNU lds only accept -v.
 case `$LD -v 2>&1 &5
@@ -10722,23 +10076,70 @@
 
 
 
-                  acl_libdirstem=lib
-  searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
-  if test -n "$searchpath"; then
-    acl_save_IFS="${IFS= 	}"; IFS=":"
-    for searchdir in $searchpath; do
-      if test -d "$searchdir"; then
-        case "$searchdir" in
-          */lib64/ | */lib64 ) acl_libdirstem=lib64 ;;
-          *) searchdir=`cd "$searchdir" && pwd`
-             case "$searchdir" in
-               */lib64 ) acl_libdirstem=lib64 ;;
-             esac ;;
+
+  acl_libdirstem=lib
+  acl_libdirstem2=
+  case "$host_os" in
+    solaris*)
+                                    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64-bit host" >&5
+$as_echo_n "checking for 64-bit host... " >&6; }
+if ${gl_cv_solaris_64bit+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#ifdef _LP64
+sixtyfour bits
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "sixtyfour bits" >/dev/null 2>&1; then :
+  gl_cv_solaris_64bit=yes
+else
+  gl_cv_solaris_64bit=no
+fi
+rm -f conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_solaris_64bit" >&5
+$as_echo "$gl_cv_solaris_64bit" >&6; }
+      if test $gl_cv_solaris_64bit = yes; then
+        acl_libdirstem=lib/64
+        case "$host_cpu" in
+          sparc*)        acl_libdirstem2=lib/sparcv9 ;;
+          i*86 | x86_64) acl_libdirstem2=lib/amd64 ;;
         esac
       fi
-    done
-    IFS="$acl_save_IFS"
-  fi
+      ;;
+    *)
+      searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
+      if test -n "$searchpath"; then
+        acl_save_IFS="${IFS= 	}"; IFS=":"
+        for searchdir in $searchpath; do
+          if test -d "$searchdir"; then
+            case "$searchdir" in
+              */lib64/ | */lib64 ) acl_libdirstem=lib64 ;;
+              */../ | */.. )
+                # Better ignore directories of this form. They are misleading.
+                ;;
+              *) searchdir=`cd "$searchdir" && pwd`
+                 case "$searchdir" in
+                   */lib64 ) acl_libdirstem=lib64 ;;
+                 esac ;;
+            esac
+          fi
+        done
+        IFS="$acl_save_IFS"
+      fi
+      ;;
+  esac
+  test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem"
+
+
+
 
 
 
@@ -10784,6 +10185,10 @@
       else
         additional_includedir="$withval/include"
         additional_libdir="$withval/$acl_libdirstem"
+        if test "$acl_libdirstem2" != "$acl_libdirstem" \
+           && ! test -d "$withval/$acl_libdirstem"; then
+          additional_libdir="$withval/$acl_libdirstem2"
+        fi
       fi
     fi
 
@@ -10793,6 +10198,7 @@
   LTLIBICONV=
   INCICONV=
   LIBICONV_PREFIX=
+      HAVE_LIBICONV=
   rpathdirs=
   ltrpathdirs=
   names_already_handled=
@@ -10810,7 +10216,7 @@
       done
       if test -z "$already_handled"; then
         names_already_handled="$names_already_handled $name"
-                        uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+                        uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'`
         eval value=\"\$HAVE_LIB$uppername\"
         if test -n "$value"; then
           if test "$value" = yes; then
@@ -10935,7 +10341,9 @@
           if test "X$found_dir" != "X"; then
                         LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$found_dir -l$name"
             if test "X$found_so" != "X"; then
-                                                        if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+                                                        if test "$enable_rpath" = no \
+                 || test "X$found_dir" = "X/usr/$acl_libdirstem" \
+                 || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then
                                 LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
               else
                                                                                 haveit=
@@ -11002,7 +10410,16 @@
             case "$found_dir" in
               */$acl_libdirstem | */$acl_libdirstem/)
                 basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
-                LIBICONV_PREFIX="$basedir"
+                if test "$name" = 'iconv'; then
+                  LIBICONV_PREFIX="$basedir"
+                fi
+                additional_includedir="$basedir/include"
+                ;;
+              */$acl_libdirstem2 | */$acl_libdirstem2/)
+                basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'`
+                if test "$name" = 'iconv'; then
+                  LIBICONV_PREFIX="$basedir"
+                fi
                 additional_includedir="$basedir/include"
                 ;;
             esac
@@ -11051,9 +10468,11 @@
                 case "$dep" in
                   -L*)
                     additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
-                                                                                                                                                                if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+                                                                                                                                                                if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \
+                       && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then
                       haveit=
-                      if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+                      if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \
+                         || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then
                         if test -n "$GCC"; then
                           case $host_os in
                             linux* | gnu* | k*bsd*-gnu) haveit=yes;;
@@ -11185,6 +10604,11 @@
 
 
 
+
+
+
+
+
           am_save_CPPFLAGS="$CPPFLAGS"
 
   for element in $INCICONV; do
@@ -11220,14 +10644,16 @@
     am_cv_lib_iconv=no
     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+
 #include 
 #include 
+
 int
 main ()
 {
 iconv_t cd = iconv_open("","");
-       iconv(cd,NULL,NULL,NULL,NULL);
-       iconv_close(cd);
+           iconv(cd,NULL,NULL,NULL,NULL);
+           iconv_close(cd);
   ;
   return 0;
 }
@@ -11242,14 +10668,16 @@
       LIBS="$LIBS $LIBICONV"
       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+
 #include 
 #include 
+
 int
 main ()
 {
 iconv_t cd = iconv_open("","");
-         iconv(cd,NULL,NULL,NULL,NULL);
-         iconv_close(cd);
+             iconv(cd,NULL,NULL,NULL,NULL);
+             iconv_close(cd);
   ;
   return 0;
 }
@@ -11273,15 +10701,17 @@
   $as_echo_n "(cached) " >&6
 else
 
-            am_save_LIBS="$LIBS"
+                  am_save_LIBS="$LIBS"
       if test $am_cv_lib_iconv = yes; then
         LIBS="$LIBS $LIBICONV"
       fi
       if test "$cross_compiling" = yes; then :
-  case "$host_os" in
+
+         case "$host_os" in
            aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
            *)            am_cv_func_iconv_works="guessing yes" ;;
          esac
+
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -11290,6 +10720,7 @@
 #include 
 int main ()
 {
+  int result = 0;
   /* Test against AIX 5.1 bug: Failures are not distinguishable from successful
      returns.  */
   {
@@ -11306,32 +10737,73 @@
                             (char **) &inptr, &inbytesleft,
                             &outptr, &outbytesleft);
         if (res == 0)
-          return 1;
+          result |= 1;
+        iconv_close (cd_utf8_to_88591);
       }
   }
-#if 0 /* This bug could be worked around by the caller.  */
-  /* Test against HP-UX 11.11 bug: Positive return value instead of 0.  */
+  /* Test against Solaris 10 bug: Failures are not distinguishable from
+     successful returns.  */
   {
-    iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591");
-    if (cd_88591_to_utf8 != (iconv_t)(-1))
+    iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646");
+    if (cd_ascii_to_88591 != (iconv_t)(-1))
       {
-        static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337";
-        char buf[50];
+        static const char input[] = "\263";
+        char buf[10];
         const char *inptr = input;
         size_t inbytesleft = strlen (input);
         char *outptr = buf;
         size_t outbytesleft = sizeof (buf);
-        size_t res = iconv (cd_88591_to_utf8,
+        size_t res = iconv (cd_ascii_to_88591,
                             (char **) &inptr, &inbytesleft,
                             &outptr, &outbytesleft);
-        if ((int)res > 0)
-          return 1;
+        if (res == 0)
+          result |= 2;
+        iconv_close (cd_ascii_to_88591);
       }
   }
-#endif
-  /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is
-     provided.  */
-  if (/* Try standardized names.  */
+  /* Test against AIX 6.1..7.1 bug: Buffer overrun.  */
+  {
+    iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1");
+    if (cd_88591_to_utf8 != (iconv_t)(-1))
+      {
+        static const char input[] = "\304";
+        static char buf[2] = { (char)0xDE, (char)0xAD };
+        const char *inptr = input;
+        size_t inbytesleft = 1;
+        char *outptr = buf;
+        size_t outbytesleft = 1;
+        size_t res = iconv (cd_88591_to_utf8,
+                            (char **) &inptr, &inbytesleft,
+                            &outptr, &outbytesleft);
+        if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD)
+          result |= 4;
+        iconv_close (cd_88591_to_utf8);
+      }
+  }
+#if 0 /* This bug could be worked around by the caller.  */
+  /* Test against HP-UX 11.11 bug: Positive return value instead of 0.  */
+  {
+    iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591");
+    if (cd_88591_to_utf8 != (iconv_t)(-1))
+      {
+        static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337";
+        char buf[50];
+        const char *inptr = input;
+        size_t inbytesleft = strlen (input);
+        char *outptr = buf;
+        size_t outbytesleft = sizeof (buf);
+        size_t res = iconv (cd_88591_to_utf8,
+                            (char **) &inptr, &inbytesleft,
+                            &outptr, &outbytesleft);
+        if ((int)res > 0)
+          result |= 8;
+        iconv_close (cd_88591_to_utf8);
+      }
+  }
+#endif
+  /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is
+     provided.  */
+  if (/* Try standardized names.  */
       iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1)
       /* Try IRIX, OSF/1 names.  */
       && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1)
@@ -11339,8 +10811,8 @@
       && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1)
       /* Try HP-UX names.  */
       && iconv_open ("utf8", "eucJP") == (iconv_t)(-1))
-    return 1;
-  return 0;
+    result |= 16;
+  return result;
 }
 _ACEOF
 if ac_fn_c_try_run "$LINENO"; then :
@@ -11398,7 +10870,7 @@
 #ifdef __cplusplus
 "C"
 #endif
-#if defined(__STDC__) || defined(__cplusplus)
+#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus)
 size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);
 #else
 size_t iconv();
@@ -11422,22 +10894,20 @@
 fi
 
     am_cv_proto_iconv=`echo "$am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'`
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${ac_t:-
-         }$am_cv_proto_iconv" >&5
-$as_echo "${ac_t:-
-         }$am_cv_proto_iconv" >&6; }
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result:
+         $am_cv_proto_iconv" >&5
+$as_echo "
+         $am_cv_proto_iconv" >&6; }
 
 cat >>confdefs.h <<_ACEOF
 #define ICONV_CONST $am_cv_proto_iconv_arg1
 _ACEOF
 
-  fi
-
-else
-  LIBICONV=
-  LTLIBICONV=
 
+  fi
 
+if test "$am_cv_func_iconv" != yes; then
+   missing_iconv=yes
 fi
 
 
@@ -11449,6 +10919,75 @@
 #
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gettext" >&5
 $as_echo "$as_me: checking for gettext" >&6;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+$as_echo_n "checking for a sed that does not truncate output... " >&6; }
+if ${ac_cv_path_SED+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+            ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+     for ac_i in 1 2 3 4 5 6 7; do
+       ac_script="$ac_script$as_nl$ac_script"
+     done
+     echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+     { ac_script=; unset ac_script;}
+     if test -z "$SED"; then
+  ac_path_SED_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in sed gsed; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_SED" || continue
+# Check for GNU ac_path_SED and select it if it is found.
+  # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+  ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo '' >> "conftest.nl"
+    "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_SED_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_SED="$ac_path_SED"
+      ac_path_SED_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_SED_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_SED"; then
+    as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
+  fi
+else
+  ac_cv_path_SED=$SED
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+$as_echo "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+  rm -f conftest.sed
+
 
   { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5
 $as_echo_n "checking whether NLS is requested... " >&6; }
@@ -11465,7 +11004,7 @@
 
 
 
-      GETTEXT_MACRO_VERSION=0.17
+      GETTEXT_MACRO_VERSION=0.19
 
 
 
@@ -11473,15 +11012,14 @@
 # Prepare PATH_SEPARATOR.
 # The user is always right.
 if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conf$$.sh
-  echo  "exit 0"   >>conf$$.sh
-  chmod +x conf$$.sh
-  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conf$$.sh
+  # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
+  # contains only /bin. Note that ksh looks also at the FPATH variable,
+  # so we have to set that as well for the test.
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
+    && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
+           || PATH_SEPARATOR=';'
+       }
 fi
 
 # Find out how to test for executable files. Don't use a zero-byte file,
@@ -11596,15 +11134,14 @@
 # Prepare PATH_SEPARATOR.
 # The user is always right.
 if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conf$$.sh
-  echo  "exit 0"   >>conf$$.sh
-  chmod +x conf$$.sh
-  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conf$$.sh
+  # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
+  # contains only /bin. Note that ksh looks also at the FPATH variable,
+  # so we have to set that as well for the test.
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
+    && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
+           || PATH_SEPARATOR=';'
+       }
 fi
 
 # Find out how to test for executable files. Don't use a zero-byte file,
@@ -11674,15 +11211,14 @@
 # Prepare PATH_SEPARATOR.
 # The user is always right.
 if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conf$$.sh
-  echo  "exit 0"   >>conf$$.sh
-  chmod +x conf$$.sh
-  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conf$$.sh
+  # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
+  # contains only /bin. Note that ksh looks also at the FPATH variable,
+  # so we have to set that as well for the test.
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
+    && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
+           || PATH_SEPARATOR=';'
+       }
 fi
 
 # Find out how to test for executable files. Don't use a zero-byte file,
@@ -11774,6 +11310,7 @@
 
 
 
+
     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFPreferencesCopyAppValue" >&5
 $as_echo_n "checking for CFPreferencesCopyAppValue... " >&6; }
 if ${gt_cv_func_CFPreferencesCopyAppValue+:} false; then :
@@ -11891,15 +11428,19 @@
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+
 #include 
 $gt_revision_test_code
 extern int _nl_msg_cat_cntr;
 extern int *_nl_domain_bindings;
+
 int
 main ()
 {
+
 bindtextdomain ("", "");
 return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings
+
   ;
   return 0;
 }
@@ -11957,14 +11498,16 @@
     am_cv_lib_iconv=no
     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+
 #include 
 #include 
+
 int
 main ()
 {
 iconv_t cd = iconv_open("","");
-       iconv(cd,NULL,NULL,NULL,NULL);
-       iconv_close(cd);
+           iconv(cd,NULL,NULL,NULL,NULL);
+           iconv_close(cd);
   ;
   return 0;
 }
@@ -11979,14 +11522,16 @@
       LIBS="$LIBS $LIBICONV"
       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+
 #include 
 #include 
+
 int
 main ()
 {
 iconv_t cd = iconv_open("","");
-         iconv(cd,NULL,NULL,NULL,NULL);
-         iconv_close(cd);
+             iconv(cd,NULL,NULL,NULL,NULL);
+             iconv_close(cd);
   ;
   return 0;
 }
@@ -12010,15 +11555,17 @@
   $as_echo_n "(cached) " >&6
 else
 
-            am_save_LIBS="$LIBS"
+                  am_save_LIBS="$LIBS"
       if test $am_cv_lib_iconv = yes; then
         LIBS="$LIBS $LIBICONV"
       fi
       if test "$cross_compiling" = yes; then :
-  case "$host_os" in
+
+         case "$host_os" in
            aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
            *)            am_cv_func_iconv_works="guessing yes" ;;
          esac
+
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -12027,6 +11574,7 @@
 #include 
 int main ()
 {
+  int result = 0;
   /* Test against AIX 5.1 bug: Failures are not distinguishable from successful
      returns.  */
   {
@@ -12043,7 +11591,47 @@
                             (char **) &inptr, &inbytesleft,
                             &outptr, &outbytesleft);
         if (res == 0)
-          return 1;
+          result |= 1;
+        iconv_close (cd_utf8_to_88591);
+      }
+  }
+  /* Test against Solaris 10 bug: Failures are not distinguishable from
+     successful returns.  */
+  {
+    iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646");
+    if (cd_ascii_to_88591 != (iconv_t)(-1))
+      {
+        static const char input[] = "\263";
+        char buf[10];
+        const char *inptr = input;
+        size_t inbytesleft = strlen (input);
+        char *outptr = buf;
+        size_t outbytesleft = sizeof (buf);
+        size_t res = iconv (cd_ascii_to_88591,
+                            (char **) &inptr, &inbytesleft,
+                            &outptr, &outbytesleft);
+        if (res == 0)
+          result |= 2;
+        iconv_close (cd_ascii_to_88591);
+      }
+  }
+  /* Test against AIX 6.1..7.1 bug: Buffer overrun.  */
+  {
+    iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1");
+    if (cd_88591_to_utf8 != (iconv_t)(-1))
+      {
+        static const char input[] = "\304";
+        static char buf[2] = { (char)0xDE, (char)0xAD };
+        const char *inptr = input;
+        size_t inbytesleft = 1;
+        char *outptr = buf;
+        size_t outbytesleft = 1;
+        size_t res = iconv (cd_88591_to_utf8,
+                            (char **) &inptr, &inbytesleft,
+                            &outptr, &outbytesleft);
+        if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD)
+          result |= 4;
+        iconv_close (cd_88591_to_utf8);
       }
   }
 #if 0 /* This bug could be worked around by the caller.  */
@@ -12062,7 +11650,8 @@
                             (char **) &inptr, &inbytesleft,
                             &outptr, &outbytesleft);
         if ((int)res > 0)
-          return 1;
+          result |= 8;
+        iconv_close (cd_88591_to_utf8);
       }
   }
 #endif
@@ -12076,8 +11665,8 @@
       && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1)
       /* Try HP-UX names.  */
       && iconv_open ("utf8", "eucJP") == (iconv_t)(-1))
-    return 1;
-  return 0;
+    result |= 16;
+  return result;
 }
 _ACEOF
 if ac_fn_c_try_run "$LINENO"; then :
@@ -12124,6 +11713,9 @@
 
 
 
+
+
+
     use_additional=yes
 
   acl_save_prefix="$prefix"
@@ -12160,6 +11752,10 @@
       else
         additional_includedir="$withval/include"
         additional_libdir="$withval/$acl_libdirstem"
+        if test "$acl_libdirstem2" != "$acl_libdirstem" \
+           && ! test -d "$withval/$acl_libdirstem"; then
+          additional_libdir="$withval/$acl_libdirstem2"
+        fi
       fi
     fi
 
@@ -12169,6 +11765,7 @@
   LTLIBINTL=
   INCINTL=
   LIBINTL_PREFIX=
+      HAVE_LIBINTL=
   rpathdirs=
   ltrpathdirs=
   names_already_handled=
@@ -12186,7 +11783,7 @@
       done
       if test -z "$already_handled"; then
         names_already_handled="$names_already_handled $name"
-                        uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+                        uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'`
         eval value=\"\$HAVE_LIB$uppername\"
         if test -n "$value"; then
           if test "$value" = yes; then
@@ -12311,7 +11908,9 @@
           if test "X$found_dir" != "X"; then
                         LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$found_dir -l$name"
             if test "X$found_so" != "X"; then
-                                                        if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+                                                        if test "$enable_rpath" = no \
+                 || test "X$found_dir" = "X/usr/$acl_libdirstem" \
+                 || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then
                                 LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
               else
                                                                                 haveit=
@@ -12378,7 +11977,16 @@
             case "$found_dir" in
               */$acl_libdirstem | */$acl_libdirstem/)
                 basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
-                LIBINTL_PREFIX="$basedir"
+                if test "$name" = 'intl'; then
+                  LIBINTL_PREFIX="$basedir"
+                fi
+                additional_includedir="$basedir/include"
+                ;;
+              */$acl_libdirstem2 | */$acl_libdirstem2/)
+                basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'`
+                if test "$name" = 'intl'; then
+                  LIBINTL_PREFIX="$basedir"
+                fi
                 additional_includedir="$basedir/include"
                 ;;
             esac
@@ -12427,9 +12035,11 @@
                 case "$dep" in
                   -L*)
                     additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
-                                                                                                                                                                if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+                                                                                                                                                                if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \
+                       && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then
                       haveit=
-                      if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+                      if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \
+                         || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then
                         if test -n "$GCC"; then
                           case $host_os in
                             linux* | gnu* | k*bsd*-gnu) haveit=yes;;
@@ -12525,1924 +12135,3196 @@
             LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-l$name"
           fi
         fi
-      fi
-    done
-  done
-  if test "X$rpathdirs" != "X"; then
-    if test -n "$acl_hardcode_libdir_separator"; then
-                        alldirs=
-      for found_dir in $rpathdirs; do
-        alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
-      done
-            acl_save_libdir="$libdir"
-      libdir="$alldirs"
-      eval flag=\"$acl_hardcode_libdir_flag_spec\"
-      libdir="$acl_save_libdir"
-      LIBINTL="${LIBINTL}${LIBINTL:+ }$flag"
+      fi
+    done
+  done
+  if test "X$rpathdirs" != "X"; then
+    if test -n "$acl_hardcode_libdir_separator"; then
+                        alldirs=
+      for found_dir in $rpathdirs; do
+        alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+      done
+            acl_save_libdir="$libdir"
+      libdir="$alldirs"
+      eval flag=\"$acl_hardcode_libdir_flag_spec\"
+      libdir="$acl_save_libdir"
+      LIBINTL="${LIBINTL}${LIBINTL:+ }$flag"
+    else
+            for found_dir in $rpathdirs; do
+        acl_save_libdir="$libdir"
+        libdir="$found_dir"
+        eval flag=\"$acl_hardcode_libdir_flag_spec\"
+        libdir="$acl_save_libdir"
+        LIBINTL="${LIBINTL}${LIBINTL:+ }$flag"
+      done
+    fi
+  fi
+  if test "X$ltrpathdirs" != "X"; then
+            for found_dir in $ltrpathdirs; do
+      LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir"
+    done
+  fi
+
+
+
+
+
+
+          { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5
+$as_echo_n "checking for GNU gettext in libintl... " >&6; }
+if eval \${$gt_func_gnugettext_libintl+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  gt_save_CPPFLAGS="$CPPFLAGS"
+            CPPFLAGS="$CPPFLAGS $INCINTL"
+            gt_save_LIBS="$LIBS"
+            LIBS="$LIBS $LIBINTL"
+                        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include 
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern
+#ifdef __cplusplus
+"C"
+#endif
+const char *_nl_expand_alias (const char *);
+
+int
+main ()
+{
+
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  eval "$gt_func_gnugettext_libintl=yes"
+else
+  eval "$gt_func_gnugettext_libintl=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+                        if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then
+              LIBS="$LIBS $LIBICONV"
+              cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include 
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern
+#ifdef __cplusplus
+"C"
+#endif
+const char *_nl_expand_alias (const char *);
+
+int
+main ()
+{
+
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  LIBINTL="$LIBINTL $LIBICONV"
+                 LTLIBINTL="$LTLIBINTL $LTLIBICONV"
+                 eval "$gt_func_gnugettext_libintl=yes"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+            fi
+            CPPFLAGS="$gt_save_CPPFLAGS"
+            LIBS="$gt_save_LIBS"
+fi
+eval ac_res=\$$gt_func_gnugettext_libintl
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+        fi
+
+                                        if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \
+           || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \
+                && test "$PACKAGE" != gettext-runtime \
+                && test "$PACKAGE" != gettext-tools; }; then
+          gt_use_preinstalled_gnugettext=yes
+        else
+                    LIBINTL=
+          LTLIBINTL=
+          INCINTL=
+        fi
+
+
+
+    if test -n "$INTL_MACOSX_LIBS"; then
+      if test "$gt_use_preinstalled_gnugettext" = "yes" \
+         || test "$nls_cv_use_gnu_gettext" = "yes"; then
+                LIBINTL="$LIBINTL $INTL_MACOSX_LIBS"
+        LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS"
+      fi
+    fi
+
+    if test "$gt_use_preinstalled_gnugettext" = "yes" \
+       || test "$nls_cv_use_gnu_gettext" = "yes"; then
+
+$as_echo "#define ENABLE_NLS 1" >>confdefs.h
+
+    else
+      USE_NLS=no
+    fi
+  fi
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5
+$as_echo_n "checking whether to use NLS... " >&6; }
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5
+$as_echo "$USE_NLS" >&6; }
+  if test "$USE_NLS" = "yes"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5
+$as_echo_n "checking where the gettext function comes from... " >&6; }
+    if test "$gt_use_preinstalled_gnugettext" = "yes"; then
+      if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
+        gt_source="external libintl"
+      else
+        gt_source="libc"
+      fi
+    else
+      gt_source="included intl directory"
+    fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5
+$as_echo "$gt_source" >&6; }
+  fi
+
+  if test "$USE_NLS" = "yes"; then
+
+    if test "$gt_use_preinstalled_gnugettext" = "yes"; then
+      if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5
+$as_echo_n "checking how to link with libintl... " >&6; }
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5
+$as_echo "$LIBINTL" >&6; }
+
+  for element in $INCINTL; do
+    haveit=
+    for x in $CPPFLAGS; do
+
+  acl_save_prefix="$prefix"
+  prefix="$acl_final_prefix"
+  acl_save_exec_prefix="$exec_prefix"
+  exec_prefix="$acl_final_exec_prefix"
+  eval x=\"$x\"
+  exec_prefix="$acl_save_exec_prefix"
+  prefix="$acl_save_prefix"
+
+      if test "X$x" = "X$element"; then
+        haveit=yes
+        break
+      fi
+    done
+    if test -z "$haveit"; then
+      CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+    fi
+  done
+
+      fi
+
+
+$as_echo "#define HAVE_GETTEXT 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_DCGETTEXT 1" >>confdefs.h
+
+    fi
+
+        POSUB=po
+  fi
+
+
+
+    INTLLIBS="$LIBINTL"
+
+
+
+
+
+
+
+  # gettext requires some extra checks.  These really should be part of
+  # the basic AM_GNU_GETTEXT macro.  TODO: move other gettext-specific
+  # function checks to here.
+
+  for ac_func in strchr
+do :
+  ac_fn_c_check_func "$LINENO" "strchr" "ac_cv_func_strchr"
+if test "x$ac_cv_func_strchr" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_STRCHR 1
+_ACEOF
+
+fi
+done
+
+else
+  USE_NLS=no
+  USE_INCLUDED_LIBINTL=no
+  BUILD_INCLUDED_LIBINTL=no
+  POSUB=po
+
+
+
+
+fi
+
+# We use HAVE_LANGINFO_CODESET in a couple of places.
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_langinfo and CODESET" >&5
+$as_echo_n "checking for nl_langinfo and CODESET... " >&6; }
+if ${am_cv_langinfo_codeset+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+int
+main ()
+{
+char* cs = nl_langinfo(CODESET); return !cs;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  am_cv_langinfo_codeset=yes
+else
+  am_cv_langinfo_codeset=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_langinfo_codeset" >&5
+$as_echo "$am_cv_langinfo_codeset" >&6; }
+  if test $am_cv_langinfo_codeset = yes; then
+
+$as_echo "#define HAVE_LANGINFO_CODESET 1" >>confdefs.h
+
+  fi
+
+
+# Checks required for our use locales
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LC_MESSAGES" >&5
+$as_echo_n "checking for LC_MESSAGES... " >&6; }
+if ${gt_cv_val_LC_MESSAGES+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+int
+main ()
+{
+return LC_MESSAGES
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  gt_cv_val_LC_MESSAGES=yes
+else
+  gt_cv_val_LC_MESSAGES=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_val_LC_MESSAGES" >&5
+$as_echo "$gt_cv_val_LC_MESSAGES" >&6; }
+  if test $gt_cv_val_LC_MESSAGES = yes; then
+
+$as_echo "#define HAVE_LC_MESSAGES 1" >>confdefs.h
+
+  fi
+
+
+
+#
+# SELinux support
+#
+if test "$selinux_support" = yes ; then
+
+$as_echo "#define ENABLE_SELINUX_HACKS 1" >>confdefs.h
+
+fi
+
+
+#
+# Checks for header files.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for header files" >&5
+$as_echo "$as_me: checking for header files" >&6;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+#include 
+#include 
+#include 
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_stdc=yes
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then :
+  :
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+#include 
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      return 2;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+for ac_header in string.h unistd.h langinfo.h termio.h locale.h getopt.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+for ac_header in pty.h utmp.h pwd.h inttypes.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
+$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
+if ${ac_cv_header_time+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+#include 
+#include 
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_time=yes
+else
+  ac_cv_header_time=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
+$as_echo "$ac_cv_header_time" >&6; }
+if test $ac_cv_header_time = yes; then
+
+$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
+
+fi
+
+
+
+#
+# Checks for typedefs, structures, and compiler characteristics.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for system characteristics" >&5
+$as_echo "$as_me: checking for system characteristics" >&6;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
+if ${ac_cv_c_const+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+#ifndef __cplusplus
+  /* Ultrix mips cc rejects this sort of thing.  */
+  typedef int charset[2];
+  const charset cs = { 0, 0 };
+  /* SunOS 4.1.1 cc rejects this.  */
+  char const *const *pcpcc;
+  char **ppc;
+  /* NEC SVR4.0.2 mips cc rejects this.  */
+  struct point {int x, y;};
+  static struct point const zero = {0,0};
+  /* AIX XL C 1.02.0.0 rejects this.
+     It does not let you subtract one const X* pointer from another in
+     an arm of an if-expression whose if-part is not a constant
+     expression */
+  const char *g = "string";
+  pcpcc = &g + (g ? g-g : 0);
+  /* HPUX 7.0 cc rejects these. */
+  ++pcpcc;
+  ppc = (char**) pcpcc;
+  pcpcc = (char const *const *) ppc;
+  { /* SCO 3.2v4 cc rejects this sort of thing.  */
+    char tx;
+    char *t = &tx;
+    char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+    *t++ = 0;
+    if (s) return 0;
+  }
+  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
+    int x[] = {25, 17};
+    const int *foo = &x[0];
+    ++foo;
+  }
+  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+    typedef const int *iptr;
+    iptr p = 0;
+    ++p;
+  }
+  { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
+       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+    struct s { int j; const int *ap[3]; } bx;
+    struct s *b = &bx; b->j = 5;
+  }
+  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+    const int foo = 10;
+    if (!foo) return 0;
+  }
+  return !cs[0] && !zero.x;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_const=yes
+else
+  ac_cv_c_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+$as_echo "$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+$as_echo "#define const /**/" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
+$as_echo_n "checking for inline... " >&6; }
+if ${ac_cv_c_inline+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifndef __cplusplus
+typedef int foo_t;
+static $ac_kw foo_t static_foo () {return 0; }
+$ac_kw foo_t foo () {return 0; }
+#endif
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_inline=$ac_kw
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  test "$ac_cv_c_inline" != no && break
+done
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
+$as_echo "$ac_cv_c_inline" >&6; }
+
+case $ac_cv_c_inline in
+  inline | yes) ;;
+  *)
+    case $ac_cv_c_inline in
+      no) ac_val=;;
+      *) ac_val=$ac_cv_c_inline;;
+    esac
+    cat >>confdefs.h <<_ACEOF
+#ifndef __cplusplus
+#define inline $ac_val
+#endif
+_ACEOF
+    ;;
+esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working volatile" >&5
+$as_echo_n "checking for working volatile... " >&6; }
+if ${ac_cv_c_volatile+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+volatile int x;
+int * volatile y = (int *) 0;
+return !x && !y;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_volatile=yes
+else
+  ac_cv_c_volatile=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_volatile" >&5
+$as_echo "$ac_cv_c_volatile" >&6; }
+if test $ac_cv_c_volatile = no; then
+
+$as_echo "#define volatile /**/" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
+if test "x$ac_cv_type_size_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define size_t unsigned int
+_ACEOF
+
+fi
+
+ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default"
+if test "x$ac_cv_type_mode_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define mode_t int
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
+$as_echo_n "checking return type of signal handlers... " >&6; }
+if ${ac_cv_type_signal+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+#include 
+
+int
+main ()
+{
+return *(signal (0, 0)) (0) == 1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_type_signal=int
+else
+  ac_cv_type_signal=void
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5
+$as_echo "$ac_cv_type_signal" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define RETSIGTYPE $ac_cv_type_signal
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" "#include 
+/* NetBSD declares sys_siglist in unistd.h.  */
+#ifdef HAVE_UNISTD_H
+# include 
+#endif
+
+"
+if test "x$ac_cv_have_decl_sys_siglist" = xyes; then :
+  ac_have_decl=1
+else
+  ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SYS_SIGLIST $ac_have_decl
+_ACEOF
+
+
+
+
+
+
+  for ac_header in $ac_header_list
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+
+  if test $ac_cv_header_sys_socket_h = yes; then
+    SYS_SOCKET_H=''
+  else
+                    for ac_header in winsock2.h ws2tcpip.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+    SYS_SOCKET_H='sys/socket.h'
+  fi
+
+
+   ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include 
+      #if HAVE_SYS_SOCKET_H
+      # include 
+      #elif HAVE_WS2TCPIP_H
+      # include 
+      #endif
+"
+if test "x$ac_cv_type_socklen_t" = xyes; then :
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5
+$as_echo_n "checking for socklen_t equivalent... " >&6; }
+      if ${gl_cv_gl_cv_socklen_t_equiv+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  # Systems have either "struct sockaddr *" or
+	 # "void *" as the second argument to getpeername
+	 gl_cv_socklen_t_equiv=
+	 for arg2 in "struct sockaddr" void; do
+	   for t in int size_t "unsigned int" "long int" "unsigned long int"; do
+	     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+		#include 
+
+		int getpeername (int, $arg2 *, $t *);
+int
+main ()
+{
+$t len;
+		getpeername (0, 0, &len);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  gl_cv_socklen_t_equiv="$t"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+	     test "$gl_cv_socklen_t_equiv" != "" && break
+	   done
+	   test "$gl_cv_socklen_t_equiv" != "" && break
+	 done
+
+fi
+
+      if test "$gl_cv_socklen_t_equiv" = ""; then
+	as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5
+      fi
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_socklen_t_equiv" >&5
+$as_echo "$gl_cv_socklen_t_equiv" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define socklen_t $gl_cv_socklen_t_equiv
+_ACEOF
+
+fi
+
+
+# Check whether --enable-endian-check was given.
+if test "${enable_endian_check+set}" = set; then :
+  enableval=$enable_endian_check; endiancheck=$enableval
+else
+  endiancheck=yes
+fi
+
+
+if test x"$endiancheck" = xyes ; then
+
+    tmp_assumed_endian=big
+    if test "$cross_compiling" = yes; then
+      case "$host_cpu" in
+         i[345678]* )
+            tmp_assumed_endian=little
+            ;;
+         *)
+            ;;
+      esac
+      { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling; assuming $tmp_assumed_endian endianess" >&5
+$as_echo "$as_me: WARNING: cross compiling; assuming $tmp_assumed_endian endianess" >&2;}
+    fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking endianess" >&5
+$as_echo_n "checking endianess... " >&6; }
+    if ${gnupg_cv_c_endian+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+   gnupg_cv_c_endian=unknown
+        # See if sys/param.h defines the BYTE_ORDER macro.
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+        #include 
+int
+main ()
+{
+
+        #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
+         bogus endian macros
+        #endif
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  # It does; now see whether it defined to BIG_ENDIAN or not.
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+        #include 
+int
+main ()
+{
+
+        #if BYTE_ORDER != BIG_ENDIAN
+         not big endian
+        #endif
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  gnupg_cv_c_endian=big
+else
+  gnupg_cv_c_endian=little
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+        if test "$gnupg_cv_c_endian" = unknown; then
+            if test "$cross_compiling" = yes; then :
+  gnupg_cv_c_endian=$tmp_assumed_endian
+
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+main () {
+              /* Are we little or big endian?  From Harbison&Steele.  */
+              union
+              {
+                long l;
+                char c[sizeof (long)];
+              } u;
+              u.l = 1;
+              exit (u.c[sizeof (long) - 1] == 1);
+              }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  gnupg_cv_c_endian=little
+else
+  gnupg_cv_c_endian=big
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+        fi
+
+fi
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_c_endian" >&5
+$as_echo "$gnupg_cv_c_endian" >&6; }
+    if test "$gnupg_cv_c_endian" = little; then
+
+$as_echo "#define LITTLE_ENDIAN_HOST 1" >>confdefs.h
+
     else
-            for found_dir in $rpathdirs; do
-        acl_save_libdir="$libdir"
-        libdir="$found_dir"
-        eval flag=\"$acl_hardcode_libdir_flag_spec\"
-        libdir="$acl_save_libdir"
-        LIBINTL="${LIBINTL}${LIBINTL:+ }$flag"
-      done
+
+$as_echo "#define BIG_ENDIAN_HOST 1" >>confdefs.h
+
     fi
-  fi
-  if test "X$ltrpathdirs" != "X"; then
-            for found_dir in $ltrpathdirs; do
-      LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir"
-    done
-  fi
 
-          { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5
-$as_echo_n "checking for GNU gettext in libintl... " >&6; }
-if eval \${$gt_func_gnugettext_libintl+:} false; then :
+fi
+
+# fixme: we should get rid of the byte type
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for byte typedef" >&5
+$as_echo_n "checking for byte typedef... " >&6; }
+    if ${gnupg_cv_typedef_byte+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-  gt_save_CPPFLAGS="$CPPFLAGS"
-            CPPFLAGS="$CPPFLAGS $INCINTL"
-            gt_save_LIBS="$LIBS"
-            LIBS="$LIBS $LIBINTL"
-                        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#include 
-$gt_revision_test_code
-extern int _nl_msg_cat_cntr;
-extern
-#ifdef __cplusplus
-"C"
-#endif
-const char *_nl_expand_alias (const char *);
+#define _GNU_SOURCE 1
+    #include 
+    #include 
 int
 main ()
 {
-bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
+
+    #undef byte
+    int a = sizeof(byte);
+
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  eval "$gt_func_gnugettext_libintl=yes"
+if ac_fn_c_try_compile "$LINENO"; then :
+  gnupg_cv_typedef_byte=yes
 else
-  eval "$gt_func_gnugettext_libintl=no"
+  gnupg_cv_typedef_byte=no
 fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-                        if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then
-              LIBS="$LIBS $LIBICONV"
-              cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_byte" >&5
+$as_echo "$gnupg_cv_typedef_byte" >&6; }
+    if test "$gnupg_cv_typedef_byte" = yes; then
+
+$as_echo "#define HAVE_BYTE_TYPEDEF 1" >>confdefs.h
+
+    fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ushort typedef" >&5
+$as_echo_n "checking for ushort typedef... " >&6; }
+    if ${gnupg_cv_typedef_ushort+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#include 
-$gt_revision_test_code
-extern int _nl_msg_cat_cntr;
-extern
-#ifdef __cplusplus
-"C"
-#endif
-const char *_nl_expand_alias (const char *);
+#define _GNU_SOURCE 1
+    #include 
+    #include 
 int
 main ()
 {
-bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
+
+    #undef ushort
+    int a = sizeof(ushort);
+
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  LIBINTL="$LIBINTL $LIBICONV"
-                LTLIBINTL="$LTLIBINTL $LTLIBICONV"
-                eval "$gt_func_gnugettext_libintl=yes"
-
+if ac_fn_c_try_compile "$LINENO"; then :
+  gnupg_cv_typedef_ushort=yes
+else
+  gnupg_cv_typedef_ushort=no
 fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-            fi
-            CPPFLAGS="$gt_save_CPPFLAGS"
-            LIBS="$gt_save_LIBS"
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-eval ac_res=\$$gt_func_gnugettext_libintl
-	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-        fi
-
-                                        if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \
-           || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \
-                && test "$PACKAGE" != gettext-runtime \
-                && test "$PACKAGE" != gettext-tools; }; then
-          gt_use_preinstalled_gnugettext=yes
-        else
-                    LIBINTL=
-          LTLIBINTL=
-          INCINTL=
-        fi
 
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_ushort" >&5
+$as_echo "$gnupg_cv_typedef_ushort" >&6; }
+    if test "$gnupg_cv_typedef_ushort" = yes; then
 
+$as_echo "#define HAVE_USHORT_TYPEDEF 1" >>confdefs.h
 
-    if test -n "$INTL_MACOSX_LIBS"; then
-      if test "$gt_use_preinstalled_gnugettext" = "yes" \
-         || test "$nls_cv_use_gnu_gettext" = "yes"; then
-                LIBINTL="$LIBINTL $INTL_MACOSX_LIBS"
-        LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS"
-      fi
     fi
 
-    if test "$gt_use_preinstalled_gnugettext" = "yes" \
-       || test "$nls_cv_use_gnu_gettext" = "yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ulong typedef" >&5
+$as_echo_n "checking for ulong typedef... " >&6; }
+    if ${gnupg_cv_typedef_ulong+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#define _GNU_SOURCE 1
+    #include 
+    #include 
+int
+main ()
+{
 
-$as_echo "#define ENABLE_NLS 1" >>confdefs.h
+    #undef ulong
+    int a = sizeof(ulong);
 
-    else
-      USE_NLS=no
-    fi
-  fi
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  gnupg_cv_typedef_ulong=yes
+else
+  gnupg_cv_typedef_ulong=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_ulong" >&5
+$as_echo "$gnupg_cv_typedef_ulong" >&6; }
+    if test "$gnupg_cv_typedef_ulong" = yes; then
+
+$as_echo "#define HAVE_ULONG_TYPEDEF 1" >>confdefs.h
 
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5
-$as_echo_n "checking whether to use NLS... " >&6; }
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5
-$as_echo "$USE_NLS" >&6; }
-  if test "$USE_NLS" = "yes"; then
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5
-$as_echo_n "checking where the gettext function comes from... " >&6; }
-    if test "$gt_use_preinstalled_gnugettext" = "yes"; then
-      if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
-        gt_source="external libintl"
-      else
-        gt_source="libc"
-      fi
-    else
-      gt_source="included intl directory"
     fi
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5
-$as_echo "$gt_source" >&6; }
-  fi
 
-  if test "$USE_NLS" = "yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u16 typedef" >&5
+$as_echo_n "checking for u16 typedef... " >&6; }
+    if ${gnupg_cv_typedef_u16+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#define _GNU_SOURCE 1
+    #include 
+    #include 
+int
+main ()
+{
 
-    if test "$gt_use_preinstalled_gnugettext" = "yes"; then
-      if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
-        { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5
-$as_echo_n "checking how to link with libintl... " >&6; }
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5
-$as_echo "$LIBINTL" >&6; }
+    #undef u16
+    int a = sizeof(u16);
 
-  for element in $INCINTL; do
-    haveit=
-    for x in $CPPFLAGS; do
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  gnupg_cv_typedef_u16=yes
+else
+  gnupg_cv_typedef_u16=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
 
-  acl_save_prefix="$prefix"
-  prefix="$acl_final_prefix"
-  acl_save_exec_prefix="$exec_prefix"
-  exec_prefix="$acl_final_exec_prefix"
-  eval x=\"$x\"
-  exec_prefix="$acl_save_exec_prefix"
-  prefix="$acl_save_prefix"
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_u16" >&5
+$as_echo "$gnupg_cv_typedef_u16" >&6; }
+    if test "$gnupg_cv_typedef_u16" = yes; then
+
+$as_echo "#define HAVE_U16_TYPEDEF 1" >>confdefs.h
 
-      if test "X$x" = "X$element"; then
-        haveit=yes
-        break
-      fi
-    done
-    if test -z "$haveit"; then
-      CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
     fi
-  done
 
-      fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u32 typedef" >&5
+$as_echo_n "checking for u32 typedef... " >&6; }
+    if ${gnupg_cv_typedef_u32+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#define _GNU_SOURCE 1
+    #include 
+    #include 
+int
+main ()
+{
 
+    #undef u32
+    int a = sizeof(u32);
 
-$as_echo "#define HAVE_GETTEXT 1" >>confdefs.h
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  gnupg_cv_typedef_u32=yes
+else
+  gnupg_cv_typedef_u32=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
 
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_u32" >&5
+$as_echo "$gnupg_cv_typedef_u32" >&6; }
+    if test "$gnupg_cv_typedef_u32" = yes; then
 
-$as_echo "#define HAVE_DCGETTEXT 1" >>confdefs.h
+$as_echo "#define HAVE_U32_TYPEDEF 1" >>confdefs.h
 
     fi
 
-        POSUB=po
-  fi
 
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned short" >&5
+$as_echo_n "checking size of unsigned short... " >&6; }
+if ${ac_cv_sizeof_unsigned_short+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned short))" "ac_cv_sizeof_unsigned_short"        "$ac_includes_default"; then :
+
+else
+  if test "$ac_cv_type_unsigned_short" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned short)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_unsigned_short=0
+   fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_short" >&5
+$as_echo "$ac_cv_sizeof_unsigned_short" >&6; }
 
 
-    INTLLIBS="$LIBINTL"
 
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_SHORT $ac_cv_sizeof_unsigned_short
+_ACEOF
 
 
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5
+$as_echo_n "checking size of unsigned int... " >&6; }
+if ${ac_cv_sizeof_unsigned_int+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int"        "$ac_includes_default"; then :
 
+else
+  if test "$ac_cv_type_unsigned_int" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned int)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_unsigned_int=0
+   fi
+fi
 
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5
+$as_echo "$ac_cv_sizeof_unsigned_int" >&6; }
 
 
-  # gettext requires some extra checks.  These really should be part of
-  # the basic AM_GNU_GETTEXT macro.  TODO: move other gettext-specific
-  # function checks to here.
 
-  for ac_func in strchr
-do :
-  ac_fn_c_check_func "$LINENO" "strchr" "ac_cv_func_strchr"
-if test "x$ac_cv_func_strchr" = xyes; then :
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_STRCHR 1
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_INT $ac_cv_sizeof_unsigned_int
 _ACEOF
 
-fi
-done
 
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5
+$as_echo_n "checking size of unsigned long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long+:} false; then :
+  $as_echo_n "(cached) " >&6
 else
-  USE_NLS=no
-  USE_INCLUDED_LIBINTL=no
-  BUILD_INCLUDED_LIBINTL=no
-  POSUB=po
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long"        "$ac_includes_default"; then :
+
+else
+  if test "$ac_cv_type_unsigned_long" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_unsigned_long=0
+   fi
+fi
 
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long" >&6; }
 
 
 
-fi
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long
+_ACEOF
 
-# We use HAVE_LANGINFO_CODESET in a couple of places.
 
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_langinfo and CODESET" >&5
-$as_echo_n "checking for nl_langinfo and CODESET... " >&6; }
-if ${am_cv_langinfo_codeset+:} false; then :
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long long" >&5
+$as_echo_n "checking size of unsigned long long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long_long+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include 
-int
-main ()
-{
-char* cs = nl_langinfo(CODESET); return !cs;
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  am_cv_langinfo_codeset=yes
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long))" "ac_cv_sizeof_unsigned_long_long"        "$ac_includes_default"; then :
+
 else
-  am_cv_langinfo_codeset=no
+  if test "$ac_cv_type_unsigned_long_long" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long long)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_unsigned_long_long=0
+   fi
 fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
 
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_langinfo_codeset" >&5
-$as_echo "$am_cv_langinfo_codeset" >&6; }
-  if test $am_cv_langinfo_codeset = yes; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long_long" >&6; }
 
-$as_echo "#define HAVE_LANGINFO_CODESET 1" >>confdefs.h
 
-  fi
 
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG_LONG $ac_cv_sizeof_unsigned_long_long
+_ACEOF
 
-# Checks required for our use of locales
 
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LC_MESSAGES" >&5
-$as_echo_n "checking for LC_MESSAGES... " >&6; }
-if ${gt_cv_val_LC_MESSAGES+:} false; then :
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
+$as_echo_n "checking size of time_t... " >&6; }
+if ${ac_cv_sizeof_time_t+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include 
-int
-main ()
-{
-return LC_MESSAGES
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  gt_cv_val_LC_MESSAGES=yes
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t"        "
+#include 
+#if TIME_WITH_SYS_TIME
+# include 
+# include 
+#else
+# if HAVE_SYS_TIME_H
+#  include 
+# else
+#  include 
+# endif
+#endif
+
+"; then :
+
 else
-  gt_cv_val_LC_MESSAGES=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
+  if test "$ac_cv_type_time_t" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (time_t)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_time_t=0
+   fi
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_val_LC_MESSAGES" >&5
-$as_echo "$gt_cv_val_LC_MESSAGES" >&6; }
-  if test $gt_cv_val_LC_MESSAGES = yes; then
-
-$as_echo "#define HAVE_LC_MESSAGES 1" >>confdefs.h
 
-  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5
+$as_echo "$ac_cv_sizeof_time_t" >&6; }
 
 
 
-#
-# SELinux support
-#
-if test "$selinux_support" = yes ; then
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_TIME_T $ac_cv_sizeof_time_t
+_ACEOF
 
-$as_echo "#define ENABLE_SELINUX_HACKS 1" >>confdefs.h
 
-fi
 
 
-#
-# Checks for header files.
-#
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for header files" >&5
-$as_echo "$as_me: checking for header files" >&6;}
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
-$as_echo_n "checking for ANSI C header files... " >&6; }
-if ${ac_cv_header_stdc+:} false; then :
+# Ensure that we have UINT64_C before we bother to check for uint64_t
+# Fixme: really needed in gnupg?  I think it is only useful in libcgrypt.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for UINT64_C" >&5
+$as_echo_n "checking for UINT64_C... " >&6; }
+if ${gnupg_cv_uint64_c_works+:} false; then :
   $as_echo_n "(cached) " >&6
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#include 
-#include 
-#include 
-#include 
-
+#include 
 int
 main ()
 {
-
+uint64_t foo=UINT64_C(42);
   ;
   return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"; then :
-  ac_cv_header_stdc=yes
+  gnupg_cv_uint64_c_works=yes
 else
-  ac_cv_header_stdc=no
+  gnupg_cv_uint64_c_works=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
-  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include 
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "memchr" >/dev/null 2>&1; then :
-
-else
-  ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
 fi
-
-if test $ac_cv_header_stdc = yes; then
-  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include 
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "free" >/dev/null 2>&1; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_uint64_c_works" >&5
+$as_echo "$gnupg_cv_uint64_c_works" >&6; }
+if test "$gnupg_cv_uint64_c_works" = "yes" ; then
+   # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of uint64_t" >&5
+$as_echo_n "checking size of uint64_t... " >&6; }
+if ${ac_cv_sizeof_uint64_t+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (uint64_t))" "ac_cv_sizeof_uint64_t"        "$ac_includes_default"; then :
 
 else
-  ac_cv_header_stdc=no
+  if test "$ac_cv_type_uint64_t" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (uint64_t)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_uint64_t=0
+   fi
 fi
-rm -f conftest*
 
 fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_uint64_t" >&5
+$as_echo "$ac_cv_sizeof_uint64_t" >&6; }
 
-if test $ac_cv_header_stdc = yes; then
-  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
-  if test "$cross_compiling" = yes; then :
-  :
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include 
-#include 
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
-		   (('a' <= (c) && (c) <= 'i') \
-		     || ('j' <= (c) && (c) <= 'r') \
-		     || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
 
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
-  int i;
-  for (i = 0; i < 256; i++)
-    if (XOR (islower (i), ISLOWER (i))
-	|| toupper (i) != TOUPPER (i))
-      return 2;
-  return 0;
-}
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UINT64_T $ac_cv_sizeof_uint64_t
 _ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
 
-else
-  ac_cv_header_stdc=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
 
 fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
-$as_echo "$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-
-$as_echo "#define STDC_HEADERS 1" >>confdefs.h
 
+if test "$ac_cv_sizeof_unsigned_short" = "0" \
+   || test "$ac_cv_sizeof_unsigned_int" = "0" \
+   || test "$ac_cv_sizeof_unsigned_long" = "0"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Hmmm, something is wrong with the sizes - using defaults" >&5
+$as_echo "$as_me: WARNING: Hmmm, something is wrong with the sizes - using defaults" >&2;};
 fi
 
-for ac_header in string.h unistd.h langinfo.h termio.h locale.h getopt.h \
-                  pty.h utmp.h pwd.h inttypes.h signal.h sys/select.h     \
-                  signal.h
-do :
-  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
-  cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
 
+#
+# Checks for library functions.
+#
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library functions" >&5
+$as_echo "$as_me: checking for library functions" >&6;}
+ac_fn_c_check_decl "$LINENO" "getpagesize" "ac_cv_have_decl_getpagesize" "$ac_includes_default"
+if test "x$ac_cv_have_decl_getpagesize" = xyes; then :
+  ac_have_decl=1
+else
+  ac_have_decl=0
 fi
 
-done
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_GETPAGESIZE $ac_have_decl
+_ACEOF
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
-$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
-if ${ac_cv_header_time+:} false; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5
+$as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; }
+if ${ac_cv_sys_largefile_source+:} false; then :
   $as_echo_n "(cached) " >&6
 else
+  while :; do
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#include 
-#include 
-#include 
-
+#include  /* for off_t */
+     #include 
 int
 main ()
 {
-if ((struct tm *) 0)
-return 0;
+int (*fp) (FILE *, off_t, int) = fseeko;
+     return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_cv_header_time=yes
-else
-  ac_cv_header_time=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
-$as_echo "$ac_cv_header_time" >&6; }
-if test $ac_cv_header_time = yes; then
-
-$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
-
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_sys_largefile_source=no; break
 fi
-
-
-
-#
-# Checks for typedefs, structures, and compiler characteristics.
-#
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for system characteristics" >&5
-$as_echo "$as_me: checking for system characteristics" >&6;}
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
-if ${ac_cv_c_const+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-
+#define _LARGEFILE_SOURCE 1
+#include  /* for off_t */
+     #include 
 int
 main ()
 {
+int (*fp) (FILE *, off_t, int) = fseeko;
+     return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_sys_largefile_source=1; break
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+  ac_cv_sys_largefile_source=unknown
+  break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5
+$as_echo "$ac_cv_sys_largefile_source" >&6; }
+case $ac_cv_sys_largefile_source in #(
+  no | unknown) ;;
+  *)
+cat >>confdefs.h <<_ACEOF
+#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source
+_ACEOF
+;;
+esac
+rm -rf conftest*
 
-#ifndef __cplusplus
-  /* Ultrix mips cc rejects this sort of thing.  */
-  typedef int charset[2];
-  const charset cs = { 0, 0 };
-  /* SunOS 4.1.1 cc rejects this.  */
-  char const *const *pcpcc;
-  char **ppc;
-  /* NEC SVR4.0.2 mips cc rejects this.  */
-  struct point {int x, y;};
-  static struct point const zero = {0,0};
-  /* AIX XL C 1.02.0.0 rejects this.
-     It does not let you subtract one const X* pointer from another in
-     an arm of an if-expression whose if-part is not a constant
-     expression */
-  const char *g = "string";
-  pcpcc = &g + (g ? g-g : 0);
-  /* HPUX 7.0 cc rejects these. */
-  ++pcpcc;
-  ppc = (char**) pcpcc;
-  pcpcc = (char const *const *) ppc;
-  { /* SCO 3.2v4 cc rejects this sort of thing.  */
-    char tx;
-    char *t = &tx;
-    char const *s = 0 ? (char *) 0 : (char const *) 0;
-
-    *t++ = 0;
-    if (s) return 0;
-  }
-  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
-    int x[] = {25, 17};
-    const int *foo = &x[0];
-    ++foo;
-  }
-  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
-    typedef const int *iptr;
-    iptr p = 0;
-    ++p;
-  }
-  { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
-       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
-    struct s { int j; const int *ap[3]; } bx;
-    struct s *b = &bx; b->j = 5;
-  }
-  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
-    const int foo = 10;
-    if (!foo) return 0;
-  }
-  return !cs[0] && !zero.x;
-#endif
+# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug
+# in glibc 2.1.3, but that breaks too many other things.
+# If you want fseeko and ftello with glibc, upgrade to a fixed glibc.
+if test $ac_cv_sys_largefile_source != unknown; then
 
-  ;
-  return 0;
-}
+$as_echo "#define HAVE_FSEEKO 1" >>confdefs.h
+
+fi
+
+for ac_func in vprintf
+do :
+  ac_fn_c_check_func "$LINENO" "vprintf" "ac_cv_func_vprintf"
+if test "x$ac_cv_func_vprintf" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_VPRINTF 1
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_cv_c_const=yes
-else
-  ac_cv_c_const=no
+
+ac_fn_c_check_func "$LINENO" "_doprnt" "ac_cv_func__doprnt"
+if test "x$ac_cv_func__doprnt" = xyes; then :
+
+$as_echo "#define HAVE_DOPRNT 1" >>confdefs.h
+
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-$as_echo "$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
+done
 
-$as_echo "#define const /**/" >>confdefs.h
 
-fi
+ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default"
+if test "x$ac_cv_type_pid_t" = xyes; then :
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
-$as_echo_n "checking for inline... " >&6; }
-if ${ac_cv_c_inline+:} false; then :
-  $as_echo_n "(cached) " >&6
 else
-  ac_cv_c_inline=no
-for ac_kw in inline __inline__ __inline; do
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#ifndef __cplusplus
-typedef int foo_t;
-static $ac_kw foo_t static_foo () {return 0; }
-$ac_kw foo_t foo () {return 0; }
-#endif
 
+cat >>confdefs.h <<_ACEOF
+#define pid_t int
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_cv_c_inline=$ac_kw
+
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-  test "$ac_cv_c_inline" != no && break
-done
+
+for ac_header in vfork.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default"
+if test "x$ac_cv_header_vfork_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_VFORK_H 1
+_ACEOF
 
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
-$as_echo "$ac_cv_c_inline" >&6; }
 
-case $ac_cv_c_inline in
-  inline | yes) ;;
-  *)
-    case $ac_cv_c_inline in
-      no) ac_val=;;
-      *) ac_val=$ac_cv_c_inline;;
-    esac
-    cat >>confdefs.h <<_ACEOF
-#ifndef __cplusplus
-#define inline $ac_val
-#endif
+done
+
+for ac_func in fork vfork
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
-    ;;
-esac
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working volatile" >&5
-$as_echo_n "checking for working volatile... " >&6; }
-if ${ac_cv_c_volatile+:} false; then :
+fi
+done
+
+if test "x$ac_cv_func_fork" = xyes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5
+$as_echo_n "checking for working fork... " >&6; }
+if ${ac_cv_func_fork_works+:} false; then :
   $as_echo_n "(cached) " >&6
 else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_fork_works=cross
+else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-
+$ac_includes_default
 int
 main ()
 {
 
-volatile int x;
-int * volatile y = (int *) 0;
-return !x && !y;
+	  /* By Ruediger Kuhlmann. */
+	  return fork () < 0;
+
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_cv_c_volatile=yes
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_fork_works=yes
 else
-  ac_cv_c_volatile=no
+  ac_cv_func_fork_works=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_volatile" >&5
-$as_echo "$ac_cv_c_volatile" >&6; }
-if test $ac_cv_c_volatile = no; then
-
-$as_echo "#define volatile /**/" >>confdefs.h
 
 fi
-
-ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
-if test "x$ac_cv_type_size_t" = xyes; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5
+$as_echo "$ac_cv_func_fork_works" >&6; }
 
 else
-
-cat >>confdefs.h <<_ACEOF
-#define size_t unsigned int
-_ACEOF
-
+  ac_cv_func_fork_works=$ac_cv_func_fork
 fi
-
-ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default"
-if test "x$ac_cv_type_mode_t" = xyes; then :
-
-else
-
-cat >>confdefs.h <<_ACEOF
-#define mode_t int
-_ACEOF
-
+if test "x$ac_cv_func_fork_works" = xcross; then
+  case $host in
+    *-*-amigaos* | *-*-msdosdjgpp*)
+      # Override, as these systems have only a dummy fork() stub
+      ac_cv_func_fork_works=no
+      ;;
+    *)
+      ac_cv_func_fork_works=yes
+      ;;
+  esac
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5
+$as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;}
 fi
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
-$as_echo_n "checking return type of signal handlers... " >&6; }
-if ${ac_cv_type_signal+:} false; then :
+ac_cv_func_vfork_works=$ac_cv_func_vfork
+if test "x$ac_cv_func_vfork" = xyes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5
+$as_echo_n "checking for working vfork... " >&6; }
+if ${ac_cv_func_vfork_works+:} false; then :
   $as_echo_n "(cached) " >&6
 else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_vfork_works=cross
+else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#include 
-#include 
+/* Thanks to Paul Eggert for this test.  */
+$ac_includes_default
+#include 
+#ifdef HAVE_VFORK_H
+# include 
+#endif
+/* On some sparc systems, changes by the child to local and incoming
+   argument registers are propagated back to the parent.  The compiler
+   is told about this with #include , but some compilers
+   (e.g. gcc -O) don't grok .  Test for this by using a
+   static variable whose address is put into a register that is
+   clobbered by the vfork.  */
+static void
+#ifdef __cplusplus
+sparc_address_test (int arg)
+# else
+sparc_address_test (arg) int arg;
+#endif
+{
+  static pid_t child;
+  if (!child) {
+    child = vfork ();
+    if (child < 0) {
+      perror ("vfork");
+      _exit(2);
+    }
+    if (!child) {
+      arg = getpid();
+      write(-1, "", 0);
+      _exit (arg);
+    }
+  }
+}
 
 int
 main ()
 {
-return *(signal (0, 0)) (0) == 1;
-  ;
-  return 0;
+  pid_t parent = getpid ();
+  pid_t child;
+
+  sparc_address_test (0);
+
+  child = vfork ();
+
+  if (child == 0) {
+    /* Here is another test for sparc vfork register problems.  This
+       test uses lots of local variables, at least as many local
+       variables as main has allocated so far including compiler
+       temporaries.  4 locals are enough for gcc 1.40.3 on a Solaris
+       4.1.3 sparc, but we use 8 to be safe.  A buggy compiler should
+       reuse the register of parent for one of the local variables,
+       since it will think that parent can't possibly be used any more
+       in this routine.  Assigning to the local variable will thus
+       munge parent in the parent process.  */
+    pid_t
+      p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(),
+      p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid();
+    /* Convince the compiler that p..p7 are live; otherwise, it might
+       use the same hardware register for all 8 local variables.  */
+    if (p != p1 || p != p2 || p != p3 || p != p4
+	|| p != p5 || p != p6 || p != p7)
+      _exit(1);
+
+    /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent
+       from child file descriptors.  If the child closes a descriptor
+       before it execs or exits, this munges the parent's descriptor
+       as well.  Test for this by closing stdout in the child.  */
+    _exit(close(fileno(stdout)) != 0);
+  } else {
+    int status;
+    struct stat st;
+
+    while (wait(&status) != child)
+      ;
+    return (
+	 /* Was there some problem with vforking?  */
+	 child < 0
+
+	 /* Did the child fail?  (This shouldn't happen.)  */
+	 || status
+
+	 /* Did the vfork/compiler bug occur?  */
+	 || parent != getpid()
+
+	 /* Did the file descriptor bug occur?  */
+	 || fstat(fileno(stdout), &st) != 0
+	 );
+  }
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_cv_type_signal=int
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_vfork_works=yes
 else
-  ac_cv_type_signal=void
+  ac_cv_func_vfork_works=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5
-$as_echo "$ac_cv_type_signal" >&6; }
 
-cat >>confdefs.h <<_ACEOF
-#define RETSIGTYPE $ac_cv_type_signal
-_ACEOF
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5
+$as_echo "$ac_cv_func_vfork_works" >&6; }
 
+fi;
+if test "x$ac_cv_func_fork_works" = xcross; then
+  ac_cv_func_vfork_works=$ac_cv_func_vfork
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5
+$as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;}
+fi
 
-ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" "#include 
-/* NetBSD declares sys_siglist in unistd.h.  */
-#ifdef HAVE_UNISTD_H
-# include 
-#endif
+if test "x$ac_cv_func_vfork_works" = xyes; then
+
+$as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h
 
-"
-if test "x$ac_cv_have_decl_sys_siglist" = xyes; then :
-  ac_have_decl=1
 else
-  ac_have_decl=0
-fi
 
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_SYS_SIGLIST $ac_have_decl
-_ACEOF
+$as_echo "#define vfork fork" >>confdefs.h
 
+fi
+if test "x$ac_cv_func_fork_works" = xyes; then
 
+$as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h
 
+fi
 
+for ac_func in strerror strlwr tcgetattr mmap
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
 
+fi
+done
 
-  for ac_header in $ac_header_list
+for ac_func in strcasecmp strncasecmp ctermid times gmtime_r
 do :
-  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
-"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
 fi
-
 done
 
+for ac_func in unsetenv fcntl ftruncate inet_ntop
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
 
+fi
+done
 
+for ac_func in gettimeofday getrusage getrlimit setrlimit clock_gettime
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
 
+fi
+done
 
-  if test $ac_cv_header_sys_socket_h = yes; then
-    SYS_SOCKET_H=''
-  else
-                    for ac_header in winsock2.h ws2tcpip.h
+for ac_func in atexit raise getpagesize strftime nl_langinfo setlocale
 do :
-  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
 fi
+done
+
+for ac_func in waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
 
+fi
 done
 
-    SYS_SOCKET_H='sys/socket.h'
-  fi
+for ac_func in ttyname rand ftello fsync stat
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
 
+fi
+done
 
-   ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include 
-      #if HAVE_SYS_SOCKET_H
-      # include 
-      #elif HAVE_WS2TCPIP_H
-      # include 
-      #endif
-"
-if test "x$ac_cv_type_socklen_t" = xyes; then :
 
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5
-$as_echo_n "checking for socklen_t equivalent... " >&6; }
-      if ${gl_cv_gl_cv_socklen_t_equiv+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  # Systems have either "struct sockaddr *" or
-	 # "void *" as the second argument to getpeername
-	 gl_cv_socklen_t_equiv=
-	 for arg2 in "struct sockaddr" void; do
-	   for t in int size_t "unsigned int" "long int" "unsigned long int"; do
-	     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include 
-		#include 
+ac_fn_c_check_type "$LINENO" "struct sigaction" "ac_cv_type_struct_sigaction" "#include 
+"
+if test "x$ac_cv_type_struct_sigaction" = xyes; then :
 
-		int getpeername (int, $arg2 *, $t *);
-int
-main ()
-{
-$t len;
-		getpeername (0, 0, &len);
-  ;
-  return 0;
-}
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SIGACTION 1
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gl_cv_socklen_t_equiv="$t"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-	     test "$gl_cv_socklen_t_equiv" != "" && break
-	   done
-	   test "$gl_cv_socklen_t_equiv" != "" && break
-	 done
 
-fi
 
-      if test "$gl_cv_socklen_t_equiv" = ""; then
-	as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5
-      fi
-      { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_socklen_t_equiv" >&5
-$as_echo "$gl_cv_socklen_t_equiv" >&6; }
+fi
+ac_fn_c_check_type "$LINENO" "sigset_t" "ac_cv_type_sigset_t" "#include 
+"
+if test "x$ac_cv_type_sigset_t" = xyes; then :
 
 cat >>confdefs.h <<_ACEOF
-#define socklen_t $gl_cv_socklen_t_equiv
+#define HAVE_SIGSET_T 1
 _ACEOF
 
-fi
 
+fi
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_addr" >&5
-$as_echo_n "checking for library containing inet_addr... " >&6; }
-if ${ac_cv_search_inet_addr+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
 
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char inet_addr ();
-int
-main ()
-{
-return inet_addr ();
-  ;
-  return 0;
-}
+#
+# These are needed by libjnlib - fixme: we should use a jnlib.m4
+# Note:  We already checked pwd.h.
+for ac_func in memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
-for ac_lib in '' nsl; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_inet_addr=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_inet_addr+:} false; then :
-  break
+
 fi
 done
-if ${ac_cv_search_inet_addr+:} false; then :
 
-else
-  ac_cv_search_inet_addr=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_addr" >&5
-$as_echo "$ac_cv_search_inet_addr" >&6; }
-ac_res=$ac_cv_search_inet_addr
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+for ac_func in memrchr isascii timegm getrusage setrlimit stat setlocale
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
 
 fi
+done
 
+for ac_func in flockfile funlockfile fopencookie funopen getpwnam getpwuid
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
 
-# Check whether --enable-endian-check was given.
-if test "${enable_endian_check+set}" = set; then :
-  enableval=$enable_endian_check; endiancheck=$enableval
-else
-  endiancheck=yes
 fi
+done
 
 
-if test x"$endiancheck" = xyes ; then
+#
+# gnulib checks
+#
 
-    tmp_assumed_endian=big
-    tmp_assume_warn=""
-    if test "$cross_compiling" = yes; then
-      case "$host_cpu" in
-         i[345678]* )
-            tmp_assumed_endian=little
-            ;;
-         *)
-            ;;
-      esac
-    fi
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking endianess" >&5
-$as_echo_n "checking endianess... " >&6; }
-    if ${gnupg_cv_c_endian+:} false; then :
+
+
+# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
+# for constant arguments.  Useless!
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working alloca.h" >&5
+$as_echo_n "checking for working alloca.h... " >&6; }
+if ${ac_cv_working_alloca_h+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-   gnupg_cv_c_endian=unknown
-        # See if sys/param.h defines the BYTE_ORDER macro.
-        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#include 
-        #include 
+#include 
 int
 main ()
 {
-
-        #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
-         bogus endian macros
-        #endif
+char *p = (char *) alloca (2 * sizeof (int));
+			  if (p) return 0;
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  # It does; now see whether it defined to BIG_ENDIAN or not.
-        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_working_alloca_h=yes
+else
+  ac_cv_working_alloca_h=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_working_alloca_h" >&5
+$as_echo "$ac_cv_working_alloca_h" >&6; }
+if test $ac_cv_working_alloca_h = yes; then
+
+$as_echo "#define HAVE_ALLOCA_H 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for alloca" >&5
+$as_echo_n "checking for alloca... " >&6; }
+if ${ac_cv_func_alloca_works+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#include 
-        #include 
+#ifdef __GNUC__
+# define alloca __builtin_alloca
+#else
+# ifdef _MSC_VER
+#  include 
+#  define alloca _alloca
+# else
+#  ifdef HAVE_ALLOCA_H
+#   include 
+#  else
+#   ifdef _AIX
+ #pragma alloca
+#   else
+#    ifndef alloca /* predefined by HP cc +Olibcalls */
+void *alloca (size_t);
+#    endif
+#   endif
+#  endif
+# endif
+#endif
+
 int
 main ()
 {
-
-        #if BYTE_ORDER != BIG_ENDIAN
-         not big endian
-        #endif
+char *p = (char *) alloca (1);
+				    if (p) return 0;
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_c_endian=big
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_func_alloca_works=yes
 else
-  gnupg_cv_c_endian=little
+  ac_cv_func_alloca_works=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-        if test "$gnupg_cv_c_endian" = unknown; then
-            if test "$cross_compiling" = yes; then :
-  gnupg_cv_c_endian=$tmp_assumed_endian
-              tmp_assumed_warn=" (assumed)"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_alloca_works" >&5
+$as_echo "$ac_cv_func_alloca_works" >&6; }
+
+if test $ac_cv_func_alloca_works = yes; then
+
+$as_echo "#define HAVE_ALLOCA 1" >>confdefs.h
+
+else
+  # The SVR3 libPW and SVR4 libucb both contain incompatible functions
+# that cause trouble.  Some versions do not even contain alloca or
+# contain a buggy version.  If you still want to use their alloca,
+# use ar to extract alloca.o from them instead of compiling alloca.c.
+
+ALLOCA=\${LIBOBJDIR}alloca.$ac_objext
+
+$as_echo "#define C_ALLOCA 1" >>confdefs.h
 
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether \`alloca.c' needs Cray hooks" >&5
+$as_echo_n "checking whether \`alloca.c' needs Cray hooks... " >&6; }
+if ${ac_cv_os_cray+:} false; then :
+  $as_echo_n "(cached) " >&6
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-main () {
-              /* Are we little or big endian?  From Harbison&Steele.  */
-              union
-              {
-                long l;
-                char c[sizeof (long)];
-              } u;
-              u.l = 1;
-              exit (u.c[sizeof (long) - 1] == 1);
-              }
+#if defined CRAY && ! defined CRAY2
+webecray
+#else
+wenotbecray
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "webecray" >/dev/null 2>&1; then :
+  ac_cv_os_cray=yes
+else
+  ac_cv_os_cray=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_os_cray" >&5
+$as_echo "$ac_cv_os_cray" >&6; }
+if test $ac_cv_os_cray = yes; then
+  for ac_func in _getb67 GETB67 getb67; do
+    as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define CRAY_STACKSEG_END $ac_func
+_ACEOF
+
+    break
+fi
+
+  done
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking stack direction for C alloca" >&5
+$as_echo_n "checking stack direction for C alloca... " >&6; }
+if ${ac_cv_c_stack_direction+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_c_stack_direction=0
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+find_stack_direction (int *addr, int depth)
+{
+  int dir, dummy = 0;
+  if (! addr)
+    addr = &dummy;
+  *addr = addr < &dummy ? 1 : addr == &dummy ? 0 : -1;
+  dir = depth ? find_stack_direction (addr, depth - 1) : 0;
+  return dir + dummy;
+}
+
+int
+main (int argc, char **argv)
+{
+  return find_stack_direction (0, argc + !argv + 20) < 0;
+}
 _ACEOF
 if ac_fn_c_try_run "$LINENO"; then :
-  gnupg_cv_c_endian=little
+  ac_cv_c_stack_direction=1
 else
-  gnupg_cv_c_endian=big
+  ac_cv_c_stack_direction=-1
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-        fi
-
 fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_stack_direction" >&5
+$as_echo "$ac_cv_c_stack_direction" >&6; }
+cat >>confdefs.h <<_ACEOF
+#define STACK_DIRECTION $ac_cv_c_stack_direction
+_ACEOF
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${gnupg_cv_c_endian}${tmp_assumed_warn}" >&5
-$as_echo "${gnupg_cv_c_endian}${tmp_assumed_warn}" >&6; }
-    if test "$gnupg_cv_c_endian" = little; then
-
-$as_echo "#define LITTLE_ENDIAN_HOST 1" >>confdefs.h
 
-    else
+fi
 
-$as_echo "#define BIG_ENDIAN_HOST 1" >>confdefs.h
 
-    fi
+  for ac_header in stdlib.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdlib_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_STDLIB_H 1
+_ACEOF
 
 fi
 
-# fixme: we should get rid of the byte type
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for byte typedef" >&5
-$as_echo_n "checking for byte typedef... " >&6; }
-    if ${gnupg_cv_typedef_byte+:} false; then :
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5
+$as_echo_n "checking for GNU libc compatible malloc... " >&6; }
+if ${ac_cv_func_malloc_0_nonnull+:} false; then :
   $as_echo_n "(cached) " >&6
 else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_malloc_0_nonnull=no
+else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#define _GNU_SOURCE 1
-    #include 
-    #include 
+#if defined STDC_HEADERS || defined HAVE_STDLIB_H
+# include 
+#else
+char *malloc ();
+#endif
+
 int
 main ()
 {
-
-    #undef byte
-    int a = sizeof(byte);
-
+return ! malloc (0);
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_typedef_byte=yes
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_malloc_0_nonnull=yes
 else
-  gnupg_cv_typedef_byte=no
+  ac_cv_func_malloc_0_nonnull=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_byte" >&5
-$as_echo "$gnupg_cv_typedef_byte" >&6; }
-    if test "$gnupg_cv_typedef_byte" = yes; then
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5
+$as_echo "$ac_cv_func_malloc_0_nonnull" >&6; }
+if test $ac_cv_func_malloc_0_nonnull = yes; then :
+  gl_cv_func_malloc_0_nonnull=1
+else
+  gl_cv_func_malloc_0_nonnull=0
+fi
 
-$as_echo "#define HAVE_BYTE_TYPEDEF 1" >>confdefs.h
 
-    fi
+cat >>confdefs.h <<_ACEOF
+#define MALLOC_0_IS_NONNULL $gl_cv_func_malloc_0_nonnull
+_ACEOF
 
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ushort typedef" >&5
-$as_echo_n "checking for ushort typedef... " >&6; }
-    if ${gnupg_cv_typedef_ushort+:} false; then :
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsigned long long int" >&5
+$as_echo_n "checking for unsigned long long int... " >&6; }
+if ${ac_cv_type_unsigned_long_long_int+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  ac_cv_type_unsigned_long_long_int=yes
+     if test "x${ac_cv_prog_cc_c99-no}" = xno; then
+       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#define _GNU_SOURCE 1
-    #include 
-    #include 
+
+  /* For now, do not test the preprocessor; as of 2007 there are too many
+         implementations with broken preprocessors.  Perhaps this can
+         be revisited in 2012.  In the meantime, code should not expect
+         #if to work with literals wider than 32 bits.  */
+      /* Test literals.  */
+      long long int ll = 9223372036854775807ll;
+      long long int nll = -9223372036854775807LL;
+      unsigned long long int ull = 18446744073709551615ULL;
+      /* Test constant expressions.   */
+      typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+                     ? 1 : -1)];
+      typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
+                     ? 1 : -1)];
+      int i = 63;
 int
 main ()
 {
-
-    #undef ushort
-    int a = sizeof(ushort);
-
+/* Test availability of runtime routines for shift and division.  */
+      long long int llmax = 9223372036854775807ll;
+      unsigned long long int ullmax = 18446744073709551615ull;
+      return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
+              | (llmax / ll) | (llmax % ll)
+              | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
+              | (ullmax / ull) | (ullmax % ull));
   ;
   return 0;
 }
+
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_typedef_ushort=yes
+if ac_fn_c_try_link "$LINENO"; then :
+
 else
-  gnupg_cv_typedef_ushort=no
+  ac_cv_type_unsigned_long_long_int=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+     fi
 fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_unsigned_long_long_int" >&5
+$as_echo "$ac_cv_type_unsigned_long_long_int" >&6; }
+  if test $ac_cv_type_unsigned_long_long_int = yes; then
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_ushort" >&5
-$as_echo "$gnupg_cv_typedef_ushort" >&6; }
-    if test "$gnupg_cv_typedef_ushort" = yes; then
+$as_echo "#define HAVE_UNSIGNED_LONG_LONG_INT 1" >>confdefs.h
 
-$as_echo "#define HAVE_USHORT_TYPEDEF 1" >>confdefs.h
+  fi
 
-    fi
 
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ulong typedef" >&5
-$as_echo_n "checking for ulong typedef... " >&6; }
-    if ${gnupg_cv_typedef_ulong+:} false; then :
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5
+$as_echo_n "checking for long long int... " >&6; }
+if ${ac_cv_type_long_long_int+:} false; then :
   $as_echo_n "(cached) " >&6
 else
+  ac_cv_type_long_long_int=yes
+      if test "x${ac_cv_prog_cc_c99-no}" = xno; then
+        ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int
+        if test $ac_cv_type_long_long_int = yes; then
+                                        if test "$cross_compiling" = yes; then :
+  :
+else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#define _GNU_SOURCE 1
-    #include 
-    #include 
+#include 
+                 #ifndef LLONG_MAX
+                 # define HALF \
+                          (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+                 # define LLONG_MAX (HALF - 1 + HALF)
+                 #endif
 int
 main ()
 {
-
-    #undef ulong
-    int a = sizeof(ulong);
-
+long long int n = 1;
+                 int i;
+                 for (i = 0; ; i++)
+                   {
+                     long long int m = n << i;
+                     if (m >> i != n)
+                       return 1;
+                     if (LLONG_MAX / 2 < m)
+                       break;
+                   }
+                 return 0;
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_typedef_ulong=yes
+if ac_fn_c_try_run "$LINENO"; then :
+
 else
-  gnupg_cv_typedef_ulong=no
+  ac_cv_type_long_long_int=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_ulong" >&5
-$as_echo "$gnupg_cv_typedef_ulong" >&6; }
-    if test "$gnupg_cv_typedef_ulong" = yes; then
+        fi
+      fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5
+$as_echo "$ac_cv_type_long_long_int" >&6; }
+  if test $ac_cv_type_long_long_int = yes; then
 
-$as_echo "#define HAVE_ULONG_TYPEDEF 1" >>confdefs.h
+$as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h
 
-    fi
+  fi
 
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u16 typedef" >&5
-$as_echo_n "checking for u16 typedef... " >&6; }
-    if ${gnupg_cv_typedef_u16+:} false; then :
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long double" >&5
+$as_echo_n "checking for long double... " >&6; }
+if ${gt_cv_c_long_double+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  if test "$GCC" = yes; then
+       gt_cv_c_long_double=yes
+     else
+       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#define _GNU_SOURCE 1
-    #include 
-    #include 
+
+         /* The Stardent Vistra knows sizeof(long double), but does not support it.  */
+         long double foo = 0.0;
+         /* On Ultrix 4.3 cc, long double is 4 and double is 8.  */
+         int array [2*(sizeof(long double) >= sizeof(double)) - 1];
+
 int
 main ()
 {
 
-    #undef u16
-    int a = sizeof(u16);
-
   ;
   return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_typedef_u16=yes
+  gt_cv_c_long_double=yes
 else
-  gnupg_cv_typedef_u16=no
+  gt_cv_c_long_double=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+     fi
 fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_c_long_double" >&5
+$as_echo "$gt_cv_c_long_double" >&6; }
+  if test $gt_cv_c_long_double = yes; then
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_u16" >&5
-$as_echo "$gnupg_cv_typedef_u16" >&6; }
-    if test "$gnupg_cv_typedef_u16" = yes; then
-
-$as_echo "#define HAVE_U16_TYPEDEF 1" >>confdefs.h
+$as_echo "#define HAVE_LONG_DOUBLE 1" >>confdefs.h
 
-    fi
+  fi
 
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u32 typedef" >&5
-$as_echo_n "checking for u32 typedef... " >&6; }
-    if ${gnupg_cv_typedef_u32+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#define _GNU_SOURCE 1
-    #include 
-    #include 
-int
-main ()
-{
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat file-mode macros are broken" >&5
+$as_echo_n "checking whether stat file-mode macros are broken... " >&6; }
+if ${ac_cv_header_stat_broken+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+#include 
 
-    #undef u32
-    int a = sizeof(u32);
+#if defined S_ISBLK && defined S_IFDIR
+extern char c1[S_ISBLK (S_IFDIR) ? -1 : 1];
+#endif
+
+#if defined S_ISBLK && defined S_IFCHR
+extern char c2[S_ISBLK (S_IFCHR) ? -1 : 1];
+#endif
+
+#if defined S_ISLNK && defined S_IFREG
+extern char c3[S_ISLNK (S_IFREG) ? -1 : 1];
+#endif
+
+#if defined S_ISSOCK && defined S_IFREG
+extern char c4[S_ISSOCK (S_IFREG) ? -1 : 1];
+#endif
 
-  ;
-  return 0;
-}
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_typedef_u32=yes
+  ac_cv_header_stat_broken=no
 else
-  gnupg_cv_typedef_u32=no
+  ac_cv_header_stat_broken=yes
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stat_broken" >&5
+$as_echo "$ac_cv_header_stat_broken" >&6; }
+if test $ac_cv_header_stat_broken = yes; then
+
+$as_echo "#define STAT_MACROS_BROKEN 1" >>confdefs.h
+
+fi
+
+
+
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_typedef_u32" >&5
-$as_echo "$gnupg_cv_typedef_u32" >&6; }
-    if test "$gnupg_cv_typedef_u32" = yes; then
 
-$as_echo "#define HAVE_U32_TYPEDEF 1" >>confdefs.h
 
-    fi
 
 
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned short" >&5
-$as_echo_n "checking size of unsigned short... " >&6; }
-if ${ac_cv_sizeof_unsigned_short+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned short))" "ac_cv_sizeof_unsigned_short"        "$ac_includes_default"; then :
 
+
+   if false; then
+  GL_COND_LIBTOOL_TRUE=
+  GL_COND_LIBTOOL_FALSE='#'
 else
-  if test "$ac_cv_type_unsigned_short" = yes; then
-     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (unsigned short)
-See \`config.log' for more details" "$LINENO" 5; }
-   else
-     ac_cv_sizeof_unsigned_short=0
-   fi
+  GL_COND_LIBTOOL_TRUE='#'
+  GL_COND_LIBTOOL_FALSE=
 fi
 
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_short" >&5
-$as_echo "$ac_cv_sizeof_unsigned_short" >&6; }
+  gl_cond_libtool=false
+  gl_libdeps=
+  gl_ltlibdeps=
+  gl_source_base='gl'
 
 
 
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_UNSIGNED_SHORT $ac_cv_sizeof_unsigned_short
-_ACEOF
 
 
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5
-$as_echo_n "checking size of unsigned int... " >&6; }
-if ${ac_cv_sizeof_unsigned_int+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int"        "$ac_includes_default"; then :
+  if test $ac_cv_func_alloca_works = no; then
+    :
+  fi
+
+  # Define an additional variable used in the Makefile substitution.
+  if test $ac_cv_working_alloca_h = yes; then
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#if defined __GNUC__ || defined _AIX || defined _MSC_VER
+	Need own alloca
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "Need own alloca" >/dev/null 2>&1; then :
 
+$as_echo "#define HAVE_ALLOCA 1" >>confdefs.h
+
+       ALLOCA_H=alloca.h
 else
-  if test "$ac_cv_type_unsigned_int" = yes; then
-     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (unsigned int)
-See \`config.log' for more details" "$LINENO" 5; }
-   else
-     ac_cv_sizeof_unsigned_int=0
-   fi
+  ALLOCA_H=
 fi
+rm -f conftest*
 
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5
-$as_echo "$ac_cv_sizeof_unsigned_int" >&6; }
+  else
+    ALLOCA_H=alloca.h
+  fi
 
 
 
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_UNSIGNED_INT $ac_cv_sizeof_unsigned_int
-_ACEOF
+$as_echo "#define HAVE_ALLOCA_H 1" >>confdefs.h
 
 
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5
-$as_echo_n "checking size of unsigned long... " >&6; }
-if ${ac_cv_sizeof_unsigned_long+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long"        "$ac_includes_default"; then :
 
-else
-  if test "$ac_cv_type_unsigned_long" = yes; then
-     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (unsigned long)
-See \`config.log' for more details" "$LINENO" 5; }
-   else
-     ac_cv_sizeof_unsigned_long=0
-   fi
-fi
 
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5
-$as_echo "$ac_cv_sizeof_unsigned_long" >&6; }
 
 
 
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long
-_ACEOF
 
 
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long long" >&5
-$as_echo_n "checking size of unsigned long long... " >&6; }
-if ${ac_cv_sizeof_unsigned_long_long+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long))" "ac_cv_sizeof_unsigned_long_long"        "$ac_includes_default"; then :
+  ac_fn_c_check_func "$LINENO" "mkdtemp" "ac_cv_func_mkdtemp"
+if test "x$ac_cv_func_mkdtemp" = xyes; then :
+  $as_echo "#define HAVE_MKDTEMP 1" >>confdefs.h
 
 else
-  if test "$ac_cv_type_unsigned_long_long" = yes; then
-     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (unsigned long long)
-See \`config.log' for more details" "$LINENO" 5; }
-   else
-     ac_cv_sizeof_unsigned_long_long=0
-   fi
-fi
+  case " $LIBOBJS " in
+  *" mkdtemp.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS mkdtemp.$ac_objext"
+ ;;
+esac
 
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long" >&5
-$as_echo "$ac_cv_sizeof_unsigned_long_long" >&6; }
 
 
+  if test $ac_cv_func_mkdtemp = no; then
 
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_UNSIGNED_LONG_LONG $ac_cv_sizeof_unsigned_long_long
+
+
+  for ac_header in time.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "time.h" "ac_cv_header_time_h" "$ac_includes_default"
+if test "x$ac_cv_header_time_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_TIME_H 1
 _ACEOF
 
+fi
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
-$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
-if ${ac_cv_header_time+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include 
-#include 
-#include 
+done
 
-int
-main ()
-{
-if ((struct tm *) 0)
-return 0;
-  ;
-  return 0;
-}
+  for ac_func in gettimeofday
+do :
+  ac_fn_c_check_func "$LINENO" "gettimeofday" "ac_cv_func_gettimeofday"
+if test "x$ac_cv_func_gettimeofday" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETTIMEOFDAY 1
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  ac_cv_header_time=yes
-else
-  ac_cv_header_time=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
-$as_echo "$ac_cv_header_time" >&6; }
-if test $ac_cv_header_time = yes; then
+done
 
-$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
 
-fi
+  fi
 
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
-$as_echo_n "checking size of time_t... " >&6; }
-if ${ac_cv_sizeof_time_t+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t"        "
-#include 
-#if TIME_WITH_SYS_TIME
-# include 
-# include 
-#else
-# if HAVE_SYS_TIME_H
-#  include 
-# else
-#  include 
-# endif
-#endif
 
-"; then :
+  ac_fn_c_check_func "$LINENO" "setenv" "ac_cv_func_setenv"
+if test "x$ac_cv_func_setenv" = xyes; then :
+  $as_echo "#define HAVE_SETENV 1" >>confdefs.h
 
 else
-  if test "$ac_cv_type_time_t" = yes; then
-     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot compute sizeof (time_t)
-See \`config.log' for more details" "$LINENO" 5; }
-   else
-     ac_cv_sizeof_time_t=0
-   fi
+  case " $LIBOBJS " in
+  *" setenv.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS setenv.$ac_objext"
+ ;;
+esac
+
 fi
 
+ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv"
+if test "x$ac_cv_func_unsetenv" = xyes; then :
+  $as_echo "#define HAVE_UNSETENV 1" >>confdefs.h
+
+else
+  case " $LIBOBJS " in
+  *" unsetenv.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS unsetenv.$ac_objext"
+ ;;
+esac
+
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5
-$as_echo "$ac_cv_sizeof_time_t" >&6; }
 
 
+  if test $ac_cv_func_setenv = no; then
 
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_TIME_T $ac_cv_sizeof_time_t
+
+
+  for ac_header in search.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "search.h" "ac_cv_header_search_h" "$ac_includes_default"
+if test "x$ac_cv_header_search_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SEARCH_H 1
+_ACEOF
+
+fi
+
+done
+
+  for ac_func in tsearch
+do :
+  ac_fn_c_check_func "$LINENO" "tsearch" "ac_cv_func_tsearch"
+if test "x$ac_cv_func_tsearch" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_TSEARCH 1
 _ACEOF
 
+fi
+done
+
 
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time_t is unsigned" >&5
-$as_echo_n "checking whether time_t is unsigned... " >&6; }
-if ${gnupg_cv_time_t_unsigned+:} false; then :
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if environ is properly declared" >&5
+$as_echo_n "checking if environ is properly declared... " >&6; }
+  if ${gt_cv_var_environ_declaration+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-$ac_includes_default
-#if TIME_WITH_SYS_TIME
-# include 
-# include 
-#else
-# if HAVE_SYS_TIME_H
-#  include 
-# else
-#  include 
-# endif
-#endif
 
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+      extern struct { int foo; } environ;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((time_t)-1) < 0)];
-test_array [0] = 0;
-return test_array [0];
-
+environ.foo = 1;
   ;
   return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"; then :
-  gnupg_cv_time_t_unsigned=no
+  gt_cv_var_environ_declaration=no
 else
-  gnupg_cv_time_t_unsigned=yes
+  gt_cv_var_environ_declaration=yes
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnupg_cv_time_t_unsigned" >&5
-$as_echo "$gnupg_cv_time_t_unsigned" >&6; }
-    if test $gnupg_cv_time_t_unsigned = yes; then
 
-$as_echo "#define HAVE_UNSIGNED_TIME_T 1" >>confdefs.h
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_var_environ_declaration" >&5
+$as_echo "$gt_cv_var_environ_declaration" >&6; }
+  if test $gt_cv_var_environ_declaration = yes; then
 
-    fi
+$as_echo "#define HAVE_ENVIRON_DECL 1" >>confdefs.h
 
+  fi
 
 
-if test "$ac_cv_sizeof_unsigned_short" = "0" \
-   || test "$ac_cv_sizeof_unsigned_int" = "0" \
-   || test "$ac_cv_sizeof_unsigned_long" = "0"; then
-    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Hmmm, something is wrong with the sizes - using defaults" >&5
-$as_echo "$as_me: WARNING: Hmmm, something is wrong with the sizes - using defaults" >&2;};
-fi
+  fi
+  if test $ac_cv_func_unsetenv = no; then
 
 
-#
-# Checks for library functions.
-#
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library functions" >&5
-$as_echo "$as_me: checking for library functions" >&6;}
-ac_fn_c_check_decl "$LINENO" "getpagesize" "ac_cv_have_decl_getpagesize" "$ac_includes_default"
-if test "x$ac_cv_have_decl_getpagesize" = xyes; then :
-  ac_have_decl=1
-else
-  ac_have_decl=0
-fi
 
-cat >>confdefs.h <<_ACEOF
-#define HAVE_DECL_GETPAGESIZE $ac_have_decl
-_ACEOF
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5
-$as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; }
-if ${ac_cv_sys_largefile_source+:} false; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if environ is properly declared" >&5
+$as_echo_n "checking if environ is properly declared... " >&6; }
+  if ${gt_cv_var_environ_declaration+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-  while :; do
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#include  /* for off_t */
-     #include 
+#include 
+      extern struct { int foo; } environ;
 int
 main ()
 {
-int (*fp) (FILE *, off_t, int) = fseeko;
-     return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
+environ.foo = 1;
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_sys_largefile_source=no; break
+if ac_fn_c_try_compile "$LINENO"; then :
+  gt_cv_var_environ_declaration=no
+else
+  gt_cv_var_environ_declaration=yes
 fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_var_environ_declaration" >&5
+$as_echo "$gt_cv_var_environ_declaration" >&6; }
+  if test $gt_cv_var_environ_declaration = yes; then
+
+$as_echo "#define HAVE_ENVIRON_DECL 1" >>confdefs.h
+
+  fi
+
+
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsetenv() return type" >&5
+$as_echo_n "checking for unsetenv() return type... " >&6; }
+if ${gt_cv_func_unsetenv_ret+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#define _LARGEFILE_SOURCE 1
-#include  /* for off_t */
-     #include 
+#include 
+extern
+#ifdef __cplusplus
+"C"
+#endif
+#if defined(__STDC__) || defined(__cplusplus)
+int unsetenv (const char *name);
+#else
+int unsetenv();
+#endif
+
 int
 main ()
 {
-int (*fp) (FILE *, off_t, int) = fseeko;
-     return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
+
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_sys_largefile_source=1; break
+if ac_fn_c_try_compile "$LINENO"; then :
+  gt_cv_func_unsetenv_ret='int'
+else
+  gt_cv_func_unsetenv_ret='void'
 fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-  ac_cv_sys_largefile_source=unknown
-  break
-done
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5
-$as_echo "$ac_cv_sys_largefile_source" >&6; }
-case $ac_cv_sys_largefile_source in #(
-  no | unknown) ;;
-  *)
-cat >>confdefs.h <<_ACEOF
-#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source
-_ACEOF
-;;
-esac
-rm -rf conftest*
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_unsetenv_ret" >&5
+$as_echo "$gt_cv_func_unsetenv_ret" >&6; }
+    if test $gt_cv_func_unsetenv_ret = 'void'; then
 
-# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug
-# in glibc 2.1.3, but that breaks too many other things.
-# If you want fseeko and ftello with glibc, upgrade to a fixed glibc.
-if test $ac_cv_sys_largefile_source != unknown; then
+$as_echo "#define VOID_UNSETENV 1" >>confdefs.h
 
-$as_echo "#define HAVE_FSEEKO 1" >>confdefs.h
+    fi
+  fi
 
-fi
 
-for ac_func in vprintf
+  for ac_header in stdint.h
 do :
-  ac_fn_c_check_func "$LINENO" "vprintf" "ac_cv_func_vprintf"
-if test "x$ac_cv_func_vprintf" = xyes; then :
+  ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes; then :
   cat >>confdefs.h <<_ACEOF
-#define HAVE_VPRINTF 1
+#define HAVE_STDINT_H 1
 _ACEOF
 
-ac_fn_c_check_func "$LINENO" "_doprnt" "ac_cv_func__doprnt"
-if test "x$ac_cv_func__doprnt" = xyes; then :
-
-$as_echo "#define HAVE_DOPRNT 1" >>confdefs.h
-
 fi
 
-fi
 done
 
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SIZE_MAX" >&5
+$as_echo_n "checking for SIZE_MAX... " >&6; }
+  if ${gl_cv_size_max+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
 
-ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default"
-if test "x$ac_cv_type_pid_t" = xyes; then :
+    gl_cv_size_max=
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
 
-else
+#include 
+#if HAVE_STDINT_H
+#include 
+#endif
+#ifdef SIZE_MAX
+Found it
+#endif
 
-cat >>confdefs.h <<_ACEOF
-#define pid_t int
 _ACEOF
-
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "Found it" >/dev/null 2>&1; then :
+  gl_cv_size_max=yes
 fi
+rm -f conftest*
 
-for ac_header in vfork.h
-do :
-  ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default"
-if test "x$ac_cv_header_vfork_h" = xyes; then :
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_VFORK_H 1
-_ACEOF
+    if test -z "$gl_cv_size_max"; then
+                        if ac_fn_c_compute_int "$LINENO" "sizeof (size_t) * CHAR_BIT - 1" "size_t_bits_minus_1"        "#include 
+#include "; then :
 
+else
+  size_t_bits_minus_1=
 fi
 
-done
 
-for ac_func in fork vfork
-do :
-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-  cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
+      if ac_fn_c_compute_int "$LINENO" "sizeof (size_t) <= sizeof (unsigned int)" "fits_in_uint"        "#include "; then :
 
+else
+  fits_in_uint=
 fi
-done
 
-if test "x$ac_cv_func_fork" = xyes; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5
-$as_echo_n "checking for working fork... " >&6; }
-if ${ac_cv_func_fork_works+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if test "$cross_compiling" = yes; then :
-  ac_cv_func_fork_works=cross
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+
+      if test -n "$size_t_bits_minus_1" && test -n "$fits_in_uint"; then
+        if test $fits_in_uint = 1; then
+                              cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-$ac_includes_default
+#include 
+            extern size_t foo;
+            extern unsigned long foo;
+
 int
 main ()
 {
 
-	  /* By Ruediger Kuhlmann. */
-	  return fork () < 0;
-
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-  ac_cv_func_fork_works=yes
-else
-  ac_cv_func_fork_works=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+if ac_fn_c_try_compile "$LINENO"; then :
+  fits_in_uint=0
 fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+        fi
+                                if test $fits_in_uint = 1; then
+          gl_cv_size_max="(((1U << $size_t_bits_minus_1) - 1) * 2 + 1)"
+        else
+          gl_cv_size_max="(((1UL << $size_t_bits_minus_1) - 1) * 2 + 1)"
+        fi
+      else
+                gl_cv_size_max='((size_t)~(size_t)0)'
+      fi
+    fi
 
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5
-$as_echo "$ac_cv_func_fork_works" >&6; }
 
-else
-  ac_cv_func_fork_works=$ac_cv_func_fork
-fi
-if test "x$ac_cv_func_fork_works" = xcross; then
-  case $host in
-    *-*-amigaos* | *-*-msdosdjgpp*)
-      # Override, as these systems have only a dummy fork() stub
-      ac_cv_func_fork_works=no
-      ;;
-    *)
-      ac_cv_func_fork_works=yes
-      ;;
-  esac
-  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5
-$as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;}
-fi
-ac_cv_func_vfork_works=$ac_cv_func_vfork
-if test "x$ac_cv_func_vfork" = xyes; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5
-$as_echo_n "checking for working vfork... " >&6; }
-if ${ac_cv_func_vfork_works+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if test "$cross_compiling" = yes; then :
-  ac_cv_func_vfork_works=cross
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-/* Thanks to Paul Eggert for this test.  */
-$ac_includes_default
-#include 
-#ifdef HAVE_VFORK_H
-# include 
-#endif
-/* On some sparc systems, changes by the child to local and incoming
-   argument registers are propagated back to the parent.  The compiler
-   is told about this with #include , but some compilers
-   (e.g. gcc -O) don't grok .  Test for this by using a
-   static variable whose address is put into a register that is
-   clobbered by the vfork.  */
-static void
-#ifdef __cplusplus
-sparc_address_test (int arg)
-# else
-sparc_address_test (arg) int arg;
-#endif
-{
-  static pid_t child;
-  if (!child) {
-    child = vfork ();
-    if (child < 0) {
-      perror ("vfork");
-      _exit(2);
-    }
-    if (!child) {
-      arg = getpid();
-      write(-1, "", 0);
-      _exit (arg);
-    }
-  }
-}
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_size_max" >&5
+$as_echo "$gl_cv_size_max" >&6; }
+  if test "$gl_cv_size_max" != yes; then
 
-int
-main ()
-{
-  pid_t parent = getpid ();
-  pid_t child;
+cat >>confdefs.h <<_ACEOF
+#define SIZE_MAX $gl_cv_size_max
+_ACEOF
+
+  fi
+
+
+
+
+  if test $ac_cv_type_long_long_int = yes; then
+    HAVE_LONG_LONG_INT=1
+  else
+    HAVE_LONG_LONG_INT=0
+  fi
+
+
+  if test $ac_cv_type_unsigned_long_long_int = yes; then
+    HAVE_UNSIGNED_LONG_LONG_INT=1
+  else
+    HAVE_UNSIGNED_LONG_LONG_INT=0
+  fi
 
-  sparc_address_test (0);
 
-  child = vfork ();
 
-  if (child == 0) {
-    /* Here is another test for sparc vfork register problems.  This
-       test uses lots of local variables, at least as many local
-       variables as main has allocated so far including compiler
-       temporaries.  4 locals are enough for gcc 1.40.3 on a Solaris
-       4.1.3 sparc, but we use 8 to be safe.  A buggy compiler should
-       reuse the register of parent for one of the local variables,
-       since it will think that parent can't possibly be used any more
-       in this routine.  Assigning to the local variable will thus
-       munge parent in the parent process.  */
-    pid_t
-      p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(),
-      p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid();
-    /* Convince the compiler that p..p7 are live; otherwise, it might
-       use the same hardware register for all 8 local variables.  */
-    if (p != p1 || p != p2 || p != p3 || p != p4
-	|| p != p5 || p != p6 || p != p7)
-      _exit(1);
+  if test $ac_cv_header_wchar_h = yes; then
+    HAVE_WCHAR_H=1
+  else
+    HAVE_WCHAR_H=0
+  fi
 
-    /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent
-       from child file descriptors.  If the child closes a descriptor
-       before it execs or exits, this munges the parent's descriptor
-       as well.  Test for this by closing stdout in the child.  */
-    _exit(close(fileno(stdout)) != 0);
-  } else {
-    int status;
-    struct stat st;
 
-    while (wait(&status) != child)
-      ;
-    return (
-	 /* Was there some problem with vforking?  */
-	 child < 0
+      if test $ac_cv_header_inttypes_h = yes; then
+    HAVE_INTTYPES_H=1
+  else
+    HAVE_INTTYPES_H=0
+  fi
 
-	 /* Did the child fail?  (This shouldn't happen.)  */
-	 || status
 
-	 /* Did the vfork/compiler bug occur?  */
-	 || parent != getpid()
+      if test $ac_cv_header_sys_types_h = yes; then
+    HAVE_SYS_TYPES_H=1
+  else
+    HAVE_SYS_TYPES_H=0
+  fi
 
-	 /* Did the file descriptor bug occur?  */
-	 || fstat(fileno(stdout), &st) != 0
-	 );
-  }
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-  ac_cv_func_vfork_works=yes
+
+    if test $ac_cv_header_stdint_h = yes; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5
+$as_echo_n "checking absolute name of ... " >&6; }
+if ${gl_cv_absolute_stdint_h+:} false; then :
+  $as_echo_n "(cached) " >&6
 else
-  ac_cv_func_vfork_works=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
+          if test $ac_cv_header_stdint_h = yes; then
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+_ACEOF
+      gl_cv_absolute_stdint_h=`(eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+sed -n '\#/stdint.h#{s#.*"\(.*/stdint.h\)".*#\1#;s#^/[^/]#//&#;p;q;}'`
+    fi
 
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5
-$as_echo "$ac_cv_func_vfork_works" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_absolute_stdint_h" >&5
+$as_echo "$gl_cv_absolute_stdint_h" >&6; }
+cat >>confdefs.h <<_ACEOF
+#define ABSOLUTE_STDINT_H "$gl_cv_absolute_stdint_h"
+_ACEOF
 
-fi;
-if test "x$ac_cv_func_fork_works" = xcross; then
-  ac_cv_func_vfork_works=$ac_cv_func_vfork
-  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5
-$as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;}
-fi
 
-if test "x$ac_cv_func_vfork_works" = xyes; then
+    ABSOLUTE_STDINT_H=\"$gl_cv_absolute_stdint_h\"
+    HAVE_STDINT_H=1
+  else
+    ABSOLUTE_STDINT_H=\"no/such/file/stdint.h\"
+    HAVE_STDINT_H=0
+  fi
 
-$as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h
 
+
+          if test $ac_cv_header_stdint_h = yes; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stdint.h conforms to C99" >&5
+$as_echo_n "checking whether stdint.h conforms to C99... " >&6; }
+if ${gl_cv_header_working_stdint_h+:} false; then :
+  $as_echo_n "(cached) " >&6
 else
+  gl_cv_header_working_stdint_h=no
+       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
 
-$as_echo "#define vfork fork" >>confdefs.h
 
-fi
-if test "x$ac_cv_func_fork_works" = xyes; then
+#include 
+#define __STDC_LIMIT_MACROS 1 /* to make it work also in C++ mode */
+#define __STDC_CONSTANT_MACROS 1 /* to make it work also in C++ mode */
+#include ABSOLUTE_STDINT_H
+#ifdef INT8_MAX
+int8_t a1 = INT8_MAX;
+int8_t a1min = INT8_MIN;
+#endif
+#ifdef INT16_MAX
+int16_t a2 = INT16_MAX;
+int16_t a2min = INT16_MIN;
+#endif
+#ifdef INT32_MAX
+int32_t a3 = INT32_MAX;
+int32_t a3min = INT32_MIN;
+#endif
+#ifdef INT64_MAX
+int64_t a4 = INT64_MAX;
+int64_t a4min = INT64_MIN;
+#endif
+#ifdef UINT8_MAX
+uint8_t b1 = UINT8_MAX;
+#else
+typedef int b1[(unsigned char) -1 != 255 ? 1 : -1];
+#endif
+#ifdef UINT16_MAX
+uint16_t b2 = UINT16_MAX;
+#endif
+#ifdef UINT32_MAX
+uint32_t b3 = UINT32_MAX;
+#endif
+#ifdef UINT64_MAX
+uint64_t b4 = UINT64_MAX;
+#endif
+int_least8_t c1 = INT8_C (0x7f);
+int_least8_t c1max = INT_LEAST8_MAX;
+int_least8_t c1min = INT_LEAST8_MIN;
+int_least16_t c2 = INT16_C (0x7fff);
+int_least16_t c2max = INT_LEAST16_MAX;
+int_least16_t c2min = INT_LEAST16_MIN;
+int_least32_t c3 = INT32_C (0x7fffffff);
+int_least32_t c3max = INT_LEAST32_MAX;
+int_least32_t c3min = INT_LEAST32_MIN;
+int_least64_t c4 = INT64_C (0x7fffffffffffffff);
+int_least64_t c4max = INT_LEAST64_MAX;
+int_least64_t c4min = INT_LEAST64_MIN;
+uint_least8_t d1 = UINT8_C (0xff);
+uint_least8_t d1max = UINT_LEAST8_MAX;
+uint_least16_t d2 = UINT16_C (0xffff);
+uint_least16_t d2max = UINT_LEAST16_MAX;
+uint_least32_t d3 = UINT32_C (0xffffffff);
+uint_least32_t d3max = UINT_LEAST32_MAX;
+uint_least64_t d4 = UINT64_C (0xffffffffffffffff);
+uint_least64_t d4max = UINT_LEAST64_MAX;
+int_fast8_t e1 = INT_FAST8_MAX;
+int_fast8_t e1min = INT_FAST8_MIN;
+int_fast16_t e2 = INT_FAST16_MAX;
+int_fast16_t e2min = INT_FAST16_MIN;
+int_fast32_t e3 = INT_FAST32_MAX;
+int_fast32_t e3min = INT_FAST32_MIN;
+int_fast64_t e4 = INT_FAST64_MAX;
+int_fast64_t e4min = INT_FAST64_MIN;
+uint_fast8_t f1 = UINT_FAST8_MAX;
+uint_fast16_t f2 = UINT_FAST16_MAX;
+uint_fast32_t f3 = UINT_FAST32_MAX;
+uint_fast64_t f4 = UINT_FAST64_MAX;
+#ifdef INTPTR_MAX
+intptr_t g = INTPTR_MAX;
+intptr_t gmin = INTPTR_MIN;
+#endif
+#ifdef UINTPTR_MAX
+uintptr_t h = UINTPTR_MAX;
+#endif
+intmax_t i = INTMAX_MAX;
+uintmax_t j = UINTMAX_MAX;
+struct s {
+  int check_PTRDIFF: PTRDIFF_MIN < 0 && 0 < PTRDIFF_MAX ? 1 : -1;
+  int check_SIG_ATOMIC: SIG_ATOMIC_MIN <= 0 && 0 < SIG_ATOMIC_MAX ? 1 : -1;
+  int check_SIZE: 0 < SIZE_MAX ? 1 : -1;
+  int check_WCHAR: WCHAR_MIN <= 0 && 0 < WCHAR_MAX ? 1 : -1;
+  int check_WINT: WINT_MIN <= 0 && 0 < WINT_MAX ? 1 : -1;
+
+  /* Detect bugs in glibc 2.4 and Solaris 10 stdint.h, among others.  */
+  int check_UINT8_C:
+	(-1 < UINT8_C (0)) == (-1 < (uint_least8_t) 0) ? 1 : -1;
+  int check_UINT16_C:
+	(-1 < UINT16_C (0)) == (-1 < (uint_least16_t) 0) ? 1 : -1;
+
+  /* Detect bugs in OpenBSD 3.9 stdint.h.  */
+#ifdef UINT8_MAX
+  int check_uint8: (uint8_t) -1 == UINT8_MAX ? 1 : -1;
+#endif
+#ifdef UINT16_MAX
+  int check_uint16: (uint16_t) -1 == UINT16_MAX ? 1 : -1;
+#endif
+#ifdef UINT32_MAX
+  int check_uint32: (uint32_t) -1 == UINT32_MAX ? 1 : -1;
+#endif
+#ifdef UINT64_MAX
+  int check_uint64: (uint64_t) -1 == UINT64_MAX ? 1 : -1;
+#endif
+  int check_uint_least8: (uint_least8_t) -1 == UINT_LEAST8_MAX ? 1 : -1;
+  int check_uint_least16: (uint_least16_t) -1 == UINT_LEAST16_MAX ? 1 : -1;
+  int check_uint_least32: (uint_least32_t) -1 == UINT_LEAST32_MAX ? 1 : -1;
+  int check_uint_least64: (uint_least64_t) -1 == UINT_LEAST64_MAX ? 1 : -1;
+  int check_uint_fast8: (uint_fast8_t) -1 == UINT_FAST8_MAX ? 1 : -1;
+  int check_uint_fast16: (uint_fast16_t) -1 == UINT_FAST16_MAX ? 1 : -1;
+  int check_uint_fast32: (uint_fast32_t) -1 == UINT_FAST32_MAX ? 1 : -1;
+  int check_uint_fast64: (uint_fast64_t) -1 == UINT_FAST64_MAX ? 1 : -1;
+  int check_uintptr: (uintptr_t) -1 == UINTPTR_MAX ? 1 : -1;
+  int check_uintmax: (uintmax_t) -1 == UINTMAX_MAX ? 1 : -1;
+  int check_size: (size_t) -1 == SIZE_MAX ? 1 : -1;
+};
 
-$as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h
+int
+main ()
+{
 
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  gl_cv_header_working_stdint_h=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_working_stdint_h" >&5
+$as_echo "$gl_cv_header_working_stdint_h" >&6; }
+  fi
+  if test "$gl_cv_header_working_stdint_h" != yes; then
 
-for ac_func in strerror strlwr tcgetattr mmap canonicalize_file_name
+            for ac_header in sys/inttypes.h sys/bitypes.h
 do :
-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
 _ACEOF
 
 fi
+
 done
 
-for ac_func in strcasecmp strncasecmp ctermid times gmtime_r strtoull
-do :
-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-  cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
+    if test $ac_cv_header_sys_inttypes_h = yes; then
+      HAVE_SYS_INTTYPES_H=1
+    else
+      HAVE_SYS_INTTYPES_H=0
+    fi
 
-fi
-done
+    if test $ac_cv_header_sys_bitypes_h = yes; then
+      HAVE_SYS_BITYPES_H=1
+    else
+      HAVE_SYS_BITYPES_H=0
+    fi
 
-for ac_func in setenv unsetenv fcntl ftruncate inet_ntop
-do :
-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-  cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
 
-fi
-done
 
-for ac_func in canonicalize_file_name
-do :
-  ac_fn_c_check_func "$LINENO" "canonicalize_file_name" "ac_cv_func_canonicalize_file_name"
-if test "x$ac_cv_func_canonicalize_file_name" = xyes; then :
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_CANONICALIZE_FILE_NAME 1
-_ACEOF
 
+
+  for gltype in ptrdiff_t sig_atomic_t size_t wchar_t wint_t ; do
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for bit size of $gltype" >&5
+$as_echo_n "checking for bit size of $gltype... " >&6; }
+if eval \${gl_cv_bitsizeof_${gltype}+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "sizeof ($gltype) * CHAR_BIT" "result"        "
+  #include 
+  #include 
+  #if HAVE_WCHAR_H
+    /* BSD/OS 4.1 has a bug:  and  must be included before
+       .  */
+  # include 
+  # include 
+  # include 
+  #endif
+
+#include "; then :
+
+else
+  result=unknown
 fi
-done
 
-for ac_func in gettimeofday getrusage getrlimit setrlimit clock_gettime
-do :
-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-  cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
+
+       eval gl_cv_bitsizeof_${gltype}=\$result
 
 fi
-done
+eval ac_res=\$gl_cv_bitsizeof_${gltype}
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+    eval result=\$gl_cv_bitsizeof_${gltype}
+    if test $result = unknown; then
+                                                result=0
+    fi
+    GLTYPE=`echo "$gltype" | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+    cat >>confdefs.h <<_ACEOF
+#define BITSIZEOF_${GLTYPE} $result
+_ACEOF
 
-for ac_func in atexit raise getpagesize strftime nl_langinfo setlocale
-do :
-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-  cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+    eval BITSIZEOF_${GLTYPE}=\$result
+  done
+
+
+
+
+  for gltype in sig_atomic_t wchar_t wint_t ; do
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $gltype is signed" >&5
+$as_echo_n "checking whether $gltype is signed... " >&6; }
+if eval \${gl_cv_type_${gltype}_signed+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+  #include 
+  #include 
+  #if HAVE_WCHAR_H
+    /* BSD/OS 4.1 has a bug:  and  must be included before
+       .  */
+  # include 
+  # include 
+  # include 
+  #endif
+
+            int verify[2 * (($gltype) -1 < ($gltype) 0) - 1];
+int
+main ()
+{
+
+  ;
+  return 0;
+}
 _ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  result=yes
+else
+  result=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+       eval gl_cv_type_${gltype}_signed=\$result
 
 fi
-done
+eval ac_res=\$gl_cv_type_${gltype}_signed
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+    eval result=\$gl_cv_type_${gltype}_signed
+    GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+    if test "$result" = yes; then
+      cat >>confdefs.h <<_ACEOF
+#define HAVE_SIGNED_${GLTYPE} 1
+_ACEOF
 
-for ac_func in waitpid wait4 sigaction sigprocmask pipe getaddrinfo
-do :
-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-  cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+      eval HAVE_SIGNED_${GLTYPE}=1
+    else
+      eval HAVE_SIGNED_${GLTYPE}=0
+    fi
+  done
+
+
+  gl_cv_type_ptrdiff_t_signed=yes
+  gl_cv_type_size_t_signed=no
+
+
+  for gltype in ptrdiff_t sig_atomic_t size_t wchar_t wint_t ; do
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $gltype integer literal suffix" >&5
+$as_echo_n "checking for $gltype integer literal suffix... " >&6; }
+if eval \${gl_cv_type_${gltype}_suffix+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  eval gl_cv_type_${gltype}_suffix=no
+       eval result=\$gl_cv_type_${gltype}_signed
+       if test "$result" = yes; then
+	 glsufu=
+       else
+	 glsufu=u
+       fi
+       for glsuf in "$glsufu" ${glsufu}l ${glsufu}ll ${glsufu}i64; do
+	 case $glsuf in
+	   '')  gltype1='int';;
+	   l)	gltype1='long int';;
+	   ll)	gltype1='long long int';;
+	   i64)	gltype1='__int64';;
+	   u)	gltype1='unsigned int';;
+	   ul)	gltype1='unsigned long int';;
+	   ull)	gltype1='unsigned long long int';;
+	   ui64)gltype1='unsigned __int64';;
+	 esac
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+  #include 
+  #include 
+  #if HAVE_WCHAR_H
+    /* BSD/OS 4.1 has a bug:  and  must be included before
+       .  */
+  # include 
+  # include 
+  # include 
+  #endif
+
+	      extern $gltype foo;
+	      extern $gltype1 foo;
+int
+main ()
+{
+
+  ;
+  return 0;
+}
 _ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval gl_cv_type_${gltype}_suffix=\$glsuf
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+	 eval result=\$gl_cv_type_${gltype}_suffix
+	 test "$result" != no && break
+       done
+fi
+eval ac_res=\$gl_cv_type_${gltype}_suffix
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+    GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+    eval result=\$gl_cv_type_${gltype}_suffix
+    test "$result" = no && result=
+    eval ${GLTYPE}_SUFFIX=\$result
+    cat >>confdefs.h <<_ACEOF
+#define ${GLTYPE}_SUFFIX $result
+_ACEOF
+
+  done
+
+
+
+    STDINT_H=stdint.h
+  fi
+
+
+
+  ac_fn_c_check_func "$LINENO" "strpbrk" "ac_cv_func_strpbrk"
+if test "x$ac_cv_func_strpbrk" = xyes; then :
+  $as_echo "#define HAVE_STRPBRK 1" >>confdefs.h
+
+else
+  case " $LIBOBJS " in
+  *" strpbrk.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS strpbrk.$ac_objext"
+ ;;
+esac
 
 fi
-done
 
-for ac_func in ttyname rand ftello fsync stat lstat
-do :
-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-  cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
 
-fi
-done
+  if test $ac_cv_func_strpbrk = no; then
+    :
+  fi
+
 
-for ac_func in memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol \
-                memrchr isascii timegm getrusage setrlimit stat setlocale   \
-                flockfile funlockfile fopencookie funopen getpwnam getpwuid \
-                getenv inet_pton strpbrk
+    for ac_header in unistd.h
 do :
-  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  ac_fn_c_check_header_mongrel "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = xyes; then :
   cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+#define HAVE_UNISTD_H 1
 _ACEOF
 
+    UNISTD_H=''
+
+else
+
+    UNISTD_H='unistd.h'
+
 fi
+
 done
 
 
-if test "$have_android_system" = yes; then
-   # On Android ttyname is a stub but prints an error message.
 
-$as_echo "#define HAVE_BROKEN_TTYNAME 1" >>confdefs.h
 
-fi
 
-ac_fn_c_check_type "$LINENO" "struct sigaction" "ac_cv_type_struct_sigaction" "#include 
-"
-if test "x$ac_cv_type_struct_sigaction" = xyes; then :
 
-cat >>confdefs.h <<_ACEOF
-#define HAVE_STRUCT_SIGACTION 1
+  for ac_header in stdint.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_STDINT_H 1
 _ACEOF
 
-
 fi
-ac_fn_c_check_type "$LINENO" "sigset_t" "ac_cv_type_sigset_t" "#include 
-"
-if test "x$ac_cv_type_sigset_t" = xyes; then :
 
-cat >>confdefs.h <<_ACEOF
-#define HAVE_SIGSET_T 1
-_ACEOF
+done
 
 
-fi
+  LIBGNU_LIBDEPS="$gl_libdeps"
+
+  LIBGNU_LTLIBDEPS="$gl_ltlibdeps"
+
 
 
-# Dirmngr requires mmap on Unix systems.
-if test $ac_cv_func_mmap != yes -a $mmap_needed = yes; then
-  as_fn_error $? "Sorry, the current implemenation requires mmap." "$LINENO" 5
-fi
 
 #
 # W32 specific test
@@ -14666,22 +15548,22 @@
 # when compiling a conftest (due to the "-lz" from LIBS).
 # Note that we combine zlib and bzlib2 in ZLIBS.
 #
-if test "$use_zip" = yes ; then
-  _cppflags="${CPPFLAGS}"
-  _ldflags="${LDFLAGS}"
+missing_zlib=yes
+_cppflags="${CPPFLAGS}"
+_ldflags="${LDFLAGS}"
 
 # Check whether --with-zlib was given.
 if test "${with_zlib+set}" = set; then :
   withval=$with_zlib;
-      if test -d "$withval"; then
-        CPPFLAGS="${CPPFLAGS} -I$withval/include"
-        LDFLAGS="${LDFLAGS} -L$withval/lib"
-      fi
+    if test -d "$withval"; then
+      CPPFLAGS="${CPPFLAGS} -I$withval/include"
+      LDFLAGS="${LDFLAGS} -L$withval/lib"
+    fi
 
 fi
 
 
-  ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default"
+ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default"
 if test "x$ac_cv_header_zlib_h" = xyes; then :
   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflateInit2_ in -lz" >&5
 $as_echo_n "checking for deflateInit2_ in -lz... " >&6; }
@@ -14722,9 +15604,7 @@
 if test "x$ac_cv_lib_z_deflateInit2_" = xyes; then :
 
        ZLIBS="-lz"
-
-$as_echo "#define HAVE_ZIP 1" >>confdefs.h
-
+       missing_zlib=no
 
 else
   CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}
@@ -14735,8 +15615,6 @@
 fi
 
 
-fi
-
 
 #
 # Check whether we can support bzip2
@@ -14842,7 +15720,6 @@
 fi
 
 
-  gnupg_cv_have_readline=no
   if test "$_do_readline" != "no" ; then
      if test -d "$withval" ; then
         CPPFLAGS="${CPPFLAGS} -I$withval/include"
@@ -14898,7 +15775,6 @@
 
            LIBREADLINE=$_combo
 
-           gnupg_cv_have_readline=yes
            break
         fi
      done
@@ -14951,13 +15827,9 @@
 # mysterious reasons - the final link step should bail out.
 # W32SOCKLIBS is also defined so that if can be used for tools not
 # requiring any network stuff but linking to code in libcommon which
-# tracks in winsock stuff (e.g. init_common_subsystems).
+# tracks in winsock stuff (e.g. init_common_subsystems.
 if test "$have_w32_system" = yes; then
-   if test "$have_w32ce_system" = yes; then
-     W32SOCKLIBS="-lws2"
-   else
-     W32SOCKLIBS="-lws2_32"
-   fi
+   W32SOCKLIBS="-lws2_32"
    NETLIBS="${NETLIBS} ${W32SOCKLIBS}"
 fi
 
@@ -14997,11 +15869,11 @@
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_gcc_silent_wno" >&5
 $as_echo "$_gcc_silent_wno" >&6; }
 
-    # Note that it is okay to use CFLAGS here because these are just
+    # Note that it is okay to use CFLAGS here because this are just
     # warning options and the user should have a chance of overriding
     # them.
     if test "$USE_MAINTAINER_MODE" = "yes"; then
-        CFLAGS="$CFLAGS -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
+        CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
         CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security"
         if test x"$_gcc_silent_wno" = xyes ; then
           _gcc_wopt=yes
@@ -15080,74 +15952,383 @@
 main ()
 {
 
-  ;
-  return 0;
-}
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  _gcc_psign=yes
+else
+  _gcc_psign=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_gcc_psign" >&5
+$as_echo "$_gcc_psign" >&6; }
+      CFLAGS=$_gcc_cflags_save;
+    fi
+    if test x"$_gcc_psign" = xyes ; then
+       CFLAGS="$CFLAGS -Wno-pointer-sign"
+    fi
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gcc supports -Wpointer-arith" >&5
+$as_echo_n "checking if gcc supports -Wpointer-arith... " >&6; }
+    _gcc_cflags_save=$CFLAGS
+    CFLAGS="-Wpointer-arith"
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  _gcc_psign=yes
+else
+  _gcc_psign=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_gcc_psign" >&5
+$as_echo "$_gcc_psign" >&6; }
+    CFLAGS=$_gcc_cflags_save;
+    if test x"$_gcc_psign" = xyes ; then
+       CFLAGS="$CFLAGS -Wpointer-arith"
+    fi
+
+    # The undocumented option -Wno-psabi suppresses the annoying
+    #   "the ABI of passing union with long double has changed in GCC 4.4"
+    # which is emitted in estream-printf.c but entirely irrelvant
+    # because that union is local to the file.
+    if test x"$_gcc_silent_wno" = xyes ; then
+       CFLAGS="$CFLAGS -Wno-psabi"
+    fi
+fi
+
+
+#
+# This is handy for debugging so the compiler doesn't rearrange
+# things and eliminate variables.
+#
+# Check whether --enable-optimization was given.
+if test "${enable_optimization+set}" = set; then :
+  enableval=$enable_optimization; if test $enableval = no ; then
+                      CFLAGS=`echo $CFLAGS | sed 's/-O[0-9]//'`
+                   fi
+fi
+
+
+#
+# Prepare building of estream
+#
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking system features for estream-printf" >&5
+$as_echo "$as_me: checking system features for estream-printf" >&6;}
+  for ac_header in stdint.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_STDINT_H 1
+_ACEOF
+
+fi
+
+done
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5
+$as_echo_n "checking for long long int... " >&6; }
+if ${ac_cv_type_long_long_int+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_type_long_long_int=yes
+      if test "x${ac_cv_prog_cc_c99-no}" = xno; then
+        ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int
+        if test $ac_cv_type_long_long_int = yes; then
+                                        if test "$cross_compiling" = yes; then :
+  :
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
+                 #ifndef LLONG_MAX
+                 # define HALF \
+                          (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+                 # define LLONG_MAX (HALF - 1 + HALF)
+                 #endif
+int
+main ()
+{
+long long int n = 1;
+                 int i;
+                 for (i = 0; ; i++)
+                   {
+                     long long int m = n << i;
+                     if (m >> i != n)
+                       return 1;
+                     if (LLONG_MAX / 2 < m)
+                       break;
+                   }
+                 return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+  ac_cv_type_long_long_int=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+        fi
+      fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5
+$as_echo "$ac_cv_type_long_long_int" >&6; }
+  if test $ac_cv_type_long_long_int = yes; then
+
+$as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h
+
+  fi
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long double" >&5
+$as_echo_n "checking for long double... " >&6; }
+if ${ac_cv_type_long_double+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$GCC" = yes; then
+       ac_cv_type_long_double=yes
+     else
+       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+/* The Stardent Vistra knows sizeof (long double), but does
+		 not support it.  */
+	      long double foo = 0.0L;
+int
+main ()
+{
+static int test_array [1 - 2 * !(/* On Ultrix 4.3 cc, long double is 4 and double is 8.  */
+	      sizeof (double) <= sizeof (long double))];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_type_long_double=yes
+else
+  ac_cv_type_long_double=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+     fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_double" >&5
+$as_echo "$ac_cv_type_long_double" >&6; }
+  if test $ac_cv_type_long_double = yes; then
+
+$as_echo "#define HAVE_LONG_DOUBLE 1" >>confdefs.h
+
+  fi
+
+
+
+  ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "$ac_includes_default"
+if test "x$ac_cv_type_intmax_t" = xyes; then :
+
+$as_echo "#define HAVE_INTMAX_T 1" >>confdefs.h
+
+else
+  test $ac_cv_type_long_long_int = yes \
+       && ac_type='long long int' \
+       || ac_type='long int'
+
+cat >>confdefs.h <<_ACEOF
+#define intmax_t $ac_type
+_ACEOF
+
+fi
+
+
+
+
+  ac_fn_c_check_type "$LINENO" "uintmax_t" "ac_cv_type_uintmax_t" "$ac_includes_default"
+if test "x$ac_cv_type_uintmax_t" = xyes; then :
+
+$as_echo "#define HAVE_UINTMAX_T 1" >>confdefs.h
+
+else
+  test $ac_cv_type_unsigned_long_long_int = yes \
+       && ac_type='unsigned long long int' \
+       || ac_type='unsigned long int'
+
+cat >>confdefs.h <<_ACEOF
+#define uintmax_t $ac_type
+_ACEOF
+
+fi
+
+
+  ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default"
+if test "x$ac_cv_type_ptrdiff_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_PTRDIFF_T 1
+_ACEOF
+
+
+fi
+
+  # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5
+$as_echo_n "checking size of unsigned long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long"        "$ac_includes_default"; then :
+
+else
+  if test "$ac_cv_type_unsigned_long" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_unsigned_long=0
+   fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long
+_ACEOF
+
+
+  # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of void *" >&5
+$as_echo_n "checking size of void *... " >&6; }
+if ${ac_cv_sizeof_void_p+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (void *))" "ac_cv_sizeof_void_p"        "$ac_includes_default"; then :
+
+else
+  if test "$ac_cv_type_void_p" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (void *)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_void_p=0
+   fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_void_p" >&5
+$as_echo "$ac_cv_sizeof_void_p" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_VOID_P $ac_cv_sizeof_void_p
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  _gcc_psign=yes
-else
-  _gcc_psign=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-      { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_gcc_psign" >&5
-$as_echo "$_gcc_psign" >&6; }
-      CFLAGS=$_gcc_cflags_save;
-    fi
-    if test x"$_gcc_psign" = xyes ; then
-       CFLAGS="$CFLAGS -Wno-pointer-sign"
-    fi
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gcc supports -Wpointer-arith" >&5
-$as_echo_n "checking if gcc supports -Wpointer-arith... " >&6; }
-    _gcc_cflags_save=$CFLAGS
-    CFLAGS="-Wpointer-arith"
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
 
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_langinfo and THOUSANDS_SEP" >&5
+$as_echo_n "checking for nl_langinfo and THOUSANDS_SEP... " >&6; }
+if ${estream_cv_langinfo_thousands_sep+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include 
 int
 main ()
 {
-
+char* cs = nl_langinfo(THOUSANDS_SEP); return !cs;
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-  _gcc_psign=yes
+if ac_fn_c_try_link "$LINENO"; then :
+  estream_cv_langinfo_thousands_sep=yes
 else
-  _gcc_psign=no
+  estream_cv_langinfo_thousands_sep=no
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_gcc_psign" >&5
-$as_echo "$_gcc_psign" >&6; }
-    CFLAGS=$_gcc_cflags_save;
-    if test x"$_gcc_psign" = xyes ; then
-       CFLAGS="$CFLAGS -Wpointer-arith"
-    fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+
 fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $estream_cv_langinfo_thousands_sep" >&5
+$as_echo "$estream_cv_langinfo_thousands_sep" >&6; }
+  if test $estream_cv_langinfo_thousands_sep = yes; then
+
+$as_echo "#define HAVE_LANGINFO_THOUSANDS_SEP 1" >>confdefs.h
+
+  fi
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking system features for estream" >&5
+$as_echo "$as_me: checking system features for estream" >&6;}
 
 
-#
-# This is handy for debugging so the compiler doesn't rearrange
-# things and eliminate variables.
-#
-# Check whether --enable-optimization was given.
-if test "${enable_optimization+set}" = set; then :
-  enableval=$enable_optimization; if test $enableval = no ; then
-                      CFLAGS=`echo $CFLAGS | sed s/-O[1-9]\ /-O0\ /g`
-                   fi
-fi
 
 
 #
 # Decide what to build
 #
+if test "$have_adns" = "yes"; then
+  GPGKEYS_KDNS="gpg2keys_kdns$EXEEXT"
+
+fi
+
+
+missing_pth=no
+if test $have_ksba = no; then
+  build_gpgsm=no
+  build_scdaemon=no
+fi
+
+build_agent_threaded=""
+if test "$build_agent" = "yes"; then
+  if test $have_pth = no; then
+     build_agent_threaded="(not multi-threaded)"
+     missing_pth=yes
+  fi
+fi
 
 build_scdaemon_extra=""
 if test "$build_scdaemon" = "yes"; then
+  tmp=""
+  if test $have_pth = no; then
+     build_scdaemon_extra="not multi-threaded"
+     tmp=", "
+     missing_pth=yes
+  fi
   if test $have_libusb = no; then
-     build_scdaemon_extra="without internal CCID driver"
+     build_scdaemon_extra="${tmp}without internal CCID driver"
+     tmp=", "
   fi
   if test -n "$build_scdaemon_extra"; then
      build_scdaemon_extra="(${build_scdaemon_extra})"
@@ -15155,9 +16336,15 @@
 fi
 
 
-#
-# Set variables for use by automake makefiles.
-#
+if test "$build_agent_only" = "yes" ; then
+  build_gpg=no
+  build_gpgsm=no
+  build_scdaemon=no
+  build_tools=no
+  build_doc=no
+fi
+
+
  if test "$build_gpg" = "yes"; then
   BUILD_GPG_TRUE=
   BUILD_GPG_FALSE='#'
@@ -15190,22 +16377,6 @@
   BUILD_SCDAEMON_FALSE=
 fi
 
- if test "$build_g13" = "yes"; then
-  BUILD_G13_TRUE=
-  BUILD_G13_FALSE='#'
-else
-  BUILD_G13_TRUE='#'
-  BUILD_G13_FALSE=
-fi
-
- if test "$build_dirmngr" = "yes"; then
-  BUILD_DIRMNGR_TRUE=
-  BUILD_DIRMNGR_FALSE='#'
-else
-  BUILD_DIRMNGR_TRUE='#'
-  BUILD_DIRMNGR_FALSE=
-fi
-
  if test "$build_tools" = "yes"; then
   BUILD_TOOLS_TRUE=
   BUILD_TOOLS_FALSE='#'
@@ -15239,23 +16410,6 @@
 fi
 
 
- if test "$card_support" = yes; then
-  ENABLE_CARD_SUPPORT_TRUE=
-  ENABLE_CARD_SUPPORT_FALSE='#'
-else
-  ENABLE_CARD_SUPPORT_TRUE='#'
-  ENABLE_CARD_SUPPORT_FALSE=
-fi
-
- if test "$use_trust_models" = no; then
-  NO_TRUST_MODELS_TRUE=
-  NO_TRUST_MODELS_FALSE='#'
-else
-  NO_TRUST_MODELS_TRUE='#'
-  NO_TRUST_MODELS_FALSE=
-fi
-
-
  if test x$cross_compiling = xno -a "$build_gpg" = yes ; then
   RUN_GPG_TESTS_TRUE=
   RUN_GPG_TESTS_FALSE='#'
@@ -15265,178 +16419,11 @@
 fi
 
 
-#
-# Set some defines for use gpgconf.
-#
-if test "$build_gpg" = yes ; then
-
-$as_echo "#define BUILD_WITH_GPG 1" >>confdefs.h
-
-fi
-if test "$build_gpgsm" = yes ; then
-
-$as_echo "#define BUILD_WITH_GPGSM 1" >>confdefs.h
-
-fi
-if test "$build_agent" = yes ; then
-
-$as_echo "#define BUILD_WITH_AGENT 1" >>confdefs.h
-
-fi
-if test "$build_scdaemon" = yes ; then
-
-$as_echo "#define BUILD_WITH_SCDAEMON 1" >>confdefs.h
-
-fi
-if test "$build_dirmngr" = yes ; then
-
-$as_echo "#define BUILD_WITH_DIRMNGR 1" >>confdefs.h
-
-fi
-if test "$build_g13" = yes ; then
-
-$as_echo "#define BUILD_WITH_G13 1" >>confdefs.h
-
-fi
-
-
-#
-# Define Name strings
-#
-
-cat >>confdefs.h <<_ACEOF
-#define GNUPG_NAME "GnuPG"
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPG_NAME "gpg"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPG_DISP_NAME "GnuPG"
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPGSM_NAME "gpgsm"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPGSM_DISP_NAME "GPGSM"
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPG_AGENT_NAME "gpg-agent"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPG_AGENT_DISP_NAME "GPG Agent"
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define SCDAEMON_NAME "scdaemon"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define SCDAEMON_DISP_NAME "SCDaemon"
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define DIRMNGR_NAME "dirmngr"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define DIRMNGR_DISP_NAME "DirMngr"
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define G13_NAME "g13"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define G13_DISP_NAME "G13"
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPGCONF_NAME "gpgconf"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPGCONF_DISP_NAME "GPGConf"
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPGTAR_NAME "gpgtar"
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPG_AGENT_SOCK_NAME "S.gpg-agent"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPG_AGENT_SSH_SOCK_NAME "S.gpg-agent.ssh"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define DIRMNGR_INFO_NAME "DIRMNGR_INFO"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define SCDAEMON_SOCK_NAME "S.scdaemon"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define DIRMNGR_SOCK_NAME "S.dirmngr"
-_ACEOF
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define GPGEXT_GPG "gpg"
-_ACEOF
-
-
-if test "$have_w32_system" = yes; then
-
-cat >>confdefs.h <<_ACEOF
-#define GNUPG_REGISTRY_DIR "\\\\Software\\\\GNU\\\\GnuPG"
-_ACEOF
-
-fi
-
 
 #
 # Provide information about the build.
 #
-BUILD_REVISION="a499eeb"
+BUILD_REVISION="58126e8"
 
 
 cat >>confdefs.h <<_ACEOF
@@ -15444,10 +16431,8 @@
 _ACEOF
 
 
-BUILD_VERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./'`
-BUILD_VERSION="${BUILD_VERSION}42137"
-BUILD_FILEVERSION=`echo "${BUILD_VERSION}" | tr . ,`
-
+BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
+BUILD_FILEVERSION="${BUILD_FILEVERSION}22546"
 
 
 BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`
@@ -15490,14 +16475,14 @@
 *** You need libgcrypt to build this program.
 **  This library is for example available at
 ***   ftp://ftp.gnupg.org/gcrypt/libgcrypt/
-*** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API) is required.)
+*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)
 ***" >&5
 $as_echo "$as_me:
 ***
 *** You need libgcrypt to build this program.
 **  This library is for example available at
 ***   ftp://ftp.gnupg.org/gcrypt/libgcrypt/
-*** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API) is required.)
+*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)
 ***" >&6;}
 fi
 if test "$have_libassuan" = "no"; then
@@ -15518,7 +16503,6 @@
 ***" >&6;}
 fi
 if test "$have_ksba" = "no"; then
-    die=yes
     { $as_echo "$as_me:${as_lineno-$LINENO}:
 ***
 *** You need libksba to build this program.
@@ -15534,60 +16518,62 @@
 *** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
 ***" >&6;}
 fi
-if test "$gnupg_have_ldap" = yes; then
-  if test "$have_w32ce_system" = yes; then
+if test "$missing_pth" = "yes"; then
     { $as_echo "$as_me:${as_lineno-$LINENO}:
-*** Note that CeGCC might be broken, a package fixing this is:
-***    http://files.kolab.org/local/windows-ce/
-***                           source/wldap32_0.1-mingw32ce.orig.tar.gz
-***                           binary/wldap32-ce-arm-dev_0.1-1_all.deb
+***
+*** It is now required to build with support for the
+*** GNU Portable Threads Library (Pth). Please install this
+*** library first.  The library is for example available at
+***   ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you can install it using
+***   apt-get install libpth-dev
+*** To build GnuPG for Windows you need to use the W32PTH
+*** package; available at:
+***   ftp://ftp.g10code.com/g10code/w32pth/
 ***" >&5
 $as_echo "$as_me:
-*** Note that CeGCC might be broken, a package fixing this is:
-***    http://files.kolab.org/local/windows-ce/
-***                           source/wldap32_0.1-mingw32ce.orig.tar.gz
-***                           binary/wldap32-ce-arm-dev_0.1-1_all.deb
+***
+*** It is now required to build with support for the
+*** GNU Portable Threads Library (Pth). Please install this
+*** library first.  The library is for example available at
+***   ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you can install it using
+***   apt-get install libpth-dev
+*** To build GnuPG for Windows you need to use the W32PTH
+*** package; available at:
+***   ftp://ftp.g10code.com/g10code/w32pth/
 ***" >&6;}
-   fi
+   die=yes
 fi
-if test "$have_npth" = "no"; then
-    die=yes
+if test "$missing_zlib" = "yes"; then
     { $as_echo "$as_me:${as_lineno-$LINENO}:
 ***
-*** It is now required to build with support for the
-*** New Portable Threads Library (nPth). Please install this
-*** library first.  The library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/npth/
-*** (at least version $NEED_NPTH_VERSION (API $NEED_NPTH_API) is required).
+*** The zlib compression library is required.
+*** Please install a suitable development package
+*** (e.g. Debian package zlib1g-dev) or download
+*** it from http://zlib.net and build yourself.
 ***" >&5
 $as_echo "$as_me:
 ***
-*** It is now required to build with support for the
-*** New Portable Threads Library (nPth). Please install this
-*** library first.  The library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/npth/
-*** (at least version $NEED_NPTH_VERSION (API $NEED_NPTH_API) is required).
+*** The zlib compression library is required.
+*** Please install a suitable development package
+*** (e.g. Debian package zlib1g-dev) or download
+*** it from http://zlib.net and build yourself.
 ***" >&6;}
+   die=yes
 fi
-
-if test "$require_iconv" = yes; then
-  if test "$am_func_iconv" != yes; then
-    die=yes
+if test "$missing_iconv" = "yes"; then
     { $as_echo "$as_me:${as_lineno-$LINENO}:
 ***
-*** The system does not provide a working iconv function.  Please
-*** install a suitable library; for example GNU Libiconv which is
-*** available at:
-***   http://ftp.gnu.org/gnu/libiconv/
+*** It is now required to build with support for iconv
+*** Please install a suitable iconv implementation.
 ***" >&5
 $as_echo "$as_me:
 ***
-*** The system does not provide a working iconv function.  Please
-*** install a suitable library; for example GNU Libiconv which is
-*** available at:
-***   http://ftp.gnu.org/gnu/libiconv/
+*** It is now required to build with support for iconv
+*** Please install a suitable iconv implementation.
 ***" >&6;}
-  fi
+   die=yes
 fi
 
 if test "$die" = "yes"; then
@@ -15600,9 +16586,7 @@
 
 
 
-ac_config_files="$ac_config_files m4/Makefile Makefile po/Makefile.in common/Makefile common/w32info-rc.h kbx/Makefile g10/Makefile sm/Makefile agent/Makefile scd/Makefile g13/Makefile dirmngr/Makefile tools/gpg-zip tools/Makefile doc/Makefile tests/Makefile tests/openpgp/Makefile tests/pkits/Makefile g10/gpg.w32-manifest"
-
-
+ac_config_files="$ac_config_files m4/Makefile Makefile po/Makefile.in gl/Makefile include/Makefile jnlib/Makefile common/Makefile common/w32info-rc.h kbx/Makefile g10/Makefile sm/Makefile agent/Makefile scd/Makefile keyserver/Makefile keyserver/gpg2keys_mailto keyserver/gpg2keys_test tools/gpg-zip tools/Makefile doc/Makefile tests/Makefile tests/openpgp/Makefile tests/pkits/Makefile"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -15698,7 +16682,6 @@
 
 ac_libobjs=
 ac_ltlibobjs=
-U=
 for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
   # 1. Remove the extension, and $U if already installed.
   ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
@@ -15757,10 +16740,6 @@
   as_fn_error $? "conditional \"GNUPG_PROTECT_TOOL_PGM\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${GNUPG_DIRMNGR_LDAP_PGM_TRUE}" && test -z "${GNUPG_DIRMNGR_LDAP_PGM_FALSE}"; then
-  as_fn_error $? "conditional \"GNUPG_DIRMNGR_LDAP_PGM\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
 if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then
   as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -15777,6 +16756,10 @@
   as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${WORKING_FAQPROG_TRUE}" && test -z "${WORKING_FAQPROG_FALSE}"; then
+  as_fn_error $? "conditional \"WORKING_FAQPROG\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${HAVE_USTAR_TRUE}" && test -z "${HAVE_USTAR_FALSE}"; then
   as_fn_error $? "conditional \"HAVE_USTAR\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -15793,28 +16776,16 @@
   as_fn_error $? "conditional \"HAVE_W32_SYSTEM\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${HAVE_W32CE_SYSTEM_TRUE}" && test -z "${HAVE_W32CE_SYSTEM_FALSE}"; then
-  as_fn_error $? "conditional \"HAVE_W32CE_SYSTEM\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_ANDROID_SYSTEM_TRUE}" && test -z "${HAVE_ANDROID_SYSTEM_FALSE}"; then
-  as_fn_error $? "conditional \"HAVE_ANDROID_SYSTEM\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${RUN_TESTS_TRUE}" && test -z "${RUN_TESTS_FALSE}"; then
-  as_fn_error $? "conditional \"RUN_TESTS\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
 if test -z "${USE_DNS_SRV_TRUE}" && test -z "${USE_DNS_SRV_FALSE}"; then
   as_fn_error $? "conditional \"USE_DNS_SRV\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${USE_LDAP_TRUE}" && test -z "${USE_LDAP_FALSE}"; then
-  as_fn_error $? "conditional \"USE_LDAP\" was never defined.
+if test -z "${FAKE_CURL_TRUE}" && test -z "${FAKE_CURL_FALSE}"; then
+  as_fn_error $? "conditional \"FAKE_CURL\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${USE_LDAPWRAPPER_TRUE}" && test -z "${USE_LDAPWRAPPER_FALSE}"; then
-  as_fn_error $? "conditional \"USE_LDAPWRAPPER\" was never defined.
+if test -z "${GL_COND_LIBTOOL_TRUE}" && test -z "${GL_COND_LIBTOOL_FALSE}"; then
+  as_fn_error $? "conditional \"GL_COND_LIBTOOL\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
 if test -z "${DISABLE_REGEX_TRUE}" && test -z "${DISABLE_REGEX_FALSE}"; then
@@ -15845,14 +16816,6 @@
   as_fn_error $? "conditional \"BUILD_SCDAEMON\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${BUILD_G13_TRUE}" && test -z "${BUILD_G13_FALSE}"; then
-  as_fn_error $? "conditional \"BUILD_G13\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${BUILD_DIRMNGR_TRUE}" && test -z "${BUILD_DIRMNGR_FALSE}"; then
-  as_fn_error $? "conditional \"BUILD_DIRMNGR\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
 if test -z "${BUILD_TOOLS_TRUE}" && test -z "${BUILD_TOOLS_FALSE}"; then
   as_fn_error $? "conditional \"BUILD_TOOLS\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -15869,14 +16832,6 @@
   as_fn_error $? "conditional \"BUILD_GPGTAR\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${ENABLE_CARD_SUPPORT_TRUE}" && test -z "${ENABLE_CARD_SUPPORT_FALSE}"; then
-  as_fn_error $? "conditional \"ENABLE_CARD_SUPPORT\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${NO_TRUST_MODELS_TRUE}" && test -z "${NO_TRUST_MODELS_FALSE}"; then
-  as_fn_error $? "conditional \"NO_TRUST_MODELS\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
 if test -z "${RUN_GPG_TESTS_TRUE}" && test -z "${RUN_GPG_TESTS_FALSE}"; then
   as_fn_error $? "conditional \"RUN_GPG_TESTS\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16278,7 +17233,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by gnupg $as_me 2.1.6, which was
+This file was extended by gnupg $as_me 2.0.28, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -16344,7 +17299,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-gnupg config.status 2.1.6
+gnupg config.status 2.0.28
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
@@ -16486,6 +17441,9 @@
     "m4/Makefile") CONFIG_FILES="$CONFIG_FILES m4/Makefile" ;;
     "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
     "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;;
+    "gl/Makefile") CONFIG_FILES="$CONFIG_FILES gl/Makefile" ;;
+    "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
+    "jnlib/Makefile") CONFIG_FILES="$CONFIG_FILES jnlib/Makefile" ;;
     "common/Makefile") CONFIG_FILES="$CONFIG_FILES common/Makefile" ;;
     "common/w32info-rc.h") CONFIG_FILES="$CONFIG_FILES common/w32info-rc.h" ;;
     "kbx/Makefile") CONFIG_FILES="$CONFIG_FILES kbx/Makefile" ;;
@@ -16493,15 +17451,15 @@
     "sm/Makefile") CONFIG_FILES="$CONFIG_FILES sm/Makefile" ;;
     "agent/Makefile") CONFIG_FILES="$CONFIG_FILES agent/Makefile" ;;
     "scd/Makefile") CONFIG_FILES="$CONFIG_FILES scd/Makefile" ;;
-    "g13/Makefile") CONFIG_FILES="$CONFIG_FILES g13/Makefile" ;;
-    "dirmngr/Makefile") CONFIG_FILES="$CONFIG_FILES dirmngr/Makefile" ;;
+    "keyserver/Makefile") CONFIG_FILES="$CONFIG_FILES keyserver/Makefile" ;;
+    "keyserver/gpg2keys_mailto") CONFIG_FILES="$CONFIG_FILES keyserver/gpg2keys_mailto" ;;
+    "keyserver/gpg2keys_test") CONFIG_FILES="$CONFIG_FILES keyserver/gpg2keys_test" ;;
     "tools/gpg-zip") CONFIG_FILES="$CONFIG_FILES tools/gpg-zip" ;;
     "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
     "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
     "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;;
     "tests/openpgp/Makefile") CONFIG_FILES="$CONFIG_FILES tests/openpgp/Makefile" ;;
     "tests/pkits/Makefile") CONFIG_FILES="$CONFIG_FILES tests/pkits/Makefile" ;;
-    "g10/gpg.w32-manifest") CONFIG_FILES="$CONFIG_FILES g10/gpg.w32-manifest" ;;
 
   *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
   esac
@@ -17200,7 +18158,7 @@
       case "$ac_file" in */Makefile.in)
         # Adjust a relative srcdir.
         ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
-        ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
+        ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'`
         ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
         # In autoconf-2.13 it is called $ac_given_srcdir.
         # In autoconf-2.50 it is called $srcdir.
@@ -17216,7 +18174,8 @@
         if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then
           rm -f "$ac_dir/POTFILES"
           test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES"
-          cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ 	]*\$/d" -e "s,.*,     $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES"
+          gt_tab=`printf '\t'`
+          cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ${gt_tab}]*\$/d" -e "s,.*,     $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES"
           POMAKEFILEDEPS="POTFILES.in"
           # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend
           # on $ac_dir but don't depend on user-specified configuration
@@ -17227,12 +18186,12 @@
               test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
             fi
             ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
-            # Hide the ALL_LINGUAS assigment from automake < 1.5.
+            # Hide the ALL_LINGUAS assignment from automake < 1.5.
             eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
             POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
           else
             # The set of available languages was given in configure.in.
-            # Hide the ALL_LINGUAS assigment from automake < 1.5.
+            # Hide the ALL_LINGUAS assignment from automake < 1.5.
             eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS'
           fi
           # Compute POFILES
@@ -17346,35 +18305,26 @@
 echo "
         GnuPG v${VERSION} has been configured as follows:
 
-        Revision:  a499eeb  (42137)
+        Revision:  58126e8  (22546)
         Platform:  $PRINTABLE_OS_NAME ($host)
 
         OpenPGP:   $build_gpg
         S/MIME:    $build_gpgsm
-        Agent:     $build_agent
+        Agent:     $build_agent $build_agent_threaded
         Smartcard: $build_scdaemon $build_scdaemon_extra
-        G13:       $build_g13
-        Dirmngr:   $build_dirmngr
         Gpgtar:    $build_gpgtar
 
         Protect tool:      $show_gnupg_protect_tool_pgm
-        LDAP wrapper:      $show_gnupg_dirmngr_ldap_pgm
         Default agent:     $show_gnupg_agent_pgm
         Default pinentry:  $show_gnupg_pinentry_pgm
         Default scdaemon:  $show_gnupg_scdaemon_pgm
         Default dirmngr:   $show_gnupg_dirmngr_pgm
-
-        Dirmngr auto start:  $dirmngr_auto_start
-        Readline support:    $gnupg_cv_have_readline
-        LDAP support:        $gnupg_have_ldap
-        DNS SRV support:     $use_dns_srv
-        TLS support:         $use_tls_library
 "
 if test x"$use_regex" != xyes ; then
 echo "
         Warning: No regular expression support available.
                  OpenPGP trust signatures won't work.
-                 gpg-check-pattern will not be built.
+                 gpg-check-pattern will not be build.
 "
 fi
 if test "x${gpg_config_script_warn}" != x; then
diff -Nru gnupg2-2.1.6/configure.ac gnupg2-2.0.28/configure.ac
--- gnupg2-2.1.6/configure.ac	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/configure.ac	2015-06-02 08:13:55.000000000 +0000
@@ -1,6 +1,7 @@
-# configure.ac - for GnuPG 2.1
-# Copyright (C) 1998-2012 Free Software Foundation, Inc.
-# Copyright (C) 1998-2015 Werner Koch
+# configure.ac - for GnuPG 2.0
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+#               2006, 2007, 2008, 2010, 2011,
+#               2012 Free Software Foundation, Inc.
 #
 # This file is part of GnuPG.
 #
@@ -25,59 +26,43 @@
 # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force".  Please
 # bump the version number immediately *after* the release and do
 # another commit and push so that the git magic is able to work.
-m4_define([mym4_package],[gnupg])
-m4_define([mym4_major], [2])
-m4_define([mym4_minor], [1])
-m4_define([mym4_micro], [6])
-
-# To start a new development series, i.e a new major or minor number
-# you need to mark an arbitrary commit before the first beta release
-# with an annotated tag.  For example the 2.1 branch starts off with
-# the tag "gnupg-2.1-base".  This is used as the base for counting
-# beta numbers before the first release of a series.
+m4_define([mym4_version], [2.0.28])
 
 # Below is m4 magic to extract and compute the git revision number,
 # the decimalized short revision number, a beta version string and a
-# flag indicating a development version (mym4_isbeta).  Note that the
+# flag indicating a development version (mym4_isgit).  Note that the
 # m4 processing is done by autoconf and not during the configure run.
-m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \
-                           mym4_package mym4_major mym4_minor mym4_micro),[:]))
-m4_define([mym4_isbeta],       m4_argn(2, mym4_verslist))
-m4_define([mym4_version],      m4_argn(4, mym4_verslist))
-m4_define([mym4_revision],     m4_argn(7, mym4_verslist))
-m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
-m4_esyscmd([echo ]mym4_version[>VERSION])
-AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org])
+m4_define([mym4_revision],
+          m4_esyscmd([git rev-parse --short HEAD | tr -d '\n\r']))
+m4_define([mym4_revision_dec],
+          m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))]))
+m4_define([mym4_betastring],
+          m4_esyscmd_s([git describe --match 'gnupg-2.[0-9].*[0-9]' --long|\
+                        awk -F- '$3!=0{print"-beta"$3}']))
+m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes]))
+m4_define([mym4_full_version],[mym4_version[]mym4_betastring])
 
-NEED_GPG_ERROR_VERSION=1.16
+AC_INIT([gnupg],[mym4_full_version], [http://bugs.gnupg.org])
+
+NEED_GPG_ERROR_VERSION=1.11
 
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.6.0
+NEED_LIBGCRYPT_VERSION=1.5.0
 
 NEED_LIBASSUAN_API=2
-NEED_LIBASSUAN_VERSION=2.1.0
+NEED_LIBASSUAN_VERSION=2.0.0
 
 NEED_KSBA_API=1
-NEED_KSBA_VERSION=1.2.0
-
-NEED_NTBTLS_API=1
-NEED_NTBTLS_VERSION=0.1.0
-
-NEED_NPTH_API=1
-NEED_NPTH_VERSION=0.91
-
-
-NEED_GNUTLS_VERSION=3.0
-
+NEED_KSBA_VERSION=1.0.7
 
-development_version=mym4_isbeta
+development_version=mym4_isgit
 PACKAGE=$PACKAGE_NAME
 PACKAGE_GT=${PACKAGE_NAME}2
 VERSION=$PACKAGE_VERSION
 
-AC_CONFIG_AUX_DIR([build-aux])
-AC_CONFIG_SRCDIR([sm/gpgsm.c])
-AC_CONFIG_HEADER([config.h])
+AC_CONFIG_AUX_DIR(scripts)
+AC_CONFIG_SRCDIR(sm/gpgsm.c)
+AM_CONFIG_HEADER(config.h)
 AM_INIT_AUTOMAKE([serial-tests dist-bzip2 no-dist-gzip])
 AC_CANONICAL_HOST
 AB_INIT
@@ -89,34 +74,26 @@
 have_libgcrypt=no
 have_libassuan=no
 have_ksba=no
-have_ntbtls=no
-have_gnutls=no
-have_npth=no
+have_pth=no
 have_libusb=no
 have_adns=no
-gnupg_have_ldap="n/a"
 
-use_zip=yes
 use_bzip2=yes
 use_exec=yes
-use_trust_models=yes
-card_support=yes
+disable_keyserver_path=no
 use_ccid_driver=yes
-dirmngr_auto_start=yes
-use_tls_library=no
+use_standard_socket=no
 large_secmem=no
 
 GNUPG_BUILD_PROGRAM(gpg, yes)
 GNUPG_BUILD_PROGRAM(gpgsm, yes)
-# The agent is a required part and can't be disabled anymore.
-build_agent=yes
+GNUPG_BUILD_PROGRAM(agent, yes)
 GNUPG_BUILD_PROGRAM(scdaemon, yes)
-GNUPG_BUILD_PROGRAM(g13, yes)
-GNUPG_BUILD_PROGRAM(dirmngr, yes)
 GNUPG_BUILD_PROGRAM(tools, yes)
 GNUPG_BUILD_PROGRAM(doc, yes)
 GNUPG_BUILD_PROGRAM(symcryptrun, no)
-GNUPG_BUILD_PROGRAM(gpgtar, yes)
+GNUPG_BUILD_PROGRAM(gpgtar, no)
+
 
 AC_SUBST(PACKAGE)
 AC_SUBST(PACKAGE_GT)
@@ -131,9 +108,6 @@
                                        [Required version of Libgcrypt])
 AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION",
                                        [Required version of Libksba])
-AC_DEFINE_UNQUOTED(NEED_NTBTLS_VERSION, "$NEED_NTBTLS_VERSION",
-                                       [Required version of NTBTLS])
-
 
 
 # The default is to use the modules from this package and the few
@@ -184,33 +158,13 @@
 test -n "$GNUPG_PROTECT_TOOL_PGM" \
       && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
 
-AC_ARG_WITH(dirmngr-ldap-pgm,
-    [  --with-dirmngr-ldap-pgm=PATH  Use PATH as the default for the dirmnge ldap wrapper)],
-          GNUPG_DIRMNGR_LDAP_PGM="$withval", GNUPG_DIRMNGR_LDAP_PGM="" )
-AC_SUBST(GNUPG_DIRMNGR_LDAP_PGM)
-AM_CONDITIONAL(GNUPG_DIRMNGR_LDAP_PGM, test -n "$GNUPG_DIRMNGR_LDAP_PGM")
-show_gnupg_dirmngr_ldap_pgm="(default)"
-test -n "$GNUPG_DIRMNGR_LDAP_PGM" \
-      && show_gnupg_dirmngr_ldap_pgm="$GNUPG_DIRMNGR_LDAP_PGM"
-
-#
-# On some platforms gpg2 is usually installed as gpg without using a
-# symlink.  For correct operation of gpgconf it needs to know the
-# installed name of gpg.  This option sets "gpg2"'s installed name to
-# just "gpg".  Note that it might be required to rename gpg2 to gpg
-# manually after the build process.
-#
-AC_ARG_ENABLE(gpg2-is-gpg,
-    AC_HELP_STRING([--enable-gpg2-is-gpg],[Set installed name of gpg2 to gpg]),
-    gpg2_is_gpg=$enableval)
-if test "$gpg2_is_gpg" = "yes"; then
-   name_of_installed_gpg=gpg
-else
-   name_of_installed_gpg=gpg2
-fi
-AC_DEFINE_UNQUOTED(NAME_OF_INSTALLED_GPG, "$name_of_installed_gpg",
-                   [The name of the installed GPG tool])
 
+# Some folks want to use only the agent from this packet.  Make it
+# easier for them by providing the configure option
+# --enable-only-agent.
+AC_ARG_ENABLE(agent-only,
+    AC_HELP_STRING([--enable-agent-only],[build only the gpg-agent]),
+    build_agent_only=$enableval)
 
 # SELinux support includes tracking of sensitive files to avoid
 # leaking their contents through processing these files by gpg itself
@@ -236,59 +190,6 @@
 AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE,
                    [Size of secure memory buffer])
 
-AC_MSG_CHECKING([whether to enable trust models])
-AC_ARG_ENABLE(trust-models,
-              AC_HELP_STRING([--disable-trust-models],
-                             [disable all trust models except "always"]),
-              use_trust_models=$enableval)
-AC_MSG_RESULT($use_trust_models)
-if test "$use_trust_models" = no ; then
-    AC_DEFINE(NO_TRUST_MODELS, 1,
-             [Define to include only trust-model always])
-fi
-
-
-#
-# Options to disable algorithm
-#
-
-GNUPG_GPG_DISABLE_ALGO([rsa],[RSA public key])
-# Elgamal is a MUST algorithm
-# DSA is a MUST algorithm
-GNUPG_GPG_DISABLE_ALGO([ecdh],[ECDH public key])
-GNUPG_GPG_DISABLE_ALGO([ecdsa],[ECDSA public key])
-GNUPG_GPG_DISABLE_ALGO([eddsa],[EdDSA public key])
-
-GNUPG_GPG_DISABLE_ALGO([idea],[IDEA cipher])
-# 3DES is a MUST algorithm
-GNUPG_GPG_DISABLE_ALGO([cast5],[CAST5 cipher])
-GNUPG_GPG_DISABLE_ALGO([blowfish],[BLOWFISH cipher])
-GNUPG_GPG_DISABLE_ALGO([aes128],[AES128 cipher])
-GNUPG_GPG_DISABLE_ALGO([aes192],[AES192 cipher])
-GNUPG_GPG_DISABLE_ALGO([aes256],[AES256 cipher])
-GNUPG_GPG_DISABLE_ALGO([twofish],[TWOFISH cipher])
-GNUPG_GPG_DISABLE_ALGO([camellia128],[CAMELLIA128 cipher])
-GNUPG_GPG_DISABLE_ALGO([camellia192],[CAMELLIA192 cipher])
-GNUPG_GPG_DISABLE_ALGO([camellia256],[CAMELLIA256 cipher])
-
-GNUPG_GPG_DISABLE_ALGO([md5],[MD5 hash])
-# SHA1 is a MUST algorithm
-GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash])
-GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash])
-# SHA256 is a MUST algorithm for GnuPG.
-GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash])
-GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash])
-
-
-# Allow disabling of zip support.
-# This is in general not a good idea because according to rfc4880 OpenPGP
-# implementations SHOULD support ZLIB.
-AC_MSG_CHECKING([whether to enable the ZIP and ZLIB compression algorithm])
-AC_ARG_ENABLE(zip,
-   AC_HELP_STRING([--disable-zip],
-                  [disable the ZIP and ZLIB compression algorithm]),
-   use_zip=$enableval)
-AC_MSG_RESULT($use_zip)
 
 # Allow disabling of bzib2 support.
 # It is defined only after we confirm the library is available later
@@ -331,6 +232,61 @@
         fi],withval=no)
     AC_MSG_RESULT($withval)
   fi
+
+  AC_MSG_CHECKING([whether to enable external keyserver helpers])
+  AC_ARG_ENABLE(keyserver-helpers,
+      [  --disable-keyserver-helpers  disable all external keyserver support],
+      [if test "$enableval" = no ; then
+         AC_DEFINE(DISABLE_KEYSERVER_HELPERS,1,
+                  [define to disable keyserver helpers])
+      fi],enableval=yes)
+  gnupg_cv_enable_keyserver_helpers=$enableval
+  AC_MSG_RESULT($enableval)
+
+  if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
+    # LDAP is defined only after we confirm the library is available later
+    AC_MSG_CHECKING([whether LDAP keyserver support is requested])
+    AC_ARG_ENABLE(ldap,
+      AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
+      try_ldap=$enableval, try_ldap=yes)
+    AC_MSG_RESULT($try_ldap)
+
+    AC_MSG_CHECKING([whether HKP keyserver support is requested])
+    AC_ARG_ENABLE(hkp,
+      AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
+      try_hkp=$enableval, try_hkp=yes)
+    AC_MSG_RESULT($try_hkp)
+
+    AC_MSG_CHECKING([whether finger key fetching support is requested])
+    AC_ARG_ENABLE(finger,
+      AC_HELP_STRING([--disable-finger],
+        [disable finger key fetching interface only]),
+      try_finger=$enableval, try_finger=yes)
+    AC_MSG_RESULT($try_finger)
+
+    AC_MSG_CHECKING([whether generic object key fetching support is requested])
+    AC_ARG_ENABLE(generic,
+      AC_HELP_STRING([--disable-generic],
+        [disable generic object key fetching interface only]),
+      try_generic=$enableval, try_generic=yes)
+    AC_MSG_RESULT($try_generic)
+
+    AC_MSG_CHECKING([whether email keyserver support is requested])
+    AC_ARG_ENABLE(mailto,
+      AC_HELP_STRING([--enable-mailto],
+	[enable email keyserver interface only]),
+      try_mailto=$enableval, try_mailto=no)
+    AC_MSG_RESULT($try_mailto)
+  fi
+
+  AC_MSG_CHECKING([whether keyserver exec-path is enabled])
+  AC_ARG_ENABLE(keyserver-path,
+      AC_HELP_STRING([--disable-keyserver-path],
+           [disable the exec-path option for keyserver helpers]),
+           [if test "$enableval" = no ; then
+              disable_keyserver_path=yes
+           fi],enableval=yes)
+  AC_MSG_RESULT($enableval)
 fi
 
 
@@ -368,19 +324,6 @@
 [use_capabilities="$withval"],[use_capabilities=no])
 AC_MSG_RESULT($use_capabilities)
 
-#
-# Check whether to disable the card support
-AC_MSG_CHECKING([whether smartcard support is requested])
-AC_ARG_ENABLE(card-support,
-              AC_HELP_STRING([--disable-card-support],
-                             [disable smartcard support]),
-              card_support=$enableval)
-AC_MSG_RESULT($card_support)
-if test "$card_support" = yes ; then
-  AC_DEFINE(ENABLE_CARD_SUPPORT,1,[Define to include smartcard support])
-else
-  build_scdaemon=no
-fi
 
 #
 # Allow disabling of internal CCID support.
@@ -393,17 +336,6 @@
               use_ccid_driver=$enableval)
 AC_MSG_RESULT($use_ccid_driver)
 
-AC_MSG_CHECKING([whether to auto start dirmngr])
-AC_ARG_ENABLE(dirmngr-auto-start,
-              AC_HELP_STRING([--disable-dirmngr-auto-start],
-                             [disable auto starting of the dirmngr]),
-              dirmngr_auto_start=$enableval)
-AC_MSG_RESULT($dirmngr_auto_start)
-if test "$dirmngr_auto_start" = yes ; then
-    AC_DEFINE(USE_DIRMNGR_AUTO_START,1,
-              [Define to enable auto starting of the dirmngr])
-fi
-
 
 #
 # To avoid double inclusion of config.h which might happen at some
@@ -454,39 +386,27 @@
 #define SAFE_VERSION_DASH '-'
 
 /* Some global constants. */
-#ifdef HAVE_DOSISH_SYSTEM
-# ifdef HAVE_DRIVE_LETTERS
-#  define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
-# else
-#  define GNUPG_DEFAULT_HOMEDIR "/gnupg"
-# endif
+#ifdef HAVE_DRIVE_LETTERS
+#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
 #elif defined(__VMS)
-#define GNUPG_DEFAULT_HOMEDIR "/SYS$LOGIN/gnupg"
+#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
 #else
 #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
 #endif
-#define GNUPG_PRIVATE_KEYS_DIR  "private-keys-v1.d"
-#define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d"
+#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
 
 /* For some systems (DOS currently), we hardcode the path here.  For
    POSIX systems the values are constructed by the Makefiles, so that
    the values may be overridden by the make invocations; this is to
-   comply with the GNU coding standards.  Note that these values are
-   only defaults.  */
-#ifdef HAVE_DOSISH_SYSTEM
-# ifdef HAVE_DRIVE_LETTERS
-#  define GNUPG_BINDIR      "c:\\gnupg"
-#  define GNUPG_LIBEXECDIR  "c:\\gnupg"
-#  define GNUPG_LIBDIR      "c:\\gnupg"
-#  define GNUPG_DATADIR     "c:\\gnupg"
-#  define GNUPG_SYSCONFDIR  "c:\\gnupg"
-# else
-#  define GNUPG_BINDIR      "\\gnupg"
-#  define GNUPG_LIBEXECDIR  "\\gnupg"
-#  define GNUPG_LIBDIR      "\\gnupg"
-#  define GNUPG_DATADIR     "\\gnupg"
-#  define GNUPG_SYSCONFDIR  "\\gnupg"
-# endif
+   comply with the GNU coding standards. */
+#ifdef HAVE_DRIVE_LETTERS
+ /* FIXME: We need to use a function to determine these values depending
+    on the actual installation directory. */
+#define GNUPG_BINDIR      "c:\\gnupg"
+#define GNUPG_LIBEXECDIR  "c:\\gnupg"
+#define GNUPG_LIBDIR      "c:\\gnupg"
+#define GNUPG_DATADIR     "c:\\gnupg"
+#define GNUPG_SYSCONFDIR  "c:\\gnupg"
 #endif
 
 /* Derive some other constants. */
@@ -518,14 +438,12 @@
 # endif
 #endif
 
-/* Provide the es_ macro for estream.  */
-#define GPGRT_ENABLE_ES_MACROS 1
 
 /* Tell libgcrypt not to use its own libgpg-error implementation. */
 #define USE_LIBGPG_ERROR 1
 
-/* Tell Libgcrypt not to include deprecated definitions.  */
-#define GCRYPT_NO_DEPRECATED 1
+/* We use jnlib, so tell other modules about it.  */
+#define HAVE_JNLIB_LOGGING 1
 
 /* Our HTTP code is used in estream mode.  */
 #define HTTP_USE_ESTREAM 1
@@ -535,11 +453,24 @@
    handler.  */
 #define HTTP_NO_WSASTARTUP
 
-/* Under Windows we use the gettext code from libgpg-error.  */
-#define GPG_ERR_ENABLE_GETTEXT_MACROS
+/* We always include support for the OpenPGP card.  */
+#define ENABLE_CARD_SUPPORT 1
+
+/* We don't want the old assuan codes anymore. */
+#define _ASSUAN_ONLY_GPG_ERRORS 1
 
-/* Under WindowsCE we use the strerror replacement from libgpg-error.  */
-#define GPG_ERR_ENABLE_ERRNO_MACROS
+/* We don't need any of the old gcrypt functions.  */
+#define GCRYPT_NO_DEPRECATED 1
+
+/* We explicitly need to disable PTH's soft mapping as Debian
+   currently enables it by default for no reason. */
+#define PTH_SYSCALL_SOFT 0
+
+/* We want to use the libgcrypt provided memory allocation for
+   asprintf.  */
+#define _ESTREAM_PRINTF_MALLOC        gcry_malloc
+#define _ESTREAM_PRINTF_FREE          gcry_free
+#define _ESTREAM_PRINTF_EXTRA_INCLUDE "util.h"
 
 #endif /*GNUPG_CONFIG_H_INCLUDED*/
 ])
@@ -558,7 +489,6 @@
 AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
 AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
 AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
-AM_SILENT_RULES
 AC_PROG_AWK
 AC_PROG_CC
 AC_PROG_CPP
@@ -573,12 +503,14 @@
 AC_PATH_PROG(PERL,"perl")
 AC_CHECK_TOOL(WINDRES, windres, :)
 AC_ISC_POSIX
+gl_EARLY
 AC_SYS_LARGEFILE
+GNUPG_CHECK_FAQPROG
 GNUPG_CHECK_USTAR
 
 # We need to compile and run a program on the build machine.  A
 # comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
-# the AC archive is broken for autoconf 2.57.  Given that there is no
+# the AC archive is broken for autoconf 2.57.  Given that tehre is no
 # newer version of that macro, we assume that it is also broken for
 # autoconf 2.61 and thus we use a simple but usually sufficient
 # approach.
@@ -594,41 +526,26 @@
 
 
 try_gettext=yes
-require_iconv=yes
 have_dosish_system=no
 have_w32_system=no
-have_w32ce_system=no
-have_android_system=no
-run_tests=yes
 use_simple_gettext=no
-use_ldapwrapper=yes
-mmap_needed=yes
 case "${host}" in
     *-mingw32*)
         # special stuff for Windoze NT
         ac_cv_have_dev_random=no
         AC_DEFINE(USE_ONLY_8DOT3,1,
-                  [Set this to limit filenames to the 8.3 format])
+                  [set this to limit filenames to the 8.3 format])
+        AC_DEFINE(HAVE_DRIVE_LETTERS,1,
+                  [defined if we must run on a stupid file system])
         AC_DEFINE(USE_SIMPLE_GETTEXT,1,
-                  [Because the Unix gettext has too much overhead on
+                  [because the Unix gettext has too much overhead on
                    MingW32 systems and these systems lack Posix functions,
                    we use a simplified version of gettext])
+        disable_keyserver_path=yes
         have_dosish_system=yes
         have_w32_system=yes
-        run_tests=no
-        use_ldapwrapper=no  # Fixme: Do this only for CE.
-        case "${host}" in
-          *-mingw32ce*)
-            have_w32ce_system=yes
-            ;;
-          *)
-            AC_DEFINE(HAVE_DRIVE_LETTERS,1,
-                      [Defined if the OS supports drive letters.])
-            ;;
-        esac
         try_gettext="no"
 	use_simple_gettext=yes
-	mmap_needed=no
         ;;
     i?86-emx-os2 | i?86-*-os2*emx )
         # OS/2 with the EMX environment
@@ -646,6 +563,12 @@
         try_gettext="no"
         ;;
 
+    *-*-freebsd*)
+       # FreeBSD
+       CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+       LDFLAGS="$LDFLAGS -L/usr/local/lib"
+       ;;
+
     *-*-hpux*)
         if test -z "$GCC" ; then
             CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
@@ -669,13 +592,6 @@
         ;;
     m68k-atari-mint)
         ;;
-    *-linux-androideabi)
-        have_android_system=yes
-        # Android is fully utf-8 and we do not want to use iconv to
-        # keeps things simple
-        require_iconv=no
-        run_tests=no
-        ;;
     *)
        ;;
 esac
@@ -684,8 +600,7 @@
    AC_DEFINE(HAVE_DOSISH_SYSTEM,1,
              [Defined if we run on some of the PCDOS like systems
               (DOS, Windoze. OS/2) with special properties like
-              no file modes, case insensitive file names and preferred
-              use of backslashes as directory name separators.])
+              no file modes])
 fi
 AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
 
@@ -693,27 +608,50 @@
 
 if test "$have_w32_system" = yes; then
    AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
-   if test "$have_w32ce_system" = yes; then
-      AC_DEFINE(HAVE_W32CE_SYSTEM,1,[Defined if we run on WindowsCE])
-   fi
 fi
 AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
-AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes)
 
-if test "$have_android_system" = yes; then
-   AC_DEFINE(HAVE_ANDROID_SYSTEM,1, [Defined if we build for an Android system])
+if test "$disable_keyserver_path" = yes; then
+    AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
+              [Defined to disable exec-path for keyserver helpers])
 fi
-AM_CONDITIONAL(HAVE_ANDROID_SYSTEM, test "$have_android_system" = yes)
 
-if test "$run_tests" = yes; then
-   AC_DEFINE(RUN_TESTS,1, [Defined if we should run the tests])
+#
+# Allows enabling the use of a standard socket by default This is
+# gpg-agent's option --[no-]use-standard-socket.  For Windows we force
+# the use of this.
+#
+AC_MSG_CHECKING([whether to use a standard socket by default])
+AC_ARG_ENABLE(standard-socket,
+              AC_HELP_STRING([--enable-standard-socket],
+                             [use a standard socket for the agent by default]),
+              use_standard_socket=$enableval)
+tmp=""
+if test "$use_standard_socket" != yes; then
+  if test "$have_w32_system" = yes; then
+    use_standard_socket=yes
+    tmp=" (forced)"
+  fi
+fi
+AC_MSG_RESULT($use_standard_socket$tmp)
+if test "$use_standard_socket" = yes; then
+  AC_DEFINE(USE_STANDARD_SOCKET,1,
+            [Use a standard socket for the agent by default])
 fi
-AM_CONDITIONAL(RUN_TESTS, test "$run_tests" = yes)
 
 
 # (These need to go after AC_PROG_CC so that $EXEEXT is defined)
 AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
 
+if test x"$try_hkp" = xyes ; then
+  AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT")
+fi
+
+if test x"$try_finger" = xyes ; then
+  AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT")
+fi
+
+
 
 #
 # Checks for libraries.
@@ -743,7 +681,7 @@
                   have_libassuan=yes,have_libassuan=no)
 if test "$have_libassuan" = "yes"; then
   AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version",
-                     [version of the libassuan library])
+            [version of the libbassuan library])
 fi
 
 
@@ -771,7 +709,6 @@
 
 #
 # Check wether it is necessary to link against libdl.
-# (For example to load libpcsclite)
 #
 gnupg_dlopen_save_libs="$LIBS"
 LIBS=""
@@ -780,20 +717,6 @@
 AC_SUBST(DL_LIBS)
 LIBS="$gnupg_dlopen_save_libs"
 
-# Checks for g13
-
-AC_PATH_PROG(ENCFS, encfs, /usr/bin/encfs)
-AC_DEFINE_UNQUOTED(ENCFS,
-	"${ENCFS}", [defines the filename of the encfs program])
-
-AC_PATH_PROG(FUSERMOUNT, fusermount, /usr/bin/fusermount)
-AC_DEFINE_UNQUOTED(FUSERMOUNT,
-	"${FUSERMOUNT}", [defines the filename of the fusermount program])
-
-
-# Checks for dirmngr
-
-
 #
 # Checks for symcryptrun:
 #
@@ -812,65 +735,27 @@
 	"${SHRED}", [defines the filename of the shred program])
 
 
+
 #
-# Check whether the nPth library is available
+# Check whether the GNU Pth library is available
+# Note, that we include a Pth emulation for W32.
 #
-AM_PATH_NPTH("$NEED_NPTH_API:$NEED_NPTH_VERSION",have_npth=yes,have_npth=no)
-if test "$have_npth" = "yes"; then
-  AC_DEFINE(HAVE_NPTH, 1,
-              [Defined if the New Portable Thread Library is available])
-  AC_DEFINE(USE_NPTH, 1,
-              [Defined if support for nPth is requested and nPth is available])
+GNUPG_PATH_PTH
+if test "$have_pth" = "yes"; then
+  AC_DEFINE(USE_GNU_PTH, 1,
+              [Defined if the GNU Portable Thread Library should be used])
 else
   AC_MSG_WARN([[
 ***
-*** To support concurrent access for example in gpg-agent and the SCdaemon
-*** we need the support of the New Portable Threads Library.
+*** To support concurrent access to the gpg-agent and the SCdaemon
+*** we need the support of the GNU Portable Threads Library.
+*** Download it from ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you might want to try
+***   apt-get install libpth-dev
 ***]])
 fi
 
 
-#
-# NTBTLS is our TLS library.  If it is not available fallback to
-# GNUTLS.
-#
-AC_ARG_ENABLE(ntbtls,
-              AC_HELP_STRING([--disable-ntbtls],
-                             [disable the use of NTBTLS as TLS library]),
-              try_ntbtls=$enableval, try_ntbtls=yes)
-if test x"$try_ntbtls" = xyes ; then
-  AM_PATH_NTBTLS("$NEED_NTBTLS_API:$NEED_NTBTLS_VERSION",
-                 [have_ntbtls=yes],[have_ntbtls=no])
-fi
-if test "$have_ntbtls" = yes ; then
-   use_tls_library=ntbtls
-   AC_DEFINE(HTTP_USE_NTBTLS, 1, [Enable NTBTLS support in http.c])
-else
-  AC_ARG_ENABLE(gnutls,
-                AC_HELP_STRING([--disable-gnutls],
-                               [disable GNUTLS as fallback TLS library]),
-                try_gnutls=$enableval, try_gnutls=yes)
-  if test x"$try_gnutls" = xyes ; then
-    PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
-                                   [have_gnutls=yes],
-                                   [have_gnutls=no])
-  fi
-  if test "$have_gnutls" = "yes"; then
-    AC_SUBST([LIBGNUTLS_CFLAGS])
-    AC_SUBST([LIBGNUTLS_LIBS])
-    use_tls_library=gnutls
-    AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
-  else
-    tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
-    AC_MSG_WARN([[
-***
-*** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
-***
-*** $tmp]])
-  fi
-fi
-
-
 AC_MSG_NOTICE([checking for networking options])
 
 #
@@ -899,30 +784,41 @@
              fi])
 if test "$with_adns" != "no"; then
   AC_CHECK_HEADERS(adns.h,
-                AC_CHECK_LIB(adns, adns_free,
+                AC_CHECK_LIB(adns, adns_init,
                              [have_adns=yes],
                              [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]),
-                             [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}])
+                [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}])
 fi
 if test "$have_adns" = "yes"; then
   ADNSLIBS="-ladns"
 fi
+AC_SUBST(ADNSLIBS)
+# Newer adns versions feature a free function to be used under W32.
+AC_CHECK_FUNCS(adns_free)
 
 
 #
 # Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
 #
-AC_ARG_ENABLE(dns-srv,
-              AC_HELP_STRING([--disable-dns-srv],
-                             [disable the use of DNS SRV in HKP and HTTP]),
-              use_dns_srv=$enableval,use_dns_srv=yes)
+if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
+  AC_ARG_ENABLE(dns-srv,
+     AC_HELP_STRING([--disable-dns-srv],
+                    [disable the use of DNS SRV in HKP and HTTP]),
+                use_dns_srv=$enableval,use_dns_srv=yes)
+fi
+
+AC_ARG_ENABLE(dns-pka,
+   AC_HELP_STRING([--disable-dns-pka],
+	[disable the use of PKA records in DNS]),
+   use_dns_pka=$enableval,use_dns_pka=yes)
 
 AC_ARG_ENABLE(dns-cert,
    AC_HELP_STRING([--disable-dns-cert],
 	[disable the use of CERT records in DNS]),
    use_dns_cert=$enableval,use_dns_cert=yes)
 
-if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
+if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
+   || test x"$use_dns_cert" = xyes; then
   _dns_save_libs=$LIBS
   LIBS=""
   # the double underscore thing is a glibc-ism?
@@ -979,6 +875,10 @@
         AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
      fi
 
+     if test x"$use_dns_pka" = xyes ; then
+        AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA])
+     fi
+
      if test x"$use_dns_cert" = xyes ; then
         AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
      fi
@@ -997,11 +897,16 @@
            AC_DEFINE(USE_DNS_SRV,1)
         fi
 
+        if test x"$use_dns_pka" = xyes ; then
+           AC_DEFINE(USE_DNS_PKA,1)
+        fi
+
         if test x"$use_dns_cert" = xyes ; then
            AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
         fi
      else
         use_dns_srv=no
+        use_dns_pka=no
         use_dns_cert=no
      fi
   fi
@@ -1017,47 +922,22 @@
 #
 # Check for LDAP
 #
-# Note that running the check changes the variable
-# gnupg_have_ldap from "n/a" to "no" or "yes".
-
-AC_ARG_ENABLE(ldap,
-    AC_HELP_STRING([--disable-ldap],[disable LDAP support]),
-    [if test "$enableval" = "no"; then gnupg_have_ldap=no; fi])
-
-if test "$gnupg_have_ldap" != "no" ; then
-  if test "$build_dirmngr" = "yes" ; then
-     GNUPG_CHECK_LDAP($NETLIBS)
-     AC_CHECK_LIB(lber, ber_free,
-                  [ LBER_LIBS="$LBER_LIBS -llber"
-                    AC_DEFINE(HAVE_LBER,1,
-                             [defined if liblber is available])
-                    have_lber=yes
-                 ])
-  fi
+if test "$try_ldap" = yes ; then
+   GNUPG_CHECK_LDAP($NETLIBS)
 fi
-AC_SUBST(LBER_LIBS)
-if test "$gnupg_have_ldap" = "no"; then
-    AC_MSG_WARN([[
-***
-*** Building without LDAP support.
-*** No CRL access or X.509 certificate search available.
-***]])
-fi
-
-AM_CONDITIONAL(USE_LDAP, [test "$gnupg_have_ldap" = yes])
-if test "$gnupg_have_ldap" = yes ; then
-  AC_DEFINE(USE_LDAP,1,[Defined if LDAP is support])
-else
- use_ldapwrapper=no
-fi
-
-if test "$use_ldapwrapper" = yes; then
-   AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process])
-fi
-AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
 
+#
+# Check for curl.  We fake the curl API if libcurl isn't installed.
+# We require 7.10 or later as we use curl_version_info().
+#
+LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes])
+AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
 
+# Generic, for us, means curl
 
+if test x"$try_generic" = xyes ; then
+   AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT")
+fi
 
 #
 # Check for sendmail
@@ -1065,26 +945,31 @@
 # This isn't necessarily sendmail itself, but anything that gives a
 # sendmail-ish interface to the outside world.  That includes Exim,
 # Postfix, etc.  Basically, anything that can handle "sendmail -t".
-AC_ARG_WITH(mailprog,
+if test "$try_mailto" = yes ; then
+  AC_ARG_WITH(mailprog,
       AC_HELP_STRING([--with-mailprog=NAME],
                      [use "NAME -t" for mail transport]),
              ,with_mailprog=yes)
-if test x"$with_mailprog" = xyes ; then
+
+  if test x"$with_mailprog" = xyes ; then
     AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
-elif test x"$with_mailprog" != xno ; then
+    if test "$ac_cv_path_SENDMAIL" ; then
+      GPGKEYS_MAILTO="gpg2keys_mailto"
+    fi
+  elif test x"$with_mailprog" != xno ; then
     AC_MSG_CHECKING([for a mail transport program])
     AC_SUBST(SENDMAIL,$with_mailprog)
     AC_MSG_RESULT($with_mailprog)
+    GPGKEYS_MAILTO="gpg2keys_mailto"
+  fi
 fi
 
+AC_SUBST(GPGKEYS_MAILTO)
 
 #
 # Construct a printable name of the OS
 #
 case "${host}" in
-    *-mingw32ce*)
-        PRINTABLE_OS_NAME="W32CE"
-        ;;
     *-mingw32*)
         PRINTABLE_OS_NAME="MingW32"
         ;;
@@ -1112,13 +997,10 @@
 #
 # Checking for iconv
 #
-if test "$require_iconv" = yes; then
-  AM_ICONV
-else
-  LIBICONV=
-  LTLIBICONV=
-  AC_SUBST(LIBICONV)
-  AC_SUBST(LTLIBICONV)
+missing_iconv=no
+AM_ICONV
+if test "$am_cv_func_iconv" != yes; then
+   missing_iconv=yes
 fi
 
 
@@ -1130,7 +1012,7 @@
 #
 AC_MSG_NOTICE([checking for gettext])
 AM_PO_SUBDIRS
-AM_GNU_GETTEXT_VERSION([0.17])
+AM_GNU_GETTEXT_VERSION([0.19.3])
 if test "$try_gettext" = yes; then
   AM_GNU_GETTEXT([external],[need-ngettext])
 
@@ -1153,7 +1035,7 @@
 # We use HAVE_LANGINFO_CODESET in a couple of places.
 AM_LANGINFO_CODESET
 
-# Checks required for our use of locales
+# Checks required for our use locales
 gt_LC_MESSAGES
 
 
@@ -1170,9 +1052,8 @@
 #
 AC_MSG_NOTICE([checking for header files])
 AC_HEADER_STDC
-AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h \
-                  pty.h utmp.h pwd.h inttypes.h signal.h sys/select.h     \
-                  signal.h])
+AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
+AC_CHECK_HEADERS([pty.h utmp.h pwd.h inttypes.h])
 AC_HEADER_TIME
 
 
@@ -1191,8 +1072,6 @@
 gl_HEADER_SYS_SOCKET
 gl_TYPE_SOCKLEN_T
 
-AC_SEARCH_LIBS([inet_addr], [nsl])
-
 AC_ARG_ENABLE(endian-check,
               AC_HELP_STRING([--disable-endian-check],
 	      [disable the endian check and trust the OS provided macros]),
@@ -1213,7 +1092,6 @@
 AC_CHECK_SIZEOF(unsigned int)
 AC_CHECK_SIZEOF(unsigned long)
 AC_CHECK_SIZEOF(unsigned long long)
-AC_HEADER_TIME
 AC_CHECK_SIZEOF(time_t,,[[
 #include 
 #if TIME_WITH_SYS_TIME
@@ -1227,9 +1105,19 @@
 # endif
 #endif
 ]])
-GNUPG_TIME_T_UNSIGNED
 
 
+# Ensure that we have UINT64_C before we bother to check for uint64_t
+# Fixme: really needed in gnupg?  I think it is only useful in libcgrypt.
+AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works],
+   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]],
+                                      [[uint64_t foo=UINT64_C(42);]])],
+                                      [gnupg_cv_uint64_c_works=yes],
+                                      [gnupg_cv_uint64_c_works=no]   ))
+if test "$gnupg_cv_uint64_c_works" = "yes" ; then
+   AC_CHECK_SIZEOF(uint64_t)
+fi
+
 if test "$ac_cv_sizeof_unsigned_short" = "0" \
    || test "$ac_cv_sizeof_unsigned_int" = "0" \
    || test "$ac_cv_sizeof_unsigned_long" = "0"; then
@@ -1245,31 +1133,31 @@
 AC_FUNC_FSEEKO
 AC_FUNC_VPRINTF
 AC_FUNC_FORK
-AC_CHECK_FUNCS([strerror strlwr tcgetattr mmap canonicalize_file_name])
-AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r strtoull])
-AC_CHECK_FUNCS([setenv unsetenv fcntl ftruncate inet_ntop])
-AC_CHECK_FUNCS([canonicalize_file_name])
+AC_CHECK_FUNCS([strerror strlwr tcgetattr mmap])
+AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r])
+AC_CHECK_FUNCS([unsetenv fcntl ftruncate inet_ntop])
 AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime])
 AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
-AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe getaddrinfo])
-AC_CHECK_FUNCS([ttyname rand ftello fsync stat lstat])
-AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol \
-                memrchr isascii timegm getrusage setrlimit stat setlocale   \
-                flockfile funlockfile fopencookie funopen getpwnam getpwuid \
-                getenv inet_pton strpbrk])
-
-if test "$have_android_system" = yes; then
-   # On Android ttyname is a stub but prints an error message.
-   AC_DEFINE(HAVE_BROKEN_TTYNAME,1,
-             [Defined if ttyname does not work properly])
-fi
+AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo])
+AC_CHECK_FUNCS([ttyname rand ftello fsync stat])
 
 AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include ])
 
-# Dirmngr requires mmap on Unix systems.
-if test $ac_cv_func_mmap != yes -a $mmap_needed = yes; then
-  AC_MSG_ERROR([[Sorry, the current implemenation requires mmap.]])
-fi
+#
+# These are needed by libjnlib - fixme: we should use a jnlib.m4
+# Note:  We already checked pwd.h.
+AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol])
+AC_CHECK_FUNCS([memrchr isascii timegm getrusage setrlimit stat setlocale])
+AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen getpwnam getpwuid])
+
+#
+# gnulib checks
+#
+gl_SOURCE_BASE([gl])
+gl_M4_BASE([gl/m4])
+gl_MODULES([setenv mkdtemp xsize strpbrk])
+gl_INIT
+
 
 #
 # W32 specific test
@@ -1338,27 +1226,25 @@
 # when compiling a conftest (due to the "-lz" from LIBS).
 # Note that we combine zlib and bzlib2 in ZLIBS.
 #
-if test "$use_zip" = yes ; then
-  _cppflags="${CPPFLAGS}"
-  _ldflags="${LDFLAGS}"
-  AC_ARG_WITH(zlib,
-    [  --with-zlib=DIR         use libz in DIR],[
-      if test -d "$withval"; then
-        CPPFLAGS="${CPPFLAGS} -I$withval/include"
-        LDFLAGS="${LDFLAGS} -L$withval/lib"
-      fi
-    ])
+missing_zlib=yes
+_cppflags="${CPPFLAGS}"
+_ldflags="${LDFLAGS}"
+AC_ARG_WITH(zlib,
+  [  --with-zlib=DIR         use libz in DIR],[
+    if test -d "$withval"; then
+      CPPFLAGS="${CPPFLAGS} -I$withval/include"
+      LDFLAGS="${LDFLAGS} -L$withval/lib"
+    fi
+  ])
 
-  AC_CHECK_HEADER(zlib.h,
-     AC_CHECK_LIB(z, deflateInit2_,
+AC_CHECK_HEADER(zlib.h,
+      AC_CHECK_LIB(z, deflateInit2_,
        [
        ZLIBS="-lz"
-       AC_DEFINE(HAVE_ZIP,1, [Defined if ZIP and ZLIB are supported])
+       missing_zlib=no
        ],
        CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
        CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags})
-fi
-
 
 #
 # Check whether we can support bzip2
@@ -1412,13 +1298,9 @@
 # mysterious reasons - the final link step should bail out.
 # W32SOCKLIBS is also defined so that if can be used for tools not
 # requiring any network stuff but linking to code in libcommon which
-# tracks in winsock stuff (e.g. init_common_subsystems).
+# tracks in winsock stuff (e.g. init_common_subsystems.
 if test "$have_w32_system" = yes; then
-   if test "$have_w32ce_system" = yes; then
-     W32SOCKLIBS="-lws2"
-   else
-     W32SOCKLIBS="-lws2_32"
-   fi
+   W32SOCKLIBS="-lws2_32"
    NETLIBS="${NETLIBS} ${W32SOCKLIBS}"
 fi
 
@@ -1439,11 +1321,11 @@
 #endif]],[])],[_gcc_silent_wno=yes],[_gcc_silent_wno=no])
     AC_MSG_RESULT($_gcc_silent_wno)
 
-    # Note that it is okay to use CFLAGS here because these are just
+    # Note that it is okay to use CFLAGS here because this are just
     # warning options and the user should have a chance of overriding
     # them.
     if test "$USE_MAINTAINER_MODE" = "yes"; then
-        CFLAGS="$CFLAGS -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
+        CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
         CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security"
         if test x"$_gcc_silent_wno" = xyes ; then
           _gcc_wopt=yes
@@ -1463,7 +1345,8 @@
         AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement])
         _gcc_cflags_save=$CFLAGS
         CFLAGS="-Wdeclaration-after-statement"
-        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
+        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
+                          [_gcc_wopt=yes],[_gcc_wopt=no])
         AC_MSG_RESULT($_gcc_wopt)
         CFLAGS=$_gcc_cflags_save;
         if test x"$_gcc_wopt" = xyes ; then
@@ -1491,12 +1374,20 @@
     AC_MSG_CHECKING([if gcc supports -Wpointer-arith])
     _gcc_cflags_save=$CFLAGS
     CFLAGS="-Wpointer-arith"
-    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_psign=yes,_gcc_psign=no)
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],[_gcc_psign=yes],[_gcc_psign=no])
     AC_MSG_RESULT($_gcc_psign)
     CFLAGS=$_gcc_cflags_save;
     if test x"$_gcc_psign" = xyes ; then
        CFLAGS="$CFLAGS -Wpointer-arith"
     fi
+
+    # The undocumented option -Wno-psabi suppresses the annoying
+    #   "the ABI of passing union with long double has changed in GCC 4.4"
+    # which is emitted in estream-printf.c but entirely irrelvant
+    # because that union is local to the file.
+    if test x"$_gcc_silent_wno" = xyes ; then
+       CFLAGS="$CFLAGS -Wno-psabi"
+    fi
 fi
 
 
@@ -1508,17 +1399,48 @@
    AC_HELP_STRING([--disable-optimization],
                   [disable compiler optimization]),
                   [if test $enableval = no ; then
-                      CFLAGS=`echo $CFLAGS | sed s/-O[[1-9]]\ /-O0\ /g`
+                      CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
                    fi])
 
 #
+# Prepare building of estream
+#
+estream_INIT
+
+
+#
 # Decide what to build
 #
+if test "$have_adns" = "yes"; then
+  AC_SUBST(GPGKEYS_KDNS, "gpg2keys_kdns$EXEEXT")
+fi
+
+
+missing_pth=no
+if test $have_ksba = no; then
+  build_gpgsm=no
+  build_scdaemon=no
+fi
+
+build_agent_threaded=""
+if test "$build_agent" = "yes"; then
+  if test $have_pth = no; then
+     build_agent_threaded="(not multi-threaded)"
+     missing_pth=yes
+  fi
+fi
 
 build_scdaemon_extra=""
 if test "$build_scdaemon" = "yes"; then
+  tmp=""
+  if test $have_pth = no; then
+     build_scdaemon_extra="not multi-threaded"
+     tmp=", "
+     missing_pth=yes
+  fi
   if test $have_libusb = no; then
-     build_scdaemon_extra="without internal CCID driver"
+     build_scdaemon_extra="${tmp}without internal CCID driver"
+     tmp=", "
   fi
   if test -n "$build_scdaemon_extra"; then
      build_scdaemon_extra="(${build_scdaemon_extra})"
@@ -1526,98 +1448,26 @@
 fi
 
 
-#
-# Set variables for use by automake makefiles.
-#
-AM_CONDITIONAL(BUILD_GPG,         test "$build_gpg" = "yes")
-AM_CONDITIONAL(BUILD_GPGSM,       test "$build_gpgsm" = "yes")
-AM_CONDITIONAL(BUILD_AGENT,       test "$build_agent" = "yes")
-AM_CONDITIONAL(BUILD_SCDAEMON,    test "$build_scdaemon" = "yes")
-AM_CONDITIONAL(BUILD_G13,         test "$build_g13" = "yes")
-AM_CONDITIONAL(BUILD_DIRMNGR,     test "$build_dirmngr" = "yes")
-AM_CONDITIONAL(BUILD_TOOLS,       test "$build_tools" = "yes")
-AM_CONDITIONAL(BUILD_DOC,         test "$build_doc" = "yes")
-AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes")
-AM_CONDITIONAL(BUILD_GPGTAR,      test "$build_gpgtar" = "yes")
-
-AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)
-AM_CONDITIONAL(NO_TRUST_MODELS, test "$use_trust_models" = no)
-
-AM_CONDITIONAL(RUN_GPG_TESTS,
-               test x$cross_compiling = xno -a "$build_gpg" = yes )
-
-#
-# Set some defines for use gpgconf.
-#
-if test "$build_gpg" = yes ; then
-    AC_DEFINE(BUILD_WITH_GPG,1,[Defined if GPG is to be build])
-fi
-if test "$build_gpgsm" = yes ; then
-    AC_DEFINE(BUILD_WITH_GPGSM,1,[Defined if GPGSM is to be build])
-fi
-if test "$build_agent" = yes ; then
-    AC_DEFINE(BUILD_WITH_AGENT,1,[Defined if GPG-AGENT is to be build])
-fi
-if test "$build_scdaemon" = yes ; then
-    AC_DEFINE(BUILD_WITH_SCDAEMON,1,[Defined if SCDAEMON is to be build])
-fi
-if test "$build_dirmngr" = yes ; then
-    AC_DEFINE(BUILD_WITH_DIRMNGR,1,[Defined if SCDAEMON is to be build])
-fi
-if test "$build_g13" = yes ; then
-    AC_DEFINE(BUILD_WITH_G13,1,[Defined if G13 is to be build])
+if test "$build_agent_only" = "yes" ; then
+  build_gpg=no
+  build_gpgsm=no
+  build_scdaemon=no
+  build_tools=no
+  build_doc=no
 fi
 
 
-#
-# Define Name strings
-#
-AC_DEFINE_UNQUOTED(GNUPG_NAME, "GnuPG", [The name of the project])
-
-AC_DEFINE_UNQUOTED(GPG_NAME, "gpg", [The name of the OpenPGP tool])
-AC_DEFINE_UNQUOTED(GPG_DISP_NAME, "GnuPG", [The displayed name of gpg])
-
-AC_DEFINE_UNQUOTED(GPGSM_NAME, "gpgsm", [The name of the S/MIME tool])
-AC_DEFINE_UNQUOTED(GPGSM_DISP_NAME, "GPGSM", [The displayed name of gpgsm])
-
-AC_DEFINE_UNQUOTED(GPG_AGENT_NAME, "gpg-agent", [The name of the agent])
-AC_DEFINE_UNQUOTED(GPG_AGENT_DISP_NAME, "GPG Agent",
-                                        [The displayed name of gpg-agent])
-
-AC_DEFINE_UNQUOTED(SCDAEMON_NAME, "scdaemon", [The name of the scdaemon])
-AC_DEFINE_UNQUOTED(SCDAEMON_DISP_NAME, "SCDaemon",
-                                       [The displayed name of scdaemon])
-
-AC_DEFINE_UNQUOTED(DIRMNGR_NAME, "dirmngr", [The name of the dirmngr])
-AC_DEFINE_UNQUOTED(DIRMNGR_DISP_NAME, "DirMngr",
-                                      [The displayed name of dirmngr])
-
-AC_DEFINE_UNQUOTED(G13_NAME, "g13", [The name of the g13 tool])
-AC_DEFINE_UNQUOTED(G13_DISP_NAME, "G13", [The displayed name of g13])
-
-AC_DEFINE_UNQUOTED(GPGCONF_NAME, "gpgconf", [The name of the gpgconf tool])
-AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
-                                      [The displayed name of gpgconf])
-
-AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
-
-AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent",
-                   [The name of the agent socket])
-AC_DEFINE_UNQUOTED(GPG_AGENT_SSH_SOCK_NAME, "S.gpg-agent.ssh",
-                   [The name of the agent socket for ssh])
-AC_DEFINE_UNQUOTED(DIRMNGR_INFO_NAME, "DIRMNGR_INFO",
-                   [The name of the dirmngr info envvar])
-AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
-                   [The name of the SCdaemon socket])
-AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr",
-                   [The name of the dirmngr socket])
-
-AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
+AM_CONDITIONAL(BUILD_GPG,   test "$build_gpg" = "yes")
+AM_CONDITIONAL(BUILD_GPGSM, test "$build_gpgsm" = "yes")
+AM_CONDITIONAL(BUILD_AGENT, test "$build_agent" = "yes")
+AM_CONDITIONAL(BUILD_SCDAEMON, test "$build_scdaemon" = "yes")
+AM_CONDITIONAL(BUILD_TOOLS, test "$build_tools" = "yes")
+AM_CONDITIONAL(BUILD_DOC,   test "$build_doc" = "yes")
+AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes")
+AM_CONDITIONAL(BUILD_GPGTAR,      test "$build_gpgtar" = "yes")
 
-if test "$have_w32_system" = yes; then
-  AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "\\\\Software\\\\GNU\\\\GnuPG",
-                     [The directory part of the W32 registry keys])
-fi
+AM_CONDITIONAL(RUN_GPG_TESTS,
+	test x$cross_compiling = xno -a "$build_gpg" = yes )
 
 
 #
@@ -1629,11 +1479,9 @@
                    [GIT commit id revision used to build this package])
 
 changequote(,)dnl
-BUILD_VERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./'`
+BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'`
 changequote([,])dnl
-BUILD_VERSION="${BUILD_VERSION}mym4_revision_dec"
-BUILD_FILEVERSION=`echo "${BUILD_VERSION}" | tr . ,`
-AC_SUBST(BUILD_VERSION)
+BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec"
 AC_SUBST(BUILD_FILEVERSION)
 
 BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`
@@ -1666,7 +1514,7 @@
 *** You need libgcrypt to build this program.
 **  This library is for example available at
 ***   ftp://ftp.gnupg.org/gcrypt/libgcrypt/
-*** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API) is required.)
+*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)
 ***]])
 fi
 if test "$have_libassuan" = "no"; then
@@ -1680,7 +1528,6 @@
 ***]])
 fi
 if test "$have_ksba" = "no"; then
-    die=yes
     AC_MSG_NOTICE([[
 ***
 *** You need libksba to build this program.
@@ -1689,39 +1536,38 @@
 *** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
 ***]])
 fi
-if test "$gnupg_have_ldap" = yes; then
-  if test "$have_w32ce_system" = yes; then
+if test "$missing_pth" = "yes"; then
     AC_MSG_NOTICE([[
-*** Note that CeGCC might be broken, a package fixing this is:
-***    http://files.kolab.org/local/windows-ce/
-***                           source/wldap32_0.1-mingw32ce.orig.tar.gz
-***                           binary/wldap32-ce-arm-dev_0.1-1_all.deb
+***
+*** It is now required to build with support for the
+*** GNU Portable Threads Library (Pth). Please install this
+*** library first.  The library is for example available at
+***   ftp://ftp.gnu.org/gnu/pth/
+*** On a Debian GNU/Linux system you can install it using
+***   apt-get install libpth-dev
+*** To build GnuPG for Windows you need to use the W32PTH
+*** package; available at:
+***   ftp://ftp.g10code.com/g10code/w32pth/
 ***]])
-   fi
+   die=yes
 fi
-if test "$have_npth" = "no"; then
-    die=yes
+if test "$missing_zlib" = "yes"; then
     AC_MSG_NOTICE([[
 ***
-*** It is now required to build with support for the
-*** New Portable Threads Library (nPth). Please install this
-*** library first.  The library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/npth/
-*** (at least version $NEED_NPTH_VERSION (API $NEED_NPTH_API) is required).
+*** The zlib compression library is required.
+*** Please install a suitable development package
+*** (e.g. Debian package zlib1g-dev) or download
+*** it from http://zlib.net and build yourself.
 ***]])
+   die=yes
 fi
-
-if test "$require_iconv" = yes; then
-  if test "$am_func_iconv" != yes; then
-    die=yes
+if test "$missing_iconv" = "yes"; then
     AC_MSG_NOTICE([[
 ***
-*** The system does not provide a working iconv function.  Please
-*** install a suitable library; for example GNU Libiconv which is
-*** available at:
-***   http://ftp.gnu.org/gnu/libiconv/
+*** It is now required to build with support for iconv
+*** Please install a suitable iconv implementation.
 ***]])
-  fi
+   die=yes
 fi
 
 if test "$die" = "yes"; then
@@ -1737,6 +1583,9 @@
 AC_CONFIG_FILES([ m4/Makefile
 Makefile
 po/Makefile.in
+gl/Makefile
+include/Makefile
+jnlib/Makefile
 common/Makefile
 common/w32info-rc.h
 kbx/Makefile
@@ -1744,18 +1593,16 @@
 sm/Makefile
 agent/Makefile
 scd/Makefile
-g13/Makefile
-dirmngr/Makefile
+keyserver/Makefile
+keyserver/gpg2keys_mailto
+keyserver/gpg2keys_test
 tools/gpg-zip
 tools/Makefile
 doc/Makefile
 tests/Makefile
 tests/openpgp/Makefile
 tests/pkits/Makefile
-g10/gpg.w32-manifest
 ])
-
-
 AC_OUTPUT
 
 
@@ -1767,30 +1614,21 @@
 
         OpenPGP:   $build_gpg
         S/MIME:    $build_gpgsm
-        Agent:     $build_agent
+        Agent:     $build_agent $build_agent_threaded
         Smartcard: $build_scdaemon $build_scdaemon_extra
-        G13:       $build_g13
-        Dirmngr:   $build_dirmngr
         Gpgtar:    $build_gpgtar
 
         Protect tool:      $show_gnupg_protect_tool_pgm
-        LDAP wrapper:      $show_gnupg_dirmngr_ldap_pgm
         Default agent:     $show_gnupg_agent_pgm
         Default pinentry:  $show_gnupg_pinentry_pgm
         Default scdaemon:  $show_gnupg_scdaemon_pgm
         Default dirmngr:   $show_gnupg_dirmngr_pgm
-
-        Dirmngr auto start:  $dirmngr_auto_start
-        Readline support:    $gnupg_cv_have_readline
-        LDAP support:        $gnupg_have_ldap
-        DNS SRV support:     $use_dns_srv
-        TLS support:         $use_tls_library
 "
 if test x"$use_regex" != xyes ; then
 echo "
         Warning: No regular expression support available.
                  OpenPGP trust signatures won't work.
-                 gpg-check-pattern will not be built.
+                 gpg-check-pattern will not be build.
 "
 fi
 if test "x${gpg_config_script_warn}" != x; then
diff -Nru gnupg2-2.1.6/debian/changelog gnupg2-2.0.28/debian/changelog
--- gnupg2-2.1.6/debian/changelog	2015-07-11 09:06:19.000000000 +0000
+++ gnupg2-2.0.28/debian/changelog	2015-07-13 12:18:41.000000000 +0000
@@ -1,110 +1,165 @@
-gnupg2 (2.1.6-1) wily; urgency=medium
+gnupg2 (2.0.28-3ubuntu1) wily; urgency=low
 
-  * Backport from debian
+  * Merge from Debian, remaining changes:
+    - Drop sh prefix from openpgp test environment as it leads to exec
+      invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
+      FTBFS detected in Ubuntu saucy archive rebuild.
+    - Add udev rules to give gpg access to some smartcard readers;
+      Debian #543217.
+    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
+    - Add upstart user job for gpg-agent.
+    - debian/control: drop dirmngr to Suggests as it is in universe.
 
- -- anton   Sat, 11 Jul 2015 12:06:07 +0300
+ -- Iain Lane   Mon, 13 Jul 2015 13:18:38 +0100
 
-gnupg2 (2.1.6-1) experimental; urgency=medium
+gnupg2 (2.0.28-3) unstable; urgency=medium
 
-  * new upstream release
-  * drop deprecated gpgsm-gencert.sh
-
- -- Daniel Kahn Gillmor   Tue, 07 Jul 2015 14:27:23 -0400
+  * pass DBUS_SESION_BUS_ADDRESS to the agent for gnome3.
 
-gnupg2 (2.1.5-2) experimental; urgency=medium
+ -- Daniel Kahn Gillmor   Sat, 04 Jul 2015 14:21:41 -0400
 
-  [ Daniel Kahn Gillmor ]
-  * pass DBUS_SESSION_BUS_ADDRESS through to the agent so that
-    pinentry-gnome3 can work across sessions.
-  * ensure that l10n files are rebuilt.
+gnupg2 (2.0.28-2) unstable; urgency=medium
 
-  [ Eric Dorland ]
-  * debian/patches/0003-Include-defs.inc-in-BUILT_SOURCES.patch: Fix for
-    build failure when rebuilding info docs.
+  * d/clean: drop stamp-po to rebuild l10n (Closes: #788989)
 
- -- Daniel Kahn Gillmor   Tue, 30 Jun 2015 18:13:58 -0400
+ -- Daniel Kahn Gillmor   Tue, 30 Jun 2015 17:17:11 -0400
 
-gnupg2 (2.1.5-1) experimental; urgency=medium
+gnupg2 (2.0.28-1) unstable; urgency=medium
 
-  * New upstream release
+  * new upstream release
+  * really address excess dependencies on headless server (thanks Raphaël
+    Halimi for noticing) (Closes: #753163)
 
- -- Daniel Kahn Gillmor   Thu, 11 Jun 2015 13:18:56 -0400
+ -- Daniel Kahn Gillmor   Tue, 02 Jun 2015 12:16:57 -0400
 
-gnupg2 (2.1.4-2) experimental; urgency=medium
+gnupg2 (2.0.27-2) unstable; urgency=medium
 
-  * avoid excess dependencies on headless servers (Closes: #753163)
+  * import upstream fix to avoid replicating unknown subkey
+    packets. (Closes: #787045) (Thanks, NIIBE Yutaka)
 
- -- Daniel Kahn Gillmor   Wed, 03 Jun 2015 14:12:49 -0400
+ -- Daniel Kahn Gillmor   Thu, 28 May 2015 00:55:51 -0400
 
-gnupg2 (2.1.4-1) experimental; urgency=medium
+gnupg2 (2.0.27-1) unstable; urgency=medium
 
   * New upstream release.
+  * Provide a simple way for users to avoid gpg-agent hijacking,
+    working around: #760102 (Closes: #753163)
 
- -- Daniel Kahn Gillmor   Thu, 28 May 2015 00:25:55 -0400
-
-gnupg2 (2.1.3-1) experimental; urgency=medium
-
-  * New upstream version.
-  * Add gnupg2-dbg (Closes: #781631)
+ -- Daniel Kahn Gillmor   Fri, 08 May 2015 18:15:15 -0400
 
- -- Daniel Kahn Gillmor   Wed, 01 Apr 2015 12:10:38 -0400
+gnupg2 (2.0.26-6ubuntu3) wily; urgency=medium
 
-gnupg2 (2.1.2-2) experimental; urgency=medium
+  * debian/gpg-agent.user-session.upstart: Fix grep line for ssh-agent to not
+    fail pre-start if it doesn't match, due to `set -e'.
+  * debian/gpg-agent.user-session.upstart,
+    debian/no-pinentry-gnome3.user-session.upstart: If we are using
+    pinentry-gnome3, make gnupg-agent wait for dbus, since it needs to
+    communicate over the bus.
 
-  * Fix segv due to NULL value stored as opaque MPI.
+ -- Iain Lane   Fri, 03 Jul 2015 12:35:55 +0100
 
- -- Daniel Kahn Gillmor   Sat, 21 Feb 2015 10:26:50 -0500
+gnupg2 (2.0.26-6ubuntu2) wily; urgency=medium
 
-gnupg2 (2.1.2-1) experimental; urgency=medium
+  [ Mark Adams ]
+  * Updated debian/gpg-agent.user-session.upstart so that global environment
+    variables SSH_AUTH_SOCK and SSH_AGENT_PID are set if gpg-agent is running
+    with SSH support. LP: #1407513
 
-  * New upstream version
-  * move from automake1.11 to plain automake (upstream uses 1.14 now)
+  [ Iain Lane ]
+  * Fix whitespace in user session job.
 
- -- Daniel Kahn Gillmor   Thu, 12 Feb 2015 20:10:43 -0500
+ -- Mark Adams   Tue, 05 May 2015 13:09:36 +0100
 
-gnupg2 (2.1.1-1) experimental; urgency=medium
+gnupg2 (2.0.26-6ubuntu1) vivid; urgency=medium
 
-  * New upstream version (closes: #772654)
-  * gnupg2 now Breaks: older versions of dirmngr (closes: #769460)
+  * Merge from Debian, remaining changes:
+    - Drop sh prefix from openpgp test environment as it leads to exec
+      invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
+      FTBFS detected in Ubuntu saucy archive rebuild.
+    - Add udev rules to give gpg access to some smartcard readers;
+      Debian #543217.
+    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
+    - Add upstart user job for gpg-agent.
+    - debian/control: drop dirmngr to Suggests as it is in universe.
 
- -- Daniel Kahn Gillmor   Tue, 16 Dec 2014 14:58:06 -0500
+ -- Marc Deslauriers   Wed, 11 Mar 2015 08:25:01 -0400
 
-gnupg2 (2.1.0-1) experimental; urgency=medium
+gnupg2 (2.0.26-6) unstable; urgency=medium
 
-  * import upstream 2.1.0 release.
-  * drop debian/patches/speed-up-test-suite.patch -- included upstream.
-  * avoid self-reporting as a beta now that this is a release
+  * Avoid NULL dereference with opaque MPI.
 
- -- Daniel Kahn Gillmor   Thu, 06 Nov 2014 12:31:06 -0500
+ -- Daniel Kahn Gillmor   Sat, 21 Feb 2015 18:01:40 -0500
 
-gnupg2 (2.1.0~beta895-3) experimental; urgency=medium
+gnupg2 (2.0.26-5) unstable; urgency=medium
 
-  * update gnupg-agent.xsession to export ssh-agent where
-    configured. (Closes: #767341)
-  * use cheap/fast entropy for the test suite so that builds on
-    low-entropy machines go faster.
+  * import bug-fixes from upstream
+    (Closes: #773415, #773469, #773471, #773472, #773423)
+  * Fixes CVE-2015-1606 "Use after free, resulting from failure to skip
+    invalid packets", CVE-2015-1607 "memcpy with overlapping ranges,
+    resulting from incorrect bitwise left shifts" (Closes: #778577)
 
- -- Daniel Kahn Gillmor   Thu, 30 Oct 2014 13:37:08 -0400
+ -- Daniel Kahn Gillmor   Mon, 16 Feb 2015 17:45:06 -0500
 
-gnupg2 (2.1.0~beta895-2) experimental; urgency=medium
+gnupg2 (2.0.26-4) unstable; urgency=medium
 
-  * added pkg-config to Build-Depends.
+  [ David Prévot ]
+  * Update POT and PO files, and ensure the translations get rebuild
+  * Update French translation (Closes: #769574)
+  * Update Ukrainian translation, thanks to Yuri Chornoivan
+  * Update German translation, thanks to Werner Koch
+  * Update Danish translation, thanks to Joe Hansen
+  * Update Japanese translation, thanks to NIIBE Yutaka
+  * Update Chinese (traditional) translation, thanks to Jedi Lin
+  * Update Russian translation, thanks to Ineiev
+  * Update Polish translation, thanks to Jakub Bogusz
+  * Update Spanish translation, thanks to Manuel "Venturi" Porras Peralta
+    (Closes: #770727)
+  * New Dutch translation, thanks to Frans Spiesschaert (Closes: #770981)
 
- -- Daniel Kahn Gillmor   Wed, 29 Oct 2014 18:36:27 -0400
-
-gnupg2 (2.1.0~beta895-1) experimental; urgency=medium
-
-  * new upstream version in experimental (Closes: #762844, #751266, #762844)
-  * ship /usr/bin/gpgparsemail (Closes: #760575)
+  [ Daniel Kahn Gillmor ]
+  * bugfix and cryptographic safety changes imported from upstream:
+   - Avoid regression when adding subkeys with strong s2k algorithms
+     (Closes: #772780) Thanks, NIIBE Yutaka
+   - Allow french translation to work when prompting for passphrase.
+   - add build and runtime support for larger RSA keys (Closes: #739424)
+   - fix runtime errors on bad input (Closes: #771987)
+   - deprecate insecure one-argument variant for gpg --verify of detached
+     signatures (Closes: #771992)
+   - initialize trustdb before trying to clear it (Closes: #735363)
+   - default to issuing SHA256 signatures for RSA
+   - avoid relying on MD5 signatures
+   - show v3 key fingerprints as all zero (OpenPGPv3 is deprecated)
+
+ -- Daniel Kahn Gillmor   Sun, 04 Jan 2015 17:17:00 -0500
+
+gnupg2 (2.0.26-3ubuntu1) vivid; urgency=medium
+
+  * Merge from Debian, remaining changes:
+    - Drop sh prefix from openpgp test environment as it leads to exec
+      invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
+      FTBFS detected in Ubuntu saucy archive rebuild.
+    - Add udev rules to give gpg access to some smartcard readers;
+      Debian #543217.
+    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
+    - Add upstart user job for gpg-agent.
+    - debian/control: drop dirmngr to Suggests as it is in universe.
+
+ -- Marc Deslauriers   Thu, 30 Oct 2014 15:32:48 -0400
+
+gnupg2 (2.0.26-3) unstable; urgency=medium
+
+  * fix typo in gpg.info (closes: #760273)
+  * drop versioned Build-Conflicts on automake by setting environment
+    variables in debian/rules
+  * ship /usr/bin/gpgparsemail (closes: #760575)
+  * warn but don't fail when scdaemon options are in ~/.gnupg/gpg.conf
+    (closes: #762844)
+  * do not break on --trust-model=always (closes: #751266)
   * document that doc/OpenPGP is not actually an RFC, but just refers to
     one (closes: #745410)
   * Bump Standards-Version to 3.9.6 (no changes needed)
-  * --enable-large-secmem to ensure that gpg2 works with pre-generated
-    oversized RSA keys
-  * updated /etc/X11/Xsession.d/90gpg-agent to export $GPG_AGENT_INFO
-    about the standard socket.
 
- -- Daniel Kahn Gillmor   Wed, 29 Oct 2014 17:53:06 -0400
+ -- Daniel Kahn Gillmor   Tue, 30 Sep 2014 23:39:15 -0400
 
 gnupg2 (2.0.26-2) unstable; urgency=medium
 
@@ -134,6 +189,25 @@
 
  -- Eric Dorland   Mon, 30 Jun 2014 13:10:04 -0400
 
+gnupg2 (2.0.24-1ubuntu2) utopic; urgency=medium
+
+  * debian/control: drop dirmngr to Suggests as it is in universe.
+
+ -- Marc Deslauriers   Tue, 29 Jul 2014 11:55:05 -0400
+
+gnupg2 (2.0.24-1ubuntu1) utopic; urgency=medium
+
+  * Merge from Debian, remaining changes:
+    - Drop sh prefix from openpgp test environment as it leads to exec
+      invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
+      FTBFS detected in Ubuntu saucy archive rebuild.
+    - Add udev rules to give gpg access to some smartcard readers;
+      Debian #543217.
+    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
+    - Add upstart user job for gpg-agent.
+
+ -- Marc Deslauriers   Thu, 26 Jun 2014 14:50:31 -0400
+
 gnupg2 (2.0.24-1) unstable; urgency=high
 
   * New upstream release. Fixes CVE-2014-4617 "infinite loop when
@@ -154,6 +228,26 @@
 
  -- Eric Dorland   Sun, 08 Jun 2014 19:20:17 -0400
 
+gnupg2 (2.0.22-3ubuntu2) utopic; urgency=medium
+
+  * Don't start gpg-agent upstart user job, if there is one available
+    already.
+
+ -- Dimitri John Ledkov   Mon, 28 Apr 2014 16:42:05 +0100
+
+gnupg2 (2.0.22-3ubuntu1) trusty; urgency=medium
+
+  * Merge from Debian, remaining changes:
+    - Drop sh prefix from openpgp test environment as it leads to exec
+    invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
+    FTBFS detected in Ubuntu saucy archive rebuild.
+    - Add udev rules to give gpg access to some smartcard readers;
+      Debian #543217.
+    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
+    - Add upstart user job for gpg-agent.
+
+ -- Dimitri John Ledkov   Wed, 19 Feb 2014 15:08:39 +0000
+
 gnupg2 (2.0.22-3) unstable; urgency=low
 
   * debian/watch, debian/upstream-signing-key.pgp: Add upstream signing
@@ -180,6 +274,19 @@
 
  -- Eric Dorland   Sat, 30 Nov 2013 23:47:56 -0500
 
+gnupg2 (2.0.22-1ubuntu1) trusty; urgency=low
+
+  * Merge from Debian, remaining changes:
+    - Drop sh prefix from openpgp test environment as it leads to exec
+    invocations of sh /bin/bash leading to syntax errors from sh.  Fixes
+    FTBFS detected in Ubuntu saucy archive rebuild.
+    - Add udev rules to give gpg access to some smartcard readers;
+      Debian #543217.
+    - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
+    - Add upstart user job for gpg-agent.
+
+ -- Dmitrijs Ledkovs   Fri, 01 Nov 2013 22:15:05 +0000
+
 gnupg2 (2.0.22-1) unstable; urgency=low
 
   * New upstream version. Fixes CVE-2013-4402 and CVE-2013-4351. (Closes:
@@ -216,6 +323,37 @@
 
  -- Eric Dorland   Sat, 24 Aug 2013 20:33:19 -0400
 
+gnupg2 (2.0.20-1ubuntu3) saucy; urgency=low
+
+  * SECURITY UPDATE: incorrect no-usage-permitted flag handling
+    - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
+      in g10/getkey.c, g10/keygen.c, include/cipher.h.
+    - CVE-2013-4351
+  * SECURITY UPDATE: denial of service via infinite recursion
+    - debian/patches/CVE-2013-4402.patch: set limits on number of filters
+      and nested packets in common/iobuf.c, g10/mainproc.c.
+    - CVE-2013-4402
+
+ -- Marc Deslauriers   Mon, 07 Oct 2013 15:38:03 -0400
+
+gnupg2 (2.0.20-1ubuntu2) saucy; urgency=low
+
+  * Drop sh prefix from openpgp test environment as it leads to exec
+    invocations of sh /bin/bash leading to syntax errors from sh.
+    Fixes FTBFS detected in Ubuntu saucy archive rebuild.
+
+ -- Andy Whitcroft   Fri, 20 Sep 2013 12:19:01 +0100
+
+gnupg2 (2.0.20-1ubuntu1) saucy; urgency=low
+
+  * Resynchronize on Debian, remaining changes:
+    - Add udev rules to give gpg access to some smartcard readers;
+      Debian #543217.
+      . debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
+    - Add upstart user job for gpg-agent.
+
+ -- Stéphane Graber   Fri, 24 May 2013 18:27:04 -0400
+
 gnupg2 (2.0.20-1) unstable; urgency=low
 
   * New upstream release. (Closes: #691237, #583893)
@@ -235,6 +373,21 @@
 
  -- Eric Dorland   Sat, 11 May 2013 18:28:57 -0400
 
+gnupg2 (2.0.19-2ubuntu2) saucy; urgency=low
+
+  * Add upstart user job for gpg-agent.
+
+ -- Stéphane Graber   Fri, 03 May 2013 09:13:11 -0700
+
+gnupg2 (2.0.19-2ubuntu1) raring; urgency=low
+
+  * Resynchronize on Debian, remaining changes:
+    - Add udev rules to give gpg access to some smartcard readers;
+      Debian #543217.
+      . debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers.
+
+ -- Marc Deslauriers   Thu, 10 Jan 2013 09:02:23 -0500
+
 gnupg2 (2.0.19-2) unstable; urgency=high
 
   * debian/patches/02-cve-2012-6085.diff: Patch from upstream to fix
@@ -244,6 +397,15 @@
 
  -- Eric Dorland   Fri, 04 Jan 2013 00:56:52 -0500
 
+gnupg2 (2.0.19-1ubuntu1) raring; urgency=low
+
+  * Resynchronize on Debian, remaining changes:
+    - Add udev rules to give gpg access to some smartcard readers;
+      Debian #543217.
+      . debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
+
+ -- Sebastien Bacher   Tue, 06 Nov 2012 11:25:58 +0100
+
 gnupg2 (2.0.19-1) unstable; urgency=low
 
   * New upstream release. (Closes: #666092)
@@ -819,7 +981,7 @@
     id not found".  Closes: #229549
 
  -- James Troup   Fri, 20 Feb 2004 16:38:12 +0000
-  
+
 gnupg (1.2.4-2) unstable; urgency=low
 
   * mpi/hppa1.1/udiv-qrnnd.S: patch from LaMont Jones 
diff -Nru gnupg2-2.1.6/debian/clean gnupg2-2.0.28/debian/clean
--- gnupg2-2.1.6/debian/clean	2015-07-07 18:26:30.000000000 +0000
+++ gnupg2-2.0.28/debian/clean	2015-07-10 20:09:13.000000000 +0000
@@ -1,4 +1,2 @@
-debian/kbxutil.1
-debian/gpg-check-pattern.1
 po/*.gmo
 po/stamp-po
diff -Nru gnupg2-2.1.6/debian/control gnupg2-2.0.28/debian/control
--- gnupg2-2.1.6/debian/control	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/control	2015-07-10 20:09:13.000000000 +0000
@@ -1,7 +1,8 @@
 Source: gnupg2
 Section: utils
 Priority: optional
-Maintainer: Debian GnuPG Maintainers 
+Maintainer: Ubuntu Developers 
+XSBC-Original-Maintainer: Debian GnuPG Maintainers 
 Uploaders: Eric Dorland ,
            Daniel Kahn Gillmor 
 Standards-Version: 3.9.6
@@ -12,19 +13,16 @@
                file,
                gettext,
                ghostscript,
-               help2man,
-               libassuan-dev (>= 2.1.0),
+               libassuan-dev (>= 2.0),
                libbz2-dev,
                libcurl4-gnutls-dev,
-               libgcrypt20-dev (>= 1.6.0),
-               libgnutls28-dev (>= 3.0),
-               libgpg-error-dev (>= 1.15),
-               libksba-dev (>= 1.2.0),
+               libgcrypt20-dev (>= 1.5.0),
+               libgpg-error-dev (>= 1.11),
+               libksba-dev (>= 1.0.7),
                libldap2-dev,
-               libnpth0-dev (>= 0.91),
+               libpth-dev,
                libreadline-dev,
                libusb-dev,
-               pkg-config,
                texinfo,
                transfig,
                zlib1g-dev | libz-dev
@@ -42,16 +40,14 @@
 Conflicts: newpg
 Replaces: gnupg2 (<< 2.0.18-2), gpgsm (<< 2.0.18-2), newpg
 Breaks: gnupg2 (<< 2.0.18-2), gpgsm (<< 2.0.18-2)
-Description: GNU privacy guard - cryptographic agent
+Description: GNU privacy guard - password agent
  GnuPG is GNU's tool for secure communication and data storage.
  It can be used to encrypt data and to create digital signatures.
  It includes an advanced key management facility and is compliant
- with the proposed OpenPGP Internet standard as described in RFC4880.
+ with the proposed OpenPGP Internet standard as described in RFC2440.
  .
- This package contains the agent program gpg-agent which handles all
- secret key material for OpenPGP and S/MIME use.  The agent also
- provides a passphrase cache, which is used by pre-2.1 versions of
- GnuPG for OpenPGP operations.
+ This package contains the agent program gpg-agent which keeps a
+ temporary secure storage of your passphrases.
 
 Package: scdaemon
 Architecture: any
@@ -63,7 +59,7 @@
  GnuPG is GNU's tool for secure communication and data storage.
  It can be used to encrypt data and to create digital signatures.
  It includes an advanced key management facility and is compliant
- with the proposed OpenPGP Internet standard as described in RFC4880.
+ with the proposed OpenPGP Internet standard as described in RFC2440.
  .
  This package contains the smart card program scdaemon, which is used
  by gnupg-agent to access OpenPGP smart cards.
@@ -75,14 +71,14 @@
          scdaemon (= ${binary:Version}),
          ${misc:Depends},
          ${shlibs:Depends}
-Recommends: dirmngr (>= 2.1.0~)
+Suggests: dirmngr
 Breaks: gnupg2 (<< 2.0.0-2)
 Replaces: gnupg2 (<< 2.0.0-2)
 Description: GNU privacy guard - S/MIME version
  GnuPG is GNU's tool for secure communication and data storage.
  It can be used to encrypt data and to create digital signatures.
  It includes an advanced key management facility and is compliant
- with the proposed OpenPGP Internet standard as described in RFC4880.
+ with the proposed OpenPGP Internet standard as described in RFC2440.
  .
  This package contains the gpgsm program. gpgsm is a tool to provide
  digital encryption and signing services on X.509 certificates and the
@@ -95,15 +91,14 @@
          gnupg-agent (= ${binary:Version}),
          ${misc:Depends},
          ${shlibs:Depends}
-Recommends: dirmngr (>= 2.1.0~), ${shlibs:Recommends}
+Recommends: ${shlibs:Recommends}
 Suggests: gnupg-doc, parcimonie, xloadimage
 Conflicts: gpg-idea (<= 2.2)
-Breaks: dirmngr (<< 2.1.0~)
 Description: GNU privacy guard - a free PGP replacement (new v2.x)
  GnuPG is GNU's tool for secure communication and data storage.
  It can be used to encrypt data and to create digital signatures.
  It includes an advanced key management facility and is compliant
- with the proposed OpenPGP Internet standard as described in RFC4880.
+ with the proposed OpenPGP Internet standard as described in RFC2440.
  .
  GnuPG 2.x is the new modularized version of GnuPG supporting OpenPGP
  and S/MIME.
@@ -123,30 +118,3 @@
  and uses a different (and simpler) way to check that the public keys
  used to make the signature are valid. There are no configuration
  files and only a few options are implemented.
-
-Package: dirmngr
-Architecture: any
-Depends: adduser, lsb-base (>= 3.2-13), ${misc:Depends}, ${shlibs:Depends}
-Recommends: ${shlibs:Recommends}
-Enhances: gnupg2, gpgsm, squid
-Description: server for managing certificate revocation lists
- DirMngr is a server for managing and downloading certificate revocation
- lists (CRLs) for X.509 certificates and for downloading the certificates
- themselves.  DirMngr also handles OCSP requests as an alternative to
- CRLs.  DirMngr is either invoked internally by gpgsm or when running as
- a system daemon through the dirmngr-client tool.
-
-Package: gnupg2-dbg
-Architecture: any
-Section: debug
-Priority: extra
-Depends: gnupg2 (= ${binary:Version}) | gnupg-agent (= ${binary:Version}) | scdaemon (= ${binary:Version}) | gpgsm (= ${binary:Version}) | gpgv2 (= ${binary:Version}) | dirmngr (= ${binary:Version}),
-         ${misc:Depends}
-Description: debugging symbols for gnupg2
- GnuPG is GNU's tool for secure communication and data storage.
- It can be used to encrypt data and to create digital signatures.
- It includes an advanced key management facility and is compliant
- with the proposed OpenPGP Internet standard as described in RFC4880.
- .
- This package contains the debugging symbols for gnupg2, scdaemon,
- gpgv2, gpgsm, and dirmngr
diff -Nru gnupg2-2.1.6/debian/dirmngr.docs gnupg2-2.0.28/debian/dirmngr.docs
--- gnupg2-2.1.6/debian/dirmngr.docs	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/dirmngr.docs	1970-01-01 00:00:00.000000000 +0000
@@ -1,4 +0,0 @@
-AUTHORS
-NEWS
-THANKS
-TODO
diff -Nru gnupg2-2.1.6/debian/dirmngr.install gnupg2-2.0.28/debian/dirmngr.install
--- gnupg2-2.1.6/debian/dirmngr.install	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/dirmngr.install	1970-01-01 00:00:00.000000000 +0000
@@ -1,3 +0,0 @@
-debian/tmp/usr/bin/dirmngr
-debian/tmp/usr/bin/dirmngr-client
-debian/tmp/usr/lib/gnupg2/dirmngr_ldap
diff -Nru gnupg2-2.1.6/debian/dirmngr.maintscript gnupg2-2.0.28/debian/dirmngr.maintscript
--- gnupg2-2.1.6/debian/dirmngr.maintscript	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/dirmngr.maintscript	1970-01-01 00:00:00.000000000 +0000
@@ -1,5 +0,0 @@
-rm_conffile /etc/logrotate.d/dirmngr
-rm_conffile /etc/init.d/dirmngr
-rm_conffile /etc/default/dirmngr
-rm_conffile /etc/dirmngr/ldapservers.conf
-rm_conffile /etc/dirmngr/dirmngr.conf
diff -Nru gnupg2-2.1.6/debian/dirmngr.manpages gnupg2-2.0.28/debian/dirmngr.manpages
--- gnupg2-2.1.6/debian/dirmngr.manpages	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/dirmngr.manpages	1970-01-01 00:00:00.000000000 +0000
@@ -1,2 +0,0 @@
-debian/tmp/usr/share/man/man8/dirmngr.8
-debian/tmp/usr/share/man/man1/dirmngr-client.1
diff -Nru gnupg2-2.1.6/debian/dirmngr.NEWS gnupg2-2.0.28/debian/dirmngr.NEWS
--- gnupg2-2.1.6/debian/dirmngr.NEWS	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/dirmngr.NEWS	1970-01-01 00:00:00.000000000 +0000
@@ -1,17 +0,0 @@
-dirmngr (2.1.0~beta895-1) experimental; urgency=medium
-
-  No more dirmngr system service!
-  ===============================
-  
-  As of the 2.1.0 beta series, dirmngr is a local daemon that works
-  closely with gnupg2.  It is launched on its own, per-user, and
-  listens on a standard socket (usually ~/.gnupg/S.dirmngr).  There is
-  no more system-wide dirmngr process.
-
-  If there is a special case where a dirmngr system process is
-  actually needed, please report a bug in dirmngr, and we can sort out
-  a way to set one up for that case so that everyone with dirmngr
-  installed doesn't need to have it running.
-  
- -- Daniel Kahn Gillmor   Tue, 07 Oct 2014 10:33:52 -0400
-
diff -Nru gnupg2-2.1.6/debian/gbp.conf gnupg2-2.0.28/debian/gbp.conf
--- gnupg2-2.1.6/debian/gbp.conf	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/gbp.conf	2015-07-10 20:09:13.000000000 +0000
@@ -1,5 +1,3 @@
 [DEFAULT]
-upstream-branch = upstream-2.1
-debian-branch = experimental
 pristine-tar = True
 upstream-vcs-tag = gnupg-%(version)s
diff -Nru gnupg2-2.1.6/debian/gnome-keyring-unhijack-gpg-agent gnupg2-2.0.28/debian/gnome-keyring-unhijack-gpg-agent
--- gnupg2-2.1.6/debian/gnome-keyring-unhijack-gpg-agent	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/gnome-keyring-unhijack-gpg-agent	2015-07-04 18:17:14.000000000 +0000
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# Author: Daniel Kahn Gillmor 
+
+# This is a simple program to turn of gpg-agent emulation by
+# gnome-keyring in debian jessie.
+
+# see https://bugs.debian.org/760102
+
+USER_AUTO_DIR=~/.config/autostart
+USER_AUTO_FILE="${USER_AUTO_DIR}/gnome-keyring-gpg.desktop"
+SYSTEM_AUTO_FILE=/etc/xdg/autostart/gnome-keyring-gpg.desktop
+
+if [ "$1" ]; then
+    echo "$0 : disable GNOME keyring's gpg-agent emulation"
+    echo ""
+    echo "    Invoke this program without arguments to tell"
+    echo "    GNOME keyring to not try to act as gpg-agent."
+    echo ""
+    echo " see also: https://bugs.debian.org/760102"
+    exit 1
+fi
+
+
+if dpkg --get-selections | grep -qx 'pinentry-gtk2[[:space:]]*install'; then
+    echo "You probably want to install the pinentry-gtk2 package."
+fi
+
+
+if [ -e "$USER_AUTO_FILE" ]; then
+    if grep -qFx Hidden=true "$USER_AUTO_FILE"; then
+        echo "GNOME Keyring's gpg-agent emulation is already disabled."
+        echo "You may need to restart your GNOME session."
+    else
+        echo 'Hidden=true' >> "$USER_AUTO_FILE"
+        echo "Added 'Hidden=true' to '$USER_AUTO_FILE'."
+        echo "You probably need to restart your GNOME session."
+    fi
+elif [ -e "$SYSTEM_AUTO_FILE" ]; then
+    mkdir -p "$USER_AUTO_DIR"
+    cp  "$SYSTEM_AUTO_FILE" "$USER_AUTO_FILE"
+    echo 'Hidden=true' >> "$USER_AUTO_FILE"
+    echo "Disabled GNOME Keyring's gpg-agent emulation."
+    echo "You probably need to restart your GNOME session."
+else
+    echo "Could not find '$SYSTEM_AUTO_FILE'."
+    echo "Maybe GNOME keyring daemon isn't present on your system?"
+    exit 1
+fi
+
diff -Nru gnupg2-2.1.6/debian/gnome-keyring-unhijack-gpg-agent.1 gnupg2-2.0.28/debian/gnome-keyring-unhijack-gpg-agent.1
--- gnupg2-2.1.6/debian/gnome-keyring-unhijack-gpg-agent.1	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/gnome-keyring-unhijack-gpg-agent.1	2015-07-04 18:17:14.000000000 +0000
@@ -0,0 +1,41 @@
+.TH GNOME-KEYRING-UNHIJACK-GPG-AGENT "1" "May 2015" "gnupg" "User Commands"
+
+.SH NAME
+
+gnome-keyring-unhijack-gpg-agent - Disable GNOME Keyring's gpg-agent emulation
+
+.SH SYNOPSIS
+
+.B gnome-keyring-unhijack-gpg-agent
+
+.SH DESCRIPTION
+
+This script disables GNOME Keyring's gpg-agent emulation for the
+current user.  GNOME Keyring's gpg-agent emulation is known to cause
+problems when interacting with some versions of gpg.
+
+This script disables the agent emulation by adding Hidden=true to a
+user-specific copy of the GNOME Keyring gpg-agent emulation startup
+file.
+
+.SH FILES
+
+.TP
+~/.config/autostart/gnome-keyring-gpg.desktop
+Per-user gnome-keyring config file to enable gpg-agent emulation.
+.TP
+/etc/xdg/autostart/gnome-keyring-gpg.desktop
+System-wide gnome-keyring config file to enable gpg-agent emulation.
+
+.SH AUTHOR
+
+Written by Daniel Kahn Gillmor  for the Debian
+project.  This helper program is an interim measure to work around
+compatibility issues between GNOME and GnuPG, and we do not expect to
+keep it around forever.
+
+.SH SEE ALSO
+
+.BR gpg\-agent (1),
+.BR gpg2 (1),
+.BR https://bugs.debian.org/760102
diff -Nru gnupg2-2.1.6/debian/gnupg2.info gnupg2-2.0.28/debian/gnupg2.info
--- gnupg2-2.1.6/debian/gnupg2.info	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/gnupg2.info	1970-01-01 00:00:00.000000000 +0000
@@ -1,2 +0,0 @@
-debian/tmp/usr/share/info/gnupg.info*
-doc/gnupg-card-architecture.png
diff -Nru gnupg2-2.1.6/debian/gnupg2.install gnupg2-2.0.28/debian/gnupg2.install
--- gnupg2-2.1.6/debian/gnupg2.install	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/gnupg2.install	2015-07-10 20:09:13.000000000 +0000
@@ -1,9 +1,19 @@
+debian/kbxutil.1 usr/share/man/man1
 debian/tmp/usr/bin/gpg2
 debian/tmp/usr/bin/gpgconf
-debian/tmp/usr/bin/gpgparsemail
 debian/tmp/usr/bin/kbxutil
+debian/tmp/usr/bin/gpgparsemail
 debian/tmp/usr/bin/watchgnupg
+debian/tmp/usr/lib/gnupg2/gpg2keys*
 debian/tmp/usr/sbin/addgnupghome
 debian/tmp/usr/sbin/applygnupgdefaults
 debian/tmp/usr/share/gnupg2
+debian/tmp/usr/share/info/gnupg.info*
 debian/tmp/usr/share/locale
+debian/tmp/usr/share/man/man1/gpg2.1
+debian/tmp/usr/share/man/man1/gpgconf.1
+debian/tmp/usr/share/man/man1/gpgparsemail.1
+debian/tmp/usr/share/man/man1/watchgnupg.1
+debian/tmp/usr/share/man/man8/addgnupghome.8
+debian/tmp/usr/share/man/man8/applygnupgdefaults.8
+doc/gnupg-card-architecture.png usr/share/info/
diff -Nru gnupg2-2.1.6/debian/gnupg2.manpages gnupg2-2.0.28/debian/gnupg2.manpages
--- gnupg2-2.1.6/debian/gnupg2.manpages	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/gnupg2.manpages	1970-01-01 00:00:00.000000000 +0000
@@ -1,7 +0,0 @@
-debian/tmp/usr/share/man/man1/gpg2.1
-debian/tmp/usr/share/man/man1/gpgconf.1
-debian/tmp/usr/share/man/man1/gpgparsemail.1
-debian/tmp/usr/share/man/man1/watchgnupg.1
-debian/tmp/usr/share/man/man8/addgnupghome.8
-debian/tmp/usr/share/man/man8/applygnupgdefaults.8
-debian/kbxutil.1
diff -Nru gnupg2-2.1.6/debian/gnupg2.udev gnupg2-2.0.28/debian/gnupg2.udev
--- gnupg2-2.1.6/debian/gnupg2.udev	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/gnupg2.udev	2015-05-05 12:01:05.000000000 +0000
@@ -0,0 +1,12 @@
+# do not edit this file, it will be overwritten on update
+
+SUBSYSTEM!="usb", GOTO="gnupg_rules_end"
+ACTION!="add", GOTO="gnupg_rules_end"
+
+# USB SmartCard Readers
+## SCM readers (SCR335, SPR532, & Co)
+ATTR{idVendor}=="04e6", ATTR{idProduct}=="e001", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
+ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
+ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
+
+LABEL="gnupg_rules_end"
diff -Nru gnupg2-2.1.6/debian/gnupg-agent.examples gnupg2-2.0.28/debian/gnupg-agent.examples
--- gnupg2-2.1.6/debian/gnupg-agent.examples	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/gnupg-agent.examples	1970-01-01 00:00:00.000000000 +0000
@@ -1,2 +0,0 @@
-doc/examples/pwpattern.list
-doc/examples/trustlist.txt
diff -Nru gnupg2-2.1.6/debian/gnupg-agent.install gnupg2-2.0.28/debian/gnupg-agent.install
--- gnupg2-2.1.6/debian/gnupg-agent.install	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/gnupg-agent.install	2015-07-10 20:09:13.000000000 +0000
@@ -2,6 +2,10 @@
 debian/tmp/usr/bin/gpg-connect-agent
 debian/tmp/usr/bin/gpgkey2ssh
 debian/tmp/usr/bin/symcryptrun
-debian/tmp/usr/lib/gnupg2/gpg-check-pattern
 debian/tmp/usr/lib/gnupg2/gpg-preset-passphrase
 debian/tmp/usr/lib/gnupg2/gpg-protect-tool
+debian/tmp/usr/share/man/man1/gpg-agent.1
+debian/tmp/usr/share/man/man1/gpg-connect-agent.1
+debian/tmp/usr/share/man/man1/gpg-preset-passphrase.1
+debian/tmp/usr/share/man/man1/symcryptrun.1
+debian/gnome-keyring-unhijack-gpg-agent usr/bin
diff -Nru gnupg2-2.1.6/debian/gnupg-agent.manpages gnupg2-2.0.28/debian/gnupg-agent.manpages
--- gnupg2-2.1.6/debian/gnupg-agent.manpages	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/gnupg-agent.manpages	2015-07-04 18:17:14.000000000 +0000
@@ -1,5 +1 @@
-debian/gpg-check-pattern.1
-debian/tmp/usr/share/man/man1/gpg-agent.1
-debian/tmp/usr/share/man/man1/gpg-connect-agent.1
-debian/tmp/usr/share/man/man1/gpg-preset-passphrase.1
-debian/tmp/usr/share/man/man1/symcryptrun.1
+debian/gnome-keyring-unhijack-gpg-agent.1
diff -Nru gnupg2-2.1.6/debian/gnupg-agent.xsession gnupg2-2.0.28/debian/gnupg-agent.xsession
--- gnupg2-2.1.6/debian/gnupg-agent.xsession	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/gnupg-agent.xsession	2015-07-10 20:09:13.000000000 +0000
@@ -1,19 +1,19 @@
 : ${GNUPGHOME=$HOME/.gnupg}
 
 GPGAGENT=/usr/bin/gpg-agent
+PID_FILE="$GNUPGHOME/gpg-agent-info-$(hostname)"
 
 if grep -qs '^[[:space:]]*use-agent' "$GNUPGHOME/gpg.conf" "$GNUPGHOME/options" &&
-   test -x $GPGAGENT; then
+   test -x $GPGAGENT &&
+   { test -z "$GPG_AGENT_INFO" || ! $GPGAGENT 2>/dev/null; }; then
+
+   if [ -r "$PID_FILE" ]; then
+       . "$PID_FILE"
+   fi
 
    # Invoking gpg-agent with no arguments exits successfully if the agent
-   # is already running on the standard socket
+   # is already running as pointed by $GPG_AGENT_INFO
    if ! $GPGAGENT 2>/dev/null; then
-       "$GPGAGENT" --daemon
-   fi
-   GPG_AGENT_INFO="${GNUPGHOME}/S.gpg-agent:0:1"
-   export GPG_AGENT_INFO
-   if grep -qs '^[[:space:]]*enable-ssh-support' "${GNUPGHOME}/gpg-agent.conf"; then
-       SSH_AUTH_SOCK="${GNUPGHOME}/S.gpg-agent.ssh"
-       export SSH_AUTH_SOCK
+       STARTUP="$GPGAGENT --daemon --sh --write-env-file=$PID_FILE $STARTUP"
    fi
 fi
diff -Nru gnupg2-2.1.6/debian/gpg-agent.user-session.upstart gnupg2-2.0.28/debian/gpg-agent.user-session.upstart
--- gnupg2-2.1.6/debian/gpg-agent.user-session.upstart	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/gpg-agent.user-session.upstart	2015-07-03 11:24:20.000000000 +0000
@@ -0,0 +1,31 @@
+description "GPG Agent"
+author "Stéphane Graber "
+
+start on starting xsession-init and (no-pinentry-gnome3 or started dbus)
+
+pre-start script
+    GNUPGHOME=$HOME/.gnupg
+    [ -d $GNUPGHOME ] || { stop; exit 0; }
+    [ -z "$GPG_AGENT_INFO" ] || { stop; exit 0; }
+
+    grep -qs '^[[:space:]]*use-agent' "$GNUPGHOME/gpg.conf" "$GNUPGHOME/options" || { stop; exit 0; }
+
+    eval "$(gpg-agent --daemon --sh)" >/dev/null
+    initctl set-env --global GPG_AGENT_INFO=$GPG_AGENT_INFO
+
+    grep -qs "^enable-ssh-support$" "$GNUPGHOME/gpg-agent.conf" || exit 0
+
+    initctl set-env --global SSH_AUTH_SOCK=$SSH_AUTH_SOCK
+    initctl set-env --global SSH_AGENT_PID=$SSH_AGENT_PID
+end script
+
+post-stop script
+    GPG_AGENT_PID=$(echo $GPG_AGENT_INFO | cut -d : -f2)
+    kill $GPG_AGENT_PID 2>/dev/null || true
+    initctl unset-env --global GPG_AGENT_INFO
+
+    grep -qs "^enable-ssh-support$" "$GNUPGHOME/gpg-agent.conf" || exit 0
+
+    initctl unset-env --global SSH_AUTH_SOCK
+    initctl unset-env --global SSH_AGENT_PID
+end script
diff -Nru gnupg2-2.1.6/debian/gpgsm.install gnupg2-2.0.28/debian/gpgsm.install
--- gnupg2-2.1.6/debian/gpgsm.install	2015-07-07 18:31:57.000000000 +0000
+++ gnupg2-2.0.28/debian/gpgsm.install	2015-07-10 20:09:13.000000000 +0000
@@ -1 +1,4 @@
 debian/tmp/usr/bin/gpgsm
+debian/tmp/usr/bin/gpgsm-gencert.sh
+debian/tmp/usr/share/man/man1/gpgsm-gencert.sh.1
+debian/tmp/usr/share/man/man1/gpgsm.1
diff -Nru gnupg2-2.1.6/debian/gpgsm.manpages gnupg2-2.0.28/debian/gpgsm.manpages
--- gnupg2-2.1.6/debian/gpgsm.manpages	2015-07-07 18:32:06.000000000 +0000
+++ gnupg2-2.0.28/debian/gpgsm.manpages	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-debian/tmp/usr/share/man/man1/gpgsm.1
diff -Nru gnupg2-2.1.6/debian/gpgv2.install gnupg2-2.0.28/debian/gpgv2.install
--- gnupg2-2.1.6/debian/gpgv2.install	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/gpgv2.install	2015-07-10 20:09:13.000000000 +0000
@@ -1 +1,2 @@
 debian/tmp/usr/bin/gpgv2
+debian/tmp/usr/share/man/man1/gpgv2.1
diff -Nru gnupg2-2.1.6/debian/gpgv2.manpages gnupg2-2.0.28/debian/gpgv2.manpages
--- gnupg2-2.1.6/debian/gpgv2.manpages	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/gpgv2.manpages	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-debian/tmp/usr/share/man/man1/gpgv2.1
diff -Nru gnupg2-2.1.6/debian/kbxutil.1 gnupg2-2.0.28/debian/kbxutil.1
--- gnupg2-2.1.6/debian/kbxutil.1	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/kbxutil.1	2015-07-10 20:09:13.000000000 +0000
@@ -0,0 +1,58 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.43.3.
+.TH KBXUTIL "1" "December 2013" "kbxutil (GnuPG) 2.0.22" "User Commands"
+.SH NAME
+kbxutil \- List, export, import Keybox data
+.SH DESCRIPTION
+kbxutil (GnuPG) 2.0.22
+Copyright \(co 2013 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later 
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+.PP
+Syntax: kbxutil [options] [files]
+List, export, import Keybox data
+.PP
+Commands:
+.TP
+\fB\-\-stats\fR
+show key statistics
+.TP
+\fB\-\-import\-openpgp\fR
+import OpenPGP keyblocks
+.TP
+\fB\-\-find\-dups\fR
+find duplicates
+.TP
+\fB\-\-cut\fR
+export records
+.SH OPTIONS
+
+.TP
+\fB\-\-from\fR N
+first record to export
+.TP
+\fB\-\-to\fR N
+last record to export
+.TP
+\fB\-v\fR, \fB\-\-verbose\fR
+verbose
+.TP
+\fB\-q\fR, \fB\-\-quiet\fR
+be somewhat more quiet
+.TP
+\fB\-n\fR, \fB\-\-dry\-run\fR
+do not make any changes
+.TP
+\fB\-\-debug\fR
+set debugging flags
+.TP
+\fB\-\-debug\-all\fR
+enable full debugging
+.PP
+Please report bugs to .
+.SH COPYRIGHT
+Copyright \(co 2013 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later 
+.br
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
diff -Nru gnupg2-2.1.6/debian/no-pinentry-gnome3.user-session.upstart gnupg2-2.0.28/debian/no-pinentry-gnome3.user-session.upstart
--- gnupg2-2.1.6/debian/no-pinentry-gnome3.user-session.upstart	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/no-pinentry-gnome3.user-session.upstart	2015-07-03 11:23:37.000000000 +0000
@@ -0,0 +1,14 @@
+description "Don't make gpg-agent require dbus"
+author "Iain Lane "
+
+start on startup
+
+emits no-pinenty-gnome3
+
+task
+
+script
+    if [ ! -L "/usr/bin/pinentry" ] || [ "$(readlink -f /usr/bin/pinentry)" != "/usr/bin/pinentry-gnome3" ]; then
+        initctl --no-wait emit no-pinentry-gnome3
+    fi
+end script
diff -Nru gnupg2-2.1.6/debian/patches/0001-gnupg2-rename.patch gnupg2-2.0.28/debian/patches/0001-gnupg2-rename.patch
--- gnupg2-2.1.6/debian/patches/0001-gnupg2-rename.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/0001-gnupg2-rename.patch	2015-07-04 18:21:17.000000000 +0000
@@ -0,0 +1,31 @@
+From: Debian GnuPG Maintainers 
+Date: Fri, 8 May 2015 16:55:58 -0400
+Subject: gnupg2-rename
+
+===================================================================
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index c93e762..c55bf8a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -42,7 +42,7 @@ m4_define([mym4_betastring],
+ m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes]))
+ m4_define([mym4_full_version],[mym4_version[]mym4_betastring])
+ 
+-AC_INIT([gnupg],[mym4_full_version], [http://bugs.gnupg.org])
++AC_INIT([gnupg2],[mym4_full_version], [http://bugs.gnupg.org])
+ 
+ NEED_GPG_ERROR_VERSION=1.11
+ 
+@@ -57,7 +57,7 @@ NEED_KSBA_VERSION=1.0.7
+ 
+ development_version=mym4_isgit
+ PACKAGE=$PACKAGE_NAME
+-PACKAGE_GT=${PACKAGE_NAME}2
++PACKAGE_GT=${PACKAGE_NAME}
+ VERSION=$PACKAGE_VERSION
+ 
+ AC_CONFIG_AUX_DIR(scripts)
diff -Nru gnupg2-2.1.6/debian/patches/0001-rename-gnupg2.patch gnupg2-2.0.28/debian/patches/0001-rename-gnupg2.patch
--- gnupg2-2.1.6/debian/patches/0001-rename-gnupg2.patch	2015-07-07 18:31:22.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/0001-rename-gnupg2.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,30 +0,0 @@
-From: Debian GnuPG Maintainers 
-Date: Tue, 14 Apr 2015 10:02:31 -0400
-Subject: rename gnupg2
-
----
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index cf49647..3ea2ce9 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -25,7 +25,7 @@ min_automake_version="1.14"
- # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force".  Please
- # bump the version number immediately *after* the release and do
- # another commit and push so that the git magic is able to work.
--m4_define([mym4_package],[gnupg])
-+m4_define([mym4_package],[gnupg2])
- m4_define([mym4_major], [2])
- m4_define([mym4_minor], [1])
- m4_define([mym4_micro], [6])
-@@ -72,7 +72,7 @@ NEED_GNUTLS_VERSION=3.0
- 
- development_version=mym4_isbeta
- PACKAGE=$PACKAGE_NAME
--PACKAGE_GT=${PACKAGE_NAME}2
-+PACKAGE_GT=${PACKAGE_NAME}
- VERSION=$PACKAGE_VERSION
- 
- AC_CONFIG_AUX_DIR([build-aux])
diff -Nru gnupg2-2.1.6/debian/patches/0002-avoid-beta-warning.patch gnupg2-2.0.28/debian/patches/0002-avoid-beta-warning.patch
--- gnupg2-2.1.6/debian/patches/0002-avoid-beta-warning.patch	2015-07-07 18:31:22.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/0002-avoid-beta-warning.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,35 +0,0 @@
-From: Debian GnuPG Maintainers 
-Date: Tue, 14 Apr 2015 10:02:31 -0400
-Subject: avoid-beta-warning
-
-avoid self-describing as a beta
-
-Using autoreconf against the source as distributed in tarball form
-invariably results in a package that thinks it's a "beta" package,
-which produces the "THIS IS A DEVELOPMENT VERSION" warning string.
-
-since we use dh_autoreconf, i need this patch to avoid producing
-builds that announce themselves as DEVELOPMENT VERSIONs.
-
-See discussion at:
-
- http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html
----
- autogen.sh | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/autogen.sh b/autogen.sh
-index 7effd56..5e8ca15 100755
---- a/autogen.sh
-+++ b/autogen.sh
-@@ -228,8 +228,8 @@ if [ "$myhost" = "find-version" ]; then
-       rvd=$((0x$(echo ${rev} | head -c 4)))
-     else
-       ingit=no
--      beta=yes
--      tmp="-unknown"
-+      beta=no
-+      tmp=""
-       rev="0000000"
-       rvd="0"
-     fi
diff -Nru gnupg2-2.1.6/debian/patches/0002-fix_760273.patch gnupg2-2.0.28/debian/patches/0002-fix_760273.patch
--- gnupg2-2.1.6/debian/patches/0002-fix_760273.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/0002-fix_760273.patch	2015-07-04 18:21:17.000000000 +0000
@@ -0,0 +1,42 @@
+From: Debian GnuPG Maintainers 
+Date: Fri, 8 May 2015 16:55:58 -0400
+Subject: fix_760273
+
+commit 9c999c74389736a5bc0cbdb5a803632d8fb463dd
+Author: Daniel Kahn Gillmor 
+Date:   Tue Sep 2 09:42:15 2014 -0400
+
+    Typo fix for gpg.texi
+    
+    Originally reported by Jakub Wilk in https://bugs.debian.org/760273
+---
+ doc/gnupg.info-1 | 2 +-
+ doc/gpg.texi     | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/doc/gnupg.info-1 b/doc/gnupg.info-1
+index 3530b3d..f06d5a7 100644
+--- a/doc/gnupg.info-1
++++ b/doc/gnupg.info-1
+@@ -3985,7 +3985,7 @@ Expire-Date: ISO-DATE|(NUMBER[d|w|m|y])
+      intervals, GnuPG uses an absolute value internally and thus the
+      last year we can represent is 2105.
+ 
+-Ceation-Date: ISO-DATE
++Creation-Date: ISO-DATE
+      Set the creation date of the key as stored in the key information
+      and which is also part of the fingerprint calculation.  Either a
+      date like "1986-04-26" or a full timestamp like "19860426T042640"
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 06e772e..d8c3962 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -3473,7 +3473,7 @@ sense.  Although OpenPGP works with time intervals, GnuPG uses an
+ absolute value internally and thus the last year we can represent is
+ 2105.
+ 
+-@item  Ceation-Date: @var{iso-date}
++@item  Creation-Date: @var{iso-date}
+ Set the creation date of the key as stored in the key information and
+ which is also part of the fingerprint calculation.  Either a date like
+ "1986-04-26" or a full timestamp like "19860426T042640" may be used.
diff -Nru gnupg2-2.1.6/debian/patches/0003-drop-long-deprecated-gpgsm-gencert.sh.patch gnupg2-2.0.28/debian/patches/0003-drop-long-deprecated-gpgsm-gencert.sh.patch
--- gnupg2-2.1.6/debian/patches/0003-drop-long-deprecated-gpgsm-gencert.sh.patch	2015-07-07 18:31:22.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/0003-drop-long-deprecated-gpgsm-gencert.sh.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,639 +0,0 @@
-From: Daniel Kahn Gillmor 
-Date: Thu, 2 Jul 2015 15:10:49 -0400
-Subject: drop long-deprecated gpgsm-gencert.sh
-
- * tools/gpgsm-gencert.sh: remove deprecated script entirely.  It is
-   fully replaced by gpgsm --gen-key
- * doc/tools.texi: remove gpgsm-gencert.sh documentation
- * .gitignore: no longer ignore gpgsm-gencert.sh manpage
- * doc/Makefile.am: quit making the manpage
- * tools/Makefile.am: quit distributing the script
- * doc/howto-create-a-server-cert.texi: overhaul documentation to use
-   gpgsm --gen-key and tweak explanations
-
---
-
-The commit deprecating gpgsm-gencert.sh
-(81972ca7d53ff1996e0086702a09d4405bdc2a7e) dates back exactly 6 years.
-
- https://codesearch.debian.net/results/gpgsm-gencert.sh
-
-suggests that in all of debian it is only referenced in documentation
-(for poldi and scute) and example files (libept), and isn't actually
-used directly anywhere.
-
-Furthermore, trying to use gpgsm-gencert.sh to make a simple webserver
-certificate-signing request failed for me, following the examples in
-doc/howto-create-a-server-cert.texi exactly.
-
-It's time we ripped off this band-aid :)
-
-Signed-off-by: Daniel Kahn Gillmor 
----
- doc/Makefile.am                     |   2 +-
- doc/howto-create-a-server-cert.texi | 177 +++++++++++++++----------------
- doc/tools.texi                      |  37 -------
- tools/Makefile.am                   |   3 +-
- tools/gpgsm-gencert.sh              | 203 ------------------------------------
- 5 files changed, 84 insertions(+), 338 deletions(-)
- delete mode 100755 tools/gpgsm-gencert.sh
-
-diff --git a/doc/Makefile.am b/doc/Makefile.am
-index 3ea19ad..3ed3057 100644
---- a/doc/Makefile.am
-+++ b/doc/Makefile.am
-@@ -71,7 +71,7 @@ myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
- myman_pages   = gpg2.1 gpgsm.1 gpg-agent.1 dirmngr.8 scdaemon.1 gpgv2.1 \
-                 watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
- 		gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
--		gpgsm-gencert.sh.1 applygnupgdefaults.8 gpg-zip.1 \
-+		applygnupgdefaults.8 gpg-zip.1 \
- 		dirmngr-client.1
- 
- man_MANS = $(myman_pages) gnupg.7
-diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi
-index ce6dd2f..496c9ee 100644
---- a/doc/howto-create-a-server-cert.texi
-+++ b/doc/howto-create-a-server-cert.texi
-@@ -7,18 +7,17 @@ actually been done this way to get a certificate from CAcert to be used
- on a real server.  It has only been tested with this CA, but there
- shouldn't be any problem to run this against any other CA.
- 
--Before you start, make sure that gpg-agent is running.  As there is no
--need for a configuration file, you may simply enter:
-+We start by generating an X.509 certificate signing request. As there
-+is no need for a configuration file, you may simply enter:
- 
- @cartouche
- @example
--  $ gpgsm-gencert.sh >a.p10
--  Key type
--   [1] RSA
--   [2] Existing key
--   [3] Direct from card
--  Your selection: 1
--  You selected: RSA
-+  $ gpgsm --gen-key >example.com.cert-req.pem
-+  Please select what kind of key you want:
-+     (1) RSA
-+     (2) Existing key
-+     (3) Existing key from card
-+  Your selection? 1
- @end example
- @end cartouche
- 
-@@ -32,39 +31,36 @@ Let's continue:
- 
- @cartouche
- @example
--  Key length
--   [1] 1024
--   [2] 2048
--  Your selection: 1
--  You selected: 1024
-+  What keysize do you want? (2048)
-+  Requested keysize is 2048 bits
- @end example
- @end cartouche
- 
--The script offers  two common key sizes. With the current setup of
--CAcert, it does not make much sense to use a 2k key; their policies need
--to be revised anyway (a CA root key valid for 30 years is not really
--serious).
-+Hitting enter chooses the default RSA key size of 2048 bits.  Smaller
-+keys are too weak on the modern Internet.  If you choose a larger
-+(stronger) key, your server will need to do more work.
- 
- @cartouche
- @example
--  Key usage
--   [1] sign, encrypt
--   [2] sign
--   [3] encrypt
--  Your selection: 1
--  You selected: sign, encrypt
-+  Possible actions for a RSA key:
-+     (1) sign, encrypt
-+     (2) sign
-+     (3) encrypt
-+  Your selection? 1
- @end example
- @end cartouche
- 
--We want to sign and encrypt using this key. This is just a suggestion
--and the CA may actually assign other key capabilities.
-+Selecting ``sign'' enables use of the key for Diffie-Hellman key
-+exchange mechanisms (DHE and ECDHE) in TLS, which are preferred
-+because they offer forward secrecy.  Selecting ``encrypt'' enables RSA
-+key exchange mechanisms, which are still common in some places.
-+Selecting both enables both key exchange mechanisms.
- 
- Now for some real data:
- 
- @cartouche
- @example
--  Name (DN)
--  > CN=kerckhoffs.g10code.com
-+  Enter the X.509 subject name: CN=example.com
- @end example
- @end cartouche
- 
-@@ -74,13 +70,13 @@ server names later.
- 
- @cartouche
- @example
--  E-Mail addresses (end with an empty line)
-+  E-Mail addresses (end with an empty line):
-   > 
- @end example
- @end cartouche
- 
--We don't need email addresses in a server certificate and CAcert would
--anyway ignore such a request. Thus just hit enter.
-+We don't need email addresses in a TLS server certificate and CAcert
-+would anyway ignore such a request. Thus just hit enter.
- 
- If you want to create a client certificate for email encryption, this
- would be the place to enter your mail address
-@@ -89,22 +85,21 @@ however the CA may not accept them all or reject the entire request.
- 
- @cartouche
- @example
--  DNS Names (optional; end with an empty line)
--  > www.g10code.com
--  DNS Names (optional; end with an empty line)
--  > ftp.g10code.com
--  DNS Names (optional; end with an empty line)
-+  Enter DNS names (optional; end with an empty line):
-+  > example.com
-+  > www.example.com
-   > 
- @end example
- @end cartouche
- 
--Here I entered the names of the servers which actually run on the
--machine given in the DN above. The browser will accept a certificate for
--any of these names. As usual the CA must approve all of these names.
-+Here I entered the names of the services which the machine actually
-+provides.  You almost always want to include the canonical name here
-+too. The browser will accept a certificate for any of these names. As
-+usual the CA must approve all of these names.
- 
- @cartouche
- @example
--  URIs (optional; end with an empty line)
-+  URIs (optional; end with an empty line):
-   >
- @end example
- @end cartouche
-@@ -112,25 +107,30 @@ any of these names. As usual the CA must approve all of these names.
- It is possible to insert arbitrary URIs into a certificate; for a server
- certificate this does not make sense.
- 
-+@cartouche
-+@example
-+  Create self-signed certificate? (y/N)
-+@end example
-+@end cartouche
-+
-+Since we are creating a certificate signing request, and not a full
-+certificate, we answer no here, or just hit enter for the default.
-+
- We have now entered all required information and @command{gpgsm} will
- display what it has gathered and ask whether to create the certificate
- request:
- 
- @cartouche
- @example
--  Parameters for certificate request to create:
--       1	Key-Type: RSA
--       2	Key-Length: 1024
--       3	Key-Usage: sign, encrypt
--       4	Name-DN: CN=kerckhoffs.g10code.com
--       5	Name-DNS: www.g10code.com
--       6	Name-DNS: ftp.g10code.com
--  
--  Really create such a CSR?
--   [1] yes
--   [2] no
--  Your selection: 1
--  You selected: yes
-+  These parameters are used:
-+      Key-Type: RSA
-+      Key-Length: 2048
-+      Key-Usage: sign, encrypt
-+      Name-DN: CN=example.com
-+      Name-DNS: example.com
-+      Name-DNS: www.example.com
-+
-+  Proceed with creation? (y/N) y
- @end example
- @end cartouche
- 
-@@ -146,6 +146,7 @@ When it is ready, you should see the final notice:
- @cartouche
- @example
-   gpgsm: certificate request created
-+  Ready.  You should now send this request to your CA.
- @end example
- @end cartouche
- 
-@@ -153,17 +154,22 @@ Now, you may look at the created request:
- 
- @cartouche
- @example
--  $ cat a.p10
-+  $ cat example.com.cert-req.pem
-   -----BEGIN CERTIFICATE REQUEST-----
--  MIIBnzCCAQgCAQAwITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCB
--  nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVyg
--  HtB7kr+YISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlS
--  wFTALLX78GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkm
--  Bj5cNy+YMbGVldECAwEAAaA+MDwGCSqGSIb3DQEJDjEvMC0wKwYDVR0RBCQwIoIP
--  d3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5jb20wDQYJKoZIhvcNAQEFBQAD
--  gYEAzBRIi8KTfKyebOlMtDN6oDYBOv+r9A4w3u/Z1ikjffaiN1Bmd2o9Ez9KXKHA
--  IezLeSEA/rGUPN5Ur5qIJnRNQ8xrS+iLftr8msWQSZppVnA/vnqMrtqBUpitqAr0
--  eYBmt1Uem2Y3UFABrKPglv2xzgGkrKX6AqmFoOnJWQ0QcTw=
-+  MIIClTCCAX0CAQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3
-+  DQEBAQUAA4IBDwAwggEKAoIBAQDP1QEcbTvOLLCX4gAoOzH9AW7jNOMj7OSOL0uW
-+  h2bCdkK5YVpnX212Z6COTC3ZG0pJiCeGt1TbbDJUlTa4syQ6JXavjK66N8ASZsyC
-+  Rwcl0m6hbXp541t1dbgt2VgeGk25okWw3j+brw6zxLD2TnthJxOatID0lDIG47HW
-+  GqzZmA6WHbIBIONmGnReIHTpPAPCDm92vUkpKG1xLPszuRmsQbwEl870W/FHrsvm
-+  DPvVUUSdIvTV9NuRt7/WY6G4nPp9QlIuTf1ESPzIuIE91gKPdrRCAx0yuT708S1n
-+  xCv3ETQ/bKPoAQ67eE3mPBqkcVwv9SE/2/36Lz06kAizRgs5AgMBAAGgOjA4Bgkq
-+  hkiG9w0BCQ4xKzApMCcGA1UdEQQgMB6CC2V4YW1wbGUuY29tgg93d3cuZXhhbXBs
-+  ZS5jb20wDQYJKoZIhvcNAQELBQADggEBAEWD0Qqz4OENLYp6yyO/KqF0ig9FDsLN
-+  b5/R+qhms5qlhdB5+Dh+j693Sj0UgbcNKc6JT86IuBqEBZmRCJuXRoKoo5aMS1cJ
-+  hXga7N9IA3qb4VBUzBWvlL92U2Iptr/cEbikFlYZF2Zv3PBv8RfopVlI3OLbKV9D
-+  bJJTt/6kuoydXKo/Vx4G0DFzIKNdFdJk86o/Ziz8NOs9JjZxw9H9VY5sHKFM5LKk
-+  VcLwnnLRlNjBGB+9VK/Tze575eG0cJomTp7UGIB+1xzIQVAhUZOizRDv9tHDeaK3
-+  k+tUhV0kuJcYHucpJycDSrP/uAY5zuVJ0rs2QSjdnav62YrRgEsxJrU=
-   -----END CERTIFICATE REQUEST-----
-   $
- @end example
-@@ -189,26 +195,7 @@ followed by a Ctrl-D
- @example
-   -----BEGIN CERTIFICATE-----
-   MIIEIjCCAgqgAwIBAgIBTDANBgkqhkiG9w0BAQQFADBUMRQwEgYDVQQKEwtDQWNl
--  cnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQD
--  ExNDQWNlcnQgQ2xhc3MgMyBSb290MB4XDTA1MTAyODE2MjA1MVoXDTA3MTAyODE2
--  MjA1MVowITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCBnzANBgkq
--  hkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVygHtB7kr+Y
--  ISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlSwFTALLX7
--  8GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkmBj5cNy+Y
--  MbGVldECAwEAAaOBtTCBsjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF
--  BwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIF
--  oDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy
--  dC5vcmcwKwYDVR0RBCQwIoIPd3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5j
--  b20wDQYJKoZIhvcNAQEEBQADggIBAAj5XAHCtzQR8PV6PkQBgZqUCbcfxGO/ZIp9
--  aIT6J2z0Jo1OZI6KmConbqnZG9WyDlV5P7msQXW/Z9nBfoj4KSmNR8G/wtb8ClJn
--  W8s75+K3ZLq1UgEyxBDrS7GjtbVaj7gsfZsuiQzxmk9lbl1gbkpJ3VEMjwVCTMlM
--  fpjp8etyPhUZqOZaoKVaq//KTOsjhPMwz7TcfOkHvXketPrWTcefJQU7NKLH16D3
--  mZAwnBxp3P51H6E6VG8AoJO8xCBuVwsbXKEf/FW+tmKG9pog6CaZQ9WibROTtnKj
--  NJjSBsrUk5C+JowO/EyZRGm6R1tlok8iFXj+2aimyeBqDcxozNmFgh9F3S5u0wK0
--  6cfYgkPVMHxgwV3f3Qh+tJkgLExN7KfO9hvpZqAh+CLQtxVmvpxEVEXKR6nwBI5U
--  BaseulvVy3wUfg2daPkG17kDDBzQlsWC0BRF8anH+FWSrvseC3nS0a9g3sXF1Ic3
--  gIqeAMhkant1Ac3RR6YCWtJKr2rcQNdDAxXK35/gUSQNCi9dclEzoOgjziuA1Mha
--  94jYcvGKcwThn0iITVS5hOsCfaySBLxTzfIruLbPxXlpWuCW/6I/7YyivppKgEZU
-+   [...]
-   rUTFlNElRXCwIl0YcJkIaYYqWf7+A/aqYJCi8+51usZwMy3Jsq3hJ6MA3h1BgwZs
-   Rtct3tIX
-   -----END CERTIFICATE-----
-@@ -229,19 +216,19 @@ To see the content of your certificate, you may now enter:
- 
- @cartouche
- @example
--  $ gpgsm -K kerckhoffs.g10code.com
-+  $ gpgsm -K example.com
-   /home/foo/.gnupg/pubring.kbx
-   ---------------------------
-   Serial number: 4C
-          Issuer: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.[...]
--        Subject: /CN=kerckhoffs.g10code.com
--            aka: (dns-name www.g10code.com)
--            aka: (dns-name ftp.g10code.com)
--       validity: 2005-10-28 16:20:51 through 2007-10-28 16:20:51
--       key type: 1024 bit RSA
-+        Subject: /CN=example.com
-+            aka: (dns-name example.com)
-+            aka: (dns-name www.example.com)
-+       validity: 2015-07-01 16:20:51 through 2016-07-01 16:20:51
-+       key type: 2048 bit RSA
-       key usage: digitalSignature keyEncipherment
-   ext key usage: clientAuth (suggested), serverAuth (suggested), [...]
--    fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:19:D8:E9:65:B9:BD:4F:B1:98:CC:57
-+    fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:D8:19:E9:65:B9:4F:BD:B1:98:CC:57
- @end example
- @end cartouche
- 
-@@ -256,7 +243,7 @@ certificate. To create such a file, run:
- 
- @cartouche
- @example
--  $ gpgsm --export-secret-key-p12 -a >kerckhoffs-cert.pem
-+  $ gpgsm --export-secret-key-p12 -a >example.com-cert.pem
- @end example
- @end cartouche
- 
-@@ -266,12 +253,12 @@ certificate as well as the private key:
- 
- @cartouche
- @example
--  $ cat kerckhoffs-cert.pem
-+  $ cat example-cert.pem
-   Issuer ...: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.CA[...]
-   Serial ...: 4C
--  Subject ..: /CN=kerckhoffs.g10code.com
--      aka ..: (dns-name www.g10code.com)
--      aka ..: (dns-name ftp.g10code.com)
-+  Subject ..: /CN=example.com
-+      aka ..: (dns-name example.com)
-+      aka ..: (dns-name www.example.com)
-   
-   -----BEGIN PKCS12-----
-   MIIHlwIBAzCCB5AGCSqGSIb37QdHAaCCB4EEggd9MIIHeTk1BJ8GCSqGSIb3DQEu
-diff --git a/doc/tools.texi b/doc/tools.texi
-index a067eb6..1dd1b35 100644
---- a/doc/tools.texi
-+++ b/doc/tools.texi
-@@ -15,7 +15,6 @@ GnuPG comes with a couple of smaller tools:
- * addgnupghome::          Create .gnupg home directories.
- * gpgconf::               Modify .gnupg home directories.
- * applygnupgdefaults::    Run gpgconf for all users.
--* gpgsm-gencert.sh::      Generate an X.509 certificate request.
- * gpg-preset-passphrase:: Put a passphrase into the cache.
- * gpg-connect-agent::     Communicate with a running agent.
- * dirmngr-client::        How to use the Dirmngr client tool.
-@@ -1001,42 +1000,6 @@ applygnupgdefaults
- 
- 
- @c
--@c    GPGSM-GENCERT.SH
--@c
--@node gpgsm-gencert.sh
--@section Generate an X.509 certificate request
--@manpage gpgsm-gencert.sh.1
--@ifset manverb
--.B gpgsm-gencert.sh
--\- Generate an X.509 certificate request
--@end ifset
--
--@mansect synopsis
--@ifset manverb
--.B  gpgsm-gencert.sh
--@end ifset
--
--@mansect description
--This is a simple tool to interactively generate a certificate request
--which will be printed to stdout.
--
--@manpause
--@noindent
--@command{gpgsm-gencert.sh} is invoked as:
--
--@samp{gpgsm-cencert.sh}
--
--@mansect see also
--@ifset isman
--@command{gpgsm}(1),
--@command{gpg-agent}(1),
--@command{scdaemon}(1)
--@end ifset
--@include see-also-note.texi
--
--
--
--@c
- @c   GPG-PRESET-PASSPHRASE
- @c
- @node gpg-preset-passphrase
-diff --git a/tools/Makefile.am b/tools/Makefile.am
-index 5c28954..496b1a6 100644
---- a/tools/Makefile.am
-+++ b/tools/Makefile.am
-@@ -18,7 +18,7 @@
- 
- EXTRA_DIST = \
- 	Manifest watchgnupg.c \
--	addgnupghome applygnupgdefaults gpgsm-gencert.sh \
-+	addgnupghome applygnupgdefaults \
- 	lspgpot mail-signed-keys convert-from-106 sockprox.c \
- 	ccidmon.c ChangeLog-2011 gpg-connect-agent-w32info.rc
- 
-@@ -34,7 +34,6 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
- 
- sbin_SCRIPTS = addgnupghome applygnupgdefaults
- 
--bin_SCRIPTS = gpgsm-gencert.sh
- if HAVE_USTAR
- # bin_SCRIPTS += gpg-zip
- noinst_SCRIPTS = gpg-zip
-diff --git a/tools/gpgsm-gencert.sh b/tools/gpgsm-gencert.sh
-deleted file mode 100755
-index b209c8e..0000000
---- a/tools/gpgsm-gencert.sh
-+++ /dev/null
-@@ -1,203 +0,0 @@
--#!/bin/sh
--#                                                              -*- sh -*-
--# gpgsm-gencert.c - Generate X.509 certificates through GPGSM.  
--#	Copyright (C) 2004, 2005 Free Software Foundation, Inc.
--#
--# This file is part of GnuPG.
--#
--# GnuPG is free software; you can redistribute it and/or modify
--# it under the terms of the GNU General Public License as published by
--# the Free Software Foundation; either version 3 of the License, or
--# (at your option) any later version.
--#
--# GnuPG is distributed in the hope that it will be useful,
--# but WITHOUT ANY WARRANTY; without even the implied warranty of
--# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--# GNU General Public License for more details.
--#
--# You should have received a copy of the GNU General Public License
--# along with this program; if not, see .
--
--set -e
--
--ASSUAN_FP_IN=4
--ASSUAN_FP_OUT=5
--
--ASSUAN_COMMANDS="\
--INPUT FD=$ASSUAN_FP_IN\n\
--OUTPUT FD=$ASSUAN_FP_OUT --armor\n\
--GENKEY\n\
--BYE\n"
--
--ANSWER=""
--
--query_user()
--{
--    message=$1; shift
--    
--    echo "$message" >&2
--    echo -n "> " >&2
--    read answer
--
--    ANSWER=$answer;
--}
--
--query_user_menu()
--{
--    message=$1; shift
--    i=0
--    
--    echo "$message" >&2
--    for choice in "$@"; do
--	i=$(expr $i + 1)
--	echo " [$i] $choice" >&2
--    done
--
--    while true; do
--	j=1
--	echo -n "Your selection: " >&2
--	read idx
--
--	while [ $j -lt $i -o $j -eq $i ]; do
--	    if [ "$idx" = $j ]; then
--		break
--	    fi
--	    j=$(expr $j + 1)
--	done
--	if [ $j -lt $i -o $j -eq $i ]; then
--	    break
--	fi
--    done
--
--    i=0
--    for choice in "$@"; do
--	i=$(expr $i + 1)
--	if [ $i -eq $idx ]; then
--	    ANSWER=$1
--	    break;
--	fi
--	shift
--    done
--    
--    echo "You selected: $ANSWER" >&2
--}
--
--
--echo "WARNING: This script is deprecated; please use" >&2
--echo "           gpgsm --gen-key" >&2
--echo "         instead." >&2
--KEY_TYPE=""
--while [ -z "$KEY_TYPE" ]; do
--  query_user_menu "Key type" "RSA" "Existing key" "Direct from card"
--  case "$ANSWER" in
--    RSA)
--      KEY_TYPE=$ANSWER
--      query_user_menu "Key length" "1024" "2048"
--      KEY_LENGTH=$ANSWER
--      KEY_GRIP=
--      ;;
--    Existing*)
--      # User requested to use an existing key; need to set some dummy defaults
--      query_user "Keygrip "
--      if [ -n "$ANSWER" ]; then
--        KEY_TYPE=RSA 
--        KEY_LENGTH=1024
--        KEY_GRIP=$ANSWER
--      fi
--      ;;
--    Direct*)
--      tmp=$(echo 'SCD SERIALNO' | gpg-connect-agent | \
--            awk '$2 == "SERIALNO" {print $3}') 
--      if [ -z "$tmp" ]; then
--          echo "No card found" >&2
--      else
--        echo "Card with S/N $tmp found" >&2
--        tmp=$(echo 'SCD LEARN --force' | gpg-connect-agent | \
--              awk '$2 == "KEYPAIRINFO" {printf " %s", $4}')
--        sshid=$(echo 'SCD GETATTR $AUTHKEYID' | gpg-connect-agent | \
--                awk '$2 == "$AUTHKEYID" {print $3}') 
--        [ -n "$sshid" ] && echo "gpg-agent uses $sshid as ssh key" >&2
--        query_user_menu "Select key " $tmp "back"
--        if [ "$ANSWER" != "back" ]; then
--          KEY_TYPE="card:$ANSWER"
--          KEY_LENGTH=
--          KEY_GRIP=
--        fi
--      fi
--      ;;
--    *)
--      exit 1
--      ;;   
--  esac
--done
--
--query_user_menu "Key usage" "sign, encrypt" "sign" "encrypt"
--KEY_USAGE=$ANSWER
--
--query_user "Name (DN)"
--NAME=$ANSWER
--
--EMAIL_ADDRESSES=
--LF=
--while : ; do
--  query_user "E-Mail addresses (end with an empty line)"
--  [ -z "$ANSWER" ] && break
--  EMAIL_ADDRESSES="${EMAIL_ADDRESSES}${LF}Name-Email: $ANSWER"
--  LF='
--'
--done
--
--DNS_ADDRESSES=
--LF=
--while : ; do
--  query_user "DNS Names (optional; end with an empty line)"
--  [ -z "$ANSWER" ] && break
--  DNS_ADDRESSES="${DNS_ADDRESSES}${LF}Name-DNS: $ANSWER"
--  LF='
--'
--done
--
--URI_ADDRESSES=
--LF=
--while : ; do
--  query_user "URIs (optional; end with an empty line)"
--  [ -z "$ANSWER" ] && break
--  URI_ADDRESSES="${URI_ADDRESSES}${LF}Name-URI: $ANSWER"
--  LF='
--'
--done
--
--file_parameter=$(mktemp "/tmp/gpgsm.XXXXXX")
--outfile=$(mktemp "/tmp/gpgsm.XXXXXX")
--
--
--(
--cat < "$file_parameter"
--
--
--echo 'Parameters for certificate request to create:' >&2
--cat -n "$file_parameter" >&2
--echo  >&2
--
--query_user_menu "Really create such a CSR?" "yes" "no"
--[ "$ANSWER" != "yes" ] && exit 1
--    
--
--printf "$ASSUAN_COMMANDS" | \
--     gpgsm --no-log-file --debug-level none --debug-none \
--           --server 4< "$file_parameter" 5>"$outfile" >/dev/null
--
--cat "$outfile"
--
--rm "$file_parameter" "$outfile"
--exit 0
diff -Nru gnupg2-2.1.6/debian/patches/0003-gpg-Fix-segv-due-to-NULL-value-stored-as-opaque-MPI-.patch gnupg2-2.0.28/debian/patches/0003-gpg-Fix-segv-due-to-NULL-value-stored-as-opaque-MPI-.patch
--- gnupg2-2.1.6/debian/patches/0003-gpg-Fix-segv-due-to-NULL-value-stored-as-opaque-MPI-.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/0003-gpg-Fix-segv-due-to-NULL-value-stored-as-opaque-MPI-.patch	2015-07-04 18:21:17.000000000 +0000
@@ -0,0 +1,89 @@
+From: Daniel Kahn Gillmor 
+Date: Sat, 21 Feb 2015 18:12:22 -0500
+Subject: gpg: Fix segv due to NULL value stored as opaque MPI (BRANCH 2.0)
+
+* g10/build-packet.c (do_secret_key): Check for NULL return from
+gcry_mpi_get_opaque.
+* g10/keyid.c (hash_public_key): Ditto.
+--
+
+This is a backport of 76c8122adfed0f0f443cce7bda702ba2b39661b3 from
+master to the STABLE-BRANCH-2-0
+
+On the STABLE-BRANCH-2-0, we may also want to patch g10/seckey-cert.c,
+but that has not been done in this patch.
+
+This fix extends commmit 0835d2f44ef62eab51fce6a927908f544e01cf8f.
+
+  gpg2 --export --no-default-keyring --keyring TESTDATA
+
+With TESTDATA being below after unpacking.
+
+-----BEGIN PGP ARMORED FILE-----
+
+mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ
+iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA
+EJgTBJx/AP8ABPPzBJx/AP8ABPPz
+=2yE0
+-----END PGP ARMORED FILE-----
+
+Reported-by: Jodie Cunningham
+Signed-off-by: Daniel Kahn Gillmor 
+---
+ g10/build-packet.c |  6 ++++--
+ g10/keyid.c        | 16 ++++++++++------
+ 2 files changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/g10/build-packet.c b/g10/build-packet.c
+index e986987..5cc03cf 100644
+--- a/g10/build-packet.c
++++ b/g10/build-packet.c
+@@ -398,7 +398,8 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
+ 
+       assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE));
+       p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits );
+-      iobuf_write (a, p, (ndatabits+7)/8 );
++      if (p)
++        iobuf_write (a, p, (ndatabits+7)/8 );
+     }
+   else if ( sk->is_protected )
+     {
+@@ -410,7 +411,8 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
+ 
+           assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
+           p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
+-          iobuf_write (a, p, (ndatabits+7)/8);
++          if (p)
++            iobuf_write (a, p, (ndatabits+7)/8);
+         }
+       write_16(a, sk->csum );
+     }
+diff --git a/g10/keyid.c b/g10/keyid.c
+index 6af0f48..ef6ee1c 100644
+--- a/g10/keyid.c
++++ b/g10/keyid.c
+@@ -115,14 +115,18 @@ hash_public_key( gcry_md_hd_t md, PKT_public_key *pk )
+   if(npkey==0 && pk->pkey[0]
+      && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
+     {
+-      gcry_md_write (md, pp[0], nn[0]);
++      if (pp[0])
++        gcry_md_write (md, pp[0], nn[0]);
+     }
+   else
+-    for(i=0; i < npkey; i++ )
+-      {
+-	gcry_md_write ( md, pp[i], nn[i] );
+-	xfree(pp[i]);
+-      }
++    {
++      for(i=0; i < npkey; i++ )
++        {
++          if (pp[i])
++            gcry_md_write ( md, pp[i], nn[i] );
++          xfree(pp[i]);
++        }
++    }
+ }
+ 
+ static gcry_md_hd_t
diff -Nru gnupg2-2.1.6/debian/patches/0004-add-gnome-keyring-gpg-agent-hijack-warning.patch gnupg2-2.0.28/debian/patches/0004-add-gnome-keyring-gpg-agent-hijack-warning.patch
--- gnupg2-2.1.6/debian/patches/0004-add-gnome-keyring-gpg-agent-hijack-warning.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/0004-add-gnome-keyring-gpg-agent-hijack-warning.patch	2015-07-04 18:21:17.000000000 +0000
@@ -0,0 +1,31 @@
+From: Daniel Kahn Gillmor 
+Date: Fri, 8 May 2015 17:01:12 -0400
+Subject: add gnome-keyring gpg-agent hijack warning
+
+When gpg2 notices that gpg-agent is hijacked by gnome-keyring, and
+complains about it, the user currently gets no pointers for how to fix
+the problem.
+
+Suggest a way to solve the problem.
+
+This is a dissatisfying conclusion to https://bugs.debian.org/760102
+---
+ g10/call-agent.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/g10/call-agent.c b/g10/call-agent.c
+index 5669e04..6a74a8d 100644
+--- a/g10/call-agent.c
++++ b/g10/call-agent.c
+@@ -170,8 +170,11 @@ check_hijacking (assuan_context_t ctx)
+       const char warn2[] =
+         "GnuPG will not work properly - please configure that "
+         "tool to not interfere with the GnuPG system!";
++      const char warn3[] =
++        "You may want to run gnome-keyring-unhijack-gpg-agent";
+       log_info ("WARNING: %s\n", warn1);
+       log_info ("WARNING: %s\n", warn2);
++      log_info ("WARNING: %s\n", warn3);
+       /*                 (GPG_ERR_SOURCRE_GPG, GPG_ERR_NO_AGENT) */
+       write_status_text (STATUS_ERROR, "check_hijacking 33554509");
+       xfree (string);
diff -Nru gnupg2-2.1.6/debian/patches/0005-gpg-Consider-that-gcry_mpi_get_opaque-may-return-NUL.patch gnupg2-2.0.28/debian/patches/0005-gpg-Consider-that-gcry_mpi_get_opaque-may-return-NUL.patch
--- gnupg2-2.1.6/debian/patches/0005-gpg-Consider-that-gcry_mpi_get_opaque-may-return-NUL.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/0005-gpg-Consider-that-gcry_mpi_get_opaque-may-return-NUL.patch	2015-07-04 18:21:17.000000000 +0000
@@ -0,0 +1,152 @@
+From: Werner Koch 
+Date: Tue, 2 Jun 2015 17:41:30 +0200
+Subject: gpg: Consider that gcry_mpi_get_opaque may return NULL.
+
+* g10/seckey-cert.c (do_check): Handle a NULL opaque MPI.
+--
+
+This patch extends b2d9d10 for secret keys.  The problem is that we
+changed the semantics so that opaque MPIs may be NULL with a bit
+length.  This patch is not required in GnuPG 2 because we do not use
+secret keys there.
+
+Signed-off-by: Werner Koch 
+---
+ g10/seckey-cert.c | 61 +++++++++++++++++++++++++++++++------------------------
+ 1 file changed, 35 insertions(+), 26 deletions(-)
+
+diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
+index 9995aa4..ad2f52d 100644
+--- a/g10/seckey-cert.c
++++ b/g10/seckey-cert.c
+@@ -40,7 +40,6 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
+           int *canceled )
+ {
+     gpg_error_t err;
+-    byte *buffer;
+     u16 csum=0;
+     int i, res;
+     size_t nbytes;
+@@ -116,10 +115,13 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
+             p = gcry_mpi_get_opaque ( sk->skey[i], &ndatabits );
+             ndata = (ndatabits+7)/8;
+ 
+-            if ( ndata > 1 )
++            if ( ndata > 1 && p )
+                 csumc = p[ndata-2] << 8 | p[ndata-1];
+ 	    data = xmalloc_secure ( ndata );
+-	    gcry_cipher_decrypt ( cipher_hd, data, ndata, p, ndata );
++            if (p)
++              gcry_cipher_decrypt ( cipher_hd, data, ndata, p, ndata );
++            else
++              memset (data, 0, ndata);
+ 	    gcry_mpi_release (sk->skey[i]); sk->skey[i] = NULL ;
+ 
+ 	    p = data;
+@@ -129,7 +131,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
+                    attack */
+                 sk->csum = 0;
+                 csum = 1;
+-                if( ndata < 20 ) 
++                if( ndata < 20 )
+                     log_error("not enough bytes for SHA-1 checksum\n");
+                 else {
+                     gcry_md_hd_t h;
+@@ -139,7 +141,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
+                     gcry_md_write (h, data, ndata - 20);
+                     gcry_md_final (h);
+                     if (!memcmp (gcry_md_read (h, DIGEST_ALGO_SHA1),
+-                                 data + ndata - 20, 20) ) 
++                                 data + ndata - 20, 20) )
+                       {
+                         /* Digest does match.  We have to keep the old
+                            style checksum in sk->csum, so that the
+@@ -147,7 +149,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
+                            This test gets used when we are adding new
+                            keys. */
+                         sk->csum = csum = checksum (data, ndata-20);
+-                      } 
++                      }
+                     gcry_md_close (h);
+                 }
+             }
+@@ -197,21 +199,28 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
+ 
+                 assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
+                 p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
+-                ndata = (ndatabits+7)/8;
+-                assert (ndata >= 2);
+-                assert (ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2);
+-                buffer = xmalloc_secure (ndata);
+-		gcry_cipher_sync (cipher_hd);
+-                buffer[0] = p[0];
+-                buffer[1] = p[1];
+-                gcry_cipher_decrypt (cipher_hd, buffer+2, ndata-2,
+-                                     p+2, ndata-2);
+-                csum += checksum (buffer, ndata);
+-                gcry_mpi_release (sk->skey[i]);
+-
+-		err = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP,
+-				     buffer, ndata, &ndata );
+-		xfree (buffer);
++                if (!p)
++                  err = -1;
++                else
++                  {
++                    byte *buffer;
++
++                    ndata = (ndatabits+7)/8;
++                    assert (ndata >= 2);
++                    assert (ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2);
++                    buffer = xmalloc_secure (ndata);
++                    gcry_cipher_sync (cipher_hd);
++                    buffer[0] = p[0];
++                    buffer[1] = p[1];
++                    gcry_cipher_decrypt (cipher_hd, buffer+2, ndata-2,
++                                         p+2, ndata-2);
++                    csum += checksum (buffer, ndata);
++                    gcry_mpi_release (sk->skey[i]);
++
++                    err = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP,
++                                         buffer, ndata, &ndata );
++                    xfree (buffer);
++                  }
+                 if (err)
+                   {
+                     /* Checksum was okay, but not correctly
+@@ -346,11 +355,11 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
+ 
+ 	if ( openpgp_cipher_test_algo ( sk->protect.algo ) ) {
+             /* Unsupport protection algorithm. */
+-            rc = gpg_error (GPG_ERR_CIPHER_ALGO); 
++            rc = gpg_error (GPG_ERR_CIPHER_ALGO);
+         }
+ 	else {
+ 	    print_cipher_algo_note( sk->protect.algo );
+-	    
++
+ 	    if ( openpgp_cipher_open (&cipher_hd, sk->protect.algo,
+ 				      GCRY_CIPHER_MODE_CFB,
+ 				      (GCRY_CIPHER_SECURE
+@@ -399,10 +408,10 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
+ 		    p += narr[j];
+ 		    xfree(bufarr[j]);
+ 		}
+-                
++
+                 if (opt.simple_sk_checksum) {
+                     log_info (_("generating the deprecated 16-bit checksum"
+-                              " for secret key protection\n")); 
++                              " for secret key protection\n"));
+                     csum = checksum( data, ndata-2);
+                     sk->csum = csum;
+                     *p++ =	csum >> 8;
+@@ -458,7 +467,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
+ 		    gcry_cipher_encrypt (cipher_hd, data+2, nbytes,
+                                          buffer, nbytes);
+ 		    xfree( buffer );
+-                    
++
+                     gcry_mpi_release (sk->skey[i]);
+                     sk->skey[i] = gcry_mpi_set_opaque (NULL,
+                                                        data, (nbytes+2)*8 );
diff -Nru gnupg2-2.1.6/debian/patches/0006-Pass-DBUS_SESSION_BUS_ADDRESS-for-gnome3.patch gnupg2-2.0.28/debian/patches/0006-Pass-DBUS_SESSION_BUS_ADDRESS-for-gnome3.patch
--- gnupg2-2.1.6/debian/patches/0006-Pass-DBUS_SESSION_BUS_ADDRESS-for-gnome3.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/0006-Pass-DBUS_SESSION_BUS_ADDRESS-for-gnome3.patch	2015-07-04 18:21:17.000000000 +0000
@@ -0,0 +1,26 @@
+From: Daniel Kahn Gillmor 
+Date: Tue, 30 Jun 2015 12:41:29 -0400
+Subject: Pass DBUS_SESSION_BUS_ADDRESS for gnome3
+
+* common/session-env.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.
+--
+
+pinentry-gnome3 talks to the gcr prompter via dbus.  Without this
+environment variable, it can't find the correct session to talk to.
+---
+ common/session-env.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/common/session-env.c b/common/session-env.c
+index 10f5dfe..2dddc8f 100644
+--- a/common/session-env.c
++++ b/common/session-env.c
+@@ -62,6 +62,8 @@ static struct
+                                       modules (eg "@im=SCIM").  */
+   { "GTK_IM_MODULE" },           /* Used by gtk to select gtk input
+                                     modules (eg "scim-bridge").  */
++  { "DBUS_SESSION_BUS_ADDRESS" },/* Used by GNOME3 to talk to gcr over
++                                    dbus */
+   { "QT_IM_MODULE" },            /* Used by Qt to select qt input
+                                       modules (eg "xim").  */
+   { "PINENTRY_USER_DATA", "pinentry-user-data"} 
diff -Nru gnupg2-2.1.6/debian/patches/90-drop-sh-prefix-in-openpgp-testing gnupg2-2.0.28/debian/patches/90-drop-sh-prefix-in-openpgp-testing
--- gnupg2-2.1.6/debian/patches/90-drop-sh-prefix-in-openpgp-testing	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/90-drop-sh-prefix-in-openpgp-testing	2015-05-05 12:01:05.000000000 +0000
@@ -0,0 +1,22 @@
+Description: drop sh prefix in openpgp test environment
+ Drop sh prefix from openpgp tests as it leads to exec invocations of
+ sh /bin/bash leading to syntax errors from sh.  Fixes FTBFS detected
+ in archive rebuild.
+ Confirmed this has been fixed (differently) in the upstream Debian
+ version.
+Author: Andy Whitcroft 
+Last-Update: 2013-09-20
+
+Index: gnupg2-2.0.20/tests/openpgp/Makefile.am
+===================================================================
+--- gnupg2-2.0.20.orig/tests/openpgp/Makefile.am	2013-09-20 14:31:30.052109208 +0100
++++ gnupg2-2.0.20/tests/openpgp/Makefile.am	2013-09-20 14:31:30.048109193 +0100
+@@ -25,7 +25,7 @@
+ 
+ 
+ TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \
+-		    ../../agent/gpg-agent --quiet --daemon sh
++		    ../../agent/gpg-agent --quiet --daemon
+ 
+ 
+ TESTS = version.test mds.test \
diff -Nru gnupg2-2.1.6/debian/patches/series gnupg2-2.0.28/debian/patches/series
--- gnupg2-2.1.6/debian/patches/series	2015-07-07 18:31:22.000000000 +0000
+++ gnupg2-2.0.28/debian/patches/series	2015-07-13 12:17:30.000000000 +0000
@@ -1,3 +1,7 @@
-0001-rename-gnupg2.patch
-0002-avoid-beta-warning.patch
-0003-drop-long-deprecated-gpgsm-gencert.sh.patch
+90-drop-sh-prefix-in-openpgp-testing
+0001-gnupg2-rename.patch
+0002-fix_760273.patch
+0003-gpg-Fix-segv-due-to-NULL-value-stored-as-opaque-MPI-.patch
+0004-add-gnome-keyring-gpg-agent-hijack-warning.patch
+0005-gpg-Consider-that-gcry_mpi_get_opaque-may-return-NUL.patch
+0006-Pass-DBUS_SESSION_BUS_ADDRESS-for-gnome3.patch
diff -Nru gnupg2-2.1.6/debian/rules gnupg2-2.0.28/debian/rules
--- gnupg2-2.1.6/debian/rules	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/rules	2015-07-10 20:09:13.000000000 +0000
@@ -25,12 +25,13 @@
 
 override_dh_auto_configure:
 	dh_auto_configure -- --libexecdir=\$${prefix}/lib/gnupg2 \
-		--enable-symcryptrun --enable-large-secmem
+		--enable-large-secmem \
+		--enable-symcryptrun
 
 override_dh_shlibdeps:
 # Make ldap a recommends rather than a hard dependency.
-	dpkg-shlibdeps -Tdebian/dirmngr.substvars -dRecommends debian/dirmngr/usr/lib/gnupg2/dirmngr_ldap -dDepends debian/dirmngr/usr/bin/dirmngr*
-	dh_shlibdeps -Ndirmngr
+	dh_shlibdeps -a -Xgnupg2/gpg2keys_ldap -- \
+		-dRecommends debian/tmp/usr/lib/gnupg2/gpg2keys_ldap -dDepends
 
 override_dh_auto_install:
 	dh_auto_install
@@ -38,27 +39,23 @@
 	install -m 644 debian/gnupg-agent.xsession \
 		debian/gnupg-agent/etc/X11/Xsession.d/90gpg-agent
 
+	# Upstart user job (only used under user sessions)
+	install -p -m 644 -D debian/gpg-agent.user-session.upstart debian/gnupg-agent/usr/share/upstart/sessions/gpg-agent.conf
+	install -p -m 644 -D debian/no-pinentry-gnome3.user-session.upstart debian/gnupg-agent/usr/share/upstart/sessions/no-pinentry-gnome3.conf
+
 override_dh_installchangelogs:
 	dh_installchangelogs -pgnupg-agent agent/ChangeLog-2011
 	dh_installchangelogs -pgpgsm sm/ChangeLog-2011
 	dh_installchangelogs -pscdaemon scd/ChangeLog-2011
 	dh_installchangelogs -pgnupg2 ChangeLog
-	dh_installchangelogs -pgnupg2-dbg ChangeLog
 	dh_installchangelogs -pgpgv2 ChangeLog
-	dh_installchangelogs -pdirmngr dirmngr/ChangeLog-2011
 
 # Install subdirectory changelogs.
 	for i in \
-		$(foreach dir,doc g10 tools,$(dir)/ChangeLog-2011); \
+		$(foreach dir,doc g10 jnlib kbx keyserver tools,$(dir)/ChangeLog-2011); \
 		do install -m 644 $$i \
 			debian/gnupg2/usr/share/doc/gnupg2/changelog.$$(dirname $$i); done
 
-override_dh_installman:
+help2man: install
 	help2man --no-info -n "List, export, import Keybox data" \
 		debian/tmp/usr/bin/kbxutil > debian/kbxutil.1
-	help2man --no-info -n "Check a passphrase on stdin against the patternfile" \
-		debian/tmp/usr/lib/gnupg2/gpg-check-pattern > debian/gpg-check-pattern.1
-	dh_installman
-
-override_dh_strip:
-	dh_strip --dbg-package gnupg2-dbg
diff -Nru gnupg2-2.1.6/debian/scdaemon.examples gnupg2-2.0.28/debian/scdaemon.examples
--- gnupg2-2.1.6/debian/scdaemon.examples	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/scdaemon.examples	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-doc/examples/scd-event
diff -Nru gnupg2-2.1.6/debian/scdaemon.install gnupg2-2.0.28/debian/scdaemon.install
--- gnupg2-2.1.6/debian/scdaemon.install	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/scdaemon.install	2015-07-10 20:09:13.000000000 +0000
@@ -1 +1,3 @@
+debian/tmp/usr/lib/gnupg2/gnupg-pcsc-wrapper
 debian/tmp/usr/lib/gnupg2/scdaemon
+debian/tmp/usr/share/man/man1/scdaemon.1
diff -Nru gnupg2-2.1.6/debian/scdaemon.manpages gnupg2-2.0.28/debian/scdaemon.manpages
--- gnupg2-2.1.6/debian/scdaemon.manpages	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/scdaemon.manpages	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-debian/tmp/usr/share/man/man1/scdaemon.1
diff -Nru gnupg2-2.1.6/debian/upstream/signing-key.asc gnupg2-2.0.28/debian/upstream/signing-key.asc
--- gnupg2-2.1.6/debian/upstream/signing-key.asc	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/upstream/signing-key.asc	2015-07-10 20:09:13.000000000 +0000
@@ -1,5 +1,5 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
+Version: GnuPG v2.0.22 (GNU/Linux)
 
 mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I
 Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg
@@ -7,103 +7,118 @@
 KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u
 qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB
 1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk
-aXN0IHNpZymJAT4EEwECACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQW
-AgMBAh4BAheAAAoJECSbOdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05s
-hKZOAKw3RUePTU80SRLPdg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH8
-5zCwu7SHz9cX3d4UUwzcP6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8
-Klf/wl6jXHn/yP92xG9/YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOc
-WkqwupB+d01R4bHPu9tvXy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgC
-E4F5XeCB/0ovao2/bk22w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsq5AQ0ETS2L
-gQEIAKHwucgbaRj0V7Ht0FnM6RmbqwZ7IFV2lR+YN1gkZaWRRCaJoPEZFKhhPEBX
-1bDVwr/iTPaPPEtpi7oQoHk65yeLrhtOmXXpNVkV/5WQjAJIrWn+JQ3z/ZejxHUL
-hzKsGg5FC6pRYcEyzRXHtv4BO9kBIKNVirZjEkQG4BnIrQgl6e2YFa47GNMqcQH7
-nJdwG1cGQOZOIDQQM41gBzwoSrStMA6DjHkukFegKfcSbSLArBtYNAwTwmW7RqOM
-EJwlo0+NYx2Yn75x66bYwdlsP0FLOgez/O/IxoPRxXr0l4e+uj6dFHqvBi04dx6J
-sPmXEyeAyLiCWSh7Rwq8uIhBUBUAEQEAAYkBJQQYAQIADwUCTS2LgQIbIAUJEN2f
-AgAKCRAkmznSTyXjtrsSCACRNgfGkD0OqOiwYo1/+KyWnrQLusVvSYOw8hN66geU
-3BO8iQ0Koy+m0QKY1kWjaHwewpg8ZebY4E2sHbNIC9Spyiyz29sAJ2invf4/4Mep
-TgpxNiw4+XmykCkN1AfVhvMTQXMzRbO5ZwRtPpjsMr1j5vX1s6U3/RxSAItpAkCu
-1GGTTOH0r12Ochc/um+QGAyO6WUj/IiZ1MX7toXW0SCo8DSl8z5Q7KmJWF6TQLK1
-Lku4bIVG1Huwo1/0WHc2vCad5BxHjgoy8TsKLTmvYQZWtnjWvQGV2UOABYWcacut
-ZXQQ2PPCIY7LlpuS/45CXWbT5Y+mxY3y7dbz4aF+8uyCiJwEEAECAAYFAk0tjQQA
-CgkQU7Yg0BzgxjBGTwQAi5qzI6cJslbyOl+TeDZVnLV0FmPuDg8dojvQrVDPxfem
-IjxZZoMLCVM8ly8AC2JPrIYfN040C343saIc0tTtOwwmVMuy7G/Uex22CdWH/0HB
-MpG4gFuOuQmW9QQDjEdh1DgwU2gAWonX54ZlMybWss+2NCikRwMflVUupH57BauZ
-AQ0EVFA7IwEIAOYQcDfRdzqin/vZlwl1AyuJW+cDI3bYvesRtOIAJ+8FqOzp+nOZ
-7a4mULkXUeRh3HcO91wughXoR3qP3klWIlqgTQQHxPVM25BEvnGPuMA86lWnKoSs
-Xe9F5h0IMiu6aURvzMJC9VMgKwhhgCjejFf9n8zuiBkMN457Ubnt/9jxhpxmorDQ
-Cpb7bR1mfdbsuCmOXwTNfbkAoGXceL/P6z9PskKrFk8CVCr8pseRiHzWgib4Bfr/
-mj68LKcQTH/Y6R16g154eC6PAvxrEDA+hgpVX0I7L781Byh9nqC+KDX5LvlGuQbg
-B2IvrgLs6lfU3aRfTwqUDMj37rmXJTDy3TMAEQEAAbQyTklJQkUgWXV0YWthIChH
-bnVQRyBSZWxlYXNlIEtleSkgPGduaWliZUBmc2lqLm9yZz6JATwEEwEIACYFAlRQ
-OyMCGwMFCQPCZwAFCwcICQMEFQgJCgUWAgMBAAIeAQIXgAAKCRAgcbCKM70/BnX/
-CADQspqXXAVlrwU9SidzYbPAT1iGRmIkHwoD9rtPr/9xbg3jr8azCKpknE3VF0qz
-UH6unsQwxTduGhey0sFwhi96WOqHiU8FYKxNPb786nACaCfOOB1MdymcIxMQ51mS
-0PlIqtOPa1VpZcCVYr9SwQRqcDdy/Oh/Ljifuub4Shrs/VgYIcv74iGyLroSVt6G
-KVNP/HFyQddSOLVcO+hqAQQ0QeTmPhnaaFa2OcZyW+6IGRLhd7N7M0xb988DKllf
-huRRE1sZ3yO2RvcSq35u/5lChID5SS/wA9oDOPyVFLD4JiMPGmgzSO2aI+uT678O
-jjoI5UD8hfbZpg1PZjYqhYlXuQENBFRQOyMBCAC94CWuMHLmP1B7oFxU0FjKv3D6
-RTpLSLqC/nqRWeKVdlSddR4LnO/r9ahRsGgekAEVyeD04SKAD7g3OWMhWvEsK6aY
-gmzc0cLJCJRTsLW+X7kRWo33KUAKIpKYO8VF8iErWejajvo5UgN3y1V/anqlBU45
-DalLk/mu6JXOr6t7u83+IscTrFQTkW17wOxoc6i9zDOU1FoWZFyNU+hxpPCGndfn
-S25qzaEpb1qzxYoHpyttCkGX4R3siX6gAkRLIPhsYK4sZihBZhTBgHdAVYSYkCrK
-hRNWoSb3XpUhdT5l88uPozwxXruXmzk6WCv6ZdCJ+0rGShwJjU1j6g+Fksk9ABEB
-AAGJASUEGAEIAA8FAlRQOyMCGwwFCQPCZwAACgkQIHGwijO9Pwbgqwf7BfdPgAkx
-Mrt0BJeLJu1ItnCQ4cZ8rbuS5gwAxrY80QXDoJquwRWs1AXaBu0VW+9KvWdp0uhQ
-b0Wy7fv40rRtC+T8nuE/1jaf2byMIfQwPVp3ODH+O3WZew1KvrQZquDKimgHxRso
-WH5vq2VjohI8oQuQNN8AYeyxYo74eB8+3WfUrdw4MYiJcKd20MjoZZS16Klb99qm
-LVZfE/dt/+wwZYFB7cpb5vvvE1voqS+ycD2Rt0irRg6ulw7OXoUrJ25sfkrv9otD
-omDl9V//pyJZSp+IiwK4r0xnk8sjXHgXkzUdIyS0AB17Aw1+G2sbUKyX/SdOgzN7
-D8qEd3C7n53TwpkBDQRUUF8HAQgAh1mo8r+kVWVTNsNlyurm2tdZKiQbdeVgpBgc
-DnqI3fAV58C3nC8DVuK5qVGZPB/jbu42jc8BXGP1l6UP+515LQL5GpTtV0pRWUO0
-2WOuTLZBVQcq53vzbg1xVo31rWV96mqGAPs8lGUCm09fpuiVKQojO6/Ihkg7/bnz
-eSbcX5Xk9eKLhyB7tnakuYJeRYm4bjs+YDApK8IFQyevYF8pjTcbLTSNJPW9WLCs
-ozsy11r4xdfRcTWjARVz5VzTnQ+Px8YtsnjQ3qwNJBpsqMLCdDN7YGhh/mlwPjgd
-q/UFf5+bY6f3ew0vshBqInBQycBSmYyoX0Ye3sAS/OR4nu5ZaQARAQABtD5EYXZp
-ZCBTaGF3IChHbnVQRyBSZWxlYXNlIFNpZ25pbmcgS2V5KSA8ZHNoYXdAamFiYmVy
-d29ja3kuY29tPokBPgQTAQIAKAUCVFBfBwIbAwUJCbp27gYLCQgHAwIGFQgCCQoL
-BBYCAwECHgECF4AACgkQBDdvPuCFaVmIoQf+POxCWkCTicRVlq0kust/iwYO1egK
-9FWG130e2Irnv2lAZZN/0S5ibjHCYFp9gfMgmtVTF5oWXjSDAy/kIykQBBcUVx4S
-CJbdMtKSdsSIQMz6P4DxXumxQm79msOsbi5TsdtUwjqdrbu2sHloE7ck/hTXUCkX
-3zuqtxY7W23BCQxVVT5qUaFuAHkkQaaBgAb8gdgixmkIBfu9u8k3k9zUKm/PNfMj
-xClvORkP8gev+XyzNgcXM49h5YYlmDT+Ahv99nUM1wg8yJTjefBAY0fL982Scx30
-nDQO3w7ihALUoj5+TXQjhs3sWPJ8u3pstr9XcfzEZC77/CZmRYNr8g5hBrkBDQRU
-UF8HAQgAodT0id+C6PMV7C8JxE8POGvX2wA6QLw29ESO0Ws8+Jq9EPQ3114mH+sC
-+kDsweCDMyaY34i8gvh6hWxG9JfZmSkRUv0QX2zvlcwr8SOZ9dXzrV7ip+QgpzO2
-2eYRnH/RB+KWfFzqSop51sd1Uls41qKphDEm/ZAnnTwxYWX6jElOCpIuemTAiSxp
-qtjPXVftchSEy06/bDRFuC4FevfU5aWTg3FSZEZpk0KF5RZBdzvOfX9PwHf2Fxhg
-QtLkAsdvvWzDToYD0qOecM/MGt1doryBo8IkAiHJ+TRNyVi6/fAq/rig3brF5ETG
-N7W5IRRGoLetY++4YO+1gY7Ea+1tZwARAQABiQElBBgBAgAPBQJUUF8HAhsgBQkJ
-unbuAAoJEAQ3bz7ghWlZ6PAH/iTMC5+H/Ynj7G1KOjhyoufPoM+j+g4Ec8RmEA6v
-YOWIi8F4AU86iS6Sq2HkZXSKxLgAYbWuseFHS6QA/qZPDPdIv8TceE3jMW3ZEmmm
-nCsS6cmkQhpjRCKuWGfaOyZIEV2BT6Ere+MU5jU+wRqkbJGk1BS8myQHkZRN/5dg
-fo5syFYKY4T64Z7DvlbQF70cCARlsIwk4lN6QJ/iqaHR9c2sWtzHfxAvdctApdg5
-w8GRcEpdDMieejha/lBMRTYVWY1vrEg++mkkhvCOkBilDFFCVojOnSdTJy7dNZji
-BlEFwlmcjLq984C5FRwj5+eN0Bev5hZsWobLeRqt8QOGMlG5AQ0EVFBfBwEIAK4b
-kUPSxSlmE8GHAI4FNQDA+QZzIvLPpf1p5JqFULpJeelwfVtbj6qOfPKwXVvam0yH
-OiyrMnffdlZ/6+QXjP665RdbsPzEDPxCH972eGmdw8yV95wmPCVaoyBTH9XBDTX2
-52h0vPjgcbbOLUvUuYBV8C74ir6ESoA20g/rjYEGjJ/UAtgBGIfMo0Vk2Qc6/7wx
-M3jNPxUc/6h5oiggUkgdbFcgzC2sOAUj3nJ0CS01dNPJuAlGPRjig9o61/PiumSO
-Vy98efAetsjLLS00ysAmjxj7eFuxnf73TJOyAItKZPv3i7K4LIgMZXwL71Ox00zU
-dzm6H+/JomSorqtLlOUAEQEAAYkBJQQYAQIADwUCVFBfBwIbDAUJCbp27gAKCRAE
-N28+4IVpWbkxB/0azsvpA9eJPr6oNu3Iw4aCvLQi9I2jodGXpsNg3GN+ATp3PKMi
-21KsneqkYXzwxY+27HAwNSQEmMeyOh37nkPXJMlBgJ0+aV7J2nAj3as310gnV3kY
-Id8NXvLi+YLngqfTyQpxedDhBeSyTYLAP96mDtUuGFQ9/TWBF0wjZkBqFllnsmmU
-Cs9lMmdaFUk1cT1/R1vwiGz1mAaUzyP2NNUnXsoE25TkeXg+Kf95QkxS0C3C9S+c
-A4jCCHXEuGFxMe4+6IbubsVepIUFrlzbUaYpYB8lwFQutoSJ1qLc2jFcW00Qy2Z2
-SOVYJ5oyMhZNei0ZFsgQ9tp2PhtICjm5JfvPmQENBFRDqVIBCAC0k8eZKDmNqdma
-wOlJ/m62L2g8uXT/+/vAEGb1yaib09xI6tfGXzbqlDwrLIZcJsSIT/nt/ajJnIVb
-c3137va4XbwMzsDpAMH4mmiToqk+izEChGm2knzrLwhoflR8aGsKL35QoZT/erdj
-fgPeCRLvf25fHsN2Jb0WIMzC56VkMeFoza+9HZ5hrkemmm+gPvIvhEUopxCyOS8m
-K5WjB4zzIdyDJfkqVpHvafNP0N4LIsedKdyHcj/K3kY4Kejl99GW1z1snBgPamoN
-2/e52Pf6KTw2FjsSGZ72oalcrkBR4wacUizGxKcRD2Y6Xa0g9mwToWdNBQCIII+u
-TzOzq1EDABEBAAG0IVdlcm5lciBLb2NoIChSZWxlYXNlIFNpZ25pbmcgS2V5KYkB
-PQQTAQgAJwUCVEOpUgIbAwUJC6oF9QULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAK
-CRCKhhscfv1g2aH7B/wIW6mVmTmzW2xc1q1MUdssExQBhEeONrbWJ/HiGZP/Maab
-gQ/+wZuThTAwfGM5zFQBOvrBOGURhINU6lYQlcOrVo+V8Z1mNQKFWaKxJaY5Ku1b
-B1OuX9FHLEiMibogHu5fjJIXBE8XrnvueejyFQ5g/uX2xcGgCWlMe49sR3K+lEl3
-n93xTmSNhP52r0gTjMjbqKWKUaIGJ5OcWSrvawdfqLXkxR8phq2AlHHEfxpcZsOp
-9mZirWYQ5jcgGgFP0LYXUw/RnxFpOcrj45qufmyEL9QJKjBV5RaHJbqukefwUInP
-QtVUmINqQxztSh5QxQP2tsUPIeEi5RAoCwLJam8z
-=PXPh
+aXN0IHNpZymIRgQQEQIABgUCTfKxDAAKCRDlULWfWN/GCILUAJ4o1P8pwcKQx/1H
+ysrijCaiJqJ2iQCfbgQ5zCNw7MbnzcR8XmTEShcEVfeIVgQQEQgABgUCTS3FNwAK
+CRDyrYWsHkKzZysEAN93fd8HXhcZ/KXcO2bhx8RR8sJxhdY1ozL5maaCAN9zyHJx
+4YDZdw9OFDs3rXeiL5wfM7hcLyjW2igOiF4EEBEIAAYFAk1YLbgACgkQSZCJVTsY
+DoGXRAEAiiFjBXQlGYhux0AX+7xJE0OAYtGhnMldxMx1P6X5cbQA/30oqOUq/eQZ
+mkE0coaI7wp8MNlPFUf58dQ5iXjox4fBiJwEEAECAAYFAk0tjQQACgkQU7Yg0Bzg
+xjBGTwQAi5qzI6cJslbyOl+TeDZVnLV0FmPuDg8dojvQrVDPxfemIjxZZoMLCVM8
+ly8AC2JPrIYfN040C343saIc0tTtOwwmVMuy7G/Uex22CdWH/0HBMpG4gFuOuQmW
+9QQDjEdh1DgwU2gAWonX54ZlMybWss+2NCikRwMflVUupH57BauJARwEEgECAAYF
+Ak06eucACgkQlOkt+SqqXDtJuQf5AZ5NzPvQm2UNusOabwrXephyX/tD3jlzcP2u
+yBIHFc3sbC5zVELVedoZA+MYQGrkZwbat1CKCKcZfTFCzRRKjOaHppKsmdk+DNXh
+pZKRyk4N2ZOPQMpa/rjikLOj3bhwybG9FCFWGZeXJx3/ZvcUKCY+lC9y4ju9Y76f
+8DLu/poUGQUPpeUVWy2A1MvGvSyumkJTCzrlHX4WR+FzeSCPAd1bMWVWquqvrM5E
+Xk9ikk2DmsmfaUF/g+AHuF+av6EhwgyCvH/yLd4Cam01iVeGJu6XjFwQd4/pnTgP
+8cURY47f5wIc+TP+Ckg8ul6bcRIrHtOuovKSAFNzLGphc5kAFokBPgQTAQIAKAUC
+TS2LgQIbAwUJEN2fAgYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQJJs50k8l
+47Y+UwgAnE+0Vd/nKjM+kWNFtKRJ2OyT16u7TmyEpk4ArDdFR49NTzRJEs92DgAf
+6+SbUkxYUWnC8eWB/GqcT2unXejsv/hTA1TCofznMLC7tIfP1xfd3hRTDNw/qpA/
+gFAQf3/GWlBL15Mr1vZEzKCCrB38nybGO+hbMvwqV//CXqNcef/I/3bEb39gDzqU
+04vU3f8+GVnMu4npt0P1bOwSn/6SHdQN+OQis5xaSrC6kH53TVHhsc+7229fLxe6
+3xKiTbOS7bFWQQ6xXZNcdvC4c7YAYLmlYNfrCAITgXld4IH/Si9qjb9uTbbDVPHM
+/o8zGjqwuSZoXoPR+uEzZuXgL+5KyokCHAQQAQIABgUCTfHc+QAKCRDGkbUX+A1G
+qzAPD/9KBxOCXD2ehuBDgAggfwVuV/GzLZURqfplCvkxk4cSawdqOKebTDZL6b0P
+87VM4QJGUiooV6zMB7r+FvOgra7raRenQyzjL3tzuL7y+sdIQcpb9XytOFSws3UU
+D+yluQyznCoHtbJ/xdJDOznDlmwIA3RH12H0GzpaGJ1UHc4C0vpNh6NrlV1mzgYN
+s4bFA1fF++16o9j9RFMN+ZX1Qx/LHDH7XaD+KJJk5Zq139UCIsls8Qf+Pd8B8XBC
+XlNxziKWPGDBJZNBD5Uaqd2qhMCouR5LnfEE6G8pIf/aHWDv7bmm+RQITmdRoDF1
+PU6JBY7vZRxdsnsZLeOxuHFm57gSxjSEX4JrnHZy/nJLihG1IcKoNGTnPhh10Iiz
+xniQJtXDToImWl5Qm5h5QWLYZC65Zdy/F6lDpOiHIyIJu8DVmJALRQ/abUCzmxbm
+0ITMZ3u/w4tR+q2MjZjsVC5joazVtLz1iyhreJWR3lyIMJfsGa+GXs0+EEDWka0Z
+ocfCJsc2+XUcS3GPSQ/iSSWCYY/GepQSsNZ014X2Quf3Txw76Gqq8yjPvah0k0WL
+VRM8JVeWNd5GzcwZ/IzHXSAezEyCPfesvN3aPHSLE3HryiYNBoSrYVRz+xBI3xqS
+C4+DECmDselLziSh1LTEanXe+wi1vgKoDSOziK3GguXEuXm3eokCHAQQAQIABgUC
+Tfci2wAKCRBSfnm6o7U5mAZ4D/9YkwUmayQis3JczxsluxHvxQcaInyZKyea/Ahm
+Ybxus0Nw5OpsGcrgkuvVEnZYM0PEun45ImGdXolPE+XBoeTvADElRkHx51/Q6OT5
+kZ4BjuamQld9/Nri9ZcMjNrWB8MFtLW5bEB/E3l5OYOupEgZgWJFqS5VQ/0GrtsI
+bYTfe7dnU2J+I1DEMgcsj9Zt4tZOi9g316Rfbz/akphBiO5utNHb9U0LUmFNqvs6
+BfUQhsvpVdWtF3h+lser9sZXbK2TVPTNg0tk/tL2ewfCloJkY9gwiTH/VRXxg9wa
+cR1z0MN2LhtJci4CCxfCw2/SC5oCzlbvoEgyHWViVdRG6VAaRuz3P4g2DSIPRGot
+o9I1M9ab6YA2e5lYFtlpGJeK7YPr3dZ5hTySlDEyNVINJvvOocVChYYdt9OdfTuO
+7RSVuqvSTrYb5OQdAakqtlIpO8DZe61+VSyJoKtUwUu4ZB7xCnx5W9gzbw1zQatS
+0yKWNWDh1iOQxq4eLx63yEgX17cg1pWdyAB2+/ZDt92EoD04+zRYP7mdT4FlTVxZ
+R0QF1UcOIfSmbjidyQsarLfFNCoPGTZkb/5gmQnrDOb0CXRWLgcCIb1nV6BS83x5
+1xN79YVttQJ7JHkIYlkNDHZh1wvIM3IwdLItPsVzNjzUMBArOGt/UQm7V5MFjt8x
+EgxD+ohGBBARAgAGBQJPTdODAAoJEIvYLm8wuUtcO4AAoJuX6fXMdhuLEK8DewH2
+So1rlDLsAJ9nEpyIYi+G8YcJ986RyJcKaZ9aIIheBBARCAAGBQJRv0sWAAoJEPdj
+jB2MpBYxMA4BALsbc8dt1f396fqlQqt2PHzkArOgC//TAjWM6xYk6TZsAP0YQpKQ
+4yVSU7ArOq2H17HPZAZxS0haSE+ld4LEJ+Iq+4icBBABAgAGBQJQwu4sAAoJEAGC
+Y2S3/KkAtGAEAIdafMv0i0B46qyA9sXZyyj/WZMaUQ7si7rBgDeukgtb/WGpqxiH
+ReyvW1Hct9SFMM7KMYExZ4WRH/vZCp+cark1OZhKs8ydzGAZhtWk4gHp+EeOiHJ5
+5h5SSSMdx7gp2EiWqj6dISiDYmomrTfBO5WZYTftXKhb6VEUTpS2IawEiQEcBBAB
+AgAGBQJRBKUNAAoJEHcWd0TJ6OQooycH/Rycnf346ohmmA9+SKpwBE9KmCKBbEcv
+cOicKJZ/1XAxXHOWkpZCp4po1C8pYYPM9Q0Dviq3BCe5prhphqw9kvu9SuaHILsC
+CBPIOb9ZAvTkSAYTtPRGzSyD0dgnyuOKXOrM+ZxKOcJ1uDu7yp5DBCcqqUX5Dbhj
+h58ViAxIqeKhjApSyEPsHG/iond5nhYH75IIoO7/GMpO1yuOa+pkgo3nXm4Mymfp
+SfNPJ/o2c22CHOLu1aGcztCU+1PJldIq0GpHeF2hVnVU6zPQFZSPAnH66MblNF64
+osUox0qO93MavpTCXmJc8eFENuKpgwBTUNMtcvACri2ARLN+vMz0gIyJARwEEAEC
+AAYFAlJ9CRUACgkQO8xlcmCT0jyaxQgAwhfZO3cRFHZ5JNgDtRiM1mKO+VHg6bPX
+nbWFG9ovfWCZyUE/8ZYp+JHW04NUK9fjvcFHjkRUtnwKyap1UXP15P2geNyHPF1X
+AC+xbdo9qEjyitp1/xm5MI/an6hKrk1b1Pun0AsxY7sdnUiDYG+aQ9G56Vq4Ym6o
+ufyPxqD6UkvD8w6aZEMBjQdW3ulULLhVWKUMFJ882FPHl0RRcIO9RLlGwEyDWO3n
+RW6zBtUjoAtrHMoVag34tCg5TTEAIJDW/8SQ/cuPPh6hohySdJGOHM9SZYgUlxiD
+8GuLOsEu/MalZAiTaaH1t+xk2uV7f/QGh5msVVN2/lgVMNCc+7/QxYkBIgQSAQgA
+DAUCTyhjKwWDDuLHWAAKCRCt8y7f4/HY9+04CACx4BKh36+PCwzJ522JiFRX6NSi
+3zJfdeXLKU9oXv+j7cjF5OKz/1MzVdyTRVmKSlUSbtrzgDc3ompfePdqao0sl6x9
+Ay4oM8cil5IaPnI6yIbd63w3Vr1B+OZyTXoYkiYCWpQ4H3WxEL9Hu4Z6MH/cV//D
+3J4zH5ZgJvrbaLiYRs5WcSBVrNPHWh4z7oS9PXygndrxdyq5pvWUwXHwVtmu+c8g
+lfltopZg/wqdJLlK8WIO3aFBqQdq9UZlK7DpfAhMMxPzfLnVbQWZL3QJTjJwt/+L
+r+/jVaFmXqxYifwqJYb5rmmuj3XplKGDHRWt+5SgEbALyAPAPCkT62F08KyDiQGc
+BBABAgAGBQJQTI7tAAoJEHe/Jx794nWcRe0L/2cMF2r1ahP1gHF8oEKPIlMZDLMK
+NbqEA4txwfXHJIvfrDOg5yTNQIXsHOF23r9DQrvPWKSfmuLihSpXgsVPrCdnicXS
+DGp91MoKIykPiC2esSkMLwJ5Dv4NYJro14nHqZCN4KK0Hte2f6Mnv8iQrywBGt9f
+cjDJx1FEDeTyaLy3NPFWiCNsuXmP7qv2yfodWagD8+7H5gihhEStD+iqrNgdMuDQ
+rM2N0HVB+QJu+IpUXPTNABzT8CgZqCZF3e3nh302GFZXAW06EvMQOnx27kcqaTij
+Utxdt4kTBduJwuk2t/6k1GzYu4Je0f9nAlxc5tU0CSFkA5tX5PUtxDOifykfauos
+HT8J1vX/RGMzTdHVA4SKKmOHBUregUGX8MVfR/dwQ1tSSDBMS2AB47HjazdQqYeE
+XFTH+d3AcE3ykFZpcFqYmEgJGvOj6y9u4ejMwR7VfxmE02ByljkhMY8q4SXOgMxs
+mVMb+HOgoZqqSxzL4+Kn/Mt2knYixB4N+9/wMYkBnAQRAQoABgUCTquvVwAKCRCg
+8hPxRutYH7xzC/490lhwnOcXKPjta3ERc06yWtiA2FPgcNhl8vzuYTa9zTCrl/8j
+4WqedMxA5r4oKgVXqQxbiQPDeTZaISYfXCbVbNWag4CQChtXsvXFRw37eJjterXN
+B9SYGA4+BjmuIB0SuUbN4FpvN0HLiRKpnuTOI8+ECxhjCkvyR3dg5EQAFBfx9ZrK
+woZO6JgLkT9HGqibP3hu/21K2O28j0yaZi21loxRxRCZKbM9RLglteuuRBeu9VUK
+9alQ4kiuA9lGdzoyjRBvEyFDNAoEf72ieIC+Hkntien+1EvuOYehO182YFTbcJlI
+6wNnxgotXwmMvJRq7HgZ0NNO8F3D3/FKPlCBa4zEnPJwIbMmlqf8ERYOgWv2nCa2
+ssprewW4zkvSavuTo23ygo2ef8QWWIVaT0Sktyyq6uah6vJ0nuJainu6s8vN62mM
+9uJrE23AgGVYQUFXIiy7QpbmE5Kwd0Y+U9XW00vQsvLEwudX2VC0CO2VoIdYs41f
+7LYR/tk5co+jsh2JAhwEEAECAAYFAlF1FogACgkQDD2WtgRvBwoT3hAAruCCJac7
+dgk7q/VZR1jo3e6xIWqFDSFli0TZa7uOK4swB6BDJUyTQTj6O4uKqdVjbALsdP1j
+q+BQrAlyJkfZm0wonjIPNwFt2esggiD5TiynqSVtz/YrGwZnVA5UsWGfSyq9Vq5Z
+R3z+r9ch156ZRYb+kMPc7lVK08C308JD34ulvMqV7vrqB099spnrpFVevXv9WinA
+wEI6s0hzmtO1nvSj7P/+70EqLmhQbeJbOQWHtUarBtTOLzrhEoz5z3/1FfEa0N9x
+OMrZ2YXgcnoSyHUZ0vWFis/RraLLTlSx4lGu5qpPzYFgExi6Ji3/pDa0CZ+1StkP
+cjxDu2/E7QEDnsiEB9q86Gt8aSgKoSeIhAip9vZfM+/FutA8pBMaoCan6alS5th3
+33REU9ktKKMxv1Qrzdfasj4SBJ2W94bC8vcWg7DEsq7U0F6J+5qUL4PWPPe4oEvB
+bj6BGtjnDaEUgii45Oda7Q+2D6Y/AMGzTQE4tf4ktQ2i7ToY1fER44mOJiUh+G0s
+wh72/NK7agsSURWn5QQKJZSYpryD3FrFZy+S7MbFf0ubvik5PVWtnkxWvGwyIFX0
+6MHz0QMFV2hhGfi6fUbWNtft8TzMdEqiQ4dCJaTnhuosBAeIWGAFaUaeropeNGiy
+EzyNWJ6mgFwudPAw3QT+q7uHwafO5cXHrPC5AQ0ETS2LgQEIAKHwucgbaRj0V7Ht
+0FnM6RmbqwZ7IFV2lR+YN1gkZaWRRCaJoPEZFKhhPEBX1bDVwr/iTPaPPEtpi7oQ
+oHk65yeLrhtOmXXpNVkV/5WQjAJIrWn+JQ3z/ZejxHULhzKsGg5FC6pRYcEyzRXH
+tv4BO9kBIKNVirZjEkQG4BnIrQgl6e2YFa47GNMqcQH7nJdwG1cGQOZOIDQQM41g
+BzwoSrStMA6DjHkukFegKfcSbSLArBtYNAwTwmW7RqOMEJwlo0+NYx2Yn75x66bY
+wdlsP0FLOgez/O/IxoPRxXr0l4e+uj6dFHqvBi04dx6JsPmXEyeAyLiCWSh7Rwq8
+uIhBUBUAEQEAAYicBBABAgAGBQJNLY0EAAoJEFO2INAc4MYwRk8EAIuasyOnCbJW
+8jpfk3g2VZy1dBZj7g4PHaI70K1Qz8X3piI8WWaDCwlTPJcvAAtiT6yGHzdONAt+
+N7GiHNLU7TsMJlTLsuxv1HsdtgnVh/9BwTKRuIBbjrkJlvUEA4xHYdQ4MFNoAFqJ
+1+eGZTMm1rLPtjQopEcDH5VVLqR+ewWriQElBBgBAgAPBQJNLYuBAhsgBQkQ3Z8C
+AAoJECSbOdJPJeO2uxIIAJE2B8aQPQ6o6LBijX/4rJaetAu6xW9Jg7DyE3rqB5Tc
+E7yJDQqjL6bRApjWRaNofB7CmDxl5tjgTawds0gL1KnKLLPb2wAnaKe9/j/gx6lO
+CnE2LDj5ebKQKQ3UB9WG8xNBczNFs7lnBG0+mOwyvWPm9fWzpTf9HFIAi2kCQK7U
+YZNM4fSvXY5yFz+6b5AYDI7pZSP8iJnUxfu2hdbRIKjwNKXzPlDsqYlYXpNAsrUu
+S7hshUbUe7CjX/RYdza8Jp3kHEeOCjLxOwotOa9hBla2eNa9AZXZQ4AFhZxpy61l
+dBDY88IhjsuWm5L/jkJdZtPlj6bFjfLt1vPhoX7y7II=
+=PShP
 -----END PGP PUBLIC KEY BLOCK-----
diff -Nru gnupg2-2.1.6/debian/watch gnupg2-2.0.28/debian/watch
--- gnupg2-2.1.6/debian/watch	2015-07-07 18:23:05.000000000 +0000
+++ gnupg2-2.0.28/debian/watch	2015-07-10 20:09:13.000000000 +0000
@@ -1,4 +1,4 @@
 version=3
 
 opts="pasv,pgpsigurlmangle=s/$/.sig/" \
-  ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-(.*)\.tar\.bz2
+  ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-(2\.0\..*)\.tar\.bz2
diff -Nru gnupg2-2.1.6/dirmngr/cdb.h gnupg2-2.0.28/dirmngr/cdb.h
--- gnupg2-2.1.6/dirmngr/cdb.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/cdb.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,94 +0,0 @@
-/* $Id: cdb.h 106 2003-12-12 17:36:49Z werner $
- * public cdb include file
- *
- * This file is a part of tinycdb package by Michael Tokarev, mjt@corpit.ru.
- * Public domain.
- *
- * Taken from tinycdb-0.73. By Werner Koch  2003-12-12.
- */
-
-#ifndef TINYCDB_VERSION
-#define TINYCDB_VERSION 0.73
-
-typedef unsigned int cdbi_t; /*XXX should be at least 32 bits long */
-
-/* common routines */
-cdbi_t cdb_hash(const void *buf, cdbi_t len);
-cdbi_t cdb_unpack(const unsigned char buf[4]);
-void cdb_pack(cdbi_t num, unsigned char buf[4]);
-
-struct cdb {
-  int cdb_fd;			/* file descriptor */
-  /* private members */
-#ifdef HAVE_W32_SYSTEM
-  void *cdb_mapping;            /* Mapping handle.  */
-#endif
-  cdbi_t cdb_fsize;		/* datafile size */
-  const unsigned char *cdb_mem; /* mmap'ed file memory */
-  cdbi_t cdb_vpos, cdb_vlen;	/* found data */
-  cdbi_t cdb_kpos, cdb_klen;    /* found key (only set if cdb_findinit
-                                   was called with KEY set to NULL). */
-};
-
-#define cdb_datapos(c) ((c)->cdb_vpos)
-#define cdb_datalen(c) ((c)->cdb_vlen)
-#define cdb_keypos(c) ((c)->cdb_kpos)
-#define cdb_keylen(c) ((c)->cdb_klen)
-#define cdb_fileno(c) ((c)->cdb_fd)
-
-int cdb_init(struct cdb *cdbp, int fd);
-void cdb_free(struct cdb *cdbp);
-
-int cdb_read(const struct cdb *cdbp,
-	     void *buf, unsigned len, cdbi_t pos);
-int cdb_find(struct cdb *cdbp, const void *key, unsigned klen);
-
-struct cdb_find {
-  struct cdb *cdb_cdbp;
-  cdbi_t cdb_hval;
-  const unsigned char *cdb_htp, *cdb_htab, *cdb_htend;
-  cdbi_t cdb_httodo;
-  const void *cdb_key;
-  cdbi_t cdb_klen;
-};
-
-int cdb_findinit(struct cdb_find *cdbfp, struct cdb *cdbp,
-		 const void *key, cdbi_t klen);
-int cdb_findnext(struct cdb_find *cdbfp);
-
-/* old simple interface */
-/* open file using standard routine, then: */
-int cdb_seek(int fd, const void *key, unsigned klen, cdbi_t *dlenp);
-int cdb_bread(int fd, void *buf, int len);
-
-/* cdb_make */
-
-struct cdb_make {
-  int cdb_fd;			/* file descriptor */
-  /* private */
-  cdbi_t cdb_dpos;		/* data position so far */
-  cdbi_t cdb_rcnt;		/* record count so far */
-  char cdb_buf[4096];		/* write buffer */
-  char *cdb_bpos;		/* current buf position */
-  struct cdb_rl *cdb_rec[256];	/* list of arrays of record infos */
-};
-
-
-
-int cdb_make_start(struct cdb_make *cdbmp, int fd);
-int cdb_make_add(struct cdb_make *cdbmp,
-		 const void *key, cdbi_t klen,
-		 const void *val, cdbi_t vlen);
-int cdb_make_exists(struct cdb_make *cdbmp,
-		    const void *key, cdbi_t klen);
-int cdb_make_put(struct cdb_make *cdbmp,
-		 const void *key, cdbi_t klen,
-		 const void *val, cdbi_t vlen,
-		 int flag);
-#define CDB_PUT_ADD	0	/* add unconditionnaly, like cdb_make_add() */
-#define CDB_PUT_REPLACE	1	/* replace: do not place to index OLD record */
-#define CDB_PUT_INSERT	2	/* add only if not already exists */
-#define CDB_PUT_WARN	3	/* add unconditionally but ret. 1 if exists */
-int cdb_make_finish(struct cdb_make *cdbmp);
-
-#endif /* include guard */
diff -Nru gnupg2-2.1.6/dirmngr/cdblib.c gnupg2-2.0.28/dirmngr/cdblib.c
--- gnupg2-2.1.6/dirmngr/cdblib.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/cdblib.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,929 +0,0 @@
-/* cdblib.c - all CDB library functions.
- *
- * This file is a part of tinycdb package by Michael Tokarev, mjt@corpit.ru.
- * Public domain.
- *
- * Taken from tinycdb-0.73 and merged into one file for easier
- * inclusion into Dirmngr.  By Werner Koch  2003-12-12.
- */
-
-/* A cdb database is a single file used to map 'keys' to 'values',
-   having records of (key,value) pairs.  File consists of 3 parts: toc
-   (table of contents), data and index (hash tables).
-
-   Toc has fixed length of 2048 bytes, containing 256 pointers to hash
-   tables inside index sections.  Every pointer consists of position
-   of a hash table in bytes from the beginning of a file, and a size
-   of a hash table in entries, both are 4-bytes (32 bits) unsigned
-   integers in little-endian form.  Hash table length may have zero
-   length, meaning that corresponding hash table is empty.
-
-   Right after toc section, data section follows without any
-   alingment.  It consists of series of records, each is a key length,
-   value (data) length, key and value.  Again, key and value length
-   are 4-byte unsigned integers.  Each next record follows previous
-   without any special alignment.
-
-   After data section, index (hash tables) section follows.  It should
-   be looked to in conjunction with toc section, where each of max 256
-   hash tables are defined.  Index section consists of series of hash
-   tables, with starting position and length defined in toc section.
-   Every hash table is a sequence of records each holds two numbers:
-   key's hash value and record position inside data section (bytes
-   from the beginning of a file to first byte of key length starting
-   data record).  If record position is zero, then this is an empty
-   hash table slot, pointed to nowhere.
-
-   CDB hash function is
-     hv = ((hv << 5) + hv) ^ c
-   for every single c byte of a key, starting with hv = 5381.
-
-   Toc section indexed by (hv % 256), i.e. hash value modulo 256
-   (number of entries in toc section).
-
-   In order to find a record, one should: first, compute the hash
-   value (hv) of a key.  Second, look to hash table number hv modulo
-   256.  If it is empty, then there is no such key exists.  If it is
-   not empty, then third, loop by slots inside that hash table,
-   starting from slot with number hv divided by 256 modulo length of
-   that table, or ((hv / 256) % htlen), searching for this hv in hash
-   table.  Stop search on empty slot (if record position is zero) or
-   when all slots was probed (note cyclic search, jumping from end to
-   beginning of a table).  When hash value in question is found in
-   hash table, look to key of corresponding record, comparing it with
-   key in question.  If them of the same length and equals to each
-   other, then record is found, overwise, repeat with next hash table
-   slot.  Note that there may be several records with the same key.
-*/
-
-#ifdef HAVE_CONFIG_H
-#include 
-#endif
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef _WIN32
-# include 
-#else
-# include 
-# ifndef MAP_FAILED
-#  define MAP_FAILED ((void*)-1)
-# endif
-#endif
-#include 
-
-#include "dirmngr-err.h"
-#include "cdb.h"
-
-#ifndef EPROTO
-# define EPROTO EINVAL
-#endif
-#ifndef SEEK_SET
-# define SEEK_SET 0
-#endif
-
-
-struct cdb_rec {
-  cdbi_t hval;
-  cdbi_t rpos;
-};
-
-struct cdb_rl {
-  struct cdb_rl *next;
-  cdbi_t cnt;
-  struct cdb_rec rec[254];
-};
-
-static int make_find(struct cdb_make *cdbmp,
-		   const void *key, cdbi_t klen, cdbi_t hval,
-		   struct cdb_rl **rlp);
-static int make_write(struct cdb_make *cdbmp,
-		    const char *ptr, cdbi_t len);
-
-
-
-/* Initializes structure given by CDBP pointer and associates it with
-   the open file descriptor FD.  Allocate memory for the structure
-   itself if needed and file open operation should be done by
-   application.  File FD should be opened at least read-only, and
-   should be seekable.  Routine returns 0 on success or negative value
-   on error. */
-int
-cdb_init(struct cdb *cdbp, int fd)
-{
-  struct stat st;
-  unsigned char *mem;
-#ifdef _WIN32
-  HANDLE hFile, hMapping;
-#else
-  unsigned int fsize;
-#endif
-
-  /* get file size */
-  if (fstat(fd, &st) < 0)
-    return -1;
-  /* trivial sanity check: at least toc should be here */
-  if (st.st_size < 2048) {
-    gpg_err_set_errno (EPROTO);
-    return -1;
-  }
-  /* memory-map file */
-#ifdef _WIN32
-# ifdef __MINGW32CE__
-  hFile = fd;
-# else
-  hFile = (HANDLE) _get_osfhandle(fd);
-# endif
-  if (hFile == (HANDLE) -1)
-    return -1;
-  hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
-  if (!hMapping)
-    return -1;
-  mem = (unsigned char *)MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0);
-  if (!mem)
-    return -1;
-  cdbp->cdb_mapping = hMapping;
-#else /*!_WIN32*/
-  fsize = (unsigned int)(st.st_size & 0xffffffffu);
-  mem = (unsigned char*)mmap(NULL, fsize, PROT_READ, MAP_SHARED, fd, 0);
-  if (mem == MAP_FAILED)
-    return -1;
-#endif /*!_WIN32*/
-
-  cdbp->cdb_fd = fd;
-  cdbp->cdb_fsize = st.st_size;
-  cdbp->cdb_mem = mem;
-
-#if 0
-  /* XXX don't know well about madvise syscall -- is it legal
-     to set different options for parts of one mmap() region?
-     There is also posix_madvise() exist, with POSIX_MADV_RANDOM etc...
-  */
-#ifdef MADV_RANDOM
-  /* set madvise() parameters. Ignore errors for now if system
-     doesn't support it */
-  madvise(mem, 2048, MADV_WILLNEED);
-  madvise(mem + 2048, cdbp->cdb_fsize - 2048, MADV_RANDOM);
-#endif
-#endif
-
-  cdbp->cdb_vpos = cdbp->cdb_vlen = 0;
-
-  return 0;
-}
-
-
-/* Frees the internal resources held by structure.  Note that this
-   routine does not close the file. */
-void
-cdb_free(struct cdb *cdbp)
-{
-  if (cdbp->cdb_mem) {
-#ifdef _WIN32
-    UnmapViewOfFile ((void*) cdbp->cdb_mem);
-    CloseHandle (cdbp->cdb_mapping);
-    cdbp->cdb_mapping = NULL;
-#else
-    munmap((void*)cdbp->cdb_mem, cdbp->cdb_fsize);
-#endif /* _WIN32 */
-    cdbp->cdb_mem = NULL;
-  }
-  cdbp->cdb_fsize = 0;
-}
-
-
-/* Read data from cdb file, starting at position pos of length len,
-   placing result to buf.  This routine may be used to get actual
-   value found by cdb_find() or other routines that returns position
-   and length of a data.  Returns 0 on success or negative value on
-   error. */
-int
-cdb_read(const struct cdb *cdbp, void *buf, unsigned len, cdbi_t pos)
-{
-  if (pos > cdbp->cdb_fsize || cdbp->cdb_fsize - pos < len) {
-    gpg_err_set_errno (EPROTO);
-    return -1;
-  }
-  memcpy(buf, cdbp->cdb_mem + pos, len);
-  return 0;
-}
-
-
-/* Attempts to find a key given by (key,klen) parameters.  If key
-   exists in database, routine returns 1 and places position and
-   length of value associated with this key to internal fields inside
-   cdbp structure, to be accessible by cdb_datapos() and
-   cdb_datalen().  If key is not in database, routines returns 0.  On
-   error, negative value is returned.  Note that using cdb_find() it
-   is possible to lookup only first record with a given key. */
-int
-cdb_find(struct cdb *cdbp, const void *key, cdbi_t klen)
-{
-  const unsigned char *htp;	/* hash table pointer */
-  const unsigned char *htab;	/* hash table */
-  const unsigned char *htend;	/* end of hash table */
-  cdbi_t httodo;		/* ht bytes left to look */
-  cdbi_t pos, n;
-
-  cdbi_t hval;
-
-  if (klen > cdbp->cdb_fsize)	/* if key size is larger than file */
-    return 0;
-
-  hval = cdb_hash(key, klen);
-
-  /* find (pos,n) hash table to use */
-  /* first 2048 bytes (toc) are always available */
-  /* (hval % 256) * 8 */
-  htp = cdbp->cdb_mem + ((hval << 3) & 2047); /* index in toc (256x8) */
-  n = cdb_unpack(htp + 4);	/* table size */
-  if (!n)			/* empty table */
-    return 0;			/* not found */
-  httodo = n << 3;		/* bytes of htab to lookup */
-  pos = cdb_unpack(htp);	/* htab position */
-  if (n > (cdbp->cdb_fsize >> 3) /* overflow of httodo ? */
-      || pos > cdbp->cdb_fsize /* htab start within file ? */
-      || httodo > cdbp->cdb_fsize - pos) /* entrie htab within file ? */
-  {
-    gpg_err_set_errno (EPROTO);
-    return -1;
-  }
-
-  htab = cdbp->cdb_mem + pos;	/* htab pointer */
-  htend = htab + httodo;	/* after end of htab */
-  /* htab starting position: rest of hval modulo htsize, 8bytes per elt */
-  htp = htab + (((hval >> 8) % n) << 3);
-
-  for(;;) {
-    pos = cdb_unpack(htp + 4);	/* record position */
-    if (!pos)
-      return 0;
-    if (cdb_unpack(htp) == hval) {
-      if (pos > cdbp->cdb_fsize - 8) { /* key+val lengths */
-	gpg_err_set_errno (EPROTO);
-	return -1;
-      }
-      if (cdb_unpack(cdbp->cdb_mem + pos) == klen) {
-	if (cdbp->cdb_fsize - klen < pos + 8) {
-	  gpg_err_set_errno (EPROTO);
-	  return -1;
-	}
-	if (memcmp(key, cdbp->cdb_mem + pos + 8, klen) == 0) {
-	  n = cdb_unpack(cdbp->cdb_mem + pos + 4);
-	  pos += 8 + klen;
-	  if (cdbp->cdb_fsize < n || cdbp->cdb_fsize - n < pos) {
-	    gpg_err_set_errno (EPROTO);
-	    return -1;
-	  }
-	  cdbp->cdb_vpos = pos;
-	  cdbp->cdb_vlen = n;
-	  return 1;
-	}
-      }
-    }
-    httodo -= 8;
-    if (!httodo)
-      return 0;
-    if ((htp += 8) >= htend)
-      htp = htab;
-  }
-
-}
-
-
-
-/* Sequential-find routines that used separate structure.  It is
-   possible to have many than one record with the same key in a
-   database, and these routines allows to enumerate all them.
-   cdb_findinit() initializes search structure pointed to by cdbfp.
-   It will return negative value on error or 0 on success.  cdb_find­
-   next() attempts to find next matching key, setting value position
-   and length in cdbfp structure.  It will return positive value if
-   given key was found, 0 if there is no more such key(s), or negative
-   value on error.  To access value position and length after
-   successeful call to cdb_findnext() (when it returned positive
-   result), use cdb_datapos() and cdb_datalen() macros with cdbp
-   pointer.  It is error to use cdb_findnext() after it returned 0 or
-   error condition.  These routines is a bit slower than
-   cdb_find().
-
-   Setting KEY to NULL will start a sequential search through the
-   entire DB.
-*/
-int
-cdb_findinit(struct cdb_find *cdbfp, struct cdb *cdbp,
-             const void *key, cdbi_t klen)
-{
-  cdbi_t n, pos;
-
-  cdbfp->cdb_cdbp = cdbp;
-  cdbfp->cdb_key  = key;
-  cdbfp->cdb_klen = klen;
-  cdbfp->cdb_hval = key? cdb_hash(key, klen) : 0;
-
-  if (key)
-    {
-      cdbfp->cdb_htp = cdbp->cdb_mem + ((cdbfp->cdb_hval << 3) & 2047);
-      n = cdb_unpack(cdbfp->cdb_htp + 4);
-      cdbfp->cdb_httodo = n << 3; /* Set to size of hash table. */
-      if (!n)
-        return 0; /* The hash table is empry. */
-      pos = cdb_unpack(cdbfp->cdb_htp);
-      if (n > (cdbp->cdb_fsize >> 3)
-          || pos > cdbp->cdb_fsize
-          || cdbfp->cdb_httodo > cdbp->cdb_fsize - pos)
-        {
-          gpg_err_set_errno (EPROTO);
-          return -1;
-        }
-
-      cdbfp->cdb_htab = cdbp->cdb_mem + pos;
-      cdbfp->cdb_htend = cdbfp->cdb_htab + cdbfp->cdb_httodo;
-      cdbfp->cdb_htp = cdbfp->cdb_htab + (((cdbfp->cdb_hval >> 8) % n) << 3);
-    }
-  else /* Walk over all entries. */
-    {
-      cdbfp->cdb_hval = 0;
-      /* Force stepping in findnext. */
-      cdbfp->cdb_htp = cdbfp->cdb_htend = cdbp->cdb_mem;
-    }
-  return 0;
-}
-
-
-/* See cdb_findinit. */
-int
-cdb_findnext(struct cdb_find *cdbfp)
-{
-  cdbi_t pos, n;
-  struct cdb *cdbp = cdbfp->cdb_cdbp;
-
-  if (cdbfp->cdb_key)
-    {
-      while(cdbfp->cdb_httodo) {
-        pos = cdb_unpack(cdbfp->cdb_htp + 4);
-        if (!pos)
-          return 0;
-        n = cdb_unpack(cdbfp->cdb_htp) == cdbfp->cdb_hval;
-        if ((cdbfp->cdb_htp += 8) >= cdbfp->cdb_htend)
-          cdbfp->cdb_htp = cdbfp->cdb_htab;
-        cdbfp->cdb_httodo -= 8;
-        if (n) {
-          if (pos > cdbp->cdb_fsize - 8) {
-            gpg_err_set_errno (EPROTO);
-            return -1;
-          }
-          if (cdb_unpack(cdbp->cdb_mem + pos) == cdbfp->cdb_klen) {
-            if (cdbp->cdb_fsize - cdbfp->cdb_klen < pos + 8) {
-              gpg_err_set_errno (EPROTO);
-              return -1;
-            }
-            if (memcmp(cdbfp->cdb_key,
-                       cdbp->cdb_mem + pos + 8, cdbfp->cdb_klen) == 0) {
-              n = cdb_unpack(cdbp->cdb_mem + pos + 4);
-              pos += 8 + cdbfp->cdb_klen;
-              if (cdbp->cdb_fsize < n || cdbp->cdb_fsize - n < pos) {
-                gpg_err_set_errno (EPROTO);
-                return -1;
-              }
-              cdbp->cdb_vpos = pos;
-              cdbp->cdb_vlen = n;
-              return 1;
-            }
-          }
-        }
-      }
-    }
-  else /* Walk over all entries. */
-    {
-      do
-        {
-          while (cdbfp->cdb_htp >= cdbfp->cdb_htend)
-            {
-              if (cdbfp->cdb_hval > 255)
-                return 0; /* No more items. */
-
-              cdbfp->cdb_htp = cdbp->cdb_mem + cdbfp->cdb_hval * 8;
-              cdbfp->cdb_hval++; /* Advance for next round. */
-              pos = cdb_unpack (cdbfp->cdb_htp);     /* Offset of table. */
-              n   = cdb_unpack (cdbfp->cdb_htp + 4); /* Number of entries. */
-              cdbfp->cdb_httodo = n * 8;             /* Size of table. */
-              if (n > (cdbp->cdb_fsize / 8)
-                  || pos > cdbp->cdb_fsize
-                  || cdbfp->cdb_httodo > cdbp->cdb_fsize - pos)
-                {
-                  gpg_err_set_errno (EPROTO);
-                  return -1;
-                }
-
-              cdbfp->cdb_htab  = cdbp->cdb_mem + pos;
-              cdbfp->cdb_htend = cdbfp->cdb_htab + cdbfp->cdb_httodo;
-              cdbfp->cdb_htp   = cdbfp->cdb_htab;
-            }
-
-          pos = cdb_unpack (cdbfp->cdb_htp + 4); /* Offset of record. */
-          cdbfp->cdb_htp += 8;
-        }
-      while (!pos);
-      if (pos > cdbp->cdb_fsize - 8)
-        {
-          gpg_err_set_errno (EPROTO);
-          return -1;
-        }
-
-      cdbp->cdb_kpos = pos + 8;
-      cdbp->cdb_klen = cdb_unpack(cdbp->cdb_mem + pos);
-      cdbp->cdb_vpos = pos + 8 + cdbp->cdb_klen;
-      cdbp->cdb_vlen = cdb_unpack(cdbp->cdb_mem + pos + 4);
-      n = 8 + cdbp->cdb_klen + cdbp->cdb_vlen;
-      if ( pos > cdbp->cdb_fsize || pos > cdbp->cdb_fsize - n)
-        {
-          gpg_err_set_errno (EPROTO);
-          return -1;
-        }
-      return 1; /* Found. */
-    }
-  return 0;
-}
-
-/* Read a chunk from file, ignoring interrupts (EINTR) */
-int
-cdb_bread(int fd, void *buf, int len)
-{
-  int l;
-  while(len > 0) {
-    do l = read(fd, buf, len);
-    while(l < 0 && errno == EINTR);
-    if (l <= 0) {
-      if (!l)
-        gpg_err_set_errno (EIO);
-      return -1;
-    }
-    buf = (char*)buf + l;
-    len -= l;
-  }
-  return 0;
-}
-
-/* Find a given key in cdb file, seek a file pointer to it's value and
-   place data length to *dlenp. */
-int
-cdb_seek(int fd, const void *key, unsigned klen, cdbi_t *dlenp)
-{
-  cdbi_t htstart;		/* hash table start position */
-  cdbi_t htsize;		/* number of elements in a hash table */
-  cdbi_t httodo;		/* hash table elements left to look */
-  cdbi_t hti;			/* hash table index */
-  cdbi_t pos;			/* position in a file */
-  cdbi_t hval;			/* key's hash value */
-  unsigned char rbuf[64];	/* read buffer */
-  int needseek = 1;		/* if we should seek to a hash slot */
-
-  hval = cdb_hash(key, klen);
-  pos = (hval & 0xff) << 3; /* position in TOC */
-  /* read the hash table parameters */
-  if (lseek(fd, pos, SEEK_SET) < 0 || cdb_bread(fd, rbuf, 8) < 0)
-    return -1;
-  if ((htsize = cdb_unpack(rbuf + 4)) == 0)
-    return 0;
-  hti = (hval >> 8) % htsize;	/* start position in hash table */
-  httodo = htsize;
-  htstart = cdb_unpack(rbuf);
-
-  for(;;) {
-    if (needseek && lseek(fd, htstart + (hti << 3), SEEK_SET) < 0)
-      return -1;
-    if (cdb_bread(fd, rbuf, 8) < 0)
-      return -1;
-    if ((pos = cdb_unpack(rbuf + 4)) == 0) /* not found */
-      return 0;
-
-    if (cdb_unpack(rbuf) != hval) /* hash value not matched */
-      needseek = 0;
-    else { /* hash value matched */
-      if (lseek(fd, pos, SEEK_SET) < 0 || cdb_bread(fd, rbuf, 8) < 0)
-	return -1;
-      if (cdb_unpack(rbuf) == klen) { /* key length matches */
-	/* read the key from file and compare with wanted */
-	cdbi_t l = klen, c;
-	const char *k = (const char*)key;
-	if (*dlenp)
-	  *dlenp = cdb_unpack(rbuf + 4); /* save value length */
-	for(;;) {
-	  if (!l) /* the whole key read and matches, return */
-	    return 1;
-	  c = l > sizeof(rbuf) ? sizeof(rbuf) : l;
-	  if (cdb_bread(fd, rbuf, c) < 0)
-	    return -1;
-	  if (memcmp(rbuf, k, c) != 0) /* no, it differs, stop here */
-	    break;
-	  k += c; l -= c;
-	}
-      }
-      needseek = 1; /* we're looked to other place, should seek back */
-    }
-    if (!--httodo)
-      return 0;
-    if (++hti == htsize) {
-      hti = htstart;
-      needseek = 1;
-    }
-  }
-}
-
-cdbi_t
-cdb_unpack(const unsigned char buf[4])
-{
-  cdbi_t n = buf[3];
-  n <<= 8; n |= buf[2];
-  n <<= 8; n |= buf[1];
-  n <<= 8; n |= buf[0];
-  return n;
-}
-
-/* Add record with key (KEY,KLEN) and value (VAL,VLEN) to a database.
-   Returns 0 on success or negative value on error.  Note that this
-   routine does not checks if given key already exists, but cdb_find()
-   will not see second record with the same key.  It is not possible
-   to continue building a database if cdb_make_add() returned an error
-   indicator. */
-int
-cdb_make_add(struct cdb_make *cdbmp,
-	     const void *key, cdbi_t klen,
-	     const void *val, cdbi_t vlen)
-{
-  unsigned char rlen[8];
-  cdbi_t hval;
-  struct cdb_rl *rl;
-  if (klen > 0xffffffff - (cdbmp->cdb_dpos + 8) ||
-      vlen > 0xffffffff - (cdbmp->cdb_dpos + klen + 8)) {
-    gpg_err_set_errno (ENOMEM);
-    return -1;
-  }
-  hval = cdb_hash(key, klen);
-  rl = cdbmp->cdb_rec[hval&255];
-  if (!rl || rl->cnt >= sizeof(rl->rec)/sizeof(rl->rec[0])) {
-    rl = (struct cdb_rl*)malloc(sizeof(struct cdb_rl));
-    if (!rl) {
-      gpg_err_set_errno (ENOMEM);
-      return -1;
-    }
-    rl->cnt = 0;
-    rl->next = cdbmp->cdb_rec[hval&255];
-    cdbmp->cdb_rec[hval&255] = rl;
-  }
-  rl->rec[rl->cnt].hval = hval;
-  rl->rec[rl->cnt].rpos = cdbmp->cdb_dpos;
-  ++rl->cnt;
-  ++cdbmp->cdb_rcnt;
-  cdb_pack(klen, rlen);
-  cdb_pack(vlen, rlen + 4);
-  if (make_write(cdbmp, rlen, 8) < 0 ||
-      make_write(cdbmp, key, klen) < 0 ||
-      make_write(cdbmp, val, vlen) < 0)
-    return -1;
-  return 0;
-}
-
-int
-cdb_make_put(struct cdb_make *cdbmp,
-	     const void *key, cdbi_t klen,
-	     const void *val, cdbi_t vlen,
-	     int flags)
-{
-  unsigned char rlen[8];
-  cdbi_t hval = cdb_hash(key, klen);
-  struct cdb_rl *rl;
-  int c, r;
-
-  switch(flags) {
-    case CDB_PUT_REPLACE:
-    case CDB_PUT_INSERT:
-    case CDB_PUT_WARN:
-      c = make_find(cdbmp, key, klen, hval, &rl);
-      if (c < 0)
-	return -1;
-      if (c) {
-	if (flags == CDB_PUT_INSERT) {
-	  gpg_err_set_errno (EEXIST);
-	  return 1;
-	}
-	else if (flags == CDB_PUT_REPLACE) {
-	  --c;
-	  r = 1;
-	  break;
-	}
-	else
-	  r = 1;
-      }
-      /* fall */
-
-    case CDB_PUT_ADD:
-      rl = cdbmp->cdb_rec[hval&255];
-      if (!rl || rl->cnt >= sizeof(rl->rec)/sizeof(rl->rec[0])) {
- 	rl = (struct cdb_rl*)malloc(sizeof(struct cdb_rl));
-	if (!rl) {
-	  gpg_err_set_errno (ENOMEM);
-	  return -1;
-	}
-	rl->cnt = 0;
-	rl->next = cdbmp->cdb_rec[hval&255];
-	cdbmp->cdb_rec[hval&255] = rl;
-      }
-      c = rl->cnt;
-      r = 0;
-      break;
-
-    default:
-      gpg_err_set_errno (EINVAL);
-      return -1;
-  }
-
-  if (klen > 0xffffffff - (cdbmp->cdb_dpos + 8) ||
-      vlen > 0xffffffff - (cdbmp->cdb_dpos + klen + 8)) {
-    gpg_err_set_errno (ENOMEM);
-    return -1;
-  }
-  rl->rec[c].hval = hval;
-  rl->rec[c].rpos = cdbmp->cdb_dpos;
-  if (c == rl->cnt) {
-    ++rl->cnt;
-    ++cdbmp->cdb_rcnt;
-  }
-  cdb_pack(klen, rlen);
-  cdb_pack(vlen, rlen + 4);
-  if (make_write(cdbmp, rlen, 8) < 0 ||
-      make_write(cdbmp, key, klen) < 0 ||
-      make_write(cdbmp, val, vlen) < 0)
-    return -1;
-  return r;
-}
-
-
-static int
-match(int fd, cdbi_t pos, const char *key, cdbi_t klen)
-{
-  unsigned char buf[64]; /*XXX cdb_buf may be used here instead */
-  if (lseek(fd, pos, SEEK_SET) < 0 || read(fd, buf, 8) != 8)
-    return -1;
-  if (cdb_unpack(buf) != klen)
-    return 0;
-
-  while(klen > sizeof(buf)) {
-    if (read(fd, buf, sizeof(buf)) != sizeof(buf))
-      return -1;
-    if (memcmp(buf, key, sizeof(buf)) != 0)
-      return 0;
-    key += sizeof(buf);
-    klen -= sizeof(buf);
-  }
-  if (klen) {
-    if (read(fd, buf, klen) != klen)
-      return -1;
-    if (memcmp(buf, key, klen) != 0)
-      return 0;
-  }
-  return 1;
-}
-
-
-static int
-make_find (struct cdb_make *cdbmp,
-           const void *key, cdbi_t klen, cdbi_t hval,
-           struct cdb_rl **rlp)
-{
-  struct cdb_rl *rl = cdbmp->cdb_rec[hval&255];
-  int r, i;
-  int seeked = 0;
-  while(rl) {
-    for(i = rl->cnt - 1; i >= 0; --i) { /* search backward */
-      if (rl->rec[i].hval != hval)
-	continue;
-      /*XXX this explicit flush may be unnecessary having
-       * smarter match() that looks to cdb_buf too, but
-       * most of a time here spent in finding hash values
-       * (above), not keys */
-      if (cdbmp->cdb_bpos != cdbmp->cdb_buf) {
-        if (write(cdbmp->cdb_fd, cdbmp->cdb_buf,
-	          cdbmp->cdb_bpos - cdbmp->cdb_buf) < 0)
-          return -1;
-        cdbmp->cdb_bpos = cdbmp->cdb_buf;
-      }
-      seeked = 1;
-      r = match(cdbmp->cdb_fd, rl->rec[i].rpos, key, klen);
-      if (!r)
-	continue;
-      if (r < 0)
-	return -1;
-      if (lseek(cdbmp->cdb_fd, cdbmp->cdb_dpos, SEEK_SET) < 0)
-        return -1;
-      if (rlp)
-	*rlp = rl;
-      return i + 1;
-    }
-    rl = rl->next;
-  }
-  if (seeked && lseek(cdbmp->cdb_fd, cdbmp->cdb_dpos, SEEK_SET) < 0)
-    return -1;
-  return 0;
-}
-
-int
-cdb_make_exists(struct cdb_make *cdbmp,
-                const void *key, cdbi_t klen)
-{
-  return make_find(cdbmp, key, klen, cdb_hash(key, klen), NULL);
-}
-
-
-void
-cdb_pack(cdbi_t num, unsigned char buf[4])
-{
-  buf[0] = num & 255; num >>= 8;
-  buf[1] = num & 255; num >>= 8;
-  buf[2] = num & 255;
-  buf[3] = num >> 8;
-}
-
-
-/* Initializes structure to create a database.  File FD should be
-   opened read-write and should be seekable.  Returns 0 on success or
-   negative value on error. */
-int
-cdb_make_start(struct cdb_make *cdbmp, int fd)
-{
-  memset (cdbmp, 0, sizeof *cdbmp);
-  cdbmp->cdb_fd = fd;
-  cdbmp->cdb_dpos = 2048;
-  cdbmp->cdb_bpos = cdbmp->cdb_buf + 2048;
-  return 0;
-}
-
-
-static int
-ewrite(int fd, const char *buf, int len)
-{
-  while(len) {
-    int l = write(fd, buf, len);
-    if (l < 0 && errno != EINTR)
-      return -1;
-    if (l > 0)
-      {
-        len -= l;
-        buf += l;
-      }
-  }
-  return 0;
-}
-
-static int
-make_write(struct cdb_make *cdbmp, const char *ptr, cdbi_t len)
-{
-  cdbi_t l = sizeof(cdbmp->cdb_buf) - (cdbmp->cdb_bpos - cdbmp->cdb_buf);
-  cdbmp->cdb_dpos += len;
-  if (len > l) {
-    memcpy(cdbmp->cdb_bpos, ptr, l);
-    if (ewrite(cdbmp->cdb_fd, cdbmp->cdb_buf, sizeof(cdbmp->cdb_buf)) < 0)
-      return -1;
-    ptr += l; len -= l;
-    l = len / sizeof(cdbmp->cdb_buf);
-    if (l) {
-      l *= sizeof(cdbmp->cdb_buf);
-      if (ewrite(cdbmp->cdb_fd, ptr, l) < 0)
-	return -1;
-      ptr += l; len -= l;
-    }
-    cdbmp->cdb_bpos = cdbmp->cdb_buf;
-  }
-  if (len) {
-    memcpy(cdbmp->cdb_bpos, ptr, len);
-    cdbmp->cdb_bpos += len;
-  }
-  return 0;
-}
-
-static int
-cdb_make_finish_internal(struct cdb_make *cdbmp)
-{
-  cdbi_t hcnt[256];		/* hash table counts */
-  cdbi_t hpos[256];		/* hash table positions */
-  struct cdb_rec *htab;
-  unsigned char *p;
-  struct cdb_rl *rl;
-  cdbi_t hsize;
-  unsigned t, i;
-
-  if (((0xffffffff - cdbmp->cdb_dpos) >> 3) < cdbmp->cdb_rcnt) {
-    gpg_err_set_errno (ENOMEM);
-    return -1;
-  }
-
-  /* count htab sizes and reorder reclists */
-  hsize = 0;
-  for (t = 0; t < 256; ++t) {
-    struct cdb_rl *rlt = NULL;
-    i = 0;
-    rl = cdbmp->cdb_rec[t];
-    while(rl) {
-      struct cdb_rl *rln = rl->next;
-      rl->next = rlt;
-      rlt = rl;
-      i += rl->cnt;
-      rl = rln;
-    }
-    cdbmp->cdb_rec[t] = rlt;
-    if (hsize < (hcnt[t] = i << 1))
-      hsize = hcnt[t];
-  }
-
-  /* allocate memory to hold max htable */
-  htab = (struct cdb_rec*)malloc((hsize + 2) * sizeof(struct cdb_rec));
-  if (!htab) {
-    gpg_err_set_errno (ENOENT);
-    return -1;
-  }
-  p = (unsigned char *)htab;
-  htab += 2;
-
-  /* build hash tables */
-  for (t = 0; t < 256; ++t) {
-    cdbi_t len, hi;
-    hpos[t] = cdbmp->cdb_dpos;
-    if ((len = hcnt[t]) == 0)
-      continue;
-    for (i = 0; i < len; ++i)
-      htab[i].hval = htab[i].rpos = 0;
-    for (rl = cdbmp->cdb_rec[t]; rl; rl = rl->next)
-      for (i = 0; i < rl->cnt; ++i) {
-	hi = (rl->rec[i].hval >> 8) % len;
-	while(htab[hi].rpos)
-	  if (++hi == len)
-	    hi = 0;
-	htab[hi] = rl->rec[i];
-      }
-    for (i = 0; i < len; ++i) {
-      cdb_pack(htab[i].hval, p + (i << 3));
-      cdb_pack(htab[i].rpos, p + (i << 3) + 4);
-    }
-    if (make_write(cdbmp, p, len << 3) < 0) {
-      free(p);
-      return -1;
-    }
-  }
-  free(p);
-  if (cdbmp->cdb_bpos != cdbmp->cdb_buf &&
-      ewrite(cdbmp->cdb_fd, cdbmp->cdb_buf,
-	     cdbmp->cdb_bpos - cdbmp->cdb_buf) != 0)
-      return -1;
-  p = cdbmp->cdb_buf;
-  for (t = 0; t < 256; ++t) {
-    cdb_pack(hpos[t], p + (t << 3));
-    cdb_pack(hcnt[t], p + (t << 3) + 4);
-  }
-  if (lseek(cdbmp->cdb_fd, 0, 0) != 0 ||
-      ewrite(cdbmp->cdb_fd, p, 2048) != 0)
-    return -1;
-
-  return 0;
-}
-
-static void
-cdb_make_free(struct cdb_make *cdbmp)
-{
-  unsigned t;
-  for(t = 0; t < 256; ++t) {
-    struct cdb_rl *rl = cdbmp->cdb_rec[t];
-    while(rl) {
-      struct cdb_rl *tm = rl;
-      rl = rl->next;
-      free(tm);
-    }
-  }
-}
-
-
-
-/* Finalizes database file, constructing all needed indexes, and frees
-   memory structures.  It does not close the file descriptor.  Returns
-   0 on success or a negative value on error. */
-int
-cdb_make_finish(struct cdb_make *cdbmp)
-{
-  int r = cdb_make_finish_internal(cdbmp);
-  cdb_make_free(cdbmp);
-  return r;
-}
-
-
-cdbi_t
-cdb_hash(const void *buf, cdbi_t len)
-{
-  register const unsigned char *p = (const unsigned char *)buf;
-  register const unsigned char *end = p + len;
-  register cdbi_t hash = 5381;	/* start value */
-  while (p < end)
-    hash = (hash + (hash << 5)) ^ *p++;
-  return hash;
-}
diff -Nru gnupg2-2.1.6/dirmngr/certcache.c gnupg2-2.0.28/dirmngr/certcache.c
--- gnupg2-2.1.6/dirmngr/certcache.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/certcache.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,1394 +0,0 @@
-/* certcache.c - Certificate caching
- *      Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "misc.h"
-#include "crlfetch.h"
-#include "certcache.h"
-
-
-#define MAX_EXTRA_CACHED_CERTS 1000
-
-/* Constants used to classify search patterns.  */
-enum pattern_class
-  {
-    PATTERN_UNKNOWN = 0,
-    PATTERN_EMAIL,
-    PATTERN_EMAIL_SUBSTR,
-    PATTERN_FINGERPRINT16,
-    PATTERN_FINGERPRINT20,
-    PATTERN_SHORT_KEYID,
-    PATTERN_LONG_KEYID,
-    PATTERN_SUBJECT,
-    PATTERN_SERIALNO,
-    PATTERN_SERIALNO_ISSUER,
-    PATTERN_ISSUER,
-    PATTERN_SUBSTR
-  };
-
-
-/* A certificate cache item.  This consists of a the KSBA cert object
-   and some meta data for easier lookup.  We use a hash table to keep
-   track of all items and use the (randomly distributed) first byte of
-   the fingerprint directly as the hash which makes it pretty easy. */
-struct cert_item_s
-{
-  struct cert_item_s *next; /* Next item with the same hash value. */
-  ksba_cert_t cert;         /* The KSBA cert object or NULL is this is
-                               not a valid item.  */
-  unsigned char fpr[20];    /* The fingerprint of this object. */
-  char *issuer_dn;          /* The malloced issuer DN.  */
-  ksba_sexp_t sn;           /* The malloced serial number  */
-  char *subject_dn;         /* The malloced subject DN - maybe NULL.  */
-  struct
-  {
-    unsigned int loaded:1;  /* It has been explicitly loaded.  */
-    unsigned int trusted:1; /* This is a trusted root certificate.  */
-  } flags;
-};
-typedef struct cert_item_s *cert_item_t;
-
-/* The actual cert cache consisting of 256 slots for items indexed by
-   the first byte of the fingerprint.  */
-static cert_item_t cert_cache[256];
-
-/* This is the global cache_lock variable. In general locking is not
-   needed but it would take extra efforts to make sure that no
-   indirect use of npth functions is done, so we simply lock it
-   always.  Note: We can't use static initialization, as that is not
-   available through w32-pth.  */
-static npth_rwlock_t cert_cache_lock;
-
-/* Flag to track whether the cache has been initialized.  */
-static int initialization_done;
-
-/* Total number of certificates loaded during initialization and
-   cached during operation.  */
-static unsigned int total_loaded_certificates;
-static unsigned int total_extra_certificates;
-
-
-
-/* Helper to do the cache locking.  */
-static void
-init_cache_lock (void)
-{
-  int err;
-
-  err = npth_rwlock_init (&cert_cache_lock, NULL);
-  if (err)
-    log_fatal (_("can't initialize certificate cache lock: %s\n"),
-	       strerror (err));
-}
-
-static void
-acquire_cache_read_lock (void)
-{
-  int err;
-
-  err = npth_rwlock_rdlock (&cert_cache_lock);
-  if (err)
-    log_fatal (_("can't acquire read lock on the certificate cache: %s\n"),
-               strerror (err));
-}
-
-static void
-acquire_cache_write_lock (void)
-{
-  int err;
-
-  err = npth_rwlock_wrlock (&cert_cache_lock);
-  if (err)
-    log_fatal (_("can't acquire write lock on the certificate cache: %s\n"),
-               strerror (err));
-}
-
-static void
-release_cache_lock (void)
-{
-  int err;
-
-  err = npth_rwlock_unlock (&cert_cache_lock);
-  if (err)
-    log_fatal (_("can't release lock on the certificate cache: %s\n"),
-               strerror (err));
-}
-
-
-/* Return false if both serial numbers match.  Can't be used for
-   sorting. */
-static int
-compare_serialno (ksba_sexp_t serial1, ksba_sexp_t serial2 )
-{
-  unsigned char *a = serial1;
-  unsigned char *b = serial2;
-  return cmp_simple_canon_sexp (a, b);
-}
-
-
-
-/* Return a malloced canonical S-Expression with the serial number
-   converted from the hex string HEXSN.  Return NULL on memory
-   error. */
-ksba_sexp_t
-hexsn_to_sexp (const char *hexsn)
-{
-  char *buffer, *p;
-  size_t len;
-  char numbuf[40];
-
-  len = unhexify (NULL, hexsn);
-  snprintf (numbuf, sizeof numbuf, "(%u:", (unsigned int)len);
-  buffer = xtrymalloc (strlen (numbuf) + len + 2 );
-  if (!buffer)
-    return NULL;
-  p = stpcpy (buffer, numbuf);
-  len = unhexify (p, hexsn);
-  p[len] = ')';
-  p[len+1] = 0;
-
-  return buffer;
-}
-
-
-/* Compute the fingerprint of the certificate CERT and put it into
-   the 20 bytes large buffer DIGEST.  Return address of this buffer.  */
-unsigned char *
-cert_compute_fpr (ksba_cert_t cert, unsigned char *digest)
-{
-  gpg_error_t err;
-  gcry_md_hd_t md;
-
-  err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
-  if (err)
-    log_fatal ("gcry_md_open failed: %s\n", gpg_strerror (err));
-
-  err = ksba_cert_hash (cert, 0, HASH_FNC, md);
-  if (err)
-    {
-      log_error ("oops: ksba_cert_hash failed: %s\n", gpg_strerror (err));
-      memset (digest, 0xff, 20); /* Use a dummy value. */
-    }
-  else
-    {
-      gcry_md_final (md);
-      memcpy (digest, gcry_md_read (md, GCRY_MD_SHA1), 20);
-    }
-  gcry_md_close (md);
-  return digest;
-}
-
-
-/* Cleanup one slot.  This releases all resourses but keeps the actual
-   slot in the cache marked for reuse. */
-static void
-clean_cache_slot (cert_item_t ci)
-{
-  ksba_cert_t cert;
-
-  if (!ci->cert)
-    return; /* Already cleaned.  */
-
-  ksba_free (ci->sn);
-  ci->sn = NULL;
-  ksba_free (ci->issuer_dn);
-  ci->issuer_dn = NULL;
-  ksba_free (ci->subject_dn);
-  ci->subject_dn = NULL;
-  cert = ci->cert;
-  ci->cert = NULL;
-
-  ksba_cert_release (cert);
-}
-
-
-/* Put the certificate CERT into the cache.  It is assumed that the
-   cache is locked while this function is called. If FPR_BUFFER is not
-   NULL the fingerprint of the certificate will be stored there.
-   FPR_BUFFER neds to point to a buffer of at least 20 bytes. The
-   fingerprint will be stored on success or when the function returns
-   gpg_err_code(GPG_ERR_DUP_VALUE). */
-static gpg_error_t
-put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
-{
-  unsigned char help_fpr_buffer[20], *fpr;
-  cert_item_t ci;
-
-  fpr = fpr_buffer? fpr_buffer : &help_fpr_buffer;
-
-  /* If we already reached the caching limit, drop a couple of certs
-     from the cache.  Our dropping strategy is simple: We keep a
-     static index counter and use this to start looking for
-     certificates, then we drop 5 percent of the oldest certificates
-     starting at that index.  For a large cache this is a fair way of
-     removing items. An LRU strategy would be better of course.
-     Because we append new entries to the head of the list and we want
-     to remove old ones first, we need to do this from the tail.  The
-     implementation is not very efficient but compared to the long
-     time it takes to retrieve a certifciate from an external resource
-     it seems to be reasonable. */
-  if (!is_loaded && total_extra_certificates >= MAX_EXTRA_CACHED_CERTS)
-    {
-      static int idx;
-      cert_item_t ci_mark;
-      int i;
-      unsigned int drop_count;
-
-      drop_count = MAX_EXTRA_CACHED_CERTS / 20;
-      if (drop_count < 2)
-        drop_count = 2;
-
-      log_info (_("dropping %u certificates from the cache\n"), drop_count);
-      assert (idx < 256);
-      for (i=idx; drop_count; i = ((i+1)%256))
-        {
-          ci_mark = NULL;
-          for (ci = cert_cache[i]; ci; ci = ci->next)
-            if (ci->cert && !ci->flags.loaded)
-              ci_mark = ci;
-          if (ci_mark)
-            {
-              clean_cache_slot (ci_mark);
-              drop_count--;
-              total_extra_certificates--;
-            }
-        }
-      if (i==idx)
-        idx++;
-      else
-        idx = i;
-      idx %= 256;
-    }
-
-  cert_compute_fpr (cert, fpr);
-  for (ci=cert_cache[*fpr]; ci; ci = ci->next)
-    if (ci->cert && !memcmp (ci->fpr, fpr, 20))
-      return gpg_error (GPG_ERR_DUP_VALUE);
-  /* Try to reuse an existing entry.  */
-  for (ci=cert_cache[*fpr]; ci; ci = ci->next)
-    if (!ci->cert)
-      break;
-  if (!ci)
-    { /* No: Create a new entry.  */
-      ci = xtrycalloc (1, sizeof *ci);
-      if (!ci)
-        return gpg_error_from_errno (errno);
-      ci->next = cert_cache[*fpr];
-      cert_cache[*fpr] = ci;
-    }
-  else
-    memset (&ci->flags, 0, sizeof ci->flags);
-
-  ksba_cert_ref (cert);
-  ci->cert = cert;
-  memcpy (ci->fpr, fpr, 20);
-  ci->sn = ksba_cert_get_serial (cert);
-  ci->issuer_dn = ksba_cert_get_issuer (cert, 0);
-  if (!ci->issuer_dn || !ci->sn)
-    {
-      clean_cache_slot (ci);
-      return gpg_error (GPG_ERR_INV_CERT_OBJ);
-    }
-  ci->subject_dn = ksba_cert_get_subject (cert, 0);
-  ci->flags.loaded  = !!is_loaded;
-  ci->flags.trusted = !!is_trusted;
-
-  if (is_loaded)
-    total_loaded_certificates++;
-  else
-    total_extra_certificates++;
-
-  return 0;
-}
-
-
-/* Load certificates from the directory DIRNAME.  All certificates
-   matching the pattern "*.crt" or "*.der"  are loaded.  We assume that
-   certificates are DER encoded and not PEM encapsulated. The cache
-   should be in a locked state when calling this fucntion.  */
-static gpg_error_t
-load_certs_from_dir (const char *dirname, int are_trusted)
-{
-  gpg_error_t err;
-  DIR *dir;
-  struct dirent *ep;
-  char *p;
-  size_t n;
-  estream_t fp;
-  ksba_reader_t reader;
-  ksba_cert_t cert;
-  char *fname = NULL;
-
-  dir = opendir (dirname);
-  if (!dir)
-    {
-      if (opt.system_daemon)
-        log_info (_("can't access directory '%s': %s\n"),
-                  dirname, strerror (errno));
-      return 0; /* We do not consider this a severe error.  */
-    }
-
-  while ( (ep=readdir (dir)) )
-    {
-      p = ep->d_name;
-      if (*p == '.' || !*p)
-        continue; /* Skip any hidden files and invalid entries.  */
-      n = strlen (p);
-      if ( n < 5 || (strcmp (p+n-4,".crt") && strcmp (p+n-4,".der")))
-        continue; /* Not the desired "*.crt" or "*.der" pattern.  */
-
-      xfree (fname);
-      fname = make_filename (dirname, p, NULL);
-      fp = es_fopen (fname, "rb");
-      if (!fp)
-        {
-          log_error (_("can't open '%s': %s\n"),
-                     fname, strerror (errno));
-          continue;
-        }
-
-      err = create_estream_ksba_reader (&reader, fp);
-      if (err)
-        {
-          es_fclose (fp);
-          continue;
-        }
-
-      err = ksba_cert_new (&cert);
-      if (!err)
-        err = ksba_cert_read_der (cert, reader);
-      ksba_reader_release (reader);
-      es_fclose (fp);
-      if (err)
-        {
-          log_error (_("can't parse certificate '%s': %s\n"),
-                     fname, gpg_strerror (err));
-          ksba_cert_release (cert);
-          continue;
-        }
-
-      err = put_cert (cert, 1, are_trusted, NULL);
-      if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
-        log_info (_("certificate '%s' already cached\n"), fname);
-      else if (!err)
-        {
-          if (are_trusted)
-            log_info (_("trusted certificate '%s' loaded\n"), fname);
-          else
-            log_info (_("certificate '%s' loaded\n"), fname);
-          if (opt.verbose)
-            {
-              p = get_fingerprint_hexstring_colon (cert);
-              log_info (_("  SHA1 fingerprint = %s\n"), p);
-              xfree (p);
-
-              cert_log_name (_("   issuer ="), cert);
-              cert_log_subject (_("  subject ="), cert);
-            }
-        }
-      else
-        log_error (_("error loading certificate '%s': %s\n"),
-                     fname, gpg_strerror (err));
-      ksba_cert_release (cert);
-    }
-
-  xfree (fname);
-  closedir (dir);
-  return 0;
-}
-
-
-/* Initialize the certificate cache if not yet done.  */
-void
-cert_cache_init (void)
-{
-  char *dname;
-
-  if (initialization_done)
-    return;
-  init_cache_lock ();
-  acquire_cache_write_lock ();
-
-  dname = make_filename (gnupg_sysconfdir (), "trusted-certs", NULL);
-  load_certs_from_dir (dname, 1);
-  xfree (dname);
-
-  dname = make_filename (gnupg_sysconfdir (), "extra-certs", NULL);
-  load_certs_from_dir (dname, 0);
-  xfree (dname);
-
-  initialization_done = 1;
-  release_cache_lock ();
-
-  cert_cache_print_stats ();
-}
-
-/* Deinitialize the certificate cache.  With FULL set to true even the
-   unused certificate slots are released. */
-void
-cert_cache_deinit (int full)
-{
-  cert_item_t ci, ci2;
-  int i;
-
-  if (!initialization_done)
-    return;
-
-  acquire_cache_write_lock ();
-
-  for (i=0; i < 256; i++)
-    for (ci=cert_cache[i]; ci; ci = ci->next)
-      clean_cache_slot (ci);
-
-  if (full)
-    {
-      for (i=0; i < 256; i++)
-        {
-          for (ci=cert_cache[i]; ci; ci = ci2)
-            {
-              ci2 = ci->next;
-              xfree (ci);
-            }
-          cert_cache[i] = NULL;
-        }
-    }
-
-  total_loaded_certificates = 0;
-  total_extra_certificates = 0;
-  initialization_done = 0;
-  release_cache_lock ();
-}
-
-/* Print some statistics to the log file.  */
-void
-cert_cache_print_stats (void)
-{
-  log_info (_("permanently loaded certificates: %u\n"),
-            total_loaded_certificates);
-  log_info (_("    runtime cached certificates: %u\n"),
-            total_extra_certificates);
-}
-
-
-/* Put CERT into the certificate cache.  */
-gpg_error_t
-cache_cert (ksba_cert_t cert)
-{
-  gpg_error_t err;
-
-  acquire_cache_write_lock ();
-  err = put_cert (cert, 0, 0, NULL);
-  release_cache_lock ();
-  if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
-    log_info (_("certificate already cached\n"));
-  else if (!err)
-    log_info (_("certificate cached\n"));
-  else
-    log_error (_("error caching certificate: %s\n"), gpg_strerror (err));
-  return err;
-}
-
-
-/* Put CERT into the certificate cache and store the fingerprint of
-   the certificate into FPR_BUFFER.  If the certificate is already in
-   the cache do not print a warning; just store the
-   fingerprint. FPR_BUFFER needs to be at least 20 bytes. */
-gpg_error_t
-cache_cert_silent (ksba_cert_t cert, void *fpr_buffer)
-{
-  gpg_error_t err;
-
-  acquire_cache_write_lock ();
-  err = put_cert (cert, 0, 0, fpr_buffer);
-  release_cache_lock ();
-  if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
-    err = 0;
-  if (err)
-    log_error (_("error caching certificate: %s\n"), gpg_strerror (err));
-  return err;
-}
-
-
-
-/* Return a certificate object for the given fingerprint.  FPR is
-   expected to be a 20 byte binary SHA-1 fingerprint.  If no matching
-   certificate is available in the cache NULL is returned.  The caller
-   must release a returned certificate.  Note that although we are
-   using reference counting the caller should not just compare the
-   pointers to check for identical certificates. */
-ksba_cert_t
-get_cert_byfpr (const unsigned char *fpr)
-{
-  cert_item_t ci;
-
-  acquire_cache_read_lock ();
-  for (ci=cert_cache[*fpr]; ci; ci = ci->next)
-    if (ci->cert && !memcmp (ci->fpr, fpr, 20))
-      {
-        ksba_cert_ref (ci->cert);
-        release_cache_lock ();
-        return ci->cert;
-      }
-
-  release_cache_lock ();
-  return NULL;
-}
-
-/* Return a certificate object for the given fingerprint.  STRING is
-   expected to be a SHA-1 fingerprint in standard hex notation with or
-   without colons.  If no matching certificate is available in the
-   cache NULL is returned.  The caller must release a returned
-   certificate.  Note that although we are using reference counting
-   the caller should not just compare the pointers to check for
-   identical certificates. */
-ksba_cert_t
-get_cert_byhexfpr (const char *string)
-{
-  unsigned char fpr[20];
-  const char *s;
-  int i;
-
-  if (strchr (string, ':'))
-    {
-      for (s=string,i=0; i < 20 && hexdigitp (s) && hexdigitp(s+1);)
-        {
-          if (s[2] && s[2] != ':')
-            break; /* Invalid string. */
-          fpr[i++] = xtoi_2 (s);
-          s += 2;
-          if (i!= 20 && *s == ':')
-            s++;
-        }
-    }
-  else
-    {
-      for (s=string,i=0; i < 20 && hexdigitp (s) && hexdigitp(s+1); s+=2 )
-        fpr[i++] = xtoi_2 (s);
-    }
-  if (i!=20 || *s)
-    {
-      log_error (_("invalid SHA1 fingerprint string '%s'\n"), string);
-      return NULL;
-    }
-
-  return get_cert_byfpr (fpr);
-}
-
-
-
-/* Return the certificate matching ISSUER_DN and SERIALNO.  */
-ksba_cert_t
-get_cert_bysn (const char *issuer_dn, ksba_sexp_t serialno)
-{
-  /* Simple and inefficient implementation.   fixme! */
-  cert_item_t ci;
-  int i;
-
-  acquire_cache_read_lock ();
-  for (i=0; i < 256; i++)
-    {
-      for (ci=cert_cache[i]; ci; ci = ci->next)
-        if (ci->cert && !strcmp (ci->issuer_dn, issuer_dn)
-            && !compare_serialno (ci->sn, serialno))
-          {
-            ksba_cert_ref (ci->cert);
-            release_cache_lock ();
-            return ci->cert;
-          }
-    }
-
-  release_cache_lock ();
-  return NULL;
-}
-
-
-/* Return the certificate matching ISSUER_DN.  SEQ should initially be
-   set to 0 and bumped up to get the next issuer with that DN. */
-ksba_cert_t
-get_cert_byissuer (const char *issuer_dn, unsigned int seq)
-{
-  /* Simple and very inefficient implementation and API.  fixme! */
-  cert_item_t ci;
-  int i;
-
-  acquire_cache_read_lock ();
-  for (i=0; i < 256; i++)
-    {
-      for (ci=cert_cache[i]; ci; ci = ci->next)
-        if (ci->cert && !strcmp (ci->issuer_dn, issuer_dn))
-          if (!seq--)
-            {
-              ksba_cert_ref (ci->cert);
-              release_cache_lock ();
-              return ci->cert;
-            }
-    }
-
-  release_cache_lock ();
-  return NULL;
-}
-
-
-/* Return the certificate matching SUBJECT_DN.  SEQ should initially be
-   set to 0 and bumped up to get the next subject with that DN. */
-ksba_cert_t
-get_cert_bysubject (const char *subject_dn, unsigned int seq)
-{
-  /* Simple and very inefficient implementation and API.  fixme! */
-  cert_item_t ci;
-  int i;
-
-  if (!subject_dn)
-    return NULL;
-
-  acquire_cache_read_lock ();
-  for (i=0; i < 256; i++)
-    {
-      for (ci=cert_cache[i]; ci; ci = ci->next)
-        if (ci->cert && ci->subject_dn
-            && !strcmp (ci->subject_dn, subject_dn))
-          if (!seq--)
-            {
-              ksba_cert_ref (ci->cert);
-              release_cache_lock ();
-              return ci->cert;
-            }
-    }
-
-  release_cache_lock ();
-  return NULL;
-}
-
-
-
-/* Return a value decribing the the class of PATTERN.  The offset of
-   the actual string to be used for the comparison is stored at
-   R_OFFSET.  The offset of the serialnumer is stored at R_SN_OFFSET. */
-static enum pattern_class
-classify_pattern (const char *pattern, size_t *r_offset, size_t *r_sn_offset)
-{
-  enum pattern_class result;
-  const char *s;
-  int hexprefix = 0;
-  int hexlength;
-
-  *r_offset = *r_sn_offset = 0;
-
-  /* Skip leading spaces. */
-  for(s = pattern; *s && spacep (s); s++ )
-    ;
-
-  switch (*s)
-    {
-    case 0:  /* Empty string is an error. */
-      result = PATTERN_UNKNOWN;
-      break;
-
-    case '.': /* An email address, compare from end.  */
-      result = PATTERN_UNKNOWN;  /* Not implemented.  */
-      break;
-
-    case '<': /* An email address.  */
-      result = PATTERN_EMAIL;
-      s++;
-      break;
-
-    case '@': /* Part of an email address.  */
-      result = PATTERN_EMAIL_SUBSTR;
-      s++;
-      break;
-
-    case '=':  /* Exact compare. */
-      result = PATTERN_UNKNOWN; /* Does not make sense for X.509.  */
-      break;
-
-    case '*':  /* Case insensitive substring search.  */
-      result = PATTERN_SUBSTR;
-      s++;
-      break;
-
-    case '+':  /* Compare individual words. */
-      result = PATTERN_UNKNOWN;  /* Not implemented.  */
-      break;
-
-    case '/': /* Subject's DN. */
-      s++;
-      if (!*s || spacep (s))
-        result = PATTERN_UNKNOWN; /* No DN or prefixed with a space. */
-      else
-        result = PATTERN_SUBJECT;
-      break;
-
-    case '#': /* Serial number or issuer DN. */
-      {
-        const char *si;
-
-        s++;
-        if ( *s == '/')
-          {
-            /* An issuer's DN is indicated by "#/" */
-            s++;
-            if (!*s || spacep (s))
-              result = PATTERN_UNKNOWN; /* No DN or prefixed with a space. */
-            else
-              result = PATTERN_ISSUER;
-          }
-        else
-          { /* Serialnumber + optional issuer ID. */
-            for (si=s; *si && *si != '/'; si++)
-              if (!strchr("01234567890abcdefABCDEF", *si))
-                break;
-            if (*si && *si != '/')
-              result = PATTERN_UNKNOWN; /* Invalid digit in serial number. */
-            else
-              {
-                *r_sn_offset = s - pattern;
-                if (!*si)
-                  result = PATTERN_SERIALNO;
-                else
-                  {
-                    s = si+1;
-                    if (!*s || spacep (s))
-                      result = PATTERN_UNKNOWN; /* No DN or prefixed
-                                                   with a space. */
-                    else
-                      result = PATTERN_SERIALNO_ISSUER;
-                  }
-              }
-          }
-      }
-      break;
-
-    case ':': /* Unified fingerprint. */
-      {
-        const char *se, *si;
-        int i;
-
-        se = strchr (++s, ':');
-        if (!se)
-          result = PATTERN_UNKNOWN;
-        else
-          {
-            for (i=0, si=s; si < se; si++, i++ )
-              if (!strchr("01234567890abcdefABCDEF", *si))
-                break;
-            if ( si < se )
-              result = PATTERN_UNKNOWN; /* Invalid digit. */
-            else if (i == 32)
-              result = PATTERN_FINGERPRINT16;
-            else if (i == 40)
-              result = PATTERN_FINGERPRINT20;
-            else
-              result = PATTERN_UNKNOWN; /* Invalid length for a fingerprint. */
-          }
-      }
-      break;
-
-    case '&': /* Keygrip. */
-      result = PATTERN_UNKNOWN;  /* Not implemented.  */
-      break;
-
-    default:
-      if (s[0] == '0' && s[1] == 'x')
-        {
-          hexprefix = 1;
-          s += 2;
-        }
-
-      hexlength = strspn(s, "0123456789abcdefABCDEF");
-
-      /* Check if a hexadecimal number is terminated by EOS or blank. */
-      if (hexlength && s[hexlength] && !spacep (s+hexlength))
-        {
-          /* If the "0x" prefix is used a correct termination is required. */
-          if (hexprefix)
-            {
-              result = PATTERN_UNKNOWN;
-              break; /* switch */
-            }
-          hexlength = 0;  /* Not a hex number.  */
-        }
-
-      if (hexlength == 8 || (!hexprefix && hexlength == 9 && *s == '0'))
-        {
-          if (hexlength == 9)
-            s++;
-          result = PATTERN_SHORT_KEYID;
-        }
-      else if (hexlength == 16 || (!hexprefix && hexlength == 17 && *s == '0'))
-        {
-          if (hexlength == 17)
-            s++;
-          result = PATTERN_LONG_KEYID;
-        }
-      else if (hexlength == 32 || (!hexprefix && hexlength == 33 && *s == '0'))
-        {
-          if (hexlength == 33)
-            s++;
-          result = PATTERN_FINGERPRINT16;
-        }
-      else if (hexlength == 40 || (!hexprefix && hexlength == 41 && *s == '0'))
-        {
-          if (hexlength == 41)
-            s++;
-          result = PATTERN_FINGERPRINT20;
-        }
-      else if (!hexprefix)
-        {
-          /* The fingerprints used with X.509 are often delimited by
-             colons, so we try to single this case out. */
-          result = PATTERN_UNKNOWN;
-          hexlength = strspn (s, ":0123456789abcdefABCDEF");
-          if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
-            {
-              int i, c;
-
-              for (i=0; i < 20; i++, s += 3)
-                {
-                  c = hextobyte(s);
-                  if (c == -1 || (i < 19 && s[2] != ':'))
-                    break;
-                }
-              if (i == 20)
-                result = PATTERN_FINGERPRINT20;
-            }
-          if (result == PATTERN_UNKNOWN) /* Default to substring match. */
-            {
-              result = PATTERN_SUBSTR;
-            }
-        }
-      else /* A hex number with a prefix but with a wrong length.  */
-        result = PATTERN_UNKNOWN;
-    }
-
-  if (result != PATTERN_UNKNOWN)
-    *r_offset = s - pattern;
-  return result;
-}
-
-
-
-/* Given PATTERN, which is a string as used by GnuPG to specify a
-   certificate, return all matching certificates by calling the
-   supplied function RETFNC.  */
-gpg_error_t
-get_certs_bypattern (const char *pattern,
-                     gpg_error_t (*retfnc)(void*,ksba_cert_t),
-                     void *retfnc_data)
-{
-  gpg_error_t err = GPG_ERR_BUG;
-  enum pattern_class class;
-  size_t offset, sn_offset;
-  const char *hexserialno;
-  ksba_sexp_t serialno = NULL;
-  ksba_cert_t cert = NULL;
-  unsigned int seq;
-
-  if (!pattern || !retfnc)
-    return gpg_error (GPG_ERR_INV_ARG);
-
-  class = classify_pattern (pattern, &offset, &sn_offset);
-  hexserialno = pattern + sn_offset;
-  pattern += offset;
-  switch (class)
-    {
-    case PATTERN_UNKNOWN:
-      err = gpg_error (GPG_ERR_INV_NAME);
-      break;
-
-    case PATTERN_FINGERPRINT20:
-      cert = get_cert_byhexfpr (pattern);
-      err = cert? 0 : gpg_error (GPG_ERR_NOT_FOUND);
-      break;
-
-    case PATTERN_SERIALNO_ISSUER:
-      serialno = hexsn_to_sexp (hexserialno);
-      if (!serialno)
-        err = gpg_error_from_syserror ();
-      else
-        {
-          cert = get_cert_bysn (pattern, serialno);
-          err = cert? 0 : gpg_error (GPG_ERR_NOT_FOUND);
-        }
-      break;
-
-    case PATTERN_ISSUER:
-      for (seq=0,err=0; !err && (cert = get_cert_byissuer (pattern, seq)); seq++)
-        {
-          err = retfnc (retfnc_data, cert);
-          ksba_cert_release (cert);
-          cert = NULL;
-        }
-      if (!err && !seq)
-        err = gpg_error (GPG_ERR_NOT_FOUND);
-      break;
-
-    case PATTERN_SUBJECT:
-      for (seq=0,err=0; !err && (cert = get_cert_bysubject (pattern, seq));seq++)
-        {
-          err = retfnc (retfnc_data, cert);
-          ksba_cert_release (cert);
-          cert = NULL;
-        }
-      if (!err && !seq)
-        err = gpg_error (GPG_ERR_NOT_FOUND);
-      break;
-
-    case PATTERN_EMAIL:
-    case PATTERN_EMAIL_SUBSTR:
-    case PATTERN_FINGERPRINT16:
-    case PATTERN_SHORT_KEYID:
-    case PATTERN_LONG_KEYID:
-    case PATTERN_SUBSTR:
-    case PATTERN_SERIALNO:
-      /* Not supported.  */
-      err = gpg_error (GPG_ERR_INV_NAME);
-    }
-
-
-  if (!err && cert)
-    err = retfnc (retfnc_data, cert);
-  ksba_cert_release (cert);
-  xfree (serialno);
-  return err;
-}
-
-
-
-
-
-/* Return the certificate matching ISSUER_DN and SERIALNO; if it is
-   not already in the cache, try to find it from other resources.  */
-ksba_cert_t
-find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
-{
-  gpg_error_t err;
-  ksba_cert_t cert;
-  cert_fetch_context_t context = NULL;
-  char *hexsn, *buf;
-
-  /* First check whether it has already been cached.  */
-  cert = get_cert_bysn (issuer_dn, serialno);
-  if (cert)
-    return cert;
-
-  /* Ask back to the service requester to return the certificate.
-     This is because we can assume that he already used the
-     certificate while checking for the CRL. */
-  hexsn = serial_hex (serialno);
-  if (!hexsn)
-    {
-      log_error ("serial_hex() failed\n");
-      return NULL;
-    }
-  buf = xtrymalloc (1 + strlen (hexsn) + 1 + strlen (issuer_dn) + 1);
-  if (!buf)
-    {
-      log_error ("can't allocate enough memory: %s\n", strerror (errno));
-      xfree (hexsn);
-      return NULL;
-    }
-  strcpy (stpcpy (stpcpy (stpcpy (buf, "#"), hexsn),"/"), issuer_dn);
-  xfree (hexsn);
-  cert = get_cert_local (ctrl, buf);
-  xfree (buf);
-  if (cert)
-    {
-      cache_cert (cert);
-      return cert; /* Done. */
-    }
-
-  if (DBG_LOOKUP)
-    log_debug ("find_cert_bysn: certificate not returned by caller"
-               " - doing lookup\n");
-
-  /* Retrieve the certificate from external resources. */
-  while (!cert)
-    {
-      ksba_sexp_t sn;
-      char *issdn;
-
-      if (!context)
-        {
-          err = ca_cert_fetch (ctrl, &context, issuer_dn);
-          if (err)
-            {
-              log_error (_("error fetching certificate by S/N: %s\n"),
-                         gpg_strerror (err));
-              break;
-            }
-        }
-
-      err = fetch_next_ksba_cert (context, &cert);
-      if (err)
-        {
-          log_error (_("error fetching certificate by S/N: %s\n"),
-                     gpg_strerror (err) );
-          break;
-        }
-
-      issdn = ksba_cert_get_issuer (cert, 0);
-      if (strcmp (issuer_dn, issdn))
-        {
-          log_debug ("find_cert_bysn: Ooops: issuer DN does not match\n");
-          ksba_cert_release (cert);
-          cert = NULL;
-          ksba_free (issdn);
-          break;
-        }
-
-      sn = ksba_cert_get_serial (cert);
-
-      if (DBG_LOOKUP)
-        {
-          log_debug ("   considering certificate (#");
-          dump_serial (sn);
-          log_printf ("/");
-          dump_string (issdn);
-          log_printf (")\n");
-        }
-
-      if (!compare_serialno (serialno, sn))
-        {
-          ksba_free (sn);
-          ksba_free (issdn);
-          cache_cert (cert);
-          if (DBG_LOOKUP)
-            log_debug ("   found\n");
-          break; /* Ready.  */
-        }
-
-      ksba_free (sn);
-      ksba_free (issdn);
-      ksba_cert_release (cert);
-      cert = NULL;
-    }
-
-  end_cert_fetch (context);
-  return cert;
-}
-
-
-/* Return the certificate matching SUBJECT_DN and (if not NULL)
-   KEYID. If it is not already in the cache, try to find it from other
-   resources.  Note, that the external search does not work for user
-   certificates because the LDAP lookup is on the caCertificate
-   attribute. For our purposes this is just fine.  */
-ksba_cert_t
-find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
-{
-  gpg_error_t err;
-  int seq;
-  ksba_cert_t cert = NULL;
-  cert_fetch_context_t context = NULL;
-  ksba_sexp_t subj;
-
-  /* If we have certificates from an OCSP request we first try to use
-     them.  This is because these certificates will really be the
-     required ones and thus even in the case that they can't be
-     uniquely located by the following code we can use them.  This is
-     for example required by Telesec certificates where a keyId is
-     used but the issuer certificate comes without a subject keyId! */
-  if (ctrl->ocsp_certs && subject_dn)
-    {
-      cert_item_t ci;
-      cert_ref_t cr;
-      int i;
-
-      /* For efficiency reasons we won't use get_cert_bysubject here. */
-      acquire_cache_read_lock ();
-      for (i=0; i < 256; i++)
-        for (ci=cert_cache[i]; ci; ci = ci->next)
-          if (ci->cert && ci->subject_dn
-              && !strcmp (ci->subject_dn, subject_dn))
-            for (cr=ctrl->ocsp_certs; cr; cr = cr->next)
-              if (!memcmp (ci->fpr, cr->fpr, 20))
-                {
-                  ksba_cert_ref (ci->cert);
-                  release_cache_lock ();
-                  return ci->cert; /* We use this certificate. */
-                }
-      release_cache_lock ();
-      if (DBG_LOOKUP)
-        log_debug ("find_cert_bysubject: certificate not in ocsp_certs\n");
-    }
-
-
-  /* First we check whether the certificate is cached.  */
-  for (seq=0; (cert = get_cert_bysubject (subject_dn, seq)); seq++)
-    {
-      if (!keyid)
-        break; /* No keyid requested, so return the first one found. */
-      if (!ksba_cert_get_subj_key_id (cert, NULL, &subj)
-          && !cmp_simple_canon_sexp (keyid, subj))
-        {
-          xfree (subj);
-          break; /* Found matching cert. */
-        }
-      xfree (subj);
-      ksba_cert_release (cert);
-    }
-  if (cert)
-    return cert; /* Done.  */
-
-  if (DBG_LOOKUP)
-    log_debug ("find_cert_bysubject: certificate not in cache\n");
-
-  /* Ask back to the service requester to return the certificate.
-     This is because we can assume that he already used the
-     certificate while checking for the CRL. */
-  if (keyid)
-    cert = get_cert_local_ski (ctrl, subject_dn, keyid);
-  else
-    {
-      /* In contrast to get_cert_local_ski, get_cert_local uses any
-         passed pattern, so we need to make sure that an exact subject
-         search is done. */
-      char *buf;
-
-      buf = xtrymalloc (1 + strlen (subject_dn) + 1);
-      if (!buf)
-        {
-          log_error ("can't allocate enough memory: %s\n", strerror (errno));
-          return NULL;
-        }
-      strcpy (stpcpy (buf, "/"), subject_dn);
-      cert = get_cert_local (ctrl, buf);
-      xfree (buf);
-    }
-  if (cert)
-    {
-      cache_cert (cert);
-      return cert; /* Done. */
-    }
-
-  if (DBG_LOOKUP)
-    log_debug ("find_cert_bysubject: certificate not returned by caller"
-               " - doing lookup\n");
-
-  /* Locate the certificate using external resources. */
-  while (!cert)
-    {
-      char *subjdn;
-
-      if (!context)
-        {
-          err = ca_cert_fetch (ctrl, &context, subject_dn);
-          if (err)
-            {
-              log_error (_("error fetching certificate by subject: %s\n"),
-                         gpg_strerror (err));
-              break;
-            }
-        }
-
-      err = fetch_next_ksba_cert (context, &cert);
-      if (err)
-        {
-          log_error (_("error fetching certificate by subject: %s\n"),
-                     gpg_strerror (err) );
-          break;
-        }
-
-      subjdn = ksba_cert_get_subject (cert, 0);
-      if (strcmp (subject_dn, subjdn))
-        {
-          log_info ("find_cert_bysubject: subject DN does not match\n");
-          ksba_cert_release (cert);
-          cert = NULL;
-          ksba_free (subjdn);
-          continue;
-        }
-
-
-      if (DBG_LOOKUP)
-        {
-          log_debug ("   considering certificate (/");
-          dump_string (subjdn);
-          log_printf (")\n");
-        }
-      ksba_free (subjdn);
-
-      /* If no key ID has been provided, we return the first match.  */
-      if (!keyid)
-        {
-          cache_cert (cert);
-          if (DBG_LOOKUP)
-            log_debug ("   found\n");
-          break; /* Ready.  */
-        }
-
-      /* With the key ID given we need to compare it.  */
-      if (!ksba_cert_get_subj_key_id (cert, NULL, &subj))
-        {
-          if (!cmp_simple_canon_sexp (keyid, subj))
-            {
-              ksba_free (subj);
-              cache_cert (cert);
-              if (DBG_LOOKUP)
-                log_debug ("   found\n");
-              break; /* Ready.  */
-            }
-        }
-
-      ksba_free (subj);
-      ksba_cert_release (cert);
-      cert = NULL;
-    }
-
-  end_cert_fetch (context);
-  return cert;
-}
-
-
-
-/* Return 0 if the certificate is a trusted certificate. Returns
-   GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
-   case of systems errors. */
-gpg_error_t
-is_trusted_cert (ksba_cert_t cert)
-{
-  unsigned char fpr[20];
-  cert_item_t ci;
-
-  cert_compute_fpr (cert, fpr);
-
-  acquire_cache_read_lock ();
-  for (ci=cert_cache[*fpr]; ci; ci = ci->next)
-    if (ci->cert && !memcmp (ci->fpr, fpr, 20))
-      {
-        if (ci->flags.trusted)
-          {
-            release_cache_lock ();
-            return 0; /* Yes, it is trusted. */
-          }
-        break;
-      }
-
-  release_cache_lock ();
-  return gpg_error (GPG_ERR_NOT_TRUSTED);
-}
-
-
-
-/* Given the certificate CERT locate the issuer for this certificate
-   and return it at R_CERT.  Returns 0 on success or
-   GPG_ERR_NOT_FOUND.  */
-gpg_error_t
-find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
-{
-  gpg_error_t err;
-  char *issuer_dn;
-  ksba_cert_t issuer_cert = NULL;
-  ksba_name_t authid;
-  ksba_sexp_t authidno;
-  ksba_sexp_t keyid;
-
-  *r_cert = NULL;
-
-  issuer_dn = ksba_cert_get_issuer (cert, 0);
-  if (!issuer_dn)
-    {
-      log_error (_("no issuer found in certificate\n"));
-      err = gpg_error (GPG_ERR_BAD_CERT);
-      goto leave;
-    }
-
-  /* First we need to check whether we can return that certificate
-     using the authorithyKeyIdentifier.  */
-  err = ksba_cert_get_auth_key_id (cert, &keyid, &authid, &authidno);
-  if (err)
-    {
-      log_info (_("error getting authorityKeyIdentifier: %s\n"),
-                gpg_strerror (err));
-    }
-  else
-    {
-      const char *s = ksba_name_enum (authid, 0);
-      if (s && *authidno)
-        {
-          issuer_cert = find_cert_bysn (ctrl, s, authidno);
-        }
-      if (!issuer_cert && keyid)
-        {
-          /* Not found by issuer+s/n.  Now that we have an AKI
-             keyIdentifier look for a certificate with a matching
-             SKI. */
-          issuer_cert = find_cert_bysubject (ctrl, issuer_dn, keyid);
-        }
-      /* Print a note so that the user does not feel too helpless when
-         an issuer certificate was found and gpgsm prints BAD
-         signature because it is not the correct one. */
-      if (!issuer_cert)
-        {
-          log_info ("issuer certificate ");
-          if (keyid)
-            {
-              log_printf ("{");
-              dump_serial (keyid);
-              log_printf ("} ");
-            }
-          if (authidno)
-            {
-              log_printf ("(#");
-              dump_serial (authidno);
-              log_printf ("/");
-              dump_string (s);
-              log_printf (") ");
-            }
-          log_printf ("not found using authorityKeyIdentifier\n");
-        }
-      ksba_name_release (authid);
-      xfree (authidno);
-      xfree (keyid);
-    }
-
-  /* If this did not work, try just with the issuer's name and assume
-     that there is only one such certificate.  We only look into our
-     cache then. */
-  if (err || !issuer_cert)
-    {
-      issuer_cert = get_cert_bysubject (issuer_dn, 0);
-      if (issuer_cert)
-        err = 0;
-    }
-
- leave:
-  if (!err && !issuer_cert)
-    err = gpg_error (GPG_ERR_NOT_FOUND);
-
-  xfree (issuer_dn);
-
-  if (err)
-    ksba_cert_release (issuer_cert);
-  else
-    *r_cert = issuer_cert;
-
-  return err;
-}
diff -Nru gnupg2-2.1.6/dirmngr/certcache.h gnupg2-2.0.28/dirmngr/certcache.h
--- gnupg2-2.1.6/dirmngr/certcache.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/certcache.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,103 +0,0 @@
-/* certcache.h - Certificate caching
- *      Copyright (C) 2004, 2008 g10 Code GmbH
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#ifndef CERTCACHE_H
-#define CERTCACHE_H
-
-/* First time initialization of the certificate cache.  */
-void cert_cache_init (void);
-
-/* Deinitialize the certificate cache.  */
-void cert_cache_deinit (int full);
-
-/* Print some statistics to the log file.  */
-void cert_cache_print_stats (void);
-
-/* Compute the fingerprint of the certificate CERT and put it into
-   the 20 bytes large buffer DIGEST.  Return address of this buffer.  */
-unsigned char *cert_compute_fpr (ksba_cert_t cert, unsigned char *digest);
-
-/* Put CERT into the certificate cache.  */
-gpg_error_t cache_cert (ksba_cert_t cert);
-
-/* Put CERT into the certificate cache and return the fingerprint. */
-gpg_error_t cache_cert_silent (ksba_cert_t cert, void *fpr_buffer);
-
-/* Return 0 if the certificate is a trusted certificate. Returns
-   GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
-   case of systems errors. */
-gpg_error_t is_trusted_cert (ksba_cert_t cert);
-
-
-/* Return a certificate object for the given fingerprint.  FPR is
-   expected to be a 20 byte binary SHA-1 fingerprint.  If no matching
-   certificate is available in the cache NULL is returned.  The caller
-   must release a returned certificate.  */
-ksba_cert_t get_cert_byfpr (const unsigned char *fpr);
-
-/* Return a certificate object for the given fingerprint.  STRING is
-   expected to be a SHA-1 fingerprint in standard hex notation with or
-   without colons.  If no matching certificate is available in the
-   cache NULL is returned.  The caller must release a returned
-   certificate.  */
-ksba_cert_t get_cert_byhexfpr (const char *string);
-
-/* Return the certificate matching ISSUER_DN and SERIALNO.  */
-ksba_cert_t get_cert_bysn (const char *issuer_dn, ksba_sexp_t serialno);
-
-/* Return the certificate matching ISSUER_DN.  SEQ should initially be
-   set to 0 and bumped up to get the next issuer with that DN. */
-ksba_cert_t get_cert_byissuer (const char *issuer_dn, unsigned int seq);
-
-/* Return the certificate matching SUBJECT_DN.  SEQ should initially be
-   set to 0 and bumped up to get the next issuer with that DN. */
-ksba_cert_t get_cert_bysubject (const char *subject_dn, unsigned int seq);
-
-/* Given PATTERN, which is a string as used by GnuPG to specify a
-   certificate, return all matching certificates by calling the
-   supplied function RETFNC.  */
-gpg_error_t get_certs_bypattern (const char *pattern,
-                                 gpg_error_t (*retfnc)(void*,ksba_cert_t),
-                                 void *retfnc_data);
-
-/* Return the certificate matching ISSUER_DN and SERIALNO; if it is
-   not already in the cache, try to find it from other resources.  */
-ksba_cert_t find_cert_bysn (ctrl_t ctrl,
-                            const char *issuer_dn, ksba_sexp_t serialno);
-
-
-/* Return the certificate matching SUBJECT_DN and (if not NULL) KEYID. If
-   it is not already in the cache, try to find it from other
-   resources.  Note, that the external search does not work for user
-   certificates because the LDAP lookup is on the caCertificate
-   attribute. For our purposes this is just fine.  */
-ksba_cert_t find_cert_bysubject (ctrl_t ctrl,
-                                 const char *subject_dn, ksba_sexp_t keyid);
-
-/* Given the certificate CERT locate the issuer for this certificate
-   and return it at R_CERT.  Returns 0 on success or
-   GPG_ERR_NOT_FOUND.  */
-gpg_error_t find_issuing_cert (ctrl_t ctrl,
-                               ksba_cert_t cert, ksba_cert_t *r_cert);
-
-
-
-
-#endif /*CERTCACHE_H*/
diff -Nru gnupg2-2.1.6/dirmngr/ChangeLog-2011 gnupg2-2.0.28/dirmngr/ChangeLog-2011
--- gnupg2-2.1.6/dirmngr/ChangeLog-2011	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ChangeLog-2011	1970-01-01 00:00:00.000000000 +0000
@@ -1,2407 +0,0 @@
-2011-12-01  Werner Koch  
-
-	NB: ChangeLog files are no longer manually maintained.  Starting
-	on December 1st, 2011 we put change information only in the GIT
-	commit log, and generate a top-level ChangeLog file from logs at
-	"make dist".  See doc/HACKING for details.
-
-2011-11-24  Werner Koch  
-
-	* ks-engine-http.c (ks_http_help): Do not print help for hkp.
-	* ks-engine-hkp.c (ks_hkp_help): Print help only for hkp.
-	(send_request): Remove test code.
-	(map_host): Use xtrymalloc.
-
-	* certcache.c (classify_pattern): Remove unused variable and make
-	explicit substring search work.
-
-2011-06-01  Marcus Brinkmann  
-
-	* Makefile.am (dirmngr_ldap_CFLAGS): Add $(LIBGCRYPT_CFLAGS),
-	which is needed by common/util.h.
-
-2011-04-25  Werner Koch  
-
-	* ks-engine-hkp.c (ks_hkp_search): Mark classify_user_id for use
-	with OpenPGP.
-	(ks_hkp_get): Ditto.
-
-2011-04-12  Werner Koch  
-
-	* ks-engine-hkp.c (ks_hkp_search, ks_hkp_get, ks_hkp_put): Factor
-	code out to ..
-	(make_host_part): new.
-	(hostinfo_s): New.
-	(create_new_hostinfo, find_hostinfo, sort_hostpool)
-	(select_random_host, map_host, mark_host_dead)
-	(ks_hkp_print_hosttable): New.
-
-2011-02-23  Werner Koch  
-
-	* certcache.c (get_cert_bysubject): Take care of a NULL argument.
-	(find_cert_bysubject): Ditto.  Fixes bug#1300.
-
-2011-02-09  Werner Koch  
-
-	* ks-engine-kdns.c: New but only the framework.
-
-	* server.c (cmd_keyserver): Add option --help.
-	(dirmngr_status_help): New.
-	* ks-action.c (ks_print_help): New.
-	(ks_action_help): New.
-	* ks-engine-finger.c (ks_finger_help): New.
-	* ks-engine-http.c (ks_http_help): New.
-	* ks-engine-hkp.c (ks_hkp_help): New.
-
-	* ks-action.c (ks_action_fetch): Support http URLs.
-	* ks-engine-http.c: New.
-
-	* ks-engine-finger.c (ks_finger_get): Rename to ks_finger_fetch.
-	Change caller.
-
-2011-02-08  Werner Koch  
-
-	* server.c (cmd_ks_fetch): New.
-	* ks-action.c (ks_action_fetch): New.
-	* ks-engine-finger.c: New.
-
-2011-02-03  Werner Koch  
-
-	* Makefile.am (dirmngr_LDADD): Remove -llber.
-
-2011-01-25  Werner Koch  
-
-	* dirmngr.c (handle_connections): Rewrite loop to use pth-select
-	so to sync timeouts to the full second.
-	(pth_thread_id): New.
-	(main) [W32CE]: Fix setting of default homedir.
-
-	* ldap-wrapper.c (ldap_wrapper_thread): Sync to the full second.
-	Increate pth_wait timeout from 1 to 2 seconds.
-
-2011-01-20  Werner Koch  
-
-	* server.c (release_ctrl_keyservers): New.
-	(cmd_keyserver, cmd_ks_seach, cmd_ks_get, cmd_ks_put): New.
-	* dirmngr.h (uri_item_t): New.
-	(struct server_control_s): Add field KEYSERVERS.
-	* ks-engine-hkp.c: New.
-	* ks-engine.h: New.
-	* ks-action.c, ks-action.h: New.
-	* server.c: Include ks-action.h.
-	(cmd_ks_search): New.
-	* Makefile.am (dirmngr_SOURCES): Add new files.
-
-2011-01-19  Werner Koch  
-
-	* dirmngr.c (main): Use es_printf for --gpgconf-list.
-
-2010-12-14  Werner Koch  
-
-	* cdb.h (struct cdb) [W32]: Add field CDB_MAPPING.
-	* cdblib.c (cdb_init) [W32]: Save mapping handle.
-	(cdb_free) [W32]: Don't leak the mapping handle from cdb_init by
-	using the saved one.
-
-	* crlcache.c (crl_cache_insert): Close unused matching files.
-
-	* dirmngr.c (main) [W32CE]: Change homedir in daemon mode to /gnupg.
-
-2010-12-07  Werner Koch  
-
-	* dirmngr.c (TIMERTICK_INTERVAL) [W32CE]: Change to 60s.
-
-2010-11-23  Werner Koch  
-
-	* Makefile.am (dirmngr_LDFLAGS): Add extra_bin_ldflags.
-	(dirmngr_client_LDFLAGS): Ditto.
-
-2010-10-21  Werner Koch  
-
-	* dirmngr.c (main): Changed faked system time warning
-
-2010-10-15  Werner Koch  
-
-	* Makefile.am (CLEANFILES): Add no-libgcrypt.c.
-
-2010-09-16  Werner Koch  
-
-	* validate.c (validate_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
-
-2010-08-13  Werner Koch  
-
-	* Makefile.am (dirmngr_SOURCES): Add w32-ldap-help.h.
-
-	* dirmngr_ldap.c (fetch_ldap): Call ldap_unbind.
-
-	* w32-ldap-help.h: New.
-	* dirmngr_ldap.c [W32CE]: Include w32-ldap-help.h and use the
-	mapped ldap functions.
-
-2010-08-12  Werner Koch  
-
-	* crlcache.c (update_dir, crl_cache_insert): s/unlink/gnupg_remove/.
-
-	* dirmngr.c (dirmngr_sighup_action): New.
-
-	* server.c (cmd_killdirmngr, cmd_reloaddirmngr): New.
-	(struct server_local_s): Add field STOPME.
-	(start_command_handler): Act on STOPME.
-
-2010-08-06  Werner Koch  
-
-	* dirmngr.c (JNLIB_NEED_AFLOCAL): Define macro.
-	(main): Use SUN_LEN macro.
-	(main) [W32]: Allow EEXIST in addition to EADDRINUSE.
-
-2010-08-05  Werner Koch  
-
-	* server.c (set_error, leave_cmd): New.
-	(cmd_validate, cmd_ldapserver, cmd_isvalid, cmd_checkcrl)
-	(cmd_checkocsp, cmd_lookup, cmd_listcrls, cmd_cachecert): Use
-	leave_cmd.
-	(cmd_getinfo): New.
-	(data_line_cookie_write, data_line_cookie_close): New.
-	(cmd_listcrls): Replace assuan_get_data_fp by es_fopencookie.
-
-	* misc.c (create_estream_ksba_reader, my_estream_ksba_reader_cb): New.
-	* certcache.c (load_certs_from_dir): Use create_estream_ksba_reader.
-	* crlcache.c (crl_cache_load): Ditto.
-
-2010-08-03  Werner Koch  
-
-	* dirmngr_ldap.c (pth_enter, pth_leave) [USE_LDAPWRAPPER]: Turn
-	into functions for use in a 'for' control stmt.
-
-2010-07-26  Werner Koch  
-
-	* dirmngr_ldap.c (print_ldap_entries): Remove special fwrite case
-	for W32 because that is now handles by estream.
-
-2010-07-25  Werner Koch  
-
-	* Makefile.am (dirmngr_SOURCES) [!USE_LDAPWRAPPER]: Build
-	ldap-wrapper-ce.
-	* ldap-wrapper-ce.c: New.
-
-	* dirmngr_ldap.c (opt): Remove global variable ...
-	(my_opt_t): ... and declare a type instead.
-	(main): Define a MY_OPT variable and change all references to OPT
-	to this.
-	(set_timeout, print_ldap_entries, fetch_ldap, process_url): Pass
-	MYOPT arg.
-
-2010-07-24  Werner Koch  
-
-	* dirmngr_ldap.c (main): Init common subsystems.  Call
-	es_set_binary.
-
-2010-07-19  Werner Koch  
-
-	* dirmngr.c: Include ldap-wrapper.h.
-	(launch_reaper_thread): Move code to ...
-	* ldap-wrapper.c (ldap_wrapper_launch_thread): .. here.  Change
-	callers.
-	(ldap_wrapper_thread): Rename to ...
-	(wrapper_thread): this and make local.
-
-	* ldap.c (destroy_wrapper, print_log_line)
-	(read_log_data, ldap_wrapper_thread)
-	(ldap_wrapper_wait_connections, ldap_wrapper_release_context)
-	(ldap_wrapper_connection_cleanup, reader_callback, ldap_wrapper):
-	Factor code out to ...
-	* ldap-wrapper.c: new.
-	(ldap_wrapper): Make public.
-	(read_buffer): Copy from ldap.c.
-	* ldap-wrapper.h: New.
-	* Makefile.am (dirmngr_SOURCES): Add new files.
-
-2010-07-16  Werner Koch  
-
-	* http.c, http.h: Remove.
-
-	* dirmngr-err.h: New.
-	* dirmngr.h: Include dirmngr-err.h instead of gpg-error.h
-
-	* cdblib.c: Replace assignments to ERRNO by a call to
-	gpg_err_set_errno.  Include dirmngr-err.h.
-	(cdb_free) [__MINGW32CE__]: Do not use get_osfhandle.
-
-	* dirmngr.c [!HAVE_SIGNAL_H]: Don't include signal.h.
-	(USE_W32_SERVICE): New.  Use this to control the use of the W32
-	service system.
-
-2010-07-06  Werner Koch  
-
-	* dirmngr.c (main): Print note on directory name changes.
-
-	Replace almost all uses of stdio by estream.
-
-	* b64dec.c, b64enc.c: Remove.  They are duplicated in ../common/.
-
-2010-06-28  Werner Koch  
-
-	* dirmngr_ldap.c (my_i18n_init): Remove.
-	(main): Call i18n_init instead of above function.
-
-	* dirmngr-client.c (my_i18n_init): Remove.
-	(main): Call i18n_init instead of above function.
-
-	* Makefile.am (dirmngr_LDADD): Add ../gl/libgnu.
-	(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
-
-2010-06-09  Werner Koch  
-
-	* i18n.h: Remove.
-
-	* Makefile.am (no-libgcrypt.c): New rule.
-
-	* exechelp.h: Remove.
-	* exechelp.c: Remove.
-	(dirmngr_release_process): Change callers to use the gnupg func.
-	(dirmngr_wait_process): Likewise.
-	(dirmngr_kill_process): Likewise.  This actually implements it for
-	W32.
-	* ldap.c (ldap_wrapper): s/get_dirmngr_ldap_path/gnupg_module_name/.
-	(ldap_wrapper_thread): Use gnupg_wait_process and adjust for
-	changed semantics.
-	(ldap_wrapper): Replace xcalloc by xtrycalloc.  Replace spawn
-	mechanism.
-
-	* server.c (start_command_handler): Remove assuan_set_log_stream.
-
-	* validate.c: Remove gcrypt.h and ksba.h.
-
-	* ldapserver.c: s/util.h/dirmngr.h/.
-
-	* dirmngr.c (sleep) [W32]: Remove macro.
-	(main): s/sleep/gnupg_sleep/.
-	(pid_suffix_callback): Change arg type.
-	(my_gcry_logger): Remove.
-	(fixed_gcry_pth_init): New.
-	(main): Use it.
-	(FD2INT): Remove.
-
-2010-06-08  Werner Koch  
-
-	* misc.h (copy_time): Remove and replace by gnupg_copy_time which
-	allows to set a null date.
-	* misc.c (dump_isotime, get_time, get_isotime, set_time)
-	(check_isotime, add_isotime): Remove and replace all calls by the
-	versions from common/gettime.c.
-
-	* crlcache.c, misc.c, misc.h: s/dirmngr_isotime_t/gnupg_isotime_t/.
-	* server.c, ldap.c: Reorder include directives.
-	* crlcache.h, misc.h: Remove all include directives.
-
-	* certcache.c (cmp_simple_canon_sexp): Remove.
-	(compare_serialno): Rewrite using cmp_simple_canon_sexp from
-	common/sexputil.c
-
-	* error.h: Remove.
-
-	* dirmngr.c: Remove transitional option "--ignore-ocsp-servic-url".
-	(opts): Use ARGPARSE macros.
-	(i18n_init): Remove.
-	(main): Use GnuPG init functions.
-
-	* dirmngr.h: Remove duplicated stuff now taken from ../common.
-
-	* get-path.c, util.h: Remove.
-
-	* Makefile.am: Adjust to GnuPG system.
-	* estream.c, estream.h, estream-printf.c, estream-printf.h: Remove.
-
-2010-06-07  Werner Koch  
-
-	* OAUTHORS, ONEWS, ChangeLog.1: New.
-
-	* ChangeLog, Makefile.am, b64dec.c, b64enc.c, cdb.h, cdblib.c
-	* certcache.c, certcache.h, crlcache.c, crlcache.h, crlfetch.c
-	* crlfetch.h, dirmngr-client.c, dirmngr.c, dirmngr.h
-	* dirmngr_ldap.c, error.h, estream-printf.c, estream-printf.h
-	* estream.c, estream.h, exechelp.c, exechelp.h, get-path.c, http.c
-	* http.h, i18n.h, ldap-url.c, ldap-url.h, ldap.c, ldapserver.c
-	* ldapserver.h, misc.c, misc.h, ocsp.c, ocsp.h, server.c, util.h
-	* validate.c, validate.h: Imported from the current SVN of the
-	dirmngr package (only src/).
-
-2010-03-13  Werner Koch  
-
-	* dirmngr.c (int_and_ptr_u): New.
-	(pid_suffix_callback): Trick out compiler.
-	(start_connection_thread): Ditto.
-	(handle_connections): Ditto.
-
-2010-03-09  Werner Koch  
-
-	* dirmngr.c (set_debug): Allow numerical values.
-
-2009-12-15  Werner Koch  
-
-	* dirmngr.c: Add option --ignore-cert-extension.
-	(parse_rereadable_options): Implement.
-	* dirmngr.h (opt): Add IGNORED_CERT_EXTENSIONS.
-	* validate.c (unknown_criticals): Handle ignored extensions.
-
-2009-12-08  Marcus Brinkmann  
-
-	* dirmngr-client.c (start_dirmngr): Convert posix FDs to assuan fds.
-
-2009-11-25  Marcus Brinkmann  
-
-	* server.c (start_command_handler): Use assuan_fd_t and
-	assuan_fdopen on fds.
-
-2009-11-05  Marcus Brinkmann  
-
-	* server.c (start_command_handler): Update use of
-	assuan_init_socket_server.
-	* dirmngr-client.c (start_dirmngr): Update use of
-	assuan_pipe_connect and assuan_socket_connect.
-
-2009-11-04  Werner Koch  
-
-	* server.c (register_commands): Add help arg to
-	assuan_register_command.  Change all command comments to strings.
-
-2009-11-02  Marcus Brinkmann  
-
-	* server.c (reset_notify): Take LINE argument, return gpg_error_t.
-
-2009-10-16  Marcus Brinkmann  
-
-	* Makefile.am: (dirmngr_LDADD): Link to $(LIBASSUAN_LIBS) instead
-	of $(LIBASSUAN_PTH_LIBS).
-	* dirmngr.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
-	(main): Call assuan_set_system_hooks and assuan_sock_init.
-
-2009-09-22  Marcus Brinkmann  
-
-	* dirmngr.c (main): Update to new Assuan interface.
-	* server.c (option_handler, cmd_ldapserver, cmd_isvalid)
-	(cmd_checkcrl, cmd_checkocsp, cmd_lookup, cmd_loadcrl)
-	(cmd_listcrls, cmd_cachecert, cmd_validate): Return gpg_error_t
-	instead int.
-	(register_commands): Likewise for member HANDLER.
-	(start_command_handler): Allocate context with assuan_new before
-	starting server.  Release on error.
-	* dirmngr-client.c (main): Update to new Assuan interface.
-	(start_dirmngr): Allocate context with assuan_new before
-	connecting to server.  Release on error.
-
-2009-08-12  Werner Koch  
-
-	* dirmngr-client.c (squid_loop_body): Flush stdout.  Suggested by
-	Philip Shin.
-
-2009-08-07  Werner Koch  
-
-	* crlfetch.c (my_es_read): Add explicit check for EOF.
-
-	* http.c (struct http_context_s): Turn IN_DATA and IS_HTTP_0_9 to
-	bit fields.
-	(struct cookie_s): Add CONTENT_LENGTH_VALID and CONTENT_LENGTH.
-	(parse_response): Parse the Content-Length header.
-	(cookie_read): Handle content length.
-	(http_open): Make NEED_HEADER the semi-default.
-
-	* http.h (HTTP_FLAG_IGNORE_CL): New.
-
-2009-08-04  Werner Koch  
-
-	* ldap.c (ldap_wrapper_thread): Factor some code out to ...
-	(read_log_data): ... new.  Close the log fd on error.
-	(ldap_wrapper_thread): Delay cleanup until the log fd is closed.
-	(SAFE_PTH_CLOSE): New.  Use it instead of pth_close.
-
-2009-07-31  Werner Koch  
-
-	* server.c (cmd_loadcrl): Add option --url.
-	* dirmngr-client.c (do_loadcrl): Make use of --url.
-
-	* crlfetch.c (crl_fetch): Remove HTTP_FLAG_NO_SHUTDOWN.  Add
-	flag HTTP_FLAG_LOG_RESP with active DBG_LOOKUP.
-
-	* http.c: Require estream.  Remove P_ES macro.
-	(write_server): Remove.
-	(my_read_line): Remove.  Replace all callers by es_read_line.
-	(send_request): Use es_asprintf.  Always store the cookie.
-	(http_wait_response): Remove the need to dup the socket.  USe new
-	shutdown flag.
-	* http.h (HTTP_FLAG_NO_SHUTDOWN): Rename to HTTP_FLAG_SHUTDOWN.
-
-	* estream.c, estream.h, estream-printf.c, estream-printf.h: Update
-	from current libestream.  This is provide es_asprintf.
-
-2009-07-20  Werner Koch  
-
-	* dirmngr.c (pid_suffix_callback): New.
-	(main): Use log_set_pid_suffix_cb.
-	(start_connection_thread): Put the fd into the tls.
-
-	* ldap.c (ldap_wrapper_thread): Print ldap worker stati.
-	(ldap_wrapper_release_context): Print a debug info.
-	(end_cert_fetch_ldap): Release the reader.  Might fix bug#999.
-
-2009-06-17  Werner Koch  
-
-	* util.h: Remove unused dotlock.h.
-
-2009-05-26  Werner Koch  
-
-	* ldap.c (ldap_wrapper): Show reader object in diagnostics.
-	* crlcache.c (crl_cache_reload_crl): Ditto.  Change debug messages
-	to regular diagnostics.
-	* dirmngr_ldap.c (print_ldap_entries): Add extra diagnostics.
-
-2009-04-03  Werner Koch  
-
-	* dirmngr.h (struct server_local_s): Move back to ...
-	* server.c (struct server_local_s): ... here.
-	(get_ldapservers_from_ctrl): New.
-	* ldapserver.h (ldapserver_iter_begin): Use it.
-
-2008-10-29  Marcus Brinkmann  
-
-	* estream.c (es_getline): Add explicit cast to silence gcc -W
-	warning.
-	* crlcache.c (finish_sig_check): Likewise.
-
-	* dirmngr.c (opts): Add missing initializer to silence gcc
-	-W warning.
-	* server.c (register_commands): Likewise.
-	* dirmngr-client.c (opts): Likewise.
-	* dirmngr_ldap.c (opts): Likewise.
-
-	* dirmngr-client.c (status_cb, inq_cert, data_cb): Change return
-	type to gpg_error_t to silence gcc warning.
-
-2008-10-21  Werner Koch  
-
-	* certcache.c (load_certs_from_dir): Accept ".der" files.
-
-	* server.c (get_istrusted_from_client): New.
-	* validate.c (validate_cert_chain): Add new optional arg
-	R_TRUST_ANCHOR.  Adjust all callers
-	* crlcache.c (crl_cache_entry_s): Add fields USER_TRUST_REQ
-	and CHECK_TRUST_ANCHOR.
-	(release_one_cache_entry): Release CHECK_TRUST_ANCHOR.
-	(list_one_crl_entry): Print info about the new fields.
-	(open_dir, write_dir_line_crl): Support the new U-flag.
-	(crl_parse_insert): Add arg R_TRUST_ANCHOR and set it accordingly.
-	(crl_cache_insert): Store trust anchor in entry object.
-	(cache_isvalid): Ask client for trust is needed.
-
-	* crlcache.c (open_dir): Replace xcalloc by xtrycalloc.
-	(next_line_from_file): Ditt.  Add arg to return the gpg error.
-	Change all callers.
-	(update_dir): Replace sprintf and malloc by estream_asprintf.
-	(crl_cache_insert): Ditto.
-	(crl_cache_isvalid): Replace xmalloc by xtrymalloc.
-	(get_auth_key_id): Ditto.
-	(crl_cache_insert): Ditto.
-
-	* crlcache.c (start_sig_check): Remove HAVE_GCRY_MD_DEBUG test.
-	* validate.c (check_cert_sig): Ditto.  Remove workaround for bug
-	in libgcrypt 1.2.
-
-	* estream.c, estream.h, estream-printf.c, estream-printf.h: Update
-	from current libestream (svn rev 61).
-
-2008-09-30  Marcus Brinkmann  
-
-	* get-path.c (get_dirmngr_ldap_path): Revert last change.
-	Instead, use dirmngr_libexecdir().
-	(find_program_at_standard_place): Don't define for now.
-
-2008-09-30  Marcus Brinkmann  
-
-	* get-path.c (dirmngr_cachedir): Make COMP a pointer to const to
-	silence gcc warning.
-	(get_dirmngr_ldap_path): Look for dirmngr_ldap in the installation
-	directory.
-
-2008-08-06  Marcus Brinkmann  
-
-	* dirmngr.c (main): Mark the ldapserverlist-file option as
-	read-only.
-
-2008-07-31  Werner Koch  
-
-	* crlcache.c (start_sig_check) [!HAVE_GCRY_MD_DEBUG]: Use
-	gcry_md_start_debug
-
-2008-06-16  Werner Koch  
-
-	* get-path.c (w32_commondir): New.
-	(dirmngr_sysconfdir): Use it here.
-	(dirmngr_datadir): Ditto.
-
-2008-06-12  Marcus Brinkmann  
-
-	* Makefile.am (dirmngr_SOURCES): Add ldapserver.h and ldapserver.c.
-	* ldapserver.h, ldapserver.c: New files.
-	* ldap.c: Include "ldapserver.h".
-	(url_fetch_ldap): Use iterator to get session servers as well.
-	(attr_fetch_ldap, start_default_fetch_ldap): Likewise.
-	* dirmngr.c: Include "ldapserver.h".
-	(free_ldapservers_list): Removed.  Change callers to
-	ldapserver_list_free.
-	(parse_ldapserver_file): Use ldapserver_parse_one.
-	* server.c: Include "ldapserver.h".
-	(cmd_ldapserver): New command.
-	(register_commands): Add new command LDAPSERVER.
-	(reset_notify): New function.
-	(start_command_handler): Register reset notify handler.
-	Deallocate session server list.
-	(lookup_cert_by_pattern): Use iterator to get session servers as well.
-	(struct server_local_s): Move to ...
-	* dirmngr.h (struct server_local_s): ... here.  Add new member
-	ldapservers.
-
-2008-06-10  Werner Koch  
-
-	Support PEM encoded CRLs.  Fixes bug#927.
-
-	* crlfetch.c (struct reader_cb_context_s): New.
-	(struct file_reader_map_s): Replace FP by new context.
-	(register_file_reader, get_file_reader): Adjust accordingly.
-	(my_es_read): Detect Base64 encoded CRL and decode if needed.
-	(crl_fetch): Pass new context to the callback.
-	(crl_close_reader): Cleanup the new context.
-	* b64dec.c: New.  Taken from GnuPG.
-	* util.h (struct b64state): Add new fields STOP_SEEN and
-	INVALID_ENCODING.
-
-2008-05-26  Marcus Brinkmann  
-
-	* dirmngr.c (main) [HAVE_W32_SYSTEM]: Switch to system
-	configuration on gpgconf related commands, and make all options
-	unchangeable.
-
-2008-03-25  Marcus Brinkmann  
-
-	* dirmngr_ldap.c (print_ldap_entries): Add code alternative for
-	W32 console stdout (unused at this point).
-
-2008-03-21  Marcus Brinkmann  
-
-	* estream.c (ESTREAM_MUTEX_DESTROY): New macro.
-	(es_create, es_destroy): Use it.
-
-2008-02-21  Werner Koch  
-
-	* validate.c (check_cert_sig) [HAVE_GCRY_MD_DEBUG]: Use new debug
-	function if available.
-
-	* crlcache.c (abort_sig_check): Mark unused arg.
-
-	* exechelp.c (dirmngr_release_process) [!W32]: Mark unsed arg.
-
-	* validate.c (is_root_cert): New.  Taken from GnuPG.
-	(validate_cert_chain): Use it in place of the simple DN compare.
-
-2008-02-15  Marcus Brinkmann  
-
-	* dirmngr.c (main): Reinitialize assuan log stream if necessary.
-
-	* crlcache.c (update_dir) [HAVE_W32_SYSTEM]: Remove destination
-	file before rename.
-	(crl_cache_insert) [HAVE_W32_SYSTEM]: Remove destination file
-	before rename.
-
-2008-02-14  Marcus Brinkmann  
-
-	* validate.c (check_cert_policy): Use ksba_free instead of xfree.
-	(validate_cert_chain): Likewise.  Free SUBJECT on error.
-	(cert_usage_p): Likewise.
-
-	* crlcache.c (finish_sig_check): Undo last change.
-	(finish_sig_check): Close md.
-	(abort_sig_check): New function.
-	(crl_parse_insert): Use abort_sig_check to clean up.
-
-	* crlcache.c (crl_cache_insert): Clean up CDB on error.
-
-2008-02-13  Marcus Brinkmann  
-
-	* crlcache.c (finish_sig_check): Call gcry_md_stop_debug.
-	* exechelp.h (dirmngr_release_process): New prototype.
-	* exechelp.c (dirmngr_release_process): New function.
-	* ldap.c (ldap_wrapper_thread): Release pid.
-	(destroy_wrapper): Likewise.
-
-	* dirmngr.c (launch_reaper_thread): Destroy tattr.
-	(handle_connections): Likewise.
-
-2008-02-12  Marcus Brinkmann  
-
-	* ldap.c (pth_close) [! HAVE_W32_SYSTEM]: New macro.
-	(struct wrapper_context_s): New member log_ev.
-	(destroy_wrapper): Check FDs for != -1 rather than != 0.  Use
-	pth_close instead of close.  Free CTX->log_ev.
-	(ldap_wrapper_thread): Rewritten to use pth_wait instead of
-	select.  Also use pth_read instead of read and pth_close instead
-	of close.
-	(ldap_wrapper): Initialize CTX->log_ev.
-	(reader_callback): Use pth_close instead of close.
-	* exechelp.c (create_inheritable_pipe) [HAVE_W32_SYSTEM]: Removed.
-	(dirmngr_spawn_process) [HAVE_W32_SYSTEM]: Use pth_pipe instead.
-	* dirmngr_ldap.c [HAVE_W32_SYSTEM]: Include .
-	(main) [HAVE_W32_SYSTEM]: Set mode of stdout to binary.
-
-2008-02-01  Werner Koch  
-
-	* ldap.c: Remove all ldap headers as they are unused.
-
-	* dirmngr_ldap.c (LDAP_DEPRECATED): New, to have OpenLDAP use the
-	old standard API.
-
-2008-01-10  Werner Koch  
-
-	* dirmngr-client.c: New option --local.
-	(do_lookup): Use it.
-
-	* server.c (lookup_cert_by_pattern): Implement local lookup.
-	(return_one_cert): New.
-	* certcache.c (hexsn_to_sexp): New.
-	(classify_pattern, get_certs_bypattern): New.
-
-	* misc.c (unhexify): Allow passing NULL for RESULT.
-	(cert_log_subject): Do not call ksba_free on an unused variable.
-
-2008-01-02  Marcus Brinkmann  
-
-	* Makefile.am (dirmngr_LDADD, dirmngr_ldap_LDADD)
-	(dirmngr_client_LDADD): Add $(LIBICONV).  Reported by Michael
-	Nottebrock.
-
-2007-12-11  Werner Koch  
-
-	* server.c (option_handler): New option audit-events.
-	* dirmngr.h (struct server_control_s): Add member AUDIT_EVENTS.
-
-2007-11-26  Marcus Brinkmann  
-
-	* get-path.c (dirmngr_cachedir): Create intermediate directories.
-	(default_socket_name): Use CSIDL_WINDOWS.
-
-2007-11-21  Werner Koch  
-
-	* server.c (lookup_cert_by_pattern): Add args SINGLE and CACHE_ONLY.
-	(cmd_lookup): Add options --single and --cache-only.
-
-2007-11-16  Werner Koch  
-
-	* certcache.c (load_certs_from_dir): Also log the subject DN.
-	* misc.c (cert_log_subject): New.
-
-2007-11-14  Werner Koch  
-
-	* dirmngr-client.c: Replace --lookup-url by --url.
-	(main): Remove extra code for --lookup-url.
-	(do_lookup): Remove LOOKUP_URL arg and use the
-	global option OPT.URL.
-
-	* server.c (has_leading_option): New.
-	(cmd_lookup): Use it.
-
-	* crlfetch.c (fetch_cert_by_url): Use GPG_ERR_INV_CERT_OBJ.
-	(fetch_cert_by_url): Use gpg_error_from_syserror.
-
-2007-11-14  Moritz    (wk)
-
-	* dirmngr-client.c: New command: --lookup-url .
-	(do_lookup): New parameter: lookup_url.  If TRUE, include "--url"
-	switch in LOOKUP transaction.
-	(enum): New entry: oLookupUrl.
-	(opts): Likewise.
-	(main): Handle oLookupUrl.  New variable: cmd_lookup_url, set
-	during option parsing, pass to do_lookup() and substitute some
-	occurences of "cmd_lookup" with "cmd_lookup OR cmd_lookup_url".
-	* crlfetch.c (fetch_cert_by_url): New function, uses
-	url_fetch_ldap() to create a reader object and libksba functions
-	to read a single cert from that reader.
-	* server.c (lookup_cert_by_url, lookup_cert_by_pattern): New
-	functions.
-	(cmd_lookup): Moved almost complete code ...
-	(lookup_cert_by_pattern): ... here.
-	(cmd_lookup): Support new optional argument: --url.  Depending on
-	the presence of that switch, call lookup_cert_by_url() or
-	lookup_cert_by_pattern().
-	(lookup_cert_by_url): Heavily stripped down version of
-	lookup_cert_by_pattern(), using fetch_cert_by_url.
-
-2007-10-24  Marcus Brinkmann  
-
-	* exechelp.c (dirmngr_spawn_process): Fix child handles.
-
-2007-10-05  Marcus Brinkmann  
-
-	* dirmngr.h: Include assuan.h.
-	(start_command_handler): Change type of FD to assuan_fd_t.
-	* dirmngr.c: Do not include w32-afunix.h.
-        (socket_nonce): New global variable.
-        (create_server_socket): Use assuan socket wrappers.  Remove W32
-	specific stuff.  Save the server nonce.
-        (check_nonce): New function.
-        (start_connection_thread): Call it.
-        (handle_connections): Change args to assuan_fd_t.
-	* server.c (start_command_handler): Change type of FD to assuan_fd_t.
-
-2007-09-12  Marcus Brinkmann  
-
-	* dirmngr.c (main): Percent escape pathnames in --gpgconf-list output.
-
-2007-08-27  Moritz Schulte  
-
-	* src/Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SOCKETDIR based on
-	$(localstatedir).
-	* src/get-path.c (default_socket_name): Use DIRMNGR_SOCKETDIR
-	instead of hard-coded "/var/run/dirmngr".
-
-2007-08-16  Werner Koch  
-
-	* get-path.c (get_dirmngr_ldap_path): Make PATHNAME const.
-
-	* dirmngr.c (my_ksba_hash_buffer): Mark unused arg.
-	(dirmngr_init_default_ctrl): Ditto.
-	(my_gcry_logger): Ditto.
-	* dirmngr-client.c (status_cb): Ditto.
-	* dirmngr_ldap.c (catch_alarm): Ditto.
-	* estream-printf.c (pr_bytes_so_far): Ditto.
-	* estream.c (es_func_fd_create): Ditto.
-	(es_func_fp_create): Ditto.
-	(es_write_hexstring): Ditto.
-	* server.c (cmd_listcrls): Ditto.
-	(cmd_cachecert): Ditto.
-	* crlcache.c (cache_isvalid): Ditto.
-	* ocsp.c (do_ocsp_request): Ditto.
-	* ldap.c (ldap_wrapper_thread): Ditto.
-	* http.c (http_register_tls_callback): Ditto.
-	(connect_server): Ditto.
-	(write_server) [!HTTP_USE_ESTREAM]: Don't build.
-
-2007-08-14  Werner Koch  
-
-	* get-path.c (dirmngr_cachedir) [W32]: Use CSIDL_LOCAL_APPDATA.
-
-2007-08-13  Werner Koch  
-
-	* dirmngr.c (handle_connections): Use a timeout in the accept
-	function.  Block signals while creating a new thread.
-	(shutdown_pending): Needs to be volatile as also accessed bt the
-	service function.
-	(w32_service_control): Do not use the regular log fucntions here.
-	(handle_tick): New.
-	(main): With system_service in effect use aDaemon as default
-	command.
-	(main) [W32]: Only temporary redefine main for the sake of Emacs's
-	"C-x 4 a".
-
-	* dirmngr-client.c (main) [W32]: Initialize sockets.
-	(start_dirmngr): Use default_socket_name instead of a constant.
-	* Makefile.am (dirmngr_client_SOURCES): Add get-path.c
-
-2007-08-09  Werner Koch  
-
-	* dirmngr.c (parse_ocsp_signer): New.
-	(parse_rereadable_options): Set opt.ocsp_signer to this.
-	* dirmngr.h (fingerprint_list_t): New.
-	* ocsp.c (ocsp_isvalid, check_signature, validate_responder_cert):
-	Allow for several default ocscp signers.
-	(ocsp_isvalid): Return GPG_ERR_NO_DATA for an unknwon status.
-
-	* dirmngr-client.c: New option --force-default-responder.
-
-	* server.c (has_option, skip_options): New.
-	(cmd_checkocsp): Add option --force-default-responder.
-	(cmd_isvalid): Ditto.  Also add option --only-ocsp.
-
-	* ocsp.c (ocsp_isvalid): New arg FORCE_DEFAULT_RESPONDER.
-
-	* dirmngr.c: New option --ocsp-max-period.
-	* ocsp.c (ocsp_isvalid): Implement it and take care that a missing
-	next_update is to be ignored.
-
-	* crlfetch.c (my_es_read): New.  Use it instead of es_read.
-
-	* estream.h, estream.c, estream-printf.c: Updated from current
-	libestream SVN.
-
-2007-08-08  Werner Koch  
-
-	* crlcache.c (crl_parse_insert): Hack to allow for a missing
-	nextUpdate.
-
-	* dirmngr_ldap.c (print_ldap_entries): Strip the extension from
-	the want_attr.
-
-	* exechelp.c (dirmngr_wait_process): Reworked for clear error
-	semantics.
-	* ldap.c (ldap_wrapper_thread): Adjust for new
-	dirmngr_wait_process semantics.
-
-2007-08-07  Werner Koch  
-
-	* get-path.c (default_socket_name) [!W32]: Fixed syntax error.
-
-	* ldap.c (X509CACERT, make_url, fetch_next_cert_ldap): Support
-	x509caCert as used by the Bundesnetzagentur.
-	(ldap_wrapper): Do not pass the prgtram name as the first
-	argument.  dirmngr_spawn_process takes care of that.
-
-2007-08-04  Marcus Brinkmann  
-
-	* dirmngr.h (opt): Add member system_service.
-	* dirmngr.c (opts) [HAVE_W32_SYSTEM]: New entry for option
-	--service.
-	(DEFAULT_SOCKET_NAME): Removed.
-	(service_handle, service_status,
-	w32_service_control) [HAVE_W32_SYSTEM]: New symbols.
-	(main) [HAVE_W32_SYSTEM]: New entry point for --service.  Rename
-	old function to ...
-	(real_main) [HAVE_W32_SYSTEM]: ... this.  Use default_socket_name
-	instead of DEFAULT_SOCKET_NAME, and similar for other paths.
-	Allow colons in Windows socket path name, and implement --service
-	option.
-	* util.h (dirmngr_sysconfdir, dirmngr_libexecdir, dirmngr_datadir,
-	dirmngr_cachedir, default_socket_name): New prototypes.
-	* get-path.c (dirmngr_sysconfdir, dirmngr_libexecdir)
-	(dirmngr_datadir, dirmngr_cachedir, default_socket_name): New
-	functions.
-	(DIRSEP_C, DIRSEP_S): New macros.
-
-2007-08-03  Marcus Brinkmann  
-
-	* get-path.c: Really add the file this time.
-
-2007-07-31  Marcus Brinkmann  
-
-	* crlfetch.c: Include "estream.h".
-	(crl_fetch): Use es_read callback instead a file handle.
-	(crl_close_reader): Use es_fclose instead of fclose.
-	(struct file_reader_map_s): Change type of FP to estream_t.
-	(register_file_reader, crl_fetch, crl_close_reader): Likewise.
-	* ocsp.c: Include "estream.h".
-	(read_response): Change type of FP to estream_t.
-	(read_response, do_ocsp_request): Use es_* variants of I/O
-	functions.
-
-	* http.c: Include .
-	(http_wait_response) [HAVE_W32_SYSTEM]: Use DuplicateHandle.
-	(cookie_read): Use pth_read instead read.
-	(cookie_write): Use pth_write instead write.
-
-2007-07-30  Marcus Brinkmann  
-
-	* ldap-url.c (ldap_str2charray): Fix buglet in ldap_utf8_strchr
-	invocation.
-
-2007-07-27  Marcus Brinkmann  
-
-	* estream.h, estream.c: Update from recent GnuPG.
-
-	* get-path.c: New file.
-	* Makefile.am (dirmngr_SOURCES): Add get-path.c.
-	* util.h (default_homedir, get_dirmngr_ldap_path): New prototypes.
-	* dirmngr.c (main): Use default_homedir().
-	* ldap-url.h: Remove japanese white space (sorry!).
-
-2007-07-26  Marcus Brinkmann  
-
-	* ldap.c (pth_yield): Remove macro.
-
-	* ldap.c (pth_yield) [HAVE_W32_SYSTEM]: Define to Sleep(0).
-
-	* dirmngr_ldap.c [HAVE_W32_SYSTEM]: Do not include , but
-	,  and "ldap-url.h".
-	* ldap.c [HAVE_W32_SYSTEM]: Do not include , but
-	 and .
-
-	* ldap-url.c: Do not include , but ,
-	 and "ldap-url.h".
-	(LDAP_P): New macro.
-	* ldap-url.h: New file.
-	* Makefile.am (ldap_url): Add ldap-url.h.
-
-	* Makefile.am (ldap_url): New variable.
-	(dirmngr_ldap_SOURCES): Add $(ldap_url).
-	(dirmngr_ldap_LDADD): Add $(LIBOBJS).
-	* ldap-url.c: New file, excerpted from OpenLDAP.
-	* dirmngr.c (main) [HAVE_W32_SYSTEM]: Avoid the daemonization.
-	* dirmngr_ldap.c: Include "util.h".
-	(main) [HAVE_W32_SYSTEM]: Don't set up alarm.
-	(set_timeout) [HAVE_W32_SYSTEM]: Likewise.
-	* ldap.c [HAVE_W32_SYSTEM]: Add macros for setenv and pth_yield.
-	* no-libgcrypt.h (NO_LIBGCRYPT): Define.
-	* util.h [NO_LIBGCRYPT]: Don't include .
-
-2007-07-23  Marcus Brinkmann  
-
-	* Makefile.am (dirmngr_SOURCES): Add exechelp.h and exechelp.c.
-	* exechelp.h, exechelp.c: New files.
-	* ldap.c: Don't include  but "exechelp.h".
-	(destroy_wrapper, ldap_wrapper_thread,
-	ldap_wrapper_connection_cleanup): Use dirmngr_kill_process instead
-	of kill.
-	(ldap_wrapper_thread): Use dirmngr_wait_process instead of
-	waitpid.
-	(ldap_wrapper): Use dirmngr_spawn_process.
-
-2007-07-20  Marcus Brinkmann  
-
-	* certcache.c (cert_cache_lock): Do not initialize statically.
-	(init_cache_lock): New function.
-	(cert_cache_init): Call init_cache_lock.
-
-	* estream.h, estream.c, estream-printf.h, estream-printf.c: New
-	files.
-	* Makefile.am (dirmngr_SOURCES): Add estream.c, estream.h,
-	estream-printf.c, estream-printf.h.
-
-	* http.c: Update to latest version from GnuPG.
-
-	* Makefile.am (cdb_sources)
-	* cdblib.c: Port to windows (backport from tinycdb 0.76).
-
-	* crlcache.c [HAVE_W32_SYSTEM]: Don't include sys/utsname.h.
-	[MKDIR_TAKES_ONE_ARG]: Define mkdir as a macro for such systems.
-	(update_dir, crl_cache_insert) [HAVE_W32_SYSTEM]: Don't get uname.
-	* server.c (start_command_handler) [HAVE_W32_SYSTEM]: Don't log
-	peer credentials.
-
-	* dirmngr.c [HAVE_W32_SYSTEM]: Do not include sys/socket.h or
-	sys/un.h, but ../jnlib/w32-afunix.h.
-	(sleep) [HAVE_W32_SYSTEM]: New macro.
-	(main) [HAVE_W32_SYSTEM]: Don't mess with SIGPIPE.  Use W32 socket
-	API.
-	(handle_signal) [HAVE_W32_SYSTEM]: Deactivate the bunch of the
-	code.
-	(handle_connections) [HAVE_W32_SYSTEM]: don't handle signals.
-
-2006-11-29  Werner Koch  
-
-	* dirmngr.c (my_strusage): Use macro for the bug report address
-	and the copyright line.
-	* dirmngr-client.c (my_strusage): Ditto.
-	* dirmngr_ldap.c (my_strusage): Ditto.
-
-	* Makefile.am: Do not link against LIBICONV.
-
-2006-11-19  Werner Koch  
-
-	* dirmngr.c: Include i18n.h.
-
-2006-11-17  Werner Koch  
-
-	* Makefile.am (dirmngr_LDADD): Use LIBASSUAN_PTH_LIBS.
-
-2006-11-16  Werner Koch  
-
-	* server.c (start_command_handler): Replaced
-	assuan_init_connected_socket_server by assuan_init_socket_server_ext.
-
-	* crlcache.c (update_dir): Put a diagnostic into DIR.txt.
-	(open_dir): Detect invalid and duplicate entries.
-	(update_dir): Fixed search for second field.
-
-2006-10-23  Werner Koch  
-
-	* dirmngr.c (main): New command --gpgconf-test.
-
-2006-09-14  Werner Koch  
-
-	* server.c (start_command_handler): In vebose mode print
-	information about the peer.  This may later be used to restrict
-	certain commands.
-
-2006-09-12  Werner Koch  
-
-	* server.c (start_command_handler): Print a more informative hello
-	line.
-	* dirmngr.c: Moved config_filename into the opt struct.
-
-2006-09-11  Werner Koch  
-
-	Changed everything to use Assuan with gpg-error codes.
-	* maperror.c: Removed.
-	* server.c (map_to_assuan_status): Removed.
-	* dirmngr.c (main): Set assuan error source.
-	* dirmngr-client.c (main): Ditto.
-
-2006-09-04  Werner Koch  
-
-	* crlfetch.c (crl_fetch): Implement HTTP redirection.
-	* ocsp.c (do_ocsp_request): Ditto.
-
-	New HTTP code version taken from gnupg svn release 4236.
-	* http.c (http_get_header): New.
-	(capitalize_header_name, store_header): New.
-	(parse_response): Store headers away.
-	(send_request): Return GPG_ERR_NOT_FOUND if connect_server failed.
-	* http.h: New flag HTTP_FLAG_NEED_HEADER.
-
-2006-09-01  Werner Koch  
-
-	* crlfetch.c (register_file_reader, get_file_reader): New.
-	(crl_fetch): Register the file pointer for HTTP.
-	(crl_close_reader): And release it.
-
-	* http.c, http.h: Updated from GnuPG SVN trunk.  Changed all users
-	to adopt the new API.
-	* dirmngr.h: Moved inclusion of jnlib header to ...
-	* util.h: .. here.  This is required becuase http.c includes only
-	a file util.h but makes use of log_foo. Include gcrypt.h so that
-	gcry_malloc et al are declared.
-
-2006-08-31  Werner Koch  
-
-	* ocsp.c (check_signature): Make use of the responder id.
-
-2006-08-30  Werner Koch  
-
-	* validate.c (check_cert_sig): Workaround for rimemd160.
-	(allowed_ca): Always allow trusted CAs.
-
-	* dirmngr.h (cert_ref_t): New.
-	(struct server_control_s): Add field OCSP_CERTS.
-	* server.c (start_command_handler): Release new field
-	* ocsp.c (release_ctrl_ocsp_certs): New.
-	(check_signature): Store certificates in OCSP_CERTS.
-
-	* certcache.c (find_issuing_cert): Reset error if cert was found
-	by subject.
-	(put_cert): Add new arg FPR_BUFFER.  Changed callers.
-	(cache_cert_silent): New.
-
-	* dirmngr.c (parse_rereadable_options): New options
-	--ocsp-max-clock-skew and --ocsp-current-period.
-	* ocsp.c (ocsp_isvalid): Use them here.
-
-	* ocsp.c (validate_responder_cert): New optional arg signer_cert.
-	(check_signature_core): Ditto.
-	(check_signature): Use the default signer certificate here.
-
-2006-06-27  Werner Koch  
-
-	* dirmngr-client.c (inq_cert): Take care of SENDCERT_SKI.
-
-2006-06-26  Werner Koch  
-
-	* crlcache.c (lock_db_file): Count open files when needed.
-	(find_entry): Fixed deleted case.
-
-2006-06-23  Werner Koch  
-
-	* misc.c (cert_log_name): New.
-
-	* certcache.c (load_certs_from_dir): Also print certificate name.
-	(find_cert_bysn): Release ISSDN.
-
-	* validate.h: New VALIDATE_MODE_CERT.
-	* server.c (cmd_validate): Use it here so that no policy checks
-	are done.  Try to validated a cached copy of the target.
-
-	* validate.c (validate_cert_chain): Implement a validation cache.
-	(check_revocations): Print more diagnostics.  Actually use the
-	loop variable and not the head of the list.
-	(validate_cert_chain): Do not check revocations of CRL issuer
-	certificates in plain CRL check mode.
-	* ocsp.c (ocsp_isvalid): Make sure it is reset for a status of
-	revoked.
-
-2006-06-22  Werner Koch  
-
-	* validate.c (cert_use_crl_p): New.
-	(cert_usage_p): Add a mode 6 for CRL signing.
-	(validate_cert_chain): Check that the certificate may be used for
-	CRL signing.  Print a note when not running as system daemon.
-	(validate_cert_chain): Reduce the maximum depth from 50 to 10.
-
-	* certcache.c (find_cert_bysn): Minor restructuring
-	(find_cert_bysubject): Ditto.  Use get_cert_local when called
-	without KEYID.
-	* crlcache.c (get_crlissuer_cert_bysn): Removed.
-	(get_crlissuer_cert): Removed.
-	(crl_parse_insert): Use find_cert_bysubject and find_cert_bysn
-	instead of the removed functions.
-
-2006-06-19  Werner Koch  
-
-	* certcache.c (compare_serialno): Silly me. Using 0 as true is
-	that hard; tsss. Fixed call cases except for the only working one
-	which are both numbers of the same length.
-
-2006-05-15  Werner Koch  
-
-	* crlfetch.c (crl_fetch): Use no-shutdown flag for HTTP.  This
-	seems to be required for "IBM_HTTP_Server/2.0.47.1 Apache/2.0.47
-	(Unix)".
-
-	* http.c (parse_tuple): Set flag to to indicate no value.
-	(build_rel_path): Take care of it.
-
-	* crlcache.c (crl_cache_reload_crl): Also iterate over all names
-	within a DP.
-
-2005-09-28  Marcus Brinkmann  
-
-	* Makefile.am (dirmngr_LDADD): Add @LIBINTL@ and @LIBICONV@.
-	(dirmngr_ldap_LDADD): Likewise.
-	(dirmngr_client_LDADD): Likewise.
-
-2005-09-12  Werner Koch  
-
-	* dirmngr.c: Fixed description to match the one in gpgconf.
-
-2005-06-15  Werner Koch  
-
-	* server.c (cmd_lookup): Take care of NO_DATA which might get
-	returned also by start_cert_fetch().
-
-2005-04-20  Werner Koch  
-
-	* ldap.c (ldap_wrapper_wait_connections): Set a shutdown flag.
-	(ldap_wrapper_thread): Handle shutdown in a special way.
-
-2005-04-19  Werner Koch  
-
-	* server.c (get_cert_local, get_issuing_cert_local)
-	(get_cert_local_ski): Bail out if called without a local context.
-
-2005-04-18  Werner Koch  
-
-	* certcache.c (find_issuing_cert): Fixed last resort method which
-	should be finding by subject and not by issuer. Try to locate it
-	also using the keyIdentifier method.  Improve error reporting.
-	(cmp_simple_canon_sexp): New.
-	(find_cert_bysubject): New.
-	(find_cert_bysn): Ask back to the caller before trying an extarnl
-	lookup.
-	* server.c (get_cert_local_ski): New.
-	* crlcache.c (crl_parse_insert): Also try to locate issuer
-	certificate using the keyIdentifier.  Improved error reporting.
-
-2005-04-14  Werner Koch  
-
-	* ldap.c (start_cert_fetch_ldap): Really return ERR.
-
-2005-03-17  Werner Koch  
-
-	* http.c (parse_response): Changed MAXLEN and LEN to size_t to
-	match the requirement of read_line.
-	* http.h (http_context_s): Ditto for BUFFER_SIZE.
-
-2005-03-15  Werner Koch  
-
-	* ldap.c: Included time.h.  Reported by Bernhard Herzog.
-
-2005-03-09  Werner Koch  
-
-	* dirmngr.c: Add a note to the help listing check the man page for
-	other options.
-
-2005-02-01  Werner Koch  
-
-	* crlcache.c (crl_parse_insert): Renamed a few variables and
-	changed diagnostic strings for clarity.
-	(get_issuer_cert): Renamed to get_crlissuer_cert. Try to locate
-	the certificate from the cache using the subject name.  Use new
-	fetch function.
-	(get_crlissuer_cert_bysn): New.
-	(crl_parse_insert): Use it here.
-	* crlfetch.c (ca_cert_fetch): Changed interface.
-	(fetch_next_ksba_cert): New.
-	* ldap.c (run_ldap_wrapper): Add arg MULTI_MODE.  Changed all
-	callers.
-	(start_default_fetch_ldap): New
-	* certcache.c (get_cert_bysubject): New.
-	(clean_cache_slot, put_cert): Store the subject DN if available.
-	(MAX_EXTRA_CACHED_CERTS): Increase limit of cachable certificates
-	to 1000.
-	(find_cert_bysn): Loop until a certificate with a matching S/N has
-	been found.
-
-	* dirmngr.c (main): Add honor-http-proxy to the gpgconf list.
-
-2005-01-31  Werner Koch  
-
-	* ldap.c: Started to work on support for userSMIMECertificates.
-
-	* dirmngr.c (main): Make sure to always pass a server control
-	structure to the caching functions.  Reported by Neil Dunbar.
-
-2005-01-05  Werner Koch  
-
-	* dirmngr-client.c (read_pem_certificate): Skip trailing percent
-	escaped linefeeds.
-
-2005-01-03  Werner Koch  
-
-	* dirmngr-client.c (read_pem_certificate): New.
-	(read_certificate): Divert to it depending on pem option.
-	(squid_loop_body): New.
-	(main): New options --pem and --squid-mode.
-
-2004-12-17  Werner Koch  
-
-	* dirmngr.c (launch_ripper_thread): Renamed to launch_reaper_thread.
-	(shutdown_reaper): New.  Use it for --server and --daemon.
-	* ldap.c (ldap_wrapper_wait_connections): New.
-
-2004-12-17  Werner Koch  
-
-	* Makefile.am (dirmngr_ldap_LDADD): Adjusted for new LDAP checks.
-
-2004-12-16  Werner Koch  
-
-	* ldap.c (ldap_wrapper): Peek on the output to detect empty output
-	early.
-
-2004-12-15  Werner Koch  
-
-	* ldap.c (ldap_wrapper): Print a diagnostic after forking for the
-	ldap wrapper.
-	* certcache.h (find_cert_bysn): Add this prototype.
-	* crlcache.c (start_sig_check): Write CRL hash debug file.
-	(finish_sig_check): Dump the signer's certificate.
-	(crl_parse_insert): Try to get the issuing cert by authKeyId.
-	Moved certificate retrieval after item processing.
-
-2004-12-13  Werner Koch  
-
-	* dirmngr_ldap.c (catch_alarm, set_timeout): new.
-	(main): Install alarm handler. Add new option --only-search-timeout.
-	(print_ldap_entries, fetch_ldap): Use set_timeout ();
-	* dirmngr.h: Make LDAPTIMEOUT a simple unsigned int.  Change all
-	initializations.
-	* ldap.c (start_cert_fetch_ldap, run_ldap_wrapper): Pass timeout
-	option to the wrapper.
-	(INACTIVITY_TIMEOUT): Depend on LDAPTIMEOUT.
-	(run_ldap_wrapper): Add arg IGNORE_TIMEOUT.
-	(ldap_wrapper_thread): Check for special timeout exit code.
-
-	* dirmngr.c: Workaround a typo in gpgconf for
-	ignore-ocsp-service-url.
-
-2004-12-10  Werner Koch  
-
-	* ldap.c (url_fetch_ldap): Use TMP and not a HOST which is always
-	NULL.
-	* misc.c (host_and_port_from_url): Fixed bad encoding detection.
-
-2004-12-03  Werner Koch  
-
-	* crlcache.c (crl_cache_load): Re-implement it.
-
-	* dirmngr-client.c: New command --load-crl
-	(do_loadcrl): New.
-
-	* dirmngr.c (parse_rereadable_options, main): Make --allow-ocsp,
-	--ocsp-responder, --ocsp-signer and --max-replies re-readable.
-
-	* ocsp.c (check_signature): try to get the cert from the cache
-	first.
-	(ocsp_isvalid): Print the next and this update times on time
-	conflict.
-
-	* certcache.c (load_certs_from_dir): Print the fingerprint for
-	trusted certificates.
-	(get_cert_byhexfpr): New.
-	* misc.c (get_fingerprint_hexstring_colon): New.
-
-2004-12-01  Werner Koch  
-
-	* Makefile.am (dirmngr_LDADD): Don't use LDAP_LIBS.
-
-	* validate.c (validate_cert_chain): Fixed test; as written in the
-	comment we want to do this only in daemon mode.  For clarity
-	reworked by using a linked list of certificates and include root
-	and tragte certificate.
-	(check_revocations): Likewise.  Introduced a recursion sentinel.
-
-2004-11-30  Werner Koch  
-
-	* crlfetch.c (ca_cert_fetch, crl_fetch_default): Do not use the
-	binary prefix as this will be handled in the driver.
-
-	* dirmngr_ldap.c: New option --log-with-pid.
-	(fetch_ldap): Handle LDAP_NO_SUCH_OBJECT.
-	* ldap.c (run_ldap_wrapper, start_cert_fetch_ldap): Use new log
-	option.
-
-
-2004-11-25  Werner Koch  
-
-	* Makefile.am (dirmngr_ldap_CFLAGS): Added GPG_ERROR_CFLAGS.
-	Noted by Bernhard Herzog.
-
-2004-11-24  Werner Koch  
-
-	* ldap.c (ldap_wrapper): Fixed default name of the ldap wrapper.
-
-	* b64enc.c (b64enc_start, b64enc_finish): Use standard strdup/free
-	to manage memory.
-
-	* dirmngr.c: New options --ignore-http-dp, --ignore-ldap-dp and
-	--ignore-ocsp-service-url.
-	* crlcache.c (crl_cache_reload_crl): Implement them.
-	* ocsp.c (ocsp_isvalid): Ditto.
-
-2004-11-23  Werner Koch  
-
-	* ldap.c (ldap_wrapper_thread, reader_callback, ldap_wrapper):
-	Keep a timestamp and terminate the wrapper after some time of
-	inactivity.
-
-	* dirmngr-client.c (do_lookup): New.
-	(main): New option --lookup.
-	(data_cb): New.
-	* b64enc.c: New. Taken from GnuPG 1.9.
-	* no-libgcrypt.c (gcry_strdup): Added.
-
-	* ocsp.c (ocsp_isvalid): New arg CERT and lookup the issuer
-	certificate using the standard methods.
-
-	* server.c (cmd_lookup): Truncation is now also an indication for
-	error.
-	(cmd_checkocsp): Implemented.
-
-	* dirmngr_ldap.c (fetch_ldap): Write an error marker for a
-	truncated search.
-	* ldap.c (add_server_to_servers): Reactivated.
-	(url_fetch_ldap): Call it here and try all configured servers in
-	case of a a failed lookup.
-	(fetch_next_cert_ldap): Detect the truncation error flag.
-	* misc.c (host_and_port_from_url, remove_percent_escapes): New.
-
-2004-11-22  Werner Koch  
-
-	* dirmngr_ldap.c (main): New option --proxy.
-	* ocsp.c (do_ocsp_request): Take care of opt.disable_http.
-	* crlfetch.c (crl_fetch): Honor the --honor-http-proxy variable.
-	(crl_fetch): Take care of  opt.disable_http and disable_ldap.
-	(crl_fetch_default, ca_cert_fetch, start_cert_fetch):
-	* ldap.c (run_ldap_wrapper): New arg PROXY.
-	(url_fetch_ldap, attr_fetch_ldap, start_cert_fetch_ldap): Pass it.
-
-	* http.c (http_open_document): Add arg PROXY.
-	(http_open): Ditto.
-	(send_request): Ditto and implement it as an override.
-
-	* ocsp.c (validate_responder_cert): Use validate_cert_chain.
-
-	* Makefile.am (AM_CPPFLAGS): Add macros for a few system
-	directories.
-	* dirmngr.h (opt): New members homedir_data, homedir_cache,
-	ldap_wrapper_program, system_daemon, honor_http_proxy, http_proxy,
-	ldap_proxy, only_ldap_proxy, disable_ldap, disable_http.
-	* dirmngr.c (main): Initialize new opt members HOMEDIR_DATA and
-	HOMEDIR_CACHE.
-	(parse_rereadable_options): New options --ldap-wrapper-program,
-	--http-wrapper-program, --disable-ldap, --disable-http,
-	--honor-http-proxy, --http-proxy, --ldap-proxy, --only-ldap-proxy.
-	(reread_configuration): New.
-
-	* ldap.c (ldap_wrapper): Use the correct name for the wrapper.
-
-	* crlcache.c (DBDIR_D): Make it depend on opt.SYSTEM_DAEMON.
-	(cleanup_cache_dir, open_dir, update_dir, make_db_file_name)
-	(crl_cache_insert, create_directory_if_needed): Use opt.HOMEDIR_CACHE
-
-	* validate.c (check_revocations): New.
-	* crlcache.c (crl_cache_isvalid): Factored most code out to
-	(cache_isvalid): .. new.
-	(crl_cache_cert_isvalid): New.
-	* server.c (cmd_checkcrl): Cleaned up by using this new function.
-	(reload_crl): Moved to ..
-	* crlcache.c (crl_cache_reload_crl): .. here and made global.
-
-	* certcache.c (cert_compute_fpr): Renamed from computer_fpr and
-	made global.
-	(find_cert_bysn): Try to lookup missing certs.
-	(cert_cache_init): Intialize using opt.HOMEDIR_DATA.
-
-
-2004-11-19  Werner Koch  
-
-	* dirmngr-client.c (status_cb): New.  Use it in very verbose mode.
-
-	* server.c (start_command_handler): Malloc the control structure
-	and properly release it.  Removed the primary_connection
-	hack. Cleanup running wrappers.
-	(dirmngr_status): Return an error code.
-	(dirmngr_tick): Return an error code and detect a
-	cancellation. Use wall time and not CPU time.
-	* validate.c (validate_cert_chain): Add CTRL arg and changed callers.
-	* crlcache.c (crl_cache_isvalid):
-	* crlfetch.c (ca_cert_fetch, start_cert_fetch, crl_fetch_default)
-	(crl_fetch): Ditto.
-	* ldap.c (ldap_wrapper, run_ldap_wrapper, url_fetch_ldap)
-	(attr_fetch_ldap, start_cert_fetch_ldap): Ditto.
-	(ldap_wrapper_release_context): Reset the stored CTRL.
-	(reader_callback): Periodically call dirmngr_tick.
-	(ldap_wrapper_release_context): Print an error message for read
-	errors.
-	(ldap_wrapper_connection_cleanup): New.
-
-2004-11-18  Werner Koch  
-
-	* dirmngr.c (main): Do not cd / if not running detached.
-
-	* dirmngr-client.c: New options --cache-cert and --validate.
-	(do_cache, do_validate): New.
-	* server.c (cmd_cachecert, cmd_validate): New.
-
-	* crlcache.c (get_issuer_cert): Make use of the certificate cache.
-	(crl_parse_insert): Validate the issuer certificate.
-
-	* dirmngr.c (handle_signal): Reinitialize the certificate cache on
-	a HUP.
-	(struct opts): Add --homedir to enable the already implemented code.
-	(handle_signal): Print stats on SIGUSR1.
-
-	* certcache.c (clean_cache_slot, cert_cache_init)
-	(cert_cache_deinit): New.
-	(acquire_cache_read_lock, acquire_cache_write_lock)
-	(release_cache_lock): New.  Use them where needed.
-	(put_cert): Renamed from put_loaded_cert.
-	(cache_cert): New.
-	(cert_cache_print_stats): New.
-	(compare_serialno): Fixed.
-
-2004-11-16  Werner Koch  
-
-	* Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SYSCONFDIR and
-	DIRMNGR_LIBEXECDIR.
-
-	* misc.c (dump_isotime, dump_string, dump_cert): New.  Taken from
-	gnupg 1.9.
-	(dump_serial): New.
-
-2004-11-15  Werner Koch  
-
-	* validate.c: New. Based on gnupg's certchain.c
-
-	* ldap.c (get_cert_ldap): Removed.
-	(read_buffer): New.
-	(start_cert_fetch_ldap, fetch_next_cert_ldap)
-	(end_cert_fetch_ldap): Rewritten to make use of the ldap wrapper.
-
-2004-11-12  Werner Koch  
-
-	* http.c (insert_escapes): Print the percent sign too.
-
-	* dirmngr-client.c (inq_cert): Ignore "SENDCERT" and
-	"SENDISSUERCERT".
-
-	* server.c (do_get_cert_local): Limit the length of a retruned
-	certificate.  Return NULL without an error if an empry value has
-	been received.
-
-	* crlfetch.c (ca_cert_fetch): Use the ksba_reader_object.
-	(setup_funopen, fun_reader, fun_closer): Removed.
-
-	* crlcache.c (get_issuer_cert): Adjust accordingly.
-
-	* ldap.c (attr_fetch_ldap_internal, attr_fetch_fun_closer)
-	(attr_fetch_fun_reader, url_fetch_ldap_internal)
-	(get_attr_from_result_ldap): Removed.
-	(destroy_wrapper, print_log_line, ldap_wrapper_thread)
-	(ldap_wrapper_release_context, reader_callback, ldap_wrapper)
-	(run_ldap_wrapper): New.
-	(url_fetch_ldap): Make use of the new ldap wrapper and return a
-	ksba reader object instead of a stdio stream.
-	(attr_fetch_ldap): Ditto.
-	(make_url, escape4url): New.
-
-2004-11-11  Werner Koch  
-
-	* dirmngr.c (launch_ripper_thread): New.
-	(main): Start it wheere appropriate.  Always ignore SIGPIPE.
-	(start_connection_thread): Maintain a connection count.
-	(handle_signal, handle_connections): Use it here instead of the
-	thread count.
-
-	* crlcache.c (crl_cache_insert): Changed to use ksba reader
-	object.  Changed all callers to pass this argument.
-
-2004-11-08  Werner Koch  
-
-	* dirmngr_ldap.c: New.
-
-	* crlcache.c (crl_cache_init): Don't return a cache object but
-	keep it module local.  We only need one.
-	(crl_cache_deinit): Don't take cache object but work on existing
-	one.
-	(get_current_cache): New.
-	(crl_cache_insert, crl_cache_list, crl_cache_load): Use the global
-	cache object and removed the cache arg.  Changed all callers.
-
-	* dirmngr-client.c: New option --ping.
-
-	* dirmngr.c (main): New option --daemon. Initialize PTH.
-	(handle_connections, start_connection_thread): New.
-	(handle_signal): New.
-	(parse_rereadable_options): New. Changed main to make use of it.
-	(set_debug): Don't bail out on invalid debug levels.
-	(main): Init the crl_chache for server and daemon mode.
-
-	* server.c (start_command_handler): New arg FD.  Changed callers.
-
-2004-11-06  Werner Koch  
-
-	* server.c (map_assuan_err): Factored out to ..
-	* maperror.c: .. new file.
-	* util.h: Add prototype
-
-2004-11-05  Werner Koch  
-
-	* no-libgcrypt.c: New, used as helper for dirmngr-client which
-	does not need libgcrypt proper but jnlib references the memory
-	functions.  Taken from gnupg 1.9.12.
-
-	* dirmngr.h: Factored i18n and xmalloc code out to ..
-	* i18n.h, util.h: .. New.
-
-	* dirmngr-client.c: New.  Some code taken from gnupg 1.9.12.
-	* Makefile.am (bin_PROGRAMS) Add dirmngr-client.
-
-2004-11-04  Werner Koch  
-
-	* src/server.c (get_fingerprint_from_line, cmd_checkcrl)
-	(cmd_checkocsp): New.
-	(register_commands): Register new commands.
-	(inquire_cert_and_load_crl): Factored most code out to ..
-	(reload_crl): .. new function.
-	* src/certcache.h, src/certcache.c: New.
-	* src/Makefile.am (dirmngr_SOURCES): Add new files.
-
-2004-11-04  Werner Koch  
-
-	Please note that earlier entries are found in the top level
-	ChangeLog.
-	[Update after merge with GnuPG: These old ChangeLog entries are
-	found below up to ==END OLDEST CHANGELOG==]
-
-==BEGIN OLDEST CHANGELOG==
-
-2004-10-04  Werner Koch  
-
-	* src/dirmngr.c: Changed an help entry description.
-
-2004-09-30  Werner Koch  
-
-	* src/dirmngr.c (i18n_init): Always use LC_ALL.
-
-2004-09-28  Werner Koch  
-
-	Released 0.5.6.
-
-	* config.guess, config.sub: Updated.
-
-2004-06-21  Werner Koch  
-
-	* src/crlfetch.c (crl_fetch): Bad hack to use the right attribute.
-
-2004-05-13  Werner Koch  
-
-        Released 0.5.5.
-
-	* src/ldap.c (start_cert_fetch_ldap, start_cert_fetch_ldap): More
-	detailed error messages.
-
-	* src/crlcache.c (update_dir): Handle i-records properly.
-
-2004-04-29  Werner Koch  
-
-	Released 0.5.4.
-
-	* src/crlcache.h (crl_cache_result_t): Add CRL_CACHE_CANTUSE.
-	* src/server.c (cmd_isvalid): Handle it here.
-	* src/crlcache.c (crl_cache_isvalid): Issue this code if the CRL
-	cant be used.
-	(open_dir): Parse new fields 8,9 and 10 as well as the invalid flag.
-	(write_dir_line_crl): Write new fields.
-	(get_crl_number, get_auth_key_id): New.
-	(crl_cache_insert): Fill new fields.  Mark the entry invalid if
-	the CRL is too old after an update or an unknown critical
-	extension was seen.
-	(list_one_crl_entry): Print the new fields.
-
-2004-04-28  Werner Koch  
-
-	* configure.ac: Requires libksba 0.9.6.
-
-	* src/dirmngr.c: New option --ocsp-signer.
-	* src/dirmngr.h (opt): Renamed member OCSP_REPONDERS to
-	OCSP_RESPONDER and made ist a simple string. Add OCSP_SIGNER.
-	* src/ocsp.c (ocsp_isvalid): Changed it accordingly.
-	(ocsp_isvalid): Pass the ocsp_signer to check_signature.
-	(check_signature): New arg SIGNER_FPR.  Use it to retrieve the
-	certificate. Factored out common code to ..
-	(check_signature_core): .. New.
-
-2004-04-27  Werner Koch  
-
-	* src/server.c (start_command_handler): Keep track of the first
-	connection.
-	(dirmngr_tick): New.
-	* src/ldap.c (attr_fetch_fun_reader): Call it from time to time.
-
-2004-04-23  Werner Koch  
-
-	* src/dirmngr.c (main): Removed the add-servers option from the
-	gpgconf list.  It is not really useful.
-
-2004-04-02  Thomas Schwinge  
-
-	* autogen.sh: Added ACLOCAL_FLAGS.
-
-2004-04-13  Werner Koch  
-
-	* src/crlcache.c (update_dir): Do not double close FPOUT.
-
-2004-04-09  Werner Koch  
-
-	* src/cdblib.c (cdb_make_start): Wipeout the entire buffer to
-	shutup valgrind.
-	(ewrite): Fixed writing bad data on EINTR.
-
-	* src/ldap.c (get_attr_from_result_ldap): Fixed bad copy and
-	terminate of a string.
-
-	* src/crlfetch.c (crl_fetch): Fixed freeing of VALUE on error.
-
-2004-04-07  Werner Koch  
-
-	* src/dirmngr.h (server_control_s): Add member force_crl_refresh.
-	* src/server.c (option_handler): New.
-	(start_command_handler): Register option handler
-	* src/crlcache.c (crl_cache_isvalid): Add arg FORCE_REFRESH.
-	(crl_cache_insert): Record last refresh in memory.
-
-	* src/server.c (inquire_cert_and_load_crl): Renamed from
-	inquire_cert.
-
-2004-04-06  Werner Koch  
-
-	Released 0.5.3
-
-	* doc/dirmngr.texi: Updated.
-	* doc/texinfo.tex: Updated.
-
-2004-04-05  Werner Koch  
-
-	* src/ocsp.c (ocsp_isvalid): Check THIS_UPDATE.
-
-	* src/misc.c (add_isotime): New.
-	(date2jd, jd2date, days_per_month, days_per_year): New. Taken from
-	my ancient (1988) code used in Wedit (time2.c).
-
-2004-04-02  Werner Koch  
-
-	* autogen.sh: Check gettext version.
-	* configure.ac: Add AM_GNU_GETTEXT.
-
-2004-04-02  gettextize  
-
-	* Makefile.am (SUBDIRS): Add intl.
-	(EXTRA_DIST): Add config.rpath.
-	* configure.ac (AC_CONFIG_FILES): Add intl/Makefile,
-
-2004-04-02  Werner Koch  
-
-	Add i18n at most places.
-
-	* src/dirmngr.c (i18n_init): New.
-	(main): Call it.
-	* src/dirmngr.h: Add i18n stuff.
-
-2004-04-01  Werner Koch  
-
-	* src/misc.c (get_fingerprint_hexstring): New.
-
-	* src/server.c (dirmngr_status): New.
-
-2004-03-26  Werner Koch  
-
-	* configure.ac: Add AC_SYS_LARGEFILE.
-
-	* doc/dirmngr.texi: Changed the license to the GPL as per message
-	by Mathhias Kalle Dalheimer of Klaralvdalens-Datakonsult dated
-	Jan 7, 2004.
-	* doc/fdl.texi: Removed.
-
-2004-03-25  Werner Koch  
-
-	* src/dirmngr.c (main): New command --fetch-crl.
-
-2004-03-23  Werner Koch  
-
-	* src/dirmngr.c: New option --allow-ocsp.
-	* src/server.c (cmd_isvalid): Make use of allow_ocsp.
-
-2004-03-17  Werner Koch  
-
-	* src/dirmngr.c (main) : Fixed default value quoting.
-
-2004-03-16  Werner Koch  
-
-	* src/dirmngr.c (main): Add ocsp-responder to the gpgconf list.
-	Add option --debug-level.
-	(set_debug): New.
-
-2004-03-15  Werner Koch  
-
-	* src/misc.c (canon_sexp_to_grcy): New.
-
-2004-03-12  Werner Koch  
-
-	* src/crlfetch.c (crl_fetch): Hack to substitute http for https.
-
-2004-03-10  Werner Koch  
-
-	* src/dirmngr.c (parse_ldapserver_file): Don't skip the entire
-	file on errors.
-
-2004-03-09  Werner Koch  
-
-	* src/dirmngr.c (my_ksba_hash_buffer): New.
-	(main): Initialize the internal libksba hashing.
-
-	* src/server.c (get_issuer_cert_local): Renamed to ...
-	(get_cert_local): ... this.  Changed all callers.  Allow NULL for
-	ISSUER to return the current target cert.
-	(get_issuing_cert_local): New.
-	(do_get_cert_local): Moved common code to here.
-
-2004-03-06  Werner Koch  
-
-	Released 0.5.2.
-
-	* configure.ac: Fixed last change to check the API version of
-	libgcrypt.
-
-2004-03-05  Werner Koch  
-
-	* configure.ac: Also check the SONAME of libgcrypt.
-
-2004-03-03  Werner Koch  
-
-	* src/dirmngr.c: New option --ocsp-responder.
-	* src/dirmngr.h (opt): Add member OCSP_RESPONDERS.
-
-2004-02-26  Steffen Hansen  
-
-	* src/server.c (start_command_handler): Corrected typo and made
-	dirmngr output it's version in the greeting message.
-
-2004-02-24  Marcus Brinkmann  
-
-	* src/dirmngr.c (DEFAULT_ADD_SERVERS): Removed.  If this were
-	true, there'd be no way to disable it.
-	(main): Dump options in new gpgconf format.
-
-2004-02-11  Werner Koch  
-
-	* autogen.sh (check_version): Removed bashism and simplified.
-
-2004-02-06  Moritz Schulte  
-
-	* src/crlfetch.c (crl_fetch_default): Do not dereference VALUE,
-	when checking for non-zero.
-
-2004-02-01  Marcus Brinkmann  
-
-	* src/dirmngr.c (DEFAULT_ADD_SERVERS, DEFAULT_MAX_REPLIES)
-	(DEFAULT_LDAP_TIMEOUT): New macros.
-	(main): Use them.
-	(enum cmd_and_opt_values): New command aGPGConfList.
-	(main): Add handler here.
-
-2004-01-17  Werner Koch  
-
-	* configure.ac: Added AC_CHECK_FUNCS tests again, because the
-	other test occurrences belong to the jnlib tests block.
-
-2004-01-15  Moritz Schulte  
-
-	* configure.ac: Fixed funopen replacement mechanism; removed
-	unnecessary AC_CHECK_FUNCS calls.
-
-2004-01-14  Werner Koch  
-
-	* src/crlcache.c (list_one_crl_entry): Don't use putchar.
-
-	* src/server.c (cmd_listcrls): New.
-
-2003-12-23  Werner Koch  
-
-	Released 0.5.1.
-
-2003-12-17  Werner Koch  
-
-	* configure.ac (CFLAGS): Add -Wformat-noliteral in gcc +
-	maintainer mode.
-	(NEED_LIBASSUAN_VERSION): Bump up to 0.6.2.
-
-2003-12-16  Werner Koch  
-
-	* configure.ac: Update the tests for jnlib.
-	* src/dirmngr.c (main): Ignore SIGPIPE in server mode.
-
-2003-12-12  Werner Koch  
-
-	* src/crlcache.c (hash_dbfile): Also hash version info of the
-	cache file format.
-
-	* src/Makefile.am (dirmngr_SOURCES): Add http.h.
-
-	* configure.ac: Removed checking for DB2. Add checking for mmap.
-	* src/cdb.h, src/cdblib.h: New.  Add a few comments from the
-	original man page and fixed typos.
-	* src/cdblib.c (cdb_findinit, cdb_findnext): Modified to allow
-	walking over all entries.
-	* src/crlcache.h: Removed DB2/4 cruft.
-	(release_one_cache_entry, lock_db_file, crl_parse_insert)
-	(crl_cache_insert, crl_cache_isvalid, list_one_crl_entry): Use the
-	new CDB interface.
-
-	* src/dirmngr.c: Beautified the help messages.
-	(wrong_args): New.
-	(main): new option --force.  Revamped the command handling code.
-	Allow to pass multiple CRLS as well as stdin to --local-crl.
-	* src/crlcache.c (crl_cache_insert): Make --force work.
-
-2003-12-11  Werner Koch  
-
-	* src/crlfetch.c (crl_fetch): Enhanced to allow fetching binary
-	data using HTTP.
-	* src/http.c, src/http.h: Replaced by the code from gnupg 1.3 and
-	modified acording to our needs.
-	(read_line): New. Based on the code from GnuPG's iobuf_read_line.
-	* configure.ac: Check for getaddrinfo.
-
-	* src/dirmngr.c (parse_ldapserver_file): Close the stream.
-	(main): Free ldapfile.
-
-	* src/ocsp.c, src/ocsp.h: New. Albeit not functionality.
-
-	* src/server.c (inquire_cert): Catch EOF when reading dist points.
-
-	* src/crlcache.c (hash_dbfile, check_dbfile): New.
-	(lock_db_file, crl_cache_insert): Use them here to detect
-	corrupted CRL files.
-	(open_dir): Read the new dbfile hash field.
-
-	* src/crlfetch.c (crl_fetch, crl_fetch_default): Changed to retrun
-	a stream.
-	(fun_reader, fun_closer, setup_funopen): New.
-	* src/server.c (inquire_cert): Changed to use the new stream interface
-	of crlfetch.c.
-
-2003-12-10  Werner Koch  
-
-	* src/funopen.c: New.
-	* configure.ac (funopen): Add test.
-	* src/Makefile.am (dirmngr_LDADD): Add LIBOBJS.
-
-	* src/crlcache.c (next_line_from_file): Remove the limit on the
-	line length.
-	(crl_cache_new): Removed.
-	(open_dbcontent): New.
-	(crl_cache_init): Use it here.
-	(crl_cache_flush): The DB content fie is now in the cache
-	directory, so we can simplify it.
-	(make_db_file_name, lock_db_file, unlock_db_file): New.
-	(release_cache): Close the cached DB files.
-	(crl_cache_isvalid): Make use of the new lock_db_file.
-	(crl_cache_insert): Changed to take a stream as argument.
-	(crl_parse_insert): Rewritten to use a temporary DB and to avoid
-	using up large amounts of memory.
-	(db_entry_new): Removed.
-	(release_cache,release_one_cache_entry): Splitted up.
-	(find_entry): Take care of the new deleted flag.
-	(crl_cache_load): Simplified becuase we can now pass a FP to the
-	insert code.
-	(save_contents): Removed.
-	(update_dir): New.
-	(open_dbcontent_file): Renamed to open_dir_file.
-	(check_dbcontent_version): Renamed to check_dir_version.
-	(open_dbcontent): Renamed to open_dir.
-
-	* src/dirmngr.c: New option --faked-system-time.
-	* src/misc.c (faked_time_p, set_time, get_time): New.  Taken from GnuPG.
-	(check_isotime): New.
-	(unpercent_string): New.
-
-2003-12-09  Werner Koch  
-
-	* src/crlcache.h (DBDIR,DBCONTENTFILE): Changed value.
-
-	* autogen.sh: Reworked.
-	* README.CVS: New.
-	* configure.ac: Added min_automake_version.
-
-2003-12-03  Werner Koch  
-
-	* src/server.c (cmd_lookup): Send an END line after each
-	certificate.
-
-2003-11-28  Werner Koch  
-
-	* src/Makefile.am (dirmngr_LDADD): Remove DB_LIBS
-	because it never got defined and -ldb{2,4} is implictly set
-	by the AC_CHECK_LIB test in configure.
-
-	* src/crlcache.c (mydbopen): DB4 needs an extra parameter; I
-	wonder who ever tested DB4 support.  Add an error statement in
-	case no DB support is configured.
-
-	* tests/Makefile.am: Don't use AM_CPPFLAGS but AM_CFLAGS, replaced
-	variables by configure templates.
-	* src/Makefile.am: Ditto.
-
-2003-11-19  Werner Koch  
-
-	* src/crlcache.c (list_one_crl_entry): Define X to nothing for non
-	DB4 systems.  Thanks to Luca M. G. Centamore.
-
-2003-11-17  Werner Koch  
-
-	Released 0.5.0
-
-	* src/crlcache.c (crl_cache_new): Fixed eof detection.
-
-	* src/server.c (cmd_loadcrl): Do the unescaping.
-
-	* doc/dirmngr.texi: Added a history section for this modified
-	version.
-
-2003-11-14  Werner Koch  
-
-	* tests/asschk.c: New.  Taken from GnuPG.
-	* tests/Makefile.am: Added asschk.
-
-2003-11-13  Werner Koch  
-
-	* src/ldap.c (fetch_next_cert_ldap): Get the pattern switching
-	right.
-
-	* tests/test-dirmngr.c: Replaced a couple of deprecated types.
-
-	* configure.ac (GPG_ERR_SOURCE_DEFAULT): Added.
-	(fopencookie, asprintf): Removed unneeded test.
-	(PRINTABLE_OS_NAME): Updated the test from gnupg.
-	(CFLAGS): Do full warnings only in maintainer mode. Add flag
-	--enable gcc-warnings to override it and to enable even more
-	warnings.
-	* acinclude.m4: Removed the libgcrypt test.
-
-	* src/ldap.c (get_attr_from_result_ldap): Simplified the binary
-	hack and return a proper gpg error.
-	(attr_fetch_ldap_internal): Changed error handling.
-	(attr_fetch_ldap): Reworked.  Return configuration error if no
-	servers are configured.
-	(url_fetch_ldap, add_server_to_servers)
-	(url_fetch_ldap_internal): Reworked.
-	(struct cert_fetch_context_s): New to get rid of a global state.
-	(start_cert_fetch_ldap): Allocate context and do a bind with a
-	timeout.  Parse pattern.
-	(end_cert_fetch_ldap): Take context and don't return anything.
-	(find_next_pattern): Removed.
-	(parse_one_pattern): Redone.
-	(get_cert_ldap): Redone.
-	* src/server.c (cmd_lookup): Changed for changed fetch functions.
-
-	* doc/dirmngr.texi: Reworked a bit to get rid of tex errors.
-
-	* configure.ac: Enable makeinfo test.
-
-	* src/crlcache.c (crl_cache_insert): Fixed for latest KSBA API
-	changes.
-	* tests/test-dirmngr.c (main): Ditto.  Also added some more error
-	checking.
-
-2003-11-11  Werner Koch  
-
-	* src/cert.c (hashify_data, hexify_data, serial_hex)
-	(serial_to_buffer): Moved all to ...
-	* src/misc.c: .. here.
-	* src/Makefile.am (cert.c, cert.h): Removed.
-	* cert.c, cert.h: Removed.
-
-	* m4/: New.
-	* configure.ac, Makefile.am: Include m4 directory support, updated
-	required library versions.
-
-	* src/cert.c (make_cert): Removed.
-
-	* src/ldap.c (fetch_next_cert_ldap): Return a gpg style error.
-
-	* src/misc.h (copy_time): New.
-	* src/misc.c (get_isotime): New.
-	(iso_string2time, iso_time2string): Removed.
-	(unhexify): New.
-
-	* src/crlcache.h (DBCONTENTSVERSION): Bumbed to 0.6.
-	* src/crlcache.c (finish_sig_check): New.  Factored out from
-	crl_parse_insert and entirely redone.
-	(do_encode_md): Removed.
-	(print_time): Removed
-	(crl_cache_isvalid): Reworked.
-
-2003-11-10  Werner Koch  
-
-	* src/crlcache.c (make_db_val, parse_db_val): Removed.
-
-	* src/cert.c (serial_to_buffer): New.
-
-	* src/server.c (get_issuer_cert_local): Rewritten.
-
-	* src/crlcache.c (crl_parse_insert): Rewritten.  Takes now a CTRL
-	instead of the Assuan context. Changed caller accordingly.
-	(get_issuer_cert): Cleaned up.
-
-	* src/crlfetch.c (crl_fetch): Changed VALUE to unsigned char* for
-	documentation reasons.  Make sure that VALUE is released on error.
-	(crl_fetch_default, ca_cert_fetch): Ditto.
-
-	* src/crlcache.c (release_cache): New.
-	(crl_cache_deinit): Use it here.
-	(crl_cache_flush): Redone.
-	(save_contents): Redone.
-	(crl_cache_list, list_one_crl_entry): Print error messages.
-
-2003-11-06  Werner Koch  
-
-	* src/crlcache.c (create_directory_if_needed, cleanup_cache_dir):
-	New.  Factored out from crl_cache_new and mostly rewritten.
-	(crl_cache_new): Rewritten.
-	(next_line_from_file): New.
-	(find_entry): Cleaned up.
-	(crl_cache_deinit): Cleaned up.
-
-	* src/dirmngr.c (dirmngr_init_default_ctrl): New stub.
-	* src/dirmngr.h (ctrl_t): New.
-	(DBG_ASSUAN,...): Added the usual debug test macros.
-	* src/server.c: Removed the GET_PTR cruft, replaced it by ctrl_t.
-	Removed the recursion flag.
-	(get_issuer_cert_local): Allow for arbitary large
-	certificates. 4096 is definitely too small.
-	(inquire_cert): Ditto.
-	(start_command_handler): Set a hello line and call the default
-	init function.
-	(cmd_isvalid): Rewritten.
-	(inquire_cert): Removed unused arg LINE. General cleanup.
-	(map_assuan_err,map_to_assuan_status): New.  Taken from gnupg 1.9.
-	(cmd_lookup): Rewritten.
-	(cmd_loadcrl): Started to rewrite it.
-
-2003-10-29  Werner Koch  
-
-	* src/dirmngr.c (parse_ldapserver_file): Entirely rewritten.
-	(cleanup): New.
-	(main): Cleaned up.
-
-2003-10-28  Werner Koch  
-
-	* src/dirmngr.h: Renamed dirmngr_opt to opt.
-
-	* src/dirmngr.c (parse_ldapserver_file, free_ldapservers_list):
-	Moved with this file.  Cleaned up.  Replaced too deep recursion in
-	the free function.
-
-2003-10-21  Werner Koch  
-
-	Changed all occurrences of assuan.h to use use the system provided
-	one.
-	* src/server.c (register_commands): Adjusted for Assuan API change.
-
-2003-08-14  Werner Koch  
-
-	* src/Makefile.am: s/LIBKSBA_/KSBA_/. Changed for external Assuan lib.
-	* tests/Makefile.am: Ditto.
-
-	* configure.ac: Partly restructured, add standard checks for
-	required libraries, removed included libassuan.
-	* Makefile.am (SUBDIRS): Removed assuan becuase we now use the
-	libassuan package.
-
-	* src/dirmngr.c (main): Properly initialize Libgcrypt and libksba.
-
-2003-08-13  Werner Koch  
-
-	* src/server.c (get_issuer_cert_local): Print error using
-	assuan_strerror.
-
-	* src/crlcache.c (do_encode_md, start_sig_check): Adjust for
-	changed Libgcrypt API.
-
-2003-06-19  Steffen Hansen  
-
-	* configure.ac: Upped version to 0.4.7-cvs.
-
-2003-06-19  Steffen Hansen  
-
-	* configure.ac: Release 0.4.6.
-
-2003-06-17  Bernhard Reiter 
-
-	* src/ldap.c (url_fetch_ldap()):
-	  try other default servers when an url with hostname failed
-	* AUTHORS:  added Steffen and Werner
-	* THANKS: Thanked people in the ChangeLog and the Ägypten-Team
-
-
-2003-06-16  Steffen Hansen  
-
-	* configure.ac, src/crlcache.h, src/crlcache.c: Added db4 support.
-	* src/Makefile.am, tests/Makefile.am: Removed automake warning.
-	* tests/test-dirmngr.c: Removed a warning.
-
-2003-05-12  Steffen Hansen  
-
-	* doc/Makefile.am: Added dirmngr.ops to DISTCLEANFILES.
-	* ChangeLog, doc/ChangeLog, src/ChangeLog: Merged dirmngr ChangeLogs
-	into one toplevel file.
-	* acinclude.m4, configure.ac: Renamed PFX to PATH for consistency.
-
-2003-05-12  Steffen Hansen  
-
-	* src/ldap.c: Fixed end-of-certificates-list indication.
-
-2003-05-08  Steffen Hansen  
-
-	* src/server.c: Fixed iteration over server list
-
-2003-02-23  Steffen Hansen  
-
-	* src/crlcache.h, src/crlcache.c, src/dirmngr.c: Implemented --flush command.
-
-2003-02-07  Marcus Brinkmann  
-
-	* configure.ac: Release 0.4.4.
-
-2003-02-05  Steffen Hansen  
-
-	* src/ldap.c: Try harder with and without ";binary" in the
-	attribute name when fetching certificates.
-	* src/ldap.c, src/server.c: Support multiple userCertificate attributes
-	per entry.
-
-2003-02-04  Steffen Hansen  
-
-	* src/ldap.c: Include the sn attribute in the search filter.
-	Better log messages.
-
-2002-11-20  Steffen Hansen  
-
-	* Doc updates (fixes #1373)
-	* Fix for #1419 (crash in free_ldapservers_list())
-	* Fix for #1375. Dirmngr now asks back with an INQUIRE SENDCERT before
-	  querying the LDAP servers for an issuer certificate to validate a CRL
-
-2002-11-12  Werner Koch  
-
-	* config.sub, config.guess: Updated from ftp.gnu.org/gnu/config
-	to version 2002-11-08.
-
-2002-11-12  Werner Koch  
-
-	* dirmngr.c (main) : Better pass NULL instead
-	of an unitialized Assuan context.  Let's hope that the other
-	functions can cope with this.
-
-2002-10-25  Bernhard Reiter 
-
-	* src/ldap.c (get_attr_from_result_ldap()):
-        added value extraction retry for CRLs and Certs without ";binary"
-	* changed version number to reflect cvs status to "0.4.3-cvs"
-
-2002-08-21  Werner Koch  
-
-	* dirmngr.c (main): Changed default homedir to .gnupg.
-
-2002-08-07  Steffen Hansen  
-
-	* Added configure check to examine whether db2 cursor() uses 3 or
-	4 parameters.
-
-2002-07-31  Werner Koch  
-
-	* doc/dirmngr.texi: Fixed the structure and added menu entries
-	for the other nodes.
-
-2002-07-30  Steffen Hansen  
-
-	* Added doc dir and first steps towards manual.
-
-2002-07-29  Steffen Hansen  
-
-	* Got rid of the default server for CRL lookup. We now use the
-	same list of servers that we use for cert. lookup.
-
-2002-07-29  Steffen Hansen  
-
-	* New option --add-servers to allow dirmngr to add LDAP servers
-	found in CRL distribution points to the list of servers it
-	searches. NOTE: The added servers are only active in the currently
-	running dirmngr -- the info isn't written to persistens storage.
-
-2002-07-26  Steffen Hansen  
-
-	* Default LDAP timeout is 100 seconds now.
-
-	* Use DB2 instead of DB1. Check for libresolv, fixed bug when
-	libldap was found in the default search path.
-
-2002-07-22  Steffen Hansen  
-
-	* Implemented --load-crl  option. Also available as
-	LOADCRL assuan command when in server mode.
-
-2002-07-22  Steffen Hansen  
-
-	* Implemented new option --ldaptimeout to specify the number of seconds to
-	wait for an LDAP request before timeout.
-
-	* Added --list-crls option to print the contents of the CRL cache
-	* Added some items to the dbcontents file to make printout nicer
-	  and updated it's version number
-
-2002-07-02  Werner Koch  
-
-	* crlcache.c (crl_parse_insert): Fixed log_debug format string.
-
-2002-07-02  Steffen Hansen  
-
-	* configure.ac: Use DB->get() return value correctly.
-
-2002-06-28  Werner Koch  
-
-	* crlcache.c (crl_parse_insert): Keep track of newly allocated
-	ENTRY so that we don't free existing errors after a bad signature.
-
-	* dirmngr.h: Include prototype for start_command_handler.
-
-	* crlfetch.c, crlcache.c, http.c, cert.c, ldap.c: Include
-	config.h.
-
-	* crlcache.c (crl_parse_insert): Fixed format type specifiers for
-	time_t variables in log_debug.
-
-	* error.h: Use log_debug instead of dirmngr_debug.  Changed all
-	callers.
-	* Makefile.am (dirmngr_SOURCES): Removed error.c
-
-	* dirmngr.c (main): Register gcrypt malloc functions with ksba so
-	that we don't run into problems by using the wrong free function.
-	The gcrypt malloc function have the additional benefit of a
-	providing allocation sanity checks when compiled with that
-	feature.
-
-	* crlcache.c (get_issuer_cert): Use xfree instead of ksba_free.
-
-
-2002-06-27  Steffen Hansen  
-
-	* ldap.c: Look for both userCertificate and caCertificate
-
-2002-06-26  Steffen Hansen  
-
-	* configure.ac: Upped version number to 0.3.1
-
-2002-06-25  Werner Koch  
-
-	* server.c (cmd_lookup): Use assuan_write_status which ensures a
-	correct syntax.
-
-2002-06-20  Werner Koch  
-
-	* crlcache.c (crl_cache_isvalid): Started with some nicer logging.
-	However, this will need a lot more work.
-	(get_issuer_cert): Ditto.
-
-	* dirmngr.c (main): Changed required libgcrypt version and don't
-	print the prefix when using a logfile.
-
-2002-06-20  Werner Koch  
-
-	* tests/Makefile.am (TESTS): Removed test-dirmngr because it
-	is not a proper test program.
-	(EXTRA_DIST): Removed the non-existent test certificate.
-
-2002-05-21  Werner Koch  
-
-	* server.c (start_command_handler): Enable assuan debugging.
-
-2002-05-08  Steffen Hansen  
-
-	* Replaced gdbm check with db1 check
-
-2002-05-08  Steffen Hansen  
-
-	* Replaced gdbm with db1, updated file format version
-
-2002-03-01  Steffen Hansen  
-
-	* Added gdbm configure check
-
-2002-01-23  Steffen Hansen  
-
-	* Return ASSUAN_CRL_Too_Old if the CRL is too old
-
-
-2002-01-17  Steffen Hansen  
-
-	Added commandline options --ldapserver  --ldapport 
-	--ldapuser  --ldappassword .
-
-	Cleaned up CRL parsing, signature evaluation a bit, changed
-	datetime format in config file to ISO, added version string to
-	contents format and cache file clean up code in case of mismatch.
-
-2002-01-14  Steffen Hansen  
-
-	* Use dirmngr_opt.homedir for storing the db. Added Makefile.am to
-	tests, bugfixes.
-
-	* First code.
-	  Things that work:
-		Loading/saving database (paths hardcoded)
-		Fetching CRL from hardcoded server, parsing and inserting in database
-		Answer ISVALID xxx.yyy requests
-
-	  Things that are missing:
-		Some error-checking/handling
-		Proper autoconf handling of gdbm and OpenLDAP
-		Signature checking downloaded CRLs
-		Answer LOOKUP requests
-		...
-
-	  How to test:
-		cd tests
-		ldapsearch -v -x -h www.trustcenter.de -b '' userCertificate -t
-		cp /tmp/ testcert.der
-		./test-dirmngr
-
-==END OLDEST CHANGELOG==
-
- Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010,
-	   2011 Free Software Foundation, Inc.
-
- This file is free software; as a special exception the author gives
- unlimited permission to copy and/or distribute it, with or without
- modifications, as long as this notice is preserved.
-
- This file is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
- implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-Local Variables:
-buffer-read-only: t
-End:
diff -Nru gnupg2-2.1.6/dirmngr/crlcache.c gnupg2-2.0.28/dirmngr/crlcache.c
--- gnupg2-2.1.6/dirmngr/crlcache.c	2015-06-18 11:27:17.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/crlcache.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,2581 +0,0 @@
-/* crlcache.c - LDAP access
- * Copyright (C) 2002 Klarälvdalens Datakonsult AB
- * Copyright (C) 2003, 2004, 2005, 2008 g10 Code GmbH
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-/*
-
-   1. To keep track of the CRLs actually cached and to store the meta
-      information of the CRLs a simple record oriented text file is
-      used.  Fields in the file are colon (':') separated and values
-      containing colons or linefeeds are percent escaped (e.g. a colon
-      itself is represented as "%3A").
-
-      The first field is a record type identifier, so that the file is
-      useful to keep track of other meta data too.
-
-      The name of the file is "DIR.txt".
-
-
-   1.1. Comment record
-
-        Field 1: Constant beginning with "#".
-
-        Other fields are not defined and such a record is simply
-        skipped during processing.
-
-   1.2. Version record
-
-        Field 1: Constant "v"
-        Field 2: Version number of this file.  Must be 1.
-
-        This record must be the first non-comment record record and
-        there shall only exist one record of this type.
-
-   1.3. CRL cache record
-
-        Field 1: Constant "c", "u" or "i".
-                 A "c" or "u" indicate a valid cache entry, however
-                 "u" requires that a user root certificate check needs
-                 to be done.
-                 An "i" indicates an invalid cache entry which should
-                 not be used but still exists so that it can be
-                 updated at NEXT_UPDATE.
-        Field 2: Hexadecimal encoded SHA-1 hash of the issuer DN using
-                 uppercase letters.
-        Field 3: Issuer DN in RFC-2253 notation.
-        Field 4: URL used to retrieve the corresponding CRL.
-        Field 5: 15 character ISO timestamp with THIS_UPDATE.
-        Field 6: 15 character ISO timestamp with NEXT_UPDATE.
-        Field 7: Hexadecimal encoded MD-5 hash of the DB file to detect
-                 accidental modified (i.e. deleted and created) cache files.
-        Field 8: optional CRL number as a hex string.
-        Field 9:  AuthorityKeyID.issuer, each Name separated by 0x01
-        Field 10: AuthorityKeyID.serial
-        Field 11: Hex fingerprint of trust anchor if field 1 is 'u'.
-
-   2. Layout of the standard CRL Cache DB file:
-
-      We use records of variable length with this structure
-
-      n  bytes  Serialnumber (binary) used as key
-                thus there is no need to store the length explicitly with DB2.
-      1  byte   Reason for revocation
-                (currently the KSBA reason flags are used)
-      15 bytes  ISO date of revocation (e.g. 19980815T142000)
-                Note that there is no terminating 0 stored.
-
-      The filename used is the hexadecimal (using uppercase letters)
-      SHA-1 hash value of the issuer DN prefixed with a "crl-" and
-      suffixed with a ".db".  Thus the length of the filename is 47.
-
-
-*/
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifndef HAVE_W32_SYSTEM
-#include 
-#endif
-#ifdef MKDIR_TAKES_ONE_ARG
-#undef mkdir
-#define mkdir(a,b) mkdir(a)
-#endif
-
-#include "dirmngr.h"
-#include "validate.h"
-#include "certcache.h"
-#include "crlcache.h"
-#include "crlfetch.h"
-#include "misc.h"
-#include "cdb.h"
-
-/* Change this whenever the format changes */
-#define DBDIR_D (opt.system_daemon? "crls.d" : "dirmngr-cache.d")
-#define DBDIRFILE "DIR.txt"
-#define DBDIRVERSION 1
-
-/* The number of DB files we may have open at one time.  We need to
-   limit this because there is no guarantee that the number of issuers
-   has a upper limit.  We are currently using mmap, so it is a good
-   idea anyway to limit the number of opened cache files. */
-#define MAX_OPEN_DB_FILES 5
-
-
-static const char oidstr_crlNumber[] = "2.5.29.20";
-static const char oidstr_issuingDistributionPoint[] = "2.5.29.28";
-static const char oidstr_authorityKeyIdentifier[] = "2.5.29.35";
-
-
-/* Definition of one cached item. */
-struct crl_cache_entry_s
-{
-  struct crl_cache_entry_s *next;
-  int deleted;        /* True if marked for deletion. */
-  int mark;           /* Internally used by update_dir. */
-  unsigned int lineno;/* A 0 indicates a new entry. */
-  char *release_ptr;  /* The actual allocated memory. */
-  char *url;          /* Points into RELEASE_PTR. */
-  char *issuer;       /* Ditto. */
-  char *issuer_hash;  /* Ditto. */
-  char *dbfile_hash;  /* MD5 sum of the cache file, points into RELEASE_PTR.*/
-  int invalid;        /* Can't use this CRL. */
-  int user_trust_req; /* User supplied root certificate required.  */
-  char *check_trust_anchor;  /* Malloced fingerprint.  */
-  ksba_isotime_t this_update;
-  ksba_isotime_t next_update;
-  ksba_isotime_t last_refresh; /* Use for the force_crl_refresh feature. */
-  char *crl_number;
-  char *authority_issuer;
-  char *authority_serialno;
-
-  struct cdb *cdb;             /* The cache file handle or NULL if not open. */
-
-  unsigned int cdb_use_count;  /* Current use count. */
-  unsigned int cdb_lru_count;  /* Used for LRU purposes. */
-  int dbfile_checked;          /* Set to true if the dbfile_hash value has
-                                  been checked one. */
-};
-
-
-/* Definition of the entire cache object. */
-struct crl_cache_s
-{
-  crl_cache_entry_t entries;
-};
-
-typedef struct crl_cache_s *crl_cache_t;
-
-
-/* Prototypes.  */
-static crl_cache_entry_t find_entry (crl_cache_entry_t first,
-                                     const char *issuer_hash);
-
-
-
-/* The currently loaded cache object.  This is usually initialized
-   right at startup.  */
-static crl_cache_t current_cache;
-
-
-
-
-
-/* Return the current cache object or bail out if it is has not yet
-   been initialized.  */
-static crl_cache_t
-get_current_cache (void)
-{
-  if (!current_cache)
-    log_fatal ("CRL cache has not yet been initialized\n");
-  return current_cache;
-}
-
-
-/*
-   Create ae directory if it does not yet exists.  Returns on
-   success, or -1 on error.
- */
-static int
-create_directory_if_needed (const char *name)
-{
-  DIR *dir;
-  char *fname;
-
-  fname = make_filename (opt.homedir_cache, name, NULL);
-  dir = opendir (fname);
-  if (!dir)
-    {
-      log_info (_("creating directory '%s'\n"), fname);
-      if (mkdir (fname, S_IRUSR|S_IWUSR|S_IXUSR) )
-        {
-          int save_errno = errno;
-          log_error (_("error creating directory '%s': %s\n"),
-                     fname, strerror (errno));
-          xfree (fname);
-          gpg_err_set_errno (save_errno);
-          return -1;
-        }
-    }
-  else
-    closedir (dir);
-  xfree (fname);
-  return 0;
-}
-
-/* Remove all files from the cache directory.  If FORCE is not true,
-   some sanity checks on the filenames are done. Return 0 if
-   everything went fine. */
-static int
-cleanup_cache_dir (int force)
-{
-  char *dname = make_filename (opt.homedir_cache, DBDIR_D, NULL);
-  DIR *dir;
-  struct dirent *de;
-  int problem = 0;
-
-  if (!force)
-    { /* Very minor sanity checks. */
-      if (!strcmp (dname, "~/") || !strcmp (dname, "/" ))
-        {
-          log_error (_("ignoring database dir '%s'\n"), dname);
-          xfree (dname);
-          return -1;
-        }
-    }
-
-  dir = opendir (dname);
-  if (!dir)
-    {
-      log_error (_("error reading directory '%s': %s\n"),
-                 dname, strerror (errno));
-      xfree (dname);
-      return -1;
-    }
-
-  while ((de = readdir (dir)))
-    {
-      if (strcmp (de->d_name, "." ) && strcmp (de->d_name, ".."))
-        {
-          char *cdbname = make_filename (dname, de->d_name, NULL);
-          int okay;
-          struct stat sbuf;
-
-          if (force)
-            okay = 1;
-          else
-            okay = (!stat (cdbname, &sbuf) && S_ISREG (sbuf.st_mode));
-
-          if (okay)
-            {
-              log_info (_("removing cache file '%s'\n"), cdbname);
-              if (gnupg_remove (cdbname))
-                {
-                  log_error ("failed to remove '%s': %s\n",
-                             cdbname, strerror (errno));
-                  problem = -1;
-                }
-            }
-          else
-            log_info (_("not removing file '%s'\n"), cdbname);
-          xfree (cdbname);
-        }
-    }
-  xfree (dname);
-  closedir (dir);
-  return problem;
-}
-
-
-/* Read the next line from the file FP and return the line in an
-   malloced buffer.  Return NULL on error or EOF.  There is no
-   limitation os the line length.  The trailing linefeed has been
-   removed, the function will read the last line of a file, even if
-   that is not terminated by a LF. */
-static char *
-next_line_from_file (estream_t fp, gpg_error_t *r_err)
-{
-  char buf[300];
-  char *largebuf = NULL;
-  size_t buflen;
-  size_t len = 0;
-  unsigned char *p;
-  int c;
-  char *tmpbuf;
-
-  *r_err = 0;
-  p = buf;
-  buflen = sizeof buf - 1;
-  while ((c=es_getc (fp)) != EOF && c != '\n')
-    {
-      if (len >= buflen)
-        {
-          if (!largebuf)
-            {
-              buflen += 1024;
-              largebuf = xtrymalloc ( buflen + 1 );
-              if (!largebuf)
-                {
-                  *r_err = gpg_error_from_syserror ();
-                  return NULL;
-                }
-              memcpy (largebuf, buf, len);
-            }
-          else
-            {
-              buflen += 1024;
-              tmpbuf = xtryrealloc (largebuf, buflen + 1);
-              if (!tmpbuf)
-                {
-                  *r_err = gpg_error_from_syserror ();
-                  xfree (largebuf);
-                  return NULL;
-                }
-              largebuf = tmpbuf;
-            }
-          p = largebuf;
-        }
-      p[len++] = c;
-    }
-  if (c == EOF && !len)
-    return NULL;
-  p[len] = 0;
-
-  if (largebuf)
-    tmpbuf = xtryrealloc (largebuf, len+1);
-  else
-    tmpbuf = xtrystrdup (buf);
-  if (!tmpbuf)
-    {
-      *r_err = gpg_error_from_syserror ();
-      xfree (largebuf);
-    }
-  return tmpbuf;
-}
-
-
-/* Release one cache entry.  */
-static void
-release_one_cache_entry (crl_cache_entry_t entry)
-{
-  if (entry)
-    {
-      if (entry->cdb)
-        {
-          int fd = cdb_fileno (entry->cdb);
-          cdb_free (entry->cdb);
-          xfree (entry->cdb);
-          if (close (fd))
-            log_error (_("error closing cache file: %s\n"), strerror(errno));
-        }
-      xfree (entry->release_ptr);
-      xfree (entry->check_trust_anchor);
-      xfree (entry);
-    }
-}
-
-
-/* Release the CACHE object. */
-static void
-release_cache (crl_cache_t cache)
-{
-  crl_cache_entry_t entry, entry2;
-
-  if (!cache)
-    return;
-
-  for (entry = cache->entries; entry; entry = entry2)
-    {
-      entry2 = entry->next;
-      release_one_cache_entry (entry);
-    }
-  cache->entries = NULL;
-  xfree (cache);
-}
-
-
-/* Open the dir file FNAME or create a new one if it does not yet
-   exist. */
-static estream_t
-open_dir_file (const char *fname)
-{
-  estream_t fp;
-
-  fp = es_fopen (fname, "r");
-  if (!fp)
-    {
-      log_error (_("failed to open cache dir file '%s': %s\n"),
-                 fname, strerror (errno));
-
-      /* Make sure that the directory exists, try to create if otherwise. */
-      if (create_directory_if_needed (NULL)
-          || create_directory_if_needed (DBDIR_D))
-        return NULL;
-      fp = es_fopen (fname, "w");
-      if (!fp)
-        {
-          log_error (_("error creating new cache dir file '%s': %s\n"),
-                     fname, strerror (errno));
-          return NULL;
-        }
-      es_fprintf (fp, "v:%d:\n", DBDIRVERSION);
-      if (es_ferror (fp))
-        {
-          log_error (_("error writing new cache dir file '%s': %s\n"),
-                     fname, strerror (errno));
-          es_fclose (fp);
-          return NULL;
-        }
-      if (es_fclose (fp))
-        {
-          log_error (_("error closing new cache dir file '%s': %s\n"),
-                     fname, strerror (errno));
-          return NULL;
-        }
-
-      log_info (_("new cache dir file '%s' created\n"), fname);
-
-      fp = es_fopen (fname, "r");
-      if (!fp)
-        {
-          log_error (_("failed to re-open cache dir file '%s': %s\n"),
-                     fname, strerror (errno));
-          return NULL;
-        }
-    }
-
-  return fp;
-}
-
-/* Helper for open_dir. */
-static gpg_error_t
-check_dir_version (estream_t *fpadr, const char *fname,
-                         unsigned int *lineno,
-                         int cleanup_on_mismatch)
-{
-  char *line;
-  gpg_error_t lineerr = 0;
-  estream_t fp = *fpadr;
-  int created = 0;
-
- retry:
-  while ((line = next_line_from_file (fp, &lineerr)))
-    {
-      ++*lineno;
-      if (*line == 'v' && line[1] == ':')
-        break;
-      else if (*line != '#')
-        {
-          log_error (_("first record of '%s' is not the version\n"), fname);
-          xfree (line);
-          return gpg_error (GPG_ERR_CONFIGURATION);
-        }
-      xfree (line);
-    }
-  if (lineerr)
-    return lineerr;
-
-  /* The !line catches the case of an empty DIR file.  We handle this
-     the same as a non-matching version.  */
-  if (!line || strtol (line+2, NULL, 10) != DBDIRVERSION)
-    {
-      if (!created && cleanup_on_mismatch)
-        {
-          log_error (_("old version of cache directory - cleaning up\n"));
-          es_fclose (fp);
-          *fpadr = NULL;
-          if (!cleanup_cache_dir (1))
-            {
-              *lineno = 0;
-              fp = *fpadr = open_dir_file (fname);
-              if (!fp)
-                {
-                  xfree (line);
-                  return gpg_error (GPG_ERR_CONFIGURATION);
-                }
-              created = 1;
-              goto retry;
-            }
-        }
-      log_error (_("old version of cache directory - giving up\n"));
-      xfree (line);
-      return gpg_error (GPG_ERR_CONFIGURATION);
-    }
-  xfree (line);
-  return 0;
-}
-
-
-/* Open the dir file and read in all available information.  Store
-   that in a newly allocated cache object and return that if
-   everything worked out fine.  Create the cache directory and the dir
-   if it does not yet exist.  Remove all files in that directory if
-   the version does not match. */
-static gpg_error_t
-open_dir (crl_cache_t *r_cache)
-{
-  crl_cache_t cache;
-  char *fname;
-  char *line = NULL;
-  gpg_error_t lineerr = 0;
-  estream_t fp;
-  crl_cache_entry_t entry, *entrytail;
-  unsigned int lineno;
-  gpg_error_t err = 0;
-  int anyerr = 0;
-
-  cache = xtrycalloc (1, sizeof *cache);
-  if (!cache)
-    return gpg_error_from_syserror ();
-
-  fname = make_filename (opt.homedir_cache, DBDIR_D, DBDIRFILE, NULL);
-
-  lineno = 0;
-  fp = open_dir_file (fname);
-  if (!fp)
-    {
-      err = gpg_error (GPG_ERR_CONFIGURATION);
-      goto leave;
-    }
-
-  err = check_dir_version (&fp, fname, &lineno, 1);
-  if (err)
-    goto leave;
-
-
-  /* Read in all supported entries from the dir file. */
-  cache->entries = NULL;
-  entrytail = &cache->entries;
-  xfree (line);
-  while ((line = next_line_from_file (fp, &lineerr)))
-    {
-      int fieldno;
-      char *p, *endp;
-
-      lineno++;
-      if ( *line == 'c' || *line == 'u' || *line == 'i' )
-        {
-          entry = xtrycalloc (1, sizeof *entry);
-          if (!entry)
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
-          entry->lineno = lineno;
-          entry->release_ptr = line;
-          if (*line == 'i')
-            {
-              entry->invalid = atoi (line+1);
-              if (entry->invalid < 1)
-                entry->invalid = 1;
-            }
-          else if (*line == 'u')
-            entry->user_trust_req = 1;
-
-          for (fieldno=1, p = line; p; p = endp, fieldno++)
-            {
-              endp = strchr (p, ':');
-              if (endp)
-                *endp++ = '\0';
-
-              switch (fieldno)
-                {
-                case 1: /* record type */ break;
-                case 2: entry->issuer_hash = p; break;
-                case 3: entry->issuer = unpercent_string (p); break;
-                case 4: entry->url = unpercent_string (p); break;
-                case 5:
-		  strncpy (entry->this_update, p, 15);
-		  entry->this_update[15] = 0;
-		  break;
-                case 6:
-		  strncpy (entry->next_update, p, 15);
-		  entry->next_update[15] = 0;
-		  break;
-                case 7: entry->dbfile_hash = p; break;
-                case 8: if (*p) entry->crl_number = p; break;
-                case 9:
-                  if (*p)
-                    entry->authority_issuer = unpercent_string (p);
-                  break;
-                case 10:
-                  if (*p)
-                    entry->authority_serialno = unpercent_string (p);
-                  break;
-                case 11:
-                  if (*p)
-                    entry->check_trust_anchor = xtrystrdup (p);
-                  break;
-                default:
-                  if (*p)
-                    log_info (_("extra field detected in crl record of "
-                                "'%s' line %u\n"), fname, lineno);
-                  break;
-                }
-            }
-
-          if (!entry->issuer_hash)
-            {
-              log_info (_("invalid line detected in '%s' line %u\n"),
-                        fname, lineno);
-              xfree (entry);
-              entry = NULL;
-            }
-          else if (find_entry (cache->entries, entry->issuer_hash))
-            {
-              /* Fixme: The duplicate checking used is not very
-                 effective for large numbers of issuers. */
-              log_info (_("duplicate entry detected in '%s' line %u\n"),
-                        fname, lineno);
-              xfree (entry);
-              entry = NULL;
-            }
-          else
-            {
-              line = NULL;
-              *entrytail = entry;
-              entrytail = &entry->next;
-            }
-        }
-      else if (*line == '#')
-        ;
-      else
-        log_info (_("unsupported record type in '%s' line %u skipped\n"),
-                  fname, lineno);
-
-      if (line)
-        xfree (line);
-    }
-  if (lineerr)
-    {
-      err = lineerr;
-      log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (err));
-      goto leave;
-    }
-  if (es_ferror (fp))
-    {
-      log_error (_("error reading '%s': %s\n"), fname, strerror (errno));
-      err = gpg_error (GPG_ERR_CONFIGURATION);
-      goto leave;
-    }
-
-  /* Now do some basic checks on the data. */
-  for (entry = cache->entries; entry; entry = entry->next)
-    {
-      assert (entry->lineno);
-      if (strlen (entry->issuer_hash) != 40)
-        {
-          anyerr++;
-          log_error (_("invalid issuer hash in '%s' line %u\n"),
-                     fname, entry->lineno);
-        }
-      else if ( !*entry->issuer )
-        {
-          anyerr++;
-          log_error (_("no issuer DN in '%s' line %u\n"),
-                     fname, entry->lineno);
-        }
-      else if ( check_isotime (entry->this_update)
-                || check_isotime (entry->next_update))
-        {
-          anyerr++;
-          log_error (_("invalid timestamp in '%s' line %u\n"),
-                     fname, entry->lineno);
-        }
-
-      /* Checks not leading to an immediate fail. */
-      if (strlen (entry->dbfile_hash) != 32)
-        log_info (_("WARNING: invalid cache file hash in '%s' line %u\n"),
-                  fname, entry->lineno);
-    }
-
-  if (anyerr)
-    {
-      log_error (_("detected errors in cache dir file\n"));
-      log_info (_("please check the reason and manually delete that file\n"));
-      err = gpg_error (GPG_ERR_CONFIGURATION);
-    }
-
-
- leave:
-  es_fclose (fp);
-  xfree (line);
-  xfree (fname);
-  if (err)
-    {
-      release_cache (cache);
-      cache = NULL;
-    }
-  *r_cache = cache;
-  return err;
-}
-
-static void
-write_percented_string (const char *s, estream_t fp)
-{
-  for (; *s; s++)
-    if (*s == ':')
-      es_fputs ("%3A", fp);
-    else if (*s == '\n')
-      es_fputs ("%0A", fp);
-    else if (*s == '\r')
-      es_fputs ("%0D", fp);
-    else
-      es_putc (*s, fp);
-}
-
-
-static void
-write_dir_line_crl (estream_t fp, crl_cache_entry_t e)
-{
-  if (e->invalid)
-    es_fprintf (fp, "i%d", e->invalid);
-  else if (e->user_trust_req)
-    es_putc ('u', fp);
-  else
-    es_putc ('c', fp);
-  es_putc (':', fp);
-  es_fputs (e->issuer_hash, fp);
-  es_putc (':', fp);
-  write_percented_string (e->issuer, fp);
-  es_putc (':', fp);
-  write_percented_string (e->url, fp);
-  es_putc (':', fp);
-  es_fwrite (e->this_update, 15, 1, fp);
-  es_putc (':', fp);
-  es_fwrite (e->next_update, 15, 1, fp);
-  es_putc (':', fp);
-  es_fputs (e->dbfile_hash, fp);
-  es_putc (':', fp);
-  if (e->crl_number)
-    es_fputs (e->crl_number, fp);
-  es_putc (':', fp);
-  if (e->authority_issuer)
-    write_percented_string (e->authority_issuer, fp);
-  es_putc (':', fp);
-  if (e->authority_serialno)
-    es_fputs (e->authority_serialno, fp);
-  es_putc (':', fp);
-  if (e->check_trust_anchor && e->user_trust_req)
-    es_fputs (e->check_trust_anchor, fp);
-  es_putc ('\n', fp);
-}
-
-
-/* Update the current dir file using the cache. */
-static gpg_error_t
-update_dir (crl_cache_t cache)
-{
-  char *fname = NULL;
-  char *tmpfname = NULL;
-  char *line = NULL;
-  gpg_error_t lineerr = 0;
-  estream_t fp;
-  estream_t fpout = NULL;
-  crl_cache_entry_t e;
-  unsigned int lineno;
-  gpg_error_t err = 0;
-
-  fname = make_filename (opt.homedir_cache, DBDIR_D, DBDIRFILE, NULL);
-
-  /* Fixme: Take an update file lock here. */
-
-  for (e= cache->entries; e; e = e->next)
-    e->mark = 1;
-
-  lineno = 0;
-  fp = es_fopen (fname, "r");
-  if (!fp)
-    {
-      err = gpg_error_from_errno (errno);
-      log_error (_("failed to open cache dir file '%s': %s\n"),
-                 fname, strerror (errno));
-      goto leave;
-    }
-  err = check_dir_version (&fp, fname, &lineno, 0);
-  if (err)
-    goto leave;
-  es_rewind (fp);
-  lineno = 0;
-
-  /* Create a temporary DIR file. */
-  {
-    char *tmpbuf, *p;
-    const char *nodename;
-#ifndef HAVE_W32_SYSTEM
-    struct utsname utsbuf;
-#endif
-
-#ifdef HAVE_W32_SYSTEM
-    nodename = "unknown";
-#else
-    if (uname (&utsbuf))
-      nodename = "unknown";
-    else
-      nodename = utsbuf.nodename;
-#endif
-
-    gpgrt_asprintf (&tmpbuf, "DIR-tmp-%s-%u-%p.txt.tmp",
-                    nodename, (unsigned int)getpid (), &tmpbuf);
-    if (!tmpbuf)
-      {
-        err = gpg_error_from_errno (errno);
-        log_error (_("failed to create temporary cache dir file '%s': %s\n"),
-                   tmpfname, strerror (errno));
-        goto leave;
-      }
-    for (p=tmpbuf; *p; p++)
-      if (*p == '/')
-        *p = '.';
-    tmpfname = make_filename (opt.homedir_cache, DBDIR_D, tmpbuf, NULL);
-    xfree (tmpbuf);
-  }
-  fpout = es_fopen (tmpfname, "w");
-  if (!fpout)
-    {
-      err = gpg_error_from_errno (errno);
-      log_error (_("failed to create temporary cache dir file '%s': %s\n"),
-                 tmpfname, strerror (errno));
-      goto leave;
-    }
-
-  while ((line = next_line_from_file (fp, &lineerr)))
-    {
-      lineno++;
-      if (*line == 'c' || *line == 'u' || *line == 'i')
-        {
-          /* Extract the issuer hash field. */
-          char *fieldp, *endp;
-
-          fieldp = strchr (line, ':');
-          endp = fieldp? strchr (++fieldp, ':') : NULL;
-          if (endp)
-            {
-              /* There should be no percent within the issuer hash
-                 field, thus we can compare it pretty easily. */
-              *endp = 0;
-              e = find_entry ( cache->entries, fieldp);
-              *endp = ':'; /* Restore orginal line. */
-              if (e && e->deleted)
-                {
-                  /* Marked for deletion, so don't write it. */
-                  e->mark = 0;
-                }
-              else if (e)
-                {
-                  /* Yep, this is valid entry we know about; write it out */
-                  write_dir_line_crl (fpout, e);
-                  e->mark = 0;
-                }
-              else
-                { /* We ignore entries we don't have in our cache
-                     because they may have been added in the meantime
-                     by other instances of dirmngr. */
-                  es_fprintf (fpout, "# Next line added by "
-                              "another process; our pid is %lu\n",
-                              (unsigned long)getpid ());
-                  es_fputs (line, fpout);
-                  es_putc ('\n', fpout);
-                }
-            }
-          else
-            {
-              es_fputs ("# Invalid line detected: ", fpout);
-              es_fputs (line, fpout);
-              es_putc ('\n', fpout);
-            }
-        }
-      else
-        {
-          /* Write out all non CRL lines as they are. */
-          es_fputs (line, fpout);
-          es_putc ('\n', fpout);
-        }
-
-      xfree (line);
-    }
-  if (!es_ferror (fp) && !es_ferror (fpout) && !lineerr)
-    {
-      /* Write out the remaining entries. */
-      for (e= cache->entries; e; e = e->next)
-        if (e->mark)
-          {
-            if (!e->deleted)
-              write_dir_line_crl (fpout, e);
-            e->mark = 0;
-          }
-    }
-  if (lineerr)
-    {
-      err = lineerr;
-      log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (err));
-      goto leave;
-    }
-  if (es_ferror (fp))
-    {
-      err = gpg_error_from_errno (errno);
-      log_error (_("error reading '%s': %s\n"), fname, strerror (errno));
-    }
-  if (es_ferror (fpout))
-    {
-      err = gpg_error_from_errno (errno);
-      log_error (_("error writing '%s': %s\n"), tmpfname, strerror (errno));
-    }
-  if (err)
-    goto leave;
-
-  /* Rename the files. */
-  es_fclose (fp);
-  fp = NULL;
-  if (es_fclose (fpout))
-    {
-      err = gpg_error_from_errno (errno);
-      log_error (_("error closing '%s': %s\n"), tmpfname, strerror (errno));
-      goto leave;
-    }
-  fpout = NULL;
-
-#ifdef HAVE_W32_SYSTEM
-  /* No atomic mv on W32 systems.  */
-  gnupg_remove (fname);
-#endif
-  if (rename (tmpfname, fname))
-    {
-      err = gpg_error_from_errno (errno);
-      log_error (_("error renaming '%s' to '%s': %s\n"),
-                 tmpfname, fname, strerror (errno));
-      goto leave;
-    }
-
- leave:
-  /* Fixme: Relinquish update lock. */
-  xfree (line);
-  es_fclose (fp);
-  xfree (fname);
-  if (fpout)
-    {
-      es_fclose (fpout);
-      if (err && tmpfname)
-        gnupg_remove (tmpfname);
-    }
-  xfree (tmpfname);
-  return err;
-}
-
-
-
-
-/* Create the filename for the cache file from the 40 byte ISSUER_HASH
-   string. Caller must release the return string. */
-static char *
-make_db_file_name (const char *issuer_hash)
-{
-  char bname[50];
-
-  assert (strlen (issuer_hash) == 40);
-  memcpy (bname, "crl-", 4);
-  memcpy (bname + 4, issuer_hash, 40);
-  strcpy (bname + 44, ".db");
-  return make_filename (opt.homedir_cache, DBDIR_D, bname, NULL);
-}
-
-
-/* Hash the file FNAME and return the MD5 digest in MD5BUFFER. The
-   caller must allocate MD%buffer wityh at least 16 bytes. Returns 0
-   on success. */
-static int
-hash_dbfile (const char *fname, unsigned char *md5buffer)
-{
-  estream_t fp;
-  char *buffer;
-  size_t n;
-  gcry_md_hd_t md5;
-  gpg_err_code_t err;
-
-  buffer = xtrymalloc (65536);
-  fp = buffer? es_fopen (fname, "rb") : NULL;
-  if (!fp)
-    {
-      log_error (_("can't hash '%s': %s\n"), fname, strerror (errno));
-      xfree (buffer);
-      return -1;
-    }
-
-  err = gcry_md_open (&md5, GCRY_MD_MD5, 0);
-  if (err)
-    {
-      log_error (_("error setting up MD5 hash context: %s\n"),
-                 gpg_strerror (err));
-      xfree (buffer);
-      es_fclose (fp);
-      return -1;
-    }
-
-  /* We better hash some information about the cache file layout in. */
-  sprintf (buffer, "%.100s/%.100s:%d", DBDIR_D, DBDIRFILE, DBDIRVERSION);
-  gcry_md_write (md5, buffer, strlen (buffer));
-
-  for (;;)
-    {
-      n = es_fread (buffer, 1, 65536, fp);
-      if (n < 65536 && es_ferror (fp))
-        {
-          log_error (_("error hashing '%s': %s\n"), fname, strerror (errno));
-          xfree (buffer);
-          es_fclose (fp);
-          gcry_md_close (md5);
-          return -1;
-        }
-      if (!n)
-        break;
-      gcry_md_write (md5, buffer, n);
-    }
-  es_fclose (fp);
-  xfree (buffer);
-  gcry_md_final (md5);
-
-  memcpy (md5buffer, gcry_md_read (md5, GCRY_MD_MD5), 16);
-  gcry_md_close (md5);
-  return 0;
-}
-
-/* Compare the file FNAME against the dexified MD5 hash MD5HASH and
-   return 0 if they match. */
-static int
-check_dbfile (const char *fname, const char *md5hexvalue)
-{
-  unsigned char buffer1[16], buffer2[16];
-
-  if (strlen (md5hexvalue) != 32)
-    {
-      log_error (_("invalid formatted checksum for '%s'\n"), fname);
-      return -1;
-    }
-  unhexify (buffer1, md5hexvalue);
-
-  if (hash_dbfile (fname, buffer2))
-    return -1;
-
-  return memcmp (buffer1, buffer2, 16);
-}
-
-
-/* Open the cache file for ENTRY.  This function implements a caching
-   strategy and might close unused cache files. It is required to use
-   unlock_db_file after using the file. */
-static struct cdb *
-lock_db_file (crl_cache_t cache, crl_cache_entry_t entry)
-{
-  char *fname;
-  int fd;
-  int open_count;
-  crl_cache_entry_t e;
-
-  if (entry->cdb)
-    {
-      entry->cdb_use_count++;
-      return entry->cdb;
-    }
-
-  for (open_count = 0, e = cache->entries; e; e = e->next)
-    {
-      if (e->cdb)
-        open_count++;
-/*       log_debug ("CACHE: cdb=%p use_count=%u lru_count=%u\n", */
-/*                  e->cdb,e->cdb_use_count,e->cdb_lru_count); */
-    }
-
-  /* If there are too many file open, find the least recent used DB
-     file and close it.  Note that for Pth thread safeness we need to
-     use a loop here. */
-  while (open_count >= MAX_OPEN_DB_FILES )
-    {
-      crl_cache_entry_t last_e = NULL;
-      unsigned int last_lru = (unsigned int)(-1);
-
-      for (e = cache->entries; e; e = e->next)
-        if (e->cdb && !e->cdb_use_count && e->cdb_lru_count < last_lru)
-          {
-            last_lru = e->cdb_lru_count;
-            last_e = e;
-          }
-      if (!last_e)
-        {
-          log_error (_("too many open cache files; can't open anymore\n"));
-          return NULL;
-        }
-
-/*       log_debug ("CACHE: closing file at cdb=%p\n", last_e->cdb); */
-
-      fd = cdb_fileno (last_e->cdb);
-      cdb_free (last_e->cdb);
-      xfree (last_e->cdb);
-      last_e->cdb = NULL;
-      if (close (fd))
-        log_error (_("error closing cache file: %s\n"), strerror(errno));
-      open_count--;
-    }
-
-
-  fname = make_db_file_name (entry->issuer_hash);
-  if (opt.verbose)
-    log_info (_("opening cache file '%s'\n"), fname );
-
-  if (!entry->dbfile_checked)
-    {
-      if (!check_dbfile (fname, entry->dbfile_hash))
-        entry->dbfile_checked = 1;
-      /* Note, in case of an error we don't print an error here but
-         let require the caller to do that check. */
-    }
-
-  entry->cdb = xtrycalloc (1, sizeof *entry->cdb);
-  if (!entry->cdb)
-    {
-      xfree (fname);
-      return NULL;
-    }
-  fd = open (fname, O_RDONLY);
-  if (fd == -1)
-    {
-      log_error (_("error opening cache file '%s': %s\n"),
-                 fname, strerror (errno));
-      xfree (entry->cdb);
-      entry->cdb = NULL;
-      xfree (fname);
-      return NULL;
-    }
-  if (cdb_init (entry->cdb, fd))
-    {
-      log_error (_("error initializing cache file '%s' for reading: %s\n"),
-                 fname, strerror (errno));
-      xfree (entry->cdb);
-      entry->cdb = NULL;
-      close (fd);
-      xfree (fname);
-      return NULL;
-    }
-  xfree (fname);
-
-  entry->cdb_use_count = 1;
-  entry->cdb_lru_count = 0;
-
-  return entry->cdb;
-}
-
-/* Unlock a cache file, so that it can be reused. */
-static void
-unlock_db_file (crl_cache_t cache, crl_cache_entry_t entry)
-{
-  if (!entry->cdb)
-    log_error (_("calling unlock_db_file on a closed file\n"));
-  else if (!entry->cdb_use_count)
-    log_error (_("calling unlock_db_file on an unlocked file\n"));
-  else
-    {
-      entry->cdb_use_count--;
-      entry->cdb_lru_count++;
-    }
-
-  /* If the entry was marked for deletion in the meantime do it now.
-     We do this for the sake of Pth thread safeness. */
-  if (!entry->cdb_use_count && entry->deleted)
-    {
-      crl_cache_entry_t eprev, enext;
-
-      enext = entry->next;
-      for (eprev = cache->entries;
-           eprev && eprev->next != entry; eprev = eprev->next)
-        ;
-      assert (eprev);
-      if (eprev == cache->entries)
-        cache->entries = enext;
-      else
-        eprev->next = enext;
-      /* FIXME: Do we leak ENTRY? */
-    }
-}
-
-
-/* Find ISSUER_HASH in our cache FIRST. This may be used to enumerate
-   the linked list we use to keep the CRLs of an issuer. */
-static crl_cache_entry_t
-find_entry (crl_cache_entry_t first, const char *issuer_hash)
-{
-  while (first && (first->deleted || strcmp (issuer_hash, first->issuer_hash)))
-    first = first->next;
-  return first;
-}
-
-
-/* Create a new CRL cache. This fucntion is usually called only once.
-   never fail. */
-void
-crl_cache_init(void)
-{
-  crl_cache_t cache = NULL;
-  gpg_error_t err;
-
-  if (current_cache)
-    {
-      log_error ("crl cache has already been initialized - not doing twice\n");
-      return;
-    }
-
-  err = open_dir (&cache);
-  if (err)
-    log_fatal (_("failed to create a new cache object: %s\n"),
-               gpg_strerror (err));
-  current_cache = cache;
-}
-
-
-/* Remove the cache information and all its resources.  Note that we
-   still keep the cache on disk. */
-void
-crl_cache_deinit (void)
-{
-  if (current_cache)
-    {
-      release_cache (current_cache);
-      current_cache = NULL;
-    }
-}
-
-
-/* Delete the cache from disk. Return 0 on success.*/
-int
-crl_cache_flush (void)
-{
-  int rc;
-
-  rc = cleanup_cache_dir (0)? -1 : 0;
-
-  return rc;
-}
-
-
-/* Check whether the certificate identified by ISSUER_HASH and
-   SN/SNLEN is valid; i.e. not listed in our cache.  With
-   FORCE_REFRESH set to true, a new CRL will be retrieved even if the
-   cache has not yet expired.  We use a 30 minutes threshold here so
-   that invoking this function several times won't load the CRL over
-   and over.  */
-static crl_cache_result_t
-cache_isvalid (ctrl_t ctrl, const char *issuer_hash,
-               const unsigned char *sn, size_t snlen,
-               int force_refresh)
-{
-  crl_cache_t cache = get_current_cache ();
-  crl_cache_result_t retval;
-  struct cdb *cdb;
-  int rc;
-  crl_cache_entry_t entry;
-  gnupg_isotime_t current_time;
-  size_t n;
-
-  (void)ctrl;
-
-  entry = find_entry (cache->entries, issuer_hash);
-  if (!entry)
-    {
-      log_info (_("no CRL available for issuer id %s\n"), issuer_hash );
-      return CRL_CACHE_DONTKNOW;
-    }
-
-  gnupg_get_isotime (current_time);
-  if (strcmp (entry->next_update, current_time) < 0 )
-    {
-      log_info (_("cached CRL for issuer id %s too old; update required\n"),
-                issuer_hash);
-      return CRL_CACHE_DONTKNOW;
-    }
-  if (force_refresh)
-    {
-      gnupg_isotime_t tmptime;
-
-      if (*entry->last_refresh)
-        {
-          gnupg_copy_time (tmptime, entry->last_refresh);
-          add_seconds_to_isotime (tmptime, 30 * 60);
-          if (strcmp (tmptime, current_time) < 0 )
-            {
-              log_info (_("force-crl-refresh active and %d minutes passed for"
-                          " issuer id %s; update required\n"),
-                        30, issuer_hash);
-              return CRL_CACHE_DONTKNOW;
-            }
-        }
-      else
-        {
-          log_info (_("force-crl-refresh active for"
-                      " issuer id %s; update required\n"),
-                    issuer_hash);
-          return CRL_CACHE_DONTKNOW;
-        }
-    }
-
-  if (entry->invalid)
-    {
-      log_info (_("available CRL for issuer ID %s can't be used\n"),
-                issuer_hash);
-      return CRL_CACHE_CANTUSE;
-    }
-
-  cdb = lock_db_file (cache, entry);
-  if (!cdb)
-    return CRL_CACHE_DONTKNOW; /* Hmmm, not the best error code. */
-
-  if (!entry->dbfile_checked)
-    {
-      log_error (_("cached CRL for issuer id %s tampered; we need to update\n")
-                 , issuer_hash);
-      unlock_db_file (cache, entry);
-      return CRL_CACHE_DONTKNOW;
-    }
-
-  rc = cdb_find (cdb, sn, snlen);
-  if (rc == 1)
-    {
-      n = cdb_datalen (cdb);
-      if (n != 16)
-        {
-          log_error (_("WARNING: invalid cache record length for S/N "));
-          log_printhex ("", sn, snlen);
-        }
-      else if (opt.verbose)
-        {
-          unsigned char record[16];
-          char *tmp = hexify_data (sn, snlen);
-
-          if (cdb_read (cdb, record, n, cdb_datapos (cdb)))
-            log_error (_("problem reading cache record for S/N %s: %s\n"),
-                       tmp, strerror (errno));
-          else
-            log_info (_("S/N %s is not valid; reason=%02X  date=%.15s\n"),
-                      tmp, *record, record+1);
-          xfree (tmp);
-        }
-      retval = CRL_CACHE_INVALID;
-    }
-  else if (!rc)
-    {
-      if (opt.verbose)
-        {
-          char *serialno = hexify_data (sn, snlen);
-          log_info (_("S/N %s is valid, it is not listed in the CRL\n"),
-                    serialno );
-          xfree (serialno);
-        }
-      retval = CRL_CACHE_VALID;
-    }
-  else
-    {
-      log_error (_("error getting data from cache file: %s\n"),
-                 strerror (errno));
-      retval = CRL_CACHE_DONTKNOW;
-    }
-
-
-  if (entry->user_trust_req
-      && (retval == CRL_CACHE_VALID || retval == CRL_CACHE_INVALID))
-    {
-      if (!entry->check_trust_anchor)
-        {
-          log_error ("inconsistent data on user trust check\n");
-          retval = CRL_CACHE_CANTUSE;
-        }
-      else if (get_istrusted_from_client (ctrl, entry->check_trust_anchor))
-        {
-          if (opt.verbose)
-            log_info ("no system trust and client does not trust either\n");
-          retval = CRL_CACHE_CANTUSE;
-        }
-      else
-        {
-          /* Okay, the CRL is considered valid by the client and thus
-             we can return the result as is.  */
-        }
-    }
-
-  unlock_db_file (cache, entry);
-
-  return retval;
-}
-
-
-/* Check whether the certificate identified by ISSUER_HASH and
-   SERIALNO is valid; i.e. not listed in our cache.  With
-   FORCE_REFRESH set to true, a new CRL will be retrieved even if the
-   cache has not yet expired.  We use a 30 minutes threshold here so
-   that invoking this function several times won't load the CRL over
-   and over.  */
-crl_cache_result_t
-crl_cache_isvalid (ctrl_t ctrl, const char *issuer_hash, const char *serialno,
-                   int force_refresh)
-{
-  crl_cache_result_t result;
-  unsigned char snbuf_buffer[50];
-  unsigned char *snbuf;
-  size_t n;
-
-  n = strlen (serialno)/2+1;
-  if (n < sizeof snbuf_buffer - 1)
-    snbuf = snbuf_buffer;
-  else
-    {
-      snbuf = xtrymalloc (n);
-      if (!snbuf)
-        return CRL_CACHE_DONTKNOW;
-    }
-
-  n = unhexify (snbuf, serialno);
-
-  result = cache_isvalid (ctrl, issuer_hash, snbuf, n, force_refresh);
-
-  if (snbuf != snbuf_buffer)
-    xfree (snbuf);
-
-  return result;
-}
-
-
-/* Check whether the certificate CERT is valid; i.e. not listed in our
-   cache.  With FORCE_REFRESH set to true, a new CRL will be retrieved
-   even if the cache has not yet expired.  We use a 30 minutes
-   threshold here so that invoking this function several times won't
-   load the CRL over and over.  */
-gpg_error_t
-crl_cache_cert_isvalid (ctrl_t ctrl, ksba_cert_t cert,
-                        int force_refresh)
-{
-  gpg_error_t err;
-  crl_cache_result_t result;
-  unsigned char issuerhash[20];
-  char issuerhash_hex[41];
-  ksba_sexp_t serial;
-  unsigned char *sn;
-  size_t snlen;
-  char *endp, *tmp;
-  int i;
-
-  /* Compute the hash value of the issuer name.  */
-  tmp = ksba_cert_get_issuer (cert, 0);
-  if (!tmp)
-    {
-      log_error ("oops: issuer missing in certificate\n");
-      return gpg_error (GPG_ERR_INV_CERT_OBJ);
-    }
-  gcry_md_hash_buffer (GCRY_MD_SHA1, issuerhash, tmp, strlen (tmp));
-  xfree (tmp);
-  for (i=0,tmp=issuerhash_hex; i < 20; i++, tmp += 2)
-    sprintf (tmp, "%02X", issuerhash[i]);
-
-  /* Get the serial number.  */
-  serial = ksba_cert_get_serial (cert);
-  if (!serial)
-    {
-      log_error ("oops: S/N missing in certificate\n");
-      return gpg_error (GPG_ERR_INV_CERT_OBJ);
-    }
-  sn = serial;
-  if (*sn != '(')
-    {
-      log_error ("oops: invalid S/N\n");
-      xfree (serial);
-      return gpg_error (GPG_ERR_INV_CERT_OBJ);
-    }
-  sn++;
-  snlen = strtoul (sn, &endp, 10);
-  sn = endp;
-  if (*sn != ':')
-    {
-      log_error ("oops: invalid S/N\n");
-      xfree (serial);
-      return gpg_error (GPG_ERR_INV_CERT_OBJ);
-    }
-  sn++;
-
-  /* Check the cache.  */
-  result = cache_isvalid (ctrl, issuerhash_hex, sn, snlen, force_refresh);
-  switch (result)
-    {
-    case CRL_CACHE_VALID:
-      err = 0;
-      break;
-    case CRL_CACHE_INVALID:
-      err = gpg_error (GPG_ERR_CERT_REVOKED);
-      break;
-    case CRL_CACHE_DONTKNOW:
-      err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
-    case CRL_CACHE_CANTUSE:
-      err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
-      break;
-    default:
-      log_fatal ("cache_isvalid returned invalid status code %d\n", result);
-    }
-
-  xfree (serial);
-  return err;
-}
-
-
-/* Prepare a hash context for the signature verification.  Input is
-   the CRL and the output is the hash context MD as well as the uses
-   algorithm identifier ALGO. */
-static gpg_error_t
-start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo)
-{
-  gpg_error_t err;
-  const char *algoid;
-
-  algoid = ksba_crl_get_digest_algo (crl);
-  *algo = gcry_md_map_name (algoid);
-  if (!*algo)
-    {
-      log_error (_("unknown hash algorithm '%s'\n"), algoid? algoid:"?");
-      return gpg_error (GPG_ERR_DIGEST_ALGO);
-    }
-
-  err = gcry_md_open (md, *algo, 0);
-  if (err)
-    {
-      log_error (_("gcry_md_open for algorithm %d failed: %s\n"),
-                 *algo, gcry_strerror (err));
-      return err;
-    }
-  if (DBG_HASHING)
-    gcry_md_debug (*md, "hash.cert");
-
-  ksba_crl_set_hash_function (crl, HASH_FNC, *md);
-  return 0;
-}
-
-
-/* Finish a hash context and verify the signature.  This function
-   should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the
-   signature does not verify or any other error code. CRL is the CRL
-   object we are working on, MD the hash context and ISSUER_CERT the
-   certificate of the CRL issuer.  This function closes MD.  */
-static gpg_error_t
-finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
-                  ksba_cert_t issuer_cert)
-{
-  gpg_error_t err;
-  ksba_sexp_t sigval = NULL, pubkey = NULL;
-  const char *s;
-  char algoname[50];
-  size_t n;
-  gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL;
-  unsigned int i;
-
-  /* This also stops debugging on the MD.  */
-  gcry_md_final (md);
-
-  /* Get and convert the signature value. */
-  sigval = ksba_crl_get_sig_val (crl);
-  n = gcry_sexp_canon_len (sigval, 0, NULL, NULL);
-  if (!n)
-    {
-      log_error (_("got an invalid S-expression from libksba\n"));
-      err = gpg_error (GPG_ERR_INV_SEXP);
-      goto leave;
-    }
-  err = gcry_sexp_sscan (&s_sig, NULL, sigval, n);
-  if (err)
-    {
-      log_error (_("converting S-expression failed: %s\n"),
-                 gcry_strerror (err));
-      goto leave;
-    }
-
-  /* Get and convert the public key for the issuer certificate. */
-  if (DBG_X509)
-    dump_cert ("crl_issuer_cert", issuer_cert);
-  pubkey = ksba_cert_get_public_key (issuer_cert);
-  n = gcry_sexp_canon_len (pubkey, 0, NULL, NULL);
-  if (!n)
-    {
-      log_error (_("got an invalid S-expression from libksba\n"));
-      err = gpg_error (GPG_ERR_INV_SEXP);
-      goto leave;
-    }
-  err = gcry_sexp_sscan (&s_pkey, NULL, pubkey, n);
-  if (err)
-    {
-      log_error (_("converting S-expression failed: %s\n"),
-                 gcry_strerror (err));
-      goto leave;
-    }
-
-  /* Create an S-expression with the actual hash value. */
-  s = gcry_md_algo_name (algo);
-  for (i = 0; *s && i < sizeof(algoname) - 1; s++, i++)
-    algoname[i] = ascii_tolower (*s);
-  algoname[i] = 0;
-  err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))",
-                         algoname,
-                         gcry_md_get_algo_dlen (algo), gcry_md_read (md, algo));
-  if (err)
-    {
-      log_error (_("creating S-expression failed: %s\n"), gcry_strerror (err));
-      goto leave;
-    }
-
-  /* Pass this on to the signature verification. */
-  err = gcry_pk_verify (s_sig, s_hash, s_pkey);
-  if (DBG_X509)
-    log_debug ("gcry_pk_verify: %s\n", gpg_strerror (err));
-
- leave:
-  xfree (sigval);
-  xfree (pubkey);
-  gcry_sexp_release (s_sig);
-  gcry_sexp_release (s_hash);
-  gcry_sexp_release (s_pkey);
-  gcry_md_close (md);
-
-  return err;
-}
-
-
-/* Call this to match a start_sig_check that can not be completed
-   normally.  */
-static void
-abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md)
-{
-  (void)crl;
-  gcry_md_close (md);
-}
-
-
-/* Workhorse of the CRL loading machinery.  The CRL is read using the
-   CRL object and stored in the data base file DB with the name FNAME
-   (only used for printing error messages).  That DB should be a
-   temporary one and not the actual one.  If the function fails the
-   caller should delete this temporary database file.  CTRL is
-   required to retrieve certificates using the general dirmngr
-   callback service.  R_CRLISSUER returns an allocated string with the
-   crl-issuer DN, THIS_UPDATE and NEXT_UPDATE are filled with the
-   corresponding data from the CRL.  Note that these values might get
-   set even if the CRL processing fails at a later step; thus the
-   caller should free *R_ISSUER even if the function returns with an
-   error.  R_TRUST_ANCHOR is set on exit to NULL or a string with the
-   hexified fingerprint of the root certificate, if checking this
-   certificate for trustiness is required.
-*/
-static int
-crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
-                  struct cdb_make *cdb, const char *fname,
-                  char **r_crlissuer,
-                  ksba_isotime_t thisupdate, ksba_isotime_t nextupdate,
-                  char **r_trust_anchor)
-{
-  gpg_error_t err;
-  ksba_stop_reason_t stopreason;
-  ksba_cert_t crlissuer_cert = NULL;
-  gcry_md_hd_t md = NULL;
-  int algo = 0;
-  size_t n;
-
-  (void)fname;
-
-  *r_crlissuer = NULL;
-  *thisupdate = *nextupdate = 0;
-  *r_trust_anchor = NULL;
-
-  /* Start of the KSBA parser loop. */
-  do
-    {
-      err = ksba_crl_parse (crl, &stopreason);
-      if (err)
-        {
-          log_error (_("ksba_crl_parse failed: %s\n"), gpg_strerror (err) );
-          goto failure;
-        }
-
-      switch (stopreason)
-        {
-        case KSBA_SR_BEGIN_ITEMS:
-          {
-            if (start_sig_check (crl, &md, &algo ))
-              goto failure;
-
-            err = ksba_crl_get_update_times (crl, thisupdate, nextupdate);
-            if (err)
-              {
-                log_error (_("error getting update times of CRL: %s\n"),
-                           gpg_strerror (err));
-                err = gpg_error (GPG_ERR_INV_CRL);
-                goto failure;
-              }
-
-            if (opt.verbose || !*nextupdate)
-              log_info (_("update times of this CRL: this=%s next=%s\n"),
-                        thisupdate, nextupdate);
-            if (!*nextupdate)
-              {
-                log_info (_("nextUpdate not given; "
-                            "assuming a validity period of one day\n"));
-                gnupg_copy_time (nextupdate, thisupdate);
-                add_seconds_to_isotime (nextupdate, 86400);
-              }
-          }
-          break;
-
-        case KSBA_SR_GOT_ITEM:
-          {
-            ksba_sexp_t serial;
-            const unsigned char *p;
-            ksba_isotime_t rdate;
-            ksba_crl_reason_t reason;
-            int rc;
-            unsigned char record[1+15];
-
-            err = ksba_crl_get_item (crl, &serial, rdate, &reason);
-            if (err)
-              {
-                log_error (_("error getting CRL item: %s\n"),
-                           gpg_strerror (err));
-                err = gpg_error (GPG_ERR_INV_CRL);
-                ksba_free (serial);
-                goto failure;
-              }
-            p = serial_to_buffer (serial, &n);
-            if (!p)
-              BUG ();
-            record[0] = (reason & 0xff);
-            memcpy (record+1, rdate, 15);
-            rc = cdb_make_add (cdb, p, n, record, 1+15);
-            if (rc)
-              {
-                err = gpg_error_from_errno (errno);
-                log_error (_("error inserting item into "
-                             "temporary cache file: %s\n"),
-                           strerror (errno));
-                goto failure;
-              }
-
-            ksba_free (serial);
-          }
-          break;
-
-        case KSBA_SR_END_ITEMS:
-          break;
-
-        case KSBA_SR_READY:
-          {
-            char *crlissuer;
-            ksba_name_t authid;
-            ksba_sexp_t authidsn;
-            ksba_sexp_t keyid;
-
-            /* We need to look for the issuer only after having read
-               all items.  The issuer itselfs comes before the items
-               but the optional authorityKeyIdentifier comes after the
-               items. */
-            err = ksba_crl_get_issuer (crl, &crlissuer);
-            if( err )
-              {
-                log_error (_("no CRL issuer found in CRL: %s\n"),
-                           gpg_strerror (err) );
-                err = gpg_error (GPG_ERR_INV_CRL);
-                goto failure;
-              }
-	    /* Note: This should be released by ksba_free, not xfree.
-	       May need a memory reallocation dance.  */
-            *r_crlissuer = crlissuer; /* (Do it here so we don't need
-                                         to free it later) */
-
-            if (!ksba_crl_get_auth_key_id (crl, &keyid, &authid, &authidsn))
-              {
-                const char *s;
-
-                if (opt.verbose)
-                  log_info (_("locating CRL issuer certificate by "
-                              "authorityKeyIdentifier\n"));
-
-                s = ksba_name_enum (authid, 0);
-                if (s && *authidsn)
-                  crlissuer_cert = find_cert_bysn (ctrl, s, authidsn);
-                if (!crlissuer_cert && keyid)
-                  crlissuer_cert = find_cert_bysubject (ctrl,
-                                                        crlissuer, keyid);
-
-                if (!crlissuer_cert)
-                  {
-                    log_info ("CRL issuer certificate ");
-                    if (keyid)
-                      {
-                        log_printf ("{");
-                        dump_serial (keyid);
-                        log_printf ("} ");
-                      }
-                    if (authidsn)
-                      {
-                        log_printf ("(#");
-                        dump_serial (authidsn);
-                        log_printf ("/");
-                        dump_string (s);
-                        log_printf (") ");
-                      }
-                    log_printf ("not found\n");
-                  }
-                ksba_name_release (authid);
-                xfree (authidsn);
-                xfree (keyid);
-              }
-            else
-              crlissuer_cert = find_cert_bysubject (ctrl, crlissuer, NULL);
-            err = 0;
-            if (!crlissuer_cert)
-              {
-                err = gpg_error (GPG_ERR_MISSING_CERT);
-                goto failure;
-              }
-
-            err = finish_sig_check (crl, md, algo, crlissuer_cert);
-            if (err)
-              {
-                log_error (_("CRL signature verification failed: %s\n"),
-                           gpg_strerror (err));
-                goto failure;
-              }
-	    md = NULL;
-
-            err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
-                                       VALIDATE_MODE_CRL_RECURSIVE,
-                                       r_trust_anchor);
-            if (err)
-              {
-                log_error (_("error checking validity of CRL "
-                             "issuer certificate: %s\n"),
-                           gpg_strerror (err));
-                goto failure;
-              }
-
-          }
-          break;
-
-        default:
-          log_debug ("crl_parse_insert: unknown stop reason\n");
-          err = gpg_error (GPG_ERR_BUG);
-          goto failure;
-        }
-    }
-  while (stopreason != KSBA_SR_READY);
-  assert (!err);
-
-
- failure:
-  if (md)
-    abort_sig_check (crl, md);
-  ksba_cert_release (crlissuer_cert);
-  return err;
-}
-
-
-
-/* Return the crlNumber extension as an allocated hex string or NULL
-   if there is none. */
-static char *
-get_crl_number (ksba_crl_t crl)
-{
-  gpg_error_t err;
-  ksba_sexp_t number;
-  char *string;
-
-  err = ksba_crl_get_crl_number (crl, &number);
-  if (err)
-    return NULL;
-  string = serial_hex (number);
-  ksba_free (number);
-  return string;
-}
-
-
-/* Return the authorityKeyIdentifier or NULL if it is not available.
-   The issuer name may consists of several parts - they are delimted by
-   0x01. */
-static char *
-get_auth_key_id (ksba_crl_t crl, char **serialno)
-{
-  gpg_error_t err;
-  ksba_name_t name;
-  ksba_sexp_t sn;
-  int idx;
-  const char *s;
-  char *string;
-  size_t length;
-
-  *serialno = NULL;
-  err = ksba_crl_get_auth_key_id (crl, NULL, &name, &sn);
-  if (err)
-    return NULL;
-  *serialno = serial_hex (sn);
-  ksba_free (sn);
-
-  if (!name)
-    return xstrdup ("");
-
-  length = 0;
-  for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
-    {
-      char *p = ksba_name_get_uri (name, idx);
-      length += strlen (p?p:s) + 1;
-      xfree (p);
-    }
-  string = xtrymalloc (length+1);
-  if (string)
-    {
-      *string = 0;
-      for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
-        {
-          char *p = ksba_name_get_uri (name, idx);
-          if (*string)
-            strcat (string, "\x01");
-          strcat (string, p?p:s);
-          xfree (p);
-        }
-    }
-  ksba_name_release (name);
-  return string;
-}
-
-
-
-/* Insert the CRL retrieved using URL into the cache specified by
-   CACHE.  The CRL itself will be read from the stream FP and is
-   expected in binary format.
-
-   Called by:
-      crl_cache_load
-         cmd_loadcrl
-         --load-crl
-      crl_cache_reload_crl
-         cmd_isvalid
-         cmd_checkcrl
-      cmd_loadcrl
-      --fetch-crl
-
- */
-gpg_error_t
-crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
-{
-  crl_cache_t cache = get_current_cache ();
-  gpg_error_t err, err2;
-  ksba_crl_t crl;
-  char *fname = NULL;
-  char *newfname = NULL;
-  struct cdb_make cdb;
-  int fd_cdb = -1;
-  char *issuer = NULL;
-  char *issuer_hash = NULL;
-  ksba_isotime_t thisupdate, nextupdate;
-  crl_cache_entry_t entry = NULL;
-  crl_cache_entry_t e;
-  gnupg_isotime_t current_time;
-  char *checksum = NULL;
-  int invalidate_crl = 0;
-  int idx;
-  const char *oid;
-  int critical;
-  char *trust_anchor = NULL;
-
-  /* FIXME: We should acquire a mutex for the URL, so that we don't
-     simultaneously enter the same CRL twice.  However this needs to be
-     interweaved with the checking function.*/
-
-  err2 = 0;
-
-  err = ksba_crl_new (&crl);
-  if (err)
-    {
-      log_error (_("ksba_crl_new failed: %s\n"), gpg_strerror (err));
-      goto leave;
-    }
-
-  err = ksba_crl_set_reader (crl, reader);
-  if ( err )
-    {
-      log_error (_("ksba_crl_set_reader failed: %s\n"), gpg_strerror (err));
-      goto leave;
-    }
-
-  /* Create a temporary cache file to load the CRL into. */
-  {
-    char *tmpfname, *p;
-    const char *nodename;
-#ifndef HAVE_W32_SYSTEM
-    struct utsname utsbuf;
-#endif
-
-#ifdef HAVE_W32_SYSTEM
-    nodename = "unknown";
-#else
-    if (uname (&utsbuf))
-      nodename = "unknown";
-    else
-      nodename = utsbuf.nodename;
-#endif
-
-    gpgrt_asprintf (&tmpfname, "crl-tmp-%s-%u-%p.db.tmp",
-                    nodename, (unsigned int)getpid (), &tmpfname);
-    if (!tmpfname)
-      {
-        err = gpg_error_from_syserror ();
-        goto leave;
-      }
-    for (p=tmpfname; *p; p++)
-      if (*p == '/')
-        *p = '.';
-    fname = make_filename (opt.homedir_cache, DBDIR_D, tmpfname, NULL);
-    xfree (tmpfname);
-    if (!gnupg_remove (fname))
-      log_info (_("removed stale temporary cache file '%s'\n"), fname);
-    else if (errno != ENOENT)
-      {
-        err = gpg_error_from_syserror ();
-        log_error (_("problem removing stale temporary cache file '%s': %s\n"),
-                   fname, gpg_strerror (err));
-        goto leave;
-      }
-  }
-
-  fd_cdb = open (fname, O_WRONLY | O_CREAT | O_TRUNC, 0644);
-  if (fd_cdb == -1)
-    {
-      err = gpg_error_from_errno (errno);
-      log_error (_("error creating temporary cache file '%s': %s\n"),
-                 fname, strerror (errno));
-      goto leave;
-    }
-  cdb_make_start(&cdb, fd_cdb);
-
-  err = crl_parse_insert (ctrl, crl, &cdb, fname,
-                          &issuer, thisupdate, nextupdate, &trust_anchor);
-  if (err)
-    {
-      log_error (_("crl_parse_insert failed: %s\n"), gpg_strerror (err));
-      /* Error in cleanup ignored.  */
-      cdb_make_finish (&cdb);
-      goto leave;
-    }
-
-  /* Finish the database. */
-  if (cdb_make_finish (&cdb))
-    {
-      err = gpg_error_from_errno (errno);
-      log_error (_("error finishing temporary cache file '%s': %s\n"),
-                 fname, strerror (errno));
-      goto leave;
-    }
-  if (close (fd_cdb))
-    {
-      err = gpg_error_from_errno (errno);
-      log_error (_("error closing temporary cache file '%s': %s\n"),
-                 fname, strerror (errno));
-      goto leave;
-    }
-  fd_cdb = -1;
-
-
-  /* Create a checksum. */
-  {
-    unsigned char md5buf[16];
-
-    if (hash_dbfile (fname, md5buf))
-      {
-        err = gpg_error (GPG_ERR_CHECKSUM);
-        goto leave;
-      }
-    checksum = hexify_data (md5buf, 16);
-  }
-
-
-  /* Check whether that new CRL is still not expired. */
-  gnupg_get_isotime (current_time);
-  if (strcmp (nextupdate, current_time) < 0 )
-    {
-      if (opt.force)
-        log_info (_("WARNING: new CRL still too old; it expired on %s "
-                    "- loading anyway\n"),  nextupdate);
-      else
-        {
-          log_error (_("new CRL still too old; it expired on %s\n"),
-                     nextupdate);
-          if (!err2)
-            err2 = gpg_error (GPG_ERR_CRL_TOO_OLD);
-          invalidate_crl |= 1;
-        }
-    }
-
-  /* Check for unknown critical extensions. */
-  for (idx=0; !(err=ksba_crl_get_extension (crl, idx, &oid, &critical,
-                                              NULL, NULL)); idx++)
-    {
-      if (!critical
-          || !strcmp (oid, oidstr_authorityKeyIdentifier)
-          || !strcmp (oid, oidstr_crlNumber) )
-        continue;
-      log_error (_("unknown critical CRL extension %s\n"), oid);
-      if (!err2)
-        err2 = gpg_error (GPG_ERR_INV_CRL);
-      invalidate_crl |= 2;
-    }
-  if (gpg_err_code (err) == GPG_ERR_EOF
-      || gpg_err_code (err) == GPG_ERR_NO_DATA )
-    err = 0;
-  if (err)
-    {
-      log_error (_("error reading CRL extensions: %s\n"), gpg_strerror (err));
-      err = gpg_error (GPG_ERR_INV_CRL);
-    }
-
-
-  /* Create an hex encoded SHA-1 hash of the issuer DN to be
-     used as the key for the cache. */
-  issuer_hash = hashify_data (issuer, strlen (issuer));
-
-  /* Create an ENTRY. */
-  entry = xtrycalloc (1, sizeof *entry);
-  if (!entry)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-  entry->release_ptr = xtrymalloc (strlen (issuer_hash) + 1
-                                   + strlen (issuer) + 1
-                                   + strlen (url) + 1
-                                   + strlen (checksum) + 1);
-  if (!entry->release_ptr)
-    {
-      err = gpg_error_from_syserror ();
-      xfree (entry);
-      entry = NULL;
-      goto leave;
-    }
-  entry->issuer_hash = entry->release_ptr;
-  entry->issuer = stpcpy (entry->issuer_hash, issuer_hash) + 1;
-  entry->url = stpcpy (entry->issuer, issuer) + 1;
-  entry->dbfile_hash = stpcpy (entry->url, url) + 1;
-  strcpy (entry->dbfile_hash, checksum);
-  gnupg_copy_time (entry->this_update, thisupdate);
-  gnupg_copy_time (entry->next_update, nextupdate);
-  gnupg_copy_time (entry->last_refresh, current_time);
-  entry->crl_number = get_crl_number (crl);
-  entry->authority_issuer = get_auth_key_id (crl, &entry->authority_serialno);
-  entry->invalid = invalidate_crl;
-  entry->user_trust_req = !!trust_anchor;
-  entry->check_trust_anchor = trust_anchor;
-  trust_anchor = NULL;
-
-  /* Check whether we already have an entry for this issuer and mark
-     it as deleted. We better use a loop, just in case duplicates got
-     somehow into the list. */
-  for (e = cache->entries; (e=find_entry (e, entry->issuer_hash)); e = e->next)
-    e->deleted = 1;
-
-  /* Rename the temporary DB to the real name. */
-  newfname = make_db_file_name (entry->issuer_hash);
-  if (opt.verbose)
-    log_info (_("creating cache file '%s'\n"), newfname);
-
-  /* Just in case close unused matching files.  Actually we need this
-     only under Windows but saving file descriptors is never bad.  */
-  {
-    int any;
-    do
-      {
-        any = 0;
-        for (e = cache->entries; e; e = e->next)
-          if (!e->cdb_use_count && e->cdb
-              && !strcmp (e->issuer_hash, entry->issuer_hash))
-            {
-              int fd = cdb_fileno (e->cdb);
-              cdb_free (e->cdb);
-              xfree (e->cdb);
-              e->cdb = NULL;
-              if (close (fd))
-                log_error (_("error closing cache file: %s\n"),
-                           strerror(errno));
-              any = 1;
-              break;
-            }
-      }
-    while (any);
-  }
-#ifdef HAVE_W32_SYSTEM
-  gnupg_remove (newfname);
-#endif
-  if (rename (fname, newfname))
-    {
-      err = gpg_error_from_syserror ();
-      log_error (_("problem renaming '%s' to '%s': %s\n"),
-                 fname, newfname, gpg_strerror (err));
-      goto leave;
-    }
-  xfree (fname); fname = NULL; /*(let the cleanup code not try to remove it)*/
-
-  /* Link the new entry in. */
-  entry->next = cache->entries;
-  cache->entries = entry;
-  entry = NULL;
-
-  err = update_dir (cache);
-  if (err)
-    {
-      log_error (_("updating the DIR file failed - "
-                   "cache entry will get lost with the next program start\n"));
-      err = 0; /* Keep on running. */
-    }
-
-
- leave:
-  release_one_cache_entry (entry);
-  if (fd_cdb != -1)
-    close (fd_cdb);
-  if (fname)
-    {
-      gnupg_remove (fname);
-      xfree (fname);
-    }
-  xfree (newfname);
-  ksba_crl_release (crl);
-  xfree (issuer);
-  xfree (issuer_hash);
-  xfree (checksum);
-  xfree (trust_anchor);
-  return err ? err : err2;
-}
-
-
-/* Print one cached entry E in a human readable format to stream
-   FP. Return 0 on success. */
-static gpg_error_t
-list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp)
-{
-  struct cdb_find cdbfp;
-  struct cdb *cdb;
-  int rc;
-  int warn = 0;
-  const unsigned char *s;
-
-  es_fputs ("--------------------------------------------------------\n", fp );
-  es_fprintf (fp, _("Begin CRL dump (retrieved via %s)\n"), e->url );
-  es_fprintf (fp, " Issuer:\t%s\n", e->issuer );
-  es_fprintf (fp, " Issuer Hash:\t%s\n", e->issuer_hash );
-  es_fprintf (fp, " This Update:\t%s\n", e->this_update );
-  es_fprintf (fp, " Next Update:\t%s\n", e->next_update );
-  es_fprintf (fp, " CRL Number :\t%s\n", e->crl_number? e->crl_number: "none");
-  es_fprintf (fp, " AuthKeyId  :\t%s\n",
-              e->authority_serialno? e->authority_serialno:"none");
-  if (e->authority_serialno && e->authority_issuer)
-    {
-      es_fputs ("             \t", fp);
-      for (s=e->authority_issuer; *s; s++)
-        if (*s == '\x01')
-          es_fputs ("\n             \t", fp);
-        else
-          es_putc (*s, fp);
-      es_putc ('\n', fp);
-    }
-  es_fprintf (fp, " Trust Check:\t%s\n",
-              !e->user_trust_req? "[system]" :
-              e->check_trust_anchor? e->check_trust_anchor:"[missing]");
-
-  if ((e->invalid & 1))
-    es_fprintf (fp, _(" ERROR: The CRL will not be used "
-                      "because it was still too old after an update!\n"));
-  if ((e->invalid & 2))
-    es_fprintf (fp, _(" ERROR: The CRL will not be used "
-                      "due to an unknown critical extension!\n"));
-  if ((e->invalid & ~3))
-    es_fprintf (fp, _(" ERROR: The CRL will not be used\n"));
-
-  cdb = lock_db_file (cache, e);
-  if (!cdb)
-    return gpg_error (GPG_ERR_GENERAL);
-
-  if (!e->dbfile_checked)
-    es_fprintf (fp, _(" ERROR: This cached CRL may have been tampered with!\n"));
-
-  es_putc ('\n', fp);
-
-  rc = cdb_findinit (&cdbfp, cdb, NULL, 0);
-  while (!rc && (rc=cdb_findnext (&cdbfp)) > 0 )
-    {
-      unsigned char keyrecord[256];
-      unsigned char record[16];
-      int reason;
-      int any = 0;
-      cdbi_t n;
-      cdbi_t i;
-
-      rc = 0;
-      n = cdb_datalen (cdb);
-      if (n != 16)
-        {
-          log_error (_(" WARNING: invalid cache record length\n"));
-          warn = 1;
-          continue;
-        }
-
-      if (cdb_read (cdb, record, n, cdb_datapos (cdb)))
-        {
-          log_error (_("problem reading cache record: %s\n"),
-                     strerror (errno));
-          warn = 1;
-          continue;
-        }
-
-      n = cdb_keylen (cdb);
-      if (n > sizeof keyrecord)
-        n = sizeof keyrecord;
-      if (cdb_read (cdb, keyrecord, n, cdb_keypos (cdb)))
-        {
-          log_error (_("problem reading cache key: %s\n"), strerror (errno));
-          warn = 1;
-          continue;
-        }
-
-      reason = *record;
-      es_fputs ("  ", fp);
-      for (i = 0; i < n; i++)
-        es_fprintf (fp, "%02X", keyrecord[i]);
-      es_fputs (":\t reasons( ", fp);
-
-      if (reason & KSBA_CRLREASON_UNSPECIFIED)
-        es_fputs( "unspecified ", fp ), any = 1;
-      if (reason & KSBA_CRLREASON_KEY_COMPROMISE )
-        es_fputs( "key_compromise ", fp ), any = 1;
-      if (reason & KSBA_CRLREASON_CA_COMPROMISE )
-        es_fputs( "ca_compromise ", fp ), any = 1;
-      if (reason & KSBA_CRLREASON_AFFILIATION_CHANGED )
-        es_fputs( "affiliation_changed ", fp ), any = 1;
-      if (reason & KSBA_CRLREASON_SUPERSEDED )
-        es_fputs( "superseeded", fp ), any = 1;
-      if (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION )
-        es_fputs( "cessation_of_operation", fp ), any = 1;
-      if (reason & KSBA_CRLREASON_CERTIFICATE_HOLD )
-        es_fputs( "certificate_hold", fp ), any = 1;
-      if (reason && !any)
-        es_fputs( "other", fp );
-
-      es_fprintf (fp, ") rdate: %.15s\n", record+1);
-    }
-  if (rc)
-    log_error (_("error reading cache entry from db: %s\n"), strerror (rc));
-
-  unlock_db_file (cache, e);
-  es_fprintf (fp, _("End CRL dump\n") );
-  es_putc ('\n', fp);
-
-  return (rc||warn)? gpg_error (GPG_ERR_GENERAL) : 0;
-}
-
-
-/* Print the contents of the CRL CACHE in a human readable format to
-   stream FP. */
-gpg_error_t
-crl_cache_list (estream_t fp)
-{
-  crl_cache_t cache = get_current_cache ();
-  crl_cache_entry_t entry;
-  gpg_error_t err = 0;
-
-  for (entry = cache->entries;
-       entry && !entry->deleted && !err;
-       entry = entry->next )
-    err = list_one_crl_entry (cache, entry, fp);
-
-  return err;
-}
-
-
-/* Load the CRL containing the file named FILENAME into our CRL cache. */
-gpg_error_t
-crl_cache_load (ctrl_t ctrl, const char *filename)
-{
-  gpg_error_t err;
-  estream_t fp;
-  ksba_reader_t reader;
-
-  fp = es_fopen (filename, "r");
-  if (!fp)
-    {
-      err = gpg_error_from_errno (errno);
-      log_error (_("can't open '%s': %s\n"), filename, strerror (errno));
-      return err;
-    }
-
-  err = create_estream_ksba_reader (&reader, fp);
-  if (!err)
-    {
-      err = crl_cache_insert (ctrl, filename, reader);
-      ksba_reader_release (reader);
-    }
-  es_fclose (fp);
-  return err;
-}
-
-
-/* Locate the corresponding CRL for the certificate CERT, read and
-   verify the CRL and store it in the cache.  */
-gpg_error_t
-crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
-{
-  gpg_error_t err;
-  ksba_reader_t reader = NULL;
-  char *issuer = NULL;
-  ksba_name_t distpoint = NULL;
-  ksba_name_t issuername = NULL;
-  char *distpoint_uri = NULL;
-  char *issuername_uri = NULL;
-  int any_dist_point = 0;
-  int seq;
-
-  /* Loop over all distribution points, get the CRLs and put them into
-     the cache. */
-  if (opt.verbose)
-    log_info ("checking distribution points\n");
-  seq = 0;
-  while ( !(err = ksba_cert_get_crl_dist_point (cert, seq++,
-                                                &distpoint,
-                                                &issuername, NULL )))
-    {
-      int name_seq;
-      gpg_error_t last_err = 0;
-
-      if (!distpoint && !issuername)
-        {
-          if (opt.verbose)
-            log_info ("no issuer name and no distribution point\n");
-          break; /* Not allowed; i.e. an invalid certificate.  We give
-                    up here and hope that the default method returns a
-                    suitable CRL. */
-        }
-
-      xfree (issuername_uri); issuername_uri = NULL;
-
-      /* Get the URIs.  We do this in a loop to iterate over all names
-         in the crlDP. */
-      for (name_seq=0; ksba_name_enum (distpoint, name_seq); name_seq++)
-        {
-          xfree (distpoint_uri); distpoint_uri = NULL;
-          distpoint_uri = ksba_name_get_uri (distpoint, name_seq);
-          if (!distpoint_uri)
-            continue;
-
-          if (!strncmp (distpoint_uri, "ldap:", 5)
-              || !strncmp (distpoint_uri, "ldaps:", 6))
-            {
-              if (opt.ignore_ldap_dp)
-                continue;
-            }
-          else if (!strncmp (distpoint_uri, "http:", 5)
-                   || !strncmp (distpoint_uri, "https:", 6))
-            {
-              if (opt.ignore_http_dp)
-                continue;
-            }
-          else
-            continue; /* Skip unknown schemes. */
-
-          any_dist_point = 1;
-
-          if (opt.verbose)
-            log_info ("fetching CRL from '%s'\n", distpoint_uri);
-          err = crl_fetch (ctrl, distpoint_uri, &reader);
-          if (err)
-            {
-              log_error (_("crl_fetch via DP failed: %s\n"),
-                         gpg_strerror (err));
-              last_err = err;
-              continue; /* with the next name. */
-            }
-
-          if (opt.verbose)
-            log_info ("inserting CRL (reader %p)\n", reader);
-          err = crl_cache_insert (ctrl, distpoint_uri, reader);
-          if (err)
-            {
-              log_error (_("crl_cache_insert via DP failed: %s\n"),
-                         gpg_strerror (err));
-              last_err = err;
-              continue; /* with the next name. */
-            }
-          last_err = 0;
-          break; /* Ready. */
-        }
-      if (last_err)
-        {
-          err = last_err;
-          goto leave;
-        }
-
-      ksba_name_release (distpoint); distpoint = NULL;
-
-      /* We don't do anything with issuername_uri yet but we keep the
-         code for documentation. */
-      issuername_uri =  ksba_name_get_uri (issuername, 0);
-      ksba_name_release (issuername); issuername = NULL;
-
-      /* Close the reader.  */
-      crl_close_reader (reader);
-      reader = NULL;
-    }
-  if (gpg_err_code (err) == GPG_ERR_EOF)
-    err = 0;
-
-  /* If we did not found any distpoint, try something reasonable. */
-  if (!any_dist_point )
-    {
-      if (opt.verbose)
-        log_info ("no distribution point - trying issuer name\n");
-
-      crl_close_reader (reader);
-      reader = NULL;
-
-      issuer = ksba_cert_get_issuer (cert, 0);
-      if (!issuer)
-        {
-          log_error ("oops: issuer missing in certificate\n");
-          err = gpg_error (GPG_ERR_INV_CERT_OBJ);
-          goto leave;
-        }
-
-      if (opt.verbose)
-        log_info ("fetching CRL from default location\n");
-      err = crl_fetch_default (ctrl, issuer, &reader);
-      if (err)
-          {
-            log_error ("crl_fetch via issuer failed: %s\n",
-                       gpg_strerror (err));
-            goto leave;
-          }
-
-      if (opt.verbose)
-        log_info ("inserting CRL (reader %p)\n", reader);
-      err = crl_cache_insert (ctrl, "default location(s)", reader);
-      if (err)
-        {
-          log_error (_("crl_cache_insert via issuer failed: %s\n"),
-                     gpg_strerror (err));
-          goto leave;
-        }
-    }
-
- leave:
-  crl_close_reader (reader);
-  xfree (distpoint_uri);
-  xfree (issuername_uri);
-  ksba_name_release (distpoint);
-  ksba_name_release (issuername);
-  ksba_free (issuer);
-  return err;
-}
diff -Nru gnupg2-2.1.6/dirmngr/crlcache.h gnupg2-2.0.28/dirmngr/crlcache.h
--- gnupg2-2.1.6/dirmngr/crlcache.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/crlcache.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,70 +0,0 @@
-/* crlcache.h - LDAP access
- *      Copyright (C) 2002 Klarälvdalens Datakonsult AB
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#ifndef CRLCACHE_H
-#define CRLCACHE_H
-
-
-typedef enum
-  {
-    CRL_CACHE_VALID = 0,
-    CRL_CACHE_INVALID,
-    CRL_CACHE_DONTKNOW,
-    CRL_CACHE_CANTUSE
-  }
-crl_cache_result_t;
-
-typedef enum foo
-  {
-    CRL_SIG_OK = 0,
-    CRL_SIG_NOT_OK,
-    CRL_TOO_OLD,
-    CRL_SIG_ERROR,
-    CRL_GENERAL_ERROR
-  }
-crl_sig_result_t;
-
-struct crl_cache_entry_s;
-typedef struct crl_cache_entry_s *crl_cache_entry_t;
-
-
-void crl_cache_init (void);
-void crl_cache_deinit (void);
-int crl_cache_flush(void);
-
-crl_cache_result_t crl_cache_isvalid (ctrl_t ctrl,
-                                      const char *issuer_hash,
-                                      const char *cert_id,
-                                      int force_refresh);
-
-gpg_error_t crl_cache_cert_isvalid (ctrl_t ctrl, ksba_cert_t cert,
-                                    int force_refresh);
-
-gpg_error_t crl_cache_insert (ctrl_t ctrl, const char *url,
-                              ksba_reader_t reader);
-
-gpg_error_t crl_cache_list (estream_t fp);
-
-gpg_error_t crl_cache_load (ctrl_t ctrl, const char *filename);
-
-gpg_error_t crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert);
-
-
-#endif /* CRLCACHE_H */
diff -Nru gnupg2-2.1.6/dirmngr/crlfetch.c gnupg2-2.0.28/dirmngr/crlfetch.c
--- gnupg2-2.1.6/dirmngr/crlfetch.c	2015-06-18 11:27:52.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/crlfetch.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,539 +0,0 @@
-/* crlfetch.c - LDAP access
- *      Copyright (C) 2002 Klarälvdalens Datakonsult AB
- *      Copyright (C) 2003, 2004, 2005, 2006, 2007 g10 Code GmbH
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-#include 
-#include 
-
-#include "crlfetch.h"
-#include "dirmngr.h"
-#include "misc.h"
-#include "http.h"
-
-#if USE_LDAP
-# include "ldap-wrapper.h"
-#endif
-
-/* For detecting armored CRLs received via HTTP (yes, such CRLS really
-   exits, e.g. http://grid.fzk.de/ca/gridka-crl.pem at least in June
-   2008) we need a context in the reader callback.  */
-struct reader_cb_context_s
-{
-  estream_t fp;             /* The stream used with the ksba reader.  */
-  int checked:1;            /* PEM/binary detection ahs been done.    */
-  int is_pem:1;             /* The file stream is PEM encoded.        */
-  struct b64state b64state; /* The state used for Base64 decoding.    */
-};
-
-
-/* We need to associate a reader object with the reader callback
-   context.  This table is used for it. */
-struct file_reader_map_s
-{
-  ksba_reader_t reader;
-  struct reader_cb_context_s *cb_ctx;
-};
-#define MAX_FILE_READER 50
-static struct file_reader_map_s file_reader_map[MAX_FILE_READER];
-
-/* Associate FP with READER.  If the table is full wait until another
-   thread has removed an entry.  */
-static void
-register_file_reader (ksba_reader_t reader, struct reader_cb_context_s *cb_ctx)
-{
-  int i;
-
-  for (;;)
-    {
-      for (i=0; i < MAX_FILE_READER; i++)
-        if (!file_reader_map[i].reader)
-          {
-            file_reader_map[i].reader = reader;
-            file_reader_map[i].cb_ctx = cb_ctx;
-            return;
-          }
-      log_info (_("reader to file mapping table full - waiting\n"));
-      npth_sleep (2);
-    }
-}
-
-/* Scan the table for an entry matching READER, remove that entry and
-   return the associated file pointer. */
-static struct reader_cb_context_s *
-get_file_reader (ksba_reader_t reader)
-{
-  struct reader_cb_context_s *cb_ctx = NULL;
-  int i;
-
-  for (i=0; i < MAX_FILE_READER; i++)
-    if (file_reader_map[i].reader == reader)
-      {
-        cb_ctx = file_reader_map[i].cb_ctx;
-        file_reader_map[i].reader = NULL;
-        file_reader_map[i].cb_ctx = NULL;
-        break;
-      }
-  return cb_ctx;
-}
-
-
-
-static int
-my_es_read (void *opaque, char *buffer, size_t nbytes, size_t *nread)
-{
-  struct reader_cb_context_s *cb_ctx = opaque;
-  int result;
-
-  result = es_read (cb_ctx->fp, buffer, nbytes, nread);
-  if (result)
-    return result;
-  /* Fixme we should check whether the semantics of es_read are okay
-     and well defined.  I have some doubts.  */
-  if (nbytes && !*nread && es_feof (cb_ctx->fp))
-    return gpg_error (GPG_ERR_EOF);
-  if (!nread && es_ferror (cb_ctx->fp))
-    return gpg_error (GPG_ERR_EIO);
-
-  if (!cb_ctx->checked && *nread)
-    {
-      int c = *(unsigned char *)buffer;
-
-      cb_ctx->checked = 1;
-      if ( ((c & 0xc0) >> 6) == 0 /* class: universal */
-           && (c & 0x1f) == 16    /* sequence */
-           && (c & 0x20)          /* is constructed */ )
-        ; /* Binary data.  */
-      else
-        {
-          cb_ctx->is_pem = 1;
-          b64dec_start (&cb_ctx->b64state, "");
-        }
-    }
-  if (cb_ctx->is_pem && *nread)
-    {
-      size_t nread2;
-
-      if (b64dec_proc (&cb_ctx->b64state, buffer, *nread, &nread2))
-        {
-          /* EOF from decoder. */
-          *nread = 0;
-          result = gpg_error (GPG_ERR_EOF);
-        }
-      else
-        *nread = nread2;
-    }
-
-  return result;
-}
-
-
-/* Fetch CRL from URL and return the entire CRL using new ksba reader
-   object in READER.  Note that this reader object should be closed
-   only using ldap_close_reader. */
-gpg_error_t
-crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
-{
-  gpg_error_t err;
-  parsed_uri_t uri;
-  char *free_this = NULL;
-  int redirects_left = 2; /* We allow for 2 redirect levels.  */
-
-  *reader = NULL;
-
-  if (!url)
-    return gpg_error (GPG_ERR_INV_ARG);
-
- once_more:
-  err = http_parse_uri (&uri, url, 0);
-  http_release_parsed_uri (uri);
-  if (err && !strncmp (url, "https:", 6))
-    {
-      /* Our HTTP code does not support TLS, thus we can't use this
-         scheme and it is frankly not useful for CRL retrieval anyway.
-         We resort to using http, assuming that the server also
-         provides plain http access. */
-      free_this = xtrymalloc (strlen (url) + 1);
-      if (free_this)
-        {
-          strcpy (stpcpy (free_this,"http:"), url+6);
-          err = http_parse_uri (&uri, free_this, 0);
-          http_release_parsed_uri (uri);
-          if (!err)
-            {
-              log_info (_("using \"http\" instead of \"https\"\n"));
-              url = free_this;
-            }
-        }
-    }
-  if (!err) /* Yes, our HTTP code groks that. */
-    {
-      http_t hd;
-
-      if (opt.disable_http)
-        {
-          log_error (_("CRL access not possible due to disabled %s\n"),
-                     "HTTP");
-          err = gpg_error (GPG_ERR_NOT_SUPPORTED);
-        }
-      else
-        err = http_open_document (&hd, url, NULL,
-                                  (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-                                  |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0),
-                                  ctrl->http_proxy, NULL, NULL, NULL);
-
-      switch ( err? 99999 : http_get_status_code (hd) )
-        {
-        case 200:
-          {
-            estream_t fp = http_get_read_ptr (hd);
-            struct reader_cb_context_s *cb_ctx;
-
-            cb_ctx = xtrycalloc (1, sizeof *cb_ctx);
-            if (!cb_ctx)
-              err = gpg_error_from_syserror ();
-            if (!err)
-              err = ksba_reader_new (reader);
-            if (!err)
-              {
-                cb_ctx->fp = fp;
-                err = ksba_reader_set_cb (*reader, &my_es_read, cb_ctx);
-              }
-            if (err)
-              {
-                log_error (_("error initializing reader object: %s\n"),
-                           gpg_strerror (err));
-                ksba_reader_release (*reader);
-                *reader = NULL;
-                http_close (hd, 0);
-              }
-            else
-              {
-                /* The ksba reader misses a user pointer thus we need
-                   to come up with our own way of associating a file
-                   pointer (or well the callback context) with the
-                   reader.  It is only required when closing the
-                   reader thus there is no performance issue doing it
-                   this way.  FIXME: We now have a close notification
-                   which might be used here. */
-                register_file_reader (*reader, cb_ctx);
-                http_close (hd, 1);
-              }
-          }
-          break;
-
-        case 301: /* Redirection (perm.). */
-        case 302: /* Redirection (temp.). */
-          {
-            const char *s = http_get_header (hd, "Location");
-
-            log_info (_("URL '%s' redirected to '%s' (%u)\n"),
-                      url, s?s:"[none]", http_get_status_code (hd));
-            if (s && *s && redirects_left-- )
-              {
-                xfree (free_this); url = NULL;
-                free_this = xtrystrdup (s);
-                if (!free_this)
-                  err = gpg_error_from_errno (errno);
-                else
-                  {
-                    url = free_this;
-                    http_close (hd, 0);
-                    /* Note, that our implementation of redirection
-                       actually handles a redirect to LDAP.  */
-                    goto once_more;
-                  }
-              }
-            else
-              err = gpg_error (GPG_ERR_NO_DATA);
-            log_error (_("too many redirections\n")); /* Or no "Location". */
-            http_close (hd, 0);
-          }
-          break;
-
-        case 99999: /* Made up status code for error reporting.  */
-          log_error (_("error retrieving '%s': %s\n"),
-                     url, gpg_strerror (err));
-          break;
-
-        default:
-          log_error (_("error retrieving '%s': http status %u\n"),
-                     url, http_get_status_code (hd));
-          err = gpg_error (GPG_ERR_NO_DATA);
-          http_close (hd, 0);
-        }
-    }
-  else /* Let the LDAP code try other schemes. */
-    {
-      if (opt.disable_ldap)
-        {
-          log_error (_("CRL access not possible due to disabled %s\n"),
-                     "LDAP");
-          err = gpg_error (GPG_ERR_NOT_SUPPORTED);
-        }
-      else
-        {
-#       if USE_LDAP
-          err = url_fetch_ldap (ctrl, url, NULL, 0, reader);
-#       else /*!USE_LDAP*/
-          err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-#       endif /*!USE_LDAP*/
-        }
-    }
-
-  xfree (free_this);
-  return err;
-}
-
-
-/* Fetch CRL for ISSUER using a default server. Return the entire CRL
-   as a newly opened stream returned in R_FP. */
-gpg_error_t
-crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
-{
-  if (opt.disable_ldap)
-    {
-      log_error (_("CRL access not possible due to disabled %s\n"),
-                 "LDAP");
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
-    }
-#if USE_LDAP
-  return attr_fetch_ldap (ctrl, issuer, "certificateRevocationList",
-                          reader);
-#else
-  (void)ctrl;
-  (void)issuer;
-  (void)reader;
-  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-#endif
-}
-
-
-/* Fetch a CA certificate for DN using the default server. This
-   function only initiates the fetch; fetch_next_cert must be used to
-   actually read the certificate; end_cert_fetch to end the
-   operation. */
-gpg_error_t
-ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
-{
-  if (opt.disable_ldap)
-    {
-      log_error (_("CRL access not possible due to disabled %s\n"),
-                 "LDAP");
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
-    }
-#if USE_LDAP
-  return start_default_fetch_ldap (ctrl, context, dn, "cACertificate");
-#else
-  (void)ctrl;
-  (void)context;
-  (void)dn;
-  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-#endif
-}
-
-
-gpg_error_t
-start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
-                  strlist_t patterns, const ldap_server_t server)
-{
-  if (opt.disable_ldap)
-    {
-      log_error (_("certificate search not possible due to disabled %s\n"),
-                 "LDAP");
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
-    }
-#if USE_LDAP
-  return start_cert_fetch_ldap (ctrl, context, patterns, server);
-#else
-  (void)ctrl;
-  (void)context;
-  (void)patterns;
-  (void)server;
-  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-#endif
-}
-
-
-gpg_error_t
-fetch_next_cert (cert_fetch_context_t context,
-                 unsigned char **value, size_t * valuelen)
-{
-#if USE_LDAP
-  return fetch_next_cert_ldap (context, value, valuelen);
-#else
-  (void)context;
-  (void)value;
-  (void)valuelen;
-  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-#endif
-}
-
-
-/* Fetch the next data from CONTEXT, assuming it is a certificate and return
-   it as a cert object in R_CERT.  */
-gpg_error_t
-fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
-{
-  gpg_error_t err;
-  unsigned char *value;
-  size_t valuelen;
-  ksba_cert_t cert;
-
-  *r_cert = NULL;
-
-#if USE_LDAP
-  err = fetch_next_cert_ldap (context, &value, &valuelen);
-  if (!err && !value)
-    err = gpg_error (GPG_ERR_BUG);
-#else
-  (void)context;
-  err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-#endif
-  if (err)
-    return err;
-
-  err = ksba_cert_new (&cert);
-  if (err)
-    {
-      xfree (value);
-      return err;
-    }
-
-  err = ksba_cert_init_from_mem (cert, value, valuelen);
-  xfree (value);
-  if (err)
-    {
-      ksba_cert_release (cert);
-      return err;
-    }
-  *r_cert = cert;
-  return 0;
-}
-
-
-void
-end_cert_fetch (cert_fetch_context_t context)
-{
-#if USE_LDAP
-  end_cert_fetch_ldap (context);
-#else
-  (void)context;
-#endif
-}
-
-
-/* Lookup a cert by it's URL.  */
-gpg_error_t
-fetch_cert_by_url (ctrl_t ctrl, const char *url,
-		   unsigned char **value, size_t *valuelen)
-{
-  const unsigned char *cert_image;
-  size_t cert_image_n;
-  ksba_reader_t reader;
-  ksba_cert_t cert;
-  gpg_error_t err;
-
-  *value = NULL;
-  *valuelen = 0;
-  cert_image = NULL;
-  reader = NULL;
-  cert = NULL;
-
-#if USE_LDAP
-  err = url_fetch_ldap (ctrl, url, NULL, 0, &reader);
-#else
-  (void)ctrl;
-  (void)url;
-  err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-#endif /*USE_LDAP*/
-  if (err)
-    goto leave;
-
-  err = ksba_cert_new (&cert);
-  if (err)
-    goto leave;
-
-  err = ksba_cert_read_der (cert, reader);
-  if (err)
-    goto leave;
-
-  cert_image = ksba_cert_get_image (cert, &cert_image_n);
-  if (!cert_image || !cert_image_n)
-    {
-      err = gpg_error (GPG_ERR_INV_CERT_OBJ);
-      goto leave;
-    }
-
-  *value = xtrymalloc (cert_image_n);
-  if (!*value)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-
-  memcpy (*value, cert_image, cert_image_n);
-  *valuelen = cert_image_n;
-
- leave:
-
-  ksba_cert_release (cert);
-#if USE_LDAP
-  ldap_wrapper_release_context (reader);
-#endif /*USE_LDAP*/
-
-  return err;
-}
-
-/* This function is to be used to close the reader object.  In
-   addition to running ksba_reader_release it also releases the LDAP
-   or HTTP contexts associated with that reader.  */
-void
-crl_close_reader (ksba_reader_t reader)
-{
-  struct reader_cb_context_s *cb_ctx;
-
-  if (!reader)
-    return;
-
-  /* Check whether this is a HTTP one. */
-  cb_ctx = get_file_reader (reader);
-  if (cb_ctx)
-    {
-      /* This is an HTTP context. */
-      if (cb_ctx->fp)
-        es_fclose (cb_ctx->fp);
-      /* Release the base64 decoder state.  */
-      if (cb_ctx->is_pem)
-        b64dec_finish (&cb_ctx->b64state);
-      /* Release the callback context.  */
-      xfree (cb_ctx);
-    }
-  else /* This is an ldap wrapper context (Currently not used). */
-    {
-#if USE_LDAP
-      ldap_wrapper_release_context (reader);
-#endif /*USE_LDAP*/
-    }
-
-  /* Now get rid of the reader object. */
-  ksba_reader_release (reader);
-}
diff -Nru gnupg2-2.1.6/dirmngr/crlfetch.h gnupg2-2.0.28/dirmngr/crlfetch.h
--- gnupg2-2.1.6/dirmngr/crlfetch.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/crlfetch.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,88 +0,0 @@
-/* crlfetch.h - LDAP access
- *      Copyright (C) 2002 Klarälvdalens Datakonsult AB
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef CRLFETCH_H
-#define CRLFETCH_H
-
-#include "dirmngr.h"
-
-
-struct cert_fetch_context_s;
-typedef struct cert_fetch_context_s *cert_fetch_context_t;
-
-
-/* Fetch CRL from URL. */
-gpg_error_t crl_fetch (ctrl_t ctrl, const char* url, ksba_reader_t *reader);
-
-/* Fetch CRL for ISSUER using default server. */
-gpg_error_t crl_fetch_default (ctrl_t ctrl,
-                               const char* issuer, ksba_reader_t *reader);
-
-
-/* Fetch cert for DN. */
-gpg_error_t ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
-                           const char *dn);
-
-
-/* Query the server for certs matching patterns. */
-gpg_error_t start_cert_fetch (ctrl_t ctrl,
-                              cert_fetch_context_t *context,
-                              strlist_t patterns,
-                              const ldap_server_t server);
-gpg_error_t fetch_next_cert(cert_fetch_context_t context,
-                            unsigned char **value, size_t *valuelen);
-gpg_error_t fetch_next_ksba_cert (cert_fetch_context_t context,
-                                  ksba_cert_t *r_cert);
-void end_cert_fetch (cert_fetch_context_t context);
-
-/* Lookup a cert by it's URL.  */
-gpg_error_t fetch_cert_by_url (ctrl_t ctrl, const char *url,
-			       unsigned char **value, size_t *valuelen);
-
-/* Close a reader object. */
-void crl_close_reader (ksba_reader_t reader);
-
-
-
-/*-- ldap.c --*/
-gpg_error_t url_fetch_ldap (ctrl_t ctrl,
-                            const char *url, const char *host, int port,
-                            ksba_reader_t *reader);
-gpg_error_t attr_fetch_ldap (ctrl_t ctrl,
-                             const char *dn, const char *attr,
-                             ksba_reader_t *reader);
-
-
-gpg_error_t start_default_fetch_ldap (ctrl_t ctrl,
-                                      cert_fetch_context_t *context,
-                                      const char *dn, const char *attr);
-gpg_error_t start_cert_fetch_ldap( ctrl_t ctrl,
-                                   cert_fetch_context_t *context,
-                                   strlist_t patterns,
-                                   const ldap_server_t server );
-gpg_error_t fetch_next_cert_ldap (cert_fetch_context_t context,
-                                  unsigned char **value, size_t *valuelen );
-void end_cert_fetch_ldap (cert_fetch_context_t context);
-
-
-
-
-
-
-#endif /* CRLFETCH_H */
diff -Nru gnupg2-2.1.6/dirmngr/dirmngr.c gnupg2-2.0.28/dirmngr/dirmngr.c
--- gnupg2-2.1.6/dirmngr/dirmngr.c	2015-06-23 07:13:45.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/dirmngr.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,2098 +0,0 @@
-/* dirmngr.c - Keyserver and X.509 LDAP access
- * Copyright (C) 2002 Klarälvdalens Datakonsult AB
- * Copyright (C) 2003, 2004, 2006, 2007, 2008, 2010, 2011 g10 Code GmbH
- * Copyright (C) 2014 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifndef HAVE_W32_SYSTEM
-#include 
-#include 
-#endif
-#include 
-#include 
-#ifdef HAVE_SIGNAL_H
-# include 
-#endif
-#include 
-
-#include "dirmngr-err.h"
-
-#if  HTTP_USE_NTBTLS
-# include 
-#elif HTTP_USE_GNUTLS
-# include 
-#endif /*HTTP_USE_GNUTLS*/
-
-
-#define GNUPG_COMMON_NEED_AFLOCAL
-#include "dirmngr.h"
-
-#include 
-
-#include "certcache.h"
-#include "crlcache.h"
-#include "crlfetch.h"
-#include "misc.h"
-#if USE_LDAP
-# include "ldapserver.h"
-#endif
-#include "asshelp.h"
-#if USE_LDAP
-# include "ldap-wrapper.h"
-#endif
-#include "../common/init.h"
-#include "gc-opt-flags.h"
-
-/* The plain Windows version uses the windows service system.  For
-   example to start the service you may use "sc start dirmngr".
-   WindowsCE does not support this; the service system over there is
-   based on a single process with all services being DLLs - we can't
-   support this easily.  */
-#if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
-# define USE_W32_SERVICE 1
-#endif
-
-#ifndef ENAMETOOLONG
-# define ENAMETOOLONG EINVAL
-#endif
-
-
-enum cmd_and_opt_values {
-  aNull = 0,
-  oCsh		  = 'c',
-  oQuiet	  = 'q',
-  oSh		  = 's',
-  oVerbose	  = 'v',
-  oNoVerbose = 500,
-
-  aServer,
-  aDaemon,
-  aService,
-  aListCRLs,
-  aLoadCRL,
-  aFetchCRL,
-  aShutdown,
-  aFlush,
-  aGPGConfList,
-  aGPGConfTest,
-
-  oOptions,
-  oDebug,
-  oDebugAll,
-  oDebugWait,
-  oDebugLevel,
-  oGnutlsDebug,
-  oNoGreeting,
-  oNoOptions,
-  oHomedir,
-  oNoDetach,
-  oLogFile,
-  oBatch,
-  oDisableHTTP,
-  oDisableLDAP,
-  oIgnoreLDAPDP,
-  oIgnoreHTTPDP,
-  oIgnoreOCSPSvcUrl,
-  oHonorHTTPProxy,
-  oHTTPProxy,
-  oLDAPProxy,
-  oOnlyLDAPProxy,
-  oLDAPFile,
-  oLDAPTimeout,
-  oLDAPAddServers,
-  oOCSPResponder,
-  oOCSPSigner,
-  oOCSPMaxClockSkew,
-  oOCSPMaxPeriod,
-  oOCSPCurrentPeriod,
-  oMaxReplies,
-  oHkpCaCert,
-  oFakedSystemTime,
-  oForce,
-  oAllowOCSP,
-  oSocketName,
-  oLDAPWrapperProgram,
-  oHTTPWrapperProgram,
-  oIgnoreCertExtension,
-  aTest
-};
-
-
-
-static ARGPARSE_OPTS opts[] = {
-
-  ARGPARSE_group (300, N_("@Commands:\n ")),
-
-  ARGPARSE_c (aServer,   "server",  N_("run in server mode (foreground)") ),
-  ARGPARSE_c (aDaemon,   "daemon",  N_("run in daemon mode (background)") ),
-#ifdef USE_W32_SERVICE
-  ARGPARSE_c (aService,  "service", N_("run as windows service (background)")),
-#endif
-  ARGPARSE_c (aListCRLs, "list-crls", N_("list the contents of the CRL cache")),
-  ARGPARSE_c (aLoadCRL,  "load-crl",  N_("|FILE|load CRL from FILE into cache")),
-  ARGPARSE_c (aFetchCRL, "fetch-crl", N_("|URL|fetch a CRL from URL")),
-  ARGPARSE_c (aShutdown, "shutdown",  N_("shutdown the dirmngr")),
-  ARGPARSE_c (aFlush,    "flush",     N_("flush the cache")),
-  ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
-  ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
-
-  ARGPARSE_group (301, N_("@\nOptions:\n ")),
-
-  ARGPARSE_s_n (oVerbose,  "verbose",   N_("verbose")),
-  ARGPARSE_s_n (oQuiet,    "quiet",     N_("be somewhat more quiet")),
-  ARGPARSE_s_n (oSh,       "sh",        N_("sh-style command output")),
-  ARGPARSE_s_n (oCsh,      "csh",       N_("csh-style command output")),
-  ARGPARSE_s_s (oOptions,  "options",   N_("|FILE|read options from FILE")),
-  ARGPARSE_s_s (oDebugLevel, "debug-level",
-                N_("|LEVEL|set the debugging level to LEVEL")),
-  ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
-  ARGPARSE_s_s (oLogFile,  "log-file",
-                N_("|FILE|write server mode logs to FILE")),
-  ARGPARSE_s_n (oBatch,    "batch",       N_("run without asking a user")),
-  ARGPARSE_s_n (oForce,    "force",       N_("force loading of outdated CRLs")),
-  ARGPARSE_s_n (oAllowOCSP, "allow-ocsp", N_("allow sending OCSP requests")),
-  ARGPARSE_s_n (oDisableHTTP, "disable-http", N_("inhibit the use of HTTP")),
-  ARGPARSE_s_n (oDisableLDAP, "disable-ldap", N_("inhibit the use of LDAP")),
-  ARGPARSE_s_n (oIgnoreHTTPDP,"ignore-http-dp",
-                N_("ignore HTTP CRL distribution points")),
-  ARGPARSE_s_n (oIgnoreLDAPDP,"ignore-ldap-dp",
-                N_("ignore LDAP CRL distribution points")),
-  ARGPARSE_s_n (oIgnoreOCSPSvcUrl, "ignore-ocsp-service-url",
-                N_("ignore certificate contained OCSP service URLs")),
-
-  ARGPARSE_s_s (oHTTPProxy,  "http-proxy",
-                N_("|URL|redirect all HTTP requests to URL")),
-  ARGPARSE_s_s (oLDAPProxy,  "ldap-proxy",
-                N_("|HOST|use HOST for LDAP queries")),
-  ARGPARSE_s_n (oOnlyLDAPProxy, "only-ldap-proxy",
-                N_("do not use fallback hosts with --ldap-proxy")),
-
-  ARGPARSE_s_s (oLDAPFile, "ldapserverlist-file",
-                N_("|FILE|read LDAP server list from FILE")),
-  ARGPARSE_s_n (oLDAPAddServers, "add-servers",
-                N_("add new servers discovered in CRL distribution"
-                   " points to serverlist")),
-  ARGPARSE_s_i (oLDAPTimeout, "ldaptimeout",
-                N_("|N|set LDAP timeout to N seconds")),
-
-  ARGPARSE_s_s (oOCSPResponder, "ocsp-responder",
-                N_("|URL|use OCSP responder at URL")),
-  ARGPARSE_s_s (oOCSPSigner, "ocsp-signer",
-                N_("|FPR|OCSP response signed by FPR")),
-  ARGPARSE_s_i (oOCSPMaxClockSkew, "ocsp-max-clock-skew", "@"),
-  ARGPARSE_s_i (oOCSPMaxPeriod,    "ocsp-max-period", "@"),
-  ARGPARSE_s_i (oOCSPCurrentPeriod, "ocsp-current-period", "@"),
-
-  ARGPARSE_s_i (oMaxReplies, "max-replies",
-                N_("|N|do not return more than N items in one query")),
-
-  ARGPARSE_s_s (oHkpCaCert, "hkp-cacert",
-                N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
-
-
-  ARGPARSE_s_s (oSocketName, "socket-name", "@"),  /* Only for debugging.  */
-
-  ARGPARSE_s_u (oFakedSystemTime, "faked-system-time", "@"), /*(epoch time)*/
-  ARGPARSE_s_s (oDebug,    "debug", "@"),
-  ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
-  ARGPARSE_s_i (oGnutlsDebug, "gnutls-debug", "@"),
-  ARGPARSE_s_i (oGnutlsDebug, "tls-debug", "@"),
-  ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
-  ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
-  ARGPARSE_s_s (oHomedir, "homedir", "@"),
-  ARGPARSE_s_s (oLDAPWrapperProgram, "ldap-wrapper-program", "@"),
-  ARGPARSE_s_s (oHTTPWrapperProgram, "http-wrapper-program", "@"),
-  ARGPARSE_s_n (oHonorHTTPProxy, "honor-http-proxy", "@"),
-  ARGPARSE_s_s (oIgnoreCertExtension,"ignore-cert-extension", "@"),
-
-  ARGPARSE_group (302,N_("@\n(See the \"info\" manual for a complete listing "
-                         "of all commands and options)\n")),
-
-  ARGPARSE_end ()
-};
-
-/* The list of supported debug flags.  */
-static struct debug_flags_s debug_flags [] =
-  {
-    { DBG_X509_VALUE   , "x509"    },
-    { DBG_CRYPTO_VALUE , "crypto"  },
-    { DBG_MEMORY_VALUE , "memory"  },
-    { DBG_CACHE_VALUE  , "cache"   },
-    { DBG_MEMSTAT_VALUE, "memstat" },
-    { DBG_HASHING_VALUE, "hashing" },
-    { DBG_IPC_VALUE    , "ipc"     },
-    { DBG_LOOKUP_VALUE , "lookup"  },
-    { 77, NULL } /* 77 := Do not exit on "help" or "?".  */
-  };
-
-#define DEFAULT_MAX_REPLIES 10
-#define DEFAULT_LDAP_TIMEOUT 100 /* arbitrary large timeout */
-
-/* For the cleanup handler we need to keep track of the socket's name.  */
-static const char *socket_name;
-/* If the socket has been redirected, this is the name of the
-   redirected socket..  */
-static const char *redir_socket_name;
-
-/* We need to keep track of the server's nonces (these are dummies for
-   POSIX systems). */
-static assuan_sock_nonce_t socket_nonce;
-
-/* Only if this flag has been set will we remove the socket file.  */
-static int cleanup_socket;
-
-/* Keep track of the current log file so that we can avoid updating
-   the log file after a SIGHUP if it didn't changed. Malloced. */
-static char *current_logfile;
-
-/* Helper to implement --debug-level. */
-static const char *debug_level;
-
-/* Helper to set the NTBTLS or GNUTLS log level.  */
-static int opt_gnutls_debug = -1;
-
-/* Flag indicating that a shutdown has been requested.  */
-static volatile int shutdown_pending;
-
-/* Counter for the active connections.  */
-static int active_connections;
-
-/* The timer tick used for housekeeping stuff.  For Windows we use a
-   longer period as the SetWaitableTimer seems to signal earlier than
-   the 2 seconds.  All values are in seconds. */
-#if defined(HAVE_W32CE_SYSTEM)
-# define TIMERTICK_INTERVAL         (60)
-#elif defined(HAVE_W32_SYSTEM)
-# define TIMERTICK_INTERVAL          (4)
-#else
-# define TIMERTICK_INTERVAL          (2)
-#endif
-
-#define HOUSEKEEPING_INTERVAL      (600)
-
-
-/* This union is used to avoid compiler warnings in case a pointer is
-   64 bit and an int 32 bit.  We store an integer in a pointer and get
-   it back later (npth_getspecific et al.).  */
-union int_and_ptr_u
-{
-  int  aint;
-  assuan_fd_t afd;
-  void *aptr;
-};
-
-
-
-/* The key used to store the current file descriptor in the thread
-   local storage.  We use this in conjunction with the
-   log_set_pid_suffix_cb feature.  */
-#ifndef HAVE_W32_SYSTEM
-static int my_tlskey_current_fd;
-#endif
-
-/* Prototypes. */
-static void cleanup (void);
-#if USE_LDAP
-static ldap_server_t parse_ldapserver_file (const char* filename);
-#endif /*USE_LDAP*/
-static fingerprint_list_t parse_ocsp_signer (const char *string);
-static void handle_connections (assuan_fd_t listen_fd);
-
-/* NPth wrapper function definitions. */
-ASSUAN_SYSTEM_NPTH_IMPL;
-
-static const char *
-my_strusage( int level )
-{
-  const char *p;
-  switch ( level )
-    {
-    case 11: p = "@DIRMNGR@ (@GNUPG@)";
-      break;
-    case 13: p = VERSION; break;
-    case 17: p = PRINTABLE_OS_NAME; break;
-      /* TRANSLATORS: @EMAIL@ will get replaced by the actual bug
-         reporting address.  This is so that we can change the
-         reporting address without breaking the translations.  */
-    case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
-    case 49: p = PACKAGE_BUGREPORT; break;
-    case 1:
-    case 40: p = _("Usage: @DIRMNGR@ [options] (-h for help)");
-      break;
-    case 41: p = _("Syntax: @DIRMNGR@ [options] [command [args]]\n"
-                   "Keyserver, CRL, and OCSP access for @GNUPG@\n");
-      break;
-
-    default: p = NULL;
-    }
-  return p;
-}
-
-
-/* Callback from libksba to hash a provided buffer.  Our current
-   implementation does only allow SHA-1 for hashing. This may be
-   extended by mapping the name, testing for algorithm availibility
-   and adjust the length checks accordingly. */
-static gpg_error_t
-my_ksba_hash_buffer (void *arg, const char *oid,
-                     const void *buffer, size_t length, size_t resultsize,
-                     unsigned char *result, size_t *resultlen)
-{
-  (void)arg;
-
-  if (oid && strcmp (oid, "1.3.14.3.2.26"))
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
-  if (resultsize < 20)
-    return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
-  gcry_md_hash_buffer (2, result, buffer, length);
-  *resultlen = 20;
-  return 0;
-}
-
-
-/* GNUTLS log function callback.  */
-#ifdef HTTP_USE_GNUTLS
-static void
-my_gnutls_log (int level, const char *text)
-{
-  int n;
-
-  n = strlen (text);
-  while (n && text[n-1] == '\n')
-    n--;
-
-  log_debug ("gnutls:L%d: %.*s\n", level, n, text);
-}
-#endif /*HTTP_USE_GNUTLS*/
-
-/* Setup the debugging.  With a LEVEL of NULL only the active debug
-   flags are propagated to the subsystems.  With LEVEL set, a specific
-   set of debug flags is set; thus overriding all flags already
-   set. */
-static void
-set_debug (void)
-{
-  int numok = (debug_level && digitp (debug_level));
-  int numlvl = numok? atoi (debug_level) : 0;
-
-  if (!debug_level)
-    ;
-  else if (!strcmp (debug_level, "none") || (numok && numlvl < 1))
-    opt.debug = 0;
-  else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2))
-    opt.debug = DBG_IPC_VALUE;
-  else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5))
-    opt.debug = (DBG_IPC_VALUE|DBG_X509_VALUE|DBG_LOOKUP_VALUE);
-  else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8))
-    opt.debug = (DBG_IPC_VALUE|DBG_X509_VALUE|DBG_LOOKUP_VALUE
-                 |DBG_CACHE_VALUE|DBG_CRYPTO_VALUE);
-  else if (!strcmp (debug_level, "guru") || numok)
-    {
-      opt.debug = ~0;
-      /* Unless the "guru" string has been used we don't want to allow
-         hashing debugging.  The rationale is that people tend to
-         select the highest debug value and would then clutter their
-         disk with debug files which may reveal confidential data.  */
-      if (numok)
-        opt.debug &= ~(DBG_HASHING_VALUE);
-    }
-  else
-    {
-      log_error (_("invalid debug-level '%s' given\n"), debug_level);
-      log_info (_("valid debug levels are: %s\n"),
-                "none, basic, advanced, expert, guru");
-      opt.debug = 0; /* Reset debugging, so that prior debug
-                        statements won't have an undesired effect. */
-    }
-
-
-  if (opt.debug && !opt.verbose)
-    {
-      opt.verbose = 1;
-      gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
-    }
-  if (opt.debug && opt.quiet)
-    opt.quiet = 0;
-
-  if (opt.debug & DBG_CRYPTO_VALUE )
-    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
-
-#if HTTP_USE_NTBTLS
-  if (opt_gnutls_debug >= 0)
-    {
-      ntbtls_set_debug (opt_gnutls_debug, NULL, NULL);
-    }
-#elif HTTP_USE_GNUTLS
-  if (opt_gnutls_debug >= 0)
-    {
-      gnutls_global_set_log_function (my_gnutls_log);
-      gnutls_global_set_log_level (opt_gnutls_debug);
-    }
-#endif /*HTTP_USE_GNUTLS*/
-
-  if (opt.debug)
-    parse_debug_flag (NULL, &opt.debug, debug_flags);
-}
-
-
-static void
-wrong_args (const char *text)
-{
-  es_fprintf (es_stderr, _("usage: %s [options] "), DIRMNGR_NAME);
-  es_fputs (text, es_stderr);
-  es_putc ('\n', es_stderr);
-  dirmngr_exit (2);
-}
-
-
-/* Helper to stop the reaper thread for the ldap wrapper.  */
-static void
-shutdown_reaper (void)
-{
-#if USE_LDAP
-  ldap_wrapper_wait_connections ();
-#endif
-}
-
-
-/* Handle options which are allowed to be reset after program start.
-   Return true if the current option in PARGS could be handled and
-   false if not.  As a special feature, passing a value of NULL for
-   PARGS, resets the options to the default.  REREAD should be set
-   true if it is not the initial option parsing. */
-static int
-parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
-{
-  if (!pargs)
-    { /* Reset mode. */
-      opt.quiet = 0;
-      opt.verbose = 0;
-      opt.debug = 0;
-      opt.ldap_wrapper_program = NULL;
-      opt.disable_http = 0;
-      opt.disable_ldap = 0;
-      opt.honor_http_proxy = 0;
-      opt.http_proxy = NULL;
-      opt.ldap_proxy = NULL;
-      opt.only_ldap_proxy = 0;
-      opt.ignore_http_dp = 0;
-      opt.ignore_ldap_dp = 0;
-      opt.ignore_ocsp_service_url = 0;
-      opt.allow_ocsp = 0;
-      opt.ocsp_responder = NULL;
-      opt.ocsp_max_clock_skew = 10 * 60;      /* 10 minutes.  */
-      opt.ocsp_max_period = 90 * 86400;       /* 90 days.  */
-      opt.ocsp_current_period = 3 * 60 * 60;  /* 3 hours. */
-      opt.max_replies = DEFAULT_MAX_REPLIES;
-      while (opt.ocsp_signer)
-        {
-          fingerprint_list_t tmp = opt.ocsp_signer->next;
-          xfree (opt.ocsp_signer);
-          opt.ocsp_signer = tmp;
-        }
-      FREE_STRLIST (opt.ignored_cert_extensions);
-      http_register_tls_ca (NULL);
-      return 1;
-    }
-
-  switch (pargs->r_opt)
-    {
-    case oQuiet:   opt.quiet = 1; break;
-    case oVerbose: opt.verbose++; break;
-    case oDebug:
-      parse_debug_flag (pargs->r.ret_str, &opt.debug, debug_flags);
-      break;
-    case oDebugAll: opt.debug = ~0; break;
-    case oDebugLevel: debug_level = pargs->r.ret_str; break;
-    case oGnutlsDebug: opt_gnutls_debug = pargs->r.ret_int; break;
-
-    case oLogFile:
-      if (!reread)
-        return 0; /* Not handled. */
-      if (!current_logfile || !pargs->r.ret_str
-          || strcmp (current_logfile, pargs->r.ret_str))
-        {
-          log_set_file (pargs->r.ret_str);
-          xfree (current_logfile);
-          current_logfile = xtrystrdup (pargs->r.ret_str);
-        }
-      break;
-
-    case oLDAPWrapperProgram:
-      opt.ldap_wrapper_program = pargs->r.ret_str;
-      break;
-    case oHTTPWrapperProgram:
-      opt.http_wrapper_program = pargs->r.ret_str;
-      break;
-
-    case oDisableHTTP: opt.disable_http = 1; break;
-    case oDisableLDAP: opt.disable_ldap = 1; break;
-    case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
-    case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
-    case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
-    case oOnlyLDAPProxy: opt.only_ldap_proxy = 1; break;
-    case oIgnoreHTTPDP: opt.ignore_http_dp = 1; break;
-    case oIgnoreLDAPDP: opt.ignore_ldap_dp = 1; break;
-    case oIgnoreOCSPSvcUrl: opt.ignore_ocsp_service_url = 1; break;
-
-    case oAllowOCSP: opt.allow_ocsp = 1; break;
-    case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break;
-    case oOCSPSigner:
-      opt.ocsp_signer = parse_ocsp_signer (pargs->r.ret_str);
-      break;
-    case oOCSPMaxClockSkew: opt.ocsp_max_clock_skew = pargs->r.ret_int; break;
-    case oOCSPMaxPeriod: opt.ocsp_max_period = pargs->r.ret_int; break;
-    case oOCSPCurrentPeriod: opt.ocsp_current_period = pargs->r.ret_int; break;
-
-    case oMaxReplies: opt.max_replies = pargs->r.ret_int; break;
-
-    case oHkpCaCert:
-      http_register_tls_ca (pargs->r.ret_str);
-      break;
-
-    case oIgnoreCertExtension:
-      add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
-      break;
-
-    default:
-      return 0; /* Not handled. */
-    }
-
-  return 1; /* Handled. */
-}
-
-
-#ifdef USE_W32_SERVICE
-/* The global status of our service.  */
-SERVICE_STATUS_HANDLE service_handle;
-SERVICE_STATUS service_status;
-
-DWORD WINAPI
-w32_service_control (DWORD control, DWORD event_type, LPVOID event_data,
-		     LPVOID context)
-{
-  (void)event_type;
-  (void)event_data;
-  (void)context;
-
-  /* event_type and event_data are not used here.  */
-  switch (control)
-    {
-    case SERVICE_CONTROL_SHUTDOWN:
-      /* For shutdown we will try to force termination.  */
-      service_status.dwCurrentState = SERVICE_STOP_PENDING;
-      SetServiceStatus (service_handle, &service_status);
-      shutdown_pending = 3;
-      break;
-
-    case SERVICE_CONTROL_STOP:
-      service_status.dwCurrentState = SERVICE_STOP_PENDING;
-      SetServiceStatus (service_handle, &service_status);
-      shutdown_pending = 1;
-      break;
-
-    default:
-      break;
-    }
-  return 0;
-}
-#endif /*USE_W32_SERVICE*/
-
-#ifndef HAVE_W32_SYSTEM
-static int
-pid_suffix_callback (unsigned long *r_suffix)
-{
-  union int_and_ptr_u value;
-
-  memset (&value, 0, sizeof value);
-  value.aptr = npth_getspecific (my_tlskey_current_fd);
-  *r_suffix = value.aint;
-  return (*r_suffix != -1);  /* Use decimal representation.  */
-}
-#endif /*!HAVE_W32_SYSTEM*/
-
-
-#ifdef USE_W32_SERVICE
-# define main real_main
-#endif
-int
-main (int argc, char **argv)
-{
-#ifdef USE_W32_SERVICE
-# undef main
-#endif
-  enum cmd_and_opt_values cmd = 0;
-  ARGPARSE_ARGS pargs;
-  int orig_argc;
-  char **orig_argv;
-  FILE *configfp = NULL;
-  char *configname = NULL;
-  const char *shell;
-  unsigned configlineno;
-  int parse_debug = 0;
-  int default_config =1;
-  int greeting = 0;
-  int nogreeting = 0;
-  int nodetach = 0;
-  int csh_style = 0;
-  char *logfile = NULL;
-#if USE_LDAP
-  char *ldapfile = NULL;
-#endif /*USE_LDAP*/
-  int debug_wait = 0;
-  int rc;
-  int homedir_seen = 0;
-  struct assuan_malloc_hooks malloc_hooks;
-
-  early_system_init ();
-
-#ifdef USE_W32_SERVICE
-  /* The option will be set by main() below if we should run as a
-     system daemon.  */
-  if (opt.system_service)
-    {
-      service_handle
-	= RegisterServiceCtrlHandlerEx ("DirMngr",
-					&w32_service_control, NULL /*FIXME*/);
-      if (service_handle == 0)
-	log_error ("failed to register service control handler: ec=%d",
-		   (int) GetLastError ());
-      service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
-      service_status.dwCurrentState = SERVICE_START_PENDING;
-      service_status.dwControlsAccepted
-	= SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
-      service_status.dwWin32ExitCode = NO_ERROR;
-      service_status.dwServiceSpecificExitCode = NO_ERROR;
-      service_status.dwCheckPoint = 0;
-      service_status.dwWaitHint = 10000; /* 10 seconds timeout.  */
-      SetServiceStatus (service_handle, &service_status);
-    }
-#endif /*USE_W32_SERVICE*/
-
-  set_strusage (my_strusage);
-  log_set_prefix (DIRMNGR_NAME, 1|4);
-
-  /* Make sure that our subsystems are ready.  */
-  i18n_init ();
-  init_common_subsystems (&argc, &argv);
-
-  npth_init ();
-
-  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
-
- /* Check that the libraries are suitable.  Do it here because
-    the option parsing may need services of the libraries. */
-
-  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
-    log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
-               NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
-  if (!ksba_check_version (NEED_KSBA_VERSION) )
-    log_fatal( _("%s is too old (need %s, have %s)\n"), "libksba",
-               NEED_KSBA_VERSION, ksba_check_version (NULL) );
-
-  ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
-  ksba_set_hash_buffer_function (my_ksba_hash_buffer, NULL);
-
-  /* Init TLS library.  */
-#if HTTP_USE_NTBTLS
-  if (!ntbtls_check_version (NEED_NTBTLS_VERSION) )
-    log_fatal( _("%s is too old (need %s, have %s)\n"), "ntbtls",
-               NEED_NTBTLS_VERSION, ntbtls_check_version (NULL) );
-#elif HTTP_USE_GNUTLS
-  rc = gnutls_global_init ();
-  if (rc)
-    log_fatal ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
-#endif /*HTTP_USE_GNUTLS*/
-
-  /* Init Assuan. */
-  malloc_hooks.malloc = gcry_malloc;
-  malloc_hooks.realloc = gcry_realloc;
-  malloc_hooks.free = gcry_free;
-  assuan_set_malloc_hooks (&malloc_hooks);
-  assuan_set_assuan_log_prefix (log_get_prefix (NULL));
-  assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
-  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-  assuan_sock_init ();
-  setup_libassuan_logging (&opt.debug);
-
-  setup_libgcrypt_logging ();
-
-  /* Setup defaults. */
-  shell = getenv ("SHELL");
-  if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
-    csh_style = 1;
-
-  opt.homedir = default_homedir ();
-
-  /* Now with NPth running we can set the logging callback.  Our
-     windows implementation does not yet feature the NPth TLS
-     functions.  */
-#ifndef HAVE_W32_SYSTEM
-  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
-    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
-      log_set_pid_suffix_cb (pid_suffix_callback);
-#endif /*!HAVE_W32_SYSTEM*/
-
-  /* Reset rereadable options to default values. */
-  parse_rereadable_options (NULL, 0);
-
-  /* LDAP defaults.  */
-  opt.add_new_ldapservers = 0;
-  opt.ldaptimeout = DEFAULT_LDAP_TIMEOUT;
-
-  /* Other defaults.  */
-
-  /* Check whether we have a config file given on the commandline */
-  orig_argc = argc;
-  orig_argv = argv;
-  pargs.argc = &argc;
-  pargs.argv = &argv;
-  pargs.flags= 1|(1<<6);  /* do not remove the args, ignore version */
-  while (arg_parse( &pargs, opts))
-    {
-      if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
-        parse_debug++;
-      else if (pargs.r_opt == oOptions)
-        { /* Yes there is one, so we do not try the default one, but
-	     read the option file when it is encountered at the
-	     commandline */
-          default_config = 0;
-	}
-      else if (pargs.r_opt == oNoOptions)
-        default_config = 0; /* --no-options */
-      else if (pargs.r_opt == oHomedir)
-        {
-          opt.homedir = pargs.r.ret_str;
-          homedir_seen = 1;
-        }
-      else if (pargs.r_opt == aDaemon)
-        opt.system_daemon = 1;
-      else if (pargs.r_opt == aService)
-        {
-	  /* Redundant.  The main function takes care of it.  */
-	  opt.system_service = 1;
-	  opt.system_daemon = 1;
-	}
-#ifdef HAVE_W32_SYSTEM
-      else if (pargs.r_opt == aGPGConfList || pargs.r_opt == aGPGConfTest)
-	/* We set this so we switch to the system configuration
-	   directory below.  This is a crutch to solve the problem
-	   that the user configuration is never used on Windows.  Also
-	   see below at aGPGConfList.  */
-        opt.system_daemon = 1;
-#endif
-    }
-
-  /* If --daemon has been given on the command line but not --homedir,
-     we switch to /etc/gnupg as default home directory.  Note, that
-     this also overrides the GNUPGHOME environment variable.  */
-  if (opt.system_daemon && !homedir_seen)
-    {
-#ifdef HAVE_W32CE_SYSTEM
-      opt.homedir = DIRSEP_S "gnupg";
-#else
-      opt.homedir = gnupg_sysconfdir ();
-#endif
-      opt.homedir_cache = gnupg_cachedir ();
-      socket_name = dirmngr_sys_socket_name ();
-    }
-  else if (dirmngr_user_socket_name ())
-    socket_name = dirmngr_user_socket_name ();
-  else
-    socket_name = dirmngr_sys_socket_name ();
-
-  if (default_config)
-    configname = make_filename (opt.homedir, DIRMNGR_NAME".conf", NULL );
-
-  argc = orig_argc;
-  argv = orig_argv;
-  pargs.argc = &argc;
-  pargs.argv = &argv;
-  pargs.flags= 1;  /* do not remove the args */
- next_pass:
-  if (configname)
-    {
-      configlineno = 0;
-      configfp = fopen (configname, "r");
-      if (!configfp)
-        {
-          if (default_config)
-            {
-              if( parse_debug )
-                log_info (_("Note: no default option file '%s'\n"),
-                          configname );
-	    }
-          else
-            {
-              log_error (_("option file '%s': %s\n"),
-                         configname, strerror(errno) );
-              exit(2);
-	    }
-          xfree (configname);
-          configname = NULL;
-	}
-      if (parse_debug && configname )
-        log_info (_("reading options from '%s'\n"), configname );
-      default_config = 0;
-    }
-
-  while (optfile_parse( configfp, configname, &configlineno, &pargs, opts) )
-    {
-      if (parse_rereadable_options (&pargs, 0))
-        continue; /* Already handled */
-      switch (pargs.r_opt)
-        {
-        case aServer:
-        case aDaemon:
-        case aService:
-        case aShutdown:
-        case aFlush:
-	case aListCRLs:
-	case aLoadCRL:
-        case aFetchCRL:
-	case aGPGConfList:
-	case aGPGConfTest:
-          cmd = pargs.r_opt;
-          break;
-
-        case oQuiet: opt.quiet = 1; break;
-        case oVerbose: opt.verbose++; break;
-        case oBatch: opt.batch=1; break;
-
-        case oDebugWait: debug_wait = pargs.r.ret_int; break;
-
-        case oOptions:
-          /* Config files may not be nested (silently ignore them) */
-          if (!configfp)
-            {
-		xfree(configname);
-		configname = xstrdup(pargs.r.ret_str);
-		goto next_pass;
-	    }
-          break;
-        case oNoGreeting: nogreeting = 1; break;
-        case oNoVerbose: opt.verbose = 0; break;
-        case oNoOptions: break; /* no-options */
-        case oHomedir: /* Ignore this option here. */; break;
-        case oNoDetach: nodetach = 1; break;
-        case oLogFile: logfile = pargs.r.ret_str; break;
-        case oCsh: csh_style = 1; break;
-        case oSh: csh_style = 0; break;
-	case oLDAPFile:
-#        if USE_LDAP
-          ldapfile = pargs.r.ret_str;
-#        endif /*USE_LDAP*/
-          break;
-	case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
-	case oLDAPTimeout:
-	  opt.ldaptimeout = pargs.r.ret_int;
-	  break;
-
-        case oFakedSystemTime:
-          gnupg_set_time ((time_t)pargs.r.ret_ulong, 0);
-          break;
-
-        case oForce: opt.force = 1; break;
-
-        case oSocketName: socket_name = pargs.r.ret_str; break;
-
-        default : pargs.err = configfp? 1:2; break;
-	}
-    }
-  if (configfp)
-    {
-      fclose (configfp);
-      configfp = NULL;
-      /* Keep a copy of the name so that it can be read on SIGHUP. */
-      opt.config_filename = configname;
-      configname = NULL;
-      goto next_pass;
-    }
-  xfree (configname);
-  configname = NULL;
-  if (log_get_errorcount(0))
-    exit(2);
-  if (nogreeting )
-    greeting = 0;
-
-  if (!opt.homedir_cache)
-    opt.homedir_cache = opt.homedir;
-
-  if (greeting)
-    {
-      es_fprintf (es_stderr, "%s %s; %s\n",
-                  strusage(11), strusage(13), strusage(14) );
-      es_fprintf (es_stderr, "%s\n", strusage(15) );
-    }
-
-#ifdef IS_DEVELOPMENT_VERSION
-  log_info ("NOTE: this is a development version!\n");
-#endif
-
-  /* Print a warning if an argument looks like an option.  */
-  if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
-    {
-      int i;
-
-      for (i=0; i < argc; i++)
-        if (argv[i][0] == '-' && argv[i][1] == '-')
-          log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
-    }
-
-  if (!access ("/etc/"DIRMNGR_NAME, F_OK) && !strncmp (opt.homedir, "/etc/", 5))
-    log_info
-      ("NOTE: DirMngr is now a proper part of %s.  The configuration and"
-       " other directory names changed.  Please check that no other version"
-       " of dirmngr is still installed.  To disable this warning, remove the"
-       " directory '/etc/dirmngr'.\n", GNUPG_NAME);
-
-  if (gnupg_faked_time_p ())
-    {
-      gnupg_isotime_t tbuf;
-
-      log_info (_("WARNING: running with faked system time: "));
-      gnupg_get_isotime (tbuf);
-      dump_isotime (tbuf);
-      log_printf ("\n");
-    }
-
-  set_debug ();
-
-  /* Get LDAP server list from file. */
-#if USE_LDAP
-  if (!ldapfile)
-    {
-      ldapfile = make_filename (opt.homedir,
-                                opt.system_daemon?
-                                "ldapservers.conf":"dirmngr_ldapservers.conf",
-                                NULL);
-      opt.ldapservers = parse_ldapserver_file (ldapfile);
-      xfree (ldapfile);
-    }
-  else
-      opt.ldapservers = parse_ldapserver_file (ldapfile);
-#endif /*USE_LDAP*/
-
-#ifndef HAVE_W32_SYSTEM
-  /* We need to ignore the PIPE signal because the we might log to a
-     socket and that code handles EPIPE properly.  The ldap wrapper
-     also requires us to ignore this silly signal. Assuan would set
-     this signal to ignore anyway.*/
-  signal (SIGPIPE, SIG_IGN);
-#endif
-
-  /* Ready.  Now to our duties. */
-  if (!cmd && opt.system_service)
-    cmd = aDaemon;
-  else if (!cmd)
-    cmd = aServer;
-  rc = 0;
-
-  if (cmd == aServer)
-    {
-      /* Note that this server mode is mainly useful for debugging.  */
-      if (argc)
-        wrong_args ("--server");
-
-      if (logfile)
-        {
-          log_set_file (logfile);
-          log_set_prefix (NULL, 2|4);
-        }
-
-      if (debug_wait)
-        {
-          log_debug ("waiting for debugger - my pid is %u .....\n",
-                     (unsigned int)getpid());
-          gnupg_sleep (debug_wait);
-          log_debug ("... okay\n");
-        }
-
-#if USE_LDAP
-      ldap_wrapper_launch_thread ();
-#endif /*USE_LDAP*/
-
-      cert_cache_init ();
-      crl_cache_init ();
-      start_command_handler (ASSUAN_INVALID_FD);
-      shutdown_reaper ();
-    }
-  else if (cmd == aDaemon)
-    {
-      assuan_fd_t fd;
-      pid_t pid;
-      int len;
-      struct sockaddr_un serv_addr;
-
-      if (argc)
-        wrong_args ("--daemon");
-
-      /* Now start with logging to a file if this is desired. */
-      if (logfile)
-        {
-          log_set_file (logfile);
-          log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
-                                 |GPGRT_LOG_WITH_TIME
-                                 |GPGRT_LOG_WITH_PID));
-          current_logfile = xstrdup (logfile);
-        }
-
-#ifndef HAVE_W32_SYSTEM
-      if (strchr (socket_name, ':'))
-        {
-          log_error (_("colons are not allowed in the socket name\n"));
-          dirmngr_exit (1);
-        }
-#endif
-      fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
-      if (fd == ASSUAN_INVALID_FD)
-        {
-          log_error (_("can't create socket: %s\n"), strerror (errno));
-          cleanup ();
-          dirmngr_exit (1);
-        }
-
-#if ASSUAN_VERSION_NUMBER >= 0x020104 /* >= 2.1.4 */
-      {
-        int redirected;
-
-        if (assuan_sock_set_sockaddr_un (socket_name,
-                                         (struct sockaddr*)&serv_addr,
-                                         &redirected))
-          {
-            if (errno == ENAMETOOLONG)
-              log_error (_("socket name '%s' is too long\n"), socket_name);
-            else
-              log_error ("error preparing socket '%s': %s\n",
-                         socket_name,
-                         gpg_strerror (gpg_error_from_syserror ()));
-            dirmngr_exit (1);
-          }
-        if (redirected)
-          {
-            redir_socket_name = xstrdup (serv_addr.sun_path);
-            if (opt.verbose)
-              log_info ("redirecting socket '%s' to '%s'\n",
-                        socket_name, redir_socket_name);
-          }
-      }
-#else /* Assuan < 2.1.4 */
-      memset (&serv_addr, 0, sizeof serv_addr);
-      serv_addr.sun_family = AF_UNIX;
-      if (strlen (socket_name)+1 >= sizeof serv_addr.sun_path )
-        {
-          log_error (_("socket name '%s' is too long\n"), socket_name);
-          dirmngr_exit (1);
-        }
-      strcpy (serv_addr.sun_path, socket_name);
-#endif /* Assuan < 2.1.4 */
-
-      len = SUN_LEN (&serv_addr);
-
-      rc = assuan_sock_bind (fd, (struct sockaddr*) &serv_addr, len);
-      if (rc == -1
-          && (errno == EADDRINUSE
-#ifdef HAVE_W32_SYSTEM
-              || errno == EEXIST
-#endif
-              ))
-	{
-          /* Fixme: We should test whether a dirmngr is already running. */
-	  gnupg_remove (redir_socket_name? redir_socket_name : socket_name);
-	  rc = assuan_sock_bind (fd, (struct sockaddr*) &serv_addr, len);
-	}
-      if (rc != -1
-	  && (rc = assuan_sock_get_nonce ((struct sockaddr*) &serv_addr, len, &socket_nonce)))
-	log_error (_("error getting nonce for the socket\n"));
-      if (rc == -1)
-        {
-          log_error (_("error binding socket to '%s': %s\n"),
-                     serv_addr.sun_path,
-                     gpg_strerror (gpg_error_from_errno (errno)));
-          assuan_sock_close (fd);
-          dirmngr_exit (1);
-        }
-      cleanup_socket = 1;
-
-      if (listen (FD2INT (fd), 5) == -1)
-        {
-          log_error (_("listen() failed: %s\n"), strerror (errno));
-          assuan_sock_close (fd);
-          dirmngr_exit (1);
-        }
-
-      if (opt.verbose)
-        log_info (_("listening on socket '%s'\n"), serv_addr.sun_path);
-
-      es_fflush (NULL);
-
-      /* Note: We keep the dirmngr_info output only for the sake of
-         existing scripts which might use this to detect a successful
-         start of the dirmngr.  */
-#ifdef HAVE_W32_SYSTEM
-      (void)csh_style;
-      (void)nodetach;
-
-      pid = getpid ();
-      es_printf ("set %s=%s;%lu;1\n",
-                 DIRMNGR_INFO_NAME, socket_name, (ulong) pid);
-#else
-      pid = fork();
-      if (pid == (pid_t)-1)
-        {
-          log_fatal (_("error forking process: %s\n"), strerror (errno));
-          dirmngr_exit (1);
-        }
-
-      if (pid)
-        { /* We are the parent */
-          char *infostr;
-
-          /* Don't let cleanup() remove the socket - the child is
-             responsible for doing that.  */
-          cleanup_socket = 0;
-
-          close (fd);
-
-          /* Create the info string: :: */
-          if (asprintf (&infostr, "%s=%s:%lu:1",
-                        DIRMNGR_INFO_NAME, serv_addr.sun_path, (ulong)pid ) < 0)
-            {
-              log_error (_("out of core\n"));
-              kill (pid, SIGTERM);
-              dirmngr_exit (1);
-            }
-          /* Print the environment string, so that the caller can use
-             shell's eval to set it.  But see above.  */
-          if (csh_style)
-            {
-              *strchr (infostr, '=') = ' ';
-              es_printf ( "setenv %s;\n", infostr);
-            }
-          else
-            {
-              es_printf ( "%s; export %s;\n", infostr, DIRMNGR_INFO_NAME);
-            }
-          free (infostr);
-          exit (0);
-          /*NEVER REACHED*/
-        } /* end parent */
-
-
-      /*
-         This is the child
-       */
-
-      /* Detach from tty and put process into a new session */
-      if (!nodetach )
-        {
-          int i;
-          unsigned int oldflags;
-
-          /* Close stdin, stdout and stderr unless it is the log stream */
-          for (i=0; i <= 2; i++)
-            {
-              if (!log_test_fd (i) && i != fd )
-                close (i);
-            }
-          if (setsid() == -1)
-            {
-              log_error ("setsid() failed: %s\n", strerror(errno) );
-              dirmngr_exit (1);
-            }
-
-          log_get_prefix (&oldflags);
-          log_set_prefix (NULL, oldflags | GPGRT_LOG_RUN_DETACHED);
-          opt.running_detached = 1;
-
-          if (chdir("/"))
-            {
-              log_error ("chdir to / failed: %s\n", strerror (errno));
-              dirmngr_exit (1);
-            }
-        }
-#endif
-
-#if USE_LDAP
-      ldap_wrapper_launch_thread ();
-#endif /*USE_LDAP*/
-
-      cert_cache_init ();
-      crl_cache_init ();
-#ifdef USE_W32_SERVICE
-      if (opt.system_service)
-	{
-	  service_status.dwCurrentState = SERVICE_RUNNING;
-	  SetServiceStatus (service_handle, &service_status);
-	}
-#endif
-      handle_connections (fd);
-      assuan_sock_close (fd);
-      shutdown_reaper ();
-#ifdef USE_W32_SERVICE
-      if (opt.system_service)
-	{
-	  service_status.dwCurrentState = SERVICE_STOPPED;
-	  SetServiceStatus (service_handle, &service_status);
-	}
-#endif
-    }
-  else if (cmd == aListCRLs)
-    {
-      /* Just list the CRL cache and exit. */
-      if (argc)
-        wrong_args ("--list-crls");
-#if USE_LDAP
-      ldap_wrapper_launch_thread ();
-#endif /*USE_LDAP*/
-      crl_cache_init ();
-      crl_cache_list (es_stdout);
-    }
-  else if (cmd == aLoadCRL)
-    {
-      struct server_control_s ctrlbuf;
-
-      memset (&ctrlbuf, 0, sizeof ctrlbuf);
-      dirmngr_init_default_ctrl (&ctrlbuf);
-
-#if USE_LDAP
-      ldap_wrapper_launch_thread ();
-#endif /*USE_LDAP*/
-      cert_cache_init ();
-      crl_cache_init ();
-      if (!argc)
-        rc = crl_cache_load (&ctrlbuf, NULL);
-      else
-        {
-          for (; !rc && argc; argc--, argv++)
-            rc = crl_cache_load (&ctrlbuf, *argv);
-        }
-      dirmngr_deinit_default_ctrl (&ctrlbuf);
-    }
-  else if (cmd == aFetchCRL)
-    {
-      ksba_reader_t reader;
-      struct server_control_s ctrlbuf;
-
-      if (argc != 1)
-        wrong_args ("--fetch-crl URL");
-
-      memset (&ctrlbuf, 0, sizeof ctrlbuf);
-      dirmngr_init_default_ctrl (&ctrlbuf);
-
-#if USE_LDAP
-      ldap_wrapper_launch_thread ();
-#endif /*USE_LDAP*/
-      cert_cache_init ();
-      crl_cache_init ();
-      rc = crl_fetch (&ctrlbuf, argv[0], &reader);
-      if (rc)
-        log_error (_("fetching CRL from '%s' failed: %s\n"),
-                     argv[0], gpg_strerror (rc));
-      else
-        {
-          rc = crl_cache_insert (&ctrlbuf, argv[0], reader);
-          if (rc)
-            log_error (_("processing CRL from '%s' failed: %s\n"),
-                       argv[0], gpg_strerror (rc));
-          crl_close_reader (reader);
-        }
-      dirmngr_deinit_default_ctrl (&ctrlbuf);
-    }
-  else if (cmd == aFlush)
-    {
-      /* Delete cache and exit. */
-      if (argc)
-        wrong_args ("--flush");
-      rc = crl_cache_flush();
-    }
-  else if (cmd == aGPGConfTest)
-    dirmngr_exit (0);
-  else if (cmd == aGPGConfList)
-    {
-      unsigned long flags = 0;
-      char *filename;
-      char *filename_esc;
-
-#ifdef HAVE_W32_SYSTEM
-      /* On Windows systems, dirmngr always runs as system daemon, and
-	 the per-user configuration is never used.  So we short-cut
-	 everything to use the global system configuration of dirmngr
-	 above, and here we set the no change flag to make these
-	 read-only.  */
-      flags |= GC_OPT_FLAG_NO_CHANGE;
-#endif
-
-      /* First the configuration file.  This is not an option, but it
-	 is vital information for GPG Conf.  */
-      if (!opt.config_filename)
-        opt.config_filename = make_filename (opt.homedir,
-                                             "dirmngr.conf", NULL );
-
-      filename = percent_escape (opt.config_filename, NULL);
-      es_printf ("gpgconf-dirmngr.conf:%lu:\"%s\n",
-              GC_OPT_FLAG_DEFAULT, filename);
-      xfree (filename);
-
-      es_printf ("verbose:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("quiet:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("debug-level:%lu:\"none\n", flags | GC_OPT_FLAG_DEFAULT);
-      es_printf ("log-file:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("force:%lu:\n", flags | GC_OPT_FLAG_NONE);
-
-      /* --csh and --sh are mutually exclusive, something we can not
-         express in GPG Conf.  --options is only usable from the
-         command line, really.  --debug-all interacts with --debug,
-         and having both of them is thus problematic.  --no-detach is
-         also only usable on the command line.  --batch is unused.  */
-
-      filename = make_filename (opt.homedir,
-                                opt.system_daemon?
-                                "ldapservers.conf":"dirmngr_ldapservers.conf",
-                                NULL);
-      filename_esc = percent_escape (filename, NULL);
-      es_printf ("ldapserverlist-file:%lu:\"%s\n", flags | GC_OPT_FLAG_DEFAULT,
-	      filename_esc);
-      xfree (filename_esc);
-      xfree (filename);
-
-      es_printf ("ldaptimeout:%lu:%u\n",
-              flags | GC_OPT_FLAG_DEFAULT, DEFAULT_LDAP_TIMEOUT);
-      es_printf ("max-replies:%lu:%u\n",
-              flags | GC_OPT_FLAG_DEFAULT, DEFAULT_MAX_REPLIES);
-      es_printf ("allow-ocsp:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("ocsp-responder:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("ocsp-signer:%lu:\n", flags | GC_OPT_FLAG_NONE);
-
-      es_printf ("faked-system-time:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("no-greeting:%lu:\n", flags | GC_OPT_FLAG_NONE);
-
-      es_printf ("disable-http:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("disable-ldap:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("honor-http-proxy:%lu\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("http-proxy:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("ldap-proxy:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("only-ldap-proxy:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("ignore-ldap-dp:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("ignore-http-dp:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      es_printf ("ignore-ocsp-service-url:%lu:\n", flags | GC_OPT_FLAG_NONE);
-      /* Note: The next one is to fix a typo in gpgconf - should be
-         removed eventually. */
-      es_printf ("ignore-ocsp-servic-url:%lu:\n", flags | GC_OPT_FLAG_NONE);
-    }
-  cleanup ();
-  return !!rc;
-}
-
-
-#ifdef USE_W32_SERVICE
-static void WINAPI
-call_real_main (DWORD argc, LPSTR *argv)
-{
-  real_main (argc, argv);
-}
-
-int
-main (int argc, char *argv[])
-{
-  int i;
-
-  /* Find out if we run in daemon mode or on the command line.  */
-  for (i = 1; i < argc; i++)
-    if (!strcmp (argv[i], "--service"))
-      {
-	opt.system_service = 1;
-	opt.system_daemon = 1;
-	break;
-      }
-
-  if (!opt.system_service)
-    return real_main (argc, argv);
-  else
-    {
-      SERVICE_TABLE_ENTRY DispatchTable [] =
-	{
-	  { "DirMngr", &call_real_main },
-	  { NULL, NULL }
-	};
-
-      if (!StartServiceCtrlDispatcher (DispatchTable))
-        return 1;
-      return 0;
-    }
-}
-#endif /*USE_W32_SERVICE*/
-
-
-static void
-cleanup (void)
-{
-  crl_cache_deinit ();
-  cert_cache_deinit (1);
-
-#if USE_LDAP
-  ldapserver_list_free (opt.ldapservers);
-#endif /*USE_LDAP*/
-  opt.ldapservers = NULL;
-
-  if (cleanup_socket)
-    {
-      cleanup_socket = 0;
-      if (redir_socket_name)
-        gnupg_remove (redir_socket_name);
-      else if (socket_name && *socket_name)
-        gnupg_remove (socket_name);
-    }
-}
-
-
-void
-dirmngr_exit (int rc)
-{
-  cleanup ();
-  exit (rc);
-}
-
-
-void
-dirmngr_init_default_ctrl (ctrl_t ctrl)
-{
-  if (opt.http_proxy)
-    ctrl->http_proxy = xstrdup (opt.http_proxy);
-}
-
-
-void
-dirmngr_deinit_default_ctrl (ctrl_t ctrl)
-{
-  if (!ctrl)
-    return;
-  xfree (ctrl->http_proxy);
-  ctrl->http_proxy = NULL;
-}
-
-
-/* Create a list of LDAP servers from the file FILENAME. Returns the
-   list or NULL in case of errors.
-
-   The format fo such a file is line oriented where empty lines and
-   lines starting with a hash mark are ignored.  All other lines are
-   assumed to be colon seprated with these fields:
-
-   1. field: Hostname
-   2. field: Portnumber
-   3. field: Username
-   4. field: Password
-   5. field: Base DN
-
-*/
-#if USE_LDAP
-static ldap_server_t
-parse_ldapserver_file (const char* filename)
-{
-  char buffer[1024];
-  char *p;
-  ldap_server_t server, serverstart, *serverend;
-  int c;
-  unsigned int lineno = 0;
-  estream_t fp;
-
-  fp = es_fopen (filename, "r");
-  if (!fp)
-    {
-      log_error (_("error opening '%s': %s\n"), filename, strerror (errno));
-      return NULL;
-    }
-
-  serverstart = NULL;
-  serverend = &serverstart;
-  while (es_fgets (buffer, sizeof buffer, fp))
-    {
-      lineno++;
-      if (!*buffer || buffer[strlen(buffer)-1] != '\n')
-        {
-          if (*buffer && es_feof (fp))
-            ; /* Last line not terminated - continue. */
-          else
-            {
-              log_error (_("%s:%u: line too long - skipped\n"),
-                         filename, lineno);
-              while ( (c=es_fgetc (fp)) != EOF && c != '\n')
-                ; /* Skip until end of line. */
-              continue;
-            }
-        }
-      /* Skip empty and comment lines.*/
-      for (p=buffer; spacep (p); p++)
-        ;
-      if (!*p || *p == '\n' || *p == '#')
-        continue;
-
-      /* Parse the colon separated fields. */
-      server = ldapserver_parse_one (buffer, filename, lineno);
-      if (server)
-        {
-          *serverend = server;
-          serverend = &server->next;
-        }
-    }
-
-  if (es_ferror (fp))
-    log_error (_("error reading '%s': %s\n"), filename, strerror (errno));
-  es_fclose (fp);
-
-  return serverstart;
-}
-#endif /*USE_LDAP*/
-
-static fingerprint_list_t
-parse_ocsp_signer (const char *string)
-{
-  gpg_error_t err;
-  char *fname;
-  estream_t fp;
-  char line[256];
-  char *p;
-  fingerprint_list_t list, *list_tail, item;
-  unsigned int lnr = 0;
-  int c, i, j;
-  int errflag = 0;
-
-
-  /* Check whether this is not a filename and treat it as a direct
-     fingerprint specification.  */
-  if (!strpbrk (string, "/.~\\"))
-    {
-      item = xcalloc (1, sizeof *item);
-      for (i=j=0; (string[i] == ':' || hexdigitp (string+i)) && j < 40; i++)
-        if ( string[i] != ':' )
-          item->hexfpr[j++] = string[i] >= 'a'? (string[i] & 0xdf): string[i];
-      item->hexfpr[j] = 0;
-      if (j != 40 || !(spacep (string+i) || !string[i]))
-        {
-          log_error (_("%s:%u: invalid fingerprint detected\n"),
-                     "--ocsp-signer", 0);
-          xfree (item);
-          return NULL;
-        }
-      return item;
-    }
-
-  /* Well, it is a filename.  */
-  if (*string == '/' || (*string == '~' && string[1] == '/'))
-    fname = make_filename (string, NULL);
-  else
-    {
-      if (string[0] == '.' && string[1] == '/' )
-        string += 2;
-      fname = make_filename (opt.homedir, string, NULL);
-    }
-
-  fp = es_fopen (fname, "r");
-  if (!fp)
-    {
-      err = gpg_error_from_syserror ();
-      log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
-      xfree (fname);
-      return NULL;
-    }
-
-  list = NULL;
-  list_tail = &list;
-  for (;;)
-    {
-      if (!es_fgets (line, DIM(line)-1, fp) )
-        {
-          if (!es_feof (fp))
-            {
-              err = gpg_error_from_syserror ();
-              log_error (_("%s:%u: read error: %s\n"),
-                         fname, lnr, gpg_strerror (err));
-              errflag = 1;
-            }
-          es_fclose (fp);
-          if (errflag)
-            {
-              while (list)
-                {
-                  fingerprint_list_t tmp = list->next;
-                  xfree (list);
-                  list = tmp;
-                }
-            }
-          xfree (fname);
-          return list; /* Ready.  */
-        }
-
-      lnr++;
-      if (!*line || line[strlen(line)-1] != '\n')
-        {
-          /* Eat until end of line. */
-          while ( (c=es_getc (fp)) != EOF && c != '\n')
-            ;
-          err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG
-                           /* */: GPG_ERR_INCOMPLETE_LINE);
-          log_error (_("%s:%u: read error: %s\n"),
-                     fname, lnr, gpg_strerror (err));
-          errflag = 1;
-          continue;
-        }
-
-      /* Allow for empty lines and spaces */
-      for (p=line; spacep (p); p++)
-        ;
-      if (!*p || *p == '\n' || *p == '#')
-        continue;
-
-      item = xcalloc (1, sizeof *item);
-      *list_tail = item;
-      list_tail = &item->next;
-
-      for (i=j=0; (p[i] == ':' || hexdigitp (p+i)) && j < 40; i++)
-        if ( p[i] != ':' )
-          item->hexfpr[j++] = p[i] >= 'a'? (p[i] & 0xdf): p[i];
-      item->hexfpr[j] = 0;
-      if (j != 40 || !(spacep (p+i) || p[i] == '\n'))
-        {
-          log_error (_("%s:%u: invalid fingerprint detected\n"), fname, lnr);
-          errflag = 1;
-        }
-      i++;
-      while (spacep (p+i))
-        i++;
-      if (p[i] && p[i] != '\n')
-        log_info (_("%s:%u: garbage at end of line ignored\n"), fname, lnr);
-    }
-  /*NOTREACHED*/
-}
-
-
-
-
-/*
-   Stuff used in daemon mode.
- */
-
-
-
-/* Reread parts of the configuration.  Note, that this function is
-   obviously not thread-safe and should only be called from the NPTH
-   signal handler.
-
-   Fixme: Due to the way the argument parsing works, we create a
-   memory leak here for all string type arguments.  There is currently
-   no clean way to tell whether the memory for the argument has been
-   allocated or points into the process' original arguments.  Unless
-   we have a mechanism to tell this, we need to live on with this. */
-static void
-reread_configuration (void)
-{
-  ARGPARSE_ARGS pargs;
-  FILE *fp;
-  unsigned int configlineno = 0;
-  int dummy;
-
-  if (!opt.config_filename)
-    return; /* No config file. */
-
-  fp = fopen (opt.config_filename, "r");
-  if (!fp)
-    {
-      log_error (_("option file '%s': %s\n"),
-                 opt.config_filename, strerror(errno) );
-      return;
-    }
-
-  parse_rereadable_options (NULL, 1); /* Start from the default values. */
-
-  memset (&pargs, 0, sizeof pargs);
-  dummy = 0;
-  pargs.argc = &dummy;
-  pargs.flags = 1;  /* do not remove the args */
-  while (optfile_parse (fp, opt.config_filename, &configlineno, &pargs, opts) )
-    {
-      if (pargs.r_opt < -1)
-        pargs.err = 1; /* Print a warning. */
-      else /* Try to parse this option - ignore unchangeable ones. */
-        parse_rereadable_options (&pargs, 1);
-    }
-  fclose (fp);
-
-  set_debug ();
-}
-
-
-/* A global function which allows us to trigger the reload stuff from
-   other places.  */
-void
-dirmngr_sighup_action (void)
-{
-  log_info (_("SIGHUP received - "
-              "re-reading configuration and flushing caches\n"));
-  reread_configuration ();
-  cert_cache_deinit (0);
-  crl_cache_deinit ();
-  cert_cache_init ();
-  crl_cache_init ();
-}
-
-
-
-/* The signal handler. */
-#ifndef HAVE_W32_SYSTEM
-static void
-handle_signal (int signo)
-{
-  switch (signo)
-    {
-    case SIGHUP:
-      dirmngr_sighup_action ();
-      break;
-
-    case SIGUSR1:
-      cert_cache_print_stats ();
-      break;
-
-    case SIGUSR2:
-      log_info (_("SIGUSR2 received - no action defined\n"));
-      break;
-
-    case SIGTERM:
-      if (!shutdown_pending)
-        log_info (_("SIGTERM received - shutting down ...\n"));
-      else
-        log_info (_("SIGTERM received - still %d active connections\n"),
-                  active_connections);
-      shutdown_pending++;
-      if (shutdown_pending > 2)
-        {
-          log_info (_("shutdown forced\n"));
-          log_info ("%s %s stopped\n", strusage(11), strusage(13) );
-          cleanup ();
-          dirmngr_exit (0);
-	}
-      break;
-
-    case SIGINT:
-      log_info (_("SIGINT received - immediate shutdown\n"));
-      log_info( "%s %s stopped\n", strusage(11), strusage(13));
-      cleanup ();
-      dirmngr_exit (0);
-      break;
-
-    default:
-      log_info (_("signal %d received - no action defined\n"), signo);
-    }
-}
-#endif /*!HAVE_W32_SYSTEM*/
-
-
-/* Thread to do the housekeeping.  */
-static void *
-housekeeping_thread (void *arg)
-{
-  static int sentinel;
-  time_t curtime;
-
-  (void)arg;
-
-  curtime = gnupg_get_time ();
-  if (sentinel)
-    {
-      log_info ("housekeeping is already going on\n");
-      return NULL;
-    }
-  sentinel++;
-  if (opt.verbose)
-    log_info ("starting housekeeping\n");
-
-  ks_hkp_housekeeping (curtime);
-
-  if (opt.verbose)
-    log_info ("ready with housekeeping\n");
-  sentinel--;
-  return NULL;
-
-}
-
-
-#if GPGRT_GCC_HAVE_PUSH_PRAGMA
-# pragma GCC push_options
-# pragma GCC optimize ("no-strict-overflow")
-#endif
-static int
-time_for_housekeeping_p (time_t curtime)
-{
-  static time_t last_housekeeping;
-
-  if (!last_housekeeping)
-    last_housekeeping = curtime;
-
-  if (last_housekeeping + HOUSEKEEPING_INTERVAL <= curtime
-      || last_housekeeping > curtime /*(be prepared for y2038)*/)
-    {
-      last_housekeeping = curtime;
-      return 1;
-    }
-  return 0;
-}
-#if GPGRT_GCC_HAVE_PUSH_PRAGMA
-# pragma GCC pop_options
-#endif
-
-
-/* This is the worker for the ticker.  It is called every few seconds
-   and may only do fast operations. */
-static void
-handle_tick (void)
-{
-  /* Under Windows we don't use signals and need a way for the loop to
-     check for the shutdown flag.  */
-#ifdef HAVE_W32_SYSTEM
-  if (shutdown_pending)
-    log_info (_("SIGTERM received - shutting down ...\n"));
-  if (shutdown_pending > 2)
-    {
-      log_info (_("shutdown forced\n"));
-      log_info ("%s %s stopped\n", strusage(11), strusage(13) );
-      cleanup ();
-      dirmngr_exit (0);
-    }
-#endif /*HAVE_W32_SYSTEM*/
-
-  if (time_for_housekeeping_p (gnupg_get_time ()))
-    {
-      npth_t thread;
-      npth_attr_t tattr;
-      int err;
-
-      err = npth_attr_init (&tattr);
-      if (err)
-        log_error ("error preparing housekeeping thread: %s\n", strerror (err));
-      else
-        {
-          npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
-          err = npth_create (&thread, &tattr, housekeeping_thread, NULL);
-          if (err)
-            log_error ("error spawning housekeeping thread: %s\n",
-                       strerror (err));
-          npth_attr_destroy (&tattr);
-        }
-    }
-}
-
-
-/* Check the nonce on a new connection.  This is a NOP unless we are
-   using our Unix domain socket emulation under Windows.  */
-static int
-check_nonce (assuan_fd_t fd, assuan_sock_nonce_t *nonce)
-{
-  if (assuan_sock_check_nonce (fd, nonce))
-    {
-      log_info (_("error reading nonce on fd %d: %s\n"),
-                FD2INT (fd), strerror (errno));
-      assuan_sock_close (fd);
-      return -1;
-    }
-  else
-    return 0;
-}
-
-
-/* Helper to call a connection's main fucntion. */
-static void *
-start_connection_thread (void *arg)
-{
-  union int_and_ptr_u argval;
-  gnupg_fd_t fd;
-
-  memset (&argval, 0, sizeof argval);
-  argval.aptr = arg;
-  fd = argval.afd;
-
-  if (check_nonce (fd, &socket_nonce))
-    {
-      log_error ("handler nonce check FAILED\n");
-      return NULL;
-    }
-
-#ifndef HAVE_W32_SYSTEM
-  npth_setspecific (my_tlskey_current_fd, argval.aptr);
-#endif
-
-  active_connections++;
-  if (opt.verbose)
-    log_info (_("handler for fd %d started\n"), FD2INT (fd));
-
-  start_command_handler (fd);
-
-  if (opt.verbose)
-    log_info (_("handler for fd %d terminated\n"), FD2INT (fd));
-  active_connections--;
-
-#ifndef HAVE_W32_SYSTEM
-  argval.afd = ASSUAN_INVALID_FD;
-  npth_setspecific (my_tlskey_current_fd, argval.aptr);
-#endif
-
-  return NULL;
-}
-
-
-/* Main loop in daemon mode. */
-static void
-handle_connections (assuan_fd_t listen_fd)
-{
-  npth_attr_t tattr;
-#ifndef HAVE_W32_SYSTEM
-  int signo;
-#endif
-  struct sockaddr_un paddr;
-  socklen_t plen = sizeof( paddr );
-  gnupg_fd_t fd;
-  int nfd, ret;
-  fd_set fdset, read_fdset;
-  struct timespec abstime;
-  struct timespec curtime;
-  struct timespec timeout;
-  int saved_errno;
-
-  npth_attr_init (&tattr);
-  npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
-
-#ifndef HAVE_W32_SYSTEM /* FIXME */
-  npth_sigev_init ();
-  npth_sigev_add (SIGHUP);
-  npth_sigev_add (SIGUSR1);
-  npth_sigev_add (SIGUSR2);
-  npth_sigev_add (SIGINT);
-  npth_sigev_add (SIGTERM);
-  npth_sigev_fini ();
-#endif
-
-  /* Setup the fdset.  It has only one member.  This is because we use
-     pth_select instead of pth_accept to properly sync timeouts with
-     to full second.  */
-  FD_ZERO (&fdset);
-  FD_SET (FD2INT (listen_fd), &fdset);
-  nfd = FD2INT (listen_fd);
-
-  npth_clock_gettime (&abstime);
-  abstime.tv_sec += TIMERTICK_INTERVAL;
-
-  /* Main loop.  */
-  for (;;)
-    {
-      /* Shutdown test.  */
-      if (shutdown_pending)
-        {
-          if (!active_connections)
-            break; /* ready */
-
-          /* Do not accept new connections but keep on running the
-             loop to cope with the timer events.  */
-          FD_ZERO (&fdset);
-	}
-
-      /* Take a copy of the fdset.  */
-      read_fdset = fdset;
-
-      npth_clock_gettime (&curtime);
-      if (!(npth_timercmp (&curtime, &abstime, <)))
-	{
-	  /* Timeout.  */
-	  handle_tick ();
-	  npth_clock_gettime (&abstime);
-	  abstime.tv_sec += TIMERTICK_INTERVAL;
-	}
-      npth_timersub (&abstime, &curtime, &timeout);
-
-#ifndef HAVE_W32_SYSTEM
-      ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, npth_sigev_sigmask());
-      saved_errno = errno;
-
-      while (npth_sigev_get_pending(&signo))
-	handle_signal (signo);
-#else
-      ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, NULL, NULL);
-      saved_errno = errno;
-#endif
-
-      if (ret == -1 && saved_errno != EINTR)
-	{
-          log_error (_("npth_pselect failed: %s - waiting 1s\n"),
-                     strerror (saved_errno));
-          npth_sleep (1);
-          continue;
-	}
-
-      if (ret <= 0)
-	/* Interrupt or timeout.  Will be handled when calculating the
-	   next timeout.  */
-	continue;
-
-      if (!shutdown_pending && FD_ISSET (FD2INT (listen_fd), &read_fdset))
-	{
-          plen = sizeof paddr;
-	  fd = INT2FD (npth_accept (FD2INT(listen_fd),
-				    (struct sockaddr *)&paddr, &plen));
-	  if (fd == GNUPG_INVALID_FD)
-	    {
-	      log_error ("accept failed: %s\n", strerror (errno));
-	    }
-          else
-            {
-              char threadname[50];
-              union int_and_ptr_u argval;
-	      npth_t thread;
-
-              memset (&argval, 0, sizeof argval);
-              argval.afd = fd;
-              snprintf (threadname, sizeof threadname-1,
-                        "conn fd=%d", FD2INT(fd));
-              threadname[sizeof threadname -1] = 0;
-
-              ret = npth_create (&thread, &tattr,
-                                 start_connection_thread, argval.aptr);
-	      if (ret)
-                {
-                  log_error ("error spawning connection handler: %s\n",
-                             strerror (ret) );
-                  assuan_sock_close (fd);
-                }
-	      npth_setname_np (thread, threadname);
-            }
-          fd = GNUPG_INVALID_FD;
-	}
-    }
-
-  npth_attr_destroy (&tattr);
-  cleanup ();
-  log_info ("%s %s stopped\n", strusage(11), strusage(13));
-}
diff -Nru gnupg2-2.1.6/dirmngr/dirmngr-client.c gnupg2-2.0.28/dirmngr/dirmngr-client.c
--- gnupg2-2.1.6/dirmngr/dirmngr-client.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/dirmngr-client.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,1032 +0,0 @@
-/* dirmngr-client.c  -  A client for the dirmngr daemon
- *	Copyright (C) 2004, 2007 g10 Code GmbH
- *	Copyright (C) 2002, 2003 Free Software Foundation, Inc.
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include 
-#include 
-
-#include "../common/logging.h"
-#include "../common/argparse.h"
-#include "../common/stringhelp.h"
-#include "../common/mischelp.h"
-#include "../common/strlist.h"
-
-#include "i18n.h"
-#include "util.h"
-#include "init.h"
-
-
-/* Constants for the options.  */
-enum
-  {
-    oQuiet	  = 'q',
-    oVerbose	  = 'v',
-    oLocal        = 'l',
-    oUrl          = 'u',
-
-    oOCSP         = 500,
-    oPing,
-    oCacheCert,
-    oValidate,
-    oLookup,
-    oLoadCRL,
-    oSquidMode,
-    oPEM,
-    oEscapedPEM,
-    oForceDefaultResponder
-  };
-
-
-/* The list of options as used by the argparse.c code.  */
-static ARGPARSE_OPTS opts[] = {
-  { oVerbose,  "verbose",   0, N_("verbose") },
-  { oQuiet,    "quiet",     0, N_("be somewhat more quiet") },
-  { oOCSP,     "ocsp",      0, N_("use OCSP instead of CRLs") },
-  { oPing,     "ping",      0, N_("check whether a dirmngr is running")},
-  { oCacheCert,"cache-cert",0, N_("add a certificate to the cache")},
-  { oValidate, "validate",  0, N_("validate a certificate")},
-  { oLookup,   "lookup",    0, N_("lookup a certificate")},
-  { oLocal,    "local",     0, N_("lookup only locally stored certificates")},
-  { oUrl,      "url",       0, N_("expect an URL for --lookup")},
-  { oLoadCRL,  "load-crl",  0, N_("load a CRL into the dirmngr")},
-  { oSquidMode,"squid-mode",0, N_("special mode for use by Squid")},
-  { oPEM,      "pem",       0, N_("expect certificates in PEM format")},
-  { oForceDefaultResponder, "force-default-responder", 0,
-    N_("force the use of the default OCSP responder")},
-  { 0, NULL, 0, NULL }
-};
-
-
-/* The usual structure for the program flags.  */
-static struct
-{
-  int quiet;
-  int verbose;
-  const char *dirmngr_program;
-  int force_pipe_server;
-  int force_default_responder;
-  int pem;
-  int escaped_pem; /* PEM is additional percent encoded.  */
-  int url;         /* Expect an URL.  */
-  int local;       /* Lookup up only local certificates.  */
-
-  int use_ocsp;
-} opt;
-
-
-/* Communication structure for the certificate inquire callback. */
-struct inq_cert_parm_s
-{
-  assuan_context_t ctx;
-  const unsigned char *cert;
-  size_t certlen;
-};
-
-
-/* Base64 conversion tables. */
-static unsigned char bintoasc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-                                  "abcdefghijklmnopqrstuvwxyz"
-			          "0123456789+/";
-static unsigned char asctobin[256]; /* runtime initialized */
-
-
-/* Prototypes.  */
-static assuan_context_t start_dirmngr (int only_daemon);
-static gpg_error_t read_certificate (const char *fname,
-                                     unsigned char **rbuf, size_t *rbuflen);
-static gpg_error_t do_check (assuan_context_t ctx,
-                             const unsigned char *cert, size_t certlen);
-static gpg_error_t do_cache (assuan_context_t ctx,
-                             const unsigned char *cert, size_t certlen);
-static gpg_error_t do_validate (assuan_context_t ctx,
-                                const unsigned char *cert, size_t certlen);
-static gpg_error_t do_loadcrl (assuan_context_t ctx, const char *filename);
-static gpg_error_t do_lookup (assuan_context_t ctx, const char *pattern);
-static gpg_error_t squid_loop_body (assuan_context_t ctx);
-
-
-
-/* Function called by argparse.c to display information.  */
-static const char *
-my_strusage (int level)
-{
-  const char *p;
-
-  switch(level)
-    {
-    case 11: p = "dirmngr-client (@GNUPG@)";
-      break;
-    case 13: p = VERSION; break;
-    case 17: p = PRINTABLE_OS_NAME; break;
-    case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
-    case 49: p = PACKAGE_BUGREPORT; break;
-    case 1:
-    case 40: p =
-                 _("Usage: dirmngr-client [options] "
-                   "[certfile|pattern] (-h for help)\n");
-      break;
-    case 41: p =
-          _("Syntax: dirmngr-client [options] [certfile|pattern]\n"
-            "Test an X.509 certificate against a CRL or do an OCSP check\n"
-            "The process returns 0 if the certificate is valid, 1 if it is\n"
-            "not valid and other error codes for general failures\n");
-      break;
-
-    default: p = NULL;
-    }
-  return p;
-}
-
-
-
-int
-main (int argc, char **argv )
-{
-  ARGPARSE_ARGS pargs;
-  assuan_context_t ctx;
-  gpg_error_t err;
-  unsigned char *certbuf;
-  size_t certbuflen = 0;
-  int cmd_ping = 0;
-  int cmd_cache_cert = 0;
-  int cmd_validate = 0;
-  int cmd_lookup = 0;
-  int cmd_loadcrl = 0;
-  int cmd_squid_mode = 0;
-
-  early_system_init ();
-  set_strusage (my_strusage);
-  log_set_prefix ("dirmngr-client",
-                  GPGRT_LOG_WITH_PREFIX);
-
-  /* For W32 we need to initialize the socket subsystem.  Becuase we
-     don't use Pth we need to do this explicit. */
-#ifdef HAVE_W32_SYSTEM
- {
-   WSADATA wsadat;
-
-   WSAStartup (0x202, &wsadat);
- }
-#endif /*HAVE_W32_SYSTEM*/
-
-  /* Init Assuan.  */
-  assuan_set_assuan_log_prefix (log_get_prefix (NULL));
-  assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
-
-  /* Setup I18N. */
-  i18n_init();
-
-  /* Parse the command line.  */
-  pargs.argc = &argc;
-  pargs.argv = &argv;
-  pargs.flags= 1;  /* Do not remove the args. */
-  while (arg_parse (&pargs, opts) )
-    {
-      switch (pargs.r_opt)
-        {
-        case oVerbose: opt.verbose++; break;
-        case oQuiet: opt.quiet++; break;
-
-        case oOCSP: opt.use_ocsp++; break;
-        case oPing: cmd_ping = 1; break;
-        case oCacheCert: cmd_cache_cert = 1; break;
-        case oValidate: cmd_validate = 1; break;
-        case oLookup: cmd_lookup = 1; break;
-        case oUrl: opt.url = 1; break;
-        case oLocal: opt.local = 1; break;
-        case oLoadCRL: cmd_loadcrl = 1; break;
-        case oPEM: opt.pem = 1; break;
-        case oSquidMode:
-          opt.pem = 1;
-          opt.escaped_pem = 1;
-          cmd_squid_mode = 1;
-          break;
-        case oForceDefaultResponder: opt.force_default_responder = 1; break;
-
-        default : pargs.err = 2; break;
-	}
-    }
-  if (log_get_errorcount (0))
-    exit (2);
-
-  /* Build the helptable for radix64 to bin conversion. */
-  if (opt.pem)
-    {
-      int i;
-      unsigned char *s;
-
-      for (i=0; i < 256; i++ )
-        asctobin[i] = 255; /* Used to detect invalid characters. */
-      for (s=bintoasc, i=0; *s; s++, i++)
-        asctobin[*s] = i;
-    }
-
-
-  if (cmd_ping)
-    err = 0;
-  else if (cmd_lookup || cmd_loadcrl)
-    {
-      if (!argc)
-        usage (1);
-      err = 0;
-    }
-  else if (cmd_squid_mode)
-    {
-      err = 0;
-      if (argc)
-        usage (1);
-    }
-  else if (!argc)
-    {
-      err = read_certificate (NULL, &certbuf, &certbuflen);
-      if (err)
-        log_error (_("error reading certificate from stdin: %s\n"),
-                   gpg_strerror (err));
-    }
-  else if (argc == 1)
-    {
-      err = read_certificate (*argv, &certbuf, &certbuflen);
-      if (err)
-        log_error (_("error reading certificate from '%s': %s\n"),
-                   *argv, gpg_strerror (err));
-    }
-  else
-    {
-      err = 0;
-      usage (1);
-    }
-
-  if (log_get_errorcount (0))
-    exit (2);
-
-  if (certbuflen > 20000)
-    {
-      log_error (_("certificate too large to make any sense\n"));
-      exit (2);
-    }
-
-  ctx = start_dirmngr (1);
-  if (!ctx)
-    exit (2);
-
-  if (cmd_ping)
-    ;
-  else if (cmd_squid_mode)
-    {
-      while (!(err = squid_loop_body (ctx)))
-        ;
-      if (gpg_err_code (err) == GPG_ERR_EOF)
-        err = 0;
-    }
-  else if (cmd_lookup)
-    {
-      int last_err = 0;
-
-      for (; argc; argc--, argv++)
-        {
-          err = do_lookup (ctx, *argv);
-          if (err)
-            {
-              log_error (_("lookup failed: %s\n"), gpg_strerror (err));
-              last_err = err;
-            }
-        }
-      err = last_err;
-    }
-  else if (cmd_loadcrl)
-    {
-      int last_err = 0;
-
-      for (; argc; argc--, argv++)
-        {
-          err = do_loadcrl (ctx, *argv);
-          if (err)
-            {
-              log_error (_("loading CRL '%s' failed: %s\n"),
-                         *argv, gpg_strerror (err));
-              last_err = err;
-            }
-        }
-      err = last_err;
-    }
-  else if (cmd_cache_cert)
-    {
-      err = do_cache (ctx, certbuf, certbuflen);
-      xfree (certbuf);
-    }
-  else if (cmd_validate)
-    {
-      err = do_validate (ctx, certbuf, certbuflen);
-      xfree (certbuf);
-    }
-  else
-    {
-      err = do_check (ctx, certbuf, certbuflen);
-      xfree (certbuf);
-    }
-
-  assuan_release (ctx);
-
-  if (cmd_ping)
-    {
-      if (!opt.quiet)
-        log_info (_("a dirmngr daemon is up and running\n"));
-      return 0;
-    }
-  else if (cmd_lookup|| cmd_loadcrl || cmd_squid_mode)
-    return err? 1:0;
-  else if (cmd_cache_cert)
-    {
-      if (err && gpg_err_code (err) == GPG_ERR_DUP_VALUE )
-        {
-          if (!opt.quiet)
-            log_info (_("certificate already cached\n"));
-        }
-      else if (err)
-        {
-          log_error (_("error caching certificate: %s\n"),
-                     gpg_strerror (err));
-          return 1;
-        }
-      return 0;
-    }
-  else if (cmd_validate && err)
-    {
-      log_error (_("validation of certificate failed: %s\n"),
-                 gpg_strerror (err));
-      return 1;
-    }
-  else if (!err)
-    {
-      if (!opt.quiet)
-        log_info (_("certificate is valid\n"));
-      return 0;
-    }
-  else if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED )
-    {
-      if (!opt.quiet)
-        log_info (_("certificate has been revoked\n"));
-      return 1;
-    }
-  else
-    {
-      log_error (_("certificate check failed: %s\n"), gpg_strerror (err));
-      return 2;
-    }
-}
-
-
-/* Print status line from the assuan protocol.  */
-static gpg_error_t
-status_cb (void *opaque, const char *line)
-{
-  (void)opaque;
-
-  if (opt.verbose > 2)
-    log_info (_("got status: '%s'\n"), line);
-  return 0;
-}
-
-/* Print data as retrieved by the lookup function.  */
-static gpg_error_t
-data_cb (void *opaque, const void *buffer, size_t length)
-{
-  gpg_error_t err;
-  struct b64state *state = opaque;
-
-  if (buffer)
-    {
-      err = b64enc_write (state, buffer, length);
-      if (err)
-        log_error (_("error writing base64 encoding: %s\n"),
-                   gpg_strerror (err));
-    }
-  return 0;
-}
-
-
-/* Try to connect to the dirmngr via socket or fork it off and work by
-   pipes.  Handle the server's initial greeting */
-static assuan_context_t
-start_dirmngr (int only_daemon)
-{
-  int rc;
-  char *infostr, *p;
-  assuan_context_t ctx;
-  int try_default = 0;
-
-  infostr = opt.force_pipe_server? NULL : getenv (DIRMNGR_INFO_NAME);
-  if (only_daemon && (!infostr || !*infostr))
-    {
-      if (dirmngr_user_socket_name ())
-        infostr = xstrdup (dirmngr_user_socket_name ());
-      else
-        infostr = xstrdup (dirmngr_sys_socket_name ());
-      try_default = 1;
-    }
-
-  rc = assuan_new (&ctx);
-  if (rc)
-    {
-      log_error (_("failed to allocate assuan context: %s\n"),
-                 gpg_strerror (rc));
-      return NULL;
-    }
-
-  if (!infostr || !*infostr)
-    {
-      const char *pgmname;
-      const char *argv[3];
-      assuan_fd_t no_close_list[3];
-      int i;
-
-      if (only_daemon)
-        {
-          log_error (_("apparently no running dirmngr\n"));
-          return NULL;
-        }
-
-      if (opt.verbose)
-        log_info (_("no running dirmngr - starting one\n"));
-
-      if (!opt.dirmngr_program || !*opt.dirmngr_program)
-        opt.dirmngr_program = "./dirmngr";
-      if ( !(pgmname = strrchr (opt.dirmngr_program, '/')))
-        pgmname = opt.dirmngr_program;
-      else
-        pgmname++;
-
-      argv[0] = pgmname;
-      argv[1] = "--server";
-      argv[2] = NULL;
-
-      i=0;
-      if (log_get_fd () != -1)
-        no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
-      no_close_list[i++] = assuan_fd_from_posix_fd (es_fileno (es_stderr));
-      no_close_list[i] = ASSUAN_INVALID_FD;
-
-      /* Connect to the agent and perform initial handshaking.  */
-      rc = assuan_pipe_connect (ctx, opt.dirmngr_program, argv,
-                                no_close_list, NULL, NULL, 0);
-    }
-  else /* Connect to a daemon.  */
-    {
-      int prot;
-      int pid;
-
-      infostr = xstrdup (infostr);
-      if (!try_default && *infostr)
-        {
-          if ( !(p = strchr (infostr, ':')) || p == infostr)
-            {
-              log_error (_("malformed %s environment variable\n"),
-                         DIRMNGR_INFO_NAME);
-              xfree (infostr);
-              if (only_daemon)
-                return NULL;
-              /* Try again by starting a new instance.  */
-              opt.force_pipe_server = 1;
-              return start_dirmngr (0);
-            }
-          *p++ = 0;
-          pid = atoi (p);
-          while (*p && *p != ':')
-            p++;
-          prot = *p? atoi (p+1) : 0;
-          if (prot != 1)
-            {
-              log_error (_("dirmngr protocol version %d is not supported\n"),
-                         prot);
-              xfree (infostr);
-              if (only_daemon)
-                return NULL;
-              opt.force_pipe_server = 1;
-              return start_dirmngr (0);
-            }
-        }
-      else
-        pid = -1;
-
-      rc = assuan_socket_connect (ctx, infostr, pid, 0);
-      xfree (infostr);
-      if (gpg_err_code(rc) == GPG_ERR_ASS_CONNECT_FAILED && !only_daemon)
-        {
-          log_error (_("can't connect to the dirmngr - trying fall back\n"));
-          opt.force_pipe_server = 1;
-          return start_dirmngr (0);
-        }
-    }
-
-  if (rc)
-    {
-      assuan_release (ctx);
-      log_error (_("can't connect to the dirmngr: %s\n"),
-                 gpg_strerror (rc));
-      return NULL;
-    }
-
-  return ctx;
-}
-
-
-/* Read the first PEM certificate from the file FNAME.  If fname is
-   NULL the next certificate is read from stdin.  The certificate is
-   returned in an alloced buffer whose address will be returned in
-   RBUF and its length in RBUFLEN.  */
-static gpg_error_t
-read_pem_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
-{
-  FILE *fp;
-  int c;
-  int pos;
-  int value;
-  unsigned char *buf;
-  size_t bufsize, buflen;
-  enum {
-    s_init, s_idle, s_lfseen, s_begin,
-    s_b64_0, s_b64_1, s_b64_2, s_b64_3,
-    s_waitend
-  } state = s_init;
-
-  fp = fname? fopen (fname, "r") : stdin;
-  if (!fp)
-    return gpg_error_from_errno (errno);
-
-  pos = 0;
-  value = 0;
-  bufsize = 8192;
-  buf = xmalloc (bufsize);
-  buflen = 0;
-  while ((c=getc (fp)) != EOF)
-    {
-      int escaped_c = 0;
-
-      if (opt.escaped_pem)
-        {
-          if (c == '%')
-            {
-              char tmp[2];
-              if ((c = getc(fp)) == EOF)
-                break;
-              tmp[0] = c;
-              if ((c = getc(fp)) == EOF)
-                break;
-              tmp[1] = c;
-              if (!hexdigitp (tmp) || !hexdigitp (tmp+1))
-                {
-                  log_error ("invalid percent escape sequence\n");
-                  state = s_idle; /* Force an error. */
-                  /* Skip to end of line.  */
-                  while ( (c=getc (fp)) != EOF && c != '\n')
-                    ;
-                  goto ready;
-                }
-              c = xtoi_2 (tmp);
-              escaped_c = 1;
-            }
-          else if (c == '\n')
-            goto ready; /* Ready.  */
-        }
-      switch (state)
-        {
-        case s_idle:
-          if (c == '\n')
-            {
-              state = s_lfseen;
-              pos = 0;
-            }
-          break;
-        case s_init:
-          state = s_lfseen;
-        case s_lfseen:
-          if (c != "-----BEGIN "[pos])
-            state = s_idle;
-          else if (pos == 10)
-            state = s_begin;
-          else
-            pos++;
-          break;
-        case s_begin:
-          if (c == '\n')
-            state = s_b64_0;
-          break;
-        case s_b64_0:
-        case s_b64_1:
-        case s_b64_2:
-        case s_b64_3:
-          {
-            if (buflen >= bufsize)
-              {
-                bufsize += 8192;
-                buf = xrealloc (buf, bufsize);
-              }
-
-            if (c == '-')
-              state = s_waitend;
-            else if ((c = asctobin[c & 0xff]) == 255 )
-              ; /* Just skip invalid base64 characters. */
-            else if (state == s_b64_0)
-              {
-                value = c << 2;
-                state = s_b64_1;
-              }
-            else if (state == s_b64_1)
-              {
-                value |= (c>>4)&3;
-                buf[buflen++] = value;
-                value = (c<<4)&0xf0;
-                state = s_b64_2;
-              }
-            else if (state == s_b64_2)
-              {
-                value |= (c>>2)&15;
-                buf[buflen++] = value;
-                value = (c<<6)&0xc0;
-                state = s_b64_3;
-              }
-            else
-              {
-                value |= c&0x3f;
-                buf[buflen++] = value;
-                state = s_b64_0;
-              }
-          }
-          break;
-        case s_waitend:
-          /* Note that we do not check that the base64 decoder has
-             been left in the expected state.  We assume that the PEM
-             header is just fine.  However we need to wait for the
-             real LF and not a trailing percent escaped one. */
-          if (c== '\n' && !escaped_c)
-            goto ready;
-          break;
-        default:
-          BUG();
-        }
-    }
- ready:
-  if (fname)
-    fclose (fp);
-
-  if (state == s_init && c == EOF)
-    {
-      xfree (buf);
-      return gpg_error (GPG_ERR_EOF);
-    }
-  else if (state != s_waitend)
-    {
-      log_error ("no certificate or invalid encoded\n");
-      xfree (buf);
-      return gpg_error (GPG_ERR_INV_ARMOR);
-    }
-
-  *rbuf = buf;
-  *rbuflen = buflen;
-  return 0;
-}
-
-/* Read a binary certificate from the file FNAME.  If fname is NULL the
-   file is read from stdin.  The certificate is returned in an alloced
-   buffer whose address will be returned in RBUF and its length in
-   RBUFLEN.  */
-static gpg_error_t
-read_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen)
-{
-  gpg_error_t err;
-  FILE *fp;
-  unsigned char *buf;
-  size_t nread, bufsize, buflen;
-
-  if (opt.pem)
-    return read_pem_certificate (fname, rbuf, rbuflen);
-
-  fp = fname? fopen (fname, "rb") : stdin;
-  if (!fp)
-    return gpg_error_from_errno (errno);
-
-  buf = NULL;
-  bufsize = buflen = 0;
-#define NCHUNK 8192
-  do
-    {
-      bufsize += NCHUNK;
-      if (!buf)
-        buf = xmalloc (bufsize);
-      else
-        buf = xrealloc (buf, bufsize);
-
-      nread = fread (buf+buflen, 1, NCHUNK, fp);
-      if (nread < NCHUNK && ferror (fp))
-        {
-          err = gpg_error_from_errno (errno);
-          xfree (buf);
-          if (fname)
-            fclose (fp);
-          return err;
-        }
-      buflen += nread;
-    }
-  while (nread == NCHUNK);
-#undef NCHUNK
-  if (fname)
-    fclose (fp);
-  *rbuf = buf;
-  *rbuflen = buflen;
-  return 0;
-}
-
-
-/* Callback for the inquire fiunction to send back the certificate.  */
-static gpg_error_t
-inq_cert (void *opaque, const char *line)
-{
-  struct inq_cert_parm_s *parm = opaque;
-  gpg_error_t err;
-
-  if (!strncmp (line, "TARGETCERT", 10) && (line[10] == ' ' || !line[10]))
-    {
-      err = assuan_send_data (parm->ctx, parm->cert, parm->certlen);
-    }
-  else if (!strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8]))
-    {
-      /* We don't support this but dirmngr might ask for it.  So
-         simply ignore it by sending back and empty value. */
-      err = assuan_send_data (parm->ctx, NULL, 0);
-    }
-  else if (!strncmp (line, "SENDCERT_SKI", 12)
-           && (line[12]==' ' || !line[12]))
-    {
-      /* We don't support this but dirmngr might ask for it.  So
-         simply ignore it by sending back an empty value. */
-      err = assuan_send_data (parm->ctx, NULL, 0);
-    }
-  else if (!strncmp (line, "SENDISSUERCERT", 14)
-           && (line[14] == ' ' || !line[14]))
-    {
-      /* We don't support this but dirmngr might ask for it.  So
-         simply ignore it by sending back an empty value. */
-      err = assuan_send_data (parm->ctx, NULL, 0);
-    }
-  else
-    {
-      log_info (_("unsupported inquiry '%s'\n"), line);
-      err = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
-      /* Note that this error will let assuan_transact terminate
-         immediately instead of return the error to the caller.  It is
-         not clear whether this is the desired behaviour - it may
-         change in future. */
-    }
-
-  return err;
-}
-
-
-/* Check the certificate CERT,CERTLEN for validity using a CRL or OCSP.
-   Return a proper error code. */
-static gpg_error_t
-do_check (assuan_context_t ctx, const unsigned char *cert, size_t certlen)
-{
-  gpg_error_t err;
-  struct inq_cert_parm_s parm;
-
-  memset (&parm, 0, sizeof parm);
-  parm.ctx = ctx;
-  parm.cert = cert;
-  parm.certlen = certlen;
-
-  err = assuan_transact (ctx,
-                         (opt.use_ocsp && opt.force_default_responder
-                          ? "CHECKOCSP --force-default-responder"
-                          : opt.use_ocsp? "CHECKOCSP" : "CHECKCRL"),
-                         NULL, NULL, inq_cert, &parm, status_cb, NULL);
-  if (opt.verbose > 1)
-    log_info ("response of dirmngr: %s\n", err? gpg_strerror (err): "okay");
-  return err;
-}
-
-/* Check the certificate CERT,CERTLEN for validity using a CRL or OCSP.
-   Return a proper error code. */
-static gpg_error_t
-do_cache (assuan_context_t ctx, const unsigned char *cert, size_t certlen)
-{
-  gpg_error_t err;
-  struct inq_cert_parm_s parm;
-
-  memset (&parm, 0, sizeof parm);
-  parm.ctx = ctx;
-  parm.cert = cert;
-  parm.certlen = certlen;
-
-  err = assuan_transact (ctx, "CACHECERT", NULL, NULL,
-                        inq_cert, &parm,
-                        status_cb, NULL);
-  if (opt.verbose > 1)
-    log_info ("response of dirmngr: %s\n", err? gpg_strerror (err): "okay");
-  return err;
-}
-
-/* Check the certificate CERT,CERTLEN for validity using dirmngrs
-   internal validate feature.  Return a proper error code. */
-static gpg_error_t
-do_validate (assuan_context_t ctx, const unsigned char *cert, size_t certlen)
-{
-  gpg_error_t err;
-  struct inq_cert_parm_s parm;
-
-  memset (&parm, 0, sizeof parm);
-  parm.ctx = ctx;
-  parm.cert = cert;
-  parm.certlen = certlen;
-
-  err = assuan_transact (ctx, "VALIDATE", NULL, NULL,
-                        inq_cert, &parm,
-                        status_cb, NULL);
-  if (opt.verbose > 1)
-    log_info ("response of dirmngr: %s\n", err? gpg_strerror (err): "okay");
-  return err;
-}
-
-/* Load a CRL into the dirmngr.  */
-static gpg_error_t
-do_loadcrl (assuan_context_t ctx, const char *filename)
-{
-  gpg_error_t err;
-  const char *s;
-  char *fname, *line, *p;
-
-  if (opt.url)
-    fname = xstrdup (filename);
-  else
-    {
-#ifdef HAVE_CANONICALIZE_FILE_NAME
-      fname = canonicalize_file_name (filename);
-      if (!fname)
-        {
-          log_error ("error canonicalizing '%s': %s\n",
-                     filename, strerror (errno));
-          return gpg_error (GPG_ERR_GENERAL);
-        }
-#else
-      fname = xstrdup (filename);
-#endif
-      if (*fname != '/')
-        {
-          log_error (_("absolute file name expected\n"));
-          return gpg_error (GPG_ERR_GENERAL);
-        }
-    }
-
-  line = xmalloc (8 + 6 + strlen (fname) * 3 + 1);
-  p = stpcpy (line, "LOADCRL ");
-  if (opt.url)
-    p = stpcpy (p, "--url ");
-  for (s = fname; *s; s++)
-    {
-      if (*s < ' ' || *s == '+')
-        {
-          sprintf (p, "%%%02X", *s);
-          p += 3;
-        }
-      else if (*s == ' ')
-        *p++ = '+';
-      else
-        *p++ = *s;
-        }
-  *p = 0;
-
-  err = assuan_transact (ctx, line, NULL, NULL,
-                        NULL, NULL,
-                        status_cb, NULL);
-  if (opt.verbose > 1)
-    log_info ("response of dirmngr: %s\n", err? gpg_strerror (err): "okay");
-  xfree (line);
-  xfree (fname);
-  return err;
-}
-
-
-/* Do a LDAP lookup using PATTERN and print the result in a base-64
-   encoded format.  */
-static gpg_error_t
-do_lookup (assuan_context_t ctx, const char *pattern)
-{
-  gpg_error_t err;
-  const unsigned char *s;
-  char *line, *p;
-  struct b64state state;
-
-  if (opt.verbose)
-    log_info (_("looking up '%s'\n"), pattern);
-
-  err = b64enc_start (&state, stdout, NULL);
-  if (err)
-    return err;
-
-  line = xmalloc (10 + 6 + 13 + strlen (pattern)*3 + 1);
-
-  p = stpcpy (line, "LOOKUP ");
-  if (opt.url)
-    p = stpcpy (p, "--url ");
-  if (opt.local)
-    p = stpcpy (p, "--cache-only ");
-  for (s=pattern; *s; s++)
-    {
-      if (*s < ' ' || *s == '+')
-        {
-          sprintf (p, "%%%02X", *s);
-          p += 3;
-        }
-      else if (*s == ' ')
-        *p++ = '+';
-      else
-        *p++ = *s;
-    }
-  *p = 0;
-
-
-  err = assuan_transact (ctx, line,
-                         data_cb, &state,
-                         NULL, NULL,
-                         status_cb, NULL);
-  if (opt.verbose > 1)
-    log_info ("response of dirmngr: %s\n", err? gpg_strerror (err): "okay");
-
-  err = b64enc_finish (&state);
-
-  xfree (line);
-  return err;
-}
-
-/* The body of an endless loop: Read a line from stdin, retrieve the
-   certificate from it, validate it and print "ERR" or "OK" to stdout.
-   Continue.  */
-static gpg_error_t
-squid_loop_body (assuan_context_t ctx)
-{
-  gpg_error_t err;
-  unsigned char *certbuf;
-  size_t certbuflen = 0;
-
-  err = read_pem_certificate (NULL, &certbuf, &certbuflen);
-  if (gpg_err_code (err) == GPG_ERR_EOF)
-    return err;
-  if (err)
-    {
-      log_error (_("error reading certificate from stdin: %s\n"),
-                 gpg_strerror (err));
-      puts ("ERROR");
-      return 0;
-    }
-
-  err = do_check (ctx, certbuf, certbuflen);
-  xfree (certbuf);
-  if (!err)
-    {
-      if (opt.verbose)
-        log_info (_("certificate is valid\n"));
-      puts ("OK");
-    }
-  else
-    {
-      if (!opt.quiet)
-        {
-          if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED )
-            log_info (_("certificate has been revoked\n"));
-          else
-            log_error (_("certificate check failed: %s\n"),
-                       gpg_strerror (err));
-        }
-      puts ("ERROR");
-    }
-
-  fflush (stdout);
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/dirmngr/dirmngr-err.h gnupg2-2.0.28/dirmngr/dirmngr-err.h
--- gnupg2-2.1.6/dirmngr/dirmngr-err.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/dirmngr-err.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,12 +0,0 @@
-/* Definition of the gpg-error source.  */
-
-#ifndef DIRMNGR_ERR_H
-#define DIRMNGR_ERR_H
-
-#ifdef GPG_ERR_SOURCE_DEFAULT
-#error GPG_ERR_SOURCE_DEFAULT already defined
-#endif
-#define GPG_ERR_SOURCE_DEFAULT  GPG_ERR_SOURCE_DIRMNGR
-#include 
-
-#endif /*DIRMNGR_ERR_H*/
diff -Nru gnupg2-2.1.6/dirmngr/dirmngr.h gnupg2-2.0.28/dirmngr/dirmngr.h
--- gnupg2-2.1.6/dirmngr/dirmngr.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/dirmngr.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,206 +0,0 @@
-/* dirmngr.h - Common definitions for the dirmngr
- * Copyright (C) 2002 Klarälvdalens Datakonsult AB
- * Copyright (C) 2004, 2015 g10 Code GmbH
- * Copyright (C) 2014 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef DIRMNGR_H
-#define DIRMNGR_H
-
-#include "./dirmngr-err.h"
-#define map_assuan_err(a) \
-        map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a))
-#include 
-#include 
-#include 
-
-#include "../common/util.h"
-#include "../common/membuf.h"
-#include "../common/sysutils.h" /* (gnupg_fd_t) */
-#include "../common/i18n.h"
-#include "../common/http.h"     /* (parsed_uri_t) */
-
-/* This objects keeps information about a particular LDAP server and
-   is used as item of a single linked list of servers. */
-struct ldap_server_s
-{
-  struct ldap_server_s* next;
-
-  char *host;
-  int   port;
-  char *user;
-  char *pass;
-  char *base;
-};
-typedef struct ldap_server_s *ldap_server_t;
-
-
-/* This objects is used to build a list of URI consisting of the
-   original and the parsed URI.  */
-struct uri_item_s
-{
-  struct uri_item_s *next;
-  parsed_uri_t parsed_uri;  /* The broken down URI.  */
-  char uri[1];              /* The original URI.  */
-};
-typedef struct uri_item_s *uri_item_t;
-
-
-/* A list of fingerprints.  */
-struct fingerprint_list_s;
-typedef struct fingerprint_list_s *fingerprint_list_t;
-struct fingerprint_list_s
-{
-  fingerprint_list_t next;
-  char hexfpr[20+20+1];
-};
-
-
-/* A large struct named "opt" to keep global flags.  */
-struct
-{
-  unsigned int debug; /* debug flags (DBG_foo_VALUE) */
-  int verbose;        /* verbosity level */
-  int quiet;          /* be as quiet as possible */
-  int dry_run;        /* don't change any persistent data */
-  int batch;          /* batch mode */
-  const char *homedir;      /* Configuration directory name */
-  const char *homedir_cache; /* Ditto for cache files (/var/cache/dirmngr).  */
-
-  char *config_filename;     /* Name of a config file, which will be
-                                reread on a HUP if it is not NULL. */
-
-  char *ldap_wrapper_program; /* Override value for the LDAP wrapper
-                                 program.  */
-  char *http_wrapper_program; /* Override value for the HTTP wrapper
-                                 program.  */
-
-  int system_service;   /* We are running as W32 service (implies daemon).  */
-  int system_daemon;    /* We are running in system daemon mode.  */
-  int running_detached; /* We are running in detached mode.  */
-
-  int force;          /* Force loading outdated CRLs. */
-
-  int disable_http;       /* Do not use HTTP at all.  */
-  int disable_ldap;       /* Do not use LDAP at all.  */
-  int honor_http_proxy;   /* Honor the http_proxy env variable. */
-  const char *http_proxy; /* The default HTTP proxy.  */
-  const char *ldap_proxy; /* Use given LDAP proxy.  */
-  int only_ldap_proxy;    /* Only use the LDAP proxy; no fallback.  */
-  int ignore_http_dp;     /* Ignore HTTP CRL distribution points.  */
-  int ignore_ldap_dp;     /* Ignore LDAP CRL distribution points.  */
-  int ignore_ocsp_service_url; /* Ignore OCSP service URLs as given in
-                                  the certificate.  */
-
-  /* A list of certificate extension OIDs which are ignored so that
-     one can claim that a critical extension has been handled.  One
-     OID per string.  */
-  strlist_t ignored_cert_extensions;
-
-  int allow_ocsp;     /* Allow using OCSP. */
-
-  int max_replies;
-  unsigned int ldaptimeout;
-
-  ldap_server_t ldapservers;
-  int add_new_ldapservers;
-
-  const char *ocsp_responder;     /* Standard OCSP responder's URL. */
-  fingerprint_list_t ocsp_signer; /* The list of fingerprints with allowed
-                                     standard OCSP signer certificates.  */
-
-  unsigned int ocsp_max_clock_skew; /* Allowed seconds of clocks skew. */
-  unsigned int ocsp_max_period;     /* Seconds a response is at maximum
-                                       considered valid after thisUpdate. */
-  unsigned int ocsp_current_period; /* Seconds a response is considered
-                                       current after nextUpdate. */
-} opt;
-
-
-#define DBG_X509_VALUE    1	/* debug x.509 parsing */
-#define DBG_CRYPTO_VALUE  4	/* debug low level crypto */
-#define DBG_MEMORY_VALUE  32	/* debug memory allocation stuff */
-#define DBG_CACHE_VALUE   64	/* debug the caching */
-#define DBG_MEMSTAT_VALUE 128	/* show memory statistics */
-#define DBG_HASHING_VALUE 512	/* debug hashing operations */
-#define DBG_IPC_VALUE     1024  /* debug assuan communication */
-#define DBG_LOOKUP_VALUE  8192  /* debug lookup details */
-
-#define DBG_X509    (opt.debug & DBG_X509_VALUE)
-#define DBG_CRYPTO  (opt.debug & DBG_CRYPTO_VALUE)
-#define DBG_MEMORY  (opt.debug & DBG_MEMORY_VALUE)
-#define DBG_CACHE   (opt.debug & DBG_CACHE_VALUE)
-#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
-#define DBG_IPC     (opt.debug & DBG_IPC_VALUE)
-#define DBG_LOOKUP  (opt.debug & DBG_LOOKUP_VALUE)
-
-/* A simple list of certificate references. */
-struct cert_ref_s
-{
-  struct cert_ref_s *next;
-  unsigned char fpr[20];
-};
-typedef struct cert_ref_s *cert_ref_t;
-
-/* Forward references; access only through server.c.  */
-struct server_local_s;
-
-/* Connection control structure.  */
-struct server_control_s
-{
-  int refcount;      /* Count additional references to this object.  */
-  int no_server;     /* We are not running under server control. */
-  int status_fd;     /* Only for non-server mode. */
-  struct server_local_s *server_local;
-  int force_crl_refresh; /* Always load a fresh CRL. */
-
-  int check_revocations_nest_level; /* Internal to check_revovations.  */
-  cert_ref_t ocsp_certs; /* Certificates from the current OCSP
-                            response. */
-
-  int audit_events;  /* Send audit events to client.  */
-  char *http_proxy;  /* The used http_proxy or NULL.  */
-};
-
-
-/*-- dirmngr.c --*/
-void dirmngr_exit( int );  /* Wrapper for exit() */
-void dirmngr_init_default_ctrl (ctrl_t ctrl);
-void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
-void dirmngr_sighup_action (void);
-
-
-/*-- Various housekeeping functions.  --*/
-void ks_hkp_housekeeping (time_t curtime);
-
-
-/*-- server.c --*/
-ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl);
-ksba_cert_t get_cert_local (ctrl_t ctrl, const char *issuer);
-ksba_cert_t get_issuing_cert_local (ctrl_t ctrl, const char *issuer);
-ksba_cert_t get_cert_local_ski (ctrl_t ctrl,
-                                const char *name, ksba_sexp_t keyid);
-gpg_error_t get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr);
-void start_command_handler (gnupg_fd_t fd);
-gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...);
-gpg_error_t dirmngr_status_help (ctrl_t ctrl, const char *text);
-gpg_error_t dirmngr_tick (ctrl_t ctrl);
-
-
-
-#endif /*DIRMNGR_H*/
diff -Nru gnupg2-2.1.6/dirmngr/dirmngr_ldap.c gnupg2-2.0.28/dirmngr/dirmngr_ldap.c
--- gnupg2-2.1.6/dirmngr/dirmngr_ldap.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/dirmngr_ldap.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,719 +0,0 @@
-/* dirmngr-ldap.c  -  The LDAP helper for dirmngr.
- * Copyright (C) 2004 g10 Code GmbH
- * Copyright (C) 2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_SIGNAL_H
-# include 
-#endif
-#include 
-#include 
-#include 
-#include 
-#ifndef USE_LDAPWRAPPER
-# include 
-#endif
-
-#ifdef HAVE_W32_SYSTEM
-# include 
-# include 
-# include 
-# include 
-# include "ldap-url.h"
-#else
-  /* For OpenLDAP, to enable the API that we're using. */
-# define LDAP_DEPRECATED 1
-# include 
-#endif
-
-
-#include 
-#include "../common/logging.h"
-#include "../common/argparse.h"
-#include "../common/stringhelp.h"
-#include "../common/mischelp.h"
-#include "../common/strlist.h"
-
-#include "i18n.h"
-#include "util.h"
-#include "../common/init.h"
-
-/* With the ldap wrapper, there is no need for the npth_unprotect and leave
-   functions; thus we redefine them to nops.  If we are not using the
-   ldap wrapper process we need to include the prototype for our
-   module's main function.  */
-#ifdef USE_LDAPWRAPPER
-static void npth_unprotect (void) { }
-static void npth_protect (void) { }
-#else
-# include "./ldap-wrapper.h"
-#endif
-
-#ifdef HAVE_W32CE_SYSTEM
-# include "w32-ldap-help.h"
-# define my_ldap_init(a,b)                      \
-  _dirmngr_ldap_init ((a), (b))
-# define my_ldap_simple_bind_s(a,b,c)           \
-  _dirmngr_ldap_simple_bind_s ((a),(b),(c))
-# define my_ldap_search_st(a,b,c,d,e,f,g,h)     \
-  _dirmngr_ldap_search_st ((a), (b), (c), (d), (e), (f), (g), (h))
-# define my_ldap_first_attribute(a,b,c)         \
-  _dirmngr_ldap_first_attribute ((a),(b),(c))
-# define my_ldap_next_attribute(a,b,c)          \
-  _dirmngr_ldap_next_attribute ((a),(b),(c))
-# define my_ldap_get_values_len(a,b,c)          \
-  _dirmngr_ldap_get_values_len ((a),(b),(c))
-# define my_ldap_free_attr(a)                   \
-  xfree ((a))
-#else
-# define my_ldap_init(a,b)              ldap_init ((a), (b))
-# define my_ldap_simple_bind_s(a,b,c)   ldap_simple_bind_s ((a), (b), (c))
-# define my_ldap_search_st(a,b,c,d,e,f,g,h)     \
-  ldap_search_st ((a), (b), (c), (d), (e), (f), (g), (h))
-# define my_ldap_first_attribute(a,b,c) ldap_first_attribute ((a),(b),(c))
-# define my_ldap_next_attribute(a,b,c)  ldap_next_attribute ((a),(b),(c))
-# define my_ldap_get_values_len(a,b,c)  ldap_get_values_len ((a),(b),(c))
-# define my_ldap_free_attr(a)           ldap_memfree ((a))
-#endif
-
-#ifdef HAVE_W32_SYSTEM
- typedef LDAP_TIMEVAL  my_ldap_timeval_t;
-#else
- typedef struct timeval my_ldap_timeval_t;
-#endif
-
-#define DEFAULT_LDAP_TIMEOUT 100 /* Arbitrary long timeout. */
-
-
-/* Constants for the options.  */
-enum
-  {
-    oQuiet	  = 'q',
-    oVerbose	  = 'v',
-
-    oTimeout      = 500,
-    oMulti,
-    oProxy,
-    oHost,
-    oPort,
-    oUser,
-    oPass,
-    oEnvPass,
-    oDN,
-    oFilter,
-    oAttr,
-
-    oOnlySearchTimeout,
-    oLogWithPID
-  };
-
-
-/* The list of options as used by the argparse.c code.  */
-static ARGPARSE_OPTS opts[] = {
-  { oVerbose,  "verbose",   0, N_("verbose") },
-  { oQuiet,    "quiet",     0, N_("be somewhat more quiet") },
-  { oTimeout,  "timeout",   1, N_("|N|set LDAP timeout to N seconds")},
-  { oMulti,    "multi",     0, N_("return all values in"
-                                  " a record oriented format")},
-  { oProxy,    "proxy",     2,
-    N_("|NAME|ignore host part and connect through NAME")},
-  { oHost,     "host",      2, N_("|NAME|connect to host NAME")},
-  { oPort,     "port",      1, N_("|N|connect to port N")},
-  { oUser,     "user",      2, N_("|NAME|use user NAME for authentication")},
-  { oPass,     "pass",      2, N_("|PASS|use password PASS"
-                                  " for authentication")},
-  { oEnvPass,  "env-pass",  0, N_("take password from $DIRMNGR_LDAP_PASS")},
-  { oDN,       "dn",        2, N_("|STRING|query DN STRING")},
-  { oFilter,   "filter",    2, N_("|STRING|use STRING as filter expression")},
-  { oAttr,     "attr",      2, N_("|STRING|return the attribute STRING")},
-  { oOnlySearchTimeout, "only-search-timeout", 0, "@"},
-  { oLogWithPID,"log-with-pid", 0, "@"},
-  { 0, NULL, 0, NULL }
-};
-
-
-/* A structure with module options.  This is not a static variable
-   because if we are not build as a standalone binary, each thread
-   using this module needs to handle its own values.  */
-struct my_opt_s
-{
-  int quiet;
-  int verbose;
-  my_ldap_timeval_t timeout;/* Timeout for the LDAP search functions.  */
-  unsigned int alarm_timeout; /* And for the alarm based timeout.  */
-  int multi;
-
-  estream_t outstream;    /* Send output to thsi stream.  */
-
-  /* Note that we can't use const for the strings because ldap_* are
-     not defined that way.  */
-  char *proxy; /* Host and Port override.  */
-  char *user;  /* Authentication user.  */
-  char *pass;  /* Authentication password.  */
-  char *host;  /* Override host.  */
-  int port;    /* Override port.  */
-  char *dn;    /* Override DN.  */
-  char *filter;/* Override filter.  */
-  char *attr;  /* Override attribute.  */
-};
-typedef struct my_opt_s *my_opt_t;
-
-
-/* Prototypes.  */
-#ifndef HAVE_W32_SYSTEM
-static void catch_alarm (int dummy);
-#endif
-static int process_url (my_opt_t myopt, const char *url);
-
-
-
-/* Function called by argparse.c to display information.  */
-#ifdef USE_LDAPWRAPPER
-static const char *
-my_strusage (int level)
-{
-  const char *p;
-
-  switch(level)
-    {
-    case 11: p = "dirmngr_ldap (@GNUPG@)";
-      break;
-    case 13: p = VERSION; break;
-    case 17: p = PRINTABLE_OS_NAME; break;
-    case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
-    case 49: p = PACKAGE_BUGREPORT; break;
-    case 1:
-    case 40: p =
-               _("Usage: dirmngr_ldap [options] [URL] (-h for help)\n");
-      break;
-    case 41: p =
-          _("Syntax: dirmngr_ldap [options] [URL]\n"
-            "Internal LDAP helper for Dirmngr\n"
-            "Interface and options may change without notice\n");
-      break;
-
-    default: p = NULL;
-    }
-  return p;
-}
-#endif /*!USE_LDAPWRAPPER*/
-
-
-int
-#ifdef USE_LDAPWRAPPER
-main (int argc, char **argv)
-#else
-ldap_wrapper_main (char **argv, estream_t outstream)
-#endif
-{
-#ifndef USE_LDAPWRAPPER
-  int argc;
-#endif
-  ARGPARSE_ARGS pargs;
-  int any_err = 0;
-  char *p;
-  int only_search_timeout = 0;
-  struct my_opt_s my_opt_buffer;
-  my_opt_t myopt = &my_opt_buffer;
-  char *malloced_buffer1 = NULL;
-
-  memset (&my_opt_buffer, 0, sizeof my_opt_buffer);
-
-  early_system_init ();
-
-#ifdef USE_LDAPWRAPPER
-  set_strusage (my_strusage);
-  log_set_prefix ("dirmngr_ldap", GPGRT_LOG_WITH_PREFIX);
-
-  /* Setup I18N and common subsystems. */
-  i18n_init();
-
-  init_common_subsystems (&argc, &argv);
-
-  es_set_binary (es_stdout);
-  myopt->outstream = es_stdout;
-#else /*!USE_LDAPWRAPPER*/
-  myopt->outstream = outstream;
-  for (argc=0; argv[argc]; argc++)
-    ;
-#endif /*!USE_LDAPWRAPPER*/
-
-  /* LDAP defaults */
-  myopt->timeout.tv_sec = DEFAULT_LDAP_TIMEOUT;
-  myopt->timeout.tv_usec = 0;
-  myopt->alarm_timeout = 0;
-
-  /* Parse the command line.  */
-  pargs.argc = &argc;
-  pargs.argv = &argv;
-  pargs.flags= 1;  /* Do not remove the args. */
-  while (arg_parse (&pargs, opts) )
-    {
-      switch (pargs.r_opt)
-        {
-        case oVerbose: myopt->verbose++; break;
-        case oQuiet: myopt->quiet++; break;
-	case oTimeout:
-	  myopt->timeout.tv_sec = pargs.r.ret_int;
-	  myopt->timeout.tv_usec = 0;
-          myopt->alarm_timeout = pargs.r.ret_int;
-	  break;
-        case oOnlySearchTimeout: only_search_timeout = 1; break;
-        case oMulti: myopt->multi = 1; break;
-        case oUser: myopt->user = pargs.r.ret_str; break;
-        case oPass: myopt->pass = pargs.r.ret_str; break;
-        case oEnvPass:
-          myopt->pass = getenv ("DIRMNGR_LDAP_PASS");
-          break;
-        case oProxy: myopt->proxy = pargs.r.ret_str; break;
-        case oHost: myopt->host = pargs.r.ret_str; break;
-        case oPort: myopt->port = pargs.r.ret_int; break;
-        case oDN:   myopt->dn = pargs.r.ret_str; break;
-        case oFilter: myopt->filter = pargs.r.ret_str; break;
-        case oAttr: myopt->attr = pargs.r.ret_str; break;
-        case oLogWithPID:
-          {
-            unsigned int oldflags;
-            log_get_prefix (&oldflags);
-            log_set_prefix (NULL, oldflags | GPGRT_LOG_WITH_PID);
-          }
-          break;
-
-        default :
-#ifdef USE_LDAPWRAPPER
-          pargs.err = ARGPARSE_PRINT_ERROR;
-#else
-          pargs.err = ARGPARSE_PRINT_WARNING;  /* No exit() please.  */
-#endif
-          break;
-	}
-    }
-
-  if (only_search_timeout)
-    myopt->alarm_timeout = 0;
-
-  if (myopt->proxy)
-    {
-      malloced_buffer1 = xtrystrdup (myopt->proxy);
-      if (!malloced_buffer1)
-        {
-          log_error ("error copying string: %s\n", strerror (errno));
-          return 1;
-        }
-      myopt->host = malloced_buffer1;
-      p = strchr (myopt->host, ':');
-      if (p)
-        {
-          *p++ = 0;
-          myopt->port = atoi (p);
-        }
-      if (!myopt->port)
-        myopt->port = 389;  /* make sure ports gets overridden.  */
-    }
-
-  if (myopt->port < 0 || myopt->port > 65535)
-    log_error (_("invalid port number %d\n"), myopt->port);
-
-#ifdef USE_LDAPWRAPPER
-  if (log_get_errorcount (0))
-    exit (2);
-  if (argc < 1)
-    usage (1);
-#else
-  /* All passed arguments should be fine in this case.  */
-  assert (argc);
-#endif
-
-#ifdef USE_LDAPWRAPPER
-  if (myopt->alarm_timeout)
-    {
-#ifndef HAVE_W32_SYSTEM
-# if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION)
-      struct sigaction act;
-
-      act.sa_handler = catch_alarm;
-      sigemptyset (&act.sa_mask);
-      act.sa_flags = 0;
-      if (sigaction (SIGALRM,&act,NULL))
-# else
-      if (signal (SIGALRM, catch_alarm) == SIG_ERR)
-# endif
-          log_fatal ("unable to register timeout handler\n");
-#endif
-    }
-#endif /*USE_LDAPWRAPPER*/
-
-  for (; argc; argc--, argv++)
-    if (process_url (myopt, *argv))
-      any_err = 1;
-
-  xfree (malloced_buffer1);
-  return any_err;
-}
-
-#ifndef HAVE_W32_SYSTEM
-static void
-catch_alarm (int dummy)
-{
-  (void)dummy;
-  _exit (10);
-}
-#endif
-
-static void
-set_timeout (my_opt_t myopt)
-{
-#ifdef HAVE_W32_SYSTEM
-  /* FIXME for W32.  */
-  (void)myopt;
-#else
-  if (myopt->alarm_timeout)
-    alarm (myopt->alarm_timeout);
-#endif
-}
-
-
-/* Helper for fetch_ldap().  */
-static int
-print_ldap_entries (my_opt_t myopt, LDAP *ld, LDAPMessage *msg, char *want_attr)
-{
-  LDAPMessage *item;
-  int any = 0;
-
-  for (npth_unprotect (), item = ldap_first_entry (ld, msg), npth_protect ();
-       item;
-       npth_unprotect (), item = ldap_next_entry (ld, item), npth_protect ())
-    {
-      BerElement *berctx;
-      char *attr;
-
-      if (myopt->verbose > 1)
-        log_info (_("scanning result for attribute '%s'\n"),
-                  want_attr? want_attr : "[all]");
-
-      if (myopt->multi)
-        { /*  Write item marker. */
-          if (es_fwrite ("I\0\0\0\0", 5, 1, myopt->outstream) != 1)
-            {
-              log_error (_("error writing to stdout: %s\n"),
-                         strerror (errno));
-              return -1;
-            }
-        }
-
-
-      for (npth_unprotect (), attr = my_ldap_first_attribute (ld, item, &berctx),
-             npth_protect ();
-           attr;
-           npth_unprotect (), attr = my_ldap_next_attribute (ld, item, berctx),
-             npth_protect ())
-        {
-          struct berval **values;
-          int idx;
-
-          if (myopt->verbose > 1)
-            log_info (_("          available attribute '%s'\n"), attr);
-
-          set_timeout (myopt);
-
-          /* I case we want only one attribute we do a case
-             insensitive compare without the optional extension
-             (i.e. ";binary").  Case insensitive is not really correct
-             but the best we can do.  */
-          if (want_attr)
-            {
-              char *cp1, *cp2;
-              int cmpres;
-
-              cp1 = strchr (want_attr, ';');
-              if (cp1)
-                *cp1 = 0;
-              cp2 = strchr (attr, ';');
-              if (cp2)
-                *cp2 = 0;
-              cmpres = ascii_strcasecmp (want_attr, attr);
-              if (cp1)
-                *cp1 = ';';
-              if (cp2)
-                *cp2 = ';';
-              if (cmpres)
-                {
-                  my_ldap_free_attr (attr);
-                  continue; /* Not found:  Try next attribute.  */
-                }
-            }
-
-          npth_unprotect ();
-          values = my_ldap_get_values_len (ld, item, attr);
-          npth_protect ();
-
-          if (!values)
-            {
-              if (myopt->verbose)
-                log_info (_("attribute '%s' not found\n"), attr);
-              my_ldap_free_attr (attr);
-              continue;
-            }
-
-          if (myopt->verbose)
-            {
-              log_info (_("found attribute '%s'\n"), attr);
-              if (myopt->verbose > 1)
-                for (idx=0; values[idx]; idx++)
-                  log_info ("         length[%d]=%d\n",
-                            idx, (int)values[0]->bv_len);
-
-            }
-
-          if (myopt->multi)
-            { /*  Write attribute marker. */
-              unsigned char tmp[5];
-              size_t n = strlen (attr);
-
-              tmp[0] = 'A';
-              tmp[1] = (n >> 24);
-              tmp[2] = (n >> 16);
-              tmp[3] = (n >> 8);
-              tmp[4] = (n);
-              if (es_fwrite (tmp, 5, 1, myopt->outstream) != 1
-                  || es_fwrite (attr, n, 1, myopt->outstream) != 1)
-                {
-                  log_error (_("error writing to stdout: %s\n"),
-                             strerror (errno));
-                  ldap_value_free_len (values);
-                  my_ldap_free_attr (attr);
-                  ber_free (berctx, 0);
-                  return -1;
-                }
-            }
-
-          for (idx=0; values[idx]; idx++)
-            {
-              if (myopt->multi)
-                { /* Write value marker.  */
-                  unsigned char tmp[5];
-                  size_t n = values[0]->bv_len;
-
-                  tmp[0] = 'V';
-                  tmp[1] = (n >> 24);
-                  tmp[2] = (n >> 16);
-                  tmp[3] = (n >> 8);
-                  tmp[4] = (n);
-
-                  if (es_fwrite (tmp, 5, 1, myopt->outstream) != 1)
-                    {
-                      log_error (_("error writing to stdout: %s\n"),
-                                 strerror (errno));
-                      ldap_value_free_len (values);
-                      my_ldap_free_attr (attr);
-                      ber_free (berctx, 0);
-                      return -1;
-                    }
-                }
-
-	      if (es_fwrite (values[0]->bv_val, values[0]->bv_len,
-                             1, myopt->outstream) != 1)
-                {
-                  log_error (_("error writing to stdout: %s\n"),
-                             strerror (errno));
-                  ldap_value_free_len (values);
-                  my_ldap_free_attr (attr);
-                  ber_free (berctx, 0);
-                  return -1;
-                }
-
-              any = 1;
-              if (!myopt->multi)
-                break; /* Print only the first value.  */
-            }
-          ldap_value_free_len (values);
-          my_ldap_free_attr (attr);
-          if (want_attr || !myopt->multi)
-            break; /* We only want to return the first attribute.  */
-        }
-      ber_free (berctx, 0);
-    }
-
-  if (myopt->verbose > 1 && any)
-    log_info ("result has been printed\n");
-
-  return any?0:-1;
-}
-
-
-
-/* Helper for the URL based LDAP query. */
-static int
-fetch_ldap (my_opt_t myopt, const char *url, const LDAPURLDesc *ludp)
-{
-  LDAP *ld;
-  LDAPMessage *msg;
-  int rc = 0;
-  char *host, *dn, *filter, *attrs[2], *attr;
-  int port;
-  int ret;
-
-  host     = myopt->host?   myopt->host   : ludp->lud_host;
-  port     = myopt->port?   myopt->port   : ludp->lud_port;
-  dn       = myopt->dn?     myopt->dn     : ludp->lud_dn;
-  filter   = myopt->filter? myopt->filter : ludp->lud_filter;
-  attrs[0] = myopt->attr?   myopt->attr   : ludp->lud_attrs? ludp->lud_attrs[0]:NULL;
-  attrs[1] = NULL;
-  attr = attrs[0];
-
-  if (!port)
-    port = (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps"))? 636:389;
-
-  if (myopt->verbose)
-    {
-      log_info (_("processing url '%s'\n"), url);
-      if (myopt->user)
-        log_info (_("          user '%s'\n"), myopt->user);
-      if (myopt->pass)
-        log_info (_("          pass '%s'\n"), *myopt->pass?"*****":"");
-      if (host)
-        log_info (_("          host '%s'\n"), host);
-      log_info (_("          port %d\n"), port);
-      if (dn)
-        log_info (_("            DN '%s'\n"), dn);
-      if (filter)
-        log_info (_("        filter '%s'\n"), filter);
-      if (myopt->multi && !myopt->attr && ludp->lud_attrs)
-        {
-          int i;
-          for (i=0; ludp->lud_attrs[i]; i++)
-            log_info (_("          attr '%s'\n"), ludp->lud_attrs[i]);
-        }
-      else if (attr)
-        log_info (_("          attr '%s'\n"), attr);
-    }
-
-
-  if (!host || !*host)
-    {
-      log_error (_("no host name in '%s'\n"), url);
-      return -1;
-    }
-  if (!myopt->multi && !attr)
-    {
-      log_error (_("no attribute given for query '%s'\n"), url);
-      return -1;
-    }
-
-  if (!myopt->multi && !myopt->attr
-      && ludp->lud_attrs && ludp->lud_attrs[0] && ludp->lud_attrs[1])
-    log_info (_("WARNING: using first attribute only\n"));
-
-
-  set_timeout (myopt);
-  npth_unprotect ();
-  ld = my_ldap_init (host, port);
-  npth_protect ();
-  if (!ld)
-    {
-      log_error (_("LDAP init to '%s:%d' failed: %s\n"),
-                 host, port, strerror (errno));
-      return -1;
-    }
-  npth_unprotect ();
-  /* Fixme:  Can we use MYOPT->user or is it shared with other theeads?.  */
-  ret = my_ldap_simple_bind_s (ld, myopt->user, myopt->pass);
-  npth_protect ();
-  if (ret)
-    {
-      log_error (_("binding to '%s:%d' failed: %s\n"),
-                 host, port, strerror (errno));
-      ldap_unbind (ld);
-      return -1;
-    }
-
-  set_timeout (myopt);
-  npth_unprotect ();
-  rc = my_ldap_search_st (ld, dn, ludp->lud_scope, filter,
-                          myopt->multi && !myopt->attr && ludp->lud_attrs?
-                          ludp->lud_attrs:attrs,
-                          0,
-                          &myopt->timeout, &msg);
-  npth_protect ();
-  if (rc == LDAP_SIZELIMIT_EXCEEDED && myopt->multi)
-    {
-      if (es_fwrite ("E\0\0\0\x09truncated", 14, 1, myopt->outstream) != 1)
-        {
-          log_error (_("error writing to stdout: %s\n"), strerror (errno));
-          return -1;
-        }
-    }
-  else if (rc)
-    {
-#ifdef HAVE_W32CE_SYSTEM
-      log_error ("searching '%s' failed: %d\n", url, rc);
-#else
-      log_error (_("searching '%s' failed: %s\n"),
-                 url, ldap_err2string (rc));
-#endif
-      if (rc != LDAP_NO_SUCH_OBJECT)
-        {
-          /* FIXME: Need deinit (ld)?  */
-          /* Hmmm: Do we need to released MSG in case of an error? */
-          return -1;
-        }
-    }
-
-  rc = print_ldap_entries (myopt, ld, msg, myopt->multi? NULL:attr);
-
-  ldap_msgfree (msg);
-  ldap_unbind (ld);
-  return rc;
-}
-
-
-
-
-/* Main processing.  Take the URL and run the LDAP query. The result
-   is printed to stdout, errors are logged to the log stream. */
-static int
-process_url (my_opt_t myopt, const char *url)
-{
-  int rc;
-  LDAPURLDesc *ludp = NULL;
-
-
-  if (!ldap_is_ldap_url (url))
-    {
-      log_error (_("'%s' is not an LDAP URL\n"), url);
-      return -1;
-    }
-
-  if (ldap_url_parse (url, &ludp))
-    {
-      log_error (_("'%s' is an invalid LDAP URL\n"), url);
-      return -1;
-    }
-
-  rc = fetch_ldap (myopt, url, ludp);
-
-  ldap_free_urldesc (ludp);
-  return rc;
-}
diff -Nru gnupg2-2.1.6/dirmngr/dns-cert.c gnupg2-2.0.28/dirmngr/dns-cert.c
--- gnupg2-2.1.6/dirmngr/dns-cert.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/dns-cert.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,382 +0,0 @@
-/* dns-cert.c - DNS CERT code (rfc-4398)
- * Copyright (C) 2005, 2006, 2009 Free Software Foundation, Inc.
- *
- * This file is part of GNUPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#ifdef USE_DNS_CERT
-# ifdef HAVE_W32_SYSTEM
-#  ifdef HAVE_WINSOCK2_H
-#   include 
-#  endif
-#  include 
-# else
-#  include 
-#  include 
-#  include 
-# endif
-# include 
-#endif
-#ifdef USE_ADNS
-# include 
-#endif
-
-#include "util.h"
-#include "host2net.h"
-#include "dns-cert.h"
-
-/* Not every installation has gotten around to supporting CERTs
-   yet... */
-#ifndef T_CERT
-#define T_CERT 37
-#endif
-
-/* ADNS has no support for CERT yet. */
-#define my_adns_r_cert 37
-
-
-
-/* Returns 0 on success or an error code.  If a PGP CERT record was
-   found, the malloced data is returned at (R_KEY, R_KEYLEN) and
-   the other return parameters are set to NULL/0.  If an IPGP CERT
-   record was found the fingerprint is stored as an allocated block at
-   R_FPR and its length at R_FPRLEN; an URL is is allocated as a
-   string and returned at R_URL.  If WANT_CERTTYPE is 0 this function
-   returns the first CERT found with a supported type; it is expected
-   that only one CERT record is used.  If WANT_CERTTYPE is one of the
-   supported certtypes only records wih this certtype are considered
-   and the first found is returned.  (R_KEY,R_KEYLEN) are optional. */
-gpg_error_t
-get_dns_cert (const char *name, int want_certtype,
-              void **r_key, size_t *r_keylen,
-              unsigned char **r_fpr, size_t *r_fprlen, char **r_url)
-{
-#ifdef USE_DNS_CERT
-#ifdef USE_ADNS
-  gpg_error_t err;
-  adns_state state;
-  adns_answer *answer = NULL;
-  unsigned int ctype;
-  int count;
-
-  if (r_key)
-    *r_key = NULL;
-  if (r_keylen)
-    *r_keylen = 0;
-  *r_fpr = NULL;
-  *r_fprlen = 0;
-  *r_url = NULL;
-
-  if (adns_init (&state, adns_if_noerrprint, NULL))
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      log_error ("error initializing adns: %s\n", strerror (errno));
-      return err;
-    }
-
-  if (adns_synchronous (state, name, (adns_r_unknown | my_adns_r_cert),
-                        adns_qf_quoteok_query, &answer))
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      /* log_error ("DNS query failed: %s\n", strerror (errno)); */
-      adns_finish (state);
-      return err;
-    }
-  if (answer->status != adns_s_ok)
-    {
-      /* log_error ("DNS query returned an error: %s (%s)\n", */
-      /*            adns_strerror (answer->status), */
-      /*            adns_errabbrev (answer->status)); */
-      err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
-      goto leave;
-    }
-
-  err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
-  for (count = 0; count < answer->nrrs; count++)
-    {
-      int datalen = answer->rrs.byteblock[count].len;
-      const unsigned char *data = answer->rrs.byteblock[count].data;
-
-      if (datalen < 5)
-        continue;  /* Truncated CERT record - skip.  */
-
-      ctype = buf16_to_uint (data);
-      /* (key tag and algorithm fields are not required.) */
-      data += 5;
-      datalen -= 5;
-
-      if (want_certtype && want_certtype != ctype)
-        ; /* Not of the requested certtype.  */
-      else if (ctype == DNS_CERTTYPE_PGP && datalen >= 11 && r_key && r_keylen)
-        {
-          /* CERT type is PGP.  Gpg checks for a minimum length of 11,
-             thus we do the same.  */
-          *r_key = xtrymalloc (datalen);
-          if (!*r_key)
-            err = gpg_err_make (default_errsource,
-                                gpg_err_code_from_syserror ());
-          else
-            {
-              memcpy (*r_key, data, datalen);
-              *r_keylen = datalen;
-              err = 0;
-            }
-          goto leave;
-        }
-      else if (ctype == DNS_CERTTYPE_IPGP && datalen && datalen < 1023
-               && datalen >= data[0] + 1 && r_fpr && r_fprlen && r_url)
-        {
-          /* CERT type is IPGP.  We made sure that the data is
-             plausible and that the caller requested this
-             information.  */
-          *r_fprlen = data[0];
-          if (*r_fprlen)
-            {
-              *r_fpr = xtrymalloc (*r_fprlen);
-              if (!*r_fpr)
-                {
-                  err = gpg_err_make (default_errsource,
-                                      gpg_err_code_from_syserror ());
-                  goto leave;
-                }
-              memcpy (*r_fpr, data + 1, *r_fprlen);
-            }
-          else
-            *r_fpr = NULL;
-
-          if (datalen > *r_fprlen + 1)
-            {
-              *r_url = xtrymalloc (datalen - (*r_fprlen + 1) + 1);
-              if (!*r_url)
-                {
-                  err = gpg_err_make (default_errsource,
-                                      gpg_err_code_from_syserror ());
-                  xfree (*r_fpr);
-                  *r_fpr = NULL;
-                  goto leave;
-                }
-              memcpy (*r_url,
-                      data + (*r_fprlen + 1), datalen - (*r_fprlen + 1));
-              (*r_url)[datalen - (*r_fprlen + 1)] = '\0';
-            }
-          else
-            *r_url = NULL;
-
-          err = 0;
-          goto leave;
-        }
-    }
-
- leave:
-  adns_free (answer);
-  adns_finish (state);
-  return err;
-
-#else /*!USE_ADNS*/
-
-  gpg_error_t err;
-  unsigned char *answer;
-  int r;
-  u16 count;
-
-  if (r_key)
-    *r_key = NULL;
-  if (r_keylen)
-    *r_keylen = 0;
-  *r_fpr = NULL;
-  *r_fprlen = 0;
-  *r_url = NULL;
-
-  /* Allocate a 64k buffer which is the limit for an DNS response.  */
-  answer = xtrymalloc (65536);
-  if (!answer)
-    return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-
-  err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
-
-  r = res_query (name, C_IN, T_CERT, answer, 65536);
-  /* Not too big, not too small, no errors and at least 1 answer. */
-  if (r >= sizeof (HEADER) && r <= 65536
-      && (((HEADER *) answer)->rcode) == NOERROR
-      && (count = ntohs (((HEADER *) answer)->ancount)))
-    {
-      int rc;
-      unsigned char *pt, *emsg;
-
-      emsg = &answer[r];
-
-      pt = &answer[sizeof (HEADER)];
-
-      /* Skip over the query */
-
-      rc = dn_skipname (pt, emsg);
-      if (rc == -1)
-        {
-          err = gpg_err_make (default_errsource, GPG_ERR_INV_OBJ);
-          goto leave;
-        }
-      pt += rc + QFIXEDSZ;
-
-      /* There are several possible response types for a CERT request.
-         We're interested in the PGP (a key) and IPGP (a URI) types.
-         Skip all others.  TODO: A key is better than a URI since
-         we've gone through all this bother to fetch it, so favor that
-         if we have both PGP and IPGP? */
-
-      while (count-- > 0 && pt < emsg)
-        {
-          u16 type, class, dlen, ctype;
-
-          rc = dn_skipname (pt, emsg);  /* the name we just queried for */
-          if (rc == -1)
-            {
-              err = gpg_err_make (default_errsource, GPG_ERR_INV_OBJ);
-              goto leave;
-            }
-
-          pt += rc;
-
-          /* Truncated message? 15 bytes takes us to the point where
-             we start looking at the ctype. */
-          if ((emsg - pt) < 15)
-            break;
-
-          type = buf16_to_u16 (pt);
-          pt += 2;
-
-          class = buf16_to_u16 (pt);
-          pt += 2;
-
-          if (class != C_IN)
-            break;
-
-          /* ttl */
-          pt += 4;
-
-          /* data length */
-          dlen = buf16_to_u16 (pt);
-          pt += 2;
-
-          /* We asked for CERT and got something else - might be a
-             CNAME, so loop around again. */
-          if (type != T_CERT)
-            {
-              pt += dlen;
-              continue;
-            }
-
-          /* The CERT type */
-          ctype = buf16_to_u16 (pt);
-          pt += 2;
-
-          /* Skip the CERT key tag and algo which we don't need. */
-          pt += 3;
-
-          dlen -= 5;
-
-          /* 15 bytes takes us to here */
-          if (want_certtype && want_certtype != ctype)
-            ; /* Not of the requested certtype.  */
-          else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen)
-            {
-              /* PGP type */
-              *r_key = xtrymalloc (dlen);
-              if (!*r_key)
-                err = gpg_err_make (default_errsource,
-                                    gpg_err_code_from_syserror ());
-              else
-                {
-                  memcpy (*r_key, pt, dlen);
-                  *r_keylen = dlen;
-                  err = 0;
-                }
-              goto leave;
-            }
-          else if (ctype == DNS_CERTTYPE_IPGP
-                   && dlen && dlen < 1023 && dlen >= pt[0] + 1)
-            {
-              /* IPGP type */
-              *r_fprlen = pt[0];
-              if (*r_fprlen)
-                {
-                  *r_fpr = xtrymalloc (*r_fprlen);
-                  if (!*r_fpr)
-                    {
-                      err = gpg_err_make (default_errsource,
-                                          gpg_err_code_from_syserror ());
-                      goto leave;
-                    }
-                  memcpy (*r_fpr, &pt[1], *r_fprlen);
-                }
-              else
-                *r_fpr = NULL;
-
-              if (dlen > *r_fprlen + 1)
-                {
-                  *r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
-                  if (!*r_fpr)
-                    {
-                      err = gpg_err_make (default_errsource,
-                                          gpg_err_code_from_syserror ());
-                      xfree (*r_fpr);
-                      *r_fpr = NULL;
-                      goto leave;
-                    }
-                  memcpy (*r_url, &pt[*r_fprlen + 1], dlen - (*r_fprlen + 1));
-                  (*r_url)[dlen - (*r_fprlen + 1)] = '\0';
-                }
-              else
-                *r_url = NULL;
-
-              err = 0;
-              goto leave;
-            }
-
-          /* Neither type matches, so go around to the next answer. */
-          pt += dlen;
-        }
-    }
-
- leave:
-  xfree (answer);
-  return err;
-
-#endif /*!USE_ADNS */
-#else /* !USE_DNS_CERT */
-  (void)name;
-  if (r_key)
-    *r_key = NULL;
-  if (r_keylen)
-    *r_keylen = NULL;
-  *r_fpr = NULL;
-  *r_fprlen = 0;
-  *r_url = NULL;
-
-  return gpg_err_make (default_errsource, GPG_ERR_NOT_SUPPORTED);
-#endif
-}
diff -Nru gnupg2-2.1.6/dirmngr/dns-cert.h gnupg2-2.0.28/dirmngr/dns-cert.h
--- gnupg2-2.1.6/dirmngr/dns-cert.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/dns-cert.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,55 +0,0 @@
-/* dns-cert.h - DNS CERT definition
- * Copyright (C) 2006 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-#ifndef GNUPG_DIRMNGR_DNS_CERT_H
-#define GNUPG_DIRMNGR_DNS_CERT_H
-
-
-#define DNS_CERTTYPE_ANY       0 /* Internal catch all type. */
-/* Certificate types according to RFC-4398:  */
-#define DNS_CERTTYPE_PKIX      1 /* X.509 as per PKIX. */
-#define DNS_CERTTYPE_SPKI      2 /* SPKI certificate.  */
-#define DNS_CERTTYPE_PGP       3 /* OpenPGP packet.  */
-#define DNS_CERTTYPE_IPKIX     4 /* The URL of an X.509 data object. */
-#define DNS_CERTTYPE_ISPKI     5 /* The URL of an SPKI certificate.  */
-#define DNS_CERTTYPE_IPGP      6 /* The fingerprint
-                                    and URL of an OpenPGP packet.  */
-#define DNS_CERTTYPE_ACPKIX    7 /* Attribute Certificate.  */
-#define DNS_CERTTYPE_IACPKIX   8 /* The URL of an Attribute Certificate.  */
-#define DNS_CERTTYPE_URI     253 /* URI private.  */
-#define DNS_CERTTYPE_OID     254 /* OID private.  */
-
-
-gpg_error_t get_dns_cert (const char *name, int want_certtype,
-                          void **r_key, size_t *r_keylen,
-                          unsigned char **r_fpr, size_t *r_fprlen,
-                          char **r_url);
-
-
-
-#endif /*GNUPG_DIRMNGR_DNS_CERT_H*/
diff -Nru gnupg2-2.1.6/dirmngr/ks-action.c gnupg2-2.0.28/dirmngr/ks-action.c
--- gnupg2-2.1.6/dirmngr/ks-action.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ks-action.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,388 +0,0 @@
-/* ks-action.c - OpenPGP keyserver actions
- * Copyright (C) 2011 Free Software Foundation, Inc.
- * Copyright (C) 2011, 2014 Werner Koch
- * Copyright (C) 2015 g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "misc.h"
-#include "ks-engine.h"
-#include "ks-action.h"
-#if USE_LDAP
-# include "ldap-parse-uri.h"
-#endif
-
-/* Called by the engine's help functions to print the actual help.  */
-gpg_error_t
-ks_print_help (ctrl_t ctrl, const char *text)
-{
-  return dirmngr_status_help (ctrl, text);
-}
-
-
-/* Called by the engine's help functions to print the actual help.  */
-gpg_error_t
-ks_printf_help (ctrl_t ctrl, const char *format, ...)
-{
-  va_list arg_ptr;
-  gpg_error_t err;
-  char *buf;
-
-  va_start (arg_ptr, format);
-  buf = es_vbsprintf (format, arg_ptr);
-  err = buf? 0 : gpg_error_from_syserror ();
-  va_end (arg_ptr);
-  if (!err)
-    err = dirmngr_status_help (ctrl, buf);
-  es_free (buf);
-  return err;
-}
-
-
-/* Run the help command for the engine responsible for URI.  */
-gpg_error_t
-ks_action_help (ctrl_t ctrl, const char *url)
-{
-  gpg_error_t err;
-  parsed_uri_t parsed_uri;  /* The broken down URI.  */
-
-  if (!url || !*url)
-    {
-      ks_print_help (ctrl, "Known schemata:\n");
-      parsed_uri = NULL;
-    }
-  else
-    {
-#if USE_LDAP
-      if (ldap_uri_p (url))
-	err = ldap_parse_uri (&parsed_uri, url);
-      else
-#endif
-	{
-	  err = http_parse_uri (&parsed_uri, url, 1);
-	}
-
-      if (err)
-        return err;
-    }
-
-  /* Call all engines to give them a chance to print a help sting.  */
-  err = ks_hkp_help (ctrl, parsed_uri);
-  if (!err)
-    err = ks_http_help (ctrl, parsed_uri);
-  if (!err)
-    err = ks_finger_help (ctrl, parsed_uri);
-  if (!err)
-    err = ks_kdns_help (ctrl, parsed_uri);
-#if USE_LDAP
-  if (!err)
-    err = ks_ldap_help (ctrl, parsed_uri);
-#endif
-
-  if (!parsed_uri)
-    ks_print_help (ctrl,
-                   "(Use an URL for engine specific help.)");
-  else
-    http_release_parsed_uri (parsed_uri);
-  return err;
-}
-
-
-/* Resolve all host names.  This is useful for looking at the status
-   of configured keyservers.  */
-gpg_error_t
-ks_action_resolve (ctrl_t ctrl, uri_item_t keyservers)
-{
-  gpg_error_t err = 0;
-  int any_server = 0;
-  uri_item_t uri;
-
-  for (uri = keyservers; !err && uri; uri = uri->next)
-    {
-      if (uri->parsed_uri->is_http)
-        {
-          any_server = 1;
-          err = ks_hkp_resolve (ctrl, uri->parsed_uri);
-          if (err)
-            break;
-        }
-    }
-
-  if (!any_server)
-    err = gpg_error (GPG_ERR_NO_KEYSERVER);
-  return err;
-}
-
-
-/* Search all configured keyservers for keys matching PATTERNS and
-   write the result to the provided output stream.  */
-gpg_error_t
-ks_action_search (ctrl_t ctrl, uri_item_t keyservers,
-		  strlist_t patterns, estream_t outfp)
-{
-  gpg_error_t err = 0;
-  int any_server = 0;
-  uri_item_t uri;
-  estream_t infp;
-
-  if (!patterns)
-    return gpg_error (GPG_ERR_NO_USER_ID);
-
-  /* FIXME: We only take care of the first pattern.  To fully support
-     multiple patterns we might either want to run several queries in
-     parallel and merge them.  We also need to decide what to do with
-     errors - it might not be the best idea to ignore an error from
-     one server and silently continue with another server.  For now we
-     stop at the first error. */
-  for (uri = keyservers; !err && uri; uri = uri->next)
-    {
-      int is_http = uri->parsed_uri->is_http;
-      int is_ldap = 0;
-#if USE_LDAP
-      is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
-		 || strcmp (uri->parsed_uri->scheme, "ldaps") == 0
-		 || strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
-#endif
-      if (is_http || is_ldap)
-        {
-          any_server = 1;
-#if USE_LDAP
-	  if (is_ldap)
-	    err = ks_ldap_search (ctrl, uri->parsed_uri, patterns->d, &infp);
-	  else
-#endif
-	    {
-	      err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp);
-	    }
-
-          if (!err)
-            {
-              err = copy_stream (infp, outfp);
-              es_fclose (infp);
-              break;
-            }
-        }
-    }
-
-  if (!any_server)
-    err = gpg_error (GPG_ERR_NO_KEYSERVER);
-  return err;
-}
-
-
-/* Get the requested keys (matching PATTERNS) using all configured
-   keyservers and write the result to the provided output stream.  */
-gpg_error_t
-ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
-	       strlist_t patterns, estream_t outfp)
-{
-  gpg_error_t err = 0;
-  gpg_error_t first_err = 0;
-  int any_server = 0;
-  int any_data = 0;
-  strlist_t sl;
-  uri_item_t uri;
-  estream_t infp;
-
-  if (!patterns)
-    return gpg_error (GPG_ERR_NO_USER_ID);
-
-  /* FIXME: We only take care of the first keyserver.  To fully
-     support multiple keyservers we need to track the result for each
-     pattern and use the next keyserver if one key was not found.  The
-     keyservers might not all be fully synced thus it is not clear
-     whether the first keyserver has the freshest copy of the key.
-     Need to think about a better strategy.  */
-  for (uri = keyservers; !err && uri; uri = uri->next)
-    {
-      int is_http = uri->parsed_uri->is_http;
-      int is_ldap = 0;
-
-#if USE_LDAP
-      is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
-		 || strcmp (uri->parsed_uri->scheme, "ldaps") == 0
-		 || strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
-#endif
-
-      if (is_http || is_ldap)
-        {
-          any_server = 1;
-          for (sl = patterns; !err && sl; sl = sl->next)
-            {
-#if USE_LDAP
-	      if (is_ldap)
-		err = ks_ldap_get (ctrl, uri->parsed_uri, sl->d, &infp);
-	      else
-#endif
-		{
-	          err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
-	        }
-
-              if (err)
-                {
-                  /* It is possible that a server does not carry a
-                     key, thus we only save the error and continue
-                     with the next pattern.  FIXME: It is an open
-                     question how to return such an error condition to
-                     the caller.  */
-                  first_err = err;
-                  err = 0;
-                }
-              else
-                {
-                  err = copy_stream (infp, outfp);
-                  /* Reading from the keyserver should never fail, thus
-                     return this error.  */
-                  if (!err)
-                    any_data = 1;
-                  es_fclose (infp);
-                  infp = NULL;
-                }
-            }
-        }
-      if (any_data)
-        break; /* Stop loop after a keyserver returned something.  */
-    }
-
-  if (!any_server)
-    err = gpg_error (GPG_ERR_NO_KEYSERVER);
-  else if (!err && first_err && !any_data)
-    err = first_err;
-  return err;
-}
-
-
-/* Retrieve keys from URL and write the result to the provided output
-   stream OUTFP.  */
-gpg_error_t
-ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp)
-{
-  gpg_error_t err = 0;
-  estream_t infp;
-  parsed_uri_t parsed_uri;  /* The broken down URI.  */
-
-  if (!url)
-    return gpg_error (GPG_ERR_INV_URI);
-
-  err = http_parse_uri (&parsed_uri, url, 1);
-  if (err)
-    return err;
-
-  if (parsed_uri->is_http)
-    {
-      err = ks_http_fetch (ctrl, url, &infp);
-      if (!err)
-        {
-          err = copy_stream (infp, outfp);
-          es_fclose (infp);
-        }
-    }
-  else if (!parsed_uri->opaque)
-    {
-      err = gpg_error (GPG_ERR_INV_URI);
-    }
-  else if (!strcmp (parsed_uri->scheme, "finger"))
-    {
-      err = ks_finger_fetch (ctrl, parsed_uri, &infp);
-      if (!err)
-        {
-          err = copy_stream (infp, outfp);
-          es_fclose (infp);
-        }
-    }
-  else if (!strcmp (parsed_uri->scheme, "kdns"))
-    {
-      err = ks_kdns_fetch (ctrl, parsed_uri, &infp);
-      if (!err)
-        {
-          err = copy_stream (infp, outfp);
-          es_fclose (infp);
-        }
-    }
-  else
-    err = gpg_error (GPG_ERR_INV_URI);
-
-  http_release_parsed_uri (parsed_uri);
-  return err;
-}
-
-
-
-/* Send an OpenPGP key to all keyservers.  The key in {DATA,DATALEN}
-   is expected to be in OpenPGP binary transport format.  The metadata
-   in {INFO,INFOLEN} is in colon-separated format (concretely, it is
-   the output of 'for x in keys sigs; do gpg --list-$x --with-colons
-   KEYID; done'.  This function may modify DATA and INFO.  If this is
-   a problem, then the caller should create a copy.  */
-gpg_error_t
-ks_action_put (ctrl_t ctrl, uri_item_t keyservers,
-	       void *data, size_t datalen,
-	       void *info, size_t infolen)
-{
-  gpg_error_t err = 0;
-  gpg_error_t first_err = 0;
-  int any_server = 0;
-  uri_item_t uri;
-
-  (void) info;
-  (void) infolen;
-
-  for (uri = keyservers; !err && uri; uri = uri->next)
-    {
-      int is_http = uri->parsed_uri->is_http;
-      int is_ldap = 0;
-
-#if USE_LDAP
-      is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
-		|| strcmp (uri->parsed_uri->scheme, "ldaps") == 0
-		|| strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
-#endif
-
-      if (is_http || is_ldap)
-        {
-          any_server = 1;
-#if USE_LDAP
-	  if (is_ldap)
-	    err = ks_ldap_put (ctrl, uri->parsed_uri, data, datalen,
-			       info, infolen);
-	  else
-#endif
-	    {
-	      err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen);
-	    }
-          if (err)
-            {
-              first_err = err;
-              err = 0;
-            }
-        }
-    }
-
-  if (!any_server)
-    err = gpg_error (GPG_ERR_NO_KEYSERVER);
-  else if (!err && first_err)
-    err = first_err;
-  return err;
-}
diff -Nru gnupg2-2.1.6/dirmngr/ks-action.h gnupg2-2.0.28/dirmngr/ks-action.h
--- gnupg2-2.1.6/dirmngr/ks-action.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ks-action.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,36 +0,0 @@
-/* ks-action.h - OpenPGP keyserver actions definitions
- * Copyright (C) 2011 Free Software Foundation, Inc.
- *               2015 g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef DIRMNGR_KS_ACTION_H
-#define DIRMNGR_KS_ACTION_H 1
-
-gpg_error_t ks_action_help (ctrl_t ctrl, const char *url);
-gpg_error_t ks_action_resolve (ctrl_t ctrl, uri_item_t keyservers);
-gpg_error_t ks_action_search (ctrl_t ctrl, uri_item_t keyservers,
-			      strlist_t patterns, estream_t outfp);
-gpg_error_t ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
-			   strlist_t patterns, estream_t outfp);
-gpg_error_t ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp);
-gpg_error_t ks_action_put (ctrl_t ctrl, uri_item_t keyservers,
-			   void *data, size_t datalen,
-			   void *info, size_t infolen);
-
-
-#endif /*DIRMNGR_KS_ACTION_H*/
diff -Nru gnupg2-2.1.6/dirmngr/ks-engine-finger.c gnupg2-2.0.28/dirmngr/ks-engine-finger.c
--- gnupg2-2.1.6/dirmngr/ks-engine-finger.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ks-engine-finger.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,123 +0,0 @@
-/* ks-engine-finger.c - Finger OpenPGP key access
- * Copyright (C) 2011 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "misc.h"
-#include "userids.h"
-#include "ks-engine.h"
-
-/* Print a help output for the schemata supported by this module. */
-gpg_error_t
-ks_finger_help (ctrl_t ctrl, parsed_uri_t uri)
-{
-  char const data[] =
-    "Handler for FINGER:\n"
-    "  finger:@\n"
-    "Supported methods: fetch\n"
-    "Example:\n"
-    "  finger:joe@example.org\n";
-  gpg_error_t err;
-
-  if (!uri)
-    err = ks_print_help (ctrl, "  finger");
-  else if (!strcmp (uri->scheme, "finger"))
-    err = ks_print_help (ctrl, data);
-  else
-    err = 0;
-
-  return err;
-}
-
-
-/* Get the key from URI which is expected to specify a finger scheme.
-   On success R_FP has an open stream to read the data.  */
-gpg_error_t
-ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp)
-{
-  gpg_error_t err;
-  estream_t fp;
-  char *server;
-  char *name;
-  http_t http;
-
-  (void)ctrl;
-  *r_fp = NULL;
-
-  if (strcmp (uri->scheme, "finger") || !uri->opaque || !uri->path)
-    return gpg_error (GPG_ERR_INV_ARG);
-
-  name = xtrystrdup (uri->path);
-  if (!name)
-    return gpg_error_from_syserror ();
-
-  server = strchr (name, '@');
-  if (!server)
-    {
-      err = gpg_error (GPG_ERR_INV_URI);
-      xfree (name);
-      return err;
-    }
-  *server++ = 0;
-
-  err = http_raw_connect (&http, server, 79, 0, NULL);
-  if (err)
-    {
-      xfree (name);
-      return err;
-    }
-
-  fp = http_get_write_ptr (http);
-  if (!fp)
-    {
-      err = gpg_error (GPG_ERR_INTERNAL);
-      http_close (http, 0);
-      xfree (name);
-      return err;
-    }
-
-  if (es_fputs (name, fp) || es_fputs ("\r\n", fp) || es_fflush (fp))
-    {
-      err = gpg_error_from_syserror ();
-      http_close (http, 0);
-      xfree (name);
-      return err;
-    }
-  xfree (name);
-  es_fclose (fp);
-
-  fp = http_get_read_ptr (http);
-  if (!fp)
-    {
-      err = gpg_error (GPG_ERR_INTERNAL);
-      http_close (http, 0);
-      return err;
-    }
-
-  http_close (http, 1 /* Keep read ptr.  */);
-
-  *r_fp = fp;
-  return 0;
-}
diff -Nru gnupg2-2.1.6/dirmngr/ks-engine.h gnupg2-2.0.28/dirmngr/ks-engine.h
--- gnupg2-2.1.6/dirmngr/ks-engine.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ks-engine.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,67 +0,0 @@
-/* ks-engine.h - Keyserver engines definitions
- * Copyright (C) 2011 Free Software Foundation, Inc.
- * Copyright (C) 2015  g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef DIRMNGR_KS_ENGINE_H
-#define DIRMNGR_KS_ENGINE_H 1
-
-#include "../common/http.h"
-
-/*-- ks-action.c --*/
-gpg_error_t ks_print_help (ctrl_t ctrl, const char *text);
-gpg_error_t ks_printf_help (ctrl_t ctrl, const char *format,
-                            ...) GPGRT_GCC_A_PRINTF(2,3);
-
-/*-- ks-engine-hkp.c --*/
-gpg_error_t ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri);
-gpg_error_t ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive);
-gpg_error_t ks_hkp_print_hosttable (ctrl_t ctrl);
-gpg_error_t ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri);
-gpg_error_t ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
-                           estream_t *r_fp);
-gpg_error_t ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri,
-                        const char *keyspec, estream_t *r_fp);
-gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri,
-                        const void *data, size_t datalen);
-
-/*-- ks-engine-http.c --*/
-gpg_error_t ks_http_help (ctrl_t ctrl, parsed_uri_t uri);
-gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp);
-
-
-/*-- ks-engine-finger.c --*/
-gpg_error_t ks_finger_help (ctrl_t ctrl, parsed_uri_t uri);
-gpg_error_t ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp);
-
-/*-- ks-engine-kdns.c --*/
-gpg_error_t ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri);
-gpg_error_t ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp);
-
-/*-- ks-engine-ldap.c --*/
-gpg_error_t ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri);
-gpg_error_t ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
-			    estream_t *r_fp);
-gpg_error_t ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri,
-			 const char *keyspec, estream_t *r_fp);
-gpg_error_t ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
-			 void *data, size_t datalen,
-			 void *info, size_t infolen);
-
-
-#endif /*DIRMNGR_KS_ENGINE_H*/
diff -Nru gnupg2-2.1.6/dirmngr/ks-engine-hkp.c gnupg2-2.0.28/dirmngr/ks-engine-hkp.c
--- gnupg2-2.1.6/dirmngr/ks-engine-hkp.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ks-engine-hkp.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,1467 +0,0 @@
-/* ks-engine-hkp.c - HKP keyserver engine
- * Copyright (C) 2011, 2012 Free Software Foundation, Inc.
- * Copyright (C) 2011, 2012, 2014 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_W32_SYSTEM
-# ifdef HAVE_WINSOCK2_H
-#  include 
-# endif
-# include 
-#else /*!HAVE_W32_SYSTEM*/
-# include 
-# include 
-# include 
-#endif /*!HAVE_W32_SYSTEM*/
-
-#include "dirmngr.h"
-#include "misc.h"
-#include "userids.h"
-#include "ks-engine.h"
-
-/* Substitutes for missing Mingw macro.  The EAI_SYSTEM mechanism
-   seems not to be available (probably because there is only one set
-   of error codes anyway).  For now we use WSAEINVAL. */
-#ifndef EAI_OVERFLOW
-# define EAI_OVERFLOW EAI_FAIL
-#endif
-#ifdef HAVE_W32_SYSTEM
-# ifndef EAI_SYSTEM
-#  define EAI_SYSTEM WSAEINVAL
-# endif
-#endif
-
-
-/* Number of seconds after a host is marked as resurrected.  */
-#define RESURRECT_INTERVAL  (3600*3)  /* 3 hours */
-
-/* To match the behaviour of our old gpgkeys helper code we escape
-   more characters than actually needed. */
-#define EXTRA_ESCAPE_CHARS "@!\"#$%&'()*+,-./:;<=>?[\\]^_{|}~"
-
-/* How many redirections do we allow.  */
-#define MAX_REDIRECTS 2
-
-/* Number of retries done for a dead host etc.  */
-#define SEND_REQUEST_RETRIES 3
-
-/* Objects used to maintain information about hosts.  */
-struct hostinfo_s;
-typedef struct hostinfo_s *hostinfo_t;
-struct hostinfo_s
-{
-  time_t lastfail;   /* Time we tried to connect and failed.  */
-  time_t lastused;   /* Time of last use.  */
-  int *pool;         /* A -1 terminated array with indices into
-                        HOSTTABLE or NULL if NAME is not a pool
-                        name.  */
-  int poolidx;       /* Index into POOL with the used host.  -1 if not set.  */
-  unsigned int v4:1; /* Host supports AF_INET.  */
-  unsigned int v6:1; /* Host supports AF_INET6.  */
-  unsigned int dead:1; /* Host is currently unresponsive.  */
-  time_t died_at;    /* The time the host was marked dead.  If this is
-                        0 the host has been manually marked dead.  */
-  char *cname;       /* Canonical name of the host.  Only set if this
-                        is a pool.  */
-  char *v4addr;      /* A string with the v4 IP address of the host.
-                        NULL if NAME has a numeric IP address or no v4
-                        address is available.  */
-  char *v6addr;      /* A string with the v6 IP address of the host.
-                        NULL if NAME has a numeric IP address or no v4
-                        address is available.  */
-  char name[1];      /* The hostname.  */
-};
-
-
-/* An array of hostinfo_t for all hosts requested by the caller or
-   resolved from a pool name and its allocated size.*/
-static hostinfo_t *hosttable;
-static int hosttable_size;
-
-/* The number of host slots we initally allocate for HOSTTABLE.  */
-#define INITIAL_HOSTTABLE_SIZE 10
-
-
-/* Create a new hostinfo object, fill in NAME and put it into
-   HOSTTABLE.  Return the index into hosttable on success or -1 on
-   error. */
-static int
-create_new_hostinfo (const char *name)
-{
-  hostinfo_t hi, *newtable;
-  int newsize;
-  int idx, rc;
-
-  hi = xtrymalloc (sizeof *hi + strlen (name));
-  if (!hi)
-    return -1;
-  strcpy (hi->name, name);
-  hi->pool = NULL;
-  hi->poolidx = -1;
-  hi->lastused = (time_t)(-1);
-  hi->lastfail = (time_t)(-1);
-  hi->v4 = 0;
-  hi->v6 = 0;
-  hi->dead = 0;
-  hi->died_at = 0;
-  hi->cname = NULL;
-  hi->v4addr = NULL;
-  hi->v6addr = NULL;
-
-  /* Add it to the hosttable. */
-  for (idx=0; idx < hosttable_size; idx++)
-    if (!hosttable[idx])
-      {
-        hosttable[idx] = hi;
-        return idx;
-      }
-  /* Need to extend the hosttable.  */
-  newsize = hosttable_size + INITIAL_HOSTTABLE_SIZE;
-  newtable = xtryrealloc (hosttable, newsize * sizeof *hosttable);
-  if (!newtable)
-    {
-      xfree (hi);
-      return -1;
-    }
-  hosttable = newtable;
-  idx = hosttable_size;
-  hosttable_size = newsize;
-  rc = idx;
-  hosttable[idx++] = hi;
-  while (idx < hosttable_size)
-    hosttable[idx++] = NULL;
-
-  return rc;
-}
-
-
-/* Find the host NAME in our table.  Return the index into the
-   hosttable or -1 if not found.  */
-static int
-find_hostinfo (const char *name)
-{
-  int idx;
-
-  for (idx=0; idx < hosttable_size; idx++)
-    if (hosttable[idx] && !ascii_strcasecmp (hosttable[idx]->name, name))
-      return idx;
-  return -1;
-}
-
-
-static int
-sort_hostpool (const void *xa, const void *xb)
-{
-  int a = *(int *)xa;
-  int b = *(int *)xb;
-
-  assert (a >= 0 && a < hosttable_size);
-  assert (b >= 0 && b < hosttable_size);
-  assert (hosttable[a]);
-  assert (hosttable[b]);
-
-  return ascii_strcasecmp (hosttable[a]->name, hosttable[b]->name);
-}
-
-
-/* Return true if the host with the hosttable index TBLIDX is in POOL.  */
-static int
-host_in_pool_p (int *pool, int tblidx)
-{
-  int i, pidx;
-
-  for (i=0; (pidx = pool[i]) != -1; i++)
-    if (pidx == tblidx && hosttable[pidx])
-      return 1;
-  return 0;
-}
-
-
-/* Select a random host.  Consult TABLE which indices into the global
-   hosttable.  Returns index into TABLE or -1 if no host could be
-   selected.  */
-static int
-select_random_host (int *table)
-{
-  int *tbl;
-  size_t tblsize;
-  int pidx, idx;
-
-  /* We create a new table so that we randomly select only from
-     currently alive hosts.  */
-  for (idx=0, tblsize=0; (pidx = table[idx]) != -1; idx++)
-    if (hosttable[pidx] && !hosttable[pidx]->dead)
-      tblsize++;
-  if (!tblsize)
-    return -1; /* No hosts.  */
-
-  tbl = xtrymalloc (tblsize * sizeof *tbl);
-  if (!tbl)
-    return -1;
-  for (idx=0, tblsize=0; (pidx = table[idx]) != -1; idx++)
-    if (hosttable[pidx] && !hosttable[pidx]->dead)
-      tbl[tblsize++] = pidx;
-
-  if (tblsize == 1)  /* Save a get_uint_nonce.  */
-    pidx = tbl[0];
-  else
-    pidx = tbl[get_uint_nonce () % tblsize];
-
-  xfree (tbl);
-  return pidx;
-}
-
-
-/* Simplified version of getnameinfo which also returns a numeric
-   hostname inside of brackets.  The caller should provide a buffer
-   for HOST which is 2 bytes larger than the largest hostname.  If
-   NUMERIC is true the returned value is numeric IP address.  Returns
-   0 on success or an EAI error code.  True is stored at R_ISNUMERIC
-   if HOST has a numeric IP address. */
-static int
-my_getnameinfo (struct addrinfo *ai, char *host, size_t hostlen,
-                int numeric, int *r_isnumeric)
-{
-  int ec;
-  char *p;
-
-  *r_isnumeric = 0;
-
-  if (hostlen < 5)
-    return EAI_OVERFLOW;
-
-  if (numeric)
-    ec = EAI_NONAME;
-  else
-    ec = getnameinfo (ai->ai_addr, ai->ai_addrlen,
-                      host, hostlen, NULL, 0, NI_NAMEREQD);
-
-  if (!ec && *host == '[')
-    ec = EAI_FAIL;  /* A name may never start with a bracket.  */
-  else if (ec == EAI_NONAME)
-    {
-      p = host;
-      if (ai->ai_family == AF_INET6)
-        {
-          *p++ = '[';
-          hostlen -= 2;
-        }
-      ec = getnameinfo (ai->ai_addr, ai->ai_addrlen,
-                        p, hostlen, NULL, 0, NI_NUMERICHOST);
-      if (!ec && ai->ai_family == AF_INET6)
-        strcat (host, "]");
-
-      *r_isnumeric = 1;
-    }
-
-  return ec;
-}
-
-
-/* Check whether NAME is an IP address.  */
-static int
-is_ip_address (const char *name)
-{
-  int ndots, n;
-
-  if (*name == '[')
-    return 1;
-  /* Check whether it is legacy IP address.  */
-  if (*name == '.')
-    return 0; /* No.  */
-  ndots = n = 0;
-  for (; *name; name++)
-    {
-      if (*name == '.')
-        {
-          if (name[1] == '.')
-            return 0; /* No. */
-          if (atoi (name+1) > 255)
-            return 0; /* Value too large.  */
-          ndots++;
-          n = 0;
-        }
-      else if (!strchr ("012345678", *name))
-        return 0; /* Not a digit.  */
-      else if (++n > 3)
-        return 0; /* More than 3 digits.  */
-    }
-  return !!(ndots == 3);
-}
-
-
-/* Map the host name NAME to the actual to be used host name.  This
-   allows us to manage round robin DNS names.  We use our own strategy
-   to choose one of the hosts.  For example we skip those hosts which
-   failed for some time and we stick to one host for a time
-   independent of DNS retry times.  If FORCE_RESELECT is true a new
-   host is always selected.  The selected host is stored as a malloced
-   string at R_HOST; on error NULL is stored.  If R_HTTPFLAGS is not
-   NULL it will receive flags which are to be passed to http_open.  If
-   R_POOLNAME is not NULL a malloced name of the pool is stored or
-   NULL if it is not a pool. */
-static gpg_error_t
-map_host (ctrl_t ctrl, const char *name, int force_reselect,
-          char **r_host, unsigned int *r_httpflags, char **r_poolname)
-{
-  gpg_error_t err = 0;
-  hostinfo_t hi;
-  int idx;
-
-  *r_host = NULL;
-  if (r_httpflags)
-    *r_httpflags = 0;
-  if (r_poolname)
-    *r_poolname = NULL;
-
-  /* No hostname means localhost.  */
-  if (!name || !*name)
-    {
-      *r_host = xtrystrdup ("localhost");
-      return *r_host? 0 : gpg_error_from_syserror ();
-    }
-
-  /* See whether the host is in our table.  */
-  idx = find_hostinfo (name);
-  if (idx == -1)
-    {
-      /* We never saw this host.  Allocate a new entry.  */
-      struct addrinfo hints, *aibuf, *ai;
-      int *reftbl;
-      size_t reftblsize;
-      int refidx;
-      int is_pool = 0;
-
-      reftblsize = 100;
-      reftbl = xtrymalloc (reftblsize * sizeof *reftbl);
-      if (!reftbl)
-        return gpg_error_from_syserror ();
-      refidx = 0;
-
-      idx = create_new_hostinfo (name);
-      if (idx == -1)
-        {
-          err = gpg_error_from_syserror ();
-          xfree (reftbl);
-          return err;
-        }
-      hi = hosttable[idx];
-
-      /* Find all A records for this entry and put them into the pool
-         list - if any.  */
-      memset (&hints, 0, sizeof (hints));
-      hints.ai_family = AF_UNSPEC;
-      hints.ai_socktype = SOCK_STREAM;
-      hints.ai_flags = AI_CANONNAME;
-      /* We can't use the the AI_IDN flag because that does the
-         conversion using the current locale.  However, GnuPG always
-         used UTF-8.  To support IDN we would need to make use of the
-         libidn API.  */
-      if (!getaddrinfo (name, NULL, &hints, &aibuf))
-        {
-          int n_v6, n_v4;
-
-          /* First figure out whether this is a pool.  For a pool we
-             use a different strategy than for a plains erver: We use
-             the canonical name of the pool as the virtual host along
-             with the IP addresses.  If it is not a pool, we use the
-             specified name. */
-          n_v6 = n_v4 = 0;
-          for (ai = aibuf; ai; ai = ai->ai_next)
-            {
-              if (ai->ai_family != AF_INET6)
-                n_v6++;
-              else if (ai->ai_family != AF_INET)
-                n_v4++;
-            }
-          if (n_v6 > 1 || n_v4 > 1)
-            is_pool = 1;
-          if (is_pool && aibuf->ai_canonname)
-            hi->cname = xtrystrdup (aibuf->ai_canonname);
-
-          for (ai = aibuf; ai; ai = ai->ai_next)
-            {
-              char tmphost[NI_MAXHOST + 2];
-              int tmpidx;
-              int is_numeric;
-              int ec;
-              int i;
-
-              if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-                continue;
-
-              dirmngr_tick (ctrl);
-
-              if (!is_pool && !is_ip_address (name))
-                {
-                  /* This is a hostname but not a pool.  Use the name
-                     as given without going through getnameinfo.  */
-                  if (strlen (name)+1 > sizeof tmphost)
-                    {
-                      ec = EAI_SYSTEM;
-                      gpg_err_set_errno (EINVAL);
-                    }
-                  else
-                    {
-                      ec = 0;
-                      strcpy (tmphost, name);
-                    }
-                  is_numeric = 0;
-                }
-              else
-                ec = my_getnameinfo (ai, tmphost, sizeof tmphost,
-                                     0, &is_numeric);
-
-              if (ec)
-                {
-                  log_info ("getnameinfo failed while checking '%s': %s\n",
-                            name, gai_strerror (ec));
-                }
-              else if (refidx+1 >= reftblsize)
-                {
-                  log_error ("getnameinfo returned for '%s': '%s'"
-                            " [index table full - ignored]\n", name, tmphost);
-                }
-              else
-                {
-                  tmpidx = find_hostinfo (tmphost);
-                  log_info ("getnameinfo returned for '%s': '%s'%s\n",
-                            name, tmphost,
-                            tmpidx == -1? "" : " [already known]");
-
-                  if (tmpidx == -1) /* Create a new entry.  */
-                    tmpidx = create_new_hostinfo (tmphost);
-
-                  if (tmpidx == -1)
-                    {
-                      log_error ("map_host for '%s' problem: %s - '%s'"
-                                 " [ignored]\n",
-                                 name, strerror (errno), tmphost);
-                    }
-                  else  /* Set or update the entry. */
-                    {
-                      char *ipaddr = NULL;
-
-                      if (!is_numeric)
-                        {
-                          ec = my_getnameinfo (ai, tmphost, sizeof tmphost,
-                                               1, &is_numeric);
-                          if (!ec && !(ipaddr = xtrystrdup (tmphost)))
-                            ec = EAI_SYSTEM;
-                          if (ec)
-                            log_info ("getnameinfo failed: %s\n",
-                                      gai_strerror (ec));
-                        }
-
-                      if (ai->ai_family == AF_INET6)
-                        {
-                          hosttable[tmpidx]->v6 = 1;
-                          xfree (hosttable[tmpidx]->v6addr);
-                          hosttable[tmpidx]->v6addr = ipaddr;
-                        }
-                      else if (ai->ai_family == AF_INET)
-                        {
-                          hosttable[tmpidx]->v4 = 1;
-                          xfree (hosttable[tmpidx]->v4addr);
-                          hosttable[tmpidx]->v4addr = ipaddr;
-                        }
-                      else
-                        BUG ();
-
-                      for (i=0; i < refidx; i++)
-                        if (reftbl[i] == tmpidx)
-                          break;
-                      if (!(i < refidx) && tmpidx != idx)
-                        reftbl[refidx++] = tmpidx;
-                    }
-                }
-            }
-          freeaddrinfo (aibuf);
-        }
-      reftbl[refidx] = -1;
-      if (refidx && is_pool)
-        {
-          assert (!hi->pool);
-          hi->pool = xtryrealloc (reftbl, (refidx+1) * sizeof *reftbl);
-          if (!hi->pool)
-            {
-              err = gpg_error_from_syserror ();
-              log_error ("shrinking index table in map_host failed: %s\n",
-                         gpg_strerror (err));
-              xfree (reftbl);
-              return err;
-            }
-          qsort (reftbl, refidx, sizeof *reftbl, sort_hostpool);
-        }
-      else
-        xfree (reftbl);
-    }
-
-  hi = hosttable[idx];
-  if (hi->pool)
-    {
-      /* Deal with the pool name before selecting a host. */
-      if (r_poolname && hi->cname)
-        {
-          *r_poolname = xtrystrdup (hi->cname);
-          if (!*r_poolname)
-            return gpg_error_from_syserror ();
-        }
-
-      /* If the currently selected host is now marked dead, force a
-         re-selection .  */
-      if (force_reselect)
-        hi->poolidx = -1;
-      else if (hi->poolidx >= 0 && hi->poolidx < hosttable_size
-               && hosttable[hi->poolidx] && hosttable[hi->poolidx]->dead)
-        hi->poolidx = -1;
-
-      /* Select a host if needed.  */
-      if (hi->poolidx == -1)
-        {
-          hi->poolidx = select_random_host (hi->pool);
-          if (hi->poolidx == -1)
-            {
-              log_error ("no alive host found in pool '%s'\n", name);
-              if (r_poolname)
-                {
-                  xfree (*r_poolname);
-                  *r_poolname = NULL;
-                }
-              return gpg_error (GPG_ERR_NO_KEYSERVER);
-            }
-        }
-
-      assert (hi->poolidx >= 0 && hi->poolidx < hosttable_size);
-      hi = hosttable[hi->poolidx];
-      assert (hi);
-    }
-
-  if (hi->dead)
-    {
-      log_error ("host '%s' marked as dead\n", hi->name);
-      if (r_poolname)
-        {
-          xfree (*r_poolname);
-          *r_poolname = NULL;
-        }
-      return gpg_error (GPG_ERR_NO_KEYSERVER);
-    }
-
-  if (r_httpflags)
-    {
-      /* If the hosttable does not indicate that a certain host
-         supports IPv, we explicit set the corresponding http
-         flags.  The reason for this is that a host might be listed in
-         a pool as not v6 only but actually support v6 when later
-         the name is resolved by our http layer.  */
-      if (!hi->v4)
-        *r_httpflags |= HTTP_FLAG_IGNORE_IPv4;
-      if (!hi->v6)
-        *r_httpflags |= HTTP_FLAG_IGNORE_IPv6;
-    }
-
-  *r_host = xtrystrdup (hi->name);
-  if (!*r_host)
-    {
-      err = gpg_error_from_syserror ();
-      if (r_poolname)
-        {
-          xfree (*r_poolname);
-          *r_poolname = NULL;
-        }
-      return err;
-    }
-  return 0;
-}
-
-
-/* Mark the host NAME as dead.  NAME may be given as an URL.  Returns
-   true if a host was really marked as dead or was already marked dead
-   (e.g. by a concurrent session).  */
-static int
-mark_host_dead (const char *name)
-{
-  const char *host;
-  char *host_buffer = NULL;
-  parsed_uri_t parsed_uri = NULL;
-  int done = 0;
-
-  if (name && *name && !http_parse_uri (&parsed_uri, name, 1))
-    {
-      if (parsed_uri->v6lit)
-        {
-          host_buffer = strconcat ("[", parsed_uri->host, "]", NULL);
-          if (!host_buffer)
-            log_error ("out of core in mark_host_dead");
-          host = host_buffer;
-        }
-      else
-        host = parsed_uri->host;
-    }
-  else
-    host = name;
-
-  if (host && *host && strcmp (host, "localhost"))
-    {
-      hostinfo_t hi;
-      int idx;
-
-      idx = find_hostinfo (host);
-      if (idx != -1)
-        {
-          hi = hosttable[idx];
-          log_info ("marking host '%s' as dead%s\n",
-                    hi->name, hi->dead? " (again)":"");
-          hi->dead = 1;
-          hi->died_at = gnupg_get_time ();
-          if (!hi->died_at)
-            hi->died_at = 1;
-          done = 1;
-        }
-    }
-
-  http_release_parsed_uri (parsed_uri);
-  xfree (host_buffer);
-  return done;
-}
-
-
-/* Mark a host in the hosttable as dead or - if ALIVE is true - as
-   alive.  */
-gpg_error_t
-ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive)
-{
-  gpg_error_t err = 0;
-  hostinfo_t hi, hi2;
-  int idx, idx2, idx3, n;
-
-  if (!name || !*name || !strcmp (name, "localhost"))
-    return 0;
-
-  idx = find_hostinfo (name);
-  if (idx == -1)
-    return gpg_error (GPG_ERR_NOT_FOUND);
-
-  hi = hosttable[idx];
-  if (alive && hi->dead)
-    {
-      hi->dead = 0;
-      err = ks_printf_help (ctrl, "marking '%s' as alive", name);
-    }
-  else if (!alive && !hi->dead)
-    {
-      hi->dead = 1;
-      hi->died_at = 0; /* Manually set dead.  */
-      err = ks_printf_help (ctrl, "marking '%s' as dead", name);
-    }
-
-  /* If the host is a pool mark all member hosts. */
-  if (!err && hi->pool)
-    {
-      for (idx2=0; !err && (n=hi->pool[idx2]) != -1; idx2++)
-        {
-          assert (n >= 0 && n < hosttable_size);
-
-          if (!alive)
-            {
-              /* Do not mark a host from a pool dead if it is also a
-                 member in another pool.  */
-              for (idx3=0; idx3 < hosttable_size; idx3++)
-                {
-                  if (hosttable[idx3]
-                      && hosttable[idx3]->pool
-                      && idx3 != idx
-                      && host_in_pool_p (hosttable[idx3]->pool, n))
-                    break;
-                }
-              if (idx3 < hosttable_size)
-                continue;  /* Host is also a member of another pool.  */
-            }
-
-          hi2 = hosttable[n];
-          if (!hi2)
-            ;
-          else if (alive && hi2->dead)
-            {
-              hi2->dead = 0;
-              err = ks_printf_help (ctrl, "marking '%s' as alive",
-                                    hi2->name);
-            }
-          else if (!alive && !hi2->dead)
-            {
-              hi2->dead = 1;
-              hi2->died_at = 0; /* Manually set dead. */
-              err = ks_printf_help (ctrl, "marking '%s' as dead",
-                                    hi2->name);
-            }
-        }
-    }
-
-  return err;
-}
-
-
-/* Debug function to print the entire hosttable.  */
-gpg_error_t
-ks_hkp_print_hosttable (ctrl_t ctrl)
-{
-  gpg_error_t err;
-  int idx, idx2;
-  hostinfo_t hi;
-  membuf_t mb;
-  time_t curtime;
-  char *p, *died;
-  const char *diedstr;
-
-  err = ks_print_help (ctrl, "hosttable (idx, ipv6, ipv4, dead, name, time):");
-  if (err)
-    return err;
-
-  curtime = gnupg_get_time ();
-  for (idx=0; idx < hosttable_size; idx++)
-    if ((hi=hosttable[idx]))
-      {
-        if (hi->dead && hi->died_at)
-          {
-            died = elapsed_time_string (hi->died_at, curtime);
-            diedstr = died? died : "error";
-          }
-        else
-          diedstr = died = NULL;
-        err = ks_printf_help (ctrl, "%3d %s %s %s %s%s%s%s%s%s%s%s\n",
-                              idx, hi->v6? "6":" ", hi->v4? "4":" ",
-                              hi->dead? "d":" ",
-                              hi->name,
-                              hi->v6addr? " v6=":"",
-                              hi->v6addr? hi->v6addr:"",
-                              hi->v4addr? " v4=":"",
-                              hi->v4addr? hi->v4addr:"",
-                              diedstr? "  (":"",
-                              diedstr? diedstr:"",
-                              diedstr? ")":""   );
-        xfree (died);
-        if (err)
-          return err;
-
-        if (hi->cname)
-          err = ks_printf_help (ctrl, "  .       %s", hi->cname);
-        if (err)
-          return err;
-
-        if (hi->pool)
-          {
-            init_membuf (&mb, 256);
-            put_membuf_printf (&mb, "  .   -->");
-            for (idx2=0; hi->pool[idx2] != -1; idx2++)
-              {
-                put_membuf_printf (&mb, " %d", hi->pool[idx2]);
-                if (hi->poolidx == hi->pool[idx2])
-                  put_membuf_printf (&mb, "*");
-              }
-            put_membuf( &mb, "", 1);
-            p = get_membuf (&mb, NULL);
-            if (!p)
-              return gpg_error_from_syserror ();
-            err = ks_print_help (ctrl, p);
-            xfree (p);
-            if (err)
-              return err;
-          }
-      }
-  return 0;
-}
-
-
-
-/* Print a help output for the schemata supported by this module. */
-gpg_error_t
-ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri)
-{
-  const char const data[] =
-    "Handler for HKP URLs:\n"
-    "  hkp://\n"
-#if  HTTP_USE_GNUTLS || HTTP_USE_NTBTLS
-    "  hkps://\n"
-#endif
-    "Supported methods: search, get, put\n";
-  gpg_error_t err;
-
-#if  HTTP_USE_GNUTLS || HTTP_USE_NTBTLS
-  const char data2[] = "  hkp\n  hkps";
-#else
-  const char data2[] = "  hkp";
-#endif
-
-  if (!uri)
-    err = ks_print_help (ctrl, data2);
-  else if (uri->is_http && (!strcmp (uri->scheme, "hkp")
-                            || !strcmp (uri->scheme, "hkps")))
-    err = ks_print_help (ctrl, data);
-  else
-    err = 0;
-
-  return err;
-}
-
-
-/* Build the remote part of the URL from SCHEME, HOST and an optional
-   PORT.  Returns an allocated string at R_HOSTPORT or NULL on failure
-   If R_POOLNAME is not NULL it receives a malloced string with the
-   poolname.  */
-static gpg_error_t
-make_host_part (ctrl_t ctrl,
-                const char *scheme, const char *host, unsigned short port,
-                int force_reselect,
-                char **r_hostport, unsigned int *r_httpflags, char **r_poolname)
-{
-  gpg_error_t err;
-  char portstr[10];
-  char *hostname;
-
-  *r_hostport = NULL;
-
-  /* Map scheme and port.  */
-  if (!strcmp (scheme, "hkps") || !strcmp (scheme,"https"))
-    {
-      scheme = "https";
-      strcpy (portstr, "443");
-    }
-  else /* HKP or HTTP.  */
-    {
-      scheme = "http";
-      strcpy (portstr, "11371");
-    }
-  if (port)
-    snprintf (portstr, sizeof portstr, "%hu", port);
-  else
-    {
-      /*fixme_do_srv_lookup ()*/
-    }
-
-  err = map_host (ctrl, host, force_reselect,
-                  &hostname, r_httpflags, r_poolname);
-  if (err)
-    return err;
-
-  *r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL);
-  xfree (hostname);
-  if (!*r_hostport)
-    {
-      if (r_poolname)
-        {
-          xfree (*r_poolname);
-          *r_poolname = NULL;
-        }
-      return gpg_error_from_syserror ();
-    }
-  return 0;
-}
-
-
-/* Resolve all known keyserver names and update the hosttable.  This
-   is mainly useful for debugging because the resolving is anyway done
-   on demand.  */
-gpg_error_t
-ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri)
-{
-  gpg_error_t err;
-  char *hostport = NULL;
-
-  err = make_host_part (ctrl, uri->scheme, uri->host, uri->port, 1,
-                        &hostport, NULL, NULL);
-  if (err)
-    {
-      err = ks_printf_help (ctrl, "%s://%s:%hu: resolve failed: %s",
-                            uri->scheme, uri->host, uri->port,
-                            gpg_strerror (err));
-    }
-  else
-    {
-      err = ks_printf_help (ctrl, "%s", hostport);
-      xfree (hostport);
-    }
-  return err;
-}
-
-
-/* Housekeeping function called from the housekeeping thread.  It is
-   used to mark dead hosts alive so that they may be tried again after
-   some time.  */
-void
-ks_hkp_housekeeping (time_t curtime)
-{
-  int idx;
-  hostinfo_t hi;
-
-  for (idx=0; idx < hosttable_size; idx++)
-    {
-      hi = hosttable[idx];
-      if (!hi)
-        continue;
-      if (!hi->dead)
-        continue;
-      if (!hi->died_at)
-        continue; /* Do not resurrect manually shot hosts.  */
-      if (hi->died_at + RESURRECT_INTERVAL <= curtime
-          || hi->died_at > curtime)
-        {
-          hi->dead = 0;
-          log_info ("resurrected host '%s'", hi->name);
-        }
-    }
-}
-
-
-/* Send an HTTP request.  On success returns an estream object at
-   R_FP.  HOSTPORTSTR is only used for diagnostics.  If HTTPHOST is
-   not NULL it will be used as HTTP "Host" header.  If POST_CB is not
-   NULL a post request is used and that callback is called to allow
-   writing the post data.  */
-static gpg_error_t
-send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
-              const char *httphost, unsigned int httpflags,
-              gpg_error_t (*post_cb)(void *, http_t), void *post_cb_value,
-              estream_t *r_fp)
-{
-  gpg_error_t err;
-  http_session_t session = NULL;
-  http_t http = NULL;
-  int redirects_left = MAX_REDIRECTS;
-  estream_t fp = NULL;
-  char *request_buffer = NULL;
-
-  *r_fp = NULL;
-
-  err = http_session_new (&session, NULL);
-  if (err)
-    goto leave;
-  http_session_set_log_cb (session, cert_log_cb);
-
- once_more:
-  err = http_open (&http,
-                   post_cb? HTTP_REQ_POST : HTTP_REQ_GET,
-                   request,
-                   httphost,
-                   /* fixme: AUTH */ NULL,
-                   (httpflags | (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)),
-                   ctrl->http_proxy,
-                   session,
-                   NULL,
-                   /*FIXME curl->srvtag*/NULL);
-  if (!err)
-    {
-      fp = http_get_write_ptr (http);
-      /* Avoid caches to get the most recent copy of the key.  We set
-         both the Pragma and Cache-Control versions of the header, so
-         we're good with both HTTP 1.0 and 1.1.  */
-      es_fputs ("Pragma: no-cache\r\n"
-                "Cache-Control: no-cache\r\n", fp);
-      if (post_cb)
-        err = post_cb (post_cb_value, http);
-      if (!err)
-        {
-          http_start_data (http);
-          if (es_ferror (fp))
-            err = gpg_error_from_syserror ();
-        }
-    }
-  if (err)
-    {
-      /* Fixme: After a redirection we show the old host name.  */
-      log_error (_("error connecting to '%s': %s\n"),
-                 hostportstr, gpg_strerror (err));
-      goto leave;
-    }
-
-  /* Wait for the response.  */
-  dirmngr_tick (ctrl);
-  err = http_wait_response (http);
-  if (err)
-    {
-      log_error (_("error reading HTTP response for '%s': %s\n"),
-                 hostportstr, gpg_strerror (err));
-      goto leave;
-    }
-
-  if (http_get_tls_info (http, NULL))
-    {
-      /* Update the httpflags so that a redirect won't fallback to an
-         unencrypted connection.  */
-      httpflags |= HTTP_FLAG_FORCE_TLS;
-    }
-
-  switch (http_get_status_code (http))
-    {
-    case 200:
-      err = 0;
-      break; /* Success.  */
-
-    case 301:
-    case 302:
-    case 307:
-      {
-        const char *s = http_get_header (http, "Location");
-
-        log_info (_("URL '%s' redirected to '%s' (%u)\n"),
-                  request, s?s:"[none]", http_get_status_code (http));
-        if (s && *s && redirects_left-- )
-          {
-            xfree (request_buffer);
-            request_buffer = xtrystrdup (s);
-            if (request_buffer)
-              {
-                request = request_buffer;
-                http_close (http, 0);
-                http = NULL;
-                goto once_more;
-              }
-            err = gpg_error_from_syserror ();
-          }
-        else
-          err = gpg_error (GPG_ERR_NO_DATA);
-        log_error (_("too many redirections\n"));
-      }
-      goto leave;
-
-    default:
-      log_error (_("error accessing '%s': http status %u\n"),
-                 request, http_get_status_code (http));
-      err = gpg_error (GPG_ERR_NO_DATA);
-      goto leave;
-    }
-
-  /* FIXME: We should register a permanent redirection and whether a
-     host has ever used TLS so that future calls will always use
-     TLS. */
-
-  fp = http_get_read_ptr (http);
-  if (!fp)
-    {
-      err = gpg_error (GPG_ERR_BUG);
-      goto leave;
-    }
-
-  /* Return the read stream and close the HTTP context.  */
-  *r_fp = fp;
-  http_close (http, 1);
-  http = NULL;
-
- leave:
-  http_close (http, 0);
-  http_session_release (session);
-  xfree (request_buffer);
-  return err;
-}
-
-
-/* Helper to evaluate the error code ERR form a send_request() call
-   with REQUEST.  The function returns true if the caller shall try
-   again.  TRIES_LEFT points to a variable to track the number of
-   retries; this function decrements it and won't return true if it is
-   down to zero. */
-static int
-handle_send_request_error (gpg_error_t err, const char *request,
-                           unsigned int *tries_left)
-{
-  int retry = 0;
-
-  switch (gpg_err_code (err))
-    {
-    case GPG_ERR_ECONNREFUSED:
-    case GPG_ERR_ENETUNREACH:
-    case GPG_ERR_UNKNOWN_HOST:
-    case GPG_ERR_NETWORK:
-      if (mark_host_dead (request) && *tries_left)
-        retry = 1;
-      break;
-
-    case GPG_ERR_ETIMEDOUT:
-      if (*tries_left)
-        {
-          log_info ("selecting a different host due to a timeout\n");
-          retry = 1;
-        }
-
-    default:
-      break;
-    }
-
-  if (*tries_left)
-    --*tries_left;
-
-  return retry;
-}
-
-
-/* Search the keyserver identified by URI for keys matching PATTERN.
-   On success R_FP has an open stream to read the data.  */
-gpg_error_t
-ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
-               estream_t *r_fp)
-{
-  gpg_error_t err;
-  KEYDB_SEARCH_DESC desc;
-  char fprbuf[2+40+1];
-  char *hostport = NULL;
-  char *request = NULL;
-  estream_t fp = NULL;
-  int reselect;
-  unsigned int httpflags;
-  char *httphost = NULL;
-  unsigned int tries = SEND_REQUEST_RETRIES;
-
-  *r_fp = NULL;
-
-  /* Remove search type indicator and adjust PATTERN accordingly.
-     Note that HKP keyservers like the 0x to be present when searching
-     by keyid.  We need to re-format the fingerprint and keyids so to
-     remove the gpg specific force-use-of-this-key flag ("!").  */
-  err = classify_user_id (pattern, &desc, 1);
-  if (err)
-    return err;
-  switch (desc.mode)
-    {
-    case KEYDB_SEARCH_MODE_EXACT:
-    case KEYDB_SEARCH_MODE_SUBSTR:
-    case KEYDB_SEARCH_MODE_MAIL:
-    case KEYDB_SEARCH_MODE_MAILSUB:
-      pattern = desc.u.name;
-      break;
-    case KEYDB_SEARCH_MODE_SHORT_KID:
-      snprintf (fprbuf, sizeof fprbuf, "0x%08lX", (ulong)desc.u.kid[1]);
-      pattern = fprbuf;
-      break;
-    case KEYDB_SEARCH_MODE_LONG_KID:
-      snprintf (fprbuf, sizeof fprbuf, "0x%08lX%08lX",
-                (ulong)desc.u.kid[0], (ulong)desc.u.kid[1]);
-      pattern = fprbuf;
-      break;
-    case KEYDB_SEARCH_MODE_FPR16:
-      bin2hex (desc.u.fpr, 16, fprbuf);
-      pattern = fprbuf;
-      break;
-    case KEYDB_SEARCH_MODE_FPR20:
-    case KEYDB_SEARCH_MODE_FPR:
-      bin2hex (desc.u.fpr, 20, fprbuf);
-      pattern = fprbuf;
-      break;
-    default:
-      return gpg_error (GPG_ERR_INV_USER_ID);
-    }
-
-  /* Build the request string.  */
-  reselect = 0;
- again:
-  {
-    char *searchkey;
-
-    xfree (hostport); hostport = NULL;
-    xfree (httphost); httphost = NULL;
-    err = make_host_part (ctrl, uri->scheme, uri->host, uri->port, reselect,
-                          &hostport, &httpflags, &httphost);
-    if (err)
-      goto leave;
-
-    searchkey = http_escape_string (pattern, EXTRA_ESCAPE_CHARS);
-    if (!searchkey)
-      {
-        err = gpg_error_from_syserror ();
-        goto leave;
-      }
-
-    xfree (request);
-    request = strconcat (hostport,
-                         "/pks/lookup?op=index&options=mr&search=",
-                         searchkey,
-                         NULL);
-    xfree (searchkey);
-    if (!request)
-      {
-        err = gpg_error_from_syserror ();
-        goto leave;
-      }
-  }
-
-  /* Send the request.  */
-  err = send_request (ctrl, request, hostport, httphost, httpflags,
-                      NULL, NULL, &fp);
-  if (handle_send_request_error (err, request, &tries))
-    {
-      reselect = 1;
-      goto again;
-    }
-  if (err)
-    goto leave;
-
-  err = dirmngr_status (ctrl, "SOURCE", hostport, NULL);
-  if (err)
-    goto leave;
-
-  /* Peek at the response.  */
-  {
-    int c = es_getc (fp);
-    if (c == -1)
-      {
-        err = es_ferror (fp)?gpg_error_from_syserror ():gpg_error (GPG_ERR_EOF);
-        log_error ("error reading response: %s\n", gpg_strerror (err));
-        goto leave;
-      }
-    if (c == '<')
-      {
-        /* The document begins with a '<': Assume a HTML response,
-           which we don't support.  */
-        err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING);
-        goto leave;
-      }
-    es_ungetc (c, fp);
-  }
-
-  /* Return the read stream.  */
-  *r_fp = fp;
-  fp = NULL;
-
- leave:
-  es_fclose (fp);
-  xfree (request);
-  xfree (hostport);
-  xfree (httphost);
-  return err;
-}
-
-
-/* Get the key described key the KEYSPEC string from the keyserver
-   identified by URI.  On success R_FP has an open stream to read the
-   data.  The data will be provided in a format GnuPG can import
-   (either a binary OpenPGP message or an armored one).  */
-gpg_error_t
-ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
-{
-  gpg_error_t err;
-  KEYDB_SEARCH_DESC desc;
-  char kidbuf[2+40+1];
-  const char *exactname = NULL;
-  char *searchkey = NULL;
-  char *hostport = NULL;
-  char *request = NULL;
-  estream_t fp = NULL;
-  int reselect;
-  char *httphost = NULL;
-  unsigned int httpflags;
-  unsigned int tries = SEND_REQUEST_RETRIES;
-
-  *r_fp = NULL;
-
-  /* Remove search type indicator and adjust PATTERN accordingly.
-     Note that HKP keyservers like the 0x to be present when searching
-     by keyid.  We need to re-format the fingerprint and keyids so to
-     remove the gpg specific force-use-of-this-key flag ("!").  */
-  err = classify_user_id (keyspec, &desc, 1);
-  if (err)
-    return err;
-  switch (desc.mode)
-    {
-    case KEYDB_SEARCH_MODE_SHORT_KID:
-      snprintf (kidbuf, sizeof kidbuf, "0x%08lX", (ulong)desc.u.kid[1]);
-      break;
-    case KEYDB_SEARCH_MODE_LONG_KID:
-      snprintf (kidbuf, sizeof kidbuf, "0x%08lX%08lX",
-		(ulong)desc.u.kid[0], (ulong)desc.u.kid[1]);
-      break;
-    case KEYDB_SEARCH_MODE_FPR20:
-    case KEYDB_SEARCH_MODE_FPR:
-      /* This is a v4 fingerprint. */
-      kidbuf[0] = '0';
-      kidbuf[1] = 'x';
-      bin2hex (desc.u.fpr, 20, kidbuf+2);
-      break;
-
-    case KEYDB_SEARCH_MODE_EXACT:
-      exactname = desc.u.name;
-      break;
-
-    case KEYDB_SEARCH_MODE_FPR16:
-      log_error ("HKP keyservers do not support v3 fingerprints\n");
-    default:
-      return gpg_error (GPG_ERR_INV_USER_ID);
-    }
-
-  searchkey = http_escape_string (exactname? exactname : kidbuf,
-                                  EXTRA_ESCAPE_CHARS);
-  if (!searchkey)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-
-  reselect = 0;
- again:
-  /* Build the request string.  */
-  xfree (hostport); hostport = NULL;
-  xfree (httphost); httphost = NULL;
-  err = make_host_part (ctrl, uri->scheme, uri->host, uri->port, reselect,
-                        &hostport, &httpflags, &httphost);
-  if (err)
-    goto leave;
-
-  xfree (request);
-  request = strconcat (hostport,
-                       "/pks/lookup?op=get&options=mr&search=",
-                       searchkey,
-                       exactname? "&exact=on":"",
-                       NULL);
-  if (!request)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-
-  /* Send the request.  */
-  err = send_request (ctrl, request, hostport, httphost, httpflags,
-                      NULL, NULL, &fp);
-  if (handle_send_request_error (err, request, &tries))
-    {
-      reselect = 1;
-      goto again;
-    }
-  if (err)
-    goto leave;
-
-  err = dirmngr_status (ctrl, "SOURCE", hostport, NULL);
-  if (err)
-    goto leave;
-
-  /* Return the read stream and close the HTTP context.  */
-  *r_fp = fp;
-  fp = NULL;
-
- leave:
-  es_fclose (fp);
-  xfree (request);
-  xfree (hostport);
-  xfree (httphost);
-  xfree (searchkey);
-  return err;
-}
-
-
-
-
-/* Callback parameters for put_post_cb.  */
-struct put_post_parm_s
-{
-  char *datastring;
-};
-
-
-/* Helper for ks_hkp_put.  */
-static gpg_error_t
-put_post_cb (void *opaque, http_t http)
-{
-  struct put_post_parm_s *parm = opaque;
-  gpg_error_t err = 0;
-  estream_t fp;
-  size_t len;
-
-  fp = http_get_write_ptr (http);
-  len = strlen (parm->datastring);
-
-  es_fprintf (fp,
-              "Content-Type: application/x-www-form-urlencoded\r\n"
-              "Content-Length: %zu\r\n", len+8 /* 8 is for "keytext" */);
-  http_start_data (http);
-  if (es_fputs ("keytext=", fp) || es_write (fp, parm->datastring, len, NULL))
-    err = gpg_error_from_syserror ();
-  return err;
-}
-
-
-/* Send the key in {DATA,DATALEN} to the keyserver identified by URI.  */
-gpg_error_t
-ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen)
-{
-  gpg_error_t err;
-  char *hostport = NULL;
-  char *request = NULL;
-  estream_t fp = NULL;
-  struct put_post_parm_s parm;
-  char *armored = NULL;
-  int reselect;
-  char *httphost = NULL;
-  unsigned int httpflags;
-  unsigned int tries = SEND_REQUEST_RETRIES;
-
-  parm.datastring = NULL;
-
-  err = armor_data (&armored, data, datalen);
-  if (err)
-    goto leave;
-
-  parm.datastring = http_escape_string (armored, EXTRA_ESCAPE_CHARS);
-  if (!parm.datastring)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-  xfree (armored);
-  armored = NULL;
-
-  /* Build the request string.  */
-  reselect = 0;
- again:
-  xfree (hostport); hostport = NULL;
-  xfree (httphost); httphost = NULL;
-  err = make_host_part (ctrl, uri->scheme, uri->host, uri->port, reselect,
-                        &hostport, &httpflags, &httphost);
-  if (err)
-    goto leave;
-
-  xfree (request);
-  request = strconcat (hostport, "/pks/add", NULL);
-  if (!request)
-    {
-      err = gpg_error_from_syserror ();
-      goto leave;
-    }
-
-  /* Send the request.  */
-  err = send_request (ctrl, request, hostport, httphost, 0,
-                      put_post_cb, &parm, &fp);
-  if (handle_send_request_error (err, request, &tries))
-    {
-      reselect = 1;
-      goto again;
-    }
-  if (err)
-    goto leave;
-
- leave:
-  es_fclose (fp);
-  xfree (parm.datastring);
-  xfree (armored);
-  xfree (request);
-  xfree (hostport);
-  xfree (httphost);
-  return err;
-}
diff -Nru gnupg2-2.1.6/dirmngr/ks-engine-http.c gnupg2-2.0.28/dirmngr/ks-engine-http.c
--- gnupg2-2.1.6/dirmngr/ks-engine-http.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ks-engine-http.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,172 +0,0 @@
-/* ks-engine-http.c - HTTP OpenPGP key access
- * Copyright (C) 2011 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "misc.h"
-#include "ks-engine.h"
-
-/* How many redirections do we allow.  */
-#define MAX_REDIRECTS 2
-
-/* Print a help output for the schemata supported by this module. */
-gpg_error_t
-ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
-{
-  const char const data[] =
-    "Handler for HTTP URLs:\n"
-    "  http://\n"
-    "  https://\n"
-    "Supported methods: fetch\n";
-  gpg_error_t err;
-
-  if (!uri)
-    err = ks_print_help (ctrl, "  http");
-  else if (uri->is_http && strcmp (uri->scheme, "hkp"))
-    err = ks_print_help (ctrl, data);
-  else
-    err = 0;
-
-  return err;
-}
-
-
-/* Get the key from URL which is expected to specify a http style
-   scheme.  On success R_FP has an open stream to read the data.  */
-gpg_error_t
-ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
-{
-  gpg_error_t err;
-  http_session_t session = NULL;
-  http_t http = NULL;
-  int redirects_left = MAX_REDIRECTS;
-  estream_t fp = NULL;
-  char *request_buffer = NULL;
-
-  err = http_session_new (&session, NULL);
-  if (err)
-    goto leave;
-  http_session_set_log_cb (session, cert_log_cb);
-
-  *r_fp = NULL;
- once_more:
-  err = http_open (&http,
-                   HTTP_REQ_GET,
-                   url,
-                   /* httphost */ NULL,
-                   /* fixme: AUTH */ NULL,
-                   (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
-                   ctrl->http_proxy,
-                   session,
-                   NULL,
-                   /*FIXME curl->srvtag*/NULL);
-  if (!err)
-    {
-      fp = http_get_write_ptr (http);
-      /* Avoid caches to get the most recent copy of the key.  We set
-         both the Pragma and Cache-Control versions of the header, so
-         we're good with both HTTP 1.0 and 1.1.  */
-      es_fputs ("Pragma: no-cache\r\n"
-                "Cache-Control: no-cache\r\n", fp);
-      http_start_data (http);
-      if (es_ferror (fp))
-        err = gpg_error_from_syserror ();
-    }
-  if (err)
-    {
-      /* Fixme: After a redirection we show the old host name.  */
-      log_error (_("error connecting to '%s': %s\n"),
-                 url, gpg_strerror (err));
-      goto leave;
-    }
-
-  /* Wait for the response.  */
-  dirmngr_tick (ctrl);
-  err = http_wait_response (http);
-  if (err)
-    {
-      log_error (_("error reading HTTP response for '%s': %s\n"),
-                 url, gpg_strerror (err));
-      goto leave;
-    }
-
-  switch (http_get_status_code (http))
-    {
-    case 200:
-      err = 0;
-      break; /* Success.  */
-
-    case 301:
-    case 302:
-    case 307:
-      {
-        const char *s = http_get_header (http, "Location");
-
-        log_info (_("URL '%s' redirected to '%s' (%u)\n"),
-                  url, s?s:"[none]", http_get_status_code (http));
-        if (s && *s && redirects_left-- )
-          {
-            xfree (request_buffer);
-            request_buffer = xtrystrdup (s);
-            if (request_buffer)
-              {
-                url = request_buffer;
-                http_close (http, 0);
-                http = NULL;
-                goto once_more;
-              }
-            err = gpg_error_from_syserror ();
-          }
-        else
-          err = gpg_error (GPG_ERR_NO_DATA);
-        log_error (_("too many redirections\n"));
-      }
-      goto leave;
-
-    default:
-      log_error (_("error accessing '%s': http status %u\n"),
-                 url, http_get_status_code (http));
-      err = gpg_error (GPG_ERR_NO_DATA);
-      goto leave;
-    }
-
-  fp = http_get_read_ptr (http);
-  if (!fp)
-    {
-      err = gpg_error (GPG_ERR_BUG);
-      goto leave;
-    }
-
-  /* Return the read stream and close the HTTP context.  */
-  *r_fp = fp;
-  http_close (http, 1);
-  http = NULL;
-
- leave:
-  http_close (http, 0);
-  http_session_release (session);
-  xfree (request_buffer);
-  return err;
-}
diff -Nru gnupg2-2.1.6/dirmngr/ks-engine-kdns.c gnupg2-2.0.28/dirmngr/ks-engine-kdns.c
--- gnupg2-2.1.6/dirmngr/ks-engine-kdns.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ks-engine-kdns.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,79 +0,0 @@
-/* ks-engine-kdns.c - KDNS OpenPGP key access
- * Copyright (C) 2011 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "misc.h"
-#include "userids.h"
-#include "ks-engine.h"
-
-/* Print a help output for the schemata supported by this module. */
-gpg_error_t
-ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri)
-{
-  const char const data[] =
-    "This keyserver engine accepts URLs of the form:\n"
-    "  kdns://[NAMESERVER]/[ROOT][?at=STRING]\n"
-    "with\n"
-    "  NAMESERVER  used for queries (default: system standard)\n"
-    "  ROOT        a DNS name appended to the query (default: none)\n"
-    "  STRING      a string to replace the '@' (default: \".\")\n"
-    "If a long answer is expected add the parameter \"usevc=1\".\n"
-    "Supported methods: fetch\n"
-    "Example:\n"
-    "A query for \"hacker@gnupg.org\" with\n"
-    "  kdns://10.0.0.1/example.net?at=_key_&usevc=1\n"
-    "setup as --auto-key-lookup in gpg does a CERT record query\n"
-    "with type PGP on the nameserver 10.0.0.1 for\n"
-    "  hacker._key_.gnupg.org.example.net";
-  gpg_error_t err;
-
-  if (!uri)
-    err = ks_print_help (ctrl, "  kdns");
-  else if (!strcmp (uri->scheme, "kdns"))
-    err = ks_print_help (ctrl, data);
-  else
-    err = 0;
-
-  return err;
-}
-
-
-/* Get the key from URI which is expected to specify a kdns scheme.
-   On success R_FP has an open stream to read the data.  */
-gpg_error_t
-ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp)
-{
-  gpg_error_t err;
-
-  (void)ctrl;
-  *r_fp = NULL;
-
-  if (strcmp (uri->scheme, "kdns"))
-    return gpg_error (GPG_ERR_INV_ARG);
-
-  err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-  return err;
-}
diff -Nru gnupg2-2.1.6/dirmngr/ks-engine-ldap.c gnupg2-2.0.28/dirmngr/ks-engine-ldap.c
--- gnupg2-2.1.6/dirmngr/ks-engine-ldap.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ks-engine-ldap.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,2066 +0,0 @@
-/* ks-engine-ldap.c - talk to a LDAP keyserver
- * Copyright (C) 2001, 2002, 2004, 2005, 2006
- *               2007  Free Software Foundation, Inc.
- * Copyright (C) 2015  g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef HAVE_GETOPT_H
-# include 
-#endif
-#include 
-#include 
-#include 
-
-#ifdef _WIN32
-# include 
-# include 
-#else
-# ifdef NEED_LBER_H
-#  include 
-# endif
-/* For OpenLDAP, to enable the API that we're using. */
-# define LDAP_DEPRECATED 1
-# include 
-#endif
-
-#include "dirmngr.h"
-#include "misc.h"
-#include "userids.h"
-#include "ks-engine.h"
-#include "ldap-parse-uri.h"
-
-#ifndef HAVE_TIMEGM
-time_t timegm(struct tm *tm);
-#endif
-
-/* Convert an LDAP error to a GPG error.  */
-static int
-ldap_err_to_gpg_err (int code)
-{
-  gpg_err_code_t ec;
-
-  switch (code)
-    {
-#ifdef LDAP_X_CONNECTING
-    case LDAP_X_CONNECTING: ec = GPG_ERR_LDAP_X_CONNECTING; break;
-#endif
-
-    case LDAP_REFERRAL_LIMIT_EXCEEDED: ec = GPG_ERR_LDAP_REFERRAL_LIMIT; break;
-    case LDAP_CLIENT_LOOP: ec = GPG_ERR_LDAP_CLIENT_LOOP; break;
-    case LDAP_NO_RESULTS_RETURNED: ec = GPG_ERR_LDAP_NO_RESULTS; break;
-    case LDAP_CONTROL_NOT_FOUND: ec = GPG_ERR_LDAP_CONTROL_NOT_FOUND; break;
-    case LDAP_NOT_SUPPORTED: ec = GPG_ERR_LDAP_NOT_SUPPORTED; break;
-    case LDAP_CONNECT_ERROR: ec = GPG_ERR_LDAP_CONNECT; break;
-    case LDAP_NO_MEMORY: ec = GPG_ERR_LDAP_NO_MEMORY; break;
-    case LDAP_PARAM_ERROR: ec = GPG_ERR_LDAP_PARAM; break;
-    case LDAP_USER_CANCELLED: ec = GPG_ERR_LDAP_USER_CANCELLED; break;
-    case LDAP_FILTER_ERROR: ec = GPG_ERR_LDAP_FILTER; break;
-    case LDAP_AUTH_UNKNOWN: ec = GPG_ERR_LDAP_AUTH_UNKNOWN; break;
-    case LDAP_TIMEOUT: ec = GPG_ERR_LDAP_TIMEOUT; break;
-    case LDAP_DECODING_ERROR: ec = GPG_ERR_LDAP_DECODING; break;
-    case LDAP_ENCODING_ERROR: ec = GPG_ERR_LDAP_ENCODING; break;
-    case LDAP_LOCAL_ERROR: ec = GPG_ERR_LDAP_LOCAL; break;
-    case LDAP_SERVER_DOWN: ec = GPG_ERR_LDAP_SERVER_DOWN; break;
-
-    case LDAP_SUCCESS: ec = GPG_ERR_LDAP_SUCCESS; break;
-
-    case LDAP_OPERATIONS_ERROR: ec = GPG_ERR_LDAP_OPERATIONS; break;
-    case LDAP_PROTOCOL_ERROR: ec = GPG_ERR_LDAP_PROTOCOL; break;
-    case LDAP_TIMELIMIT_EXCEEDED: ec = GPG_ERR_LDAP_TIMELIMIT; break;
-    case LDAP_SIZELIMIT_EXCEEDED: ec = GPG_ERR_LDAP_SIZELIMIT; break;
-    case LDAP_COMPARE_FALSE: ec = GPG_ERR_LDAP_COMPARE_FALSE; break;
-    case LDAP_COMPARE_TRUE: ec = GPG_ERR_LDAP_COMPARE_TRUE; break;
-    case LDAP_AUTH_METHOD_NOT_SUPPORTED: ec=GPG_ERR_LDAP_UNSUPPORTED_AUTH;break;
-    case LDAP_STRONG_AUTH_REQUIRED: ec = GPG_ERR_LDAP_STRONG_AUTH_RQRD; break;
-    case LDAP_PARTIAL_RESULTS: ec = GPG_ERR_LDAP_PARTIAL_RESULTS; break;
-    case LDAP_REFERRAL: ec = GPG_ERR_LDAP_REFERRAL; break;
-
-#ifdef LDAP_ADMINLIMIT_EXCEEDED
-    case LDAP_ADMINLIMIT_EXCEEDED: ec = GPG_ERR_LDAP_ADMINLIMIT; break;
-#endif
-
-#ifdef LDAP_UNAVAILABLE_CRITICAL_EXTENSION
-    case LDAP_UNAVAILABLE_CRITICAL_EXTENSION:
-                               ec = GPG_ERR_LDAP_UNAVAIL_CRIT_EXTN; break;
-#endif
-
-    case LDAP_CONFIDENTIALITY_REQUIRED: ec = GPG_ERR_LDAP_CONFIDENT_RQRD; break;
-    case LDAP_SASL_BIND_IN_PROGRESS: ec = GPG_ERR_LDAP_SASL_BIND_INPROG; break;
-    case LDAP_NO_SUCH_ATTRIBUTE: ec = GPG_ERR_LDAP_NO_SUCH_ATTRIBUTE; break;
-    case LDAP_UNDEFINED_TYPE: ec = GPG_ERR_LDAP_UNDEFINED_TYPE; break;
-    case LDAP_INAPPROPRIATE_MATCHING: ec = GPG_ERR_LDAP_BAD_MATCHING; break;
-    case LDAP_CONSTRAINT_VIOLATION: ec = GPG_ERR_LDAP_CONST_VIOLATION; break;
-
-#ifdef LDAP_TYPE_OR_VALUE_EXISTS
-    case LDAP_TYPE_OR_VALUE_EXISTS: ec = GPG_ERR_LDAP_TYPE_VALUE_EXISTS; break;
-#endif
-
-    case LDAP_INVALID_SYNTAX: ec = GPG_ERR_LDAP_INV_SYNTAX; break;
-    case LDAP_NO_SUCH_OBJECT: ec = GPG_ERR_LDAP_NO_SUCH_OBJ; break;
-    case LDAP_ALIAS_PROBLEM: ec = GPG_ERR_LDAP_ALIAS_PROBLEM; break;
-    case LDAP_INVALID_DN_SYNTAX: ec = GPG_ERR_LDAP_INV_DN_SYNTAX; break;
-    case LDAP_IS_LEAF: ec = GPG_ERR_LDAP_IS_LEAF; break;
-    case LDAP_ALIAS_DEREF_PROBLEM: ec = GPG_ERR_LDAP_ALIAS_DEREF; break;
-
-#ifdef LDAP_X_PROXY_AUTHZ_FAILURE
-    case LDAP_X_PROXY_AUTHZ_FAILURE: ec = GPG_ERR_LDAP_X_PROXY_AUTH_FAIL; break;
-#endif
-
-    case LDAP_INAPPROPRIATE_AUTH: ec = GPG_ERR_LDAP_BAD_AUTH; break;
-    case LDAP_INVALID_CREDENTIALS: ec = GPG_ERR_LDAP_INV_CREDENTIALS; break;
-
-#ifdef LDAP_INSUFFICIENT_ACCESS
-    case LDAP_INSUFFICIENT_ACCESS: ec = GPG_ERR_LDAP_INSUFFICIENT_ACC; break;
-#endif
-
-    case LDAP_BUSY: ec = GPG_ERR_LDAP_BUSY; break;
-    case LDAP_UNAVAILABLE: ec = GPG_ERR_LDAP_UNAVAILABLE; break;
-    case LDAP_UNWILLING_TO_PERFORM: ec = GPG_ERR_LDAP_UNWILL_TO_PERFORM; break;
-    case LDAP_LOOP_DETECT: ec = GPG_ERR_LDAP_LOOP_DETECT; break;
-    case LDAP_NAMING_VIOLATION: ec = GPG_ERR_LDAP_NAMING_VIOLATION; break;
-    case LDAP_OBJECT_CLASS_VIOLATION: ec = GPG_ERR_LDAP_OBJ_CLS_VIOLATION; break;
-    case LDAP_NOT_ALLOWED_ON_NONLEAF: ec=GPG_ERR_LDAP_NOT_ALLOW_NONLEAF;break;
-    case LDAP_NOT_ALLOWED_ON_RDN: ec = GPG_ERR_LDAP_NOT_ALLOW_ON_RDN; break;
-    case LDAP_ALREADY_EXISTS: ec = GPG_ERR_LDAP_ALREADY_EXISTS; break;
-    case LDAP_NO_OBJECT_CLASS_MODS: ec = GPG_ERR_LDAP_NO_OBJ_CLASS_MODS; break;
-    case LDAP_RESULTS_TOO_LARGE: ec = GPG_ERR_LDAP_RESULTS_TOO_LARGE; break;
-    case LDAP_AFFECTS_MULTIPLE_DSAS: ec = GPG_ERR_LDAP_AFFECTS_MULT_DSAS; break;
-
-#ifdef LDAP_VLV_ERROR
-    case LDAP_VLV_ERROR: ec = GPG_ERR_LDAP_VLV; break;
-#endif
-
-    case LDAP_OTHER: ec = GPG_ERR_LDAP_OTHER; break;
-
-#ifdef LDAP_CUP_RESOURCES_EXHAUSTED
-    case LDAP_CUP_RESOURCES_EXHAUSTED: ec=GPG_ERR_LDAP_CUP_RESOURCE_LIMIT;break;
-    case LDAP_CUP_SECURITY_VIOLATION: ec=GPG_ERR_LDAP_CUP_SEC_VIOLATION; break;
-    case LDAP_CUP_INVALID_DATA: ec = GPG_ERR_LDAP_CUP_INV_DATA; break;
-    case LDAP_CUP_UNSUPPORTED_SCHEME: ec = GPG_ERR_LDAP_CUP_UNSUP_SCHEME; break;
-    case LDAP_CUP_RELOAD_REQUIRED: ec = GPG_ERR_LDAP_CUP_RELOAD; break;
-#endif
-
-#ifdef LDAP_CANCELLED
-    case LDAP_CANCELLED: ec = GPG_ERR_LDAP_CANCELLED; break;
-#endif
-
-#ifdef LDAP_NO_SUCH_OPERATION
-    case LDAP_NO_SUCH_OPERATION: ec = GPG_ERR_LDAP_NO_SUCH_OPERATION; break;
-#endif
-
-#ifdef LDAP_TOO_LATE
-    case LDAP_TOO_LATE: ec = GPG_ERR_LDAP_TOO_LATE; break;
-#endif
-
-#ifdef LDAP_CANNOT_CANCEL
-    case LDAP_CANNOT_CANCEL: ec = GPG_ERR_LDAP_CANNOT_CANCEL; break;
-#endif
-
-#ifdef LDAP_ASSERTION_FAILED
-    case LDAP_ASSERTION_FAILED: ec = GPG_ERR_LDAP_ASSERTION_FAILED; break;
-#endif
-
-#ifdef LDAP_PROXIED_AUTHORIZATION_DENIED
-    case LDAP_PROXIED_AUTHORIZATION_DENIED:
-                                      ec = GPG_ERR_LDAP_PROX_AUTH_DENIED; break;
-#endif
-
-    default:
-#if defined(LDAP_E_ERROR) && defined(LDAP_X_ERROR)
-      if (LDAP_E_ERROR (code))
-        ec = GPG_ERR_LDAP_E_GENERAL;
-      else if (LDAP_X_ERROR (code))
-        ec = GPG_ERR_LDAP_X_GENERAL;
-      else
-#endif
-        ec = GPG_ERR_LDAP_GENERAL;
-      break;
-    }
-
-  return ec;
-}
-
-/* Retrieve an LDAP error and return it's GPG equivalent.  */
-static int
-ldap_to_gpg_err (LDAP *ld)
-{
-#if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER)
-  int err;
-
-  if (ldap_get_option (ld, LDAP_OPT_ERROR_NUMBER, &err) == 0)
-    return ldap_err_to_gpg_err (err);
-  else
-    return GPG_ERR_GENERAL;
-#elif defined(HAVE_LDAP_LD_ERRNO)
-  return ldap_err_to_gpg_err (ld->ld_errno);
-#else
-  /* We should never get here since the LDAP library should always
-     have either ldap_get_option or ld_errno, but just in case... */
-  return GPG_ERR_INTERNAL;
-#endif
-}
-
-static time_t
-ldap2epochtime (const char *timestr)
-{
-  struct tm pgptime;
-  time_t answer;
-
-  memset (&pgptime, 0, sizeof(pgptime));
-
-  /* YYYYMMDDHHmmssZ */
-
-  sscanf (timestr, "%4d%2d%2d%2d%2d%2d",
-	  &pgptime.tm_year,
-	  &pgptime.tm_mon,
-	  &pgptime.tm_mday,
-	  &pgptime.tm_hour,
-	  &pgptime.tm_min,
-	  &pgptime.tm_sec);
-
-  pgptime.tm_year -= 1900;
-  pgptime.tm_isdst = -1;
-  pgptime.tm_mon--;
-
-  /* mktime() takes the timezone into account, so we use timegm() */
-
-  answer = timegm (&pgptime);
-
-  return answer;
-}
-
-/* Caller must free the result.  */
-static char *
-tm2ldaptime (struct tm *tm)
-{
-  struct tm tmp = *tm;
-  char buf[16];
-
-  /* YYYYMMDDHHmmssZ */
-
-  tmp.tm_year += 1900;
-  tmp.tm_mon ++;
-
-  snprintf (buf, sizeof buf, "%04d%02d%02d%02d%02d%02dZ",
-	   tmp.tm_year,
-	   tmp.tm_mon,
-	   tmp.tm_mday,
-	   tmp.tm_hour,
-	   tmp.tm_min,
-	   tmp.tm_sec);
-
-  return xstrdup (buf);
-}
-
-#if 0
-/* Caller must free */
-static char *
-epoch2ldaptime (time_t stamp)
-{
-  struct tm tm;
-  if (gmtime_r (&stamp, &tm))
-    return tm2ldaptime (&tm);
-  else
-    return xstrdup ("INVALID TIME");
-}
-#endif
-
-/* Print a help output for the schemata supported by this module. */
-gpg_error_t
-ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri)
-{
-  const char const data[] =
-    "Handler for LDAP URLs:\n"
-    "  ldap://host:port/[BASEDN]???[bindname=BINDNAME,password=PASSWORD]\n"
-    "\n"
-    "Note: basedn, bindname and password need to be percent escaped. In\n"
-    "particular, spaces need to be replaced with %20 and commas with %2c.\n"
-    "bindname will typically be of the form:\n"
-    "\n"
-    "  uid=user%2cou=PGP%20Users%2cdc=EXAMPLE%2cdc=ORG\n"
-    "\n"
-    "The ldaps:// and ldapi:// schemes are also supported.  If ldaps is used\n"
-    "then the server's certificate will be checked.  If it is not valid, any\n"
-    "operation will be aborted.\n"
-    "\n"
-    "Supported methods: search, get, put\n";
-  gpg_error_t err;
-
-  if(!uri)
-    err = ks_print_help (ctrl, "  ldap");
-  else if (strcmp (uri->scheme, "ldap") == 0
-      || strcmp (uri->scheme, "ldaps") == 0
-      || strcmp (uri->scheme, "ldapi") == 0)
-    err = ks_print_help (ctrl, data);
-  else
-    err = 0;
-
-  return err;
-}
-
-/* Convert a keyspec to a filter.  Return an error if the keyspec is
-   bad or is not supported.  The filter is escaped and returned in
-   *filter.  It is the caller's responsibility to free *filter.
-   *filter is only set if this function returns success (i.e., 0).  */
-static gpg_error_t
-keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact)
-{
-  /* Remove search type indicator and adjust PATTERN accordingly.
-     Note: don't include a preceding 0x when searching by keyid.  */
-
-  /* XXX: Should we include disabled / revoke options?  */
-  KEYDB_SEARCH_DESC desc;
-  char *f = NULL;
-  char *freeme = NULL;
-
-  gpg_error_t err = classify_user_id (keyspec, &desc, 1);
-  if (err)
-    return err;
-
-  switch (desc.mode)
-    {
-    case KEYDB_SEARCH_MODE_EXACT:
-      f = xasprintf ("(pgpUserID=%s)",
-		     (freeme = ldap_escape_filter (desc.u.name)));
-      break;
-
-    case KEYDB_SEARCH_MODE_SUBSTR:
-      if (! only_exact)
-	f = xasprintf ("(pgpUserID=*%s*)",
-		       (freeme = ldap_escape_filter (desc.u.name)));
-      break;
-
-    case KEYDB_SEARCH_MODE_MAIL:
-      if (! only_exact)
-	f = xasprintf ("(pgpUserID=*<%s>*)",
-		       (freeme = ldap_escape_filter (desc.u.name)));
-      break;
-
-    case KEYDB_SEARCH_MODE_MAILSUB:
-      if (! only_exact)
-	f = xasprintf ("(pgpUserID=*<*%s*>*)",
-		       (freeme = ldap_escape_filter (desc.u.name)));
-      break;
-
-    case KEYDB_SEARCH_MODE_MAILEND:
-      if (! only_exact)
-	f = xasprintf ("(pgpUserID=*<*%s>*)",
-		       (freeme = ldap_escape_filter (desc.u.name)));
-      break;
-
-    case KEYDB_SEARCH_MODE_SHORT_KID:
-      f = xasprintf ("(pgpKeyID=%08lX)", (ulong) desc.u.kid[1]);
-      break;
-    case KEYDB_SEARCH_MODE_LONG_KID:
-      f = xasprintf ("(pgpCertID=%08lX%08lX)",
-		     (ulong) desc.u.kid[0], (ulong) desc.u.kid[1]);
-      break;
-
-    case KEYDB_SEARCH_MODE_FPR16:
-    case KEYDB_SEARCH_MODE_FPR20:
-    case KEYDB_SEARCH_MODE_FPR:
-    case KEYDB_SEARCH_MODE_ISSUER:
-    case KEYDB_SEARCH_MODE_ISSUER_SN:
-    case KEYDB_SEARCH_MODE_SN:
-    case KEYDB_SEARCH_MODE_SUBJECT:
-    case KEYDB_SEARCH_MODE_KEYGRIP:
-    case KEYDB_SEARCH_MODE_WORDS:
-    case KEYDB_SEARCH_MODE_FIRST:
-    case KEYDB_SEARCH_MODE_NEXT:
-    default:
-      break;
-    }
-
-  xfree (freeme);
-
-  if (! f)
-    {
-      log_error ("Unsupported search mode.\n");
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
-    }
-
-  *filter = f;
-
-  return 0;
-}
-
-
-
-/* Connect to an LDAP server and interrogate it.
-
-     - uri describes the server to connect to and various options
-       including whether to use TLS and the username and password (see
-       ldap_parse_uri for a description of the various fields).
-
-   This function returns:
-
-     - The ldap connection handle in *LDAP_CONNP.
-
-     - The base DN for the PGP key space by querying the
-       pgpBaseKeySpaceDN attribute (This is normally
-       'ou=PGP Keys,dc=EXAMPLE,dc=ORG').
-
-     - The attribute to lookup to find the pgp key.  This is either
-       'pgpKey' or 'pgpKeyV2'.
-
-     - Whether this is a real ldap server.  (It's unclear what this
-       exactly means.)
-
-   The values are returned in the passed variables.  If you pass NULL,
-   then the value won't be returned.  It is the caller's
-   responsibility to release *LDAP_CONNP with ldap_unbind and xfree
-   *BASEDNP and *PGPKEYATTRP.
-
-   If this function successfully interrogated the server, it returns
-   0.  If there was an LDAP error, it returns the LDAP error code.  If
-   an error occured, *basednp, etc., are undefined (and don't need to
-   be freed.)
-
-   If no LDAP error occured, you still need to check that *basednp is
-   valid.  If it is NULL, then the server does not appear to be an
-   OpenPGP Keyserver.  In this case, you also do not need to xfree
-   *pgpkeyattrp.  */
-static int
-my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
-                 char **basednp, char **pgpkeyattrp, int *real_ldapp)
-{
-  int err = 0;
-
-  LDAP *ldap_conn = NULL;
-
-  char *user = uri->auth;
-  struct uri_tuple_s *password_param = uri_query_lookup (uri, "password");
-  char *password = password_param ? password_param->value : NULL;
-
-  char *basedn = NULL;
-  /* Whether to look for the pgpKey or pgpKeyv2 attribute.  */
-  char *pgpkeyattr = "pgpKey";
-  int real_ldap = 0;
-
-  log_debug ("my_ldap_connect(%s:%d/%s????%s%s%s%s%s)\n",
-	     uri->host, uri->port,
-	     uri->path ?: "",
-	     uri->auth ? "bindname=" : "", uri->auth ?: "",
-	     uri->auth && password ? "," : "",
-	     password ? "password=" : "", password ?: "");
-
-  /* If the uri specifies a secure connection and we don't support
-     TLS, then fail; don't silently revert to an insecure
-     connection.  */
-  if (uri->use_tls)
-    {
-#ifndef HAVE_LDAP_START_TLS_S
-      log_error ("Can't use LDAP to connect to the server: no TLS support.");
-      err = GPG_ERR_LDAP_NOT_SUPPORTED;
-      goto out;
-#endif
-    }
-
-  ldap_conn = ldap_init (uri->host, uri->port);
-  if (! ldap_conn)
-    {
-      err = gpg_err_code_from_syserror ();
-      log_error ("Failed to open connection to LDAP server (%s://%s:%d)\n",
-		 uri->scheme, uri->host, uri->port);
-      goto out;
-    }
-
-#ifdef HAVE_LDAP_SET_OPTION
-  {
-    int ver = LDAP_VERSION3;
-
-    err = ldap_set_option (ldap_conn, LDAP_OPT_PROTOCOL_VERSION, &ver);
-    if (err != LDAP_SUCCESS)
-      {
-	log_error ("gpgkeys: unable to go to LDAP 3: %s\n",
-		   ldap_err2string (err));
-	goto out;
-      }
-  }
-#endif
-
-  /* XXX: It would be nice to have an option to provide the server's
-     certificate.  */
-#if 0
-#if defined(LDAP_OPT_X_TLS_CACERTFILE) && defined(HAVE_LDAP_SET_OPTION)
-  err = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, ca_cert_file);
-  if (err)
-    {
-      log_error ("unable to set ca-cert-file to '%s': %s\n",
-		 ca_cert_file, ldap_err2string (err));
-      goto out;
-    }
-#endif /* LDAP_OPT_X_TLS_CACERTFILE && HAVE_LDAP_SET_OPTION */
-#endif
-
-#ifndef HAVE_LDAP_START_TLS_S
-  if (uri->use_tls)
-    {
-      /* XXX: We need an option to determine whether to abort if the
-	 certificate is bad or not.  Right now we conservatively
-	 default to checking the certificate and aborting.  */
-      int check_cert = LDAP_OPT_X_TLS_HARD; /* LDAP_OPT_X_TLS_NEVER */
-
-      err = ldap_set_option (ldap_conn,
-			     LDAP_OPT_X_TLS_REQUIRE_CERT, &check_cert);
-      if (err)
-	{
-	  log_error ("Failed to set TLS option on LDAP connection.\n");
-	  goto out;
-	}
-
-      err = ldap_start_tls_s (ldap_conn, NULL, NULL);
-      if (err)
-	{
-	  log_error ("Failed to connect to LDAP server with TLS.\n");
-	  goto out;
-	}
-    }
-#endif
-
-  /* By default we don't bind as there is usually no need to.  */
-  if (uri->auth)
-    {
-      log_debug ("LDAP bind to %s, password %s\n",
-		 user, password ? ">not shown<" : ">none<");
-
-      err = ldap_simple_bind_s (ldap_conn, user, password);
-      if (err != LDAP_SUCCESS)
-	{
-	  log_error ("Internal LDAP bind error: %s\n",
-		     ldap_err2string (err));
-	  goto out;
-	}
-    }
-
-  if (uri->path && *uri->path)
-    /* User specified base DN.  */
-    {
-      basedn = xstrdup (uri->path);
-
-      /* If the user specifies a base DN, then we know the server is a
-	 real LDAP server.  */
-      real_ldap = 1;
-    }
-  else
-    {
-      LDAPMessage *res = NULL;
-      /* Look for namingContexts.  */
-      char *attr[] = { "namingContexts", NULL };
-
-      err = ldap_search_s (ldap_conn, "", LDAP_SCOPE_BASE,
-			   "(objectClass=*)", attr, 0, &res);
-      if (err == LDAP_SUCCESS)
-	{
-	  char **context = ldap_get_values (ldap_conn, res, "namingContexts");
-	  if (context)
-	    /* We found some, so try each namingContext as the search
-	       base and look for pgpBaseKeySpaceDN.  Because we found
-	       this, we know we're talking to a regular-ish LDAP
-	       server and not an LDAP keyserver.  */
-	    {
-	      int i;
-	      char *attr2[] =
-		{ "pgpBaseKeySpaceDN", "pgpVersion", "pgpSoftware", NULL };
-
-	      real_ldap = 1;
-
-	      for (i = 0; context[i] && ! basedn; i++)
-		{
-		  char **vals;
-		  LDAPMessage *si_res;
-
-                  {
-                    char *object = xasprintf ("cn=pgpServerInfo,%s",
-                                              context[i]);
-                    err = ldap_search_s (ldap_conn, object, LDAP_SCOPE_BASE,
-                                         "(objectClass=*)", attr2, 0, &si_res);
-                    xfree (object);
-                  }
-
-		  if (err == LDAP_SUCCESS)
-		    {
-		      vals = ldap_get_values (ldap_conn, si_res,
-					      "pgpBaseKeySpaceDN");
-		      if (vals)
-			{
-			  basedn = xtrystrdup (vals[0]);
-			  ldap_value_free (vals);
-			}
-
-		      vals = ldap_get_values (ldap_conn, si_res,
-					      "pgpSoftware");
-		      if (vals)
-			{
-			  log_debug ("Server: \t%s\n", vals[0]);
-			  ldap_value_free (vals);
-			}
-
-		      vals = ldap_get_values (ldap_conn, si_res,
-					      "pgpVersion");
-		      if (vals)
-			{
-			  log_debug ("Version:\t%s\n", vals[0]);
-			  ldap_value_free (vals);
-			}
-		    }
-
-		  /* From man ldap_search_s: "res parameter of
-		     ldap_search_ext_s() and ldap_search_s() should be
-		     freed with ldap_msgfree() regardless of return
-		     value of these functions.  */
-		  ldap_msgfree (si_res);
-		}
-
-	      ldap_value_free (context);
-	    }
-	}
-      else
-	{
-	  /* We don't have an answer yet, which means the server might
-	     be an LDAP keyserver. */
-	  char **vals;
-	  LDAPMessage *si_res = NULL;
-
-	  char *attr2[] = { "pgpBaseKeySpaceDN", "version", "software", NULL };
-
-	  err = ldap_search_s (ldap_conn, "cn=pgpServerInfo", LDAP_SCOPE_BASE,
-			       "(objectClass=*)", attr2, 0, &si_res);
-	  if (err == LDAP_SUCCESS)
-	    {
-	      /* For the LDAP keyserver, this is always
-		 "OU=ACTIVE,O=PGP KEYSPACE,C=US", but it might not be
-		 in the future. */
-
-	      vals = ldap_get_values (ldap_conn, si_res, "baseKeySpaceDN");
-	      if (vals)
-		{
-		  basedn = xtrystrdup (vals[0]);
-		  ldap_value_free (vals);
-		}
-
-	      vals = ldap_get_values (ldap_conn, si_res, "software");
-	      if (vals)
-		{
-		  log_debug ("ldap: Server: \t%s\n", vals[0]);
-		  ldap_value_free (vals);
-		}
-
-	      vals = ldap_get_values (ldap_conn, si_res, "version");
-	      if (vals)
-		{
-		  log_debug ("ldap: Version:\t%s\n", vals[0]);
-
-		  /* If the version is high enough, use the new
-		     pgpKeyV2 attribute.  This design is iffy at best,
-		     but it matches how PGP does it.  I figure the NAI
-		     folks assumed that there would never be an LDAP
-		     keyserver vendor with a different numbering
-		     scheme. */
-		  if (atoi (vals[0]) > 1)
-		    pgpkeyattr = "pgpKeyV2";
-
-		  ldap_value_free (vals);
-		}
-	    }
-
-	  ldap_msgfree (si_res);
-	}
-
-      /* From man ldap_search_s: "res parameter of ldap_search_ext_s()
-	 and ldap_search_s() should be freed with ldap_msgfree()
-	 regardless of return value of these functions.  */
-      ldap_msgfree (res);
-    }
-
- out:
-  if (! err)
-    {
-      log_debug ("ldap_conn: %p\n", ldap_conn);
-      log_debug ("real_ldap: %d\n", real_ldap);
-      log_debug ("basedn: %s\n", basedn);
-      log_debug ("pgpkeyattr: %s\n", pgpkeyattr);
-    }
-
-  if (! err && real_ldapp)
-    *real_ldapp = real_ldap;
-
-  if (err)
-    xfree (basedn);
-  else
-    {
-      if (pgpkeyattrp)
-	{
-	  if (basedn)
-	    *pgpkeyattrp = xstrdup (pgpkeyattr);
-	  else
-	    *pgpkeyattrp = NULL;
-	}
-
-      if (basednp)
-	*basednp = basedn;
-      else
-	xfree (basedn);
-    }
-
-  if (err)
-    {
-      if (ldap_conn)
-	ldap_unbind (ldap_conn);
-    }
-  else
-    *ldap_connp = ldap_conn;
-
-  return err;
-}
-
-/* Extract keys from an LDAP reply and write them out to the output
-   stream OUTPUT in a format GnuPG can import (either the OpenPGP
-   binary format or armored format).  */
-static void
-extract_keys (estream_t output,
-	      LDAP *ldap_conn, const char *certid, LDAPMessage *message)
-{
-  char **vals;
-
-  es_fprintf (output, "INFO %s BEGIN\n", certid);
-  es_fprintf (output, "pub:%s:", certid);
-
-  /* Note: ldap_get_values returns a NULL terminates array of
-     strings.  */
-  vals = ldap_get_values (ldap_conn, message, "pgpkeytype");
-  if (vals && vals[0])
-    {
-      if (strcmp (vals[0], "RSA") == 0)
-	es_fprintf  (output, "1");
-      else if (strcmp (vals[0],"DSS/DH") == 0)
-	es_fprintf (output, "17");
-      ldap_value_free (vals);
-    }
-
-  es_fprintf (output, ":");
-
-  vals = ldap_get_values (ldap_conn, message, "pgpkeysize");
-  if (vals && vals[0])
-    {
-      int v = atoi (vals[0]);
-      if (v > 0)
-	es_fprintf (output, "%d", v);
-      ldap_value_free (vals);
-    }
-
-  es_fprintf (output, ":");
-
-  vals = ldap_get_values (ldap_conn, message, "pgpkeycreatetime");
-  if (vals && vals[0])
-    {
-      if (strlen (vals[0]) == 15)
-	es_fprintf (output, "%u", (unsigned int) ldap2epochtime (vals[0]));
-      ldap_value_free (vals);
-    }
-
-  es_fprintf (output, ":");
-
-  vals = ldap_get_values (ldap_conn, message, "pgpkeyexpiretime");
-  if (vals && vals[0])
-    {
-      if (strlen (vals[0]) == 15)
-	es_fprintf (output, "%u", (unsigned int) ldap2epochtime (vals[0]));
-      ldap_value_free (vals);
-    }
-
-  es_fprintf (output, ":");
-
-  vals = ldap_get_values (ldap_conn, message, "pgprevoked");
-  if (vals && vals[0])
-    {
-      if (atoi (vals[0]) == 1)
-	es_fprintf (output, "r");
-      ldap_value_free (vals);
-    }
-
-  es_fprintf (output, "\n");
-
-  vals = ldap_get_values (ldap_conn, message, "pgpuserid");
-  if (vals && vals[0])
-    {
-      int i;
-      for (i = 0; vals[i]; i++)
-	es_fprintf (output, "uid:%s\n", vals[i]);
-      ldap_value_free (vals);
-    }
-
-  es_fprintf (output, "INFO %s END\n", certid);
-}
-
-/* Get the key described key the KEYSPEC string from the keyserver
-   identified by URI.  On success R_FP has an open stream to read the
-   data.  */
-gpg_error_t
-ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
-	     estream_t *r_fp)
-{
-  gpg_error_t err = 0;
-  int ldap_err;
-
-  char *filter = NULL;
-
-  LDAP *ldap_conn = NULL;
-
-  char *basedn = NULL;
-  char *pgpkeyattr = NULL;
-
-  estream_t fp = NULL;
-
-  LDAPMessage *message = NULL;
-
-  (void) ctrl;
-
-  /* Before connecting to the server, make sure we have a sane
-     keyspec.  If not, there is no need to establish a network
-     connection.  */
-  err = keyspec_to_ldap_filter (keyspec, &filter, 1);
-  if (err)
-    return (err);
-
-  /* Make sure we are talking to an OpenPGP LDAP server.  */
-  ldap_err = my_ldap_connect (uri, &ldap_conn, &basedn, &pgpkeyattr, NULL);
-  if (ldap_err || !basedn)
-    {
-      if (ldap_err)
-	err = ldap_err_to_gpg_err (ldap_err);
-      else
-	err = GPG_ERR_GENERAL;
-      goto out;
-    }
-
-  {
-    /* The ordering is significant.  Specifically, "pgpcertid" needs
-       to be the second item in the list, since everything after it
-       may be discarded we aren't in verbose mode. */
-    char *attrs[] =
-      {
-	pgpkeyattr,
-	"pgpcertid", "pgpuserid", "pgpkeyid", "pgprevoked", "pgpdisabled",
-	"pgpkeycreatetime", "modifytimestamp", "pgpkeysize", "pgpkeytype",
-	NULL
-      };
-    /* 1 if we want just attribute types; 0 if we want both attribute
-       types and values.  */
-    int attrsonly = 0;
-
-    int count;
-
-    ldap_err = ldap_search_s (ldap_conn, basedn, LDAP_SCOPE_SUBTREE,
-			      filter, attrs, attrsonly, &message);
-    if (ldap_err)
-      {
-	err = ldap_err_to_gpg_err (ldap_err);
-
-	log_error ("gpgkeys: LDAP search error: %s\n",
-		   ldap_err2string (ldap_err));
-	goto out;
-      }
-
-    count = ldap_count_entries (ldap_conn, message);
-    if (count < 1)
-      {
-	log_error ("gpgkeys: key %s not found on keyserver\n", keyspec);
-
-	if (count == -1)
-	  err = ldap_to_gpg_err (ldap_conn);
-	else
-	  err = gpg_error (GPG_ERR_NO_DATA);
-
-	goto out;
-      }
-
-    {
-      /* There may be more than one unique result for a given keyID,
-	 so we should fetch them all (test this by fetching short key
-	 id 0xDEADBEEF). */
-
-      /* The set of entries that we've seen.  */
-      strlist_t seen = NULL;
-      LDAPMessage *each;
-
-      for (each = ldap_first_entry (ldap_conn, message);
-	   each;
-	   each = ldap_next_entry (ldap_conn, each))
-	{
-	  char **vals;
-	  char **certid;
-
-	  /* Use the long keyid to remove duplicates.  The LDAP
-	     server returns the same keyid more than once if there
-	     are multiple user IDs on the key.  Note that this does
-	     NOT mean that a keyid that exists multiple times on the
-	     keyserver will not be fetched.  It means that each KEY,
-	     no matter how many user IDs share its keyid, will be
-	     fetched only once.  If a keyid that belongs to more
-	     than one key is fetched, the server quite properly
-	     responds with all matching keys. -ds */
-
-	  certid = ldap_get_values (ldap_conn, each, "pgpcertid");
-	  if (certid && certid[0])
-	    {
-	      if (! strlist_find (seen, certid[0]))
-		{
-		  /* It's not a duplicate, add it */
-
-		  add_to_strlist (&seen, certid[0]);
-
-		  if (! fp)
-		    fp = es_fopenmem(0, "rw");
-
-		  extract_keys (fp, ldap_conn, certid[0], each);
-
-		  vals = ldap_get_values (ldap_conn, each, pgpkeyattr);
-		  if (! vals)
-		    {
-		      err = ldap_to_gpg_err (ldap_conn);
-		      log_error("gpgkeys: unable to retrieve key %s "
-				"from keyserver\n", certid[0]);
-		      goto out;
-		    }
-		  else
-		    {
-		      /* We should strip the new lines.  */
-		      es_fprintf (fp, "KEY 0x%s BEGIN\n", certid[0]);
-		      es_fputs (vals[0], fp);
-		      es_fprintf (fp, "\nKEY 0x%s END\n", certid[0]);
-
-		      ldap_value_free (vals);
-		    }
-		}
-	    }
-
-	  ldap_value_free (certid);
-	}
-
-      free_strlist (seen);
-
-      if (! fp)
-	err = gpg_error (GPG_ERR_NO_DATA);
-    }
-  }
-
- out:
-  if (message)
-    ldap_msgfree (message);
-
-  if (err)
-    {
-      if (fp)
-	es_fclose (fp);
-    }
-  else
-    {
-      if (fp)
-	es_fseek (fp, 0, SEEK_SET);
-
-      *r_fp = fp;
-    }
-
-  xfree (pgpkeyattr);
-  xfree (basedn);
-
-  if (ldap_conn)
-    ldap_unbind (ldap_conn);
-
-  xfree (filter);
-
-  return err;
-}
-
-/* Search the keyserver identified by URI for keys matching PATTERN.
-   On success R_FP has an open stream to read the data.  */
-gpg_error_t
-ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
-		estream_t *r_fp)
-{
-  gpg_error_t err;
-  int ldap_err;
-
-  char *filter = NULL;
-
-  LDAP *ldap_conn = NULL;
-
-  char *basedn = NULL;
-
-  estream_t fp = NULL;
-
-  (void) ctrl;
-
-  /* Before connecting to the server, make sure we have a sane
-     keyspec.  If not, there is no need to establish a network
-     connection.  */
-  err = keyspec_to_ldap_filter (pattern, &filter, 0);
-  if (err)
-    {
-      log_error ("Bad search pattern: '%s'\n", pattern);
-      return (err);
-    }
-
-  /* Make sure we are talking to an OpenPGP LDAP server.  */
-  ldap_err = my_ldap_connect (uri, &ldap_conn, &basedn, NULL, NULL);
-  if (ldap_err || !basedn)
-    {
-      if (ldap_err)
-	err = ldap_err_to_gpg_err (ldap_err);
-      else
-	err = GPG_ERR_GENERAL;
-      goto out;
-    }
-
-  /* Even if we have no results, we want to return a stream.  */
-  fp = es_fopenmem(0, "rw");
-  if (!fp)
-    {
-      err = gpg_error_from_syserror ();
-      goto out;
-    }
-
-  {
-    char **vals;
-    LDAPMessage *res, *each;
-    int count = 0;
-    strlist_t dupelist = NULL;
-
-    /* The maximum size of the search, including the optional stuff
-       and the trailing \0 */
-    char *attrs[] =
-      {
-	"pgpcertid", "pgpuserid", "pgprevoked", "pgpdisabled",
-	"pgpkeycreatetime", "pgpkeyexpiretime", "modifytimestamp",
-	"pgpkeysize", "pgpkeytype", NULL
-      };
-
-    log_debug ("SEARCH '%s' => '%s' BEGIN\n", pattern, filter);
-
-    ldap_err = ldap_search_s (ldap_conn, basedn,
-			      LDAP_SCOPE_SUBTREE, filter, attrs, 0, &res);
-
-    xfree (filter);
-    filter = NULL;
-
-    if (ldap_err != LDAP_SUCCESS && ldap_err != LDAP_SIZELIMIT_EXCEEDED)
-      {
-	err = ldap_err_to_gpg_err (ldap_err);
-
-	log_error ("SEARCH %s FAILED %d\n", pattern, err);
-	log_error ("gpgkeys: LDAP search error: %s\n",
-		   ldap_err2string (err));
-	goto out;
-    }
-
-    /* The LDAP server doesn't return a real count of unique keys, so we
-       can't use ldap_count_entries here. */
-    for (each = ldap_first_entry (ldap_conn, res);
-	 each;
-	 each = ldap_next_entry (ldap_conn, each))
-      {
-	char **certid = ldap_get_values (ldap_conn, each, "pgpcertid");
-	if (certid && certid[0] && ! strlist_find (dupelist, certid[0]))
-	  {
-	    add_to_strlist (&dupelist, certid[0]);
-	    count++;
-	  }
-      }
-
-    if (ldap_err == LDAP_SIZELIMIT_EXCEEDED)
-      {
-	if (count == 1)
-	  log_error ("gpgkeys: search results exceeded server limit."
-		     "  First 1 result shown.\n");
-	else
-	  log_error ("gpgkeys: search results exceeded server limit."
-		     "  First %d results shown.\n", count);
-      }
-
-    free_strlist (dupelist);
-    dupelist = NULL;
-
-    if (count < 1)
-      es_fputs ("info:1:0\n", fp);
-    else
-      {
-	es_fprintf (fp, "info:1:%d\n", count);
-
-	for (each = ldap_first_entry (ldap_conn, res);
-	     each;
-	     each = ldap_next_entry (ldap_conn, each))
-	  {
-	    char **certid;
-	    LDAPMessage *uids;
-
-	    certid = ldap_get_values (ldap_conn, each, "pgpcertid");
-	    if (! certid || ! certid[0])
-	      continue;
-
-	    /* Have we seen this certid before? */
-	    if (! strlist_find (dupelist, certid[0]))
-	      {
-		add_to_strlist (&dupelist, certid[0]);
-
-		es_fprintf (fp, "pub:%s:",certid[0]);
-
-		vals = ldap_get_values (ldap_conn, each, "pgpkeytype");
-		if (vals)
-		  {
-		    /* The LDAP server doesn't exactly handle this
-		       well. */
-		    if (strcasecmp (vals[0], "RSA") == 0)
-		      es_fputs ("1", fp);
-		    else if (strcasecmp (vals[0], "DSS/DH") == 0)
-		      es_fputs ("17", fp);
-		    ldap_value_free (vals);
-		  }
-
-		es_fputc (':', fp);
-
-		vals = ldap_get_values (ldap_conn, each, "pgpkeysize");
-		if (vals)
-		  {
-		    /* Not sure why, but some keys are listed with a
-		       key size of 0.  Treat that like an unknown. */
-		    if (atoi (vals[0]) > 0)
-		      es_fprintf (fp, "%d", atoi (vals[0]));
-		    ldap_value_free (vals);
-		  }
-
-		es_fputc (':', fp);
-
-		/* YYYYMMDDHHmmssZ */
-
-		vals = ldap_get_values (ldap_conn, each, "pgpkeycreatetime");
-		if(vals && strlen (vals[0]) == 15)
-		  {
-		    es_fprintf (fp, "%u",
-				(unsigned int) ldap2epochtime(vals[0]));
-		    ldap_value_free (vals);
-		  }
-
-		es_fputc (':', fp);
-
-		vals = ldap_get_values (ldap_conn, each, "pgpkeyexpiretime");
-		if (vals && strlen (vals[0]) == 15)
-		  {
-		    es_fprintf (fp, "%u",
-				(unsigned int) ldap2epochtime (vals[0]));
-		    ldap_value_free (vals);
-		  }
-
-		es_fputc (':', fp);
-
-		vals = ldap_get_values (ldap_conn, each, "pgprevoked");
-		if (vals)
-		  {
-		    if (atoi (vals[0]) == 1)
-		      es_fprintf (fp, "r");
-		    ldap_value_free (vals);
-		  }
-
-		vals = ldap_get_values (ldap_conn, each, "pgpdisabled");
-		if (vals)
-		  {
-		    if (atoi (vals[0]) ==1)
-		      es_fprintf (fp, "d");
-		    ldap_value_free (vals);
-		  }
-
-#if 0
-		/* This is not yet specified in the keyserver
-		   protocol, but may be someday. */
-		es_fputc (':', fp);
-
-		vals = ldap_get_values (ldap_conn, each, "modifytimestamp");
-		if(vals && strlen (vals[0]) == 15)
-		  {
-		    es_fprintf (fp, "%u",
-				(unsigned int) ldap2epochtime (vals[0]));
-		    ldap_value_free (vals);
-		  }
-#endif
-
-		es_fprintf (fp, "\n");
-
-		/* Now print all the uids that have this certid */
-		for (uids = ldap_first_entry (ldap_conn, res);
-		     uids;
-		     uids = ldap_next_entry (ldap_conn, uids))
-		  {
-		    vals = ldap_get_values (ldap_conn, uids, "pgpcertid");
-		    if (! vals)
-		      continue;
-
-		    if (strcasecmp (certid[0], vals[0]) == 0)
-		      {
-			char **uidvals;
-
-			es_fprintf (fp, "uid:");
-
-			uidvals = ldap_get_values (ldap_conn,
-						   uids, "pgpuserid");
-			if (uidvals)
-			  {
-			    /* Need to escape any colons */
-			    char *quoted = percent_escape (uidvals[0], NULL);
-			    es_fputs (quoted, fp);
-			    xfree (quoted);
-			    ldap_value_free (uidvals);
-			  }
-
-			es_fprintf (fp, "\n");
-		      }
-
-		    ldap_value_free(vals);
-		  }
-	      }
-
-	      ldap_value_free (certid);
-	  }
-      }
-
-    ldap_msgfree (res);
-    free_strlist (dupelist);
-  }
-
-  log_debug ("SEARCH %s END\n", pattern);
-
- out:
-  if (err)
-    {
-      if (fp)
-	es_fclose (fp);
-    }
-  else
-    {
-      /* Return the read stream.  */
-      if (fp)
-	es_fseek (fp, 0, SEEK_SET);
-
-      *r_fp = fp;
-    }
-
-  xfree (basedn);
-
-  if (ldap_conn)
-    ldap_unbind (ldap_conn);
-
-  xfree (filter);
-
-  return err;
-}
-
-
-
-/* A modlist describes a set of changes to an LDAP entry.  (An entry
-   consists of 1 or more attributes.  Attributes are 
-   pairs.  Note: an attribute may be multi-valued in which case
-   multiple values are associated with a single name.)
-
-   A modlist is a NULL terminated array of struct LDAPMod's.
-
-   Thus, if we have:
-
-     LDAPMod **modlist;
-
-   Then:
-
-     modlist[i]
-
-   Is the ith modification.
-
-   Each LDAPMod describes a change to a single attribute.  Further,
-   there is one modification for each attribute that we want to
-   change.  The attribute's new value is stored in LDAPMod.mod_values.
-   If the attribute is multi-valued, we still only use a single
-   LDAPMod structure: mod_values is a NULL-terminated array of
-   strings.  To delete an attribute from an entry, we set mod_values
-   to NULL.
-
-   Thus, if:
-
-     modlist[i]->mod_values == NULL
-
-   then we remove the attribute.
-
-   (Using LDAP_MOD_DELETE doesn't work here as we don't know if the
-   attribute in question exists or not.)
-
-   Note: this function does NOT copy or free ATTR.  It does copy
-   VALUE.  */
-static void
-modlist_add (LDAPMod ***modlistp, char *attr, const char *value)
-{
-  LDAPMod **modlist = *modlistp;
-
-  LDAPMod **m;
-  int nummods = 0;
-
-  /* Search modlist for the attribute we're playing with.  If modlist
-     is NULL, then the list is empty.  Recall: modlist is a NULL
-     terminated array.  */
-  for (m = modlist; m && *m; m++, nummods ++)
-    {
-      /* The attribute is already on the list.  */
-      char **ptr;
-      int numvalues = 0;
-
-      if (strcasecmp ((*m)->mod_type, attr) != 0)
-	continue;
-
-      /* We have this attribute already, so when the REPLACE happens,
-	 the server attributes will be replaced anyway. */
-      if (! value)
-	return;
-
-      /* Attributes can be multi-valued.  See if the value is already
-	 present.  mod_values is a NULL terminated array of pointers.
-	 Note: mod_values can be NULL.  */
-      for (ptr = (*m)->mod_values; ptr && *ptr; ptr++)
-	{
-	  if (strcmp (*ptr, value) == 0)
-	    /* Duplicate value, we're done.  */
-	    return;
-	  numvalues ++;
-	}
-
-      /* Append the value.  */
-      ptr = xrealloc ((*m)->mod_values, sizeof (char *) * (numvalues + 2));
-
-      (*m)->mod_values = ptr;
-      ptr[numvalues] = xstrdup (value);
-
-      ptr[numvalues + 1] = NULL;
-
-      return;
-    }
-
-  /* We didn't find the attr, so make one and add it to the end */
-
-  /* Like attribute values, the list of attributes is NULL terminated
-     array of pointers.  */
-  modlist = xrealloc (modlist, sizeof (LDAPMod *) * (nummods + 2));
-
-  *modlistp = modlist;
-  modlist[nummods] = xmalloc (sizeof (LDAPMod));
-
-  modlist[nummods]->mod_op = LDAP_MOD_REPLACE;
-  modlist[nummods]->mod_type = attr;
-  if (value)
-    {
-      modlist[nummods]->mod_values = xmalloc (sizeof(char *) * 2);
-
-      modlist[nummods]->mod_values[0] = xstrdup (value);
-      modlist[nummods]->mod_values[1] = NULL;
-    }
-  else
-    modlist[nummods]->mod_values = NULL;
-
-  modlist[nummods + 1] = NULL;
-
-  return;
-}
-
-/* Look up the value of an attribute in the specified modlist.  If the
-   attribute is not on the mod list, returns NULL.  The result is a
-   NULL-terminated array of strings.  Don't change it.  */
-static char **
-modlist_lookup (LDAPMod **modlist, const char *attr)
-{
-  LDAPMod **m;
-  for (m = modlist; m && *m; m++)
-    {
-      if (strcasecmp ((*m)->mod_type, attr) != 0)
-	continue;
-
-      return (*m)->mod_values;
-    }
-
-  return NULL;
-}
-
-/* Dump a modlist to a file.  This is useful for debugging.  */
-static estream_t modlist_dump (LDAPMod **modlist, estream_t output)
-  GNUPG_GCC_A_USED;
-
-static estream_t
-modlist_dump (LDAPMod **modlist, estream_t output)
-{
-  LDAPMod **m;
-
-  int opened = 0;
-
-  if (! output)
-    {
-      output = es_fopenmem (0, "rw");
-      if (!output)
-        return NULL;
-      opened = 1;
-    }
-
-  for (m = modlist; m && *m; m++)
-    {
-      es_fprintf (output, "  %s:", (*m)->mod_type);
-
-      if (! (*m)->mod_values)
-	es_fprintf(output, " delete.\n");
-      else
-	{
-	  char **ptr;
-	  int i;
-
-	  int multi = 0;
-	  if ((*m)->mod_values[0] && (*m)->mod_values[1])
-	    /* Have at least 2.  */
-	    multi = 1;
-
-	  if (multi)
-	    es_fprintf (output, "\n");
-
-	  for ((ptr = (*m)->mod_values), (i = 1); ptr && *ptr; ptr++, i ++)
-	    {
-	      /* Assuming terminals are about 80 characters wide,
-		 display at most most about 10 lines of debugging
-		 output.  If we do trim the buffer, append '...' to
-		 the end.  */
-	      const int max_len = 10 * 70;
-	      size_t value_len = strlen (*ptr);
-	      int elide = value_len > max_len;
-
-	      if (multi)
-		es_fprintf (output, "    %d. ", i);
-	      es_fprintf (output, "`%.*s", max_len, *ptr);
-	      if (elide)
-		es_fprintf (output, "...' (%zd bytes elided)",
-			    value_len - max_len);
-	      else
-		es_fprintf (output, "'");
-	      es_fprintf (output, "\n");
-	    }
-	}
-    }
-
-  if (opened)
-    es_fseek (output, 0, SEEK_SET);
-
-  return output;
-}
-
-/* Free all of the memory allocated by the mod list.  This assumes
-   that the attribute names don't have to be freed, but the attributes
-   values do.  (Which is what modlist_add does.)  */
-static void
-modlist_free (LDAPMod **modlist)
-{
-  LDAPMod **ml;
-
-  if (! modlist)
-    return;
-
-  /* Unwind and free the whole modlist structure */
-
-  /* The modlist is a NULL terminated array of pointers.  */
-  for (ml = modlist; *ml; ml++)
-    {
-      LDAPMod *mod = *ml;
-      char **ptr;
-
-      /* The list of values is a NULL termianted array of pointers.
-	 If the list is NULL, there are no values.  */
-
-      if (mod->mod_values)
-	{
-	  for (ptr = mod->mod_values; *ptr; ptr++)
-	    xfree (*ptr);
-
-	  xfree (mod->mod_values);
-	}
-
-      xfree (mod);
-    }
-  xfree (modlist);
-}
-
-/* Append two onto the end of one.  Two is not freed, but its pointers
-   are now part of one.  Make sure you don't free them both!
-
-   As long as you don't add anything to ONE, TWO is still valid.
-   After that all bets are off.  */
-static void
-modlists_join (LDAPMod ***one, LDAPMod **two)
-{
-  int i, one_count = 0, two_count = 0;
-  LDAPMod **grow;
-
-  if (!*two)
-    /* two is empty.  Nothing to do.  */
-    return;
-
-  if (!*one)
-    /* one is empty.  Just set it equal to *two.  */
-    {
-      *one = two;
-      return;
-    }
-
-  for (grow = *one; *grow; grow++)
-    one_count ++;
-
-  for (grow = two; *grow; grow++)
-    two_count ++;
-
-  grow = xrealloc (*one, sizeof(LDAPMod *) * (one_count + two_count + 1));
-
-  for (i = 0; i < two_count; i++)
-    grow[one_count + i] = two[i];
-
-  grow[one_count + i] = NULL;
-
-  *one = grow;
-}
-
-/* Given a string, unescape C escapes.  In particular, \xXX.  This
-   modifies the string in place.  */
-static void
-uncescape (char *str)
-{
-  size_t r = 0;
-  size_t w = 0;
-
-  char *first = strchr (str, '\\');
-  if (! first)
-    /* No backslashes => no escaping.  We're done.  */
-    return;
-
-  /* Start at the first '\\'.  */
-  r = w = (uintptr_t) first - (uintptr_t) str;
-
-  while (str[r])
-    {
-      /* XXX: What to do about bad escapes?
-         XXX: hextobyte already checks the string thus the hexdigitp
-         could be removed. */
-      if (str[r] == '\\' && str[r + 1] == 'x'
-          && str[r+2] && str[r+3]
-	  && hexdigitp (str + r + 2)
-	  && hexdigitp (str + r + 3))
-	{
-	  int x = hextobyte (&str[r + 2]);
-	  assert (0 <= x && x <= 0xff);
-
-	  str[w] = x;
-
-	  /* We consumed 4 characters and wrote 1.  */
-	  r += 4;
-	  w ++;
-	}
-      else
-	str[w ++] = str[r ++];
-    }
-
-  str[w] = '\0';
-}
-
-/* Given one line from an info block (`gpg --list-{keys,sigs}
-   --with-colons KEYID'), pull it apart and fill in the modlist with
-   the relevant (for the LDAP schema) attributes.  */
-static void
-extract_attributes (LDAPMod ***modlist, char *line)
-{
-  int field_count;
-  char **fields;
-
-  char *keyid;
-
-  int is_pub, is_sub, is_uid, is_sig;
-
-  /* Remove trailing whitespace */
-  trim_trailing_spaces (line);
-
-  fields = strsplit (line, ':', '\0', &field_count);
-  if (field_count == 1)
-    /* We only have a single field.  There is definately nothing to
-       do.  */
-    goto out;
-
-  if (field_count < 7)
-    goto out;
-
-  is_pub = strcasecmp ("pub", fields[0]) == 0;
-  is_sub = strcasecmp ("sub", fields[0]) == 0;
-  is_uid = strcasecmp ("uid", fields[0]) == 0;
-  is_sig = strcasecmp ("sig", fields[0]) == 0;
-
-  if (!is_pub && !is_sub && !is_uid && !is_sig)
-    /* Not a relevant line.  */
-    goto out;
-
-  keyid = fields[4];
-
-  if (is_uid && strlen (keyid) == 0)
-    /* The uid record type can have an empty keyid.  */
-    ;
-  else if (strlen (keyid) == 16
-	   && strspn (keyid, "0123456789aAbBcCdDeEfF") == 16)
-    /* Otherwise, we expect exactly 16 hex characters.  */
-    ;
-  else
-    {
-      log_error ("malformed record!\n");
-      goto out;
-    }
-
-  if (is_pub)
-    {
-      int disabled = 0;
-      int revoked = 0;
-      char *flags;
-      for (flags = fields[1]; *flags; flags ++)
-	switch (*flags)
-	  {
-	  case 'r':
-	  case 'R':
-	    revoked = 1;
-	    break;
-
-	  case 'd':
-	  case 'D':
-	    disabled = 1;
-	    break;
-	  }
-
-      /* Note: we always create the pgpDisabled and pgpRevoked
-	attributes, regardless of whether the key is disabled/revoked
-	or not.  This is because a very common search is like
-	"(&(pgpUserID=*isabella*)(pgpDisabled=0))"  */
-
-      if (is_pub)
-	{
-	  modlist_add (modlist,"pgpDisabled", disabled ? "1" : "0");
-	  modlist_add (modlist,"pgpRevoked", revoked ? "1" : "0");
-	}
-    }
-
-  if (is_pub || is_sub)
-    {
-      char *size = fields[2];
-      int val = atoi (size);
-      size = NULL;
-
-      if (val > 0)
-	{
-	  /* We zero pad this on the left to make PGP happy. */
-	  char padded[6];
-	  if (val < 99999 && val > 0)
-	    {
-	      snprintf (padded, sizeof padded, "%05u", val);
-	      size = padded;
-	    }
-	}
-
-      if (size)
-	{
-	  if (is_pub || is_sub)
-	    modlist_add (modlist, "pgpKeySize", size);
-	}
-    }
-
-  if (is_pub)
-    {
-      char *algo = fields[3];
-      int val = atoi (algo);
-      switch (val)
-	{
-	case 1:
-	  algo = "RSA";
-	  break;
-
-	case 17:
-	  algo = "DSS/DH";
-	  break;
-
-	default:
-	  algo = NULL;
-	  break;
-	}
-
-      if (algo)
-	{
-	  if (is_pub)
-	    modlist_add (modlist, "pgpKeyType", algo);
-	}
-    }
-
-  if (is_pub || is_sub || is_sig)
-    {
-      if (is_pub)
-	{
-	  modlist_add (modlist, "pgpCertID", keyid);
-	  modlist_add (modlist, "pgpKeyID", &keyid[8]);
-	}
-
-      if (is_sub)
-	modlist_add (modlist, "pgpSubKeyID", keyid);
-
-      if (is_sig)
-	modlist_add (modlist, "pgpSignerID", keyid);
-    }
-
-  if (is_pub)
-    {
-      char *create_time = fields[5];
-
-      if (strlen (create_time) == 0)
-	create_time = NULL;
-      else
-	{
-	  char *create_time_orig = create_time;
-	  struct tm tm;
-	  time_t t;
-	  char *end;
-
-	  memset (&tm, 0, sizeof (tm));
-
-	  /* parse_timestamp handles both seconds fromt he epoch and
-	     ISO 8601 format.  We also need to handle YYYY-MM-DD
-	     format (as generated by gpg1 --with-colons --list-key).
-	     Check that first and then if it fails, then try
-	     parse_timestamp.  */
-
-	  if (!isodate_human_to_tm (create_time, &tm))
-	    create_time = tm2ldaptime (&tm);
-	  else if ((t = parse_timestamp (create_time, &end)) != (time_t) -1
-		   && *end == '\0')
-	    {
-
-	      if (!gnupg_gmtime (&t, &tm))
-		create_time = NULL;
-	      else
-		create_time = tm2ldaptime (&tm);
-	    }
-	  else
-	    create_time = NULL;
-
-	  if (! create_time)
-	    /* Failed to parse string.  */
-	    log_error ("Failed to parse creation time ('%s')",
-		       create_time_orig);
-	}
-
-      if (create_time)
-	{
-	  modlist_add (modlist, "pgpKeyCreateTime", create_time);
-	  xfree (create_time);
-	}
-    }
-
-  if (is_pub)
-    {
-      char *expire_time = fields[6];
-
-      if (strlen (expire_time) == 0)
-	expire_time = NULL;
-      else
-	{
-	  char *expire_time_orig = expire_time;
-	  struct tm tm;
-	  time_t t;
-	  char *end;
-
-	  memset (&tm, 0, sizeof (tm));
-
-	  /* parse_timestamp handles both seconds fromt he epoch and
-	     ISO 8601 format.  We also need to handle YYYY-MM-DD
-	     format (as generated by gpg1 --with-colons --list-key).
-	     Check that first and then if it fails, then try
-	     parse_timestamp.  */
-
-	  if (!isodate_human_to_tm (expire_time, &tm))
-	    expire_time = tm2ldaptime (&tm);
-	  else if ((t = parse_timestamp (expire_time, &end)) != (time_t) -1
-		   && *end == '\0')
-	    {
-	      if (!gnupg_gmtime (&t, &tm))
-		expire_time = NULL;
-	      else
-		expire_time = tm2ldaptime (&tm);
-	    }
-	  else
-	    expire_time = NULL;
-
-	  if (! expire_time)
-	    /* Failed to parse string.  */
-	    log_error ("Failed to parse creation time ('%s')",
-		       expire_time_orig);
-	}
-
-      if (expire_time)
-	{
-	  modlist_add (modlist, "pgpKeyExpireTime", expire_time);
-	  xfree (expire_time);
-	}
-    }
-
-  if ((is_uid || is_pub) && field_count >= 10)
-    {
-      char *uid = fields[9];
-
-      if (is_pub && strlen (uid) == 0)
-	/* When using gpg --list-keys, the uid is included.  When
-	   passed via gpg, it is not.  It is important to process it
-	   when it is present, because gpg 1 won't print a UID record
-	   if there is only one key.  */
-	;
-      else
-	{
-	  uncescape (uid);
-	  modlist_add (modlist, "pgpUserID", uid);
-	}
-    }
-
- out:
-  free (fields);
-}
-
-/* Send the key in {KEY,KEYLEN} with the metadata {INFO,INFOLEN} to
-   the keyserver identified by URI.  See server.c:cmd_ks_put for the
-   format of the data and metadata.  */
-gpg_error_t
-ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
-	     void *data, size_t datalen,
-	     void *info, size_t infolen)
-{
-  gpg_error_t err = 0;
-  int ldap_err;
-
-  LDAP *ldap_conn = NULL;
-  char *basedn = NULL;
-  char *pgpkeyattr = NULL;
-  int real_ldap;
-
-  LDAPMod **modlist = NULL;
-  LDAPMod **addlist = NULL;
-
-  char *data_armored = NULL;
-
-  /* The last byte of the info block.  */
-  const char *infoend = (const char *) info + infolen - 1;
-
-  /* Enable this code to dump the modlist to /tmp/modlist.txt.  */
-#if 0
-# warning Disable debug code before checking in.
-  const int dump_modlist = 1;
-#else
-  const int dump_modlist = 0;
-#endif
-  estream_t dump = NULL;
-
-  /* Elide a warning.  */
-  (void) ctrl;
-
-  ldap_err = my_ldap_connect (uri,
-                              &ldap_conn, &basedn, &pgpkeyattr, &real_ldap);
-  if (ldap_err || !basedn)
-    {
-      if (ldap_err)
-	err = ldap_err_to_gpg_err (ldap_err);
-      else
-	err = GPG_ERR_GENERAL;
-      goto out;
-    }
-
-  if (! real_ldap)
-    /* We appear to have an OpenPGP Keyserver, which can unpack the key
-       on its own (not just a dumb LDAP server).  */
-    {
-      LDAPMod mod, *attrs[2];
-      char *key[] = { data, NULL };
-      char *dn;
-
-      memset (&mod, 0, sizeof (mod));
-      mod.mod_op = LDAP_MOD_ADD;
-      mod.mod_type = pgpkeyattr;
-      mod.mod_values = key;
-      attrs[0] = &mod;
-      attrs[1] = NULL;
-
-      dn = xasprintf ("pgpCertid=virtual,%s", basedn);
-      ldap_err = ldap_add_s (ldap_conn, dn, attrs);
-      xfree (dn);
-
-      if (ldap_err != LDAP_SUCCESS)
-	{
-	  err = ldap_err_to_gpg_err (err);
-	  goto out;
-	}
-
-      goto out;
-    }
-
-  modlist = xmalloc (sizeof (LDAPMod *));
-  *modlist = NULL;
-
-  if (dump_modlist)
-    {
-      dump = es_fopen("/tmp/modlist.txt", "w");
-      if (! dump)
-	log_error ("Failed to open /tmp/modlist.txt: %s\n",
-		   strerror (errno));
-
-      if (dump)
-	{
-	  es_fprintf(dump, "data (%zd bytes)\n", datalen);
-	  es_fprintf(dump, "info (%zd bytes): '\n", infolen);
-	  es_fwrite(info, infolen, 1, dump);
-	  es_fprintf(dump, "'\n");
-	}
-    }
-
-  /* Start by nulling out all attributes.  We try and do a modify
-     operation first, so this ensures that we don't leave old
-     attributes lying around. */
-  modlist_add (&modlist, "pgpDisabled", NULL);
-  modlist_add (&modlist, "pgpKeyID", NULL);
-  modlist_add (&modlist, "pgpKeyType", NULL);
-  modlist_add (&modlist, "pgpUserID", NULL);
-  modlist_add (&modlist, "pgpKeyCreateTime", NULL);
-  modlist_add (&modlist, "pgpSignerID", NULL);
-  modlist_add (&modlist, "pgpRevoked", NULL);
-  modlist_add (&modlist, "pgpSubKeyID", NULL);
-  modlist_add (&modlist, "pgpKeySize", NULL);
-  modlist_add (&modlist, "pgpKeyExpireTime", NULL);
-  modlist_add (&modlist, "pgpCertID", NULL);
-
-  /* Assemble the INFO stuff into LDAP attributes */
-
-  while (infolen > 0)
-    {
-      char *temp = NULL;
-
-      char *newline = memchr (info, '\n', infolen);
-      if (! newline)
-	/* The last line is not \n terminated!  Make a copy so we can
-	   add a NUL terminator.  */
-	{
-	  temp = xmalloc (infolen + 1);
-	  memcpy (temp, info, infolen);
-	  info = temp;
-	  newline = (char *) info + infolen;
-	}
-
-      *newline = '\0';
-
-      extract_attributes (&modlist, info);
-
-      infolen = infolen - ((uintptr_t) newline - (uintptr_t) info + 1);
-      info = newline + 1;
-
-      /* Sanity check.  */
-      if (! temp)
-	assert ((char *) info + infolen - 1 == infoend);
-      else
-	{
-	  assert (infolen == -1);
-	  xfree (temp);
-	}
-    }
-
-  modlist_add (&addlist, "objectClass", "pgpKeyInfo");
-
-  err = armor_data (&data_armored, data, datalen);
-  if (err)
-    goto out;
-
-  modlist_add (&addlist, pgpkeyattr, data_armored);
-
-  /* Now append addlist onto modlist.  */
-  modlists_join (&modlist, addlist);
-
-  if (dump)
-    {
-      estream_t input = modlist_dump (modlist, NULL);
-      if (input)
-        {
-          copy_stream (input, dump);
-          es_fclose (input);
-        }
-    }
-
-  /* Going on the assumption that modify operations are more frequent
-     than adds, we try a modify first.  If it's not there, we just
-     turn around and send an add command for the same key.  Otherwise,
-     the modify brings the server copy into compliance with our copy.
-     Note that unlike the LDAP keyserver (and really, any other
-     keyserver) this does NOT merge signatures, but replaces the whole
-     key.  This should make some people very happy. */
-  {
-    char **certid;
-    char *dn;
-
-    certid = modlist_lookup (modlist, "pgpCertID");
-    if (/* We should have a value.  */
-	! certid
-	/* Exactly one.  */
-	|| !(certid[0] && !certid[1]))
-      {
-	log_error ("Bad certid.\n");
-	err = GPG_ERR_GENERAL;
-	goto out;
-      }
-
-    dn = xasprintf ("pgpCertID=%s,%s", certid[0], basedn);
-
-    err = ldap_modify_s (ldap_conn, dn, modlist);
-    if (err == LDAP_NO_SUCH_OBJECT)
-      err = ldap_add_s (ldap_conn, dn, addlist);
-
-    xfree (dn);
-
-    if (err != LDAP_SUCCESS)
-      {
-	log_error ("gpgkeys: error adding key to keyserver: %s\n",
-		   ldap_err2string (err));
-	err = ldap_err_to_gpg_err (err);
-      }
-  }
-
- out:
-  if (dump)
-    es_fclose (dump);
-
-  if (ldap_conn)
-    ldap_unbind (ldap_conn);
-
-  xfree (basedn);
-  xfree (pgpkeyattr);
-
-  modlist_free (modlist);
-  xfree (addlist);
-
-  xfree (data_armored);
-
-  return err;
-}
diff -Nru gnupg2-2.1.6/dirmngr/ldap.c gnupg2-2.0.28/dirmngr/ldap.c
--- gnupg2-2.1.6/dirmngr/ldap.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ldap.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,844 +0,0 @@
-/* ldap.c - LDAP access
- * Copyright (C) 2002 Klarälvdalens Datakonsult AB
- * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2010 g10 Code GmbH
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "exechelp.h"
-#include "crlfetch.h"
-#include "ldapserver.h"
-#include "misc.h"
-#include "ldap-wrapper.h"
-#include "host2net.h"
-
-
-#define UNENCODED_URL_CHARS "abcdefghijklmnopqrstuvwxyz"   \
-                            "ABCDEFGHIJKLMNOPQRSTUVWXYZ"   \
-                            "01234567890"                  \
-                            "$-_.+!*'(),"
-#define USERCERTIFICATE "userCertificate"
-#define CACERTIFICATE   "caCertificate"
-#define X509CACERT      "x509caCert"
-#define USERSMIMECERTIFICATE "userSMIMECertificate"
-
-
-/* Definition for the context of the cert fetch functions. */
-struct cert_fetch_context_s
-{
-  ksba_reader_t reader;  /* The reader used (shallow copy). */
-  unsigned char *tmpbuf; /* Helper buffer.  */
-  size_t tmpbufsize;     /* Allocated size of tmpbuf.  */
-  int truncated;         /* Flag to indicate a truncated output.  */
-};
-
-
-
-
-/* Add HOST and PORT to our list of LDAP servers.  Fixme: We should
-   better use an extra list of servers. */
-static void
-add_server_to_servers (const char *host, int port)
-{
-  ldap_server_t server;
-  ldap_server_t last = NULL;
-  const char *s;
-
-  if (!port)
-    port = 389;
-
-  for (server=opt.ldapservers; server; server = server->next)
-    {
-      if (!strcmp (server->host, host) && server->port == port)
-	  return; /* already in list... */
-      last = server;
-    }
-
-  /* We assume that the host names are all supplied by our
-     configuration files and thus are sane.  To keep this assumption
-     we must reject all invalid host names. */
-  for (s=host; *s; s++)
-    if (!strchr ("abcdefghijklmnopqrstuvwxyz"
-                 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-                 "01234567890.-", *s))
-      {
-        log_error (_("invalid char 0x%02x in host name - not added\n"), *s);
-        return;
-      }
-
-  log_info (_("adding '%s:%d' to the ldap server list\n"), host, port);
-  server = xtrycalloc (1, sizeof *s);
-  if (!server)
-    log_error (_("malloc failed: %s\n"), strerror (errno));
-  else
-    {
-      server->host = xstrdup (host);
-      server->port = port;
-      if (last)
-        last->next = server;
-      else
-        opt.ldapservers = server;
-    }
-}
-
-
-
-
-/* Perform an LDAP query.  Returns an gpg error code or 0 on success.
-   The function returns a new reader object at READER. */
-static gpg_error_t
-run_ldap_wrapper (ctrl_t ctrl,
-                  int ignore_timeout,
-                  int multi_mode,
-                  const char *proxy,
-                  const char *host, int port,
-                  const char *user, const char *pass,
-                  const char *dn, const char *filter, const char *attr,
-                  const char *url,
-                  ksba_reader_t *reader)
-{
-  const char *argv[40];
-  int argc;
-  char portbuf[30], timeoutbuf[30];
-
-
-  *reader = NULL;
-
-  argc = 0;
-  if (pass)  /* Note, that the password must be the first item.  */
-    {
-      argv[argc++] = "--pass";
-      argv[argc++] = pass;
-    }
-  if (opt.verbose)
-    argv[argc++] = "-vv";
-  argv[argc++] = "--log-with-pid";
-  if (multi_mode)
-    argv[argc++] = "--multi";
-  if (opt.ldaptimeout)
-    {
-      sprintf (timeoutbuf, "%u", opt.ldaptimeout);
-      argv[argc++] = "--timeout";
-      argv[argc++] = timeoutbuf;
-      if (ignore_timeout)
-        argv[argc++] = "--only-search-timeout";
-    }
-  if (proxy)
-    {
-      argv[argc++] = "--proxy";
-      argv[argc++] = proxy;
-    }
-  if (host)
-    {
-      argv[argc++] = "--host";
-      argv[argc++] = host;
-    }
-  if (port)
-    {
-      sprintf (portbuf, "%d", port);
-      argv[argc++] = "--port";
-      argv[argc++] = portbuf;
-    }
-  if (user)
-    {
-      argv[argc++] = "--user";
-      argv[argc++] = user;
-    }
-  if (dn)
-    {
-      argv[argc++] = "--dn";
-      argv[argc++] = dn;
-    }
-  if (filter)
-    {
-      argv[argc++] = "--filter";
-      argv[argc++] = filter;
-    }
-  if (attr)
-    {
-      argv[argc++] = "--attr";
-      argv[argc++] = attr;
-    }
-  argv[argc++] = url? url : "ldap://";
-  argv[argc] = NULL;
-
-  return ldap_wrapper (ctrl, reader, argv);
-}
-
-
-
-
-/* Perform a LDAP query using a given URL. On success a new ksba
-   reader is returned.  If HOST or PORT are not 0, they are used to
-   override the values from the URL. */
-gpg_error_t
-url_fetch_ldap (ctrl_t ctrl, const char *url, const char *host, int port,
-                ksba_reader_t *reader)
-{
-  gpg_error_t err;
-
-  err = run_ldap_wrapper (ctrl,
-                          1, /* Ignore explicit timeout because CRLs
-                                might be very large. */
-                          0,
-                          opt.ldap_proxy,
-                          host, port,
-                          NULL, NULL,
-                          NULL, NULL, NULL, url,
-                          reader);
-
-  /* FIXME: This option might be used for DoS attacks.  Because it
-     will enlarge the list of servers to consult without a limit and
-     all LDAP queries w/o a host are will then try each host in
-     turn. */
-  if (!err && opt.add_new_ldapservers && !opt.ldap_proxy)
-    {
-      if (host)
-        add_server_to_servers (host, port);
-      else if (url)
-        {
-          char *tmp = host_and_port_from_url (url, &port);
-          if (tmp)
-            {
-              add_server_to_servers (tmp, port);
-              xfree (tmp);
-            }
-        }
-    }
-
-  /* If the lookup failed and we are not only using the proxy, we try
-     again using our default list of servers.  */
-  if (err && !(opt.ldap_proxy && opt.only_ldap_proxy))
-    {
-      struct ldapserver_iter iter;
-
-      if (DBG_LOOKUP)
-        log_debug ("no hostname in URL or query failed; "
-                   "trying all default hostnames\n");
-
-      for (ldapserver_iter_begin (&iter, ctrl);
-	   err && ! ldapserver_iter_end_p (&iter);
-	   ldapserver_iter_next (&iter))
-        {
-	  ldap_server_t server = iter.server;
-
-          err = run_ldap_wrapper (ctrl,
-                                  0,
-                                  0,
-                                  NULL,
-                                  server->host, server->port,
-                                  NULL, NULL,
-                                  NULL, NULL, NULL, url,
-                                  reader);
-          if (!err)
-            break;
-        }
-    }
-
-  return err;
-}
-
-
-
-/* Perform an LDAP query on all configured servers.  On error the
-   error code of the last try is returned.  */
-gpg_error_t
-attr_fetch_ldap (ctrl_t ctrl,
-                 const char *dn, const char *attr, ksba_reader_t *reader)
-{
-  gpg_error_t err = gpg_error (GPG_ERR_CONFIGURATION);
-  struct ldapserver_iter iter;
-
-  *reader = NULL;
-
-  /* FIXME; we might want to look at the Base SN to try matching
-     servers first. */
-  for (ldapserver_iter_begin (&iter, ctrl); ! ldapserver_iter_end_p (&iter);
-       ldapserver_iter_next (&iter))
-    {
-      ldap_server_t server = iter.server;
-
-      err = run_ldap_wrapper (ctrl,
-                              0,
-                              0,
-                              opt.ldap_proxy,
-                              server->host, server->port,
-                              server->user, server->pass,
-                              dn, "objectClass=*", attr, NULL,
-                              reader);
-      if (!err)
-        break; /* Probably found a result. Ready. */
-    }
-  return err;
-}
-
-
-/* Parse PATTERN and return a new strlist to be used for the actual
-   LDAP query.  Bit 0 of the flags field is set if that pattern is
-   actually a base specification.  Caller must release the returned
-   strlist.  NULL is returned on error.
-
- * Possible patterns:
- *
- *   KeyID
- *   Fingerprint
- *   OpenPGP userid
- * x Email address  Indicated by a left angle bracket.
- *   Exact word match in user id or subj. name
- * x Subj. DN  indicated bu a leading slash
- *   Issuer DN
- *   Serial number + subj. DN
- * x Substring match indicated by a leading '*; is also the default.
- */
-
-strlist_t
-parse_one_pattern (const char *pattern)
-{
-  strlist_t result = NULL;
-  char *p;
-
-  switch (*pattern)
-    {
-    case '<':			/* Email. */
-      {
-        pattern++;
-	result = xmalloc (sizeof *result + 5 + strlen (pattern));
-        result->next = NULL;
-        result->flags = 0;
-	p = stpcpy (stpcpy (result->d, "mail="), pattern);
-	if (p[-1] == '>')
-	  *--p = 0;
-        if (!*result->d) /* Error. */
-          {
-            xfree (result);
-            result = NULL;
-          }
-	break;
-      }
-    case '/':			/* Subject DN. */
-      pattern++;
-      if (*pattern)
-        {
-          result = xmalloc (sizeof *result + strlen (pattern));
-          result->next = NULL;
-          result->flags = 1; /* Base spec. */
-          strcpy (result->d, pattern);
-        }
-      break;
-    case '#':			/* Issuer DN. */
-      pattern++;
-      if (*pattern == '/')  /* Just issuer DN. */
-        {
-          pattern++;
-	}
-      else  /* Serial number + issuer DN */
-	{
-        }
-      break;
-    case '*':
-      pattern++;
-    default:			/* Take as substring match. */
-      {
-	const char format[] = "(|(sn=*%s*)(|(cn=*%s*)(mail=*%s*)))";
-
-        if (*pattern)
-          {
-            result = xmalloc (sizeof *result
-                              + strlen (format) + 3 * strlen (pattern));
-            result->next = NULL;
-            result->flags = 0;
-            sprintf (result->d, format, pattern, pattern, pattern);
-          }
-      }
-      break;
-    }
-
-  return result;
-}
-
-/* Take the string STRING and escape it accoring to the URL rules.
-   Retun a newly allocated string. */
-static char *
-escape4url (const char *string)
-{
-  const char *s;
-  char *buf, *p;
-  size_t n;
-
-  if (!string)
-    string = "";
-
-  for (s=string,n=0; *s; s++)
-    if (strchr (UNENCODED_URL_CHARS, *s))
-      n++;
-    else
-      n += 3;
-
-  buf = malloc (n+1);
-  if (!buf)
-    return NULL;
-
-  for (s=string,p=buf; *s; s++)
-    if (strchr (UNENCODED_URL_CHARS, *s))
-      *p++ = *s;
-    else
-      {
-        sprintf (p, "%%%02X", *(const unsigned char *)s);
-        p += 3;
-      }
-  *p = 0;
-
-  return buf;
-}
-
-
-
-/* Create a LDAP URL from DN and FILTER and return it in URL.  We don't
-   need the host and port because this will be specified using the
-   override options. */
-static gpg_error_t
-make_url (char **url, const char *dn, const char *filter)
-{
-  gpg_error_t err;
-  char *u_dn, *u_filter;
-  char const attrs[] = (USERCERTIFICATE ","
-/*                         USERSMIMECERTIFICATE "," */
-                        CACERTIFICATE ","
-                        X509CACERT );
-
-  *url = NULL;
-
-  u_dn = escape4url (dn);
-  if (!u_dn)
-      return gpg_error_from_errno (errno);
-
-  u_filter = escape4url (filter);
-  if (!u_filter)
-    {
-      err = gpg_error_from_errno (errno);
-      xfree (u_dn);
-      return err;
-    }
-  *url = malloc ( 8 + strlen (u_dn)
-                 + 1 + strlen (attrs)
-                 + 5 + strlen (u_filter) + 1 );
-  if (!*url)
-    {
-      err = gpg_error_from_errno (errno);
-      xfree (u_dn);
-      xfree (u_filter);
-      return err;
-    }
-
-  stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (*url, "ldap:///"),
-                                          u_dn),
-                                  "?"),
-                          attrs),
-                  "?sub?"),
-          u_filter);
-  xfree (u_dn);
-  xfree (u_filter);
-  return 0;
-}
-
-
-/* Prepare an LDAP query to return the attribute ATTR for the DN.  All
-   configured default servers are queried until one responds.  This
-   function returns an error code or 0 and a CONTEXT on success. */
-gpg_error_t
-start_default_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
-                          const char *dn, const char *attr)
-{
-  gpg_error_t err;
-  struct ldapserver_iter iter;
-
-  *context = xtrycalloc (1, sizeof **context);
-  if (!*context)
-    return gpg_error_from_errno (errno);
-
-  /* FIXME; we might want to look at the Base SN to try matching
-     servers first. */
-  err = gpg_error (GPG_ERR_CONFIGURATION);
-
-  for (ldapserver_iter_begin (&iter, ctrl); ! ldapserver_iter_end_p (&iter);
-       ldapserver_iter_next (&iter))
-    {
-      ldap_server_t server = iter.server;
-
-      err = run_ldap_wrapper (ctrl,
-                              0,
-                              1,
-                              opt.ldap_proxy,
-                              server->host, server->port,
-                              server->user, server->pass,
-                              dn, "objectClass=*", attr, NULL,
-                              &(*context)->reader);
-      if (!err)
-        break; /* Probably found a result. */
-    }
-
-  if (err)
-    {
-      xfree (*context);
-      *context = NULL;
-    }
-  return err;
-}
-
-
-/* Prepare an LDAP query to return certificates maching PATTERNS using
-   the SERVER.  This function returns an error code or 0 and a CONTEXT
-   on success. */
-gpg_error_t
-start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
-                       strlist_t patterns, const ldap_server_t server)
-{
-  gpg_error_t err;
-  const char *host;
-  int port;
-  const char *user;
-  const char *pass;
-  const char *base;
-  const char *argv[50];
-  int argc;
-  char portbuf[30], timeoutbuf[30];
-
-
-  *context = NULL;
-  if (server)
-    {
-      host = server->host;
-      port = server->port;
-      user = server->user;
-      pass = server->pass;
-      base = server->base;
-    }
-  else /* Use a default server. */
-    return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-
-  if (!base)
-    base = "";
-
-  argc = 0;
-  if (pass) /* Note: Must be the first item. */
-    {
-      argv[argc++] = "--pass";
-      argv[argc++] = pass;
-    }
-  if (opt.verbose)
-    argv[argc++] = "-vv";
-  argv[argc++] = "--log-with-pid";
-  argv[argc++] = "--multi";
-  if (opt.ldaptimeout)
-    {
-      sprintf (timeoutbuf, "%u", opt.ldaptimeout);
-      argv[argc++] = "--timeout";
-      argv[argc++] = timeoutbuf;
-    }
-  if (opt.ldap_proxy)
-    {
-      argv[argc++] = "--proxy";
-      argv[argc++] = opt.ldap_proxy;
-    }
-  if (host)
-    {
-      argv[argc++] = "--host";
-      argv[argc++] = host;
-    }
-  if (port)
-    {
-      sprintf (portbuf, "%d", port);
-      argv[argc++] = "--port";
-      argv[argc++] = portbuf;
-    }
-  if (user)
-    {
-      argv[argc++] = "--user";
-      argv[argc++] = user;
-    }
-
-
-  for (; patterns; patterns = patterns->next)
-    {
-      strlist_t sl;
-      char *url;
-
-      if (argc >= DIM (argv) - 1)
-        {
-          /* Too many patterns.  It does not make sense to allow an
-             arbitrary number of patters because the length of the
-             command line is limited anyway.  */
-          /* fixme: cleanup. */
-          return gpg_error (GPG_ERR_RESOURCE_LIMIT);
-        }
-      sl = parse_one_pattern (patterns->d);
-      if (!sl)
-        {
-          log_error (_("start_cert_fetch: invalid pattern '%s'\n"),
-                     patterns->d);
-          /* fixme: cleanup argv.  */
-          return gpg_error (GPG_ERR_INV_USER_ID);
-        }
-      if ((sl->flags & 1))
-        err = make_url (&url, sl->d, "objectClass=*");
-      else
-        err = make_url (&url, base, sl->d);
-      free_strlist (sl);
-      if (err)
-        {
-          /* fixme: cleanup argv. */
-          return err;
-        }
-      argv[argc++] = url;
-    }
-  argv[argc] = NULL;
-
-  *context = xtrycalloc (1, sizeof **context);
-  if (!*context)
-    return gpg_error_from_errno (errno);
-
-  err = ldap_wrapper (ctrl, &(*context)->reader, argv);
-
-  if (err)
-    {
-      xfree (*context);
-      *context = NULL;
-    }
-
-  return err;
-}
-
-
-/* Read a fixed amount of data from READER into BUFFER.  */
-static gpg_error_t
-read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
-{
-  gpg_error_t err;
-  size_t nread;
-
-  while (count)
-    {
-      err = ksba_reader_read (reader, buffer, count, &nread);
-      if (err)
-        return err;
-      buffer += nread;
-      count -= nread;
-    }
-  return 0;
-}
-
-
-/* Fetch the next certificate. Return 0 on success, GPG_ERR_EOF if no
-   (more) certificates are available or any other error
-   code. GPG_ERR_TRUNCATED may be returned to indicate that the result
-   has been truncated. */
-gpg_error_t
-fetch_next_cert_ldap (cert_fetch_context_t context,
-                      unsigned char **value, size_t *valuelen)
-{
-  gpg_error_t err;
-  unsigned char hdr[5];
-  char *p, *pend;
-  unsigned long n;
-  int okay = 0;
-  /* int is_cms = 0; */
-
-  *value = NULL;
-  *valuelen = 0;
-
-  err = 0;
-  while (!err)
-    {
-      err = read_buffer (context->reader, hdr, 5);
-      if (err)
-        break;
-      n = buf32_to_ulong (hdr+1);
-      if (*hdr == 'V' && okay)
-        {
-#if 0  /* That code is not yet ready.  */
-
-          if (is_cms)
-            {
-              /* The certificate needs to be parsed from CMS data. */
-              ksba_cms_t cms;
-              ksba_stop_reason_t stopreason;
-              int i;
-
-              err = ksba_cms_new (&cms);
-              if (err)
-                goto leave;
-              err = ksba_cms_set_reader_writer (cms, context->reader, NULL);
-              if (err)
-                {
-                  log_error ("ksba_cms_set_reader_writer failed: %s\n",
-                             gpg_strerror (err));
-                  goto leave;
-                }
-
-              do
-                {
-                  err = ksba_cms_parse (cms, &stopreason);
-                  if (err)
-                    {
-                      log_error ("ksba_cms_parse failed: %s\n",
-                                 gpg_strerror (err));
-                      goto leave;
-                    }
-
-                  if (stopreason == KSBA_SR_BEGIN_DATA)
-                    log_error ("userSMIMECertificate is not "
-                               "a certs-only message\n");
-                }
-              while (stopreason != KSBA_SR_READY);
-
-              for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
-                {
-                  check_and_store (ctrl, stats, cert, 0);
-                  ksba_cert_release (cert);
-                  cert = NULL;
-                }
-              if (!i)
-                log_error ("no certificate found\n");
-              else
-                any = 1;
-            }
-          else
-#endif
-            {
-              *value = xtrymalloc (n);
-              if (!*value)
-                return gpg_error_from_errno (errno);
-              *valuelen = n;
-              err = read_buffer (context->reader, *value, n);
-              break; /* Ready or error.  */
-            }
-        }
-      else if (!n && *hdr == 'A')
-        okay = 0;
-      else if (n)
-        {
-          if (n > context->tmpbufsize)
-            {
-              xfree (context->tmpbuf);
-              context->tmpbufsize = 0;
-              context->tmpbuf = xtrymalloc (n+1);
-              if (!context->tmpbuf)
-                return gpg_error_from_errno (errno);
-              context->tmpbufsize = n;
-            }
-          err = read_buffer (context->reader, context->tmpbuf, n);
-          if (err)
-            break;
-          if (*hdr == 'A')
-            {
-              p = context->tmpbuf;
-              p[n] = 0; /*(we allocated one extra byte for this.)*/
-              /* fixme: is_cms = 0; */
-              if ( (pend = strchr (p, ';')) )
-                *pend = 0; /* Strip off the extension. */
-              if (!ascii_strcasecmp (p, USERCERTIFICATE))
-                {
-                  if (DBG_LOOKUP)
-                    log_debug ("fetch_next_cert_ldap: got attribute '%s'\n",
-                               USERCERTIFICATE);
-                  okay = 1;
-                }
-              else if (!ascii_strcasecmp (p, CACERTIFICATE))
-                {
-                  if (DBG_LOOKUP)
-                    log_debug ("fetch_next_cert_ldap: got attribute '%s'\n",
-                               CACERTIFICATE);
-                  okay = 1;
-                }
-              else if (!ascii_strcasecmp (p, X509CACERT))
-                {
-                  if (DBG_LOOKUP)
-                    log_debug ("fetch_next_cert_ldap: got attribute '%s'\n",
-                               CACERTIFICATE);
-                  okay = 1;
-                }
-/*               else if (!ascii_strcasecmp (p, USERSMIMECERTIFICATE)) */
-/*                 { */
-/*                   if (DBG_LOOKUP) */
-/*                     log_debug ("fetch_next_cert_ldap: got attribute '%s'\n", */
-/*                                USERSMIMECERTIFICATE); */
-/*                   okay = 1; */
-/*                   is_cms = 1; */
-/*                 } */
-              else
-                {
-                  if (DBG_LOOKUP)
-                    log_debug ("fetch_next_cert_ldap: got attribute '%s'"
-                               " -  ignored\n", p);
-                  okay = 0;
-                }
-            }
-          else if (*hdr == 'E')
-            {
-              p = context->tmpbuf;
-              p[n] = 0; /*(we allocated one extra byte for this.)*/
-              if (!strcmp (p, "truncated"))
-                {
-                  context->truncated = 1;
-                  log_info (_("ldap_search hit the size limit of"
-                              " the server\n"));
-                }
-            }
-        }
-    }
-
-  if (err)
-    {
-      xfree (*value);
-      *value = NULL;
-      *valuelen = 0;
-      if (gpg_err_code (err) == GPG_ERR_EOF && context->truncated)
-        {
-          context->truncated = 0; /* So that the next call would return EOF. */
-          err = gpg_error (GPG_ERR_TRUNCATED);
-        }
-    }
-
-  return err;
-}
-
-
-void
-end_cert_fetch_ldap (cert_fetch_context_t context)
-{
-  if (context)
-    {
-      ksba_reader_t reader = context->reader;
-
-      xfree (context->tmpbuf);
-      xfree (context);
-      ldap_wrapper_release_context (reader);
-      ksba_reader_release (reader);
-    }
-}
diff -Nru gnupg2-2.1.6/dirmngr/ldap-parse-uri.c gnupg2-2.0.28/dirmngr/ldap-parse-uri.c
--- gnupg2-2.1.6/dirmngr/ldap-parse-uri.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ldap-parse-uri.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,246 +0,0 @@
-/* ldap-parse-uri.c - Parse an LDAP URI.
- * Copyright (C) 2015  g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include 
-
-#ifdef HAVE_W32_SYSTEM
-# include "ldap-url.h"
-#else
-# include 
-#endif
-
-#include "util.h"
-#include "http.h"
-
-/* Returns 1 if the string is an LDAP URL (begins with ldap:, ldaps:
-   or ldapi:).  */
-int
-ldap_uri_p (const char *url)
-{
-  char *colon = strchr (url, ':');
-  if (! colon)
-    return 0;
-  else
-    {
-      int offset = (uintptr_t) colon - (uintptr_t) url;
-
-      if (/* All lower case.  */
-	  (offset == 4 && memcmp (url, "ldap", 4) == 0)
-	  || (offset == 5
-	      && (memcmp (url, "ldaps", 5) == 0
-		  && memcmp (url, "ldapi", 5) == 0))
-	  /* Mixed case.  */
-	  || ((url[0] == 'l' || url[0] == 'L')
-	      && (url[1] == 'd' || url[1] == 'D')
-	      && (url[2] == 'a' || url[2] == 'A')
-	      && (url[3] == 'p' || url[3] == 'P')
-	      && (url[4] == ':'
-		  || ((url[4] == 's' || url[4] == 'S'
-		       || url[4] == 'i' || url[4] == 'i')
-		      && url[5] == ':'))))
-	return 1;
-      return 0;
-    }
-}
-
-/* Parse a URI and put the result into *purip.  On success the
-   caller must use http_release_parsed_uri() to releases the resources.
-
-   uri->path is the base DN (or NULL for the default).
-   uri->auth is the bindname (or NULL for none).
-   The uri->query variable "password" is the password.
-
-   Note: any specified scope, any attributes, any filter and any
-   unknown extensions are simply ignored.  */
-gpg_error_t
-ldap_parse_uri (parsed_uri_t *purip, const char *uri)
-{
-  gpg_err_code_t err = 0;
-  parsed_uri_t puri = NULL;
-
-  int result;
-  LDAPURLDesc *lud = NULL;
-
-  char *scheme = NULL;
-  char *host = NULL;
-  char *dn = NULL;
-  char *bindname = NULL;
-  char *password = NULL;
-
-  char **s;
-
-  char *buffer;
-  int len;
-
-  result = ldap_url_parse (uri, &lud);
-  if (result != 0)
-    {
-      log_error ("Unable to parse LDAP uri '%s'\n", uri);
-      err = GPG_ERR_GENERAL;
-      goto out;
-    }
-
-  scheme = lud->lud_scheme;
-  host = lud->lud_host;
-  dn = lud->lud_dn;
-
-  for (s = lud->lud_exts; s && *s; s ++)
-    {
-      if (strncmp (*s, "bindname=", 9) == 0)
-	{
-	  if (bindname)
-	    log_error ("bindname given multiple times in URL '%s', ignoring.\n",
-		       uri);
-	  else
-	    bindname = *s + 9;
-	}
-      else if (strncmp (*s, "password=", 9) == 0)
-	{
-	  if (password)
-	    log_error ("password given multiple times in URL '%s', ignoring.\n",
-		       uri);
-	  else
-	    password = *s + 9;
-	}
-      else
-	log_error ("Unhandled extension (%s) in URL '%s', ignoring.",
-		   *s, uri);
-    }
-
-  len = 0;
-
-#define add(s) do { if (s) len += strlen (s) + 1; } while (0)
-
-  add (scheme);
-  add (host);
-  add (dn);
-  add (bindname);
-  add (password);
-
-  puri = xtrycalloc (1, sizeof *puri + len);
-  if (! puri)
-    {
-      err = gpg_err_code_from_syserror ();
-      goto out;
-    }
-
-  buffer = puri->buffer;
-
-#define copy(to, s)				\
-  do						\
-    {						\
-      if (s)					\
-	{					\
-	  to = buffer;				\
-	  buffer = stpcpy (buffer, s) + 1;	\
-	}					\
-    }						\
-  while (0)
-
-  copy (puri->scheme, scheme);
-  /* Make sure the scheme is lower case.  */
-  ascii_strlwr (puri->scheme);
-
-  copy (puri->host, host);
-  copy (puri->path, dn);
-  copy (puri->auth, bindname);
-
-  if (password)
-    {
-      puri->query = calloc (sizeof (*puri->query), 1);
-      if (!puri->query)
-        {
-          err = gpg_err_code_from_syserror ();
-          goto out;
-        }
-      puri->query->name = "password";
-      copy (puri->query->value, password);
-      puri->query->valuelen = strlen (password) + 1;
-    }
-
-  puri->use_tls = strcmp (puri->scheme, "ldaps") == 0;
-  puri->port = lud->lud_port;
-
- out:
-  if (lud)
-    ldap_free_urldesc (lud);
-
-  if (err)
-    {
-      if (puri)
-	http_release_parsed_uri (puri);
-    }
-  else
-    *purip = puri;
-
-  return gpg_err_make (default_errsource, err);
-}
-
-/* The following characters need to be escaped to be part of an LDAP
-   filter: *, (, ), \, NUL and /.  Note: we don't handle NUL, since a
-   NUL can't be part of a C string.
-
-   This function always allocates a new string on success.  It is the
-   caller's responsibility to free it.
-*/
-char *
-ldap_escape_filter (const char *filter)
-{
-  int l = strcspn (filter, "*()\\/");
-  if (l == strlen (filter))
-    /* Nothing to escape.  */
-    return xstrdup (filter);
-
-  {
-    /* In the worst case we need to escape every letter.  */
-    char *escaped = xmalloc (1 + 3 * strlen (filter));
-
-    /* Indices into filter and escaped.  */
-    int filter_i = 0;
-    int escaped_i = 0;
-
-    for (filter_i = 0; filter_i < strlen (filter); filter_i ++)
-      {
-	switch (filter[filter_i])
-	  {
-	  case '*':
-	  case '(':
-	  case ')':
-	  case '\\':
-	  case '/':
-	    snprintf (&escaped[escaped_i], 4, "%%%02x",
-                     ((const unsigned char *)filter)[filter_i]);
-	    escaped_i += 3;
-	    break;
-
-	  default:
-	    escaped[escaped_i ++] = filter[filter_i];
-	    break;
-	  }
-      }
-    /* NUL terminate it.  */
-    escaped[escaped_i] = 0;
-
-    /* We could shrink escaped to be just escaped_i bytes, but the
-       result will probably be freed very quickly anyways.  */
-    return escaped;
-  }
-}
diff -Nru gnupg2-2.1.6/dirmngr/ldap-parse-uri.h gnupg2-2.0.28/dirmngr/ldap-parse-uri.h
--- gnupg2-2.1.6/dirmngr/ldap-parse-uri.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ldap-parse-uri.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,33 +0,0 @@
-/* ldap-parse-uri.h - Parse an LDAP URI.
- * Copyright (C) 2015  g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef DIRMNGR_LDAP_PARSE_URI_H
-#define DIRMNGR_LDAP_PARSE_URI_H
-
-#include "util.h"
-#include "http.h"
-
-extern int ldap_uri_p (const char *url);
-
-extern gpg_error_t ldap_parse_uri (parsed_uri_t *ret_uri, const char *uri);
-
-extern char *ldap_escape_filter (const char *filter);
-
-
-#endif
diff -Nru gnupg2-2.1.6/dirmngr/ldapserver.c gnupg2-2.0.28/dirmngr/ldapserver.c
--- gnupg2-2.1.6/dirmngr/ldapserver.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ldapserver.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,132 +0,0 @@
-/* dirmngr.c - LDAP access
-   Copyright (C) 2008 g10 Code GmbH
-
-   This file is part of DirMngr.
-
-   DirMngr is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-
-   DirMngr is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-   02110-1301, USA.  */
-
-#ifdef HAVE_CONFIG_H
-# include 
-#endif
-
-#include "dirmngr.h"
-#include "ldapserver.h"
-
-
-/* Release the list of SERVERS.  As usual it is okay to call this
-   function with SERVERS passed as NULL.  */
-void
-ldapserver_list_free (ldap_server_t servers)
-{
-  while (servers)
-    {
-      ldap_server_t tmp = servers->next;
-      xfree (servers->host);
-      xfree (servers->user);
-      if (servers->pass)
-        memset (servers->pass, 0, strlen (servers->pass));
-      xfree (servers->pass);
-      xfree (servers->base);
-      xfree (servers);
-      servers = tmp;
-    }
-}
-
-
-/* Parse a single LDAP server configuration line.  Returns the server
-   or NULL in case of errors.  The configuration line is assumed to be
-   colon seprated with these fields:
-
-   1. field: Hostname
-   2. field: Portnumber
-   3. field: Username
-   4. field: Password
-   5. field: Base DN
-
-   FILENAME and LINENO are used for diagnostic purposes only.
-*/
-ldap_server_t
-ldapserver_parse_one (char *line,
-		      const char *filename, unsigned int lineno)
-{
-  char *p;
-  char *endp;
-  ldap_server_t server;
-  int fieldno;
-  int fail = 0;
-
-  /* Parse the colon separated fields.  */
-  server = xcalloc (1, sizeof *server);
-  for (fieldno = 1, p = line; p; p = endp, fieldno++ )
-    {
-      endp = strchr (p, ':');
-      if (endp)
-	*endp++ = '\0';
-      trim_spaces (p);
-      switch (fieldno)
-	{
-	case 1:
-	  if (*p)
-	    server->host = xstrdup (p);
-	  else
-	    {
-	      log_error (_("%s:%u: no hostname given\n"),
-			 filename, lineno);
-	      fail = 1;
-	    }
-	  break;
-
-	case 2:
-	  if (*p)
-	    server->port = atoi (p);
-	  break;
-
-	case 3:
-	  if (*p)
-	    server->user = xstrdup (p);
-	  break;
-
-	case 4:
-	  if (*p && !server->user)
-	    {
-	      log_error (_("%s:%u: password given without user\n"),
-			 filename, lineno);
-	      fail = 1;
-	    }
-	  else if (*p)
-	    server->pass = xstrdup (p);
-	  break;
-
-	case 5:
-	  if (*p)
-	    server->base = xstrdup (p);
-	  break;
-
-	default:
-	  /* (We silently ignore extra fields.) */
-	  break;
-	}
-    }
-
-  if (fail)
-    {
-      log_info (_("%s:%u: skipping this line\n"), filename, lineno);
-      ldapserver_list_free (server);
-      server = NULL;
-    }
-
-  return server;
-}
diff -Nru gnupg2-2.1.6/dirmngr/ldapserver.h gnupg2-2.0.28/dirmngr/ldapserver.h
--- gnupg2-2.1.6/dirmngr/ldapserver.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ldapserver.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,90 +0,0 @@
-/* ldapserver.h
-   Copyright (C) 2008 g10 Code GmbH
-
-   This file is part of DirMngr.
-
-   DirMngr is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-
-   DirMngr is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, see .  */
-
-#ifndef LDAPSERVER_H
-#define LDAPSERVER_H
-
-#include "dirmngr.h"
-
-/* Release the list of SERVERS.  As usual it is okay to call this
-   function with SERVERS passed as NULL.  */
-void ldapserver_list_free (ldap_server_t servers);
-
-
-/* Parse a single LDAP server configuration line.  Returns the server
-   or NULL in case of errors.  The configuration line is assumed to be
-   colon separated with these fields:
-
-   1. field: Hostname
-   2. field: Portnumber
-   3. field: Username
-   4. field: Password
-   5. field: Base DN
-
-   FILENAME and LINENO are used for diagnostic purposes only.
-*/
-ldap_server_t ldapserver_parse_one (char *line,
-				    const char *filename, unsigned int lineno);
-
-
-/* Iterate over all servers.  */
-
-struct ldapserver_iter
-{
-  ctrl_t ctrl;
-  enum { LDAPSERVER_SESSION, LDAPSERVER_OPT } group;
-  ldap_server_t server;
-};
-
-
-static inline void
-ldapserver_iter_next (struct ldapserver_iter *iter)
-{
-  if (iter->server)
-    iter->server = iter->server->next;
-
-  if (! iter->server)
-    {
-      if (iter->group == LDAPSERVER_SESSION)
-	{
-	  iter->group = LDAPSERVER_OPT;
-	  iter->server = opt.ldapservers;
-	}
-    }
-}
-
-
-static inline int
-ldapserver_iter_end_p (struct ldapserver_iter *iter)
-{
-  return (iter->group == LDAPSERVER_OPT && iter->server == NULL);
-}
-
-
-static inline void
-ldapserver_iter_begin (struct ldapserver_iter *iter, ctrl_t ctrl)
-{
-  iter->ctrl = ctrl;
-  iter->group = LDAPSERVER_SESSION;
-  iter->server = get_ldapservers_from_ctrl (ctrl);
-
-  while (iter->server == NULL && ! ldapserver_iter_end_p (iter))
-    ldapserver_iter_next (iter);
-}
-
-#endif	/* LDAPSERVER_H */
diff -Nru gnupg2-2.1.6/dirmngr/ldap-url.c gnupg2-2.0.28/dirmngr/ldap-url.c
--- gnupg2-2.1.6/dirmngr/ldap-url.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ldap-url.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,935 +0,0 @@
-/* The following code comes from the OpenLDAP project.  The references
-   to the COPYRIGHT file below refer to the corresponding file in the
-   OpenLDAP distribution, which is reproduced here in full:
-
-Copyright 1998-2004 The OpenLDAP Foundation
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted only as authorized by the OpenLDAP
-Public License.
-
-A copy of this license is available in the file LICENSE in the
-top-level directory of the distribution or, alternatively, at
-.
-
-OpenLDAP is a registered trademark of the OpenLDAP Foundation.
-
-Individual files and/or contributed packages may be copyright by
-other parties and subject to additional restrictions.
-
-This work is derived from the University of Michigan LDAP v3.3
-distribution.  Information concerning this software is available
-at .
-
-This work also contains materials derived from public sources.
-
-Additional information about OpenLDAP can be obtained at
-.
-
----
-
-Portions Copyright 1998-2004 Kurt D. Zeilenga.
-Portions Copyright 1998-2004 Net Boolean Incorporated.
-Portions Copyright 2001-2004 IBM Corporation.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted only as authorized by the OpenLDAP
-Public License.
-
----
-
-Portions Copyright 1999-2003 Howard Y.H. Chu.
-Portions Copyright 1999-2003 Symas Corporation.
-Portions Copyright 1998-2003 Hallvard B. Furuseth.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that this notice is preserved.
-The names of the copyright holders may not be used to endorse or
-promote products derived from this software without their specific
-prior written permission.  This software is provided `'as is''
-without express or implied warranty.
-
----
-
-Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
-All rights reserved.
-
-Redistribution and use in source and binary forms are permitted
-provided that this notice is preserved and that due credit is given
-to the University of Michigan at Ann Arbor.  The name of the
-University may not be used to endorse or promote products derived
-from this software without specific prior written permission.  This
-software is provided `'as is'' without express or implied warranty.  */
-
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include 
-#include 
-#include "ldap-url.h"
-#define LDAP_P(protos)		protos
-#define LDAP_URL_URLCOLON	"URL:"
-#define LDAP_URL_URLCOLON_LEN   (sizeof(LDAP_URL_URLCOLON)-1)
-#define LDAP_URL_PREFIX         "ldap://"
-#define LDAP_URL_PREFIX_LEN     (sizeof(LDAP_URL_PREFIX)-1)
-#define LDAPS_URL_PREFIX        "ldaps://"
-#define LDAPS_URL_PREFIX_LEN    (sizeof(LDAPS_URL_PREFIX)-1)
-#define LDAPI_URL_PREFIX        "ldapi://"
-#define LDAPI_URL_PREFIX_LEN    (sizeof(LDAPI_URL_PREFIX)-1)
-#define LDAP_VFREE(v)           { int _i; for (_i = 0; (v)[_i]; _i++) free((v)[_i]); }
-#define LDAP_FREE		free
-#define LDAP_STRDUP		strdup
-#define LDAP_CALLOC		calloc
-#define LDAP_MALLOC		malloc
-#define LDAP_REALLOC		realloc
-#define ldap_utf8_strchr	strchr
-#define ldap_utf8_strtok(n,d)   strtok (n,d)
-#define Debug(a,b,c,d,e)
-void ldap_pvt_hex_unescape( char *s );
-
-
-#ifndef LDAP_SCOPE_DEFAULT
-# define LDAP_SCOPE_DEFAULT -1
-#endif
-
-
-
-/* $OpenLDAP: pkg/ldap/libraries/libldap/charray.c,v 1.9.2.2 2003/03/03 17:10:04 kurt Exp $ */
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
- */
-/* charray.c - routines for dealing with char * arrays */
-
-int
-ldap_charray_add(
-    char	***a,
-    char	*s
-)
-{
-	int	n;
-
-	if ( *a == NULL ) {
-		*a = (char **) LDAP_MALLOC( 2 * sizeof(char *) );
-		n = 0;
-
-		if( *a == NULL ) {
-			return -1;
-		}
-
-	} else {
-		char **new;
-
-		for ( n = 0; *a != NULL && (*a)[n] != NULL; n++ ) {
-			;	/* NULL */
-		}
-
-		new = (char **) LDAP_REALLOC( (char *) *a,
-		    (n + 2) * sizeof(char *) );
-
-		if( new == NULL ) {
-			/* caller is required to call ldap_charray_free(*a) */
-			return -1;
-		}
-
-		*a = new;
-	}
-
-	(*a)[n] = LDAP_STRDUP(s);
-
-	if( (*a)[n] == NULL ) {
-		return 1;
-	}
-
-	(*a)[++n] = NULL;
-
-	return 0;
-}
-
-int
-ldap_charray_merge(
-    char	***a,
-    char	**s
-)
-{
-	int	i, n, nn;
-	char **aa;
-
-	for ( n = 0; *a != NULL && (*a)[n] != NULL; n++ ) {
-		;	/* NULL */
-	}
-	for ( nn = 0; s[nn] != NULL; nn++ ) {
-		;	/* NULL */
-	}
-
-	aa = (char **) LDAP_REALLOC( (char *) *a, (n + nn + 1) * sizeof(char *) );
-
-	if( aa == NULL ) {
-		return -1;
-	}
-
-	*a = aa;
-
-	for ( i = 0; i < nn; i++ ) {
-		(*a)[n + i] = LDAP_STRDUP(s[i]);
-
-		if( (*a)[n + i] == NULL ) {
-			for( --i ; i >= 0 ; i-- ) {
-				LDAP_FREE( (*a)[n + i] );
-				(*a)[n + i] = NULL;
-			}
-			return -1;
-		}
-	}
-
-	(*a)[n + nn] = NULL;
-	return 0;
-}
-
-void
-ldap_charray_free( char **a )
-{
-	char	**p;
-
-	if ( a == NULL ) {
-		return;
-	}
-
-	for ( p = a; *p != NULL; p++ ) {
-		if ( *p != NULL ) {
-			LDAP_FREE( *p );
-		}
-	}
-
-	LDAP_FREE( (char *) a );
-}
-
-int
-ldap_charray_inlist(
-    char	**a,
-    char	*s
-)
-{
-	int	i;
-
-	if( a == NULL ) return 0;
-
-	for ( i=0; a[i] != NULL; i++ ) {
-		if ( strcasecmp( s, a[i] ) == 0 ) {
-			return 1;
-		}
-	}
-
-	return 0;
-}
-
-char **
-ldap_charray_dup( char **a )
-{
-	int	i;
-	char	**new;
-
-	for ( i = 0; a[i] != NULL; i++ )
-		;	/* NULL */
-
-	new = (char **) LDAP_MALLOC( (i + 1) * sizeof(char *) );
-
-	if( new == NULL ) {
-		return NULL;
-	}
-
-	for ( i = 0; a[i] != NULL; i++ ) {
-		new[i] = LDAP_STRDUP( a[i] );
-
-		if( new[i] == NULL ) {
-			for( --i ; i >= 0 ; i-- ) {
-				LDAP_FREE( new[i] );
-			}
-			LDAP_FREE( new );
-			return NULL;
-		}
-	}
-	new[i] = NULL;
-
-	return( new );
-}
-
-char **
-ldap_str2charray( const char *str_in, const char *brkstr )
-{
-	char	**res;
-	char	*str, *s;
-	int	i;
-
-	/* protect the input string from strtok */
-	str = LDAP_STRDUP( str_in );
-	if( str == NULL ) {
-		return NULL;
-	}
-
-	i = 1;
-	for ( s = str; *s; s++ ) {
-		if ( ldap_utf8_strchr( brkstr, *s ) != NULL ) {
-			i++;
-		}
-	}
-
-	res = (char **) LDAP_MALLOC( (i + 1) * sizeof(char *) );
-
-	if( res == NULL ) {
-		LDAP_FREE( str );
-		return NULL;
-	}
-
-	i = 0;
-
-	for ( s = ldap_utf8_strtok( str, brkstr);
-		s != NULL;
-		s = ldap_utf8_strtok( NULL, brkstr) )
-	{
-		res[i] = LDAP_STRDUP( s );
-
-		if(res[i] == NULL) {
-			for( --i ; i >= 0 ; i-- ) {
-				LDAP_FREE( res[i] );
-			}
-			LDAP_FREE( res );
-			LDAP_FREE( str );
-			return NULL;
-		}
-
-		i++;
-	}
-
-	res[i] = NULL;
-
-	LDAP_FREE( str );
-	return( res );
-}
-
-char * ldap_charray2str( char **a, const char *sep )
-{
-	char *s, **v, *p;
-	int len;
-	int slen;
-
-	if( sep == NULL ) sep = " ";
-
-	slen = strlen( sep );
-	len = 0;
-
-	for ( v = a; *v != NULL; v++ ) {
-		len += strlen( *v ) + slen;
-	}
-
-	if ( len == 0 ) {
-		return NULL;
-	}
-
-	/* trim extra sep len */
-	len -= slen;
-
-	s = LDAP_MALLOC ( len + 1 );
-
-	if ( s == NULL ) {
-		return NULL;
-	}
-
-	p = s;
-	for ( v = a; *v != NULL; v++ ) {
-		if ( v != a ) {
-			strncpy( p, sep, slen );
-			p += slen;
-		}
-
-		len = strlen( *v );
-		strncpy( p, *v, len );
-		p += len;
-	}
-
-	*p = '\0';
-	return s;
-}
-
-
-
-/* $OpenLDAP: pkg/ldap/libraries/libldap/url.c,v 1.64.2.5 2003/03/03 17:10:05 kurt Exp $ */
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
- */
-/*  Portions
- *  Copyright (c) 1996 Regents of the University of Michigan.
- *  All rights reserved.
- *
- *  LIBLDAP url.c -- LDAP URL (RFC 2255) related routines
- *
- *  LDAP URLs look like this:
- *    ldap[is]://host:port[/[dn[?[attributes][?[scope][?[filter][?exts]]]]]]
- *
- *  where:
- *   attributes is a comma separated list
- *   scope is one of these three strings:  base one sub (default=base)
- *   filter is an string-represented filter as in RFC 2254
- *
- *  e.g.,  ldap://host:port/dc=com?o,cn?base?(o=openldap)?extension
- *
- *  We also tolerate URLs that look like:  and 
- */
-
-/* local functions */
-static const char* skip_url_prefix LDAP_P((
-	const char *url,
-	int *enclosedp,
-	const char **scheme ));
-
-int
-ldap_is_ldap_url( LDAP_CONST char *url )
-{
-	int	enclosed;
-	const char * scheme;
-
-	if( url == NULL ) {
-		return 0;
-	}
-
-	if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) {
-		return 0;
-	}
-
-	return 1;
-}
-
-
-static const char*
-skip_url_prefix(
-	const char *url,
-	int *enclosedp,
-	const char **scheme )
-{
-	/*
- 	 * return non-zero if this looks like a LDAP URL; zero if not
- 	 * if non-zero returned, *urlp will be moved past "ldap://" part of URL
- 	 */
-	const char *p;
-
-	if ( url == NULL ) {
-		return( NULL );
-	}
-
-	p = url;
-
-	/* skip leading '<' (if any) */
-	if ( *p == '<' ) {
-		*enclosedp = 1;
-		++p;
-	} else {
-		*enclosedp = 0;
-	}
-
-	/* skip leading "URL:" (if any) */
-	if ( strncasecmp( p, LDAP_URL_URLCOLON, LDAP_URL_URLCOLON_LEN ) == 0 ) {
-		p += LDAP_URL_URLCOLON_LEN;
-	}
-
-	/* check for "ldap://" prefix */
-	if ( strncasecmp( p, LDAP_URL_PREFIX, LDAP_URL_PREFIX_LEN ) == 0 ) {
-		/* skip over "ldap://" prefix and return success */
-		p += LDAP_URL_PREFIX_LEN;
-		*scheme = "ldap";
-		return( p );
-	}
-
-	/* check for "ldaps://" prefix */
-	if ( strncasecmp( p, LDAPS_URL_PREFIX, LDAPS_URL_PREFIX_LEN ) == 0 ) {
-		/* skip over "ldaps://" prefix and return success */
-		p += LDAPS_URL_PREFIX_LEN;
-		*scheme = "ldaps";
-		return( p );
-	}
-
-	/* check for "ldapi://" prefix */
-	if ( strncasecmp( p, LDAPI_URL_PREFIX, LDAPI_URL_PREFIX_LEN ) == 0 ) {
-		/* skip over "ldapi://" prefix and return success */
-		p += LDAPI_URL_PREFIX_LEN;
-		*scheme = "ldapi";
-		return( p );
-	}
-
-#ifdef LDAP_CONNECTIONLESS
-	/* check for "cldap://" prefix */
-	if ( strncasecmp( p, LDAPC_URL_PREFIX, LDAPC_URL_PREFIX_LEN ) == 0 ) {
-		/* skip over "cldap://" prefix and return success */
-		p += LDAPC_URL_PREFIX_LEN;
-		*scheme = "cldap";
-		return( p );
-	}
-#endif
-
-	return( NULL );
-}
-
-
-static int str2scope( const char *p )
-{
-	if ( strcasecmp( p, "one" ) == 0 ) {
-		return LDAP_SCOPE_ONELEVEL;
-
-	} else if ( strcasecmp( p, "onetree" ) == 0 ) {
-		return LDAP_SCOPE_ONELEVEL;
-
-	} else if ( strcasecmp( p, "base" ) == 0 ) {
-		return LDAP_SCOPE_BASE;
-
-	} else if ( strcasecmp( p, "sub" ) == 0 ) {
-		return LDAP_SCOPE_SUBTREE;
-
-	} else if ( strcasecmp( p, "subtree" ) == 0 ) {
-		return LDAP_SCOPE_SUBTREE;
-	}
-
-	return( -1 );
-}
-
-
-int
-ldap_url_parse_ext( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
-{
-/*
- *  Pick apart the pieces of an LDAP URL.
- */
-
-	LDAPURLDesc	*ludp;
-	char	*p, *q, *r;
-	int		i, enclosed;
-	const char *scheme = NULL;
-	const char *url_tmp;
-	char *url;
-
-	if( url_in == NULL || ludpp == NULL ) {
-		return LDAP_URL_ERR_PARAM;
-	}
-
-#ifndef LDAP_INT_IN_KERNEL
-	/* Global options may not be created yet
-	 * We can't test if the global options are initialized
-	 * because a call to LDAP_INT_GLOBAL_OPT() will try to allocate
-	 * the options and cause infinite recursion
-	 */
-#ifdef NEW_LOGGING
-	LDAP_LOG ( OPERATION, ENTRY, "ldap_url_parse_ext(%s)\n", url_in, 0, 0 );
-#else
-	Debug( LDAP_DEBUG_TRACE, "ldap_url_parse_ext(%s)\n", url_in, 0, 0 );
-#endif
-#endif
-
-	*ludpp = NULL;	/* pessimistic */
-
-	url_tmp = skip_url_prefix( url_in, &enclosed, &scheme );
-
-	if ( url_tmp == NULL ) {
-		return LDAP_URL_ERR_BADSCHEME;
-	}
-
-	assert( scheme );
-
-	/* make working copy of the remainder of the URL */
-	url = LDAP_STRDUP( url_tmp );
-	if ( url == NULL ) {
-		return LDAP_URL_ERR_MEM;
-	}
-
-	if ( enclosed ) {
-		p = &url[strlen(url)-1];
-
-		if( *p != '>' ) {
-			LDAP_FREE( url );
-			return LDAP_URL_ERR_BADENCLOSURE;
-		}
-
-		*p = '\0';
-	}
-
-	/* allocate return struct */
-	ludp = (LDAPURLDesc *)LDAP_CALLOC( 1, sizeof( LDAPURLDesc ));
-
-	if ( ludp == NULL ) {
-		LDAP_FREE( url );
-		return LDAP_URL_ERR_MEM;
-	}
-
-	ludp->lud_next = NULL;
-	ludp->lud_host = NULL;
-	ludp->lud_port = 0;
-	ludp->lud_dn = NULL;
-	ludp->lud_attrs = NULL;
-	ludp->lud_filter = NULL;
-	ludp->lud_scope = LDAP_SCOPE_DEFAULT;
-	ludp->lud_filter = NULL;
-	ludp->lud_exts = NULL;
-
-	ludp->lud_scheme = LDAP_STRDUP( scheme );
-
-	if ( ludp->lud_scheme == NULL ) {
-		LDAP_FREE( url );
-		ldap_free_urldesc( ludp );
-		return LDAP_URL_ERR_MEM;
-	}
-
-	/* scan forward for '/' that marks end of hostport and begin. of dn */
-	p = strchr( url, '/' );
-
-	if( p != NULL ) {
-		/* terminate hostport; point to start of dn */
-		*p++ = '\0';
-	}
-
-	/* IPv6 syntax with [ip address]:port */
-	if ( *url == '[' ) {
-		r = strchr( url, ']' );
-		if ( r == NULL ) {
-			LDAP_FREE( url );
-			ldap_free_urldesc( ludp );
-			return LDAP_URL_ERR_BADURL;
-		}
-		*r++ = '\0';
-		q = strchr( r, ':' );
-	} else {
-		q = strchr( url, ':' );
-	}
-
-	if ( q != NULL ) {
-		*q++ = '\0';
-		ldap_pvt_hex_unescape( q );
-
-		if( *q == '\0' ) {
-			LDAP_FREE( url );
-			ldap_free_urldesc( ludp );
-			return LDAP_URL_ERR_BADURL;
-		}
-
-		ludp->lud_port = atoi( q );
-	}
-
-	ldap_pvt_hex_unescape( url );
-
-	/* If [ip address]:port syntax, url is [ip and we skip the [ */
-	ludp->lud_host = LDAP_STRDUP( url + ( *url == '[' ) );
-
-	if( ludp->lud_host == NULL ) {
-		LDAP_FREE( url );
-		ldap_free_urldesc( ludp );
-		return LDAP_URL_ERR_MEM;
-	}
-
-	/*
-	 * Kludge.  ldap://111.222.333.444:389??cn=abc,o=company
-	 *
-	 * On early Novell releases, search references/referrals were returned
-	 * in this format, i.e., the dn was kind of in the scope position,
-	 * but the required slash is missing. The whole thing is illegal syntax,
-	 * but we need to account for it. Fortunately it can't be confused with
-	 * anything real.
-	 */
-	if( (p == NULL) && (q != NULL) && ((q = strchr( q, '?')) != NULL)) {
-		q++;
-		/* ? immediately followed by question */
-		if( *q == '?') {
-			q++;
-			if( *q != '\0' ) {
-				/* parse dn part */
-				ldap_pvt_hex_unescape( q );
-				ludp->lud_dn = LDAP_STRDUP( q );
-			} else {
-				ludp->lud_dn = LDAP_STRDUP( "" );
-			}
-
-			if( ludp->lud_dn == NULL ) {
-				LDAP_FREE( url );
-				ldap_free_urldesc( ludp );
-				return LDAP_URL_ERR_MEM;
-			}
-		}
-	}
-
-	if( p == NULL ) {
-		LDAP_FREE( url );
-		*ludpp = ludp;
-		return LDAP_URL_SUCCESS;
-	}
-
-	/* scan forward for '?' that may marks end of dn */
-	q = strchr( p, '?' );
-
-	if( q != NULL ) {
-		/* terminate dn part */
-		*q++ = '\0';
-	}
-
-	if( *p != '\0' ) {
-		/* parse dn part */
-		ldap_pvt_hex_unescape( p );
-		ludp->lud_dn = LDAP_STRDUP( p );
-	} else {
-		ludp->lud_dn = LDAP_STRDUP( "" );
-	}
-
-	if( ludp->lud_dn == NULL ) {
-		LDAP_FREE( url );
-		ldap_free_urldesc( ludp );
-		return LDAP_URL_ERR_MEM;
-	}
-
-	if( q == NULL ) {
-		/* no more */
-		LDAP_FREE( url );
-		*ludpp = ludp;
-		return LDAP_URL_SUCCESS;
-	}
-
-	/* scan forward for '?' that may marks end of attributes */
-	p = q;
-	q = strchr( p, '?' );
-
-	if( q != NULL ) {
-		/* terminate attributes part */
-		*q++ = '\0';
-	}
-
-	if( *p != '\0' ) {
-		/* parse attributes */
-		ldap_pvt_hex_unescape( p );
-		ludp->lud_attrs = ldap_str2charray( p, "," );
-
-		if( ludp->lud_attrs == NULL ) {
-			LDAP_FREE( url );
-			ldap_free_urldesc( ludp );
-			return LDAP_URL_ERR_BADATTRS;
-		}
-	}
-
-	if ( q == NULL ) {
-		/* no more */
-		LDAP_FREE( url );
-		*ludpp = ludp;
-		return LDAP_URL_SUCCESS;
-	}
-
-	/* scan forward for '?' that may marks end of scope */
-	p = q;
-	q = strchr( p, '?' );
-
-	if( q != NULL ) {
-		/* terminate the scope part */
-		*q++ = '\0';
-	}
-
-	if( *p != '\0' ) {
-		/* parse the scope */
-		ldap_pvt_hex_unescape( p );
-		ludp->lud_scope = str2scope( p );
-
-		if( ludp->lud_scope == -1 ) {
-			LDAP_FREE( url );
-			ldap_free_urldesc( ludp );
-			return LDAP_URL_ERR_BADSCOPE;
-		}
-	}
-
-	if ( q == NULL ) {
-		/* no more */
-		LDAP_FREE( url );
-		*ludpp = ludp;
-		return LDAP_URL_SUCCESS;
-	}
-
-	/* scan forward for '?' that may marks end of filter */
-	p = q;
-	q = strchr( p, '?' );
-
-	if( q != NULL ) {
-		/* terminate the filter part */
-		*q++ = '\0';
-	}
-
-	if( *p != '\0' ) {
-		/* parse the filter */
-		ldap_pvt_hex_unescape( p );
-
-		if( ! *p ) {
-			/* missing filter */
-			LDAP_FREE( url );
-			ldap_free_urldesc( ludp );
-			return LDAP_URL_ERR_BADFILTER;
-		}
-
-		LDAP_FREE( ludp->lud_filter );
-		ludp->lud_filter = LDAP_STRDUP( p );
-
-		if( ludp->lud_filter == NULL ) {
-			LDAP_FREE( url );
-			ldap_free_urldesc( ludp );
-			return LDAP_URL_ERR_MEM;
-		}
-	}
-
-	if ( q == NULL ) {
-		/* no more */
-		LDAP_FREE( url );
-		*ludpp = ludp;
-		return LDAP_URL_SUCCESS;
-	}
-
-	/* scan forward for '?' that may marks end of extensions */
-	p = q;
-	q = strchr( p, '?' );
-
-	if( q != NULL ) {
-		/* extra '?' */
-		LDAP_FREE( url );
-		ldap_free_urldesc( ludp );
-		return LDAP_URL_ERR_BADURL;
-	}
-
-	/* parse the extensions */
-	ludp->lud_exts = ldap_str2charray( p, "," );
-
-	if( ludp->lud_exts == NULL ) {
-		LDAP_FREE( url );
-		ldap_free_urldesc( ludp );
-		return LDAP_URL_ERR_BADEXTS;
-	}
-
-	for( i=0; ludp->lud_exts[i] != NULL; i++ ) {
-		ldap_pvt_hex_unescape( ludp->lud_exts[i] );
-
-		if( *ludp->lud_exts[i] == '!' ) {
-			/* count the number of critical extensions */
-			ludp->lud_crit_exts++;
-		}
-	}
-
-	if( i == 0 ) {
-		/* must have 1 or more */
-		LDAP_FREE( url );
-		ldap_free_urldesc( ludp );
-		return LDAP_URL_ERR_BADEXTS;
-	}
-
-	/* no more */
-	*ludpp = ludp;
-	LDAP_FREE( url );
-	return LDAP_URL_SUCCESS;
-}
-
-int
-ldap_url_parse( LDAP_CONST char *url_in, LDAPURLDesc **ludpp )
-{
-	int rc = ldap_url_parse_ext( url_in, ludpp );
-
-	if( rc != LDAP_URL_SUCCESS ) {
-		return rc;
-	}
-
-	if ((*ludpp)->lud_scope == LDAP_SCOPE_DEFAULT) {
-		(*ludpp)->lud_scope = LDAP_SCOPE_BASE;
-	}
-
-	if ((*ludpp)->lud_host != NULL && *(*ludpp)->lud_host == '\0') {
-		LDAP_FREE( (*ludpp)->lud_host );
-		(*ludpp)->lud_host = NULL;
-	}
-
-	if ((*ludpp)->lud_port == 0) {
-		if( strcmp((*ludpp)->lud_scheme, "ldap") == 0 ) {
-			(*ludpp)->lud_port = LDAP_PORT;
-#ifdef LDAP_CONNECTIONLESS
-		} else if( strcmp((*ludpp)->lud_scheme, "cldap") == 0 ) {
-			(*ludpp)->lud_port = LDAP_PORT;
-#endif
-		} else if( strcmp((*ludpp)->lud_scheme, "ldaps") == 0 ) {
-			(*ludpp)->lud_port = LDAPS_PORT;
-		}
-	}
-
-	return rc;
-}
-
-
-void
-ldap_free_urldesc( LDAPURLDesc *ludp )
-{
-	if ( ludp == NULL ) {
-		return;
-	}
-
-	if ( ludp->lud_scheme != NULL ) {
-		LDAP_FREE( ludp->lud_scheme );
-	}
-
-	if ( ludp->lud_host != NULL ) {
-		LDAP_FREE( ludp->lud_host );
-	}
-
-	if ( ludp->lud_dn != NULL ) {
-		LDAP_FREE( ludp->lud_dn );
-	}
-
-	if ( ludp->lud_filter != NULL ) {
-		LDAP_FREE( ludp->lud_filter);
-	}
-
-	if ( ludp->lud_attrs != NULL ) {
-		LDAP_VFREE( ludp->lud_attrs );
-	}
-
-	if ( ludp->lud_exts != NULL ) {
-		LDAP_VFREE( ludp->lud_exts );
-	}
-
-	LDAP_FREE( ludp );
-}
-
-
-static int
-ldap_int_unhex( int c )
-{
-	return( c >= '0' && c <= '9' ? c - '0'
-	    : c >= 'A' && c <= 'F' ? c - 'A' + 10
-	    : c - 'a' + 10 );
-}
-
-void
-ldap_pvt_hex_unescape( char *s )
-{
-	/*
-	 * Remove URL hex escapes from s... done in place.  The basic concept for
-	 * this routine is borrowed from the WWW library HTUnEscape() routine.
-	 */
-	char	*p;
-
-	for ( p = s; *s != '\0'; ++s ) {
-		if ( *s == '%' ) {
-			if ( *++s == '\0' ) {
-				break;
-			}
-			*p = ldap_int_unhex( *s ) << 4;
-			if ( *++s == '\0' ) {
-				break;
-			}
-			*p++ += ldap_int_unhex( *s );
-		} else {
-			*p++ = *s;
-		}
-	}
-
-	*p = '\0';
-}
diff -Nru gnupg2-2.1.6/dirmngr/ldap-url.h gnupg2-2.0.28/dirmngr/ldap-url.h
--- gnupg2-2.1.6/dirmngr/ldap-url.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ldap-url.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,50 +0,0 @@
-/* Copyright 2007 g10 Code GmbH
-
- This file is free software; as a special exception the author gives
- unlimited permission to copy and/or distribute it, with or without
- modifications, as long as this notice is preserved.
-
- This file is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY, to the extent permitted by law; without even
- the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- PURPOSE.  */
-
-#ifndef LDAP_URL_H
-#define LDAP_URL_H 1
-
-#define LDAP_CONST const
-
-typedef struct ldap_url_desc
-{
-  struct ldap_url_desc *lud_next;
-  char *lud_scheme;
-  char *lud_host;
-  int lud_port;
-  char *lud_dn;
-  char **lud_attrs;
-  int lud_scope;
-  char *lud_filter;
-  char **lud_exts;
-  int lud_crit_exts;
-} LDAPURLDesc;
-
-#define LDAP_URL_SUCCESS	0x00
-#define LDAP_URL_ERR_MEM	0x01
-#define LDAP_URL_ERR_PARAM	0x02
-
-#define LDAP_URL_ERR_BADSCHEME	0x03
-#define LDAP_URL_ERR_BADENCLOSURE 0x04
-#define LDAP_URL_ERR_BADURL	0x05
-#define LDAP_URL_ERR_BADHOST	0x06
-#define LDAP_URL_ERR_BADATTRS	0x07
-#define LDAP_URL_ERR_BADSCOPE	0x08
-#define LDAP_URL_ERR_BADFILTER	0x09
-#define LDAP_URL_ERR_BADEXTS	0x0a
-
-#define LDAPS_PORT 636
-
-int ldap_is_ldap_url (LDAP_CONST char *url);
-int ldap_url_parse (LDAP_CONST char *url_in, LDAPURLDesc **ludpp);
-void ldap_free_urldesc (LDAPURLDesc *ludp);
-
-#endif /* !LDAP_URL_H */
diff -Nru gnupg2-2.1.6/dirmngr/ldap-wrapper.c gnupg2-2.0.28/dirmngr/ldap-wrapper.c
--- gnupg2-2.1.6/dirmngr/ldap-wrapper.c	2015-06-18 10:19:29.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ldap-wrapper.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,781 +0,0 @@
-/* ldap-wrapper.c - LDAP access via a wrapper process
- * Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH
- * Copyright (C) 2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-/*
-   We can't use LDAP directly for these reasons:
-
-   1. On some systems the LDAP library uses (indirectly) pthreads and
-      that is not compatible with PTh.
-
-   2. It is huge library in particular if TLS comes into play.  So
-      problems with unfreed memory might turn up and we don't want
-      this in a long running daemon.
-
-   3. There is no easy way for timeouts. In particular the timeout
-      value does not work for DNS lookups (well, this is usual) and it
-      seems not to work while loading a large attribute like a
-      CRL. Having a separate process allows us to either tell the
-      process to commit suicide or have our own housekepping function
-      kill it after some time.  The latter also allows proper
-      cancellation of a query at any point of time.
-
-   4. Given that we are going out to the network and usually get back
-      a long response, the fork/exec overhead is acceptable.
-
-   Note that under WindowsCE the number of processes is strongly
-   limited (32 processes including the kernel processes) and thus we
-   don't use the process approach but implement a different wrapper in
-   ldap-wrapper-ce.c.
-*/
-
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "exechelp.h"
-#include "misc.h"
-#include "ldap-wrapper.h"
-
-
-#ifdef HAVE_W32_SYSTEM
-#define setenv(a,b,c) SetEnvironmentVariable ((a),(b))
-#else
-#define pth_close(fd) close(fd)
-#endif
-
-#ifndef USE_LDAPWRAPPER
-# error This module is not expected to be build.
-#endif
-
-/* In case sysconf does not return a value we need to have a limit. */
-#ifdef _POSIX_OPEN_MAX
-#define MAX_OPEN_FDS _POSIX_OPEN_MAX
-#else
-#define MAX_OPEN_FDS 20
-#endif
-
-#define INACTIVITY_TIMEOUT (opt.ldaptimeout + 60*5)  /* seconds */
-
-#define TIMERTICK_INTERVAL 2
-
-/* To keep track of the LDAP wrapper state we use this structure.  */
-struct wrapper_context_s
-{
-  struct wrapper_context_s *next;
-
-  pid_t pid;    /* The pid of the wrapper process. */
-  int printable_pid; /* Helper to print diagnostics after the process has
-                        been cleaned up. */
-  int fd;       /* Connected with stdout of the ldap wrapper.  */
-  gpg_error_t fd_error; /* Set to the gpg_error of the last read error
-                           if any.  */
-  int log_fd;   /* Connected with stderr of the ldap wrapper.  */
-  ctrl_t ctrl;  /* Connection data. */
-  int ready;    /* Internally used to mark to be removed contexts. */
-  ksba_reader_t reader; /* The ksba reader object or NULL. */
-  char *line;     /* Used to print the log lines (malloced). */
-  size_t linesize;/* Allocated size of LINE.  */
-  size_t linelen; /* Use size of LINE.  */
-  time_t stamp;   /* The last time we noticed ativity.  */
-};
-
-
-
-/* We keep a global list of spawed wrapper process.  A separate thread
-   makes use of this list to log error messages and to watch out for
-   finished processes. */
-static struct wrapper_context_s *wrapper_list;
-
-/* We need to know whether we are shutting down the process.  */
-static int shutting_down;
-
-/* Close the pth file descriptor FD and set it to -1.  */
-#define SAFE_CLOSE(fd) \
-  do { int _fd = fd; if (_fd != -1) { close (_fd); fd = -1;} } while (0)
-
-
-
-
-/* Read a fixed amount of data from READER into BUFFER.  */
-static gpg_error_t
-read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
-{
-  gpg_error_t err;
-  size_t nread;
-
-  while (count)
-    {
-      err = ksba_reader_read (reader, buffer, count, &nread);
-      if (err)
-        return err;
-      buffer += nread;
-      count -= nread;
-    }
-  return 0;
-}
-
-
-/* Release the wrapper context and kill a running wrapper process. */
-static void
-destroy_wrapper (struct wrapper_context_s *ctx)
-{
-  if (ctx->pid != (pid_t)(-1))
-    {
-      gnupg_kill_process (ctx->pid);
-      gnupg_release_process (ctx->pid);
-    }
-  ksba_reader_release (ctx->reader);
-  SAFE_CLOSE (ctx->fd);
-  SAFE_CLOSE (ctx->log_fd);
-  xfree (ctx->line);
-  xfree (ctx);
-}
-
-
-/* Print the content of LINE to thye log stream but make sure to only
-   print complete lines.  Using NULL for LINE will flush any pending
-   output.  LINE may be modified by this fucntion. */
-static void
-print_log_line (struct wrapper_context_s *ctx, char *line)
-{
-  char *s;
-  size_t n;
-
-  if (!line)
-    {
-      if (ctx->line && ctx->linelen)
-        {
-
-          log_info ("%s\n", ctx->line);
-          ctx->linelen = 0;
-        }
-      return;
-    }
-
-  while ((s = strchr (line, '\n')))
-    {
-      *s = 0;
-      if (ctx->line && ctx->linelen)
-        {
-          log_info ("%s", ctx->line);
-          ctx->linelen = 0;
-          log_printf ("%s\n", line);
-        }
-      else
-        log_info ("%s\n", line);
-      line = s + 1;
-    }
-  n = strlen (line);
-  if (n)
-    {
-      if (ctx->linelen + n + 1 >= ctx->linesize)
-        {
-          char *tmp;
-          size_t newsize;
-
-          newsize = ctx->linesize + ((n + 255) & ~255) + 1;
-          tmp = (ctx->line ? xtryrealloc (ctx->line, newsize)
-                           : xtrymalloc (newsize));
-          if (!tmp)
-            {
-              log_error (_("error printing log line: %s\n"), strerror (errno));
-              return;
-            }
-          ctx->line = tmp;
-          ctx->linesize = newsize;
-        }
-      memcpy (ctx->line + ctx->linelen, line, n);
-      ctx->linelen += n;
-      ctx->line[ctx->linelen] = 0;
-    }
-}
-
-
-/* Read data from the log stream.  Returns true if the log stream
-   indicated EOF or error.  */
-static int
-read_log_data (struct wrapper_context_s *ctx)
-{
-  int n;
-  char line[256];
-
-  /* We must use the npth_read function for pipes, always.  */
-  do
-    n = npth_read (ctx->log_fd, line, sizeof line - 1);
-  while (n < 0 && errno == EINTR);
-
-  if (n <= 0) /* EOF or error. */
-    {
-      if (n < 0)
-        log_error (_("error reading log from ldap wrapper %d: %s\n"),
-                   (int)ctx->pid, strerror (errno));
-      print_log_line (ctx, NULL);
-      SAFE_CLOSE (ctx->log_fd);
-      return 1;
-    }
-
-  line[n] = 0;
-  print_log_line (ctx, line);
-  if (ctx->stamp != (time_t)(-1))
-    ctx->stamp = time (NULL);
-  return 0;
-}
-
-
-/* This function is run by a separate thread to maintain the list of
-   wrappers and to log error messages from these wrappers.  */
-void *
-ldap_wrapper_thread (void *dummy)
-{
-  int nfds;
-  struct wrapper_context_s *ctx;
-  struct wrapper_context_s *ctx_prev;
-  struct timespec abstime;
-  struct timespec curtime;
-  struct timespec timeout;
-  fd_set fdset;
-  int ret;
-  time_t exptime;
-
-  (void)dummy;
-
-  npth_clock_gettime (&abstime);
-  abstime.tv_sec += TIMERTICK_INTERVAL;
-
-  for (;;)
-    {
-      int any_action = 0;
-
-      npth_clock_gettime (&curtime);
-      if (!(npth_timercmp (&curtime, &abstime, <)))
-	{
-	  /* Inactivity is checked below.  Nothing else to do.  */
-	  npth_clock_gettime (&abstime);
-	  abstime.tv_sec += TIMERTICK_INTERVAL;
-	}
-      npth_timersub (&abstime, &curtime, &timeout);
-
-      FD_ZERO (&fdset);
-      nfds = -1;
-      for (ctx = wrapper_list; ctx; ctx = ctx->next)
-        {
-          if (ctx->log_fd != -1)
-            {
-              FD_SET (ctx->log_fd, &fdset);
-              if (ctx->log_fd > nfds)
-                nfds = ctx->log_fd;
-            }
-        }
-      nfds++;
-
-      /* FIXME: For Windows, we have to use a reader thread on the
-	 pipe that signals an event (and a npth_select_ev variant).  */
-      ret = npth_pselect (nfds + 1, &fdset, NULL, NULL, &timeout, NULL);
-      if (ret == -1)
-	{
-          if (errno != EINTR)
-            {
-              log_error (_("npth_select failed: %s - waiting 1s\n"),
-                         strerror (errno));
-              npth_sleep (1);
-            }
-          continue;
-	}
-
-      /* All timestamps before exptime should be considered expired.  */
-      exptime = time (NULL);
-      if (exptime > INACTIVITY_TIMEOUT)
-        exptime -= INACTIVITY_TIMEOUT;
-
-      /* Note that there is no need to lock the list because we always
-         add entries at the head (with a pending event status) and
-         thus traversing the list will even work if we have a context
-         switch in waitpid (which should anyway only happen with Pth's
-         hard system call mapping).  */
-      for (ctx = wrapper_list; ctx; ctx = ctx->next)
-        {
-          /* Check whether there is any logging to be done. */
-          if (nfds && ctx->log_fd != -1 && FD_ISSET (ctx->log_fd, &fdset))
-            {
-              if (read_log_data (ctx))
-                {
-                  SAFE_CLOSE (ctx->log_fd);
-                  any_action = 1;
-                }
-            }
-
-          /* Check whether the process is still running.  */
-          if (ctx->pid != (pid_t)(-1))
-            {
-              gpg_error_t err;
-	      int status;
-
-	      err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0,
-                                        &status);
-              if (!err)
-                {
-		  log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
-                  ctx->ready = 1;
-		  gnupg_release_process (ctx->pid);
-                  ctx->pid = (pid_t)(-1);
-                  any_action = 1;
-                }
-              else if (gpg_err_code (err) == GPG_ERR_GENERAL)
-                {
-                  if (status == 10)
-                    log_info (_("ldap wrapper %d ready: timeout\n"),
-                              (int)ctx->pid);
-                  else
-                    log_info (_("ldap wrapper %d ready: exitcode=%d\n"),
-                              (int)ctx->pid, status);
-                  ctx->ready = 1;
-		  gnupg_release_process (ctx->pid);
-                  ctx->pid = (pid_t)(-1);
-                  any_action = 1;
-                }
-              else if (gpg_err_code (err) != GPG_ERR_TIMEOUT)
-                {
-                  log_error (_("waiting for ldap wrapper %d failed: %s\n"),
-                             (int)ctx->pid, gpg_strerror (err));
-                  any_action = 1;
-                }
-            }
-
-          /* Check whether we should terminate the process. */
-          if (ctx->pid != (pid_t)(-1)
-              && ctx->stamp != (time_t)(-1) && ctx->stamp < exptime)
-            {
-              gnupg_kill_process (ctx->pid);
-              ctx->stamp = (time_t)(-1);
-              log_info (_("ldap wrapper %d stalled - killing\n"),
-                        (int)ctx->pid);
-              /* We need to close the log fd because the cleanup loop
-                 waits for it.  */
-              SAFE_CLOSE (ctx->log_fd);
-              any_action = 1;
-            }
-        }
-
-      /* If something has been printed to the log file or we got an
-         EOF from a wrapper, we now print the list of active
-         wrappers.  */
-      if (any_action && DBG_LOOKUP)
-        {
-          log_info ("ldap worker stati:\n");
-          for (ctx = wrapper_list; ctx; ctx = ctx->next)
-            log_info ("  c=%p pid=%d/%d rdr=%p ctrl=%p/%d la=%lu rdy=%d\n",
-                      ctx,
-                      (int)ctx->pid, (int)ctx->printable_pid,
-                      ctx->reader,
-                      ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
-                      (unsigned long)ctx->stamp, ctx->ready);
-        }
-
-
-      /* Use a separate loop to check whether ready marked wrappers
-         may be removed.  We may only do so if the ksba reader object
-         is not anymore in use or we are in shutdown state.  */
-     again:
-      for (ctx_prev=NULL, ctx=wrapper_list; ctx; ctx_prev=ctx, ctx=ctx->next)
-        if (ctx->ready
-            && ((ctx->log_fd == -1 && !ctx->reader) || shutting_down))
-          {
-            if (ctx_prev)
-              ctx_prev->next = ctx->next;
-            else
-              wrapper_list = ctx->next;
-            destroy_wrapper (ctx);
-            /* We need to restart because destroy_wrapper might have
-               done a context switch. */
-            goto again;
-          }
-    }
-  /*NOTREACHED*/
-  return NULL; /* Make the compiler happy.  */
-}
-
-
-
-/* Start the reaper thread for the ldap wrapper.  */
-void
-ldap_wrapper_launch_thread (void)
-{
-  static int done;
-  npth_attr_t tattr;
-  npth_t thread;
-  int err;
-
-  if (done)
-    return;
-  done = 1;
-
-  npth_attr_init (&tattr);
-  npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
-
-  err = npth_create (&thread, &tattr, ldap_wrapper_thread, NULL);
-  if (err)
-    {
-      log_error (_("error spawning ldap wrapper reaper thread: %s\n"),
-                 strerror (err) );
-      dirmngr_exit (1);
-    }
-  npth_setname_np (thread, "ldap-reaper");
-  npth_attr_destroy (&tattr);
-}
-
-
-
-
-
-/* Wait until all ldap wrappers have terminated.  We assume that the
-   kill has already been sent to all of them.  */
-void
-ldap_wrapper_wait_connections ()
-{
-  shutting_down = 1;
-  /* FIXME: This is a busy wait.  */
-  while (wrapper_list)
-    npth_usleep (200);
-}
-
-
-/* This function is to be used to release a context associated with the
-   given reader object. */
-void
-ldap_wrapper_release_context (ksba_reader_t reader)
-{
-  struct wrapper_context_s *ctx;
-
-  if (!reader )
-    return;
-
-  for (ctx=wrapper_list; ctx; ctx=ctx->next)
-    if (ctx->reader == reader)
-      {
-        if (DBG_LOOKUP)
-          log_info ("releasing ldap worker c=%p pid=%d/%d rdr=%p ctrl=%p/%d\n",
-                    ctx,
-                    (int)ctx->pid, (int)ctx->printable_pid,
-                    ctx->reader,
-                    ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
-
-        ctx->reader = NULL;
-        SAFE_CLOSE (ctx->fd);
-        if (ctx->ctrl)
-          {
-            ctx->ctrl->refcount--;
-            ctx->ctrl = NULL;
-          }
-        if (ctx->fd_error)
-          log_info (_("reading from ldap wrapper %d failed: %s\n"),
-                    ctx->printable_pid, gpg_strerror (ctx->fd_error));
-        break;
-      }
-}
-
-/* Cleanup all resources held by the connection associated with
-   CTRL.  This is used after a cancel to kill running wrappers.  */
-void
-ldap_wrapper_connection_cleanup (ctrl_t ctrl)
-{
-  struct wrapper_context_s *ctx;
-
-  for (ctx=wrapper_list; ctx; ctx=ctx->next)
-    if (ctx->ctrl && ctx->ctrl == ctrl)
-      {
-        ctx->ctrl->refcount--;
-        ctx->ctrl = NULL;
-        if (ctx->pid != (pid_t)(-1))
-          gnupg_kill_process (ctx->pid);
-        if (ctx->fd_error)
-          log_info (_("reading from ldap wrapper %d failed: %s\n"),
-                    ctx->printable_pid, gpg_strerror (ctx->fd_error));
-      }
-}
-
-
-/* This is the callback used by the ldap wrapper to feed the ksba
-   reader with the wrappers stdout.  See the description of
-   ksba_reader_set_cb for details.  */
-static int
-reader_callback (void *cb_value, char *buffer, size_t count,  size_t *nread)
-{
-  struct wrapper_context_s *ctx = cb_value;
-  size_t nleft = count;
-  int nfds;
-  struct timespec abstime;
-  struct timespec curtime;
-  struct timespec timeout;
-  int saved_errno;
-  fd_set fdset, read_fdset;
-  int ret;
-
-  /* FIXME: We might want to add some internal buffering because the
-     ksba code does not do any buffering for itself (because a ksba
-     reader may be detached from another stream to read other data and
-     the it would be cumbersome to get back already buffered
-     stuff).  */
-
-  if (!buffer && !count && !nread)
-    return -1; /* Rewind is not supported. */
-
-  /* If we ever encountered a read error don't allow to continue and
-     possible overwrite the last error cause.  Bail out also if the
-     file descriptor has been closed. */
-  if (ctx->fd_error || ctx->fd == -1)
-    {
-      *nread = 0;
-      return -1;
-    }
-
-  FD_ZERO (&fdset);
-  FD_SET (ctx->fd, &fdset);
-  nfds = ctx->fd + 1;
-
-  npth_clock_gettime (&abstime);
-  abstime.tv_sec += TIMERTICK_INTERVAL;
-
-  while (nleft > 0)
-    {
-      int n;
-      gpg_error_t err;
-
-      npth_clock_gettime (&curtime);
-      if (!(npth_timercmp (&curtime, &abstime, <)))
-	{
-	  err = dirmngr_tick (ctx->ctrl);
-          if (err)
-            {
-              ctx->fd_error = err;
-              SAFE_CLOSE (ctx->fd);
-              return -1;
-            }
-	  npth_clock_gettime (&abstime);
-	  abstime.tv_sec += TIMERTICK_INTERVAL;
-	}
-      npth_timersub (&abstime, &curtime, &timeout);
-
-      read_fdset = fdset;
-      ret = npth_pselect (nfds, &read_fdset, NULL, NULL, &timeout, NULL);
-      saved_errno = errno;
-
-      if (ret == -1 && saved_errno != EINTR)
-	{
-          ctx->fd_error = gpg_error_from_errno (errno);
-          SAFE_CLOSE (ctx->fd);
-          return -1;
-        }
-      if (ret <= 0)
-	/* Timeout.  Will be handled when calculating the next timeout.  */
-	continue;
-
-      /* This should not block now that select returned with a file
-	 descriptor.  So it shouldn't be necessary to use npth_read
-	 (and it is slightly dangerous in the sense that a concurrent
-	 thread might (accidentially?) change the status of ctx->fd
-	 before we read.  FIXME: Set ctx->fd to nonblocking?  */
-      n = read (ctx->fd, buffer, nleft);
-      if (n < 0)
-        {
-          ctx->fd_error = gpg_error_from_errno (errno);
-          SAFE_CLOSE (ctx->fd);
-          return -1;
-        }
-      else if (!n)
-        {
-          if (nleft == count)
-	    return -1; /* EOF. */
-          break;
-        }
-      nleft -= n;
-      buffer += n;
-      if (n > 0 && ctx->stamp != (time_t)(-1))
-        ctx->stamp = time (NULL);
-    }
-  *nread = count - nleft;
-
-  return 0;
-}
-
-/* Fork and exec the LDAP wrapper and return a new libksba reader
-   object at READER.  ARGV is a NULL terminated list of arguments for
-   the wrapper.  The function returns 0 on success or an error code.
-
-   Special hack to avoid passing a password through the command line
-   which is globally visible: If the first element of ARGV is "--pass"
-   it will be removed and instead the environment variable
-   DIRMNGR_LDAP_PASS will be set to the next value of ARGV.  On modern
-   OSes the environment is not visible to other users.  For those old
-   systems where it can't be avoided, we don't want to go into the
-   hassle of passing the password via stdin; it's just too complicated
-   and an LDAP password used for public directory lookups should not
-   be that confidential.  */
-gpg_error_t
-ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
-{
-  gpg_error_t err;
-  pid_t pid;
-  struct wrapper_context_s *ctx;
-  int i;
-  int j;
-  const char **arg_list;
-  const char *pgmname;
-  int outpipe[2], errpipe[2];
-
-  /* It would be too simple to connect stderr just to our logging
-     stream.  The problem is that if we are running multi-threaded
-     everything gets intermixed.  Clearly we don't want this.  So the
-     only viable solutions are either to have another thread
-     responsible for logging the messages or to add an option to the
-     wrapper module to do the logging on its own.  Given that we anyway
-     need a way to rip the child process and this is best done using a
-     general ripping thread, that thread can do the logging too. */
-
-  *reader = NULL;
-
-  /* Files: We need to prepare stdin and stdout.  We get stderr from
-     the function.  */
-  if (!opt.ldap_wrapper_program || !*opt.ldap_wrapper_program)
-    pgmname = gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR_LDAP);
-  else
-    pgmname = opt.ldap_wrapper_program;
-
-  /* Create command line argument array.  */
-  for (i = 0; argv[i]; i++)
-    ;
-  arg_list = xtrycalloc (i + 2, sizeof *arg_list);
-  if (!arg_list)
-    {
-      err = gpg_error_from_syserror ();
-      log_error (_("error allocating memory: %s\n"), strerror (errno));
-      return err;
-    }
-  for (i = j = 0; argv[i]; i++, j++)
-    if (!i && argv[i + 1] && !strcmp (*argv, "--pass"))
-      {
-	arg_list[j] = "--env-pass";
-	setenv ("DIRMNGR_LDAP_PASS", argv[1], 1);
-	i++;
-      }
-    else
-      arg_list[j] = (char*) argv[i];
-
-  ctx = xtrycalloc (1, sizeof *ctx);
-  if (!ctx)
-    {
-      err = gpg_error_from_syserror ();
-      log_error (_("error allocating memory: %s\n"), strerror (errno));
-      xfree (arg_list);
-      return err;
-    }
-
-  err = gnupg_create_inbound_pipe (outpipe);
-  if (!err)
-    {
-      err = gnupg_create_inbound_pipe (errpipe);
-      if (err)
-        {
-          close (outpipe[0]);
-          close (outpipe[1]);
-        }
-    }
-  if (err)
-    {
-      log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
-      xfree (arg_list);
-      xfree (ctx);
-      return err;
-    }
-
-  err = gnupg_spawn_process_fd (pgmname, arg_list,
-                                -1, outpipe[1], errpipe[1], &pid);
-  xfree (arg_list);
-  close (outpipe[1]);
-  close (errpipe[1]);
-  if (err)
-    {
-      close (outpipe[0]);
-      close (errpipe[0]);
-      xfree (ctx);
-      return err;
-    }
-
-  ctx->pid = pid;
-  ctx->printable_pid = (int) pid;
-  ctx->fd = outpipe[0];
-  ctx->log_fd = errpipe[0];
-  ctx->ctrl = ctrl;
-  ctrl->refcount++;
-  ctx->stamp = time (NULL);
-
-  err = ksba_reader_new (reader);
-  if (!err)
-    err = ksba_reader_set_cb (*reader, reader_callback, ctx);
-  if (err)
-    {
-      log_error (_("error initializing reader object: %s\n"),
-                 gpg_strerror (err));
-      destroy_wrapper (ctx);
-      ksba_reader_release (*reader);
-      *reader = NULL;
-      return err;
-    }
-
-  /* Hook the context into our list of running wrappers.  */
-  ctx->reader = *reader;
-  ctx->next = wrapper_list;
-  wrapper_list = ctx;
-  if (opt.verbose)
-    log_info ("ldap wrapper %d started (reader %p)\n",
-              (int)ctx->pid, ctx->reader);
-
-  /* Need to wait for the first byte so we are able to detect an empty
-     output and not let the consumer see an EOF without further error
-     indications.  The CRL loading logic assumes that after return
-     from this function, a failed search (e.g. host not found ) is
-     indicated right away. */
-  {
-    unsigned char c;
-
-    err = read_buffer (*reader, &c, 1);
-    if (err)
-      {
-        ldap_wrapper_release_context (*reader);
-        ksba_reader_release (*reader);
-        *reader = NULL;
-        if (gpg_err_code (err) == GPG_ERR_EOF)
-          return gpg_error (GPG_ERR_NO_DATA);
-        else
-          return err;
-      }
-    ksba_reader_unread (*reader, &c, 1);
-  }
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/dirmngr/ldap-wrapper-ce.c gnupg2-2.0.28/dirmngr/ldap-wrapper-ce.c
--- gnupg2-2.1.6/dirmngr/ldap-wrapper-ce.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ldap-wrapper-ce.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,571 +0,0 @@
-/* ldap-wrapper-ce.c - LDAP access via W32 threads
- * Copyright (C) 2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-/*
-   Alternative wrapper for use with WindowsCE.  Under WindowsCE the
-   number of processes is strongly limited (32 processes including the
-   kernel processes) and thus we don't use the process approach but
-   implement a wrapper based on native threads.
-
-   See ldap-wrapper.c for  the standard wrapper interface.
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "misc.h"
-#include "ldap-wrapper.h"
-
-#ifdef USE_LDAPWRAPPER
-# error This module is not expected to be build.
-#endif
-
-
-
-/* Read a fixed amount of data from READER into BUFFER.  */
-static gpg_error_t
-read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
-{
-  gpg_error_t err;
-  size_t nread;
-
-  while (count)
-    {
-      err = ksba_reader_read (reader, buffer, count, &nread);
-      if (err)
-        return err;
-      buffer += nread;
-      count -= nread;
-    }
-  return 0;
-}
-
-
-
-
-/* Start the reaper thread for this wrapper.  */
-void
-ldap_wrapper_launch_thread (void)
-{
-  /* Not required.  */
-}
-
-
-
-
-
-/* Wait until all ldap wrappers have terminated.  We assume that the
-   kill has already been sent to all of them.  */
-void
-ldap_wrapper_wait_connections ()
-{
-  /* Not required.  */
-}
-
-
-/* Cleanup all resources held by the connection associated with
-   CTRL.  This is used after a cancel to kill running wrappers.  */
-void
-ldap_wrapper_connection_cleanup (ctrl_t ctrl)
-{
-  (void)ctrl;
-
-  /* Not required.  */
-}
-
-
-
-/* The cookie we use to implement the outstream of the wrapper thread.  */
-struct outstream_cookie_s
-{
-  int refcount; /* Reference counter - possible values are 1 and 2.  */
-
-  /* We don't need a mutex for the conditions, as npth provides a
-     simpler condition interface that relies on the global lock.  This
-     can be used if we never yield between testing the condition and
-     waiting on it.  */
-  npth_cond_t wait_data; /* Condition that data is available.  */
-  npth_cond_t wait_space; /* Condition that space is available.  */
-
-  int eof_seen;       /* EOF indicator.  */
-  char buffer[4000];  /* Data ring buffer.  */
-  size_t buffer_len;  /* The amount of data in the BUFFER.  */
-  size_t buffer_pos;  /* The next read position of the BUFFER.  */
-};
-
-#define BUFFER_EMPTY(c) ((c)->buffer_len == 0)
-#define BUFFER_FULL(c) ((c)->buffer_len == DIM((c)->buffer))
-#define BUFFER_DATA_AVAILABLE(c) ((c)->buffer_len)
-#define BUFFER_SPACE_AVAILABLE(c) (DIM((c)->buffer) - (c)->buffer_len)
-#define BUFFER_INC_POS(c,n) (c)->buffer_pos = ((c)->buffer_pos + (n)) % DIM((c)->buffer)
-#define BUFFER_CUR_POS(c) (&(c)->buffer[(c)->buffer_pos])
-
-static int
-buffer_get_data (struct outstream_cookie_s *cookie, char *dst, int cnt)
-{
-  int amount;
-  int left;
-  int chunk;
-
-  amount = cnt;
-  if (BUFFER_DATA_AVAILABLE (cookie) < amount)
-    amount = BUFFER_DATA_AVAILABLE (cookie);
-  left = amount;
-
-  /* How large is the part up to the end of the buffer array?  */
-  chunk = DIM(cookie->buffer) - cookie->buffer_pos;
-  if (chunk > left)
-    chunk = left;
-
-  memcpy (dst, BUFFER_CUR_POS (cookie), chunk);
-  BUFFER_INC_POS (cookie, chunk);
-  left -= chunk;
-  dst += chunk;
-
-  if (left)
-    {
-      memcpy (dst, BUFFER_CUR_POS (cookie), left);
-      BUFFER_INC_POS (cookie, left);
-    }
-
-  return amount;
-}
-
-
-static int
-buffer_put_data (struct outstream_cookie_s *cookie, const char *src, int cnt)
-{
-  int amount;
-  int remain;
-  int left;
-  int chunk;
-
-  remain = DIM(cookie->buffer) - cookie->buffer_len;
-
-  amount = cnt;
-  if (remain < amount)
-    amount = remain;
-  left = amount;
-
-  /* How large is the part up to the end of the buffer array?  */
-  chunk = DIM(cookie->buffer) - cookie->buffer_pos;
-  if (chunk > left)
-    chunk = left;
-
-  memcpy (BUFFER_CUR_POS (cookie), src, chunk);
-  BUFFER_INC_POS (cookie, chunk);
-  left -= chunk;
-  src += chunk;
-
-  if (left)
-    {
-      memcpy (BUFFER_CUR_POS (cookie), src, left);
-      BUFFER_INC_POS (cookie, left);
-    }
-
-  cookie->buffer_len -= amount;
-  return amount;
-}
-
-
-/* The writer function for the outstream.  This is used to transfer
-   the output of the ldap wrapper thread to the ksba reader object.  */
-static ssize_t
-outstream_cookie_writer (void *cookie_arg, const void *buffer, size_t size)
-{
-  struct outstream_cookie_s *cookie = cookie_arg;
-  const char *src;
-  ssize_t nwritten = 0;
-  int res;
-  ssize_t amount = 0;
-
-  src = buffer;
-  do
-    {
-      int was_empty = 0;
-
-      /* Wait for free space.  */
-      while (BUFFER_FULL(cookie))
-        {
-          /* Buffer is full:  Wait for space.  */
-          res = npth_cond_wait (&cookie->wait_space, NULL);
-	  if (res)
-	    {
-	      gpg_err_set_errno (res);
-	      return -1;
-	    }
-        }
-
-      if (BUFFER_EMPTY(cookie))
-	was_empty = 1;
-
-      /* Copy data.  */
-      nwritten = buffer_put_data (cookie, buffer, size);
-      size -= nwritten;
-      src += nwritten;
-      amount += nwritten;
-
-      if (was_empty)
-	npth_cond_signal (&cookie->wait_data);
-    }
-  while (size);  /* Until done.  */
-
-  return amount;
-}
-
-
-static void
-outstream_release_cookie (struct outstream_cookie_s *cookie)
-{
-  cookie->refcount--;
-  if (!cookie->refcount)
-    {
-      npth_cond_destroy (&cookie->wait_data);
-      npth_cond_destroy (&cookie->wait_space);
-      xfree (cookie);
-    }
-}
-
-
-/* Closer function for the outstream.  This deallocates the cookie if
-   it won't be used anymore.  */
-static int
-outstream_cookie_closer (void *cookie_arg)
-{
-  struct outstream_cookie_s *cookie = cookie_arg;
-
-  if (!cookie)
-    return 0;  /* Nothing to do.  */
-
-  cookie->eof_seen = 1; /* (only useful if refcount > 1)  */
-
-  assert (cookie->refcount > 0);
-  outstream_release_cookie (cookie);
-  return 0;
-}
-
-
-/* The KSBA reader callback which takes the output of the ldap thread
-   form the outstream_cookie_writer and make it available to the ksba
-   reader.  */
-static int
-outstream_reader_cb (void *cb_value, char *buffer, size_t count,
-                     size_t *r_nread)
-{
-  struct outstream_cookie_s *cookie = cb_value;
-  size_t nread = 0;
-  int was_full = 0;
-
-  if (!buffer && !count && !r_nread)
-    return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Rewind is not supported.  */
-
-  *r_nread = 0;
-
-  while (BUFFER_EMPTY(cookie))
-    {
-      if (cookie->eof_seen)
-        return gpg_error (GPG_ERR_EOF);
-
-      /* Wait for data to become available.  */
-      npth_cond_wait (&cookie->wait_data, NULL);
-    }
-
-  if (BUFFER_FULL(cookie))
-    was_full = 1;
-
-  nread = buffer_get_data (cookie, buffer, count);
-
-  if (was_full)
-    {
-      npth_cond_signal (&cookie->wait_space);
-    }
-
-  *r_nread = nread;
-  return 0; /* Success.  */
-}
-
-
-/* This function is called by ksba_reader_release.  */
-static void
-outstream_reader_released (void *cb_value, ksba_reader_t r)
-{
-  struct outstream_cookie_s *cookie = cb_value;
-
-  (void)r;
-
-  assert (cookie->refcount > 0);
-  outstream_release_cookie (cookie);
-}
-
-
-
-/* This function is to be used to release a context associated with the
-   given reader object.  This does not release the reader object, though. */
-void
-ldap_wrapper_release_context (ksba_reader_t reader)
-{
-  (void)reader;
-  /* Nothing to do.  */
-}
-
-
-
-/* Free a NULL terminated array of malloced strings and the array
-   itself.  */
-static void
-free_arg_list (char **arg_list)
-{
-  int i;
-
-  if (arg_list)
-    {
-      for (i=0; arg_list[i]; i++)
-        xfree (arg_list[i]);
-      xfree (arg_list);
-    }
-}
-
-
-/* Copy ARGV into a new array and prepend one element as name of the
-   program (which is more or less a stub).  We need to allocate all
-   the strings to get ownership of them.  */
-static gpg_error_t
-create_arg_list (const char *argv[], char ***r_arg_list)
-{
-  gpg_error_t err;
-  char **arg_list;
-  int i, j;
-
-  for (i = 0; argv[i]; i++)
-    ;
-  arg_list = xtrycalloc (i + 2, sizeof *arg_list);
-  if (!arg_list)
-    goto outofcore;
-
-  i = 0;
-  arg_list[i] = xtrystrdup ("");
-  if (!arg_list[i])
-    goto outofcore;
-  i++;
-  for (j=0; argv[j]; j++)
-    {
-      arg_list[i] = xtrystrdup (argv[j]);
-      if (!arg_list[i])
-        goto outofcore;
-      i++;
-    }
-  arg_list[i] = NULL;
-  *r_arg_list = arg_list;
-  return 0;
-
- outofcore:
-  err = gpg_error_from_syserror ();
-  log_error (_("error allocating memory: %s\n"), strerror (errno));
-  free_arg_list (arg_list);
-  *r_arg_list = NULL;
-  return err;
-
-}
-
-
-/* Parameters passed to the wrapper thread. */
-struct ldap_wrapper_thread_parms
-{
-  char **arg_list;
-  estream_t outstream;
-};
-
-/* The thread which runs the LDAP wrapper.  */
-static void *
-ldap_wrapper_thread (void *opaque)
-{
-  struct ldap_wrapper_thread_parms *parms = opaque;
-
-  /*err =*/ ldap_wrapper_main (parms->arg_list, parms->outstream);
-
-  /* FIXME: Do we need to return ERR?  */
-
-  free_arg_list (parms->arg_list);
-  es_fclose (parms->outstream);
-  xfree (parms);
-  return NULL;
-}
-
-
-
-/* Start a new LDAP thread and returns a new libksba reader
-   object at READER.  ARGV is a NULL terminated list of arguments for
-   the wrapper.  The function returns 0 on success or an error code.  */
-gpg_error_t
-ldap_wrapper (ctrl_t ctrl, ksba_reader_t *r_reader, const char *argv[])
-{
-  gpg_error_t err;
-  struct ldap_wrapper_thread_parms *parms;
-  npth_attr_t tattr;
-  es_cookie_io_functions_t outstream_func = { NULL };
-  struct outstream_cookie_s *outstream_cookie;
-  ksba_reader_t reader;
-  int res;
-  npth_t thread;
-
-  (void)ctrl;
-
-  *r_reader = NULL;
-
-  parms = xtrycalloc (1, sizeof *parms);
-  if (!parms)
-    return gpg_error_from_syserror ();
-
-  err = create_arg_list (argv, &parms->arg_list);
-  if (err)
-    {
-      xfree (parms);
-      return err;
-    }
-
-  outstream_cookie = xtrycalloc (1, sizeof *outstream_cookie);
-  if (!outstream_cookie)
-    {
-      err = gpg_error_from_syserror ();
-      free_arg_list (parms->arg_list);
-      xfree (parms);
-      return err;
-    }
-  outstream_cookie->refcount++;
-
-  res = npth_cond_init (&outstream_cookie->wait_data, NULL);
-  if (res)
-    {
-      free_arg_list (parms->arg_list);
-      xfree (parms);
-      return gpg_error_from_errno (res);
-    }
-  res = npth_cond_init (&outstream_cookie->wait_space, NULL);
-  if (res)
-    {
-      npth_cond_destroy (&outstream_cookie->wait_data);
-      free_arg_list (parms->arg_list);
-      xfree (parms);
-      return gpg_error_from_errno (res);
-    }
-
-  err = ksba_reader_new (&reader);
-  if (!err)
-    err = ksba_reader_set_release_notify (reader,
-                                          outstream_reader_released,
-                                          outstream_cookie);
-  if (!err)
-    err = ksba_reader_set_cb (reader,
-                              outstream_reader_cb, outstream_cookie);
-  if (err)
-    {
-      log_error (_("error initializing reader object: %s\n"),
-                 gpg_strerror (err));
-      ksba_reader_release (reader);
-      outstream_release_cookie (outstream_cookie);
-      free_arg_list (parms->arg_list);
-      xfree (parms);
-      return err;
-    }
-
-
-  outstream_func.func_write = outstream_cookie_writer;
-  outstream_func.func_close = outstream_cookie_closer;
-  parms->outstream = es_fopencookie (outstream_cookie, "wb", outstream_func);
-  if (!parms->outstream)
-    {
-      err = gpg_error_from_syserror ();
-      ksba_reader_release (reader);
-      outstream_release_cookie (outstream_cookie);
-      free_arg_list (parms->arg_list);
-      xfree (parms);
-      return err;
-    }
-  outstream_cookie->refcount++;
-
-  res = npth_attr_init(&tattr);
-  if (res)
-    {
-      err = gpg_error_from_errno (res);
-      ksba_reader_release (reader);
-      free_arg_list (parms->arg_list);
-      es_fclose (parms->outstream);
-      xfree (parms);
-      return err;
-    }
-  npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
-
-  res = npth_create (&thread, &tattr, ldap_wrapper_thread, parms);
-  npth_attr_destroy (&tattr);
-  if (res)
-    {
-      err = gpg_error_from_errno (res);
-      log_error ("error spawning ldap wrapper thread: %s\n",
-                 strerror (res) );
-    }
-  else
-    parms = NULL; /* Now owned by the thread.  */
-
-  if (parms)
-    {
-      free_arg_list (parms->arg_list);
-      es_fclose (parms->outstream);
-      xfree (parms);
-    }
-  if (err)
-    {
-      ksba_reader_release (reader);
-      return err;
-    }
-
-  /* Need to wait for the first byte so we are able to detect an empty
-     output and not let the consumer see an EOF without further error
-     indications.  The CRL loading logic assumes that after return
-     from this function, a failed search (e.g. host not found ) is
-     indicated right away. */
-  {
-    unsigned char c;
-
-    err = read_buffer (reader, &c, 1);
-    if (err)
-      {
-        ksba_reader_release (reader);
-        reader = NULL;
-        if (gpg_err_code (err) == GPG_ERR_EOF)
-          return gpg_error (GPG_ERR_NO_DATA);
-        else
-          return err;
-      }
-    ksba_reader_unread (reader, &c, 1);
-  }
-
-  *r_reader = reader;
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/dirmngr/ldap-wrapper.h gnupg2-2.0.28/dirmngr/ldap-wrapper.h
--- gnupg2-2.1.6/dirmngr/ldap-wrapper.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ldap-wrapper.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,40 +0,0 @@
-/* ldap-wrapper.h - Interface to an LDAP access wrapper.
- * Copyright (C) 2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef LDAP_WRAPPER_H
-#define LDAP_WRAPPER_H
-
-#include 
-
-/* ldap-wrapper.c or ldap-wrapper-ce.c */
-void ldap_wrapper_launch_thread (void);
-void ldap_wrapper_wait_connections (void);
-void ldap_wrapper_release_context (ksba_reader_t reader);
-void ldap_wrapper_connection_cleanup (ctrl_t);
-gpg_error_t ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader,
-                          const char *argv[]);
-
-
-/* dirmngr_ldap.c  */
-#ifndef USE_LDAPWRAPPER
-int ldap_wrapper_main (char **argv, estream_t outstream);
-#endif
-
-
-#endif /*LDAP_WRAPPER_H*/
diff -Nru gnupg2-2.1.6/dirmngr/Makefile.am gnupg2-2.0.28/dirmngr/Makefile.am
--- gnupg2-2.1.6/dirmngr/Makefile.am	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/Makefile.am	1970-01-01 00:00:00.000000000 +0000
@@ -1,131 +0,0 @@
-# Makefile.am - dirmngr
-# Copyright (C) 2002 Klarälvdalens Datakonsult AB
-# Copyright (C) 2004, 2007, 2010 g10 Code GmbH
-#
-# This file is part of GnuPG.
-#
-# GnuPG is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# GnuPG is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see .
-
-## Process this file with automake to produce Makefile.in
-
-EXTRA_DIST = OAUTHORS ONEWS ChangeLog-2011
-
-bin_PROGRAMS = dirmngr dirmngr-client
-
-if USE_LDAPWRAPPER
-libexec_PROGRAMS = dirmngr_ldap
-endif
-
-noinst_PROGRAMS = $(module_tests)
-TESTS = $(module_tests)
-
-AM_CPPFLAGS = -I$(top_srcdir)/common
-
-include $(top_srcdir)/am/cmacros.am
-
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)	\
-            $(GPG_ERROR_CFLAGS) $(NPTH_CFLAGS) $(NTBTLS_CFLAGS)		\
-            $(LIBGNUTLS_CFLAGS)
-
-
-BUILT_SOURCES = no-libgcrypt.c
-
-CLEANFILES = no-libgcrypt.c
-
-if HAVE_W32_SYSTEM
-ldap_url = ldap-url.h ldap-url.c
-else
-ldap_url =
-endif
-
-if USE_LDAPWRAPPER
-extraldap_src = ldap-wrapper.c
-else
-extraldap_src = ldap-wrapper-ce.c  dirmngr_ldap.c
-endif
-
-noinst_HEADERS = dirmngr.h crlcache.h crlfetch.h misc.h
-
-dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c	\
-	certcache.c certcache.h \
-	cdb.h cdblib.c misc.c dirmngr-err.h  \
-	ocsp.c ocsp.h validate.c validate.h  \
-	dns-cert.c dns-cert.h \
-	ks-action.c ks-action.h ks-engine.h \
-	ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
-
-if USE_LDAP
-dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
-                   ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
-                   ks-engine-ldap.c $(ldap_url) $(extraldap_src)
-ldaplibs = $(LDAPLIBS)
-else
-ldaplibs =
-endif
-
-
-dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \
-        $(DNSLIBS) $(LIBASSUAN_LIBS) \
-	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
-	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
-if USE_LDAP
-dirmngr_LDADD += $(ldaplibs)
-endif
-if !USE_LDAPWRAPPER
-dirmngr_LDADD += $(ldaplibs)
-endif
-dirmngr_LDFLAGS = $(extra_bin_ldflags)
-
-if USE_LDAPWRAPPER
-dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url)
-dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
-dirmngr_ldap_LDFLAGS =
-dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o \
-		     $(GPG_ERROR_LIBS) $(LDAPLIBS) $(LBER_LIBS) $(LIBINTL) \
-		     $(LIBICONV)
-endif
-
-dirmngr_client_SOURCES = dirmngr-client.c
-dirmngr_client_LDADD = $(libcommon) no-libgcrypt.o \
-	                $(LIBASSUAN_LIBS) \
-	               $(GPG_ERROR_LIBS) $(NETLIBS) $(LIBINTL) $(LIBICONV)
-dirmngr_client_LDFLAGS = $(extra_bin_ldflags)
-
-
-no-libgcrypt.c : $(top_srcdir)/tools/no-libgcrypt.c
-	cat $(top_srcdir)/tools/no-libgcrypt.c > no-libgcrypt.c
-
-
-t_common_src = t-support.h
-# We need libcommontls, because we use the http functions.
-t_common_ldadd = $(libcommontls) $(libcommon) no-libgcrypt.o \
-                 $(GPG_ERROR_LIBS) $(NETLIBS) \
-                 $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
-                 $(DNSLIBS) $(LIBINTL) $(LIBICONV)
-
-module_tests = t-dns-cert
-
-if USE_LDAP
-module_tests += t-ldap-parse-uri
-endif
-
-t_ldap_parse_uri_SOURCES = \
-	t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
-        $(ldap_url) $(t_common_src)
-t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd)
-
-t_dns_cert_SOURCES = t-dns-cert.c dns-cert.c
-t_dns_cert_LDADD   = $(t_common_ldadd)
-
-$(PROGRAMS) : $(libcommon) $(libcommonpth) $(libcommontls) $(libcommontlsnpth)
diff -Nru gnupg2-2.1.6/dirmngr/Makefile.in gnupg2-2.0.28/dirmngr/Makefile.in
--- gnupg2-2.1.6/dirmngr/Makefile.in	2015-07-01 12:17:03.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/Makefile.in	1970-01-01 00:00:00.000000000 +0000
@@ -1,1128 +0,0 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-# Makefile.am - dirmngr
-# Copyright (C) 2002 Klarälvdalens Datakonsult AB
-# Copyright (C) 2004, 2007, 2010 g10 Code GmbH
-#
-# This file is part of GnuPG.
-#
-# GnuPG is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# GnuPG is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see .
-
-# cmacros.am - C macro definitions
-#     Copyright (C) 2004 Free Software Foundation, Inc.
-#
-# This file is part of GnuPG.
-#
-# GnuPG is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# GnuPG is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see .
-
-
-VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
-    case $$MAKEFLAGS in \
-      *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
-    esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
-    esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-bin_PROGRAMS = dirmngr$(EXEEXT) dirmngr-client$(EXEEXT)
-@USE_LDAPWRAPPER_TRUE@libexec_PROGRAMS = dirmngr_ldap$(EXEEXT)
-noinst_PROGRAMS = $(am__EXEEXT_2)
-TESTS = $(am__EXEEXT_2)
-DIST_COMMON = $(top_srcdir)/am/cmacros.am $(srcdir)/Makefile.in \
-	$(srcdir)/Makefile.am $(top_srcdir)/build-aux/mkinstalldirs \
-	$(top_srcdir)/build-aux/depcomp $(noinst_HEADERS)
-@HAVE_DOSISH_SYSTEM_FALSE@am__append_1 = -DGNUPG_BINDIR="\"$(bindir)\""            \
-@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LIBEXECDIR="\"$(libexecdir)\""    \
-@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\""  \
-@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_DATADIR="\"$(datadir)/@PACKAGE@\"" \
-@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_SYSCONFDIR="\"$(sysconfdir)/@PACKAGE@\"" \
-@HAVE_DOSISH_SYSTEM_FALSE@               -DGNUPG_LOCALSTATEDIR="\"$(localstatedir)\""
-
-
-# If a specific protect tool program has been defined, pass its name
-# to cc.  Note that these macros should not be used directly but via
-# the gnupg_module_name function.
-@GNUPG_AGENT_PGM_TRUE@am__append_2 = -DGNUPG_DEFAULT_AGENT="\"@GNUPG_AGENT_PGM@\""
-@GNUPG_PINENTRY_PGM_TRUE@am__append_3 = -DGNUPG_DEFAULT_PINENTRY="\"@GNUPG_PINENTRY_PGM@\""
-@GNUPG_SCDAEMON_PGM_TRUE@am__append_4 = -DGNUPG_DEFAULT_SCDAEMON="\"@GNUPG_SCDAEMON_PGM@\""
-@GNUPG_DIRMNGR_PGM_TRUE@am__append_5 = -DGNUPG_DEFAULT_DIRMNGR="\"@GNUPG_DIRMNGR_PGM@\""
-@GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\""
-@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
-@USE_LDAP_TRUE@am__append_8 = ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
-@USE_LDAP_TRUE@                   ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
-@USE_LDAP_TRUE@                   ks-engine-ldap.c $(ldap_url) $(extraldap_src)
-
-@USE_LDAP_TRUE@am__append_9 = $(ldaplibs)
-@USE_LDAPWRAPPER_FALSE@am__append_10 = $(ldaplibs)
-@USE_LDAP_TRUE@am__append_11 = t-ldap-parse-uri
-subdir = dirmngr
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
-	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/iconv.m4 \
-	$(top_srcdir)/m4/isc-posix.m4 $(top_srcdir)/m4/ksba.m4 \
-	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
-	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
-	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libassuan.m4 \
-	$(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/nls.m4 \
-	$(top_srcdir)/m4/npth.m4 $(top_srcdir)/m4/ntbtls.m4 \
-	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
-	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
-	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/m4/tar-ustar.m4 \
-	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/build-aux/mkinstalldirs
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"
-@USE_LDAP_TRUE@am__EXEEXT_1 = t-ldap-parse-uri$(EXEEXT)
-am__EXEEXT_2 = t-dns-cert$(EXEEXT) $(am__EXEEXT_1)
-PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS)
-am__dirmngr_SOURCES_DIST = dirmngr.c dirmngr.h server.c crlcache.c \
-	crlfetch.c certcache.c certcache.h cdb.h cdblib.c misc.c \
-	dirmngr-err.h ocsp.c ocsp.h validate.c validate.h dns-cert.c \
-	dns-cert.h ks-action.c ks-action.h ks-engine.h ks-engine-hkp.c \
-	ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c \
-	ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
-	ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
-	ks-engine-ldap.c ldap-url.h ldap-url.c ldap-wrapper-ce.c \
-	dirmngr_ldap.c ldap-wrapper.c
-@HAVE_W32_SYSTEM_TRUE@am__objects_1 = ldap-url.$(OBJEXT)
-@USE_LDAPWRAPPER_FALSE@am__objects_2 = ldap-wrapper-ce.$(OBJEXT) \
-@USE_LDAPWRAPPER_FALSE@	dirmngr_ldap.$(OBJEXT)
-@USE_LDAPWRAPPER_TRUE@am__objects_2 = ldap-wrapper.$(OBJEXT)
-@USE_LDAP_TRUE@am__objects_3 = ldapserver.$(OBJEXT) ldap.$(OBJEXT) \
-@USE_LDAP_TRUE@	ldap-parse-uri.$(OBJEXT) \
-@USE_LDAP_TRUE@	ks-engine-ldap.$(OBJEXT) $(am__objects_1) \
-@USE_LDAP_TRUE@	$(am__objects_2)
-am_dirmngr_OBJECTS = dirmngr.$(OBJEXT) server.$(OBJEXT) \
-	crlcache.$(OBJEXT) crlfetch.$(OBJEXT) certcache.$(OBJEXT) \
-	cdblib.$(OBJEXT) misc.$(OBJEXT) ocsp.$(OBJEXT) \
-	validate.$(OBJEXT) dns-cert.$(OBJEXT) ks-action.$(OBJEXT) \
-	ks-engine-hkp.$(OBJEXT) ks-engine-http.$(OBJEXT) \
-	ks-engine-finger.$(OBJEXT) ks-engine-kdns.$(OBJEXT) \
-	$(am__objects_3)
-dirmngr_OBJECTS = $(am_dirmngr_OBJECTS)
-am__DEPENDENCIES_1 =
-@USE_LDAP_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
-@USE_LDAP_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2)
-@USE_LDAPWRAPPER_FALSE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_2)
-dirmngr_DEPENDENCIES = $(libcommontlsnpth) $(libcommonpth) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) \
-	$(am__DEPENDENCIES_4)
-dirmngr_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(dirmngr_LDFLAGS) \
-	$(LDFLAGS) -o $@
-am_dirmngr_client_OBJECTS = dirmngr-client.$(OBJEXT)
-dirmngr_client_OBJECTS = $(am_dirmngr_client_OBJECTS)
-dirmngr_client_DEPENDENCIES = $(libcommon) no-libgcrypt.o \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-dirmngr_client_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(dirmngr_client_LDFLAGS) $(LDFLAGS) -o $@
-am__dirmngr_ldap_SOURCES_DIST = dirmngr_ldap.c ldap-url.h ldap-url.c
-@HAVE_W32_SYSTEM_TRUE@am__objects_4 = dirmngr_ldap-ldap-url.$(OBJEXT)
-@USE_LDAPWRAPPER_TRUE@am_dirmngr_ldap_OBJECTS =  \
-@USE_LDAPWRAPPER_TRUE@	dirmngr_ldap-dirmngr_ldap.$(OBJEXT) \
-@USE_LDAPWRAPPER_TRUE@	$(am__objects_4)
-dirmngr_ldap_OBJECTS = $(am_dirmngr_ldap_OBJECTS)
-@USE_LDAPWRAPPER_TRUE@dirmngr_ldap_DEPENDENCIES = $(libcommon) \
-@USE_LDAPWRAPPER_TRUE@	no-libgcrypt.o $(am__DEPENDENCIES_1) \
-@USE_LDAPWRAPPER_TRUE@	$(am__DEPENDENCIES_1) \
-@USE_LDAPWRAPPER_TRUE@	$(am__DEPENDENCIES_1) \
-@USE_LDAPWRAPPER_TRUE@	$(am__DEPENDENCIES_1) \
-@USE_LDAPWRAPPER_TRUE@	$(am__DEPENDENCIES_1)
-dirmngr_ldap_LINK = $(CCLD) $(dirmngr_ldap_CFLAGS) $(CFLAGS) \
-	$(dirmngr_ldap_LDFLAGS) $(LDFLAGS) -o $@
-am_t_dns_cert_OBJECTS = t-dns-cert.$(OBJEXT) dns-cert.$(OBJEXT)
-t_dns_cert_OBJECTS = $(am_t_dns_cert_OBJECTS)
-am__DEPENDENCIES_5 = $(libcommontls) $(libcommon) no-libgcrypt.o \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
-t_dns_cert_DEPENDENCIES = $(am__DEPENDENCIES_5)
-am__t_ldap_parse_uri_SOURCES_DIST = t-ldap-parse-uri.c \
-	ldap-parse-uri.c ldap-parse-uri.h ldap-url.h ldap-url.c \
-	t-support.h
-am__objects_5 =
-am_t_ldap_parse_uri_OBJECTS = t-ldap-parse-uri.$(OBJEXT) \
-	ldap-parse-uri.$(OBJEXT) $(am__objects_1) $(am__objects_5)
-t_ldap_parse_uri_OBJECTS = $(am_t_ldap_parse_uri_OBJECTS)
-t_ldap_parse_uri_DEPENDENCIES = $(am__DEPENDENCIES_2) \
-	$(am__DEPENDENCIES_5)
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo "  GEN     " $@;
-am__v_GEN_1 = 
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 = 
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 = 
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo "  CC      " $@;
-am__v_CC_1 = 
-CCLD = $(CC)
-LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo "  CCLD    " $@;
-am__v_CCLD_1 = 
-SOURCES = $(dirmngr_SOURCES) $(dirmngr_client_SOURCES) \
-	$(dirmngr_ldap_SOURCES) $(t_dns_cert_SOURCES) \
-	$(t_ldap_parse_uri_SOURCES)
-DIST_SOURCES = $(am__dirmngr_SOURCES_DIST) $(dirmngr_client_SOURCES) \
-	$(am__dirmngr_ldap_SOURCES_DIST) $(t_dns_cert_SOURCES) \
-	$(am__t_ldap_parse_uri_SOURCES_DIST)
-am__can_run_installinfo = \
-  case $$AM_UPDATE_INFO_DIR in \
-    n|no|NO) false;; \
-    *) (install-info --version) >/dev/null 2>&1;; \
-  esac
-HEADERS = $(noinst_HEADERS)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates.  Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
-  BEGIN { nonempty = 0; } \
-  { items[$$0] = 1; nonempty = 1; } \
-  END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique.  This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
-  list='$(am__tagged_files)'; \
-  unique=`for i in $$list; do \
-    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-  done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__tty_colors_dummy = \
-  mgn= red= grn= lgn= blu= brg= std=; \
-  am__color_tests=no
-am__tty_colors = { \
-  $(am__tty_colors_dummy); \
-  if test "X$(AM_COLOR_TESTS)" = Xno; then \
-    am__color_tests=no; \
-  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
-    am__color_tests=yes; \
-  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
-    am__color_tests=yes; \
-  fi; \
-  if test $$am__color_tests = yes; then \
-    red=''; \
-    grn=''; \
-    lgn=''; \
-    blu=''; \
-    mgn=''; \
-    brg=''; \
-    std=''; \
-  fi; \
-}
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BUILD_FILEVERSION = @BUILD_FILEVERSION@
-BUILD_HOSTNAME = @BUILD_HOSTNAME@
-BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
-BUILD_REVISION = @BUILD_REVISION@
-BUILD_TIMESTAMP = @BUILD_TIMESTAMP@
-BUILD_VERSION = @BUILD_VERSION@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CC_FOR_BUILD = @CC_FOR_BUILD@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DL_LIBS = @DL_LIBS@
-DNSLIBS = @DNSLIBS@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ENCFS = @ENCFS@
-EXEEXT = @EXEEXT@
-FUSERMOUNT = @FUSERMOUNT@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GNUPG_AGENT_PGM = @GNUPG_AGENT_PGM@
-GNUPG_DIRMNGR_LDAP_PGM = @GNUPG_DIRMNGR_LDAP_PGM@
-GNUPG_DIRMNGR_PGM = @GNUPG_DIRMNGR_PGM@
-GNUPG_PINENTRY_PGM = @GNUPG_PINENTRY_PGM@
-GNUPG_PROTECT_TOOL_PGM = @GNUPG_PROTECT_TOOL_PGM@
-GNUPG_SCDAEMON_PGM = @GNUPG_SCDAEMON_PGM@
-GPGKEYS_LDAP = @GPGKEYS_LDAP@
-GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
-GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
-GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
-GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
-GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-KSBA_CFLAGS = @KSBA_CFLAGS@
-KSBA_CONFIG = @KSBA_CONFIG@
-KSBA_LIBS = @KSBA_LIBS@
-LBER_LIBS = @LBER_LIBS@
-LDAPLIBS = @LDAPLIBS@
-LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBASSUAN_CFLAGS = @LIBASSUAN_CFLAGS@
-LIBASSUAN_CONFIG = @LIBASSUAN_CONFIG@
-LIBASSUAN_LIBS = @LIBASSUAN_LIBS@
-LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
-LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
-LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
-LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
-LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBOBJS = @LIBOBJS@
-LIBREADLINE = @LIBREADLINE@
-LIBS = @LIBS@
-LIBUSB_LIBS = @LIBUSB_LIBS@
-LIBUTIL_LIBS = @LIBUTIL_LIBS@
-LN_S = @LN_S@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-MAINT = @MAINT@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NETLIBS = @NETLIBS@
-NPTH_CFLAGS = @NPTH_CFLAGS@
-NPTH_CONFIG = @NPTH_CONFIG@
-NPTH_LIBS = @NPTH_LIBS@
-NTBTLS_CFLAGS = @NTBTLS_CFLAGS@
-NTBTLS_CONFIG = @NTBTLS_CONFIG@
-NTBTLS_LIBS = @NTBTLS_LIBS@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_GT = @PACKAGE_GT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POSUB = @POSUB@
-RANLIB = @RANLIB@
-SENDMAIL = @SENDMAIL@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SHRED = @SHRED@
-STRIP = @STRIP@
-SYSROOT = @SYSROOT@
-SYS_SOCKET_H = @SYS_SOCKET_H@
-TAR = @TAR@
-USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
-USE_NLS = @USE_NLS@
-VERSION = @VERSION@
-W32SOCKLIBS = @W32SOCKLIBS@
-WINDRES = @WINDRES@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-ZLIBS = @ZLIBS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = $(datadir)/locale
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-EXTRA_DIST = OAUTHORS ONEWS ChangeLog-2011
-
-# NB: AM_CFLAGS may also be used by tools running on the build
-# platform to create source files.
-AM_CPPFLAGS = -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \
-	$(am__append_1) $(am__append_2) $(am__append_3) \
-	$(am__append_4) $(am__append_5) $(am__append_6) \
-	$(am__append_7)
-@HAVE_W32CE_SYSTEM_FALSE@extra_sys_libs = 
-
-# Under Windows we use LockFileEx.  WindowsCE provides this only on
-# the WindowsMobile 6 platform and thus we need to use the coredll6
-# import library.  We also want to use a stacksize of 256k instead of
-# the 2MB which is the default with cegcc.  256k is the largest stack
-# we use with pth.
-@HAVE_W32CE_SYSTEM_TRUE@extra_sys_libs = -lcoredll6
-@HAVE_W32CE_SYSTEM_FALSE@extra_bin_ldflags = 
-@HAVE_W32CE_SYSTEM_TRUE@extra_bin_ldflags = -Wl,--stack=0x40000
-resource_objs = 
-
-# Convenience macros
-libcommon = ../common/libcommon.a
-libcommonpth = ../common/libcommonpth.a
-libcommontls = ../common/libcommontls.a
-libcommontlsnpth = ../common/libcommontlsnpth.a
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)	\
-            $(GPG_ERROR_CFLAGS) $(NPTH_CFLAGS) $(NTBTLS_CFLAGS)		\
-            $(LIBGNUTLS_CFLAGS)
-
-BUILT_SOURCES = no-libgcrypt.c
-CLEANFILES = no-libgcrypt.c
-@HAVE_W32_SYSTEM_FALSE@ldap_url = 
-@HAVE_W32_SYSTEM_TRUE@ldap_url = ldap-url.h ldap-url.c
-@USE_LDAPWRAPPER_FALSE@extraldap_src = ldap-wrapper-ce.c  dirmngr_ldap.c
-@USE_LDAPWRAPPER_TRUE@extraldap_src = ldap-wrapper.c
-noinst_HEADERS = dirmngr.h crlcache.h crlfetch.h misc.h
-dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \
-	certcache.c certcache.h cdb.h cdblib.c misc.c dirmngr-err.h \
-	ocsp.c ocsp.h validate.c validate.h dns-cert.c dns-cert.h \
-	ks-action.c ks-action.h ks-engine.h ks-engine-hkp.c \
-	ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c \
-	$(am__append_8)
-@USE_LDAP_FALSE@ldaplibs = 
-@USE_LDAP_TRUE@ldaplibs = $(LDAPLIBS)
-dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) $(DNSLIBS) \
-	$(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
-	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) \
-	$(am__append_9) $(am__append_10)
-dirmngr_LDFLAGS = $(extra_bin_ldflags)
-@USE_LDAPWRAPPER_TRUE@dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url)
-@USE_LDAPWRAPPER_TRUE@dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
-@USE_LDAPWRAPPER_TRUE@dirmngr_ldap_LDFLAGS = 
-@USE_LDAPWRAPPER_TRUE@dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o \
-@USE_LDAPWRAPPER_TRUE@		     $(GPG_ERROR_LIBS) $(LDAPLIBS) $(LBER_LIBS) $(LIBINTL) \
-@USE_LDAPWRAPPER_TRUE@		     $(LIBICONV)
-
-dirmngr_client_SOURCES = dirmngr-client.c
-dirmngr_client_LDADD = $(libcommon) no-libgcrypt.o \
-	                $(LIBASSUAN_LIBS) \
-	               $(GPG_ERROR_LIBS) $(NETLIBS) $(LIBINTL) $(LIBICONV)
-
-dirmngr_client_LDFLAGS = $(extra_bin_ldflags)
-t_common_src = t-support.h
-# We need libcommontls, because we use the http functions.
-t_common_ldadd = $(libcommontls) $(libcommon) no-libgcrypt.o \
-                 $(GPG_ERROR_LIBS) $(NETLIBS) \
-                 $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
-                 $(DNSLIBS) $(LIBINTL) $(LIBICONV)
-
-module_tests = t-dns-cert $(am__append_11)
-t_ldap_parse_uri_SOURCES = \
-	t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
-        $(ldap_url) $(t_common_src)
-
-t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd)
-t_dns_cert_SOURCES = t-dns-cert.c dns-cert.c
-t_dns_cert_LDADD = $(t_common_ldadd)
-all: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .o .obj .rc
-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/am/cmacros.am $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
-	        && { if test -f $@; then exit 0; else break; fi; }; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu dirmngr/Makefile'; \
-	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu dirmngr/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-$(top_srcdir)/am/cmacros.am:
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-install-binPROGRAMS: $(bin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
-	if test -n "$$list"; then \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
-	fi; \
-	for p in $$list; do echo "$$p $$p"; done | \
-	sed 's/$(EXEEXT)$$//' | \
-	while read p p1; do if test -f $$p \
-	  ; then echo "$$p"; echo "$$p"; else :; fi; \
-	done | \
-	sed -e 'p;s,.*/,,;n;h' \
-	    -e 's|.*|.|' \
-	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
-	sed 'N;N;N;s,\n, ,g' | \
-	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
-	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
-	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
-	    else { print "f", $$3 "/" $$4, $$1; } } \
-	  END { for (d in files) print "f", d, files[d] }' | \
-	while read type dir files; do \
-	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
-	    test -z "$$files" || { \
-	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
-	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
-	    } \
-	; done
-
-uninstall-binPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
-	files=`for p in $$list; do echo "$$p"; done | \
-	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
-	      -e 's/$$/$(EXEEXT)/' \
-	`; \
-	test -n "$$list" || exit 0; \
-	echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
-	cd "$(DESTDIR)$(bindir)" && rm -f $$files
-
-clean-binPROGRAMS:
-	-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
-install-libexecPROGRAMS: $(libexec_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	@list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
-	if test -n "$$list"; then \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(libexecdir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(libexecdir)" || exit 1; \
-	fi; \
-	for p in $$list; do echo "$$p $$p"; done | \
-	sed 's/$(EXEEXT)$$//' | \
-	while read p p1; do if test -f $$p \
-	  ; then echo "$$p"; echo "$$p"; else :; fi; \
-	done | \
-	sed -e 'p;s,.*/,,;n;h' \
-	    -e 's|.*|.|' \
-	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
-	sed 'N;N;N;s,\n, ,g' | \
-	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
-	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
-	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
-	    else { print "f", $$3 "/" $$4, $$1; } } \
-	  END { for (d in files) print "f", d, files[d] }' | \
-	while read type dir files; do \
-	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
-	    test -z "$$files" || { \
-	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
-	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
-	    } \
-	; done
-
-uninstall-libexecPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
-	files=`for p in $$list; do echo "$$p"; done | \
-	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
-	      -e 's/$$/$(EXEEXT)/' \
-	`; \
-	test -n "$$list" || exit 0; \
-	echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
-	cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
-
-clean-libexecPROGRAMS:
-	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
-
-clean-noinstPROGRAMS:
-	-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
-
-dirmngr$(EXEEXT): $(dirmngr_OBJECTS) $(dirmngr_DEPENDENCIES) $(EXTRA_dirmngr_DEPENDENCIES) 
-	@rm -f dirmngr$(EXEEXT)
-	$(AM_V_CCLD)$(dirmngr_LINK) $(dirmngr_OBJECTS) $(dirmngr_LDADD) $(LIBS)
-
-dirmngr-client$(EXEEXT): $(dirmngr_client_OBJECTS) $(dirmngr_client_DEPENDENCIES) $(EXTRA_dirmngr_client_DEPENDENCIES) 
-	@rm -f dirmngr-client$(EXEEXT)
-	$(AM_V_CCLD)$(dirmngr_client_LINK) $(dirmngr_client_OBJECTS) $(dirmngr_client_LDADD) $(LIBS)
-
-dirmngr_ldap$(EXEEXT): $(dirmngr_ldap_OBJECTS) $(dirmngr_ldap_DEPENDENCIES) $(EXTRA_dirmngr_ldap_DEPENDENCIES) 
-	@rm -f dirmngr_ldap$(EXEEXT)
-	$(AM_V_CCLD)$(dirmngr_ldap_LINK) $(dirmngr_ldap_OBJECTS) $(dirmngr_ldap_LDADD) $(LIBS)
-
-t-dns-cert$(EXEEXT): $(t_dns_cert_OBJECTS) $(t_dns_cert_DEPENDENCIES) $(EXTRA_t_dns_cert_DEPENDENCIES) 
-	@rm -f t-dns-cert$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(t_dns_cert_OBJECTS) $(t_dns_cert_LDADD) $(LIBS)
-
-t-ldap-parse-uri$(EXEEXT): $(t_ldap_parse_uri_OBJECTS) $(t_ldap_parse_uri_DEPENDENCIES) $(EXTRA_t_ldap_parse_uri_DEPENDENCIES) 
-	@rm -f t-ldap-parse-uri$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(t_ldap_parse_uri_OBJECTS) $(t_ldap_parse_uri_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cdblib.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certcache.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crlcache.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crlfetch.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dirmngr-client.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dirmngr.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dirmngr_ldap-ldap-url.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dirmngr_ldap.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dns-cert.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ks-action.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ks-engine-finger.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ks-engine-hkp.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ks-engine-http.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ks-engine-kdns.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ks-engine-ldap.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap-parse-uri.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap-url.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap-wrapper-ce.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap-wrapper.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldap.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldapserver.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-dns-cert.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t-ldap-parse-uri.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/validate.Po@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-dirmngr_ldap-dirmngr_ldap.o: dirmngr_ldap.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -MT dirmngr_ldap-dirmngr_ldap.o -MD -MP -MF $(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Tpo -c -o dirmngr_ldap-dirmngr_ldap.o `test -f 'dirmngr_ldap.c' || echo '$(srcdir)/'`dirmngr_ldap.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Tpo $(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dirmngr_ldap.c' object='dirmngr_ldap-dirmngr_ldap.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -c -o dirmngr_ldap-dirmngr_ldap.o `test -f 'dirmngr_ldap.c' || echo '$(srcdir)/'`dirmngr_ldap.c
-
-dirmngr_ldap-dirmngr_ldap.obj: dirmngr_ldap.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -MT dirmngr_ldap-dirmngr_ldap.obj -MD -MP -MF $(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Tpo -c -o dirmngr_ldap-dirmngr_ldap.obj `if test -f 'dirmngr_ldap.c'; then $(CYGPATH_W) 'dirmngr_ldap.c'; else $(CYGPATH_W) '$(srcdir)/dirmngr_ldap.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Tpo $(DEPDIR)/dirmngr_ldap-dirmngr_ldap.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dirmngr_ldap.c' object='dirmngr_ldap-dirmngr_ldap.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -c -o dirmngr_ldap-dirmngr_ldap.obj `if test -f 'dirmngr_ldap.c'; then $(CYGPATH_W) 'dirmngr_ldap.c'; else $(CYGPATH_W) '$(srcdir)/dirmngr_ldap.c'; fi`
-
-dirmngr_ldap-ldap-url.o: ldap-url.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -MT dirmngr_ldap-ldap-url.o -MD -MP -MF $(DEPDIR)/dirmngr_ldap-ldap-url.Tpo -c -o dirmngr_ldap-ldap-url.o `test -f 'ldap-url.c' || echo '$(srcdir)/'`ldap-url.c
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/dirmngr_ldap-ldap-url.Tpo $(DEPDIR)/dirmngr_ldap-ldap-url.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ldap-url.c' object='dirmngr_ldap-ldap-url.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -c -o dirmngr_ldap-ldap-url.o `test -f 'ldap-url.c' || echo '$(srcdir)/'`ldap-url.c
-
-dirmngr_ldap-ldap-url.obj: ldap-url.c
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -MT dirmngr_ldap-ldap-url.obj -MD -MP -MF $(DEPDIR)/dirmngr_ldap-ldap-url.Tpo -c -o dirmngr_ldap-ldap-url.obj `if test -f 'ldap-url.c'; then $(CYGPATH_W) 'ldap-url.c'; else $(CYGPATH_W) '$(srcdir)/ldap-url.c'; fi`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/dirmngr_ldap-ldap-url.Tpo $(DEPDIR)/dirmngr_ldap-ldap-url.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ldap-url.c' object='dirmngr_ldap-ldap-url.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dirmngr_ldap_CFLAGS) $(CFLAGS) -c -o dirmngr_ldap-ldap-url.obj `if test -f 'ldap-url.c'; then $(CYGPATH_W) 'ldap-url.c'; else $(CYGPATH_W) '$(srcdir)/ldap-url.c'; fi`
-
-ID: $(am__tagged_files)
-	$(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	set x; \
-	here=`pwd`; \
-	$(am__define_uniq_tagged_files); \
-	shift; \
-	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  if test $$# -gt 0; then \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      "$$@" $$unique; \
-	  else \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      $$unique; \
-	  fi; \
-	fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	$(am__define_uniq_tagged_files); \
-	test -z "$(CTAGS_ARGS)$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && $(am__cd) $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
-	list='$(am__tagged_files)'; \
-	case "$(srcdir)" in \
-	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
-	  *) sdir=$(subdir)/$(srcdir) ;; \
-	esac; \
-	for i in $$list; do \
-	  if test -f "$$i"; then \
-	    echo "$(subdir)/$$i"; \
-	  else \
-	    echo "$$sdir/$$i"; \
-	  fi; \
-	done >> $(top_builddir)/cscope.files
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
-	@failed=0; all=0; xfail=0; xpass=0; skip=0; \
-	srcdir=$(srcdir); export srcdir; \
-	list=' $(TESTS) '; \
-	$(am__tty_colors); \
-	if test -n "$$list"; then \
-	  for tst in $$list; do \
-	    if test -f ./$$tst; then dir=./; \
-	    elif test -f $$tst; then dir=; \
-	    else dir="$(srcdir)/"; fi; \
-	    if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *[\ \	]$$tst[\ \	]*) \
-		xpass=`expr $$xpass + 1`; \
-		failed=`expr $$failed + 1`; \
-		col=$$red; res=XPASS; \
-	      ;; \
-	      *) \
-		col=$$grn; res=PASS; \
-	      ;; \
-	      esac; \
-	    elif test $$? -ne 77; then \
-	      all=`expr $$all + 1`; \
-	      case " $(XFAIL_TESTS) " in \
-	      *[\ \	]$$tst[\ \	]*) \
-		xfail=`expr $$xfail + 1`; \
-		col=$$lgn; res=XFAIL; \
-	      ;; \
-	      *) \
-		failed=`expr $$failed + 1`; \
-		col=$$red; res=FAIL; \
-	      ;; \
-	      esac; \
-	    else \
-	      skip=`expr $$skip + 1`; \
-	      col=$$blu; res=SKIP; \
-	    fi; \
-	    echo "$${col}$$res$${std}: $$tst"; \
-	  done; \
-	  if test "$$all" -eq 1; then \
-	    tests="test"; \
-	    All=""; \
-	  else \
-	    tests="tests"; \
-	    All="All "; \
-	  fi; \
-	  if test "$$failed" -eq 0; then \
-	    if test "$$xfail" -eq 0; then \
-	      banner="$$All$$all $$tests passed"; \
-	    else \
-	      if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
-	      banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
-	    fi; \
-	  else \
-	    if test "$$xpass" -eq 0; then \
-	      banner="$$failed of $$all $$tests failed"; \
-	    else \
-	      if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
-	      banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
-	    fi; \
-	  fi; \
-	  dashes="$$banner"; \
-	  skipped=""; \
-	  if test "$$skip" -ne 0; then \
-	    if test "$$skip" -eq 1; then \
-	      skipped="($$skip test was not run)"; \
-	    else \
-	      skipped="($$skip tests were not run)"; \
-	    fi; \
-	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$skipped"; \
-	  fi; \
-	  report=""; \
-	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
-	    report="Please report to $(PACKAGE_BUGREPORT)"; \
-	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
-	      dashes="$$report"; \
-	  fi; \
-	  dashes=`echo "$$dashes" | sed s/./=/g`; \
-	  if test "$$failed" -eq 0; then \
-	    col="$$grn"; \
-	  else \
-	    col="$$red"; \
-	  fi; \
-	  echo "$${col}$$dashes$${std}"; \
-	  echo "$${col}$$banner$${std}"; \
-	  test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
-	  test -z "$$report" || echo "$${col}$$report$${std}"; \
-	  echo "$${col}$$dashes$${std}"; \
-	  test "$$failed" -eq 0; \
-	else :; fi
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d "$(distdir)/$$file"; then \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
-	  else \
-	    test -f "$(distdir)/$$file" \
-	    || cp -p $$d/$$file "$(distdir)/$$file" \
-	    || exit 1; \
-	  fi; \
-	done
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(PROGRAMS) $(HEADERS)
-installdirs:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	if test -z '$(STRIP)'; then \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	      install; \
-	else \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
-	fi
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-noinstPROGRAMS mostlyclean-am
-
-distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS
-
-.MAKE: all check check-am install install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \
-	clean-noinstPROGRAMS cscopelist-am ctags ctags-am distclean \
-	distclean-compile distclean-generic distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-binPROGRAMS install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am \
-	install-libexecPROGRAMS install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
-	uninstall-am uninstall-binPROGRAMS uninstall-libexecPROGRAMS
-
-
-@HAVE_W32_SYSTEM_TRUE@.rc.o:
-@HAVE_W32_SYSTEM_TRUE@	$(WINDRES) $(DEFAULT_INCLUDES) $(INCLUDES) "$<" "$@"
-
-no-libgcrypt.c : $(top_srcdir)/tools/no-libgcrypt.c
-	cat $(top_srcdir)/tools/no-libgcrypt.c > no-libgcrypt.c
-
-$(PROGRAMS) : $(libcommon) $(libcommonpth) $(libcommontls) $(libcommontlsnpth)
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff -Nru gnupg2-2.1.6/dirmngr/misc.c gnupg2-2.0.28/dirmngr/misc.c
--- gnupg2-2.1.6/dirmngr/misc.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/misc.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,639 +0,0 @@
-/* misc.c - miscellaneous
- *	Copyright (C) 2002 Klarälvdalens Datakonsult AB
- *      Copyright (C) 2002, 2003, 2004, 2010 Free Software Foundation, Inc.
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "util.h"
-#include "misc.h"
-
-
-/* Convert the hex encoded STRING back into binary and store the
-   result into the provided buffer RESULT.  The actual size of that
-   buffer will be returned.  The caller should provide RESULT of at
-   least strlen(STRING)/2 bytes.  There is no error detection, the
-   parsing stops at the first non hex character.  With RESULT given as
-   NULL, the fucntion does only return the size of the buffer which
-   would be needed.  */
-size_t
-unhexify (unsigned char *result, const char *string)
-{
-  const char *s;
-  size_t n;
-
-  for (s=string,n=0; hexdigitp (s) && hexdigitp(s+1); s += 2)
-    {
-      if (result)
-        result[n] = xtoi_2 (s);
-      n++;
-    }
-  return n;
-}
-
-
-char*
-hashify_data( const char* data, size_t len )
-{
-  unsigned char buf[20];
-  gcry_md_hash_buffer (GCRY_MD_SHA1, buf, data, len);
-  return hexify_data( buf, 20 );
-}
-
-char*
-hexify_data( const unsigned char* data, size_t len )
-{
-  int i;
-  char* result = xmalloc( sizeof( char ) * (2*len+1));
-
-  for( i = 0; i < 2*len; i+=2 )
-    sprintf( result+i, "%02X", *data++);
-  return result;
-}
-
-char *
-serial_hex (ksba_sexp_t serial )
-{
-  unsigned char* p = serial;
-  char *endp;
-  unsigned long n;
-  char *certid;
-
-  if (!p)
-    return NULL;
-  else {
-    p++; /* ignore initial '(' */
-    n = strtoul (p, (char**)&endp, 10);
-    p = endp;
-    if (*p!=':')
-      return NULL;
-    else {
-      int i = 0;
-      certid = xmalloc( sizeof( char )*(2*n + 1 ) );
-      for (p++; n; n--, p++) {
-	sprintf ( certid+i , "%02X", *p);
-	i += 2;
-      }
-    }
-  }
-  return certid;
-}
-
-
-/* Take an S-Expression encoded blob and return a pointer to the
-   actual data as well as its length.  Return NULL for an invalid
-   S-Expression.*/
-const unsigned char *
-serial_to_buffer (const ksba_sexp_t serial, size_t *length)
-{
-  unsigned char *p = serial;
-  char *endp;
-  unsigned long n;
-
-  if (!p || *p != '(')
-    return NULL;
-  p++;
-  n = strtoul (p, &endp, 10);
-  p = endp;
-  if (*p != ':')
-    return NULL;
-  p++;
-  *length = n;
-  return p;
-}
-
-
-/* Do an in-place percent unescaping of STRING. Returns STRING. Note
-   that this function does not do a '+'-to-space unescaping.*/
-char *
-unpercent_string (char *string)
-{
-  char *s = string;
-  char *d = string;
-
-  while (*s)
-    {
-      if (*s == '%' && s[1] && s[2])
-        {
-          s++;
-          *d++ = xtoi_2 ( s);
-          s += 2;
-        }
-      else
-        *d++ = *s++;
-    }
-  *d = 0;
-  return string;
-}
-
-/* Convert a canonical encoded S-expression in CANON into the GCRY
-   type. */
-gpg_error_t
-canon_sexp_to_gcry (const unsigned char *canon, gcry_sexp_t *r_sexp)
-{
-  gpg_error_t err;
-  size_t n;
-  gcry_sexp_t sexp;
-
-  *r_sexp = NULL;
-  n = gcry_sexp_canon_len (canon, 0, NULL, NULL);
-  if (!n)
-    {
-      log_error (_("invalid canonical S-expression found\n"));
-      err = gpg_error (GPG_ERR_INV_SEXP);
-    }
-  else if ((err = gcry_sexp_sscan (&sexp, NULL, canon, n)))
-    log_error (_("converting S-expression failed: %s\n"), gcry_strerror (err));
-  else
-    *r_sexp = sexp;
-  return err;
-}
-
-
-/* Return an allocated buffer with the formatted fingerprint as one
-   large hexnumber */
-char *
-get_fingerprint_hexstring (ksba_cert_t cert)
-{
-  unsigned char digest[20];
-  gcry_md_hd_t md;
-  int rc;
-  char *buf;
-  int i;
-
-  rc = gcry_md_open (&md, GCRY_MD_SHA1, 0);
-  if (rc)
-    log_fatal (_("gcry_md_open failed: %s\n"), gpg_strerror (rc));
-
-  rc = ksba_cert_hash (cert, 0, HASH_FNC, md);
-  if (rc)
-    {
-      log_error (_("oops: ksba_cert_hash failed: %s\n"), gpg_strerror (rc));
-      memset (digest, 0xff, 20); /* Use a dummy value. */
-    }
-  else
-    {
-      gcry_md_final (md);
-      memcpy (digest, gcry_md_read (md, GCRY_MD_SHA1), 20);
-    }
-  gcry_md_close (md);
-  buf = xmalloc (41);
-  *buf = 0;
-  for (i=0; i < 20; i++ )
-    sprintf (buf+strlen(buf), "%02X", digest[i]);
-  return buf;
-}
-
-/* Return an allocated buffer with the formatted fingerprint as one
-   large hexnumber.  This version inserts the usual colons. */
-char *
-get_fingerprint_hexstring_colon (ksba_cert_t cert)
-{
-  unsigned char digest[20];
-  gcry_md_hd_t md;
-  int rc;
-  char *buf;
-  int i;
-
-  rc = gcry_md_open (&md, GCRY_MD_SHA1, 0);
-  if (rc)
-    log_fatal (_("gcry_md_open failed: %s\n"), gpg_strerror (rc));
-
-  rc = ksba_cert_hash (cert, 0, HASH_FNC, md);
-  if (rc)
-    {
-      log_error (_("oops: ksba_cert_hash failed: %s\n"), gpg_strerror (rc));
-      memset (digest, 0xff, 20); /* Use a dummy value. */
-    }
-  else
-    {
-      gcry_md_final (md);
-      memcpy (digest, gcry_md_read (md, GCRY_MD_SHA1), 20);
-    }
-  gcry_md_close (md);
-  buf = xmalloc (61);
-  *buf = 0;
-  for (i=0; i < 20; i++ )
-    sprintf (buf+strlen(buf), "%02X:", digest[i]);
-  buf[strlen(buf)-1] = 0; /* Remove railing colon. */
-  return buf;
-}
-
-
-/* Dump the serial number SERIALNO to the log stream.  */
-void
-dump_serial (ksba_sexp_t serialno)
-{
-  char *p;
-
-  p = serial_hex (serialno);
-  log_printf ("%s", p?p:"?");
-  xfree (p);
-}
-
-
-/* Dump STRING to the log file but choose the best readable
-   format.  */
-void
-dump_string (const char *string)
-{
-
-  if (!string)
-    log_printf ("[error]");
-  else
-    {
-      const unsigned char *s;
-
-      for (s=string; *s; s++)
-        {
-          if (*s < ' ' || (*s >= 0x7f && *s <= 0xa0))
-            break;
-        }
-      if (!*s && *string != '[')
-        log_printf ("%s", string);
-      else
-        {
-          log_printf ( "[ ");
-          log_printhex (NULL, string, strlen (string));
-          log_printf ( " ]");
-        }
-    }
-}
-
-/* Dump an KSBA cert object to the log stream. Prefix the output with
-   TEXT.  This is used for debugging. */
-void
-dump_cert (const char *text, ksba_cert_t cert)
-{
-  ksba_sexp_t sexp;
-  char *p;
-  ksba_isotime_t t;
-
-  log_debug ("BEGIN Certificate '%s':\n", text? text:"");
-  if (cert)
-    {
-      sexp = ksba_cert_get_serial (cert);
-      p = serial_hex (sexp);
-      log_debug ("     serial: %s\n", p?p:"?");
-      xfree (p);
-      ksba_free (sexp);
-
-      ksba_cert_get_validity (cert, 0, t);
-      log_debug ("  notBefore: ");
-      dump_isotime (t);
-      log_printf ("\n");
-      ksba_cert_get_validity (cert, 1, t);
-      log_debug ("   notAfter: ");
-      dump_isotime (t);
-      log_printf ("\n");
-
-      p = ksba_cert_get_issuer (cert, 0);
-      log_debug ("     issuer: ");
-      dump_string (p);
-      ksba_free (p);
-      log_printf ("\n");
-
-      p = ksba_cert_get_subject (cert, 0);
-      log_debug ("    subject: ");
-      dump_string (p);
-      ksba_free (p);
-      log_printf ("\n");
-
-      log_debug ("  hash algo: %s\n", ksba_cert_get_digest_algo (cert));
-
-      p = get_fingerprint_hexstring (cert);
-      log_debug ("  SHA1 fingerprint: %s\n", p);
-      xfree (p);
-    }
-  log_debug ("END Certificate\n");
-}
-
-
-
-/* Log the certificate's name in "#SN/ISSUERDN" format along with
-   TEXT. */
-void
-cert_log_name (const char *text, ksba_cert_t cert)
-{
-  log_info ("%s", text? text:"certificate" );
-  if (cert)
-    {
-      ksba_sexp_t sn;
-      char *p;
-
-      p = ksba_cert_get_issuer (cert, 0);
-      sn = ksba_cert_get_serial (cert);
-      if (p && sn)
-        {
-          log_printf (" #");
-          dump_serial (sn);
-          log_printf ("/");
-          dump_string (p);
-        }
-      else
-        log_printf (" [invalid]");
-      ksba_free (sn);
-      xfree (p);
-    }
-  log_printf ("\n");
-}
-
-
-/* Log the certificate's subject DN along with TEXT. */
-void
-cert_log_subject (const char *text, ksba_cert_t cert)
-{
-  log_info ("%s", text? text:"subject" );
-  if (cert)
-    {
-      char *p;
-
-      p = ksba_cert_get_subject (cert, 0);
-      if (p)
-        {
-          log_printf (" /");
-          dump_string (p);
-          xfree (p);
-        }
-      else
-        log_printf (" [invalid]");
-    }
-  log_printf ("\n");
-}
-
-
-/* Callback to print infos about the TLS certificates.  */
-void
-cert_log_cb (http_session_t sess, gpg_error_t err,
-             const char *hostname, const void **certs, size_t *certlens)
-{
-  ksba_cert_t cert;
-  size_t n;
-
-  (void)sess;
-
-  if (!err)
-    return; /* No error - no need to log anything  */
-
-  log_debug ("expected hostname: %s\n", hostname);
-  for (n=0; certs[n]; n++)
-    {
-      err = ksba_cert_new (&cert);
-      if (!err)
-        err = ksba_cert_init_from_mem (cert, certs[n], certlens[n]);
-      if (err)
-        log_error ("error parsing cert for logging: %s\n", gpg_strerror (err));
-      else
-        {
-          char textbuf[20];
-          snprintf (textbuf, sizeof textbuf, "server[%u]", (unsigned int)n);
-          dump_cert (textbuf, cert);
-        }
-
-      ksba_cert_release (cert);
-    }
-}
-
-
-/****************
- * Remove all %xx escapes; this is done inplace.
- * Returns: New length of the string.
- */
-static int
-remove_percent_escapes (unsigned char *string)
-{
-  int n = 0;
-  unsigned char *p, *s;
-
-  for (p = s = string; *s; s++)
-    {
-      if (*s == '%')
-        {
-          if (s[1] && s[2] && hexdigitp (s+1) && hexdigitp (s+2))
-            {
-              s++;
-              *p = xtoi_2 (s);
-              s++;
-              p++;
-              n++;
-            }
-          else
-            {
-              *p++ = *s++;
-              if (*s)
-                *p++ = *s++;
-              if (*s)
-                *p++ = *s++;
-              if (*s)
-                *p = 0;
-              return -1;   /* Bad URI. */
-            }
-        }
-      else
-        {
-          *p++ = *s;
-          n++;
-        }
-    }
-  *p = 0;  /* Always keep a string terminator. */
-  return n;
-}
-
-
-/* Return the host name and the port (0 if none was given) from the
-   URL.  Return NULL on error or if host is not included in the
-   URL.  */
-char *
-host_and_port_from_url (const char *url, int *port)
-{
-  const char *s, *s2;
-  char *buf, *p;
-  int n;
-
-  s = url;
-
-  *port = 0;
-
-  /* Find the scheme */
-  if ( !(s2 = strchr (s, ':')) || s2 == s )
-    return NULL;  /* No scheme given. */
-  s = s2+1;
-
-  /* Find the hostname */
-  if (*s != '/')
-    return NULL; /* Does not start with a slash. */
-
-  s++;
-  if (*s != '/')
-    return NULL; /* No host name.  */
-  s++;
-
-  buf = xtrystrdup (s);
-  if (!buf)
-    {
-      log_error (_("malloc failed: %s\n"), strerror (errno));
-      return NULL;
-    }
-  if ((p = strchr (buf, '/')))
-    *p++ = 0;
-  strlwr (buf);
-  if ((p = strchr (p, ':')))
-    {
-      *p++ = 0;
-      *port = atoi (p);
-    }
-
-  /* Remove quotes and make sure that no Nul has been encoded. */
-  if ((n = remove_percent_escapes (buf)) < 0
-      || n != strlen (buf) )
-    {
-      log_error (_("bad URL encoding detected\n"));
-      xfree (buf);
-      return NULL;
-    }
-
-  return buf;
-}
-
-
-/* A KSBA reader callback to read from an estream.  */
-static int
-my_estream_ksba_reader_cb (void *cb_value, char *buffer, size_t count,
-                           size_t *r_nread)
-{
-  estream_t fp = cb_value;
-
-  if (!fp)
-    return gpg_error (GPG_ERR_INV_VALUE);
-
-  if (!buffer && !count && !r_nread)
-    {
-      es_rewind (fp);
-      return 0;
-    }
-
-  *r_nread = es_fread (buffer, 1, count, fp);
-  if (!*r_nread)
-    return -1; /* EOF or error.  */
-  return 0; /* Success.  */
-}
-
-
-/* Create a KSBA reader object and connect it to the estream FP.  */
-gpg_error_t
-create_estream_ksba_reader (ksba_reader_t *r_reader, estream_t fp)
-{
-  gpg_error_t err;
-  ksba_reader_t reader;
-
-  *r_reader = NULL;
-  err = ksba_reader_new (&reader);
-  if (!err)
-    err = ksba_reader_set_cb (reader, my_estream_ksba_reader_cb, fp);
-  if (err)
-    {
-      log_error (_("error initializing reader object: %s\n"),
-                 gpg_strerror (err));
-      ksba_reader_release (reader);
-      return err;
-    }
-  *r_reader = reader;
-  return 0;
-}
-
-gpg_error_t
-armor_data (char **r_string, const void *data, size_t datalen)
-{
-  gpg_error_t err;
-  struct b64state b64state;
-  estream_t fp;
-  long length;
-  char *buffer;
-  size_t nread;
-
-  *r_string = NULL;
-
-  fp = es_fopenmem (0, "rw,samethread");
-  if (!fp)
-    return gpg_error_from_syserror ();
-
-  if ((err=b64enc_start_es (&b64state, fp, "PGP PUBLIC KEY BLOCK"))
-      || (err=b64enc_write (&b64state, data, datalen))
-      || (err = b64enc_finish (&b64state)))
-    {
-      es_fclose (fp);
-      return err;
-    }
-
-  /* FIXME: To avoid the extra buffer allocation estream should
-     provide a function to snatch the internal allocated memory from
-     such a memory stream.  */
-  length = es_ftell (fp);
-  if (length < 0)
-    {
-      err = gpg_error_from_syserror ();
-      es_fclose (fp);
-      return err;
-    }
-
-  buffer = xtrymalloc (length+1);
-  if (!buffer)
-    {
-      err = gpg_error_from_syserror ();
-      es_fclose (fp);
-      return err;
-    }
-
-  es_rewind (fp);
-  if (es_read (fp, buffer, length, &nread))
-    {
-      err = gpg_error_from_syserror ();
-      es_fclose (fp);
-      return err;
-    }
-  buffer[nread] = 0;
-  es_fclose (fp);
-
-  *r_string = buffer;
-  return 0;
-}
-
-/* Copy all data from IN to OUT.  */
-gpg_error_t
-copy_stream (estream_t in, estream_t out)
-{
-  char buffer[512];
-  size_t nread;
-
-  while (!es_read (in, buffer, sizeof buffer, &nread))
-    {
-      if (!nread)
-        return 0; /* EOF */
-      if (es_write (out, buffer, nread, NULL))
-        break;
-
-    }
-  return gpg_error_from_syserror ();
-}
diff -Nru gnupg2-2.1.6/dirmngr/misc.h gnupg2-2.0.28/dirmngr/misc.h
--- gnupg2-2.1.6/dirmngr/misc.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/misc.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,91 +0,0 @@
-/* misc.h - miscellaneous
- *      Copyright (C) 2002 Klarälvdalens Datakonsult AB
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#ifndef MISC_H
-#define MISC_H
-
-/* Convert hex encoded string back to binary. */
-size_t unhexify (unsigned char *result, const char *string);
-
-/* Returns SHA1 hash of the data. */
-char* hashify_data( const char* data, size_t len );
-
-/* Returns data as a hex string. */
-char* hexify_data( const unsigned char* data, size_t len );
-
-/* Returns the serial number as a hex string.  */
-char* serial_hex ( ksba_sexp_t serial );
-
-/* Take an S-Expression encoded blob and return a pointer to the
-   actual data as well as its length. */
-const unsigned char *serial_to_buffer (const ksba_sexp_t serial,
-                                       size_t *length);
-
-/* Do an in-place percent unescaping of STRING. Returns STRING. */
-char *unpercent_string (char *string);
-
-gpg_error_t canon_sexp_to_gcry (const unsigned char *canon,
-                                gcry_sexp_t *r_sexp);
-
-/* Return an allocated hex-string with the SHA-1 fingerprint of
-   CERT. */
-char *get_fingerprint_hexstring (ksba_cert_t cert);
-/* Return an allocated hex-string with the SHA-1 fingerprint of
-   CERT.  This version inserts the usual colons. */
-char *get_fingerprint_hexstring_colon (ksba_cert_t cert);
-
-/* Log CERT in short format with s/n and issuer DN prefixed by TEXT.  */
-void cert_log_name (const char *text, ksba_cert_t cert);
-
-/* Log CERT in short format with the subject DN prefixed by TEXT.  */
-void cert_log_subject (const char *text, ksba_cert_t cert);
-
-/* Dump the serial number SERIALNO to the log stream.  */
-void dump_serial (ksba_sexp_t serialno);
-
-/* Dump STRING to the log file but choose the best readable
-   format.  */
-void dump_string (const char *string);
-
-/* Dump an KSBA cert object to the log stream. Prefix the output with
-   TEXT.  This is used for debugging. */
-void dump_cert (const char *text, ksba_cert_t cert);
-
-/* Callback to print infos about the TLS certificates.  */
-void cert_log_cb (http_session_t sess, gpg_error_t err,
-                  const char *hostname, const void **certs, size_t *certlens);
-
-/* Return the host name and the port (0 if none was given) from the
-   URL.  Return NULL on error or if host is not included in the
-   URL.  */
-char *host_and_port_from_url (const char *url, int *port);
-
-/* Create a KSBA reader object and connect it to the estream FP.  */
-gpg_error_t create_estream_ksba_reader (ksba_reader_t *r_reader, estream_t fp);
-
-/* Encode the binary data in {DATA,DATALEN} as ASCII-armored data and
-   stored it as a NUL-terminated string in *R_STRING.  The caller is
-   responsible for freeing *R_STRING.  */
-gpg_error_t armor_data (char **r_string, const void *data, size_t datalen);
-
-/* Copy all data from IN to OUT.  */
-gpg_error_t copy_stream (estream_t in, estream_t out);
-
-#endif /* MISC_H */
diff -Nru gnupg2-2.1.6/dirmngr/OAUTHORS gnupg2-2.0.28/dirmngr/OAUTHORS
--- gnupg2-2.1.6/dirmngr/OAUTHORS	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/OAUTHORS	1970-01-01 00:00:00.000000000 +0000
@@ -1,38 +0,0 @@
-The old AUTHORS file from the separate dirmngr package.
-
- Package: dirmngr
- Maintainer: Werner Koch 
- Bug reports: bug-dirmngr@gnupg.org
- Security related bug reports: security@gnupg.org
- License: GPLv2+
-
-
-Steffen Hansen  
- - Initial code
-
-g10 Code GmbH 
- - All stuff written since October 2003.
-
-Werner Koch     , 
- - Help with initial code.
-
-Free Software Foundation 
- - Code taken from GnuPG.
-
-Michael Tokarev 
- - src/cdb.h and src/cdblib.c from the public domain tinycdb 0.73.
-
-
-The actual code is under the GNU GPL, except for src/cdb.h and
-src/cdblib.h which are in the public domain.
-
-
- Copyright 2003, 2004, 2006, 2007, 2008, 2010 g10 Code GmbH
-
- This file is free software; as a special exception the author gives
- unlimited permission to copy and/or distribute it, with or without
- modifications, as long as this notice is preserved.
-
- This file is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
- implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff -Nru gnupg2-2.1.6/dirmngr/ocsp.c gnupg2-2.0.28/dirmngr/ocsp.c
--- gnupg2-2.1.6/dirmngr/ocsp.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ocsp.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,796 +0,0 @@
-/* ocsp.c - OCSP management
- *      Copyright (C) 2004, 2007 g10 Code GmbH
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "misc.h"
-#include "http.h"
-#include "validate.h"
-#include "certcache.h"
-#include "ocsp.h"
-
-/* The maximum size we allow as a response from an OCSP reponder. */
-#define MAX_RESPONSE_SIZE 65536
-
-
-static const char oidstr_ocsp[] = "1.3.6.1.5.5.7.48.1";
-
-
-/* Telesec attribute used to implement a positive confirmation.
-
-   CertHash ::= SEQUENCE {
-      HashAlgorithm    AlgorithmIdentifier,
-      certificateHash OCTET STRING }
- */
-static const char oidstr_certHash[] = "1.3.36.8.3.13";
-
-
-
-
-/* Read from FP and return a newly allocated buffer in R_BUFFER with the
-   entire data read from FP. */
-static gpg_error_t
-read_response (estream_t fp, unsigned char **r_buffer, size_t *r_buflen)
-{
-  gpg_error_t err;
-  unsigned char *buffer;
-  size_t bufsize, nbytes;
-
-  *r_buffer = NULL;
-  *r_buflen = 0;
-
-  bufsize = 4096;
-  buffer = xtrymalloc (bufsize);
-  if (!buffer)
-    return gpg_error_from_errno (errno);
-
-  nbytes = 0;
-  for (;;)
-    {
-      unsigned char *tmp;
-      size_t nread = 0;
-
-      assert (nbytes < bufsize);
-      nread = es_fread (buffer+nbytes, 1, bufsize-nbytes, fp);
-      if (nread < bufsize-nbytes && es_ferror (fp))
-        {
-          err = gpg_error_from_errno (errno);
-          log_error (_("error reading from responder: %s\n"),
-                     strerror (errno));
-          xfree (buffer);
-          return err;
-        }
-      if ( !(nread == bufsize-nbytes && !es_feof (fp)))
-        { /* Response succesfully received. */
-          nbytes += nread;
-          *r_buffer = buffer;
-          *r_buflen = nbytes;
-          return 0;
-        }
-
-      nbytes += nread;
-
-      /* Need to enlarge the buffer. */
-      if (bufsize >= MAX_RESPONSE_SIZE)
-        {
-          log_error (_("response from server too large; limit is %d bytes\n"),
-                     MAX_RESPONSE_SIZE);
-          xfree (buffer);
-          return gpg_error (GPG_ERR_TOO_LARGE);
-        }
-
-      bufsize += 4096;
-      tmp = xtryrealloc (buffer, bufsize);
-      if (!tmp)
-        {
-          err = gpg_error_from_errno (errno);
-          xfree (buffer);
-          return err;
-        }
-      buffer = tmp;
-    }
-}
-
-
-/* Construct an OCSP request, send it to the configured OCSP responder
-   and parse the response. On success the OCSP context may be used to
-   further process the reponse. */
-static gpg_error_t
-do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
-                 const char *url, ksba_cert_t cert, ksba_cert_t issuer_cert)
-{
-  gpg_error_t err;
-  unsigned char *request, *response;
-  size_t requestlen, responselen;
-  http_t http;
-  ksba_ocsp_response_status_t response_status;
-  const char *t;
-  int redirects_left = 2;
-  char *free_this = NULL;
-
-  (void)ctrl;
-
-  if (opt.disable_http)
-    {
-      log_error (_("OCSP request not possible due to disabled HTTP\n"));
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
-    }
-
-  err = ksba_ocsp_add_target (ocsp, cert, issuer_cert);
-  if (err)
-    {
-      log_error (_("error setting OCSP target: %s\n"), gpg_strerror (err));
-      return err;
-    }
-
-  {
-    size_t n;
-    unsigned char nonce[32];
-
-    n = ksba_ocsp_set_nonce (ocsp, NULL, 0);
-    if (n > sizeof nonce)
-      n = sizeof nonce;
-    gcry_create_nonce (nonce, n);
-    ksba_ocsp_set_nonce (ocsp, nonce, n);
-  }
-
-  err = ksba_ocsp_build_request (ocsp, &request, &requestlen);
-  if (err)
-    {
-      log_error (_("error building OCSP request: %s\n"), gpg_strerror (err));
-      return err;
-    }
-
- once_more:
-  err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
-                   (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
-                   ctrl->http_proxy, NULL, NULL, NULL);
-  if (err)
-    {
-      log_error (_("error connecting to '%s': %s\n"), url, gpg_strerror (err));
-      xfree (free_this);
-      return err;
-    }
-
-  es_fprintf (http_get_write_ptr (http),
-	      "Content-Type: application/ocsp-request\r\n"
-	      "Content-Length: %lu\r\n",
-	      (unsigned long)requestlen );
-  http_start_data (http);
-  if (es_fwrite (request, requestlen, 1, http_get_write_ptr (http)) != 1)
-    {
-      err = gpg_error_from_errno (errno);
-      log_error ("error sending request to '%s': %s\n", url, strerror (errno));
-      http_close (http, 0);
-      xfree (request);
-      xfree (free_this);
-      return err;
-    }
-  xfree (request);
-  request = NULL;
-
-  err = http_wait_response (http);
-  if (err || http_get_status_code (http) != 200)
-    {
-      if (err)
-        log_error (_("error reading HTTP response for '%s': %s\n"),
-                   url, gpg_strerror (err));
-      else
-        {
-          switch (http_get_status_code (http))
-            {
-            case 301:
-            case 302:
-              {
-                const char *s = http_get_header (http, "Location");
-
-                log_info (_("URL '%s' redirected to '%s' (%u)\n"),
-                          url, s?s:"[none]", http_get_status_code (http));
-                if (s && *s && redirects_left-- )
-                  {
-                    xfree (free_this); url = NULL;
-                    free_this = xtrystrdup (s);
-                    if (!free_this)
-                      err = gpg_error_from_errno (errno);
-                    else
-                      {
-                        url = free_this;
-                        http_close (http, 0);
-                        goto once_more;
-                      }
-                  }
-                else
-                  err = gpg_error (GPG_ERR_NO_DATA);
-                log_error (_("too many redirections\n"));
-              }
-              break;
-
-            default:
-              log_error (_("error accessing '%s': http status %u\n"),
-                         url, http_get_status_code (http));
-              err = gpg_error (GPG_ERR_NO_DATA);
-              break;
-            }
-        }
-      http_close (http, 0);
-      xfree (free_this);
-      return err;
-    }
-
-  err = read_response (http_get_read_ptr (http), &response, &responselen);
-  http_close (http, 0);
-  if (err)
-    {
-      log_error (_("error reading HTTP response for '%s': %s\n"),
-                 url, gpg_strerror (err));
-      xfree (free_this);
-      return err;
-    }
-
-  err = ksba_ocsp_parse_response (ocsp, response, responselen,
-                                  &response_status);
-  if (err)
-    {
-      log_error (_("error parsing OCSP response for '%s': %s\n"),
-                 url, gpg_strerror (err));
-      xfree (response);
-      xfree (free_this);
-      return err;
-    }
-
-  switch (response_status)
-    {
-    case KSBA_OCSP_RSPSTATUS_SUCCESS:      t = "success"; break;
-    case KSBA_OCSP_RSPSTATUS_MALFORMED:    t = "malformed"; break;
-    case KSBA_OCSP_RSPSTATUS_INTERNAL:     t = "internal error"; break;
-    case KSBA_OCSP_RSPSTATUS_TRYLATER:     t = "try later"; break;
-    case KSBA_OCSP_RSPSTATUS_SIGREQUIRED:  t = "must sign request"; break;
-    case KSBA_OCSP_RSPSTATUS_UNAUTHORIZED: t = "unauthorized"; break;
-    case KSBA_OCSP_RSPSTATUS_REPLAYED:     t = "replay detected"; break;
-    case KSBA_OCSP_RSPSTATUS_OTHER:        t = "other (unknown)"; break;
-    case KSBA_OCSP_RSPSTATUS_NONE:         t = "no status"; break;
-    default:                               t = "[unknown status]"; break;
-    }
-  if (response_status == KSBA_OCSP_RSPSTATUS_SUCCESS)
-    {
-      if (opt.verbose)
-        log_info (_("OCSP responder at '%s' status: %s\n"), url, t);
-
-      err = ksba_ocsp_hash_response (ocsp, response, responselen,
-                                     HASH_FNC, md);
-      if (err)
-        log_error (_("hashing the OCSP response for '%s' failed: %s\n"),
-                   url, gpg_strerror (err));
-    }
-  else
-    {
-      log_error (_("OCSP responder at '%s' status: %s\n"), url, t);
-      err = gpg_error (GPG_ERR_GENERAL);
-    }
-
-  xfree (response);
-  xfree (free_this);
-  return err;
-}
-
-
-/* Validate that CERT is indeed valid to sign an OCSP response. If
-   SIGNER_FPR_LIST is not NULL we simply check that CERT matches one
-   of the fingerprints in this list. */
-static gpg_error_t
-validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert,
-                         fingerprint_list_t signer_fpr_list)
-{
-  gpg_error_t err;
-  char *fpr;
-
-  if (signer_fpr_list)
-    {
-      fpr = get_fingerprint_hexstring (cert);
-      for (; signer_fpr_list && strcmp (signer_fpr_list->hexfpr, fpr);
-           signer_fpr_list = signer_fpr_list->next)
-        ;
-      if (signer_fpr_list)
-        err = 0;
-      else
-        {
-          log_error (_("not signed by a default OCSP signer's certificate"));
-          err = gpg_error (GPG_ERR_BAD_CA_CERT);
-        }
-      xfree (fpr);
-    }
-  else if (opt.system_daemon)
-    {
-      err = validate_cert_chain (ctrl, cert, NULL, VALIDATE_MODE_OCSP, NULL);
-    }
-  else
-    {
-      /* We avoid duplicating the entire certificate validation code
-         from gpgsm here.  Because we have no way calling back to the
-         client and letting it compute the validity, we use the ugly
-         hack of telling the client that the response will only be
-         valid if the certificate given in this status message is
-         valid.
-
-         Note, that in theory we could simply ask the client via an
-         inquire to validate a certificate but this might involve
-         calling DirMngr again recursivly - we can't do that as of now
-         (neither DirMngr nor gpgsm have the ability for concurrent
-         access to DirMngr.   */
-
-      /* FIXME: We should cache this certificate locally, so that the next
-         call to dirmngr won't need to look it up - if this works at
-         all. */
-      fpr = get_fingerprint_hexstring (cert);
-      dirmngr_status (ctrl, "ONLY_VALID_IF_CERT_VALID", fpr, NULL);
-      xfree (fpr);
-      err = 0;
-    }
-
-  return err;
-}
-
-
-/* Helper for check_signature. */
-static int
-check_signature_core (ctrl_t ctrl, ksba_cert_t cert, gcry_sexp_t s_sig,
-                      gcry_sexp_t s_hash, fingerprint_list_t signer_fpr_list)
-{
-  gpg_error_t err;
-  ksba_sexp_t pubkey;
-  gcry_sexp_t s_pkey = NULL;
-
-  pubkey = ksba_cert_get_public_key (cert);
-  if (!pubkey)
-    err = gpg_error (GPG_ERR_INV_OBJ);
-  else
-    err = canon_sexp_to_gcry (pubkey, &s_pkey);
-  xfree (pubkey);
-  if (!err)
-    err = gcry_pk_verify (s_sig, s_hash, s_pkey);
-  if (!err)
-    err = validate_responder_cert (ctrl, cert, signer_fpr_list);
-  if (!err)
-    {
-      gcry_sexp_release (s_pkey);
-      return 0; /* Successfully verified the signature. */
-    }
-
-  /* We simply ignore all errors. */
-  gcry_sexp_release (s_pkey);
-  return -1;
-}
-
-
-/* Check the signature of an OCSP repsonse.  OCSP is the context,
-   S_SIG the signature value and MD the handle of the hash we used for
-   the response.  This function automagically finds the correct public
-   key.  If SIGNER_FPR_LIST is not NULL, the default OCSP reponder has been
-   used and thus the certificate is one of those identified by
-   the fingerprints. */
-static gpg_error_t
-check_signature (ctrl_t ctrl,
-                 ksba_ocsp_t ocsp, gcry_sexp_t s_sig, gcry_md_hd_t md,
-                 fingerprint_list_t signer_fpr_list)
-{
-  gpg_error_t err;
-  int algo, cert_idx;
-  gcry_sexp_t s_hash;
-  ksba_cert_t cert;
-
-  /* Create a suitable S-expression with the hash value of our response. */
-  gcry_md_final (md);
-  algo = gcry_md_get_algo (md);
-  if (algo != GCRY_MD_SHA1 )
-    {
-      log_error (_("only SHA-1 is supported for OCSP responses\n"));
-      return gpg_error (GPG_ERR_DIGEST_ALGO);
-    }
-  err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash sha1 %b))",
-                         gcry_md_get_algo_dlen (algo),
-                         gcry_md_read (md, algo));
-  if (err)
-    {
-      log_error (_("creating S-expression failed: %s\n"), gcry_strerror (err));
-      return err;
-    }
-
-  /* Get rid of old OCSP specific certificate references. */
-  release_ctrl_ocsp_certs (ctrl);
-
-  if (signer_fpr_list && !signer_fpr_list->next)
-    {
-      /* There is exactly one signer fingerprint given. Thus we use
-         the default OCSP responder's certificate and instantly know
-         the certificate to use.  */
-      cert = get_cert_byhexfpr (signer_fpr_list->hexfpr);
-      if (!cert)
-        cert = get_cert_local (ctrl, signer_fpr_list->hexfpr);
-      if (cert)
-        {
-          err = check_signature_core (ctrl, cert, s_sig, s_hash,
-                                      signer_fpr_list);
-          ksba_cert_release (cert);
-          cert = NULL;
-          if (!err)
-            {
-              gcry_sexp_release (s_hash);
-              return 0; /* Successfully verified the signature. */
-            }
-        }
-    }
-  else
-    {
-      char *name;
-      ksba_sexp_t keyid;
-
-      /* Put all certificates included in the response into the cache
-         and setup a list of those certificate which will later be
-         preferred used when locating certificates.  */
-      for (cert_idx=0; (cert = ksba_ocsp_get_cert (ocsp, cert_idx));
-           cert_idx++)
-        {
-          cert_ref_t cref;
-
-          cref = xtrymalloc (sizeof *cref);
-          if (!cref)
-            log_error (_("allocating list item failed: %s\n"),
-                       gcry_strerror (err));
-          else if (!cache_cert_silent (cert, &cref->fpr))
-            {
-              cref->next = ctrl->ocsp_certs;
-              ctrl->ocsp_certs = cref;
-            }
-          else
-            xfree (cref);
-        }
-
-      /* Get the certificate by means of the responder ID. */
-      err = ksba_ocsp_get_responder_id (ocsp, &name, &keyid);
-      if (err)
-        {
-          log_error (_("error getting responder ID: %s\n"),
-                     gcry_strerror (err));
-          return err;
-        }
-      cert = find_cert_bysubject (ctrl, name, keyid);
-      if (!cert)
-        {
-          log_error ("responder certificate ");
-          if (name)
-            log_printf ("'/%s' ", name);
-          if (keyid)
-            {
-              log_printf ("{");
-              dump_serial (keyid);
-              log_printf ("} ");
-            }
-          log_printf ("not found\n");
-        }
-      ksba_free (name);
-      ksba_free (keyid);
-
-      if (cert)
-        {
-          err = check_signature_core (ctrl, cert, s_sig, s_hash,
-                                      signer_fpr_list);
-          ksba_cert_release (cert);
-          if (!err)
-            {
-              gcry_sexp_release (s_hash);
-              return 0; /* Successfully verified the signature. */
-            }
-        }
-    }
-
-  gcry_sexp_release (s_hash);
-  log_error (_("no suitable certificate found to verify the OCSP response\n"));
-  return gpg_error (GPG_ERR_NO_PUBKEY);
-}
-
-
-/* Check whether the certificate either given by fingerprint CERT_FPR
-   or directly through the CERT object is valid by running an OCSP
-   transaction.  With FORCE_DEFAULT_RESPONDER set only the configured
-   default responder is used. */
-gpg_error_t
-ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
-              int force_default_responder)
-{
-  gpg_error_t err;
-  ksba_ocsp_t ocsp = NULL;
-  ksba_cert_t issuer_cert = NULL;
-  ksba_sexp_t sigval = NULL;
-  gcry_sexp_t s_sig = NULL;
-  ksba_isotime_t current_time;
-  ksba_isotime_t this_update, next_update, revocation_time, produced_at;
-  ksba_isotime_t tmp_time;
-  ksba_status_t status;
-  ksba_crl_reason_t reason;
-  char *url_buffer = NULL;
-  const char *url;
-  gcry_md_hd_t md = NULL;
-  int i, idx;
-  char *oid;
-  ksba_name_t name;
-  fingerprint_list_t default_signer = NULL;
-
-  /* Get the certificate.  */
-  if (cert)
-    {
-      ksba_cert_ref (cert);
-
-      err = find_issuing_cert (ctrl, cert, &issuer_cert);
-      if (err)
-        {
-          log_error (_("issuer certificate not found: %s\n"),
-                     gpg_strerror (err));
-          goto leave;
-        }
-    }
-  else
-    {
-      cert = get_cert_local (ctrl, cert_fpr);
-      if (!cert)
-        {
-          log_error (_("caller did not return the target certificate\n"));
-          err = gpg_error (GPG_ERR_GENERAL);
-          goto leave;
-        }
-      issuer_cert = get_issuing_cert_local (ctrl, NULL);
-      if (!issuer_cert)
-        {
-          log_error (_("caller did not return the issuing certificate\n"));
-          err = gpg_error (GPG_ERR_GENERAL);
-          goto leave;
-        }
-    }
-
-  /* Create an OCSP instance.  */
-  err = ksba_ocsp_new (&ocsp);
-  if (err)
-    {
-      log_error (_("failed to allocate OCSP context: %s\n"),
-                 gpg_strerror (err));
-      goto leave;
-    }
-
-
-
-  /* Figure out the OCSP responder to use.
-     1. Try to get the reponder from the certificate.
-        We do only take http and https style URIs into account.
-     2. If this fails use the default responder, if any.
-   */
-  url = NULL;
-  for (idx=0; !url && !opt.ignore_ocsp_service_url && !force_default_responder
-         && !(err=ksba_cert_get_authority_info_access (cert, idx,
-                                                       &oid, &name)); idx++)
-    {
-      if ( !strcmp (oid, oidstr_ocsp) )
-        {
-          for (i=0; !url && ksba_name_enum (name, i); i++)
-            {
-              char *p = ksba_name_get_uri (name, i);
-              if (p && (!ascii_strncasecmp (p, "http:", 5)
-                        || !ascii_strncasecmp (p, "https:", 6)))
-                url = url_buffer = p;
-              else
-                xfree (p);
-            }
-        }
-      ksba_name_release (name);
-      ksba_free (oid);
-    }
-  if (err && gpg_err_code (err) != GPG_ERR_EOF)
-    {
-      log_error (_("can't get authorityInfoAccess: %s\n"), gpg_strerror (err));
-      goto leave;
-    }
-  if (!url)
-    {
-      if (!opt.ocsp_responder || !*opt.ocsp_responder)
-        {
-          log_info (_("no default OCSP responder defined\n"));
-          err = gpg_error (GPG_ERR_CONFIGURATION);
-          goto leave;
-        }
-      if (!opt.ocsp_signer)
-        {
-          log_info (_("no default OCSP signer defined\n"));
-          err = gpg_error (GPG_ERR_CONFIGURATION);
-          goto leave;
-        }
-      url = opt.ocsp_responder;
-      default_signer = opt.ocsp_signer;
-      if (opt.verbose)
-        log_info (_("using default OCSP responder '%s'\n"), url);
-    }
-  else
-    {
-      if (opt.verbose)
-        log_info (_("using OCSP responder '%s'\n"), url);
-    }
-
-  /* Ask the OCSP responder. */
-  err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
-  if (err)
-    {
-      log_error (_("failed to establish a hashing context for OCSP: %s\n"),
-                 gpg_strerror (err));
-      goto leave;
-    }
-  err = do_ocsp_request (ctrl, ocsp, md, url, cert, issuer_cert);
-  if (err)
-    goto leave;
-
-  /* We got a useful answer, check that the answer has a valid signature. */
-  sigval = ksba_ocsp_get_sig_val (ocsp, produced_at);
-  if (!sigval || !*produced_at)
-    {
-      err = gpg_error (GPG_ERR_INV_OBJ);
-      goto leave;
-    }
-  if ( (err = canon_sexp_to_gcry (sigval, &s_sig)) )
-    goto leave;
-  xfree (sigval);
-  sigval = NULL;
-  err = check_signature (ctrl, ocsp, s_sig, md, default_signer);
-  if (err)
-    goto leave;
-
-  /* We only support one certificate per request.  Check that the
-     answer matches the right certificate. */
-  err = ksba_ocsp_get_status (ocsp, cert,
-                              &status, this_update, next_update,
-                              revocation_time, &reason);
-  if (err)
-    {
-      log_error (_("error getting OCSP status for target certificate: %s\n"),
-                 gpg_strerror (err));
-      goto leave;
-    }
-
-  /* In case the certificate has been revoked, we better invalidate
-     our cached validation status. */
-  if (status == KSBA_STATUS_REVOKED)
-    {
-      time_t validated_at = 0; /* That is: No cached validation available. */
-      err = ksba_cert_set_user_data (cert, "validated_at",
-                                     &validated_at, sizeof (validated_at));
-      if (err)
-        {
-          log_error ("set_user_data(validated_at) failed: %s\n",
-                     gpg_strerror (err));
-          err = 0; /* The certificate is anyway revoked, and that is a
-                      more important message than the failure of our
-                      cache. */
-        }
-    }
-
-
-  if (opt.verbose)
-    {
-      log_info (_("certificate status is: %s  (this=%s  next=%s)\n"),
-                status == KSBA_STATUS_GOOD? _("good"):
-                status == KSBA_STATUS_REVOKED? _("revoked"):
-                status == KSBA_STATUS_UNKNOWN? _("unknown"):
-                status == KSBA_STATUS_NONE? _("none"): "?",
-                this_update, next_update);
-      if (status == KSBA_STATUS_REVOKED)
-        log_info (_("certificate has been revoked at: %s due to: %s\n"),
-                  revocation_time,
-                  reason == KSBA_CRLREASON_UNSPECIFIED?   "unspecified":
-                  reason == KSBA_CRLREASON_KEY_COMPROMISE? "key compromise":
-                  reason == KSBA_CRLREASON_CA_COMPROMISE?   "CA compromise":
-                  reason == KSBA_CRLREASON_AFFILIATION_CHANGED?
-                                                      "affiliation changed":
-                  reason == KSBA_CRLREASON_SUPERSEDED?   "superseeded":
-                  reason == KSBA_CRLREASON_CESSATION_OF_OPERATION?
-                                                  "cessation of operation":
-                  reason == KSBA_CRLREASON_CERTIFICATE_HOLD?
-                                                  "certificate on hold":
-                  reason == KSBA_CRLREASON_REMOVE_FROM_CRL?
-                                                  "removed from CRL":
-                  reason == KSBA_CRLREASON_PRIVILEGE_WITHDRAWN?
-                                                  "privilege withdrawn":
-                  reason == KSBA_CRLREASON_AA_COMPROMISE? "AA compromise":
-                  reason == KSBA_CRLREASON_OTHER?   "other":"?");
-
-    }
-
-
-  if (status == KSBA_STATUS_REVOKED)
-    err = gpg_error (GPG_ERR_CERT_REVOKED);
-  else if (status == KSBA_STATUS_UNKNOWN)
-    err = gpg_error (GPG_ERR_NO_DATA);
-  else if (status != KSBA_STATUS_GOOD)
-    err = gpg_error (GPG_ERR_GENERAL);
-
-  /* Allow for some clock skew. */
-  gnupg_get_isotime (current_time);
-  add_seconds_to_isotime (current_time, opt.ocsp_max_clock_skew);
-
-  if (strcmp (this_update, current_time) > 0 )
-    {
-      log_error (_("OCSP responder returned a status in the future\n"));
-      log_info ("used now: %s  this_update: %s\n", current_time, this_update);
-      if (!err)
-        err = gpg_error (GPG_ERR_TIME_CONFLICT);
-    }
-
-  /* Check that THIS_UPDATE is not too far back in the past. */
-  gnupg_copy_time (tmp_time, this_update);
-  add_seconds_to_isotime (tmp_time,
-                          opt.ocsp_max_period+opt.ocsp_max_clock_skew);
-  if (!*tmp_time || strcmp (tmp_time, current_time) < 0 )
-    {
-      log_error (_("OCSP responder returned a non-current status\n"));
-      log_info ("used now: %s  this_update: %s\n",
-                current_time, this_update);
-      if (!err)
-        err = gpg_error (GPG_ERR_TIME_CONFLICT);
-    }
-
-  /* Check that we are not beyound NEXT_UPDATE  (plus some extra time). */
-  if (*next_update)
-    {
-      gnupg_copy_time (tmp_time, next_update);
-      add_seconds_to_isotime (tmp_time,
-                              opt.ocsp_current_period+opt.ocsp_max_clock_skew);
-      if (!*tmp_time && strcmp (tmp_time, current_time) < 0 )
-        {
-          log_error (_("OCSP responder returned an too old status\n"));
-          log_info ("used now: %s  next_update: %s\n",
-                    current_time, next_update);
-          if (!err)
-            err = gpg_error (GPG_ERR_TIME_CONFLICT);
-        }
-    }
-
-
- leave:
-  gcry_md_close (md);
-  gcry_sexp_release (s_sig);
-  xfree (sigval);
-  ksba_cert_release (issuer_cert);
-  ksba_cert_release (cert);
-  ksba_ocsp_release (ocsp);
-  xfree (url_buffer);
-  return err;
-}
-
-
-/* Release the list of OCSP certificates hold in the CTRL object. */
-void
-release_ctrl_ocsp_certs (ctrl_t ctrl)
-{
-  while (ctrl->ocsp_certs)
-    {
-      cert_ref_t tmp = ctrl->ocsp_certs->next;
-      xfree (ctrl->ocsp_certs);
-      ctrl->ocsp_certs = tmp;
-    }
-}
diff -Nru gnupg2-2.1.6/dirmngr/ocsp.h gnupg2-2.0.28/dirmngr/ocsp.h
--- gnupg2-2.1.6/dirmngr/ocsp.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ocsp.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,31 +0,0 @@
-/* ocsp.h - OCSP management
- *      Copyright (C) 2003 g10 Code GmbH
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA.
- */
-
-#ifndef OCSP_H
-#define OCSP_H
-
-gpg_error_t ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
-                          int force_default_responder);
-
-/* Release the list of OCSP certificates hold in the CTRL object. */
-void release_ctrl_ocsp_certs (ctrl_t ctrl);
-
-#endif /*OCSP_H*/
diff -Nru gnupg2-2.1.6/dirmngr/ONEWS gnupg2-2.0.28/dirmngr/ONEWS
--- gnupg2-2.1.6/dirmngr/ONEWS	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/ONEWS	1970-01-01 00:00:00.000000000 +0000
@@ -1,240 +0,0 @@
-These are NEWS entries from the old separate dirmngr package
-
-Noteworthy changes in version 1.1.0 (unreleased)
-------------------------------------------------
-
- * Fixed a resource problem with LDAP CRLs.
-
- * Fixed a bad EOF detection with HTTP CRLs.
-
- * Made "dirmngr-client --url --load-crl URL" work.
-
- * New option --ignore-cert-extension.
-
- * Make use of libassuan 2.0 which is available as a DSO.
-
-
-Noteworthy changes in version 1.0.3 (2009-06-17)
-------------------------------------------------
-
- * Client based trust anchors are now supported.
-
- * Configured certificates with the suffix ".der" are now also used.
-
- * Libgcrypt 1.4 is now required.
-
-
-Noteworthy changes in version 1.0.2 (2008-07-31)
-------------------------------------------------
-
- * New option --url for the LOOKUP command and dirmngr-client.
-
- * The LOOKUP command does now also consults the local cache.  New
-   option --cache-only for it and --local for dirmngr-client.
-
- * Port to Windows completed.
-
- * Improved certificate chain construction.
-
- * Support loading of PEM encoded CRLs via HTTP.
-
-
-Noteworthy changes in version 1.0.1 (2007-08-16)
-------------------------------------------------
-
- * The option --ocsp-signer may now take a filename to allow several
-   certificates to be valid signers for the default responder.
-
- * New option --ocsp-max-period and improved the OCSP time checks.
-
- * New option --force-default-signer for dirmngr-client.
-
- * Ported to Windows.
-
-
-Noteworthy changes in version 1.0.0 (2006-11-29)
-------------------------------------------------
-
- * Bumbed the version number.
-
- * Removed included gettext.  We now require the system to provide a
-   suitable installation.
-
-
-Noteworthy changes in version 0.9.7 (2006-11-17)
-------------------------------------------------
-
- * Internal cleanups.
-
- * Fixed updating of DIR.txt.  Add additional diagnostics.
-
- * Updated gettext package.
-
-
-Noteworthy changes in version 0.9.6 (2006-09-04)
-------------------------------------------------
-
- * A couple of bug fixes for OCSP.
-
- * OCSP does now make use of the responder ID and optionally included
-   certificates in the response to locate certificates.
-
- * No more lost file descriptors when loading CRLs via HTTP.
-
- * HTTP redirection for CRL and OCSP has been implemented.
-
- * Man pages are now build and installed from the texinfo source.
-
-
-Noteworthy changes in version 0.9.5 (2006-06-27)
-------------------------------------------------
-
- * Fixed a problems with the CRL caching and CRL certificate
-   validation.
-
- * Improved diagnostics.
-
-
-Noteworthy changes in version 0.9.4 (2006-05-16)
-------------------------------------------------
-
- * Try all names of each crlDP.
-
- * Don't shutdown the socket after sending the HTTP request.
-
-
-Noteworthy changes in version 0.9.3 (2005-10-26)
-------------------------------------------------
-
- * Minor bug fixes.
-
-
-Noteworthy changes in version 0.9.2 (2005-04-21)
-------------------------------------------------
-
- * Make use of authorityKeyidentifier.keyIdentifier.
-
- * Fixed a possible hang on exit.
-
-
-Noteworthy changes in version 0.9.1 (2005-02-08)
-------------------------------------------------
-
- * New option --pem for dirmngr-client to allow requesting service
-   using a PEM encoded certificate.
-
- * New option --squid-mode to allow using dirmngr-client directly as a
-   Squid helper.
-
- * Bug fixes.
-
-
-Noteworthy changes in version 0.9.0 (2004-12-17)
-------------------------------------------------
-
- * New option --daemon to start dirmngr as a system daemon.  This
-   switches to the use of different directories and also does
-   CRL signing certificate validation on its own.
-
- * New tool dirmngr-client.
-
- * New options: --ldap-wrapper-program, --http-wrapper-program,
-   --disable-ldap, --disable-http, --honor-http-proxy, --http-proxy,
-   --ldap-proxy, --only-ldap-proxy, --ignore-ldap-dp and
-   --ignore-http-dp.
-
- * Uses an external ldap wrapper to cope with timeouts and general
-   LDAP problems.
-
- * SIGHUP may be used to reread the configuration and to flush the
-   certificate cache.
-
- * An authorithyKeyIdentifier in a CRL is now handled correctly.
-
-
-Noteworthy changes in version 0.5.6 (2004-09-28)
-------------------------------------------------
-
- * LDAP fix.
-
- * Logging fixes.
-
- * Updated some configuration files.
-
-
-Noteworthy changes in version 0.5.5 (2004-05-13)
-------------------------------------------------
-
- * Fixed the growing-dir.txt bug.
-
- * Better LDAP error logging.
-
-
-Noteworthy changes in version 0.5.4 (2004-04-29)
-------------------------------------------------
-
- * New commands --ocsp-responder and --ocsp-signer to define a default
-   OCSP reponder if a certificate does not contain an assigned OCSP
-   responder.
-
-
-Noteworthy changes in version 0.5.3 (2004-04-06)
-------------------------------------------------
-
- * Basic OCSP support.
-
-
-Noteworthy changes in version 0.5.2 (2004-03-06)
-------------------------------------------------
-
- * New Assuan command LISTCRLS.
-
- * A couple of minor bug fixes.
-
-
-Noteworthy changes in version 0.5.1 (2003-12-23)
-------------------------------------------------
-
-* New options --faked-system-time and --force.
-
-* Changed the name of the cache directory to $HOMEDIR/dirmngr-cache.d
-  and renamed the dbcontents file.  You may delete the now obsolete
-  cache/ directory and the dbcontents file.
-
-* Dropped DB2 or DB4 use.  There is no need for it because a constant
-  database fits our needs far better.
-
-* Experimental support for retrieving CRLs via http.
-
-* The --log-file option may now be used to print logs to a socket.
-  Prefix the socket name with "socket://" to enable this.  This does
-  not work on all systems and falls back to stderr if there is a
-  problem with the socket.
-
-
-Noteworthy changes in version 0.5.0 (2003-11-17)
-------------------------------------------------
-
-* Revamped the entire thing.
-
-* Does now require Libgcrypt 1.1.90 or higher, as well as the latest
-  libksba and libassuan.
-
-* Fixed a bug in the assuan inquire processing.
-
-
-Noteworthy changes as of 2002-08-21
-------------------------------------
-
-* The default home directory is now .gnupg
-
-
- Copyright 2003, 2004, 2005 g10 Code GmbH
-
- This file is free software; as a special exception the author gives
- unlimited permission to copy and/or distribute it, with or without
- modifications, as long as this notice is preserved.
-
- This file is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
- implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff -Nru gnupg2-2.1.6/dirmngr/server.c gnupg2-2.0.28/dirmngr/server.c
--- gnupg2-2.1.6/dirmngr/server.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/server.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,2375 +0,0 @@
-/* server.c - LDAP and Keyserver access server
- * Copyright (C) 2002 Klarälvdalens Datakonsult AB
- * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2011, 2015 g10 Code GmbH
- * Copyright (C) 2014 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include 
-
-#include "crlcache.h"
-#include "crlfetch.h"
-#if USE_LDAP
-# include "ldapserver.h"
-#endif
-#include "ocsp.h"
-#include "certcache.h"
-#include "validate.h"
-#include "misc.h"
-#if USE_LDAP
-# include "ldap-wrapper.h"
-#endif
-#include "ks-action.h"
-#include "ks-engine.h"  /* (ks_hkp_print_hosttable) */
-#if USE_LDAP
-# include "ldap-parse-uri.h"
-#endif
-#include "dns-cert.h"
-#include "mbox-util.h"
-
-/* To avoid DoS attacks we limit the size of a certificate to
-   something reasonable. */
-#define MAX_CERT_LENGTH (8*1024)
-
-/* The same goes for OpenPGP keyblocks, but here we need to allow for
-   much longer blocks; a 200k keyblock is not too unusual for keys
-   with a lot of signatures (e.g. 0x5b0358a2).  */
-#define MAX_KEYBLOCK_LENGTH (512*1024)
-
-
-#define PARM_ERROR(t) assuan_set_error (ctx, \
-                                        gpg_error (GPG_ERR_ASS_PARAMETER), (t))
-#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
-
-
-
-/* Control structure per connection. */
-struct server_local_s
-{
-  /* Data used to associate an Assuan context with local server data */
-  assuan_context_t assuan_ctx;
-
-  /* Per-session LDAP servers.  */
-  ldap_server_t ldapservers;
-
-  /* Per-session list of keyservers.  */
-  uri_item_t keyservers;
-
-  /* If this flag is set to true this dirmngr process will be
-     terminated after the end of this session.  */
-  int stopme;
-};
-
-
-/* Cookie definition for assuan data line output.  */
-static ssize_t data_line_cookie_write (void *cookie,
-                                       const void *buffer, size_t size);
-static int data_line_cookie_close (void *cookie);
-static es_cookie_io_functions_t data_line_cookie_functions =
-  {
-    NULL,
-    data_line_cookie_write,
-    NULL,
-    data_line_cookie_close
-  };
-
-
-
-
-
-/* Accessor for the local ldapservers variable. */
-ldap_server_t
-get_ldapservers_from_ctrl (ctrl_t ctrl)
-{
-  if (ctrl && ctrl->server_local)
-    return ctrl->server_local->ldapservers;
-  else
-    return NULL;
-}
-
-
-/* Release all configured keyserver info from CTRL.  */
-void
-release_ctrl_keyservers (ctrl_t ctrl)
-{
-  if (! ctrl->server_local)
-    return;
-
-  while (ctrl->server_local->keyservers)
-    {
-      uri_item_t tmp = ctrl->server_local->keyservers->next;
-      http_release_parsed_uri (ctrl->server_local->keyservers->parsed_uri);
-      xfree (ctrl->server_local->keyservers);
-      ctrl->server_local->keyservers = tmp;
-    }
-}
-
-
-
-/* Helper to print a message while leaving a command.  */
-static gpg_error_t
-leave_cmd (assuan_context_t ctx, gpg_error_t err)
-{
-  if (err)
-    {
-      const char *name = assuan_get_command_name (ctx);
-      if (!name)
-        name = "?";
-      if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
-        log_error ("command '%s' failed: %s\n", name,
-                   gpg_strerror (err));
-      else
-        log_error ("command '%s' failed: %s <%s>\n", name,
-                   gpg_strerror (err), gpg_strsource (err));
-    }
-  return err;
-}
-
-
-/* This is a wrapper around assuan_send_data which makes debugging the
-   output in verbose mode easier.  */
-static gpg_error_t
-data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size)
-{
-  const char *buffer = buffer_arg;
-  gpg_error_t err;
-
-  if (opt.verbose && buffer && size)
-    {
-      /* Ease reading of output by sending a physical line at each LF.  */
-      const char *p;
-      size_t n, nbytes;
-
-      nbytes = size;
-      do
-        {
-          p = memchr (buffer, '\n', nbytes);
-          n = p ? (p - buffer) + 1 : nbytes;
-          err = assuan_send_data (ctx, buffer, n);
-          if (err)
-            {
-              gpg_err_set_errno (EIO);
-              return err;
-            }
-          buffer += n;
-          nbytes -= n;
-          if (nbytes && (err=assuan_send_data (ctx, NULL, 0))) /* Flush line. */
-            {
-              gpg_err_set_errno (EIO);
-              return err;
-            }
-        }
-      while (nbytes);
-    }
-  else
-    {
-      err = assuan_send_data (ctx, buffer, size);
-      if (err)
-        {
-          gpg_err_set_errno (EIO);  /* For use by data_line_cookie_write.  */
-          return err;
-        }
-    }
-
-  return 0;
-}
-
-
-/* A write handler used by es_fopencookie to write assuan data
-   lines.  */
-static ssize_t
-data_line_cookie_write (void *cookie, const void *buffer, size_t size)
-{
-  assuan_context_t ctx = cookie;
-
-  if (data_line_write (ctx, buffer, size))
-    return -1;
-  return (ssize_t)size;
-}
-
-
-static int
-data_line_cookie_close (void *cookie)
-{
-  assuan_context_t ctx = cookie;
-
-  if (assuan_send_data (ctx, NULL, 0))
-    {
-      gpg_err_set_errno (EIO);
-      return -1;
-    }
-
-  return 0;
-}
-
-
-/* Copy the % and + escaped string S into the buffer D and replace the
-   escape sequences.  Note, that it is sufficient to allocate the
-   target string D as long as the source string S, i.e.: strlen(s)+1.
-   Note further that if S contains an escaped binary Nul the resulting
-   string D will contain the 0 as well as all other characters but it
-   will be impossible to know whether this is the original EOS or a
-   copied Nul. */
-static void
-strcpy_escaped_plus (char *d, const unsigned char *s)
-{
-  while (*s)
-    {
-      if (*s == '%' && s[1] && s[2])
-        {
-          s++;
-          *d++ = xtoi_2 ( s);
-          s += 2;
-        }
-      else if (*s == '+')
-        *d++ = ' ', s++;
-      else
-        *d++ = *s++;
-    }
-  *d = 0;
-}
-
-
-/* Check whether the option NAME appears in LINE */
-static int
-has_option (const char *line, const char *name)
-{
-  const char *s;
-  int n = strlen (name);
-
-  s = strstr (line, name);
-  return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n)));
-}
-
-/* Same as has_option but only considers options at the begin of the
-   line.  This is useful for commands which allow arbitrary strings on
-   the line.  */
-static int
-has_leading_option (const char *line, const char *name)
-{
-  const char *s;
-  int n;
-
-  if (name[0] != '-' || name[1] != '-' || !name[2] || spacep (name+2))
-    return 0;
-  n = strlen (name);
-  while ( *line == '-' && line[1] == '-' )
-    {
-      s = line;
-      while (*line && !spacep (line))
-        line++;
-      if (n == (line - s) && !strncmp (s, name, n))
-        return 1;
-      while (spacep (line))
-        line++;
-    }
-  return 0;
-}
-
-
-/* Same as has_option but does only test for the name of the option
-   and ignores an argument, i.e. with NAME being "--hash" it would
-   return a pointer for "--hash" as well as for "--hash=foo".  If
-   thhere is no such option NULL is returned.  The pointer returned
-   points right behind the option name, this may be an equal sign, Nul
-   or a space.  */
-/* static const char * */
-/* has_option_name (const char *line, const char *name) */
-/* { */
-/*   const char *s; */
-/*   int n = strlen (name); */
-
-/*   s = strstr (line, name); */
-/*   return (s && (s == line || spacep (s-1)) */
-/*           && (!s[n] || spacep (s+n) || s[n] == '=')) ? (s+n) : NULL; */
-/* } */
-
-
-/* Skip over options.  It is assumed that leading spaces have been
-   removed (this is the case for lines passed to a handler from
-   assuan).  Blanks after the options are also removed. */
-static char *
-skip_options (char *line)
-{
-  while ( *line == '-' && line[1] == '-' )
-    {
-      while (*line && !spacep (line))
-        line++;
-      while (spacep (line))
-        line++;
-    }
-  return line;
-}
-
-
-/* Return an error if the assuan context does not belong to the owner
-   of the process or to root.  On error FAILTEXT is set as Assuan
-   error string.  */
-static gpg_error_t
-check_owner_permission (assuan_context_t ctx, const char *failtext)
-{
-#ifdef HAVE_W32_SYSTEM
-  /* Under Windows the dirmngr is always run under the control of the
-     user.  */
-  (void)ctx;
-  (void)failtext;
-#else
-  gpg_err_code_t ec;
-  assuan_peercred_t cred;
-
-  ec = gpg_err_code (assuan_get_peercred (ctx, &cred));
-  if (!ec && cred->uid && cred->uid != getuid ())
-    ec = GPG_ERR_EPERM;
-  if (ec)
-    return set_error (ec, failtext);
-#endif
-  return 0;
-}
-
-
-
-/* Common code for get_cert_local and get_issuer_cert_local. */
-static ksba_cert_t
-do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
-{
-  unsigned char *value;
-  size_t valuelen;
-  int rc;
-  char *buf;
-  ksba_cert_t cert;
-
-  if (name)
-    {
-      buf = xmalloc ( strlen (command) + 1 + strlen(name) + 1);
-      strcpy (stpcpy (stpcpy (buf, command), " "), name);
-    }
-  else
-    buf = xstrdup (command);
-
-  rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
-                       &value, &valuelen, MAX_CERT_LENGTH);
-  xfree (buf);
-  if (rc)
-    {
-      log_error (_("assuan_inquire(%s) failed: %s\n"),
-                 command, gpg_strerror (rc));
-      return NULL;
-    }
-
-  if (!valuelen)
-    {
-      xfree (value);
-      return NULL;
-    }
-
-  rc = ksba_cert_new (&cert);
-  if (!rc)
-    {
-      rc = ksba_cert_init_from_mem (cert, value, valuelen);
-      if (rc)
-        {
-          ksba_cert_release (cert);
-          cert = NULL;
-        }
-    }
-  xfree (value);
-  return cert;
-}
-
-
-
-/* Ask back to return a certificate for name, given as a regular
-   gpgsm certificate indentificates (e.g. fingerprint or one of the
-   other methods).  Alternatively, NULL may be used for NAME to
-   return the current target certificate. Either return the certificate
-   in a KSBA object or NULL if it is not available.
-*/
-ksba_cert_t
-get_cert_local (ctrl_t ctrl, const char *name)
-{
-  if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
-    {
-      if (opt.debug)
-        log_debug ("get_cert_local called w/o context\n");
-      return NULL;
-    }
-  return do_get_cert_local (ctrl, name, "SENDCERT");
-
-}
-
-/* Ask back to return the issuing certificate for name, given as a
-   regular gpgsm certificate indentificates (e.g. fingerprint or one
-   of the other methods).  Alternatively, NULL may be used for NAME to
-   return thecurrent target certificate. Either return the certificate
-   in a KSBA object or NULL if it is not available.
-
-*/
-ksba_cert_t
-get_issuing_cert_local (ctrl_t ctrl, const char *name)
-{
-  if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
-    {
-      if (opt.debug)
-        log_debug ("get_issuing_cert_local called w/o context\n");
-      return NULL;
-    }
-  return do_get_cert_local (ctrl, name, "SENDISSUERCERT");
-}
-
-/* Ask back to return a certificate with subject NAME and a
-   subjectKeyIdentifier of KEYID. */
-ksba_cert_t
-get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
-{
-  unsigned char *value;
-  size_t valuelen;
-  int rc;
-  char *buf;
-  ksba_cert_t cert;
-  char *hexkeyid;
-
-  if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
-    {
-      if (opt.debug)
-        log_debug ("get_cert_local_ski called w/o context\n");
-      return NULL;
-    }
-  if (!name || !keyid)
-    {
-      log_debug ("get_cert_local_ski called with insufficient arguments\n");
-      return NULL;
-    }
-
-  hexkeyid = serial_hex (keyid);
-  if (!hexkeyid)
-    {
-      log_debug ("serial_hex() failed\n");
-      return NULL;
-    }
-
-  buf = xtrymalloc (15 + strlen (hexkeyid) + 2 + strlen(name) + 1);
-  if (!buf)
-    {
-
-      log_error ("can't allocate enough memory: %s\n", strerror (errno));
-      xfree (hexkeyid);
-      return NULL;
-    }
-  strcpy (stpcpy (stpcpy (stpcpy (buf, "SENDCERT_SKI "), hexkeyid)," /"),name);
-  xfree (hexkeyid);
-
-  rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
-                       &value, &valuelen, MAX_CERT_LENGTH);
-  xfree (buf);
-  if (rc)
-    {
-      log_error (_("assuan_inquire(%s) failed: %s\n"), "SENDCERT_SKI",
-                 gpg_strerror (rc));
-      return NULL;
-    }
-
-  if (!valuelen)
-    {
-      xfree (value);
-      return NULL;
-    }
-
-  rc = ksba_cert_new (&cert);
-  if (!rc)
-    {
-      rc = ksba_cert_init_from_mem (cert, value, valuelen);
-      if (rc)
-        {
-          ksba_cert_release (cert);
-          cert = NULL;
-        }
-    }
-  xfree (value);
-  return cert;
-}
-
-
-/* Ask the client via an inquiry to check the istrusted status of the
-   certificate specified by the hexified fingerprint HEXFPR.  Returns
-   0 if the certificate is trusted by the client or an error code.  */
-gpg_error_t
-get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr)
-{
-  unsigned char *value;
-  size_t valuelen;
-  int rc;
-  char request[100];
-
-  if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx
-      || !hexfpr)
-    return gpg_error (GPG_ERR_INV_ARG);
-
-  snprintf (request, sizeof request, "ISTRUSTED %s", hexfpr);
-  rc = assuan_inquire (ctrl->server_local->assuan_ctx, request,
-                       &value, &valuelen, 100);
-  if (rc)
-    {
-      log_error (_("assuan_inquire(%s) failed: %s\n"),
-                 request, gpg_strerror (rc));
-      return rc;
-    }
-  /* The expected data is: "1" or "1 cruft" (not a C-string).  */
-  if (valuelen && *value == '1' && (valuelen == 1 || spacep (value+1)))
-    rc = 0;
-  else
-    rc = gpg_error (GPG_ERR_NOT_TRUSTED);
-  xfree (value);
-  return rc;
-}
-
-
-
-
-/* Ask the client to return the certificate associated with the
-   current command. This is sometimes needed because the client usually
-   sends us just the cert ID, assuming that the request can be
-   satisfied from the cache, where the cert ID is used as key. */
-static int
-inquire_cert_and_load_crl (assuan_context_t ctx)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err;
-  unsigned char *value = NULL;
-  size_t valuelen;
-  ksba_cert_t cert = NULL;
-
-  err = assuan_inquire( ctx, "SENDCERT", &value, &valuelen, 0);
-  if (err)
-    return err;
-
-/*   { */
-/*     FILE *fp = fopen ("foo.der", "r"); */
-/*     value = xmalloc (2000); */
-/*     valuelen = fread (value, 1, 2000, fp); */
-/*     fclose (fp); */
-/*   } */
-
-  if (!valuelen) /* No data returned; return a comprehensible error. */
-    return gpg_error (GPG_ERR_MISSING_CERT);
-
-  err = ksba_cert_new (&cert);
-  if (err)
-    goto leave;
-  err = ksba_cert_init_from_mem (cert, value, valuelen);
-  if(err)
-    goto leave;
-  xfree (value); value = NULL;
-
-  err = crl_cache_reload_crl (ctrl, cert);
-
- leave:
-  ksba_cert_release (cert);
-  xfree (value);
-  return err;
-}
-
-
-/* Handle OPTION commands. */
-static gpg_error_t
-option_handler (assuan_context_t ctx, const char *key, const char *value)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err = 0;
-
-  if (!strcmp (key, "force-crl-refresh"))
-    {
-      int i = *value? atoi (value) : 0;
-      ctrl->force_crl_refresh = i;
-    }
-  else if (!strcmp (key, "audit-events"))
-    {
-      int i = *value? atoi (value) : 0;
-      ctrl->audit_events = i;
-    }
-  else if (!strcmp (key, "http-proxy"))
-    {
-      xfree (ctrl->http_proxy);
-      if (!*value || !strcmp (value, "none"))
-        ctrl->http_proxy = NULL;
-      else if (!(ctrl->http_proxy = xtrystrdup (value)))
-        err = gpg_error_from_syserror ();
-    }
-  else
-    err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
-
-  return err;
-}
-
-
-
-static const char hlp_dns_cert[] =
-  "DNS_CERT  \n"
-  "DNS_CERT --pka \n"
-  "\n"
-  "Return the CERT record for .   is one of\n"
-  "  *     Return the first record of any supported subtype\n"
-  "  PGP   Return the first record of subtype PGP (3)\n"
-  "  IPGP  Return the first record of subtype IPGP (6)\n"
-  "If the content of a certifciate is available (PGP) it is returned\n"
-  "by data lines.  Fingerprints and URLs are returned via status lines.\n"
-  "In --pka mode the fingerprint and if available an URL is returned.";
-static gpg_error_t
-cmd_dns_cert (assuan_context_t ctx, char *line)
-{
-  /* ctrl_t ctrl = assuan_get_pointer (ctx); */
-  gpg_error_t err = 0;
-  int pka_mode;
-  char *mbox = NULL;
-  char *namebuf = NULL;
-  char *encodedhash = NULL;
-  const char *name;
-  int certtype;
-  char *p;
-  void *key = NULL;
-  size_t keylen;
-  unsigned char *fpr = NULL;
-  size_t fprlen;
-  char *url = NULL;
-
-  pka_mode = has_option (line, "--pka");
-  line = skip_options (line);
-  if (pka_mode)
-    ; /* No need to parse here - we do this later.  */
-  else
-    {
-      p = strchr (line, ' ');
-      if (!p)
-        {
-          err = PARM_ERROR ("missing arguments");
-          goto leave;
-        }
-      *p++ = 0;
-      if (!strcmp (line, "*"))
-        certtype = DNS_CERTTYPE_ANY;
-      else if (!strcmp (line, "IPGP"))
-        certtype = DNS_CERTTYPE_IPGP;
-      else if (!strcmp (line, "PGP"))
-        certtype = DNS_CERTTYPE_PGP;
-      else
-        {
-          err = PARM_ERROR ("unknown subtype");
-          goto leave;
-        }
-      while (spacep (p))
-        p++;
-      line = p;
-      if (!*line)
-        {
-          err = PARM_ERROR ("name missing");
-          goto leave;
-        }
-    }
-
-  if (pka_mode)
-    {
-      char *domain;  /* Points to mbox.  */
-      char hashbuf[20];
-
-      mbox = mailbox_from_userid (line);
-      if (!mbox || !(domain = strchr (mbox, '@')))
-        {
-          err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id");
-          goto leave;
-        }
-      *domain++ = 0;
-
-      gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
-      encodedhash = zb32_encode (hashbuf, 8*20);
-      if (!encodedhash)
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
-      namebuf = strconcat (encodedhash, "._pka.", domain, NULL);
-      if (!namebuf)
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
-      name = namebuf;
-      certtype = DNS_CERTTYPE_IPGP;
-    }
-  else
-    name = line;
-
-  err = get_dns_cert (name, certtype, &key, &keylen, &fpr, &fprlen, &url);
-  if (err)
-    goto leave;
-
-  if (key)
-    {
-      err = data_line_write (ctx, key, keylen);
-      if (err)
-        goto leave;
-    }
-
-  if (fpr)
-    {
-      char *tmpstr;
-
-      tmpstr = bin2hex (fpr, fprlen, NULL);
-      if (!tmpstr)
-        err = gpg_error_from_syserror ();
-      else
-        {
-          err = assuan_write_status (ctx, "FPR", tmpstr);
-          xfree (tmpstr);
-        }
-      if (err)
-        goto leave;
-    }
-
-  if (url)
-    {
-      err = assuan_write_status (ctx, "URL", url);
-      if (err)
-        goto leave;
-    }
-
-
- leave:
-  xfree (key);
-  xfree (fpr);
-  xfree (url);
-  xfree (mbox);
-  xfree (namebuf);
-  xfree (encodedhash);
-  return leave_cmd (ctx, err);
-}
-
-
-
-static const char hlp_ldapserver[] =
-  "LDAPSERVER \n"
-  "\n"
-  "Add a new LDAP server to the list of configured LDAP servers.\n"
-  "DATA is in the same format as expected in the configure file.";
-static gpg_error_t
-cmd_ldapserver (assuan_context_t ctx, char *line)
-{
-#if USE_LDAP
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  ldap_server_t server;
-  ldap_server_t *last_next_p;
-
-  while (spacep (line))
-    line++;
-  if (*line == '\0')
-    return leave_cmd (ctx, PARM_ERROR (_("ldapserver missing")));
-
-  server = ldapserver_parse_one (line, "", 0);
-  if (! server)
-    return leave_cmd (ctx, gpg_error (GPG_ERR_INV_ARG));
-
-  last_next_p = &ctrl->server_local->ldapservers;
-  while (*last_next_p)
-    last_next_p = &(*last_next_p)->next;
-  *last_next_p = server;
-  return leave_cmd (ctx, 0);
-#else
-  (void)line;
-  return leave_cmd (ctx, gpg_error (GPG_ERR_NOT_IMPLEMENTED));
-#endif
-}
-
-
-static const char hlp_isvalid[] =
-  "ISVALID [--only-ocsp] [--force-default-responder]"
-  " |\n"
-  "\n"
-  "This command checks whether the certificate identified by the\n"
-  "certificate_id is valid.  This is done by consulting CRLs or\n"
-  "whatever has been configured.  Note, that the returned error codes\n"
-  "are from gpg-error.h.  The command may callback using the inquire\n"
-  "function.  See the manual for details.\n"
-  "\n"
-  "The CERTIFICATE_ID is a hex encoded string consisting of two parts,\n"
-  "delimited by a single dot.  The first part is the SHA-1 hash of the\n"
-  "issuer name and the second part the serial number.\n"
-  "\n"
-  "Alternatively the certificate's fingerprint may be given in which\n"
-  "case an OCSP request is done before consulting the CRL.\n"
-  "\n"
-  "If the option --only-ocsp is given, no fallback to a CRL check will\n"
-  "be used.\n"
-  "\n"
-  "If the option --force-default-responder is given, only the default\n"
-  "OCSP responder will be used and any other methods of obtaining an\n"
-  "OCSP responder URL won't be used.";
-static gpg_error_t
-cmd_isvalid (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  char *issuerhash, *serialno;
-  gpg_error_t err;
-  int did_inquire = 0;
-  int ocsp_mode = 0;
-  int only_ocsp;
-  int force_default_responder;
-
-  only_ocsp = has_option (line, "--only-ocsp");
-  force_default_responder = has_option (line, "--force-default-responder");
-  line = skip_options (line);
-
-  issuerhash = xstrdup (line); /* We need to work on a copy of the
-                                  line because that same Assuan
-                                  context may be used for an inquiry.
-                                  That is because Assuan reuses its
-                                  line buffer.
-                                   */
-
-  serialno = strchr (issuerhash, '.');
-  if (serialno)
-    *serialno++ = 0;
-  else
-    {
-      char *endp = strchr (issuerhash, ' ');
-      if (endp)
-        *endp = 0;
-      if (strlen (issuerhash) != 40)
-        {
-          xfree (issuerhash);
-          return leave_cmd (ctx, PARM_ERROR (_("serialno missing in cert ID")));
-        }
-      ocsp_mode = 1;
-    }
-
-
- again:
-  if (ocsp_mode)
-    {
-      /* Note, that we ignore the given issuer hash and instead rely
-         on the current certificate semantics used with this
-         command. */
-      if (!opt.allow_ocsp)
-        err = gpg_error (GPG_ERR_NOT_SUPPORTED);
-      else
-        err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder);
-      /* Fixme: If we got no ocsp response and --only-ocsp is not used
-         we should fall back to CRL mode.  Thus we need to clear
-         OCSP_MODE, get the issuerhash and the serialno from the
-         current certificate and jump to again. */
-    }
-  else if (only_ocsp)
-    err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
-  else
-    {
-      switch (crl_cache_isvalid (ctrl,
-                                 issuerhash, serialno,
-                                 ctrl->force_crl_refresh))
-        {
-        case CRL_CACHE_VALID:
-          err = 0;
-          break;
-        case CRL_CACHE_INVALID:
-          err = gpg_error (GPG_ERR_CERT_REVOKED);
-          break;
-        case CRL_CACHE_DONTKNOW:
-          if (did_inquire)
-            err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
-          else if (!(err = inquire_cert_and_load_crl (ctx)))
-            {
-              did_inquire = 1;
-              goto again;
-            }
-          break;
-        case CRL_CACHE_CANTUSE:
-          err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
-          break;
-        default:
-          log_fatal ("crl_cache_isvalid returned invalid code\n");
-        }
-    }
-
-  xfree (issuerhash);
-  return leave_cmd (ctx, err);
-}
-
-
-/* If the line contains a SHA-1 fingerprint as the first argument,
-   return the FPR vuffer on success.  The function checks that the
-   fingerprint consists of valid characters and prints and error
-   message if it does not and returns NULL.  Fingerprints are
-   considered optional and thus no explicit error is returned. NULL is
-   also returned if there is no fingerprint at all available.
-   FPR must be a caller provided buffer of at least 20 bytes.
-
-   Note that colons within the fingerprint are allowed to separate 2
-   hex digits; this allows for easier cutting and pasting using the
-   usual fingerprint rendering.
-*/
-static unsigned char *
-get_fingerprint_from_line (const char *line, unsigned char *fpr)
-{
-  const char *s;
-  int i;
-
-  for (s=line, i=0; *s && *s != ' '; s++ )
-    {
-      if ( hexdigitp (s) && hexdigitp (s+1) )
-        {
-          if ( i >= 20 )
-            return NULL;  /* Fingerprint too long.  */
-          fpr[i++] = xtoi_2 (s);
-          s++;
-        }
-      else if ( *s != ':' )
-        return NULL; /* Invalid.  */
-    }
-  if ( i != 20 )
-    return NULL; /* Fingerprint to short.  */
-  return fpr;
-}
-
-
-
-static const char hlp_checkcrl[] =
-  "CHECKCRL []\n"
-  "\n"
-  "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
-  "entire X.509 certificate blob) is valid or not by consulting the\n"
-  "CRL responsible for this certificate.  If the fingerprint has not\n"
-  "been given or the certificate is not known, the function \n"
-  "inquires the certificate using an\n"
-  "\n"
-  "  INQUIRE TARGETCERT\n"
-  "\n"
-  "and the caller is expected to return the certificate for the\n"
-  "request (which should match FINGERPRINT) as a binary blob.\n"
-  "Processing then takes place without further interaction; in\n"
-  "particular dirmngr tries to locate other required certificate by\n"
-  "its own mechanism which includes a local certificate store as well\n"
-  "as a list of trusted root certificates.\n"
-  "\n"
-  "The return value is the usual gpg-error code or 0 for ducesss;\n"
-  "i.e. the certificate validity has been confirmed by a valid CRL.";
-static gpg_error_t
-cmd_checkcrl (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err;
-  unsigned char fprbuffer[20], *fpr;
-  ksba_cert_t cert;
-
-  fpr = get_fingerprint_from_line (line, fprbuffer);
-  cert = fpr? get_cert_byfpr (fpr) : NULL;
-
-  if (!cert)
-    {
-      /* We do not have this certificate yet or the fingerprint has
-         not been given.  Inquire it from the client.  */
-      unsigned char *value = NULL;
-      size_t valuelen;
-
-      err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
-                           &value, &valuelen, MAX_CERT_LENGTH);
-      if (err)
-        {
-          log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
-          goto leave;
-        }
-
-      if (!valuelen) /* No data returned; return a comprehensible error. */
-        err = gpg_error (GPG_ERR_MISSING_CERT);
-      else
-        {
-          err = ksba_cert_new (&cert);
-          if (!err)
-            err = ksba_cert_init_from_mem (cert, value, valuelen);
-        }
-      xfree (value);
-      if(err)
-        goto leave;
-    }
-
-  assert (cert);
-
-  err = crl_cache_cert_isvalid (ctrl, cert, ctrl->force_crl_refresh);
-  if (gpg_err_code (err) == GPG_ERR_NO_CRL_KNOWN)
-    {
-      err = crl_cache_reload_crl (ctrl, cert);
-      if (!err)
-        err = crl_cache_cert_isvalid (ctrl, cert, 0);
-    }
-
- leave:
-  ksba_cert_release (cert);
-  return leave_cmd (ctx, err);
-}
-
-
-static const char hlp_checkocsp[] =
-  "CHECKOCSP [--force-default-responder] []\n"
-  "\n"
-  "Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
-  "entire X.509 certificate blob) is valid or not by asking an OCSP\n"
-  "responder responsible for this certificate.  The optional\n"
-  "fingerprint may be used for a quick check in case an OCSP check has\n"
-  "been done for this certificate recently (we always cache OCSP\n"
-  "responses for a couple of minutes). If the fingerprint has not been\n"
-  "given or there is no cached result, the function inquires the\n"
-  "certificate using an\n"
-  "\n"
-  "   INQUIRE TARGETCERT\n"
-  "\n"
-  "and the caller is expected to return the certificate for the\n"
-  "request (which should match FINGERPRINT) as a binary blob.\n"
-  "Processing then takes place without further interaction; in\n"
-  "particular dirmngr tries to locate other required certificates by\n"
-  "its own mechanism which includes a local certificate store as well\n"
-  "as a list of trusted root certifciates.\n"
-  "\n"
-  "If the option --force-default-responder is given, only the default\n"
-  "OCSP responder will be used and any other methods of obtaining an\n"
-  "OCSP responder URL won't be used.\n"
-  "\n"
-  "The return value is the usual gpg-error code or 0 for ducesss;\n"
-  "i.e. the certificate validity has been confirmed by a valid CRL.";
-static gpg_error_t
-cmd_checkocsp (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err;
-  unsigned char fprbuffer[20], *fpr;
-  ksba_cert_t cert;
-  int force_default_responder;
-
-  force_default_responder = has_option (line, "--force-default-responder");
-  line = skip_options (line);
-
-  fpr = get_fingerprint_from_line (line, fprbuffer);
-  cert = fpr? get_cert_byfpr (fpr) : NULL;
-
-  if (!cert)
-    {
-      /* We do not have this certificate yet or the fingerprint has
-         not been given.  Inquire it from the client.  */
-      unsigned char *value = NULL;
-      size_t valuelen;
-
-      err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
-                           &value, &valuelen, MAX_CERT_LENGTH);
-      if (err)
-        {
-          log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
-          goto leave;
-        }
-
-      if (!valuelen) /* No data returned; return a comprehensible error. */
-        err = gpg_error (GPG_ERR_MISSING_CERT);
-      else
-        {
-          err = ksba_cert_new (&cert);
-          if (!err)
-            err = ksba_cert_init_from_mem (cert, value, valuelen);
-        }
-      xfree (value);
-      if(err)
-        goto leave;
-    }
-
-  assert (cert);
-
-  if (!opt.allow_ocsp)
-    err = gpg_error (GPG_ERR_NOT_SUPPORTED);
-  else
-    err = ocsp_isvalid (ctrl, cert, NULL, force_default_responder);
-
- leave:
-  ksba_cert_release (cert);
-  return leave_cmd (ctx, err);
-}
-
-
-
-static int
-lookup_cert_by_url (assuan_context_t ctx, const char *url)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err = 0;
-  unsigned char *value = NULL;
-  size_t valuelen;
-
-  /* Fetch single certificate given it's URL.  */
-  err = fetch_cert_by_url (ctrl, url, &value, &valuelen);
-  if (err)
-    {
-      log_error (_("fetch_cert_by_url failed: %s\n"), gpg_strerror (err));
-      goto leave;
-    }
-
-  /* Send the data, flush the buffer and then send an END. */
-  err = assuan_send_data (ctx, value, valuelen);
-  if (!err)
-    err = assuan_send_data (ctx, NULL, 0);
-  if (!err)
-    err = assuan_write_line (ctx, "END");
-  if (err)
-    {
-      log_error (_("error sending data: %s\n"), gpg_strerror (err));
-      goto leave;
-    }
-
- leave:
-
-  return err;
-}
-
-
-/* Send the certificate, flush the buffer and then send an END. */
-static gpg_error_t
-return_one_cert (void *opaque, ksba_cert_t cert)
-{
-  assuan_context_t ctx = opaque;
-  gpg_error_t err;
-  const unsigned char *der;
-  size_t derlen;
-
-  der = ksba_cert_get_image (cert, &derlen);
-  if (!der)
-    err = gpg_error (GPG_ERR_INV_CERT_OBJ);
-  else
-    {
-      err = assuan_send_data (ctx, der, derlen);
-      if (!err)
-        err = assuan_send_data (ctx, NULL, 0);
-      if (!err)
-        err = assuan_write_line (ctx, "END");
-    }
-  if (err)
-    log_error (_("error sending data: %s\n"), gpg_strerror (err));
-  return err;
-}
-
-
-/* Lookup certificates from the internal cache or using the ldap
-   servers. */
-static int
-lookup_cert_by_pattern (assuan_context_t ctx, char *line,
-                        int single, int cache_only)
-{
-  gpg_error_t err = 0;
-  char *p;
-  strlist_t sl, list = NULL;
-  int truncated = 0, truncation_forced = 0;
-  int count = 0;
-  int local_count = 0;
-#if USE_LDAP
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  unsigned char *value = NULL;
-  size_t valuelen;
-  struct ldapserver_iter ldapserver_iter;
-  cert_fetch_context_t fetch_context;
-#endif /*USE_LDAP*/
-  int any_no_data = 0;
-
-  /* Break the line down into an STRLIST */
-  for (p=line; *p; line = p)
-    {
-      while (*p && *p != ' ')
-        p++;
-      if (*p)
-        *p++ = 0;
-
-      if (*line)
-        {
-          sl = xtrymalloc (sizeof *sl + strlen (line));
-          if (!sl)
-            {
-              err = gpg_error_from_errno (errno);
-              goto leave;
-            }
-          memset (sl, 0, sizeof *sl);
-          strcpy_escaped_plus (sl->d, line);
-          sl->next = list;
-          list = sl;
-        }
-    }
-
-  /* First look through the internal cache.  The certifcates retruned
-     here are not counted towards the truncation limit.  */
-  if (single && !cache_only)
-    ; /* Do not read from the local cache in this case.  */
-  else
-    {
-      for (sl=list; sl; sl = sl->next)
-        {
-          err = get_certs_bypattern (sl->d, return_one_cert, ctx);
-          if (!err)
-            local_count++;
-          if (!err && single)
-            goto ready;
-
-          if (gpg_err_code (err) == GPG_ERR_NO_DATA)
-            {
-              err = 0;
-              if (cache_only)
-                any_no_data = 1;
-            }
-          else if (gpg_err_code (err) == GPG_ERR_INV_NAME && !cache_only)
-            {
-              /* No real fault because the internal pattern lookup
-                 can't yet cope with all types of pattern.  */
-              err = 0;
-            }
-          if (err)
-            goto ready;
-        }
-    }
-
-  /* Loop over all configured servers unless we want only the
-     certificates from the cache.  */
-#if USE_LDAP
-  for (ldapserver_iter_begin (&ldapserver_iter, ctrl);
-       !cache_only && !ldapserver_iter_end_p (&ldapserver_iter)
-	 && ldapserver_iter.server->host && !truncation_forced;
-       ldapserver_iter_next (&ldapserver_iter))
-    {
-      ldap_server_t ldapserver = ldapserver_iter.server;
-
-      if (DBG_LOOKUP)
-        log_debug ("cmd_lookup: trying %s:%d base=%s\n",
-                   ldapserver->host, ldapserver->port,
-                   ldapserver->base?ldapserver->base : "[default]");
-
-      /* Fetch certificates matching pattern */
-      err = start_cert_fetch (ctrl, &fetch_context, list, ldapserver);
-      if ( gpg_err_code (err) == GPG_ERR_NO_DATA )
-        {
-          if (DBG_LOOKUP)
-            log_debug ("cmd_lookup: no data\n");
-          err = 0;
-          any_no_data = 1;
-          continue;
-        }
-      if (err)
-        {
-          log_error (_("start_cert_fetch failed: %s\n"), gpg_strerror (err));
-          goto leave;
-        }
-
-      /* Fetch the certificates for this query. */
-      while (!truncation_forced)
-        {
-          xfree (value); value = NULL;
-          err = fetch_next_cert (fetch_context, &value, &valuelen);
-          if (gpg_err_code (err) == GPG_ERR_NO_DATA )
-            {
-              err = 0;
-              any_no_data = 1;
-              break; /* Ready. */
-            }
-          if (gpg_err_code (err) == GPG_ERR_TRUNCATED)
-            {
-              truncated = 1;
-              err = 0;
-              break;  /* Ready.  */
-            }
-          if (gpg_err_code (err) == GPG_ERR_EOF)
-            {
-              err = 0;
-              break; /* Ready. */
-            }
-          if (!err && !value)
-            {
-              err = gpg_error (GPG_ERR_BUG);
-              goto leave;
-            }
-          if (err)
-            {
-              log_error (_("fetch_next_cert failed: %s\n"),
-                         gpg_strerror (err));
-              end_cert_fetch (fetch_context);
-              goto leave;
-            }
-
-          if (DBG_LOOKUP)
-            log_debug ("cmd_lookup: returning one cert%s\n",
-                       truncated? " (truncated)":"");
-
-          /* Send the data, flush the buffer and then send an END line
-             as a certificate delimiter. */
-          err = assuan_send_data (ctx, value, valuelen);
-          if (!err)
-            err = assuan_send_data (ctx, NULL, 0);
-          if (!err)
-            err = assuan_write_line (ctx, "END");
-          if (err)
-            {
-              log_error (_("error sending data: %s\n"), gpg_strerror (err));
-              end_cert_fetch (fetch_context);
-              goto leave;
-            }
-
-          if (++count >= opt.max_replies )
-            {
-              truncation_forced = 1;
-              log_info (_("max_replies %d exceeded\n"), opt.max_replies );
-            }
-          if (single)
-            break;
-        }
-
-      end_cert_fetch (fetch_context);
-    }
-#endif /*USE_LDAP*/
-
- ready:
-  if (truncated || truncation_forced)
-    {
-      char str[50];
-
-      sprintf (str, "%d", count);
-      assuan_write_status (ctx, "TRUNCATED", str);
-    }
-
-  if (!err && !count && !local_count && any_no_data)
-    err = gpg_error (GPG_ERR_NO_DATA);
-
- leave:
-  free_strlist (list);
-  return err;
-}
-
-
-static const char hlp_lookup[] =
-  "LOOKUP [--url] [--single] [--cache-only] \n"
-  "\n"
-  "Lookup certificates matching PATTERN. With --url the pattern is\n"
-  "expected to be one URL.\n"
-  "\n"
-  "If --url is not given:  To allow for multiple patterns (which are ORed)\n"
-  "quoting is required: Spaces are translated to \"+\" or \"%20\";\n"
-  "obviously this requires that the usual escape quoting rules are applied.\n"
-  "\n"
-  "If --url is given no special escaping is required because URLs are\n"
-  "already escaped this way.\n"
-  "\n"
-  "If --single is given the first and only the first match will be\n"
-  "returned.  If --cache-only is _not_ given, no local query will be\n"
-  "done.\n"
-  "\n"
-  "If --cache-only is given no external lookup is done so that only\n"
-  "certificates from the cache may get returned.";
-static gpg_error_t
-cmd_lookup (assuan_context_t ctx, char *line)
-{
-  gpg_error_t err;
-  int lookup_url, single, cache_only;
-
-  lookup_url = has_leading_option (line, "--url");
-  single = has_leading_option (line, "--single");
-  cache_only = has_leading_option (line, "--cache-only");
-  line = skip_options (line);
-
-  if (lookup_url && cache_only)
-    err = gpg_error (GPG_ERR_NOT_FOUND);
-  else if (lookup_url && single)
-    err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-  else if (lookup_url)
-    err = lookup_cert_by_url (ctx, line);
-  else
-    err = lookup_cert_by_pattern (ctx, line, single, cache_only);
-
-  return leave_cmd (ctx, err);
-}
-
-
-static const char hlp_loadcrl[] =
-  "LOADCRL [--url] \n"
-  "\n"
-  "Load the CRL in the file with name FILENAME into our cache.  Note\n"
-  "that FILENAME should be given with an absolute path because\n"
-  "Dirmngrs cwd is not known.  With --url the CRL is directly loaded\n"
-  "from the given URL.\n"
-  "\n"
-  "This command is usually used by gpgsm using the invocation \"gpgsm\n"
-  "--call-dirmngr loadcrl \".  A direct invocation of Dirmngr\n"
-  "is not useful because gpgsm might need to callback gpgsm to ask for\n"
-  "the CA's certificate.";
-static gpg_error_t
-cmd_loadcrl (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err = 0;
-  int use_url = has_leading_option (line, "--url");
-
-  line = skip_options (line);
-
-  if (use_url)
-    {
-      ksba_reader_t reader;
-
-      err = crl_fetch (ctrl, line, &reader);
-      if (err)
-        log_error (_("fetching CRL from '%s' failed: %s\n"),
-                   line, gpg_strerror (err));
-      else
-        {
-          err = crl_cache_insert (ctrl, line, reader);
-          if (err)
-            log_error (_("processing CRL from '%s' failed: %s\n"),
-                       line, gpg_strerror (err));
-          crl_close_reader (reader);
-        }
-    }
-  else
-    {
-      char *buf;
-
-      buf = xtrymalloc (strlen (line)+1);
-      if (!buf)
-        err = gpg_error_from_syserror ();
-      else
-        {
-          strcpy_escaped_plus (buf, line);
-          err = crl_cache_load (ctrl, buf);
-          xfree (buf);
-        }
-    }
-
-  return leave_cmd (ctx, err);
-}
-
-
-static const char hlp_listcrls[] =
-  "LISTCRLS\n"
-  "\n"
-  "List the content of all CRLs in a readable format.  This command is\n"
-  "usually used by gpgsm using the invocation \"gpgsm --call-dirmngr\n"
-  "listcrls\".  It may also be used directly using \"dirmngr\n"
-  "--list-crls\".";
-static gpg_error_t
-cmd_listcrls (assuan_context_t ctx, char *line)
-{
-  gpg_error_t err;
-  estream_t fp;
-
-  (void)line;
-
-  fp = es_fopencookie (ctx, "w", data_line_cookie_functions);
-  if (!fp)
-    err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
-  else
-    {
-      err = crl_cache_list (fp);
-      es_fclose (fp);
-    }
-  return leave_cmd (ctx, err);
-}
-
-
-static const char hlp_cachecert[] =
-  "CACHECERT\n"
-  "\n"
-  "Put a certificate into the internal cache.  This command might be\n"
-  "useful if a client knows in advance certificates required for a\n"
-  "test and wants to make sure they get added to the internal cache.\n"
-  "It is also helpful for debugging.  To get the actual certificate,\n"
-  "this command immediately inquires it using\n"
-  "\n"
-  "  INQUIRE TARGETCERT\n"
-  "\n"
-  "and the caller is expected to return the certificate for the\n"
-  "request as a binary blob.";
-static gpg_error_t
-cmd_cachecert (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err;
-  ksba_cert_t cert = NULL;
-  unsigned char *value = NULL;
-  size_t valuelen;
-
-  (void)line;
-
-  err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
-                       &value, &valuelen, MAX_CERT_LENGTH);
-  if (err)
-    {
-      log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
-      goto leave;
-    }
-
-  if (!valuelen) /* No data returned; return a comprehensible error. */
-    err = gpg_error (GPG_ERR_MISSING_CERT);
-  else
-    {
-      err = ksba_cert_new (&cert);
-      if (!err)
-        err = ksba_cert_init_from_mem (cert, value, valuelen);
-    }
-  xfree (value);
-  if(err)
-    goto leave;
-
-  err = cache_cert (cert);
-
- leave:
-  ksba_cert_release (cert);
-  return leave_cmd (ctx, err);
-}
-
-
-static const char hlp_validate[] =
-  "VALIDATE\n"
-  "\n"
-  "Validate a certificate using the certificate validation function\n"
-  "used internally by dirmngr.  This command is only useful for\n"
-  "debugging.  To get the actual certificate, this command immediately\n"
-  "inquires it using\n"
-  "\n"
-  "  INQUIRE TARGETCERT\n"
-  "\n"
-  "and the caller is expected to return the certificate for the\n"
-  "request as a binary blob.";
-static gpg_error_t
-cmd_validate (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err;
-  ksba_cert_t cert = NULL;
-  unsigned char *value = NULL;
-  size_t valuelen;
-
-  (void)line;
-
-  err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
-                       &value, &valuelen, MAX_CERT_LENGTH);
-  if (err)
-    {
-      log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
-      goto leave;
-    }
-
-  if (!valuelen) /* No data returned; return a comprehensible error. */
-    err = gpg_error (GPG_ERR_MISSING_CERT);
-  else
-    {
-      err = ksba_cert_new (&cert);
-      if (!err)
-        err = ksba_cert_init_from_mem (cert, value, valuelen);
-    }
-  xfree (value);
-  if(err)
-    goto leave;
-
-  /* If we have this certificate already in our cache, use the cached
-     version for validation because this will take care of any cached
-     results. */
-  {
-    unsigned char fpr[20];
-    ksba_cert_t tmpcert;
-
-    cert_compute_fpr (cert, fpr);
-    tmpcert = get_cert_byfpr (fpr);
-    if (tmpcert)
-      {
-        ksba_cert_release (cert);
-        cert = tmpcert;
-      }
-  }
-
-  err = validate_cert_chain (ctrl, cert, NULL, VALIDATE_MODE_CERT, NULL);
-
- leave:
-  ksba_cert_release (cert);
-  return leave_cmd (ctx, err);
-}
-
-
-static const char hlp_keyserver[] =
-  "KEYSERVER [] [|]\n"
-  "Options are:\n"
-  "  --help\n"
-  "  --clear      Remove all configured keyservers\n"
-  "  --resolve    Resolve HKP host names and rotate\n"
-  "  --hosttable  Print table of known hosts and pools\n"
-  "  --dead       Mark  as dead\n"
-  "  --alive      Mark  as alive\n"
-  "\n"
-  "If called without arguments list all configured keyserver URLs.\n"
-  "If called with an URI add this as keyserver.  Note that keyservers\n"
-  "are configured on a per-session base.  A default keyserver may already be\n"
-  "present, thus the \"--clear\" option must be used to get full control.\n"
-  "If \"--clear\" and an URI are used together the clear command is\n"
-  "obviously executed first.  A RESET command does not change the list\n"
-  "of configured keyservers.";
-static gpg_error_t
-cmd_keyserver (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err = 0;
-  int clear_flag, add_flag, help_flag, host_flag, resolve_flag;
-  int dead_flag, alive_flag;
-  uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it
-                             is always initialized.  */
-
-  clear_flag = has_option (line, "--clear");
-  help_flag = has_option (line, "--help");
-  resolve_flag = has_option (line, "--resolve");
-  host_flag = has_option (line, "--hosttable");
-  dead_flag = has_option (line, "--dead");
-  alive_flag = has_option (line, "--alive");
-  line = skip_options (line);
-  add_flag = !!*line;
-
-  if (help_flag)
-    {
-      err = ks_action_help (ctrl, line);
-      goto leave;
-    }
-
-  if (resolve_flag)
-    {
-      err = ks_action_resolve (ctrl, ctrl->server_local->keyservers);
-      if (err)
-        goto leave;
-    }
-
-  if (alive_flag && dead_flag)
-    {
-      err = set_error (GPG_ERR_ASS_PARAMETER, "no support for zombies");
-      goto leave;
-    }
-  if (dead_flag)
-    {
-      err = check_owner_permission (ctx, "no permission to use --dead");
-      if (err)
-        goto leave;
-    }
-  if (alive_flag || dead_flag)
-    {
-      if (!*line)
-        {
-          err = set_error (GPG_ERR_ASS_PARAMETER, "name of host missing");
-          goto leave;
-        }
-
-      err = ks_hkp_mark_host (ctrl, line, alive_flag);
-      if (err)
-        goto leave;
-    }
-
-  if (host_flag)
-    {
-      err = ks_hkp_print_hosttable (ctrl);
-      if (err)
-        goto leave;
-    }
-  if (resolve_flag || host_flag || alive_flag || dead_flag)
-    goto leave;
-
-  if (add_flag)
-    {
-      item = xtrymalloc (sizeof *item + strlen (line));
-      if (!item)
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
-      item->next = NULL;
-      item->parsed_uri = NULL;
-      strcpy (item->uri, line);
-
-#if USE_LDAP
-      if (ldap_uri_p (item->uri))
-	err = ldap_parse_uri (&item->parsed_uri, line);
-      else
-#endif
-	{
-	  err = http_parse_uri (&item->parsed_uri, line, 1);
-	}
-      if (err)
-        {
-          xfree (item);
-          goto leave;
-        }
-    }
-  if (clear_flag)
-    release_ctrl_keyservers (ctrl);
-  if (add_flag)
-    {
-      item->next = ctrl->server_local->keyservers;
-      ctrl->server_local->keyservers = item;
-    }
-
-  if (!add_flag && !clear_flag && !help_flag) /* List configured keyservers.  */
-    {
-      uri_item_t u;
-
-      for (u=ctrl->server_local->keyservers; u; u = u->next)
-        dirmngr_status (ctrl, "KEYSERVER", u->uri, NULL);
-    }
-  err = 0;
-
- leave:
-  return leave_cmd (ctx, err);
-}
-
-
-
-static const char hlp_ks_search[] =
-  "KS_SEARCH {}\n"
-  "\n"
-  "Search the configured OpenPGP keyservers (see command KEYSERVER)\n"
-  "for keys matching PATTERN";
-static gpg_error_t
-cmd_ks_search (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err;
-  strlist_t list, sl;
-  char *p;
-  estream_t outfp;
-
-  /* No options for now.  */
-  line = skip_options (line);
-
-  /* Break the line down into an strlist.  Each pattern is
-     percent-plus escaped. */
-  list = NULL;
-  for (p=line; *p; line = p)
-    {
-      while (*p && *p != ' ')
-        p++;
-      if (*p)
-        *p++ = 0;
-      if (*line)
-        {
-          sl = xtrymalloc (sizeof *sl + strlen (line));
-          if (!sl)
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
-          sl->flags = 0;
-          strcpy_escaped_plus (sl->d, line);
-          sl->next = list;
-          list = sl;
-        }
-    }
-
-  /* Setup an output stream and perform the search.  */
-  outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
-  if (!outfp)
-    err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
-  else
-    {
-      err = ks_action_search (ctrl, ctrl->server_local->keyservers,
-			      list, outfp);
-      es_fclose (outfp);
-    }
-
- leave:
-  free_strlist (list);
-  return leave_cmd (ctx, err);
-}
-
-
-
-static const char hlp_ks_get[] =
-  "KS_GET {}\n"
-  "\n"
-  "Get the keys matching PATTERN from the configured OpenPGP keyservers\n"
-  "(see command KEYSERVER).  Each pattern should be a keyid, a fingerprint,\n"
-  "or an exact name indicated by the '=' prefix.";
-static gpg_error_t
-cmd_ks_get (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err;
-  strlist_t list, sl;
-  char *p;
-  estream_t outfp;
-
-  /* No options for now.  */
-  line = skip_options (line);
-
-  /* Break the line into a strlist.  Each pattern is by
-     definition percent-plus escaped.  However we only support keyids
-     and fingerprints and thus the client has no need to apply the
-     escaping.  */
-  list = NULL;
-  for (p=line; *p; line = p)
-    {
-      while (*p && *p != ' ')
-        p++;
-      if (*p)
-        *p++ = 0;
-      if (*line)
-        {
-          sl = xtrymalloc (sizeof *sl + strlen (line));
-          if (!sl)
-            {
-              err = gpg_error_from_syserror ();
-              goto leave;
-            }
-          sl->flags = 0;
-          strcpy_escaped_plus (sl->d, line);
-          sl->next = list;
-          list = sl;
-        }
-    }
-
-  /* Setup an output stream and perform the get.  */
-  outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
-  if (!outfp)
-    err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
-  else
-    {
-      err = ks_action_get (ctrl, ctrl->server_local->keyservers, list, outfp);
-      es_fclose (outfp);
-    }
-
- leave:
-  free_strlist (list);
-  return leave_cmd (ctx, err);
-}
-
-
-static const char hlp_ks_fetch[] =
-  "KS_FETCH \n"
-  "\n"
-  "Get the key(s) from URL.";
-static gpg_error_t
-cmd_ks_fetch (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err;
-  estream_t outfp;
-
-  /* No options for now.  */
-  line = skip_options (line);
-
-  /* Setup an output stream and perform the get.  */
-  outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
-  if (!outfp)
-    err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
-  else
-    {
-      err = ks_action_fetch (ctrl, line, outfp);
-      es_fclose (outfp);
-    }
-
-  return leave_cmd (ctx, err);
-}
-
-
-
-static const char hlp_ks_put[] =
-  "KS_PUT\n"
-  "\n"
-  "Send a key to the configured OpenPGP keyservers.  The actual key material\n"
-  "is then requested by Dirmngr using\n"
-  "\n"
-  "  INQUIRE KEYBLOCK\n"
-  "\n"
-  "The client shall respond with a binary version of the keyblock (e.g.,\n"
-  "the output of `gpg --export KEYID').  For LDAP\n"
-  "keyservers Dirmngr may ask for meta information of the provided keyblock\n"
-  "using:\n"
-  "\n"
-  "  INQUIRE KEYBLOCK_INFO\n"
-  "\n"
-  "The client shall respond with a colon delimited info lines (the output\n"
-  "of 'for x in keys sigs; do gpg --list-$x --with-colons KEYID; done').\n";
-static gpg_error_t
-cmd_ks_put (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err;
-  unsigned char *value = NULL;
-  size_t valuelen;
-  unsigned char *info = NULL;
-  size_t infolen;
-
-  /* No options for now.  */
-  line = skip_options (line);
-
-  /* Ask for the key material.  */
-  err = assuan_inquire (ctx, "KEYBLOCK",
-                        &value, &valuelen, MAX_KEYBLOCK_LENGTH);
-  if (err)
-    {
-      log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
-      goto leave;
-    }
-
-  if (!valuelen) /* No data returned; return a comprehensible error. */
-    {
-      err = gpg_error (GPG_ERR_MISSING_CERT);
-      goto leave;
-    }
-
-  /* Ask for the key meta data. Not actually needed for HKP servers
-     but we do it anyway to test the client implementaion.  */
-  err = assuan_inquire (ctx, "KEYBLOCK_INFO",
-                        &info, &infolen, MAX_KEYBLOCK_LENGTH);
-  if (err)
-    {
-      log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
-      goto leave;
-    }
-
-  /* Send the key.  */
-  err = ks_action_put (ctrl, ctrl->server_local->keyservers,
-		       value, valuelen, info, infolen);
-
- leave:
-  xfree (info);
-  xfree (value);
-  return leave_cmd (ctx, err);
-}
-
-
-
-
-static const char hlp_getinfo[] =
-  "GETINFO \n"
-  "\n"
-  "Multi purpose command to return certain information.  \n"
-  "Supported values of WHAT are:\n"
-  "\n"
-  "version     - Return the version of the program.\n"
-  "pid         - Return the process id of the server.\n"
-  "\n"
-  "socket_name - Return the name of the socket.\n";
-static gpg_error_t
-cmd_getinfo (assuan_context_t ctx, char *line)
-{
-  gpg_error_t err;
-
-  if (!strcmp (line, "version"))
-    {
-      const char *s = VERSION;
-      err = assuan_send_data (ctx, s, strlen (s));
-    }
-  else if (!strcmp (line, "pid"))
-    {
-      char numbuf[50];
-
-      snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
-      err = assuan_send_data (ctx, numbuf, strlen (numbuf));
-    }
-  else if (!strcmp (line, "socket_name"))
-    {
-      const char *s = dirmngr_user_socket_name ();
-
-      if (!s)
-        s = dirmngr_sys_socket_name ();
-
-      if (s)
-        err = assuan_send_data (ctx, s, strlen (s));
-      else
-        err = gpg_error (GPG_ERR_NO_DATA);
-    }
-  else
-    err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
-
-  return leave_cmd (ctx, err);
-}
-
-
-
-static const char hlp_killdirmngr[] =
-  "KILLDIRMNGR\n"
-  "\n"
-  "This command allows a user - given sufficient permissions -\n"
-  "to kill this dirmngr process.\n";
-static gpg_error_t
-cmd_killdirmngr (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  gpg_error_t err;
-
-  (void)line;
-
-  if (opt.system_daemon)
-    {
-      if (opt.system_service)
-        err = set_error (GPG_ERR_NOT_SUPPORTED,
-                         "can't do that whilst running as system service");
-      else
-        err = check_owner_permission (ctx,
-                                      "no permission to kill this process");
-    }
-  else
-    err = 0;
-
-  if (!err)
-    {
-      ctrl->server_local->stopme = 1;
-      err = gpg_error (GPG_ERR_EOF);
-    }
-  return err;
-}
-
-
-static const char hlp_reloaddirmngr[] =
-  "RELOADDIRMNGR\n"
-  "\n"
-  "This command is an alternative to SIGHUP\n"
-  "to reload the configuration.";
-static gpg_error_t
-cmd_reloaddirmngr (assuan_context_t ctx, char *line)
-{
-  (void)ctx;
-  (void)line;
-
- if (opt.system_daemon)
-    {
-#ifndef HAVE_W32_SYSTEM
-      {
-        gpg_err_code_t ec;
-        assuan_peercred_t cred;
-
-        ec = gpg_err_code (assuan_get_peercred (ctx, &cred));
-        if (!ec && cred->uid)
-          ec = GPG_ERR_EPERM; /* Only root may terminate.  */
-        if (ec)
-          return set_error (ec, "no permission to reload this process");
-      }
-#endif
-    }
-
-  dirmngr_sighup_action ();
-  return 0;
-}
-
-
-
-
-/* Tell the assuan library about our commands. */
-static int
-register_commands (assuan_context_t ctx)
-{
-  static struct {
-    const char *name;
-    assuan_handler_t handler;
-    const char * const help;
-  } table[] = {
-    { "DNS_CERT",   cmd_dns_cert,   hlp_dns_cert },
-    { "LDAPSERVER", cmd_ldapserver, hlp_ldapserver },
-    { "ISVALID",    cmd_isvalid,    hlp_isvalid },
-    { "CHECKCRL",   cmd_checkcrl,   hlp_checkcrl },
-    { "CHECKOCSP",  cmd_checkocsp,  hlp_checkocsp },
-    { "LOOKUP",     cmd_lookup,     hlp_lookup },
-    { "LOADCRL",    cmd_loadcrl,    hlp_loadcrl },
-    { "LISTCRLS",   cmd_listcrls,   hlp_listcrls },
-    { "CACHECERT",  cmd_cachecert,  hlp_cachecert },
-    { "VALIDATE",   cmd_validate,   hlp_validate },
-    { "KEYSERVER",  cmd_keyserver,  hlp_keyserver },
-    { "KS_SEARCH",  cmd_ks_search,  hlp_ks_search },
-    { "KS_GET",     cmd_ks_get,     hlp_ks_get },
-    { "KS_FETCH",   cmd_ks_fetch,   hlp_ks_fetch },
-    { "KS_PUT",     cmd_ks_put,     hlp_ks_put },
-    { "GETINFO",    cmd_getinfo,    hlp_getinfo },
-    { "KILLDIRMNGR",cmd_killdirmngr,hlp_killdirmngr },
-    { "RELOADDIRMNGR",cmd_reloaddirmngr,hlp_reloaddirmngr },
-    { NULL, NULL }
-  };
-  int i, j, rc;
-
-  for (i=j=0; table[i].name; i++)
-    {
-      rc = assuan_register_command (ctx, table[i].name, table[i].handler,
-                                    table[i].help);
-      if (rc)
-        return rc;
-    }
-  return 0;
-}
-
-
-/* Note that we do not reset the list of configured keyservers.  */
-static gpg_error_t
-reset_notify (assuan_context_t ctx, char *line)
-{
-  ctrl_t ctrl = assuan_get_pointer (ctx);
-  (void)line;
-
-#if USE_LDAP
-  ldapserver_list_free (ctrl->server_local->ldapservers);
-#endif /*USE_LDAP*/
-  ctrl->server_local->ldapservers = NULL;
-  return 0;
-}
-
-
-/* Startup the server and run the main command loop.  With FD = -1,
-   use stdin/stdout. */
-void
-start_command_handler (assuan_fd_t fd)
-{
-  static const char hello[] = "Dirmngr " VERSION " at your service";
-  static char *hello_line;
-  int rc;
-  assuan_context_t ctx;
-  ctrl_t ctrl;
-
-  ctrl = xtrycalloc (1, sizeof *ctrl);
-  if (ctrl)
-    ctrl->server_local = xtrycalloc (1, sizeof *ctrl->server_local);
-  if (!ctrl || !ctrl->server_local)
-    {
-      log_error (_("can't allocate control structure: %s\n"),
-                 strerror (errno));
-      xfree (ctrl);
-      return;
-    }
-
-  dirmngr_init_default_ctrl (ctrl);
-
-  rc = assuan_new (&ctx);
-  if (rc)
-    {
-      log_error (_("failed to allocate assuan context: %s\n"),
-		 gpg_strerror (rc));
-      dirmngr_exit (2);
-    }
-
-  if (fd == ASSUAN_INVALID_FD)
-    {
-      assuan_fd_t filedes[2];
-
-      filedes[0] = assuan_fdopen (0);
-      filedes[1] = assuan_fdopen (1);
-      rc = assuan_init_pipe_server (ctx, filedes);
-    }
-  else
-    {
-      rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED);
-    }
-
-  if (rc)
-    {
-      assuan_release (ctx);
-      log_error (_("failed to initialize the server: %s\n"),
-                 gpg_strerror(rc));
-      dirmngr_exit (2);
-    }
-
-  rc = register_commands (ctx);
-  if (rc)
-    {
-      log_error (_("failed to the register commands with Assuan: %s\n"),
-                 gpg_strerror(rc));
-      dirmngr_exit (2);
-    }
-
-
-  if (!hello_line)
-    {
-      size_t n;
-      const char *cfgname;
-
-      cfgname = opt.config_filename? opt.config_filename : "[none]";
-
-      n = (30 + strlen (opt.homedir) + strlen (cfgname)
-           + strlen (hello) + 1);
-      hello_line = xmalloc (n+1);
-      snprintf (hello_line, n,
-                "Home: %s\n"
-                "Config: %s\n"
-                "%s",
-                opt.homedir,
-                cfgname,
-                hello);
-      hello_line[n] = 0;
-    }
-
-  ctrl->server_local->assuan_ctx = ctx;
-  assuan_set_pointer (ctx, ctrl);
-
-  assuan_set_hello_line (ctx, hello_line);
-  assuan_register_option_handler (ctx, option_handler);
-  assuan_register_reset_notify (ctx, reset_notify);
-
-  for (;;)
-    {
-      rc = assuan_accept (ctx);
-      if (rc == -1)
-        break;
-      if (rc)
-        {
-          log_info (_("Assuan accept problem: %s\n"), gpg_strerror (rc));
-          break;
-        }
-
-#ifndef HAVE_W32_SYSTEM
-      if (opt.verbose)
-        {
-	  assuan_peercred_t peercred;
-
-          if (!assuan_get_peercred (ctx, &peercred))
-            log_info ("connection from process %ld (%ld:%ld)\n",
-                      (long)peercred->pid, (long)peercred->uid,
-		      (long)peercred->gid);
-        }
-#endif
-
-      rc = assuan_process (ctx);
-      if (rc)
-        {
-          log_info (_("Assuan processing failed: %s\n"), gpg_strerror (rc));
-          continue;
-        }
-    }
-
-#if USE_LDAP
-  ldap_wrapper_connection_cleanup (ctrl);
-
-  ldapserver_list_free (ctrl->server_local->ldapservers);
-#endif /*USE_LDAP*/
-  ctrl->server_local->ldapservers = NULL;
-
-  ctrl->server_local->assuan_ctx = NULL;
-  assuan_release (ctx);
-
-  if (ctrl->server_local->stopme)
-    dirmngr_exit (0);
-
-  if (ctrl->refcount)
-    log_error ("oops: connection control structure still referenced (%d)\n",
-               ctrl->refcount);
-  else
-    {
-      release_ctrl_ocsp_certs (ctrl);
-      xfree (ctrl->server_local);
-      dirmngr_deinit_default_ctrl (ctrl);
-      xfree (ctrl);
-    }
-}
-
-
-/* Send a status line back to the client.  KEYWORD is the status
-   keyword, the optional string arguments are blank separated added to
-   the line, the last argument must be a NULL. */
-gpg_error_t
-dirmngr_status (ctrl_t ctrl, const char *keyword, ...)
-{
-  gpg_error_t err = 0;
-  va_list arg_ptr;
-  const char *text;
-
-  va_start (arg_ptr, keyword);
-
-  if (ctrl->server_local)
-    {
-      assuan_context_t ctx = ctrl->server_local->assuan_ctx;
-      char buf[950], *p;
-      size_t n;
-
-      p = buf;
-      n = 0;
-      while ( (text = va_arg (arg_ptr, const char *)) )
-        {
-          if (n)
-            {
-              *p++ = ' ';
-              n++;
-            }
-          for ( ; *text && n < DIM (buf)-2; n++)
-            *p++ = *text++;
-        }
-      *p = 0;
-      err = assuan_write_status (ctx, keyword, buf);
-    }
-
-  va_end (arg_ptr);
-  return err;
-}
-
-
-/* Print a help status line.  TEXTLEN gives the length of the text
-   from TEXT to be printed.  The function splits text at LFs.  */
-gpg_error_t
-dirmngr_status_help (ctrl_t ctrl, const char *text)
-{
-  gpg_error_t err = 0;
-
-  if (ctrl->server_local)
-    {
-      assuan_context_t ctx = ctrl->server_local->assuan_ctx;
-      char buf[950], *p;
-      size_t n;
-
-      do
-        {
-          p = buf;
-          n = 0;
-          for ( ; *text && *text != '\n' && n < DIM (buf)-2; n++)
-            *p++ = *text++;
-          if (*text == '\n')
-            text++;
-          *p = 0;
-          err = assuan_write_status (ctx, "#", buf);
-        }
-      while (!err && *text);
-    }
-
-  return err;
-}
-
-/* Send a tick progress indicator back.  Fixme: This is only done for
-   the currently active channel.  */
-gpg_error_t
-dirmngr_tick (ctrl_t ctrl)
-{
-  static time_t next_tick = 0;
-  gpg_error_t err = 0;
-  time_t now = time (NULL);
-
-  if (!next_tick)
-    {
-      next_tick = now + 1;
-    }
-  else if ( now > next_tick )
-    {
-      if (ctrl)
-        {
-          err = dirmngr_status (ctrl, "PROGRESS", "tick", "? 0 0", NULL);
-          if (err)
-            {
-              /* Take this as in indication for a cancel request.  */
-              err = gpg_error (GPG_ERR_CANCELED);
-            }
-          now = time (NULL);
-        }
-
-      next_tick = now + 1;
-    }
-  return err;
-}
diff -Nru gnupg2-2.1.6/dirmngr/t-dns-cert.c gnupg2-2.0.28/dirmngr/t-dns-cert.c
--- gnupg2-2.1.6/dirmngr/t-dns-cert.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/t-dns-cert.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,93 +0,0 @@
-/* t-dns-cert.c - Module test for dns-cert.c
- * Copyright (C) 2011 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-
-#include "util.h"
-#include "dns-cert.h"
-
-
-int
-main (int argc, char **argv)
-{
-  gpg_error_t err;
-  unsigned char *fpr;
-  size_t fpr_len;
-  char *url;
-  void *key;
-  size_t keylen;
-  char const *name;
-
-  if (argc)
-    {
-      argc--;
-      argv++;
-    }
-
-  if (!argc)
-    name = "simon.josefsson.org";
-  else if (argc == 1)
-    name = *argv;
-  else
-    {
-      fputs ("usage: t-dns-cert [name]\n", stderr);
-      return 1;
-    }
-
-  printf ("CERT lookup on '%s'\n", name);
-
-  err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &keylen,
-                      &fpr, &fpr_len, &url);
-  if (err)
-    printf ("get_dns_cert failed: %s <%s>\n",
-            gpg_strerror (err), gpg_strsource (err));
-  else if (key)
-    {
-      printf ("Key found (%u bytes)\n", (unsigned int)keylen);
-    }
-  else
-    {
-      if (fpr)
-	{
-	  int i;
-
-	  printf ("Fingerprint found (%d bytes): ", (int)fpr_len);
-	  for (i = 0; i < fpr_len; i++)
-	    printf ("%02X", fpr[i]);
-	  putchar ('\n');
-	}
-      else
-	printf ("No fingerprint found\n");
-
-      if (url)
-	printf ("URL found: %s\n", url);
-      else
-	printf ("No URL found\n");
-
-    }
-
-  xfree (key);
-  xfree (fpr);
-  xfree (url);
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/dirmngr/t-ldap-parse-uri.c gnupg2-2.0.28/dirmngr/t-ldap-parse-uri.c
--- gnupg2-2.1.6/dirmngr/t-ldap-parse-uri.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/t-ldap-parse-uri.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,255 +0,0 @@
-/* t-ldap-parse-uri.c - Regression tests for ldap-parse-uri.c.
- * Copyright (C) 2015  g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-
-#include "ldap-parse-uri.h"
-
-#include "t-support.h"
-
-struct test_ldap_uri_p
-{
-  const char *uri;
-  int result;
-};
-
-void
-check_ldap_uri_p (int test_count, struct test_ldap_uri_p *test)
-{
-  int result = ldap_uri_p (test->uri);
-  if (result != test->result)
-    {
-      printf ("'%s' is %san LDAP schema, but ldap_uri_p says opposite.\n",
-	      test->uri, test->result ? "" : "not ");
-      fail(1000 * test_count);
-    }
-}
-
-static void
-test_ldap_uri_p (void)
-{
-  struct test_ldap_uri_p tests[] = {
-    { "ldap://foo", 1 },
-    { "ldap://", 1 },
-    { "ldap:", 1 },
-    { "ldap", 0 },
-    { "ldapfoobar", 0 },
-
-    { "ldaps://foo", 1 },
-    { "ldaps://", 1 },
-    { "ldaps:", 1 },
-    { "ldaps", 0 },
-    { "ldapsfoobar", 0 },
-
-    { "ldapi://foo", 1 },
-    { "ldapi://", 1 },
-    { "ldapi:", 1 },
-    { "ldapi", 0 },
-    { "ldapifoobar", 0 },
-
-    { "LDAP://FOO", 1 },
-    { "LDAP://", 1 },
-    { "LDAP:", 1 },
-    { "LDAP", 0 },
-    { "LDAPFOOBAR", 0 }
-  };
-
-  int test_count;
-  for (test_count = 1;
-       test_count <= sizeof (tests) / sizeof (tests[0]);
-       test_count ++)
-    check_ldap_uri_p (test_count, &tests[test_count - 1]);
-}
-
-struct test_ldap_parse_uri
-{
-  const char *uri;
-  const char *scheme;
-  const char *host;
-  const int port;
-  const int use_tls;
-  const char *path;  /* basedn. */
-  const char *auth;  /* binddn.  */
-  const char *password;  /* query[1].  */
-};
-
-static int
-cmp (const char *a, const char *b)
-{
-  if (! a)
-    a = "";
-  if (! b)
-    b = "";
-
-  return strcmp (a, b) == 0;
-}
-
-void
-check_ldap_parse_uri (int test_count, struct test_ldap_parse_uri *test)
-{
-  gpg_error_t err;
-  parsed_uri_t puri;
-
-  err = ldap_parse_uri (&puri, test->uri);
-  if (err)
-    {
-      printf ("Parsing '%s' failed (%d).\n", test->uri, err);
-      fail (test_count * 1000 + 0);
-    }
-
-  if (! cmp(test->scheme, puri->scheme))
-    {
-      printf ("scheme mismatch: got '%s', expected '%s'.\n",
-	      puri->scheme, test->scheme);
-      fail (test_count * 1000 + 1);
-    }
-
-  if (! cmp(test->host, puri->host))
-    {
-      printf ("host mismatch: got '%s', expected '%s'.\n",
-	      puri->host, test->host);
-      fail (test_count * 1000 + 2);
-    }
-
-  if (test->port != puri->port)
-    {
-      printf ("port mismatch: got '%d', expected '%d'.\n",
-	      puri->port, test->port);
-      fail (test_count * 1000 + 3);
-    }
-
-  if (test->use_tls != puri->use_tls)
-    {
-      printf ("use_tls mismatch: got '%d', expected '%d'.\n",
-	      puri->use_tls, test->use_tls);
-      fail (test_count * 1000 + 4);
-    }
-
-  if (! cmp(test->path, puri->path))
-    {
-      printf ("path mismatch: got '%s', expected '%s'.\n",
-	      puri->path, test->path);
-      fail (test_count * 1000 + 5);
-    }
-
-  if (! cmp(test->auth, puri->auth))
-    {
-      printf ("auth mismatch: got '%s', expected '%s'.\n",
-	      puri->auth, test->auth);
-      fail (test_count * 1000 + 6);
-    }
-
-  if (! test->password && ! puri->query)
-    /* Ok.  */
-    ;
-  else if (test->password && ! puri->query)
-    {
-      printf ("password mismatch: got NULL, expected '%s'.\n",
-	      test->auth);
-      fail (test_count * 1000 + 7);
-    }
-  else if (! test->password && puri->query)
-    {
-      printf ("password mismatch: got something, expected NULL.\n");
-      fail (test_count * 1000 + 8);
-    }
-  else if (! (test->password && puri->query
-	      && puri->query->name && puri->query->value
-	      && strcmp (puri->query->name, "password") == 0
-	      && cmp (puri->query->value, test->password)))
-    {
-      printf ("password mismatch: got '%s:%s', expected 'password:%s'.\n",
-	      puri->query->name, puri->query->value,
-	      test->password);
-      fail (test_count * 1000 + 9);
-    }
-
-  http_release_parsed_uri (puri);
-}
-
-static void
-test_ldap_parse_uri (void)
-{
-  struct test_ldap_parse_uri tests[] = {
-    { "ldap://", "ldap", NULL, 389, 0, NULL, NULL, NULL },
-    { "ldap://host", "ldap", "host", 389, 0, NULL, NULL, NULL },
-    { "ldap://host:100", "ldap", "host", 100, 0, NULL, NULL, NULL },
-    { "ldaps://host", "ldaps", "host", 636, 1, NULL, NULL, NULL },
-    { "ldap://host/ou%3DPGP%20Keys%2Cdc%3DEXAMPLE%2Cdc%3DORG",
-      "ldap", "host", 389, 0, "ou=PGP Keys,dc=EXAMPLE,dc=ORG" },
-    { "ldap://host/????bindname=uid%3Duser%2Cou%3DPGP%20Users%2Cdc%3DEXAMPLE%2Cdc%3DORG,password=foobar",
-      "ldap", "host", 389, 0, "",
-      "uid=user,ou=PGP Users,dc=EXAMPLE,dc=ORG", "foobar" }
-  };
-
-  int test_count;
-  for (test_count = 1;
-       test_count <= sizeof (tests) / sizeof (tests[0]);
-       test_count ++)
-    check_ldap_parse_uri (test_count, &tests[test_count - 1]);
-}
-
-struct test_ldap_escape_filter
-{
-  const char *filter;
-  const char *result;
-};
-
-static void
-check_ldap_escape_filter (int test_count, struct test_ldap_escape_filter *test)
-{
-  char *result = ldap_escape_filter (test->filter);
-
-  if (strcmp (result, test->result) != 0)
-    {
-      printf ("Filter: '%s'.  Escaped: '%s'.  Expected: '%s'.\n",
-	      test->filter, result, test->result);
-      fail (test_count * 1000);
-    }
-}
-
-static void
-test_ldap_escape_filter (void)
-{
-  struct test_ldap_escape_filter tests[] = {
-    { "foobar", "foobar" },
-    { "", "" },
-    { "(foo)", "%28foo%29" },
-    { "* ( ) \\ /", "%2a %28 %29 %5c %2f" }
-  };
-
-  int test_count;
-  for (test_count = 1;
-       test_count <= sizeof (tests) / sizeof (tests[0]);
-       test_count ++)
-    check_ldap_escape_filter (test_count, &tests[test_count - 1]);
-}
-
-int
-main (int argc, char **argv)
-{
-  (void)argc;
-  (void)argv;
-
-  test_ldap_uri_p ();
-  test_ldap_parse_uri ();
-  test_ldap_escape_filter ();
-
-  return 0;
-}
diff -Nru gnupg2-2.1.6/dirmngr/t-support.h gnupg2-2.0.28/dirmngr/t-support.h
--- gnupg2-2.1.6/dirmngr/t-support.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/t-support.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,42 +0,0 @@
-/* t-support.h - Helper for the regression tests
- * Copyright (C) 2007  Free Software Foundation, Inc.
- *
- * This file is part of JNLIB, which is a subsystem of GnuPG.
- *
- * JNLIB is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * JNLIB is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see .
- */
-
-#ifndef DIRMNGR_T_SUPPORT_H
-#define DIRMNGR_T_SUPPORT_H 1
-
-/* Macros to print the result of a test.  */
-#define pass()  do { ; } while(0)
-#define fail(a)  do { fprintf (stderr, "%s:%d: test %d failed\n",\
-                               __FILE__,__LINE__, (a));          \
-                     exit (1);                                   \
-                   } while(0)
-
-
-#endif /* DIRMNGR_T_SUPPORT_H */
diff -Nru gnupg2-2.1.6/dirmngr/validate.c gnupg2-2.0.28/dirmngr/validate.c
--- gnupg2-2.1.6/dirmngr/validate.c	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/validate.c	1970-01-01 00:00:00.000000000 +0000
@@ -1,1159 +0,0 @@
-/* validate.c - Validate a certificate chain.
- * Copyright (C) 2001, 2003, 2004, 2008 Free Software Foundation, Inc.
- * Copyright (C) 2004, 2006, 2008 g10 Code GmbH
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#include 
-
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "dirmngr.h"
-#include "certcache.h"
-#include "crlcache.h"
-#include "validate.h"
-#include "misc.h"
-
-/* While running the validation function we need to keep track of the
-   certificates and the validation outcome of each.  We use this type
-   for it.  */
-struct chain_item_s
-{
-  struct chain_item_s *next;
-  ksba_cert_t cert;      /* The certificate.  */
-  unsigned char fpr[20]; /* Fingerprint of the certificate.  */
-  int is_self_signed;    /* This certificate is self-signed.  */
-  int is_valid;          /* The certifiate is valid except for revocations.  */
-};
-typedef struct chain_item_s *chain_item_t;
-
-
-/* A couple of constants with Object Identifiers.  */
-static const char oid_kp_serverAuth[]     = "1.3.6.1.5.5.7.3.1";
-static const char oid_kp_clientAuth[]     = "1.3.6.1.5.5.7.3.2";
-static const char oid_kp_codeSigning[]    = "1.3.6.1.5.5.7.3.3";
-static const char oid_kp_emailProtection[]= "1.3.6.1.5.5.7.3.4";
-static const char oid_kp_timeStamping[]   = "1.3.6.1.5.5.7.3.8";
-static const char oid_kp_ocspSigning[]    = "1.3.6.1.5.5.7.3.9";
-
-
-/* Prototypes.  */
-static gpg_error_t check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert);
-
-
-
-
-/* Check whether CERT contains critical extensions we don't know
-   about.  */
-static gpg_error_t
-unknown_criticals (ksba_cert_t cert)
-{
-  static const char *known[] = {
-    "2.5.29.15", /* keyUsage */
-    "2.5.29.19", /* basic Constraints */
-    "2.5.29.32", /* certificatePolicies */
-    "2.5.29.37", /* extendedKeyUsage */
-    NULL
-  };
-  int i, idx, crit;
-  const char *oid;
-  int unsupported;
-  strlist_t sl;
-  gpg_error_t err, rc;
-
-  rc = 0;
-  for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
-                                             &oid, &crit, NULL, NULL));idx++)
-    {
-      if (!crit)
-        continue;
-      for (i=0; known[i] && strcmp (known[i],oid); i++)
-        ;
-      unsupported = !known[i];
-
-      /* If this critical extension is not supported, check the list
-         of to be ignored extensions to see whether we claim that it
-         is supported.  */
-      if (unsupported && opt.ignored_cert_extensions)
-        {
-          for (sl=opt.ignored_cert_extensions;
-               sl && strcmp (sl->d, oid); sl = sl->next)
-            ;
-          if (sl)
-            unsupported = 0;
-        }
-
-      if (unsupported)
-        {
-          log_error (_("critical certificate extension %s is not supported"),
-                     oid);
-          rc = gpg_error (GPG_ERR_UNSUPPORTED_CERT);
-        }
-    }
-  if (err && gpg_err_code (err) != GPG_ERR_EOF)
-    rc = err; /* Such an error takes precendence.  */
-
-  return rc;
-}
-
-
-/* Basic check for supported policies.  */
-static gpg_error_t
-check_cert_policy (ksba_cert_t cert)
-{
-  static const char *allowed[] = {
-    "2.289.9.9",
-    NULL
-  };
-  gpg_error_t err;
-  int idx;
-  char *p, *haystack;
-  char *policies;
-  int any_critical;
-
-  err = ksba_cert_get_cert_policies (cert, &policies);
-  if (gpg_err_code (err) == GPG_ERR_NO_DATA)
-    return 0; /* No policy given. */
-  if (err)
-    return err;
-
-  /* STRING is a line delimited list of certifiate policies as stored
-     in the certificate.  The line itself is colon delimited where the
-     first field is the OID of the policy and the second field either
-     N or C for normal or critical extension */
-  if (opt.verbose > 1)
-    log_info ("certificate's policy list: %s\n", policies);
-
-  /* The check is very minimal but won't give false positives */
-  any_critical = !!strstr (policies, ":C");
-
-  /* See whether we find ALLOWED (which is an OID) in POLICIES */
-  for (idx=0; allowed[idx]; idx++)
-    {
-      for (haystack=policies; (p=strstr (haystack, allowed[idx]));
-           haystack = p+1)
-        {
-          if ( !(p == policies || p[-1] == '\n') )
-            continue; /* Does not match the begin of a line. */
-          if (p[strlen (allowed[idx])] != ':')
-            continue; /* The length does not match. */
-          /* Yep - it does match: Return okay. */
-          ksba_free (policies);
-          return 0;
-        }
-    }
-
-  if (!any_critical)
-    {
-      log_info (_("Note: non-critical certificate policy not allowed"));
-      err = 0;
-    }
-  else
-    {
-      log_info (_("certificate policy not allowed"));
-      err = gpg_error (GPG_ERR_NO_POLICY_MATCH);
-    }
-
-  ksba_free (policies);
-  return err;
-}
-
-
-static gpg_error_t
-allowed_ca (ksba_cert_t cert, int *chainlen)
-{
-  gpg_error_t err;
-  int flag;
-
-  err = ksba_cert_is_ca (cert, &flag, chainlen);
-  if (err)
-    return err;
-  if (!flag)
-    {
-      if (!is_trusted_cert (cert))
-        {
-          /* The German SigG Root CA's certificate does not flag
-             itself as a CA; thus we relax this requirement if we
-             trust a root CA.  I think this is reasonable.  Note, that
-             gpgsm implements a far stricter scheme here. */
-          if (chainlen)
-            *chainlen = 3; /* That is what the SigG implements. */
-          if (opt.verbose)
-            log_info (_("accepting root CA not marked as a CA"));
-        }
-      else
-        {
-          log_error (_("issuer certificate is not marked as a CA"));
-          return gpg_error (GPG_ERR_BAD_CA_CERT);
-        }
-    }
-  return 0;
-}
-
-/* Helper for validate_cert_chain.  */
-static gpg_error_t
-check_revocations (ctrl_t ctrl, chain_item_t chain)
-{
-  gpg_error_t err = 0;
-  int any_revoked = 0;
-  int any_no_crl = 0;
-  int any_crl_too_old = 0;
-  chain_item_t ci;
-
-  assert (ctrl->check_revocations_nest_level >= 0);
-  assert (chain);
-
-  if (ctrl->check_revocations_nest_level > 10)
-    {
-      log_error (_("CRL checking too deeply nested\n"));
-      return gpg_error(GPG_ERR_BAD_CERT_CHAIN);
-    }
-  ctrl->check_revocations_nest_level++;
-
-
-  for (ci=chain; ci; ci = ci->next)
-    {
-      assert (ci->cert);
-      if (ci == chain)
-        {
-          /* It does not make sense to check the root certificate for
-             revocations.  In almost all cases this will lead to a
-             catch-22 as the root certificate is the final trust
-             anchor for the certificates and the CRLs.  We expect the
-             user to remove root certificates from the list of trusted
-             certificates in case they have been revoked. */
-          if (opt.verbose)
-            cert_log_name (_("not checking CRL for"), ci->cert);
-          continue;
-        }
-
-      if (opt.verbose)
-        cert_log_name (_("checking CRL for"), ci->cert);
-      err = crl_cache_cert_isvalid (ctrl, ci->cert, 0);
-      if (gpg_err_code (err) == GPG_ERR_NO_CRL_KNOWN)
-        {
-          err = crl_cache_reload_crl (ctrl, ci->cert);
-          if (!err)
-            err = crl_cache_cert_isvalid (ctrl, ci->cert, 0);
-        }
-      switch (gpg_err_code (err))
-        {
-        case 0: err = 0; break;
-        case GPG_ERR_CERT_REVOKED: any_revoked = 1; err = 0; break;
-        case GPG_ERR_NO_CRL_KNOWN: any_no_crl = 1; err = 0; break;
-        case GPG_ERR_CRL_TOO_OLD: any_crl_too_old = 1; err = 0; break;
-        default: break;
-        }
-    }
-  ctrl->check_revocations_nest_level--;
-
-
-  if (err)
-    ;
-  else if (any_revoked)
-    err = gpg_error (GPG_ERR_CERT_REVOKED);
-  else if (any_no_crl)
-    err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
-  else if (any_crl_too_old)
-    err = gpg_error (GPG_ERR_CRL_TOO_OLD);
-  else
-    err = 0;
-  return err;
-}
-
-
-/* Check whether CERT is a root certificate.  ISSUERDN and SUBJECTDN
-   are the DNs already extracted by the caller from CERT.  Returns
-   True if this is the case. */
-static int
-is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
-{
-  gpg_error_t err;
-  int result = 0;
-  ksba_sexp_t serialno;
-  ksba_sexp_t ak_keyid;
-  ksba_name_t ak_name;
-  ksba_sexp_t ak_sn;
-  const char *ak_name_str;
-  ksba_sexp_t subj_keyid = NULL;
-
-  if (!issuerdn || !subjectdn)
-    return 0;  /* No.  */
-
-  if (strcmp (issuerdn, subjectdn))
-    return 0;  /* No.  */
-
-  err = ksba_cert_get_auth_key_id (cert, &ak_keyid, &ak_name, &ak_sn);
-  if (err)
-    {
-      if (gpg_err_code (err) == GPG_ERR_NO_DATA)
-        return 1; /* Yes. Without a authorityKeyIdentifier this needs
-                     to be the Root certifcate (our trust anchor).  */
-      log_error ("error getting authorityKeyIdentifier: %s\n",
-                 gpg_strerror (err));
-      return 0; /* Well, it is broken anyway.  Return No. */
-    }
-
-  serialno = ksba_cert_get_serial (cert);
-  if (!serialno)
-    {
-      log_error ("error getting serialno: %s\n", gpg_strerror (err));
-      goto leave;
-    }
-
-  /* Check whether the auth name's matches the issuer name+sn.  If
-     that is the case this is a root certificate.  */
-  ak_name_str = ksba_name_enum (ak_name, 0);
-  if (ak_name_str
-      && !strcmp (ak_name_str, issuerdn)
-      && !cmp_simple_canon_sexp (ak_sn, serialno))
-    {
-      result = 1;  /* Right, CERT is self-signed.  */
-      goto leave;
-    }
-
-  /* Similar for the ak_keyid. */
-  if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid)
-      && !cmp_simple_canon_sexp (ak_keyid, subj_keyid))
-    {
-      result = 1;  /* Right, CERT is self-signed.  */
-      goto leave;
-    }
-
-
- leave:
-  ksba_free (subj_keyid);
-  ksba_free (ak_keyid);
-  ksba_name_release (ak_name);
-  ksba_free (ak_sn);
-  ksba_free (serialno);
-  return result;
-}
-
-
-/* Validate the certificate CHAIN up to the trust anchor. Optionally
-   return the closest expiration time in R_EXPTIME (this is useful for
-   caching issues).  MODE is one of the VALIDATE_MODE_* constants.
-
-   If R_TRUST_ANCHOR is not NULL and the validation would fail only
-   because the root certificate is not trusted, the hexified
-   fingerprint of that root certificate is stored at R_TRUST_ANCHOR
-   and success is returned.  The caller needs to free the value at
-   R_TRUST_ANCHOR; in all other cases NULL is stored there.  */
-gpg_error_t
-validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
-                     int mode, char **r_trust_anchor)
-{
-  gpg_error_t err = 0;
-  int depth, maxdepth;
-  char *issuer = NULL;
-  char *subject = NULL;
-  ksba_cert_t subject_cert = NULL, issuer_cert = NULL;
-  ksba_isotime_t current_time;
-  ksba_isotime_t exptime;
-  int any_expired = 0;
-  int any_no_policy_match = 0;
-  chain_item_t chain;
-
-
-  if (r_exptime)
-    *r_exptime = 0;
-  *exptime = 0;
-
-  if (r_trust_anchor)
-    *r_trust_anchor = NULL;
-
-  if (!opt.system_daemon)
-    {
-      /* For backward compatibility we only do this in daemon mode.  */
-      log_info (_("running in compatibility mode - "
-                  "certificate chain not checked!\n"));
-      return 0; /* Okay. */
-    }
-
-  if (DBG_X509)
-    dump_cert ("subject", cert);
-
-  /* May the target certificate be used for this purpose?  */
-  switch (mode)
-    {
-    case VALIDATE_MODE_OCSP:
-      err = cert_use_ocsp_p (cert);
-      break;
-    case VALIDATE_MODE_CRL:
-    case VALIDATE_MODE_CRL_RECURSIVE:
-      err = cert_use_crl_p (cert);
-      break;
-    default:
-      err = 0;
-      break;
-    }
-  if (err)
-    return err;
-
-  /* If we already validated the certificate not too long ago, we can
-     avoid the excessive computations and lookups unless the caller
-     asked for the expiration time.  */
-  if (!r_exptime)
-    {
-      size_t buflen;
-      time_t validated_at;
-
-      err = ksba_cert_get_user_data (cert, "validated_at",
-                                     &validated_at, sizeof (validated_at),
-                                     &buflen);
-      if (err || buflen != sizeof (validated_at) || !validated_at)
-        err = 0; /* Not available or other error. */
-      else
-        {
-          /* If the validation is not older than 30 minutes we are ready. */
-          if (validated_at < gnupg_get_time () + (30*60))
-            {
-              if (opt.verbose)
-                log_info ("certificate is good (cached)\n");
-              /* Note, that we can't jump to leave here as this would
-                 falsely updated the validation timestamp.  */
-              return 0;
-            }
-        }
-    }
-
-  /* Get the current time. */
-  gnupg_get_isotime (current_time);
-
-  /* We walk up the chain until we find a trust anchor. */
-  subject_cert = cert;
-  maxdepth = 10;
-  chain = NULL;
-  depth = 0;
-  for (;;)
-    {
-      /* Get the subject and issuer name from the current
-         certificate.  */
-      ksba_free (issuer);
-      ksba_free (subject);
-      issuer = ksba_cert_get_issuer (subject_cert, 0);
-      subject = ksba_cert_get_subject (subject_cert, 0);
-
-      if (!issuer)
-        {
-          log_error (_("no issuer found in certificate\n"));
-          err = gpg_error (GPG_ERR_BAD_CERT);
-          goto leave;
-        }
-
-      /* Handle the notBefore and notAfter timestamps.  */
-      {
-        ksba_isotime_t not_before, not_after;
-
-        err = ksba_cert_get_validity (subject_cert, 0, not_before);
-        if (!err)
-          err = ksba_cert_get_validity (subject_cert, 1, not_after);
-        if (err)
-          {
-            log_error (_("certificate with invalid validity: %s"),
-                       gpg_strerror (err));
-            err = gpg_error (GPG_ERR_BAD_CERT);
-            goto leave;
-          }
-
-        /* Keep track of the nearest expiration time in EXPTIME.  */
-        if (*not_after)
-          {
-            if (!*exptime)
-              gnupg_copy_time (exptime, not_after);
-            else if (strcmp (not_after, exptime) < 0 )
-              gnupg_copy_time (exptime, not_after);
-          }
-
-        /* Check whether the certificate is already valid.  */
-        if (*not_before && strcmp (current_time, not_before) < 0 )
-          {
-            log_error (_("certificate not yet valid"));
-            log_info ("(valid from ");
-            dump_isotime (not_before);
-            log_printf (")\n");
-            err = gpg_error (GPG_ERR_CERT_TOO_YOUNG);
-            goto leave;
-          }
-
-        /* Now check whether the certificate has expired.  */
-        if (*not_after && strcmp (current_time, not_after) > 0 )
-          {
-            log_error (_("certificate has expired"));
-            log_info ("(expired at ");
-            dump_isotime (not_after);
-            log_printf (")\n");
-            any_expired = 1;
-          }
-      }
-
-      /* Do we have any critical extensions in the certificate we
-         can't handle? */
-      err = unknown_criticals (subject_cert);
-      if (err)
-        goto leave; /* yes. */
-
-      /* Check that given policies are allowed.  */
-      err = check_cert_policy (subject_cert);
-      if (gpg_err_code (err) == GPG_ERR_NO_POLICY_MATCH)
-        {
-          any_no_policy_match = 1;
-          err = 0;
-        }
-      else if (err)
-        goto leave;
-
-      /* Is this a self-signed certificate? */
-      if (is_root_cert ( subject_cert, issuer, subject))
-        {
-          /* Yes, this is our trust anchor.  */
-          if (check_cert_sig (subject_cert, subject_cert) )
-            {
-              log_error (_("selfsigned certificate has a BAD signature"));
-              err = gpg_error (depth? GPG_ERR_BAD_CERT_CHAIN
-                                    : GPG_ERR_BAD_CERT);
-              goto leave;
-            }
-
-          /* Is this certificate allowed to act as a CA.  */
-          err = allowed_ca (subject_cert, NULL);
-          if (err)
-            goto leave;  /* No. */
-
-          err = is_trusted_cert (subject_cert);
-          if (!err)
-            ; /* Yes we trust this cert.  */
-          else if (gpg_err_code (err) == GPG_ERR_NOT_TRUSTED)
-            {
-              char *fpr;
-
-              log_error (_("root certificate is not marked trusted"));
-              fpr = get_fingerprint_hexstring (subject_cert);
-              log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
-              dump_cert ("issuer", subject_cert);
-              if (r_trust_anchor)
-                {
-                  /* Caller wants to do another trustiness check.  */
-                  *r_trust_anchor = fpr;
-                  err = 0;
-                }
-              else
-                xfree (fpr);
-            }
-          else
-            {
-              log_error (_("checking trustworthiness of "
-                           "root certificate failed: %s\n"),
-                         gpg_strerror (err));
-            }
-          if (err)
-            goto leave;
-
-          /* Prepend the certificate to our list.  */
-          {
-            chain_item_t ci;
-
-            ci = xtrycalloc (1, sizeof *ci);
-            if (!ci)
-              {
-                err = gpg_error_from_errno (errno);
-                goto leave;
-              }
-            ksba_cert_ref (subject_cert);
-            ci->cert = subject_cert;
-            cert_compute_fpr (subject_cert, ci->fpr);
-            ci->next = chain;
-            chain = ci;
-          }
-
-          if (opt.verbose)
-            {
-              if (r_trust_anchor && *r_trust_anchor)
-                log_info ("root certificate is good but not trusted\n");
-              else
-                log_info ("root certificate is good and trusted\n");
-            }
-
-          break;  /* Okay: a self-signed certicate is an end-point. */
-        }
-
-      /* To avoid loops, we use an arbitary limit on the length of
-         the chain. */
-      depth++;
-      if (depth > maxdepth)
-        {
-          log_error (_("certificate chain too long\n"));
-          err = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
-          goto leave;
-        }
-
-      /* Find the next cert up the tree. */
-      ksba_cert_release (issuer_cert); issuer_cert = NULL;
-      err = find_issuing_cert (ctrl, subject_cert, &issuer_cert);
-      if (err)
-        {
-          if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
-            {
-              log_error (_("issuer certificate not found"));
-              log_info ("issuer certificate: #/");
-              dump_string (issuer);
-              log_printf ("\n");
-            }
-          else
-            log_error (_("issuer certificate not found: %s\n"),
-                         gpg_strerror (err));
-          /* Use a better understandable error code.  */
-          err = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
-          goto leave;
-        }
-
-/*     try_another_cert: */
-      if (DBG_X509)
-        {
-          log_debug ("got issuer's certificate:\n");
-          dump_cert ("issuer", issuer_cert);
-        }
-
-      /* Now check the signature of the certificate.  Well, we
-         should delay this until later so that faked certificates
-         can't be turned into a DoS easily.  */
-      err = check_cert_sig (issuer_cert, subject_cert);
-      if (err)
-        {
-          log_error (_("certificate has a BAD signature"));
-#if 0
-          if (gpg_err_code (err) == GPG_ERR_BAD_SIGNATURE)
-            {
-              /* We now try to find other issuer certificates which
-                 might have been used.  This is required because some
-                 CAs are reusing the issuer and subject DN for new
-                 root certificates without using a  authorityKeyIdentifier. */
-              rc = find_up (kh, subject_cert, issuer, 1);
-              if (!rc)
-                {
-                  ksba_cert_t tmp_cert;
-
-                  rc = keydb_get_cert (kh, &tmp_cert);
-                  if (rc || !compare_certs (issuer_cert, tmp_cert))
-                    {
-                      /* The find next did not work or returned an
-                         identical certificate.  We better stop here
-                         to avoid infinite checks. */
-                      rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
-                      ksba_cert_release (tmp_cert);
-                    }
-                  else
-                    {
-                      do_list (0, lm, fp, _("found another possible matching "
-                                            "CA certificate - trying again"));
-                      ksba_cert_release (issuer_cert);
-                      issuer_cert = tmp_cert;
-                      goto try_another_cert;
-                    }
-                }
-            }
-#endif
-          /* We give a more descriptive error code than the one
-             returned from the signature checking. */
-          err = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
-          goto leave;
-        }
-
-      /* Check that the length of the chain is not longer than allowed
-         by the CA.  */
-      {
-        int chainlen;
-
-        err = allowed_ca (issuer_cert, &chainlen);
-        if (err)
-          goto leave;
-        if (chainlen >= 0 && (depth - 1) > chainlen)
-          {
-            log_error (_("certificate chain longer than allowed by CA (%d)"),
-                       chainlen);
-            err = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
-            goto leave;
-          }
-      }
-
-      /* May that certificate be used for certification? */
-      err = cert_use_cert_p (issuer_cert);
-      if (err)
-        goto leave;  /* No.  */
-
-      /* Prepend the certificate to our list.  */
-      {
-        chain_item_t ci;
-
-        ci = xtrycalloc (1, sizeof *ci);
-        if (!ci)
-          {
-            err = gpg_error_from_errno (errno);
-            goto leave;
-          }
-        ksba_cert_ref (subject_cert);
-        ci->cert = subject_cert;
-        cert_compute_fpr (subject_cert, ci->fpr);
-        ci->next = chain;
-        chain = ci;
-      }
-
-      if (opt.verbose)
-        log_info (_("certificate is good\n"));
-
-      /* Now to the next level up.  */
-      subject_cert = issuer_cert;
-      issuer_cert = NULL;
-    }
-
-  if (!err)
-    { /* If we encountered an error somewhere during the checks, set
-         the error code to the most critical one */
-      if (any_expired)
-        err = gpg_error (GPG_ERR_CERT_EXPIRED);
-      else if (any_no_policy_match)
-        err = gpg_error (GPG_ERR_NO_POLICY_MATCH);
-    }
-
-  if (!err && opt.verbose)
-    {
-      chain_item_t citem;
-
-      log_info (_("certificate chain is good\n"));
-      for (citem = chain; citem; citem = citem->next)
-        cert_log_name ("  certificate", citem->cert);
-    }
-
-  if (!err && mode != VALIDATE_MODE_CRL)
-    { /* Now that everything is fine, walk the chain and check each
-         certificate for revocations.
-
-         1. item in the chain  - The root certificate.
-         2. item               - the CA below the root
-         last item             - the target certificate.
-
-         Now for each certificate in the chain check whether it has
-         been included in a CRL and thus be revoked.  We don't do OCSP
-         here because this does not seem to make much sense.  This
-         might become a recursive process and we should better cache
-         our validity results to avoid double work.  Far worse a
-         catch-22 may happen for an improper setup hierachy and we
-         need a way to break up such a deadlock. */
-      err = check_revocations (ctrl, chain);
-    }
-
-  if (!err && opt.verbose)
-    {
-      if (r_trust_anchor && *r_trust_anchor)
-        log_info ("target certificate may be valid\n");
-      else
-        log_info ("target certificate is valid\n");
-    }
-  else if (err && opt.verbose)
-    log_info ("target certificate is NOT valid\n");
-
-
- leave:
-  if (!err && !(r_trust_anchor && *r_trust_anchor))
-    {
-      /* With no error we can update the validation cache.  We do this
-         for all certificates in the chain.  Note that we can't use
-         the cache if the caller requested to check the trustiness of
-         the root certificate himself.  Adding such a feature would
-         require us to also store the fingerprint of root
-         certificate.  */
-      chain_item_t citem;
-      time_t validated_at = gnupg_get_time ();
-
-      for (citem = chain; citem; citem = citem->next)
-        {
-          err = ksba_cert_set_user_data (citem->cert, "validated_at",
-                                         &validated_at, sizeof (validated_at));
-          if (err)
-            {
-              log_error ("set_user_data(validated_at) failed: %s\n",
-                         gpg_strerror (err));
-              err = 0;
-            }
-        }
-    }
-
-  if (r_exptime)
-    gnupg_copy_time (r_exptime, exptime);
-  ksba_free (issuer);
-  ksba_free (subject);
-  ksba_cert_release (issuer_cert);
-  if (subject_cert != cert)
-    ksba_cert_release (subject_cert);
-  while (chain)
-    {
-      chain_item_t ci_next = chain->next;
-      if (chain->cert)
-        ksba_cert_release (chain->cert);
-      xfree (chain);
-      chain = ci_next;
-    }
-  if (err && r_trust_anchor && *r_trust_anchor)
-    {
-      xfree (*r_trust_anchor);
-      *r_trust_anchor = NULL;
-    }
-  return err;
-}
-
-
-
-/* Return the public key algorithm id from the S-expression PKEY.
-   FIXME: libgcrypt should provide such a function.  Note that this
-   implementation uses the names as used by libksba.  */
-static int
-pk_algo_from_sexp (gcry_sexp_t pkey)
-{
-  gcry_sexp_t l1, l2;
-  const char *name;
-  size_t n;
-  int algo;
-
-  l1 = gcry_sexp_find_token (pkey, "public-key", 0);
-  if (!l1)
-    return 0; /* Not found.  */
-  l2 = gcry_sexp_cadr (l1);
-  gcry_sexp_release (l1);
-
-  name = gcry_sexp_nth_data (l2, 0, &n);
-  if (!name)
-    algo = 0; /* Not found. */
-  else if (n==3 && !memcmp (name, "rsa", 3))
-    algo = GCRY_PK_RSA;
-  else if (n==3 && !memcmp (name, "dsa", 3))
-    algo = GCRY_PK_DSA;
-  else if (n==13 && !memcmp (name, "ambiguous-rsa", 13))
-    algo = GCRY_PK_RSA;
-  else
-    algo = 0;
-  gcry_sexp_release (l2);
-  return algo;
-}
-
-
-/* Check the signature on CERT using the ISSUER_CERT.  This function
-   does only test the cryptographic signature and nothing else.  It is
-   assumed that the ISSUER_CERT is valid. */
-static gpg_error_t
-check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
-{
-  gpg_error_t err;
-  const char *algoid;
-  gcry_md_hd_t md;
-  int i, algo;
-  ksba_sexp_t p;
-  size_t n;
-  gcry_sexp_t s_sig, s_hash, s_pkey;
-  const char *s;
-  char algo_name[16+1]; /* hash algorithm name converted to lower case. */
-  int digestlen;
-  unsigned char *digest;
-
-  /* Hash the target certificate using the algorithm from that certificate.  */
-  algoid = ksba_cert_get_digest_algo (cert);
-  algo = gcry_md_map_name (algoid);
-  if (!algo)
-    {
-      log_error (_("unknown hash algorithm '%s'\n"), algoid? algoid:"?");
-      return gpg_error (GPG_ERR_GENERAL);
-    }
-  s = gcry_md_algo_name (algo);
-  for (i=0; *s && i < sizeof algo_name - 1; s++, i++)
-    algo_name[i] = tolower (*s);
-  algo_name[i] = 0;
-
-  err = gcry_md_open (&md, algo, 0);
-  if (err)
-    {
-      log_error ("md_open failed: %s\n", gpg_strerror (err));
-      return err;
-    }
-  if (DBG_HASHING)
-    gcry_md_debug (md, "hash.cert");
-
-  err = ksba_cert_hash (cert, 1, HASH_FNC, md);
-  if (err)
-    {
-      log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (err));
-      gcry_md_close (md);
-      return err;
-    }
-  gcry_md_final (md);
-
-  /* Get the signature value out of the target certificate.  */
-  p = ksba_cert_get_sig_val (cert);
-  n = gcry_sexp_canon_len (p, 0, NULL, NULL);
-  if (!n)
-    {
-      log_error ("libksba did not return a proper S-Exp\n");
-      gcry_md_close (md);
-      ksba_free (p);
-      return gpg_error (GPG_ERR_BUG);
-    }
-  if (DBG_CRYPTO)
-    {
-      int j;
-      log_debug ("signature value:");
-      for (j=0; j < n; j++)
-        log_printf (" %02X", p[j]);
-      log_printf ("\n");
-    }
-
-  err = gcry_sexp_sscan ( &s_sig, NULL, p, n);
-  ksba_free (p);
-  if (err)
-    {
-      log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (err));
-      gcry_md_close (md);
-      return err;
-    }
-
-  /* Get the public key from the issuer certificate.  */
-  p = ksba_cert_get_public_key (issuer_cert);
-  n = gcry_sexp_canon_len (p, 0, NULL, NULL);
-  if (!n)
-    {
-      log_error ("libksba did not return a proper S-Exp\n");
-      gcry_md_close (md);
-      ksba_free (p);
-      gcry_sexp_release (s_sig);
-      return gpg_error (GPG_ERR_BUG);
-    }
-  err = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
-  ksba_free (p);
-  if (err)
-    {
-      log_error ("gcry_sexp_scan failed: %s\n", gpg_strerror (err));
-      gcry_md_close (md);
-      gcry_sexp_release (s_sig);
-      return err;
-    }
-
-
-  /* Prepare the values for signature verification. At this point we
-     have these values:
-
-     S_PKEY    - S-expression with the issuer's public key.
-     S_SIG     - Signature value as given in the certrificate.
-     MD        - Finalized hash context with hash of the certificate.
-     ALGO_NAME - Lowercase hash algorithm name
-   */
-  digestlen = gcry_md_get_algo_dlen (algo);
-  digest = gcry_md_read (md, algo);
-  if (pk_algo_from_sexp (s_pkey) == GCRY_PK_DSA)
-    {
-      if (digestlen != 20)
-        {
-          log_error (_("DSA requires the use of a 160 bit hash algorithm\n"));
-          gcry_md_close (md);
-          gcry_sexp_release (s_sig);
-          gcry_sexp_release (s_pkey);
-          return gpg_error (GPG_ERR_INTERNAL);
-        }
-      if ( gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))",
-                            (int)digestlen, digest) )
-        BUG ();
-    }
-  else /* Not DSA.  */
-    {
-      if ( gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))",
-                            algo_name, (int)digestlen, digest) )
-        BUG ();
-
-    }
-
-  err = gcry_pk_verify (s_sig, s_hash, s_pkey);
-  if (DBG_X509)
-    log_debug ("gcry_pk_verify: %s\n", gpg_strerror (err));
-  gcry_md_close (md);
-  gcry_sexp_release (s_sig);
-  gcry_sexp_release (s_hash);
-  gcry_sexp_release (s_pkey);
-  return err;
-}
-
-
-
-/* Return 0 if the cert is usable for encryption.  A MODE of 0 checks
-   for signing, a MODE of 1 checks for encryption, a MODE of 2 checks
-   for verification and a MODE of 3 for decryption (just for
-   debugging).  MODE 4 is for certificate signing, MODE 5 for OCSP
-   response signing, MODE 6 is for CRL signing. */
-static int
-cert_usage_p (ksba_cert_t cert, int mode)
-{
-  gpg_error_t err;
-  unsigned int use;
-  char *extkeyusages;
-  int have_ocsp_signing = 0;
-
-  err = ksba_cert_get_ext_key_usages (cert, &extkeyusages);
-  if (gpg_err_code (err) == GPG_ERR_NO_DATA)
-    err = 0; /* No policy given. */
-  if (!err)
-    {
-      unsigned int extusemask = ~0; /* Allow all. */
-
-      if (extkeyusages)
-        {
-          char *p, *pend;
-          int any_critical = 0;
-
-          extusemask = 0;
-
-          p = extkeyusages;
-          while (p && (pend=strchr (p, ':')))
-            {
-              *pend++ = 0;
-              /* Only care about critical flagged usages. */
-              if ( *pend == 'C' )
-                {
-                  any_critical = 1;
-                  if ( !strcmp (p, oid_kp_serverAuth))
-                    extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
-                                   | KSBA_KEYUSAGE_KEY_ENCIPHERMENT
-                                   | KSBA_KEYUSAGE_KEY_AGREEMENT);
-                  else if ( !strcmp (p, oid_kp_clientAuth))
-                    extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
-                                   | KSBA_KEYUSAGE_KEY_AGREEMENT);
-                  else if ( !strcmp (p, oid_kp_codeSigning))
-                    extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE);
-                  else if ( !strcmp (p, oid_kp_emailProtection))
-                    extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
-                                   | KSBA_KEYUSAGE_NON_REPUDIATION
-                                   | KSBA_KEYUSAGE_KEY_ENCIPHERMENT
-                                   | KSBA_KEYUSAGE_KEY_AGREEMENT);
-                  else if ( !strcmp (p, oid_kp_timeStamping))
-                    extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
-                                   | KSBA_KEYUSAGE_NON_REPUDIATION);
-                }
-
-              /* This is a hack to cope with OCSP.  Note that we do
-                 not yet fully comply with the requirements and that
-                 the entire CRL/OCSP checking thing should undergo a
-                 thorough review and probably redesign. */
-              if ( !strcmp (p, oid_kp_ocspSigning))
-                have_ocsp_signing = 1;
-
-              if ((p = strchr (pend, '\n')))
-                p++;
-            }
-          ksba_free (extkeyusages);
-          extkeyusages = NULL;
-
-          if (!any_critical)
-            extusemask = ~0; /* Reset to the don't care mask. */
-        }
-
-
-      err = ksba_cert_get_key_usage (cert, &use);
-      if (gpg_err_code (err) == GPG_ERR_NO_DATA)
-        {
-          err = 0;
-          if (opt.verbose && mode < 2)
-            log_info (_("no key usage specified - assuming all usages\n"));
-          use = ~0;
-        }
-
-      /* Apply extKeyUsage. */
-      use &= extusemask;
-
-    }
-  if (err)
-    {
-      log_error (_("error getting key usage information: %s\n"),
-                 gpg_strerror (err));
-      ksba_free (extkeyusages);
-      return err;
-    }
-
-  if (mode == 4)
-    {
-      if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
-        return 0;
-      log_info (_("certificate should not have "
-                  "been used for certification\n"));
-      return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
-    }
-
-  if (mode == 5)
-    {
-      if (use != ~0
-          && (have_ocsp_signing
-              || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
-                         |KSBA_KEYUSAGE_CRL_SIGN))))
-        return 0;
-      log_info (_("certificate should not have "
-                  "been used for OCSP response signing\n"));
-      return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
-    }
-
-  if (mode == 6)
-    {
-      if ((use & (KSBA_KEYUSAGE_CRL_SIGN)))
-        return 0;
-      log_info (_("certificate should not have "
-                  "been used for CRL signing\n"));
-      return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
-    }
-
-  if ((use & ((mode&1)?
-              (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT):
-              (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
-      )
-    return 0;
-
-  log_info (mode==3? _("certificate should not have been used "
-                       "for encryption\n"):
-            mode==2? _("certificate should not have been used for signing\n"):
-            mode==1? _("certificate is not usable for encryption\n"):
-                     _("certificate is not usable for signing\n"));
-  return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
-}
-
-/* Return 0 if the certificate CERT is usable for certification.  */
-gpg_error_t
-cert_use_cert_p (ksba_cert_t cert)
-{
-  return cert_usage_p (cert, 4);
-}
-
-/* Return 0 if the certificate CERT is usable for signing OCSP
-   responses.  */
-gpg_error_t
-cert_use_ocsp_p (ksba_cert_t cert)
-{
-  return cert_usage_p (cert, 5);
-}
-
-/* Return 0 if the certificate CERT is usable for signing CRLs. */
-gpg_error_t
-cert_use_crl_p (ksba_cert_t cert)
-{
-  return cert_usage_p (cert, 6);
-}
diff -Nru gnupg2-2.1.6/dirmngr/validate.h gnupg2-2.0.28/dirmngr/validate.h
--- gnupg2-2.1.6/dirmngr/validate.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/validate.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,55 +0,0 @@
-/* validate.h - Certificate validation
- *      Copyright (C) 2004 g10 Code GmbH
- *
- * This file is part of DirMngr.
- *
- * DirMngr is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * DirMngr is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#ifndef VALIDATE_H
-#define VALIDATE_H
-
-
-enum {
-  /* Simple certificate validation mode. */
-  VALIDATE_MODE_CERT = 0,
-  /* Standard CRL issuer certificate validation; i.e. CRLs are not
-     considered for CRL issuer certificates. */
-  VALIDATE_MODE_CRL = 1,
-  /* Full CRL validation. */
-  VALIDATE_MODE_CRL_RECURSIVE = 2,
-  /* Validation as used for OCSP. */
-  VALIDATE_MODE_OCSP = 3
-};
-
-
-/* Validate the certificate CHAIN up to the trust anchor. Optionally
-   return the closest expiration time in R_EXPTIME. */
-gpg_error_t validate_cert_chain (ctrl_t ctrl,
-                                 ksba_cert_t cert, ksba_isotime_t r_exptime,
-                                 int mode, char **r_trust_anchor);
-
-/* Return 0 if the certificate CERT is usable for certification.  */
-gpg_error_t cert_use_cert_p (ksba_cert_t cert);
-
-/* Return 0 if the certificate CERT is usable for signing OCSP
-   responses.  */
-gpg_error_t cert_use_ocsp_p (ksba_cert_t cert);
-
-/* Return 0 if the certificate CERT is usable for signing CRLs. */
-gpg_error_t cert_use_crl_p (ksba_cert_t cert);
-
-
-#endif /*VALIDATE_H*/
diff -Nru gnupg2-2.1.6/dirmngr/w32-ldap-help.h gnupg2-2.0.28/dirmngr/w32-ldap-help.h
--- gnupg2-2.1.6/dirmngr/w32-ldap-help.h	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/dirmngr/w32-ldap-help.h	1970-01-01 00:00:00.000000000 +0000
@@ -1,169 +0,0 @@
-/* w32-ldap-help.h - Map utf8 based API into a wchar_t API.
- * Copyright (C) 2010 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#ifndef W32_LDAP_HELP_H
-#define W32_LDAP_HELP_H
-
-#ifndef HAVE_W32CE_SYSTEM
-# error This is only required for W32CE.
-#endif
-
-
-static inline LDAP *
-_dirmngr_ldap_init (const char *host, unsigned short port)
-{
-  LDAP *ld;
-  wchar_t *whost = NULL;
-
-  if (host)
-    {
-      whost = utf8_to_wchar (host);
-      if (!whost)
-        return NULL;
-    }
-  ld = ldap_init (whost, port);
-  xfree (whost);
-  return ld;
-}
-
-
-static inline ULONG
-_dirmngr_ldap_simple_bind_s (LDAP *ld, const char *user, const char *pass)
-{
-  ULONG ret;
-  wchar_t *wuser, *wpass;
-
-  wuser = user? utf8_to_wchar (user) : NULL;
-  wpass = pass? utf8_to_wchar (pass) : NULL;
-  /* We can't easily map errnos to ldap_errno, thus we pass a NULL to
-     the function in the hope that the server will throw an error.  */
-  ret = ldap_simple_bind_s (ld, wuser, wpass);
-  xfree (wpass);
-  xfree (wuser);
-  return ret;
-}
-
-
-static inline ULONG
-_dirmngr_ldap_search_st (LDAP *ld, const char *base, ULONG scope,
-                         const char *filter, char **attrs,
-                         ULONG attrsonly, struct timeval *timeout,
-                         LDAPMessage **res)
-{
-  ULONG ret = LDAP_NO_MEMORY;
-  wchar_t *wbase = NULL;
-  wchar_t *wfilter = NULL;
-  wchar_t **wattrs = NULL;
-  int i;
-
-  if (base)
-    {
-      wbase = utf8_to_wchar (base);
-      if (!wbase)
-        goto leave;
-    }
-  if (filter)
-    {
-      wfilter = utf8_to_wchar (filter);
-      if (!wfilter)
-        goto leave;
-    }
-  if (attrs)
-    {
-      for (i=0; attrs[i]; i++)
-        ;
-      wattrs = xtrycalloc (i+1, sizeof *wattrs);
-      if (!wattrs)
-        goto leave;
-      for (i=0; attrs[i]; i++)
-        {
-          wattrs[i] = utf8_to_wchar (attrs[i]);
-          if (!wattrs[i])
-            goto leave;
-        }
-    }
-
-  ret = ldap_search_st (ld, wbase, scope, wfilter, wattrs, attrsonly,
-                        (struct l_timeval *)timeout, res);
-
- leave:
-  if (wattrs)
-    {
-      for (i=0; wattrs[i]; i++)
-        xfree (wattrs[i]);
-      xfree (wattrs);
-    }
-  xfree (wfilter);
-  xfree (wbase);
-  return ret;
-}
-
-
-static inline char *
-_dirmngr_ldap_first_attribute (LDAP *ld, LDAPMessage *msg, BerElement **elem)
-{
-  wchar_t *wattr;
-  char *attr;
-
-  wattr = ldap_first_attribute (ld, msg, elem);
-  if (!wattr)
-    return NULL;
-  attr = wchar_to_utf8 (wattr);
-  ldap_memfree (wattr);
-  return attr;
-}
-
-
-static inline char *
-_dirmngr_ldap_next_attribute (LDAP *ld, LDAPMessage *msg, BerElement *elem)
-{
-  wchar_t *wattr;
-  char *attr;
-
-  wattr = ldap_next_attribute (ld, msg, elem);
-  if (!wattr)
-    return NULL;
-  attr = wchar_to_utf8 (wattr);
-  ldap_memfree (wattr);
-  return attr;
-}
-
-static inline BerValue **
-_dirmngr_ldap_get_values_len (LDAP *ld, LDAPMessage *msg, const char *attr)
-{
-  BerValue **ret;
-  wchar_t *wattr;
-
-  if (attr)
-    {
-      wattr = utf8_to_wchar (attr);
-      if (!wattr)
-        return NULL;
-    }
-  else
-    wattr = NULL;
-
-  ret = ldap_get_values_len (ld, msg, wattr);
-  xfree (wattr);
-
-  return ret;
-}
-
-
-#endif /*W32_LDAP_HELP_H*/
diff -Nru gnupg2-2.1.6/doc/ChangeLog-2011 gnupg2-2.0.28/doc/ChangeLog-2011
--- gnupg2-2.1.6/doc/ChangeLog-2011	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/doc/ChangeLog-2011	2015-06-02 08:13:55.000000000 +0000
@@ -1,90 +1,21 @@
-2011-12-01  Werner Koch  
+2011-12-02  Werner Koch  
 
 	NB: ChangeLog files are no longer manually maintained.  Starting
 	on December 1st, 2011 we put change information only in the GIT
 	commit log, and generate a top-level ChangeLog file from logs at
 	"make dist".  See doc/HACKING for details.
 
-2011-10-12  Werner Koch  
+2011-01-13  Werner Koch  
 
-	* gpg.texi: Add a bunch of opindex items.
-
-	* yat2m.c (parse_file): Add hack to allow table indentation.
-
-2011-08-12  Werner Koch  
-
-	* texi.css: Override some elements.
-	* gnupg-log-tr.png: New.
-	* gnupg.texi:  Use transparent logo.
-
-2011-03-01  Werner Koch  
-
-	* gpgsm.texi (CSR and certificate creation): New.
-	* gpg.texi (Unattended GPG key generation): New.
-
-2010-10-29  David Shaw  
-
-	* gpg.texi (GPG Configuration Options): Clarify that show-photos
-	doesn't work with --with-colons.  --personal-digest-preferences
-	does not have a default any longer.
-
-2010-10-18  Werner Koch  
-
-	* DETAILS: Fix description of IMPORT_RES.  Reported by Nicholas Cole.
-
-2010-10-11  Daniel Kahn Gillmor    (wk)
-
-	* gpg.texi (GPG Configuration Options) : Describe %v
-	and %V.
-
-2010-10-05  Werner Koch  
-
-	* Makefile.am (faq.txt faq.html, faq-online): New.
-
-2010-10-04  Werner Koch  
-
-	* faq.org: New.
 	* FAQ: Make it a static file with a pointer to the online location.
 	* Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html.
 	(FAQ, faq.html): Remove these targets
 
-2010-09-28  Werner Koch  
-
-	* Makefile.am (AM_MAKEINFOFLAGS): Add define gpgtwoone.
-
-2010-09-28  David Shaw  
-
-	* gpg.texi (OpenPGP Options): Clarify that --force-v3-sigs
-	disables (not enables) v4 options.  --force-v3-sigs defaults to
-	no.
-
-2010-08-18  Werner Koch  
-
-	* tools.texi (watchgnupg): Add examples section.
-
-2010-06-10  Werner Koch  
+2010-03-05  Werner Koch  
 
-	* Makefile.am (gnupg_TEXINFOS): Add dirmngr.texi.
-	(myman_sources): Ditto.
-	(myman_pages): Add dirmngr and dirmngr-client pages.
-	(noinst_MANS): Move gnupg.7 to man_MANS.
-
-	* gnupg.texi: Include dirmngr.texi and add a menu entry.
-	* dirmngr.texi: New.  Taken from the current SVN of the dirmngr
-	package and adjusted to fit into the GnuPG manual.  Moved
-	dirmngr-cleint stuff to ...
-	* tools.texi (dirmngr-client): ... new.
-
-2009-11-18  Werner Koch  
-
-	* gpg.texi (GPG Key related Options): Describe
-	--skip-hidden-recipients.
-
-2009-10-19  David Shaw  
-
-	* gpg.texi (GPG Configuration Options): Clarify that ca-cert-file
-	is a generic store, the details of which depend on the underlying
-	libraries.
+	* gpg.texi (GPG Configuration Options): Mention that
+	show-uid-validity does only work with public keys.  Noted by
+	Daniel Kahn Gillmor.
 
 2009-08-24  David Shaw  
 
@@ -731,7 +662,7 @@
 	* gnupg.texi: Include gpg.texi
 
 	* tools.texi: Add a few @command markups.
-	* gpgsm.texi: Ditto
+	* gpgsm.texi: Ditto.
 	* gpg-agent.texi: Ditto.
 	* scdaemon.texi: Ditto.
 
@@ -856,7 +787,7 @@
 
 	* Makefile.am, gpgsm.texi: New.
 
- Copyright 2002, 2004, 2005, 2006, 2007, 2008, 2010 Free Software Foundation, Inc.
+ Copyright 2002, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
 
  This file is free software; as a special exception the author gives
  unlimited permission to copy and/or distribute it, with or without
@@ -865,7 +796,3 @@
  This file is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-Local Variables:
-buffer-read-only: t
-End:
diff -Nru gnupg2-2.1.6/doc/com-certs.pem gnupg2-2.0.28/doc/com-certs.pem
--- gnupg2-2.1.6/doc/com-certs.pem	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/doc/com-certs.pem	2015-06-02 08:13:55.000000000 +0000
@@ -46,22 +46,439 @@
 omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
 -----END CERTIFICATE-----
 
+Issuer ...: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
+Serial ...: 32D18D
+Subject ..: /CN=6R-Ca 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
 
-Issuer ...: /CN=The STEED Self-Signing Nonthority
+-----BEGIN CERTIFICATE-----
+MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
+OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
+aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
+IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
+REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
+bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
+MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
+wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
+mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
+ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
+KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
+IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
+XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 2A
+Subject ..: /CN=10R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAw2gAwIBAgIBKjAKBgYrJAMDAQIFADA/MQswCQYDVQQGEwJERTEaMBgG
+A1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzEwUi1DQSAxOlBOMB4X
+DTA1MDgwMzE1MzAzNloXDTA3MTIzMTE1MDkyM1owPzELMAkGA1UEBhMCREUxGjAY
+BgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMFItQ0EgMTpQTjCB
+oDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAiHXC5/hw6rYNc/4cilHLjd/SqwS3
+4LaogQHZVFciyYJ0+5gAfca/kLnPEvOUuYSYNfb2ar0e/iDPxZAAEfqfVGuRT9Pa
+R7hWvPiZUFpoGcNvyOVxKuM9Iyx/i1wan/wS6u12QIgGBUek5ig1+TTwuuNcanlW
+kQPuodHs+BoUGHMCBEAAAIGjggGwMIIBrDAOBgNVHQ8BAf8EBAMCAgQwGAYIKwYB
+BQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGG
+Lmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIw
+EgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRh
+cDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50
+dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp
+b25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQF
+MAMBAf8wHwYDVR0jBBgwFoAUw8916sARU0UT/pdlYwBpUwKWuWQwHQYDVR0OBBYE
+FMPPderAEVNFE/6XZWMAaVMClrlkMAoGBiskAwMBAgUAA4GBAGXK8m/O9KmfaZuA
+1GzMyasIHx8Lu+V0da8NTZzAmqAl+44MtS4QNcZdtxsDvOcqHHs1Tosh9D398hSG
+hXd6gjniKWxMKvjL8TQKu999QIn6YKLCowjUYpp8v4B9X8jNa9vJy2EzoPOBmdWT
+l5hhXfvWpPe68kN9zaEmcDO+m60H
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=9R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+Serial ...: 02
+Subject ..: /CN=9R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIEEjCCA36gAwIBAgIBAjAKBgYrJAMDAQIFADBhMQswCQYDVQQGEwJERTE9MDsG
+A1UECgw0UmVndWxpZXJ1bmdzYmVow7ZyZGUgZsO8ciBUZWxla29tbXVuaWthdGlv
+biB1bmQgUG9zdDETMBEGA1UEAwwKOVItQ0EgMTpQTjAeFw0wNDExMjUxNDU5MTFa
+Fw0wNzEyMzExNDU2NTlaMGExCzAJBgNVBAYTAkRFMT0wOwYDVQQKDDRSZWd1bGll
+cnVuZ3NiZWjDtnJkZSBmw7xyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MRMw
+EQYDVQQDDAo5Ui1DQSAxOlBOMIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQCN
+0ECEO2KjPsHBz2cmOSePEmKEH33Q/vRUl1u8D2Uus3txZgqRvCs0F7HzAtDJKSap
+C1+qj5t1R4g8jrlWwsqi+oOc3bpUuPMLo+ys9PG7ODK+xZuwFlezO6rj30mEj+y0
+HMxCaTAedim2J5CmWcqQtATGGzwqYHEVFYo0y5kuuQIEQAAAgaOCAd0wggHZMA4G
+A1UdDwEB/wQEAwICBDAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMEoGCCsGAQUF
+BwEBBD4wPDA6BggrBgEFBQcwAYYuaHR0cDovL29jc3AubnJjYS1kcy5kZTo4MDgw
+L29jc3Atb2NzcHJlc3BvbmRlcjASBgNVHSAECzAJMAcGBSskCAEBMIHeBgNVHR8E
+gdYwgdMwgdCggc2ggcqGgcdsZGFwOi8vbGRhcC5ucmNhLWRzLmRlOjM4OS9DTj1D
+UkwsTz1SZWd1bGllcnVuZ3NiZWglRjZyZGUlMjBmJUZDciUyMFRlbGVrb21tdW5p
+a2F0aW9uJTIwdW5kJTIwUG9zdCxDPURFLGRjPWxkYXAsZGM9bnJjYS1kcyxkYz1k
+ZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdENs
+YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MBsGCSsGAQQBwG0DBQQOMAwGCisGAQQB
+wG0DBQEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRnBgT5ZxC7e1vJLBj+
+92+P1kZrJzAdBgNVHQ4EFgQUZwYE+WcQu3tbySwY/vdvj9ZGaycwCgYGKyQDAwEC
+BQADgYEACAnkgbAd47VgJqu5CY3B6AlxbGkor2guYHXO+KgBkQeXDVWt4ZvN9hY2
+blhPMc/sLv+Tmg9zjyzjqQdxhWXUDoctorBny8LQQQvMqAtc8qk6DL+X0heq1U2k
+s1e8wj9AUGOfvmSL/r1BWPzLOCWay2bHQCQ1sU5QnvNbmJO21GI=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 2D
+Subject ..: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAw2gAwIBAgIBLTAKBgYrJAMDAQIFADA/MQswCQYDVQQGEwJERTEaMBgG
+A1UECgwRQnVuZGVzbmV0emFnZW50dXIxFDASBgNVBAMMCzExUi1DQSAxOlBOMB4X
+DTA1MDgwMzE4MDk0OVoXDTA3MTIzMTE4MDQyOFowPzELMAkGA1UEBhMCREUxGjAY
+BgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMVItQ0EgMTpQTjCB
+oDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAkodoSFtoGjJphYloxQLsmyOe/M5h
+UpURxSkop41MtGlrHeOeQsxMSRdCJInwjLKZg9Pxd92QFsB3f6AJUGTO7z6PJ/ST
++m0EBksoPtciWLYtlRXtD/RK6mUB7CG5CfqK6AUHbWtXW6mNAZLoJOd0jLsQCUi8
+XmHP92vfmW2ptSkCBEAAAIGjggGwMIIBrDAOBgNVHQ8BAf8EBAMCAgQwGAYIKwYB
+BQUHAQMEDDAKMAgGBgQAjkYBATBKBggrBgEFBQcBAQQ+MDwwOgYIKwYBBQUHMAGG
+Lmh0dHA6Ly9vY3NwLm5yY2EtZHMuZGU6ODA4MC9vY3NwLW9jc3ByZXNwb25kZXIw
+EgYDVR0gBAswCTAHBgUrJAgBATCBsQYDVR0fBIGpMIGmMIGjoIGgoIGdhoGabGRh
+cDovL2xkYXAubnJjYS1kcy5kZTozODkvQ049Q1JMLE89QnVuZGVzbmV0emFnZW50
+dXIsQz1ERSxkYz1sZGFwLGRjPW5yY2EtZHMsZGM9ZGU/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp
+b25Qb2ludDAbBgkrBgEEAcBtAwUEDjAMBgorBgEEAcBtAwUBMA8GA1UdEwEB/wQF
+MAMBAf8wHwYDVR0jBBgwFoAUXYAPovSdSBb8oBS7lEJmWSK6incwHQYDVR0OBBYE
+FF2AD6L0nUgW/KAUu5RCZlkiuop3MAoGBiskAwMBAgUAA4GBAIxx56h5+p2lqK0v
+hRVwkWAAPduspH4U9q7QsFIWbEkFe+2TcXx7MV9NAUe4kN9MsN9CEgSSeLDfpIFA
+uyHndqgmDaqXmWSDl2QutHQwSj8a04bSNbY7s0FUCMqrr/465Rf6quIWi7qXhwDe
+yDmXv3nzPTGVM3F+aavJCybjJ1qk
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 0139
+Subject ..: /CN=12R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIErTCCA5WgAwIBAgICATkwDQYJKoZIhvcNAQENBQAwPzELMAkGA1UEBhMCREUx
+GjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxMlItQ0EgMTpQ
+TjAeFw0wNzA1MjUxMTAxNDRaFw0xMjA1MjUxMDU2MDdaMD8xCzAJBgNVBAYTAkRF
+MRowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTJSLUNBIDE6
+UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAQCYOqYxUqr6ZdlIuVaz
+1raETmld82tCCFjUnIlHGpaTbBGQ9ddW4pdkdNmK4dHDesAnGFB6tgZzFTYivjTY
+Jyzv3NunMth8AjwCivQ0u2RBlunY2jg6dNSeTwGlmOlG709HgWPHvvAboqLDoV81
+knMbNbG4P7Ff/+lsTnbN/gT0X5fHUz5UO3eowyl2kD6GBZwb+noR/86U0V39yXsk
+ZD/NNBXKOzKo9VXx09S1Uq027Cc+VIa62DWUeUGiUDjCXXJoaAF2wQcD/crrAJlU
+zeOVZkSzRJXpjpG8kZhKgSgOpgfnpjDXAXWbkJuyDL2fqXLPxAyBq3ThgUHZT99s
+QSd3AgRAAACBo4IBsDCCAawwDgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAww
+CjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8v
+b2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZGVyMBIGA1UdIAQL
+MAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGFw
+Lm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUs
+ZGM9bGRhcCxkYz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
+c3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQw
+GwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFATAPBgNVHRMBAf8EBTADAQH/MB8G
+A1UdIwQYMBaAFATenX/fQ3KJumlJAfToSSjeAhlvMB0GA1UdDgQWBBQE3p1/30Ny
+ibppSQH06Eko3gIZbzANBgkqhkiG9w0BAQ0FAAOCAQEADf4IOMHGmSpkPc1UP0LS
+sK8Y/xXvOgdHPx4f2CpcgUKRRk+Ue9MKiZG0KCFaNK9Qpnxejuk42Iu3flC5kn8T
+fPQWtxC3ZQqD8sd6EX/FDdfkHJFJ9rIYKiSG6m2PDBUcbpQZ9kwhC7qCKE1coUhb
+FW3WbntkDtrQycz7ZyQ6Ip+PpRoxwToJqTsExb+8whukhOo1vsgdaMZS/6iwwVkt
+rJvl7EWMJVWctm15iDQzp4sawgSOg7U5icyTb1q+FqI5KlAfd/dRbv2yvThiOl7+
+bfN9Brosoxtwi/uJO8vSGOCIUUkiGhIk7+OX+mvppTG+7R1Jn6Af6AOzGSbQz5Ks
+Uw==
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+Serial ...: 013C
+Subject ..: /CN=13R-CA 1:PN/O=Bundesnetzagentur/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIErTCCA5WgAwIBAgICATwwDQYJKoZIhvcNAQENBQAwPzELMAkGA1UEBhMCREUx
+GjAYBgNVBAoMEUJ1bmRlc25ldHphZ2VudHVyMRQwEgYDVQQDDAsxM1ItQ0EgMTpQ
+TjAeFw0wNzA1MjkxMTAyMzdaFw0xMjA1MjkxMDU1NTRaMD8xCzAJBgNVBAYTAkRF
+MRowGAYDVQQKDBFCdW5kZXNuZXR6YWdlbnR1cjEUMBIGA1UEAwwLMTNSLUNBIDE6
+UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIBAQCaXK0TY+Vp+Hxx8B9D
+lrHkc0zRdhXNuDP4Cedl9e6wPwdi90HVEjDK3FoDv7UPBtgGwMzRUQVIz/etbcQr
+tnGwSQlsDI/Q5R1HAh241+/rWYodi6OqNsNeb065RRBlwHAa4uvT3b/Cj/OJI5Kp
+6qRPquK0iuMaFwuxGCxfhTLOmmGVNYOE7/9UzKXA2yvthY3jfmIm18l/z08PgUYj
+rjENdrez3ZRgjZ/XsXSNw3B2K3cZQ+xRP4rqfkmfPO8T6UhOeoiQFx2v1PizBWRQ
+uiUtFjrCiaDeBjo3kfGgbpdPnHzqUEoEOyAlsglFLJC9xaCiLtt2ic1/1OFFlNgQ
+tLJLAgRAAACBo4IBsDCCAawwDgYDVR0PAQH/BAQDAgIEMBgGCCsGAQUFBwEDBAww
+CjAIBgYEAI5GAQEwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzABhi5odHRwOi8v
+b2NzcC5ucmNhLWRzLmRlOjgwODAvb2NzcC1vY3NwcmVzcG9uZGVyMBIGA1UdIAQL
+MAkwBwYFKyQIAQEwgbEGA1UdHwSBqTCBpjCBo6CBoKCBnYaBmmxkYXA6Ly9sZGFw
+Lm5yY2EtZHMuZGU6Mzg5L0NOPUNSTCxPPUJ1bmRlc25ldHphZ2VudHVyLEM9REUs
+ZGM9bGRhcCxkYz1ucmNhLWRzLGRjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
+c3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQw
+GwYJKwYBBAHAbQMFBA4wDAYKKwYBBAHAbQMFATAPBgNVHRMBAf8EBTADAQH/MB8G
+A1UdIwQYMBaAFAYenQPZrutto05LK939ru/TEqiNMB0GA1UdDgQWBBQGHp0D2a7r
+baNOSyvd/a7v0xKojTANBgkqhkiG9w0BAQ0FAAOCAQEADrtfqJ8lnYsVyV5YK/H/
+evPf9LY1AfuuQkMkm9UP9a9BBQINoIULB+n+gF/c0dxEboF74Ikp08dhDOq0mjvj
+f0lpsBPgX/eN9IOWdMBs3rKIXn7suOoUtnBuFgW6fJ32CPTLUQd5Dqv9DizTiKMf
+X66oMBQD784IKya1bLaJd7x1UXtP1h2DAej1scF9DbiDDDieuid0wyibrPDgjUN1
+tbYiLH2did0zZRLlp6gDpgh4t8Efqb7XDijKzQHvWKzr4IALTpYoD42yeslMa5yV
+mm15NhiRGAdX+JbvYgfP3aDIMX/yoaMB8GXEUq7CmFhAwpxfhy/oyvswX5MyE8D2
+Lw==
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=8R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
 Serial ...: 01
-Subject ..: /CN=The STEED Self-Signing Nonthority
+Subject ..: /CN=8R-CA 1:PN/O=Regulierungsbehörde für Telekommunikation und Post/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIEEjCCA36gAwIBAgIBATAKBgYrJAMDAQIFADBhMQswCQYDVQQGEwJERTE9MDsG
+A1UECgw0UmVndWxpZXJ1bmdzYmVow7ZyZGUgZsO8ciBUZWxla29tbXVuaWthdGlv
+biB1bmQgUG9zdDETMBEGA1UEAwwKOFItQ0EgMTpQTjAeFw0wNDExMjUxNDEwMzda
+Fw0wNzEyMzExNDA0MDNaMGExCzAJBgNVBAYTAkRFMT0wOwYDVQQKDDRSZWd1bGll
+cnVuZ3NiZWjDtnJkZSBmw7xyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MRMw
+EQYDVQQDDAo4Ui1DQSAxOlBOMIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQCS
+DvtngJbI4K8sbCHFfCalXaDa7xgc2pdsL2oQlgZygt1EY5ZgZB93JThnDSaDzdLj
+ZIPrXJLxCOLq6Kmxj63V9p9WUaF5nz/6PVRMmLzI7cvh5QDjsX4ZmEzm/it7e/YH
+vC1Yiw5bTULjwVZ27vqO64mhplQM3HKVgk6FX51XnwIEQAAAgaOCAd0wggHZMA4G
+A1UdDwEB/wQEAwICBDAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMEoGCCsGAQUF
+BwEBBD4wPDA6BggrBgEFBQcwAYYuaHR0cDovL29jc3AubnJjYS1kcy5kZTo4MDgw
+L29jc3Atb2NzcHJlc3BvbmRlcjASBgNVHSAECzAJMAcGBSskCAEBMIHeBgNVHR8E
+gdYwgdMwgdCggc2ggcqGgcdsZGFwOi8vbGRhcC5ucmNhLWRzLmRlOjM4OS9DTj1D
+UkwsTz1SZWd1bGllcnVuZ3NiZWglRjZyZGUlMjBmJUZDciUyMFRlbGVrb21tdW5p
+a2F0aW9uJTIwdW5kJTIwUG9zdCxDPURFLGRjPWxkYXAsZGM9bnJjYS1kcyxkYz1k
+ZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeT9iYXNlP29iamVjdENs
+YXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MBsGCSsGAQQBwG0DBQQOMAwGCisGAQQB
+wG0DBQEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTuKY5dMBMWc1wFL/fr
+arlCuHKNBDAdBgNVHQ4EFgQU7imOXTATFnNcBS/362q5QrhyjQQwCgYGKyQDAwEC
+BQADgYEAbDMwH4zJB/0qgmbBWvvCGJsm9lmLzLdOcB8HCm1EvlCLqaCX7TwoUuBN
+voxU9OHt1wAbChNP+ueDmI/0u2KRNv6/t4cOB8d4navwsW5nmknSzdZ6UZTUfmCr
+n6XIdUtl2hkiFlQpCvCIBFj/+PjQRMdovRN42EQ9XVhb5B2MGv8=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
+Serial ...: 00C48C8D
+Subject ..: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und Post/C=DE
 
 -----BEGIN CERTIFICATE-----
-MIICKDCCAZGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAsMSowKAYDVQQDEyFUaGUg
-U1RFRUQgU2VsZi1TaWduaW5nIE5vbnRob3JpdHkwIBcNMTExMTExMDAwMDAwWhgP
-MjEwNjAyMDYwMDAwMDBaMCwxKjAoBgNVBAMTIVRoZSBTVEVFRCBTZWxmLVNpZ25p
-bmcgTm9udGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAk2h9kqe8
-0eb8ESY7UGV6j6S5zuP5DiM4TWJ3jKG2y+D2CyA1Sl90iZ6zyN3zCB0yR1xxhpuw
-xdrwBRovRFludAbx3MeynYhzXkk0Hwn038q1oIt2YUw3Igz34s24o455ZE86JQ/6
-5dC7ppF8Z1I9KBL96NO+qZR/alVAKxYAwS8CAwEAAaNYMFYwEgYDVR0TAQH/BAgw
-BgEB/wIBATARBgorBgEEAdpHAgICBAMBAf8wHQYDVR0OBBYEFGimOJmN+rrFEOpk
-XONPloay7ffqMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQB3JwUn
-AbOdGv5ErojNSSP+yGZIy5av4wnkzK840Uj3jY6A5cuHroZGOD60hqLV2Hy0npox
-zte4phWEKWmZiXd8SCmd3MFNgZSieiixye0qxSmuqYft2j6NhEXD5xc/iTTjFT42
-SjGPLKAICuMBuGPnoozOEVlgqwaDqKOUph5sqw==
+MIICaTCCAdWgAwIBAgIEAMSMjTAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
+MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
+dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBO
+MCIYDzIwMDExMDE1MTExNTE1WhgPMjAwNjAyMTUxMTE1MTVaMG8xCzAJBgNVBAYT
+AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
+dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjdSLUNB
+IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIqJA/4+pRD+BXsRd+ej
+qVObXlKRhn1CoyKxVwR3O/RtE1M4FcajKDdT1p1pLULyqPBE2roMS5D/f83192gE
+Mw1uGZIusehg6n8tPQIJPkSb4X22yM0ZFeLAQXKNJ+98e03xv/TU4Fa//elPiPs/
+9Y99Gm6DOvTpCxIY8QK9Pxm7AgUAwAAAAaMSMBAwDgYDVR0PAQH/BAQDAgEGMAoG
+BiskAwMBAgUAA4GBADnITH+fLD0qsWcAncwPztzTAnqUw9O0+yvfmxvEU0zcJRuF
+Tl8DK+/aKp4SwVhRJZlWxenHzkjWynsUXBUv878gizllRpA7265REyHQki4NnxAi
+OGxEVGe/NbGeU88Pgnk7alhtdA/Ty8/WX9a3U/0G4pLaJppxGSm+ypQZ0XOY
 -----END CERTIFICATE-----
+
+
+Issuer ...: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+Serial ...: 00B95F
+Subject ..: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+    aka ..: info@d-trust.net
+    aka ..: (uri http://www.d-trust.net)
+
+-----BEGIN CERTIFICATE-----
+MIIFCjCCA/KgAwIBAgIDALlfMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAkRF
+MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLDAqBgNVBAMMI0QtVFJVU1QgUXVhbGlm
+aWVkIFJvb3QgQ0EgMSAyMDA2OlBOMB4XDTA2MDQyNzEyNDA1NFoXDTExMDQyNzEy
+NDA1NFowUjELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEsMCoG
+A1UEAwwjRC1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAxIDIwMDY6UE4wggEkMA0G
+CSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQCPACqp8H/KTbDBUM8BTiRzsfCJmN5G
+Uxv8x3wsYLMtZ8meq04vEun2OneNeKZ2LxJy3UchUWitYP9pLPt9M8yt0pyuOXOQ
+5r2RPAM46OlfStoPbZ+lCxpZbNcQGLM+/OcQU9GoCNWWkDSctwIN8T4mUf7vSzuT
+jM4n5NHW7Y8bANhH7lh2fwkfIk7PxsxFw9amptlqzDqbBPz8/SdBUFt0G8t52Niw
+lcYHWDV2YH4Qs1SAxOsyG0O8hpYKiKIwRHxPu5ZD3bMgDJXA3d+9zXlrLlmL0YFC
+tvlPxmvqUhmMsL4vGEj/xWivULCTVOz6KcJ9edWwK9JxyO/KmGyDLwKxAgUApBVt
+/aOCAeUwggHhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJr+c6YCNnohJ6M3
+fhSzwwTq2CkWMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j
+c3AuZC10cnVzdC5uZXQwFwYDVR0gBBAwDjAMBgorBgEEAaU0Ah4BMDMGA1UdEQQs
+MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwGAYI
+KwYBBQUHAQMEDDAKMAgGBgQAjkYBATAOBgNVHQ8BAf8EBAMCAQYwggEABgNVHR8E
+gfgwgfUwgfKgge+ggeyGgaVsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NO
+PUQtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAxJTIwMjAwNiUzQVBO
+LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0
+P2Jhc2U/b2JqZWN0Q2xhc3M9Y3JsRGlzdHJpYnV0aW9uUG9pbnSGQmh0dHA6Ly93
+d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfcXVhbGlmaWVkX3Jvb3RfY2FfMV8y
+MDA2X3BuLmNybDANBgkqhkiG9w0BAQUFAAOCAQEABsVNHg5zVMB+A4swJ8/vW+RV
+mW8KZiJb5AVytFzBeZkkF2+DXFMtursZ0sICIcRCSsNyAQcqHqzcgnDWCHASlu4o
+Em3TeBsmWo8r/uGpbFVAOhjq2VOFwjjIr3TC7zmMoLE+WGBRSuZh4/5wnxQ+NNbY
+8HHE52UPI6VyV7RZeE0IZfbjkejw8WpvNtRfc6NxOCxf1LYibiCUaYs+EBDD+eod
+lWwpmHwPSj4GCzR9wBdbWML/GQZ6iFVOuEmApm2B11KEn4hvKtRMEp1CdHIn8Jwx
+51E89XcjJOIitO0lUozimqvlUb0lEynXe1/CUOhAsiAnLvq0GbnjFN6+9GRnqg==
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+Serial ...: 00B960
+Subject ..: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+    aka ..: info@d-trust.net
+    aka ..: (uri http://www.d-trust.net)
+
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA+6gAwIBAgIDALlgMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAkRF
+MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLDAqBgNVBAMMI0QtVFJVU1QgUXVhbGlm
+aWVkIFJvb3QgQ0EgMiAyMDA2OlBOMB4XDTA2MDQyNzEyNDA1NFoXDTExMDQyNzEy
+NDA1NFowUjELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEsMCoG
+A1UEAwwjRC1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyIDIwMDY6UE4wggEkMA0G
+CSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQC9p9EZM645WSti4m3Lp/m5Cu2PCeAf
+DYMsN2UQab5SAD94wc0xB68rhD0QiyXT1bhqnHKGhdsmmNwVbFLWyFWVc69+5pbx
+jkEa1Z5oYbftpLZlqblas/iPG1C546c/O5JUHehrpyJziTaIqvDm0hMCarEGrd4i
+hdwP7XsLNLeHFVdpVMWKUIJjUud18Wyr6MVRGs85YTme2gPki8JZMjeOteTA8dnY
+unohiJM1rs8YQiYgIfQJV5oBd7OWZQLSuoh5tddYnP4KDFZUCCsC1OkBD+MnVlcv
+IEfrDDuWdvFgOdS8FB5l4E3D0eYPpn536EDpWeGuCnn8joQPdiMwwGL7AgUAuaHl
+M6OCAeEwggHdMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFILMyG0qJl9Aqmsa
+DhPJE4d+Xp/JMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29j
+c3AuZC10cnVzdC5uZXQwFwYDVR0gBBAwDjAMBgorBgEEAaU0Ah4BMDMGA1UdEQQs
+MCqBEGluZm9AZC10cnVzdC5uZXSGFmh0dHA6Ly93d3cuZC10cnVzdC5uZXQwGAYI
+KwYBBQUHAQMEDDAKMAgGBgQAjkYBATAOBgNVHQ8BAf8EBAMCAQYwgf0GA1UdHwSB
+9TCB8jCB76CB7KCB6YaBpWxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049
+RC1UUlVTVCUyMFF1YWxpZmllZCUyMFJvb3QlMjBDQSUyMDIlMjAyMDA2JTNBUE4s
+Tz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/
+YmFzZT9vYmplY3RDbGFzcz1jcmxEaXN0cmlidXRpb25Qb2ludIY/aHR0cDovL3d3
+dy5kLXRydXN0Lm5ldC9jcmwvZC10cnVzdF9xdWFsaWZpZWRfcm9vdF9jYV8yXzIw
+MDYuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB/TeSQASSUVjLVpTMB+S2bEYZWL04N
+5UO5sIdV5MQFxmbmQNam4odnkOx/GjHy0uuf14Pz7lztlLh4EMvEZbvoQ8wRsrrl
+vMjWBUSnhTMPhohj4gUCEJDBq50qi0057Jos9DF4iLaFgiWBER+FeSHD8uEy6WGG
+UrQ9fw8wRa+CRUeZldtZ25VSR++wxBuX3bkF/hRBuSk9PzT6jZojZDWKsqhPGo0W
+dK4V81hS4Zri3b3gSD/3iOAJ4EO8jdyeSVomw/u1UOapVFnWhpN7H6Nwekij66eO
+4WNzbeTNgJtkdOlzW2AcsWe3mS43BE286z7l/DzDs8JK36va/TRHb29p
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2006-001:PN
+            /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+            /ST=Baden-Wuerttemberg (BW)/C=DE
+Serial ...: 00DF749F80AA51F0EDC0CB1FC183E97EE2
+Subject ..: /CN=S-TRUST Qualified Root CA 2006-001:PN
+            /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+            /ST=Baden-Wuerttemberg (BW)/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIETDCCAzSgAwIBAgIRAN90n4CqUfDtwMsfwYPpfuIwDQYJKoZIhvcNAQEFBQAw
+gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX
+KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth
+c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v
+dCBDQSAyMDA2LTAwMTpQTjAeFw0wNjAxMDEwMDAwMDBaFw0xMDEyMzAyMzU5NTla
+MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC
+VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr
+YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv
+b3QgQ0EgMjAwNi0wMDE6UE4wggEkMA0GCSqGSIb3DQEBAQUAA4IBEQAwggEMAoIB
+AQCCp5M7qIP3WgNNE9t4kxFLb2HdwE2pivcWfEjFh9AJcwZIaD781+OhuNxhMEil
+C+B9N3bYgLMj7r/LbIFwRVmUf9E64kBDrY/wLAlXLpiicOiKE7rS1tcOAdD69s7I
+5jaBXCz/eQo20QLsp11/btwYos9PlfptLqHjS8AUwUaMyolqmWqaxLD33ZfoQswP
+FpyFFzAnRondt/5WUt244kpqgTlwP4o9J1AZamK5o/kKEXl8hDT6CulFoK51cX/J
+C9lEA10mwchVfv+9cel9b2ryPXg3hPf1XFFR+l90/ZYlreaSKz5+LluI6a/ALtYl
+hqJpvndXm6YZDzKKtxT3LZ1DAgUA8A8a46OBgDB+MBIGA1UdEwEB/wQIMAYBAf8C
+AQEwDgYDVR0PAQH/BAQDAgEGMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwHQYD
+VR0OBBYEFKhXJN3CR/Jkirm68N+VHxcd09zBMB8GA1UdIwQYMBaAFKhXJN3CR/Jk
+irm68N+VHxcd09zBMA0GCSqGSIb3DQEBBQUAA4IBAQBB8UGGU179RK9v5SglLn8m
+AdBrwG5B4x0nlI3Ayj+GuP9R8ALcMEBwcFgSZTav7N8ERKa8VlCRNria7Fvf3kOu
++f67smpShBvEkrHy+ThvezBUtLfSSd1HzvaPnfwu86DMVnTIOkEcl0KLrpc/ZjEt
+u81iHuiHBemf6gWdTCApiJ+CN4tARi3irvWcjhz/IIcA/ZwAaCW22Z1ysDklCIPS
+9OnX9ki1f73PR+kdo4G7Dfo7TbuvV5Kzeh54sZ77A5utdvKer4ZHBmn9CGmk4VeI
+BWdFlE7Fispzm+jZCduF0TcazvP/tYontx71GQnHRwLfiY4xnuzXEoSNXoaHzhzO
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2007-001:PN
+            /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+            /ST=Baden-Wuerttemberg (BW)/C=DE
+Serial ...: 00BC098E0402E92956B8D7DE74977E26F7
+Subject ..: /CN=S-TRUST Qualified Root CA 2007-001:PN
+            /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+            /ST=Baden-Wuerttemberg (BW)/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIESzCCAzOgAwIBAgIRALwJjgQC6SlWuNfedJd+JvcwDQYJKoZIhvcNAQELBQAw
+gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX
+KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth
+c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v
+dCBDQSAyMDA3LTAwMTpQTjAeFw0wNzAxMDEwMDAwMDBaFw0xMTEyMzAyMzU5NTla
+MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC
+VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr
+YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv
+b3QgQ0EgMjAwNy0wMDE6UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIB
+AQCnJdNNiDQLKpPIfHTC3ifleXWTf96hLfvP58q41fuywQ+rXju453yjPgr/ej5i
+RgYPyJnSc498wyu/XtPLIC3gQvowfiI8WmSj/eEToHUhrLIAtx1VXSi/Rugt3E1Y
+uYGkPn/gnrkk+RtPJQuBl1NRxKEVi7rg1Ch5RJvWsUTOmxgeWlr8qZnPoLkA2y6N
+lhL6LP3Th+OQIH4RFFfazNYWpH4Cg6I5nzyieHaR6LrGk0L7GfDKdZG4Eqan3JvI
+ilrFHzzCm7qudd+31jcRamReqZqJ0wzBmY1LNAzDyCAC3Y+YWEz8crhDW3mK/wFY
+H0RHHeow06RMTEVwls+FrhWfAgRAAACBo4GAMH4wEgYDVR0TAQH/BAgwBgEB/wIB
+ATAOBgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNV
+HQ4EFgQUPAujGBtjPCldr0A+EM4YCZSIX1cwHwYDVR0jBBgwFoAUPAujGBtjPCld
+r0A+EM4YCZSIX1cwDQYJKoZIhvcNAQELBQADggEBAJ1pVXXcVb9m0yRPjvE4Rvko
+tdjIm29YnY13ILCrPqjfgtpSlId6NHPhykGLkw3ratNlWQp3rmen/8EqQJa0rsPD
+CiB20ilLb1CmF8/SViJ26C+K0ayzk8s2v7S/m7/Tx9Dgd2PXWwy2XjeGG/2SkISH
+5CtSjbm8U+xTh5SQMgK1MX/bDiNJebDOO0N2lxAjtcGmw7K6OTWS7KnFfjzv6fKK
+L7Ed2Gpd2gBkbuJVe/wX2mDP2P4rpcCEkXrDoWbi9WWc+eP5fCgE4Nj7/VhnbPf6
+DJCvmUG571uf1oukFaoeeyzpw2q28Ly1KR8DNPw+B/3PzJUIjXYzPGyUjv3aPew=
+-----END CERTIFICATE-----
+
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2008-001:PN
+            /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+Serial ...: 00B3963E0E6C2D65125853E970665402E5
+Subject ..: /CN=S-TRUST Qualified Root CA 2008-001:PN
+            /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIFODCCBCCgAwIBAgIRALOWPg5sLWUSWFPpcGZUAuUwDQYJKoZIhvcNAQELBQAw
+fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1
+dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg
+UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDE6UE4wHhcNMDgwMTAxMDAwMDAwWhcN
+MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0
+MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG
+A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMTpQTjCCASMw
+DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAKfUBh+i0NSWzddPtWG15DdTqbPM
+SJmeWw6dXutkR6UNonxC+yAm6rfZJhb83tPGB09qlAcNn7fcdR/g4SNdu3McwT+J
+HKHou6hhbMZmsza72Qcj9P/AwWq/o5oJa2eI4pU7I5YjS3x3oGtvmhJkwYiehIyx
+7DI+wHKcohwJV83jlZW3YrPmKgpaOZsc5lJM/+Ha4Q77MLPWHdCnxUkrbL1+Q/Ea
+qY+DoMMa9wxY+UmwbKe8ANfAf2NIMfJwmb748f+7EJMLjUA8nxrQ4iAPJ1lSrfZs
+d9cjzjdXZnhLvR9T2nNa2nROOHk2ARCOPAJgxk9EheRr4B6RbJ4hinuydJUCBEAA
+AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w
+ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No
+ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw
+MDFQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl
+L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMSUz
+QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T
+dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO
+BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E
+FgQU7UBDbxBuOWcii/O2xVNRExXxPj0wHwYDVR0jBBgwFoAU7UBDbxBuOWcii/O2
+xVNRExXxPj0wDQYJKoZIhvcNAQELBQADggEBAEdeesrApdpV+0cz698ZM+fsbcmk
+AYTy8U1vcnEPzcxaEAvUO57ndJlSdBK7+5yFbVuFW7CTp90TPgljoDqWDOI2hsLU
+YxrHUfDCwsm/ALLDpImRKWGZ07nKxOHGAOxB4tQUaDUHwaClbw3UB3nBi9++f9d0
+FLM9oOVxbhKGco4/qo3LP+QfJU6xjL8itqaf0WHXcnN69CD/5D7e/iziwHvLWLEU
+0cUXVDzdyWKEvJ3RpFIk6EUulKFHZrCctis1ixg/iQybKs2DWG/RtCo6CGhtydT8
+I1y6qAwPL2gAt+ypf+Mk4SLewnpXlw6ZVDQlLEBLGto72DAyJTxRh8f6BpY=
+-----END CERTIFICATE-----
+
+Issuer ...: /CN=S-TRUST Qualified Root CA 2008-002:PN
+            /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+Serial ...: 00C4216083F35C54F67B09A80C3C55FE7D
+Subject ..: /CN=S-TRUST Qualified Root CA 2008-002:PN
+            /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE
+
+-----BEGIN CERTIFICATE-----
+MIIFODCCBCCgAwIBAgIRAMQhYIPzXFT2ewmoDDxV/n0wDQYJKoZIhvcNAQELBQAw
+fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1
+dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg
+UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDI6UE4wHhcNMDgwMTAxMDAwMDAwWhcN
+MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0
+MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG
+A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMjpQTjCCASMw
+DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAJCrKgvHaZdd5LpNAlVZVf8a3CJY
+lBUt4Awwlu5q9wnkObVGHyekGLG6h7wMrY9OCL4uqWn9vIz+5vGXMEvU+NniMXIn
+JodZS8CbBBYUxS42PgZp7TNCd4gglEA1xOhsQH8T9iRZzdRCLyZYjysYsHiujn/x
+7y0+nxQsYu2mONaPFZq7ZBsDlAk5BPdIZCrutHDHe5inKwbpDUdpnKFlM1UDZ3eS
+4dl+YT/3t4QSJAVHVFz/Pzf1tevpMFYP4M7jHaktp327GMtrhYlpeoSZRc1cizHU
+Vdhj6Foyj1wWkQMwvb1ChPbRxS+4V3b6R+vgelULDBqFSF0Rtj/kRUgT/q8CBEAA
+AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w
+ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No
+ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw
+MDJQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl
+L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMiUz
+QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T
+dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO
+BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E
+FgQUIQpnbAV/rAz9qSo/4q/3/TlplqwwHwYDVR0jBBgwFoAUIQpnbAV/rAz9qSo/
+4q/3/TlplqwwDQYJKoZIhvcNAQELBQADggEBAHRr6IiNPkWJYHVa8vi4tufRG9nE
+Yy8t2ll8xbu4ar+LXCqbttdaQzVU/7RCX4S1aPm6wb9WFJU+/JfZHpez+gJ9uIFy
+6rYJDxZ4qTxaGnIKGguZbEkpvne38/vtyjR5RuCj5AwEuP7Vy7/j5O1WZDoROMoD
+rRsBHLtg90aDVou0IG+wK5+RPOixSMjfMf79uixHrsriMHrzulTEMmX+S+VfXGmO
+G1RRiCiWgYaEtSIDAP0V9ehpcghfJLlmMBnxSf4n7OZvkd1whvme2rXaQxnZi2qV
+d2qclY03eJ7zx6Zpq8VFuVvOxvmFZ4mMe706runhCq+rHc5x6x0/oIMhDrk=
+-----END CERTIFICATE-----
+
diff -Nru gnupg2-2.1.6/doc/DCO gnupg2-2.0.28/doc/DCO
--- gnupg2-2.1.6/doc/DCO	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/doc/DCO	1970-01-01 00:00:00.000000000 +0000
@@ -1,29 +0,0 @@
-GnuPG Developer's Certificate of Origin.  Version 1.0
-=====================================================
-
-By making a contribution to the GnuPG project, I certify that:
-
-(a) The contribution was created in whole or in part by me and I
-    have the right to submit it under the free software license
-    indicated in the file; or
-
-(b) The contribution is based upon previous work that, to the
-    best of my knowledge, is covered under an appropriate free
-    software license and I have the right under that license to
-    submit that work with modifications, whether created in whole
-    or in part by me, under the same free software license
-    (unless I am permitted to submit under a different license),
-    as indicated in the file; or
-
-(c) The contribution was provided directly to me by some other
-    person who certified (a), (b) or (c) and I have not modified
-    it.
-
-(d) I understand and agree that this project and the contribution
-    are public and that a record of the contribution (including
-    all personal information I submit with it, including my
-    sign-off) is maintained indefinitely and may be redistributed
-    consistent with this project or the free software license(s)
-    involved.
-
-Signed-off-by: [Your name and mail address]
diff -Nru gnupg2-2.1.6/doc/debugging.texi gnupg2-2.0.28/doc/debugging.texi
--- gnupg2-2.1.6/doc/debugging.texi	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/doc/debugging.texi	2015-06-02 08:13:55.000000000 +0000
@@ -103,6 +103,7 @@
 is thus often helpful.  Note that the actual output depends on the
 backend and may change from release to release.
 
+@ifset gpgtwoone
 @item Logging on WindowsCE
 
 For development, the best logging method on WindowsCE is the use of
@@ -112,6 +113,7 @@
 tests it is better to make use of the logging facility provided by the
 @command{gpgcedev} driver (part of libassuan); this is enabled by using
 a log file name of @file{GPG2:}. (@pxref{option --log-file}).
+@end ifset
 
 @end itemize
 
@@ -175,13 +177,10 @@
 
 you get a listing of all private keys under control of @command{gpg-agent}.
 Pick the key which best matches the creation time and run the command
-
-@cartouche
+ 
 @smallexample
-  @value{LIBEXECDIR}/gpg-protect-tool --p12-export \
-     ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12
+  /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12
 @end smallexample
-@end cartouche
 
 (Please adjust the path to @command{gpg-protect-tool} to the appropriate
 location). @var{foo} is the name of the key file you picked (it should
@@ -189,13 +188,11 @@
 for the current passphrase of the key and a new passphrase to protect it
 in the pkcs#12 file.
 
-To import the created file on the machine you use this command:
+To import the created file on the machine you use this command:  
 
-@cartouche
 @smallexample
-  @value{LIBEXECDIR}/gpg-protect-tool --p12-import --store  @var{foo}.p12
+  /usr/local/libexec/gpg-protect-tool --p12-import --store  @var{foo}.p12
 @end smallexample
-@end cartouche
 
 You will be asked for the pkcs#12 passphrase and a new passphrase to
 protect the imported private key at its new location.
@@ -233,7 +230,7 @@
 @end smallexample
 
 @noindent
-The solution is to use the command @command{wineconsole}.
+The solution is to use the command @command{wineconsole}. 
 
 Some operations like gen-key really want to talk to the console directly
 for increased security (for example to prevent the passphrase from
diff -Nru gnupg2-2.1.6/doc/defsincdate gnupg2-2.0.28/doc/defsincdate
--- gnupg2-2.1.6/doc/defsincdate	2015-06-29 19:29:25.000000000 +0000
+++ gnupg2-2.0.28/doc/defsincdate	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-1435586028
diff -Nru gnupg2-2.1.6/doc/DETAILS gnupg2-2.0.28/doc/DETAILS
--- gnupg2-2.1.6/doc/DETAILS	2015-06-17 06:39:24.000000000 +0000
+++ gnupg2-2.0.28/doc/DETAILS	2015-06-02 08:13:55.000000000 +0000
@@ -1,26 +1,11 @@
-# doc/DETAILS                                                -*- org -*-
-#+TITLE: GnuPG Details
-# Globally disable superscripts and subscripts:
-#+OPTIONS: ^:{}
-#
-
-# Note: This file uses org-mode; it should be easy to read as plain
-# text but be aware of some markup peculiarities: Verbatim code is
-# enclosed in #+begin-example, #+end-example blocks or marked by a
-# colon as the first non-white-space character, words bracketed with
-# equal signs indicate a monospace font, and the usual /italics/,
-# *bold*, and _underline_ conventions are recognized.
-
-This is the DETAILS file for GnuPG which specifies some internals and
-parts of the external API for GPG and GPGSM.
-
-* Format of the colon listings
-  The format is a based on colon separated record, each recods starts
-  with a tag string and extends to the end of the line.  Here is an
-  example:
-#+begin_example
+                                                              -*- text -*-
+Format of colon listings
+========================
+First an example:
+
 $ gpg --with-colons --list-keys \
       --with-fingerprint --with-fingerprint wk@gnupg.org
+
 pub:f:1024:17:6C7EE1B8621CC013:899817715:1055898235::m:::scESC:
 fpr:::::::::ECAF7590EB3443B5C7CF3ACB6C7EE1B8621CC013:
 uid:f::::::::Werner Koch :
@@ -29,1156 +14,1296 @@
 fpr:::::::::CF8BCC4B18DE08FCD8A1615906AD222CADF6A6E1:
 sub:r:1536:20:5CE086B5B5A18FF4:899817788:1025961788:::::esc:
 fpr:::::::::AB059359A3B81F410FCFF97F5CE086B5B5A18FF4:
-#+end_example
-
-The double =--with-fingerprint= prints the fingerprint for the subkeys
-too.  Old versions of gpg used a slightly different format and required
-the use of the option =--fixed-list-mode= to conform to the format
-described here.
-
-** Description of the fields
-*** Field 1 - Type of record
-
-    - pub :: Public key
-    - crt :: X.509 certificate
-    - crs :: X.509 certificate and private key available
-    - sub :: Subkey (secondary key)
-    - sec :: Secret key
-    - ssb :: Secret subkey (secondary key)
-    - uid :: User id (only field 10 is used).
-    - uat :: User attribute (same as user id except for field 10).
-    - sig :: Signature
-    - rev :: Revocation signature
-    - fpr :: Fingerprint (fingerprint is in field 10)
-    - pkd :: Public key data [*]
-    - grp :: Keygrip
-    - rvk :: Revocation key
-    - tru :: Trust database information [*]
-    - spk :: Signature subpacket [*]
-    - cfg :: Configuration data [*]
-
-    Records marked with an asterisk are described at [[*Special%20field%20formats][*Special fields]].
-
-*** Field 2 - Validity
-
-    This is a letter describing the computed validity of a key.
-    Currently this is a single letter, but be prepared that additional
-    information may follow in some future versions. Note that GnuPG <
-    2.1 does not set this field for secret key listings.
-
-    - o :: Unknown (this key is new to the system)
-    - i :: The key is invalid (e.g. due to a missing self-signature)
-    - d :: The key has been disabled
-	   (deprecated - use the 'D' in field 12 instead)
-    - r :: The key has been revoked
-    - e :: The key has expired
-    - - :: Unknown validity (i.e. no value assigned)
-    - q :: Undefined validity.  '-' and 'q' may safely be treated as
-           the same value for most purposes
-    - n :: The key is not valid
-    - m :: The key is marginal valid.
-    - f :: The key is fully valid
-    - u :: The key is ultimately valid.  This often means that the
-           secret key is available, but any key may be marked as
-           ultimately valid.
-    - w :: The key has a well known private part.
-    - s :: The key has special validity.  This means that it might be
-           self-signed and expected to be used in the STEED sytem.
-
-    If the validity information is given for a UID or UAT record, it
-    describes the validity calculated based on this user ID.  If given
-    for a key record it describes the validity taken from the best
-    rated user ID.
-
-    For X.509 certificates a 'u' is used for a trusted root
-    certificate (i.e. for the trust anchor) and an 'f' for all other
-    valid certificates.
-
-*** Field 3 - Key length
-
-    The length of key in bits.
-
-*** Field 4 - Public key algorithm
-
-    The values here are those from the OpenPGP specs or if they are
-    greather than 255 the algorithm ids as used by Libgcrypt.
-
-*** Field 5 - KeyID
-
-    This is the 64 bit keyid as specified by OpenPGP and the last 64
-    bit of the SHA-1 fingerprint of an X.509 certifciate.
-
-*** Field 6 - Creation date
-
-    The creation date of the key is given in UTC.  For UID and UAT
-    records, this is used for the self-signature date.  Note that the
-    date is usally printed in seconds since epoch, however, we are
-    migrating to an ISO 8601 format (e.g. "19660205T091500").  This is
-    currently only relevant for X.509.  A simple way to detect the new
-    format is to scan for the 'T'.  Note that old versions of gpg
-    without using the =--fixed-list-mode= option used a "yyyy-mm-tt"
-    format.
-
-*** Field 7 - Expiration date
-
-    Key or UID/UAT expiration date or empty if it does not expire.
-
-*** Field 8 - Certificate S/N, UID hash, trust signature info
-
-    Used for serial number in crt records.  For UID and UAT records,
-    this is a hash of the user ID contents used to represent that
-    exact user ID.  For trust signatures, this is the trust depth
-    seperated by the trust value by a space.
-
-*** Field 9 -  Ownertrust
-
-    This is only used on primary keys.  This is a single letter, but
-    be prepared that additional information may follow in future
-    versions.  For trust signatures with a regular expression, this is
-    the regular expression value, quoted as in field 10.
-
-*** Field 10 - User-ID
-    The value is quoted like a C string to avoid control characters
-    (the colon is quoted =\x3a=).  For a "pub" record this field is
-    not used on --fixed-list-mode.  A UAT record puts the attribute
-    subpacket count here, a space, and then the total attribute
-    subpacket size.  In gpgsm the issuer name comes here.  A FPR
-    record stores the fingerprint here.  The fingerprint of a
-    revocation key is stored here.
-*** Field 11 - Signature class
-
-    Signature class as per RFC-4880.  This is a 2 digit hexnumber
-    followed by either the letter 'x' for an exportable signature or
-    the letter 'l' for a local-only signature.  The class byte of an
-    revocation key is also given here, 'x' and 'l' is used the same
-    way.  This field if not used for X.509.
-
-*** Field 12 - Key capabilities
-
-    The defined capabilities are:
-
-    - e :: Encrypt
-    - s :: Sign
-    - c :: Certify
-    - a :: Authentication
-    - ? :: Unknown capability
-
-    A key may have any combination of them in any order.  In addition
-    to these letters, the primary key has uppercase versions of the
-    letters to denote the _usable_ capabilities of the entire key, and
-    a potential letter 'D' to indicate a disabled key.
-
-*** Field 13 - Issuer certificate fingerprint or other info
-
-    Used in FPR records for S/MIME keys to store the fingerprint of
-    the issuer certificate.  This is useful to build the certificate
-    path based on certificates stored in the local key database it is
-    only filled if the issuer certificate is available. The root has
-    been reached if this is the same string as the fingerprint. The
-    advantage of using this value is that it is guaranteed to have
-    been been build by the same lookup algorithm as gpgsm uses.
-
-    For "uid" records this field lists the preferences in the same way
-    gpg's --edit-key menu does.
-
-    For "sig" records, this is the fingerprint of the key that issued
-    the signature.  Note that this is only filled in if the signature
-    verified correctly.  Note also that for various technical reasons,
-    this fingerprint is only available if --no-sig-cache is used.
-
-*** Field 14 - Flag field
-
-    Flag field used in the --edit menu output
-
-*** Field 15 - S/N of a token
-
-    Used in sec/ssb to print the serial number of a token (internal
-    protect mode 1002) or a '#' if that key is a simple stub (internal
-    protect mode 1001).  If the option --with-secret is used and a
-    secret key is available for the public key, a '+' indicates this.
-
-*** Field 16 - Hash algorithm
-
-    For sig records, this is the used hash algorithm.  For example:
-    2 = SHA-1, 8 = SHA-256.
-
-*** Field 17 - Curve name
-
-    For pub, sub, sec, and ssb records this field is used for the ECC
-    curve name.
-
-** Special fields
 
-*** PKD - Public key data
+The double --with-fingerprint prints the fingerprint for the subkeys
+too. --fixed-list-mode is the modern listing way printing dates in
+seconds since Epoch and does not merge the first userID with the pub
+record; gpg2 does this by default and the option is a dummy.
+
+
+ 1. Field:  Type of record
+	    pub = public key
+            crt = X.509 certificate
+            crs = X.509 certificate and private key available
+	    sub = subkey (secondary key)
+	    sec = secret key
+	    ssb = secret subkey (secondary key)
+	    uid = user id (only field 10 is used).
+	    uat = user attribute (same as user id except for field 10).
+            sig = signature
+            rev = revocation signature
+	    fpr = fingerprint: (fingerprint is in field 10)
+	    pkd = public key data (special field format, see below)
+            grp = keygrip
+            rvk = revocation key
+            tru = trust database information
+            spk = signature subpacket
+
+ 2. Field:  A letter describing the calculated validity. This is a single
+	    letter, but be prepared that additional information may follow
+	    in some future versions. (not used for secret keys)
+		o = Unknown (this key is new to the system)
+                i = The key is invalid (e.g. due to a missing self-signature)
+		d = The key has been disabled
+		    (deprecated - use the 'D' in field 12 instead)
+		r = The key has been revoked
+		e = The key has expired
+		- = Unknown validity (i.e. no value assigned)
+		q = Undefined validity
+	            '-' and 'q' may safely be treated as the same
+		    value for most purposes
+		n = The key is valid
+		m = The key is marginal valid.
+		f = The key is fully valid
+		u = The key is ultimately valid.  This often means
+		    that the secret key is available, but any key may
+		    be marked as ultimately valid.
+
+            If the validity information is given for a UID or UAT
+            record, it describes the validity calculated based on this
+            user ID.  If given for a key record it describes the best
+            validity taken from the best rated user ID.
+
+            For X.509 certificates a 'u' is used for a trusted root
+            certificate (i.e. for the trust anchor) and an 'f' for all
+            other valid certificates.
+
+ 3. Field:  length of key in bits.
+
+ 4. Field:  Algorithm:	1 = RSA
+		       16 = Elgamal (encrypt only)
+		       17 = DSA (sometimes called DH, sign only)
+		       20 = Elgamal (sign and encrypt - don't use them!)
+	    (for other id's see include/cipher.h)
+
+ 5. Field:  KeyID
+
+ 6. Field:  Creation Date (in UTC).  For UID and UAT records, this is
+            the self-signature date.  Note that the date is usally
+            printed in seconds since epoch, however, we are migrating
+            to an ISO 8601 format (e.g. "19660205T091500").  This is
+            currently only relevant for X.509.  A simple way to detect
+            the new format is to scan for the 'T'.
+
+ 7. Field:  Key or user ID/user attribute expiration date or empty if none.
+
+ 8. Field:  Used for serial number in crt records (used to be the Local-ID).
+            For UID and UAT records, this is a hash of the user ID contents
+            used to represent that exact user ID.  For trust signatures,
+            this is the trust depth seperated by the trust value by a
+            space.
+
+ 9. Field:  Ownertrust (primary public keys only)
+	    This is a single letter, but be prepared that additional
+	    information may follow in some future versions.  For trust
+	    signatures with a regular expression, this is the regular
+	    expression value, quoted as in field 10.
+
+10. Field:  User-ID.  The value is quoted like a C string to avoid
+	    control characters (the colon is quoted "\x3a").
+            For a "pub" record this field is not used on --fixed-list-mode.
+            A UAT record puts the attribute subpacket count here, a
+	    space, and then the total attribute subpacket size.
+            In gpgsm the issuer name comes here
+            An FPR record stores the fingerprint here.
+            The fingerprint of an revocation key is stored here.
+
+11. Field:  Signature class as per RFC-4880.  This is a 2 digit
+            hexnumber followed by either the letter 'x' for an
+            exportable signature or the letter 'l' for a local-only
+            signature.  The class byte of an revocation key is also
+            given here, 'x' and 'l' is used the same way.  IT is not
+            used for X.509.
+
+12. Field:  Key capabilities:
+                e = encrypt
+                s = sign
+                c = certify
+                a = authentication
+	    A key may have any combination of them in any order.  In
+	    addition to these letters, the primary key has uppercase
+	    versions of the letters to denote the _usable_
+	    capabilities of the entire key, and a potential letter 'D'
+	    to indicate a disabled key.
+
+13. Field:  Used in FPR records for S/MIME keys to store the
+            fingerprint of the issuer certificate.  This is useful to
+            build the certificate path based on certificates stored in
+            the local keyDB; it is only filled if the issuer
+            certificate is available. The root has been reached if
+            this is the same string as the fingerprint. The advantage
+            of using this value is that it is guaranteed to have been
+            been build by the same lookup algorithm as gpgsm uses.
+            For "uid" records this lists the preferences in the same
+            way the gpg's --edit-key menu does.
+	    For "sig" records, this is the fingerprint of the key that
+	    issued the signature.  Note that this is only filled in if
+	    the signature verified correctly.  Note also that for
+	    various technical reasons, this fingerprint is only
+	    available if --no-sig-cache is used.
+
+14. Field   Flag field used in the --edit menu output:
+
+15. Field   Used in sec/sbb to print the serial number of a token
+            (internal protect mode 1002) or a '#' if that key is a
+            simple stub (internal protect mode 1001)
+16. Field:  For sig records, this is the used hash algorithm:
+                2 = SHA-1
+                8 = SHA-256
+	    (for other id's see include/cipher.h)
+
+All dates are displayed in the format yyyy-mm-dd unless you use the
+option --fixed-list-mode in which case they are displayed as seconds
+since Epoch.  More fields may be added later, so parsers should be
+prepared for this. When parsing a number the parser should stop at the
+first non-number character so that additional information can later be
+added.
 
-    If field 1 has the tag "pkd", a listing looks like this:
-#+begin_example
+If field 1 has the tag "pkd", a listing looks like this:
 pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     !  !   !-- the value
     !  !------ for information number of bits in the value
     !--------- index (eg. DSA goes from 0 to 3: p,q,g,y)
-#+end_example
 
-*** TRU - Trust database information
-    Example for a "tru" trust base record:
-#+begin_example
-    tru:o:0:1166697654:1:3:1:5
-#+end_example
-
-    - Field 2 :: Reason for staleness of trust.  If this field is
-                 empty, then the trustdb is not stale.  This field may
-                 have multiple flags in it:
-
-                 - o :: Trustdb is old
-                 - t :: Trustdb was built with a different trust model
-                        than the one we are using now.
-
-    - Field 3 :: Trust model
-
-                 - 0 :: Classic trust model, as used in PGP 2.x.
-                 - 1 :: PGP trust model, as used in PGP 6 and later.
-                        This is the same as the classic trust model,
-                        except for the addition of trust signatures.
-
-                 GnuPG before version 1.4 used the classic trust model
-                 by default. GnuPG 1.4 and later uses the PGP trust
-                 model by default.
-
-    - Field 4 :: Date trustdb was created in seconds since Epoch.
-    - Field 5 :: Date trustdb will expire in seconds since Epoch.
-    - Field 6 :: Number of marginally trusted users to introduce a new
-                 key signer (gpg's option --marginals-needed).
-    - Field 7 :: Number of completely trusted users to introduce a new
-                 key signer.  (gpg's option --completes-needed)
-
-    - Field 8 :: Maximum depth of a certification chain. (gpg's option
-                 --max-cert-depth)
-
-*** SPK - Signature subpacket records
-
-    - Field 2 :: Subpacket number as per RFC-4880 and later.
-    - Field 3 :: Flags in hex.  Currently the only two bits assigned
-                 are 1, to indicate that the subpacket came from the
-                 hashed part of the signature, and 2, to indicate the
-                 subpacket was marked critical.
-    - Field 4 :: Length of the subpacket.  Note that this is the
-                 length of the subpacket, and not the length of field
-                 5 below.  Due to the need for %-encoding, the length
-                 of field 5 may be up to 3x this value.
-    - Field 5 :: The subpacket data.  Printable ASCII is shown as
-                 ASCII, but other values are rendered as %XX where XX
-                 is the hex value for the byte.
-
-*** CFG - Configuration data
-
-    --list-config outputs information about the GnuPG configuration
-    for the benefit of frontends or other programs that call GnuPG.
-    There are several list-config items, all colon delimited like the
-    rest of the --with-colons output.  The first field is always "cfg"
-    to indicate configuration information.  The second field is one of
-    (with examples):
-
-    - version :: The third field contains the version of GnuPG.
-
-                 : cfg:version:1.3.5
-
-    - pubkey :: The third field contains the public key algorithms
-                this version of GnuPG supports, separated by
-                semicolons.  The algorithm numbers are as specified in
-                RFC-4880.  Note that in contrast to the --status-fd
-                interface these are _not_ the Libgcrypt identifiers.
-                Using =pubkeyname= prints names instead of numbers.
-
-                 : cfg:pubkey:1;2;3;16;17
-
-    - cipher :: The third field contains the symmetric ciphers this
-                version of GnuPG supports, separated by semicolons.
-                The cipher numbers are as specified in RFC-4880.
-                Using =ciphername= prints names instead of numbers.
-
-                 : cfg:cipher:2;3;4;7;8;9;10
-
-    - digest :: The third field contains the digest (hash) algorithms
-                this version of GnuPG supports, separated by
-                semicolons.  The digest numbers are as specified in
-                RFC-4880.  Using =digestname= prints names instead of
-                numbers.
-
-                 : cfg:digest:1;2;3;8;9;10
-
-    - compress :: The third field contains the compression algorithms
-                  this version of GnuPG supports, separated by
-                  semicolons.  The algorithm numbers are as specified
-                  in RFC-4880.
-
-                 : cfg:compress:0;1;2;3
-
-    - group :: The third field contains the name of the group, and the
-               fourth field contains the values that the group expands
-               to, separated by semicolons.
-
-               For example, a group of:
-                 : group mynames = paige 0x12345678 joe patti
-               would result in:
-                 : cfg:group:mynames:patti;joe;0x12345678;paige
-
-    - curve :: The third field contains the curve names this version
-               of GnuPG supports, separated by semicolons. Using
-               =curveoid= prints OIDs instead of numbers.
-
-                 : cfg:curve:ed25519;nistp256;nistp384;nistp521
-
-
-* Format of the --status-fd output
-
-  Every line is prefixed with "[GNUPG:] ", followed by a keyword with
-  the type of the status line and some arguments depending on the type
-  (maybe none); an application should always be prepared to see more
-  arguments in future versions.
-
-** General status codes
-*** NEWSIG
-    Is issued right before a signature verification starts.  This is
-    useful to define a context for parsing ERROR status messages.  No
-    arguments are currently defined.
-
-*** GOODSIG    
-    The signature with the keyid is good.  For each signature only one
-    of the codes GOODSIG, BADSIG, EXPSIG, EXPKEYSIG, REVKEYSIG or
-    ERRSIG will be emitted.  In the past they were used as a marker
-    for a new signature; new code should use the NEWSIG status
-    instead.  The username is the primary one encoded in UTF-8 and %XX
-    escaped. The fingerprint may be used instead of the long keyid if
-    it is available.  This is the case with CMS and might eventually
-    also be available for OpenPGP.
-
-*** EXPSIG    
-    The signature with the keyid is good, but the signature is
-    expired. The username is the primary one encoded in UTF-8 and %XX
-    escaped. The fingerprint may be used instead of the long keyid if
-    it is available.  This is the case with CMS and might eventually
-    also be available for OpenPGP.
-
-*** EXPKEYSIG   
-    The signature with the keyid is good, but the signature was made
-    by an expired key. The username is the primary one encoded in
-    UTF-8 and %XX escaped.  The fingerprint may be used instead of the
-    long keyid if it is available.  This is the case with CMS and
-    might eventually also be available for OpenPGP.
-
-*** REVKEYSIG    
-    The signature with the keyid is good, but the signature was made
-    by a revoked key. The username is the primary one encoded in UTF-8
-    and %XX escaped. The fingerprint may be used instead of the long
-    keyid if it is available.  This is the case with CMS and might
-    eventually also beñ available for OpenPGP.
-
-*** BADSIG    
-    The signature with the keyid has not been verified okay.  The
-    username is the primary one encoded in UTF-8 and %XX escaped. The
-    fingerprint may be used instead of the long keyid if it is
-    available.  This is the case with CMS and might eventually also be
-    available for OpenPGP.
-
-*** ERRSIG