Merge branch 'STABLE-BRANCH-2-2' into master

README

@@ -34,11 +34,11 @@
 
   GnuPG 2.2 depends on the following GnuPG related packages:
 
-    npth         (ftp://ftp.gnupg.org/gcrypt/npth/)
-    libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
-    libgcrypt    (ftp://ftp.gnupg.org/gcrypt/libgcrypt/)
-    libksba      (ftp://ftp.gnupg.org/gcrypt/libksba/)
-    libassuan    (ftp://ftp.gnupg.org/gcrypt/libassuan/)
+    npth         (https://gnupg.org/ftp/gcrypt/npth/)
+    libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
+    libgcrypt    (https://gnupg.org/ftp/gcrypt/libgcrypt/)
+    libksba      (https://gnupg.org/ftp/gcrypt/libksba/)
+    libassuan    (https://gnupg.org/ftp/gcrypt/libassuan/)
 
   You should get the latest versions of course, the GnuPG configure
   script complains if a version is not sufficient.
@@ -49,7 +49,7 @@
 
   You also need the Pinentry package for most functions of GnuPG;
   however it is not a build requirement.  Pinentry is available at
-  ftp://ftp.gnupg.org/gcrypt/pinentry/ .
+  https://gnupg.org/ftp/gcrypt/pinentry/ .
 
   After building and installing the above packages in the order as
   given above, you may continue with GnuPG installation (you may also
@@ -229,7 +229,7 @@
   You subscribe to one of the list by sending mail with a subject of
   "subscribe" to x-request@gnupg.org, where x is the name of the
   mailing list (gnupg-announce, gnupg-users, etc.). See
-  https://www.gnupg.org/documentation/mailing-lists.html for archives
+  https://gnupg.org/documentation/mailing-lists.html for archives
   of the mailing lists.
 
   Please direct bug reports to [[https://bugs.gnupg.org]] or post them
@@ -242,7 +242,7 @@
   authors and we try to answer questions when time allows us.
 
   Commercial grade support for GnuPG is available; for a listing of
-  offers see https://www.gnupg.org/service.html .  Maintaining and
+  offers see https://gnupg.org/service.html .  Maintaining and
   improving GnuPG requires a lot of time.  Since 2001, g10 Code GmbH,
   a German company owned and headed by GnuPG's principal author Werner
   Koch, is bearing the majority of these costs.  To keep GnuPG in a

configure.ac

@@ -611,8 +611,9 @@ AC_PROG_RANLIB
 AC_CHECK_TOOL(AR, ar, :)
 AC_PATH_PROG(PERL,"perl")
 AC_CHECK_TOOL(WINDRES, windres, :)
-AC_PATH_PROG(YAT2M, "yat2m", "./yat2m" )
+AC_PATH_PROG(YAT2M, "yat2m")
 AC_ARG_VAR(YAT2M, [tool to convert texi to man pages])
+AM_CONDITIONAL(HAVE_YAT2M, test -n "$ac_cv_path_YAT2M")
 AC_ISC_POSIX
 AC_SYS_LARGEFILE
 GNUPG_CHECK_USTAR
@@ -1620,12 +1621,20 @@ if test "$GCC" = yes; then
           mycflags="$mycflags -Wdeclaration-after-statement"
         fi
 
-        AC_MSG_CHECKING([if gcc supports -Wlogical-op and -Wvla])
-        CFLAGS="-Wlogical-op -Wvla"
+        AC_MSG_CHECKING([if gcc supports -Wlogical-op])
+        CFLAGS="-Wlogical-op -Werror"
         AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
         AC_MSG_RESULT($_gcc_wopt)
         if test x"$_gcc_wopt" = xyes ; then
-          mycflags="$mycflags -Wlogical-op -Wvla"
+          mycflags="$mycflags -Wlogical-op"
+        fi
+
+        AC_MSG_CHECKING([if gcc supports -Wvla])
+        CFLAGS="-Wvla"
+        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
+        AC_MSG_RESULT($_gcc_wopt)
+        if test x"$_gcc_wopt" = xyes ; then
+          mycflags="$mycflags -Wvla"
         fi
 
     else
@@ -1836,7 +1845,7 @@ AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER,
 AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
 
 if test "$have_w32_system" = yes; then
-  AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "\\\\Software\\\\GNU\\\\GnuPG",
+  AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "Software\\\\GNU\\\\GnuPG",
                      [The directory part of the W32 registry keys])
 fi
 

dirmngr/crlcache.c

@@ -1562,7 +1562,7 @@ start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo)
    should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the
    signature does not verify or any other error code. CRL is the CRL
    object we are working on, MD the hash context and ISSUER_CERT the
-   certificate of the CRL issuer.  This function closes MD.  */
+   certificate of the CRL issuer.  This function takes ownership of MD.  */
 static gpg_error_t
 finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
                   ksba_cert_t issuer_cert)
@@ -1646,12 +1646,13 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
 
 
 /* Call this to match a start_sig_check that can not be completed
-   normally.  */
+   normally.  Takes ownership of MD if MD is not NULL.  */
 static void
 abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md)
 {
   (void)crl;
-  gcry_md_close (md);
+  if (md)
+    gcry_md_close (md);
 }
 
 
@@ -1842,13 +1843,13 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
               }
 
             err = finish_sig_check (crl, md, algo, crlissuer_cert);
+            md = NULL; /* Closed.  */
             if (err)
               {
                 log_error (_("CRL signature verification failed: %s\n"),
                            gpg_strerror (err));
                 goto failure;
               }
-	    md = NULL;
 
             err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
                                        (VALIDATE_FLAG_TRUST_CONFIG
@@ -1877,8 +1878,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
 
 
  failure:
-  if (md)
-    abort_sig_check (crl, md);
+  abort_sig_check (crl, md);
   ksba_cert_release (crlissuer_cert);
   return err;
 }

doc/Makefile.am

@@ -112,8 +112,16 @@ DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
                  gnupg-module-overview.eps \
 		 $(myman_pages) gnupg.7
 
+if HAVE_YAT2M
+YAT2M_CMD = $(YAT2M)
+YAT2M_DEP = $(YAT2M)
+else
+YAT2M_CMD = ./yat2m
+YAT2M_DEP = yat2m
+
 yat2m: yat2m.c
 	$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
+endif
 
 mkdefsinc: mkdefsinc.c Makefile ../config.h
 	$(CC_FOR_BUILD) -I. -I.. -I$(srcdir) $(AM_CPPFLAGS) \
@@ -146,12 +154,12 @@ yat2m-stamp: $(myman_sources) defs.inc
 	@touch yat2m-stamp.tmp
 	incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
 	for file in $(myman_sources) ; do \
-              $(YAT2M) $(YAT2M_OPTIONS) --store \
+              $(YAT2M_CMD) $(YAT2M_OPTIONS) --store \
                   --date "`cat $$incd 2>/dev/null`" \
 	          `test -f '$$file' || echo '$(srcdir)/'`$$file ; done
 	@mv -f yat2m-stamp.tmp $@
 
-yat2m-stamp: $(YAT2M)
+yat2m-stamp: $(YAT2M_DEP)
 
 $(myman_pages) gnupg.7 : yat2m-stamp defs.inc
 	@if test -f $@; then :; else \