Merge branch 'STABLE-BRANCH-2-2' into master

agent/gpg-agent.c

@@ -135,6 +135,7 @@ enum cmd_and_opt_values
   oDisableScdaemon,
   oDisableCheckOwnSocket,
   oS2KCount,
+  oAutoExpandSecmem,
 
   oWriteEnvFile
 };
@@ -252,6 +253,8 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
 
+  ARGPARSE_op_u (oAutoExpandSecmem, "auto-expand-secmem", "@"),
+
   /* Dummy options for backward compatibility.  */
   ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
   ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@@ -1025,6 +1028,7 @@ main (int argc, char **argv )
   assuan_set_malloc_hooks (&malloc_hooks);
   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
   assuan_sock_init ();
+  assuan_sock_set_system_hooks (ASSUAN_SYSTEM_NPTH);
   setup_libassuan_logging (&opt.debug, NULL);
 
   setup_libgcrypt_logging ();
@@ -1233,6 +1237,14 @@ main (int argc, char **argv )
           socket_name_browser = pargs.r.ret_str;
           break;
 
+        case oAutoExpandSecmem:
+          /* Try to enable this option.  It will officially only be
+           * supported by Libgcrypt 1.9 but 1.8.2 already supports it
+           * on the quiet and thus we use the numeric value value.  */
+          gcry_control (78 /*GCRYCTL_AUTO_EXPAND_SECMEM*/,
+                        (unsigned int)pargs.r.ret_ulong,  0);
+          break;
+
         case oDebugQuickRandom:
           /* Only used by the first stage command line parser.  */
           break;

agent/keyformat.txt

@@ -271,7 +271,7 @@ to keys stored on a token:
    (comment whatever)
 )
 
-The currently used protocol is "ti-v1" (token info version 1).  The
+The currently used protocol is "t1-v1" (token info version 1).  The
 second list with the information has this layout:
 
 (card_serial_number id_string_of_key fixed_pin_length)
@@ -379,7 +379,7 @@ Example:
 (protected-shared-secret
    ((desc "List of system passphrases")
     (key "uid-1002" ("Knuth" "Donald Ervin Knuth"))
-    (key "uid-1001" ("Dijkstra" "Edsgar Wybe Dijkstra"))
+    (key "uid-1001" ("Dijkstra" "Edsger Wybe Dijkstra"))
     (key)
     (protected mode (parms) encrypted_octet_string)
     (protected-at "20100915T111722")
@@ -402,7 +402,7 @@ hashed:
 
    ((desc "List of system passphrases")
     (key "uid-1002" ("Knuth" "Donald Ervin Knuth"))
-    (key "uid-1001" ("Dijkstra" "Edsgar Wybe Dijkstra"))
+    (key "uid-1001" ("Dijkstra" "Edsger Wybe Dijkstra"))
     (key)
     (value 4:1002 "signal flags at the lock")
     (value 4:1001 "taocp")

agent/protect.c

@@ -1494,7 +1494,7 @@ make_shadow_info (const char *serialno, const char *idstring)
 
 
 /* Create a shadow key from a public key.  We use the shadow protocol
-  "ti-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
+  "t1-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
   S-expression is returned in an allocated buffer RESULT will point
   to. The input parameters are expected to be valid canonicalized
   S-expressions */

agent/t-protect.c

@@ -288,7 +288,7 @@ static void
 test_agent_shadow_key (void)
 {
 /* Create a shadow key from a public key.  We use the shadow protocol
-  "ti-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
+  "t1-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
   S-expression is returned in an allocated buffer RESULT will point
   to. The input parameters are expected to be valid canonicalized
   S-expressions */

build-aux/speedo.mk

@@ -514,7 +514,10 @@ else
 speedo_pkg_pinentry_configure = --enable-pinentry-gtk2
 endif
 speedo_pkg_pinentry_configure += \
-        --disable-pinentry-qt4 \
+        --disable-pinentry-qt5   \
+        --disable-pinentry-qt    \
+	--disable-pinentry-fltk  \
+	--disable-pinentry-tty   \
 	CPPFLAGS=-I$(idir)/include   \
 	LDFLAGS=-L$(idir)/lib        \
 	CXXFLAGS=-static-libstdc++

doc/gpg-agent.texi

@@ -652,6 +652,17 @@ Select the digest algorithm used to compute ssh fingerprints that are
 communicated to the user, e.g. in pinentry dialogs.  OpenSSH has
 transitioned from using MD5 to the more secure SHA256.
 
+
+@item --auto-expand-secmem @var{n}
+@opindex auto-expand-secmem
+Allow Libgcrypt to expand its secure memory area as required.  The
+optional value @var{n} is a non-negative integer with a suggested size
+in bytes of each additionally allocated secure memory area.  The value
+is rounded up to the next 32 KiB; usual C style prefixes are allowed.
+For an heavy loaded gpg-agent with many concurrent connection this
+option avoids sign or decrypt errors due to out of secure memory error
+returns.
+
 @item --s2k-count @var{n}
 @opindex s2k-count
 Specify the iteration count used to protect the passphrase.  This

g10/parse-packet.c

@@ -3087,6 +3087,12 @@ parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
 	else
 	  pt->name[i] = c;
     }
+  /* Fill up NAME so that a check with valgrind won't complain about
+   * reading from uninitalized memory.  This case may be triggred by
+   * corrupted packets.  */
+  for (; i < namelen; i++)
+    pt->name[i] = 0;
+
   pt->timestamp = read_32 (inp);
   if (pktlen)
     pktlen -= 4;