New upstream version 2.2.16

ChangeLog

+2019-05-28  Werner Koch  <wk@gnupg.org>
+
+	Release GnuPG 2.2.16.
+	+ commit 3f2b7a53ddc43b3a349451d28691aaaa116786dc
+
+
+	dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
+	+ commit 5281ecbe3ae8364407d9831243b81d664b040805
+	* dirmngr/ocsp.c (do_ocsp_request): Remove arg md.  Add args r_sigval,
+	r_produced_at, and r_md.  Get the hash algo from the signature and
+	create the context here.
+	(check_signature): Allow any hash algo.  Print a diagnostic if the
+	signature does not verify.
+
+2019-05-27  Werner Koch  <wk@gnupg.org>
+
+	sm: Avoid confusing diagnostic for the default key.
+	+ commit 32210e855c460ed60505bf9be9adea33d05c40eb
+	* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
+	callers.
+	(gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
+	Change all callers.
+	* sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling
+	gpgsm_cert_use_sign_p
+
+	gpg: Fixed i18n markup of some strings.
+	+ commit ab5d7142a79e92819f5551cfc424a8ceaf0885fa
+	* g10/tofu.c: Removed some translation markups which either make no
+	sense or are not possble.
+
+	gpg: Allow deletion of subkeys with --delete-[secret-]key.
+	+ commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a
+	* common/userids.c (classify_user_id): Do not set the EXACT flag in
+	the default case.
+	* g10/export.c (exact_subkey_match_p): Make static,
+	* g10/delkey.c (do_delete_key): Implement subkey only deleting.
+
+2019-05-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: Stop scdaemon after reload when disable_scdaemon.
+	+ commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd
+	* agent/call-scd.c (agent_card_killscd): New.
+	* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.
+
+2019-05-21  Werner Koch  <wk@gnupg.org>
+
+	gpg: Do not bail on an invalid packet in the local keyring.
+	+ commit 30f44957ccd1433846709911798af3da4e437900
+	* g10/keydb.c (parse_keyblock_image): Treat invalid packet special.
+
+	gpg: Do not allow creation of user ids larger than our parser allows.
+	+ commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651
+	* g10/parse-packet.c: Move max packet lengths constants to ...
+	* g10/packet.h: ... here.
+	* g10/build-packet.c (do_user_id): Return an error if too data is too
+	large.
+	* g10/keygen.c (write_uid): Return an error for too large data.
+
+2019-05-21  NIIBE Yutaka  <gniibe@fsij.org>
+
+	agent: For SSH key, don't put NUL-byte at the end.
+	+ commit 6e39541f4f488fe59eac399bad18c465f373a784
+	* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
+	the length by the second call of gcry_sexp_sprint.
+
+2019-05-20  Werner Koch  <wk@gnupg.org>
+	    Matheus Afonso Martins Moreira
+
+	gpg: Do not delete any keys if --dry-run is passed.
+	+ commit 5c46c5f74540ad753b925b74593332ca92de47fa
+	* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
+	Do not clear the ownertrust.  Do not let the agent delete the key.
+
+2019-05-17  Werner Koch  <wk@gnupg.org>
+
+	gpg: Fix using --decrypt along with --use-embedded-filename.
+	+ commit 1702179d91b7136661af084d7dab2e50a2857491
+	* g10/options.h (opt): Add flags.dummy_outfile.
+	* g10/decrypt.c (decrypt_message): Set this global flag instead of the
+	fucntion local flag.
+	* g10/plaintext.c (get_output_file): Ignore opt.output if that was
+	used as a dummy option aslong with --use-embedded-filename.
+
+	gpg: Improve the photo image viewer selection.
+	+ commit cd5f040a5389944dd8a05bc9c938f888581dfc8a
+	* g10/exec.c (w32_system): Add "!ShellExecute" special.
+	* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
+	under Windows and fallbac to 'display' and 'xdg-open' in the Unix
+	case.
+	(show_photos): Flush stdout so that the output is shown before the
+	image pops up.
+
+2019-05-16  Werner Koch  <wk@gnupg.org>
+
+	kbx: Fix an endless loop under Windows due to an incomplete fix.
+	+ commit 0fff927889b075442ed7130f376118c31fda1f32
+	* kbx/keybox-search.c (keybox_search):  We need to seek to the last
+	position in all cases not just when doing a NEXT.
+
+	kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
+	+ commit 6f72aa821407e47ad3963e72e139f2ca2c69d9dd
+	* kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
+	instead of fclose so that a close is done if the file is opened by
+	another handle.
+	* kbx/keybox-search.c (keybox_search): Remember the last offset and
+	use that in NEXT search mode if we had to re-open the file.
+
+	gpgconf: Before --launch check that the config file is fine.
+	+ commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5
+	* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
+	* tools/gpgconf.c (gpgconf_failure): Call log_flush.
+
+2019-05-15  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	gpg: enable OpenPGP export of cleartext keys with comments.
+	+ commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec
+	* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
+	sublists in private-key S-expression.
+
+2019-05-15  Werner Koch  <wk@gnupg.org>
+
+	gpgconf: Support --homedir for --launch.
+	+ commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6
+	* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
+	gnupg_homedir already returns abd absolute name.
+	(scdaemon_runtime_change): Ditto.
+	(dirmngr_runtime_change): Ditto.
+	(gc_component_launch): Support --homedir.
+
+2019-05-14  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	agent: correct length for uri and comment on 64-bit big-endian platforms
+	+ commit 110932925ba8e0169da18d7774440f8d1fd8a344
+	* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
+	gcry_sexp_build_array's %b.
+
+2019-05-14  Werner Koch  <wk@gnupg.org>
+
+	gpg: Do not print a hint to use the deprecated --keyserver option.
+	+ commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846
+	* g10/keyserver.c (keyserver_search): Remove a specialized error
+	message.
+
+2019-05-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Fix possible null dereference.
+	+ commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3
+	* g10/armor.c (armor_filter): Access ->d in the internal loop.
+
+	build: Update m4/iconv.m4.
+	+ commit cf73c82e95f999bd35636b0cf4e80ed5c33fa7a8
+	* m4/iconv.m4: Update from gettext 0.20.1.
+
+2019-05-13  Werner Koch  <wk@gnupg.org>
+
+	gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
+	+ commit c1dc7a832921fdf5686d377f33db78707c0345e2
+	* g10/sign.c (update_keysig_packet): Convert digest algo when needed.
+
+2019-05-12  Werner Koch  <wk@gnupg.org>
+
+	sm: Fix a warning in an es_fopencooie function.
+	+ commit 8d0d61aca3d2713df8a33444af3658b859d72be8
+	* sm/certdump.c (format_name_writer): Take care of a flush request.
+
+2019-05-10  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	doc: correct documentation for gpgconf --kill.
+	+ commit be116f871dbf14dd44d3a7909c2a052f8979c480
+	* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.
+
+	(cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)
+
+2019-05-09  Werner Koch  <wk@gnupg.org>
+
+	build: Sign all Windows binaries.
+	+ commit e6901c2bc802996c24335bcb35012ccb74b4ced0
+	* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
+	(AUTHENTICODE_TOOL): New.
+	(AUTHENTICODE_FILES): New.
+	(installer): Sign listed files.
+	(AUTHENTICODE_SIGNHOST): New macro.
+	(sign-installer): Use that macro instead of direct use of osslsigncode.
+
+2019-05-03  Werner Koch  <wk@gnupg.org>
+
+	gpg: Use just the addrspec from the Signer's UID.
+	+ commit 05204b72497db093f5d2da4a2446c0264a946296
+	* g10/parse-packet.c (parse_signature): Take only the addrspec from a
+	Signer's UID subpacket.
+
+2019-04-23  NIIBE Yutaka  <gniibe@fsij.org>
+
+	po: Update Japanese Translation.
+	+ commit caa61fb7da6b858f038dde948d36fce5c0a85ee5
+
+
+2019-04-18  Andre Heinecke  <aheinecke@intevation.de>
+
+	g10: Fix double free when locating by mbox.
+	+ commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1
+	* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
+	to NULL after use.
+
+2019-04-16  NIIBE Yutaka  <gniibe@fsij.org>
+
+	common: Fix AWK portability.
+	+ commit ee766b2b5d646643d66d23eae478f71c0a01a343
+	* common/Makefile.am: Use pkg_namespace.
+	* common/mkstrtable.awk: Use pkg_namespace.  Regexp fix.
+
+2019-04-11  Werner Koch  <wk@gnupg.org>
+
+	gpg: Accept also armored data from the WKD.
+	+ commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455
+	* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
+
+	gpg: Set a limit of 5 to the number of keys imported from the WKD.
+	+ commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2
+	* g10/import.c (import): Limit the number of considered keys to 5.
+	(import_one): Return the first fingerprint in case of WKD.
+
+2019-04-02  Werner Koch  <wk@gnupg.org>
+
+	scd: Add dummy option --application-priority.
+	+ commit cb2065967465939f82cc585254cae0244ed94eac
+
+
+	dirmngr: Improve domaininfo cache update algorithm.
+	+ commit 48e7977709b6a56e8fd8e9f5abb9dba5ea617c33
+	* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
+	(insert_or_update): Implement new update algorithm.
+
+	dirmngr: Better error code for http status 413.
+	+ commit 0a30ce036a615bc95382e0640d185b031f8c6a63
+	* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
+	* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+	* dirmngr/ocsp.c (do_ocsp_request): Ditto.
+
+2019-04-01  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	NEWS: correct typo in header.
+	+ commit 5b1b5be65f343d252c865d705d23b55982718f2d
+
+
+2019-03-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	g10: Fix symmetric cipher algo constant for ECDH.
+	+ commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e
+	* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
+	ECC strength 384, according to RFC-6637.
+
+2019-03-27  Trevor Bentley  <trevor@yubico.com>
+
+	gpg: Don't use EdDSA algo ID for ECDSA curves.
+	+ commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf
+	* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
+	an EdDSA curve.
+
 2019-03-26  Werner Koch  <wk@gnupg.org>
 
 	Release 2.2.15.

NEWS

+Noteworthy changes in version 2.2.16 (2019-05-28)
+-------------------------------------------------
+
+  * gpg,gpgsm: Fix deadlock on Windows due to a keybox sharing
+    violation.  [#4505]
+
+  * gpg: Allow deletion of subkeys with --delete-key.  This finally
+    makes the bang-suffix work as expected for that command.  [#4457]
+
+  * gpg: Replace SHA-1 by SHA-256 in self-signatures when updating
+    them with --quick-set-expire or --quick-set-primary-uid. [#4508]
+
+  * gpg: Improve the photo image viewer selection.  [#4334]
+
+  * gpg: Fix decryption with --use-embedded-filename.  [#4500]
+
+  * gpg: Remove hints on using the --keyserver option.  [#4512]
+
+  * gpg: Fix export of certain secret keys with comments.  [#4490]
+
+  * gpg: Reject too long user-ids in --quick-gen-key.  [#4532]
+
+  * gpg: Fix a double free in the best key selection code.  [#4462]
+
+  * gpg: Fix the key generation dialog for switching back from EdDSA
+    to ECDSA.
+
+  * gpg: Use AES-192 with SHA-384 to comply with RFC-6637.
+
+  * gpg: Use only the addrspec from the Signer's UID subpacket to
+    mitigate a problem with another implementation.
+
+  * gpg: Skip invalid packets during a keyring listing and sync
+    diagnostics with the output.
+
+  * gpgsm: Avoid confusing diagnostic when signing with the default
+    key.  [#4535]
+
+  * agent: Do not delete any secret key in --dry-run mode.
+
+  * agent: Fix failures on 64 bit big-endian boxes related to URIs in
+    a keyfile.  [#4501]
+
+  * agent: Stop scdaemon after a reload with disable-scdaemon newly
+    configured.  [#4326]
+
+  * dirmngr: Improve caching algorithm for WKD domains.
+
+  * dirmngr: Support other hash algorithms than SHA-1 for OCSP.  [#3966]
+
+  * gpgconf: Make --homedir work for --launch.  [#4496]
+
+  * gpgconf: Before --launch check for a valid config file.  [#4497]
+
+  * wkd: Do not import more than 5 keys from one WKD address.
+
+  * wkd: Accept keys which are stored in armored format in the
+    directory.
+
+  * The installer for Windows now comes with signed binaries.
+
+  Release-info: https://dev.gnupg.org/T4509
+  See-also: gnupg-announce/2019q2/000438.html
+
+
 Noteworthy changes in version 2.2.15 (2019-03-26)
 -------------------------------------------------
 
@@ -50,7 +115,7 @@ Noteworthy changes in version 2.2.14 (2019-03-19)
 
   * dirmngr: Fix build problems with gcc 9 in libdns.
 
-  * gpgconf: New option --show-socket for use wity --launch.
+  * gpgconf: New option --show-socket for use with --launch.
 
   * gpgtar: Make option -C work for archive creation.
 

VERSION

-2.2.15
+2.2.16

agent/agent.h

@@ -597,6 +597,7 @@ int agent_card_scd (ctrl_t ctrl, const char *cmdline,
                     int (*getpin_cb)(void *, const char *,
                                      const char *, char*, size_t),
                     void *getpin_cb_arg, void *assuan_context);
+void agent_card_killscd (void);
 
 
 /*-- learncard.c --*/

agent/call-scd.c

@@ -1324,3 +1324,12 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline,
 
   return unlock_scd (ctrl, 0);
 }
+
+void
+agent_card_killscd (void)
+{
+  if (primary_scd_ctx == NULL)
+    return;
+  assuan_transact (primary_scd_ctx, "KILLSCD",
+                   NULL, NULL, NULL, NULL, NULL, NULL);
+}

agent/command-ssh.c

@@ -3003,8 +3003,8 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase,
       goto out;
     }
 
-  gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n);
-  /* FIXME: guarantee?  */
+  buffer_new_n = gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON,
+                                   buffer_new, buffer_new_n);
 
   if (*passphrase)
     err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0, -1);

agent/command.c

@@ -1231,8 +1231,8 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
 }
 
 
-/* Entry int for the command KEYINFO.  This function handles the
-   command option processing.  For details see hlp_keyinfo above.  */
+/* Entry into the command KEYINFO.  This function handles the
+ * command option processing.  For details see hlp_keyinfo above.  */
 static gpg_error_t
 cmd_keyinfo (assuan_context_t ctx, char *line)
 {

agent/findkey.c

@@ -1230,6 +1230,7 @@ agent_public_key_from_file (ctrl_t ctrl,
   gcry_sexp_t uri_sexp, comment_sexp;
   const char *uri, *comment;
   size_t uri_length, comment_length;
+  int uri_intlen, comment_intlen;
   char *format, *p;
   void *args[2+7+2+2+1]; /* Size is 2 + max. # of elements + 2 for uri + 2
                             for comment + end-of-list.  */
@@ -1311,14 +1312,16 @@ agent_public_key_from_file (ctrl_t ctrl,
     {
       p = stpcpy (p, "(uri %b)");
       assert (argidx+1 < DIM (args));
-      args[argidx++] = (void *)&uri_length;
+      uri_intlen = (int)uri_length;
+      args[argidx++] = (void *)&uri_intlen;
       args[argidx++] = (void *)&uri;
     }
   if (comment)
     {
       p = stpcpy (p, "(comment %b)");
       assert (argidx+1 < DIM (args));
-      args[argidx++] = (void *)&comment_length;
+      comment_intlen = (int)comment_length;
+      args[argidx++] = (void *)&comment_intlen;
       args[argidx++] = (void*)&comment;
     }
   *p++ = ')';

agent/gpg-agent.c

@@ -2434,6 +2434,9 @@ agent_sighup_action (void)
      "pinentry" binary that one can be used in case the
      "pinentry-basic" fallback was in use.  */
   gnupg_module_name_flush_some ();
+
+  if (opt.disable_scdaemon)
+    agent_card_killscd ();
 }
 
 

build-aux/speedo.mk

@@ -157,9 +157,41 @@ INST_NAME=gnupg-w32
 # Use this to override the installaion directory for native builds.
 INSTALL_PREFIX=none
 
-# The Authenticode key and cert chain used to sign the Windows installer
+# The Authenticode key and cert chain used to sign the Windows
+# installer If AUTHENTICODE_SIGNHOST is specified, signing is done on
+# that host using the Windows signtool.  The signhost is usually an
+# entry in .ssh/config.  Depending on the used token it might be
+# necessary to allow single signon and unlock the token before running
+# this makefile.  All files given in AUTHENTICODE_FILES are signed
+# before they are put into the installer.
+AUTHENTICODE_SIGNHOST=authenticode-signhost
+AUTHENTICODE_TOOL='"C:\Program Files (x86)\Windows Kits\10\bin\signtool.exe"'
 AUTHENTICODE_KEY=${HOME}/.gnupg/g10code-authenticode-key.p12
 AUTHENTICODE_CERTS=${HOME}/.gnupg/g10code-authenticode-certs.pem
+AUTHENTICODE_FILES= \
+                    dirmngr.exe               \
+                    dirmngr_ldap.exe          \
+                    gpg-agent.exe             \
+                    gpg-connect-agent.exe     \
+                    gpg-preset-passphrase.exe \
+                    gpg-wks-client.exe        \
+                    gpg.exe                   \
+                    gpgconf.exe               \
+                    gpgme-w32spawn.exe        \
+                    gpgsm.exe                 \
+                    gpgtar.exe                \
+                    gpgv.exe                  \
+                    libassuan-0.dll           \
+                    libgcrypt-20.dll          \
+                    libgpg-error-0.dll        \
+                    libgpgme-11.dll           \
+                    libksba-8.dll             \
+                    libnpth-0.dll             \
+                    libsqlite3-0.dll          \
+                    pinentry-w32.exe          \
+                    scdaemon.exe	      \
+                    zlib1.dll
+
 
 
 # Directory names.
@@ -1211,7 +1243,22 @@ ifeq ($(WITH_GUI),1)
 extra_installer_options += -DWITH_GUI=1
 endif
 
+# Note that we sign only when doing the final installer.
 installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt
+	(set -e;\
+	 cd "$(idir)"; \
+	 if echo "$(idir)" | grep -q '/PLAY-release/' ; then \
+	   for f in $(AUTHENTICODE_FILES); do \
+             if [ -f "bin/$$f" ]; then \
+	       $(call AUTHENTICODE_sign,"bin/$$f","bin/$$f");\
+	     elif [ -f "libexec/$$f" ]; then \
+	       $(call AUTHENTICODE_sign,"libexec/$$f","libexec/$$f");\
+	     else \
+	       echo "speedo: WARNING: file '$$f' not available for signing";\
+             fi;\
+           done; \
+         fi \
+        )
 	$(MAKENSIS) -V2 \
                     -DINST_DIR=$(idir) \
                     -DINST6_DIR=$(idir6) \
@@ -1237,6 +1284,28 @@ define MKSWDB_commands
  ) | tee $(1).swdb
 endef
 
+# Sign the file $1 and save the result as $2
+define AUTHENTICODE_sign
+   set -e;\
+   if [ -n "$(AUTHENTICODE_SIGNHOST)" ]; then \
+     echo "speedo: Signing via host $(AUTHENTICODE_SIGNHOST)";\
+     scp $(1) "$(AUTHENTICODE_SIGNHOST):a.exe" ;\
+     ssh "$(AUTHENTICODE_SIGNHOST)" $(AUTHENTICODE_TOOL) sign \
+        /n '"g10 Code GmbH"' \
+        /tr 'http://rfc3161timestamp.globalsign.com/advanced' /td sha256 \
+        /fd sha256 /du https://gnupg.org a.exe ;\
+     scp "$(AUTHENTICODE_SIGNHOST):a.exe" $(2);\
+     echo "speedo: signed file is '$(2)'" ;\
+   else \
+     echo "speedo: Signing using key $(AUTHENTICODE_KEY)";\
+     osslsigncode sign -certs $(AUTHENTICODE_CERTS) \
+       -pkcs12 $(AUTHENTICODE_KEY) -askpass \
+       -ts "http://timestamp.globalsign.com/scripts/timstamp.dll" \
+       -h sha256 -n GnuPG -i https://gnupg.org \
+       -in $(1) -out $(2) ;\
+   fi
+endef
+
 
 # Build the installer from the source tarball.
 installer-from-source: dist-source
@@ -1265,13 +1334,8 @@ sign-installer:
 	 exefile="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" ;\
 	 echo "speedo: /*" ;\
 	 echo "speedo:  * Signing installer" ;\
-	 echo "speedo:  * Key: $(AUTHENTICODE_KEY)";\
 	 echo "speedo:  */" ;\
-	 osslsigncode sign -certs $(AUTHENTICODE_CERTS)\
-            -pkcs12 $(AUTHENTICODE_KEY) -askpass \
-            -ts "http://timestamp.globalsign.com/scripts/timstamp.dll" \
-            -h sha256 -n GnuPG -i https://gnupg.org \
-	    -in "PLAY/inst/$$exefile" -out "../../$$exefile" ;\
+	 $(call AUTHENTICODE_sign,"PLAY/inst/$$exefile","../../$$exefile");\
 	 exefile="../../$$exefile" ;\
 	 $(call MKSWDB_commands,$${exefile},$${reldate}); \
 	 echo "speedo: /*" ;\

common/Makefile.am

@@ -148,13 +148,13 @@ if MAINTAINER_MODE
 audit-events.h: Makefile.am mkstrtable.awk exaudit.awk audit.h
 	$(AWK) -f $(srcdir)/exaudit.awk $(srcdir)/audit.h \
 	  | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
-		   -v namespace=eventstr_  > $(srcdir)/audit-events.h
+		   -v pkg_namespace=eventstr_  > $(srcdir)/audit-events.h
 
 # Create the status-codes.h include file from status.h
 status-codes.h: Makefile.am mkstrtable.awk exstatus.awk status.h
 	$(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \
 	  | $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
-		   -v namespace=statusstr_  > $(srcdir)/status-codes.h
+		   -v pkg_namespace=statusstr_  > $(srcdir)/status-codes.h
 endif
 
 #

common/mkstrtable.awk

@@ -76,7 +76,7 @@
 #
 # The variable prefix can be used to prepend a string to each message.
 #
-# The variable namespace can be used to prepend a string to each
+# The variable pkg_namespace can be used to prepend a string to each
 # variable and macro name.
 
 BEGIN {
@@ -101,7 +101,7 @@ header {
       print "/* The purpose of this complex string table is to produce";
       print "   optimal code with a minimum of relocations.  */";
       print "";
-      print "static const char " namespace "msgstr[] = ";
+      print "static const char " pkg_namespace "msgstr[] = ";
       header = 0;
     }
   else
@@ -109,7 +109,7 @@ header {
 }
 
 !header {
-  sub (/\#.+/, "");
+  sub (/#.+/, "");
   sub (/[ 	]+$/, ""); # Strip trailing space and tab characters.
 
   if (/^$/)
@@ -149,14 +149,14 @@ END {
   else
     print "  gettext_noop (\"" prefix last_msgstr "\");";
   print "";
-  print "static const int " namespace "msgidx[] =";
+  print "static const int " pkg_namespace "msgidx[] =";
   print "  {";
   for (i = 0; i < coded_msgs; i++)
     print "    " pos[i] ",";
   print "    " pos[coded_msgs];
   print "  };";
   print "";
-  print "#define " namespace "msgidxof(code) (0 ? -1 \\";
+  print "#define " pkg_namespace "msgidxof(code) (0 ? -1 \\";
 
 # Gather the ranges.
   skip = code[0];

common/userids.c

@@ -351,8 +351,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
         }
       else if (!hexprefix)
         {
-          /* The fingerprint in an X.509 listing is often delimited by
-             colons, so we try to single this case out. */
+          /* The fingerprint of an X.509 listing is often delimited by
+           * colons, so we try to single this case out.  Note that the
+           * OpenPGP bang suffix is not supported here.  */
+          desc->exact = 0;
           mode = 0;
           hexlength = strspn (s, ":0123456789abcdefABCDEF");
           if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
@@ -414,7 +416,6 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
             }
           if (!mode) /* Default to substring search.  */
             {
-              desc->exact = 0;
               desc->u.name = s;
               mode = KEYDB_SEARCH_MODE_SUBSTR;
             }

configure.ac

@@ -28,7 +28,7 @@ min_automake_version="1.14"
 m4_define([mym4_package],[gnupg])
 m4_define([mym4_major], [2])
 m4_define([mym4_minor], [2])
-m4_define([mym4_micro], [15])
+m4_define([mym4_micro], [16])
 
 # To start a new development series, i.e a new major or minor number
 # you need to mark an arbitrary commit before the first beta release

dirmngr/domaininfo.c

@@ -47,6 +47,7 @@ struct domaininfo_s
   unsigned int wkd_not_found:1;      /* A WKD query failed.               */
   unsigned int wkd_supported:1;      /* One WKD entry was found.          */
   unsigned int wkd_not_supported:1;  /* Definitely does not support WKD.  */
+  unsigned int keepmark:1;           /* Private to insert_or_update().    */
   char name[1];
 };
 typedef struct domaininfo_s *domaininfo_t;
@@ -143,7 +144,10 @@ insert_or_update (const char *domain,
 {
   domaininfo_t di;
   domaininfo_t di_new;
-  domaininfo_t di_cut;
+  domaininfo_t drop = NULL;
+  domaininfo_t drop_extra = NULL;
+  int nkept = 0;
+  int ndropped = 0;
   u32 hash;
   int count;
 
@@ -162,7 +166,6 @@ insert_or_update (const char *domain,
 
   /* Need to do another lookup because the malloc is a system call and
    * thus the hash array may have been changed by another thread.  */
-  di_cut = NULL;
   for (count=0, di = domainbuckets[hash]; di; di = di->next, count++)
     if (!strcmp (di->name, domain))
       {
@@ -172,16 +175,89 @@ insert_or_update (const char *domain,
       }
 
   /* Before we insert we need to check whether the chain gets too long.  */
-  di_cut = NULL;
   if (count >= MAX_DOMAINBUCKET_LEN)
     {
-      for (count=0, di = domainbuckets[hash]; di; di = di->next, count++)
-        if (count >= MAX_DOMAINBUCKET_LEN/2)
-          {
-            di_cut = di->next;
-            di->next = NULL;
-            break;
-          }
+      domaininfo_t bucket;
+      domaininfo_t *array;
+      int narray, idx;
+      domaininfo_t keep = NULL;
+
+      /* Unlink from the global list before doing a syscall.  */
+      bucket = domainbuckets[hash];
+      domainbuckets[hash] = NULL;
+
+      array = xtrycalloc (count, sizeof *array);
+      if (!array)
+        {
+          /* That's bad; give up the entire bucket.  */
+          log_error ("domaininfo: error allocating helper array: %s\n",
+                     gpg_strerror (gpg_err_code_from_syserror ()));
+          drop_extra = bucket;
+          goto leave;
+        }
+      narray = 0;
+
+      /* Move all items into an array for easier processing.  */
+      for (di = bucket; di; di = di->next)
+        array[narray++] = di;
+      log_assert (narray == count);
+
+      /* Mark all item in the array which are flagged to support wkd
+       * but not more than half of the maximum.  This way we will at
+       * the end drop half of the items. */
+      count = 0;
+      for (idx=0; idx < narray; idx++)
+        {
+          di = array[idx];
+          di->keepmark = 0; /* Clear flag here on the first pass.  */
+          if (di->wkd_supported && count < MAX_DOMAINBUCKET_LEN/2)
+            {
+              di->keepmark = 1;
+              count++;
+            }
+        }
+      /* Now mark those which are marked as not found.  */
+      /* FIXME: we should use an LRU algorithm here.    */
+      for (idx=0; idx < narray; idx++)
+        {
+          di = array[idx];
+          if (!di->keepmark
+              && di->wkd_not_supported && count < MAX_DOMAINBUCKET_LEN/2)
+            {
+              di->keepmark = 1;
+              count++;
+            }
+        }
+
+      /* Build a bucket list and a second list for later freeing the
+       * items (we can't do it directly because a free is a system
+       * call and we want to avoid locks in this module.  Note that
+       * the kept items will be reversed order which does not matter.  */
+      for (idx=0; idx < narray; idx++)
+        {
+          di = array[idx];
+          if (di->keepmark)
+            {
+              di->next = keep;
+              keep = di;
+              nkept++;
+            }
+          else
+            {