Merge branch 'STABLE-BRANCH-2-2' into master

7 files changed, 38 insertions, 6 deletions

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 0b2b98212..21beb29c7 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -135,6 +135,7 @@ enum cmd_and_opt_values
   oDisableScdaemon,
   oDisableCheckOwnSocket,
   oS2KCount,
+  oAutoExpandSecmem,
 
   oWriteEnvFile
 };
@@ -252,6 +253,8 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_u (oS2KCount, "s2k-count", "@"),
 
+  ARGPARSE_op_u (oAutoExpandSecmem, "auto-expand-secmem", "@"),
+
   /* Dummy options for backward compatibility.  */
   ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
   ARGPARSE_s_n (oUseStandardSocket, "use-standard-socket", "@"),
@@ -1025,6 +1028,7 @@ main (int argc, char **argv )
   assuan_set_malloc_hooks (&malloc_hooks);
   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
   assuan_sock_init ();
+  assuan_sock_set_system_hooks (ASSUAN_SYSTEM_NPTH);
   setup_libassuan_logging (&opt.debug, NULL);
 
   setup_libgcrypt_logging ();
@@ -1233,6 +1237,14 @@ main (int argc, char **argv )
           socket_name_browser = pargs.r.ret_str;
           break;
 
+        case oAutoExpandSecmem:
+          /* Try to enable this option.  It will officially only be
+           * supported by Libgcrypt 1.9 but 1.8.2 already supports it
+           * on the quiet and thus we use the numeric value value.  */
+          gcry_control (78 /*GCRYCTL_AUTO_EXPAND_SECMEM*/,
+                        (unsigned int)pargs.r.ret_ulong,  0);
+          break;
+
         case oDebugQuickRandom:
           /* Only used by the first stage command line parser.  */
           break;
diff --git a/agent/keyformat.txt b/agent/keyformat.txt
index 68fbdbc65..2e48b346e 100644
--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@@ -271,7 +271,7 @@ to keys stored on a token:
    (comment whatever)
 )
 
-The currently used protocol is "ti-v1" (token info version 1).  The
+The currently used protocol is "t1-v1" (token info version 1).  The
 second list with the information has this layout:
 
 (card_serial_number id_string_of_key fixed_pin_length)
@@ -379,7 +379,7 @@ Example:
 (protected-shared-secret
    ((desc "List of system passphrases")
     (key "uid-1002" ("Knuth" "Donald Ervin Knuth"))
-    (key "uid-1001" ("Dijkstra" "Edsgar Wybe Dijkstra"))
+    (key "uid-1001" ("Dijkstra" "Edsger Wybe Dijkstra"))
     (key)
     (protected mode (parms) encrypted_octet_string)
     (protected-at "20100915T111722")
@@ -402,7 +402,7 @@ hashed:
 
    ((desc "List of system passphrases")
     (key "uid-1002" ("Knuth" "Donald Ervin Knuth"))
-    (key "uid-1001" ("Dijkstra" "Edsgar Wybe Dijkstra"))
+    (key "uid-1001" ("Dijkstra" "Edsger Wybe Dijkstra"))
     (key)
     (value 4:1002 "signal flags at the lock")
     (value 4:1001 "taocp")
diff --git a/agent/protect.c b/agent/protect.c
index 90690d950..16ae715e1 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -1494,7 +1494,7 @@ make_shadow_info (const char *serialno, const char *idstring)
 
 
 /* Create a shadow key from a public key.  We use the shadow protocol
-  "ti-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
+  "t1-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
   S-expression is returned in an allocated buffer RESULT will point
   to. The input parameters are expected to be valid canonicalized
   S-expressions */
diff --git a/agent/t-protect.c b/agent/t-protect.c
index 92d312c9b..d17c19325 100644
--- a/agent/t-protect.c
+++ b/agent/t-protect.c
@@ -288,7 +288,7 @@ static void
 test_agent_shadow_key (void)
 {
 /* Create a shadow key from a public key.  We use the shadow protocol
-  "ti-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
+  "t1-v1" and insert the S-expressionn SHADOW_INFO.  The resulting
   S-expression is returned in an allocated buffer RESULT will point
   to. The input parameters are expected to be valid canonicalized
   S-expressions */
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 7276787e1..2b3b72b86 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -514,7 +514,10 @@ else
 speedo_pkg_pinentry_configure = --enable-pinentry-gtk2
 endif
 speedo_pkg_pinentry_configure += \
-        --disable-pinentry-qt4 \
+        --disable-pinentry-qt5   \
+        --disable-pinentry-qt    \
+	--disable-pinentry-fltk  \
+	--disable-pinentry-tty   \
 	CPPFLAGS=-I$(idir)/include   \
 	LDFLAGS=-L$(idir)/lib        \
 	CXXFLAGS=-static-libstdc++
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index afe280462..65df9708b 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -652,6 +652,17 @@ Select the digest algorithm used to compute ssh fingerprints that are
 communicated to the user, e.g. in pinentry dialogs.  OpenSSH has
 transitioned from using MD5 to the more secure SHA256.
 
+
+@item --auto-expand-secmem @var{n}
+@opindex auto-expand-secmem
+Allow Libgcrypt to expand its secure memory area as required.  The
+optional value @var{n} is a non-negative integer with a suggested size
+in bytes of each additionally allocated secure memory area.  The value
+is rounded up to the next 32 KiB; usual C style prefixes are allowed.
+For an heavy loaded gpg-agent with many concurrent connection this
+option avoids sign or decrypt errors due to out of secure memory error
+returns.
+
 @item --s2k-count @var{n}
 @opindex s2k-count
 Specify the iteration count used to protect the passphrase.  This
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 0b6ee8b4e..eee14f64e 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -3087,6 +3087,12 @@ parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
 	else
 	  pt->name[i] = c;
     }
+  /* Fill up NAME so that a check with valgrind won't complain about
+   * reading from uninitalized memory.  This case may be triggred by
+   * corrupted packets.  */
+  for (; i < namelen; i++)
+    pt->name[i] = 0;
+
   pt->timestamp = read_32 (inp);
   if (pktlen)
     pktlen -= 4;