--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gnupg/patches/000-gnupg-2.0.26-upstream.patch Tue Apr 14 14:29:32 2015 -0700
@@ -0,0 +1,287 @@
+# Patch origin: GnuPG/GPGME Project (upstream).
+# URL: http://permalink.gmane.org/gmane.comp.encryption.gpg.cvs/10207
+- Log -----------------------------------------------------------------
+commit 1298b14f97efebdd88a9390af3848154dbe0d259
+Author: Joshua Rogers <[email protected]>
+Date: Tue Dec 23 00:47:50 2014 +1100
+
+ tools: Free variable before return
+
+ * tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
+ upon error.
+ --
+
+ Signed-off-by: Joshua Rogers <[email protected]>
+
+diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
+index c43e87a..83bc24e 100644
+--- a/tools/gpgconf-comp.c
++++ b/tools/gpgconf-comp.c
+@@ -2390,7 +2390,10 @@ change_options_file (gc_component_t component, gc_backend_t backend,
+ res = link (dest_filename, orig_filename);
+ #endif
+ if (res < 0 && errno != ENOENT)
+- return -1;
++ {
++ xfree (dest_filename);
++ return -1;
++ }
+ if (res < 0)
+ {
+ xfree (orig_filename);
+
+commit ced689e12a5037c6aeca62e9eaebdc098bd9c14e
+Author: Daniel Kahn Gillmor <[email protected]>
+Date: Fri Dec 19 18:53:34 2014 -0500
+
+ sm: Avoid double-free on iconv failure
+
+ * sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
+ double-free of pwbuf.
+
+ --
+
+ Observed by Joshua Rogers <[email protected]>, who proposed a
+ slightly different fix.
+
+ Debian-Bug-Id: 773472
+
+ Added fix at a second place - wk.
+
+diff --git a/agent/minip12.c b/agent/minip12.c
+index 2471717..0bcab5f 100644
+--- a/agent/minip12.c
++++ b/agent/minip12.c
+@@ -2182,6 +2182,7 @@ p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
+ " requested charset `%s': %s\n",
+ charset, strerror (errno));
+ gcry_free (pwbuf);
++ pwbuf = NULL;
+ goto failure;
+ }
+
+@@ -2196,6 +2197,7 @@ p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
+ " requested charset `%s': %s\n",
+ charset, strerror (errno));
+ gcry_free (pwbuf);
++ pwbuf = NULL;
+ jnlib_iconv_close (cd);
+ goto failure;
+ }
+
+commit 0fd4cd8503dfe9c3e6a362003bd647b4cd882363
+Author: Daniel Kahn Gillmor <[email protected]>
+Date: Fri Dec 19 18:07:55 2014 -0500
+
+ scd: Avoid double-free on error condition in scd
+
+ * scd/command.c (cmd_readkey): avoid double-free of cert
+
+ --
+
+ When ksba_cert_new() fails, cert will be double-freed.
+
+ Debian-Bug-Id: 773471
+
+ Original patch changed by wk to do the free only at leave.
+
+diff --git a/scd/command.c b/scd/command.c
+index fc1f5a2..b26bd68 100644
+--- a/scd/command.c
++++ b/scd/command.c
+@@ -777,10 +777,8 @@ cmd_readkey (assuan_context_t ctx, char *line)
+
+ rc = ksba_cert_new (&kc);
+ if (rc)
+- {
+- xfree (cert);
+- goto leave;
+- }
++ goto leave;
++
+ rc = ksba_cert_init_from_mem (kc, cert, ncert);
+ if (rc)
+ {
+
+commit 1fc4dc541af7d4bf4dba6ef37d1d7841498a05c6
+Author: Daniel Kahn Gillmor <[email protected]>
+Date: Fri Dec 19 17:53:36 2014 -0500
+
+ avoid future chance of using uninitialized memory
+
+ * common/iobuf.c: (iobuf_open): initialize len
+
+ --
+
+ In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
+ (via file_filter()) on fcx, passing in a pointer to an uninitialized
+ len.
+
+ With these two commands, file_filter doesn't actually do anything with
+ the value of len, so there's no actual risk of use of uninitialized
+ memory in the code as it stands.
+
+ However, some static analysis tools might flag this situation with a
+ warning, and initializing the value doesn't hurt anything, so i think
+ this trivial cleanup is warranted.
+
+ Debian-Bug-Id: 773469
+
+diff --git a/common/iobuf.c b/common/iobuf.c
+index ae9bfa9..4c6d5b5 100644
+--- a/common/iobuf.c
++++ b/common/iobuf.c
+@@ -1303,7 +1303,7 @@ iobuf_open (const char *fname)
+ iobuf_t a;
+ fp_or_fd_t fp;
+ file_filter_ctx_t *fcx;
+- size_t len;
++ size_t len = 0;
+ int print_only = 0;
+ int fd;
+
+commit f542826b04e35f13a30116564daaf6456440b1d4
+Author: Daniel Kahn Gillmor <[email protected]>
+Date: Fri Dec 19 17:12:05 2014 -0500
+
+ gpgkey2ssh: clean up varargs
+
+ * tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.
+
+ --
+
+ stdarg(3) says:
+ Each invocation of va_start() must be matched by a
+ corresponding invocation of va_end() in the same function.
+
+ Observed by Joshua Rogers <[email protected]>
+
+ Debian-Bug-Id: 773415
+
+diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c
+index 903fb5b..d22c5ac 100644
+--- a/tools/gpgkey2ssh.c
++++ b/tools/gpgkey2ssh.c
+@@ -224,6 +224,8 @@ key_to_blob (unsigned char **blob, size_t *blob_n, const char *identifier, ...)
+ assert (ret == 1);
+ }
+
++ va_end (ap);
++
+ blob_new_n = ftell (stream);
+ rewind (stream);
+
+commit 01b364b6da2fbb8850178674e1534d725cd760c8
+Author: Werner Koch <[email protected]>
+Date: Mon Dec 22 12:44:13 2014 +0100
+
+ doc: Fix memory leak in yat2m.
+
+ * doc/yat2m.c (write_th): Free NAME.
+ --
+
+ Reported-by: Joshua Rogers <[email protected]>
+
+diff --git a/doc/yat2m.c b/doc/yat2m.c
+index 2ac4390..fc932d9 100644
+--- a/doc/yat2m.c
++++ b/doc/yat2m.c
+@@ -609,6 +609,7 @@ write_th (FILE *fp)
+ *p++ = 0;
+ fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n",
+ name, p, isodatestring (), opt_release, opt_source);
++ free (name);
+ return 0;
+ }
+
+commit 907a9a1e986b8c8266f4f01e8ed82acfc636a519
+Author: Werner Koch <[email protected]>
+Date: Mon Dec 22 12:16:46 2014 +0100
+
+ gpgsm: Return NULL on fail
+
+ * sm/gpgsm.c (parse_keyserver_line): Set SERVER to NULL.
+
+ --
+
+ Cherry-pick of abd5f6752d693b7f313c19604f0723ecec4d39a6.
+
+ Reported-by: Joshua Rogers <[email protected]>
+
+ "If something inside the ldapserver_parse_one function failed,
+ 'server' would be freed, then returned, leading to a
+ use-after-free. This code is likely copied from sm/gpgsm.c, which
+ was also susceptible to this bug."
+
+ Signed-off-by: Werner Koch <[email protected]>
+
+diff --git a/sm/gpgsm.c b/sm/gpgsm.c
+index 97ec4bb..855de83 100644
+--- a/sm/gpgsm.c
++++ b/sm/gpgsm.c
+@@ -840,6 +840,7 @@ parse_keyserver_line (char *line,
+ {
+ log_info (_("%s:%u: skipping this line\n"), filename, lineno);
+ keyserver_list_free (server);
++ server = NULL;
+ }
+
+ return server;
+
+-----------------------------------------------------------------------
+
+Summary of changes:
+ agent/minip12.c | 2 ++
+ common/iobuf.c | 2 +-
+ doc/yat2m.c | 1 +
+ scd/command.c | 6 ++----
+ sm/gpgsm.c | 1 +
+ tools/gpgconf-comp.c | 5 ++++-
+ tools/gpgkey2ssh.c | 2 ++
+ 7 files changed, 13 insertions(+), 6 deletions(-)
+
+hooks/post-receive
+-- <#>
+
+--
+The GNU Privacy Guard
+http://git.gnupg.org
+
+Permalink
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.cvs/10207> | Reply
+<http://post.gmane.org/post.php?group=gmane.comp.encryption.gpg.cvs&followup=10207>
+|
+
+Navigate
+Go to gmane.comp.encryption.gpg.cvs
+<http://blog.gmane.org/gmane.comp.encryption.gpg.cvs>.
+Topic
+Go to the topic
+<http://news.gmane.org/find-root.php?group=gmane.comp.encryption.gpg.cvs&article=10207&type=blog>.
+
+Advertisement
+Search Archive
+
+Language
+Change language <http://gmane.org/language.php>
+Options
+Current view: Threads only / Showing whole messages / Not hiding cited text.
+Change to All messages,
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.cvs?set_blog_all=yes>shortened
+messages
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.cvs?set_lines=20>,
+or hide cited text
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.cvs?set_cite=hide>.
+
+Post a message
+<http://post.gmane.org/post.php?group=gmane.comp.encryption.gpg.cvs>
+NNTP Newsgroup <nntp://news.gmane.org/gmane.comp.encryption.gpg.cvs>
+Classic Gmane web interface
+<http://news.gmane.org/find-root.php?message_id=E1YAqcu%2d00022P%2d1h%40lists.gnupg.org>
+XML RSS Feed <http://rss.gmane.org/gmane.comp.encryption.gpg.cvs>
+List Information <http://dir.gmane.org/gmane.comp.encryption.gpg.cvs>
+
+About Gmane <http://gmane.org/faq.php>
+
+Gmane <http://gmane.org/>
+