netpgp: update and import patches from NetBSD

srcpkgs/netpgp/patches/keyring_crash.patch

@@ -1,21 +0,0 @@
-$NetBSD: patch-src_lib_keyring.c,v 1.1 2017/02/20 01:09:11 khorben Exp $
-
-Do not crash when listing keys without a keyring
-
---- src/lib/keyring.c.orig	2017-02-20 01:03:25.000000000 +0000
-+++ src/lib/keyring.c
-@@ -993,9 +993,12 @@ pgp_keyring_list(pgp_io_t *io, const pgp
- {
- 	pgp_key_t		*key;
- 	unsigned		 n;
-+	unsigned		 keyc = (keyring != NULL) ? keyring->keyc : 0;
- 
--	(void) fprintf(io->res, "%u key%s\n", keyring->keyc,
--		(keyring->keyc == 1) ? "" : "s");
-+	(void) fprintf(io->res, "%u key%s\n", keyc, (keyc == 1) ? "" : "s");
-+	if (keyring == NULL) {
-+		return 1;
-+	}
- 	for (n = 0, key = keyring->keys; n < keyring->keyc; ++n, ++key) {
- 		if (pgp_is_key_secret(key)) {
- 			pgp_print_keydata(io, keyring, key, "sec",

srcpkgs/netpgp/patches/lib_keyring_c.patch

@@ -0,0 +1,68 @@
+$NetBSD: patch-src_lib_keyring.c,v 1.3 2018/03/15 20:00:43 khorben Exp $
+
+Do not crash when listing keys without a keyring.
+Do not use random data for pass-phrases on EOF.
+Do not ask for a passphrase when empty.
+
+--- src/lib/keyring.c.orig	2011-06-25 00:37:44.000000000 +0000
++++ src/lib/keyring.c
+@@ -226,7 +226,7 @@ typedef struct {
+ 	pgp_seckey_t		*seckey;
+ } decrypt_t;
+ 
+-static pgp_cb_ret_t 
++static pgp_cb_ret_t
+ decrypt_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
+ {
+ 	const pgp_contents_t	*content = &pkt->u;
+@@ -244,7 +244,9 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_
+ 		break;
+ 
+ 	case PGP_GET_PASSPHRASE:
+-		(void) pgp_getpassphrase(decrypt->passfp, pass, sizeof(pass));
++		if (pgp_getpassphrase(decrypt->passfp, pass, sizeof(pass)) == 0) {
++			pass[0] = '\0';
++		}
+ 		*content->skey_passphrase.passphrase = netpgp_strdup(pass);
+ 		pgp_forget(pass, (unsigned)sizeof(pass));
+ 		return PGP_KEEP_MEMORY;
+@@ -292,6 +294,20 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_
+ 	return PGP_RELEASE_MEMORY;
+ }
+ 
++static pgp_cb_ret_t
++decrypt_cb_empty(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
++{
++	const pgp_contents_t	*content = &pkt->u;
++
++	switch (pkt->tag) {
++	case PGP_GET_PASSPHRASE:
++		*content->skey_passphrase.passphrase = netpgp_strdup("");
++		return PGP_KEEP_MEMORY;
++	default:
++		return decrypt_cb(pkt, cbinfo);
++	}
++}
++
+ /**
+ \ingroup Core_Keys
+ \brief Decrypts secret key from given keydata with given passphrase
+@@ -306,8 +322,18 @@ pgp_decrypt_seckey(const pgp_key_t *key,
+ 	const int	 printerrors = 1;
+ 	decrypt_t	 decrypt;
+ 
++	/* first try with an empty passphrase */
+ 	(void) memset(&decrypt, 0x0, sizeof(decrypt));
+ 	decrypt.key = key;
++	stream = pgp_new(sizeof(*stream));
++	pgp_keydata_reader_set(stream, key);
++	pgp_set_callback(stream, decrypt_cb_empty, &decrypt);
++	stream->readinfo.accumulate = 1;
++	pgp_parse(stream, !printerrors);
++	if (decrypt.seckey != NULL) {
++		return decrypt.seckey;
++	}
++	/* ask for a passphrase */
+ 	decrypt.passfp = passfp;
+ 	stream = pgp_new(sizeof(*stream));
+ 	pgp_keydata_reader_set(stream, key);

srcpkgs/netpgp/patches/lib_reader_c.patch

@@ -0,0 +1,26 @@
+$NetBSD: patch-src_lib_reader.c,v 1.1 2018/03/15 19:51:08 khorben Exp $
+
+Do not truncate pass-phrases without a newline character.
+
+--- src/lib/reader.c.orig	2012-03-05 02:20:18.000000000 +0000
++++ src/lib/reader.c
+@@ -160,6 +160,7 @@ int
+ pgp_getpassphrase(void *in, char *phrase, size_t size)
+ {
+ 	char	*p;
++	size_t	 len;
+ 
+ 	if (in == NULL) {
+ 		while ((p = getpass("netpgp passphrase: ")) == NULL) {
+@@ -169,7 +170,10 @@ pgp_getpassphrase(void *in, char *phrase
+ 		if (fgets(phrase, (int)size, in) == NULL) {
+ 			return 0;
+ 		}
+-		phrase[strlen(phrase) - 1] = 0x0;
++		len = strlen(phrase);
++		if (len >= 1 && phrase[len - 1] == '\n') {
++			phrase[len - 1] = '\0';
++		}
+ 	}
+ 	return 1;
+ }

srcpkgs/netpgp/patches/lib_signature_c.patch

@@ -0,0 +1,19 @@
+$NetBSD: patch-src_lib_signature.c,v 1.1 2018/03/15 20:21:52 khorben Exp $
+
+Output signatures to the standard output for "-".
+
+--- src/lib/signature.c.orig	2012-03-05 02:20:18.000000000 +0000
++++ src/lib/signature.c
+@@ -903,7 +903,11 @@ open_output_file(pgp_output_t **output,
+ 
+ 	/* setup output file */
+ 	if (outname) {
+-		fd = pgp_setup_file_write(output, outname, overwrite);
++		if (strcmp(outname, "-") == 0) {
++			fd = pgp_setup_file_write(output, NULL, overwrite);
++		} else {
++			fd = pgp_setup_file_write(output, outname, overwrite);
++		}
+ 	} else {
+ 		unsigned        flen = (unsigned)(strlen(inname) + 4 + 1);
+ 		char           *f = NULL;

srcpkgs/netpgp/patches/netpgp_1.patch

@@ -0,0 +1,25 @@
+$NetBSD: patch-src_netpgp_netpgp.1,v 1.1 2018/03/15 20:14:14 khorben Exp $
+
+Correct option "--armor".
+Also document alternate option "--detach".
+
+--- src/netpgp/netpgp.1.orig	2014-02-17 07:23:18.000000000 +0000
++++ src/netpgp/netpgp.1
+@@ -203,7 +203,7 @@ library.
+ In addition to one of the preceding commands, a number of qualifiers
+ or options may be given.
+ .Bl -tag -width Ar
+-.It Fl Fl armour , Fl armor
++.It Fl Fl armour , Fl Fl armor
+ This option, however it is spelled, wraps the signature as an
+ ASCII-encoded piece of text, for ease of use.
+ .It Fl Fl cipher Ar ciphername
+@@ -216,7 +216,7 @@ access to the cipher used.
+ The default cipher algorithm is the
+ .Dq CAST5
+ algorithm.
+-.It Fl Fl detached
++.It Fl Fl detach , Fl Fl detached
+ When signing a file, place the resulting signature in a separate
+ file from the one being signed.
+ .It Fl Fl hash-alg Ar hash-algorithm

srcpkgs/netpgp/template

@@ -1,7 +1,7 @@
 # Template file for 'netpgp'
 pkgname=netpgp
 version=20140220
-revision=15
+revision=16
 build_style=gnu-configure
 hostmakedepends="automake libtool pkg-config"
 makedepends="zlib-devel bzip2-devel libressl-devel"