# Add support for Boost 1.53+.

# Upstream commit: dfe4b51c8db852b7281a125aac6f3ddee34906f6

============================================================

--- src/database.cc	87efeeff2d3263ba98af684a4022f1897434ed2d

+++ src/database.cc	39ab2644b936e09a536b99ebd28b93f6e0d7c162

@@ -92,7 +92,7 @@ using boost::shared_ptr;

 using std::accumulate;

 using boost::shared_ptr;

-using boost::shared_dynamic_cast;

+using boost::dynamic_pointer_cast;

 using boost::lexical_cast;

 using boost::get;

 using boost::tuple;

@@ -3430,7 +3430,7 @@ database::encrypt_rsa(key_id const & pub

   shared_ptr<X509_PublicKey> x509_key(Botan::X509::load_key(pub_block));

   shared_ptr<RSA_PublicKey> pub_key

-    = shared_dynamic_cast<RSA_PublicKey>(x509_key);

+    = dynamic_pointer_cast<RSA_PublicKey>(x509_key);

   if (!pub_key)

     throw recoverable_failure(origin::system,

                               "Failed to get RSA encrypting key");

@@ -3481,7 +3481,7 @@ database::check_signature(key_id const &

       L(FL("building verifier for %d-byte pub key") % pub_block.size());

       shared_ptr<X509_PublicKey> x509_key(Botan::X509::load_key(pub_block));

       shared_ptr<RSA_PublicKey> pub_key

-        = boost::shared_dynamic_cast<RSA_PublicKey>(x509_key);

+        = boost::dynamic_pointer_cast<RSA_PublicKey>(x509_key);

       E(pub_key, id.inner().made_from,

         F("failed to get RSA verifying key for %s") % id);

============================================================

--- src/key_store.cc	b7859345f7c665914d16357409bdff24a48b7996

+++ src/key_store.cc	1ca13b7ee527bc2872d9fc325cf5ef327ca053c2

@@ -43,7 +43,7 @@ using boost::shared_ptr;

 using boost::scoped_ptr;

 using boost::shared_ptr;

-using boost::shared_dynamic_cast;

+using boost::dynamic_pointer_cast;

 using Botan::RSA_PrivateKey;

 using Botan::RSA_PublicKey;

@@ -641,7 +641,7 @@ key_store_state::decrypt_private_key(key

   I(pkcs8_key);

   shared_ptr<RSA_PrivateKey> priv_key;

-  priv_key = shared_dynamic_cast<RSA_PrivateKey>(pkcs8_key);

+  priv_key = dynamic_pointer_cast<RSA_PrivateKey>(pkcs8_key);

   E(priv_key, origin::no_fault,

     F("failed to extract RSA private key from PKCS#8 keypair"));

@@ -879,7 +879,8 @@ key_store::make_signature(database & db,

         L(FL("make_signature: building %d-byte pub key") % pub_block.size());

         shared_ptr<X509_PublicKey> x509_key =

           shared_ptr<X509_PublicKey>(Botan::X509::load_key(pub_block));

-        shared_ptr<RSA_PublicKey> pub_key = shared_dynamic_cast<RSA_PublicKey>(x509_key);

+        shared_ptr<RSA_PublicKey> pub_key =

+          dynamic_pointer_cast<RSA_PublicKey>(x509_key);

         if (!pub_key)

           throw recoverable_failure(origin::system,

@@ -1092,7 +1093,7 @@ key_store_state::migrate_old_key_pair

         continue;

       }

-  priv_key = shared_dynamic_cast<RSA_PrivateKey>(pkcs8_key);

+  priv_key = dynamic_pointer_cast<RSA_PrivateKey>(pkcs8_key);

   I(priv_key);

   // now we can write out the new key

============================================================

--- src/ssh_agent.cc	4a0dcab873559e934e41c5f220b5434d35600d9b

+++ src/ssh_agent.cc	6313ee3cdfca4112ba3957dc4a5f318472289dfa

@@ -32,7 +32,7 @@ using boost::shared_ptr;

 using std::vector;

 using boost::shared_ptr;

-using boost::shared_dynamic_cast;

+using boost::dynamic_pointer_cast;

 using Botan::RSA_PublicKey;

 using Botan::RSA_PrivateKey;

@@ -391,7 +391,8 @@ ssh_agent::has_key(const keypair & key)

   L(FL("has_key: building %d-byte pub key") % pub_block.size());

   shared_ptr<X509_PublicKey> x509_key =

     shared_ptr<X509_PublicKey>(Botan::X509::load_key(pub_block));

-  shared_ptr<RSA_PublicKey> pub_key = shared_dynamic_cast<RSA_PublicKey>(x509_key);

+  shared_ptr<RSA_PublicKey> pub_key = 

+    dynamic_pointer_cast<RSA_PublicKey>(x509_key);

   if (!pub_key)

     throw recoverable_failure(origin::system,

============================================================

--- src/database.cc	4c259f963c440fc95564dfec99b2f832f0bad643

+++ src/database.cc	87efeeff2d3263ba98af684a4022f1897434ed2d

@@ -3425,9 +3425,8 @@ database::encrypt_rsa(key_id const & pub

   rsa_pub_key pub;

   get_key(pub_id, pub);

-  SecureVector<Botan::byte> pub_block;

-  pub_block.set(reinterpret_cast<Botan::byte const *>(pub().data()),

-                pub().size());

+  SecureVector<Botan::byte> pub_block

+    (reinterpret_cast<Botan::byte const *>(pub().data()), pub().size());

   shared_ptr<X509_PublicKey> x509_key(Botan::X509::load_key(pub_block));

   shared_ptr<RSA_PublicKey> pub_key

@@ -3471,14 +3470,13 @@ database::check_signature(key_id const &

   else

     {

       rsa_pub_key pub;

-      SecureVector<Botan::byte> pub_block;

       if (!public_key_exists(id))

         return cert_unknown;

       get_key(id, pub);

-      pub_block.set(reinterpret_cast<Botan::byte const *>(pub().data()),

-                    pub().size());

+      SecureVector<Botan::byte> pub_block

+        (reinterpret_cast<Botan::byte const *>(pub().data()), pub().size());

       L(FL("building verifier for %d-byte pub key") % pub_block.size());

       shared_ptr<X509_PublicKey> x509_key(Botan::X509::load_key(pub_block));

============================================================

--- src/gzip.cc	e7c19bee910e3d421fd073933810ec52092b1d9b

+++ src/gzip.cc	9da41f6820cdf39707b22c716e3682e0fa0fd745

@@ -110,7 +110,7 @@ Gzip_Compression::Gzip_Compression(u32bi

    if(deflateInit2(&(zlib->stream), level, Z_DEFLATED, -15, 8, Z_DEFAULT_STRATEGY) != Z_OK)

       {

       delete zlib; zlib = 0;

-      throw Exception("Gzip_Compression: Memory allocation error");

+      throw Memory_Exhaustion();

       }

    }

@@ -137,7 +137,7 @@ void Gzip_Compression::start_msg()

 /*************************************************

 * Compress Input with Gzip                       *

 *************************************************/

-void Gzip_Compression::write(const byte input[], u32bit length)

+void Gzip_Compression::write(const byte input[], filter_length_t length)

    {

    count += length;

@@ -152,7 +152,7 @@ void Gzip_Compression::write(const byte 

       zlib->stream.avail_out = buffer.size();

       int rc = deflate(&(zlib->stream), Z_NO_FLUSH);

       if (rc != Z_OK && rc != Z_STREAM_END)

-         throw Exception("Internal error in Gzip_Compression deflate.");

+         throw Invalid_State("Internal error in Gzip_Compression deflate.");

       send(buffer.begin(), buffer.size() - zlib->stream.avail_out);

       }

    }

@@ -172,7 +172,7 @@ void Gzip_Compression::end_msg()

       zlib->stream.avail_out = buffer.size();

       rc = deflate(&(zlib->stream), Z_FINISH);

       if (rc != Z_OK && rc != Z_STREAM_END)

-         throw Exception("Internal error in Gzip_Compression finishing deflate.");

+         throw Invalid_State("Internal error in Gzip_Compression finishing deflate.");

       send(buffer.begin(), buffer.size() - zlib->stream.avail_out);

       }

@@ -228,7 +228,7 @@ Gzip_Decompression::Gzip_Decompression()

    no_writes(true), pipe(new Hash_Filter("CRC32")), footer(0)

    {

    if (DEFAULT_BUFFERSIZE < sizeof(GZIP::GZIP_HEADER))

-      throw Exception("DEFAULT_BUFFERSIZE is too small");

+      throw Decoding_Error("DEFAULT_BUFFERSIZE is too small");

    zlib = new Zlib_Stream;

@@ -237,7 +237,7 @@ Gzip_Decompression::Gzip_Decompression()

    if(inflateInit2(&(zlib->stream), -15) != Z_OK)

       {

       delete zlib; zlib = 0;

-      throw Exception("Gzip_Decompression: Memory allocation error");

+      throw Memory_Exhaustion();

       }

    }

@@ -256,7 +256,7 @@ void Gzip_Decompression::start_msg()

 void Gzip_Decompression::start_msg()

    {

    if (!no_writes)

-      throw Exception("Gzip_Decompression: start_msg after already writing");

+      throw Decoding_Error("Gzip_Decompression: start_msg after already writing");

    pipe.start_msg();

    datacount = 0;

@@ -267,7 +267,7 @@ void Gzip_Decompression::start_msg()

 /*************************************************

 * Decompress Input with Gzip                     *

 *************************************************/

-void Gzip_Decompression::write(const byte input[], u32bit length)

+void Gzip_Decompression::write(const byte input[], filter_length_t length)

    {

    if(length) no_writes = false;

@@ -277,15 +277,16 @@ void Gzip_Decompression::write(const byt

          u32bit eat_len = eat_footer(input, length);

          input += eat_len;

          length -= eat_len;

-         if (length == 0)

-            return;

       }

+   if (length == 0)

+     return;

+

    // Check the gzip header

    if (pos < sizeof(GZIP::GZIP_HEADER))

       {

-      u32bit len = std::min((u32bit)sizeof(GZIP::GZIP_HEADER)-pos, length);

-      u32bit cmplen = len;

+      filter_length_t len = std::min((filter_length_t)sizeof(GZIP::GZIP_HEADER)-pos, length);

+      filter_length_t cmplen = len;

       // The last byte is the OS flag - we don't care about that

       if (pos + len - 1 >= GZIP::HEADER_POS_OS)

          cmplen--;

@@ -317,8 +318,8 @@ void Gzip_Decompression::write(const byt

          if(rc == Z_NEED_DICT)

             throw Decoding_Error("Gzip_Decompression: Need preset dictionary");

          if(rc == Z_MEM_ERROR)

-            throw Exception("Gzip_Decompression: Memory allocation error");

-         throw Exception("Gzip_Decompression: Unknown decompress error");

+            throw Memory_Exhaustion();

+         throw Decoding_Error("Gzip_Decompression: Unknown decompress error");

          }

       send(buffer.begin(), buffer.size() - zlib->stream.avail_out);

       pipe.write(buffer.begin(), buffer.size() - zlib->stream.avail_out);

@@ -346,8 +347,14 @@ u32bit Gzip_Decompression::eat_footer(co

       if (footer.size() >= GZIP::FOOTER_LENGTH)

          throw Decoding_Error("Gzip_Decompression: Data integrity error in footer");

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+      size_t eat_len = std::min(GZIP::FOOTER_LENGTH-footer.size(),

+                                static_cast<size_t>(length));

+      footer += std::make_pair(input, eat_len);

+#else

       u32bit eat_len = std::min(GZIP::FOOTER_LENGTH-footer.size(), length);

       footer.append(input, eat_len);

+#endif

       if (footer.size() == GZIP::FOOTER_LENGTH)

          {

@@ -364,7 +371,7 @@ void Gzip_Decompression::check_footer()

 void Gzip_Decompression::check_footer()

    {

    if (footer.size() != GZIP::FOOTER_LENGTH)

-      throw Exception("Gzip_Decompression: Error finalizing decompression");

+      throw Decoding_Error("Gzip_Decompression: Error finalizing decompression");

    pipe.end_msg();

@@ -377,7 +384,12 @@ void Gzip_Decompression::check_footer()

   for (int i = 0; i < 4; i++)

      buf[3-i] = tmpbuf[i];

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+  tmpbuf.resize(4);

+  tmpbuf.copy(footer.begin(), 4);

+#else

   tmpbuf.set(footer.begin(), 4);

+#endif

   if (buf != tmpbuf)

       throw Decoding_Error("Gzip_Decompression: Data integrity error - CRC32 error");

@@ -400,7 +412,7 @@ void Gzip_Decompression::end_msg()

    // read, clear() will reset no_writes

    if(no_writes) return;

-   throw Exception("Gzip_Decompression: didn't find footer");

+   throw Decoding_Error("Gzip_Decompression: didn't find footer");

    }

@@ -412,7 +424,11 @@ void Gzip_Decompression::clear()

    no_writes = true;

    inflateReset(&(zlib->stream));

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+   footer.clear();

+#else

    footer.destroy();

+#endif

    pos = 0;

    datacount = 0;

    }

============================================================

--- src/gzip.hh	649dfc0b250954f39c0f73870f8bec3f32f7fa43

+++ src/gzip.hh	aff9da63bb22366bccf69c2d75ee7790406d2455

@@ -7,11 +7,18 @@

 #ifndef BOTAN_EXT_GZIP_H__

 #define BOTAN_EXT_GZIP_H__

+#include <botan/version.h>

 #include <botan/filter.h>

 #include <botan/pipe.h>

 namespace Botan {

+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,4)

+// Only 1.9.4 and newer export the Memory_Exception. Give this gzip

+// implementation something compatible to work with.

+typedef std::bad_alloc Memory_Exhaustion;

+#endif

+

 namespace GZIP {

    /* A basic header - we only need to set the IDs and compression method */

@@ -30,13 +37,19 @@ namespace GZIP {

 }

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+typedef size_t filter_length_t;

+#else

+typedef u32bit filter_length_t;

+#endif

+

 /*************************************************

 * Gzip Compression Filter                        *

 *************************************************/

 class Gzip_Compression : public Filter

    {

    public:

-      void write(const byte input[], u32bit length);

+      void write(const byte input[], filter_length_t length);

       void start_msg();

       void end_msg();

       std::string name() const { return "Gzip_Compression"; }

@@ -60,7 +73,7 @@ class Gzip_Decompression : public Filter

 class Gzip_Decompression : public Filter

    {

    public:

-      void write(const byte input[], u32bit length);

+      void write(const byte input[], filter_length_t length);

       void start_msg();

       void end_msg();

       std::string name() const { return "Gzip_Decompression"; }

============================================================

--- src/key_packet.cc	d1306df89dd684badac02c03744cd446381c07d3

+++ src/key_packet.cc	c97262d161b23c9640972188979669b3e95afe7b

@@ -106,8 +106,8 @@ namespace

     void validate_public_key_data(string const & name, string const & keydata) const

     {

       string decoded = decode_base64_as<string>(keydata, origin::user);

-      Botan::SecureVector<Botan::byte> key_block;

-      key_block.set(reinterpret_cast<Botan::byte const *>(decoded.c_str()), decoded.size());

+      Botan::SecureVector<Botan::byte> key_block

+        (reinterpret_cast<Botan::byte const *>(decoded.c_str()), decoded.size());

       try

         {

           Botan::X509::load_key(key_block);

============================================================

--- src/key_store.cc	64c4c4bed1fadc26b51207b9f61343f9dd7d3c6e

+++ src/key_store.cc	b7859345f7c665914d16357409bdff24a48b7996

@@ -572,13 +572,21 @@ key_store_state::decrypt_private_key(key

   try // with empty passphrase

     {

       Botan::DataSource_Memory ds(kp.priv());

-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+      pkcs8_key.reset(Botan::PKCS8::load_key(ds, lazy_rng::get(), Dummy_UI()));

+#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)

       pkcs8_key.reset(Botan::PKCS8::load_key(ds, lazy_rng::get(), ""));

 #else

       pkcs8_key.reset(Botan::PKCS8::load_key(ds, ""));

 #endif

     }

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+  catch (Passphrase_Required & e)

+#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,4)

+  catch (Botan::Invalid_Argument & e)

+#else

   catch (Botan::Exception & e)

+#endif

     {

       L(FL("failed to load key with no passphrase: %s") % e.what());

@@ -605,13 +613,18 @@ key_store_state::decrypt_private_key(key

           {

             Botan::DataSource_Memory ds(kp.priv());

 #if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)

-            pkcs8_key.reset(Botan::PKCS8::load_key(ds, lazy_rng::get(), phrase()));

+            pkcs8_key.reset(Botan::PKCS8::load_key(ds, lazy_rng::get(),

+                                                   phrase()));

 #else

             pkcs8_key.reset(Botan::PKCS8::load_key(ds, phrase()));

 #endif

             break;

           }

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,4)

+        catch (Botan::Invalid_Argument)

+#else

         catch (Botan::Exception & e)

+#endif

           {

             cycles++;

             L(FL("decrypt_private_key: failure %d to load encrypted key: %s")

@@ -822,10 +835,14 @@ key_store::decrypt_rsa(key_id const & id

       plaintext = string(reinterpret_cast<char const*>(plain.begin()),

                          plain.size());

     }

-  catch (Botan::Exception & ex)

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,4)

+  catch (std::exception & e)

+#else

+  catch (Botan::Exception & e)

+#endif

     {

       E(false, ciphertext.made_from,

-        F("Botan error decrypting data: '%s'") % ex.what());

+        F("Botan error decrypting data: '%s'") % e.what());

     }

 }

@@ -856,9 +873,9 @@ key_store::make_signature(database & db,

     {

       if (agent.connected()) {

         //grab the monotone public key as an RSA_PublicKey

-        SecureVector<Botan::byte> pub_block;

-        pub_block.set(reinterpret_cast<Botan::byte const *>(key.pub().data()),

-                      key.pub().size());

+        SecureVector<Botan::byte> pub_block

+          (reinterpret_cast<Botan::byte const *>(key.pub().data()),

+           key.pub().size());

         L(FL("make_signature: building %d-byte pub key") % pub_block.size());

         shared_ptr<X509_PublicKey> x509_key =

           shared_ptr<X509_PublicKey>(Botan::X509::load_key(pub_block));

@@ -1031,8 +1048,14 @@ key_store_state::migrate_old_key_pair

   for (;;)

     try

       {

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+        arc4_key.resize(phrase().size());

+        arc4_key.copy(reinterpret_cast<Botan::byte const *>(phrase().data()),

+                      phrase().size());

+#else

         arc4_key.set(reinterpret_cast<Botan::byte const *>(phrase().data()),

                      phrase().size());

+#endif

         Pipe arc4_decryptor(get_cipher("ARC4", arc4_key, Botan::DECRYPTION));

@@ -1051,7 +1074,11 @@ key_store_state::migrate_old_key_pair

 #endif

         break;

       }

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,4)

+    catch (Botan::Invalid_Argument & e)

+#else

     catch (Botan::Exception & e)

+#endif

       {

         L(FL("migrate_old_key_pair: failure %d to load old private key: %s")

           % cycles % e.what());

============================================================

--- src/monotone.cc	a25ecdd170a601db798b63a60add7681609a34c4

+++ src/monotone.cc	764bc9ca406b41d21efd552a0d810bc2849e0588

@@ -156,27 +156,53 @@ cpp_main(int argc, char ** argv)

       E(linked_botan_version != BOTAN_VERSION_CODE_FOR(1,7,14), origin::system,

         F("monotone does not support Botan 1.7.14"));

-#if BOTAN_VERSION_CODE <= BOTAN_VERSION_CODE_FOR(1,7,6)

+      // In Botan 1.9.9, the DataSink_Stream cannot be instantiated per

+      // se. As 1.10.1 is already out, let's simply disable support for

+      // that specific (testing) version of botan.

+      E(linked_botan_version != BOTAN_VERSION_CODE_FOR(1,9,9), origin::system,

+        F("monotone does not support Botan 1.9.9"));

+

+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,7,7)

+      // motonote binary compiled against botan younger than 1.7.7

       E(linked_botan_version >= BOTAN_VERSION_CODE_FOR(1,6,3), origin::system,

         F("this monotone binary requires Botan 1.6.3 or newer"));

-      E(linked_botan_version <= BOTAN_VERSION_CODE_FOR(1,7,6), origin::system,

-        F("this monotone binary does not work with Botan newer than 1.7.6"));

-#elif BOTAN_VERSION_CODE <= BOTAN_VERSION_CODE_FOR(1,7,22)

-      E(linked_botan_version > BOTAN_VERSION_CODE_FOR(1,7,6), origin::system,

+      E(linked_botan_version < BOTAN_VERSION_CODE_FOR(1,7,7), origin::system,

+        F("this monotone binary does not work with Botan 1.7.7 or newer"));

+

+#elif BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,7,22)

+      // motonote binary compiled against botan 1.7.7 - 1.7.21

+      E(linked_botan_version >= BOTAN_VERSION_CODE_FOR(1,7,7), origin::system,

         F("this monotone binary requires Botan 1.7.7 or newer"));

-      // While compiling against 1.7.22 or newer is recommended, because

-      // it enables new features of Botan, the monotone binary compiled

-      // against Botan 1.7.21 and before should still work with newer Botan

-      // versions, including all of the stable branch 1.8.x.

-      E(linked_botan_version < BOTAN_VERSION_CODE_FOR(1,9,0), origin::system,

-        F("this monotone binary does not work with Botan 1.9.x"));

-#else

-      E(linked_botan_version > BOTAN_VERSION_CODE_FOR(1,7,22), origin::system,

+      // While compiling against 1.7.22 or newer is recommended, because it

+      // enables new features of Botan, the monotone binary compiled against

+      // Botan 1.7.21 and before should still work with newer Botan version,

+      // including all of the stable branch 1.8.x, up to and including

+      // 1.9.3.

+      E(linked_botan_version < BOTAN_VERSION_CODE_FOR(1,9,4), origin::system,

+        F("this monotone binary does not work with Botan 1.9.4 or newer"));

+

+#elif BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,4)

+      // motonote binary compiled against botan 1.7.22 - 1.9.3

+      E(linked_botan_version >= BOTAN_VERSION_CODE_FOR(1,7,22), origin::system,

         F("this monotone binary requires Botan 1.7.22 or newer"));

-      E(linked_botan_version < BOTAN_VERSION_CODE_FOR(1,9,0), origin::system,

-        F("this monotone binary does not work with Botan 1.9.x"));

+      E(linked_botan_version < BOTAN_VERSION_CODE_FOR(1,9,4), origin::system,

+        F("this monotone binary does not work with Botan 1.9.4 or newer"));

+

+#elif BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,11)

+      // motonote binary compiled against botan 1.9.4 - 1.9.10

+#pragma message ( "The resulting monotone binary won't be able to run with any stable release of botan." )

+      E(linked_botan_version >= BOTAN_VERSION_CODE_FOR(1,9,4), origin::system,

+        F("this monotone binary requires Botan 1.9.4 or newer"));

+      E(linked_botan_version < BOTAN_VERSION_CODE_FOR(1,9,11), origin::system,

+        F("this monotone binary does not work with Botan 1.9.11 or newer"));

+

+#else

+      // motonote binary compiled against botan 1.9.11 and newer

+      E(linked_botan_version >= BOTAN_VERSION_CODE_FOR(1,9,11), origin::system,

+        F("this monotone binary requires Botan 1.9.11 or newer"));

 #endif

+

       app_state app;

       try

         {

============================================================

--- src/packet.cc	f61360ed2524fdf53411bd24d022a2a3c9e6e9c7

+++ src/packet.cc	571ff6eae1d269a146da74f2730b70376957d3bb

@@ -156,8 +156,8 @@ namespace

     void validate_public_key_data(string const & name, string const & keydata) const

     {

       string decoded = decode_base64_as<string>(keydata, origin::user);

-      Botan::SecureVector<Botan::byte> key_block;

-      key_block.set(reinterpret_cast<Botan::byte const *>(decoded.c_str()), decoded.size());

+      Botan::SecureVector<Botan::byte> key_block

+        (reinterpret_cast<Botan::byte const *>(decoded.c_str()), decoded.size());

       try

         {

           Botan::X509::load_key(key_block);

@@ -175,7 +175,9 @@ namespace

       Botan::DataSource_Memory ds(decoded);

       try

         {

-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+          Botan::PKCS8::load_key(ds, lazy_rng::get(), Dummy_UI());

+#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)

           Botan::PKCS8::load_key(ds, lazy_rng::get(), string());

 #else

           Botan::PKCS8::load_key(ds, string());

@@ -189,7 +191,11 @@ namespace

         }

       // since we do not want to prompt for a password to decode it finally,

       // we ignore all other exceptions

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+      catch (Passphrase_Required) {}

+#else

       catch (Botan::Invalid_Argument) {}

+#endif

     }

     void validate_certname(string const & cn) const

     {

@@ -460,8 +466,16 @@ read_packets(istream & in, packet_consum

   return count;

 }

+// Dummy User_Interface implementation for Botan

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+std::string

+Dummy_UI::get_passphrase(const std::string &, const std::string &,

+                         Botan::User_Interface::UI_Result&) const

+{

+  throw Passphrase_Required("Passphrase required");

+}

+#endif

-

 // Local Variables:

 // mode: C++

 // fill-column: 76

============================================================

--- src/packet.hh	0a224e6e92f244e2c3e9a5cdb935eb8613d7e85b

+++ src/packet.hh	9c43d30145f0292d6ceda5e717e366fdead5a4d6

@@ -10,6 +10,10 @@

 #ifndef __PACKET_HH__

 #define __PACKET_HH__

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+#include <botan/ui.h>

+#endif

+

 #include "vocab.hh"

 struct cert;

@@ -84,8 +88,23 @@ size_t read_packets(std::istream & in, p

 size_t read_packets(std::istream & in, packet_consumer & cons);

+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)

+// A helper class implementing Botan::User_Interface - which doesn't really

+// interface with the user, but provides the necessary plumbing for Botan.

+//

+// See Botan commit 2d09d7d0cd4bd0e7155d001dd65a4f29103b158c

+typedef std::runtime_error Passphrase_Required;

+

+class Dummy_UI : public Botan::User_Interface

+{

+public:

+  virtual std::string get_passphrase(const std::string &, const std::string &,

+                                     Botan::User_Interface::UI_Result &) const;

+};

 #endif

+#endif

+

 // Local Variables:

 // mode: C++

 // fill-column: 76

============================================================

--- src/sha1.cc	5e1aa972d7c7d66e06320b039989652b830dcd75

+++ src/sha1.cc	42e48b22fd88b25e0d38d4f91e1f13f8a83c7120

@@ -50,9 +50,12 @@ CMD_HIDDEN(benchmark_sha1, "benchmark_sh

   Botan::Default_Benchmark_Timer timer;

   std::map<std::string, double> results =

     Botan::algorithm_benchmark("SHA-1",  milliseconds, timer, rng, af);

+#elif BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,11)

+  std::map<std::string, double> results =

+    Botan::algorithm_benchmark("SHA-1",  milliseconds, rng, af);

 #else

   std::map<std::string, double> results =

-    Botan::algorithm_benchmark("SHA-1",  milliseconds, rng, af);

+    Botan::algorithm_benchmark("SHA-1",  af, rng, milliseconds, 16);

 #endif

   for(std::map<std::string, double>::const_iterator i = results.begin();

============================================================

--- src/ssh_agent.cc	6d188e7012a0b82f782563b09bbd7adf3f70cf75

+++ src/ssh_agent.cc	4a0dcab873559e934e41c5f220b5434d35600d9b

@@ -385,9 +385,9 @@ ssh_agent::has_key(const keypair & key)

 ssh_agent::has_key(const keypair & key)

 {

   //grab the monotone public key as an RSA_PublicKey

-  SecureVector<Botan::byte> pub_block;

-  pub_block.set(reinterpret_cast<Botan::byte const *>((key.pub)().data()),

-                (key.pub)().size());

+  SecureVector<Botan::byte> pub_block

+    (reinterpret_cast<Botan::byte const *>((key.pub)().data()),

+     (key.pub)().size());

   L(FL("has_key: building %d-byte pub key") % pub_block.size());

   shared_ptr<X509_PublicKey> x509_key =

     shared_ptr<X509_PublicKey>(Botan::X509::load_key(pub_block));

============================================================

--- src/transforms.cc	cdfb6854ef4992faba21074145f3c8269b845b11

+++ src/transforms.cc	b99278ffe95c0081bf4986bc74d3699c37a52948

@@ -53,15 +53,16 @@ using Botan::Hash_Filter;

 // paradigm "must" be used. this program is intended for source code

 // control and I make no bones about it.

-NORETURN(static inline void error_in_transform(Botan::Exception & e));

+NORETURN(static inline void error_in_transform(std::exception & e));

 static inline void

-error_in_transform(Botan::Exception & e, origin::type caused_by)

+error_in_transform(std::exception & e, origin::type caused_by)

 {

   // these classes can all indicate data corruption

   if (typeid(e) == typeid(Botan::Encoding_Error)

       || typeid(e) == typeid(Botan::Decoding_Error)

       || typeid(e) == typeid(Botan::Stream_IO_Error)

+      || typeid(e) == typeid(Botan::Invalid_Argument)

       || typeid(e) == typeid(Botan::Integrity_Failure))

     {

       // clean up the what() string a little: throw away the

@@ -107,7 +108,7 @@ error_in_transform(Botan::Exception & e,

         pipe->process_msg(in);                                  \

         out = pipe->read_all_as_string(Pipe::LAST_MESSAGE);     \

       }                                                         \

-    catch (Botan::Exception & e)                                \

+    catch (std::exception & e)                                   \

       {                                                         \

         pipe.reset(new Pipe(new T(carg)));                      \

         error_in_transform(e, made_from);                       \

@@ -173,7 +174,7 @@ template<> string xform<Botan::Hex_Decod

             {

               throw Botan::Decoding_Error(string("invalid hex character '") + (char)c + "'");

             }

-          catch(Botan::Exception & e)

+          catch(std::exception & e)

             {

               error_in_transform(e, made_from);

             }

@@ -219,7 +220,7 @@ void pack(T const & in, base64< gzip<T> 

       tmp = pipe->read_all_as_string(Pipe::LAST_MESSAGE);

       out = base64< gzip<T> >(tmp, in.made_from);

     }

-  catch (Botan::Exception & e)

+  catch (std::exception & e)

     {

       pipe.reset(new Pipe(new Gzip_Compression,

                           new Base64_Encoder));

@@ -237,7 +238,7 @@ void unpack(base64< gzip<T> > const & in

       pipe->process_msg(in());

       out = T(pipe->read_all_as_string(Pipe::LAST_MESSAGE), in.made_from);

     }

-  catch (Botan::Exception & e)

+  catch (std::exception & e)

     {

       pipe.reset(new Pipe(new Base64_Decoder,

                           new Gzip_Decompression));

@@ -264,7 +265,7 @@ calculate_ident(data const & dat,

       p->process_msg(dat());

       ident = id(p->read_all_as_string(Pipe::LAST_MESSAGE), dat.made_from);

     }

-  catch (Botan::Exception & e)

+  catch (std::exception & e)

     {

       p.reset(new Pipe(new Hash_Filter("SHA-160")));

       error_in_transform(e, dat.made_from);

--- configure.orig	2014-01-22 00:48:12.855108408 +0100

+++ configure	2014-01-22 00:48:54.244105202 +0100

@@ -4594,9 +4594,7 @@ fi

 # The dummy "pkg-config" package is guaranteed to exist.

 if test -n "$PKG_CONFIG"; then

-  mtn__full_pkg_config_path=`$PKG_CONFIG --debug pkg-config 2>&1 |

-    sed -ne "/^Scanning directory '/{; s///; s/'$//; p;}" |

-    tr "$as_nl" ':' | sed 's/:$//'`

+  mtn__full_pkg_config_path=`$PKG_CONFIG --variable=pc_path pkg-config 2>&1 | sed 's/:.*$//'`

   #AC_MSG_NOTICE([detected pkg-config path: $mtn__full_pkg_config_path])

 fi

--- src/automate_reader.hh.orig	2014-01-22 01:04:27.675051506 +0100

+++ src/automate_reader.hh	2014-01-22 01:04:41.682040341 +0100

@@ -13,6 +13,7 @@

 #define __AUTOMATE_READER_HH__

 #include <vector>

+#include <iostream>

 class automate_reader

 {