[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 45ed86aa273d9bb10f4856de72616d889f43f016 Author: Hank Leininger korelogic com> AuthorDate: Fri Feb 16 04:29:49 2024 + Commit: Sam James gentoo org> CommitDate: Sun Feb 18 10:12:32 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45ed86aa app-crypt/gnupg: fix dirmngr behind a proxy Adapted from upstream patches: https://dev.gnupg.org/rG04cbc3074aa98660b513a80f623a7e9f0702c7c9 https://dev.gnupg.org/rG848546b05ab0ff6abd47724ecfab73bf32dd4c01 Signed-off-by: Hank Leininger korelogic.com> Closes: https://bugs.gentoo.org/924606 Bug: https://bugs.gentoo.org/835949 Closes: https://github.com/gentoo/gentoo/pull/35368 Signed-off-by: Sam James gentoo.org> .../gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch| 91 ++ app-crypt/gnupg/gnupg-2.4.4-r1.ebuild | 197 + 2 files changed, 288 insertions(+) diff --git a/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch new file mode 100644 index ..ebfaddb78e03 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch @@ -0,0 +1,91 @@ +diff -urP gnupg-2.4.4.orig/dirmngr/http.c gnupg-2.4.4/dirmngr/http.c +--- gnupg-2.4.4.orig/dirmngr/http.c2024-01-25 03:06:42.0 -0700 gnupg-2.4.4/dirmngr/http.c 2024-02-15 21:10:28.849074727 -0700 +@@ -2362,7 +2362,6 @@ + * NULL, decode the string and use this as input from teh server. On + * success the final output token is stored at PROXY->OUTTOKEN and + * OUTTOKLEN. IF the authentication succeeded OUTTOKLEN is zero. */ +-#ifdef USE_TLS + static gpg_error_t + proxy_get_token (proxy_info_t proxy, const char *inputstring) + { +@@ -2530,11 +2529,9 @@ + + #endif /*!HAVE_W32_SYSTEM*/ + } +-#endif /*USE_TLS*/ + + + /* Use the CONNECT method to proxy our TLS stream. */ +-#ifdef USE_TLS + static gpg_error_t + run_proxy_connect (http_t hd, proxy_info_t proxy, +const char *httphost, const char *server, +@@ -2556,6 +2553,7 @@ +* RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication +*/ + auth_basic = !!proxy->uri->auth; ++ hd->keep_alive = 0; + + /* For basic authentication we need to send just one request. */ + if (auth_basic +@@ -2577,16 +2575,15 @@ + httphost ? httphost : server, + port, + authhdr ? authhdr : "", +- auth_basic? "" : "Connection: keep-alive\r\n"); ++ hd->keep_alive? "Connection: keep-alive\r\n" : ""); + if (!request) + { + err = gpg_error_from_syserror (); + goto leave; + } +- hd->keep_alive = !auth_basic; /* We may need to send more requests. */ + + if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP)) +-log_debug_with_string (request, "http.c:proxy:request:"); ++log_debug_string (request, "http.c:proxy:request:"); + + if (!hd->fp_write) + { +@@ -2610,16 +2607,6 @@ + if (err) + goto leave; + +- { +-unsigned long count = 0; +- +-while (es_getc (hd->fp_read) != EOF) +- count++; +-if (opt_debug) +- log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n", +- count); +- } +- + /* Reset state. */ + es_clearerr (hd->fp_read); + ((cookie_t)(hd->read_cookie))->up_to_empty_line = 1; +@@ -2743,7 +2730,6 @@ + xfree (tmpstr); + return err; + } +-#endif /*USE_TLS*/ + + + /* Make a request string using a standard proxy. On success the +@@ -2903,7 +2889,6 @@ + goto leave; + } + +-#if USE_TLS + if (use_http_proxy && hd->uri->use_tls) + { + err = run_proxy_connect (hd, proxy, httphost, server, port); +@@ -2915,7 +2900,6 @@ +* clear the flag to indicate this. */ + use_http_proxy = 0; + } +-#endif/* USE_TLS */ + + #if HTTP_USE_NTBTLS + err = run_ntbtls_handshake (hd); diff --git a/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild b/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild new file mode 100644 index ..768489c6bf9f --- /dev/null +++ b/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild @@ -0,0 +1,197 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Maintainers should: +# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/ +# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159 +# (find the one for the current release then subscribe to it + +# any subsequent ones linked within so you're covered for a while.) + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc +# in-source builds are not supported: https://dev.gnupg.org/T6313#166339 +inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig + +MY_P="${P/_/-}" + +DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" +HOMEPAGE="https://gnupg.org/; +SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" +SRC_URI+=" verify-sig? (
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 794b312233b33ce315807bb305e0db42d530dfe7 Author: Sam James gentoo org> AuthorDate: Mon Jan 29 09:48:36 2024 + Commit: Sam James gentoo org> CommitDate: Mon Jan 29 09:48:47 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=794b3122 app-crypt/gnupg: backport insecure smartcard backup fix to 2.2.x Bug: https://bugs.gentoo.org/923248 Signed-off-by: Sam James gentoo.org> .../gnupg-2.2.42-bug923248-insecure-backup.patch | 292 + app-crypt/gnupg/gnupg-2.2.42-r2.ebuild | 182 + 2 files changed, 474 insertions(+) diff --git a/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch b/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch new file mode 100644 index ..76d6d94c40b1 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch @@ -0,0 +1,292 @@ +https://bugs.gentoo.org/923248 +https://dev.gnupg.org/T6944 +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=3b69d8bf7146b8d10737d0cfea9c97affc60ad73 + +From 3b69d8bf7146b8d10737d0cfea9c97affc60ad73 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Wed, 24 Jan 2024 11:29:24 +0100 +Subject: [PATCH] gpg: Fix leftover unprotected card backup key. + +* agent/command.c (cmd_learn): Add option --reallyforce. +* agent/findkey.c (agent_write_private_key): Implement reallyforce. +Also add arg reallyforce and pass it along the call chain. + +* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a +special force value. +* g10/keygen.c (card_store_key_with_backup): Use that force value. +-- + +This was a regression in 2.2.42. We took the easy path to fix it by +getting the behaviour back to what we did prior to 2.2.42. With GnuPG +2.4.4 we use an entire different and safer approach by introducing an +ephemeral private key store. + +GnuPG-bug-id: 6944 +--- a/agent/agent.h b/agent/agent.h +@@ -422,7 +422,8 @@ void start_command_handler_ssh (ctrl_t, gnupg_fd_t); + gpg_error_t agent_modify_description (const char *in, const char *comment, + const gcry_sexp_t key, char **result); + int agent_write_private_key (const unsigned char *grip, +- const void *buffer, size_t length, int force, ++ const void *buffer, size_t length, ++ int force, int reallyforce, + const char *serialno, const char *keyref, + const char *dispserialno, time_t timestamp); + gpg_error_t agent_key_from_file (ctrl_t ctrl, +@@ -548,6 +549,7 @@ gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo, + gpg_error_t agent_write_shadow_key (const unsigned char *grip, + const char *serialno, const char *keyid, + const unsigned char *pkbuf, int force, ++int reallyforce, + const char *dispserialno); + + +@@ -628,7 +630,8 @@ void agent_card_killscd (void); + + + /*-- learncard.c --*/ +-int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force); ++int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, ++int force, int reallyforce); + + + /*-- cvt-openpgp.c --*/ +--- a/agent/command-ssh.c b/agent/command-ssh.c +@@ -2499,7 +2499,7 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn) + + /* (Shadow)-key is not available in our key storage. */ + agent_card_getattr (ctrl, "$DISPSERIALNO", ); +- err = agent_write_shadow_key (grip, serialno, authkeyid, pkbuf, 0, ++ err = agent_write_shadow_key (grip, serialno, authkeyid, pkbuf, 0, 0, + dispserialno); + xfree (dispserialno); + if (err) +@@ -3159,7 +3159,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec, + + /* Store this key to our key storage. We do not store a creation +* timestamp because we simply do not know. */ +- err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0, ++ err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0, 0, + NULL, NULL, NULL, 0); + if (err) + goto out; +--- a/agent/command.c b/agent/command.c +@@ -1042,7 +1042,7 @@ cmd_readkey (assuan_context_t ctx, char *line) + /* Shadow-key is or is not available in our key storage. In +* any case we need to check whether we need to update with +* a new display-s/n or whatever. */ +- rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0, ++ rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0, 0, +dispserialno); + if (rc) + goto leave; +@@ -1855,16 +1855,18 @@ cmd_learn (assuan_context_t ctx, char *line) + { + ctrl_t ctrl =
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 427c50c7e83f2a469b3ce8ba91294142f66155ac Author: Sam James gentoo org> AuthorDate: Fri Oct 14 18:59:55 2022 + Commit: Sam James gentoo org> CommitDate: Fri Oct 14 19:04:15 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=427c50c7 app-crypt/gnupg: add 2.2.40 Signed-off-by: Sam James gentoo.org> app-crypt/gnupg/Manifest | 2 + .../files/gnupg-2.2.40-fix-no-ldap-build.patch | 36 + app-crypt/gnupg/gnupg-2.2.40.ebuild| 166 + 3 files changed, 204 insertions(+) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index fdb506e83ca5..c9cfff783a16 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -1,4 +1,6 @@ DIST gnupg-2.2.39.tar.bz2 7290098 BLAKE2B a9e31830f3ef9ec6d8d461a85fcbe4b91bcac9607d3b5f13f5edc0c54505afb6c6c119cd397023b1378d96c7d0f15c0d60da1d15721e9a18eb3ea8c7b69fba83 SHA512 73f881c12c82010aeaada500517ff39ab22b27ff21b1248bc2228b60a2d75385a44a53c5cfadb8f6b84ef22ad9db0105096b6620fb689560809b324019713940 DIST gnupg-2.2.39.tar.bz2.sig 119 BLAKE2B 584d7d36671670ac507948257e9c6be556ed2a2d3c0100bb2746edfe96df5ee1d4c6172fe0cae39d85fc290097bc5f6e1b351debc8ec2f5cc78047354fbed016 SHA512 6f7d7c2d1fae706b03c735cf453976c3aebef3f23659426f39a88c63d979f4d873ae09280d75dee9000805468d2a7f49d348609061939000f7cedf34ec5c6019 +DIST gnupg-2.2.40.tar.bz2 7301631 BLAKE2B c9a077e28b22888573bdd12029205eb5f79a463a297e400a623bc86a39eeb6454cd884d05bd96734998613c695f2c9dcc68963c7275b89938ac38ddc7ba1e229 SHA512 4c2f5fbf37ba6fbad0045aad23129186963010c673ea0b81801adc4f98efe14d6c7228e22815b6b26307c1fe5bb51cd088aa6a0f06a9325d3c021849ef81c594 +DIST gnupg-2.2.40.tar.bz2.sig 119 BLAKE2B baaffad8203169fca54be031b3c77f818ecf973c73b9389cb3cbcd8217ae8a6018f0d3d4d2d5b6f0611f7643b78467f91902add3107e9538273607c6ba3a49bf SHA512 fccc06c709450d58e64716c505cd79556edac440462613c47c6ec78714355425c045418946b4b4b2a5c79e33e0e75b20f0699ae6de9921add4877fd6c8cc2d64 DIST gnupg-2.3.7.tar.bz2 7599853 BLAKE2B 3e9e33c8357222f42cc0e2af538e9f1f1f0453f35d790aaadf47ce9df24229efa91457b6014b34f19084448a3a6603c82e7d07714b89a68c6a84a08af6fa0e02 SHA512 c7fe169050ef17051cdaac9ad476e7ea792483baad1208fc359d568fa9e138d920ecaa2cd9cae73b20f5472a7d8ca6540a62062ff7a06055cc656b0eb4b917b9 DIST gnupg-2.3.7.tar.bz2.sig 119 BLAKE2B c2652adf203bc828ed0aaf778542e990028156c16b435cd35aa6fe57ca0a5b798087c98e16589685c8ab9b8b92e16c3f7d4da56a4b1209b9adf2c24ea548ae6e SHA512 0257034b3e7ac390dadb151c656ff59822dacedaddca4ad6b5980b3e03a468ada47553e6a1fcff6a12c64ae2f9c15b245df855cd424b010041df8db9a1b8 diff --git a/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch new file mode 100644 index ..3ab9c0cba902 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch @@ -0,0 +1,36 @@ +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7011286ce6e1fb56c2989fdafbd11b931c489faa + +From 7011286ce6e1fb56c2989fdafbd11b931c489faa Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Fri, 14 Oct 2022 09:58:41 +0900 +Subject: [PATCH] dirmngr: Fix build with no LDAP support. + +* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize. + +-- + +GnuPG-bug-id: 6239 +Signed-off-by: NIIBE Yutaka +--- + dirmngr/server.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/dirmngr/server.c b/dirmngr/server.c +index 04ebfd317..98f354300 100644 +--- a/dirmngr/server.c b/dirmngr/server.c +@@ -3137,8 +3137,10 @@ start_command_handler (assuan_fd_t fd, unsigned int session_id) +ctrl->refcount); + else + { ++#if USE_LDAP + ks_ldap_free_state (ctrl->ks_get_state); + ctrl->ks_get_state = NULL; ++#endif + release_ctrl_ocsp_certs (ctrl); + xfree (ctrl->server_local); + dirmngr_deinit_default_ctrl (ctrl); +-- +2.11.0 + + diff --git a/app-crypt/gnupg/gnupg-2.2.40.ebuild b/app-crypt/gnupg/gnupg-2.2.40.ebuild new file mode 100644 index ..aad9c21dbc70 --- /dev/null +++ b/app-crypt/gnupg/gnupg-2.2.40.ebuild @@ -0,0 +1,166 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Maintainers should: +# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/ +# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159 +# (find the one for the current release then subscribe to it + +# any subsequent ones linked within so you're covered for a while.) + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc +inherit flag-o-matic systemd toolchain-funcs verify-sig + +MY_P="${P/_/-}" + +DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" +HOMEPAGE="https://gnupg.org/; +SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" +SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )" +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3+" +SLOT="0"
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: e67bb84b2c008c569b7e1113260b3ca029b266bb Author: Sam James gentoo org> AuthorDate: Mon Apr 25 15:45:11 2022 + Commit: Sam James gentoo org> CommitDate: Mon Apr 25 15:45:56 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e67bb84b app-crypt/gnupg: backport 2.3.5 hang fix Closes: https://bugs.gentoo.org/840746 Signed-off-by: Sam James gentoo.org> .../files/gnupg-2.3.5-fix-buffering-hang.patch | 52 +++ app-crypt/gnupg/gnupg-2.3.5-r2.ebuild | 162 + 2 files changed, 214 insertions(+) diff --git a/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch b/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch new file mode 100644 index ..3ff8d2afcf6f --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch @@ -0,0 +1,52 @@ +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=2fc91e15c6bebb203162cc8445e68ee4ff934885;hp=2848fe4c84e5ee20ccd90f0ef4c9f78c6801e1f6 +https://bugs.gentoo.org/840746 + +From: NIIBE Yutaka +Date: Mon, 25 Apr 2022 17:37:32 +0900 +Subject: [PATCH 1/1] common:iobuf: Exclude cases with + IOBUF_INPUT_TEMP/IOBUF_OUTPUT_TEMP. + +* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP. +(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP. + +-- + +GnuPG-bug-id: 5941 +Signed-off-by: NIIBE Yutaka +--- a/common/iobuf.c b/common/iobuf.c +@@ -2177,7 +2177,8 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen) + a->e_d.len = 0; + + /* Hint for how full to fill iobuf internal drain buffer. */ +- a->e_d.preferred = (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE); ++ a->e_d.preferred = (a->use != IOBUF_INPUT_TEMP) ++&& (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE); + + n = 0; + do +@@ -2200,7 +2201,7 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen) + underflow to read more data into the filter's internal + buffer. */ + { +-if (buf && n < buflen) ++if (a->use != IOBUF_INPUT_TEMP && buf && n < buflen) + { + /* Setup external drain buffer for faster moving of data + * (avoid memcpy). */ +@@ -2328,11 +2329,13 @@ iobuf_write (iobuf_t a, const void *buffer, unsigned int buflen) + a->e_d.len = 0; + + /* Hint for how full to fill iobuf internal drain buffer. */ +- a->e_d.preferred = (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE); ++ a->e_d.preferred = (a->use != IOBUF_OUTPUT_TEMP) ++&& (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE); + + do + { +- if (a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE) ++ if ((a->use != IOBUF_OUTPUT_TEMP) ++&& a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE) + { + /* Setup external drain buffer for faster moving of data + * (avoid memcpy). */ diff --git a/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild b/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild new file mode 100644 index ..d32419deb726 --- /dev/null +++ b/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc +inherit flag-o-matic systemd toolchain-funcs verify-sig + +MY_P="${P/_/-}" + +DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" +HOMEPAGE="https://gnupg.org/; +SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" +SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )" +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server" +RESTRICT="!test? ( test )" +REQUIRED_USE="test? ( tofu )" + +# Existence of executables is checked during configuration. +# Note: On each bump, update dep bounds on each version from configure.ac! +DEPEND=">=dev-libs/libassuan-2.5.0 + >=dev-libs/libgcrypt-1.9.1:= + >=dev-libs/libgpg-error-1.41 + >=dev-libs/libksba-1.3.4 + >=dev-libs/npth-1.2 + >=net-misc/curl-7.10 + bzip2? ( app-arch/bzip2 ) + ldap? ( net-nds/openldap:= ) + readline? ( sys-libs/readline:0= ) + smartcard? ( usb? ( virtual/libusb:1 ) ) + tofu? ( >=dev-db/sqlite-3.27 ) + tpm? ( >=app-crypt/tpm2-tss-2.4.0:= ) + ssl? ( >=net-libs/gnutls-3.0:0= ) + sys-libs/zlib +" + +RDEPEND="${DEPEND} + app-crypt/pinentry + nls? ( virtual/libintl ) + selinux? ( sec-policy/selinux-gpg ) + wks-server? ( virtual/mta )" + +BDEPEND="virtual/pkgconfig + doc? ( sys-apps/texinfo ) + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-gnupg )" + +DOCS=( +
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 358af1feef453a02aa73ef5c281fe509bcb6ffde Author: David Seifert gentoo org> AuthorDate: Tue Sep 7 15:20:04 2021 + Commit: David Seifert gentoo org> CommitDate: Tue Sep 7 15:20:04 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=358af1fe app-crypt/gnupg: fix USE=tofu Bug: https://dev.gnupg.org/T5588 Acked-by: Mikle Kolyada gentoo.org> Signed-off-by: David Seifert gentoo.org> .../gnupg/files/gnupg-2.3.0-sqlite_check.patch | 62 -- app-crypt/gnupg/gnupg-2.3.2.ebuild | 17 +++--- 2 files changed, 6 insertions(+), 73 deletions(-) diff --git a/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch b/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch deleted file mode 100644 index dd529da7a7c..000 --- a/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 58aa0e8547a29e147f3d9d1792117d96bc00ffda Mon Sep 17 00:00:00 2001 -From: Lars Wendler -Date: Thu, 8 Apr 2021 11:05:36 +0200 -Subject: [PATCH] gnupg: configure.ac: Fix sqlite3 detection - -or else --disable-sqlite has no effect and linking later fails with: - - keyboxd-backend-sqlite.o: in function `show_sqlstmt.part.0': - backend-sqlite.c:(.text+0x42): undefined reference to `sqlite3_expanded_sql' - -Signed-off-by: Lars Wendler - configure.ac | 23 --- - 1 file changed, 12 insertions(+), 11 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 9cf0c6a7f..d46469cbb 100644 a/configure.ac -+++ b/configure.ac -@@ -969,18 +969,20 @@ AC_ARG_ENABLE(sqlite, -[disable the use of SQLITE]), - try_sqlite=$enableval, try_sqlite=yes) - --if test x"$use_tofu" = xyes ; then -- if test x"$try_sqlite" = xyes ; then -+AS_IF([test x"$try_sqlite" = xyes], [ - PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= $NEED_SQLITE_VERSION], - [have_sqlite=yes], - [have_sqlite=no]) -- fi -- if test "$have_sqlite" = "yes"; then --: --AC_SUBST([SQLITE3_CFLAGS]) --AC_SUBST([SQLITE3_LIBS]) -- else --use_tofu=no -+AS_IF([test "$have_sqlite" = "yes"], [ -+AC_SUBST([SQLITE3_CFLAGS]) -+AC_SUBST([SQLITE3_LIBS]) -+]) -+]) -+ -+AS_IF([test "$have_sqlite" != "yes"], [ -+AS_IF([test x"$use_tofu" = xyes], [ -+ use_tofu=no -+]) - build_keyboxd=no - tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g') - AC_MSG_WARN([[ -@@ -988,8 +990,7 @@ if test x"$use_tofu" = xyes ; then - *** Building without SQLite support - TOFU and Keyboxd disabled - *** - *** $tmp]]) -- fi --fi -+]) - - AM_CONDITIONAL(SQLITE3, test "$have_sqlite" = "yes") - --- -2.31.1 - diff --git a/app-crypt/gnupg/gnupg-2.3.2.ebuild b/app-crypt/gnupg/gnupg-2.3.2.ebuild index 3576669b399..9e1c1de7266 100644 --- a/app-crypt/gnupg/gnupg-2.3.2.ebuild +++ b/app-crypt/gnupg/gnupg-2.3.2.ebuild @@ -3,18 +3,19 @@ EAPI=8 -inherit autotools flag-o-matic systemd toolchain-funcs +inherit flag-o-matic systemd toolchain-funcs MY_P="${P/_/-}" DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" HOMEPAGE="https://gnupg.org/; SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" +S="${WORKDIR}/${MY_P}" LICENSE="GPL-3" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="bzip2 doc ldap nls readline selinux +smartcard sqlite ssl tofu tools usb user-socket wks-server" +IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server" # Existence of executables is checked during configuration. DEPEND=">=dev-libs/libassuan-2.5.0 @@ -27,7 +28,7 @@ DEPEND=">=dev-libs/libassuan-2.5.0 ldap? ( net-nds/openldap ) readline? ( sys-libs/readline:0= ) smartcard? ( usb? ( virtual/libusb:1 ) ) - sqlite? ( >=dev-db/sqlite-3.27 ) + tofu? ( >=dev-db/sqlite-3.27 ) ssl? ( >=net-libs/gnutls-3.0:0= ) sys-libs/zlib " @@ -42,10 +43,6 @@ BDEPEND="virtual/pkgconfig doc? ( sys-apps/texinfo ) nls? ( sys-devel/gettext )" -S="${WORKDIR}/${MY_P}" - -REQUIRED_USE="tofu? ( sqlite )" - DOCS=( ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER @@ -53,14 +50,11 @@ DOCS=( PATCHES=( "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch" - "${FILESDIR}/${PN}-2.3.0-sqlite_check.patch" ) src_prepare() { default - eautoreconf - # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode, # idea borrowed from libdbus, see #
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 16b8804428d68538b75e21a597ab687830787097 Author: Lars Wendler gentoo org> AuthorDate: Sat Jun 12 22:35:44 2021 + Commit: Lars Wendler gentoo org> CommitDate: Sat Jun 12 22:37:03 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16b88044 app-crypt/gnupg: Fixed build with USE="-ldap" Removed "scd-shared-access" USE flag as this finally went into a release Closes: https://bugs.gentoo.org/795669 Signed-off-by: Lars Wendler gentoo.org> .../gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch| 36 ++ app-crypt/gnupg/gnupg-2.2.28.ebuild| 13 ++-- 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch b/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch new file mode 100644 index 000..86e83de8ec3 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch @@ -0,0 +1,36 @@ +From c8b2162c0e7eb42b74811b7ed225fa0f56be4083 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Fri, 11 Jun 2021 10:30:02 +0900 +Subject: [PATCH] dirmngir: Fix build with --disable-ldap. + +* dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]: +Conditionalize. + +-- + +Reported-by: Phil Pennock +Signed-off-by: NIIBE Yutaka +--- + dirmngr/dirmngr.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c +index 04fe9e238..6a818cabc 100644 +--- a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c +@@ -736,6 +736,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) + case oRecursiveResolver: enable_recursive_resolver (1); break; + + case oLDAPServer: ++#if USE_LDAP + { + ldap_server_t server; + char *p; +@@ -757,6 +758,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) + opt.ldapservers = server; + } + } ++#endif + break; + + case oKeyServer: diff --git a/app-crypt/gnupg/gnupg-2.2.28.ebuild b/app-crypt/gnupg/gnupg-2.2.28.ebuild index f03938727e3..0f4396fc399 100644 --- a/app-crypt/gnupg/gnupg-2.2.28.ebuild +++ b/app-crypt/gnupg/gnupg-2.2.28.ebuild @@ -9,13 +9,12 @@ MY_P="${P/_/-}" DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" HOMEPAGE="https://gnupg.org/; -SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2 - scd-shared-access? ( https://raw.githubusercontent.com/GPGTools/MacGPG2/5ca182f54b7b6cd635d1c0a4713953834489fdd9/patches/gnupg/scdaemon_shared-access.patch -> ${PN}-2.2.16-scdaemon_shared-access.patch )" +SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" LICENSE="GPL-3" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="bzip2 doc ldap nls readline scd-shared-access selinux +smartcard ssl tofu tools usb user-socket wks-server" +IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server" # Existence of executables is checked during configuration. DEPEND=">=dev-libs/libassuan-2.5.0 @@ -51,18 +50,12 @@ DOCS=( PATCHES=( "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch" + "${FILESDIR}/${P}-dirmngr_ldap.patch" #795669 ) src_prepare() { default - # Made optional because it's a non-official patch - if use scd-shared-access ; then - # Patch taken from - # https://github.com/GPGTools/MacGPG2/tree/dev/patches/gnupg - eapply "${DISTDIR}/${PN}-2.2.16-scdaemon_shared-access.patch" - fi - # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode, # idea borrowed from libdbus, see # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 810410a8c6b411bd8b1ac60ceb28d37af27256b1 Author: Mikle Kolyada gentoo org> AuthorDate: Sun Feb 7 14:26:17 2021 + Commit: Mikle Kolyada gentoo org> CommitDate: Sun Feb 7 14:26:53 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=810410a8 app-crypt/gnupg: Drop old Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Mikle Kolyada gentoo.org> app-crypt/gnupg/Manifest | 2 - ...20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch | 35 - app-crypt/gnupg/gnupg-2.2.20-r2.ebuild | 159 app-crypt/gnupg/gnupg-2.2.26.ebuild| 160 - 4 files changed, 356 deletions(-) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index 263c8a5752d..4f8d716e719 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -1,5 +1,3 @@ DIST gnupg-2.2.16-scdaemon_shared-access.patch 2586 BLAKE2B 42fd5482c4e86751ce62836125997c2295c44bc5db0671a06460fd306b2ed93f290fb898fc1b1e463a863eddf9ab5f99ea3c90a55499ef45ca1ed6edf2854663 SHA512 38abaa4200114ae6b6f220fabc0a84a056761949c97bd0564557f4411a299b9a1939893555c27e26da2d8e8da4bc97a298fa7e68f1e80fe99c3f88cc329eaa84 -DIST gnupg-2.2.20.tar.bz2 6786913 BLAKE2B 43cf9402a26e67d6c7c2444eb2faaee3f06ea0bf6c07708a50834c5d7424db2f9c38e1f0046dd3a35082abc08d401b2951655e7e068f0873db297560b87d2667 SHA512 3e69f102366ec3415f439ab81aae2458182fa1a18dfb86565b1d9dc638f3fc4c179a5947f0042b7c5a813345676285a662793664a1803ea9ad8328f0548e0edc DIST gnupg-2.2.25.tar.bz2 7195857 BLAKE2B c930edf9259a0e1c508af8d76a86f979860adfe2c525020b37d3741679200f96483f0ad8bc1f72e2dbf7fe77696cd04d4272a2ee23e4c4abe1ed6ba88b95f365 SHA512 ab1d7cc9d8be3e7189bc4bea431b9d5db313cbd1739823950f32fbb611b2f4374889f444efbf43ce1fbf498b9865d7e6e953cd4c86d58fd688f63923c434ea2c -DIST gnupg-2.2.26.tar.bz2 7189254 BLAKE2B f51dd18f6fe327573769d1581ab49bfbca6a56973f6115a68d11e79f52f4b9bdd717ff027800cd1d52fca56abcffa80ee025b49a6af3914f60decdad1e1585ba SHA512 5e9482e126c32c836064b125a18b109f0d3c96892474d3fb47dd791350cccefc56f9a5dfbd54504716487a93d9f71de2493bdfef92e29964b5bfe28b0053c265 DIST gnupg-2.2.27.tar.bz2 7191555 BLAKE2B d652aad382cf07cc458b29ff82718edd47457d8236dcbeee51f22d88503be141f009e9ea45b6dafe614115d9558fe371509579e58ce17a5f04540a31aa406ea3 SHA512 cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab diff --git a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch deleted file mode 100644 index 14a1913b3a0..000 --- a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 109d16e8f644da97ed9c00e6f9010a53097f587a Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Mon, 13 Jul 2020 10:00:58 +0900 -Subject: [PATCH] dirmngr: Handle EAFNOSUPPORT at connect_server. - -* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT. - --- - -GnuPG-bug-id: 4977 -Signed-off-by: NIIBE Yutaka - dirmngr/http.c | 9 + - 1 file changed, 9 insertions(+) - -diff --git a/dirmngr/http.c b/dirmngr/http.c -index f26675f9b..50b9b732b 100644 a/dirmngr/http.c -+++ b/dirmngr/http.c -@@ -3005,6 +3005,15 @@ connect_server (ctrl_t ctrl, const char *server, unsigned short port, - sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol); - if (sock == ASSUAN_INVALID_FD) - { -+ if (errno == EAFNOSUPPORT) -+{ -+ if (ai->family == AF_INET) -+v4_valid = 0; -+ if (ai->family == AF_INET6) -+v6_valid = 0; -+ continue; -+} -+ - err = gpg_err_make (default_errsource, - gpg_err_code_from_syserror ()); - log_error ("error creating socket: %s\n", gpg_strerror (err)); diff --git a/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild b/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild deleted file mode 100644 index 25d0a11c431..000 --- a/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild +++ /dev/null @@ -1,159 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit flag-o-matic systemd toolchain-funcs - -MY_P="${P/_/-}" - -DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" -HOMEPAGE="https://gnupg.org/; -SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server" - -# Existence of
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 47d9576076ddd37b4fe05550969b8b9e029dc9da Author: Mikle Kolyada gentoo org> AuthorDate: Thu Sep 3 20:10:50 2020 + Commit: Mikle Kolyada gentoo org> CommitDate: Thu Sep 3 20:10:50 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47d95760 app-crypt/gnupg: Drop old Package-Manager: Portage-3.0.4, Repoman-2.3.23 Signed-off-by: Mikle Kolyada gentoo.org> app-crypt/gnupg/Manifest | 2 - .../gnupg/files/gnupg-2.2.22-card-status.patch | 20 --- app-crypt/gnupg/gnupg-2.2.21.ebuild| 165 - app-crypt/gnupg/gnupg-2.2.22-r1.ebuild | 165 - 4 files changed, 352 deletions(-) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index 57c6cc33249..a1bd0368bda 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -1,4 +1,2 @@ DIST gnupg-2.2.20.tar.bz2 6786913 BLAKE2B 43cf9402a26e67d6c7c2444eb2faaee3f06ea0bf6c07708a50834c5d7424db2f9c38e1f0046dd3a35082abc08d401b2951655e7e068f0873db297560b87d2667 SHA512 3e69f102366ec3415f439ab81aae2458182fa1a18dfb86565b1d9dc638f3fc4c179a5947f0042b7c5a813345676285a662793664a1803ea9ad8328f0548e0edc -DIST gnupg-2.2.21.tar.bz2 6813160 BLAKE2B b4708fd34c23dec8ec5be0740a502d155b649b4c88a89e5cc6f3cb99a15f7c6e31c50247ccacfedad55600dac3e7f91a8567424d335ab5e537082261dc98aceb SHA512 b4eac75253d4a1cac341c8a1ba7bb275e849a88d537703549c7bcd49b5a4c91b77000311695eb7d4083856975b2b2d14518f24ab94846027280bd8c301f9 -DIST gnupg-2.2.22.tar.bz2 7098444 BLAKE2B b5f306485032acadc852f4f71f2e968795843faacd5dda24ed2b20df78a3d38a364c2feade7ef8389a203e8b037fbb92129207cbc6d60b89cfb0945dded56a97 SHA512 3e5a8bb91c122f97acee2a93e3233db89bff9b96c6ec052c95bd2fe7e46c79a8afaac536c05675a7129e332272d62c677722a12cb05386b54a8d12ef82b6c5fa DIST gnupg-2.2.23.tar.bz2 7099806 BLAKE2B 0b9c1f5c8931399cfd9d95f107f91869733c4a986476ea43631b4265b1a5c26cfb8c9bb24ef6a295af7aa803749caaedde26365f6f50a7c946c1f86c867d855d SHA512 736b39628f7e4adc650b3f9937c81f27e9ad41e77f5345dc54262c91c1cf7004243fa7f932313bcde955e0e9b3f1afc639bac18023ae878b1d26e3c5a3cabb90 diff --git a/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch b/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch deleted file mode 100644 index 1a01e5ddbc5..000 --- a/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c -index 8a1d30d5b..ccc360fc8 100644 a/scd/app-openpgp.c -+++ b/scd/app-openpgp.c -@@ -2357,10 +2357,15 @@ verify_chv2 (app_t app, - int rc; - char *pinvalue; - int pinlen; -+ int i; - - if (app->did_chv2) - return 0; /* We already verified CHV2. */ - -+ /* Make sure we have load the public keys. */ -+ for (i = 0; i < 3; i++) -+get_public_key (app, i); -+ - if (app->app_local->pk[1].key || app->app_local->pk[2].key) - { - rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, , ); diff --git a/app-crypt/gnupg/gnupg-2.2.21.ebuild b/app-crypt/gnupg/gnupg-2.2.21.ebuild deleted file mode 100644 index e41bbd94151..000 --- a/app-crypt/gnupg/gnupg-2.2.21.ebuild +++ /dev/null @@ -1,165 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit flag-o-matic systemd toolchain-funcs - -MY_P="${P/_/-}" - -DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" -HOMEPAGE="https://gnupg.org/; -SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server" - -# Existence of executables is checked during configuration. -DEPEND=">=dev-libs/libassuan-2.5.0 - >=dev-libs/libgcrypt-1.7.3 - >=dev-libs/libgpg-error-1.28 - >=dev-libs/libksba-1.3.4 - >=dev-libs/npth-1.2 - >=net-misc/curl-7.10 - bzip2? ( app-arch/bzip2 ) - ldap? ( net-nds/openldap ) - readline? ( sys-libs/readline:0= ) - smartcard? ( usb? ( virtual/libusb:1 ) ) - ssl? ( >=net-libs/gnutls-3.0:0= ) - sys-libs/zlib - tofu? ( >=dev-db/sqlite-3.7 )" - -RDEPEND="${DEPEND} - app-crypt/pinentry - nls? ( virtual/libintl ) - selinux? ( sec-policy/selinux-gpg ) - wks-server? ( virtual/mta )" - -BDEPEND="virtual/pkgconfig - doc? ( sys-apps/texinfo ) - nls? ( sys-devel/gettext )" - -S="${WORKDIR}/${MY_P}" - -DOCS=( - ChangeLog NEWS README THANKS TODO VERSION - doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER -) - -PATCHES=( - "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch" -
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: f880165f3ad8531f8b185108094f46a47c9e2fb4 Author: Thomas Deutschmann gentoo org> AuthorDate: Fri Aug 14 23:57:39 2020 + Commit: Thomas Deutschmann gentoo org> CommitDate: Fri Aug 14 23:57:55 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f880165f app-crypt/gnupg: fix dirmngr for non-IPv6 enabled hosts Package-Manager: Portage-3.0.2, Repoman-2.3.23 Signed-off-by: Thomas Deutschmann gentoo.org> ...20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch | 35 ++ ...{gnupg-2.2.20.ebuild => gnupg-2.2.20-r1.ebuild} | 1 + 2 files changed, 36 insertions(+) diff --git a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch new file mode 100644 index 000..14a1913b3a0 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch @@ -0,0 +1,35 @@ +From 109d16e8f644da97ed9c00e6f9010a53097f587a Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Mon, 13 Jul 2020 10:00:58 +0900 +Subject: [PATCH] dirmngr: Handle EAFNOSUPPORT at connect_server. + +* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT. + +-- + +GnuPG-bug-id: 4977 +Signed-off-by: NIIBE Yutaka +--- + dirmngr/http.c | 9 + + 1 file changed, 9 insertions(+) + +diff --git a/dirmngr/http.c b/dirmngr/http.c +index f26675f9b..50b9b732b 100644 +--- a/dirmngr/http.c b/dirmngr/http.c +@@ -3005,6 +3005,15 @@ connect_server (ctrl_t ctrl, const char *server, unsigned short port, + sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol); + if (sock == ASSUAN_INVALID_FD) + { ++ if (errno == EAFNOSUPPORT) ++{ ++ if (ai->family == AF_INET) ++v4_valid = 0; ++ if (ai->family == AF_INET6) ++v6_valid = 0; ++ continue; ++} ++ + err = gpg_err_make (default_errsource, + gpg_err_code_from_syserror ()); + log_error ("error creating socket: %s\n", gpg_strerror (err)); diff --git a/app-crypt/gnupg/gnupg-2.2.20.ebuild b/app-crypt/gnupg/gnupg-2.2.20-r1.ebuild similarity index 98% rename from app-crypt/gnupg/gnupg-2.2.20.ebuild rename to app-crypt/gnupg/gnupg-2.2.20-r1.ebuild index 35dc9274af9..ec52f664069 100644 --- a/app-crypt/gnupg/gnupg-2.2.20.ebuild +++ b/app-crypt/gnupg/gnupg-2.2.20-r1.ebuild @@ -51,6 +51,7 @@ DOCS=( PATCHES=( "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch" + "${FILESDIR}/${PN}-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch" ) src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 4b084d956b9bc167ec1887cb7717573b5a4f077d Author: Robin H. Johnson gentoo org> AuthorDate: Tue Apr 9 17:49:17 2019 + Commit: Robin H. Johnson gentoo org> CommitDate: Tue Apr 9 17:50:20 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b084d95 app-crypt/gnupg: bump Also adds one-line delta patch for --quiet in --send-key, submitted to upstream for inclusion. Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Robin H. Johnson gentoo.org> app-crypt/gnupg/Manifest | 1 + .../gnupg/files/gnupg-2.2.14-quiet-sending.patch | 34 + app-crypt/gnupg/gnupg-2.2.15.ebuild| 137 + 3 files changed, 172 insertions(+) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index d9d42130a4f..ffc0c9cfd34 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 BLAKE2B 0c26c9c3aeae2bf2eafa858bc3bd15cc2702bc DIST gnupg-2.2.10.tar.bz2 6659484 BLAKE2B d0270ca40bd70fe113fa4283c307d7d04370beec77ffba0abb7862defdab2d5a82b1508284961e30e7d0aab82bffdf09fe796741603e843a062073f179f0bfc2 SHA512 a4477828f268fa69125cf1822f8a721e67f8f4008bd9817b701989393bd93689aac8fee1f4d34d918911d53afabdcbb1c84d40e8a4489d7a29b5a769d330fddd DIST gnupg-2.2.12.tar.bz2 6682303 BLAKE2B 8470ab8bf386d3524ce57ef1a1f6ac74d8cf2d7c35062b95c668b37586603c8e0817e410f4a0a807256e42896c6897b7118b29e471184b2fa871ad4ba048 SHA512 30de9757bb60a5cb6bf0dc2c8da5f4742c54affec3fcd0bcbf66f28f2812149afec5db70dcb6ba592101de4bdc479d1ba0b47c53c8b8d4765ddff32fa51c26c8 DIST gnupg-2.2.14.tar.bz2 6707735 BLAKE2B feedb1c776e8d43e43905e8a8c1487bd88e8effc59e94baf308cb29a5feea5d9c666c78b50147d65a259dc89af241c2a2bf07a72c417617e5238e0fdbbc2b17f SHA512 9d5216dee085efe6de300579d8fb773a5a55df639d5a435708611a974df522dd60dc995fbfcaad98065475dbeb731bbba19ecc3273e78b9b45fccff640dde69b +DIST gnupg-2.2.15.tar.bz2 6705912 BLAKE2B 145bd174cb74c6a1180de76a6d46b40d2434ced61bb9aa3eaddeb0079cd05634529c9b062e475d3ca9d35b3af3b62b39a79ef0efbb476cb9ebb9e2099ad13ae0 SHA512 7c6f0092d384fd71fc7a1c905ce23ae98df42ce131ee09fc190c275f9c8d0912be344b0782244cccb5b3938322ef3cfff8ed1ec7e949e761478b8c5110dde36a diff --git a/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch b/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch new file mode 100644 index 000..1f7a561d3f7 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch @@ -0,0 +1,34 @@ +From d8db73615e68d1c549b3ed50057a49d84a31b334 Mon Sep 17 00:00:00 2001 +From: "Robin H. Johnson" +Date: Tue, 9 Apr 2019 10:27:11 -0700 +Subject: [PATCH] g10: support --quiet for --send-key + +The --recv-key command supports --quiet, but --send-key does not. +Add support for it for parity and better scripting. + +Signed-off-by: Robin H. Johnson +--- + g10/keyserver.c | 7 --- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/g10/keyserver.c b/g10/keyserver.c +index 66900f7a9..e5fc011c0 100644 +--- a/g10/keyserver.c b/g10/keyserver.c +@@ -1814,9 +1814,10 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs) + log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err)); + else + { +- log_info (_("sending key %s to %s\n"), +-keystr (keyblock->pkt->pkt.public_key->keyid), +-ksurl?ksurl:"[?]"); ++if (!opt.quiet) ++log_info (_("sending key %s to %s\n"), ++ keystr (keyblock->pkt->pkt.public_key->keyid), ++ ksurl?ksurl:"[?]"); + + err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock); + release_kbnode (keyblock); +-- +2.21.0 + diff --git a/app-crypt/gnupg/gnupg-2.2.15.ebuild b/app-crypt/gnupg/gnupg-2.2.15.ebuild new file mode 100644 index 000..1c68f3982ce --- /dev/null +++ b/app-crypt/gnupg/gnupg-2.2.15.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit flag-o-matic systemd toolchain-funcs + +MY_P="${P/_/-}" + +DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" +HOMEPAGE="http://www.gnupg.org/; +SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb user-socket wks-server" + +# Existence of executables is checked during configuration. +DEPEND="!app-crypt/dirmngr + >=dev-libs/libassuan-2.5.0 + >=dev-libs/libgcrypt-1.7.3 + >=dev-libs/libgpg-error-1.28 + >=dev-libs/libksba-1.3.4 + >=dev-libs/npth-1.2 + >=net-misc/curl-7.10 + bzip2? (
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 20305658504c61cf1357b235226bc5c66e97752d Author: Kristian Fiskerstrand gentoo org> AuthorDate: Tue Sep 19 08:16:18 2017 + Commit: Kristian Fiskerstrand gentoo org> CommitDate: Tue Sep 19 08:17:08 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20305658 app-crypt/gnupg: New upstream version 2.2.1 Cherry-pick patch from master to allow for parallel tests with tofu disabled Package-Manager: Portage-2.3.6, Repoman-2.3.1 app-crypt/gnupg/Manifest | 1 + .../gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch | 85 ++ app-crypt/gnupg/gnupg-2.2.1.ebuild | 129 + 3 files changed, 215 insertions(+) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index fb6e09fc21f..548961ab9fe 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624 DIST gnupg-2.2.0.tar.bz2 6532475 SHA256 d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6 SHA512 8ab7c4183d2ec2e6b62066e3cbcba95babaa0ae22da47feab716698792d26495f072d50e8ec612b8d26147636bb316320c78940184373b3f4cb6ec411933361b WHIRLPOOL c918b6a7e40ff170e1ff3b77978cb7f0d9298a3410204677955dc167b114a1f85d32deaca4f006c2bd621f532379ca9631b96913bf660394a82ab4ee0bbbaecb +DIST gnupg-2.2.1.tar.bz2 6537959 SHA256 34d70cd65b9c95f3f2f90a9f5c1e0b6a0fe039a8d685e2d66d69c33d1cbf62fb SHA512 fcda7ea360d9928bf9e410afe3806ee0692dd533443b0c0e050605a9e2e37ec16f3c60a30b30ab137155327bc1f5d2107f1e792582e3ad245b47bf39a1a61a8f WHIRLPOOL 032d26c79aebcda3529f7cfcdec467e1058d19fa939eae48fd086e7c9f585a7b02dc9e6fb04a342fab845b9eb0d51c3bc2cca4a4d9677683a23bdd5c479b4eba diff --git a/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch b/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch new file mode 100644 index 000..6a2c18e9b63 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch @@ -0,0 +1,85 @@ +From eeb3da6eb717ed6a1a1069a7611eb37503e8672d Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka+Date: Tue, 19 Sep 2017 12:28:43 +0900 +Subject: [PATCH 2/3] common: Fix gnupg_wait_processes. + +* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes +even if we already see an error. + +-- + +The value stored by waitpid for exit code is encoded; It requires +decoded by WEXITSTATUS macro, regardless of an error. + +For example, when one of processes is already exited and another is +still running, it resulted wrong value of in r_exitcodes[n]. + +Signed-off-by: NIIBE Yutaka +--- + common/exechelp-posix.c | 50 + + 1 file changed, 26 insertions(+), 24 deletions(-) + +diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c +index 7237993a2..3acf74ad6 100644 +--- a/common/exechelp-posix.c b/common/exechelp-posix.c +@@ -784,30 +784,32 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count, + } + } + +- if (ec == 0) +-for (i = 0; i < count; i++) +- { +-if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127) +- { +-log_error (_("error running '%s': probably not installed\n"), +- pgmnames[i]); +-ec = GPG_ERR_CONFIGURATION; +- } +-else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i])) +- { +-if (dummy) +- log_error (_("error running '%s': exit status %d\n"), +- pgmnames[i], WEXITSTATUS (r_exitcodes[i])); +-else +- r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]); +-ec = GPG_ERR_GENERAL; +- } +-else if (!WIFEXITED (r_exitcodes[i])) +- { +-log_error (_("error running '%s': terminated\n"), pgmnames[i]); +-ec = GPG_ERR_GENERAL; +- } +- } ++ for (i = 0; i < count; i++) ++{ ++ if (r_exitcodes[i] == -1) ++continue; ++ ++ if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127) ++{ ++ log_error (_("error running
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: c8b7f9b5493547c2df4936df7fdab818bb69e1c3 Author: Kristian Fiskerstrand gentoo org> AuthorDate: Sat Sep 16 11:12:47 2017 + Commit: Kristian Fiskerstrand gentoo org> CommitDate: Sat Sep 16 11:12:58 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8b7f9b5 app-crypt/gnupg: Cleanup 2.1.23 Package-Manager: Portage-2.3.6, Repoman-2.3.1 app-crypt/gnupg/Manifest | 1 - 1.23-gpg-default-to-no-auto-key-retrieve.patch | 71 app-crypt/gnupg/gnupg-2.1.23-r1.ebuild | 124 - 3 files changed, 196 deletions(-) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index 8243dab73fe..fb6e09fc21f 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -1,5 +1,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 SHA512 619e0fbc10310c7e55d129027e2945791fe91a0884b1d6f53acb4b2e380d1c6e71d1a516a59876182c5c70a4227d44a74ceda018c343b5291fa9a5d6de77c984 WHIRLPOOL eb596be347dd90be93d381fe405e50f5808160b546705493bc9d817d521ea236a2374648e6c2cab396f54bba74de4caf2b92e894df3a17aa339f014ef8cc8802 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624 -DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412 WHIRLPOOL deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14 DIST gnupg-2.2.0.tar.bz2 6532475 SHA256 d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6 SHA512 8ab7c4183d2ec2e6b62066e3cbcba95babaa0ae22da47feab716698792d26495f072d50e8ec612b8d26147636bb316320c78940184373b3f4cb6ec411933361b WHIRLPOOL c918b6a7e40ff170e1ff3b77978cb7f0d9298a3410204677955dc167b114a1f85d32deaca4f006c2bd621f532379ca9631b96913bf660394a82ab4ee0bbbaecb diff --git a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch deleted file mode 100644 index 4cc414d18e3..000 --- a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch +++ /dev/null @@ -1,71 +0,0 @@ -From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001 -From: Daniel Kahn Gillmor-Date: Fri, 11 Aug 2017 02:26:52 -0400 -Subject: [PATCH] gpg: default to --no-auto-key-retrieve. - -* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the -default keyserver options. -* doc/gpg.texi: document this change. --- - -This is a partial reversion of -7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it -earlier today, and came to the conclusion that: - - * the risk of metadata leakage represented by a default - --auto-key-retrieve, both in e-mail (as a "web bug") and in other - contexts where GnuPG is used to verified signatures, is quite high. - - * the advantages of --auto-key-retrieve (in terms of signature - verification) can sometimes be achieved in other ways, such as when - a signed message includes a copy of its own key. - - * when those other ways are not useful, a graphical, user-facing - application can still offer the user the opportunity to choose to - fetch the key; or it can apply its own policy about when to set - --auto-key-retrieve, without needing to affect the defaults. - -Note that --auto-key-retrieve is specifically about signature -verification. Decisions about how and whether to look up a key during -message encryption are governed by --auto-key-locate. This change -does not touch the --auto-key-locate default of "local,wkd". The user -deliberately asking gpg to encrypt to an e-mail address is a different -scenario than having an incoming e-mail trigger a potentially unique -network request. - -Signed-off-by: Daniel Kahn Gillmor - doc/gpg.texi | 2 +- - g10/gpg.c| 3 +-- - 2 files changed, 2 insertions(+), 3 deletions(-) - -diff --git a/doc/gpg.texi b/doc/gpg.texi -index c71126a97..b6a9b2d70 100644 a/doc/gpg.texi -+++ b/doc/gpg.texi -@@
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: a12f7eafa84c6cb0cf6d643c55ef027f33b8147e Author: Kristian Fiskerstrand gentoo org> AuthorDate: Fri Aug 11 16:15:46 2017 + Commit: Kristian Fiskerstrand gentoo org> CommitDate: Fri Aug 11 16:48:26 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a12f7eaf app-crypt/gnupg: New upstream version 2.1.23 Reverting to default of no --auto-key-retrieve as this has information leak potential that should not be enabled in default configuration. The change is also reverted upstream Package-Manager: Portage-2.3.6, Repoman-2.3.1 app-crypt/gnupg/Manifest | 1 + 1.23-gpg-default-to-no-auto-key-retrieve.patch | 71 app-crypt/gnupg/gnupg-2.1.23.ebuild| 124 + 3 files changed, 196 insertions(+) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index 77cdbd2968f..07c1872aeaf 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624 DIST gnupg-2.1.22.tar.bz2 6530433 SHA256 46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7 SHA512 d2ccbf32716a701df9e4ad5c19b682daf1a02b0bf8a1751a32af6db0c9284a4ee7df91310bed1a2087911a9964cb7b7f2ca9dad32a880ed1e1465d8048605e16 WHIRLPOOL 3a87914898e2f164f7effa67e0e8f5ccb48aed0e9e4d65559d73783478ee509f7876ef7ef77ec9c43de2611a8a2ecdcbfbd443ab5de119203b20e316473e4e75 +DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412 WHIRLPOOL deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14 diff --git a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch new file mode 100644 index 000..4cc414d18e3 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch @@ -0,0 +1,71 @@ +From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor+Date: Fri, 11 Aug 2017 02:26:52 -0400 +Subject: [PATCH] gpg: default to --no-auto-key-retrieve. + +* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the +default keyserver options. +* doc/gpg.texi: document this change. +-- + +This is a partial reversion of +7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it +earlier today, and came to the conclusion that: + + * the risk of metadata leakage represented by a default + --auto-key-retrieve, both in e-mail (as a "web bug") and in other + contexts where GnuPG is used to verified signatures, is quite high. + + * the advantages of --auto-key-retrieve (in terms of signature + verification) can sometimes be achieved in other ways, such as when + a signed message includes a copy of its own key. + + * when those other ways are not useful, a graphical, user-facing + application can still offer the user the opportunity to choose to + fetch the key; or it can apply its own policy about when to set + --auto-key-retrieve, without needing to affect the defaults. + +Note that --auto-key-retrieve is specifically about signature +verification. Decisions about how and whether to look up a key during +message encryption are governed by --auto-key-locate. This change +does not touch the --auto-key-locate default of "local,wkd". The user +deliberately asking gpg to encrypt to an e-mail address is a different +scenario than having an incoming e-mail trigger a potentially unique +network request. + +Signed-off-by: Daniel Kahn Gillmor +--- + doc/gpg.texi | 2 +- + g10/gpg.c| 3 +-- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index c71126a97..b6a9b2d70 100644 +--- a/doc/gpg.texi b/doc/gpg.texi +@@ -1792,7 +1792,7 @@ list. The default is "local,wkd". + @opindex no-auto-key-retrieve + These options enable or disable
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 68d406d2de327f13ad3906d50c458c9727f7e024 Author: Kristian Fiskerstrand gentoo org> AuthorDate: Tue May 9 12:59:22 2017 + Commit: Kristian Fiskerstrand gentoo org> CommitDate: Tue May 9 12:59:57 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68d406d2 app-crypt/gnupg: Fix regression from 2.1.19 Gentoo-Bug: 616336 Package-Manager: Portage-2.3.3, Repoman-2.3.1 .../gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch| 27 + ...g-Properly-account-for-ring-trust-packets.patch | 86 +++ app-crypt/gnupg/gnupg-2.1.20-r1.ebuild | 122 + 3 files changed, 235 insertions(+) diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch new file mode 100644 index 000..292fc264ac8 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch @@ -0,0 +1,27 @@ +From 692208fd6c1547cc7dd2062a1d1c9499bc0a8be4 Mon Sep 17 00:00:00 2001 +From: Justus Winter+Date: Mon, 8 May 2017 13:52:39 +0200 +Subject: [PATCH] gpg: Fix typo. + +-- +Signed-off-by: Justus Winter +--- + g10/packet.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/g10/packet.h b/g10/packet.h +index a10495c..d42510d 100644 +--- a/g10/packet.h b/g10/packet.h +@@ -623,7 +623,7 @@ struct parse_packet_ctx_s + iobuf_t inp; /* The input stream with the packets. */ + struct packet_struct last_pkt; /* The last parsed packet. */ + int free_last_pkt; /* Indicates that LAST_PKT must be freed. */ +- int skip_meta; /* Skip right trust packets. */ ++ int skip_meta; /* Skip ring trust packets. */ + }; + typedef struct parse_packet_ctx_s *parse_packet_ctx_t; + +-- +2.10.2 + diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch new file mode 100644 index 000..58568db47d2 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch @@ -0,0 +1,86 @@ +From 22739433e98be80e46fe7d01d52a9627c1aebaae Mon Sep 17 00:00:00 2001 +From: Justus Winter +Date: Mon, 8 May 2017 14:24:00 +0200 +Subject: [PATCH] gpg: Properly account for ring trust packets. + +* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count +instead of counting ourself. +* g10/packet.h (struct parse_packet_ctx_s): New field +'n_parsed_packets'. +(init_parse_packet): Initialize new field. +* g10/parse-packet.c (parse): Count packets. +-- + +The 'keyring' keystore depends on the number of packets for delete and +update operations. With the rework of the ring trust packets, the +trust packets were no longer properly accounted for leading to keyring +corruptions. + +The 'keybox' store was not affected. + +GnuPG-bug-id: 3123 +GnuPG-bug-id: 3135 +GnuPG-bug-id: 3144 +Fixes-commit: a8895c99a7d0750132477d80cd66caaf3a709113 +Signed-off-by: Justus Winter +--- + g10/keyring.c | 4 ++-- + g10/packet.h | 2 ++ + g10/parse-packet.c | 3 +++ + 3 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/g10/keyring.c b/g10/keyring.c +index e223f0f..50f1b82 100644 +--- a/g10/keyring.c b/g10/keyring.c +@@ -409,11 +409,11 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) + pkt = xmalloc (sizeof *pkt); + init_packet (pkt); + init_parse_packet (, a); +-hd->found.n_packets = 0;; ++hd->found.n_packets = 0; + lastnode = NULL; + save_mode = set_packet_list_mode(0); + while ((rc=parse_packet (, pkt)) != -1) { +-hd->found.n_packets++; ++hd->found.n_packets = parsectx.n_parsed_packets; + if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) { + free_packet (pkt, ); + init_packet (pkt); +diff --git a/g10/packet.h b/g10/packet.h +index d42510d..cf2121c 100644 +--- a/g10/packet.h b/g10/packet.h +@@ -624,6 +624,7 @@ struct parse_packet_ctx_s + struct packet_struct last_pkt; /* The last parsed packet. */ + int free_last_pkt; /* Indicates that LAST_PKT must be freed. */ + int skip_meta; /* Skip ring trust packets. */ ++ unsigned int n_parsed_packets; /* Number of parsed packets. */ + }; + typedef struct parse_packet_ctx_s *parse_packet_ctx_t; + +@@ -633,6 +634,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t; + (a)->last_pkt.pkt.generic= NULL;\ + (a)->free_last_pkt = 0; \ + (a)->skip_meta = 0; \ ++(a)->n_parsed_packets = 0; \ + } while (0) + + #define deinit_parse_packet(a) do { \ +diff --git a/g10/parse-packet.c b/g10/parse-packet.c +index fa44f83..dbb7af8 100644 +--- a/g10/parse-packet.c b/g10/parse-packet.c +@@ -764,6 +764,9 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, + partial? (new_ctb ? " partial"
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: b95dfb460fcfa4e34b412d81336cd2316cdd0e2d Author: Alon Bar-Lev gentoo org> AuthorDate: Mon Apr 3 21:09:23 2017 + Commit: Alon Bar-Lev gentoo org> CommitDate: Mon Apr 3 21:09:41 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b95dfb46 app-crypt/gnupg: version bump Package-Manager: Portage-2.3.3, Repoman-2.3.1 app-crypt/gnupg/Manifest | 1 + ...shorter-socket-path-lengts-to-improve-tes.patch | 33 ++ app-crypt/gnupg/gnupg-2.1.20.ebuild| 120 + 3 files changed, 154 insertions(+) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index 5604c65f8f2..77390597d02 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151 DIST gnupg-2.1.18.tar.bz2 6308666 SHA256 d04c6fab7e5562ce4b915b22020e34d4c1a256847690cf149842264fc7cef994 SHA512 b8357f0a883a33c2e4f6ab5a8f5ddb171c899b7a2899e8ce4cac232938fe1dffb789a54980dfc4b758c4cb47f11f1fc570fea905244735048dfc6f06b3353baf WHIRLPOOL c5f132beb3b454146747fe14cd12576fb4d9a9adb8cfd80fcae4482b111672fd38e412dba72caa75af717069d7182a99c7f30ea03dc9adf190f5aa1f01748247 DIST gnupg-2.1.19.tar.bz2 6404836 SHA256 46cced1f5641ce29cc28250f52fadf6e417e649b3bfdec49a5a0d0b22a639bf0 SHA512 c6d0a2cb7f1f7ce851729559edab08d2356dffe00ee836fc1d71eb4c4e34b566e214a0352934d2985fb0183b9e7ecc1221422d258f3bd467e735c0a5c8a3d0ca WHIRLPOOL 3fd482da52b2d4e6c2b2b8427df6b68fe9df9e49dd53b91d74757b14b7c59ab5697c7f2309283c0d05774c1d405574796a4d0267b9cf85d61aec8b4095addd97 +DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624 diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch new file mode 100644 index 000..dd75e3a5e96 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch @@ -0,0 +1,33 @@ +From e3bdb7d17264b8d5bd9abab97c96d9c4a50e4f61 Mon Sep 17 00:00:00 2001 +From: Kristian Fiskerstrand+Date: Mon, 3 Apr 2017 23:44:56 +0300 +Subject: [PATCH] gpgscm: Use shorter socket path lengts to improve test + reliability + +-- +As socket lengths are normally restricted to 108 characters +(UNIX_PATH_MAX variable in /usr/include/linux/un.h), using 42 characters +by default easily results in errors. +--- + tests/gpgscm/tests.scm | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm +index 592b36f..f54a387 100644 +--- a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm +@@ -273,9 +273,9 @@ + (canonical-path (_mkdtemp (if (null? components) + (path-join +(get-temp-path) +- (string-append "gpgscm-" (get-isotime) "-" ++ (string-append "gscm" + (basename-suffix *scriptname* ".scm") +- "-XX")) ++ "XX")) + (apply path-join components) + + ;; Make a temporary directory and remove it at interpreter shutdown. +-- +2.10.2 + diff --git a/app-crypt/gnupg/gnupg-2.1.20.ebuild b/app-crypt/gnupg/gnupg-2.1.20.ebuild new file mode 100644 index 000..86bb2664662 --- /dev/null +++ b/app-crypt/gnupg/gnupg-2.1.20.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit toolchain-funcs + +DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" +HOMEPAGE="http://www.gnupg.org/; +LICENSE="GPL-3" + +MY_P="${P/_/-}" +SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" + +SLOT="0" +IUSE="bzip2 doc +gnutls
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 0e19c5dd1d374ec4a07c9dfed5759df0dcf05c94 Author: Kristian Fiskerstrand gentoo org> AuthorDate: Mon Mar 6 22:33:50 2017 + Commit: Kristian Fiskerstrand gentoo org> CommitDate: Mon Mar 6 22:34:06 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e19c5dd app-crypt/gnupg: Fix broken ssh without smartcard USE flag Gentoo-Bug: 611544 Package-Manager: Portage-2.3.3, Repoman-2.3.1 .../gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch | 85 ++ app-crypt/gnupg/gnupg-2.1.19-r1.ebuild | 124 + 2 files changed, 209 insertions(+) diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch new file mode 100644 index 000..14d5444f3a0 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch @@ -0,0 +1,85 @@ +From 4ce4f2f683a17be3ddb93729f3f25014a97934ad Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka+Date: Mon, 6 Mar 2017 10:26:11 +0900 +Subject: [PATCH 1/1] agent: For SSH, robustly handling scdaemon's errors. + +* agent/command-ssh.c (card_key_list): Return 0 when +agent_card_serialno returns an error. +(ssh_handler_request_identities): Handle errors for card listing +and proceed to other cases. +-- + +GnuPG-bug-id: 2980 + +Signed-off-by: NIIBE Yutaka +--- + agent/command-ssh.c | 19 +-- + 1 file changed, 9 insertions(+), 10 deletions(-) + +diff --git a/agent/command-ssh.c b/agent/command-ssh.c +index 79b8f85..3ab41cf 100644 +--- a/agent/command-ssh.c b/agent/command-ssh.c +@@ -2393,13 +2393,12 @@ card_key_list (ctrl_t ctrl, char **r_serialno, strlist_t *result) + err = agent_card_serialno (ctrl, r_serialno, NULL); + if (err) + { +- if (gpg_err_code (err) == GPG_ERR_ENODEV) +-return 0; /* Nothing available. */ +- +- if (opt.verbose) ++ if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose) + log_info (_("error getting serial number of card: %s\n"), + gpg_strerror (err)); +- return err; ++ ++ /* Nothing available. */ ++ return 0; + } + + err = agent_card_cardlist (ctrl, result); +@@ -2568,7 +2567,6 @@ ssh_handler_request_identities (ctrl_t ctrl, + gpg_error_t err; + int ret; + ssh_control_file_t cf = NULL; +- char *cardsn; + gpg_error_t ret_err; + + (void)request; +@@ -2601,21 +2599,21 @@ ssh_handler_request_identities (ctrl_t ctrl, + if (opt.verbose) + log_info (_("error getting list of cards: %s\n"), + gpg_strerror (err)); +- goto out; ++ goto scd_out; + } + + for (sl = card_list; sl; sl = sl->next) + { + char *serialno0; ++ char *cardsn; ++ + err = agent_card_serialno (ctrl, , sl->d); + if (err) + { + if (opt.verbose) + log_info (_("error getting serial number of card: %s\n"), + gpg_strerror (err)); +- xfree (serialno); +- free_strlist (card_list); +- goto out; ++ continue; + } + + xfree (serialno0); +@@ -2640,6 +2638,7 @@ ssh_handler_request_identities (ctrl_t ctrl, + free_strlist (card_list); + } + ++ scd_out: + /* Then look at all the registered and non-disabled keys. */ + err = open_control_file (, 0); + if (err) +-- +2.8.0.rc3 + diff --git a/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild new file mode 100644 index 000..05ee0b7cbce --- /dev/null +++ b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild @@ -0,0 +1,124 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit eutils flag-o-matic toolchain-funcs + +DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" +HOMEPAGE="http://www.gnupg.org/; +LICENSE="GPL-3" + +MY_P="${P/_/-}" +SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" + +SLOT="0" +IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server" + +COMMON_DEPEND_LIBS=" + >=dev-libs/npth-1.2 + >=dev-libs/libassuan-2.4.3 + >=dev-libs/libgcrypt-1.7.3 + >=dev-libs/libgpg-error-1.24 + >=dev-libs/libksba-1.3.4 + >=net-misc/curl-7.10 + gnutls? ( >=net-libs/gnutls-3.0:0= ) + sys-libs/zlib + ldap? ( net-nds/openldap ) + bzip2? ( app-arch/bzip2 ) + readline? ( sys-libs/readline:0= ) + smartcard? ( usb? ( virtual/libusb:0 ) ) + tofu? ( >=dev-db/sqlite-3.7 ) + " +COMMON_DEPEND_BINS="app-crypt/pinentry
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: 83e4182537a4a1950cab2da490403c848ebd4edd Author: Fabian Groffen gentoo org> AuthorDate: Thu Mar 2 10:06:13 2017 + Commit: Fabian Groffen gentoo org> CommitDate: Thu Mar 2 10:06:40 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83e41825 app-crypt/gnupg: fix compilation on Solaris Package-Manager: Portage-2.3.4-prefix, Repoman-2.3.2 .../gnupg/files/gnupg-2.1.19-solaris-ucred.patch | 19 +++ app-crypt/gnupg/gnupg-2.1.19.ebuild | 1 + 2 files changed, 20 insertions(+) diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch b/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch new file mode 100644 index 000..aefce5e8256 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch @@ -0,0 +1,19 @@ +command-ssh: include ucred.h + +In order to use ucred() when HAVE_SO_PEERCRED is defined, ucred.h needs +to be included on Solaris. + +https://bugs.gnupg.org/gnupg/issue2981 + +--- a/agent/command-ssh.c b/agent/command-ssh.c +@@ -40,6 +40,9 @@ + #include + #include + #include ++#ifdef HAVE_UCRED_H ++#include ++#endif + + #include "agent.h" + diff --git a/app-crypt/gnupg/gnupg-2.1.19.ebuild b/app-crypt/gnupg/gnupg-2.1.19.ebuild index ad3a2fa22ba..9eb3471d66f 100644 --- a/app-crypt/gnupg/gnupg-2.1.19.ebuild +++ b/app-crypt/gnupg/gnupg-2.1.19.ebuild @@ -54,6 +54,7 @@ DOCS=( PATCHES=( "${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch" + "${FILESDIR}"/${P}-solaris-ucred.patch ) src_configure() {
[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/
commit: eb73332ccf12be2ec981ddb7e27f20790e13a92c Author: Kristian Fiskerstrand gentoo org> AuthorDate: Thu May 19 21:04:12 2016 + Commit: Kristian Fiskerstrand gentoo org> CommitDate: Thu May 19 21:06:36 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb73332c app-crypt/gnupg: New upstream version 2.1.12 Fixes; Gentoo-Bug: 573930 Gentoo-Bug: 575798 Gentoo-Bug: 581966 Package-Manager: portage-2.2.28 app-crypt/gnupg/Manifest | 1 + .../files/gnupg-2.1-fix-gentoo-dash-issue.patch| 12 ++ .../gnupg-2.1.12-fix-signature-checking.patch | 50 +++ app-crypt/gnupg/gnupg-2.1.12.ebuild| 159 + 4 files changed, 222 insertions(+) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index 1e455b3..3c18723 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -6,4 +6,5 @@ DIST gnupg-2.0.29.tar.bz2 4416251 SHA256 68ed6b386ba78425b05a60e8ee22785ff0fef19 DIST gnupg-2.0.30.tar.bz2 4414652 SHA256 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 SHA512 e60a57f7dc74b44f884fd50d5a9c51cef7df8c098644ebab9ef7d945a40b0e4a285d0dc80b10fe39d8e4c2cc9d6cbbe800a0ddae54883180dc755fe47ced3314 WHIRLPOOL 007315882becc1204edf6833a13610284ce7e1c73429fc3b4170c35ba61c645299f811f01b1bc0506b1cf94ce0de23af4cea33f51cf97397ec61caa15ce3ac6c DIST gnupg-2.1.10.tar.bz2 5173253 SHA256 93bd58d81771a4fa488566e5d2e13b1fd7afc86789401eb41731882abfd26cf9 SHA512 ceea93a7e7d30e07839bcc52d4246fd5be1ec81a8c4d4d62059e2b0c0e58fab07a1531016f82bcc506340653d66c73541dd3f5897df7691abeb4068d94957003 WHIRLPOOL 01f92f6020b79b373d4d6879cc39913c575c67a52c1bd425770322de0ce5a9fbd796d800cbb41a15553fd30a6c8f85a794e0b4c09420a2b49f6cb0542cdb52fb DIST gnupg-2.1.11.tar.bz2 5224007 SHA256 b7b0fb2c8c5d47d7ec916d4a1097c0ddcb94a12bb1c0ac424ad86b1ee316b61a SHA512 b39f3fb461ad879b1909808434c4b03dab4d1d79aa674fbc88e3d50960184c0c25a840206ff32b760672f1b2153253f4d7a88eb726d8662f629fa04b6739ad31 WHIRLPOOL 486d623e73172a6d7dc7a6e4a5b411e70e0002a960f0398833377b8e8d79e5456a73f945db7c8bbca6ff7fd33fbfb49ca587e3a393094ce0a16d86cd906f7f09 +DIST gnupg-2.1.12.tar.bz2 5510723 SHA256 ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506 SHA512 fdf24d4980ba4011840fd2316a856db2bf50e531071c2bfb899af2b4f5580a9f2992f85a451670a7121d04b608bfb147cefdca1c6f6eb55bc23ecfe5052639e6 WHIRLPOOL ee5a748afee3aa4f8318c1bc1bcbd09232a71853291211f3c5cd8cc44fb70d126185ae9c13086247cd22a9b13c2102f4fa0553e25496c5152f2ce34dc2505d10 DIST gnupg-2.1.9.tar.bz2 4925167 SHA256 1cb7633a57190beb66f9249cb7446603229b273d4d89331b75c652fa4a29f7b6 SHA512 c19b8cac42b7060caada230b77f36a0b0ed0a05efd519818c5b4057ef0fcb16602f2f3ade2409de2ef353a9e2acc3e5fa106a4449c6929a36a599a82194c0ee0 WHIRLPOOL 105b83e82330a00084a0e9f3d96c8788ac2c9e7831beea0ea42786df4e378dc9e8f2c1a31f12af9c53d363aa71810cd231afdf8f20eab424fea5f59b103033a9 diff --git a/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch new file mode 100644 index 000..6878ef1 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch @@ -0,0 +1,12 @@ +diff -Naur tests.old/openpgp/mds.test tests/openpgp/mds.test +--- tests.old/openpgp/mds.test 2016-05-03 13:13:11.373313389 +0200 tests/openpgp/mds.test 2016-05-03 13:13:31.886755059 +0200 +@@ -63,7 +63,7 @@ + + [ "$failed" != "" ] && error "$failed failed for empty string" + +-echo_n "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y ++printf "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y + if have_hash_algo "MD5"; then + test_one ":1:""C3FCD3D76192E4007DFB496CCA67E13B" + fi diff --git a/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch new file mode 100644 index 000..debf0bb --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch @@ -0,0 +1,50 @@ +From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka+Date: Wed, 11 May 2016 19:27:03 +0900 +Subject: [PATCH 1/1] g10: Fix signature checking. + +* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to +walk_kbnode. + +-- + +Thanks to Vincent Brillault (Feandil). + +GnuPG-bug-id: 2351 +Signed-off-by: NIIBE Yutaka +--- + g10/sig-check.c | 13 + + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/g10/sig-check.c b/g10/sig-check.c +index 290f19a..7000b48 100644 +--- a/g10/sig-check.c b/g10/sig-check.c +@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer, + *is_selfsig = 1; + } + else +-/* See if one of the subkeys was the signer (although this is +- extremely unlikely). */ + { + kbnode_t ctx = NULL; + kbnode_t n; + +- while ((n