[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2024-02-18 Thread Sam James 
commit: 45ed86aa273d9bb10f4856de72616d889f43f016
Author: Hank Leininger  korelogic  com>
AuthorDate: Fri Feb 16 04:29:49 2024 +
Commit: Sam James  gentoo  org>
CommitDate: Sun Feb 18 10:12:32 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45ed86aa

app-crypt/gnupg: fix dirmngr behind a proxy

Adapted from upstream patches:
https://dev.gnupg.org/rG04cbc3074aa98660b513a80f623a7e9f0702c7c9
https://dev.gnupg.org/rG848546b05ab0ff6abd47724ecfab73bf32dd4c01

Signed-off-by: Hank Leininger  korelogic.com>
Closes: https://bugs.gentoo.org/924606
Bug: https://bugs.gentoo.org/835949
Closes: https://github.com/gentoo/gentoo/pull/35368
Signed-off-by: Sam James  gentoo.org>

 .../gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch|  91 ++
 app-crypt/gnupg/gnupg-2.4.4-r1.ebuild  | 197 +
 2 files changed, 288 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch 
b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
new file mode 100644
index ..ebfaddb78e03
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
@@ -0,0 +1,91 @@
+diff -urP gnupg-2.4.4.orig/dirmngr/http.c gnupg-2.4.4/dirmngr/http.c
+--- gnupg-2.4.4.orig/dirmngr/http.c2024-01-25 03:06:42.0 -0700
 gnupg-2.4.4/dirmngr/http.c 2024-02-15 21:10:28.849074727 -0700
+@@ -2362,7 +2362,6 @@
+  * NULL, decode the string and use this as input from teh server.  On
+  * success the final output token is stored at PROXY->OUTTOKEN and
+  * OUTTOKLEN.  IF the authentication succeeded OUTTOKLEN is zero. */
+-#ifdef USE_TLS
+ static gpg_error_t
+ proxy_get_token (proxy_info_t proxy, const char *inputstring)
+ {
+@@ -2530,11 +2529,9 @@
+ 
+ #endif /*!HAVE_W32_SYSTEM*/
+ }
+-#endif /*USE_TLS*/
+ 
+ 
+ /* Use the CONNECT method to proxy our TLS stream.  */
+-#ifdef USE_TLS
+ static gpg_error_t
+ run_proxy_connect (http_t hd, proxy_info_t proxy,
+const char *httphost, const char *server,
+@@ -2556,6 +2553,7 @@
+* RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
+*/
+   auth_basic = !!proxy->uri->auth;
++  hd->keep_alive = 0;
+ 
+   /* For basic authentication we need to send just one request.  */
+   if (auth_basic
+@@ -2577,16 +2575,15 @@
+  httphost ? httphost : server,
+  port,
+  authhdr ? authhdr : "",
+- auth_basic? "" : "Connection: keep-alive\r\n");
++ hd->keep_alive? "Connection: keep-alive\r\n" : "");
+   if (!request)
+ {
+   err = gpg_error_from_syserror ();
+   goto leave;
+ }
+-  hd->keep_alive = !auth_basic; /* We may need to send more requests.  */
+ 
+   if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
+-log_debug_with_string (request, "http.c:proxy:request:");
++log_debug_string (request, "http.c:proxy:request:");
+ 
+   if (!hd->fp_write)
+ {
+@@ -2610,16 +2607,6 @@
+   if (err)
+ goto leave;
+ 
+-  {
+-unsigned long count = 0;
+-
+-while (es_getc (hd->fp_read) != EOF)
+-  count++;
+-if (opt_debug)
+-  log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
+- count);
+-  }
+-
+   /* Reset state.  */
+   es_clearerr (hd->fp_read);
+   ((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
+@@ -2743,7 +2730,6 @@
+   xfree (tmpstr);
+   return err;
+ }
+-#endif /*USE_TLS*/
+ 
+ 
+ /* Make a request string using a standard proxy.  On success the
+@@ -2903,7 +2889,6 @@
+   goto leave;
+ }
+ 
+-#if USE_TLS
+   if (use_http_proxy && hd->uri->use_tls)
+ {
+   err = run_proxy_connect (hd, proxy, httphost, server, port);
+@@ -2915,7 +2900,6 @@
+* clear the flag to indicate this.  */
+   use_http_proxy = 0;
+ }
+-#endif/* USE_TLS */
+ 
+ #if HTTP_USE_NTBTLS
+   err = run_ntbtls_handshake (hd);

diff --git a/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild 
b/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild
new file mode 100644
index ..768489c6bf9f
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
+# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
+inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs 
verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/;
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? (

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2024-01-29 Thread Sam James 
commit: 794b312233b33ce315807bb305e0db42d530dfe7
Author: Sam James  gentoo  org>
AuthorDate: Mon Jan 29 09:48:36 2024 +
Commit: Sam James  gentoo  org>
CommitDate: Mon Jan 29 09:48:47 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=794b3122

app-crypt/gnupg: backport insecure smartcard backup fix to 2.2.x

Bug: https://bugs.gentoo.org/923248
Signed-off-by: Sam James  gentoo.org>

 .../gnupg-2.2.42-bug923248-insecure-backup.patch   | 292 +
 app-crypt/gnupg/gnupg-2.2.42-r2.ebuild | 182 +
 2 files changed, 474 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch 
b/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch
new file mode 100644
index ..76d6d94c40b1
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.42-bug923248-insecure-backup.patch
@@ -0,0 +1,292 @@
+https://bugs.gentoo.org/923248
+https://dev.gnupg.org/T6944
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=3b69d8bf7146b8d10737d0cfea9c97affc60ad73
+
+From 3b69d8bf7146b8d10737d0cfea9c97affc60ad73 Mon Sep 17 00:00:00 2001
+From: Werner Koch 
+Date: Wed, 24 Jan 2024 11:29:24 +0100
+Subject: [PATCH] gpg: Fix leftover unprotected card backup key.
+
+* agent/command.c (cmd_learn): Add option --reallyforce.
+* agent/findkey.c (agent_write_private_key): Implement reallyforce.
+Also add arg reallyforce and pass it along the call chain.
+
+* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
+special force value.
+* g10/keygen.c (card_store_key_with_backup): Use that force value.
+--
+
+This was a regression in 2.2.42.  We took the easy path to fix it by
+getting the behaviour back to what we did prior to 2.2.42.  With GnuPG
+2.4.4 we use an entire different and safer approach by introducing an
+ephemeral private key store.
+
+GnuPG-bug-id: 6944
+--- a/agent/agent.h
 b/agent/agent.h
+@@ -422,7 +422,8 @@ void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
+ gpg_error_t agent_modify_description (const char *in, const char *comment,
+   const gcry_sexp_t key, char **result);
+ int agent_write_private_key (const unsigned char *grip,
+- const void *buffer, size_t length, int force,
++ const void *buffer, size_t length,
++ int force, int reallyforce,
+  const char *serialno, const char *keyref,
+  const char *dispserialno, time_t timestamp);
+ gpg_error_t agent_key_from_file (ctrl_t ctrl,
+@@ -548,6 +549,7 @@ gpg_error_t s2k_hash_passphrase (const char *passphrase, 
int hashalgo,
+ gpg_error_t agent_write_shadow_key (const unsigned char *grip,
+ const char *serialno, const char *keyid,
+ const unsigned char *pkbuf, int force,
++int reallyforce,
+ const char *dispserialno);
+ 
+ 
+@@ -628,7 +630,8 @@ void agent_card_killscd (void);
+ 
+ 
+ /*-- learncard.c --*/
+-int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int 
force);
++int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context,
++int force, int reallyforce);
+ 
+ 
+ /*-- cvt-openpgp.c --*/
+--- a/agent/command-ssh.c
 b/agent/command-ssh.c
+@@ -2499,7 +2499,7 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char 
**cardsn)
+ 
+   /* (Shadow)-key is not available in our key storage.  */
+   agent_card_getattr (ctrl, "$DISPSERIALNO", );
+-  err = agent_write_shadow_key (grip, serialno, authkeyid, pkbuf, 0,
++  err = agent_write_shadow_key (grip, serialno, authkeyid, pkbuf, 0, 0,
+ dispserialno);
+   xfree (dispserialno);
+   if (err)
+@@ -3159,7 +3159,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t 
*spec,
+ 
+   /* Store this key to our key storage.  We do not store a creation
+* timestamp because we simply do not know.  */
+-  err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0,
++  err = agent_write_private_key (key_grip_raw, buffer, buffer_n, 0, 0,
+  NULL, NULL, NULL, 0);
+   if (err)
+ goto out;
+--- a/agent/command.c
 b/agent/command.c
+@@ -1042,7 +1042,7 @@ cmd_readkey (assuan_context_t ctx, char *line)
+   /* Shadow-key is or is not available in our key storage.  In
+* any case we need to check whether we need to update with
+* a new display-s/n or whatever.  */
+-  rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0,
++  rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0, 0,
+dispserialno);
+   if (rc)
+ goto leave;
+@@ -1855,16 +1855,18 @@ cmd_learn (assuan_context_t ctx, char *line)
+ {
+   ctrl_t ctrl =

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2022-10-14 Thread Sam James 
commit: 427c50c7e83f2a469b3ce8ba91294142f66155ac
Author: Sam James  gentoo  org>
AuthorDate: Fri Oct 14 18:59:55 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Fri Oct 14 19:04:15 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=427c50c7

app-crypt/gnupg: add 2.2.40

Signed-off-by: Sam James  gentoo.org>

 app-crypt/gnupg/Manifest   |   2 +
 .../files/gnupg-2.2.40-fix-no-ldap-build.patch |  36 +
 app-crypt/gnupg/gnupg-2.2.40.ebuild| 166 +
 3 files changed, 204 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index fdb506e83ca5..c9cfff783a16 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,4 +1,6 @@
 DIST gnupg-2.2.39.tar.bz2 7290098 BLAKE2B 
a9e31830f3ef9ec6d8d461a85fcbe4b91bcac9607d3b5f13f5edc0c54505afb6c6c119cd397023b1378d96c7d0f15c0d60da1d15721e9a18eb3ea8c7b69fba83
 SHA512 
73f881c12c82010aeaada500517ff39ab22b27ff21b1248bc2228b60a2d75385a44a53c5cfadb8f6b84ef22ad9db0105096b6620fb689560809b324019713940
 DIST gnupg-2.2.39.tar.bz2.sig 119 BLAKE2B 
584d7d36671670ac507948257e9c6be556ed2a2d3c0100bb2746edfe96df5ee1d4c6172fe0cae39d85fc290097bc5f6e1b351debc8ec2f5cc78047354fbed016
 SHA512 
6f7d7c2d1fae706b03c735cf453976c3aebef3f23659426f39a88c63d979f4d873ae09280d75dee9000805468d2a7f49d348609061939000f7cedf34ec5c6019
+DIST gnupg-2.2.40.tar.bz2 7301631 BLAKE2B 
c9a077e28b22888573bdd12029205eb5f79a463a297e400a623bc86a39eeb6454cd884d05bd96734998613c695f2c9dcc68963c7275b89938ac38ddc7ba1e229
 SHA512 
4c2f5fbf37ba6fbad0045aad23129186963010c673ea0b81801adc4f98efe14d6c7228e22815b6b26307c1fe5bb51cd088aa6a0f06a9325d3c021849ef81c594
+DIST gnupg-2.2.40.tar.bz2.sig 119 BLAKE2B 
baaffad8203169fca54be031b3c77f818ecf973c73b9389cb3cbcd8217ae8a6018f0d3d4d2d5b6f0611f7643b78467f91902add3107e9538273607c6ba3a49bf
 SHA512 
fccc06c709450d58e64716c505cd79556edac440462613c47c6ec78714355425c045418946b4b4b2a5c79e33e0e75b20f0699ae6de9921add4877fd6c8cc2d64
 DIST gnupg-2.3.7.tar.bz2 7599853 BLAKE2B 
3e9e33c8357222f42cc0e2af538e9f1f1f0453f35d790aaadf47ce9df24229efa91457b6014b34f19084448a3a6603c82e7d07714b89a68c6a84a08af6fa0e02
 SHA512 
c7fe169050ef17051cdaac9ad476e7ea792483baad1208fc359d568fa9e138d920ecaa2cd9cae73b20f5472a7d8ca6540a62062ff7a06055cc656b0eb4b917b9
 DIST gnupg-2.3.7.tar.bz2.sig 119 BLAKE2B 
c2652adf203bc828ed0aaf778542e990028156c16b435cd35aa6fe57ca0a5b798087c98e16589685c8ab9b8b92e16c3f7d4da56a4b1209b9adf2c24ea548ae6e
 SHA512 
0257034b3e7ac390dadb151c656ff59822dacedaddca4ad6b5980b3e03a468ada47553e6a1fcff6a12c64ae2f9c15b245df855cd424b010041df8db9a1b8

diff --git a/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch 
b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch
new file mode 100644
index ..3ab9c0cba902
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch
@@ -0,0 +1,36 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7011286ce6e1fb56c2989fdafbd11b931c489faa
+
+From 7011286ce6e1fb56c2989fdafbd11b931c489faa Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Fri, 14 Oct 2022 09:58:41 +0900
+Subject: [PATCH] dirmngr: Fix build with no LDAP support.
+
+* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize.
+
+--
+
+GnuPG-bug-id: 6239
+Signed-off-by: NIIBE Yutaka 
+---
+ dirmngr/server.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/dirmngr/server.c b/dirmngr/server.c
+index 04ebfd317..98f354300 100644
+--- a/dirmngr/server.c
 b/dirmngr/server.c
+@@ -3137,8 +3137,10 @@ start_command_handler (assuan_fd_t fd, unsigned int 
session_id)
+ctrl->refcount);
+   else
+ {
++#if USE_LDAP
+   ks_ldap_free_state (ctrl->ks_get_state);
+   ctrl->ks_get_state = NULL;
++#endif
+   release_ctrl_ocsp_certs (ctrl);
+   xfree (ctrl->server_local);
+   dirmngr_deinit_default_ctrl (ctrl);
+-- 
+2.11.0
+
+

diff --git a/app-crypt/gnupg/gnupg-2.2.40.ebuild 
b/app-crypt/gnupg/gnupg-2.2.40.ebuild
new file mode 100644
index ..aad9c21dbc70
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.40.ebuild
@@ -0,0 +1,166 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should:
+# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
+# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
+# (find the one for the current release then subscribe to it +
+# any subsequent ones linked within so you're covered for a while.)
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+inherit flag-o-matic systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/;
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3+"
+SLOT="0"

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2022-04-25 Thread Sam James 
commit: e67bb84b2c008c569b7e1113260b3ca029b266bb
Author: Sam James  gentoo  org>
AuthorDate: Mon Apr 25 15:45:11 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Mon Apr 25 15:45:56 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e67bb84b

app-crypt/gnupg: backport 2.3.5 hang fix

Closes: https://bugs.gentoo.org/840746
Signed-off-by: Sam James  gentoo.org>

 .../files/gnupg-2.3.5-fix-buffering-hang.patch |  52 +++
 app-crypt/gnupg/gnupg-2.3.5-r2.ebuild  | 162 +
 2 files changed, 214 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch 
b/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch
new file mode 100644
index ..3ff8d2afcf6f
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.3.5-fix-buffering-hang.patch
@@ -0,0 +1,52 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=2fc91e15c6bebb203162cc8445e68ee4ff934885;hp=2848fe4c84e5ee20ccd90f0ef4c9f78c6801e1f6
+https://bugs.gentoo.org/840746
+
+From: NIIBE Yutaka 
+Date: Mon, 25 Apr 2022 17:37:32 +0900
+Subject: [PATCH 1/1] common:iobuf: Exclude cases with
+ IOBUF_INPUT_TEMP/IOBUF_OUTPUT_TEMP.
+
+* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP.
+(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP.
+
+--
+
+GnuPG-bug-id: 5941
+Signed-off-by: NIIBE Yutaka 
+--- a/common/iobuf.c
 b/common/iobuf.c
+@@ -2177,7 +2177,8 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
+   a->e_d.len = 0;
+ 
+   /* Hint for how full to fill iobuf internal drain buffer. */
+-  a->e_d.preferred = (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
++  a->e_d.preferred = (a->use != IOBUF_INPUT_TEMP)
++&& (buf && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
+ 
+   n = 0;
+   do
+@@ -2200,7 +2201,7 @@ iobuf_read (iobuf_t a, void *buffer, unsigned int buflen)
+  underflow to read more data into the filter's internal
+  buffer.  */
+   {
+-if (buf && n < buflen)
++if (a->use != IOBUF_INPUT_TEMP && buf && n < buflen)
+   {
+ /* Setup external drain buffer for faster moving of data
+  * (avoid memcpy). */
+@@ -2328,11 +2329,13 @@ iobuf_write (iobuf_t a, const void *buffer, unsigned 
int buflen)
+   a->e_d.len = 0;
+ 
+   /* Hint for how full to fill iobuf internal drain buffer. */
+-  a->e_d.preferred = (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
++  a->e_d.preferred = (a->use != IOBUF_OUTPUT_TEMP)
++&& (buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE);
+ 
+   do
+ {
+-  if (a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE)
++  if ((a->use != IOBUF_OUTPUT_TEMP)
++&& a->d.len == 0 && buflen >= IOBUF_ZEROCOPY_THRESHOLD_SIZE)
+   {
+ /* Setup external drain buffer for faster moving of data
+   * (avoid memcpy). */

diff --git a/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild 
b/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild
new file mode 100644
index ..d32419deb726
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.3.5-r2.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+inherit flag-o-matic systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/;
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv 
~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools 
usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND=">=dev-libs/libassuan-2.5.0
+   >=dev-libs/libgcrypt-1.9.1:=
+   >=dev-libs/libgpg-error-1.41
+   >=dev-libs/libksba-1.3.4
+   >=dev-libs/npth-1.2
+   >=net-misc/curl-7.10
+   bzip2? ( app-arch/bzip2 )
+   ldap? ( net-nds/openldap:= )
+   readline? ( sys-libs/readline:0= )
+   smartcard? ( usb? ( virtual/libusb:1 ) )
+   tofu? ( >=dev-db/sqlite-3.27 )
+   tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+   ssl? ( >=net-libs/gnutls-3.0:0= )
+   sys-libs/zlib
+"
+
+RDEPEND="${DEPEND}
+   app-crypt/pinentry
+   nls? ( virtual/libintl )
+   selinux? ( sec-policy/selinux-gpg )
+   wks-server? ( virtual/mta )"
+
+BDEPEND="virtual/pkgconfig
+   doc? ( sys-apps/texinfo )
+   nls? ( sys-devel/gettext )
+   verify-sig? ( sec-keys/openpgp-keys-gnupg )"
+
+DOCS=(
+

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2021-09-07 Thread David Seifert 
commit: 358af1feef453a02aa73ef5c281fe509bcb6ffde
Author: David Seifert  gentoo  org>
AuthorDate: Tue Sep  7 15:20:04 2021 +
Commit: David Seifert  gentoo  org>
CommitDate: Tue Sep  7 15:20:04 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=358af1fe

app-crypt/gnupg: fix USE=tofu

Bug: https://dev.gnupg.org/T5588
Acked-by: Mikle Kolyada  gentoo.org>
Signed-off-by: David Seifert  gentoo.org>

 .../gnupg/files/gnupg-2.3.0-sqlite_check.patch | 62 --
 app-crypt/gnupg/gnupg-2.3.2.ebuild | 17 +++---
 2 files changed, 6 insertions(+), 73 deletions(-)

diff --git a/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch 
b/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch
deleted file mode 100644
index dd529da7a7c..000
--- a/app-crypt/gnupg/files/gnupg-2.3.0-sqlite_check.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 58aa0e8547a29e147f3d9d1792117d96bc00ffda Mon Sep 17 00:00:00 2001
-From: Lars Wendler 
-Date: Thu, 8 Apr 2021 11:05:36 +0200
-Subject: [PATCH] gnupg: configure.ac: Fix sqlite3 detection
-
-or else --disable-sqlite has no effect and linking later fails with:
-
-  keyboxd-backend-sqlite.o: in function `show_sqlstmt.part.0':
-  backend-sqlite.c:(.text+0x42): undefined reference to `sqlite3_expanded_sql'
-
-Signed-off-by: Lars Wendler 

- configure.ac | 23 ---
- 1 file changed, 12 insertions(+), 11 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 9cf0c6a7f..d46469cbb 100644
 a/configure.ac
-+++ b/configure.ac
-@@ -969,18 +969,20 @@ AC_ARG_ENABLE(sqlite,
-[disable the use of SQLITE]),
-   try_sqlite=$enableval, try_sqlite=yes)
- 
--if test x"$use_tofu" = xyes ; then
--  if test x"$try_sqlite" = xyes ; then
-+AS_IF([test x"$try_sqlite" = xyes], [
- PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= $NEED_SQLITE_VERSION],
-  [have_sqlite=yes],
-  [have_sqlite=no])
--  fi
--  if test "$have_sqlite" = "yes"; then
--:
--AC_SUBST([SQLITE3_CFLAGS])
--AC_SUBST([SQLITE3_LIBS])
--  else
--use_tofu=no
-+AS_IF([test "$have_sqlite" = "yes"], [
-+AC_SUBST([SQLITE3_CFLAGS])
-+AC_SUBST([SQLITE3_LIBS])
-+])
-+])
-+
-+AS_IF([test "$have_sqlite" != "yes"], [
-+AS_IF([test x"$use_tofu" = xyes], [
-+  use_tofu=no
-+])
- build_keyboxd=no
- tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
- AC_MSG_WARN([[
-@@ -988,8 +990,7 @@ if test x"$use_tofu" = xyes ; then
- *** Building without SQLite support - TOFU and Keyboxd disabled
- ***
- *** $tmp]])
--  fi
--fi
-+])
- 
- AM_CONDITIONAL(SQLITE3, test "$have_sqlite" = "yes")
- 
--- 
-2.31.1
-

diff --git a/app-crypt/gnupg/gnupg-2.3.2.ebuild 
b/app-crypt/gnupg/gnupg-2.3.2.ebuild
index 3576669b399..9e1c1de7266 100644
--- a/app-crypt/gnupg/gnupg-2.3.2.ebuild
+++ b/app-crypt/gnupg/gnupg-2.3.2.ebuild
@@ -3,18 +3,19 @@
 
 EAPI=8
 
-inherit autotools flag-o-matic systemd toolchain-funcs
+inherit flag-o-matic systemd toolchain-funcs
 
 MY_P="${P/_/-}"
 
 DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
 HOMEPAGE="https://gnupg.org/;
 SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+S="${WORKDIR}/${MY_P}"
 
 LICENSE="GPL-3"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv 
~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard sqlite ssl tofu tools usb 
user-socket wks-server"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb 
user-socket wks-server"
 
 # Existence of executables is checked during configuration.
 DEPEND=">=dev-libs/libassuan-2.5.0
@@ -27,7 +28,7 @@ DEPEND=">=dev-libs/libassuan-2.5.0
ldap? ( net-nds/openldap )
readline? ( sys-libs/readline:0= )
smartcard? ( usb? ( virtual/libusb:1 ) )
-   sqlite? ( >=dev-db/sqlite-3.27 )
+   tofu? ( >=dev-db/sqlite-3.27 )
ssl? ( >=net-libs/gnutls-3.0:0= )
sys-libs/zlib
 "
@@ -42,10 +43,6 @@ BDEPEND="virtual/pkgconfig
doc? ( sys-apps/texinfo )
nls? ( sys-devel/gettext )"
 
-S="${WORKDIR}/${MY_P}"
-
-REQUIRED_USE="tofu? ( sqlite )"
-
 DOCS=(
ChangeLog NEWS README THANKS TODO VERSION
doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
@@ -53,14 +50,11 @@ DOCS=(
 
 PATCHES=(

"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-   "${FILESDIR}/${PN}-2.3.0-sqlite_check.patch"
 )
 
 src_prepare() {
default
 
-   eautoreconf
-
# Inject SSH_AUTH_SOCK into user's sessions after enabling 
gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
#

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2021-06-12 Thread Lars Wendler 
commit: 16b8804428d68538b75e21a597ab687830787097
Author: Lars Wendler  gentoo  org>
AuthorDate: Sat Jun 12 22:35:44 2021 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Sat Jun 12 22:37:03 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16b88044

app-crypt/gnupg: Fixed build with USE="-ldap"

Removed "scd-shared-access" USE flag as this finally went into a release

Closes: https://bugs.gentoo.org/795669
Signed-off-by: Lars Wendler  gentoo.org>

 .../gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch| 36 ++
 app-crypt/gnupg/gnupg-2.2.28.ebuild| 13 ++--
 2 files changed, 39 insertions(+), 10 deletions(-)

diff --git a/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch 
b/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch
new file mode 100644
index 000..86e83de8ec3
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch
@@ -0,0 +1,36 @@
+From c8b2162c0e7eb42b74811b7ed225fa0f56be4083 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Fri, 11 Jun 2021 10:30:02 +0900
+Subject: [PATCH] dirmngir: Fix build with --disable-ldap.
+
+* dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]:
+Conditionalize.
+
+--
+
+Reported-by: Phil Pennock
+Signed-off-by: NIIBE Yutaka 
+---
+ dirmngr/dirmngr.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
+index 04fe9e238..6a818cabc 100644
+--- a/dirmngr/dirmngr.c
 b/dirmngr/dirmngr.c
+@@ -736,6 +736,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+ case oRecursiveResolver: enable_recursive_resolver (1); break;
+ 
+ case oLDAPServer:
++#if USE_LDAP
+   {
+ ldap_server_t server;
+ char *p;
+@@ -757,6 +758,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+ opt.ldapservers = server;
+   }
+   }
++#endif
+   break;
+ 
+ case oKeyServer:

diff --git a/app-crypt/gnupg/gnupg-2.2.28.ebuild 
b/app-crypt/gnupg/gnupg-2.2.28.ebuild
index f03938727e3..0f4396fc399 100644
--- a/app-crypt/gnupg/gnupg-2.2.28.ebuild
+++ b/app-crypt/gnupg/gnupg-2.2.28.ebuild
@@ -9,13 +9,12 @@ MY_P="${P/_/-}"
 
 DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
 HOMEPAGE="https://gnupg.org/;
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2
-   scd-shared-access? ( 
https://raw.githubusercontent.com/GPGTools/MacGPG2/5ca182f54b7b6cd635d1c0a4713953834489fdd9/patches/gnupg/scdaemon_shared-access.patch
 -> ${PN}-2.2.16-scdaemon_shared-access.patch )"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
 
 LICENSE="GPL-3"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv 
~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline scd-shared-access selinux +smartcard ssl 
tofu tools usb user-socket wks-server"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb 
user-socket wks-server"
 
 # Existence of executables is checked during configuration.
 DEPEND=">=dev-libs/libassuan-2.5.0
@@ -51,18 +50,12 @@ DOCS=(
 
 PATCHES=(

"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+   "${FILESDIR}/${P}-dirmngr_ldap.patch" #795669
 )
 
 src_prepare() {
default
 
-   # Made optional because it's a non-official patch
-   if use scd-shared-access ; then
-   # Patch taken from
-   # https://github.com/GPGTools/MacGPG2/tree/dev/patches/gnupg
-   eapply "${DISTDIR}/${PN}-2.2.16-scdaemon_shared-access.patch"
-   fi
-
# Inject SSH_AUTH_SOCK into user's sessions after enabling 
gpg-agent-ssh.socket in systemctl --user mode,
# idea borrowed from libdbus, see
#   
https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2021-02-07 Thread Mikle Kolyada 
commit: 810410a8c6b411bd8b1ac60ceb28d37af27256b1
Author: Mikle Kolyada  gentoo  org>
AuthorDate: Sun Feb  7 14:26:17 2021 +
Commit: Mikle Kolyada  gentoo  org>
CommitDate: Sun Feb  7 14:26:53 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=810410a8

app-crypt/gnupg: Drop old

Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Mikle Kolyada  gentoo.org>

 app-crypt/gnupg/Manifest   |   2 -
 ...20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch |  35 -
 app-crypt/gnupg/gnupg-2.2.20-r2.ebuild | 159 
 app-crypt/gnupg/gnupg-2.2.26.ebuild| 160 -
 4 files changed, 356 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 263c8a5752d..4f8d716e719 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,5 +1,3 @@
 DIST gnupg-2.2.16-scdaemon_shared-access.patch 2586 BLAKE2B 
42fd5482c4e86751ce62836125997c2295c44bc5db0671a06460fd306b2ed93f290fb898fc1b1e463a863eddf9ab5f99ea3c90a55499ef45ca1ed6edf2854663
 SHA512 
38abaa4200114ae6b6f220fabc0a84a056761949c97bd0564557f4411a299b9a1939893555c27e26da2d8e8da4bc97a298fa7e68f1e80fe99c3f88cc329eaa84
-DIST gnupg-2.2.20.tar.bz2 6786913 BLAKE2B 
43cf9402a26e67d6c7c2444eb2faaee3f06ea0bf6c07708a50834c5d7424db2f9c38e1f0046dd3a35082abc08d401b2951655e7e068f0873db297560b87d2667
 SHA512 
3e69f102366ec3415f439ab81aae2458182fa1a18dfb86565b1d9dc638f3fc4c179a5947f0042b7c5a813345676285a662793664a1803ea9ad8328f0548e0edc
 DIST gnupg-2.2.25.tar.bz2 7195857 BLAKE2B 
c930edf9259a0e1c508af8d76a86f979860adfe2c525020b37d3741679200f96483f0ad8bc1f72e2dbf7fe77696cd04d4272a2ee23e4c4abe1ed6ba88b95f365
 SHA512 
ab1d7cc9d8be3e7189bc4bea431b9d5db313cbd1739823950f32fbb611b2f4374889f444efbf43ce1fbf498b9865d7e6e953cd4c86d58fd688f63923c434ea2c
-DIST gnupg-2.2.26.tar.bz2 7189254 BLAKE2B 
f51dd18f6fe327573769d1581ab49bfbca6a56973f6115a68d11e79f52f4b9bdd717ff027800cd1d52fca56abcffa80ee025b49a6af3914f60decdad1e1585ba
 SHA512 
5e9482e126c32c836064b125a18b109f0d3c96892474d3fb47dd791350cccefc56f9a5dfbd54504716487a93d9f71de2493bdfef92e29964b5bfe28b0053c265
 DIST gnupg-2.2.27.tar.bz2 7191555 BLAKE2B 
d652aad382cf07cc458b29ff82718edd47457d8236dcbeee51f22d88503be141f009e9ea45b6dafe614115d9558fe371509579e58ce17a5f04540a31aa406ea3
 SHA512 
cf336962116c9c08ac80b1299654b94948033ef51d6d5e7f54c2f07bbf7d92c7b0bddb606ceee2cdd837063f519b8d59af5a82816b840a0fc47d90c07b0e95ab

diff --git 
a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
 
b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
deleted file mode 100644
index 14a1913b3a0..000
--- 
a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 109d16e8f644da97ed9c00e6f9010a53097f587a Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka 
-Date: Mon, 13 Jul 2020 10:00:58 +0900
-Subject: [PATCH] dirmngr: Handle EAFNOSUPPORT at connect_server.
-
-* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
-
---
-
-GnuPG-bug-id: 4977
-Signed-off-by: NIIBE Yutaka 

- dirmngr/http.c | 9 +
- 1 file changed, 9 insertions(+)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index f26675f9b..50b9b732b 100644
 a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -3005,6 +3005,15 @@ connect_server (ctrl_t ctrl, const char *server, 
unsigned short port,
-   sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
-   if (sock == ASSUAN_INVALID_FD)
- {
-+  if (errno == EAFNOSUPPORT)
-+{
-+  if (ai->family == AF_INET)
-+v4_valid = 0;
-+  if (ai->family == AF_INET6)
-+v6_valid = 0;
-+  continue;
-+}
-+
-   err = gpg_err_make (default_errsource,
-   gpg_err_code_from_syserror ());
-   log_error ("error creating socket: %s\n", gpg_strerror (err));

diff --git a/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild 
b/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild
deleted file mode 100644
index 25d0a11c431..000
--- a/app-crypt/gnupg/gnupg-2.2.20-r2.ebuild
+++ /dev/null
@@ -1,159 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/;
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 
sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb 
user-socket wks-server"
-
-# Existence of

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2020-09-03 Thread Mikle Kolyada 
commit: 47d9576076ddd37b4fe05550969b8b9e029dc9da
Author: Mikle Kolyada  gentoo  org>
AuthorDate: Thu Sep  3 20:10:50 2020 +
Commit: Mikle Kolyada  gentoo  org>
CommitDate: Thu Sep  3 20:10:50 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47d95760

app-crypt/gnupg: Drop old

Package-Manager: Portage-3.0.4, Repoman-2.3.23
Signed-off-by: Mikle Kolyada  gentoo.org>

 app-crypt/gnupg/Manifest   |   2 -
 .../gnupg/files/gnupg-2.2.22-card-status.patch |  20 ---
 app-crypt/gnupg/gnupg-2.2.21.ebuild| 165 -
 app-crypt/gnupg/gnupg-2.2.22-r1.ebuild | 165 -
 4 files changed, 352 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 57c6cc33249..a1bd0368bda 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,4 +1,2 @@
 DIST gnupg-2.2.20.tar.bz2 6786913 BLAKE2B 
43cf9402a26e67d6c7c2444eb2faaee3f06ea0bf6c07708a50834c5d7424db2f9c38e1f0046dd3a35082abc08d401b2951655e7e068f0873db297560b87d2667
 SHA512 
3e69f102366ec3415f439ab81aae2458182fa1a18dfb86565b1d9dc638f3fc4c179a5947f0042b7c5a813345676285a662793664a1803ea9ad8328f0548e0edc
-DIST gnupg-2.2.21.tar.bz2 6813160 BLAKE2B 
b4708fd34c23dec8ec5be0740a502d155b649b4c88a89e5cc6f3cb99a15f7c6e31c50247ccacfedad55600dac3e7f91a8567424d335ab5e537082261dc98aceb
 SHA512 
b4eac75253d4a1cac341c8a1ba7bb275e849a88d537703549c7bcd49b5a4c91b77000311695eb7d4083856975b2b2d14518f24ab94846027280bd8c301f9
-DIST gnupg-2.2.22.tar.bz2 7098444 BLAKE2B 
b5f306485032acadc852f4f71f2e968795843faacd5dda24ed2b20df78a3d38a364c2feade7ef8389a203e8b037fbb92129207cbc6d60b89cfb0945dded56a97
 SHA512 
3e5a8bb91c122f97acee2a93e3233db89bff9b96c6ec052c95bd2fe7e46c79a8afaac536c05675a7129e332272d62c677722a12cb05386b54a8d12ef82b6c5fa
 DIST gnupg-2.2.23.tar.bz2 7099806 BLAKE2B 
0b9c1f5c8931399cfd9d95f107f91869733c4a986476ea43631b4265b1a5c26cfb8c9bb24ef6a295af7aa803749caaedde26365f6f50a7c946c1f86c867d855d
 SHA512 
736b39628f7e4adc650b3f9937c81f27e9ad41e77f5345dc54262c91c1cf7004243fa7f932313bcde955e0e9b3f1afc639bac18023ae878b1d26e3c5a3cabb90

diff --git a/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch 
b/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch
deleted file mode 100644
index 1a01e5ddbc5..000
--- a/app-crypt/gnupg/files/gnupg-2.2.22-card-status.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 8a1d30d5b..ccc360fc8 100644
 a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -2357,10 +2357,15 @@ verify_chv2 (app_t app,
-   int rc;
-   char *pinvalue;
-   int pinlen;
-+  int i;
- 
-   if (app->did_chv2)
- return 0;  /* We already verified CHV2.  */
- 
-+  /* Make sure we have load the public keys.  */
-+  for (i = 0; i < 3; i++)
-+get_public_key (app, i);
-+
-   if (app->app_local->pk[1].key || app->app_local->pk[2].key)
- {
-   rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, , );

diff --git a/app-crypt/gnupg/gnupg-2.2.21.ebuild 
b/app-crypt/gnupg/gnupg-2.2.21.ebuild
deleted file mode 100644
index e41bbd94151..000
--- a/app-crypt/gnupg/gnupg-2.2.21.ebuild
+++ /dev/null
@@ -1,165 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic systemd toolchain-funcs
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/;
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv 
~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos 
~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb 
user-socket wks-server"
-
-# Existence of executables is checked during configuration.
-DEPEND=">=dev-libs/libassuan-2.5.0
-   >=dev-libs/libgcrypt-1.7.3
-   >=dev-libs/libgpg-error-1.28
-   >=dev-libs/libksba-1.3.4
-   >=dev-libs/npth-1.2
-   >=net-misc/curl-7.10
-   bzip2? ( app-arch/bzip2 )
-   ldap? ( net-nds/openldap )
-   readline? ( sys-libs/readline:0= )
-   smartcard? ( usb? ( virtual/libusb:1 ) )
-   ssl? ( >=net-libs/gnutls-3.0:0= )
-   sys-libs/zlib
-   tofu? ( >=dev-db/sqlite-3.7 )"
-
-RDEPEND="${DEPEND}
-   app-crypt/pinentry
-   nls? ( virtual/libintl )
-   selinux? ( sec-policy/selinux-gpg )
-   wks-server? ( virtual/mta )"
-
-BDEPEND="virtual/pkgconfig
-   doc? ( sys-apps/texinfo )
-   nls? ( sys-devel/gettext )"
-
-S="${WORKDIR}/${MY_P}"
-
-DOCS=(
-   ChangeLog NEWS README THANKS TODO VERSION
-   doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-   
"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
-

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2020-08-14 Thread Thomas Deutschmann 
commit: f880165f3ad8531f8b185108094f46a47c9e2fb4
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Fri Aug 14 23:57:39 2020 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Fri Aug 14 23:57:55 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f880165f

app-crypt/gnupg: fix dirmngr for non-IPv6 enabled hosts

Package-Manager: Portage-3.0.2, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann  gentoo.org>

 ...20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch | 35 ++
 ...{gnupg-2.2.20.ebuild => gnupg-2.2.20-r1.ebuild} |  1 +
 2 files changed, 36 insertions(+)

diff --git 
a/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
 
b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
new file mode 100644
index 000..14a1913b3a0
--- /dev/null
+++ 
b/app-crypt/gnupg/files/gnupg-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch
@@ -0,0 +1,35 @@
+From 109d16e8f644da97ed9c00e6f9010a53097f587a Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Mon, 13 Jul 2020 10:00:58 +0900
+Subject: [PATCH] dirmngr: Handle EAFNOSUPPORT at connect_server.
+
+* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
+
+--
+
+GnuPG-bug-id: 4977
+Signed-off-by: NIIBE Yutaka 
+---
+ dirmngr/http.c | 9 +
+ 1 file changed, 9 insertions(+)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index f26675f9b..50b9b732b 100644
+--- a/dirmngr/http.c
 b/dirmngr/http.c
+@@ -3005,6 +3005,15 @@ connect_server (ctrl_t ctrl, const char *server, 
unsigned short port,
+   sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
+   if (sock == ASSUAN_INVALID_FD)
+ {
++  if (errno == EAFNOSUPPORT)
++{
++  if (ai->family == AF_INET)
++v4_valid = 0;
++  if (ai->family == AF_INET6)
++v6_valid = 0;
++  continue;
++}
++
+   err = gpg_err_make (default_errsource,
+   gpg_err_code_from_syserror ());
+   log_error ("error creating socket: %s\n", gpg_strerror (err));

diff --git a/app-crypt/gnupg/gnupg-2.2.20.ebuild 
b/app-crypt/gnupg/gnupg-2.2.20-r1.ebuild
similarity index 98%
rename from app-crypt/gnupg/gnupg-2.2.20.ebuild
rename to app-crypt/gnupg/gnupg-2.2.20-r1.ebuild
index 35dc9274af9..ec52f664069 100644
--- a/app-crypt/gnupg/gnupg-2.2.20.ebuild
+++ b/app-crypt/gnupg/gnupg-2.2.20-r1.ebuild
@@ -51,6 +51,7 @@ DOCS=(
 
 PATCHES=(

"${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+   "${FILESDIR}/${PN}-2.2.20-fix-dirmngr-for-non-ipv6-enabled-hosts.patch"
 )
 
 src_prepare() {

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2019-04-09 Thread Robin H. Johnson 
commit: 4b084d956b9bc167ec1887cb7717573b5a4f077d
Author: Robin H. Johnson  gentoo  org>
AuthorDate: Tue Apr  9 17:49:17 2019 +
Commit: Robin H. Johnson  gentoo  org>
CommitDate: Tue Apr  9 17:50:20 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b084d95

app-crypt/gnupg: bump

Also adds one-line delta patch for --quiet in --send-key, submitted to
upstream for inclusion.

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Robin H. Johnson  gentoo.org>

 app-crypt/gnupg/Manifest   |   1 +
 .../gnupg/files/gnupg-2.2.14-quiet-sending.patch   |  34 +
 app-crypt/gnupg/gnupg-2.2.15.ebuild| 137 +
 3 files changed, 172 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index d9d42130a4f..ffc0c9cfd34 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 BLAKE2B 
0c26c9c3aeae2bf2eafa858bc3bd15cc2702bc
 DIST gnupg-2.2.10.tar.bz2 6659484 BLAKE2B 
d0270ca40bd70fe113fa4283c307d7d04370beec77ffba0abb7862defdab2d5a82b1508284961e30e7d0aab82bffdf09fe796741603e843a062073f179f0bfc2
 SHA512 
a4477828f268fa69125cf1822f8a721e67f8f4008bd9817b701989393bd93689aac8fee1f4d34d918911d53afabdcbb1c84d40e8a4489d7a29b5a769d330fddd
 DIST gnupg-2.2.12.tar.bz2 6682303 BLAKE2B 
8470ab8bf386d3524ce57ef1a1f6ac74d8cf2d7c35062b95c668b37586603c8e0817e410f4a0a807256e42896c6897b7118b29e471184b2fa871ad4ba048
 SHA512 
30de9757bb60a5cb6bf0dc2c8da5f4742c54affec3fcd0bcbf66f28f2812149afec5db70dcb6ba592101de4bdc479d1ba0b47c53c8b8d4765ddff32fa51c26c8
 DIST gnupg-2.2.14.tar.bz2 6707735 BLAKE2B 
feedb1c776e8d43e43905e8a8c1487bd88e8effc59e94baf308cb29a5feea5d9c666c78b50147d65a259dc89af241c2a2bf07a72c417617e5238e0fdbbc2b17f
 SHA512 
9d5216dee085efe6de300579d8fb773a5a55df639d5a435708611a974df522dd60dc995fbfcaad98065475dbeb731bbba19ecc3273e78b9b45fccff640dde69b
+DIST gnupg-2.2.15.tar.bz2 6705912 BLAKE2B 
145bd174cb74c6a1180de76a6d46b40d2434ced61bb9aa3eaddeb0079cd05634529c9b062e475d3ca9d35b3af3b62b39a79ef0efbb476cb9ebb9e2099ad13ae0
 SHA512 
7c6f0092d384fd71fc7a1c905ce23ae98df42ce131ee09fc190c275f9c8d0912be344b0782244cccb5b3938322ef3cfff8ed1ec7e949e761478b8c5110dde36a

diff --git a/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch 
b/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch
new file mode 100644
index 000..1f7a561d3f7
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.14-quiet-sending.patch
@@ -0,0 +1,34 @@
+From d8db73615e68d1c549b3ed50057a49d84a31b334 Mon Sep 17 00:00:00 2001
+From: "Robin H. Johnson" 
+Date: Tue, 9 Apr 2019 10:27:11 -0700
+Subject: [PATCH] g10: support --quiet for --send-key
+
+The --recv-key command supports --quiet, but --send-key does not.
+Add support for it for parity and better scripting.
+
+Signed-off-by: Robin H. Johnson 
+---
+ g10/keyserver.c | 7 ---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 66900f7a9..e5fc011c0 100644
+--- a/g10/keyserver.c
 b/g10/keyserver.c
+@@ -1814,9 +1814,10 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs)
+ log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err));
+   else
+ {
+-  log_info (_("sending key %s to %s\n"),
+-keystr (keyblock->pkt->pkt.public_key->keyid),
+-ksurl?ksurl:"[?]");
++if (!opt.quiet)
++log_info (_("sending key %s to %s\n"),
++  keystr (keyblock->pkt->pkt.public_key->keyid),
++  ksurl?ksurl:"[?]");
+ 
+   err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock);
+   release_kbnode (keyblock);
+-- 
+2.21.0
+

diff --git a/app-crypt/gnupg/gnupg-2.2.15.ebuild 
b/app-crypt/gnupg/gnupg-2.2.15.ebuild
new file mode 100644
index 000..1c68f3982ce
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.2.15.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic systemd toolchain-funcs
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/;
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux 
~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris 
~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl tofu tools usb 
user-socket wks-server"
+
+# Existence of executables is checked during configuration.
+DEPEND="!app-crypt/dirmngr
+   >=dev-libs/libassuan-2.5.0
+   >=dev-libs/libgcrypt-1.7.3
+   >=dev-libs/libgpg-error-1.28
+   >=dev-libs/libksba-1.3.4
+   >=dev-libs/npth-1.2
+   >=net-misc/curl-7.10
+   bzip2? (

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2017-09-19 Thread Kristian Fiskerstrand 
commit: 20305658504c61cf1357b235226bc5c66e97752d
Author: Kristian Fiskerstrand  gentoo  org>
AuthorDate: Tue Sep 19 08:16:18 2017 +
Commit: Kristian Fiskerstrand  gentoo  org>
CommitDate: Tue Sep 19 08:17:08 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20305658

app-crypt/gnupg: New upstream version 2.2.1

Cherry-pick patch from master to allow for parallel tests
with tofu disabled

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 app-crypt/gnupg/Manifest   |   1 +
 .../gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch   |  85 ++
 app-crypt/gnupg/gnupg-2.2.1.ebuild | 129 +
 3 files changed, 215 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index fb6e09fc21f..548961ab9fe 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 
6b47a3100c857dcab3c60e6152e56a997f2c786
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 
c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 
69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1
 WHIRLPOOL 
4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 
24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 
14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9
 WHIRLPOOL 
fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
 DIST gnupg-2.2.0.tar.bz2 6532475 SHA256 
d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6 SHA512 
8ab7c4183d2ec2e6b62066e3cbcba95babaa0ae22da47feab716698792d26495f072d50e8ec612b8d26147636bb316320c78940184373b3f4cb6ec411933361b
 WHIRLPOOL 
c918b6a7e40ff170e1ff3b77978cb7f0d9298a3410204677955dc167b114a1f85d32deaca4f006c2bd621f532379ca9631b96913bf660394a82ab4ee0bbbaecb
+DIST gnupg-2.2.1.tar.bz2 6537959 SHA256 
34d70cd65b9c95f3f2f90a9f5c1e0b6a0fe039a8d685e2d66d69c33d1cbf62fb SHA512 
fcda7ea360d9928bf9e410afe3806ee0692dd533443b0c0e050605a9e2e37ec16f3c60a30b30ab137155327bc1f5d2107f1e792582e3ad245b47bf39a1a61a8f
 WHIRLPOOL 
032d26c79aebcda3529f7cfcdec467e1058d19fa939eae48fd086e7c9f585a7b02dc9e6fb04a342fab845b9eb0d51c3bc2cca4a4d9677683a23bdd5c479b4eba

diff --git a/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch 
b/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch
new file mode 100644
index 000..6a2c18e9b63
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch
@@ -0,0 +1,85 @@
+From eeb3da6eb717ed6a1a1069a7611eb37503e8672d Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Tue, 19 Sep 2017 12:28:43 +0900
+Subject: [PATCH 2/3] common: Fix gnupg_wait_processes.
+
+* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
+even if we already see an error.
+
+--
+
+The value stored by waitpid for exit code is encoded;  It requires
+decoded by WEXITSTATUS macro, regardless of an error.
+
+For example, when one of processes is already exited and another is
+still running, it resulted wrong value of in r_exitcodes[n].
+
+Signed-off-by: NIIBE Yutaka 
+---
+ common/exechelp-posix.c | 50 +
+ 1 file changed, 26 insertions(+), 24 deletions(-)
+
+diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
+index 7237993a2..3acf74ad6 100644
+--- a/common/exechelp-posix.c
 b/common/exechelp-posix.c
+@@ -784,30 +784,32 @@ gnupg_wait_processes (const char **pgmnames, pid_t 
*pids, size_t count,
+ }
+ }
+ 
+-  if (ec == 0)
+-for (i = 0; i < count; i++)
+-  {
+-if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
+-  {
+-log_error (_("error running '%s': probably not installed\n"),
+-   pgmnames[i]);
+-ec = GPG_ERR_CONFIGURATION;
+-  }
+-else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]))
+-  {
+-if (dummy)
+-  log_error (_("error running '%s': exit status %d\n"),
+- pgmnames[i], WEXITSTATUS (r_exitcodes[i]));
+-else
+-  r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]);
+-ec = GPG_ERR_GENERAL;
+-  }
+-else if (!WIFEXITED (r_exitcodes[i]))
+-  {
+-log_error (_("error running '%s': terminated\n"), pgmnames[i]);
+-ec = GPG_ERR_GENERAL;
+-  }
+-  }
++  for (i = 0; i < count; i++)
++{
++  if (r_exitcodes[i] == -1)
++continue;
++
++  if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
++{
++  log_error (_("error running

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2017-09-16 Thread Kristian Fiskerstrand 
commit: c8b7f9b5493547c2df4936df7fdab818bb69e1c3
Author: Kristian Fiskerstrand  gentoo  org>
AuthorDate: Sat Sep 16 11:12:47 2017 +
Commit: Kristian Fiskerstrand  gentoo  org>
CommitDate: Sat Sep 16 11:12:58 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8b7f9b5

app-crypt/gnupg: Cleanup 2.1.23

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 app-crypt/gnupg/Manifest   |   1 -
 1.23-gpg-default-to-no-auto-key-retrieve.patch |  71 
 app-crypt/gnupg/gnupg-2.1.23-r1.ebuild | 124 -
 3 files changed, 196 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 8243dab73fe..fb6e09fc21f 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -1,5 +1,4 @@
 DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 
6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276 SHA512 
619e0fbc10310c7e55d129027e2945791fe91a0884b1d6f53acb4b2e380d1c6e71d1a516a59876182c5c70a4227d44a74ceda018c343b5291fa9a5d6de77c984
 WHIRLPOOL 
eb596be347dd90be93d381fe405e50f5808160b546705493bc9d817d521ea236a2374648e6c2cab396f54bba74de4caf2b92e894df3a17aa339f014ef8cc8802
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 
c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 
69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1
 WHIRLPOOL 
4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 
24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 
14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9
 WHIRLPOOL 
fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
-DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 
a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 
8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412
 WHIRLPOOL 
deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14
 DIST gnupg-2.2.0.tar.bz2 6532475 SHA256 
d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6 SHA512 
8ab7c4183d2ec2e6b62066e3cbcba95babaa0ae22da47feab716698792d26495f072d50e8ec612b8d26147636bb316320c78940184373b3f4cb6ec411933361b
 WHIRLPOOL 
c918b6a7e40ff170e1ff3b77978cb7f0d9298a3410204677955dc167b114a1f85d32deaca4f006c2bd621f532379ca9631b96913bf660394a82ab4ee0bbbaecb

diff --git 
a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch 
b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
deleted file mode 100644
index 4cc414d18e3..000
--- 
a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001
-From: Daniel Kahn Gillmor 
-Date: Fri, 11 Aug 2017 02:26:52 -0400
-Subject: [PATCH] gpg: default to --no-auto-key-retrieve.
-
-* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
-default keyserver options.
-* doc/gpg.texi: document this change.
---
-
-This is a partial reversion of
-7e1fe791d188b078398bf83c9af992cb1bd2a4b3.  Werner and i discussed it
-earlier today, and came to the conclusion that:
-
- * the risk of metadata leakage represented by a default
-   --auto-key-retrieve, both in e-mail (as a "web bug") and in other
-   contexts where GnuPG is used to verified signatures, is quite high.
-
- * the advantages of --auto-key-retrieve (in terms of signature
-   verification) can sometimes be achieved in other ways, such as when
-   a signed message includes a copy of its own key.
-
- * when those other ways are not useful, a graphical, user-facing
-   application can still offer the user the opportunity to choose to
-   fetch the key; or it can apply its own policy about when to set
-   --auto-key-retrieve, without needing to affect the defaults.
-
-Note that --auto-key-retrieve is specifically about signature
-verification.  Decisions about how and whether to look up a key during
-message encryption are governed by --auto-key-locate.  This change
-does not touch the --auto-key-locate default of "local,wkd".  The user
-deliberately asking gpg to encrypt to an e-mail address is a different
-scenario than having an incoming e-mail trigger a potentially unique
-network request.
-
-Signed-off-by: Daniel Kahn Gillmor 

- doc/gpg.texi | 2 +-
- g10/gpg.c| 3 +--
- 2 files changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index c71126a97..b6a9b2d70 100644
 a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2017-08-11 Thread Kristian Fiskerstrand 
commit: a12f7eafa84c6cb0cf6d643c55ef027f33b8147e
Author: Kristian Fiskerstrand  gentoo  org>
AuthorDate: Fri Aug 11 16:15:46 2017 +
Commit: Kristian Fiskerstrand  gentoo  org>
CommitDate: Fri Aug 11 16:48:26 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a12f7eaf

app-crypt/gnupg: New upstream version 2.1.23

Reverting to default of no --auto-key-retrieve as this has information
leak potential that should not be enabled in default configuration. The
change is also reverted upstream

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 app-crypt/gnupg/Manifest   |   1 +
 1.23-gpg-default-to-no-auto-key-retrieve.patch |  71 
 app-crypt/gnupg/gnupg-2.1.23.ebuild| 124 +
 3 files changed, 196 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 77cdbd2968f..07c1872aeaf 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 
6b47a3100c857dcab3c60e6152e56a997f2c786
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 
c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 
69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1
 WHIRLPOOL 
4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 
24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 
14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9
 WHIRLPOOL 
fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624
 DIST gnupg-2.1.22.tar.bz2 6530433 SHA256 
46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7 SHA512 
d2ccbf32716a701df9e4ad5c19b682daf1a02b0bf8a1751a32af6db0c9284a4ee7df91310bed1a2087911a9964cb7b7f2ca9dad32a880ed1e1465d8048605e16
 WHIRLPOOL 
3a87914898e2f164f7effa67e0e8f5ccb48aed0e9e4d65559d73783478ee509f7876ef7ef77ec9c43de2611a8a2ecdcbfbd443ab5de119203b20e316473e4e75
+DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 
a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 
8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412
 WHIRLPOOL 
deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14

diff --git 
a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch 
b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
new file mode 100644
index 000..4cc414d18e3
--- /dev/null
+++ 
b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
@@ -0,0 +1,71 @@
+From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor 
+Date: Fri, 11 Aug 2017 02:26:52 -0400
+Subject: [PATCH] gpg: default to --no-auto-key-retrieve.
+
+* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
+default keyserver options.
+* doc/gpg.texi: document this change.
+--
+
+This is a partial reversion of
+7e1fe791d188b078398bf83c9af992cb1bd2a4b3.  Werner and i discussed it
+earlier today, and came to the conclusion that:
+
+ * the risk of metadata leakage represented by a default
+   --auto-key-retrieve, both in e-mail (as a "web bug") and in other
+   contexts where GnuPG is used to verified signatures, is quite high.
+
+ * the advantages of --auto-key-retrieve (in terms of signature
+   verification) can sometimes be achieved in other ways, such as when
+   a signed message includes a copy of its own key.
+
+ * when those other ways are not useful, a graphical, user-facing
+   application can still offer the user the opportunity to choose to
+   fetch the key; or it can apply its own policy about when to set
+   --auto-key-retrieve, without needing to affect the defaults.
+
+Note that --auto-key-retrieve is specifically about signature
+verification.  Decisions about how and whether to look up a key during
+message encryption are governed by --auto-key-locate.  This change
+does not touch the --auto-key-locate default of "local,wkd".  The user
+deliberately asking gpg to encrypt to an e-mail address is a different
+scenario than having an incoming e-mail trigger a potentially unique
+network request.
+
+Signed-off-by: Daniel Kahn Gillmor 
+---
+ doc/gpg.texi | 2 +-
+ g10/gpg.c| 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index c71126a97..b6a9b2d70 100644
+--- a/doc/gpg.texi
 b/doc/gpg.texi
+@@ -1792,7 +1792,7 @@ list.  The default is "local,wkd".
+ @opindex no-auto-key-retrieve
+ These options enable or disable

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2017-05-09 Thread Kristian Fiskerstrand 
commit: 68d406d2de327f13ad3906d50c458c9727f7e024
Author: Kristian Fiskerstrand  gentoo  org>
AuthorDate: Tue May  9 12:59:22 2017 +
Commit: Kristian Fiskerstrand  gentoo  org>
CommitDate: Tue May  9 12:59:57 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68d406d2

app-crypt/gnupg: Fix regression from 2.1.19

Gentoo-Bug: 616336

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 .../gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch|  27 +
 ...g-Properly-account-for-ring-trust-packets.patch |  86 +++
 app-crypt/gnupg/gnupg-2.1.20-r1.ebuild | 122 +
 3 files changed, 235 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch 
b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch
new file mode 100644
index 000..292fc264ac8
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch
@@ -0,0 +1,27 @@
+From 692208fd6c1547cc7dd2062a1d1c9499bc0a8be4 Mon Sep 17 00:00:00 2001
+From: Justus Winter 
+Date: Mon, 8 May 2017 13:52:39 +0200
+Subject: [PATCH] gpg: Fix typo.
+
+--
+Signed-off-by: Justus Winter 
+---
+ g10/packet.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/packet.h b/g10/packet.h
+index a10495c..d42510d 100644
+--- a/g10/packet.h
 b/g10/packet.h
+@@ -623,7 +623,7 @@ struct parse_packet_ctx_s
+   iobuf_t inp;   /* The input stream with the packets.  */
+   struct packet_struct last_pkt; /* The last parsed packet.  */
+   int free_last_pkt; /* Indicates that LAST_PKT must be freed.  */
+-  int skip_meta; /* Skip right trust packets.  */
++  int skip_meta; /* Skip ring trust packets.  */
+ };
+ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+ 
+-- 
+2.10.2
+

diff --git 
a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
 
b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
new file mode 100644
index 000..58568db47d2
--- /dev/null
+++ 
b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
@@ -0,0 +1,86 @@
+From 22739433e98be80e46fe7d01d52a9627c1aebaae Mon Sep 17 00:00:00 2001
+From: Justus Winter 
+Date: Mon, 8 May 2017 14:24:00 +0200
+Subject: [PATCH] gpg: Properly account for ring trust packets.
+
+* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
+instead of counting ourself.
+* g10/packet.h (struct parse_packet_ctx_s): New field
+'n_parsed_packets'.
+(init_parse_packet): Initialize new field.
+* g10/parse-packet.c (parse): Count packets.
+--
+
+The 'keyring' keystore depends on the number of packets for delete and
+update operations.  With the rework of the ring trust packets, the
+trust packets were no longer properly accounted for leading to keyring
+corruptions.
+
+The 'keybox' store was not affected.
+
+GnuPG-bug-id: 3123
+GnuPG-bug-id: 3135
+GnuPG-bug-id: 3144
+Fixes-commit: a8895c99a7d0750132477d80cd66caaf3a709113
+Signed-off-by: Justus Winter 
+---
+ g10/keyring.c  | 4 ++--
+ g10/packet.h   | 2 ++
+ g10/parse-packet.c | 3 +++
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/g10/keyring.c b/g10/keyring.c
+index e223f0f..50f1b82 100644
+--- a/g10/keyring.c
 b/g10/keyring.c
+@@ -409,11 +409,11 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
+ pkt = xmalloc (sizeof *pkt);
+ init_packet (pkt);
+ init_parse_packet (, a);
+-hd->found.n_packets = 0;;
++hd->found.n_packets = 0;
+ lastnode = NULL;
+ save_mode = set_packet_list_mode(0);
+ while ((rc=parse_packet (, pkt)) != -1) {
+-hd->found.n_packets++;
++hd->found.n_packets = parsectx.n_parsed_packets;
+ if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) {
+   free_packet (pkt, );
+   init_packet (pkt);
+diff --git a/g10/packet.h b/g10/packet.h
+index d42510d..cf2121c 100644
+--- a/g10/packet.h
 b/g10/packet.h
+@@ -624,6 +624,7 @@ struct parse_packet_ctx_s
+   struct packet_struct last_pkt; /* The last parsed packet.  */
+   int free_last_pkt; /* Indicates that LAST_PKT must be freed.  */
+   int skip_meta; /* Skip ring trust packets.  */
++  unsigned int n_parsed_packets;  /* Number of parsed packets.  */
+ };
+ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+ 
+@@ -633,6 +634,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+ (a)->last_pkt.pkt.generic= NULL;\
+ (a)->free_last_pkt = 0; \
+ (a)->skip_meta = 0; \
++(a)->n_parsed_packets = 0;  \
+   } while (0)
+ 
+ #define deinit_parse_packet(a) do { \
+diff --git a/g10/parse-packet.c b/g10/parse-packet.c
+index fa44f83..dbb7af8 100644
+--- a/g10/parse-packet.c
 b/g10/parse-packet.c
+@@ -764,6 +764,9 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int 
onlykeypkts, off_t * retpos,
+ partial? (new_ctb ? " partial"

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2017-04-03 Thread Alon Bar-Lev 
commit: b95dfb460fcfa4e34b412d81336cd2316cdd0e2d
Author: Alon Bar-Lev  gentoo  org>
AuthorDate: Mon Apr  3 21:09:23 2017 +
Commit: Alon Bar-Lev  gentoo  org>
CommitDate: Mon Apr  3 21:09:41 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b95dfb46

app-crypt/gnupg: version bump

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 app-crypt/gnupg/Manifest   |   1 +
 ...shorter-socket-path-lengts-to-improve-tes.patch |  33 ++
 app-crypt/gnupg/gnupg-2.1.20.ebuild| 120 +
 3 files changed, 154 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 5604c65f8f2..77390597d02 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 
6b47a3100c857dcab3c60e6152e56a997f2c786
 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 
c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 
69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1
 WHIRLPOOL 
4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151
 DIST gnupg-2.1.18.tar.bz2 6308666 SHA256 
d04c6fab7e5562ce4b915b22020e34d4c1a256847690cf149842264fc7cef994 SHA512 
b8357f0a883a33c2e4f6ab5a8f5ddb171c899b7a2899e8ce4cac232938fe1dffb789a54980dfc4b758c4cb47f11f1fc570fea905244735048dfc6f06b3353baf
 WHIRLPOOL 
c5f132beb3b454146747fe14cd12576fb4d9a9adb8cfd80fcae4482b111672fd38e412dba72caa75af717069d7182a99c7f30ea03dc9adf190f5aa1f01748247
 DIST gnupg-2.1.19.tar.bz2 6404836 SHA256 
46cced1f5641ce29cc28250f52fadf6e417e649b3bfdec49a5a0d0b22a639bf0 SHA512 
c6d0a2cb7f1f7ce851729559edab08d2356dffe00ee836fc1d71eb4c4e34b566e214a0352934d2985fb0183b9e7ecc1221422d258f3bd467e735c0a5c8a3d0ca
 WHIRLPOOL 
3fd482da52b2d4e6c2b2b8427df6b68fe9df9e49dd53b91d74757b14b7c59ab5697c7f2309283c0d05774c1d405574796a4d0267b9cf85d61aec8b4095addd97
+DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 
24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 
14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9
 WHIRLPOOL 
fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624

diff --git 
a/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
 
b/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
new file mode 100644
index 000..dd75e3a5e96
--- /dev/null
+++ 
b/app-crypt/gnupg/files/gnupg-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
@@ -0,0 +1,33 @@
+From e3bdb7d17264b8d5bd9abab97c96d9c4a50e4f61 Mon Sep 17 00:00:00 2001
+From: Kristian Fiskerstrand 
+Date: Mon, 3 Apr 2017 23:44:56 +0300
+Subject: [PATCH] gpgscm: Use shorter socket path lengts to improve test
+ reliability
+
+--
+As socket lengths are normally restricted to 108 characters
+(UNIX_PATH_MAX variable in /usr/include/linux/un.h), using 42 characters
+by default easily results in errors.
+---
+ tests/gpgscm/tests.scm | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm
+index 592b36f..f54a387 100644
+--- a/tests/gpgscm/tests.scm
 b/tests/gpgscm/tests.scm
+@@ -273,9 +273,9 @@
+   (canonical-path (_mkdtemp (if (null? components)
+   (path-join
+(get-temp-path)
+-   (string-append "gpgscm-" (get-isotime) "-"
++   (string-append "gscm"
+   (basename-suffix *scriptname* 
".scm")
+-  "-XX"))
++  "XX"))
+   (apply path-join components)
+ 
+ ;; Make a temporary directory and remove it at interpreter shutdown.
+-- 
+2.10.2
+

diff --git a/app-crypt/gnupg/gnupg-2.1.20.ebuild 
b/app-crypt/gnupg/gnupg-2.1.20.ebuild
new file mode 100644
index 000..86bb2664662
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.20.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/;
+LICENSE="GPL-3"
+
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux 
~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris 
~sparc64-solaris ~x64-solaris ~x86-solaris"
+
+SLOT="0"
+IUSE="bzip2 doc +gnutls

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2017-03-06 Thread Kristian Fiskerstrand 
commit: 0e19c5dd1d374ec4a07c9dfed5759df0dcf05c94
Author: Kristian Fiskerstrand  gentoo  org>
AuthorDate: Mon Mar  6 22:33:50 2017 +
Commit: Kristian Fiskerstrand  gentoo  org>
CommitDate: Mon Mar  6 22:34:06 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e19c5dd

app-crypt/gnupg: Fix broken ssh without smartcard USE flag

Gentoo-Bug: 611544

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 .../gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch |  85 ++
 app-crypt/gnupg/gnupg-2.1.19-r1.ebuild | 124 +
 2 files changed, 209 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch 
b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch
new file mode 100644
index 000..14d5444f3a0
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch
@@ -0,0 +1,85 @@
+From 4ce4f2f683a17be3ddb93729f3f25014a97934ad Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Mon, 6 Mar 2017 10:26:11 +0900
+Subject: [PATCH 1/1] agent: For SSH, robustly handling scdaemon's errors.
+
+* agent/command-ssh.c (card_key_list): Return 0 when
+agent_card_serialno returns an error.
+(ssh_handler_request_identities): Handle errors for card listing
+and proceed to other cases.
+--
+
+GnuPG-bug-id: 2980
+
+Signed-off-by: NIIBE Yutaka 
+---
+ agent/command-ssh.c | 19 +--
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/agent/command-ssh.c b/agent/command-ssh.c
+index 79b8f85..3ab41cf 100644
+--- a/agent/command-ssh.c
 b/agent/command-ssh.c
+@@ -2393,13 +2393,12 @@ card_key_list (ctrl_t ctrl, char **r_serialno, 
strlist_t *result)
+   err = agent_card_serialno (ctrl, r_serialno, NULL);
+   if (err)
+ {
+-  if (gpg_err_code (err) == GPG_ERR_ENODEV)
+-return 0;   /* Nothing available.  */
+-
+-  if (opt.verbose)
++  if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose)
+ log_info (_("error getting serial number of card: %s\n"),
+   gpg_strerror (err));
+-  return err;
++
++  /* Nothing available.  */
++  return 0;
+ }
+ 
+   err = agent_card_cardlist (ctrl, result);
+@@ -2568,7 +2567,6 @@ ssh_handler_request_identities (ctrl_t ctrl,
+   gpg_error_t err;
+   int ret;
+   ssh_control_file_t cf = NULL;
+-  char *cardsn;
+   gpg_error_t ret_err;
+ 
+   (void)request;
+@@ -2601,21 +2599,21 @@ ssh_handler_request_identities (ctrl_t ctrl,
+   if (opt.verbose)
+ log_info (_("error getting list of cards: %s\n"),
+   gpg_strerror (err));
+-  goto out;
++  goto scd_out;
+ }
+ 
+   for (sl = card_list; sl; sl = sl->next)
+ {
+   char *serialno0;
++  char *cardsn;
++
+   err = agent_card_serialno (ctrl, , sl->d);
+   if (err)
+ {
+   if (opt.verbose)
+ log_info (_("error getting serial number of card: %s\n"),
+   gpg_strerror (err));
+-  xfree (serialno);
+-  free_strlist (card_list);
+-  goto out;
++  continue;
+ }
+ 
+   xfree (serialno0);
+@@ -2640,6 +2638,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
+   free_strlist (card_list);
+ }
+ 
++ scd_out:
+   /* Then look at all the registered and non-disabled keys. */
+   err = open_control_file (, 0);
+   if (err)
+-- 
+2.8.0.rc3
+

diff --git a/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild 
b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild
new file mode 100644
index 000..05ee0b7cbce
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.19-r1.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/;
+LICENSE="GPL-3"
+
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux 
~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris 
~x64-solaris ~x86-solaris"
+
+SLOT="0"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb 
wks-server"
+
+COMMON_DEPEND_LIBS="
+   >=dev-libs/npth-1.2
+   >=dev-libs/libassuan-2.4.3
+   >=dev-libs/libgcrypt-1.7.3
+   >=dev-libs/libgpg-error-1.24
+   >=dev-libs/libksba-1.3.4
+   >=net-misc/curl-7.10
+   gnutls? ( >=net-libs/gnutls-3.0:0= )
+   sys-libs/zlib
+   ldap? ( net-nds/openldap )
+   bzip2? ( app-arch/bzip2 )
+   readline? ( sys-libs/readline:0= )
+   smartcard? ( usb? ( virtual/libusb:0 ) )
+   tofu? ( >=dev-db/sqlite-3.7 )
+   "
+COMMON_DEPEND_BINS="app-crypt/pinentry

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2017-03-02 Thread Fabian Groffen 
commit: 83e4182537a4a1950cab2da490403c848ebd4edd
Author: Fabian Groffen  gentoo  org>
AuthorDate: Thu Mar  2 10:06:13 2017 +
Commit: Fabian Groffen  gentoo  org>
CommitDate: Thu Mar  2 10:06:40 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83e41825

app-crypt/gnupg: fix compilation on Solaris

Package-Manager: Portage-2.3.4-prefix, Repoman-2.3.2

 .../gnupg/files/gnupg-2.1.19-solaris-ucred.patch  | 19 +++
 app-crypt/gnupg/gnupg-2.1.19.ebuild   |  1 +
 2 files changed, 20 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch 
b/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch
new file mode 100644
index 000..aefce5e8256
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch
@@ -0,0 +1,19 @@
+command-ssh: include ucred.h
+
+In order to use ucred() when HAVE_SO_PEERCRED is defined, ucred.h needs
+to be included on Solaris.
+
+https://bugs.gnupg.org/gnupg/issue2981
+
+--- a/agent/command-ssh.c
 b/agent/command-ssh.c
+@@ -40,6 +40,9 @@
+ #include 
+ #include 
+ #include 
++#ifdef HAVE_UCRED_H
++#include 
++#endif
+ 
+ #include "agent.h"
+ 

diff --git a/app-crypt/gnupg/gnupg-2.1.19.ebuild 
b/app-crypt/gnupg/gnupg-2.1.19.ebuild
index ad3a2fa22ba..9eb3471d66f 100644
--- a/app-crypt/gnupg/gnupg-2.1.19.ebuild
+++ b/app-crypt/gnupg/gnupg-2.1.19.ebuild
@@ -54,6 +54,7 @@ DOCS=(
 
 PATCHES=(

"${FILESDIR}/${PN}-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+   "${FILESDIR}"/${P}-solaris-ucred.patch
 )
 
 src_configure() {

[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/

2016-05-19 Thread Kristian Fiskerstrand 
commit: eb73332ccf12be2ec981ddb7e27f20790e13a92c
Author: Kristian Fiskerstrand  gentoo  org>
AuthorDate: Thu May 19 21:04:12 2016 +
Commit: Kristian Fiskerstrand  gentoo  org>
CommitDate: Thu May 19 21:06:36 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb73332c

app-crypt/gnupg: New upstream version 2.1.12

Fixes;
Gentoo-Bug: 573930
Gentoo-Bug: 575798
Gentoo-Bug: 581966

Package-Manager: portage-2.2.28

 app-crypt/gnupg/Manifest   |   1 +
 .../files/gnupg-2.1-fix-gentoo-dash-issue.patch|  12 ++
 .../gnupg-2.1.12-fix-signature-checking.patch  |  50 +++
 app-crypt/gnupg/gnupg-2.1.12.ebuild| 159 +
 4 files changed, 222 insertions(+)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 1e455b3..3c18723 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -6,4 +6,5 @@ DIST gnupg-2.0.29.tar.bz2 4416251 SHA256 
68ed6b386ba78425b05a60e8ee22785ff0fef19
 DIST gnupg-2.0.30.tar.bz2 4414652 SHA256 
e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 SHA512 
e60a57f7dc74b44f884fd50d5a9c51cef7df8c098644ebab9ef7d945a40b0e4a285d0dc80b10fe39d8e4c2cc9d6cbbe800a0ddae54883180dc755fe47ced3314
 WHIRLPOOL 
007315882becc1204edf6833a13610284ce7e1c73429fc3b4170c35ba61c645299f811f01b1bc0506b1cf94ce0de23af4cea33f51cf97397ec61caa15ce3ac6c
 DIST gnupg-2.1.10.tar.bz2 5173253 SHA256 
93bd58d81771a4fa488566e5d2e13b1fd7afc86789401eb41731882abfd26cf9 SHA512 
ceea93a7e7d30e07839bcc52d4246fd5be1ec81a8c4d4d62059e2b0c0e58fab07a1531016f82bcc506340653d66c73541dd3f5897df7691abeb4068d94957003
 WHIRLPOOL 
01f92f6020b79b373d4d6879cc39913c575c67a52c1bd425770322de0ce5a9fbd796d800cbb41a15553fd30a6c8f85a794e0b4c09420a2b49f6cb0542cdb52fb
 DIST gnupg-2.1.11.tar.bz2 5224007 SHA256 
b7b0fb2c8c5d47d7ec916d4a1097c0ddcb94a12bb1c0ac424ad86b1ee316b61a SHA512 
b39f3fb461ad879b1909808434c4b03dab4d1d79aa674fbc88e3d50960184c0c25a840206ff32b760672f1b2153253f4d7a88eb726d8662f629fa04b6739ad31
 WHIRLPOOL 
486d623e73172a6d7dc7a6e4a5b411e70e0002a960f0398833377b8e8d79e5456a73f945db7c8bbca6ff7fd33fbfb49ca587e3a393094ce0a16d86cd906f7f09
+DIST gnupg-2.1.12.tar.bz2 5510723 SHA256 
ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506 SHA512 
fdf24d4980ba4011840fd2316a856db2bf50e531071c2bfb899af2b4f5580a9f2992f85a451670a7121d04b608bfb147cefdca1c6f6eb55bc23ecfe5052639e6
 WHIRLPOOL 
ee5a748afee3aa4f8318c1bc1bcbd09232a71853291211f3c5cd8cc44fb70d126185ae9c13086247cd22a9b13c2102f4fa0553e25496c5152f2ce34dc2505d10
 DIST gnupg-2.1.9.tar.bz2 4925167 SHA256 
1cb7633a57190beb66f9249cb7446603229b273d4d89331b75c652fa4a29f7b6 SHA512 
c19b8cac42b7060caada230b77f36a0b0ed0a05efd519818c5b4057ef0fcb16602f2f3ade2409de2ef353a9e2acc3e5fa106a4449c6929a36a599a82194c0ee0
 WHIRLPOOL 
105b83e82330a00084a0e9f3d96c8788ac2c9e7831beea0ea42786df4e378dc9e8f2c1a31f12af9c53d363aa71810cd231afdf8f20eab424fea5f59b103033a9

diff --git a/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch 
b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch
new file mode 100644
index 000..6878ef1
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch
@@ -0,0 +1,12 @@
+diff -Naur tests.old/openpgp/mds.test tests/openpgp/mds.test
+--- tests.old/openpgp/mds.test 2016-05-03 13:13:11.373313389 +0200
 tests/openpgp/mds.test 2016-05-03 13:13:31.886755059 +0200
+@@ -63,7 +63,7 @@
+ 
+ [ "$failed" != "" ] && error "$failed failed for empty string"
+ 
+-echo_n "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
++printf "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
+ if have_hash_algo "MD5"; then
+   test_one ":1:""C3FCD3D76192E4007DFB496CCA67E13B"
+ fi

diff --git a/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch 
b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch
new file mode 100644
index 000..debf0bb
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch
@@ -0,0 +1,50 @@
+From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka 
+Date: Wed, 11 May 2016 19:27:03 +0900
+Subject: [PATCH 1/1] g10: Fix signature checking.
+
+* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
+walk_kbnode.
+
+--
+
+Thanks to Vincent Brillault (Feandil).
+
+GnuPG-bug-id: 2351
+Signed-off-by: NIIBE Yutaka 
+---
+ g10/sig-check.c | 13 +
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/g10/sig-check.c b/g10/sig-check.c
+index 290f19a..7000b48 100644
+--- a/g10/sig-check.c
 b/g10/sig-check.c
+@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
+ *is_selfsig = 1;
+ }
+   else
+-/* See if one of the subkeys was the signer (although this is
+-   extremely unlikely).  */
+ {
+   kbnode_t ctx = NULL;
+   kbnode_t n;
+ 
+-  while ((n