summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlon Bar-Lev <alonbl@gentoo.org>2013-10-07 19:19:58 +0000
committerAlon Bar-Lev <alonbl@gentoo.org>2013-10-07 19:19:58 +0000
commita20eefd9b9e48ae165fbe33d11ab1a11f13d61a0 (patch)
treed0e244da8fff0cf6d863e911b7501da0b276554a /app-crypt
parentAdd pypy2_0 support for bug #474644 (diff)
downloadgentoo-2-a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0.tar.gz
gentoo-2-a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0.tar.bz2
gentoo-2-a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0.zip
Version bump, fix bug#487230
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key BF20DC51)
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/gnupg/ChangeLog10
-rw-r--r--app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch69
-rw-r--r--app-crypt/gnupg/gnupg-1.4.15.ebuild124
-rw-r--r--app-crypt/gnupg/gnupg-2.0.21.ebuild151
-rw-r--r--app-crypt/gnupg/gnupg-2.0.22.ebuild (renamed from app-crypt/gnupg/gnupg-2.0.21-r2.ebuild)3
5 files changed, 134 insertions, 223 deletions
diff --git a/app-crypt/gnupg/ChangeLog b/app-crypt/gnupg/ChangeLog
index 6b30aea95fbf..981337275a68 100644
--- a/app-crypt/gnupg/ChangeLog
+++ b/app-crypt/gnupg/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for app-crypt/gnupg
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/ChangeLog,v 1.488 2013/10/04 22:24:40 alonbl Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/ChangeLog,v 1.489 2013/10/07 19:19:58 alonbl Exp $
+
+*gnupg-2.0.22 (07 Oct 2013)
+*gnupg-1.4.15 (07 Oct 2013)
+
+ 07 Oct 2013; Alon Bar-Lev <alonbl@gentoo.org> +gnupg-1.4.15.ebuild,
+ +gnupg-2.0.22.ebuild, -files/gnupg-2.0.21-CVE-2013-4351.patch,
+ -gnupg-2.0.21-r2.ebuild, -gnupg-2.0.21.ebuild:
+ Version bump, fix bug#487230
*gnupg-2.0.21-r2 (04 Oct 2013)
diff --git a/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch b/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch
deleted file mode 100644
index 13ef0b7cfcc5..000000000000
--- a/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 4bde12206c5bf199dc6e12a74af8da4558ba41bf Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Fri, 15 Mar 2013 15:46:03 +0100
-Subject: [PATCH] gpg: Distinguish between missing and cleared key flags.
-
-* include/cipher.h (PUBKEY_USAGE_NONE): New.
-* g10/getkey.c (parse_key_usage): Set new flag.
---
-
-We do not want to use the default capabilities (derived from the
-algorithm) if any key flags are given in a signature. Thus if key
-flags are used in any way, the default key capabilities are never
-used.
-
-This allows to create a key with key flags set to all zero so it can't
-be used. This better reflects common sense.
----
- g10/getkey.c | 8 +++++++-
- include/cipher.h | 7 ++++++-
- 2 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/g10/getkey.c b/g10/getkey.c
-index 9294273..8cc5601 100644
---- a/g10/getkey.c
-+++ b/g10/getkey.c
-@@ -1276,13 +1276,19 @@ parse_key_usage (PKT_signature * sig)
-
- if (flags)
- key_usage |= PUBKEY_USAGE_UNKNOWN;
-+
-+ if (!key_usage)
-+ key_usage |= PUBKEY_USAGE_NONE;
- }
-+ else if (p) /* Key flags of length zero. */
-+ key_usage |= PUBKEY_USAGE_NONE;
-
- /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
- capability that we do not handle. This serves to distinguish
- between a zero key usage which we handle as the default
- capabilities for that algorithm, and a usage that we do not
-- handle. */
-+ handle. Likewise we use PUBKEY_USAGE_NONE to indicate that
-+ key_flags have been given but they do not specify any usage. */
-
- return key_usage;
- }
-diff --git a/include/cipher.h b/include/cipher.h
-index 191e197..557ab70 100644
---- a/include/cipher.h
-+++ b/include/cipher.h
-@@ -54,9 +54,14 @@
-
- #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */
- #define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */
--#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys. */
-+#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys.*/
- #define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */
- #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */
-+#define PUBKEY_USAGE_NONE 256 /* No usage given. */
-+#if (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \
-+ | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256
-+# error Please choose another value for PUBKEY_USAGE_NONE
-+#endif
-
- #define DIGEST_ALGO_MD5 /* 1 */ GCRY_MD_MD5
- #define DIGEST_ALGO_SHA1 /* 2 */ GCRY_MD_SHA1
---
-1.7.2.5
-
diff --git a/app-crypt/gnupg/gnupg-1.4.15.ebuild b/app-crypt/gnupg/gnupg-1.4.15.ebuild
new file mode 100644
index 000000000000..3fb8f8372b54
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-1.4.15.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-1.4.15.ebuild,v 1.1 2013/10/07 19:19:58 alonbl Exp $
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+ECCVER="0.2.0"
+ECCVER_GNUPG="1.4.9"
+ECC_PATCH="${PN}-${ECCVER_GNUPG}-ecc${ECCVER}.diff"
+MY_P=${P/_/}
+
+DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-macos"
+IUSE="bzip2 curl ldap mta nls readline selinux smartcard static usb zlib linguas_ru"
+
+COMMON_DEPEND="
+ ldap? ( net-nds/openldap )
+ bzip2? ( app-arch/bzip2 )
+ zlib? ( sys-libs/zlib )
+ curl? ( net-misc/curl )
+ mta? ( virtual/mta )
+ readline? ( sys-libs/readline )
+ smartcard? ( =virtual/libusb-0* )
+ usb? ( =virtual/libusb-0* )"
+
+RDEPEND="!static? ( ${COMMON_DEPEND} )
+ selinux? ( sec-policy/selinux-gpg )
+ nls? ( virtual/libintl )"
+
+DEPEND="${COMMON_DEPEND}
+ dev-lang/perl
+ nls? ( sys-devel/gettext )"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+ # Install RU man page in right location
+ sed -e "/^man_MANS =/s/ gpg\.ru\.1//" -i doc/Makefile.in || die "sed doc/Makefile.in failed"
+
+ # bug#469388
+ sed -i -e 's/--batch --dearmor/--homedir . --batch --dearmor/' checks/Makefile.in
+
+ # Fix PIC definitions
+ sed -i -e 's:PIC:__PIC__:' mpi/i386/mpih-{add,sub}1.S intl/relocatable.c \
+ || die "sed PIC failed"
+ sed -i -e 's:if PIC:ifdef __PIC__:' mpi/sparc32v8/mpih-mul{1,2}.S || \
+ die "sed PIC failed"
+}
+
+src_configure() {
+ # Certain sparc32 machines seem to have trouble building correctly with
+ # -mcpu enabled. While this is not a gnupg problem, it is a temporary
+ # fix until the gcc problem can be tracked down.
+ if [ "${ARCH}" == "sparc" ] && [ "${PROFILE_ARCH}" == "sparc" ]; then
+ filter-flags -mcpu=supersparc -mcpu=v8 -mcpu=v7
+ fi
+
+ # 'USE=static' support was requested in #29299
+ use static && append-ldflags -static
+
+ econf \
+ --docdir="${EPREFIX}/usr/share/doc/${PF}" \
+ $(use_enable ldap) \
+ $(use_enable mta mailto) \
+ --enable-hkp \
+ --enable-finger \
+ $(use_with !zlib included-zlib) \
+ $(use_with curl libcurl /usr) \
+ $(use_enable nls) \
+ $(use_enable bzip2) \
+ $(use_enable smartcard card-support) \
+ $(use_enable selinux selinux-support) \
+ --without-capabilities \
+ $(use_with readline) \
+ $(use_with usb libusb /usr) \
+ --enable-static-rnd=linux \
+ --libexecdir="${EPREFIX}/usr/libexec" \
+ --enable-noexecstack \
+ CC_FOR_BUILD=$(tc-getBUILD_CC) \
+ ${myconf}
+}
+
+src_install() {
+ default
+
+ # keep the documentation in /usr/share/doc/...
+ rm -rf "${ED}usr/share/gnupg/FAQ" "${ED}usr/share/gnupg/faq.html" || die
+
+ dodoc AUTHORS BUGS ChangeLog NEWS PROJECTS README THANKS \
+ TODO VERSION doc/{FAQ,HACKING,DETAILS,OpenPGP}
+
+ exeinto /usr/libexec/gnupg
+ doexe tools/make-dns-cert
+
+ # install RU documentation in right location
+ if use linguas_ru; then
+ cp doc/gpg.ru.1 "${T}/gpg.1" || die
+ doman -i18n=ru "${T}/gpg.1"
+ fi
+}
+
+pkg_postinst() {
+ ewarn "If you are using a non-Linux system, or a kernel older than 2.6.9,"
+ ewarn "you MUST make the gpg binary setuid."
+ echo
+# if use !bindist && use ecc; then
+# ewarn
+# ewarn "The elliptical curves patch is experimental"
+# ewarn "Further info available at http://alumnes.eps.udl.es/%7Ed4372211/index.en.html"
+# fi
+ elog
+ elog "See http://www.gentoo.org/doc/en/gnupg-user.xml for documentation on gnupg"
+ elog
+ elog "If you wish to view images emerge:"
+ elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
+ elog "Remember to use photo-viewer option in configuration file to activate the right viewer"
+}
diff --git a/app-crypt/gnupg/gnupg-2.0.21.ebuild b/app-crypt/gnupg/gnupg-2.0.21.ebuild
deleted file mode 100644
index 028487ea996f..000000000000
--- a/app-crypt/gnupg/gnupg-2.0.21.ebuild
+++ /dev/null
@@ -1,151 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.21.ebuild,v 1.1 2013/08/19 16:55:43 radhermit Exp $
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement"
-HOMEPAGE="http://www.gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
-# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="adns bzip2 doc ldap nls mta readline static selinux smartcard usb"
-
-COMMON_DEPEND_LIBS="
- >=dev-libs/libassuan-2
- >=dev-libs/libgcrypt-1.4
- >=dev-libs/libgpg-error-1.11
- >=dev-libs/libksba-1.0.7
- >=dev-libs/pth-1.3.7
- >=net-misc/curl-7.10
- sys-libs/zlib
- adns? ( >=net-libs/adns-1.4 )
- bzip2? ( app-arch/bzip2 )
- readline? ( sys-libs/readline )
- smartcard? ( usb? ( virtual/libusb:0 ) )
- ldap? ( net-nds/openldap )"
-COMMON_DEPEND_BINS="|| ( app-crypt/pinentry app-crypt/pinentry-qt )"
-
-# Existence of executables is checked during configuration.
-DEPEND="${COMMON_DEPEND_LIBS}
- ${COMMON_DEPEND_BINS}
- static? (
- >=dev-libs/libassuan-2[static-libs]
- >=dev-libs/libgcrypt-1.4[static-libs]
- >=dev-libs/libgpg-error-1.7[static-libs]
- >=dev-libs/libksba-1.0.7[static-libs]
- >=dev-libs/pth-1.3.7[static-libs]
- >=net-misc/curl-7.10[static-libs]
- sys-libs/zlib[static-libs]
- bzip2? ( app-arch/bzip2[static-libs] )
- )
- nls? ( sys-devel/gettext )
- doc? ( sys-apps/texinfo )"
-
-RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
- ${COMMON_DEPEND_BINS}
- mta? ( virtual/mta )
- !<=app-crypt/gnupg-2.0.1
- selinux? ( sec-policy/selinux-gpg )
- nls? ( virtual/libintl )"
-
-REQUIRED_USE="smartcard? ( !static )"
-
-src_prepare() {
- epatch "${FILESDIR}"/${PN}-2.0.17-gpgsm-gencert.patch
-}
-
-src_configure() {
- local myconf
-
- # 'USE=static' support was requested:
- # gnupg1: bug #29299
- # gnupg2: bug #159623
- use static && append-ldflags -static
-
- if use smartcard; then
- myconf+=" --enable-scdaemon $(use_enable usb ccid-driver)"
- else
- myconf+=" --disable-scdaemon"
- fi
-
- econf \
- --docdir="${EPREFIX}/usr/share/doc/${PF}" \
- --enable-gpg \
- --enable-gpgsm \
- --enable-agent \
- ${myconf} \
- $(use_with adns) \
- $(use_enable bzip2) \
- $(use_enable !elibc_SunOS symcryptrun) \
- $(use_enable nls) \
- $(use_enable mta mailto) \
- $(use_enable ldap) \
- $(use_with readline) \
- CC_FOR_BUILD="$(tc-getBUILD_CC)"
-}
-
-src_compile() {
- emake
-
- if use doc; then
- cd doc
- emake html
- fi
-}
-
-src_install() {
- emake DESTDIR="${D}" install
- emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
- rm "${ED}"/usr/share/gnupg/help* || die
-
- dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
- doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
-
- dosym gpg2 /usr/bin/gpg
- dosym gpgv2 /usr/bin/gpgv
- dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp
- dosym gpg2keys_finger /usr/libexec/gpgkeys_finger
- dosym gpg2keys_curl /usr/libexec/gpgkeys_curl
- if use ldap; then
- dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap
- fi
- echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
- echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
-
- dodir /etc/env.d
- echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
-
- if use doc; then
- dohtml doc/gnupg.html/* doc/*.png
- fi
-}
-
-pkg_postinst() {
- elog "If you wish to view images emerge:"
- elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
- elog "Remember to use photo-viewer option in configuration file to activate"
- elog "the right viewer."
- elog
-
- if use smartcard; then
- elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
- use usb && elog " - a CCID-compatible reader, used directly through libusb;"
- elog " - sys-apps/pcsc-lite and a compatible reader device;"
- elog " - dev-libs/openct and a compatible reader device;"
- elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
- elog ""
- elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
- elog "app-crypt/ccid first."
- fi
-
- ewarn "Please remember to restart gpg-agent if a different version"
- ewarn "of the agent is currently used. If you are unsure of the gpg"
- ewarn "agent you are using please run 'killall gpg-agent',"
- ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
-}
diff --git a/app-crypt/gnupg/gnupg-2.0.21-r2.ebuild b/app-crypt/gnupg/gnupg-2.0.22.ebuild
index 8d095344aa95..06bc2c4f307f 100644
--- a/app-crypt/gnupg/gnupg-2.0.21-r2.ebuild
+++ b/app-crypt/gnupg/gnupg-2.0.22.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.21-r2.ebuild,v 1.1 2013/10/04 22:24:40 alonbl Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.22.ebuild,v 1.1 2013/10/07 19:19:58 alonbl Exp $
EAPI="5"
@@ -58,7 +58,6 @@ REQUIRED_USE="smartcard? ( !static )"
src_prepare() {
epatch "${FILESDIR}/${PN}-2.0.17-gpgsm-gencert.patch"
- epatch "${FILESDIR}/${P}-CVE-2013-4351.patch"
epatch_user
}