diff options
author | Alon Bar-Lev <alonbl@gentoo.org> | 2013-10-07 19:19:58 +0000 |
---|---|---|
committer | Alon Bar-Lev <alonbl@gentoo.org> | 2013-10-07 19:19:58 +0000 |
commit | a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0 (patch) | |
tree | d0e244da8fff0cf6d863e911b7501da0b276554a /app-crypt | |
parent | Add pypy2_0 support for bug #474644 (diff) | |
download | gentoo-2-a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0.tar.gz gentoo-2-a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0.tar.bz2 gentoo-2-a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0.zip |
Version bump, fix bug#487230
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key BF20DC51)
Diffstat (limited to 'app-crypt')
-rw-r--r-- | app-crypt/gnupg/ChangeLog | 10 | ||||
-rw-r--r-- | app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch | 69 | ||||
-rw-r--r-- | app-crypt/gnupg/gnupg-1.4.15.ebuild | 124 | ||||
-rw-r--r-- | app-crypt/gnupg/gnupg-2.0.21.ebuild | 151 | ||||
-rw-r--r-- | app-crypt/gnupg/gnupg-2.0.22.ebuild (renamed from app-crypt/gnupg/gnupg-2.0.21-r2.ebuild) | 3 |
5 files changed, 134 insertions, 223 deletions
diff --git a/app-crypt/gnupg/ChangeLog b/app-crypt/gnupg/ChangeLog index 6b30aea95fbf..981337275a68 100644 --- a/app-crypt/gnupg/ChangeLog +++ b/app-crypt/gnupg/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-crypt/gnupg # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/ChangeLog,v 1.488 2013/10/04 22:24:40 alonbl Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/ChangeLog,v 1.489 2013/10/07 19:19:58 alonbl Exp $ + +*gnupg-2.0.22 (07 Oct 2013) +*gnupg-1.4.15 (07 Oct 2013) + + 07 Oct 2013; Alon Bar-Lev <alonbl@gentoo.org> +gnupg-1.4.15.ebuild, + +gnupg-2.0.22.ebuild, -files/gnupg-2.0.21-CVE-2013-4351.patch, + -gnupg-2.0.21-r2.ebuild, -gnupg-2.0.21.ebuild: + Version bump, fix bug#487230 *gnupg-2.0.21-r2 (04 Oct 2013) diff --git a/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch b/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch deleted file mode 100644 index 13ef0b7cfcc5..000000000000 --- a/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 4bde12206c5bf199dc6e12a74af8da4558ba41bf Mon Sep 17 00:00:00 2001 -From: Werner Koch <wk@gnupg.org> -Date: Fri, 15 Mar 2013 15:46:03 +0100 -Subject: [PATCH] gpg: Distinguish between missing and cleared key flags. - -* include/cipher.h (PUBKEY_USAGE_NONE): New. -* g10/getkey.c (parse_key_usage): Set new flag. --- - -We do not want to use the default capabilities (derived from the -algorithm) if any key flags are given in a signature. Thus if key -flags are used in any way, the default key capabilities are never -used. - -This allows to create a key with key flags set to all zero so it can't -be used. This better reflects common sense. ---- - g10/getkey.c | 8 +++++++- - include/cipher.h | 7 ++++++- - 2 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/g10/getkey.c b/g10/getkey.c -index 9294273..8cc5601 100644 ---- a/g10/getkey.c -+++ b/g10/getkey.c -@@ -1276,13 +1276,19 @@ parse_key_usage (PKT_signature * sig) - - if (flags) - key_usage |= PUBKEY_USAGE_UNKNOWN; -+ -+ if (!key_usage) -+ key_usage |= PUBKEY_USAGE_NONE; - } -+ else if (p) /* Key flags of length zero. */ -+ key_usage |= PUBKEY_USAGE_NONE; - - /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a - capability that we do not handle. This serves to distinguish - between a zero key usage which we handle as the default - capabilities for that algorithm, and a usage that we do not -- handle. */ -+ handle. Likewise we use PUBKEY_USAGE_NONE to indicate that -+ key_flags have been given but they do not specify any usage. */ - - return key_usage; - } -diff --git a/include/cipher.h b/include/cipher.h -index 191e197..557ab70 100644 ---- a/include/cipher.h -+++ b/include/cipher.h -@@ -54,9 +54,14 @@ - - #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */ - #define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */ --#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys. */ -+#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys.*/ - #define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */ - #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */ -+#define PUBKEY_USAGE_NONE 256 /* No usage given. */ -+#if (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \ -+ | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256 -+# error Please choose another value for PUBKEY_USAGE_NONE -+#endif - - #define DIGEST_ALGO_MD5 /* 1 */ GCRY_MD_MD5 - #define DIGEST_ALGO_SHA1 /* 2 */ GCRY_MD_SHA1 --- -1.7.2.5 - diff --git a/app-crypt/gnupg/gnupg-1.4.15.ebuild b/app-crypt/gnupg/gnupg-1.4.15.ebuild new file mode 100644 index 000000000000..3fb8f8372b54 --- /dev/null +++ b/app-crypt/gnupg/gnupg-1.4.15.ebuild @@ -0,0 +1,124 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-1.4.15.ebuild,v 1.1 2013/10/07 19:19:58 alonbl Exp $ + +EAPI="5" + +inherit eutils flag-o-matic toolchain-funcs + +ECCVER="0.2.0" +ECCVER_GNUPG="1.4.9" +ECC_PATCH="${PN}-${ECCVER_GNUPG}-ecc${ECCVER}.diff" +MY_P=${P/_/} + +DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement" +HOMEPAGE="http://www.gnupg.org/" +SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x86-macos" +IUSE="bzip2 curl ldap mta nls readline selinux smartcard static usb zlib linguas_ru" + +COMMON_DEPEND=" + ldap? ( net-nds/openldap ) + bzip2? ( app-arch/bzip2 ) + zlib? ( sys-libs/zlib ) + curl? ( net-misc/curl ) + mta? ( virtual/mta ) + readline? ( sys-libs/readline ) + smartcard? ( =virtual/libusb-0* ) + usb? ( =virtual/libusb-0* )" + +RDEPEND="!static? ( ${COMMON_DEPEND} ) + selinux? ( sec-policy/selinux-gpg ) + nls? ( virtual/libintl )" + +DEPEND="${COMMON_DEPEND} + dev-lang/perl + nls? ( sys-devel/gettext )" + +S="${WORKDIR}/${MY_P}" + +src_prepare() { + # Install RU man page in right location + sed -e "/^man_MANS =/s/ gpg\.ru\.1//" -i doc/Makefile.in || die "sed doc/Makefile.in failed" + + # bug#469388 + sed -i -e 's/--batch --dearmor/--homedir . --batch --dearmor/' checks/Makefile.in + + # Fix PIC definitions + sed -i -e 's:PIC:__PIC__:' mpi/i386/mpih-{add,sub}1.S intl/relocatable.c \ + || die "sed PIC failed" + sed -i -e 's:if PIC:ifdef __PIC__:' mpi/sparc32v8/mpih-mul{1,2}.S || \ + die "sed PIC failed" +} + +src_configure() { + # Certain sparc32 machines seem to have trouble building correctly with + # -mcpu enabled. While this is not a gnupg problem, it is a temporary + # fix until the gcc problem can be tracked down. + if [ "${ARCH}" == "sparc" ] && [ "${PROFILE_ARCH}" == "sparc" ]; then + filter-flags -mcpu=supersparc -mcpu=v8 -mcpu=v7 + fi + + # 'USE=static' support was requested in #29299 + use static && append-ldflags -static + + econf \ + --docdir="${EPREFIX}/usr/share/doc/${PF}" \ + $(use_enable ldap) \ + $(use_enable mta mailto) \ + --enable-hkp \ + --enable-finger \ + $(use_with !zlib included-zlib) \ + $(use_with curl libcurl /usr) \ + $(use_enable nls) \ + $(use_enable bzip2) \ + $(use_enable smartcard card-support) \ + $(use_enable selinux selinux-support) \ + --without-capabilities \ + $(use_with readline) \ + $(use_with usb libusb /usr) \ + --enable-static-rnd=linux \ + --libexecdir="${EPREFIX}/usr/libexec" \ + --enable-noexecstack \ + CC_FOR_BUILD=$(tc-getBUILD_CC) \ + ${myconf} +} + +src_install() { + default + + # keep the documentation in /usr/share/doc/... + rm -rf "${ED}usr/share/gnupg/FAQ" "${ED}usr/share/gnupg/faq.html" || die + + dodoc AUTHORS BUGS ChangeLog NEWS PROJECTS README THANKS \ + TODO VERSION doc/{FAQ,HACKING,DETAILS,OpenPGP} + + exeinto /usr/libexec/gnupg + doexe tools/make-dns-cert + + # install RU documentation in right location + if use linguas_ru; then + cp doc/gpg.ru.1 "${T}/gpg.1" || die + doman -i18n=ru "${T}/gpg.1" + fi +} + +pkg_postinst() { + ewarn "If you are using a non-Linux system, or a kernel older than 2.6.9," + ewarn "you MUST make the gpg binary setuid." + echo +# if use !bindist && use ecc; then +# ewarn +# ewarn "The elliptical curves patch is experimental" +# ewarn "Further info available at http://alumnes.eps.udl.es/%7Ed4372211/index.en.html" +# fi + elog + elog "See http://www.gentoo.org/doc/en/gnupg-user.xml for documentation on gnupg" + elog + elog "If you wish to view images emerge:" + elog "media-gfx/xloadimage, media-gfx/xli or any other viewer" + elog "Remember to use photo-viewer option in configuration file to activate the right viewer" +} diff --git a/app-crypt/gnupg/gnupg-2.0.21.ebuild b/app-crypt/gnupg/gnupg-2.0.21.ebuild deleted file mode 100644 index 028487ea996f..000000000000 --- a/app-crypt/gnupg/gnupg-2.0.21.ebuild +++ /dev/null @@ -1,151 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.21.ebuild,v 1.1 2013/08/19 16:55:43 radhermit Exp $ - -EAPI="5" - -inherit eutils flag-o-matic toolchain-funcs - -DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement" -HOMEPAGE="http://www.gnupg.org/" -SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2" -# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="adns bzip2 doc ldap nls mta readline static selinux smartcard usb" - -COMMON_DEPEND_LIBS=" - >=dev-libs/libassuan-2 - >=dev-libs/libgcrypt-1.4 - >=dev-libs/libgpg-error-1.11 - >=dev-libs/libksba-1.0.7 - >=dev-libs/pth-1.3.7 - >=net-misc/curl-7.10 - sys-libs/zlib - adns? ( >=net-libs/adns-1.4 ) - bzip2? ( app-arch/bzip2 ) - readline? ( sys-libs/readline ) - smartcard? ( usb? ( virtual/libusb:0 ) ) - ldap? ( net-nds/openldap )" -COMMON_DEPEND_BINS="|| ( app-crypt/pinentry app-crypt/pinentry-qt )" - -# Existence of executables is checked during configuration. -DEPEND="${COMMON_DEPEND_LIBS} - ${COMMON_DEPEND_BINS} - static? ( - >=dev-libs/libassuan-2[static-libs] - >=dev-libs/libgcrypt-1.4[static-libs] - >=dev-libs/libgpg-error-1.7[static-libs] - >=dev-libs/libksba-1.0.7[static-libs] - >=dev-libs/pth-1.3.7[static-libs] - >=net-misc/curl-7.10[static-libs] - sys-libs/zlib[static-libs] - bzip2? ( app-arch/bzip2[static-libs] ) - ) - nls? ( sys-devel/gettext ) - doc? ( sys-apps/texinfo )" - -RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} ) - ${COMMON_DEPEND_BINS} - mta? ( virtual/mta ) - !<=app-crypt/gnupg-2.0.1 - selinux? ( sec-policy/selinux-gpg ) - nls? ( virtual/libintl )" - -REQUIRED_USE="smartcard? ( !static )" - -src_prepare() { - epatch "${FILESDIR}"/${PN}-2.0.17-gpgsm-gencert.patch -} - -src_configure() { - local myconf - - # 'USE=static' support was requested: - # gnupg1: bug #29299 - # gnupg2: bug #159623 - use static && append-ldflags -static - - if use smartcard; then - myconf+=" --enable-scdaemon $(use_enable usb ccid-driver)" - else - myconf+=" --disable-scdaemon" - fi - - econf \ - --docdir="${EPREFIX}/usr/share/doc/${PF}" \ - --enable-gpg \ - --enable-gpgsm \ - --enable-agent \ - ${myconf} \ - $(use_with adns) \ - $(use_enable bzip2) \ - $(use_enable !elibc_SunOS symcryptrun) \ - $(use_enable nls) \ - $(use_enable mta mailto) \ - $(use_enable ldap) \ - $(use_with readline) \ - CC_FOR_BUILD="$(tc-getBUILD_CC)" -} - -src_compile() { - emake - - if use doc; then - cd doc - emake html - fi -} - -src_install() { - emake DESTDIR="${D}" install - emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA - rm "${ED}"/usr/share/gnupg/help* || die - - dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \ - doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help* - - dosym gpg2 /usr/bin/gpg - dosym gpgv2 /usr/bin/gpgv - dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp - dosym gpg2keys_finger /usr/libexec/gpgkeys_finger - dosym gpg2keys_curl /usr/libexec/gpgkeys_curl - if use ldap; then - dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap - fi - echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1 - echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1 - - dodir /etc/env.d - echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg - - if use doc; then - dohtml doc/gnupg.html/* doc/*.png - fi -} - -pkg_postinst() { - elog "If you wish to view images emerge:" - elog "media-gfx/xloadimage, media-gfx/xli or any other viewer" - elog "Remember to use photo-viewer option in configuration file to activate" - elog "the right viewer." - elog - - if use smartcard; then - elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of" - use usb && elog " - a CCID-compatible reader, used directly through libusb;" - elog " - sys-apps/pcsc-lite and a compatible reader device;" - elog " - dev-libs/openct and a compatible reader device;" - elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces." - elog "" - elog "General hint: you probably want to try installing sys-apps/pcsc-lite and" - elog "app-crypt/ccid first." - fi - - ewarn "Please remember to restart gpg-agent if a different version" - ewarn "of the agent is currently used. If you are unsure of the gpg" - ewarn "agent you are using please run 'killall gpg-agent'," - ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'." -} diff --git a/app-crypt/gnupg/gnupg-2.0.21-r2.ebuild b/app-crypt/gnupg/gnupg-2.0.22.ebuild index 8d095344aa95..06bc2c4f307f 100644 --- a/app-crypt/gnupg/gnupg-2.0.21-r2.ebuild +++ b/app-crypt/gnupg/gnupg-2.0.22.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.21-r2.ebuild,v 1.1 2013/10/04 22:24:40 alonbl Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.22.ebuild,v 1.1 2013/10/07 19:19:58 alonbl Exp $ EAPI="5" @@ -58,7 +58,6 @@ REQUIRED_USE="smartcard? ( !static )" src_prepare() { epatch "${FILESDIR}/${PN}-2.0.17-gpgsm-gencert.patch" - epatch "${FILESDIR}/${P}-CVE-2013-4351.patch" epatch_user } |