summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2022-07-12 02:27:32 +0100
committerSam James <sam@gentoo.org>2022-07-12 02:27:59 +0100
commit3070f3b4f2d5f3de77046e8594493fb041f86176 (patch)
tree72dde252981fd948bb3ce10b3cc820c0c308770f /app-crypt
parentsys-apps/pciutils: Stabilize 3.8.0-r1 x86, #857717 (diff)
downloadgentoo-3070f3b4f2d5f3de77046e8594493fb041f86176.tar.gz
gentoo-3070f3b4f2d5f3de77046e8594493fb041f86176.tar.bz2
gentoo-3070f3b4f2d5f3de77046e8594493fb041f86176.zip
app-crypt/gnupg: add 2.3.7
Note that CVE-2022-34903 was already fixed in 2.4.6-r1 in Gentoo. Bug: https://bugs.gentoo.org/855395 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/gnupg/Manifest2
-rw-r--r--app-crypt/gnupg/gnupg-2.3.7.ebuild164
2 files changed, 166 insertions, 0 deletions
diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index d4f77eb84e76..d22a5169291e 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -4,3 +4,5 @@ DIST gnupg-2.2.36.tar.bz2 7273805 BLAKE2B 82f26f48380632ddffedacb5e7cff653aec7be
DIST gnupg-2.2.36.tar.bz2.sig 119 BLAKE2B ad6dc03c34f6c0d13080ef0bdea2db152c12ea4f129783ba1b0b7f237965b8eeec22b2e79fcf42657dafdd20cae558d781b07378bed78386979a0b4c4ef4a49b SHA512 4ad3f9041aa1fbffaab3cc4aa0df038a67dc8eb200492cdd96259dcf1e0005cb39d6e6245280f1a2a8d4db9f686381e2b0f5bb80c412edbdbcb3fc11dca044c5
DIST gnupg-2.3.6.tar.bz2 7604761 BLAKE2B 6cbc749156c50b6633c126cde621271c6c9682a04efea51fbc5a2e92ee56493e8348814391ee0c337adcb4de4dd23293b9592db78998626905038c859ac4af6e SHA512 4540e8d2be836b491918f4987ba301a73fcdc4539b1f9abf6112a74c2d39c0e5dc3f17511212bac1dd7fd0594feecd91f95ecf78d4b2c1e70e818342a1802b85
DIST gnupg-2.3.6.tar.bz2.sig 119 BLAKE2B c7d4cdc81580b8b1e56c7bc83236d65c9d2c1bab2d210d14a0d3c58f635d656c9b449ef9596b9601027cb891bd437cc8f2a63eb3c17742c288531511984fba7f SHA512 85d155f9809c8d0f38723d8622c085e421531c016d19fcce2ae34dc9a4aeac0bc1895f7a094ee9cdf69a15b426fb0d72ee53319fe0a05665c92caa0e950c1797
+DIST gnupg-2.3.7.tar.bz2 7599853 BLAKE2B 3e9e33c8357222f42cc0e2af538e9f1f1f0453f35d790aaadf47ce9df24229efa91457b6014b34f19084448a3a6603c82e7d07714b89a68c6a84a08af6fa0e02 SHA512 c7fe169050ef17051cdaac9ad476e7ea792483baad1208fc359d568fa9e138d920ecaa2cd9cae73b20f5472a7d8ca6540a62062ff7a06055cc656b0eb4b917b9
+DIST gnupg-2.3.7.tar.bz2.sig 119 BLAKE2B c2652adf203bc828ed0aaf778542e990028156c16b435cd35aa6fe57ca0a5b798087c98e16589685c8ab9b8b92e16c3f7d4da56a4b1209b9adf2c24ea548ae6e SHA512 0257034b3e7ac390dadb151c656ff59822dacedaddca4ad6b5980b3e03a468ada47553e6a1fcff6a12c64ae2f9c15b245df855cd424b010041df8daaaab9a1b8
diff --git a/app-crypt/gnupg/gnupg-2.3.7.ebuild b/app-crypt/gnupg/gnupg-2.3.7.ebuild
new file mode 100644
index 000000000000..6f376da7aafd
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.3.7.ebuild
@@ -0,0 +1,164 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gnupg.asc
+inherit flag-o-matic systemd toolchain-funcs verify-sig
+
+MY_P="${P/_/-}"
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="https://gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="test? ( tofu )"
+
+# Existence of executables is checked during configuration.
+# Note: On each bump, update dep bounds on each version from configure.ac!
+DEPEND=">=dev-libs/libassuan-2.5.0
+ >=dev-libs/libgcrypt-1.9.1:=
+ >=dev-libs/libgpg-error-1.41
+ >=dev-libs/libksba-1.3.4
+ >=dev-libs/npth-1.2
+ >=net-misc/curl-7.10
+ sys-libs/zlib
+ bzip2? ( app-arch/bzip2 )
+ ldap? ( net-nds/openldap:= )
+ readline? ( sys-libs/readline:0= )
+ smartcard? ( usb? ( virtual/libusb:1 ) )
+ tofu? ( >=dev-db/sqlite-3.27 )
+ tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
+ ssl? ( >=net-libs/gnutls-3.0:0= )
+"
+
+RDEPEND="${DEPEND}
+ app-crypt/pinentry
+ nls? ( virtual/libintl )
+ selinux? ( sec-policy/selinux-gpg )
+ wks-server? ( virtual/mta )"
+
+BDEPEND="virtual/pkgconfig
+ doc? ( sys-apps/texinfo )
+ nls? ( sys-devel/gettext )
+ verify-sig? ( sec-keys/openpgp-keys-gnupg )"
+
+DOCS=(
+ ChangeLog NEWS README THANKS TODO VERSION
+ doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+)
+
+src_prepare() {
+ default
+
+ # Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
+ # idea borrowed from libdbus, see
+ # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
+ #
+ # This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
+ # which in turn requires discovery in Autoconf, something that upstream deeply resents.
+ sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
+ -i doc/examples/systemd-user/gpg-agent-ssh.socket || die
+}
+
+src_configure() {
+ local myconf=(
+ $(use_enable bzip2)
+ $(use_enable nls)
+ $(use_enable smartcard scdaemon)
+ $(use_enable ssl gnutls)
+ $(use_enable test all-tests)
+ $(use_enable test tests)
+ $(use_enable tofu)
+ $(use_enable tofu keyboxd)
+ $(use_enable tofu sqlite)
+ $(usex tpm '--with-tss=intel' '--disable-tpm2d')
+ $(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
+ $(use_enable wks-server wks-tools)
+ $(use_with ldap)
+ $(use_with readline)
+ --with-mailprog=/usr/libexec/sendmail
+ --disable-ntbtls
+ --enable-gpgsm
+ --enable-large-secmem
+
+ CC_FOR_BUILD="$(tc-getBUILD_CC)"
+ GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
+ KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
+ LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
+ LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
+ NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
+
+ $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
+ )
+
+ if use prefix && use usb; then
+ # bug #649598
+ append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
+ fi
+
+ # bug #663142
+ if use user-socket; then
+ myconf+=( --enable-run-gnupg-user-socket )
+ fi
+
+ # glib fails and picks up clang's internal stdint.h causing weird errors
+ tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
+
+ # Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
+ # As of GnuPG 2.3, the mailprog substitution is used for the binary called
+ # by wks-client & wks-server; and if it's autodetected but not not exist at
+ # build time, then then 'gpg-wks-client --send' functionality will not
+ # work. This has an unwanted side-effect in stage3 builds: there was a
+ # [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
+ # the build where the install guide previously make the user chose the
+ # logger & mta early in the install.
+
+ econf "${myconf[@]}"
+}
+
+src_compile() {
+ default
+
+ use doc && emake -C doc html
+}
+
+src_test() {
+ # bug #638574
+ use tofu && export TESTFLAGS=--parallel
+
+ default
+}
+
+src_install() {
+ default
+
+ use tools &&
+ dobin \
+ tools/{convert-from-106,gpg-check-pattern} \
+ tools/{gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+ tools/make-dns-cert
+
+ dosym gpg /usr/bin/gpg2
+ dosym gpgv /usr/bin/gpgv2
+ echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
+ echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
+
+ dodir /etc/env.d
+ echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
+
+ use doc && dodoc doc/gnupg.html/* doc/*.png
+
+ systemd_douserunit doc/examples/systemd-user/*.{service,socket}
+}