From 414bd92640b80d497ef0059b1790386ca4bfc046 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 1 Jul 2024 07:12:12 +0000 Subject: [PATCH] app-crypt/gnupg: Sync with Gentoo It's from Gentoo commit c8202ae0645d8114c54bdf74e57e1151a2826390. --- .../portage-stable/app-crypt/gnupg/Manifest | 6 +- .../files/gnupg-2.4.4-dirmngr-proxy.patch | 202 ------------------ .../files/gnupg-2.4.5-revert-rfc4880bis.patch | 196 +++++++++++++++++ ....2.42-r3.ebuild => gnupg-2.2.42-r4.ebuild} | 2 +- ....2.42-r2.ebuild => gnupg-2.2.43-r1.ebuild} | 7 +- ...-2.4.4-r1.ebuild => gnupg-2.4.5-r1.ebuild} | 3 +- ...upg-2.4.5.ebuild => gnupg-2.4.5-r2.ebuild} | 3 +- 7 files changed, 206 insertions(+), 213 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch rename sdk_container/src/third_party/portage-stable/app-crypt/gnupg/{gnupg-2.2.42-r3.ebuild => gnupg-2.2.42-r4.ebuild} (99%) rename sdk_container/src/third_party/portage-stable/app-crypt/gnupg/{gnupg-2.2.42-r2.ebuild => gnupg-2.2.43-r1.ebuild} (95%) rename sdk_container/src/third_party/portage-stable/app-crypt/gnupg/{gnupg-2.4.4-r1.ebuild => gnupg-2.4.5-r1.ebuild} (98%) rename sdk_container/src/third_party/portage-stable/app-crypt/gnupg/{gnupg-2.4.5.ebuild => gnupg-2.4.5-r2.ebuild} (98%) diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/Manifest index 3a24371b36..59f7652f5a 100644 --- a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/Manifest +++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/Manifest @@ -1,6 +1,6 @@ DIST gnupg-2.2.42.tar.bz2 7434291 BLAKE2B 5f7f01f31949e5258d638fbff81fa641e5c167e6eaf32c55eb187d4a31b31cd4fe6e51c622e74d8544c4f95c75484e15117f26a8cf26055ff6813d75e54f2b8a SHA512 9c59d034f428d42323b5520e1a8984acc1505ba1d96d90f00e17b24aa91660b2dc64e1a3ceb044c56f39b4c402a77c7e0b226c65218c23c094781b4ef51e2eb5 DIST gnupg-2.2.42.tar.bz2.sig 238 BLAKE2B 251ad0a832042ceb93b0edfda8652104bfb463e291322f22f0ab0d9b35606c3589be7a6f3e9e2aac8f6ac368a7d11840ab83b29997587dc65685de9f2dec3fee SHA512 7073bfc920c571680a1de57b4e6cd83cde24ccb3b5f592602b0c32fd762eef497027b08745044c9f41130ca99bb7ec77222568c2d0a1099d3c1c15137e0221d7 -DIST gnupg-2.4.4.tar.bz2 7886036 BLAKE2B 02661e89f0358be09fa3e71e7235b764a7dbda62a48a0c8c7a4e6c9919c3b37d54ead50b930af58f8f2fdb87861b849d3f3751e95cbedf46bdfd76caa90c4db4 SHA512 3d1a3b08d1ce2319d238d8be96591e418ede1dc0b4ede33a4cc2fe40e9c56d5bbc27b1984736d8a786e7f292ddbc836846a8bdb4bf89f064e953c37cb54b94ef -DIST gnupg-2.4.4.tar.bz2.sig 237 BLAKE2B 6ee5878c36fbec747a6d84a268903749d862aab50dd7f9a389aabbf7b94dec1c424615f520b5f4a6d44e02093e8d9ad0b08d0c6cf6fd8886d8c174ce9faac99c SHA512 3ae7b6833576df851901a7619459b514bb82faeed350c864a57a782719d21f694d9ced5a3445c81dfa584a0302f87fedc660b08ea97bb8b861e76d7c5b46d07f +DIST gnupg-2.2.43.tar.bz2 7435426 BLAKE2B ddf5c89d317e6ce8d1a5348f0ef81ffa1c61c995ddb312b28410f04502b01eae307cd943bee7182d28d4efccac394c91053f8e33756b00166bf66b2bf4a791a7 SHA512 0d2e733b6659c116c043db5252de4de33d6a70c16172d1fe9b779ba413ba9fcb64bbfdcc4686d0e87904561fc62d1aa765144e0586957a500287c175ee37bd49 +DIST gnupg-2.2.43.tar.bz2.sig 119 BLAKE2B 38fd3790f5065d67d6b5323ef7abbb79facf00e5b9daba98e5078302fc3887423173ba434c7eff1e64faecef88d87aab9c057c570d6e96e8d0808f07f32d8fa1 SHA512 47c5354869b1825e56fa4276826fcde1ee41c70aab9b411686cf2733f4d1df9c006049e49e066b22e475bd37b337f9ffc97f8bbca0c62c0f32296909464a0643 DIST gnupg-2.4.5.tar.bz2 7889060 BLAKE2B a8b80cd4dfbb377066efb5c9f1b6cdc6d0cd1b18358c962781b5c06de1545117b13038a4655ae627c36bfd2e5fee127692df8729d6b23e1b31051ab6d897b733 SHA512 4d54744f09399c5899144d0cb5fdc2756e45b058db41b9ea9df3be03e80b914509e16ef35aa0248e7561185b80f7a5f9fd6afcab8ccff75ff82ed555448a38ff -DIST gnupg-2.4.5.tar.bz2.sig 119 BLAKE2B f37fb5620bc009a5b935ac75df4235d377da4f052115c3c22c8d0887e9b21df6ea3059ac510eb2b555d825c2294e1c3ee44c86ecb371c6444a4645ca5a5c265a SHA512 53be0db371a98c930cbef9c844adcd06a8049d84dd71508f6f7427fc1736b374912c85ebf3a415748651260f65cf26f633697f4bdae2cc4a8d2c4b522db0bc71 +DIST gnupg-2.4.5.tar.bz2.sig 238 BLAKE2B b236e7d62f49c8385f4fb81389bf10715d9c0a0cb5c0b4c20fb6ff1465d05a3c3657061284db23af988a1ca16c9fa393af3ce5cbd27934501eb41a4f448fff0a SHA512 5a06970e499d1eb5213b142a8a182e46f5f21b7cb32785a9e5069378797c124e151ce74727382003820042d60fd7a2f909143f44aa9ef282605875e1cab04aef diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch deleted file mode 100644 index 686a3aadc8..0000000000 --- a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch +++ /dev/null @@ -1,202 +0,0 @@ -https://bugs.gentoo.org/924606 -https://dev.gnupg.org/T6997 -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=04cbc3074aa98660b513a80f623a7e9f0702c7c9 -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=848546b05ab0ff6abd47724ecfab73bf32dd4c01 -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2810b934647edd483996bee1f5f9256a162b2705 - -From 6236978d78886cbb476ed9fbc49ff99c7582b2d7 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Thu, 15 Feb 2024 15:38:34 +0900 -Subject: [PATCH 1/3] dirmngr: Fix proxy with TLS. - -* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always -available regardless of USE_TLS. -(run_proxy_connect): Use log_debug_string. -(send_request): Remove USE_TLS. - --- - -Since the commit of - - 1009e4e5f71347a1fe194e59a9d88c8034a67016 - -Building with TLS library is mandatory. - -GnuPG-bug-id: 6997 -Signed-off-by: NIIBE Yutaka ---- - dirmngr/http.c | 8 +------- - 1 file changed, 1 insertion(+), 7 deletions(-) - -diff --git a/dirmngr/http.c b/dirmngr/http.c -index 4899a5d55..10eecfdb0 100644 ---- a/dirmngr/http.c -+++ b/dirmngr/http.c -@@ -2362,7 +2362,6 @@ run_gnutls_handshake (http_t hd, const char *server) - * NULL, decode the string and use this as input from teh server. On - * success the final output token is stored at PROXY->OUTTOKEN and - * OUTTOKLEN. IF the authentication succeeded OUTTOKLEN is zero. */ --#ifdef USE_TLS - static gpg_error_t - proxy_get_token (proxy_info_t proxy, const char *inputstring) - { -@@ -2530,11 +2529,9 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring) - - #endif /*!HAVE_W32_SYSTEM*/ - } --#endif /*USE_TLS*/ - - - /* Use the CONNECT method to proxy our TLS stream. */ --#ifdef USE_TLS - static gpg_error_t - run_proxy_connect (http_t hd, proxy_info_t proxy, - const char *httphost, const char *server, -@@ -2586,7 +2583,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy, - hd->keep_alive = !auth_basic; /* We may need to send more requests. */ - - if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP)) -- log_debug_with_string (request, "http.c:proxy:request:"); -+ log_debug_string (request, "http.c:proxy:request:"); - - if (!hd->fp_write) - { -@@ -2743,7 +2740,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy, - xfree (tmpstr); - return err; - } --#endif /*USE_TLS*/ - - - /* Make a request string using a standard proxy. On success the -@@ -2903,7 +2899,6 @@ send_request (ctrl_t ctrl, - goto leave; - } - --#if USE_TLS - if (use_http_proxy && hd->uri->use_tls) - { - err = run_proxy_connect (hd, proxy, httphost, server, port); -@@ -2915,7 +2910,6 @@ send_request (ctrl_t ctrl, - * clear the flag to indicate this. */ - use_http_proxy = 0; - } --#endif /* USE_TLS */ - - #if HTTP_USE_NTBTLS - err = run_ntbtls_handshake (hd); --- -2.43.2 - -From 68650eb6999e674fd2f1c78f47b68d3cd1d37ff0 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Fri, 16 Feb 2024 11:31:37 +0900 -Subject: [PATCH 2/3] dirmngr: Fix the regression of use of proxy for TLS - connection. - -* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it -causes resource leak of FP_WRITE. -Don't try to read response body to fix the hang. - --- - -GnuPG-bug-id: 6997 -Signed-off-by: NIIBE Yutaka ---- - dirmngr/http.c | 14 ++------------ - 1 file changed, 2 insertions(+), 12 deletions(-) - -diff --git a/dirmngr/http.c b/dirmngr/http.c -index 10eecfdb0..7ce01bacd 100644 ---- a/dirmngr/http.c -+++ b/dirmngr/http.c -@@ -2553,6 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy, - * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication - */ - auth_basic = !!proxy->uri->auth; -+ hd->keep_alive = 0; - - /* For basic authentication we need to send just one request. */ - if (auth_basic -@@ -2574,13 +2575,12 @@ run_proxy_connect (http_t hd, proxy_info_t proxy, - httphost ? httphost : server, - port, - authhdr ? authhdr : "", -- auth_basic? "" : "Connection: keep-alive\r\n"); -+ hd->keep_alive? "Connection: keep-alive\r\n" : ""); - if (!request) - { - err = gpg_error_from_syserror (); - goto leave; - } -- hd->keep_alive = !auth_basic; /* We may need to send more requests. */ - - if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP)) - log_debug_string (request, "http.c:proxy:request:"); -@@ -2607,16 +2607,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy, - if (err) - goto leave; - -- { -- unsigned long count = 0; -- -- while (es_getc (hd->fp_read) != EOF) -- count++; -- if (opt_debug) -- log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n", -- count); -- } -- - /* Reset state. */ - es_clearerr (hd->fp_read); - ((cookie_t)(hd->read_cookie))->up_to_empty_line = 1; --- -2.43.2 - -From 7c7cbd94549d08780fc3767d6de8336b3f44e7d7 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Fri, 16 Feb 2024 16:24:26 +0900 -Subject: [PATCH 3/3] dirmngr: Fix keep-alive flag handling. - -* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic -Authentication. Fix resource leak of FP_WRITE. - --- - -GnuPG-bug-id: 6997 -Signed-off-by: NIIBE Yutaka ---- - dirmngr/http.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/dirmngr/http.c b/dirmngr/http.c -index 7ce01bacd..da0c89ae5 100644 ---- a/dirmngr/http.c -+++ b/dirmngr/http.c -@@ -2553,7 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy, - * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication - */ - auth_basic = !!proxy->uri->auth; -- hd->keep_alive = 0; -+ hd->keep_alive = !auth_basic; /* We may need to send more requests. */ - - /* For basic authentication we need to send just one request. */ - if (auth_basic -@@ -2717,6 +2717,14 @@ run_proxy_connect (http_t hd, proxy_info_t proxy, - } - - leave: -+ if (hd->keep_alive) -+ { -+ es_fclose (hd->fp_write); -+ hd->fp_write = NULL; -+ /* The close has released the cookie and thus we better set it -+ * to NULL. */ -+ hd->write_cookie = NULL; -+ } - /* Restore flags, destroy stream, reset state. */ - hd->flags = saved_flags; - es_fclose (hd->fp_read); --- -2.43.2 - diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch new file mode 100644 index 0000000000..57c00966d5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/files/gnupg-2.4.5-revert-rfc4880bis.patch @@ -0,0 +1,196 @@ +https://lwn.net/Articles/953797/ +https://security.stackexchange.com/questions/275883/should-one-really-disable-aead-for-recent-gnupg-created-pgp-keys +https://lists.gnupg.org/pipermail/librepgp-discuss/2023/000001.html +https://bugs.gentoo.org/926186 + +From 1e4f1550996334d2a631a5d769e937d29ace47bb Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Thu, 9 Feb 2023 16:38:58 +0100 +Subject: [PATCH gnupg] Revert the introduction of the RFC4880bis draft into + defaults + +This reverts commit 4583f4fe2 (gpg: Merge --rfc4880bis features into +--gnupg, 2022-10-31). +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -247,6 +247,7 @@ enum cmd_and_opt_values + oGnuPG, + oRFC2440, + oRFC4880, ++ oRFC4880bis, + oOpenPGP, + oPGP7, + oPGP8, +@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), + ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), + ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), ++ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"), + ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), + ARGPARSE_s_n (oPGP7, "pgp6", "@"), + ARGPARSE_s_n (oPGP7, "pgp7", "@"), +@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), + ARGPARSE_s_s (oNoop, "aead-algo", "@"), + ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), +- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), + ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), + + +@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option compliance_options[] = + { + { "gnupg", oGnuPG }, + { "openpgp", oOpenPGP }, +- { "rfc4880bis", oGnuPG }, ++ { "rfc4880bis", oRFC4880bis }, + { "rfc4880", oRFC4880 }, + { "rfc2440", oRFC2440 }, + { "pgp6", oPGP7 }, +@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option compliance_options[] = + static void + set_compliance_option (enum cmd_and_opt_values option) + { ++ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */ ++ + switch (option) + { ++ case oRFC4880bis: ++ opt.flags.rfc4880bis = 1; ++ opt.compliance = CO_RFC4880; ++ opt.flags.dsa2 = 1; ++ opt.flags.require_cross_cert = 1; ++ opt.rfc2440_text = 0; ++ opt.allow_non_selfsigned_uid = 1; ++ opt.allow_freeform_uid = 1; ++ opt.escape_from = 1; ++ opt.not_dash_escaped = 0; ++ opt.def_cipher_algo = 0; ++ opt.def_digest_algo = 0; ++ opt.cert_digest_algo = 0; ++ opt.compress_algo = -1; ++ opt.s2k_mode = 3; /* iterated+salted */ ++ opt.s2k_digest_algo = DIGEST_ALGO_SHA256; ++ opt.s2k_cipher_algo = CIPHER_ALGO_AES256; ++ break; + case oOpenPGP: + case oRFC4880: + /* This is effectively the same as RFC2440, but with +@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_values option) + case oPGP8: opt.compliance = CO_PGP8; break; + case oGnuPG: + opt.compliance = CO_GNUPG; ++ opt.flags.rfc4880bis = 1; + break; + + case oDE_VS: +@@ -2491,6 +2513,7 @@ main (int argc, char **argv) + opt.emit_version = 0; + opt.weak_digests = NULL; + opt.compliance = CO_GNUPG; ++ opt.flags.rfc4880bis = 1; + + /* Check special options given on the command line. */ + orig_argc = argc; +@@ -3033,6 +3056,7 @@ main (int argc, char **argv) + case oOpenPGP: + case oRFC2440: + case oRFC4880: ++ case oRFC4880bis: + case oPGP7: + case oPGP8: + case oGnuPG: +@@ -3862,6 +3886,11 @@ main (int argc, char **argv) + if( may_coredump && !opt.quiet ) + log_info(_("WARNING: program may create a core file!\n")); + ++ if (!opt.flags.rfc4880bis) ++ { ++ opt.mimemode = 0; /* This will use text mode instead. */ ++ } ++ + if (eyes_only) { + if (opt.set_filename) + log_info(_("WARNING: %s overrides %s\n"), +@@ -4078,7 +4107,7 @@ main (int argc, char **argv) + /* Check our chosen algorithms against the list of legal + algorithms. */ + +- if(!GNUPG) ++ if(!GNUPG && !opt.flags.rfc4880bis) + { + const char *badalg=NULL; + preftype_t badtype=PREFTYPE_NONE; +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string,int personal) + strcat(dummy_string,"S7 "); + strcat(dummy_string,"S2 "); /* 3DES */ + +- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB)) ++ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB)) + strcat(dummy_string,"A2 "); + + if (personal) +@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque) + /* Make sure that the MDC feature flag is set if needed. */ + add_feature_mdc (sig,mdc_available); + add_feature_aead (sig, aead_available); +- add_feature_v5 (sig, 1); ++ add_feature_v5 (sig, opt.flags.rfc4880bis); + add_keyserver_modify (sig,ks_modify); + keygen_add_keyserver_url(sig,NULL); + +@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl, + } + } + else if (!ascii_strcasecmp (s, "v5")) +- keyversion = 5; ++ { ++ if (opt.flags.rfc4880bis) ++ keyversion = 5; ++ } + else if (!ascii_strcasecmp (s, "v4")) + keyversion = 4; + else +@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl, + * ecdsa := Use algorithm ECDSA. + * eddsa := Use algorithm EdDSA. + * ecdh := Use algorithm ECDH. +- * v5 := Create version 5 key ++ * v5 := Create version 5 key (requires option --rfc4880bis) + * + * There are several defaults and fallbacks depending on the + * algorithm. PART can be used to select which part of STRING is +@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const char *fname ) + } + } + +- if ((keywords[i].key == pVERSION +- || keywords[i].key == pSUBVERSION)) +- ; /* Ignore version. */ ++ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION ++ || keywords[i].key == pSUBVERSION)) ++ ; /* Ignore version unless --rfc4880bis is active. */ + else + { + r = xmalloc_clear( sizeof *r + strlen( value ) ); +@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *para, int for_subkey, + para = r; + } + +- r = xmalloc_clear (sizeof *r + 20); +- r->key = for_subkey? pSUBVERSION : pVERSION; +- snprintf (r->u.value, 20, "%d", version); +- r->next = para; +- para = r; ++ if (opt.flags.rfc4880bis) ++ { ++ r = xmalloc_clear (sizeof *r + 20); ++ r->key = for_subkey? pSUBVERSION : pVERSION; ++ snprintf (r->u.value, 20, "%d", version); ++ r->next = para; ++ para = r; ++ } + + if (keytime) + { diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r3.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r4.ebuild similarity index 99% rename from sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r3.ebuild rename to sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r4.ebuild index d0937a7079..94c5b52306 100644 --- a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r3.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r4.ebuild @@ -30,7 +30,7 @@ RESTRICT="!test? ( test )" # Existence of executables is checked during configuration. # Note: On each bump, update dep bounds on each version from configure.ac! DEPEND=" - >=dev-libs/libassuan-2.5.0 + >=dev-libs/libassuan-2.5.0:= >=dev-libs/libgcrypt-1.8.0:= >=dev-libs/libgpg-error-1.38 >=dev-libs/libksba-1.3.5 diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r2.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.43-r1.ebuild similarity index 95% rename from sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r2.ebuild rename to sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.43-r1.ebuild index 72bb9fe062..7bd830a044 100644 --- a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.42-r2.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.2.43-r1.ebuild @@ -23,17 +23,17 @@ S="${WORKDIR}/${MY_P}" LICENSE="GPL-3+" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test tofu tools usb user-socket wks-server" RESTRICT="!test? ( test )" # Existence of executables is checked during configuration. # Note: On each bump, update dep bounds on each version from configure.ac! DEPEND=" - >=dev-libs/libassuan-2.5.0 + >=dev-libs/libassuan-2.5.0:= >=dev-libs/libgcrypt-1.8.0:= >=dev-libs/libgpg-error-1.38 - >=dev-libs/libksba-1.3.5 + >=dev-libs/libksba-1.4.0 >=dev-libs/npth-1.2 >=net-misc/curl-7.10 sys-libs/zlib @@ -67,7 +67,6 @@ DOCS=( PATCHES=( "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch - "${FILESDIR}"/${PN}-2.2.42-bug923248-insecure-backup.patch ) src_prepare() { diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.5-r1.ebuild similarity index 98% rename from sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild rename to sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.5-r1.ebuild index c89d22b2c1..cc4974e12d 100644 --- a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.4-r1.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.5-r1.ebuild @@ -31,7 +31,7 @@ REQUIRED_USE="test? ( tofu )" # Existence of executables is checked during configuration. # Note: On each bump, update dep bounds on each version from configure.ac! DEPEND=" - >=dev-libs/libassuan-2.5.0 + >=dev-libs/libassuan-2.5.0:= >=dev-libs/libgcrypt-1.9.1:= >=dev-libs/libgpg-error-1.46 >=dev-libs/libksba-1.6.3 @@ -69,7 +69,6 @@ DOCS=( PATCHES=( "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch - "${FILESDIR}"/${P}-dirmngr-proxy.patch #924606 ) src_prepare() { diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.5.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.5-r2.ebuild similarity index 98% rename from sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.5.ebuild rename to sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.5-r2.ebuild index 65e00a4fa8..5b2191cfb0 100644 --- a/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.5.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-crypt/gnupg/gnupg-2.4.5-r2.ebuild @@ -31,7 +31,7 @@ REQUIRED_USE="test? ( tofu )" # Existence of executables is checked during configuration. # Note: On each bump, update dep bounds on each version from configure.ac! DEPEND=" - >=dev-libs/libassuan-2.5.0 + >=dev-libs/libassuan-2.5.0:= >=dev-libs/libgcrypt-1.9.1:= >=dev-libs/libgpg-error-1.46 >=dev-libs/libksba-1.6.3 @@ -69,6 +69,7 @@ DOCS=( PATCHES=( "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch + "${FILESDIR}"/${PN}-2.4.5-revert-rfc4880bis.patch # bug #926186 ) src_prepare() {