Revert "app-crypt/gnupg: move from portage-stable and fix arm64 cross build."

2025-08-23 15:31:05 +02:00 · 2016-09-30 16:17:23 -04:00 · 2016-09-30 16:17:23 -04:00 · d358d69032
commit d358d69032
parent 32e99a8985
9 changed files with 1 additions and 413 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/Manifest
@ -1 +0,0 @@
 DIST gnupg-2.0.26.tar.bz2 4303384 SHA256 7758e30dc382ae7a7167ed41b7f936aa50af5ea2d6fccdef663b5b750b65b8e0 SHA512 5dd23baaac764fd48abd235ed52a85a2c7fd68b98fcde45c0f294ddb3b5629e8b1bd894585fbed4e6a6cb2bc4a5552c098c3cf1a849fffa469424fd0a4fee726 WHIRLPOOL 8d9b30337957f6bfeddea29116d862ef0c0ddd06d59bc2799db236b91b2c6767aad6f37f2166fc431c5d9454eb41f49f3e261bc38d0e89361f0c467f4591cd5a
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
@ -1,34 +0,0 @@
 From c34486a64c223bcbfbb57d9abcf107d684b815b6 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
 Date: Sun, 17 Apr 2011 01:34:39 +0200
 Subject: [PATCH] gpgsm-gencert.sh: make sure not to abort after creating temp
 file.
 https://bugs.g10code.com/gnupg/issue1466
 ---
 tools/gpgsm-gencert.sh |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)
 diff --git a/tools/gpgsm-gencert.sh b/tools/gpgsm-gencert.sh
 index b209c8e..e7c812f 100755
 --- a/tools/gpgsm-gencert.sh
 +++ b/tools/gpgsm-gencert.sh
@@ -178,10 +178,10 @@ Key-Length: $KEY_LENGTH
 Key-Usage: $KEY_USAGE
 Name-DN: $NAME
 EOF
 -[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP"
 -[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES"
 -[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES"
 -[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES"
 +[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP" || true
 +[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES" || true
 +[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES" || true
 +[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES" || true
 ) > "$file_parameter"
 -- 
 1.7.5.rc1
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Need-to-init-the-trustdb-for-import.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Need-to-init-the-trustdb-for-import.patch
@ -1,35 +0,0 @@
 From a2dcc5cc49c3e79d64bd1a2ad7a5bc4df5b073ee Mon Sep 17 00:00:00 2001
 From: Kristian Fiskerstrand <kf@sumptuouscapital.com>
 Date: Wed, 13 Aug 2014 11:13:34 +0200
 Subject: [PATCH] gpg: Need to init the trustdb for import.
 * g10/trustdb.c (clear_ownertrusts): Init trustdb.
 --
 This was fixed in 1.4 branch in commit
 23191d7851eae2217ecdac6484349849a24fd94a but was not applied to the
 2.0 branch that exhibits the same problem. This is actually a hack
 to fix a bug introduced with commit 2528178.
 GnuPG-bug-id: 1622
 ---
 g10/trustdb.c | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/g10/trustdb.c b/g10/trustdb.c
 index f96701a..7bfef25 100644
 --- a/g10/trustdb.c
 +++ b/g10/trustdb.c
@@ -923,6 +923,8 @@ clear_ownertrusts (PKT_public_key *pk)
   TRUSTREC rec;
   int rc;
 +  init_trustdb();
 +
   if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
     return 0;
 -- 
 1.8.5.5
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Pth-config-for-cross-build.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-Pth-config-for-cross-build.patch
@ -1,20 +0,0 @@
 --- a/m4/gnupg-pth.m4
 +++ b/m4/gnupg-pth.m4
@@ -80,14 +80,15 @@
 # PTH_CLFAGS and PTH_LIBS are AS_SUBST.
 #
 AC_DEFUN([GNUPG_PATH_PTH],
 -[ AC_ARG_WITH(pth-prefix,
 +[ AC_REQUIRE([AC_CANONICAL_HOST])
 +  AC_ARG_WITH(pth-prefix,
              AC_HELP_STRING([--with-pth-prefix=PFX],
                            [prefix where GNU Pth is installed]),
      pth_config_prefix="$withval", pth_config_prefix="")
   if test x$pth_config_prefix != x ; then
      PTH_CONFIG="$pth_config_prefix/bin/pth-config"
   fi
 -  AC_PATH_PROG(PTH_CONFIG, pth-config, no)
 +  AC_PATH_TOOL(PTH_CONFIG, pth-config, no)
   tmp=ifelse([$1], ,1.3.7,$1)
   if test "$PTH_CONFIG" != "no"; then
     GNUPG_PTH_VERSION_CHECK($tmp)
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-misc-cve.patch
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/files/gnupg-2.0.26-misc-cve.patch
@ -1,118 +0,0 @@
 From ed8383c618e124cfa708c9ee87563fcdf2f4649c Mon Sep 17 00:00:00 2001
 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 Date: Fri, 19 Dec 2014 18:53:34 -0500
 Subject: [PATCH] sm: Avoid double-free on iconv failure
 * sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
 double-free of pwbuf.
 --
 Observed by Joshua Rogers <honey@internot.info>, who proposed a
 slightly different fix.
 Debian-Bug-Id: 773472
 Added fix at a second place - wk.
 ---
 sm/minip12.c |    2 ++
 1 file changed, 2 insertions(+)
 diff --git a/agent/minip12.c b/agent/minip12.c
 index 01b91b7..ca4d248 100644
 --- a/agent/minip12.c
 +++ b/agent/minip12.c
@@ -2422,6 +2422,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
                      " requested charset '%s': %s\n",
                      charset, strerror (errno));
           gcry_free (pwbuf);
 +          pwbuf = NULL;
           goto failure;
         }
@@ -2436,6 +2437,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
                      " requested charset '%s': %s\n",
                      charset, strerror (errno));
           gcry_free (pwbuf);
 +          pwbuf = NULL;
           jnlib_iconv_close (cd);
           goto failure;
         }
 -- 
 1.7.10.4
 From b0b3803e8c2959dd67ca96debc54b5c6464f0d41 Mon Sep 17 00:00:00 2001
 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 Date: Fri, 19 Dec 2014 18:07:55 -0500
 Subject: [PATCH] scd: Avoid double-free on error condition in scd
 * scd/command.c (cmd_readkey): avoid double-free of cert
 --
 When ksba_cert_new() fails, cert will be double-freed.
 Debian-Bug-Id: 773471
 Original patch changed by wk to do the free only at leave.
 ---
 scd/command.c |    6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)
 diff --git a/scd/command.c b/scd/command.c
 index dd4191f..1cc580a 100644
 --- a/scd/command.c
 +++ b/scd/command.c
@@ -804,10 +804,8 @@ cmd_readkey (assuan_context_t ctx, char *line)
   rc = ksba_cert_new (&kc);
   if (rc)
 -    {
 -      xfree (cert);
 -      goto leave;
 -    }
 +    goto leave;
 +
   rc = ksba_cert_init_from_mem (kc, cert, ncert);
   if (rc)
     {
 -- 
 1.7.10.4
 From abd5f6752d693b7f313c19604f0723ecec4d39a6 Mon Sep 17 00:00:00 2001
 From: Werner Koch <wk@gnupg.org>
 Date: Mon, 22 Dec 2014 12:16:46 +0100
 Subject: [PATCH] dirmngr,gpgsm: Return NULL on fail
 * dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
 * sm/gpgsm.c (parse_keyserver_line): Ditto.
 --
 Reported-by: Joshua Rogers <git@internot.info>
  "If something inside the ldapserver_parse_one function failed,
   'server' would be freed, then returned, leading to a
   use-after-free.  This code is likely copied from sm/gpgsm.c, which
   was also susceptible to this bug."
 Signed-off-by: Werner Koch <wk@gnupg.org>
 ---
 dirmngr/ldapserver.c |    1 +
 sm/gpgsm.c           |    1 +
 2 files changed, 2 insertions(+)
 diff --git a/sm/gpgsm.c b/sm/gpgsm.c
 index 3398d17..72bceb4 100644
 --- a/sm/gpgsm.c
 +++ b/sm/gpgsm.c
@@ -862,6 +862,7 @@ parse_keyserver_line (char *line,
     {
       log_info (_("%s:%u: skipping this line\n"), filename, lineno);
       keyserver_list_free (server);
 +      server = NULL;
     }
   return server;
 -- 
 1.7.10.4
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/gnupg-2.0.26-r4.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/gnupg-2.0.26-r4.ebuild
@ -1,167 +0,0 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.26-r3.ebuild,v 1.12 2015/03/30 03:06:10 tgall Exp $
 EAPI="5"
 inherit eutils flag-o-matic toolchain-funcs autotools
 DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement"
 HOMEPAGE="http://www.gnupg.org/"
 SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
 # SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2"
 LICENSE="GPL-3"
 SLOT="0"
 KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="bzip2 doc ldap nls mta readline static selinux smartcard tools usb"
 COMMON_DEPEND_LIBS="
 	>=dev-libs/libassuan-2
 	>=dev-libs/libgcrypt-1.4:0=
 	>=dev-libs/libgpg-error-1.11
 	>=dev-libs/libksba-1.0.7
 	>=dev-libs/pth-1.3.7
 	>=net-misc/curl-7.10
 	sys-libs/zlib
 	bzip2? ( app-arch/bzip2 )
 	readline? ( sys-libs/readline )
 	smartcard? ( usb? ( virtual/libusb:0 ) )
 	ldap? ( net-nds/openldap )"
 COMMON_DEPEND_BINS="app-crypt/pinentry"
 # Existence of executables is checked during configuration.
 DEPEND="${COMMON_DEPEND_LIBS}
 	${COMMON_DEPEND_BINS}
 	static? (
 		>=dev-libs/libassuan-2[static-libs]
 		>=dev-libs/libgcrypt-1.4:0=[static-libs]
 		>=dev-libs/libgpg-error-1.11[static-libs]
 		>=dev-libs/libksba-1.0.7[static-libs]
 		>=dev-libs/pth-1.3.7[static-libs]
 		>=net-misc/curl-7.10[static-libs]
 		sys-libs/zlib[static-libs]
 		bzip2? ( app-arch/bzip2[static-libs] )
 	)
 	nls? ( sys-devel/gettext )
 	doc? ( sys-apps/texinfo )"
 RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} )
 	${COMMON_DEPEND_BINS}
 	mta? ( virtual/mta )
 	!<=app-crypt/gnupg-2.0.1
 	selinux? ( sec-policy/selinux-gpg )
 	nls? ( virtual/libintl )"
 REQUIRED_USE="smartcard? ( !static )"
 src_prepare() {
 	epatch "${FILESDIR}/${PN}-2.0.17-gpgsm-gencert.patch"
 	epatch "${FILESDIR}/${P}-Need-to-init-the-trustdb-for-import.patch"
 	epatch "${FILESDIR}/${P}-misc-cve.patch"
 	epatch "${FILESDIR}/${P}-Pth-config-for-cross-build.patch"
 	epatch_user
 	eautoreconf
 }
 src_configure() {
 	local myconf=()
 	# 'USE=static' support was requested:
 	# gnupg1: bug #29299
 	# gnupg2: bug #159623
 	use static && append-ldflags -static
 	if use smartcard; then
 		myconf+=(
 			--enable-scdaemon
 			$(use_enable usb ccid-driver)
 		)
 	else
 		myconf+=( --disable-scdaemon )
 	fi
 	if use elibc_SunOS || use elibc_AIX; then
 		myconf+=( --disable-symcryptrun )
 	else
 		myconf+=( --enable-symcryptrun )
 	fi
 	econf \
 		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
 		--enable-gpg \
 		--enable-gpgsm \
 		--enable-agent \
 		--without-adns \
 		"${myconf[@]}" \
 		$(use_enable bzip2) \
 		$(use_enable nls) \
 		$(use_enable mta mailto) \
 		$(use_enable ldap) \
 		$(use_with readline) \
 		CC_FOR_BUILD="$(tc-getBUILD_CC)"
 }
 src_compile() {
 	default
 	if use doc; then
 		cd doc
 		emake html
 	fi
 }
 src_install() {
 	default
 	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
 		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
 	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
 	rm "${ED}"/usr/share/gnupg/help* || die
 	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
 		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
 	dosym gpg2 /usr/bin/gpg
 	dosym gpgv2 /usr/bin/gpgv
 	dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp
 	dosym gpg2keys_finger /usr/libexec/gpgkeys_finger
 	dosym gpg2keys_curl /usr/libexec/gpgkeys_curl
 	if use ldap; then
 		dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap
 	fi
 	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
 	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
 	dodir /etc/env.d
 	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
 	if use doc; then
 		dohtml doc/gnupg.html/* doc/*.png
 	fi
 }
 pkg_postinst() {
 	elog "If you wish to view images emerge:"
 	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
 	elog "Remember to use photo-viewer option in configuration file to activate"
 	elog "the right viewer."
 	elog
 	if use smartcard; then
 		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
 		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
 		elog " - sys-apps/pcsc-lite and a compatible reader device;"
 		elog " - dev-libs/openct and a compatible reader device;"
 		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
 		elog ""
 		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
 		elog "app-crypt/ccid first."
 	fi
 	ewarn "Please remember to restart gpg-agent if a different version"
 	ewarn "of the agent is currently used. If you are unsure of the gpg"
 	ewarn "agent you are using please run 'killall gpg-agent',"
 	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
 }
--- a/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/app-crypt/gnupg/metadata.xml
@ -1,36 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
  <maintainer type="project">
    <email>crypto@gentoo.org</email>
    <name>Crypto</name>
  </maintainer>
  <longdescription>
    GnuPG is a complete and free implementation of the OpenPGP standard as
    defined by RFC4880.
  </longdescription>
  <use>
    <flag name="smartcard">
      Build scdaemon software. Enables usage of OpenPGP cards. For
      other type of smartcards, try
      <pkg>app-crypt/gnupg-pkcs11-scd</pkg>.
      Bring in <pkg>dev-libs/libusb</pkg> as a dependency; enable
      scdaemon.
    </flag>
    <flag name="usb">
      Build direct CCID access for scdaemon; requires
      <pkg>dev-libs/libusb</pkg>.
    </flag>
    <flag name="mta">
      Build mta support using
      <pkg>virtual/mta</pkg>.
    </flag>
    <flag name="tofu">
      Enable support for Trust of First use trust model; requires
      <pkg>dev-db/sqlite</pkg>.
    </flag>
    <flag name="tools">
      Install extra tools.
    </flag>
  </use>
 </pkgmetadata>
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords
@ -41,5 +41,3 @@
 =sys-fs/quota-4.02 **
 =sys-fs/xfsprogs-3.2.2-r1 **
 =sys-process/lsof-4.89 ~arm64
 =apps-crypt/gnupg-2.0.26-r4 ~arm64
 =dev-libs/libksba-1.3.3 ~arm64
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.provided
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.provided
@ -6,6 +6,7 @@ dev-lang/perl-5.12.4-r1
 dev-libs/gobject-introspection-1.40.0-r1
 sys-apps/kexec-tools-2.0.4-r1
 dev-util/boost-build-1.55.0
 app-crypt/gnupg-2.0.26-r3
 # build errors
 net-dns/bind-tools-9.10.1_p1
		`@ -1 +0,0 @@`
			`DIST gnupg-2.0.26.tar.bz2 4303384 SHA256 7758e30dc382ae7a7167ed41b7f936aa50af5ea2d6fccdef663b5b750b65b8e0 SHA512 5dd23baaac764fd48abd235ed52a85a2c7fd68b98fcde45c0f294ddb3b5629e8b1bd894585fbed4e6a6cb2bc4a5552c098c3cf1a849fffa469424fd0a4fee726 WHIRLPOOL 8d9b30337957f6bfeddea29116d862ef0c0ddd06d59bc2799db236b91b2c6767aad6f37f2166fc431c5d9454eb41f49f3e261bc38d0e89361f0c467f4591cd5a`