1 |
alonbl 14/12/31 18:27:16 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: gnupg-2.1.1-r1.ebuild gnupg-2.0.26-r3.ebuild |
5 |
Removed: gnupg-2.1.1.ebuild |
6 |
Log: |
7 |
Fix misc CVEs, bug#534110 |
8 |
|
9 |
(Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key BF20DC51) |
10 |
|
11 |
Revision Changes Path |
12 |
1.562 app-crypt/gnupg/ChangeLog |
13 |
|
14 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/ChangeLog?rev=1.562&view=markup |
15 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/ChangeLog?rev=1.562&content-type=text/plain |
16 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/ChangeLog?r1=1.561&r2=1.562 |
17 |
|
18 |
Index: ChangeLog |
19 |
=================================================================== |
20 |
RCS file: /var/cvsroot/gentoo-x86/app-crypt/gnupg/ChangeLog,v |
21 |
retrieving revision 1.561 |
22 |
retrieving revision 1.562 |
23 |
diff -u -r1.561 -r1.562 |
24 |
--- ChangeLog 17 Dec 2014 19:05:55 -0000 1.561 |
25 |
+++ ChangeLog 31 Dec 2014 18:27:16 -0000 1.562 |
26 |
@@ -1,6 +1,14 @@ |
27 |
# ChangeLog for app-crypt/gnupg |
28 |
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 |
29 |
-# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/ChangeLog,v 1.561 2014/12/17 19:05:55 k_f Exp $ |
30 |
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/ChangeLog,v 1.562 2014/12/31 18:27:16 alonbl Exp $ |
31 |
+ |
32 |
+*gnupg-2.0.26-r3 (31 Dec 2014) |
33 |
+*gnupg-2.1.1-r1 (31 Dec 2014) |
34 |
+ |
35 |
+ 31 Dec 2014; Alon Bar-Lev <alonbl@g.o> |
36 |
+ +files/gnupg-2.0.26-misc-cve.patch, +files/gnupg-2.1.1-misc-cve.patch, |
37 |
+ +gnupg-2.0.26-r3.ebuild, +gnupg-2.1.1-r1.ebuild, -gnupg-2.1.1.ebuild: |
38 |
+ Fix misc CVEs, bug#534110 |
39 |
|
40 |
*gnupg-2.1.1 (17 Dec 2014) |
41 |
|
42 |
|
43 |
|
44 |
|
45 |
1.1 app-crypt/gnupg/gnupg-2.1.1-r1.ebuild |
46 |
|
47 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/gnupg-2.1.1-r1.ebuild?rev=1.1&view=markup |
48 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/gnupg-2.1.1-r1.ebuild?rev=1.1&content-type=text/plain |
49 |
|
50 |
Index: gnupg-2.1.1-r1.ebuild |
51 |
=================================================================== |
52 |
# Copyright 1999-2014 Gentoo Foundation |
53 |
# Distributed under the terms of the GNU General Public License v2 |
54 |
# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.1.1-r1.ebuild,v 1.1 2014/12/31 18:27:16 alonbl Exp $ |
55 |
|
56 |
EAPI="5" |
57 |
|
58 |
inherit eutils flag-o-matic toolchain-funcs |
59 |
|
60 |
DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement" |
61 |
HOMEPAGE="http://www.gnupg.org/" |
62 |
MY_P="${P/_/-}" |
63 |
SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" |
64 |
|
65 |
LICENSE="GPL-3" |
66 |
SLOT="0" |
67 |
KEYWORDS="" |
68 |
IUSE="bzip2 doc +gnutls ldap nls readline static selinux smartcard tools usb" |
69 |
|
70 |
COMMON_DEPEND_LIBS=" |
71 |
dev-libs/npth |
72 |
>=dev-libs/libassuan-2 |
73 |
>=dev-libs/libgcrypt-1.6.2 |
74 |
>=dev-libs/libgpg-error-1.17 |
75 |
>=dev-libs/libksba-1.0.7 |
76 |
>=net-misc/curl-7.10 |
77 |
gnutls? ( >=net-libs/gnutls-3.0 ) |
78 |
sys-libs/zlib |
79 |
ldap? ( net-nds/openldap ) |
80 |
bzip2? ( app-arch/bzip2 ) |
81 |
readline? ( sys-libs/readline ) |
82 |
smartcard? ( usb? ( virtual/libusb:0 ) ) |
83 |
" |
84 |
COMMON_DEPEND_BINS="|| ( app-crypt/pinentry app-crypt/pinentry-qt )" |
85 |
|
86 |
# Existence of executables is checked during configuration. |
87 |
DEPEND="${COMMON_DEPEND_LIBS} |
88 |
${COMMON_DEPEND_BINS} |
89 |
static? ( |
90 |
>=dev-libs/libassuan-2[static-libs] |
91 |
>=dev-libs/libgcrypt-1.6.2[static-libs] |
92 |
>=dev-libs/libgpg-error-1.17[static-libs] |
93 |
>=dev-libs/libksba-1.0.7[static-libs] |
94 |
dev-libs/npth[static-libs] |
95 |
>=net-misc/curl-7.10[static-libs] |
96 |
sys-libs/zlib[static-libs] |
97 |
bzip2? ( app-arch/bzip2[static-libs] ) |
98 |
) |
99 |
nls? ( sys-devel/gettext ) |
100 |
doc? ( sys-apps/texinfo )" |
101 |
|
102 |
RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} ) |
103 |
${COMMON_DEPEND_BINS} |
104 |
selinux? ( sec-policy/selinux-gpg ) |
105 |
nls? ( virtual/libintl )" |
106 |
|
107 |
REQUIRED_USE="smartcard? ( !static )" |
108 |
|
109 |
S="${WORKDIR}/${MY_P}" |
110 |
|
111 |
src_prepare() { |
112 |
epatch "${FILESDIR}/${PN}-2.0.17-gpgsm-gencert.patch" |
113 |
epatch "${FILESDIR}/${P}-misc-cve.patch" |
114 |
epatch_user |
115 |
} |
116 |
|
117 |
src_configure() { |
118 |
local myconf=() |
119 |
|
120 |
# 'USE=static' support was requested: |
121 |
# gnupg1: bug #29299 |
122 |
# gnupg2: bug #159623 |
123 |
use static && append-ldflags -static |
124 |
|
125 |
if use smartcard; then |
126 |
myconf+=( |
127 |
--enable-scdaemon |
128 |
$(use_enable usb ccid-driver) |
129 |
) |
130 |
else |
131 |
myconf+=( --disable-scdaemon ) |
132 |
fi |
133 |
|
134 |
if use elibc_SunOS || use elibc_AIX; then |
135 |
myconf+=( --disable-symcryptrun ) |
136 |
else |
137 |
myconf+=( --enable-symcryptrun ) |
138 |
fi |
139 |
|
140 |
econf \ |
141 |
--docdir="${EPREFIX}/usr/share/doc/${PF}" \ |
142 |
--enable-gpg \ |
143 |
--enable-gpgsm \ |
144 |
--enable-agent \ |
145 |
--without-adns \ |
146 |
"${myconf[@]}" \ |
147 |
$(use_enable bzip2) \ |
148 |
$(use_enable gnutls) \ |
149 |
$(use_with ldap) \ |
150 |
$(use_enable nls) \ |
151 |
$(use_with readline) \ |
152 |
CC_FOR_BUILD="$(tc-getBUILD_CC)" |
153 |
} |
154 |
|
155 |
src_compile() { |
156 |
default |
157 |
|
158 |
if use doc; then |
159 |
cd doc |
160 |
emake html |
161 |
fi |
162 |
} |
163 |
|
164 |
src_install() { |
165 |
default |
166 |
|
167 |
use tools && dobin tools/{convert-from-106,gpg-check-pattern} \ |
168 |
tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert} |
169 |
|
170 |
emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA |
171 |
rm "${ED}"/usr/share/gnupg/help* || die |
172 |
|
173 |
dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \ |
174 |
doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help* |
175 |
|
176 |
dosym gpg2 /usr/bin/gpg |
177 |
dosym gpgv2 /usr/bin/gpgv |
178 |
echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1 |
179 |
echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1 |
180 |
|
181 |
dodir /etc/env.d |
182 |
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg |
183 |
|
184 |
if use doc; then |
185 |
dohtml doc/gnupg.html/* doc/*.png |
186 |
fi |
187 |
} |
188 |
|
189 |
pkg_postinst() { |
190 |
elog "If you wish to view images emerge:" |
191 |
elog "media-gfx/xloadimage, media-gfx/xli or any other viewer" |
192 |
elog "Remember to use photo-viewer option in configuration file to activate" |
193 |
elog "the right viewer." |
194 |
elog |
195 |
|
196 |
if use smartcard; then |
197 |
elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of" |
198 |
use usb && elog " - a CCID-compatible reader, used directly through libusb;" |
199 |
elog " - sys-apps/pcsc-lite and a compatible reader device;" |
200 |
elog " - dev-libs/openct and a compatible reader device;" |
201 |
elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces." |
202 |
elog "" |
203 |
elog "General hint: you probably want to try installing sys-apps/pcsc-lite and" |
204 |
elog "app-crypt/ccid first." |
205 |
fi |
206 |
|
207 |
ewarn "Please remember to restart gpg-agent if a different version" |
208 |
ewarn "of the agent is currently used. If you are unsure of the gpg" |
209 |
ewarn "agent you are using please run 'killall gpg-agent'," |
210 |
ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'." |
211 |
|
212 |
if [[ -n ${REPLACING_VERSIONS} ]]; then |
213 |
elog "If upgrading from a version prior than 2.1 you might have to re-import" |
214 |
elog "secret keys after restarting the gpg-agent as the new version is using" |
215 |
elog "a new storage mechanism." |
216 |
elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg" |
217 |
fi |
218 |
} |
219 |
|
220 |
|
221 |
|
222 |
1.1 app-crypt/gnupg/gnupg-2.0.26-r3.ebuild |
223 |
|
224 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/gnupg-2.0.26-r3.ebuild?rev=1.1&view=markup |
225 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/gnupg-2.0.26-r3.ebuild?rev=1.1&content-type=text/plain |
226 |
|
227 |
Index: gnupg-2.0.26-r3.ebuild |
228 |
=================================================================== |
229 |
# Copyright 1999-2014 Gentoo Foundation |
230 |
# Distributed under the terms of the GNU General Public License v2 |
231 |
# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.26-r3.ebuild,v 1.1 2014/12/31 18:27:16 alonbl Exp $ |
232 |
|
233 |
EAPI="5" |
234 |
|
235 |
inherit eutils flag-o-matic toolchain-funcs |
236 |
|
237 |
DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement" |
238 |
HOMEPAGE="http://www.gnupg.org/" |
239 |
SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2" |
240 |
# SRC_URI="ftp://ftp.gnupg.org/gcrypt/${PN}/${P}.tar.bz2" |
241 |
|
242 |
LICENSE="GPL-3" |
243 |
SLOT="0" |
244 |
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
245 |
IUSE="bzip2 doc ldap nls mta readline static selinux smartcard tools usb" |
246 |
|
247 |
COMMON_DEPEND_LIBS=" |
248 |
>=dev-libs/libassuan-2 |
249 |
>=dev-libs/libgcrypt-1.4:0= |
250 |
>=dev-libs/libgpg-error-1.11 |
251 |
>=dev-libs/libksba-1.0.7 |
252 |
>=dev-libs/pth-1.3.7 |
253 |
>=net-misc/curl-7.10 |
254 |
sys-libs/zlib |
255 |
bzip2? ( app-arch/bzip2 ) |
256 |
readline? ( sys-libs/readline ) |
257 |
smartcard? ( usb? ( virtual/libusb:0 ) ) |
258 |
ldap? ( net-nds/openldap )" |
259 |
COMMON_DEPEND_BINS="|| ( app-crypt/pinentry app-crypt/pinentry-qt )" |
260 |
|
261 |
# Existence of executables is checked during configuration. |
262 |
DEPEND="${COMMON_DEPEND_LIBS} |
263 |
${COMMON_DEPEND_BINS} |
264 |
static? ( |
265 |
>=dev-libs/libassuan-2[static-libs] |
266 |
>=dev-libs/libgcrypt-1.4:0=[static-libs] |
267 |
>=dev-libs/libgpg-error-1.11[static-libs] |
268 |
>=dev-libs/libksba-1.0.7[static-libs] |
269 |
>=dev-libs/pth-1.3.7[static-libs] |
270 |
>=net-misc/curl-7.10[static-libs] |
271 |
sys-libs/zlib[static-libs] |
272 |
bzip2? ( app-arch/bzip2[static-libs] ) |
273 |
) |
274 |
nls? ( sys-devel/gettext ) |
275 |
doc? ( sys-apps/texinfo )" |
276 |
|
277 |
RDEPEND="!static? ( ${COMMON_DEPEND_LIBS} ) |
278 |
${COMMON_DEPEND_BINS} |
279 |
mta? ( virtual/mta ) |
280 |
!<=app-crypt/gnupg-2.0.1 |
281 |
selinux? ( sec-policy/selinux-gpg ) |
282 |
nls? ( virtual/libintl )" |
283 |
|
284 |
REQUIRED_USE="smartcard? ( !static )" |
285 |
|
286 |
src_prepare() { |
287 |
epatch "${FILESDIR}/${PN}-2.0.17-gpgsm-gencert.patch" |
288 |
epatch "${FILESDIR}/${P}-Need-to-init-the-trustdb-for-import.patch" |
289 |
epatch "${FILESDIR}/${P}-misc-cve.patch" |
290 |
epatch_user |
291 |
} |
292 |
|
293 |
src_configure() { |
294 |
local myconf=() |
295 |
|
296 |
# 'USE=static' support was requested: |
297 |
# gnupg1: bug #29299 |
298 |
# gnupg2: bug #159623 |
299 |
use static && append-ldflags -static |
300 |
|
301 |
if use smartcard; then |
302 |
myconf+=( |
303 |
--enable-scdaemon |
304 |
$(use_enable usb ccid-driver) |
305 |
) |
306 |
else |
307 |
myconf+=( --disable-scdaemon ) |
308 |
fi |
309 |
|
310 |
if use elibc_SunOS || use elibc_AIX; then |
311 |
myconf+=( --disable-symcryptrun ) |
312 |
else |
313 |
myconf+=( --enable-symcryptrun ) |
314 |
fi |
315 |
|
316 |
econf \ |
317 |
--docdir="${EPREFIX}/usr/share/doc/${PF}" \ |
318 |
--enable-gpg \ |
319 |
--enable-gpgsm \ |
320 |
--enable-agent \ |
321 |
--without-adns \ |
322 |
"${myconf[@]}" \ |
323 |
$(use_enable bzip2) \ |
324 |
$(use_enable nls) \ |
325 |
$(use_enable mta mailto) \ |
326 |
$(use_enable ldap) \ |
327 |
$(use_with readline) \ |
328 |
CC_FOR_BUILD="$(tc-getBUILD_CC)" |
329 |
} |
330 |
|
331 |
src_compile() { |
332 |
default |
333 |
|
334 |
if use doc; then |
335 |
cd doc |
336 |
emake html |
337 |
fi |
338 |
} |
339 |
|
340 |
src_install() { |
341 |
default |
342 |
|
343 |
use tools && dobin tools/{convert-from-106,gpg-check-pattern} \ |
344 |
tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert} |
345 |
|
346 |
emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA |
347 |
rm "${ED}"/usr/share/gnupg/help* || die |
348 |
|
349 |
dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \ |
350 |
doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help* |
351 |
|
352 |
dosym gpg2 /usr/bin/gpg |
353 |
dosym gpgv2 /usr/bin/gpgv |
354 |
dosym gpg2keys_hkp /usr/libexec/gpgkeys_hkp |
355 |
dosym gpg2keys_finger /usr/libexec/gpgkeys_finger |
356 |
dosym gpg2keys_curl /usr/libexec/gpgkeys_curl |
357 |
if use ldap; then |
358 |
dosym gpg2keys_ldap /usr/libexec/gpgkeys_ldap |
359 |
fi |
360 |
echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1 |
361 |
echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1 |
362 |
|
363 |
dodir /etc/env.d |
364 |
echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg |
365 |
|
366 |
if use doc; then |
367 |
dohtml doc/gnupg.html/* doc/*.png |
368 |
fi |
369 |
} |
370 |
|
371 |
pkg_postinst() { |
372 |
elog "If you wish to view images emerge:" |
373 |
elog "media-gfx/xloadimage, media-gfx/xli or any other viewer" |
374 |
elog "Remember to use photo-viewer option in configuration file to activate" |
375 |
elog "the right viewer." |
376 |
elog |
377 |
|
378 |
if use smartcard; then |
379 |
elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of" |
380 |
use usb && elog " - a CCID-compatible reader, used directly through libusb;" |
381 |
elog " - sys-apps/pcsc-lite and a compatible reader device;" |
382 |
elog " - dev-libs/openct and a compatible reader device;" |
383 |
elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces." |
384 |
elog "" |
385 |
elog "General hint: you probably want to try installing sys-apps/pcsc-lite and" |
386 |
elog "app-crypt/ccid first." |
387 |
fi |
388 |
|
389 |
ewarn "Please remember to restart gpg-agent if a different version" |
390 |
ewarn "of the agent is currently used. If you are unsure of the gpg" |
391 |
ewarn "agent you are using please run 'killall gpg-agent'," |
392 |
ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'." |
393 |
} |