From a80a4eff0d5aa76fe90939abaaefdb667ccad49e Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Mon, 26 Jun 2006 22:34:49 +0000 Subject: Version bump, resolves CVE-2006-3082. Upstream also includes support for DSA2/SHA-224 now. (Portage version: 2.1) --- app-crypt/gnupg/ChangeLog | 8 +- app-crypt/gnupg/files/digest-gnupg-1.4.4 | 9 ++ app-crypt/gnupg/gnupg-1.4.4.ebuild | 220 +++++++++++++++++++++++++++++++ 3 files changed, 236 insertions(+), 1 deletion(-) create mode 100644 app-crypt/gnupg/files/digest-gnupg-1.4.4 create mode 100644 app-crypt/gnupg/gnupg-1.4.4.ebuild (limited to 'app-crypt/gnupg') diff --git a/app-crypt/gnupg/ChangeLog b/app-crypt/gnupg/ChangeLog index f4a5b92d76eb..9f3962500cab 100644 --- a/app-crypt/gnupg/ChangeLog +++ b/app-crypt/gnupg/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-crypt/gnupg # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/ChangeLog,v 1.197 2006/06/15 00:09:14 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/ChangeLog,v 1.198 2006/06/26 22:34:49 robbat2 Exp $ + +*gnupg-1.4.4 (26 Jun 2006) + + 26 Jun 2006; Robin H. Johnson +gnupg-1.4.4.ebuild: + Version bump, resolves CVE-2006-3082. Upstream also includes support for + DSA2/SHA-224 now. *gnupg-1.9.20-r4 (15 Jun 2006) *gnupg-1.4.3-r1 (15 Jun 2006) diff --git a/app-crypt/gnupg/files/digest-gnupg-1.4.4 b/app-crypt/gnupg/files/digest-gnupg-1.4.4 new file mode 100644 index 000000000000..1a03bbebe88c --- /dev/null +++ b/app-crypt/gnupg/files/digest-gnupg-1.4.4 @@ -0,0 +1,9 @@ +MD5 92dc69b6eb6ae62200e43f79dec3e0c4 gnupg-1.4.3-ecc0.1.6.diff.bz2 18138 +RMD160 609d0d280d0084c4463bcfaa770d1dab4790bb32 gnupg-1.4.3-ecc0.1.6.diff.bz2 18138 +SHA256 35b22cb1ef93042733b8088fee3fb2eff3053c04d506316315295e0b0ea690f0 gnupg-1.4.3-ecc0.1.6.diff.bz2 18138 +MD5 fab063f2218dee3f9af78dd55b521849 gnupg-1.4.4.tar.bz2 3047120 +RMD160 b3807b3cf4fc577bf071261eff787c481bd4e0ca gnupg-1.4.4.tar.bz2 3047120 +SHA256 d2cafed0a8cde831bdc25218d8b26d4aa373e36d0e0ecfccadf4ca810259ee08 gnupg-1.4.4.tar.bz2 3047120 +MD5 9dc3bc086824a8c7a331f35e09a3e57f idea.c.gz 5216 +RMD160 e35be5a031d10d52341ac5f029d28f811edd908d idea.c.gz 5216 +SHA256 309928da34941dff1d6f6687542ff3d58306d85be9e1a9906bc4f9f8e6011844 idea.c.gz 5216 diff --git a/app-crypt/gnupg/gnupg-1.4.4.ebuild b/app-crypt/gnupg/gnupg-1.4.4.ebuild new file mode 100644 index 000000000000..64049b3cb54a --- /dev/null +++ b/app-crypt/gnupg/gnupg-1.4.4.ebuild @@ -0,0 +1,220 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-1.4.4.ebuild,v 1.1 2006/06/26 22:34:49 robbat2 Exp $ + +inherit eutils flag-o-matic linux-info + +ECCVER=0.1.6 +ECCVER_GNUPG=1.4.3 + +DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement" +HOMEPAGE="http://www.gnupg.org/" +SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2 + idea? ( ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.gz ) + ecc? ( http://alumnes.eps.udl.es/%7Ed4372211/src/${PN}-${ECCVER_GNUPG}-ecc${ECCVER}.diff.bz2 )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc-macos ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="bzip2 curl ecc idea ldap nls readline selinux smartcard static usb zlib X" +# IUSE+=caps + +# caps? ( sys-libs/libcap ) +COMMON_DEPEND=" + ldap? ( net-nds/openldap ) + bzip2? ( app-arch/bzip2 ) + zlib? ( sys-libs/zlib ) + curl? ( net-misc/curl ) + virtual/mta + readline? ( sys-libs/readline ) + smartcard? ( dev-libs/libusb ) + usb? ( dev-libs/libusb )" + +RDEPEND="!static? ( + ${COMMON_DEPEND} + X? ( || ( media-gfx/xloadimage media-gfx/xli ) ) + ) + selinux? ( sec-policy/selinux-gnupg ) + nls? ( virtual/libintl )" + +DEPEND="${COMMON_DEPEND} + dev-lang/perl + nls? ( sys-devel/gettext )" + +pkg_setup() { + # fix bug #113474 - no compiled kernel needed now + if use kernel_linux; then + get_running_version + fi +} + +src_unpack() { + unpack ${A} + + # Jari's patch to boost iterated key setup by factor of 128 + EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-1.4.3-jari.patch + + if use idea; then + ewarn "Please read http://www.gnupg.org/why-not-idea.html" + mv "${WORKDIR}"/idea.c "${S}"/cipher/idea.c || \ + ewarn "failed to insert IDEA module" + fi + + if use ecc; then + EPATCH_OPTS="-p1 -d ${S}" epatch ${PN}-${ECCVER_GNUPG}-ecc${ECCVER}.diff + fi + + # maketest fix + EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-1.4.3-selftest.patch + + # install RU man page in right location + EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-1.4.3-badruman.patch + + # keyserver fix + EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-1.4.3-keyserver.patch + + # Already applied + # fix segfault of empty segfault packages - bug 129218 + # EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-1.4-emptytrustpackets.patch + + cd "${S}" + # Fix PIC definitions + sed -i -e 's:PIC:__PIC__:' mpi/i386/mpih-{add,sub}1.S intl/relocatable.c + sed -i -e 's:if PIC:ifdef __PIC__:' mpi/sparc32v8/mpih-mul{1,2}.S +} + +src_compile() { + # Certain sparc32 machines seem to have trouble building correctly with + # -mcpu enabled. While this is not a gnupg problem, it is a temporary + # fix until the gcc problem can be tracked down. + if [ "${ARCH}" == "sparc" ] && [ "${PROFILE_ARCH}" == "sparc" ]; then + filter-flags -mcpu=supersparc -mcpu=v8 -mcpu=v7 + fi + + # 'USE=static' support was requested in #29299 + use static &&append-ldflags -static + + append-ldflags $(bindnow-flags) + + # fix compile problem on ppc64 + use ppc64 && myconf="${myconf} --disable-asm" + + # $(use_with caps capabilities) \ + econf \ + $(use_enable ldap) \ + --enable-mailto \ + --enable-hkp \ + --enable-finger \ + $(use_with !zlib included-zlib) \ + $(use_with curl libcurl /usr) \ + $(use_enable nls) \ + $(use_enable bzip2) \ + $(use_enable smartcard card-support) \ + $(use_enable selinux selinux-support) \ + --disable-capabilities \ + $(use_with readline) \ + $(use_with usb libusb /usr) \ + $(use_enable static) \ + $(use_enable X photo-viewers) \ + --enable-static-rnd=linux \ + --libexecdir=/usr/libexec \ + --enable-noexecstack \ + ${myconf} || die + # this is because it will run some tests directly + gnupg_fixcheckperms + emake || die +} + +src_install() { + gnupg_fixcheckperms + make DESTDIR="${D}" install || die + + # keep the documentation in /usr/share/doc/... + rm -rf "${D}/usr/share/gnupg/FAQ" "${D}/usr/share/gnupg/faq.html" + + dodoc AUTHORS BUGS ChangeLog NEWS PROJECTS README THANKS \ + TODO VERSION doc/{FAQ,HACKING,DETAILS,ChangeLog,OpenPGP,faq.raw} + + docinto sgml + dodoc doc/*.sgml + + dohtml doc/faq.html + + # install RU documentation in right location + if use linguas_ru + then + cp doc/gpg.ru.1 ${T}/gpg.1 + doman -i18n=ru ${T}/gpg.1 + fi + + # Remove collissions + if use ppc-macos; then + rm ${D}/usr/lib/charset.alias ${D}/usr/share/locale/locale.alias + fi +} + +gnupg_fixcheckperms() { + # GnuPG does weird things for testing that it build correctly + # as we as for the additional tests. It WILL fail with perms 770 :-(. + # See bug #80044 + if has userpriv ${FEATURES}; then + einfo "Fixing permissions in check directory" + chown -R portage:portage ${S}/checks + chmod -R ugo+rw ${S}/checks + chmod ugo+rw ${S}/checks + fi +} + +src_test() { + gnupg_fixcheckperms + einfo "Running tests" + emake check + ret=$? + if [ $ret -ne 0 ]; then + die "Some tests failed! Please report to the Gentoo Bugzilla" + fi +} + +pkg_postinst() { + #if ! use kernel_linux || (! use caps && kernel_is lt 2 6 9); then + if ! use kernel_linux || kernel_is lt 2 6 9; then + chmod u+s,go-r ${ROOT}/usr/bin/gpg + einfo "gpg is installed suid root to make use of protected memory space" + einfo "This is needed in order to have a secure place to store your" + einfo "passphrases, etc. at runtime but may make some sysadmins nervous." + else + chmod u-s,go-r ${ROOT}/usr/bin/gpg + fi + echo + if use idea; then + einfo "-----------------------------------------------------------------------------------" + einfo "IDEA" + ewarn "you have compiled ${PN} with support for the IDEA algorithm, this code" + ewarn "is distributed under the GPL in countries where it is permitted to do so" + ewarn "by law." + einfo + einfo "Please read http://www.gnupg.org/why-not-idea.html for more information." + einfo + ewarn "If you are in a country where the IDEA algorithm is patented, you are permitted" + ewarn "to use it at no cost for 'non revenue generating data transfer between private" + ewarn "individuals'." + einfo + einfo "Countries where the patent applies are listed here" + einfo "http://www.mediacrypt.com/_contents/10_idea/101030_ea_pi.asp" + einfo + einfo "Further information and other licenses are availble from http://www.mediacrypt.com/" + einfo "-----------------------------------------------------------------------------------" + fi + if use ecc; then + einfo + ewarn "The elliptical curves patch is experimental" + einfo "Further info available at http://alumnes.eps.udl.es/%7Ed4372211/index.en.html" + fi + #if use caps; then + # einfo + # ewarn "Capabilities code is experimental" + #fi + einfo + einfo "See http://www.gentoo.org/doc/en/gnupg-user.xml for documentation on gnupg" + einfo +} -- cgit v1.2.3-65-gdbad