app-crypt/gnupg: Fix regression from 2.1.19

Gentoo-Bug: 616336

Package-Manager: Portage-2.3.3, Repoman-2.3.1

3 files changed, 235 insertions, 0 deletions

diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch
new file mode 100644
index 000000000000..292fc264ac84
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch
@@ -0,0 +1,27 @@
+From 692208fd6c1547cc7dd2062a1d1c9499bc0a8be4 Mon Sep 17 00:00:00 2001
+From: Justus Winter <justus@g10code.com>
+Date: Mon, 8 May 2017 13:52:39 +0200
+Subject: [PATCH] gpg: Fix typo.
+
+--
+Signed-off-by: Justus Winter <justus@g10code.com>
+---
+ g10/packet.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/packet.h b/g10/packet.h
+index a10495c..d42510d 100644
+--- a/g10/packet.h
++++ b/g10/packet.h
+@@ -623,7 +623,7 @@ struct parse_packet_ctx_s
+   iobuf_t inp;       /* The input stream with the packets.  */
+   struct packet_struct last_pkt; /* The last parsed packet.  */
+   int free_last_pkt; /* Indicates that LAST_PKT must be freed.  */
+-  int skip_meta;     /* Skip right trust packets.  */
++  int skip_meta;     /* Skip ring trust packets.  */
+ };
+ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+ 
+-- 
+2.10.2
+
diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
new file mode 100644
index 000000000000..58568db47d2a
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
@@ -0,0 +1,86 @@
+From 22739433e98be80e46fe7d01d52a9627c1aebaae Mon Sep 17 00:00:00 2001
+From: Justus Winter <justus@g10code.com>
+Date: Mon, 8 May 2017 14:24:00 +0200
+Subject: [PATCH] gpg: Properly account for ring trust packets.
+
+* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
+instead of counting ourself.
+* g10/packet.h (struct parse_packet_ctx_s): New field
+'n_parsed_packets'.
+(init_parse_packet): Initialize new field.
+* g10/parse-packet.c (parse): Count packets.
+--
+
+The 'keyring' keystore depends on the number of packets for delete and
+update operations.  With the rework of the ring trust packets, the
+trust packets were no longer properly accounted for leading to keyring
+corruptions.
+
+The 'keybox' store was not affected.
+
+GnuPG-bug-id: 3123
+GnuPG-bug-id: 3135
+GnuPG-bug-id: 3144
+Fixes-commit: a8895c99a7d0750132477d80cd66caaf3a709113
+Signed-off-by: Justus Winter <justus@g10code.com>
+---
+ g10/keyring.c      | 4 ++--
+ g10/packet.h       | 2 ++
+ g10/parse-packet.c | 3 +++
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/g10/keyring.c b/g10/keyring.c
+index e223f0f..50f1b82 100644
+--- a/g10/keyring.c
++++ b/g10/keyring.c
+@@ -409,11 +409,11 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
+     pkt = xmalloc (sizeof *pkt);
+     init_packet (pkt);
+     init_parse_packet (&parsectx, a);
+-    hd->found.n_packets = 0;;
++    hd->found.n_packets = 0;
+     lastnode = NULL;
+     save_mode = set_packet_list_mode(0);
+     while ((rc=parse_packet (&parsectx, pkt)) != -1) {
+-        hd->found.n_packets++;
++        hd->found.n_packets = parsectx.n_parsed_packets;
+         if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) {
+ 	    free_packet (pkt, &parsectx);
+ 	    init_packet (pkt);
+diff --git a/g10/packet.h b/g10/packet.h
+index d42510d..cf2121c 100644
+--- a/g10/packet.h
++++ b/g10/packet.h
+@@ -624,6 +624,7 @@ struct parse_packet_ctx_s
+   struct packet_struct last_pkt; /* The last parsed packet.  */
+   int free_last_pkt; /* Indicates that LAST_PKT must be freed.  */
+   int skip_meta;     /* Skip ring trust packets.  */
++  unsigned int n_parsed_packets;	/* Number of parsed packets.  */
+ };
+ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+ 
+@@ -633,6 +634,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+     (a)->last_pkt.pkt.generic= NULL;\
+     (a)->free_last_pkt = 0;         \
+     (a)->skip_meta = 0;             \
++    (a)->n_parsed_packets = 0;      \
+   } while (0)
+ 
+ #define deinit_parse_packet(a) do { \
+diff --git a/g10/parse-packet.c b/g10/parse-packet.c
+index fa44f83..dbb7af8 100644
+--- a/g10/parse-packet.c
++++ b/g10/parse-packet.c
+@@ -764,6 +764,9 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos,
+                 partial? (new_ctb ? " partial" : " indeterminate") :"",
+                 new_ctb? " new-ctb":"");
+ 
++  /* Count it.  */
++  ctx->n_parsed_packets++;
++
+   pkt->pkttype = pkttype;
+   rc = GPG_ERR_UNKNOWN_PACKET;	/* default error */
+   switch (pkttype)
+-- 
+2.10.2
+
diff --git a/app-crypt/gnupg/gnupg-2.1.20-r1.ebuild b/app-crypt/gnupg/gnupg-2.1.20-r1.ebuild
new file mode 100644
index 000000000000..0eb7d7538aa3
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.20-r1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+LICENSE="GPL-3"
+
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+
+SLOT="0"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server"
+
+COMMON_DEPEND_LIBS="
+	>=dev-libs/npth-1.2
+	>=dev-libs/libassuan-2.4.3
+	>=dev-libs/libgcrypt-1.7.3
+	>=dev-libs/libgpg-error-1.24
+	>=dev-libs/libksba-1.3.4
+	>=net-misc/curl-7.10
+	gnutls? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+	!app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=(
+	ChangeLog NEWS README THANKS TODO VERSION
+	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
+)
+
+PATCHES=(
+	"${FILESDIR}/${P}-gpg-Fix-typo.patch"
+	"${FILESDIR}/${P}-gpg-Properly-account-for-ring-trust-packets.patch"
+	"${FILESDIR}/${P}-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch"
+)
+
+src_configure() {
+	local myconf=()
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable gnutls) \
+		$(use_enable nls) \
+		$(use_enable tofu) \
+		$(use_enable wks-server wks-tools) \
+		$(use_with ldap) \
+		$(use_with readline) \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+	default
+
+	use doc && emake -C doc html
+}
+
+src_install() {
+	default
+
+	use tools &&
+		dobin \
+			tools/{convert-from-106,gpg-check-pattern} \
+			tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \
+			tools/make-dns-cert
+
+	dosym gpg2 /usr/bin/gpg
+	dosym gpgv2 /usr/bin/gpgv
+	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+	use doc && dodoc doc/gnupg.html/* doc/*.png
+}