app-crypt/gnupg: New upstream version 2.1.12

Fixes;
Gentoo-Bug: 573930
Gentoo-Bug: 575798
Gentoo-Bug: 581966

Package-Manager: portage-2.2.28

4 files changed, 222 insertions, 0 deletions

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 1e455b336932..3c1872315016 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -6,4 +6,5 @@ DIST gnupg-2.0.29.tar.bz2 4416251 SHA256 68ed6b386ba78425b05a60e8ee22785ff0fef19
 DIST gnupg-2.0.30.tar.bz2 4414652 SHA256 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71 SHA512 e60a57f7dc74b44f884fd50d5a9c51cef7df8c098644ebab9ef7d945a40b0e4a285d0dc80b10fe39d8e4c2cc9d6cbbe800a0ddae54883180dc755fe47ced3314 WHIRLPOOL 007315882becc1204edf6833a13610284ce7e1c73429fc3b4170c35ba61c645299f811f01b1bc0506b1cf94ce0de23af4cea33f51cf97397ec61caa15ce3ac6c
 DIST gnupg-2.1.10.tar.bz2 5173253 SHA256 93bd58d81771a4fa488566e5d2e13b1fd7afc86789401eb41731882abfd26cf9 SHA512 ceea93a7e7d30e07839bcc52d4246fd5be1ec81a8c4d4d62059e2b0c0e58fab07a1531016f82bcc506340653d66c73541dd3f5897df7691abeb4068d94957003 WHIRLPOOL 01f92f6020b79b373d4d6879cc39913c575c67a52c1bd425770322de0ce5a9fbd796d800cbb41a15553fd30a6c8f85a794e0b4c09420a2b49f6cb0542cdb52fb
 DIST gnupg-2.1.11.tar.bz2 5224007 SHA256 b7b0fb2c8c5d47d7ec916d4a1097c0ddcb94a12bb1c0ac424ad86b1ee316b61a SHA512 b39f3fb461ad879b1909808434c4b03dab4d1d79aa674fbc88e3d50960184c0c25a840206ff32b760672f1b2153253f4d7a88eb726d8662f629fa04b6739ad31 WHIRLPOOL 486d623e73172a6d7dc7a6e4a5b411e70e0002a960f0398833377b8e8d79e5456a73f945db7c8bbca6ff7fd33fbfb49ca587e3a393094ce0a16d86cd906f7f09
+DIST gnupg-2.1.12.tar.bz2 5510723 SHA256 ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506 SHA512 fdf24d4980ba4011840fd2316a856db2bf50e531071c2bfb899af2b4f5580a9f2992f85a451670a7121d04b608bfb147cefdca1c6f6eb55bc23ecfe5052639e6 WHIRLPOOL ee5a748afee3aa4f8318c1bc1bcbd09232a71853291211f3c5cd8cc44fb70d126185ae9c13086247cd22a9b13c2102f4fa0553e25496c5152f2ce34dc2505d10
 DIST gnupg-2.1.9.tar.bz2 4925167 SHA256 1cb7633a57190beb66f9249cb7446603229b273d4d89331b75c652fa4a29f7b6 SHA512 c19b8cac42b7060caada230b77f36a0b0ed0a05efd519818c5b4057ef0fcb16602f2f3ade2409de2ef353a9e2acc3e5fa106a4449c6929a36a599a82194c0ee0 WHIRLPOOL 105b83e82330a00084a0e9f3d96c8788ac2c9e7831beea0ea42786df4e378dc9e8f2c1a31f12af9c53d363aa71810cd231afdf8f20eab424fea5f59b103033a9
diff --git a/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch
new file mode 100644
index 000000000000..6878ef1e1677
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch
@@ -0,0 +1,12 @@
+diff -Naur tests.old/openpgp/mds.test tests/openpgp/mds.test
+--- tests.old/openpgp/mds.test	2016-05-03 13:13:11.373313389 +0200
++++ tests/openpgp/mds.test	2016-05-03 13:13:31.886755059 +0200
+@@ -63,7 +63,7 @@
+ 
+ [ "$failed" != "" ] && error "$failed failed for empty string"
+ 
+-echo_n "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
++printf "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
+ if have_hash_algo "MD5"; then
+   test_one ":1:"    "C3FCD3D76192E4007DFB496CCA67E13B"
+ fi
diff --git a/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch
new file mode 100644
index 000000000000..debf0bbe9c48
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch
@@ -0,0 +1,50 @@
+From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 11 May 2016 19:27:03 +0900
+Subject: [PATCH 1/1] g10: Fix signature checking.
+
+* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
+walk_kbnode.
+
+--
+
+Thanks to Vincent Brillault (Feandil).
+
+GnuPG-bug-id: 2351
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ g10/sig-check.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/g10/sig-check.c b/g10/sig-check.c
+index 290f19a..7000b48 100644
+--- a/g10/sig-check.c
++++ b/g10/sig-check.c
+@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
+             *is_selfsig = 1;
+         }
+       else
+-        /* See if one of the subkeys was the signer (although this is
+-           extremely unlikely).  */
+         {
+           kbnode_t ctx = NULL;
+           kbnode_t n;
+ 
+-          while ((n = walk_kbnode (kb, &ctx, PKT_PUBLIC_SUBKEY)))
++          /* See if one of the subkeys was the signer (although this
++             is extremely unlikely).  */
++          while ((n = walk_kbnode (kb, &ctx, 0)))
+             {
+-              PKT_public_key *subk = n->pkt->pkt.public_key;
++              PKT_public_key *subk;
++
++              if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY)
++                continue;
++
++              subk = n->pkt->pkt.public_key;
+               if (sig->keyid[0] == subk->keyid[0]
+                   && sig->keyid[1] == subk->keyid[1])
+                 /* Issued by a subkey.  */
+-- 
+2.8.0.rc3
+
diff --git a/app-crypt/gnupg/gnupg-2.1.12.ebuild b/app-crypt/gnupg/gnupg-2.1.12.ebuild
new file mode 100644
index 000000000000..8f95a20671ee
--- /dev/null
+++ b/app-crypt/gnupg/gnupg-2.1.12.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
+HOMEPAGE="http://www.gnupg.org/"
+MY_P="${P/_/-}"
+SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="bzip2 doc +gnutls ldap nls readline selinux smartcard tofu tools usb"
+
+COMMON_DEPEND_LIBS="
+	dev-libs/npth
+	>=dev-libs/libassuan-2.4.1
+	>=dev-libs/libgcrypt-1.6.2[threads]
+	>=dev-libs/libgpg-error-1.21
+	>=dev-libs/libksba-1.2.0
+	>=net-misc/curl-7.10
+	gnutls? ( >=net-libs/gnutls-3.0:0= )
+	sys-libs/zlib
+	ldap? ( net-nds/openldap )
+	bzip2? ( app-arch/bzip2 )
+	readline? ( sys-libs/readline:0= )
+	smartcard? ( usb? ( virtual/libusb:0 ) )
+	tofu? ( >=dev-db/sqlite-3.7 )
+	"
+COMMON_DEPEND_BINS="app-crypt/pinentry
+		   !app-crypt/dirmngr"
+
+# Existence of executables is checked during configuration.
+DEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND_LIBS}
+	${COMMON_DEPEND_BINS}
+	selinux? ( sec-policy/selinux-gpg )
+	nls? ( virtual/libintl )"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-fix-signature-checking.patch" \
+		"${FILESDIR}/${PN}-2.1-fix-gentoo-dash-issue.patch"
+	epatch_user
+}
+
+src_configure() {
+	local myconf=()
+
+	if use smartcard; then
+		myconf+=(
+			--enable-scdaemon
+			$(use_enable usb ccid-driver)
+		)
+	else
+		myconf+=( --disable-scdaemon )
+	fi
+
+	if use elibc_SunOS || use elibc_AIX; then
+		myconf+=( --disable-symcryptrun )
+	else
+		myconf+=( --enable-symcryptrun )
+	fi
+
+	# glib fails and picks up clang's internal stdint.h causing weird errors
+	[[ ${CC} == *clang ]] && \
+		export gl_cv_absolute_stdint_h=/usr/include/stdint.h
+
+	econf \
+		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-large-secmem \
+		--without-adns \
+		"${myconf[@]}" \
+		$(use_enable bzip2) \
+		$(use_enable gnutls) \
+		$(use_with ldap) \
+		$(use_enable nls) \
+		$(use_with readline) \
+		$(use_enable tofu) \
+		CC_FOR_BUILD="$(tc-getBUILD_CC)"
+}
+
+src_compile() {
+	default
+
+	if use doc; then
+		cd doc
+		emake html
+	fi
+}
+
+src_install() {
+	default
+
+	use tools && dobin tools/{convert-from-106,gpg-check-pattern} \
+		tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys,make-dns-cert}
+
+	emake DESTDIR="${D}" -f doc/Makefile uninstall-nobase_dist_docDATA
+	# The help*txt files are read from the datadir by GnuPG directly.
+	# They do not work if compressed or moved!
+	#rm "${ED}"/usr/share/gnupg/help* || die
+
+	dodoc ChangeLog NEWS README THANKS TODO VERSION doc/FAQ doc/DETAILS \
+		doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER doc/help*
+
+	dosym gpg2 /usr/bin/gpg
+	dosym gpgv2 /usr/bin/gpgv
+	echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1
+	echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1
+
+	dodir /etc/env.d
+	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg
+
+	if use doc; then
+		dohtml doc/gnupg.html/* doc/*.png
+	fi
+}
+
+pkg_postinst() {
+	elog "If you wish to view images emerge:"
+	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
+	elog "Remember to use photo-viewer option in configuration file to activate"
+	elog "the right viewer."
+	elog
+
+	if use smartcard; then
+		elog "To use your OpenPGP smartcard (or token) with GnuPG you need one of"
+		use usb && elog " - a CCID-compatible reader, used directly through libusb;"
+		elog " - sys-apps/pcsc-lite and a compatible reader device;"
+		elog " - dev-libs/openct and a compatible reader device;"
+		elog " - a reader device and drivers exporting either PC/SC or CT-API interfaces."
+		elog ""
+		elog "General hint: you probably want to try installing sys-apps/pcsc-lite and"
+		elog "app-crypt/ccid first."
+	fi
+
+	ewarn "Please remember to restart gpg-agent if a different version"
+	ewarn "of the agent is currently used. If you are unsure of the gpg"
+	ewarn "agent you are using please run 'killall gpg-agent',"
+	ewarn "and to start a fresh daemon just run 'gpg-agent --daemon'."
+
+	if [[ -n ${REPLACING_VERSIONS} ]]; then
+		elog "If upgrading from a version prior than 2.1 you might have to re-import"
+		elog "secret keys after restarting the gpg-agent as the new version is using"
+		elog "a new storage mechanism."
+		elog "You can migrate the keys using gpg --import \$HOME/.gnupg/secring.gpg"
+	fi
+}