Skip to content

Commit

Permalink
Merge branch 'master' of git.funtoo.org:funtoo-overlay
Browse files Browse the repository at this point in the history
  • Loading branch information
@danielrobbins
danielrobbins committed Apr 27, 2013
2 parents de460ba + 626f37f commit 94755b2
Show file tree
Hide file tree
Showing 24 changed files with 892 additions and 25 deletions.
1 change: 1 addition & 0 deletions app-crypt/gnupg/Manifest
View file
@@ -0,0 +1 @@
DIST gnupg-2.0.19.tar.bz2 4187460 SHA256 efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622 SHA512 9bfc83ebca29ca8e3dde803ba494adb3c4e2fdcacbf33b5592764fe187dbe2433e04ff53734a9c3197358d559c1046098707089ddbea9fa63c849d48ce73ca51 WHIRLPOOL 026f9a8740322b951b256ec87fabb8a1b3ad2114208f52c2082b73b2193d1be8e276f0f526762bbebb04e612351162eb78c9c50eeb058e35fad9c4df1d7db540
34 changes: 34 additions & 0 deletions app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
View file
@@ -0,0 +1,34 @@
From c34486a64c223bcbfbb57d9abcf107d684b815b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
Date: Sun, 17 Apr 2011 01:34:39 +0200
Subject: [PATCH] gpgsm-gencert.sh: make sure not to abort after creating temp
file.

https://bugs.g10code.com/gnupg/issue1466

---
tools/gpgsm-gencert.sh | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/gpgsm-gencert.sh b/tools/gpgsm-gencert.sh
index b209c8e..e7c812f 100755
--- a/tools/gpgsm-gencert.sh
+++ b/tools/gpgsm-gencert.sh
@@ -178,10 +178,10 @@ Key-Length: $KEY_LENGTH
Key-Usage: $KEY_USAGE
Name-DN: $NAME
EOF
-[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP"
-[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES"
-[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES"
-[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES"
+[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP" || true
+[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES" || true
+[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES" || true
+[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES" || true
) > "$file_parameter"


--
1.7.5.rc1

31 changes: 31 additions & 0 deletions app-crypt/gnupg/files/gnupg-2.0.19-stdint_-h.patch
View file
@@ -0,0 +1,31 @@
diff --git a/gl/stdinit_.h b/gl/stdint_.h

--- a/gl/stdint_.h 2012-12-26 15:40:09.771486357 -0500
+++ b/gl/stdint_.h 2012-12-26 15:41:45.409931190 -0500
@@ -62,7 +62,8 @@
int{8,16,32,64}_t, uint{8,16,32,64}_t and __BIT_TYPES_DEFINED__.
<inttypes.h> also defines intptr_t and uintptr_t. */
# define _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H
-# include <inttypes.h>
+// This line breaks Clang/LLVM Builds.
+//# include <inttypes.h>
# undef _GL_JUST_INCLUDE_ABSOLUTE_INTTYPES_H
#elif @HAVE_SYS_INTTYPES_H@
/* Solaris 7 <sys/inttypes.h> has the types except the *_fast*_t types, and
@@ -206,10 +207,12 @@

/* 7.18.1.4. Integer types capable of holding object pointers */

-#undef intptr_t
-#undef uintptr_t
-#define intptr_t long int
-#define uintptr_t unsigned long int
+/* Comment this out, it breaks Clang/LLVM builds. */
+
+//#undef intptr_t
+//#undef uintptr_t
+//#define intptr_t long int
+//#define uintptr_t unsigned long int

/* 7.18.1.5. Greatest-width integer types */

184 changes: 184 additions & 0 deletions app-crypt/gnupg/files/gnupg-2.0.19-support-sc-key-3072.patch
View file
@@ -0,0 +1,184 @@
From ab4ea45f54006eba55db11263431c4c0c4f557dc Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 6 Nov 2012 14:39:22 +0100
Subject: [PATCH 1/1] Allow decryption with card keys > 3072 bit

* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data

* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.

--

Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
---
g10/call-agent.c | 22 ++++++++++++++--------
scd/app-openpgp.c | 10 ++++++++++
scd/command.c | 38 ++++++++++++++++++++++++++++++++------
3 files changed, 56 insertions(+), 14 deletions(-)

diff --git a/g10/call-agent.c b/g10/call-agent.c
index cded773..373d8c9 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1034,7 +1034,7 @@ agent_scd_pksign (const char *serialno, int hashalgo,


/* Decrypt INDATA of length INDATALEN using the card identified by
- SERIALNO. Return the plaintext in a nwly allocated buffer stored
+ SERIALNO. Return the plaintext in a newly allocated buffer stored
at the address of R_BUF.

Note, we currently support only RSA or more exactly algorithms
@@ -1058,20 +1058,26 @@ agent_scd_pkdecrypt (const char *serialno,
return rc;

/* FIXME: use secure memory where appropriate */
- if (indatalen*2 + 50 > DIM(line))
- return gpg_error (GPG_ERR_GENERAL);

rc = select_openpgp (serialno);
if (rc)
return rc;

- sprintf (line, "SCD SETDATA ");
- p = line + strlen (line);
- for (i=0; i < indatalen ; i++, p += 2 )
- sprintf (p, "%02X", indata[i]);
- rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ for (len = 0; len < indatalen;)
+ {
+ p = stpcpy (line, "SCD SETDATA ");
+ if (len)
+ p = stpcpy (p, "--append ");
+ for (i=0; len < indatalen && (i*2 < DIM(line)-50); i++, len++)
+ {
+ sprintf (p, "%02X", indata[len]);
+ p += 2;
+ }
+ rc = assuan_transact (agent_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return rc;
+ }

init_membuf (&data, 1024);
snprintf (line, DIM(line)-1, "SCD PKDECRYPT %s", serialno);
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index ff26b36..141b2b7 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -158,6 +158,8 @@ struct app_local_s {

unsigned char status_indicator; /* The card status indicator. */

+ unsigned int manufacturer:16; /* Manufacturer ID from the s/n. */
+
/* Keep track of the ISO card capabilities. */
struct
{
@@ -3462,6 +3464,12 @@ do_decipher (app_t app, const char *keyidstr,
indata, indatalen, le_value, padind,
outdata, outdatalen);
xfree (fixbuf);
+
+ if (gpg_err_code (rc) == GPG_ERR_CARD /* actual SW is 0x640a */
+ && app->app_local->manufacturer == 5
+ && app->card_version == 0x0200)
+ log_info ("NOTE: Cards with manufacturer id 5 and s/n <= 346 (0x15a)"
+ " do not work with encryption keys > 2048 bits\n");
}

return rc;
@@ -3749,6 +3757,8 @@ app_select_openpgp (app_t app)
goto leave;
}

+ app->app_local->manufacturer = manufacturer;
+
if (app->card_version >= 0x0200)
app->app_local->extcap.is_v2 = 1;

diff --git a/scd/command.c b/scd/command.c
index 6053fc6..3ce4a57 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -46,6 +46,9 @@
/* Maximum allowed size of key data as used in inquiries. */
#define MAXLEN_KEYDATA 4096

+/* Maximum allowed total data size for SETDATA. */
+#define MAXLEN_SETDATA 4096
+
/* Maximum allowed size of certificate data as used in inquiries. */
#define MAXLEN_CERTDATA 16384

@@ -820,17 +823,24 @@ cmd_readkey (assuan_context_t ctx, char *line)


static const char hlp_setdata[] =
- "SETDATA <hexstring> \n"
+ "SETDATA [--append] <hexstring>\n"
"\n"
- "The client should use this command to tell us the data he want to sign.";
+ "The client should use this command to tell us the data he want to sign.\n"
+ "With the option --append, the data is appended to the data set by a\n"
+ "previous SETDATA command.";
static gpg_error_t
cmd_setdata (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
- int n;
+ int append;
+ int n, i, off;
char *p;
unsigned char *buf;

+ append = (ctrl->in_data.value && has_option (line, "--append"));
+
+ line = skip_options (line);
+
if (locked_session && locked_session != ctrl->server_local)
return gpg_error (GPG_ERR_LOCKED);

@@ -844,14 +854,30 @@ cmd_setdata (assuan_context_t ctx, char *line)
if ((n&1))
return set_error (GPG_ERR_ASS_PARAMETER, "odd number of digits");
n /= 2;
+ if (append)
+ {
+ if (ctrl->in_data.valuelen + n > MAXLEN_SETDATA)
+ return set_error (GPG_ERR_TOO_LARGE,
+ "limit on total size of data reached");
+ buf = xtrymalloc (ctrl->in_data.valuelen + n);
+ }
+ else
buf = xtrymalloc (n);
if (!buf)
return out_of_core ();

+ if (append)
+ {
+ memcpy (buf, ctrl->in_data.value, ctrl->in_data.valuelen);
+ off = ctrl->in_data.valuelen;
+ }
+ else
+ off = 0;
+ for (p=line, i=0; i < n; p += 2, i++)
+ buf[off+i] = xtoi_2 (p);
+
ctrl->in_data.value = buf;
- ctrl->in_data.valuelen = n;
- for (p=line, n=0; n < ctrl->in_data.valuelen; p += 2, n++)
- buf[n] = xtoi_2 (p);
+ ctrl->in_data.valuelen = off + n;
return 0;
}

--
1.7.2.5

38 changes: 38 additions & 0 deletions app-crypt/gnupg/files/gnupg-2.0.19-texinfo-5.patch
View file
@@ -0,0 +1,38 @@
diff -ru gnupg-2.0.19.orig/doc/gpgsm.texi gnupg-2.0.19/doc/gpgsm.texi
--- gnupg-2.0.19.orig/doc/gpgsm.texi 2012-03-27 10:03:23.000000000 +0200
+++ gnupg-2.0.19/doc/gpgsm.texi 2013-04-10 11:46:02.179960198 +0200
@@ -760,8 +760,8 @@
This is the standard configuration file read by @command{gpgsm} on
startup. It may contain any valid long option; the leading two dashes
may not be entered and the option may not be abbreviated. This default
-name may be changed on the command line (@pxref{option
- --options}). You should backup this file.
+name may be changed on the command line (@pxref{option --options}).
+You should backup this file.


@item policies.txt
diff -ru gnupg-2.0.19.orig/doc/gpl.texi gnupg-2.0.19/doc/gpl.texi
--- gnupg-2.0.19.orig/doc/gpl.texi 2012-03-27 10:03:23.000000000 +0200
+++ gnupg-2.0.19/doc/gpl.texi 2013-04-10 12:45:20.988492453 +0200
@@ -659,12 +659,14 @@
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.

+@end enumerate
+
@iftex
@heading END OF TERMS AND CONDITIONS
@end iftex
@ifinfo
@center END OF TERMS AND CONDITIONS
@end ifinfo
@unnumberedsec How to Apply These Terms to Your New Programs

If you develop a new program, and you want it to be of the greatest
@@ -721,5 +724,3 @@
applications with the library. If this is what you want to do, use
the GNU Lesser General Public License instead of this License. But
first, please read @url{http://www.gnu.org/philosophy/why-not-lgpl.html}.
-
-@end enumerate

0 comments on commit 94755b2

Please sign in to comment.