From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 134F91396D0 for ; Fri, 11 Aug 2017 16:50:30 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6A186E090A; Fri, 11 Aug 2017 16:50:29 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3ADA0E090A for ; Fri, 11 Aug 2017 16:50:29 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 01DA03416A3 for ; Fri, 11 Aug 2017 16:50:28 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 782AE7491 for ; Fri, 11 Aug 2017 16:50:26 +0000 (UTC) From: "Kristian Fiskerstrand" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Kristian Fiskerstrand" Message-ID: <1502470106.a12f7eafa84c6cb0cf6d643c55ef027f33b8147e.k_f@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/, app-crypt/gnupg/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-crypt/gnupg/Manifest app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch app-crypt/gnupg/gnupg-2.1.23.ebuild X-VCS-Directories: app-crypt/gnupg/ app-crypt/gnupg/files/ X-VCS-Committer: k_f X-VCS-Committer-Name: Kristian Fiskerstrand X-VCS-Revision: a12f7eafa84c6cb0cf6d643c55ef027f33b8147e X-VCS-Branch: master Date: Fri, 11 Aug 2017 16:50:26 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 185afd8b-8ab2-47cd-bbfc-7a4328f1a46c X-Archives-Hash: 7127f36fa716a3dae643c5a0b376796c commit: a12f7eafa84c6cb0cf6d643c55ef027f33b8147e Author: Kristian Fiskerstrand gentoo org> AuthorDate: Fri Aug 11 16:15:46 2017 +0000 Commit: Kristian Fiskerstrand gentoo org> CommitDate: Fri Aug 11 16:48:26 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a12f7eaf app-crypt/gnupg: New upstream version 2.1.23 Reverting to default of no --auto-key-retrieve as this has information leak potential that should not be enabled in default configuration. The change is also reverted upstream Package-Manager: Portage-2.3.6, Repoman-2.3.1 app-crypt/gnupg/Manifest | 1 + ....1.23-gpg-default-to-no-auto-key-retrieve.patch | 71 ++++++++++++ app-crypt/gnupg/gnupg-2.1.23.ebuild | 124 +++++++++++++++++++++ 3 files changed, 196 insertions(+) diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest index 77cdbd2968f..07c1872aeaf 100644 --- a/app-crypt/gnupg/Manifest +++ b/app-crypt/gnupg/Manifest @@ -2,3 +2,4 @@ DIST gnupg-1.4.21.tar.bz2 3689305 SHA256 6b47a3100c857dcab3c60e6152e56a997f2c786 DIST gnupg-2.1.15.tar.bz2 5723689 SHA256 c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd SHA512 69c943e853e1a37e8b17b3bc34e1503f14bc8f189fa9f3ac6644bcc98ccce6eaef64da20ff9dd1c8de3a7789ea577167984ccf3ac286cac50752e6f7c2f42ab1 WHIRLPOOL 4c5a8cd4e8b7196f4a355ce7739cf6e23c43817414e10bbba219117e4e51c4c618ffb5dbce27cb836a2171eda58e003d5ddf78d4af09a813c2a1729963413151 DIST gnupg-2.1.20.tar.bz2 6456128 SHA256 24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d SHA512 14a9890bc64e143f87cff121dd298d490d78dbd34e36883e0f25763ff9064e5706a7632893d7c5d0e8e9b8cf9cdb0d378b4ce1715348729f0fc080455b61eca9 WHIRLPOOL fa6cbd66031cac41db308b10bebec87e37a19d3c63219d22fb874d7d016bcad057b93eeece7a64001718ee1f881199e3d3eebc8ef6625691f553b0d2dbc92624 DIST gnupg-2.1.22.tar.bz2 6530433 SHA256 46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7 SHA512 d2ccbf32716a701df9e4ad5c19b682daf1a02b0bf8a1751a32af6db0c9284a4ee7df91310bed1a2087911a9964cb7b7f2ca9dad32a880ed1e1465d8048605e16 WHIRLPOOL 3a87914898e2f164f7effa67e0e8f5ccb48aed0e9e4d65559d73783478ee509f7876ef7ef77ec9c43de2611a8a2ecdcbfbd443ab5de119203b20e316473e4e75 +DIST gnupg-2.1.23.tar.bz2 6526734 SHA256 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77 SHA512 8b8be0784129f5aa0ccde32a413a68c36e0e4131abe70c3eb186958c60f3df1023deb2db2db84d63ad30a3408a75c7622b430aff1a524ff28a24be511c952412 WHIRLPOOL deb4e933108e0a77b941ed95732eab2ee77af175bd776f3f5dbd25bb38b37dcdf09ae8eee7cd39a09883c3757b81688e48b5a07d6f43419a4453d4ba38541c14 diff --git a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch new file mode 100644 index 00000000000..4cc414d18e3 --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch @@ -0,0 +1,71 @@ +From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor +Date: Fri, 11 Aug 2017 02:26:52 -0400 +Subject: [PATCH] gpg: default to --no-auto-key-retrieve. + +* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the +default keyserver options. +* doc/gpg.texi: document this change. +-- + +This is a partial reversion of +7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it +earlier today, and came to the conclusion that: + + * the risk of metadata leakage represented by a default + --auto-key-retrieve, both in e-mail (as a "web bug") and in other + contexts where GnuPG is used to verified signatures, is quite high. + + * the advantages of --auto-key-retrieve (in terms of signature + verification) can sometimes be achieved in other ways, such as when + a signed message includes a copy of its own key. + + * when those other ways are not useful, a graphical, user-facing + application can still offer the user the opportunity to choose to + fetch the key; or it can apply its own policy about when to set + --auto-key-retrieve, without needing to affect the defaults. + +Note that --auto-key-retrieve is specifically about signature +verification. Decisions about how and whether to look up a key during +message encryption are governed by --auto-key-locate. This change +does not touch the --auto-key-locate default of "local,wkd". The user +deliberately asking gpg to encrypt to an e-mail address is a different +scenario than having an incoming e-mail trigger a potentially unique +network request. + +Signed-off-by: Daniel Kahn Gillmor +--- + doc/gpg.texi | 2 +- + g10/gpg.c | 3 +-- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index c71126a97..b6a9b2d70 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1792,7 +1792,7 @@ list. The default is "local,wkd". + @opindex no-auto-key-retrieve + These options enable or disable the automatic retrieving of keys from + a keyserver when verifying signatures made by keys that are not on the +-local keyring. The default is @option{--auto-key-retrieve}. ++local keyring. The default is @option{--no-auto-key-retrieve}. + + If the method "wkd" is included in the list of methods given to + @option{auto-key-locate}, the signer's user ID is part of the +diff --git a/g10/gpg.c b/g10/gpg.c +index c721cdc4a..c9fa7ae5b 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2366,8 +2366,7 @@ main (int argc, char **argv) + opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS + | IMPORT_REPAIR_PKS_SUBKEY_BUG); + opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; +- opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD +- | KEYSERVER_AUTO_KEY_RETRIEVE); ++ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.verify_options = (LIST_SHOW_UID_VALIDITY + | VERIFY_SHOW_POLICY_URLS + | VERIFY_SHOW_STD_NOTATIONS +-- +2.13.0 + diff --git a/app-crypt/gnupg/gnupg-2.1.23.ebuild b/app-crypt/gnupg/gnupg-2.1.23.ebuild new file mode 100644 index 00000000000..9564b859cdf --- /dev/null +++ b/app-crypt/gnupg/gnupg-2.1.23.ebuild @@ -0,0 +1,124 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit systemd toolchain-funcs + +MY_P="${P/_/-}" + +DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation" +HOMEPAGE="http://www.gnupg.org/" +SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="bzip2 doc +gnutls ldap nls readline selinux +smartcard tofu tools usb wks-server" + +COMMON_DEPEND_LIBS=" + >=dev-libs/npth-1.2 + >=dev-libs/libassuan-2.4.3 + >=dev-libs/libgcrypt-1.7.3 + >=dev-libs/libgpg-error-1.24 + >=dev-libs/libksba-1.3.4 + >=net-misc/curl-7.10 + gnutls? ( >=net-libs/gnutls-3.0:0= ) + sys-libs/zlib + ldap? ( net-nds/openldap ) + bzip2? ( app-arch/bzip2 ) + readline? ( sys-libs/readline:0= ) + smartcard? ( usb? ( virtual/libusb:0 ) ) + tofu? ( >=dev-db/sqlite-3.7 ) + " +COMMON_DEPEND_BINS="app-crypt/pinentry + !app-crypt/dirmngr" + +# Existence of executables is checked during configuration. +DEPEND="${COMMON_DEPEND_LIBS} + ${COMMON_DEPEND_BINS} + nls? ( sys-devel/gettext ) + doc? ( sys-apps/texinfo )" + +RDEPEND="${COMMON_DEPEND_LIBS} + ${COMMON_DEPEND_BINS} + selinux? ( sec-policy/selinux-gpg ) + nls? ( virtual/libintl )" + +S="${WORKDIR}/${MY_P}" + +DOCS=( + ChangeLog NEWS README THANKS TODO VERSION + doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER +) + +PATCHES=( + "${FILESDIR}/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch" + "${FILESDIR}/${P}-gpg-default-to-no-auto-key-retrieve.patch" +) + +src_configure() { + local myconf=() + + if use smartcard; then + myconf+=( + --enable-scdaemon + $(use_enable usb ccid-driver) + ) + else + myconf+=( --disable-scdaemon ) + fi + + if use elibc_SunOS || use elibc_AIX; then + myconf+=( --disable-symcryptrun ) + else + myconf+=( --enable-symcryptrun ) + fi + + # glib fails and picks up clang's internal stdint.h causing weird errors + [[ ${CC} == *clang ]] && \ + export gl_cv_absolute_stdint_h=/usr/include/stdint.h + + econf \ + "${myconf[@]}" \ + $(use_enable bzip2) \ + $(use_enable gnutls) \ + $(use_enable nls) \ + $(use_enable tofu) \ + $(use_enable wks-server wks-tools) \ + $(use_with ldap) \ + $(use_with readline) \ + --enable-gpg \ + --enable-gpgsm \ + --enable-large-secmem \ + --enable-all-tests \ + CC_FOR_BUILD="$(tc-getBUILD_CC)" +} + +src_compile() { + default + + use doc && emake -C doc html +} + +src_install() { + default + + use tools && + dobin \ + tools/{convert-from-106,gpg-check-pattern} \ + tools/{gpg-zip,gpgconf,gpgsplit,lspgpot,mail-signed-keys} \ + tools/make-dns-cert + + dosym gpg /usr/bin/gpg2 + dosym gpgv /usr/bin/gpgv2 + echo ".so man1/gpg2.1" > "${ED}"/usr/share/man/man1/gpg.1 || die + echo ".so man1/gpgv2.1" > "${ED}"/usr/share/man/man1/gpgv.1 || die + + dodir /etc/env.d + echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die + + use doc && dodoc doc/gnupg.html/* doc/*.png + + systemd_douserunit doc/examples/systemd-user/*.{service,socket} +}