public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/
Date: Thu, 14 Jul 2022 00:49:49 +0000 (UTC)	[thread overview]
Message-ID: <1657759769.70a5cc46592ba76ffa08535b1c60f9cc59470e88.sam@gentoo> (raw)

commit:     70a5cc46592ba76ffa08535b1c60f9cc59470e88
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 14 00:49:29 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jul 14 00:49:29 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70a5cc46

app-crypt/gnupg: backport yubikey fix

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/gnupg-2.3.7-yubikey-workaround-fix.patch | 53 ++++++++++++++++++++++
 .../{gnupg-2.3.7.ebuild => gnupg-2.3.7-r1.ebuild}  |  1 +
 2 files changed, 54 insertions(+)

diff --git a/app-crypt/gnupg/files/gnupg-2.3.7-yubikey-workaround-fix.patch b/app-crypt/gnupg/files/gnupg-2.3.7-yubikey-workaround-fix.patch
new file mode 100644
index 000000000000..94062c885b5b
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.3.7-yubikey-workaround-fix.patch
@@ -0,0 +1,53 @@
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f34b9147eb3070bce80d53febaa564164cd6c977
+
+From f34b9147eb3070bce80d53febaa564164cd6c977 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 13 Jul 2022 10:40:55 +0900
+Subject: [PATCH] scd:openpgp: Fix workaround for Yubikey heuristics.
+
+* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
+of firmware 5.4, too.
+
+--
+
+GnuPG-bug-id: 6070
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+--- a/scd/app-openpgp.c
++++ b/scd/app-openpgp.c
+@@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno)
+       app->app_local->keyattr[keyno].ecc.algo = *buffer;
+       app->app_local->keyattr[keyno].ecc.flags = 0;
+ 
+-      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY
+-	  || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
+-        { /* Found "pubkey required"-byte for private key template.  */
+-          oidlen--;
+-          if (buffer[buflen-1] == 0xff)
+-            app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
++      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
++        {
++          /* Yubikey implementations vary.
++           * Firmware version 5.2 returns "pubkey required"-byte with
++           * 0x00, but after removal and second time insertion, it
++           * returns bogus value there.
++           * Firmware version 5.4 returns none.
++           */
++          curve = ecc_curve (buffer + 1, oidlen);
++          if (!curve)
++            curve = ecc_curve (buffer + 1, oidlen - 1);
++        }
++      else
++        {
++          if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
++            { /* Found "pubkey required"-byte for private key template.  */
++              oidlen--;
++              if (buffer[buflen-1] == 0xff)
++                app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
++            }
++          curve = ecc_curve (buffer + 1, oidlen);
+         }
+-
+-      curve = ecc_curve (buffer + 1, oidlen);
+ 
+       if (!curve)
+         {

diff --git a/app-crypt/gnupg/gnupg-2.3.7.ebuild b/app-crypt/gnupg/gnupg-2.3.7-r1.ebuild
similarity index 99%
rename from app-crypt/gnupg/gnupg-2.3.7.ebuild
rename to app-crypt/gnupg/gnupg-2.3.7-r1.ebuild
index 6f376da7aafd..54821c7edea1 100644
--- a/app-crypt/gnupg/gnupg-2.3.7.ebuild
+++ b/app-crypt/gnupg/gnupg-2.3.7-r1.ebuild
@@ -57,6 +57,7 @@ DOCS=(
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+	"${FILESDIR}"/${P}-yubikey-workaround-fix.patch
 )
 
 src_prepare() {


             reply	other threads:[~2022-07-14  6:10 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-14  0:49 Sam James [this message]
  -- strict thread matches above, loose matches on Subject: below --
2025-01-25 17:24 [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/ Sam James
2024-11-03  9:04 Sam James
2024-11-03  9:04 Sam James
2024-06-24  4:00 Sam James
2024-03-04  3:08 Sam James
2024-03-04  3:02 Sam James
2023-07-06  0:06 Sam James
2023-06-10 21:02 Sam James
2023-05-23  4:13 Sam James
2022-09-23  1:06 Sam James
2022-06-30 20:01 Sam James
2022-04-25 16:06 Sam James
2021-04-08  9:21 Lars Wendler
2020-09-01  9:41 Mikle Kolyada
2020-03-21 16:47 Mikle Kolyada
2018-02-07 20:44 Kristian Fiskerstrand
2017-03-18  3:12 Robin H. Johnson
2017-02-18 18:35 Alon Bar-Lev
2017-02-18 18:35 Alon Bar-Lev
2017-01-23 17:54 Alon Bar-Lev
2017-01-04 12:43 Kristian Fiskerstrand
2016-11-22 18:31 Kristian Fiskerstrand
2016-06-16 19:34 Kristian Fiskerstrand
2016-05-19 21:16 Kristian Fiskerstrand
2016-02-12 21:41 Kristian Fiskerstrand
2015-12-19 10:37 Kristian Fiskerstrand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1657759769.70a5cc46592ba76ffa08535b1c60f9cc59470e88.sam@gentoo \
    --to=sam@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox