[gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/

["Sam James" <sam@gentoo.org>]

commit:     5e78080cd2080248c2b0bb0492129984edf3870a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar  4 03:01:39 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar  4 03:01:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e78080c

app-crypt/gnupg: drop 2.4.3-r1, 2.4.4

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/gnupg/Manifest                          |   2 -
 app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch | 564 ----------------------
 app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch   |  28 --
 app-crypt/gnupg/gnupg-2.4.3-r1.ebuild             | 198 --------
 app-crypt/gnupg/gnupg-2.4.4.ebuild                | 198 --------
 5 files changed, 990 deletions(-)

diff --git a/app-crypt/gnupg/Manifest b/app-crypt/gnupg/Manifest
index 8f3cf322eb30..49aeaaea809e 100644
--- a/app-crypt/gnupg/Manifest
+++ b/app-crypt/gnupg/Manifest
@@ -2,7 +2,5 @@ DIST gnupg-2.2.41.tar.bz2 7313746 BLAKE2B 0be2965a646a8636a127f89329030860908b0b
 DIST gnupg-2.2.41.tar.bz2.sig 238 BLAKE2B 7a4dc8dd4b3da77f6684325f46e3e3b1aeac6fcd8382e3148da1a01a5c5a9e14c1352fb28b61e500388d647e1103b8f78ad49e467e01b732c4a13eb849859b98 SHA512 ac6edd35c6b02a02d6c8a4468332213f20159f972aa2f7fd25c6841c662b3d84db5230330d540e0785ddaff080daf8dd250292104ff47560ad59c11803aabefa
 DIST gnupg-2.2.42.tar.bz2 7434291 BLAKE2B 5f7f01f31949e5258d638fbff81fa641e5c167e6eaf32c55eb187d4a31b31cd4fe6e51c622e74d8544c4f95c75484e15117f26a8cf26055ff6813d75e54f2b8a SHA512 9c59d034f428d42323b5520e1a8984acc1505ba1d96d90f00e17b24aa91660b2dc64e1a3ceb044c56f39b4c402a77c7e0b226c65218c23c094781b4ef51e2eb5
 DIST gnupg-2.2.42.tar.bz2.sig 238 BLAKE2B 251ad0a832042ceb93b0edfda8652104bfb463e291322f22f0ab0d9b35606c3589be7a6f3e9e2aac8f6ac368a7d11840ab83b29997587dc65685de9f2dec3fee SHA512 7073bfc920c571680a1de57b4e6cd83cde24ccb3b5f592602b0c32fd762eef497027b08745044c9f41130ca99bb7ec77222568c2d0a1099d3c1c15137e0221d7
-DIST gnupg-2.4.3.tar.bz2 7351327 BLAKE2B b7f4f5e548ec6dfc89cf8792f507ee8642e8500692998cf8d2edc9f5d8002904d24a714b9caffabee6094707c4595e0f54197535135622a7a32aa772f5818f28 SHA512 193a9398445272ec3eb5b79e802efb7414f74bcfffc3db0bf72c0056e04228120c419ed91db168e5733a16a33e548bab5368dd9cf11ecd483825bce189341a1e
-DIST gnupg-2.4.3.tar.bz2.sig 119 BLAKE2B 763c0569e5378e132de39e1583c19bae8912455bf7cd5a65bcfc88fa43be99fb6bbf8397192b3086db2f6f0f63fc25789f5e6ce98b2fe63cda3bf673b1c60a20 SHA512 7affff694d194c3befdfc865a7872c0883304ea704e3691eac328d802f12f4f82c2a93eaa1257d3e09b38494b38185f5b8cf35c964f0c3846bbb29b93727ffee
 DIST gnupg-2.4.4.tar.bz2 7886036 BLAKE2B 02661e89f0358be09fa3e71e7235b764a7dbda62a48a0c8c7a4e6c9919c3b37d54ead50b930af58f8f2fdb87861b849d3f3751e95cbedf46bdfd76caa90c4db4 SHA512 3d1a3b08d1ce2319d238d8be96591e418ede1dc0b4ede33a4cc2fe40e9c56d5bbc27b1984736d8a786e7f292ddbc836846a8bdb4bf89f064e953c37cb54b94ef
 DIST gnupg-2.4.4.tar.bz2.sig 237 BLAKE2B 6ee5878c36fbec747a6d84a268903749d862aab50dd7f9a389aabbf7b94dec1c424615f520b5f4a6d44e02093e8d9ad0b08d0c6cf6fd8886d8c174ce9faac99c SHA512 3ae7b6833576df851901a7619459b514bb82faeed350c864a57a782719d21f694d9ced5a3445c81dfa584a0302f87fedc660b08ea97bb8b861e76d7c5b46d07f

diff --git a/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch b/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch
deleted file mode 100644
index 2e9141ab579b..000000000000
--- a/app-crypt/gnupg/files/gnupg-2.4.2-fix-emacs.patch
+++ /dev/null
@@ -1,564 +0,0 @@
-https://bugs.gentoo.org/907839
-https://dev.gnupg.org/T6481
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2f872fa68c6576724b9dabee9fb0844266f55d0d
-
-From 2f872fa68c6576724b9dabee9fb0844266f55d0d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Wed, 24 May 2023 10:36:04 +0900
-Subject: [PATCH] gpg: Report BEGIN_* status before examining the input.
-
-* common/miscellaneous.c (is_openpgp_compressed_packet)
-(is_file_compressed): Moved to ...
-* common/iobuf.c: ... in this file.
-(is_file_compressed): Change the argument to INP, the iobuf.
-* common/util.h (is_file_compressed): Remove.
-* common/iobuf.h (is_file_compressed): Add.
-* g10/cipher-aead.c (write_header): Don't call write_status_printf
-here.
-(cipher_filter_aead): Call write_status_printf when called with
-IOBUFCTRL_INIT.
-* g10/cipher-cfb.c (write_header): Don't call write_status_printf
-here.
-(cipher_filter_cfb): Call write_status_printf when called with
-IOBUFCTRL_INIT.
-* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
-after call of iobuf_push_filter.
-(encrypt_crypt): Likewise.
-* g10/sign.c (sign_file): Likewise.
-
---
-
-GnuPG-bug-id: 6481
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---- a/common/iobuf.c
-+++ b/common/iobuf.c
-@@ -3057,3 +3057,123 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial)
- 	}
-     }
- }
-+
-+
-+/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
-+ * packet.  LEN should be at least 6.  */
-+static int
-+is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
-+{
-+  int c, ctb, pkttype;
-+  int lenbytes;
-+
-+  ctb = *buf++; len--;
-+  if (!(ctb & 0x80))
-+    return 0; /* Invalid packet.  */
-+
-+  if ((ctb & 0x40)) /* New style (OpenPGP) CTB.  */
-+    {
-+      pkttype = (ctb & 0x3f);
-+      if (!len)
-+        return 0; /* Expected first length octet missing.  */
-+      c = *buf++; len--;
-+      if (c < 192)
-+        ;
-+      else if (c < 224)
-+        {
-+          if (!len)
-+            return 0; /* Expected second length octet missing. */
-+        }
-+      else if (c == 255)
-+        {
-+          if (len < 4)
-+            return 0; /* Expected length octets missing */
-+        }
-+    }
-+  else /* Old style CTB.  */
-+    {
-+      pkttype = (ctb>>2)&0xf;
-+      lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
-+      if (len < lenbytes)
-+        return 0; /* Not enough length bytes.  */
-+    }
-+
-+  return (pkttype == 8);
-+}
-+
-+
-+/*
-+ * Check if the file is compressed, by peeking the iobuf.  You need to
-+ * pass the iobuf with INP.  Returns true if the buffer seems to be
-+ * compressed.
-+ */
-+int
-+is_file_compressed (iobuf_t inp)
-+{
-+  int i;
-+  char buf[32];
-+  int buflen;
-+
-+  struct magic_compress_s
-+  {
-+    byte len;
-+    byte extchk;
-+    byte magic[5];
-+  } magic[] =
-+      {
-+       { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
-+       { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
-+       { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
-+       { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
-+       { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
-+       { 5, 2, { 0x89, 'P','N','G', 0x0d} }  /* Likely PNG */
-+  };
-+
-+  if (!inp)
-+    return 0;
-+
-+  for ( ; inp->chain; inp = inp->chain )
-+    ;
-+
-+  buflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof buf, buf);
-+  if (buflen < 0)
-+    {
-+      buflen = 0;
-+      log_debug ("peeking at input failed\n");
-+    }
-+
-+  if ( buflen < 6 )
-+    {
-+      return 0;  /* Too short to check - assume uncompressed.  */
-+    }
-+
-+  for ( i = 0; i < DIM (magic); i++ )
-+    {
-+      if (!memcmp( buf, magic[i].magic, magic[i].len))
-+        {
-+          switch (magic[i].extchk)
-+            {
-+            case 0:
-+              return 1; /* Is compressed.  */
-+            case 1:
-+              if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
-+                return 1; /* JFIF: this likely a compressed JPEG.  */
-+              break;
-+            case 2:
-+              if (buflen > 8
-+                  && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
-+                return 1; /* This is a PNG.  */
-+              break;
-+            default:
-+              break;
-+            }
-+        }
-+    }
-+
-+  if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
-+    {
-+      return 1; /* Already compressed.  */
-+    }
-+
-+  return 0;  /* Not detected as compressed.  */
-+}
---- a/common/iobuf.h
-+++ b/common/iobuf.h
-@@ -629,6 +629,9 @@ void iobuf_set_partial_body_length_mode (iobuf_t a, size_t len);
-    from the following filter (which may or may not return EOF).  */
- void iobuf_skip_rest (iobuf_t a, unsigned long n, int partial);
- 
-+/* Check if the file is compressed, by peeking the iobuf.  */
-+int is_file_compressed (iobuf_t inp);
-+
- #define iobuf_where(a)	"[don't know]"
- 
- /* Each time a filter is allocated (via iobuf_alloc()), a
---- a/common/miscellaneous.c
-+++ b/common/miscellaneous.c
-@@ -415,112 +415,6 @@ decode_c_string (const char *src)
- }
- 
- 
--/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
-- * packet.  LEN should be at least 6.  */
--static int
--is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
--{
--  int c, ctb, pkttype;
--  int lenbytes;
--
--  ctb = *buf++; len--;
--  if (!(ctb & 0x80))
--    return 0; /* Invalid packet.  */
--
--  if ((ctb & 0x40)) /* New style (OpenPGP) CTB.  */
--    {
--      pkttype = (ctb & 0x3f);
--      if (!len)
--        return 0; /* Expected first length octet missing.  */
--      c = *buf++; len--;
--      if (c < 192)
--        ;
--      else if (c < 224)
--        {
--          if (!len)
--            return 0; /* Expected second length octet missing. */
--        }
--      else if (c == 255)
--        {
--          if (len < 4)
--            return 0; /* Expected length octets missing */
--        }
--    }
--  else /* Old style CTB.  */
--    {
--      pkttype = (ctb>>2)&0xf;
--      lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
--      if (len < lenbytes)
--        return 0; /* Not enough length bytes.  */
--    }
--
--  return (pkttype == 8);
--}
--
--
--
--/*
-- * Check if the file is compressed.  You need to pass the first bytes
-- * of the file as (BUF,BUFLEN).  Returns true if the buffer seems to
-- * be compressed.
-- */
--int
--is_file_compressed (const byte *buf, unsigned int buflen)
--{
--  int i;
--
--  struct magic_compress_s
--  {
--    byte len;
--    byte extchk;
--    byte magic[5];
--  } magic[] =
--      {
--       { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
--       { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
--       { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
--       { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
--       { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
--       { 5, 2, { 0x89, 'P','N','G', 0x0d} }  /* Likely PNG */
--  };
--
--  if ( buflen < 6 )
--    {
--      return 0;  /* Too short to check - assume uncompressed.  */
--    }
--
--  for ( i = 0; i < DIM (magic); i++ )
--    {
--      if (!memcmp( buf, magic[i].magic, magic[i].len))
--        {
--          switch (magic[i].extchk)
--            {
--            case 0:
--              return 1; /* Is compressed.  */
--            case 1:
--              if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
--                return 1; /* JFIF: this likely a compressed JPEG.  */
--              break;
--            case 2:
--              if (buflen > 8
--                  && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
--                return 1; /* This is a PNG.  */
--              break;
--            default:
--              break;
--            }
--        }
--    }
--
--  if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
--    {
--      return 1; /* Already compressed.  */
--    }
--
--  return 0;  /* Not detected as compressed.  */
--}
--
--
- /* Try match against each substring of multistr, delimited by | */
- int
- match_multistr (const char *multistr,const char *match)
---- a/common/util.h
-+++ b/common/util.h
-@@ -360,8 +360,6 @@ char *try_make_printable_string (const void *p, size_t n, int delim);
- char *make_printable_string (const void *p, size_t n, int delim);
- char *decode_c_string (const char *src);
- 
--int is_file_compressed (const byte *buf, unsigned int buflen);
--
- int match_multistr (const char *multistr,const char *match);
- 
- int gnupg_compare_version (const char *a, const char *b);
---- a/g10/cipher-aead.c
-+++ b/g10/cipher-aead.c
-@@ -174,8 +174,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
-     log_debug ("aead packet: len=%lu extralen=%d\n",
-                (unsigned long)ed.len, ed.extralen);
- 
--  write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
--                       cfx->dek->algo, ed.aead_algo);
-   print_cipher_algo_note (cfx->dek->algo);
- 
-   if (build_packet( a, &pkt))
-@@ -488,6 +486,11 @@ cipher_filter_aead (void *opaque, int control,
-     {
-       mem2str (buf, "cipher_filter_aead", *ret_len);
-     }
-+  else if (control == IOBUFCTRL_INIT)
-+    {
-+      write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
-+                           cfx->dek->algo, cfx->dek->use_aead);
-+    }
- 
-   return rc;
- }
---- a/g10/cipher-cfb.c
-+++ b/g10/cipher-cfb.c
-@@ -72,9 +72,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
-       log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
-     }
- 
--  write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
--                       ed.mdc_method, cfx->dek->algo);
--
-   init_packet (&pkt);
-   pkt.pkttype = cfx->dek->use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
-   pkt.pkt.encrypted = &ed;
-@@ -182,6 +179,12 @@ cipher_filter_cfb (void *opaque, int control,
-     {
-       mem2str (buf, "cipher_filter_cfb", *ret_len);
-     }
-+  else if (control == IOBUFCTRL_INIT)
-+    {
-+      write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
-+                           cfx->dek->use_mdc ? DIGEST_ALGO_SHA1 : 0,
-+                           cfx->dek->algo);
-+    }
- 
-   return rc;
- }
---- a/g10/encrypt.c
-+++ b/g10/encrypt.c
-@@ -410,8 +410,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
-   text_filter_context_t tfx;
-   progress_filter_context_t *pfx;
-   int do_compress = !!default_compress_algo();
--  char peekbuf[32];
--  int  peekbuflen;
- 
-   if (!gnupg_rng_is_compliant (opt.compliance))
-     {
-@@ -448,14 +446,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
-       return rc;
-     }
- 
--  peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
--  if (peekbuflen < 0)
--    {
--      peekbuflen = 0;
--      if (DBG_FILTER)
--        log_debug ("peeking at input failed\n");
--    }
--
-   handle_progress (pfx, inp, filename);
- 
-   if (opt.textmode)
-@@ -517,17 +507,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
-                  /**/             : "CFB");
-     }
- 
--  if (do_compress
--      && cfx.dek
--      && (cfx.dek->use_mdc || cfx.dek->use_aead)
--      && !opt.explicit_compress_option
--      && is_file_compressed (peekbuf, peekbuflen))
--    {
--      if (opt.verbose)
--        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
--      do_compress = 0;
--    }
--
-   if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
-     {
-       iobuf_cancel (inp);
-@@ -598,6 +577,24 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
-   else
-     filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
- 
-+  /* Register the cipher filter. */
-+  if (mode)
-+    iobuf_push_filter (out,
-+                       cfx.dek->use_aead? cipher_filter_aead
-+                       /**/             : cipher_filter_cfb,
-+                       &cfx );
-+
-+  if (do_compress
-+      && cfx.dek
-+      && (cfx.dek->use_mdc || cfx.dek->use_aead)
-+      && !opt.explicit_compress_option
-+      && is_file_compressed (inp))
-+    {
-+      if (opt.verbose)
-+        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
-+      do_compress = 0;
-+    }
-+
-   if (!opt.no_literal)
-     {
-       /* Note that PT has been initialized above in !no_literal mode.  */
-@@ -617,13 +614,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
-       pkt.pkt.generic = NULL;
-     }
- 
--  /* Register the cipher filter. */
--  if (mode)
--    iobuf_push_filter (out,
--                       cfx.dek->use_aead? cipher_filter_aead
--                       /**/             : cipher_filter_cfb,
--                       &cfx );
--
-   /* Register the compress filter. */
-   if ( do_compress )
-     {
-@@ -783,7 +773,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   PKT_plaintext *pt = NULL;
-   DEK *symkey_dek = NULL;
-   STRING2KEY *symkey_s2k = NULL;
--  int rc = 0, rc2 = 0;
-+  int rc = 0;
-   u32 filesize;
-   cipher_filter_context_t cfx;
-   armor_filter_context_t *afx = NULL;
-@@ -792,8 +782,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   progress_filter_context_t *pfx;
-   PK_LIST pk_list;
-   int do_compress;
--  char peekbuf[32];
--  int  peekbuflen;
- 
-   if (filefd != -1 && filename)
-     return gpg_error (GPG_ERR_INV_ARG);  /* Both given.  */
-@@ -866,14 +854,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   if (opt.verbose)
-     log_info (_("reading from '%s'\n"), iobuf_get_fname_nonnull (inp));
- 
--  peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
--  if (peekbuflen < 0)
--    {
--      peekbuflen = 0;
--      if (DBG_FILTER)
--        log_debug ("peeking at input failed\n");
--    }
--
-   handle_progress (pfx, inp, filename);
- 
-   if (opt.textmode)
-@@ -900,25 +880,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   if (!cfx.dek->use_aead)
-     cfx.dek->use_mdc = !!use_mdc (pk_list, cfx.dek->algo);
- 
--  /* Only do the is-file-already-compressed check if we are using a
--   * MDC or AEAD.  This forces compressed files to be re-compressed if
--   * we do not have a MDC to give some protection against chosen
--   * ciphertext attacks. */
--  if (do_compress
--      && (cfx.dek->use_mdc || cfx.dek->use_aead)
--      && !opt.explicit_compress_option
--      && is_file_compressed (peekbuf, peekbuflen))
--    {
--      if (opt.verbose)
--        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
--      do_compress = 0;
--    }
--  if (rc2)
--    {
--      rc = rc2;
--      goto leave;
--    }
--
-   make_session_key (cfx.dek);
-   if (DBG_CRYPTO)
-     log_printhex (cfx.dek->key, cfx.dek->keylen, "DEK is: ");
-@@ -960,6 +921,26 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   else
-     filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
- 
-+  /* Register the cipher filter. */
-+  iobuf_push_filter (out,
-+                     cfx.dek->use_aead? cipher_filter_aead
-+                     /**/             : cipher_filter_cfb,
-+                     &cfx);
-+
-+  /* Only do the is-file-already-compressed check if we are using a
-+   * MDC or AEAD.  This forces compressed files to be re-compressed if
-+   * we do not have a MDC to give some protection against chosen
-+   * ciphertext attacks. */
-+  if (do_compress
-+      && (cfx.dek->use_mdc || cfx.dek->use_aead)
-+      && !opt.explicit_compress_option
-+      && is_file_compressed (inp))
-+    {
-+      if (opt.verbose)
-+        log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
-+      do_compress = 0;
-+    }
-+
-   if (!opt.no_literal)
-     {
-       pt->timestamp = make_timestamp();
-@@ -974,12 +955,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
-   else
-     cfx.datalen = filesize && !do_compress ? filesize : 0;
- 
--  /* Register the cipher filter. */
--  iobuf_push_filter (out,
--                     cfx.dek->use_aead? cipher_filter_aead
--                     /**/             : cipher_filter_cfb,
--                     &cfx);
--
-   /* Register the compress filter. */
-   if (do_compress)
-     {
---- a/g10/sign.c
-+++ b/g10/sign.c
-@@ -1035,9 +1035,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
-   int multifile = 0;
-   u32 duration=0;
-   pt_extra_hash_data_t extrahash = NULL;
--  char peekbuf[32];
--  int  peekbuflen = 0;
--
- 
-   pfx = new_progress_context ();
-   afx = new_armor_context ();
-@@ -1096,14 +1093,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
-           goto leave;
- 	}
- 
--      peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
--      if (peekbuflen < 0)
--        {
--          peekbuflen = 0;
--          if (DBG_FILTER)
--            log_debug ("peeking at input failed\n");
--        }
--
-       handle_progress (pfx, inp, fname);
-     }
- 
-@@ -1261,7 +1250,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
-       int compr_algo = opt.compress_algo;
- 
-       if (!opt.explicit_compress_option
--          && is_file_compressed (peekbuf, peekbuflen))
-+          && is_file_compressed (inp))
-         {
-           if (opt.verbose)
-             log_info(_("'%s' already compressed\n"), fname? fname: "[stdin]");
--- 
-2.11.0

diff --git a/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch b/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch
deleted file mode 100644
index 06d4221488e9..000000000000
--- a/app-crypt/gnupg/files/gnupg-2.4.3-no-ldap.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-https://dev.gnupg.org/T6579
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dc13361524c1477b2106c7385f2059f9ea111b84
-
-From dc13361524c1477b2106c7385f2059f9ea111b84 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Wed, 5 Jul 2023 09:29:54 +0900
-Subject: [PATCH] dirmngr: Enable the call of ks_ldap_help_variables when
- USE_LDAP.
-
-* dirmngr/server.c [USE_LDAP] (cmd_ad_query): Conditionalize.
-
---
-
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -2776,7 +2776,9 @@ cmd_ad_query (assuan_context_t ctx, char *line)
- 
-   if (opt_help)
-     {
-+#if USE_LDAP
-       ks_ldap_help_variables (ctrl);
-+#endif
-       err = 0;
-       goto leave;
-     }
--- 
-2.11.0

diff --git a/app-crypt/gnupg/gnupg-2.4.3-r1.ebuild b/app-crypt/gnupg/gnupg-2.4.3-r1.ebuild
deleted file mode 100644
index 48e3b7e762e4..000000000000
--- a/app-crypt/gnupg/gnupg-2.4.3-r1.ebuild
+++ /dev/null
@@ -1,198 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should:
-# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
-# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
-# (find the one for the current release then subscribe to it +
-# any subsequent ones linked within so you're covered for a while.)
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
-# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
-inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="test? ( tofu )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND="
-	>=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.9.1:=
-	>=dev-libs/libgpg-error-1.46
-	>=dev-libs/libksba-1.6.3
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	tofu? ( >=dev-db/sqlite-3.27 )
-	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
-	ssl? ( >=net-libs/gnutls-3.0:0= )
-"
-RDEPEND="
-	${DEPEND}
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )
-"
-PDEPEND="
-	app-crypt/pinentry
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )
-"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
-	"${FILESDIR}"/${PN}-2.4.2-fix-emacs.patch
-	"${FILESDIR}"/${P}-no-ldap.patch
-)
-
-src_prepare() {
-	default
-
-	GNUPG_SYSTEMD_UNITS=(
-		dirmngr.service
-		dirmngr.socket
-		gpg-agent-browser.socket
-		gpg-agent-extra.socket
-		gpg-agent.service
-		gpg-agent.socket
-		gpg-agent-ssh.socket
-	)
-
-	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i "${T}"/gpg-agent-ssh.socket || die
-}
-
-my_src_configure() {
-	# Upstream don't support LTO, bug #854222.
-	filter-lto
-
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use_enable tofu keyboxd)
-		$(use_enable tofu sqlite)
-		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-
-		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-		# by wks-client & wks-server; and if it's autodetected but not not exist at
-		# build time, then then 'gpg-wks-client --send' functionality will not
-		# work. This has an unwanted side-effect in stage3 builds: there was a
-		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-		# the build where the install guide previously make the user chose the
-		# logger & mta early in the install.
-		--with-mailprog=/usr/libexec/sendmail
-
-		--disable-ntbtls
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	econf "${myconf[@]}"
-}
-
-my_src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-my_src_test() {
-	export TESTFLAGS="--parallel=$(makeopts_jobs)"
-
-	default
-}
-
-my_src_install() {
-	emake DESTDIR="${D}" install
-
-	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/*
-}
-
-my_src_install_all() {
-	einstalldocs
-
-	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
-	use doc && dodoc doc/*.png
-
-	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
-	dodoc "${FILESDIR}"/README-systemd
-	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
-}

diff --git a/app-crypt/gnupg/gnupg-2.4.4.ebuild b/app-crypt/gnupg/gnupg-2.4.4.ebuild
deleted file mode 100644
index f01cb0b88152..000000000000
--- a/app-crypt/gnupg/gnupg-2.4.4.ebuild
+++ /dev/null
@@ -1,198 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-# Maintainers should:
-# 1. Join the "Gentoo" project at https://dev.gnupg.org/project/view/27/
-# 2. Subscribe to release tasks like https://dev.gnupg.org/T6159
-# (find the one for the current release then subscribe to it +
-# any subsequent ones linked within so you're covered for a while.)
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/gnupg.asc
-# in-source builds are not supported: https://dev.gnupg.org/T6313#166339
-inherit flag-o-matic out-of-source multiprocessing systemd toolchain-funcs verify-sig
-
-MY_P="${P/_/-}"
-
-DESCRIPTION="The GNU Privacy Guard, a GPL OpenPGP implementation"
-HOMEPAGE="https://gnupg.org/"
-SRC_URI="mirror://gnupg/gnupg/${MY_P}.tar.bz2"
-SRC_URI+=" verify-sig? ( mirror://gnupg/gnupg/${P}.tar.bz2.sig )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-IUSE="bzip2 doc ldap nls readline selinux +smartcard ssl test +tofu tpm tools usb user-socket wks-server"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="test? ( tofu )"
-
-# Existence of executables is checked during configuration.
-# Note: On each bump, update dep bounds on each version from configure.ac!
-DEPEND="
-	>=dev-libs/libassuan-2.5.0
-	>=dev-libs/libgcrypt-1.9.1:=
-	>=dev-libs/libgpg-error-1.46
-	>=dev-libs/libksba-1.6.3
-	>=dev-libs/npth-1.2
-	>=net-misc/curl-7.10
-	sys-libs/zlib
-	bzip2? ( app-arch/bzip2 )
-	ldap? ( net-nds/openldap:= )
-	readline? ( sys-libs/readline:0= )
-	smartcard? ( usb? ( virtual/libusb:1 ) )
-	tofu? ( >=dev-db/sqlite-3.27 )
-	tpm? ( >=app-crypt/tpm2-tss-2.4.0:= )
-	ssl? ( >=net-libs/gnutls-3.2:0= )
-"
-RDEPEND="
-	${DEPEND}
-	nls? ( virtual/libintl )
-	selinux? ( sec-policy/selinux-gpg )
-	wks-server? ( virtual/mta )
-"
-PDEPEND="
-	app-crypt/pinentry
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( sys-apps/texinfo )
-	nls? ( sys-devel/gettext )
-	verify-sig? ( sec-keys/openpgp-keys-gnupg )
-"
-
-DOCS=(
-	ChangeLog NEWS README THANKS TODO VERSION
-	doc/FAQ doc/DETAILS doc/HACKING doc/TRANSLATE doc/OpenPGP doc/KEYSERVER
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
-	#"${FILESDIR}"/${PN}-2.4.2-fix-emacs.patch
-	#"${FILESDIR}"/${PN}-2.4.3-no-ldap.patch
-)
-
-src_prepare() {
-	default
-
-	GNUPG_SYSTEMD_UNITS=(
-		dirmngr.service
-		dirmngr.socket
-		gpg-agent-browser.socket
-		gpg-agent-extra.socket
-		gpg-agent.service
-		gpg-agent.socket
-		gpg-agent-ssh.socket
-	)
-
-	cp "${GNUPG_SYSTEMD_UNITS[@]/#/${FILESDIR}/}" "${T}" || die
-
-	# Inject SSH_AUTH_SOCK into user's sessions after enabling gpg-agent-ssh.socket in systemctl --user mode,
-	# idea borrowed from libdbus, see
-	#   https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/bus/systemd-user/dbus.socket.in#L6
-	#
-	# This cannot be upstreamed, as it requires determining the exact prefix of 'systemctl',
-	# which in turn requires discovery in Autoconf, something that upstream deeply resents.
-	sed -e "/DirectoryMode=/a ExecStartPost=-${EPREFIX}/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/gnupg/S.gpg-agent.ssh" \
-		-i "${T}"/gpg-agent-ssh.socket || die
-}
-
-my_src_configure() {
-	# Upstream don't support LTO, bug #854222.
-	filter-lto
-
-	local myconf=(
-		$(use_enable bzip2)
-		$(use_enable nls)
-		$(use_enable smartcard scdaemon)
-		$(use_enable ssl gnutls)
-		$(use_enable test all-tests)
-		$(use_enable test tests)
-		$(use_enable tofu)
-		$(use_enable tofu keyboxd)
-		$(use_enable tofu sqlite)
-		$(usex tpm '--with-tss=intel' '--disable-tpm2d')
-		$(use smartcard && use_enable usb ccid-driver || echo '--disable-ccid-driver')
-		$(use_enable wks-server wks-tools)
-		$(use_with ldap)
-		$(use_with readline)
-
-		# Hardcode mailprog to /usr/libexec/sendmail even if it does not exist.
-		# As of GnuPG 2.3, the mailprog substitution is used for the binary called
-		# by wks-client & wks-server; and if it's autodetected but not not exist at
-		# build time, then then 'gpg-wks-client --send' functionality will not
-		# work. This has an unwanted side-effect in stage3 builds: there was a
-		# [R]DEPEND on virtual/mta, which also brought in virtual/logger, bloating
-		# the build where the install guide previously make the user chose the
-		# logger & mta early in the install.
-		--with-mailprog=/usr/libexec/sendmail
-
-		--disable-ntbtls
-		--enable-gpgsm
-		--enable-large-secmem
-
-		CC_FOR_BUILD="$(tc-getBUILD_CC)"
-		GPG_ERROR_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-gpg-error-config"
-		KSBA_CONFIG="${ESYSROOT}/usr/bin/ksba-config"
-		LIBASSUAN_CONFIG="${ESYSROOT}/usr/bin/libassuan-config"
-		LIBGCRYPT_CONFIG="${ESYSROOT}/usr/bin/${CHOST}-libgcrypt-config"
-		NPTH_CONFIG="${ESYSROOT}/usr/bin/npth-config"
-
-		$("${S}/configure" --help | grep -o -- '--without-.*-prefix')
-	)
-
-	if use prefix && use usb; then
-		# bug #649598
-		append-cppflags -I"${ESYSROOT}/usr/include/libusb-1.0"
-	fi
-
-	# bug #663142
-	if use user-socket; then
-		myconf+=( --enable-run-gnupg-user-socket )
-	fi
-
-	# glib fails and picks up clang's internal stdint.h causing weird errors
-	tc-is-clang && export gl_cv_absolute_stdint_h="${ESYSROOT}"/usr/include/stdint.h
-
-	econf "${myconf[@]}"
-}
-
-my_src_compile() {
-	default
-
-	use doc && emake -C doc html
-}
-
-my_src_test() {
-	export TESTFLAGS="--parallel=$(makeopts_jobs)"
-
-	default
-}
-
-my_src_install() {
-	emake DESTDIR="${D}" install
-
-	use tools && dobin tools/{gpgconf,gpgsplit,gpg-check-pattern} tools/make-dns-cert
-
-	dosym gpg /usr/bin/gpg2
-	dosym gpgv /usr/bin/gpgv2
-	echo ".so man1/gpg.1" > "${ED}"/usr/share/man/man1/gpg2.1 || die
-	echo ".so man1/gpgv.1" > "${ED}"/usr/share/man/man1/gpgv2.1 || die
-
-	dodir /etc/env.d
-	echo "CONFIG_PROTECT=/usr/share/gnupg/qualified.txt" >> "${ED}"/etc/env.d/30gnupg || die
-
-	use doc && dodoc doc/gnupg.html/*
-}
-
-my_src_install_all() {
-	einstalldocs
-
-	use tools && dobin tools/{convert-from-106,mail-signed-keys,lspgpot}
-	use doc && dodoc doc/*.png
-
-	# Dropped upstream in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed.
-	dodoc "${FILESDIR}"/README-systemd
-	systemd_douserunit "${GNUPG_SYSTEMD_UNITS[@]/#/${T}/}"
-}