From 36d37ca9c51b2c77026ee1d49a2fed3aa197431a Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 4 Jan 2018 13:21:13 -0500 Subject: gnu: libgcrypt: Update to 1.8.2. * gnu/packages/gnupg.scm (libgcrypt): Update to 1.8.2. --- gnu/packages/gnupg.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 16685f6986..c039d673e0 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -92,14 +92,14 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package (name "libgcrypt") - (version "1.8.1") + (version "1.8.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" version ".tar.bz2")) (sha256 (base32 - "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s")))) + "01sca9m8hm6b5v8hmqsfdjhyz013869p1f0fxw9ln52qfnp4q1n8")))) (build-system gnu-build-system) (propagated-inputs `(("libgpg-error-host" ,libgpg-error))) -- cgit v1.2.3 From b17f7238460a021f7391a0b31da4e1d27e98cb72 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 23 Mar 2018 02:36:33 -0400 Subject: gnu: gnupg@1: Return #t from all phases. * gnu/packages/gnupg.scm (gnupg-1)[arguments]: Return #t from the 'patch-check-sh' phase. --- gnu/packages/gnupg.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 555f400630..4f3bf9aeec 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -355,7 +355,8 @@ libskba (working with X.509 certificates and CMS data).") (add-after 'unpack 'patch-check-sh (lambda _ (substitute* "checks/Makefile.in" - (("/bin/sh") (which "sh")))))))))) + (("/bin/sh") (which "sh"))) + #t))))))) (define-public gpgme (package -- cgit v1.2.3 From 1abc295b9b4f43253ffec8cd9311693341223556 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 29 Mar 2018 14:28:26 +0200 Subject: gnu: libgpg-error: Update to 1.28. * gnu/packages/gnupg.scm (libgpg-error): Update to 1.28. --- gnu/packages/gnupg.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 4f3bf9aeec..82e01eccad 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -68,7 +68,7 @@ (define-public libgpg-error (package (name "libgpg-error") - (version "1.27") + (version "1.28") (source (origin (method url-fetch) @@ -76,7 +76,7 @@ version ".tar.bz2")) (sha256 (base32 - "1li95ni122fzinzlmxbln63nmgij63irxfvi52ws4zfbzv3am4sg")))) + "0jfsfnh9bxlxiwxws60yah4ybjw2hshmvqp31pri4m4h8ivrbnry")))) (build-system gnu-build-system) (home-page "https://gnupg.org") (synopsis "Library of error values for GnuPG components") -- cgit v1.2.3 From 1bf7ef856b6194f4a9590ce431c14742fe7c0d92 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 2 Apr 2018 15:17:05 +0300 Subject: gnu: libgpg-error: Fix building on aarch64-linux. * gnu/packages/patches/gnupg.scm (libgpg-error)[source]: Add patch. * gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/gnupg.scm | 3 +- .../patches/libgpg-error-aarch64-logging-fix.patch | 58 ++++++++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 78bad98918..91ccb474bc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -845,6 +845,7 @@ dist_patch_DATA = \ %D%/packages/patches/libgdata-glib-duplicate-tests.patch \ %D%/packages/patches/libgnome-encoding.patch \ %D%/packages/patches/libgnomeui-utf8.patch \ + %D%/packages/patches/libgpg-error-aarch64-logging-fix.patch \ %D%/packages/patches/libgxps-CVE-2017-11590.patch \ %D%/packages/patches/libffi-3.2.1-complex-alpha.patch \ %D%/packages/patches/libjxr-fix-function-signature.patch \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 94908a7248..08c78ec790 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -76,7 +76,8 @@ version ".tar.bz2")) (sha256 (base32 - "0jfsfnh9bxlxiwxws60yah4ybjw2hshmvqp31pri4m4h8ivrbnry")))) + "0jfsfnh9bxlxiwxws60yah4ybjw2hshmvqp31pri4m4h8ivrbnry")) + (patches (search-patches "libgpg-error-aarch64-logging-fix.patch")))) (build-system gnu-build-system) (home-page "https://gnupg.org") (synopsis "Library of error values for GnuPG components") diff --git a/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch b/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch new file mode 100644 index 0000000000..d848d639b2 --- /dev/null +++ b/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch @@ -0,0 +1,58 @@ +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=patch;h=791177de023574223eddf7288eb7c5a0721ac623 + +From 791177de023574223eddf7288eb7c5a0721ac623 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Sun, 18 Mar 2018 17:39:43 +0100 +Subject: [PATCH] core: Fix regression on arm64 due to invalid use of va_list. + +* src/logging.c (_gpgrt_log_printhex): Provide a dummy arg instead of +NULL. +-- + +Fix +Suggested-by: Jakub Wilk + +Signed-off-by: Werner Koch +--- + src/logging.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/src/logging.c b/src/logging.c +index 1a4f620..d01f974 100644 +--- a/src/logging.c ++++ b/src/logging.c +@@ -1090,9 +1090,10 @@ _gpgrt_log_flush (void) + + + /* Print a hexdump of (BUFFER,LENGTH). With FMT passed as NULL print +- * just the raw dump, with FMT being an empty string, print a trailing +- * linefeed, otherwise print an entire debug line with the expanded +- * FMT followed by a possible wrapped hexdump and a final LF. */ ++ * just the raw dump (in this case ARG_PTR is not used), with FMT ++ * being an empty string, print a trailing linefeed, otherwise print ++ * an entire debug line with the expanded FMT followed by a possible ++ * wrapped hexdump and a final LF. */ + void + _gpgrt_logv_printhex (const void *buffer, size_t length, + const char *fmt, va_list arg_ptr) +@@ -1150,7 +1151,16 @@ _gpgrt_log_printhex (const void *buffer, size_t length, + va_end (arg_ptr); + } + else +- _gpgrt_logv_printhex (buffer, length, NULL, NULL); ++ { ++ /* va_list is not necessary a pointer and thus we can't use NULL ++ * because that would conflict with platforms using a straight ++ * struct for it (e.g. arm64). We use a dummy variable instead; ++ * the static is a simple way zero it out so to not get ++ * complains about uninitialized use. */ ++ static va_list dummy_argptr; ++ ++ _gpgrt_logv_printhex (buffer, length, NULL, dummy_argptr); ++ } + } + + +-- +2.8.0.rc3 + -- cgit v1.2.3 From 0c183f6fb1efe9762cf33f691607a1b2ed2fa57e Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 6 May 2018 08:38:44 +0300 Subject: gnu: gnupg: Update to 2.2.7. * gnu/packages/gnupg.scm (gnupg): Update to 2.2.7. --- gnu/packages/gnupg.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index f397482ab0..80ab78eb50 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -215,14 +215,14 @@ compatible to GNU Pth.") (define-public gnupg (package (name "gnupg") - (version "2.2.6") + (version "2.2.7") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnupg/gnupg-" version ".tar.bz2")) (sha256 (base32 - "110rf476l3cgn52gh9ia5y0y06y2ialq9dqc12jkhnfhl9gqqkg6")))) + "0vlpis0q7gvq9mhdc43hkyn3cdriz4mwgj20my3gyzpgwqg3cnyr")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) -- cgit v1.2.3 From 7ebc6dc432d0ba051ccae91242f7bb90cb703a5a Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 6 May 2018 10:01:59 +0300 Subject: Revert "gnu: gnupg: Update to 2.2.7." This reverts commit 0c183f6fb1efe9762cf33f691607a1b2ed2fa57e. --- gnu/packages/gnupg.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 80ab78eb50..f397482ab0 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -215,14 +215,14 @@ compatible to GNU Pth.") (define-public gnupg (package (name "gnupg") - (version "2.2.7") + (version "2.2.6") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnupg/gnupg-" version ".tar.bz2")) (sha256 (base32 - "0vlpis0q7gvq9mhdc43hkyn3cdriz4mwgj20my3gyzpgwqg3cnyr")))) + "110rf476l3cgn52gh9ia5y0y06y2ialq9dqc12jkhnfhl9gqqkg6")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) -- cgit v1.2.3 From df9f62899150c491b07754154b20a43bacdf7cab Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 6 May 2018 14:20:13 +0200 Subject: gnu: gpgme: Update to 1.11.1. * gnu/packages/gnupg.scm (libgpg-error-1.31): New public variable. (gpgme): Update to 1.11.1. [propagated-inputs]: Change LIBGPG-ERROR to LIBGPG-ERROR-1.31. --- gnu/packages/gnupg.scm | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index f397482ab0..13e700ccb1 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2017 Leo Famulari ;;; Copyright © 2017 Petter ;;; Copyright © 2018 Tobias Geerinckx-Rice +;;; Copyright © 2018 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -90,6 +91,20 @@ Daemon and possibly more in the future.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgpg-error"))))) +;; Some packages (e.g. GPGME) require a newer libgpg-error to deal with +;; error codes from recent GnuPG. Remove this in the next rebuild cycle. +(define-public libgpg-error-1.31 + (package + (inherit libgpg-error) + (version "1.31") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/libgpg-error/libgpg-error-" + version ".tar.bz2")) + (sha256 + (base32 + "1vx4nw6rxh2biy3h8n96fyr86q29h8gjl6837437i51jr4isil20")))))) + (define-public libgcrypt (package (name "libgcrypt") @@ -359,7 +374,7 @@ libskba (working with X.509 certificates and CMS data).") (define-public gpgme (package (name "gpgme") - (version "1.10.0") + (version "1.11.1") (source (origin (method url-fetch) @@ -367,13 +382,13 @@ libskba (working with X.509 certificates and CMS data).") ".tar.bz2")) (sha256 (base32 - "14q619lxbk64vz7lih5gjb928qm28jrnn1h3yhsrrff3jw8yv3qs")))) + "0vxx5xaag3rhp4g2arp5qm77gvz4kj0m3hnpvhkdvqyjfhbi26rd")))) (build-system gnu-build-system) (native-inputs `(("gnupg" ,gnupg))) (propagated-inputs ;; Needs to be propagated because gpgme.h includes gpg-error.h. - `(("libgpg-error" ,libgpg-error))) + `(("libgpg-error" ,libgpg-error-1.31))) (inputs `(("libassuan" ,libassuan))) (home-page "https://www.gnupg.org/related_software/gpgme/") -- cgit v1.2.3 From 909ebbfc321f854cbc21b5a9e1591c9547508e8e Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 4 May 2018 14:32:34 +0200 Subject: gnu: gnupg: Update to 2.2.7. * gnu/packages/gnupg.scm (gnupg): Update to 2.2.7. --- gnu/packages/gnupg.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 13e700ccb1..f7c557ba57 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -230,14 +230,14 @@ compatible to GNU Pth.") (define-public gnupg (package (name "gnupg") - (version "2.2.6") + (version "2.2.7") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnupg/gnupg-" version ".tar.bz2")) (sha256 (base32 - "110rf476l3cgn52gh9ia5y0y06y2ialq9dqc12jkhnfhl9gqqkg6")))) + "0vlpis0q7gvq9mhdc43hkyn3cdriz4mwgj20my3gyzpgwqg3cnyr")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) -- cgit v1.2.3 From fcb1dd99941cd7adf9651946397a1a8a52f61aa1 Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Mon, 21 May 2018 16:55:11 +0200 Subject: gnu: pius: Add input python2-sip. * gnu/packages/gnupg.scm (pius)[inputs]: Add python2-six, imported from the pius Python script. --- gnu/packages/gnupg.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index f7c557ba57..230afaec1b 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -593,7 +593,8 @@ signing, decryption, verification, and key-listing parsing.") "1893hzpx3zv724drqv48csrn0cm98xw4ymb1zmhs2jvjj1778zfj")))) (build-system python-build-system) (inputs `(("perl" ,perl) ;for 'pius-party-worksheet' - ("gpg" ,gnupg))) + ("gpg" ,gnupg) + ("python-six" ,python2-six))) (arguments `(#:tests? #f #:python ,python-2 ;uses the Python 2 'print' syntax -- cgit v1.2.3 From a92d97266dffcd1ab5c40a379005a7db1fc3dad4 Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Mon, 21 May 2018 17:03:53 +0200 Subject: gnu: pius: Fix incompatibility with newer GnuPG versions. * gnu/packages/gnupg.scm (pius)[source]: Add patch. * gnu/packages/patches/pius.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 3 ++- gnu/packages/gnupg.scm | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 20975306b2..469e73f7c7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1,6 +1,6 @@ # GNU Guix --- Functional package management for GNU # Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès -# Copyright © 2013, 2014, 2015, 2016, 2017 Andreas Enge +# Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Andreas Enge # Copyright © 2016 Mathieu Lirzin # Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Mark H Weaver # Copyright © 2016 Chris Marusich @@ -1001,6 +1001,7 @@ dist_patch_DATA = \ %D%/packages/patches/pinball-src-deps.patch \ %D%/packages/patches/pinball-system-ltdl.patch \ %D%/packages/patches/pingus-sdl-libs-config.patch \ + %D%/packages/patches/pius.patch \ %D%/packages/patches/pixman-CVE-2016-5296.patch \ %D%/packages/patches/plink-1.07-unclobber-i.patch \ %D%/packages/patches/plink-endian-detection.patch \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 230afaec1b..a389186746 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès -;;; Copyright © 2013, 2015 Andreas Enge +;;; Copyright © 2013, 2015, 2018 Andreas Enge ;;; Copyright © 2014 Eric Bavier ;;; Copyright © 2014, 2015, 2016 Mark H Weaver ;;; Copyright © 2015 Paul van der Walt @@ -590,7 +590,8 @@ signing, decryption, verification, and key-listing parsing.") version "/pius-" version ".tar.bz2")) (sha256 (base32 - "1893hzpx3zv724drqv48csrn0cm98xw4ymb1zmhs2jvjj1778zfj")))) + "1893hzpx3zv724drqv48csrn0cm98xw4ymb1zmhs2jvjj1778zfj")) + (patches (search-patches "pius.patch")))) (build-system python-build-system) (inputs `(("perl" ,perl) ;for 'pius-party-worksheet' ("gpg" ,gnupg) -- cgit v1.2.3 From 831f07a009e2a4d84d257ff6e07341971b0fb6e8 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 4 Jun 2018 10:35:41 +0200 Subject: gnu: signing-party: Update to commit d6f2296. * gnu/packages/gnupg.scm (signing-party): Update to commit d6f2296. [home-page]: Change to salsa.debian.org. [source]: Use git-fetch. [arguments]: Remove 'change-directory' phase. In 'configure' phase, modify 'gpgwrap/Makefile' instead of 'gpgwrap/src/Makefile'. --- gnu/packages/gnupg.scm | 168 +++++++++++++++++++++++++------------------------ 1 file changed, 85 insertions(+), 83 deletions(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index dbbe8368a8..eeac964fef 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -625,84 +625,87 @@ PGP keysigning parties.") (home-page "https://www.phildev.net/pius/index.shtml"))) (define-public signing-party - (package - (name "signing-party") - (version "2.6") - (source (origin - (method url-fetch) - (uri (string-append "mirror://debian/pool/main/s/signing-party/" - "signing-party_" version ".orig.tar.gz")) - (sha256 (base32 - "1n5bpcfpl9vg1xp6r1jhbyahrgdyxp05b5pria1rh4m0qnv8sifr")))) - (build-system gnu-build-system) - (native-inputs - `(("autoconf" ,autoconf-wrapper) - ("automake" ,automake))) - (inputs `(("perl" ,perl) - ("perl-text-template" ,perl-text-template) - ("perl-mime-tools" ,perl-mime-tools) - ("perl-gnupg-interface" ,perl-gnupg-interface) - ("perl-net-idn-encode" ,perl-net-idn-encode) - ("libmd" ,libmd))) - (arguments - `(#:tests? #f - #:phases - (modify-phases %standard-phases - (add-before 'configure 'change-directory - (lambda _ - ;; The build system in the unpack phase changes to a less useful - ;; subdirectory, so move up one level - (chdir (dirname (getcwd))))) - (replace 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (substitute* "keyanalyze/Makefile" - (("LDLIBS") (string-append "CC=" (which "gcc") "\nLDLIBS"))) - (substitute* "keyanalyze/Makefile" - (("\\./configure") (string-append "./configure --prefix=" out))) - (substitute* "gpgwrap/src/Makefile" - (("\\} clean") - (string-append "} clean\ninstall:\n\tinstall -D bin/gpgwrap " - out "/bin/gpgwrap\n"))) - (substitute* '("gpgsigs/Makefile" "keyanalyze/Makefile" - "keylookup/Makefile" "sig2dot/Makefile" - "springgraph/Makefile") - (("/usr") out)) - (setenv "CONFIG_SHELL" (which "sh"))))) - (replace 'install - (lambda* (#:key outputs #:allow-other-keys #:rest args) - (let ((out (assoc-ref outputs "out")) - (install (assoc-ref %standard-phases 'install))) - (apply install args) - (for-each - (lambda (dir file) - (copy-file (string-append dir "/" file) - (string-append out "/bin/" file))) - '("caff" "caff" "caff" "gpgdir" "gpg-key2ps" - "gpglist" "gpg-mailkeys" "gpgparticipants") - '("caff" "pgp-clean" "pgp-fixkey" "gpgdir" "gpg-key2ps" - "gpglist" "gpg-mailkeys" "gpgparticipants")) - (for-each - (lambda (dir file) - (copy-file (string-append dir "/" file) - (string-append out "/share/man/man1/" file))) - '("caff" "caff" "caff" "gpgdir" - "gpg-key2ps" "gpglist" "gpg-mailkeys" - "gpgparticipants" "gpgsigs" "gpgwrap/doc" - "keyanalyze" "keyanalyze/pgpring" "keyanalyze") - '("caff.1" "pgp-clean.1" "pgp-fixkey.1" "gpgdir.1" - "gpg-key2ps.1" "gpglist.1" "gpg-mailkeys.1" - "gpgparticipants.1" "gpgsigs.1" "gpgwrap.1" - "process_keys.1" "pgpring.1" "keyanalyze.1"))))) - (add-after 'install 'wrap-programs - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out"))) - (wrap-program - (string-append out "/bin/caff") - `("PERL5LIB" ":" prefix (,(getenv "PERL5LIB")))))))))) - (synopsis "Collection of scripts for simplifying gnupg key signing") - (description - "Signing-party is a collection for all kinds of PGP/GnuPG related things, + ;; Upstream moved from alioth.debian.org to salsa.debian.org but the + ;; automatic svn import did not preserve tags apparently, so there's no real + ;; version number. + (let ((commit "d6f2296325605ee96ddf9f5b156e5e3f667a6df3") + (revision "0")) + (package + (name "signing-party") + (version (git-version "2.6" revision commit)) + (home-page "https://salsa.debian.org/stappers/pgp-tools") + (source (origin + (method git-fetch) + (uri (git-reference + (url home-page) + (commit commit))) + (sha256 + (base32 + "00f7zasbwcbjzd92br2j10pyjxv0aw1qb4540qfz2dxzxgmdscrz")))) + (build-system gnu-build-system) + (native-inputs + `(("autoconf" ,autoconf-wrapper) + ("automake" ,automake))) + (inputs `(("perl" ,perl) + ("perl-text-template" ,perl-text-template) + ("perl-mime-tools" ,perl-mime-tools) + ("perl-gnupg-interface" ,perl-gnupg-interface) + ("perl-net-idn-encode" ,perl-net-idn-encode) + ("libmd" ,libmd))) + (arguments + `(#:tests? #f + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (substitute* "keyanalyze/Makefile" + (("LDLIBS") (string-append "CC=" (which "gcc") "\nLDLIBS"))) + (substitute* "keyanalyze/Makefile" + (("\\./configure") (string-append "./configure --prefix=" out))) + (substitute* "gpgwrap/Makefile" + (("\\} clean") + (string-append "} clean\ninstall:\n\tinstall -D bin/gpgwrap " + out "/bin/gpgwrap\n"))) + (substitute* '("gpgsigs/Makefile" "keyanalyze/Makefile" + "keylookup/Makefile" "sig2dot/Makefile" + "springgraph/Makefile") + (("/usr") out)) + (setenv "CONFIG_SHELL" (which "sh"))))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys #:rest args) + (let ((out (assoc-ref outputs "out")) + (install (assoc-ref %standard-phases 'install))) + (apply install args) + (for-each + (lambda (dir file) + (copy-file (string-append dir "/" file) + (string-append out "/bin/" file))) + '("caff" "caff" "caff" "gpgdir" "gpg-key2ps" + "gpglist" "gpg-mailkeys" "gpgparticipants") + '("caff" "pgp-clean" "pgp-fixkey" "gpgdir" "gpg-key2ps" + "gpglist" "gpg-mailkeys" "gpgparticipants")) + (for-each + (lambda (dir file) + (copy-file (string-append dir "/" file) + (string-append out "/share/man/man1/" file))) + '("caff" "caff" "caff" "gpgdir" + "gpg-key2ps" "gpglist" "gpg-mailkeys" + "gpgparticipants" "gpgsigs" "gpgwrap/doc" + "keyanalyze" "keyanalyze/pgpring" "keyanalyze") + '("caff.1" "pgp-clean.1" "pgp-fixkey.1" "gpgdir.1" + "gpg-key2ps.1" "gpglist.1" "gpg-mailkeys.1" + "gpgparticipants.1" "gpgsigs.1" "gpgwrap.1" + "process_keys.1" "pgpring.1" "keyanalyze.1"))))) + (add-after 'install 'wrap-programs + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out"))) + (wrap-program + (string-append out "/bin/caff") + `("PERL5LIB" ":" prefix (,(getenv "PERL5LIB")))))))))) + (synopsis "Collection of scripts for simplifying gnupg key signing") + (description + "Signing-party is a collection for all kinds of PGP/GnuPG related things, including tools for signing keys, keyring analysis, and party preparation. @enumerate @item caff: CA - Fire and Forget signs and mails a key @@ -720,11 +723,10 @@ including tools for signing keys, keyring analysis, and party preparation. @item sig2dot: converts a list of GnuPG signatures to a .dot file @item springgraph: creates a graph from a .dot file @end enumerate") - ;; gpl2+ for almost all programs, except for keyanalyze: gpl2 - ;; and caff and gpgsigs: bsd-3, see - ;; http://packages.debian.org/changelogs/pool/main/s/signing-party/current/copyright - (license license:gpl2) - (home-page "https://pgp-tools.alioth.debian.org/"))) + ;; gpl2+ for almost all programs, except for keyanalyze: gpl2 + ;; and caff and gpgsigs: bsd-3, see + ;; http://packages.debian.org/changelogs/pool/main/s/signing-party/current/copyright + (license license:gpl2)))) (define-public pinentry-tty (package -- cgit v1.2.3 From 216c7266737204af05275d0ff196cfddda083366 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sat, 9 Jun 2018 22:21:21 +0300 Subject: gnu: gnupg: Update to 2.2.8 (fixes CVE-2018-12020). * gnu/packages/gnupg.scm (gnupg): Update to 2.2.8. --- gnu/packages/gnupg.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index eeac964fef..7b66ee479d 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -231,14 +231,14 @@ compatible to GNU Pth.") (define-public gnupg (package (name "gnupg") - (version "2.2.7") + (version "2.2.8") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnupg/gnupg-" version ".tar.bz2")) (sha256 (base32 - "0vlpis0q7gvq9mhdc43hkyn3cdriz4mwgj20my3gyzpgwqg3cnyr")))) + "1k8dnnfs9888yp713l7kg2jg110lw47s4krx0njna6fjrsw4qyvp")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) -- cgit v1.2.3 From 65956ad3526ba09e1f7a40722c96c6ef7c0936fe Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 9 Jun 2018 17:39:14 -0400 Subject: gnu: GnuPG 1.4: Fix CVE-2018-12020. * gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnupg.scm (gnupg-1)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/gnupg.scm | 1 + .../patches/gnupg-1.4-CVE-2018-12020.patch | 50 ++++++++++++++++++++++ 3 files changed, 52 insertions(+) create mode 100644 gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch (limited to 'gnu/packages/gnupg.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 72339735d8..07ca5e220e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -743,6 +743,7 @@ dist_patch_DATA = \ %D%/packages/patches/gnome-todo-libical-compat.patch \ %D%/packages/patches/gnome-tweak-tool-search-paths.patch \ %D%/packages/patches/gnucash-price-quotes-perl.patch \ + %D%/packages/patches/gnupg-1.4-CVE-2018-12020.patch \ %D%/packages/patches/gnutls-skip-trust-store-test.patch \ %D%/packages/patches/gnutls-skip-pkgconfig-test.patch \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 7b66ee479d..42b54c1ea0 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -354,6 +354,7 @@ libskba (working with X.509 certificates and CMS data).") (method url-fetch) (uri (string-append "mirror://gnupg/gnupg/gnupg-" version ".tar.bz2")) + (patches (search-patches "gnupg-1.4-CVE-2018-12020.patch")) (sha256 (base32 "1d1hz4szh1kvwhsw7w2zxa6q5ndrk3qy6hj289l1b8k3xi5s554m")))) diff --git a/gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch b/gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch new file mode 100644 index 0000000000..306d4d348b --- /dev/null +++ b/gnu/packages/patches/gnupg-1.4-CVE-2018-12020.patch @@ -0,0 +1,50 @@ +Fix CVE-2018-12020: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020 +https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html + +Patch copied from upstream source repository: + +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac + +From 2326851c60793653069494379b16d84e4c10a0ac Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Fri, 8 Jun 2018 10:45:21 +0200 +Subject: [PATCH] gpg: Sanitize diagnostic with the original file name. + +* g10/mainproc.c (proc_plaintext): Sanitize verbose output. +-- + +This fixes a forgotten sanitation of user supplied data in a verbose +mode diagnostic. The mention CVE is about using this to inject +status-fd lines into the stderr output. Other harm good as well be +done. Note that GPGME based applications are not affected because +GPGME does not fold status output into stderr. + +CVE-id: CVE-2018-12020 +GnuPG-bug-id: 4012 +(cherry picked from commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b) +--- + g10/mainproc.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/g10/mainproc.c b/g10/mainproc.c +index 33a654b34..ffa7ef6d8 100644 +--- a/g10/mainproc.c ++++ b/g10/mainproc.c +@@ -638,7 +638,11 @@ proc_plaintext( CTX c, PACKET *pkt ) + if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) + log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n")); + else if( opt.verbose ) +- log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name); ++ { ++ char *tmp = make_printable_string (pt->name, pt->namelen, 0); ++ log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp); ++ xfree (tmp); ++ } + free_md_filter_context( &c->mfx ); + c->mfx.md = md_open( 0, 0); + /* fixme: we may need to push the textfilter if we have sigclass 1 +-- +2.17.1 + -- cgit v1.2.3