From 09849475c8bdd711fc07c4ef4bb0ae13de046817 Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Mon, 17 Feb 2025 00:23:17 -0800 Subject: gnupg: upgrade 2.5.3 -> 2.5.4 Noteworthy changes in version 2.5.4 (2025-02-12) ------------------------------------------------ * gpg: New option --disable-pqc-encryption. [rG00c31f8b04] * gpg: Fix --quick-add-key for Weierstrass ECC with usage given.[T7506] * gpg: Fix handling with no CRC armor. [T7071] * gpg: New private Kyber keys are now cross-referenced using a new Link attribute. [T6638] * gpg: Fix an import problem with keys having another primary key as a subkey. [T7527] * gpgsm: Allow unattended PKCS#12 export without passphrase. [rG159e801043] * gpgsm: Allow CSR generation with an unprotected key. [rG89055f24f4] * agent: New option --change-std-env-name. [T7522] * agent: Fix ssh-agent's request_identities for skipped Brainpool keys. [rG2469dc5aae] * Do not package zlib and bzip2 object files in a speedo release build. [T7442] See-also: gnupg-announce/2025q1/000490.html Release-info: https://dev.gnupg.org/T7480 https://dev.gnupg.org/source/gnupg/browse/master/NEWS (From OE-Core rev: 59f26c7311ae3d5596f517b739e7c3435db070a3) Signed-off-by: Hongxu Jia Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- ...1-Woverride-init-is-not-needed-with-gcc-9.patch | 2 +- ...c-use-a-custom-value-for-the-location-of-.patch | 6 +- ...0002-use-pkgconfig-instead-of-npth-config.patch | 2 +- ...gen.sh-fix-find-version-for-beta-checking.patch | 2 +- meta/recipes-support/gnupg/gnupg/relocate.patch | 2 +- meta/recipes-support/gnupg/gnupg_2.5.3.bb | 83 ---------------------- meta/recipes-support/gnupg/gnupg_2.5.4.bb | 83 ++++++++++++++++++++++ 7 files changed, 90 insertions(+), 90 deletions(-) delete mode 100644 meta/recipes-support/gnupg/gnupg_2.5.3.bb create mode 100644 meta/recipes-support/gnupg/gnupg_2.5.4.bb diff --git a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch index fcd2528513..6299eb95ce 100644 --- a/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch +++ b/meta/recipes-support/gnupg/gnupg/0001-Woverride-init-is-not-needed-with-gcc-9.patch @@ -1,4 +1,4 @@ -From bbf09a439d56ddcae6f641c8f1cf7544e3dd4d6f Mon Sep 17 00:00:00 2001 +From 690faa62529c584cd80c8eaa56210ec1e4a96d7f Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Thu, 20 Dec 2018 17:37:48 -0800 Subject: [PATCH] Woverride-init is not needed with gcc 9 diff --git a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch index 6e2f8d6fe6..ed94145833 100644 --- a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch +++ b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch @@ -1,4 +1,4 @@ -From c9cef60c7be6a5cb5a9557117f4d285278cc6f47 Mon Sep 17 00:00:00 2001 +From c9392c615a95c965dd58b0896cb3b87deafc62a4 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Mon, 22 Jan 2018 18:00:21 +0200 Subject: [PATCH] configure.ac: use a custom value for the location of @@ -13,10 +13,10 @@ Signed-off-by: Alexander Kanavin 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 6252d57..1da2c6f 100644 +index 23a9101..3e10021 100644 --- a/configure.ac +++ b/configure.ac -@@ -1911,7 +1911,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", +@@ -1908,7 +1908,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool]) diff --git a/meta/recipes-support/gnupg/gnupg/0002-use-pkgconfig-instead-of-npth-config.patch b/meta/recipes-support/gnupg/gnupg/0002-use-pkgconfig-instead-of-npth-config.patch index 9c87788e80..2d23ca1e66 100644 --- a/meta/recipes-support/gnupg/gnupg/0002-use-pkgconfig-instead-of-npth-config.patch +++ b/meta/recipes-support/gnupg/gnupg/0002-use-pkgconfig-instead-of-npth-config.patch @@ -1,4 +1,4 @@ -From 7c0163fd17b78284495da382023074ee7dd629b6 Mon Sep 17 00:00:00 2001 +From 9f7cf2e4770697c24f8d24ce9f79b8548120bbf8 Mon Sep 17 00:00:00 2001 From: Saul Wold Date: Wed, 16 Aug 2017 11:16:30 +0800 Subject: [PATCH] use pkgconfig instead of npth config diff --git a/meta/recipes-support/gnupg/gnupg/0004-autogen.sh-fix-find-version-for-beta-checking.patch b/meta/recipes-support/gnupg/gnupg/0004-autogen.sh-fix-find-version-for-beta-checking.patch index 3b4b01721a..fc7d964ec4 100644 --- a/meta/recipes-support/gnupg/gnupg/0004-autogen.sh-fix-find-version-for-beta-checking.patch +++ b/meta/recipes-support/gnupg/gnupg/0004-autogen.sh-fix-find-version-for-beta-checking.patch @@ -1,4 +1,4 @@ -From 24ae21dce9fc7546468580ab37db3bf9559e6efc Mon Sep 17 00:00:00 2001 +From 4d8cc1982273d571b4e80fe981878d0fa5884236 Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Wed, 16 Aug 2017 11:23:22 +0800 Subject: [PATCH] autogen.sh: fix find-version for beta checking diff --git a/meta/recipes-support/gnupg/gnupg/relocate.patch b/meta/recipes-support/gnupg/gnupg/relocate.patch index b67744419e..1ae8a564d4 100644 --- a/meta/recipes-support/gnupg/gnupg/relocate.patch +++ b/meta/recipes-support/gnupg/gnupg/relocate.patch @@ -1,4 +1,4 @@ -From db9e4933176b7919077120cedb8a8b0a40c2115b Mon Sep 17 00:00:00 2001 +From 917a98f9380d581548f3cbb59428cee3a5c29bae Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Wed, 19 Sep 2018 14:44:40 +0100 Subject: [PATCH] Allow the environment to override where gnupg looks for its diff --git a/meta/recipes-support/gnupg/gnupg_2.5.3.bb b/meta/recipes-support/gnupg/gnupg_2.5.3.bb deleted file mode 100644 index cca4feaf6c..0000000000 --- a/meta/recipes-support/gnupg/gnupg_2.5.3.bb +++ /dev/null @@ -1,83 +0,0 @@ -SUMMARY = "GNU Privacy Guard - encryption and signing tools (2.x)" -DESCRIPTION = "A complete and free implementation of the OpenPGP standard \ -as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt \ -and sign your data and communications; it features a versatile key \ -management system, along with access modules for all kinds of public \ -key directories." -HOMEPAGE = "http://www.gnupg.org/" -LICENSE = "GPL-3.0-only & LGPL-3.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=189af8afca6d6075ba6c9e0aa8077626 \ - file://COPYING.LGPL3;md5=a2b6bf2cb38ee52619e60f30a1fc7257" - -DEPENDS = "npth libassuan libksba zlib bzip2 readline libgcrypt" - -inherit autotools gettext texinfo pkgconfig - -UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" -SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ - file://0002-use-pkgconfig-instead-of-npth-config.patch \ - file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ - file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ - " -SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ - file://relocate.patch" -SRC_URI:append:class-nativesdk = " file://relocate.patch" - -SRC_URI[sha256sum] = "23128b136aed4e5121e793d1b6c60ee50c8007a9d926c1313e524d05386b54ac" - -EXTRA_OECONF = "--disable-ldap \ - --disable-ccid-driver \ - --with-zlib=${STAGING_LIBDIR}/.. \ - --with-bzip2=${STAGING_LIBDIR}/.. \ - --with-readline=${STAGING_LIBDIR}/.. \ - --with-mailprog=${sbindir}/sendmail \ - --disable-tests \ - --disable-doc \ - " - -# A minimal package containing just enough to run gpg+gpgagent (E.g. use gpgme in opkg) -PACKAGES =+ "${PN}-gpg" -FILES:${PN}-gpg = " \ - ${bindir}/gpg \ - ${bindir}/gpg-agent \ -" - -# Normal package (gnupg) should depend on minimal package (gnupg-gpg) -# to ensure all tools are included. This is done only in non-native -# builds. Native builds don't have sub-packages, so appending RDEPENDS -# in this case breaks recipe parsing. -RDEPENDS:${PN} += "${@ "" if ("native" in d.getVar("PN")) else (d.getVar("PN") + "-gpg")}" - -RRECOMMENDS:${PN} = "pinentry" - -do_configure:prepend () { - # Else these could be used in prefernce to those in aclocal-copy - rm -f ${S}/m4/gpg-error.m4 - rm -f ${S}/m4/libassuan.m4 - rm -f ${S}/m4/ksba.m4 - rm -f ${S}/m4/libgcrypt.m4 -} - -do_install:append:class-native() { - create_wrappers ${STAGING_BINDIR_NATIVE} -} - -do_install:append:class-nativesdk() { - create_wrappers ${SDKPATHNATIVE}${bindir_nativesdk} -} - -create_wrappers() { - for i in gpg gpgconf gpg-agent gpg-connect-agent; do - create_wrapper ${D}${bindir}/$i GNUPG_BINDIR=$1 - done -} - -PACKAGECONFIG ??= "gnutls" -PACKAGECONFIG[gnutls] = "--enable-gnutls, --disable-gnutls, gnutls" -PACKAGECONFIG[sqlite3] = "--enable-sqlite, --disable-sqlite, sqlite3" - -BBCLASSEXTEND = "native nativesdk" - -lcl_maybe_fortify:mipsarch = "" - -CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993" diff --git a/meta/recipes-support/gnupg/gnupg_2.5.4.bb b/meta/recipes-support/gnupg/gnupg_2.5.4.bb new file mode 100644 index 0000000000..e6a7e3fb40 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg_2.5.4.bb @@ -0,0 +1,83 @@ +SUMMARY = "GNU Privacy Guard - encryption and signing tools (2.x)" +DESCRIPTION = "A complete and free implementation of the OpenPGP standard \ +as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt \ +and sign your data and communications; it features a versatile key \ +management system, along with access modules for all kinds of public \ +key directories." +HOMEPAGE = "http://www.gnupg.org/" +LICENSE = "GPL-3.0-only & LGPL-3.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=189af8afca6d6075ba6c9e0aa8077626 \ + file://COPYING.LGPL3;md5=a2b6bf2cb38ee52619e60f30a1fc7257" + +DEPENDS = "npth libassuan libksba zlib bzip2 readline libgcrypt" + +inherit autotools gettext texinfo pkgconfig + +UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" +SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ + file://0002-use-pkgconfig-instead-of-npth-config.patch \ + file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ + file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ + " +SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ + file://relocate.patch" +SRC_URI:append:class-nativesdk = " file://relocate.patch" + +SRC_URI[sha256sum] = "f8cb2ac6c9f17f81e3541c62158764910fad5c3a0765e00b398c41a32bc4e0ea" + +EXTRA_OECONF = "--disable-ldap \ + --disable-ccid-driver \ + --with-zlib=${STAGING_LIBDIR}/.. \ + --with-bzip2=${STAGING_LIBDIR}/.. \ + --with-readline=${STAGING_LIBDIR}/.. \ + --with-mailprog=${sbindir}/sendmail \ + --disable-tests \ + --disable-doc \ + " + +# A minimal package containing just enough to run gpg+gpgagent (E.g. use gpgme in opkg) +PACKAGES =+ "${PN}-gpg" +FILES:${PN}-gpg = " \ + ${bindir}/gpg \ + ${bindir}/gpg-agent \ +" + +# Normal package (gnupg) should depend on minimal package (gnupg-gpg) +# to ensure all tools are included. This is done only in non-native +# builds. Native builds don't have sub-packages, so appending RDEPENDS +# in this case breaks recipe parsing. +RDEPENDS:${PN} += "${@ "" if ("native" in d.getVar("PN")) else (d.getVar("PN") + "-gpg")}" + +RRECOMMENDS:${PN} = "pinentry" + +do_configure:prepend () { + # Else these could be used in prefernce to those in aclocal-copy + rm -f ${S}/m4/gpg-error.m4 + rm -f ${S}/m4/libassuan.m4 + rm -f ${S}/m4/ksba.m4 + rm -f ${S}/m4/libgcrypt.m4 +} + +do_install:append:class-native() { + create_wrappers ${STAGING_BINDIR_NATIVE} +} + +do_install:append:class-nativesdk() { + create_wrappers ${SDKPATHNATIVE}${bindir_nativesdk} +} + +create_wrappers() { + for i in gpg gpgconf gpg-agent gpg-connect-agent; do + create_wrapper ${D}${bindir}/$i GNUPG_BINDIR=$1 + done +} + +PACKAGECONFIG ??= "gnutls" +PACKAGECONFIG[gnutls] = "--enable-gnutls, --disable-gnutls, gnutls" +PACKAGECONFIG[sqlite3] = "--enable-sqlite, --disable-sqlite, sqlite3" + +BBCLASSEXTEND = "native nativesdk" + +lcl_maybe_fortify:mipsarch = "" + +CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993" -- cgit v1.2.3-54-g00ecf