From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5C8AA158011 for ; Thu, 14 Jul 2022 06:10:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 87CB5E09DD; Thu, 14 Jul 2022 06:10:04 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 27AFDE0D13 for ; Thu, 14 Jul 2022 00:49:52 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 1D4993410FD for ; Thu, 14 Jul 2022 00:49:51 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 2F226500 for ; Thu, 14 Jul 2022 00:49:49 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1657759769.70a5cc46592ba76ffa08535b1c60f9cc59470e88.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/, app-crypt/gnupg/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-crypt/gnupg/files/gnupg-2.3.7-yubikey-workaround-fix.patch app-crypt/gnupg/gnupg-2.3.7-r1.ebuild app-crypt/gnupg/gnupg-2.3.7.ebuild X-VCS-Directories: app-crypt/gnupg/files/ app-crypt/gnupg/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 70a5cc46592ba76ffa08535b1c60f9cc59470e88 X-VCS-Branch: master Date: Thu, 14 Jul 2022 00:49:49 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: e39693da-02c1-4b01-831d-dc3de3b8648d X-Archives-Hash: c5b1e591ac271f5e3fc845501b4ceaf8 commit: 70a5cc46592ba76ffa08535b1c60f9cc59470e88 Author: Sam James gentoo org> AuthorDate: Thu Jul 14 00:49:29 2022 +0000 Commit: Sam James gentoo org> CommitDate: Thu Jul 14 00:49:29 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70a5cc46 app-crypt/gnupg: backport yubikey fix Signed-off-by: Sam James gentoo.org> .../files/gnupg-2.3.7-yubikey-workaround-fix.patch | 53 ++++++++++++++++++++++ .../{gnupg-2.3.7.ebuild => gnupg-2.3.7-r1.ebuild} | 1 + 2 files changed, 54 insertions(+) diff --git a/app-crypt/gnupg/files/gnupg-2.3.7-yubikey-workaround-fix.patch b/app-crypt/gnupg/files/gnupg-2.3.7-yubikey-workaround-fix.patch new file mode 100644 index 000000000000..94062c885b5b --- /dev/null +++ b/app-crypt/gnupg/files/gnupg-2.3.7-yubikey-workaround-fix.patch @@ -0,0 +1,53 @@ +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f34b9147eb3070bce80d53febaa564164cd6c977 + +From f34b9147eb3070bce80d53febaa564164cd6c977 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Wed, 13 Jul 2022 10:40:55 +0900 +Subject: [PATCH] scd:openpgp: Fix workaround for Yubikey heuristics. + +* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case +of firmware 5.4, too. + +-- + +GnuPG-bug-id: 6070 +Signed-off-by: NIIBE Yutaka +--- a/scd/app-openpgp.c ++++ b/scd/app-openpgp.c +@@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno) + app->app_local->keyattr[keyno].ecc.algo = *buffer; + app->app_local->keyattr[keyno].ecc.flags = 0; + +- if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY +- || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) +- { /* Found "pubkey required"-byte for private key template. */ +- oidlen--; +- if (buffer[buflen-1] == 0xff) +- app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; ++ if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY) ++ { ++ /* Yubikey implementations vary. ++ * Firmware version 5.2 returns "pubkey required"-byte with ++ * 0x00, but after removal and second time insertion, it ++ * returns bogus value there. ++ * Firmware version 5.4 returns none. ++ */ ++ curve = ecc_curve (buffer + 1, oidlen); ++ if (!curve) ++ curve = ecc_curve (buffer + 1, oidlen - 1); ++ } ++ else ++ { ++ if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) ++ { /* Found "pubkey required"-byte for private key template. */ ++ oidlen--; ++ if (buffer[buflen-1] == 0xff) ++ app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; ++ } ++ curve = ecc_curve (buffer + 1, oidlen); + } +- +- curve = ecc_curve (buffer + 1, oidlen); + + if (!curve) + { diff --git a/app-crypt/gnupg/gnupg-2.3.7.ebuild b/app-crypt/gnupg/gnupg-2.3.7-r1.ebuild similarity index 99% rename from app-crypt/gnupg/gnupg-2.3.7.ebuild rename to app-crypt/gnupg/gnupg-2.3.7-r1.ebuild index 6f376da7aafd..54821c7edea1 100644 --- a/app-crypt/gnupg/gnupg-2.3.7.ebuild +++ b/app-crypt/gnupg/gnupg-2.3.7-r1.ebuild @@ -57,6 +57,7 @@ DOCS=( PATCHES=( "${FILESDIR}"/${PN}-2.1.20-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch + "${FILESDIR}"/${P}-yubikey-workaround-fix.patch ) src_prepare() {