[pkgsrc/trunk]: pkgsrc/security/gnupg2 gnupg2: updated to 2.2.36

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2aa68c893718
branches:  trunk
changeset: 381719:2aa68c893718
user:      adam <adam%pkgsrc.org@localhost>
date:      Tue Jul 12 05:46:00 2022 +0000

description:
gnupg2: updated to 2.2.36

Noteworthy changes in version 2.2.36 (2022-07-06)
-------------------------------------------------

  * g10: Fix possibly garbled status messages in NOTATION_DATA.  This
    bug could trick GPGME and other parsers to accept faked status
    lines.  [T6027, CVE-2022-34903]

  * gpg: Handle leading zeroes in Ed25519 private keys and reverse
    change regarding Ed25519 SOS encoding as introduced with 2.2.34.
    [T5120]

  * gpg: Allow Unicode file names for iobuf_cancel under Windows.

  * gpgsm: Improve pkcs#12 import.  [T6037,T5793,T4921,T4757]

  * scd,p15: Fix reading certificates w/o length info.

  * scd,p15: Improve the displayed S/N for Technology Nexus cards.

  * scd,openpgp: Add workaround for ECC attribute on Yubikey. [T5963]

  * scd: Fix use of SCardListReaders for PC/SC.  [T5979]

  * gpgconf: New short options -X and -V.

  * Make sure to always set CONFIDENTIAL flag in Assuan.

diffstat:

 security/gnupg2/Makefile                |   5 +--
 security/gnupg2/distinfo                |   9 +++----
 security/gnupg2/patches/patch-g10_cpr.c |  40 ---------------------------------
 3 files changed, 6 insertions(+), 48 deletions(-)

diffs (73 lines):

diff -r 5e70c9f8749b -r 2aa68c893718 security/gnupg2/Makefile
--- a/security/gnupg2/Makefile  Tue Jul 12 05:43:58 2022 +0000
+++ b/security/gnupg2/Makefile  Tue Jul 12 05:46:00 2022 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.134 2022/06/30 14:48:55 wiz Exp $
+# $NetBSD: Makefile,v 1.135 2022/07/12 05:46:00 adam Exp $
 
-DISTNAME=      gnupg-2.2.35
+DISTNAME=      gnupg-2.2.36
 PKGNAME=       ${DISTNAME:S/gnupg-/gnupg2-/}
-PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  ftp://ftp.gnupg.org/gcrypt/gnupg/
 MASTER_SITES+= http://mirrors.dotsrc.org/gcrypt/gnupg/
diff -r 5e70c9f8749b -r 2aa68c893718 security/gnupg2/distinfo
--- a/security/gnupg2/distinfo  Tue Jul 12 05:43:58 2022 +0000
+++ b/security/gnupg2/distinfo  Tue Jul 12 05:46:00 2022 +0000
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.74 2022/06/30 14:48:55 wiz Exp $
+$NetBSD: distinfo,v 1.75 2022/07/12 05:46:00 adam Exp $
 
-BLAKE2s (gnupg-2.2.35.tar.bz2) = 74f0a044b85c30a11a59bed4e21c322c7a77c839639996fa30f5e3bee8433830
-SHA512 (gnupg-2.2.35.tar.bz2) = ad9f8d10890b7fafb15a7422e2cebaf0f85ce7cf5f880f4edd8d1dec46aa73c01f9096e601f6edd665f8684d1f5892634991a400e00b3185e6b201f549004d3e
-Size (gnupg-2.2.35.tar.bz2) = 7262687 bytes
+BLAKE2s (gnupg-2.2.36.tar.bz2) = a5a5505ea8620649b5a2e7dfe8f4b12ebc06bd206d3502fad79cac6f8170245b
+SHA512 (gnupg-2.2.36.tar.bz2) = 2d14000a0e8b36688d5e89372a1ef5f8a526b2724715377323d1f9abd23122aa9d0ab2c0988063c397f969afefbf205aedb7205915fd751c539336e680d8462a
+Size (gnupg-2.2.36.tar.bz2) = 7273805 bytes
 SHA1 (patch-common_sysutils.c) = 569c12e21172c1521284922244b2f4f361c945d6
-SHA1 (patch-g10_cpr.c) = 0a691eb6e6463ce9f9e3e735d3b2d587195a05cc
diff -r 5e70c9f8749b -r 2aa68c893718 security/gnupg2/patches/patch-g10_cpr.c
--- a/security/gnupg2/patches/patch-g10_cpr.c   Tue Jul 12 05:43:58 2022 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,40 +0,0 @@
-$NetBSD: patch-g10_cpr.c,v 1.1 2022/06/30 14:48:55 wiz Exp $
-
-g10: Fix garbled status messages in NOTATION_DATA
-
-* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
-
-Depending on the escaping and line wrapping the computed remaining
-buffer length could be wrong. Fixed by always using a break to
-terminate the escape detection loop. Might have happened for all
-status lines which may wrap.
-
-https://dev.gnupg.org/rG34c649b3601383cd11dbc76221747ec16fd68e1b
-
---- g10/cpr.c.orig     2022-02-24 13:06:37.000000000 +0000
-+++ g10/cpr.c
-@@ -328,20 +328,15 @@ write_status_text_and_buffer (int no, co
-             }
-           first = 0;
-         }
--      for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
-+      for (esc=0, s=buffer, n=len; n; s++, n--)
-         {
-           if (*s == '%' || *(const byte*)s <= lower_limit
-               || *(const byte*)s == 127 )
-             esc = 1;
-           if (wrap && ++count > wrap)
--            {
--              dowrap=1;
--              break;
--            }
--        }
--      if (esc)
--        {
--          s--; n++;
-+            dowrap=1;
-+          if (esc || dowrap)
-+            break;
-         }
-       if (s != buffer)
-         es_fwrite (buffer, s-buffer, 1, statusfp);