mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f0bbacca4691aa76939e93e5028138095a23bf5c
poky/meta/recipes-support/gnupg/gnupg_2.4.8.bb
Peter Marko f0bbacca46 gnupg: mark CVE-2025-30258 as patched 
Per NVD report [1] this CVE is fixed by [2].
This commit was backported to 2.4.8 via [3].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-30258
[2] https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158
[3] da0164efc7

(From OE-Core rev: 88fe1eaa4bcd7c838902d8cdc067276c5f32624d)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-10-24 06:23:39 -07:00

86 lines
3.2 KiB
BlitzBasic
Raw Blame History

SUMMARY = "GNU Privacy Guard - encryption and signing tools (2.x)"
DESCRIPTION = "A complete and free implementation of the OpenPGP standard \
as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt \
and sign your data and communications; it features a versatile key \
management system, along with access modules for all kinds of public \
key directories."
HOMEPAGE = "http://www.gnupg.org/"
LICENSE = "GPL-3.0-only & LGPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=189af8afca6d6075ba6c9e0aa8077626 \
file://COPYING.LGPL3;md5=a2b6bf2cb38ee52619e60f30a1fc7257"
DEPENDS = "npth libassuan libksba zlib bzip2 readline libgcrypt"
inherit autotools gettext texinfo pkgconfig
UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0002-use-pkgconfig-instead-of-npth-config.patch \
file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
"
SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
file://relocate.patch"
SRC_URI:append:class-nativesdk = " file://relocate.patch"
SRC_URI[sha256sum] = "b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
--with-zlib=${STAGING_LIBDIR}/.. \
--with-bzip2=${STAGING_LIBDIR}/.. \
--with-readline=${STAGING_LIBDIR}/.. \
--with-mailprog=${sbindir}/sendmail \
--disable-tests \
"
# yat2m can be found from recipe-sysroot-native non-deterministically with different versioning otherwise
CACHED_CONFIGUREVARS += "ac_cv_path_YAT2M=./yat2m"
# A minimal package containing just enough to run gpg+gpgagent (E.g. use gpgme in opkg)
PACKAGES =+ "${PN}-gpg"
FILES:${PN}-gpg = " \
${bindir}/gpg \
${bindir}/gpg-agent \
"
# Normal package (gnupg) should depend on minimal package (gnupg-gpg)
# to ensure all tools are included. This is done only in non-native
# builds. Native builds don't have sub-packages, so appending RDEPENDS
# in this case breaks recipe parsing.
RDEPENDS:${PN} += "${@ "" if ("native" in d.getVar("PN")) else (d.getVar("PN") + "-gpg")}"
RRECOMMENDS:${PN} = "pinentry"
do_configure:prepend () {
# Else these could be used in prefernce to those in aclocal-copy
rm -f ${S}/m4/gpg-error.m4
rm -f ${S}/m4/libassuan.m4
rm -f ${S}/m4/ksba.m4
rm -f ${S}/m4/libgcrypt.m4
}
do_install:append:class-native() {
create_wrappers ${STAGING_BINDIR_NATIVE}
}
do_install:append:class-nativesdk() {
create_wrappers ${SDKPATHNATIVE}${bindir_nativesdk}
}
create_wrappers() {
for i in gpg gpgconf gpg-agent gpg-connect-agent; do
create_wrapper ${D}${bindir}/$i GNUPG_BINDIR=$1
done
}
PACKAGECONFIG ??= "gnutls"
PACKAGECONFIG[gnutls] = "--enable-gnutls, --disable-gnutls, gnutls"
PACKAGECONFIG[sqlite3] = "--enable-sqlite, --disable-sqlite, sqlite3"
BBCLASSEXTEND = "native nativesdk"
lcl_maybe_fortify:mipsarch = ""
CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993"
CVE_STATUS[CVE-2025-30258] = "cpe-stable-backport: fir for this CVE was backported to version 2.4.8"
Reference in New Issue View Git Blame Copy Permalink