From a9c57c67f4a646f1c1924fadb891d0c1be5ef7cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Christian=20Gr=C3=BCnhage?=
 <jan.christian@gruenhage.xyz>
Date: Wed, 20 Jul 2022 10:39:50 +0200
Subject: [PATCH] gnupg: fix new yubikey firmware versions

Patch has already been submitted upstream
(https://dev.gnupg.org/rGf34b9147eb3070bce80d53febaa564164cd6c977), and
was confirmed working on the linked issue
---
 ...csclite-library-on-musl-libc-as-well.patch | 26 +++++++++
 ...ix-workaround-for-Yubikey-heuristics.patch | 58 +++++++++++++++++++
 .../patches/use-versioned-pcsclite.patch      | 11 ----
 srcpkgs/gnupg/template                        |  2 +-
 4 files changed, 85 insertions(+), 12 deletions(-)
 create mode 100644 srcpkgs/gnupg/patches/0001-use-versioned-pcsclite-library-on-musl-libc-as-well.patch
 create mode 100644 srcpkgs/gnupg/patches/0002-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch
 delete mode 100644 srcpkgs/gnupg/patches/use-versioned-pcsclite.patch

diff --git a/srcpkgs/gnupg/patches/0001-use-versioned-pcsclite-library-on-musl-libc-as-well.patch b/srcpkgs/gnupg/patches/0001-use-versioned-pcsclite-library-on-musl-libc-as-well.patch
new file mode 100644
index 000000000000..23bc690b9dcb
--- /dev/null
+++ b/srcpkgs/gnupg/patches/0001-use-versioned-pcsclite-library-on-musl-libc-as-well.patch
@@ -0,0 +1,26 @@
+From 94b3bedd1ed56d70168dfd09594d2f0d8d6dea96 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
+ <congdanhqx@gmail.com>
+Date: Sun, 29 Sep 2019 12:32:46 +0700
+Subject: [PATCH 1/2] use versioned pcsclite library on musl-libc as well
+
+---
+ scd/scdaemon.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scd/scdaemon.c b/scd/scdaemon.c
+index 6d068d3d3..2f2586452 100644
+--- a/scd/scdaemon.c
++++ b/scd/scdaemon.c
+@@ -207,7 +207,7 @@ static struct debug_flags_s debug_flags [] =
+ #define DEFAULT_PCSC_DRIVER "winscard.dll"
+ #elif defined(__APPLE__)
+ #define DEFAULT_PCSC_DRIVER "/System/Library/Frameworks/PCSC.framework/PCSC"
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+ #define DEFAULT_PCSC_DRIVER "libpcsclite.so.1"
+ #else
+ #define DEFAULT_PCSC_DRIVER "libpcsclite.so"
+-- 
+2.37.1
+
diff --git a/srcpkgs/gnupg/patches/0002-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch b/srcpkgs/gnupg/patches/0002-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch
new file mode 100644
index 000000000000..b6cdf2bb35ae
--- /dev/null
+++ b/srcpkgs/gnupg/patches/0002-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch
@@ -0,0 +1,58 @@
+From 65255fd387b57bae83c5c08d1534ae58dbb5c264 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 13 Jul 2022 03:40:00 +0200
+Subject: [PATCH 2/2] scd:openpgp: Fix workaround for Yubikey heuristics.
+
+* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
+of firmware 5.4, too.
+
+GnuPG-bug-id: T6070
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ scd/app-openpgp.c | 29 +++++++++++++++++++++--------
+ 1 file changed, 21 insertions(+), 8 deletions(-)
+
+diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
+index 8bb346a86..4667416df 100644
+--- a/scd/app-openpgp.c
++++ b/scd/app-openpgp.c
+@@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno)
+       app->app_local->keyattr[keyno].ecc.algo = *buffer;
+       app->app_local->keyattr[keyno].ecc.flags = 0;
+ 
+-      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY
+-	  || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
+-        { /* Found "pubkey required"-byte for private key template.  */
+-          oidlen--;
+-          if (buffer[buflen-1] == 0xff)
+-            app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
++      if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY)
++        {
++          /* Yubikey implementations vary.
++           * Firmware version 5.2 returns "pubkey required"-byte with
++           * 0x00, but after removal and second time insertion, it
++           * returns bogus value there.
++           * Firmware version 5.4 returns none.
++           */
++          curve = ecc_curve (buffer + 1, oidlen);
++          if (!curve)
++            curve = ecc_curve (buffer + 1, oidlen - 1);
++        }
++      else
++        {
++          if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
++            { /* Found "pubkey required"-byte for private key template.  */
++              oidlen--;
++              if (buffer[buflen-1] == 0xff)
++                app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
++            }
++          curve = ecc_curve (buffer + 1, oidlen);
+         }
+-
+-      curve = ecc_curve (buffer + 1, oidlen);
+ 
+       if (!curve)
+         {
+-- 
+2.37.1
+
diff --git a/srcpkgs/gnupg/patches/use-versioned-pcsclite.patch b/srcpkgs/gnupg/patches/use-versioned-pcsclite.patch
deleted file mode 100644
index 6a9c70d1b104..000000000000
--- a/srcpkgs/gnupg/patches/use-versioned-pcsclite.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/scd/scdaemon.c	2019-09-29 12:18:47.810111976 +0700
-+++ b/scd/scdaemon.c	2019-09-29 12:20:38.079117234 +0700
-@@ -189,7 +189,7 @@
- #define DEFAULT_PCSC_DRIVER "winscard.dll"
- #elif defined(__APPLE__)
- #define DEFAULT_PCSC_DRIVER "/System/Library/Frameworks/PCSC.framework/PCSC"
--#elif defined(__GLIBC__)
-+#elif defined(__linux__)
- #define DEFAULT_PCSC_DRIVER "libpcsclite.so.1"
- #else
- #define DEFAULT_PCSC_DRIVER "libpcsclite.so"
diff --git a/srcpkgs/gnupg/template b/srcpkgs/gnupg/template
index 79a37000021c..d43787470fff 100644
--- a/srcpkgs/gnupg/template
+++ b/srcpkgs/gnupg/template
@@ -1,7 +1,7 @@
 # Template file for 'gnupg'
 pkgname=gnupg
 version=2.3.7
-revision=2
+revision=3
 build_style=gnu-configure
 configure_args="$(vopt_enable ldap)
  --with-libgcrypt-prefix=${XBPS_CROSS_BASE}/usr