From 0d1368a67b87311f806604b6bab19e9a745fd55a Mon Sep 17 00:00:00 2001
From: Stig Palmquist <git@stig.io>
Date: Thu, 26 Dec 2024 10:05:47 +0100
Subject: [PATCH] gnupg24: add freepg patches

Add patches to GnuPG 2.4 from FreePG, a common resource for GnuPG
downstream packagers to track, maintain, and apply commonly-used patches
for GnuPG that have been refused by upstream.

https://gitlab.com/freepg/gnupg/
---
 pkgs/tools/security/gnupg/24.nix | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/pkgs/tools/security/gnupg/24.nix b/pkgs/tools/security/gnupg/24.nix
index c59b9475ef05c0..e61136056c8eed 100644
--- a/pkgs/tools/security/gnupg/24.nix
+++ b/pkgs/tools/security/gnupg/24.nix
@@ -2,6 +2,7 @@
   lib,
   stdenv,
   fetchurl,
+  fetchFromGitLab,
   buildPackages,
   pkg-config,
   texinfo,
@@ -68,14 +69,29 @@ stdenv.mkDerivation rec {
     ]
     ++ lib.optionals withTpm2Tss [ tpm2-tss ];
 
+  freepgPatches = fetchFromGitLab {
+    domain = "gitlab.com";
+    owner = "freepg";
+    repo = "gnupg";
+    rev = "541772915dc4ec832c37f85bc629a22051f0e8f7";
+    hash = "sha256-QOUY6EfJbTTN242BtzLojDgECGjUwbLfPJgzn/mj5L8=";
+  };
+
   patches = [
     ./fix-libusb-include-path.patch
-    ./tests-add-test-cases-for-import-without-uid.patch
-    ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
-    ./24-allow-import-of-previously-known-keys-even-without-UI.patch
-    ./24-revert-rfc4880bis-defaults.patch
-    # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27
+    # Patch for CVE-2022-3219
     ./v3-0001-Disallow-compressed-signatures-and-certificates.patch
+  ] ++ lib.map (v: "${freepgPatches}/STABLE-BRANCH-2-4-freepg/" + v) [
+      # 0001-Add-gitlab-build-toolchain.patch
+      "0002-gpg-accept-subkeys-with-a-good-revocation-but-no-sel.patch"
+      "0003-gpg-allow-import-of-previously-known-keys-even-witho.patch"
+      "0004-tests-add-test-cases-for-import-without-uid.patch"
+      "0005-gpg-drop-import-clean-from-default-keyserver-import-.patch"
+      "0006-Do-not-use-OCB-mode-even-if-AEAD-OCB-key-preference-.patch"
+      "0007-Revert-the-introduction-of-the-RFC4880bis-draft-into.patch"
+      "0008-avoid-systemd-deprecation-warning.patch"
+      "0009-Add-systemd-support-for-keyboxd.patch"
+      "0010-doc-Remove-profile-and-systemd-example-files.patch"
   ];
 
   postPatch =