summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoragc <agc@pkgsrc.org>2016-06-30 21:19:59 +0000
committeragc <agc@pkgsrc.org>2016-06-30 21:19:59 +0000
commita7b6ed4fe4ea3e2496b8e1b50c3bca381887861e (patch)
treeeb3d3107b2d1c50eb782066d5811ac4d7d8ea02b
parentbe2aba0b13fa9d984004361d02b0e3af8a9b806f (diff)
downloadpkgsrc-a7b6ed4fe4ea3e2496b8e1b50c3bca381887861e.tar.gz
Update netpgpverify and libnetpgpverify to 20160625
+ Perform digest on correctly dash-escaped text, per RFC 4880. Problem pointed out by Dimitri John Ledkov, fixed in a different way (in case the last line is itself dash-escaped). + add test case
Diffstat
-rw-r--r--security/netpgpverify/files/Makefile.bsd4
-rw-r--r--security/netpgpverify/files/Makefile.in4
-rw-r--r--security/netpgpverify/files/dash-escaped-text7
-rw-r--r--security/netpgpverify/files/dash-escaped-text.asc21
-rw-r--r--security/netpgpverify/files/pgpsum.c16
-rw-r--r--security/netpgpverify/files/verify.h4
6 files changed, 50 insertions, 6 deletions
diff --git a/security/netpgpverify/files/Makefile.bsd b/security/netpgpverify/files/Makefile.bsd
index e95b4db76da..2053f554dd5 100644
--- a/security/netpgpverify/files/Makefile.bsd
+++ b/security/netpgpverify/files/Makefile.bsd
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.bsd,v 1.11 2016/06/30 21:10:59 agc Exp $
+# $NetBSD: Makefile.bsd,v 1.12 2016/06/30 21:19:59 agc Exp $
PROG=netpgpverify
@@ -47,3 +47,5 @@ tst:
./${PROG} -k pubring.gpg version.asc
@echo "testing signatures with no version"
./${PROG} -k pubring.gpg noversion.asc
+ @echo "testing dash-escaped text"
+ ./${PROG} -k pubring.gpg dash-escaped-text.asc
diff --git a/security/netpgpverify/files/Makefile.in b/security/netpgpverify/files/Makefile.in
index a0ca9560216..f4ff150f410 100644
--- a/security/netpgpverify/files/Makefile.in
+++ b/security/netpgpverify/files/Makefile.in
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.in,v 1.7 2016/06/30 21:10:59 agc Exp $
+# $NetBSD: Makefile.in,v 1.8 2016/06/30 21:19:59 agc Exp $
PROG=netpgpverify
@@ -47,6 +47,8 @@ tst:
./${PROG} -k pubring.gpg version.asc
@echo "testing signatures with no version"
./${PROG} -k pubring.gpg noversion.asc
+ @echo "testing dash-escaped text"
+ ./${PROG} -k pubring.gpg dash-escaped-text.asc
clean:
rm -rf *.core ${OBJS} ${PROG}
diff --git a/security/netpgpverify/files/dash-escaped-text b/security/netpgpverify/files/dash-escaped-text
new file mode 100644
index 00000000000..014e4d7aa23
--- /dev/null
+++ b/security/netpgpverify/files/dash-escaped-text
@@ -0,0 +1,7 @@
+From sea to shining sea
+Dash escape me harder
+- at least once
+-- no, twice
+-well, curses, folied again
+-------
+-if it wasn't for you pesky kids, I'd have got away with it
diff --git a/security/netpgpverify/files/dash-escaped-text.asc b/security/netpgpverify/files/dash-escaped-text.asc
new file mode 100644
index 00000000000..100a7c8f727
--- /dev/null
+++ b/security/netpgpverify/files/dash-escaped-text.asc
@@ -0,0 +1,21 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+- From sea to shining sea
+Dash escape me harder
+- - at least once
+- -- no, twice
+- -well, curses, folied again
+- -------
+- -if it wasn't for you pesky kids, I'd have got away with it
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAEBAgAGBQJXbXhIAAoJEBto3PzAWWgjuCUH/0kGBjK2RshejxKf+87xZNV9
+zSqoc17n5ViXDbVM5v7P6zAdjYVVaaZc6U+8DMJhbPbvbUTsEiFlp3Kh9BiBz5A5
+BtqXJmkyF2C5y/HTf9vPgbw8UAiqnNFYwlpWvrlxopAv31x7UIDNGJ9/oAKw0dqM
+XujJub4lRBX+V2RlFWage/fAmuslq3lz7QJpLM5EpePNGQVXM1c9x+jhvgSXucHU
+2UVcsUb8Y2nCXRoJKcIK4iGoIoqnoFk1WAa+/S593h2Iz+zzPqvVlPU1tyA27v/s
+lgQ3DakeOeiae33gqK3iXqDNXady1te7hYGyhWT4G5Kuz+8tMMQXWAg4e+olEtk=
+=n0R+
+-----END PGP SIGNATURE-----
diff --git a/security/netpgpverify/files/pgpsum.c b/security/netpgpverify/files/pgpsum.c
index 4e2dd867c62..524c1fbd3af 100644
--- a/security/netpgpverify/files/pgpsum.c
+++ b/security/netpgpverify/files/pgpsum.c
@@ -44,6 +44,18 @@
#undef swap16
#undef swap32
+/* ignore any dash-escape at the start of a line */
+static void
+dash_escaped_update(digest_t *hash, uint8_t *in, size_t insize)
+{
+ if (insize >= 2 && memcmp(in, "- ", 2) == 0) {
+ in += 2;
+ insize -= 2;
+ }
+ digest_update(hash, in, insize);
+
+}
+
/* add the ascii armor line endings (except for last line) */
static size_t
don_armor(digest_t *hash, uint8_t *in, size_t insize, int doarmor)
@@ -61,10 +73,10 @@ don_armor(digest_t *hash, uint8_t *in, size_t insize, int doarmor)
break;
}
}
- digest_update(hash, from, (size_t)(newp - from));
+ dash_escaped_update(hash, from, (size_t)(newp - from));
digest_update(hash, dos_line_end, sizeof(dos_line_end));
}
- digest_update(hash, from, insize - (size_t)(from - in));
+ dash_escaped_update(hash, from, insize - (size_t)(from - in));
return 1;
}
diff --git a/security/netpgpverify/files/verify.h b/security/netpgpverify/files/verify.h
index 743186ab83c..3de7c1199ac 100644
--- a/security/netpgpverify/files/verify.h
+++ b/security/netpgpverify/files/verify.h
@@ -23,9 +23,9 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef NETPGP_VERIFY_H_
-#define NETPGP_VERIFY_H_ 20160624
+#define NETPGP_VERIFY_H_ 20160625
-#define NETPGPVERIFY_VERSION "netpgpverify portable 20160624"
+#define NETPGPVERIFY_VERSION "netpgpverify portable 20160625"
#include <sys/types.h>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-21 11:41:17 +0000