Pullup ticket 1710 - requested by salo

security fix for gnupg-devel Revisions pulled up: - pkgsrc/security/gnupg-devel/Makefile 1.17 - pkgsrc/security/gnupg-devel/distinfo 1.12 - pkgsrc/security/gnupg-devel/patches/patch-ba 1.1 Module Name: pkgsrc Committed By: shannonjr Date: Fri Jun 23 12:28:55 UTC 2006 Modified Files: pkgsrc/security/gnupg-devel: Makefile buildlink3.mk distinfo Added Files: pkgsrc/security/gnupg-devel/patches: patch-ba Log Message: Backport fix for CVE-2006-3082 from GnuPG: trunk/g10/
author: snj <snj> 2006-06-25 09:06:19 +0000
committer: snj <snj> 2006-06-25 09:06:19 +0000
commit: 650f7c2de487f39372d4569ad075f853153d4922 (patch)
tree: 0a5ef2f4a2e7b2b8f48bc1c0f0f4e67a5bda50cf
parent: 0816acbe9b45e1160f5951f123896e67748592c2 (diff)
download: pkgsrc-650f7c2de487f39372d4569ad075f853153d4922.tar.gz
3 files changed, 29 insertions, 5 deletions
diff --git a/security/gnupg-devel/Makefile b/security/gnupg-devel/Makefile
index cc023f367fb..91b13bb0dc5 100644
--- a/security/gnupg-devel/Makefile
+++ b/security/gnupg-devel/Makefile
@@ -1,16 +1,15 @@
-# $NetBSD: Makefile,v 1.14 2006/02/05 23:10:43 joerg Exp $
+# $NetBSD: Makefile,v 1.14.2.1 2006/06/25 09:06:19 snj Exp $
 #
 
 DISTNAME=		gnupg-1.9.20
 PKGNAME=		${DISTNAME:S/gnupg/gnupg-devel/}
-#PKGREVISION=		1
-PKGREVISION=		1
+PKGREVISION=		2
 CATEGORIES=		security
 MASTER_SITES=		ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/
 EXTRACT_SUFX=		.tar.bz2
 DISTFILES=		${DISTNAME}${EXTRACT_SUFX}
 DISTFILES+=		pth-2.0.4.tar.gz
-SITES_pth-2.0.4.tar.gz=	${MASTER_SITE_GNU:=pth/}
+SITES.pth-2.0.4.tar.gz=	${MASTER_SITE_GNU:=pth/}
 
 MAINTAINER=		shannonjr@NetBSD.org
 HOMEPAGE=		ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/
diff --git a/security/gnupg-devel/distinfo b/security/gnupg-devel/distinfo
index 2d43892e96f..5a7c5b3b6fc 100644
--- a/security/gnupg-devel/distinfo
+++ b/security/gnupg-devel/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2006/01/06 11:05:18 shannonjr Exp $
+$NetBSD: distinfo,v 1.11.2.1 2006/06/25 09:06:19 snj Exp $
 
 SHA1 (gnupg-1.9.20.tar.bz2) = 557be26c21c114a3b345ce6b177fcb088883f827
 RMD160 (gnupg-1.9.20.tar.bz2) = 3501de32f1526f64510a77fe3cc0905dd7fc8854
@@ -7,3 +7,4 @@ SHA1 (pth-2.0.4.tar.gz) = c5ee066185a042a5cf1341a0ec10bcb94a1d4c53
 RMD160 (pth-2.0.4.tar.gz) = ba78260cb8860433cd240e24e2e90dc6997943d8
 Size (pth-2.0.4.tar.gz) = 641851 bytes
 SHA1 (patch-aa) = 4fdedc1f98dbe717fd5a1229944703f19c3c10e5
+SHA1 (patch-ba) = 9ae61eb17f5f447f05d663e97b6b4d288c7f648a
diff --git a/security/gnupg-devel/patches/patch-ba b/security/gnupg-devel/patches/patch-ba
new file mode 100644
index 00000000000..597ac5adef1
--- /dev/null
+++ b/security/gnupg-devel/patches/patch-ba
@@ -0,0 +1,24 @@
+$NetBSD: patch-ba,v 1.1.2.2 2006/06/25 09:06:19 snj Exp $
+
+--- ./g10/parse-packet.c.orig	2005-07-27 08:18:03.000000000 -0600
++++ ./g10/parse-packet.c
+@@ -1995,6 +1995,19 @@ parse_attribute( iobuf_t inp, int pkttyp
+     byte *p;
+ 
+ #define EXTRA_UID_NAME_SPACE 71
++    /* Cap the size of a user ID at 2k: a value absurdly large enough
++       that there is no sane user ID string (which is printable text
++       as of RFC2440bis) that won't fit in it, but yet small enough to
++       avoid allocation problems.  A large pktlen may not be
++       allocatable, and a very large pktlen could actually cause our
++       allocation to wrap around in xmalloc to a small number. */
++      
++    if(pktlen>2048)
++    {
++      log_error("packet(%d) too large\n", pkttype);
++      iobuf_skip_rest(inp, pktlen, 0);
++      return G10ERR_INVALID_PACKET;
++    }
+     packet->pkt.user_id = xmalloc (sizeof *packet->pkt.user_id
+                                   + EXTRA_UID_NAME_SPACE);
+
author	snj <snj>	2006-06-25 09:06:19 +0000
committer	snj <snj>	2006-06-25 09:06:19 +0000
commit	650f7c2de487f39372d4569ad075f853153d4922 (patch)
tree	0a5ef2f4a2e7b2b8f48bc1c0f0f4e67a5bda50cf
parent	0816acbe9b45e1160f5951f123896e67748592c2 (diff)
download	pkgsrc-650f7c2de487f39372d4569ad075f853153d4922.tar.gz