Add the same patch as security/gnupg2 package to fix a buffer overflow.

While fixing a bug reported by Hugh Warrington, a buffer overflow has been identified in all released GnuPG versions. The current versions 1.4.5 and 2.0.0 are affected. A small patch is provided. ... 2006-11-27 Werner Koch <wk@g10code.com> * openfile.c (ask_outfile_name): Fixed buffer overflow occurring if make_printable_string returns a longer string. Fixes bug 728. Bump PKGREVISION.
author: taca <taca> 2006-11-28 05:39:41 +0000
committer: taca <taca> 2006-11-28 05:39:41 +0000
commit: 1c7e80cae8fd635eaae5c87389eda859c3f049ba (patch)
tree: 00a27e63f80d94d220fa2da42220dd70d3a86f08 /security/gnupg/patches
parent: f3eaf6701f523db020e5e9c38ce1aaf43d05686e (diff)
download: pkgsrc-1c7e80cae8fd635eaae5c87389eda859c3f049ba.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/security/gnupg/patches/patch-al b/security/gnupg/patches/patch-al
new file mode 100644
index 00000000000..3b08605939c
--- /dev/null
+++ b/security/gnupg/patches/patch-al
@@ -0,0 +1,15 @@
+$NetBSD: patch-al,v 1.1 2006/11/28 05:39:42 taca Exp $
+
+# http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
+
+--- ./g10/openfile.c.orig	2006-09-14 08:18:39.000000000 -0600
++++ ./g10/openfile.c
+@@ -145,7 +145,7 @@ ask_outfile_name( const char *name, size
+ 
+     s = _("Enter new filename");
+ 
+-    n = strlen(s) + namelen + 10;
++    n = strlen(s) + (defname?strlen (defname):0) + 10;
+     defname = name && namelen? make_printable_string( name, namelen, 0): NULL;
+     prompt = xmalloc(n);
+     if( defname )
author	taca <taca>	2006-11-28 05:39:41 +0000
committer	taca <taca>	2006-11-28 05:39:41 +0000
commit	1c7e80cae8fd635eaae5c87389eda859c3f049ba (patch)
tree	00a27e63f80d94d220fa2da42220dd70d3a86f08 /security/gnupg/patches
parent	f3eaf6701f523db020e5e9c38ce1aaf43d05686e (diff)
download	pkgsrc-1c7e80cae8fd635eaae5c87389eda859c3f049ba.tar.gz