Update to 1.4.4:

Noteworthy changes in version 1.4.4 (2006-06-25)
------------------------------------------------

    * User IDs are now capped at 2048 byte.  This avoids a memory
      allocation attack (see CVE-2006-3082).
	[was already fixed in pkgsrc]

    * Added support for the SHA-224 hash.  Like the SHA-384 hash, it
      is mainly useful when DSS (the US Digital Signature Standard)
      compatibility is desired.

    * Added support for the latest update to DSA keys and signatures.
      This allows for larger keys than 1024 bits and hashes other than
      SHA-1 and RIPEMD/160.  Note that not all OpenPGP implementations
      can handle these new keys and signatures yet.  See
      "--enable-dsa2" in the manual for more information.

1 files changed, 0 insertions, 27 deletions

diff --git a/security/gnupg/patches/patch-ba b/security/gnupg/patches/patch-ba
deleted file mode 100644
index 2027b44108c..00000000000
--- a/security/gnupg/patches/patch-ba
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-ba,v 1.1 2006/06/24 14:20:29 salo Exp $
-
-Security fix for CVE-2006-3082, from GnuPG CVS repository.
-
---- g10/parse-packet.c.orig	2005-12-06 14:22:19.000000000 +0100
-+++ g10/parse-packet.c	2006-06-24 16:09:34.000000000 +0200
-@@ -1972,6 +1972,20 @@
- {
-     byte *p;
- 
-+    /* Cap the size of a user ID at 2k: a value absurdly large enough
-+       that there is no sane user ID string (which is printable text
-+       as of RFC2440bis) that won't fit in it, but yet small enough to
-+       avoid allocation problems.  A large pktlen may not be
-+       allocatable, and a very large pktlen could actually cause our
-+       allocation to wrap around in xmalloc to a small number. */
-+
-+    if(pktlen>2048)
-+      {
-+	log_error("packet(%d) too large\n", pkttype);
-+	iobuf_skip_rest(inp, pktlen, 0);
-+	return G10ERR_INVALID_PACKET;
-+      }
-+
-     packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + pktlen);
-     packet->pkt.user_id->len = pktlen;
-     packet->pkt.user_id->ref=1;