summaryrefslogtreecommitdiff
path: root/security/gnupg2
diff options
context:
space:
mode:
authorshannonjr <shannonjr@pkgsrc.org>2006-11-27 20:37:20 +0000
committershannonjr <shannonjr@pkgsrc.org>2006-11-27 20:37:20 +0000
commit36bc11cf32e30da23d4855fc25fe0b0a63293cd6 (patch)
tree386ef54b87f808276382b7ff16f2a81a653449da /security/gnupg2
parent182fbccf8ce0b00725541380d5dde2f40778a98e (diff)
downloadpkgsrc-36bc11cf32e30da23d4855fc25fe0b0a63293cd6.tar.gz
"While fixing a bug reported by Hugh Warrington, a buffer overflow has
been identified in all released GnuPG versions. Exploiting this overflow seems to be possible. Apply the following patch to GnuPG." 2006-11-27 Werner Koch <wk@g10code.com> gnupg2 has been patched accordingly.
Diffstat (limited to 'security/gnupg2')
-rw-r--r--security/gnupg2/distinfo3
-rw-r--r--security/gnupg2/patches/patch-ag13
2 files changed, 15 insertions, 1 deletions
diff --git a/security/gnupg2/distinfo b/security/gnupg2/distinfo
index 8110ef78e12..80a068c5875 100644
--- a/security/gnupg2/distinfo
+++ b/security/gnupg2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.1.1.1 2006/11/17 12:13:11 shannonjr Exp $
+$NetBSD: distinfo,v 1.2 2006/11/27 20:37:20 shannonjr Exp $
SHA1 (gnupg-2.0.0.tar.bz2) = c335957368ea88bcb658922e7d3aae7e3ac6896d
RMD160 (gnupg-2.0.0.tar.bz2) = 739e303f1380ec9cb5c3a248179001700efe6f2e
@@ -13,3 +13,4 @@ SHA1 (patch-aa) = 916346ad387ae4efd638b2c19bbedfe6f309eb2e
SHA1 (patch-ab) = 501bce9a8474ac37a8e01eceae9b52f0e87868d5
SHA1 (patch-ac) = ca9e1044a0eb8d3e25cd9c20174047a96038c236
SHA1 (patch-af) = 04fdcbf19c4d530fc735c04dd785c07692d8b96d
+SHA1 (patch-ag) = 4fa09f0357ac2b5f2602ae0fbee91f4ff26eab20
diff --git a/security/gnupg2/patches/patch-ag b/security/gnupg2/patches/patch-ag
new file mode 100644
index 00000000000..f1f861697a2
--- /dev/null
+++ b/security/gnupg2/patches/patch-ag
@@ -0,0 +1,13 @@
+$NetBSD: patch-ag,v 1.1 2006/11/27 20:37:20 shannonjr Exp $
+
+--- ./g10/openfile.c.orig 2006-09-14 08:18:39.000000000 -0600
++++ ./g10/openfile.c
+@@ -145,7 +145,7 @@ ask_outfile_name( const char *name, size
+
+ s = _("Enter new filename");
+
+- n = strlen(s) + namelen + 10;
++ n = strlen(s) + (defname?strlen (defname):0) + 10;
+ defname = name && namelen? make_printable_string( name, namelen, 0): NULL;
+ prompt = xmalloc(n);
+ if( defname )