summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorspz <spz@pkgsrc.org>2010-08-08 16:42:51 +0000
committerspz <spz@pkgsrc.org>2010-08-08 16:42:51 +0000
commit178558ee367942d651ac30809d6d9a314bacc1f1 (patch)
tree095cd5b393e5f070522540fa68ec37b9091f3bfb /security
parent7776e34e55a8688b7889086e31974ec1cc2efcc9 (diff)
downloadpkgsrc-178558ee367942d651ac30809d6d9a314bacc1f1.tar.gz
Pullup ticket 3199 - requested by gls
security patch Revisions pulled up: - pkgsrc/security/gnupg2/Makefile 1.30 - pkgsrc/security/gnupg2/distinfo 1.18 Files added: pkgsrc/security/gnupg2/patches/patch-an ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: drochner Date: Tue Aug 3 19:14:42 UTC 2010 Modified Files: pkgsrc/security/gnupg2: Makefile distinfo Added Files: pkgsrc/security/gnupg2/patches: patch-an Log Message: add patch from upstream to fix a possible use-after-free problem (CVE-2010-2547), bump PKGREVISION To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 pkgsrc/security/gnupg2/Makefile cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/gnupg2/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/security/gnupg2/patches/patch-an
Diffstat (limited to 'security')
-rw-r--r--security/gnupg2/Makefile4
-rw-r--r--security/gnupg2/distinfo3
-rw-r--r--security/gnupg2/patches/patch-an15
3 files changed, 19 insertions, 3 deletions
diff --git a/security/gnupg2/Makefile b/security/gnupg2/Makefile
index cbf36d0d34b..a1de9d1d337 100644
--- a/security/gnupg2/Makefile
+++ b/security/gnupg2/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.29 2010/05/30 08:24:48 wiz Exp $
+# $NetBSD: Makefile,v 1.29.2.1 2010/08/08 16:42:51 spz Exp $
#
DISTNAME= gnupg-2.0.14
PKGNAME= ${DISTNAME:S/gnupg/gnupg2/}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/gnupg/
EXTRACT_SUFX= .tar.bz2
diff --git a/security/gnupg2/distinfo b/security/gnupg2/distinfo
index 47765c90b1b..c164118024f 100644
--- a/security/gnupg2/distinfo
+++ b/security/gnupg2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2010/02/03 10:58:11 drochner Exp $
+$NetBSD: distinfo,v 1.17.4.1 2010/08/08 16:42:51 spz Exp $
SHA1 (gnupg-2.0.14.tar.bz2) = cc5e4637f37f5bc82b00c73fc094ddadb7401821
RMD160 (gnupg-2.0.14.tar.bz2) = 3e5ecf0108b65f7d2ecfd6f61b81e04e526ba52f
@@ -16,3 +16,4 @@ SHA1 (patch-aj) = 20be6b455167962ffa556979d8d0f167dd14131e
SHA1 (patch-ak) = 74b26ce441ea99ff28a09a3f0c643456daf48f35
SHA1 (patch-al) = ef7c698ed102c4e27bbf707ae5d1fce4c2b5d8d4
SHA1 (patch-am) = 999cd57b90177df9d7c0510e3b8d11def7b47613
+SHA1 (patch-an) = 17e6f789af2853884eb6dd8488a2b91c9b06188d
diff --git a/security/gnupg2/patches/patch-an b/security/gnupg2/patches/patch-an
new file mode 100644
index 00000000000..2f97e287c24
--- /dev/null
+++ b/security/gnupg2/patches/patch-an
@@ -0,0 +1,15 @@
+$NetBSD: patch-an,v 1.1.2.2 2010/08/08 16:42:51 spz Exp $
+
+http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html
+(CVE-2010-2547)
+
+--- kbx/keybox-blob.c.orig 2009-09-21 16:53:44.000000000 +0000
++++ kbx/keybox-blob.c
+@@ -898,6 +898,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
++ names = tmp;
+ }
+ names[blob->nuids++] = p;
+ if (!i && (p=x509_email_kludge (p)))
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 03:37:56 +0000