summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorbsiegert <bsiegert@pkgsrc.org>2017-06-13 19:34:53 +0000
committerbsiegert <bsiegert@pkgsrc.org>2017-06-13 19:34:53 +0000
commit79d08c9454aa8c61f188a7f5a6d3bf9037f80f4c (patch)
tree2bf0fd4f312237711d7e56195415feb68d279c4e /security
parent2cf67f5af25797a0363cb4b85e52436af1912c3a (diff)
downloadpkgsrc-79d08c9454aa8c61f188a7f5a6d3bf9037f80f4c.tar.gz
Pullup ticket #5472 - requested by sevan
security/libksba: bugfix Revisions pulled up: - security/libksba/Makefile 1.34 - security/libksba/distinfo 1.22 - security/libksba/patches/patch-src_cms.c 1.1 --- Module Name: pkgsrc Committed By: gdt Date: Tue May 30 22:40:17 UTC 2017 Modified Files: pkgsrc/security/libksba: Makefile distinfo Added Files: pkgsrc/security/libksba/patches: patch-src_cms.c Log Message: Add patch to resolve gpgsm S/MIME failures S/MIME messages encrypted with gpgsm are sometimes not decodable by other implementations. Discussion on gnupg-devel indicates that gpg (via libksba) is incorrectly dropping leading zeros from the encrypted session key. This commit adds a patch by Daiki Ueno from the mailinglist that appears to improve interoperability. Upstream has not yet applied it, but also has not said that it is wrong.
Diffstat (limited to 'security')
-rw-r--r--security/libksba/Makefile3
-rw-r--r--security/libksba/distinfo3
-rw-r--r--security/libksba/patches/patch-src_cms.c64
3 files changed, 68 insertions, 2 deletions
diff --git a/security/libksba/Makefile b/security/libksba/Makefile
index 392cb8d2be8..2f70d0b9ecc 100644
--- a/security/libksba/Makefile
+++ b/security/libksba/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.33 2016/08/22 12:32:11 wiz Exp $
+# $NetBSD: Makefile,v 1.33.6.1 2017/06/13 19:34:53 bsiegert Exp $
DISTNAME= libksba-1.3.5
+PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libksba/
EXTRACT_SUFX= .tar.bz2
diff --git a/security/libksba/distinfo b/security/libksba/distinfo
index 960c001d005..68c97fc9470 100644
--- a/security/libksba/distinfo
+++ b/security/libksba/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2016/08/22 12:32:11 wiz Exp $
+$NetBSD: distinfo,v 1.21.6.1 2017/06/13 19:34:53 bsiegert Exp $
SHA1 (libksba-1.3.5.tar.bz2) = a98385734a0c3f5b713198e8d6e6e4aeb0b76fde
RMD160 (libksba-1.3.5.tar.bz2) = ee7c752196ae89ce798007b076e8eb695d6c4ea9
@@ -6,3 +6,4 @@ SHA512 (libksba-1.3.5.tar.bz2) = 60179bfd109b7b4fd8d2b30a3216540f03f5a13620d9a5b
Size (libksba-1.3.5.tar.bz2) = 620649 bytes
SHA1 (patch-aa) = f2e63361afb95d5469153efaecebcb8719938d58
SHA1 (patch-src_Makefile.in) = 484f6c02bc382b8c5647ce867f30bb2c4073580f
+SHA1 (patch-src_cms.c) = e98ae5b586e99bea440ac5fdad80549a0f8fface
diff --git a/security/libksba/patches/patch-src_cms.c b/security/libksba/patches/patch-src_cms.c
new file mode 100644
index 00000000000..21eaa6d4d57
--- /dev/null
+++ b/security/libksba/patches/patch-src_cms.c
@@ -0,0 +1,64 @@
+$NetBSD: patch-src_cms.c,v 1.1.2.2 2017/06/13 19:34:53 bsiegert Exp $
+
+Avoid dropping leading zeros in encoded session key.
+Patch by Daiki Ueno, taken from discussion on gnupg-devel:
+
+https://lists.gnupg.org/pipermail/gnupg-devel/2016-February/030825.html
+
+(Upstream has been asked to apply this patch, but so far has not.)
+
+--- src/cms.c.orig 2013-03-15 19:26:38.000000000 +0000
++++ src/cms.c
+@@ -87,6 +87,8 @@ static const char oid_signingTime[9] = "
+
+ static const char oidstr_smimeCapabilities[] = "1.2.840.113549.1.9.15";
+
++static const char oidstr_rsaEncryption[] = "1.2.840.113549.1.1.1";
++
+
+
+ /* Helper for read_and_hash_cont(). */
+@@ -1621,7 +1623,7 @@ ksba_cms_set_sig_val (ksba_cms_t cms, in
+ return gpg_error (GPG_ERR_ENOMEM);
+ if (n==3 && s[0] == 'r' && s[1] == 's' && s[2] == 'a')
+ { /* kludge to allow "rsa" to be passed as algorithm name */
+- sv->algo = xtrystrdup ("1.2.840.113549.1.1.1");
++ sv->algo = xtrystrdup (oidstr_rsaEncryption);
+ if (!sv->algo)
+ {
+ xfree (sv);
+@@ -1674,9 +1676,10 @@ ksba_cms_set_sig_val (ksba_cms_t cms, in
+ return gpg_error (GPG_ERR_INV_SEXP);
+ }
+
+- if (n > 1 && !*s)
++ if (strcmp (sv->algo, oidstr_rsaEncryption) != 0 && n > 1 && !*s)
+ { /* We might have a leading zero due to the way we encode
+- MPIs - this zero should not go into the OCTECT STRING. */
++ MPIs - this zero should not go into the OCTECT STRING,
++ unless it is explicitly allowed in the signature scheme. */
+ s++;
+ n--;
+ }
+@@ -1798,7 +1801,7 @@ ksba_cms_set_enc_val (ksba_cms_t cms, in
+ xfree (cl->enc_val.algo);
+ if (n==3 && s[0] == 'r' && s[1] == 's' && s[2] == 'a')
+ { /* kludge to allow "rsa" to be passed as algorithm name */
+- cl->enc_val.algo = xtrystrdup ("1.2.840.113549.1.1.1");
++ cl->enc_val.algo = xtrystrdup (oidstr_rsaEncryption);
+ if (!cl->enc_val.algo)
+ return gpg_error (GPG_ERR_ENOMEM);
+ }
+@@ -1831,9 +1834,10 @@ ksba_cms_set_enc_val (ksba_cms_t cms, in
+ if (!n || *s != ':')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+- if (n > 1 && !*s)
++ if (strcmp (cl->enc_val.algo, oidstr_rsaEncryption) != 0 && n > 1 && !*s)
+ { /* We might have a leading zero due to the way we encode
+- MPIs - this zero should not go into the OCTECT STRING. */
++ MPIs - this zero should not go into the OCTECT STRING,
++ unless it is explicitly allowed in the encryption scheme. */
+ s++;
+ n--;
+ }
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-14 08:09:59 +0000