diff options
| author | salo <salo@pkgsrc.org> | 2006-06-24 14:20:29 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2006-06-24 14:20:29 +0000 |
| commit | 5ba55d77edc1f9ec7f030a02f59c0df7b5314c25 (patch) | |
| tree | 673699baffb395a61eead08b17ec34e9cd5ad49c /security | |
| parent | b103919acd42997cd194471c8585102df67fcf79 (diff) | |
| download | pkgsrc-5ba55d77edc1f9ec7f030a02f59c0df7b5314c25.tar.gz | |
Security fix for CVE-2006-3082:
"parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions,
allows remote attackers to cause a denial of service (gpg crash) and
possibly overwrite memory via a message packet with a large length,
which could lead to an integer overflow, as demonstrated using the
--no-armor option."
Patch from GnuPG CVS repository.
Bump PKGREVISION.
Diffstat (limited to 'security')
| -rw-r--r-- | security/gnupg/Makefile | 3 | ||||
| -rw-r--r-- | security/gnupg/distinfo | 3 | ||||
| -rw-r--r-- | security/gnupg/patches/patch-ba | 27 |
3 files changed, 31 insertions, 2 deletions
diff --git a/security/gnupg/Makefile b/security/gnupg/Makefile index 2b49e66509b..af067ab267a 100644 --- a/security/gnupg/Makefile +++ b/security/gnupg/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.85 2006/04/13 18:23:37 jlam Exp $ +# $NetBSD: Makefile,v 1.86 2006/06/24 14:20:29 salo Exp $ DISTNAME= gnupg-1.4.3 +PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/gnupg/ \ ftp://ftp.planetmirror.com/pub/gnupg/ \ diff --git a/security/gnupg/distinfo b/security/gnupg/distinfo index 01bb4d79b14..64e716abeb9 100644 --- a/security/gnupg/distinfo +++ b/security/gnupg/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.39 2006/04/04 21:16:37 wiz Exp $ +$NetBSD: distinfo,v 1.40 2006/06/24 14:20:29 salo Exp $ SHA1 (gnupg-1.4.3.tar.bz2) = 9e96b36e4f4d1e8bc5028c99fac674482cbdb370 RMD160 (gnupg-1.4.3.tar.bz2) = f6d328785f41b74f97d25305c6fe95ad45bb70a5 @@ -9,3 +9,4 @@ Size (idea.c.gz) = 5216 bytes SHA1 (patch-aa) = 91d55ca22b58e8a1f3c17a2fd0ad888d4c85c6cf SHA1 (patch-ab) = 29a7d0b736322eb1ecf0925a2419b513f323000e SHA1 (patch-ak) = 89a6a7552104f4d5b97a98889da88fca68c54f31 +SHA1 (patch-ba) = d32db008ec704dacf382da4f43ad6b3f0de88dcb diff --git a/security/gnupg/patches/patch-ba b/security/gnupg/patches/patch-ba new file mode 100644 index 00000000000..2027b44108c --- /dev/null +++ b/security/gnupg/patches/patch-ba @@ -0,0 +1,27 @@ +$NetBSD: patch-ba,v 1.1 2006/06/24 14:20:29 salo Exp $ + +Security fix for CVE-2006-3082, from GnuPG CVS repository. + +--- g10/parse-packet.c.orig 2005-12-06 14:22:19.000000000 +0100 ++++ g10/parse-packet.c 2006-06-24 16:09:34.000000000 +0200 +@@ -1972,6 +1972,20 @@ + { + byte *p; + ++ /* Cap the size of a user ID at 2k: a value absurdly large enough ++ that there is no sane user ID string (which is printable text ++ as of RFC2440bis) that won't fit in it, but yet small enough to ++ avoid allocation problems. A large pktlen may not be ++ allocatable, and a very large pktlen could actually cause our ++ allocation to wrap around in xmalloc to a small number. */ ++ ++ if(pktlen>2048) ++ { ++ log_error("packet(%d) too large\n", pkttype); ++ iobuf_skip_rest(inp, pktlen, 0); ++ return G10ERR_INVALID_PACKET; ++ } ++ + packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + pktlen); + packet->pkt.user_id->len = pktlen; + packet->pkt.user_id->ref=1; |