diff options
| author | shannonjr <shannonjr@pkgsrc.org> | 2006-06-23 12:28:55 +0000 |
|---|---|---|
| committer | shannonjr <shannonjr@pkgsrc.org> | 2006-06-23 12:28:55 +0000 |
| commit | 9bcf15ef8705a53d2ada6a5c98e5d0a8a0bec60d (patch) | |
| tree | dada520c632cc4aa893c23ff6c894b9381fbcf10 /security | |
| parent | 9c5fab6ed9c7f50f70a1245197b7cf15f004c3e1 (diff) | |
| download | pkgsrc-9bcf15ef8705a53d2ada6a5c98e5d0a8a0bec60d.tar.gz | |
Backport fix for CVE-2006-3082 from GnuPG: trunk/g10/
Diffstat (limited to 'security')
| -rw-r--r-- | security/gnupg-devel/Makefile | 7 | ||||
| -rw-r--r-- | security/gnupg-devel/buildlink3.mk | 20 | ||||
| -rw-r--r-- | security/gnupg-devel/distinfo | 3 | ||||
| -rw-r--r-- | security/gnupg-devel/patches/patch-ba | 24 |
4 files changed, 40 insertions, 14 deletions
diff --git a/security/gnupg-devel/Makefile b/security/gnupg-devel/Makefile index c908b3aead0..05a2d06b2bf 100644 --- a/security/gnupg-devel/Makefile +++ b/security/gnupg-devel/Makefile @@ -1,16 +1,15 @@ -# $NetBSD: Makefile,v 1.16 2006/05/31 18:22:25 ghen Exp $ +# $NetBSD: Makefile,v 1.17 2006/06/23 12:28:55 shannonjr Exp $ # DISTNAME= gnupg-1.9.20 PKGNAME= ${DISTNAME:S/gnupg/gnupg-devel/} -#PKGREVISION= 1 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= security MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/ EXTRACT_SUFX= .tar.bz2 DISTFILES= ${DISTNAME}${EXTRACT_SUFX} DISTFILES+= pth-2.0.4.tar.gz -SITES_pth-2.0.4.tar.gz= ${MASTER_SITE_GNU:=pth/} +SITES.pth-2.0.4.tar.gz= ${MASTER_SITE_GNU:=pth/} MAINTAINER= shannonjr@NetBSD.org HOMEPAGE= ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/ diff --git a/security/gnupg-devel/buildlink3.mk b/security/gnupg-devel/buildlink3.mk index 5d4b7a669bc..8a9141f4383 100644 --- a/security/gnupg-devel/buildlink3.mk +++ b/security/gnupg-devel/buildlink3.mk @@ -1,26 +1,28 @@ -# $NetBSD: buildlink3.mk,v 1.5 2006/04/12 10:27:32 rillig Exp $ +# $NetBSD: buildlink3.mk,v 1.6 2006/06/23 12:28:55 shannonjr Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ GNUPG_DEVEL_BUILDLINK3_MK:= ${GNUPG_DEVEL_BUILDLINK3_MK}+ -.if !empty(BUILDLINK_DEPTH:M+) +.if ${BUILDLINK_DEPTH} == "+" BUILDLINK_DEPENDS+= gnupg-devel .endif BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Ngnupg-devel} BUILDLINK_PACKAGES+= gnupg-devel -.if !empty(GNUPG_DEVEL_BUILDLINK3_MK:M+) -BUILDLINK_API_DEPENDS.gnupg-devel+= gnupg-devel>=1.9.11 -BUILDLINK_ABI_DEPENDS.gnupg-devel+= gnupg-devel>=1.9.20nb1 +.if ${GNUPG_DEVEL_BUILDLINK3_MK} == "+" +BUILDLINK_API_DEPENDS.gnupg-devel+= gnupg-devel>=1.9.20nb2 BUILDLINK_PKGSRCDIR.gnupg-devel?= ../../security/gnupg-devel .endif # GNUPG_DEVEL_BUILDLINK3_MK -BUILDLINK_PREFIX.gnupg-devel?= ${LOCALBASE} -.include "../../security/libgpg-error/buildlink3.mk" -.include "../../security/libgcrypt/buildlink3.mk" +.include "../../databases/openldap-client/buildlink3.mk" +.include "../../converters/libiconv/buildlink3.mk" +.include "../../devel/gettext-lib/buildlink3.mk" +.include "../../devel/zlib/buildlink3.mk" .include "../../security/libassuan/buildlink3.mk" +.include "../../security/libgcrypt/buildlink3.mk" +.include "../../security/libgpg-error/buildlink3.mk" .include "../../security/libksba/buildlink3.mk" -.include "../../devel/zlib/buildlink3.mk" +.include "../../security/pinentry/buildlink3.mk" BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH:S/+$//} diff --git a/security/gnupg-devel/distinfo b/security/gnupg-devel/distinfo index 2d43892e96f..cbba4d9eba1 100644 --- a/security/gnupg-devel/distinfo +++ b/security/gnupg-devel/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.11 2006/01/06 11:05:18 shannonjr Exp $ +$NetBSD: distinfo,v 1.12 2006/06/23 12:28:55 shannonjr Exp $ SHA1 (gnupg-1.9.20.tar.bz2) = 557be26c21c114a3b345ce6b177fcb088883f827 RMD160 (gnupg-1.9.20.tar.bz2) = 3501de32f1526f64510a77fe3cc0905dd7fc8854 @@ -7,3 +7,4 @@ SHA1 (pth-2.0.4.tar.gz) = c5ee066185a042a5cf1341a0ec10bcb94a1d4c53 RMD160 (pth-2.0.4.tar.gz) = ba78260cb8860433cd240e24e2e90dc6997943d8 Size (pth-2.0.4.tar.gz) = 641851 bytes SHA1 (patch-aa) = 4fdedc1f98dbe717fd5a1229944703f19c3c10e5 +SHA1 (patch-ba) = 9ae61eb17f5f447f05d663e97b6b4d288c7f648a diff --git a/security/gnupg-devel/patches/patch-ba b/security/gnupg-devel/patches/patch-ba new file mode 100644 index 00000000000..8385bda3ab9 --- /dev/null +++ b/security/gnupg-devel/patches/patch-ba @@ -0,0 +1,24 @@ +$NetBSD: patch-ba,v 1.1 2006/06/23 12:28:55 shannonjr Exp $ + +--- ./g10/parse-packet.c.orig 2005-07-27 08:18:03.000000000 -0600 ++++ ./g10/parse-packet.c +@@ -1995,6 +1995,19 @@ parse_attribute( iobuf_t inp, int pkttyp + byte *p; + + #define EXTRA_UID_NAME_SPACE 71 ++ /* Cap the size of a user ID at 2k: a value absurdly large enough ++ that there is no sane user ID string (which is printable text ++ as of RFC2440bis) that won't fit in it, but yet small enough to ++ avoid allocation problems. A large pktlen may not be ++ allocatable, and a very large pktlen could actually cause our ++ allocation to wrap around in xmalloc to a small number. */ ++ ++ if(pktlen>2048) ++ { ++ log_error("packet(%d) too large\n", pkttype); ++ iobuf_skip_rest(inp, pktlen, 0); ++ return G10ERR_INVALID_PACKET; ++ } + packet->pkt.user_id = xmalloc (sizeof *packet->pkt.user_id + + EXTRA_UID_NAME_SPACE); + |