diff options
| author | drochner <drochner@pkgsrc.org> | 2013-01-15 11:21:50 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2013-01-15 11:21:50 +0000 |
| commit | ed45871ccef58dfc9fa20dff991b064b76177c38 (patch) | |
| tree | 4ee7a1e198e6803f86acb9466ac4ae1f007df30e /security | |
| parent | eddfe2f4a4e596a1e9e12e20d84314265663bb2e (diff) | |
| download | pkgsrc-ed45871ccef58dfc9fa20dff991b064b76177c38.tar.gz | |
add patch from upstream to fix possible keyring corruption
on import of corrupted keys (CVE-2012-6085), bump PKGREV
from "Bug Hunting" per PR pkg/47442
Diffstat (limited to 'security')
| -rw-r--r-- | security/gnupg2/Makefile | 4 | ||||
| -rw-r--r-- | security/gnupg2/distinfo | 3 | ||||
| -rw-r--r-- | security/gnupg2/patches/patch-CVE-2012-6085 | 43 |
3 files changed, 47 insertions, 3 deletions
diff --git a/security/gnupg2/Makefile b/security/gnupg2/Makefile index d03cb0b844a..e6c9d1f0a8f 100644 --- a/security/gnupg2/Makefile +++ b/security/gnupg2/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.41 2012/12/16 01:52:32 obache Exp $ +# $NetBSD: Makefile,v 1.42 2013/01/15 11:21:50 drochner Exp $ DISTNAME= gnupg-2.0.19 PKGNAME= ${DISTNAME:S/gnupg/gnupg2/} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= security MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/gnupg/ EXTRACT_SUFX= .tar.bz2 diff --git a/security/gnupg2/distinfo b/security/gnupg2/distinfo index eab990f9958..dbb811b0c62 100644 --- a/security/gnupg2/distinfo +++ b/security/gnupg2/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.25 2012/04/17 18:35:33 drochner Exp $ +$NetBSD: distinfo,v 1.26 2013/01/15 11:21:50 drochner Exp $ SHA1 (gnupg-2.0.19.tar.bz2) = 190c09e6688f688fb0a5cf884d01e240d957ac1f RMD160 (gnupg-2.0.19.tar.bz2) = 026b5c5fa2b21c3586f325f48ff1420c987b88a7 Size (gnupg-2.0.19.tar.bz2) = 4187460 bytes +SHA1 (patch-CVE-2012-6085) = cbc5ff88eaaebcff9c7bc7983b3d363eff4fcd8b SHA1 (patch-ai) = 4445d30150518f71f996e3b368a81523daded2e2 SHA1 (patch-aj) = bfd21504e0d55f99df543912b1cdf2c573de2f98 SHA1 (patch-al) = ef7c698ed102c4e27bbf707ae5d1fce4c2b5d8d4 diff --git a/security/gnupg2/patches/patch-CVE-2012-6085 b/security/gnupg2/patches/patch-CVE-2012-6085 new file mode 100644 index 00000000000..003694a7bf3 --- /dev/null +++ b/security/gnupg2/patches/patch-CVE-2012-6085 @@ -0,0 +1,43 @@ +$NetBSD: patch-CVE-2012-6085,v 1.1 2013/01/15 11:21:50 drochner Exp $ + +upstream rev. 498882296ffac7987c644aaf2a0aa108a2925471 + +--- g10/import.c.orig 2012-03-27 08:00:37.000000000 +0000 ++++ g10/import.c +@@ -347,6 +347,27 @@ import_print_stats (void *hd) + } + + ++/* Return true if PKTTYPE is valid in a keyblock. */ ++static int ++valid_keyblock_packet (int pkttype) ++{ ++ switch (pkttype) ++ { ++ case PKT_PUBLIC_KEY: ++ case PKT_PUBLIC_SUBKEY: ++ case PKT_SECRET_KEY: ++ case PKT_SECRET_SUBKEY: ++ case PKT_SIGNATURE: ++ case PKT_USER_ID: ++ case PKT_ATTRIBUTE: ++ case PKT_RING_TRUST: ++ return 1; ++ default: ++ return 0; ++ } ++} ++ ++ + /**************** + * Read the next keyblock from stream A. + * PENDING_PKT should be initialzed to NULL +@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pk + } + in_cert = 1; + default: +- if( in_cert ) { ++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) { + if( !root ) + root = new_kbnode( pkt ); + else |