7 files changed, 60 insertions, 23 deletions

diff --git a/security/gnupg/Makefile b/security/gnupg/Makefile
index 8f67169ea7f..0fa954e3f35 100644
--- a/security/gnupg/Makefile
+++ b/security/gnupg/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.82 2006/03/10 15:10:08 ghen Exp $
+# $NetBSD: Makefile,v 1.82.2.1 2006/06/25 08:58:13 snj Exp $
 
-DISTNAME=	gnupg-1.4.2.2
+DISTNAME=	gnupg-1.4.3
+PKGREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.gnupg.org/gcrypt/gnupg/ \
 		ftp://ftp.planetmirror.com/pub/gnupg/ \
diff --git a/security/gnupg/PLIST b/security/gnupg/PLIST
index b89899503b5..9d6b9ffb1f3 100644
--- a/security/gnupg/PLIST
+++ b/security/gnupg/PLIST
@@ -1,11 +1,11 @@
-@comment $NetBSD: PLIST,v 1.15 2005/03/22 17:50:55 wiz Exp $
+@comment $NetBSD: PLIST,v 1.15.8.1 2006/06/25 08:58:13 snj Exp $
 bin/gpg
+bin/gpg-zip
 bin/gpgsplit
 bin/gpgv
-${CURL}libexec/gnupg/gpgkeys_curl
+libexec/gnupg/gpgkeys_curl
 libexec/gnupg/gpgkeys_finger
 libexec/gnupg/gpgkeys_hkp
-${NOCURL}libexec/gnupg/gpgkeys_http
 ${OPENLDAP}libexec/gnupg/gpgkeys_ldap
 man/man1/gpg.1
 man/man1/gpg.ru.1
diff --git a/security/gnupg/distinfo b/security/gnupg/distinfo
index ef28355ad97..57ee09e8d25 100644
--- a/security/gnupg/distinfo
+++ b/security/gnupg/distinfo
@@ -1,11 +1,12 @@
-$NetBSD: distinfo,v 1.38 2006/03/10 15:10:08 ghen Exp $
+$NetBSD: distinfo,v 1.38.2.1 2006/06/25 08:58:13 snj Exp $
 
-SHA1 (gnupg-1.4.2.2.tar.bz2) = f5559ddb004e0638f6bd9efe2bac00134c5065ba
-RMD160 (gnupg-1.4.2.2.tar.bz2) = cbbf3ffafa51fdf985c2562ecafccd72bc36ea0d
-Size (gnupg-1.4.2.2.tar.bz2) = 3034652 bytes
+SHA1 (gnupg-1.4.3.tar.bz2) = 9e96b36e4f4d1e8bc5028c99fac674482cbdb370
+RMD160 (gnupg-1.4.3.tar.bz2) = f6d328785f41b74f97d25305c6fe95ad45bb70a5
+Size (gnupg-1.4.3.tar.bz2) = 3114088 bytes
 SHA1 (idea.c.gz) = 82fded4ec31b97b3b2dd22741880b67cfee40f84
 RMD160 (idea.c.gz) = e35be5a031d10d52341ac5f029d28f811edd908d
 Size (idea.c.gz) = 5216 bytes
-SHA1 (patch-aa) = 2916ba7403fea027d872fe62ce271c2e8b8ac3be
+SHA1 (patch-aa) = 91d55ca22b58e8a1f3c17a2fd0ad888d4c85c6cf
 SHA1 (patch-ab) = 29a7d0b736322eb1ecf0925a2419b513f323000e
-SHA1 (patch-ak) = d6a13c41905c7d0c5bf883add227bc7d5267dc06
+SHA1 (patch-ak) = 89a6a7552104f4d5b97a98889da88fca68c54f31
+SHA1 (patch-ba) = d32db008ec704dacf382da4f43ad6b3f0de88dcb
diff --git a/security/gnupg/options.mk b/security/gnupg/options.mk
index 320052a9948..6d2d3a0abe9 100644
--- a/security/gnupg/options.mk
+++ b/security/gnupg/options.mk
@@ -1,7 +1,17 @@
-# $NetBSD: options.mk,v 1.5 2005/12/05 20:50:56 rillig Exp $
+# $NetBSD: options.mk,v 1.5.4.1 2006/06/25 08:58:14 snj Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.gnupg
-PKG_SUPPORTED_OPTIONS=	i586-optimized curl idea ldap m68060-optimized
+PKG_SUPPORTED_OPTIONS=	curl idea ldap
+
+.include "../../mk/bsd.prefs.mk"
+
+.if ${MACHINE_ARCH:Mi386}
+PKG_SUPPORTED_OPTIONS+=	i586-optimized
+.endif
+
+.if ${MACHINE_ARCH:Mm68k}
+PKG_SUPPORTED_OPTIONS+=	m68060-optimized
+.endif
 
 .include "../../mk/bsd.options.mk"
 
@@ -13,10 +23,8 @@ MACHINE_GNU_ARCH=	i586
 
 .if !empty(PKG_OPTIONS:Mcurl)
 .include "../../www/curl/buildlink3.mk"
-CONFIGURE_ARGS+=	--with-libcurl
-PLIST_SUBST+=	CURL="" NOCURL="@comment "
 .else
-PLIST_SUBST+=	CURL="@comment " NOCURL=""
+CONFIGURE_ARGS+=	--without-libcurl
 .endif
 
 .if !empty(PKG_OPTIONS:Midea)
diff --git a/security/gnupg/patches/patch-aa b/security/gnupg/patches/patch-aa
index 3989b307889..c007a433073 100644
--- a/security/gnupg/patches/patch-aa
+++ b/security/gnupg/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.10 2004/12/25 02:54:13 wiz Exp $
+$NetBSD: patch-aa,v 1.10.10.1 2006/06/25 08:58:14 snj Exp $
 
---- cipher/idea-stub.c.orig	2004-11-17 16:50:56.000000000 +0100
+--- cipher/idea-stub.c.orig	2005-12-08 06:58:36.000000000 +0000
 +++ cipher/idea-stub.c
-@@ -132,9 +132,9 @@ load_module (const char *name)
+@@ -133,9 +133,9 @@ load_module (const char *name)
      }
  
    sym = dlsym (handle, "idea_get_info");
@@ -13,4 +13,4 @@ $NetBSD: patch-aa,v 1.10 2004/12/25 02:54:13 wiz Exp $
 +  if ((sym == NULL) && (err=dlerror())) 
      goto failure;
  
-   return sym;
+   return (INFO_FNC)sym;
diff --git a/security/gnupg/patches/patch-ak b/security/gnupg/patches/patch-ak
index b36907ce81a..dd128442775 100644
--- a/security/gnupg/patches/patch-ak
+++ b/security/gnupg/patches/patch-ak
@@ -1,8 +1,8 @@
-$NetBSD: patch-ak,v 1.2 2004/12/25 02:54:13 wiz Exp $
+$NetBSD: patch-ak,v 1.2.10.1 2006/06/25 08:58:14 snj Exp $
 
---- include/types.h.orig	2003-09-28 13:35:29.000000000 +0200
+--- include/types.h.orig	2005-07-27 17:02:56.000000000 +0000
 +++ include/types.h
-@@ -103,7 +103,12 @@ typedef unsigned long u32;
+@@ -104,7 +104,12 @@ typedef unsigned long u32;
  #undef u64	    /* maybe there is a macro with this name */
  #if SIZEOF_UINT64_T == 8
  typedef uint64_t u64;
diff --git a/security/gnupg/patches/patch-ba b/security/gnupg/patches/patch-ba
new file mode 100644
index 00000000000..bb1327fea48
--- /dev/null
+++ b/security/gnupg/patches/patch-ba
@@ -0,0 +1,27 @@
+$NetBSD: patch-ba,v 1.1.2.2 2006/06/25 08:58:14 snj Exp $
+
+Security fix for CVE-2006-3082, from GnuPG CVS repository.
+
+--- g10/parse-packet.c.orig	2005-12-06 14:22:19.000000000 +0100
++++ g10/parse-packet.c	2006-06-24 16:09:34.000000000 +0200
+@@ -1972,6 +1972,20 @@
+ {
+     byte *p;
+ 
++    /* Cap the size of a user ID at 2k: a value absurdly large enough
++       that there is no sane user ID string (which is printable text
++       as of RFC2440bis) that won't fit in it, but yet small enough to
++       avoid allocation problems.  A large pktlen may not be
++       allocatable, and a very large pktlen could actually cause our
++       allocation to wrap around in xmalloc to a small number. */
++
++    if(pktlen>2048)
++      {
++	log_error("packet(%d) too large\n", pkttype);
++	iobuf_skip_rest(inp, pktlen, 0);
++	return G10ERR_INVALID_PACKET;
++      }
++
+     packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + pktlen);
+     packet->pkt.user_id->len = pktlen;
+     packet->pkt.user_id->ref=1;