From c25b7aa323ab71b1a524d15dbbe942dbebd55761 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 30 Jan 2013 00:08:41 -0800 Subject: Wed Jan 30 00:08:41 PST 2013 --- core/gnupg/PKGBUILD | 7 ++-- core/gnupg/valid-keyblock-packet.patch | 61 ++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 core/gnupg/valid-keyblock-packet.patch (limited to 'core/gnupg') diff --git a/core/gnupg/PKGBUILD b/core/gnupg/PKGBUILD index 5d991467a..efbc00dd9 100644 --- a/core/gnupg/PKGBUILD +++ b/core/gnupg/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 175919 2013-01-25 01:06:48Z bisson $ +# $Id: PKGBUILD 176299 2013-01-29 03:50:02Z bisson $ # Maintainer: Gaetan Bisson # Contributor: Tobias Powalowski # Contributor: Andreas Radke @@ -6,7 +6,7 @@ pkgname=gnupg pkgver=2.0.19 -pkgrel=4 +pkgrel=5 pkgdesc='Complete and free implementation of the OpenPGP standard' url='http://www.gnupg.org/' license=('GPL') @@ -17,9 +17,11 @@ optdepends=('curl: gpg2keys_curl' makedepends=('curl' 'libldap' 'libusb-compat') depends=('bzip2' 'libksba' 'libgcrypt' 'pth' 'libassuan' 'readline' 'pinentry' 'dirmngr') source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig} + 'valid-keyblock-packet.patch' 'protect-tool-env.patch') sha1sums=('190c09e6688f688fb0a5cf884d01e240d957ac1f' 'f6e6830610a8629b0aad69d789373bf8ca481733' + '474d827f1c2976bb107985047f61ac9096ae0953' '2ec97ba55ae47ff0d63bc813b8c64cb79cef11db') install=install @@ -31,6 +33,7 @@ replaces=('gnupg2') build() { cd "${srcdir}/${pkgname}-${pkgver}" patch -p1 -i ../protect-tool-env.patch # FS#31900 + patch -p1 -i ../valid-keyblock-packet.patch ./configure --prefix=/usr --libexecdir=/usr/lib/gnupg make } diff --git a/core/gnupg/valid-keyblock-packet.patch b/core/gnupg/valid-keyblock-packet.patch new file mode 100644 index 000000000..64bf1c2da --- /dev/null +++ b/core/gnupg/valid-keyblock-packet.patch @@ -0,0 +1,61 @@ +From: Werner Koch +Date: Thu, 20 Dec 2012 08:43:41 +0000 (+0100) +Subject: gpg: Import only packets which are allowed in a keyblock. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=498882296ffac7987c644aaf2a0aa108a2925471;hp=20c95ef258f8520283406239f7c6f4729341d463 + +gpg: Import only packets which are allowed in a keyblock. + +* g10/import.c (valid_keyblock_packet): New. +(read_block): Store only valid packets. +-- + +A corrupted key, which for example included a mangled public key +encrypted packet, used to corrupt the keyring. This change skips all +packets which are not allowed in a keyblock. + +GnuPG-bug-id: 1455 + +(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e) +--- + +diff --git a/g10/import.c b/g10/import.c +index ba2439d..ad112d6 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -347,6 +347,27 @@ import_print_stats (void *hd) + } + + ++/* Return true if PKTTYPE is valid in a keyblock. */ ++static int ++valid_keyblock_packet (int pkttype) ++{ ++ switch (pkttype) ++ { ++ case PKT_PUBLIC_KEY: ++ case PKT_PUBLIC_SUBKEY: ++ case PKT_SECRET_KEY: ++ case PKT_SECRET_SUBKEY: ++ case PKT_SIGNATURE: ++ case PKT_USER_ID: ++ case PKT_ATTRIBUTE: ++ case PKT_RING_TRUST: ++ return 1; ++ default: ++ return 0; ++ } ++} ++ ++ + /**************** + * Read the next keyblock from stream A. + * PENDING_PKT should be initialzed to NULL +@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) + } + in_cert = 1; + default: +- if( in_cert ) { ++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) { + if( !root ) + root = new_kbnode( pkt ); + else -- cgit v1.2.3-54-g00ecf