On Mon, 19 Apr 2010 10:26, j...@seiken.de said:
> It would be pretty bad if ubuntu releases gnupg with this bug since lucid is
> a
> long term support release and gnupg might receive up to 5 years of reports of
> regarding this bug on their mailing lists.
I posted the patch on January 26. Find it attached. Will you be so
kind and forward it to the Ubuntu folks?
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
#! /bin/sh
patch -p0 -f $* < $0
exit $?
agent/
2010-01-26 Werner Koch <w...@g10code.com>
* protect.c (do_encryption): Encode the s2kcount and no not use a
static value of 96.
--- agent/protect.c (revision 5231)
+++ agent/protect.c (working copy)
@@ -360,19 +360,25 @@
in canoncical format of course. We use asprintf and %n modifier
and dummy values as placeholders. */
- p = xtryasprintf
- ("(9:protected%d:%s((4:sha18:%n_8bytes_2:96)%d:%n%*s)%d:%n%*s)",
- (int)strlen (modestr), modestr,
- &saltpos,
- blklen, &ivpos, blklen, "",
- enclen, &encpos, enclen, "");
- if (!p)
- {
- gpg_error_t tmperr = out_of_core ();
- xfree (iv);
- xfree (outbuf);
- return tmperr;
- }
+ {
+ char countbuf[35];
+
+ snprintf (countbuf, sizeof countbuf, "%lu", get_standard_s2k_count ());
+ p = xtryasprintf
+ ("(9:protected%d:%s((4:sha18:%n_8bytes_%u:%s)%d:%n%*s)%d:%n%*s)",
+ (int)strlen (modestr), modestr,
+ &saltpos,
+ (unsigned int)strlen (countbuf), countbuf,
+ blklen, &ivpos, blklen, "",
+ enclen, &encpos, enclen, "");
+ if (!p)
+ {
+ gpg_error_t tmperr = out_of_core ();
+ xfree (iv);
+ xfree (outbuf);
+ return tmperr;
+ }
+ }
*resultlen = strlen (p);
*result = (unsigned char*)p;
memcpy (p+saltpos, iv+2*blklen, 8);
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
