[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/gnupg/ gnupg.patch gnupg...

[Ralf S. Engelschall]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   18-Feb-2006 00:03:23
  Branch: OPENPKG_2_3_SOLID                Handle: 2006021723032200

  Added files:              (Branch: OPENPKG_2_3_SOLID)
    openpkg-src/gnupg       gnupg.patch
  Modified files:           (Branch: OPENPKG_2_3_SOLID)
    openpkg-src/gnupg       gnupg.spec

  Log:
    Security Fix (CVE-2006-0455)

  Summary:
    Revision    Changes     Path
    1.5.4.1     +74 -0      openpkg-src/gnupg/gnupg.patch
    1.52.2.2    +3  -1      openpkg-src/gnupg/gnupg.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/gnupg/gnupg.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.5.4.1 gnupg.patch
  --- /dev/null 2006-02-18 00:03:15 +0100
  +++ gnupg.patch       2006-02-18 00:03:23 +0100
  @@ -0,0 +1,74 @@
  +Security Fix (CVE-2006-0455)
  +
  +Index: g10/mainproc.c
  +--- g10/mainproc.c.orig      2005-05-31 08:29:56 +0200
  ++++ g10/mainproc.c   2006-02-17 23:42:36 +0100
  +@@ -77,6 +77,7 @@
  +         int op;
  +         int stop_now;
  +     } pipemode;
  ++    int any_sig_seen;  /* Set to true if a signature packet has been seen. 
*/
  + };
  + 
  + 
  +@@ -217,6 +218,7 @@
  + {
  +     KBNODE node;
  + 
  ++    c->any_sig_seen = 1;
  +     if( pkt->pkttype == PKT_SIGNATURE && !c->list ) {
  +     /* This is the first signature for the following datafile.
  +      * GPG does not write such packets; instead it always uses
  +@@ -1137,6 +1139,18 @@
  +     c->signed_data = signedfiles;
  +     c->sigfilename = sigfilename;
  +     rc = do_proc_packets( c, a );
  ++ 
  ++    /* If we have not encountered any signature we print an error
  ++       messages, send a NODATA status back and return an error code.
  ++       Using log_error is required becuase verify_files does not check
  ++       error codes for each file but we want to terminate the process
  ++       with an error. */ 
  ++    if (!rc && !c->any_sig_seen)
  ++      {
  ++    write_status_text (STATUS_NODATA, "4");
  ++        log_error (_("no signature found\n"));
  ++        rc = G10ERR_NO_DATA;
  ++      }
  +     m_free( c );
  +     return rc;
  + }
  +Index: g10/verify.c
  +--- g10/verify.c.orig        2005-07-20 22:42:29 +0200
  ++++ g10/verify.c     2006-02-17 23:42:36 +0100
  +@@ -113,7 +113,7 @@
  +     rc = proc_signature_packets( NULL, fp, sl, sigfile );
  +     free_strlist(sl);
  +     iobuf_close(fp);
  +-    if( afx.no_openpgp_data && rc == -1 ) {
  ++    if( (afx.no_openpgp_data && rc == -1) || rc == G10ERR_NO_DATA ) {
  +     log_error(_("the signature could not be verified.\n"
  +                "Please remember that the signature file (.sig or .asc)\n"
  +                "should be the first file given on the command line.\n") );
  +Index: include/errors.h
  +--- include/errors.h.orig    2005-05-31 08:30:04 +0200
  ++++ include/errors.h 2006-02-17 23:42:36 +0100
  +@@ -78,6 +78,7 @@
  + #define G10ERR_KEYSERVER      55
  + #define G10ERR_CANCELED       56
  + #define G10ERR_NO_CARD        57
  ++#define G10ERR_NO_DATA        58
  + 
  + #ifndef HAVE_STRERROR
  + char *strerror (int n);
  +Index: util/errors.c
  +--- util/errors.c.orig       2005-05-31 08:30:16 +0200
  ++++ util/errors.c    2006-02-17 23:42:36 +0100
  +@@ -108,6 +108,7 @@
  +       X(KEYSERVER      ,N_("keyserver error"))
  +       X(CANCELED       ,N_("canceled"))
  +       X(NO_CARD        ,N_("no card"))
  ++      X(NO_DATA        ,N_("no data"))
  +       default: p = buf; sprintf(buf, "g10err=%d", err); break;
  +     }
  + #undef X
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/gnupg/gnupg.spec
  ============================================================================
  $ cvs diff -u -r1.52.2.1 -r1.52.2.2 gnupg.spec
  --- openpkg-src/gnupg/gnupg.spec      21 Feb 2005 17:06:58 -0000      1.52.2.1
  +++ openpkg-src/gnupg/gnupg.spec      17 Feb 2006 23:03:22 -0000      1.52.2.2
  @@ -34,7 +34,7 @@
   Group:        Cryptography
   License:      GPL
   Version:      1.4.0
  -Release:      2.3.0
  +Release:      2.3.1
   
   #   package options
   %option       with_idea  no
  @@ -43,6 +43,7 @@
   #   list of sources
   Source0:      ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.gz
   Source1:      ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.gz
  +Patch0:       gnupg.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -75,6 +76,7 @@
   
   %prep
       %setup -q
  +    %patch -p0
   %if "%{with_idea}" == "yes"
       %{l_gzip} -d -c %{SOURCE idea.c.gz} >cipher/idea.c
   %endif
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org