[arch-commits] Commit in gnupg/trunk (3 files)
Date: Friday, July 10, 2020 @ 08:38:18
Author: bisson
Revision: 391525
upstream update
Added:
gnupg/trunk/do-not-rebuild-defsincdate.patch
Modified:
gnupg/trunk/PKGBUILD
Deleted:
gnupg/trunk/do-not-rebuild-defsincdate.patch
--+
PKGBUILD |8 +--
do-not-rebuild-defsincdate.patch | 84 ++---
2 files changed, 47 insertions(+), 45 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2020-07-10 06:43:48 UTC (rev 391524)
+++ PKGBUILD2020-07-10 08:38:18 UTC (rev 391525)
@@ -4,8 +4,8 @@
# Contributor: Judd Vinet
pkgname=gnupg
-pkgver=2.2.20
-pkgrel=4
+pkgver=2.2.21
+pkgrel=1
pkgdesc='Complete and free implementation of the OpenPGP standard'
url='https://www.gnupg.org/'
license=('GPL')
@@ -25,11 +25,11 @@
'drop-import-clean.patch'
'avoid-beta-warning.patch'
'do-not-rebuild-defsincdate.patch')
-sha256sums=('04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30'
+sha256sums=('61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec'
'SKIP'
'02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc'
'22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d'
-'01fee1b04358e5dce76894214bb263e9a75cf408eb1277fad5b751ab3d45b87a')
+'bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee')
install=install
Deleted: do-not-rebuild-defsincdate.patch
===
--- do-not-rebuild-defsincdate.patch2020-07-10 06:43:48 UTC (rev 391524)
+++ do-not-rebuild-defsincdate.patch2020-07-10 08:38:18 UTC (rev 391525)
@@ -1,41 +0,0 @@
-From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001
-From: Daniel Kahn Gillmor
-Date: Mon, 29 Aug 2016 12:34:42 -0400
-Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file)
-
-upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am
-tries to rewrite doc/defsincdate if it notices that any of the files
-have been modified more recently, and it does so assuming that we're
-running from a git repo.
-
-However, we'd rather ship the documents cleanly without regenerating
-defsincdate -- we don't have a git repo available (debian builds from
-upstream tarballs) and any changes to the texinfo files (e.g. from
-debian/patches/) might result in different dates on the files than we
-expect after they're applied by dpkg or quilt or whatever, which makes
-the datestamp unreproducible.
- doc/Makefile.am | 7 ---
- 1 file changed, 7 deletions(-)
-
-diff --git a/doc/Makefile.am b/doc/Makefile.am
-index d47d83ede..c0a81b0b9 100644
a/doc/Makefile.am
-+++ b/doc/Makefile.am
-@@ -177,13 +177,6 @@ $(myman_pages) gnupg.7 : yat2m-stamp defs.inc
-
- dist-hook: defsincdate
-
--defsincdate: $(gnupg_TEXINFOS)
-- : >defsincdate ; \
-- if test -e $(top_srcdir)/.git; then \
--(cd $(srcdir) && git log -1 --format='%ct' \
-- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \
-- fi
--
- defs.inc : defsincdate Makefile mkdefsinc
- incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
- ./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \
---
-2.27.0
-
Added: do-not-rebuild-defsincdate.patch
===
--- do-not-rebuild-defsincdate.patch(rev 0)
+++ do-not-rebuild-defsincdate.patch2020-07-10 08:38:18 UTC (rev 391525)
@@ -0,0 +1,43 @@
+From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor
+Date: Mon, 29 Aug 2016 12:34:42 -0400
+Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file)
+
+upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am
+tries to rewrite doc/defsincdate if it notices that any of the files
+have been modified more recently, and it does so assuming that we're
+running from a git repo.
+
+However, we'd rather ship the documents cleanly without regenerating
+defsincdate -- we don't have a git repo available (debian builds from
+upstream tarballs) and any changes to the texinfo files (e.g. from
+debian/patches/) might result in different dates on the files than we
+expect after they're applied by dpkg or quilt or whatever, which makes
+the datestamp unreproducible.
+---
+ doc/Makefile.am | 7 ---
+ 1 file changed, 7 deletions(-)
+
+diff --git a/doc/Makefile.am b/doc/Makefile.am
+index d47d83ede..c0a81b0b9 100644
+--- a/doc/Makefile.am
b/doc/Makefile.am
+@@ -177,15 +177,6 @@
+
+ dist-hook: defsincdate
+
+-defsincdate: $(gnupg_TEXINFOS)
+- : >defsincdate ; \
+- if test -e $(top_srcdir)/.git; then \
+-(cd $(srcdir) && git log -1 --format='%ct' \
+- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \
+-elif test
[arch-commits] Commit in gnupg/trunk (3 files)
Date: Friday, November 28, 2014 @ 20:53:51
Author: bisson
Revision: 227171
fix FS#42943
Added:
gnupg/trunk/oid2str-overflow.patch
gnupg/trunk/subpacket-off.patch
Modified:
gnupg/trunk/PKGBUILD
+
PKGBUILD |8 -
oid2str-overflow.patch | 72 +++
subpacket-off.patch| 38
3 files changed, 117 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===
--- PKGBUILD2014-11-28 19:39:28 UTC (rev 227170)
+++ PKGBUILD2014-11-28 19:53:51 UTC (rev 227171)
@@ -6,7 +6,7 @@
pkgname=gnupg
pkgver=2.1.0
-pkgrel=5
+pkgrel=6
pkgdesc='Complete and free implementation of the OpenPGP standard'
url='http://www.gnupg.org/'
license=('GPL')
@@ -17,9 +17,13 @@
depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
'pinentry' 'bzip2' 'readline')
source=(ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2{,.sig}
+'oid2str-overflow.patch'
+'subpacket-off.patch'
'refresh-keys.patch'
'hash-ecdsa.patch')
sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP'
+ '774f7fe541428f45ee145c763cf5634264e3bc69'
+ '1a86b834904c7d18d932ad1bb44d3642990d3cbd'
'246bea8776882f4c0293685482558f6ead1cf902'
'b9bd644276aa1c1a3fcaed82e65eecccfd1f36ed')
@@ -31,6 +35,8 @@
prepare() {
cd ${srcdir}/${pkgname}-${pkgver}
+ patch -p1 -i ../oid2str-overflow.patch
+ patch -p1 -i ../subpacket-off.patch
patch -p1 -i ../refresh-keys.patch
patch -p1 -i ../hash-ecdsa.patch
}
Added: oid2str-overflow.patch
===
--- oid2str-overflow.patch (rev 0)
+++ oid2str-overflow.patch 2014-11-28 19:53:51 UTC (rev 227171)
@@ -0,0 +1,72 @@
+From: Werner Koch w...@gnupg.org
+Date: Tue, 25 Nov 2014 10:58:56 + (+0100)
+Subject: Fix buffer overflow in openpgp_oid_to_str.
+X-Git-Url:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=8445ef24fc31e1fe0291e17f90f9f06b536e34da;hp=28dafd4714a9b01d3a6f1e6e5919bf6f909987c7
+
+Fix buffer overflow in openpgp_oid_to_str.
+
+* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.
+
+* common/t-openpgp-oid.c (BADOID): New.
+(test_openpgp_oid_to_str): Add test cases.
+--
+
+The code has an obvious error by not considering invalid encoding for
+arc-2. A first byte of 0x80 can be used to make a value of less then
+80 and we then subtract 80 from that value as required by the OID
+encoding rules. Due to the unsigned integer this results in a pretty
+long value which won't fit anymore into the allocated buffer.
+
+The fix is obvious. Also added a few simple test cases. Note that we
+keep on using sprintf instead of snprintf because managing the
+remaining length of the buffer would probably be more error prone than
+assuring that the buffer is large enough. Getting rid of sprintf
+altogether by using direct conversion along with membuf_t like code
+might be possible.
+
+Reported-by: Hanno Böck
+Signed-off-by: Werner Koch w...@gnupg.org
+
+Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7
+---
+
+diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c
+index 010c23f..d3d1f2a 100644
+--- a/common/openpgp-oid.c
b/common/openpgp-oid.c
+@@ -236,6 +236,8 @@ openpgp_oid_to_str (gcry_mpi_t a)
+ val = 7;
+ val |= buf[n] 0x7f;
+ }
++if (val 80)
++ goto badoid;
+ val -= 80;
+ sprintf (p, 2.%lu, val);
+ p += strlen (p);
+diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c
+index 79e5a70..5cd778d 100644
+--- a/common/t-openpgp-oid.c
b/common/t-openpgp-oid.c
+@@ -32,6 +32,9 @@
+ } while(0)
+
+
++#define BADOID 1.3.6.1.4.1.11591.2.12242973
++
++
+ static void
+ test_openpgp_oid_from_str (void)
+ {
+@@ -108,6 +111,12 @@ test_openpgp_oid_to_str (void)
+ { 1.3.132.0.35,
+ { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 }},
+
++{ BADOID,
++ { 9, 0x80, 0x02, 0x70, 0x50, 0x25, 0x46, 0xfd, 0x0c, 0xc0 }},
++
++{ BADOID,
++ { 1, 0x80 }},
++
+ { NULL }};
+ gcry_mpi_t a;
+ int idx;
Added: subpacket-off.patch
===
--- subpacket-off.patch (rev 0)
+++ subpacket-off.patch 2014-11-28 19:53:51 UTC (rev 227171)
@@ -0,0 +1,38 @@
+From: Werner Koch w...@gnupg.org
+Date: Mon, 24 Nov 2014 16:28:25 + (+0100)
+Subject: gpg: Fix off-by-one read in the attribute subpacket parser.
+X-Git-Url:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=0988764397f99db4efef1eabcdb8072d6159af76;hp=b716e6a69919b89c7887d6c7c9b97e58d18fdf95
+
+gpg: Fix off-by-one read in the attribute subpacket parser.
+
+* g10/parse-packet.c (parse_attribute_subpkts): Check that the
+attribute packet is
