[arch-commits] Commit in gnupg/trunk (3 files)
Date: Friday, July 10, 2020 @ 08:38:18 Author: bisson Revision: 391525 upstream update Added: gnupg/trunk/do-not-rebuild-defsincdate.patch Modified: gnupg/trunk/PKGBUILD Deleted: gnupg/trunk/do-not-rebuild-defsincdate.patch --+ PKGBUILD |8 +-- do-not-rebuild-defsincdate.patch | 84 ++--- 2 files changed, 47 insertions(+), 45 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-07-10 06:43:48 UTC (rev 391524) +++ PKGBUILD2020-07-10 08:38:18 UTC (rev 391525) @@ -4,8 +4,8 @@ # Contributor: Judd Vinet pkgname=gnupg -pkgver=2.2.20 -pkgrel=4 +pkgver=2.2.21 +pkgrel=1 pkgdesc='Complete and free implementation of the OpenPGP standard' url='https://www.gnupg.org/' license=('GPL') @@ -25,11 +25,11 @@ 'drop-import-clean.patch' 'avoid-beta-warning.patch' 'do-not-rebuild-defsincdate.patch') -sha256sums=('04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30' +sha256sums=('61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec' 'SKIP' '02d375f0045f56f7dd82bacdb5ce559afd52ded8b75f6b2673c39ec666e81abc' '22fdf9490fad477f225e731c417867d9e7571ac654944e8be63a1fbaccd5c62d' -'01fee1b04358e5dce76894214bb263e9a75cf408eb1277fad5b751ab3d45b87a') +'bb4dcba0328af6271ccfe992a64d8daa9f0a691ba52978491647f1dea05675ee') install=install Deleted: do-not-rebuild-defsincdate.patch === --- do-not-rebuild-defsincdate.patch2020-07-10 06:43:48 UTC (rev 391524) +++ do-not-rebuild-defsincdate.patch2020-07-10 08:38:18 UTC (rev 391525) @@ -1,41 +0,0 @@ -From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001 -From: Daniel Kahn Gillmor -Date: Mon, 29 Aug 2016 12:34:42 -0400 -Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file) - -upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am -tries to rewrite doc/defsincdate if it notices that any of the files -have been modified more recently, and it does so assuming that we're -running from a git repo. - -However, we'd rather ship the documents cleanly without regenerating -defsincdate -- we don't have a git repo available (debian builds from -upstream tarballs) and any changes to the texinfo files (e.g. from -debian/patches/) might result in different dates on the files than we -expect after they're applied by dpkg or quilt or whatever, which makes -the datestamp unreproducible. - doc/Makefile.am | 7 --- - 1 file changed, 7 deletions(-) - -diff --git a/doc/Makefile.am b/doc/Makefile.am -index d47d83ede..c0a81b0b9 100644 a/doc/Makefile.am -+++ b/doc/Makefile.am -@@ -177,13 +177,6 @@ $(myman_pages) gnupg.7 : yat2m-stamp defs.inc - - dist-hook: defsincdate - --defsincdate: $(gnupg_TEXINFOS) -- : >defsincdate ; \ -- if test -e $(top_srcdir)/.git; then \ --(cd $(srcdir) && git log -1 --format='%ct' \ -- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \ -- fi -- - defs.inc : defsincdate Makefile mkdefsinc - incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ - ./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \ --- -2.27.0 - Added: do-not-rebuild-defsincdate.patch === --- do-not-rebuild-defsincdate.patch(rev 0) +++ do-not-rebuild-defsincdate.patch2020-07-10 08:38:18 UTC (rev 391525) @@ -0,0 +1,43 @@ +From 3e8ff68502bf5de333db7213d9e27e0b9e8cc36e Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor +Date: Mon, 29 Aug 2016 12:34:42 -0400 +Subject: [PATCH 7/7] avoid regenerating defsincdate (use shipped file) + +upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am +tries to rewrite doc/defsincdate if it notices that any of the files +have been modified more recently, and it does so assuming that we're +running from a git repo. + +However, we'd rather ship the documents cleanly without regenerating +defsincdate -- we don't have a git repo available (debian builds from +upstream tarballs) and any changes to the texinfo files (e.g. from +debian/patches/) might result in different dates on the files than we +expect after they're applied by dpkg or quilt or whatever, which makes +the datestamp unreproducible. +--- + doc/Makefile.am | 7 --- + 1 file changed, 7 deletions(-) + +diff --git a/doc/Makefile.am b/doc/Makefile.am +index d47d83ede..c0a81b0b9 100644 +--- a/doc/Makefile.am b/doc/Makefile.am +@@ -177,15 +177,6 @@ + + dist-hook: defsincdate + +-defsincdate: $(gnupg_TEXINFOS) +- : >defsincdate ; \ +- if test -e $(top_srcdir)/.git; then \ +-(cd $(srcdir) && git log -1 --format='%ct' \ +- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \ +-elif test
[arch-commits] Commit in gnupg/trunk (3 files)
Date: Friday, November 28, 2014 @ 20:53:51 Author: bisson Revision: 227171 fix FS#42943 Added: gnupg/trunk/oid2str-overflow.patch gnupg/trunk/subpacket-off.patch Modified: gnupg/trunk/PKGBUILD + PKGBUILD |8 - oid2str-overflow.patch | 72 +++ subpacket-off.patch| 38 3 files changed, 117 insertions(+), 1 deletion(-) Modified: PKGBUILD === --- PKGBUILD2014-11-28 19:39:28 UTC (rev 227170) +++ PKGBUILD2014-11-28 19:53:51 UTC (rev 227171) @@ -6,7 +6,7 @@ pkgname=gnupg pkgver=2.1.0 -pkgrel=5 +pkgrel=6 pkgdesc='Complete and free implementation of the OpenPGP standard' url='http://www.gnupg.org/' license=('GPL') @@ -17,9 +17,13 @@ depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' 'pinentry' 'bzip2' 'readline') source=(ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2{,.sig} +'oid2str-overflow.patch' +'subpacket-off.patch' 'refresh-keys.patch' 'hash-ecdsa.patch') sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP' + '774f7fe541428f45ee145c763cf5634264e3bc69' + '1a86b834904c7d18d932ad1bb44d3642990d3cbd' '246bea8776882f4c0293685482558f6ead1cf902' 'b9bd644276aa1c1a3fcaed82e65eecccfd1f36ed') @@ -31,6 +35,8 @@ prepare() { cd ${srcdir}/${pkgname}-${pkgver} + patch -p1 -i ../oid2str-overflow.patch + patch -p1 -i ../subpacket-off.patch patch -p1 -i ../refresh-keys.patch patch -p1 -i ../hash-ecdsa.patch } Added: oid2str-overflow.patch === --- oid2str-overflow.patch (rev 0) +++ oid2str-overflow.patch 2014-11-28 19:53:51 UTC (rev 227171) @@ -0,0 +1,72 @@ +From: Werner Koch w...@gnupg.org +Date: Tue, 25 Nov 2014 10:58:56 + (+0100) +Subject: Fix buffer overflow in openpgp_oid_to_str. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=8445ef24fc31e1fe0291e17f90f9f06b536e34da;hp=28dafd4714a9b01d3a6f1e6e5919bf6f909987c7 + +Fix buffer overflow in openpgp_oid_to_str. + +* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow. + +* common/t-openpgp-oid.c (BADOID): New. +(test_openpgp_oid_to_str): Add test cases. +-- + +The code has an obvious error by not considering invalid encoding for +arc-2. A first byte of 0x80 can be used to make a value of less then +80 and we then subtract 80 from that value as required by the OID +encoding rules. Due to the unsigned integer this results in a pretty +long value which won't fit anymore into the allocated buffer. + +The fix is obvious. Also added a few simple test cases. Note that we +keep on using sprintf instead of snprintf because managing the +remaining length of the buffer would probably be more error prone than +assuring that the buffer is large enough. Getting rid of sprintf +altogether by using direct conversion along with membuf_t like code +might be possible. + +Reported-by: Hanno Böck +Signed-off-by: Werner Koch w...@gnupg.org + +Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7 +--- + +diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c +index 010c23f..d3d1f2a 100644 +--- a/common/openpgp-oid.c b/common/openpgp-oid.c +@@ -236,6 +236,8 @@ openpgp_oid_to_str (gcry_mpi_t a) + val = 7; + val |= buf[n] 0x7f; + } ++if (val 80) ++ goto badoid; + val -= 80; + sprintf (p, 2.%lu, val); + p += strlen (p); +diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c +index 79e5a70..5cd778d 100644 +--- a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c +@@ -32,6 +32,9 @@ + } while(0) + + ++#define BADOID 1.3.6.1.4.1.11591.2.12242973 ++ ++ + static void + test_openpgp_oid_from_str (void) + { +@@ -108,6 +111,12 @@ test_openpgp_oid_to_str (void) + { 1.3.132.0.35, + { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 }}, + ++{ BADOID, ++ { 9, 0x80, 0x02, 0x70, 0x50, 0x25, 0x46, 0xfd, 0x0c, 0xc0 }}, ++ ++{ BADOID, ++ { 1, 0x80 }}, ++ + { NULL }}; + gcry_mpi_t a; + int idx; Added: subpacket-off.patch === --- subpacket-off.patch (rev 0) +++ subpacket-off.patch 2014-11-28 19:53:51 UTC (rev 227171) @@ -0,0 +1,38 @@ +From: Werner Koch w...@gnupg.org +Date: Mon, 24 Nov 2014 16:28:25 + (+0100) +Subject: gpg: Fix off-by-one read in the attribute subpacket parser. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=0988764397f99db4efef1eabcdb8072d6159af76;hp=b716e6a69919b89c7887d6c7c9b97e58d18fdf95 + +gpg: Fix off-by-one read in the attribute subpacket parser. + +* g10/parse-packet.c (parse_attribute_subpkts): Check that the +attribute packet is