[oe-commits] Saul Wold : gnupg: fix CVE-2012-6085
git at git.openembedded.org
git at git.openembedded.org
Fri Feb 15 15:31:23 UTC 2013
Module: openembedded-core.git
Branch: master-next
Commit: 17f8e03ace51df6b94fdcb7e410acf79c7b046ce
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=17f8e03ace51df6b94fdcb7e410acf79c7b046ce
Author: Saul Wold <sgw at linux.intel.com>
Date: Thu Feb 14 15:55:12 2013 -0800
gnupg: fix CVE-2012-6085
Code taken from Redhat
[YOCTO #3813]
Signed-off-by: Saul Wold <sgw at linux.intel.com>
---
.../gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch | 63 ++++++++++++++++++++
.../gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch | 63 ++++++++++++++++++++
meta/recipes-support/gnupg/gnupg_1.4.7.bb | 3 +-
meta/recipes-support/gnupg/gnupg_2.0.19.bb | 5 +-
4 files changed, 131 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
new file mode 100644
index 0000000..8b5d9a1
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
+commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
+Author: Werner Koch <wk at gnupg.org>
+Date: Thu Dec 20 09:43:41 2012 +0100
+
+ gpg: Import only packets which are allowed in a keyblock.
+
+ * g10/import.c (valid_keyblock_packet): New.
+ (read_block): Store only valid packets.
+ --
+
+ A corrupted key, which for example included a mangled public key
+ encrypted packet, used to corrupt the keyring. This change skips all
+ packets which are not allowed in a keyblock.
+
+ GnuPG-bug-id: 1455
+
+ (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
+
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw at linux.intel.com>
+
+diff --git a/g10/import.c b/g10/import.c
+index bfe02eb..a57b32e 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -384,6 +384,27 @@ import_print_stats (void *hd)
+ }
+
+
++/* Return true if PKTTYPE is valid in a keyblock. */
++static int
++valid_keyblock_packet (int pkttype)
++{
++ switch (pkttype)
++ {
++ case PKT_PUBLIC_KEY:
++ case PKT_PUBLIC_SUBKEY:
++ case PKT_SECRET_KEY:
++ case PKT_SECRET_SUBKEY:
++ case PKT_SIGNATURE:
++ case PKT_USER_ID:
++ case PKT_ATTRIBUTE:
++ case PKT_RING_TRUST:
++ return 1;
++ default:
++ return 0;
++ }
++}
++
++
+ /****************
+ * Read the next keyblock from stream A.
+ * PENDING_PKT should be initialzed to NULL
+@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+ }
+ in_cert = 1;
+ default:
+- if( in_cert ) {
++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+ if( !root )
+ root = new_kbnode( pkt );
+ else
diff --git a/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch
new file mode 100644
index 0000000..64c3034
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
+commit 498882296ffac7987c644aaf2a0aa108a2925471
+Author: Werner Koch <wk at gnupg.org>
+Date: Thu Dec 20 09:43:41 2012 +0100
+
+ gpg: Import only packets which are allowed in a keyblock.
+
+ * g10/import.c (valid_keyblock_packet): New.
+ (read_block): Store only valid packets.
+ --
+
+ A corrupted key, which for example included a mangled public key
+ encrypted packet, used to corrupt the keyring. This change skips all
+ packets which are not allowed in a keyblock.
+
+ GnuPG-bug-id: 1455
+
+ (cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
+
+Upstream-Status: Backport
+
+Signed-off-by: Saul Wold <sgw at linux.intel.com>
+
+diff --git a/g10/import.c b/g10/import.c
+index ba2439d..ad112d6 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -347,6 +347,27 @@ import_print_stats (void *hd)
+ }
+
+
++/* Return true if PKTTYPE is valid in a keyblock. */
++static int
++valid_keyblock_packet (int pkttype)
++{
++ switch (pkttype)
++ {
++ case PKT_PUBLIC_KEY:
++ case PKT_PUBLIC_SUBKEY:
++ case PKT_SECRET_KEY:
++ case PKT_SECRET_SUBKEY:
++ case PKT_SIGNATURE:
++ case PKT_USER_ID:
++ case PKT_ATTRIBUTE:
++ case PKT_RING_TRUST:
++ return 1;
++ default:
++ return 0;
++ }
++}
++
++
+ /****************
+ * Read the next keyblock from stream A.
+ * PENDING_PKT should be initialzed to NULL
+@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+ }
+ in_cert = 1;
+ default:
+- if( in_cert ) {
++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+ if( !root )
+ root = new_kbnode( pkt );
+ else
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
index 41552b2..8c2f7f6 100644
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -7,12 +7,13 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
-PR = "r6"
+PR = "r8"
SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
file://long-long-thumb.patch \
file://configure.patch \
file://mips_gcc4.4.patch \
+ file://GnuPG1-CVE-2012-6085.patch \
file://curl_typeof_fix_backport.patch"
SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
diff --git a/meta/recipes-support/gnupg/gnupg_2.0.19.bb b/meta/recipes-support/gnupg/gnupg_2.0.19.bb
index 996a8e8..8cd793b 100644
--- a/meta/recipes-support/gnupg/gnupg_2.0.19.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.0.19.bb
@@ -7,11 +7,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \
DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt"
PTH = "pth"
PTH_libc-uclibc = "npth"
-PR = "r4"
+PR = "r5"
inherit autotools gettext
-SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2"
+SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2 \
+ file://GnuPG2-CVE-2012-6085.patch"
SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016"
SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622"
More information about the Openembedded-commits
mailing list