[pkgsrc/trunk]: pkgsrc/security/netpgpverify/files Update netpgpverify and li...

[agc <agc%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/32ac550f6a42
branches:  trunk
changeset: 349170:32ac550f6a42
user:      agc <agc%pkgsrc.org@localhost>
date:      Thu Jun 30 21:19:59 2016 +0000

description:
Update netpgpverify and libnetpgpverify to 20160625

+ Perform digest on correctly dash-escaped text, per RFC 4880.
Problem pointed out by Dimitri John Ledkov, fixed in a different way
(in case the last line is itself dash-escaped).

+ add test case

diffstat:

 security/netpgpverify/files/Makefile.bsd          |   4 +++-
 security/netpgpverify/files/Makefile.in           |   4 +++-
 security/netpgpverify/files/dash-escaped-text     |   7 +++++++
 security/netpgpverify/files/dash-escaped-text.asc |  21 +++++++++++++++++++++
 security/netpgpverify/files/pgpsum.c              |  16 ++++++++++++++--
 security/netpgpverify/files/verify.h              |   4 ++--
 6 files changed, 50 insertions(+), 6 deletions(-)

diffs (119 lines):

diff -r 0bf2d9342a67 -r 32ac550f6a42 security/netpgpverify/files/Makefile.bsd
--- a/security/netpgpverify/files/Makefile.bsd  Thu Jun 30 21:11:51 2016 +0000
+++ b/security/netpgpverify/files/Makefile.bsd  Thu Jun 30 21:19:59 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.bsd,v 1.11 2016/06/30 21:10:59 agc Exp $
+# $NetBSD: Makefile.bsd,v 1.12 2016/06/30 21:19:59 agc Exp $
 
 PROG=netpgpverify
 
@@ -47,3 +47,5 @@
        ./${PROG} -k pubring.gpg version.asc
        @echo "testing signatures with no version"
        ./${PROG} -k pubring.gpg noversion.asc
+       @echo "testing dash-escaped text"
+       ./${PROG} -k pubring.gpg dash-escaped-text.asc
diff -r 0bf2d9342a67 -r 32ac550f6a42 security/netpgpverify/files/Makefile.in
--- a/security/netpgpverify/files/Makefile.in   Thu Jun 30 21:11:51 2016 +0000
+++ b/security/netpgpverify/files/Makefile.in   Thu Jun 30 21:19:59 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.in,v 1.7 2016/06/30 21:10:59 agc Exp $
+# $NetBSD: Makefile.in,v 1.8 2016/06/30 21:19:59 agc Exp $
 
 PROG=netpgpverify
 
@@ -47,6 +47,8 @@
        ./${PROG} -k pubring.gpg version.asc
        @echo "testing signatures with no version"
        ./${PROG} -k pubring.gpg noversion.asc
+       @echo "testing dash-escaped text"
+       ./${PROG} -k pubring.gpg dash-escaped-text.asc
 
 clean:
        rm -rf *.core ${OBJS} ${PROG}
diff -r 0bf2d9342a67 -r 32ac550f6a42 security/netpgpverify/files/dash-escaped-text
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/netpgpverify/files/dash-escaped-text     Thu Jun 30 21:19:59 2016 +0000
@@ -0,0 +1,7 @@
+From sea to shining sea
+Dash escape me harder
+- at least once
+-- no, twice
+-well, curses, folied again
+-------
+-if it wasn't for you pesky kids, I'd have got away with it
diff -r 0bf2d9342a67 -r 32ac550f6a42 security/netpgpverify/files/dash-escaped-text.asc
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/netpgpverify/files/dash-escaped-text.asc Thu Jun 30 21:19:59 2016 +0000
@@ -0,0 +1,21 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+- From sea to shining sea
+Dash escape me harder
+- - at least once
+- -- no, twice
+- -well, curses, folied again
+- -------
+- -if it wasn't for you pesky kids, I'd have got away with it
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAEBAgAGBQJXbXhIAAoJEBto3PzAWWgjuCUH/0kGBjK2RshejxKf+87xZNV9
+zSqoc17n5ViXDbVM5v7P6zAdjYVVaaZc6U+8DMJhbPbvbUTsEiFlp3Kh9BiBz5A5
+BtqXJmkyF2C5y/HTf9vPgbw8UAiqnNFYwlpWvrlxopAv31x7UIDNGJ9/oAKw0dqM
+XujJub4lRBX+V2RlFWage/fAmuslq3lz7QJpLM5EpePNGQVXM1c9x+jhvgSXucHU
+2UVcsUb8Y2nCXRoJKcIK4iGoIoqnoFk1WAa+/S593h2Iz+zzPqvVlPU1tyA27v/s
+lgQ3DakeOeiae33gqK3iXqDNXady1te7hYGyhWT4G5Kuz+8tMMQXWAg4e+olEtk=
+=n0R+
+-----END PGP SIGNATURE-----
diff -r 0bf2d9342a67 -r 32ac550f6a42 security/netpgpverify/files/pgpsum.c
--- a/security/netpgpverify/files/pgpsum.c      Thu Jun 30 21:11:51 2016 +0000
+++ b/security/netpgpverify/files/pgpsum.c      Thu Jun 30 21:19:59 2016 +0000
@@ -44,6 +44,18 @@
 #undef swap16
 #undef swap32
 
+/* ignore any dash-escape at the start of a line */
+static void
+dash_escaped_update(digest_t *hash, uint8_t *in, size_t insize)
+{
+       if (insize >= 2 && memcmp(in, "- ", 2) == 0) {
+               in += 2;
+               insize -= 2;
+       }
+       digest_update(hash, in, insize);
+
+}
+
 /* add the ascii armor line endings (except for last line) */
 static size_t
 don_armor(digest_t *hash, uint8_t *in, size_t insize, int doarmor)
@@ -61,10 +73,10 @@
                                break;
                        }
                }
-               digest_update(hash, from, (size_t)(newp - from));
+               dash_escaped_update(hash, from, (size_t)(newp - from));
                digest_update(hash, dos_line_end, sizeof(dos_line_end));
        }
-       digest_update(hash, from, insize - (size_t)(from - in));
+       dash_escaped_update(hash, from, insize - (size_t)(from - in));
        return 1;
 }
 
diff -r 0bf2d9342a67 -r 32ac550f6a42 security/netpgpverify/files/verify.h
--- a/security/netpgpverify/files/verify.h      Thu Jun 30 21:11:51 2016 +0000
+++ b/security/netpgpverify/files/verify.h      Thu Jun 30 21:19:59 2016 +0000
@@ -23,9 +23,9 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #ifndef NETPGP_VERIFY_H_
-#define NETPGP_VERIFY_H_       20160624
+#define NETPGP_VERIFY_H_       20160625
 
-#define NETPGPVERIFY_VERSION   "netpgpverify portable 20160624"
+#define NETPGPVERIFY_VERSION   "netpgpverify portable 20160625"
 
 #include <sys/types.h>