pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2006Q1]: pkgsrc/security/gnupg-devel Pullup ticket 1710 - requ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/f7fd966eb752
branches: pkgsrc-2006Q1
changeset: 510359:f7fd966eb752
user: snj <snj%pkgsrc.org@localhost>
date: Sun Jun 25 09:06:19 2006 +0000
description:
Pullup ticket 1710 - requested by salo
security fix for gnupg-devel
Revisions pulled up:
- pkgsrc/security/gnupg-devel/Makefile 1.17
- pkgsrc/security/gnupg-devel/distinfo 1.12
- pkgsrc/security/gnupg-devel/patches/patch-ba 1.1
Module Name: pkgsrc
Committed By: shannonjr
Date: Fri Jun 23 12:28:55 UTC 2006
Modified Files:
pkgsrc/security/gnupg-devel: Makefile buildlink3.mk distinfo
Added Files:
pkgsrc/security/gnupg-devel/patches: patch-ba
Log Message:
Backport fix for CVE-2006-3082 from GnuPG: trunk/g10/
diffstat:
security/gnupg-devel/Makefile | 7 +++----
security/gnupg-devel/distinfo | 3 ++-
security/gnupg-devel/patches/patch-ba | 24 ++++++++++++++++++++++++
3 files changed, 29 insertions(+), 5 deletions(-)
diffs (65 lines):
diff -r 24ad4b9f49c6 -r f7fd966eb752 security/gnupg-devel/Makefile
--- a/security/gnupg-devel/Makefile Sun Jun 25 08:59:00 2006 +0000
+++ b/security/gnupg-devel/Makefile Sun Jun 25 09:06:19 2006 +0000
@@ -1,16 +1,15 @@
-# $NetBSD: Makefile,v 1.14 2006/02/05 23:10:43 joerg Exp $
+# $NetBSD: Makefile,v 1.14.2.1 2006/06/25 09:06:19 snj Exp $
#
DISTNAME= gnupg-1.9.20
PKGNAME= ${DISTNAME:S/gnupg/gnupg-devel/}
-#PKGREVISION= 1
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/
EXTRACT_SUFX= .tar.bz2
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
DISTFILES+= pth-2.0.4.tar.gz
-SITES_pth-2.0.4.tar.gz= ${MASTER_SITE_GNU:=pth/}
+SITES.pth-2.0.4.tar.gz= ${MASTER_SITE_GNU:=pth/}
MAINTAINER= shannonjr%NetBSD.org@localhost
HOMEPAGE= ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/
diff -r 24ad4b9f49c6 -r f7fd966eb752 security/gnupg-devel/distinfo
--- a/security/gnupg-devel/distinfo Sun Jun 25 08:59:00 2006 +0000
+++ b/security/gnupg-devel/distinfo Sun Jun 25 09:06:19 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2006/01/06 11:05:18 shannonjr Exp $
+$NetBSD: distinfo,v 1.11.2.1 2006/06/25 09:06:19 snj Exp $
SHA1 (gnupg-1.9.20.tar.bz2) = 557be26c21c114a3b345ce6b177fcb088883f827
RMD160 (gnupg-1.9.20.tar.bz2) = 3501de32f1526f64510a77fe3cc0905dd7fc8854
@@ -7,3 +7,4 @@
RMD160 (pth-2.0.4.tar.gz) = ba78260cb8860433cd240e24e2e90dc6997943d8
Size (pth-2.0.4.tar.gz) = 641851 bytes
SHA1 (patch-aa) = 4fdedc1f98dbe717fd5a1229944703f19c3c10e5
+SHA1 (patch-ba) = 9ae61eb17f5f447f05d663e97b6b4d288c7f648a
diff -r 24ad4b9f49c6 -r f7fd966eb752 security/gnupg-devel/patches/patch-ba
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/gnupg-devel/patches/patch-ba Sun Jun 25 09:06:19 2006 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-ba,v 1.1.2.2 2006/06/25 09:06:19 snj Exp $
+
+--- ./g10/parse-packet.c.orig 2005-07-27 08:18:03.000000000 -0600
++++ ./g10/parse-packet.c
+@@ -1995,6 +1995,19 @@ parse_attribute( iobuf_t inp, int pkttyp
+ byte *p;
+
+ #define EXTRA_UID_NAME_SPACE 71
++ /* Cap the size of a user ID at 2k: a value absurdly large enough
++ that there is no sane user ID string (which is printable text
++ as of RFC2440bis) that won't fit in it, but yet small enough to
++ avoid allocation problems. A large pktlen may not be
++ allocatable, and a very large pktlen could actually cause our
++ allocation to wrap around in xmalloc to a small number. */
++
++ if(pktlen>2048)
++ {
++ log_error("packet(%d) too large\n", pkttype);
++ iobuf_skip_rest(inp, pktlen, 0);
++ return G10ERR_INVALID_PACKET;
++ }
+ packet->pkt.user_id = xmalloc (sizeof *packet->pkt.user_id
+ + EXTRA_UID_NAME_SPACE);
+
Home |
Main Index |
Thread Index |
Old Index