pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/gnupg Update to 1.4.4:
details: https://anonhg.NetBSD.org/pkgsrc/rev/7789bc63246c
branches: trunk
changeset: 515542:7789bc63246c
user: wiz <wiz%pkgsrc.org@localhost>
date: Mon Jul 03 21:15:14 2006 +0000
description:
Update to 1.4.4:
Noteworthy changes in version 1.4.4 (2006-06-25)
------------------------------------------------
* User IDs are now capped at 2048 byte. This avoids a memory
allocation attack (see CVE-2006-3082).
[was already fixed in pkgsrc]
* Added support for the SHA-224 hash. Like the SHA-384 hash, it
is mainly useful when DSS (the US Digital Signature Standard)
compatibility is desired.
* Added support for the latest update to DSA keys and signatures.
This allows for larger keys than 1024 bits and hashes other than
SHA-1 and RIPEMD/160. Note that not all OpenPGP implementations
can handle these new keys and signatures yet. See
"--enable-dsa2" in the manual for more information.
diffstat:
security/gnupg/Makefile | 5 ++---
security/gnupg/distinfo | 9 ++++-----
security/gnupg/patches/patch-ba | 27 ---------------------------
3 files changed, 6 insertions(+), 35 deletions(-)
diffs (64 lines):
diff -r 97ae07315156 -r 7789bc63246c security/gnupg/Makefile
--- a/security/gnupg/Makefile Mon Jul 03 21:06:59 2006 +0000
+++ b/security/gnupg/Makefile Mon Jul 03 21:15:14 2006 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.86 2006/06/24 14:20:29 salo Exp $
+# $NetBSD: Makefile,v 1.87 2006/07/03 21:15:14 wiz Exp $
-DISTNAME= gnupg-1.4.3
-PKGREVISION= 1
+DISTNAME= gnupg-1.4.4
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/gnupg/ \
ftp://ftp.planetmirror.com/pub/gnupg/ \
diff -r 97ae07315156 -r 7789bc63246c security/gnupg/distinfo
--- a/security/gnupg/distinfo Mon Jul 03 21:06:59 2006 +0000
+++ b/security/gnupg/distinfo Mon Jul 03 21:15:14 2006 +0000
@@ -1,12 +1,11 @@
-$NetBSD: distinfo,v 1.40 2006/06/24 14:20:29 salo Exp $
+$NetBSD: distinfo,v 1.41 2006/07/03 21:15:14 wiz Exp $
-SHA1 (gnupg-1.4.3.tar.bz2) = 9e96b36e4f4d1e8bc5028c99fac674482cbdb370
-RMD160 (gnupg-1.4.3.tar.bz2) = f6d328785f41b74f97d25305c6fe95ad45bb70a5
-Size (gnupg-1.4.3.tar.bz2) = 3114088 bytes
+SHA1 (gnupg-1.4.4.tar.bz2) = 3414d67f22973576f31e354f44859bafbccb7eee
+RMD160 (gnupg-1.4.4.tar.bz2) = b3807b3cf4fc577bf071261eff787c481bd4e0ca
+Size (gnupg-1.4.4.tar.bz2) = 3047120 bytes
SHA1 (idea.c.gz) = 82fded4ec31b97b3b2dd22741880b67cfee40f84
RMD160 (idea.c.gz) = e35be5a031d10d52341ac5f029d28f811edd908d
Size (idea.c.gz) = 5216 bytes
SHA1 (patch-aa) = 91d55ca22b58e8a1f3c17a2fd0ad888d4c85c6cf
SHA1 (patch-ab) = 29a7d0b736322eb1ecf0925a2419b513f323000e
SHA1 (patch-ak) = 89a6a7552104f4d5b97a98889da88fca68c54f31
-SHA1 (patch-ba) = d32db008ec704dacf382da4f43ad6b3f0de88dcb
diff -r 97ae07315156 -r 7789bc63246c security/gnupg/patches/patch-ba
--- a/security/gnupg/patches/patch-ba Mon Jul 03 21:06:59 2006 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-$NetBSD: patch-ba,v 1.1 2006/06/24 14:20:29 salo Exp $
-
-Security fix for CVE-2006-3082, from GnuPG CVS repository.
-
---- g10/parse-packet.c.orig 2005-12-06 14:22:19.000000000 +0100
-+++ g10/parse-packet.c 2006-06-24 16:09:34.000000000 +0200
-@@ -1972,6 +1972,20 @@
- {
- byte *p;
-
-+ /* Cap the size of a user ID at 2k: a value absurdly large enough
-+ that there is no sane user ID string (which is printable text
-+ as of RFC2440bis) that won't fit in it, but yet small enough to
-+ avoid allocation problems. A large pktlen may not be
-+ allocatable, and a very large pktlen could actually cause our
-+ allocation to wrap around in xmalloc to a small number. */
-+
-+ if(pktlen>2048)
-+ {
-+ log_error("packet(%d) too large\n", pkttype);
-+ iobuf_skip_rest(inp, pktlen, 0);
-+ return G10ERR_INVALID_PACKET;
-+ }
-+
- packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + pktlen);
- packet->pkt.user_id->len = pktlen;
- packet->pkt.user_id->ref=1;
Home |
Main Index |
Thread Index |
Old Index