CVS commit: pkgsrc/security/netpgp

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/netpgp
From: "Pierre Pronchery" <khorben%netbsd.org@localhost>
Date: Thu, 15 Mar 2018 20:00:43 +0000

Module Name:    pkgsrc
Committed By:   khorben
Date:           Thu Mar 15 20:00:43 UTC 2018

Modified Files:
        pkgsrc/security/netpgp: Makefile distinfo
        pkgsrc/security/netpgp/patches: patch-src_lib_keyring.c

Log Message:
Do not use random data for pass-phrases on EOF

Originally submitted on tech-pkg@ as:
[PATCH 04/11] Do not use random data for pass-phrases on EOF

Only modified for consistency with the coding style; as also applied in
NetBSD's src repository.

Tested on NetBSD/amd64.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/security/netpgp/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/security/netpgp/distinfo
cvs rdiff -u -r1.2 -r1.3 \
    pkgsrc/security/netpgp/patches/patch-src_lib_keyring.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/netpgp/Makefile
diff -u pkgsrc/security/netpgp/Makefile:1.26 pkgsrc/security/netpgp/Makefile:1.27
--- pkgsrc/security/netpgp/Makefile:1.26        Thu Mar 15 19:51:08 2018
+++ pkgsrc/security/netpgp/Makefile     Thu Mar 15 20:00:43 2018
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.26 2018/03/15 19:51:08 khorben Exp $
+# $NetBSD: Makefile,v 1.27 2018/03/15 20:00:43 khorben Exp $
 
 DISTNAME=              netpgp-20140220
-PKGREVISION=           4
+PKGREVISION=           5
 CATEGORIES=            security
 MASTER_SITES=          ${MASTER_SITE_LOCAL}
 

Index: pkgsrc/security/netpgp/distinfo
diff -u pkgsrc/security/netpgp/distinfo:1.20 pkgsrc/security/netpgp/distinfo:1.21
--- pkgsrc/security/netpgp/distinfo:1.20        Thu Mar 15 19:51:08 2018
+++ pkgsrc/security/netpgp/distinfo     Thu Mar 15 20:00:43 2018
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.20 2018/03/15 19:51:08 khorben Exp $
+$NetBSD: distinfo,v 1.21 2018/03/15 20:00:43 khorben Exp $
 
 SHA1 (netpgp-20140220.tar.gz) = 815418cbae5d02a1385cd7947618303e5aa06d5c
 RMD160 (netpgp-20140220.tar.gz) = 970f55292852d5dbfde3eb17a5fefd6a7c820c4e
 SHA512 (netpgp-20140220.tar.gz) = ec6cfa0131cd50aee273b81cd64f448258121d7e9c8d4914be39ba59b5c28149bced3866c57f521167480da04b60d9d9bd2b228319dc8baa31328fb7c37e6b96
 Size (netpgp-20140220.tar.gz) = 1521820 bytes
-SHA1 (patch-src_lib_keyring.c) = 937af3b82b07c2817b3b20e6d76043950c7afd29
+SHA1 (patch-src_lib_keyring.c) = b924af4877aaab98e542425b5d9427830ddd5b75
 SHA1 (patch-src_lib_reader.c) = 2ebaddebbc2f6f42f7391933ebfef39e3a73a367

Index: pkgsrc/security/netpgp/patches/patch-src_lib_keyring.c
diff -u pkgsrc/security/netpgp/patches/patch-src_lib_keyring.c:1.2 pkgsrc/security/netpgp/patches/patch-src_lib_keyring.c:1.3
--- pkgsrc/security/netpgp/patches/patch-src_lib_keyring.c:1.2  Thu Mar 15 19:37:30 2018
+++ pkgsrc/security/netpgp/patches/patch-src_lib_keyring.c      Thu Mar 15 20:00:43 2018
@@ -1,9 +1,10 @@
-$NetBSD: patch-src_lib_keyring.c,v 1.2 2018/03/15 19:37:30 khorben Exp $
+$NetBSD: patch-src_lib_keyring.c,v 1.3 2018/03/15 20:00:43 khorben Exp $
 
 Do not crash when listing keys without a keyring.
+Do not use random data for pass-phrases on EOF.
 Do not ask for a passphrase when empty.
 
---- src/lib/keyring.c.orig     2018-03-15 19:31:30.000000000 +0000
+--- src/lib/keyring.c.orig     2011-06-25 00:37:44.000000000 +0000
 +++ src/lib/keyring.c
 @@ -226,7 +226,7 @@ typedef struct {
        pgp_seckey_t            *seckey;
@@ -14,7 +15,18 @@ Do not ask for a passphrase when empty.
  decrypt_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
  {
        const pgp_contents_t    *content = &pkt->u;
-@@ -292,6 +292,20 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_
+@@ -244,7 +244,9 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_
+               break;
+ 
+       case PGP_GET_PASSPHRASE:
+-              (void) pgp_getpassphrase(decrypt->passfp, pass, sizeof(pass));
++              if (pgp_getpassphrase(decrypt->passfp, pass, sizeof(pass)) == 0) {
++                      pass[0] = '\0';
++              }
+               *content->skey_passphrase.passphrase = netpgp_strdup(pass);
+               pgp_forget(pass, (unsigned)sizeof(pass));
+               return PGP_KEEP_MEMORY;
+@@ -292,6 +294,20 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_
        return PGP_RELEASE_MEMORY;
  }
  
@@ -35,7 +47,7 @@ Do not ask for a passphrase when empty.
  /**
  \ingroup Core_Keys
  \brief Decrypts secret key from given keydata with given passphrase
-@@ -306,8 +320,18 @@ pgp_decrypt_seckey(const pgp_key_t *key,
+@@ -306,8 +322,18 @@ pgp_decrypt_seckey(const pgp_key_t *key,
        const int        printerrors = 1;
        decrypt_t        decrypt;

Prev by Date: CVS commit: pkgsrc/security/netpgp
Next by Date: CVS commit: pkgsrc/security/netpgp
Previous by Thread: CVS commit: pkgsrc/security/netpgp
Next by Thread: CVS commit: pkgsrc/security/netpgp
Indexes:

Home | Main Index | Thread Index | Old Index