pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2017Q1]: pkgsrc/security/libksba Pullup ticket #5472 - request...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/3f9b2f413811
branches:  pkgsrc-2017Q1
changeset: 360420:3f9b2f413811
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Tue Jun 13 19:34:53 2017 +0000

description:
Pullup ticket #5472 - requested by sevan
security/libksba: bugfix

Revisions pulled up:
- security/libksba/Makefile                                     1.34
- security/libksba/distinfo                                     1.22
- security/libksba/patches/patch-src_cms.c                      1.1

---
   Module Name:    pkgsrc
   Committed By:   gdt
   Date:           Tue May 30 22:40:17 UTC 2017

   Modified Files:
           pkgsrc/security/libksba: Makefile distinfo
   Added Files:
           pkgsrc/security/libksba/patches: patch-src_cms.c

   Log Message:
   Add patch to resolve gpgsm S/MIME failures

   S/MIME messages encrypted with gpgsm are sometimes not decodable by
   other implementations.  Discussion on gnupg-devel indicates that gpg
   (via libksba) is incorrectly dropping leading zeros from the encrypted
   session key.  This commit adds a patch by Daiki Ueno from the
   mailinglist that appears to improve interoperability.  Upstream has
   not yet applied it, but also has not said that it is wrong.

diffstat:

 security/libksba/Makefile                |   3 +-
 security/libksba/distinfo                |   3 +-
 security/libksba/patches/patch-src_cms.c |  64 ++++++++++++++++++++++++++++++++
 3 files changed, 68 insertions(+), 2 deletions(-)

diffs (94 lines):

diff -r 40d6b70b24e5 -r 3f9b2f413811 security/libksba/Makefile
--- a/security/libksba/Makefile Tue Jun 13 19:19:53 2017 +0000
+++ b/security/libksba/Makefile Tue Jun 13 19:34:53 2017 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.33 2016/08/22 12:32:11 wiz Exp $
+# $NetBSD: Makefile,v 1.33.6.1 2017/06/13 19:34:53 bsiegert Exp $
 
 DISTNAME=      libksba-1.3.5
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  ftp://ftp.gnupg.org/gcrypt/libksba/
 EXTRACT_SUFX=  .tar.bz2
diff -r 40d6b70b24e5 -r 3f9b2f413811 security/libksba/distinfo
--- a/security/libksba/distinfo Tue Jun 13 19:19:53 2017 +0000
+++ b/security/libksba/distinfo Tue Jun 13 19:34:53 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2016/08/22 12:32:11 wiz Exp $
+$NetBSD: distinfo,v 1.21.6.1 2017/06/13 19:34:53 bsiegert Exp $
 
 SHA1 (libksba-1.3.5.tar.bz2) = a98385734a0c3f5b713198e8d6e6e4aeb0b76fde
 RMD160 (libksba-1.3.5.tar.bz2) = ee7c752196ae89ce798007b076e8eb695d6c4ea9
@@ -6,3 +6,4 @@
 Size (libksba-1.3.5.tar.bz2) = 620649 bytes
 SHA1 (patch-aa) = f2e63361afb95d5469153efaecebcb8719938d58
 SHA1 (patch-src_Makefile.in) = 484f6c02bc382b8c5647ce867f30bb2c4073580f
+SHA1 (patch-src_cms.c) = e98ae5b586e99bea440ac5fdad80549a0f8fface
diff -r 40d6b70b24e5 -r 3f9b2f413811 security/libksba/patches/patch-src_cms.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/libksba/patches/patch-src_cms.c  Tue Jun 13 19:34:53 2017 +0000
@@ -0,0 +1,64 @@
+$NetBSD: patch-src_cms.c,v 1.1.2.2 2017/06/13 19:34:53 bsiegert Exp $
+
+Avoid dropping leading zeros in encoded session key.
+Patch by Daiki Ueno, taken from discussion on gnupg-devel:
+
+https://lists.gnupg.org/pipermail/gnupg-devel/2016-February/030825.html
+
+(Upstream has been asked to apply this patch, but so far has not.)
+
+--- src/cms.c.orig     2013-03-15 19:26:38.000000000 +0000
++++ src/cms.c
+@@ -87,6 +87,8 @@ static const char oid_signingTime[9] = "
+ 
+ static const char oidstr_smimeCapabilities[] = "1.2.840.113549.1.9.15";
+ 
++static const char oidstr_rsaEncryption[] = "1.2.840.113549.1.1.1";
++
+ 
+ 
+ /* Helper for read_and_hash_cont().  */
+@@ -1621,7 +1623,7 @@ ksba_cms_set_sig_val (ksba_cms_t cms, in
+     return gpg_error (GPG_ERR_ENOMEM);
+   if (n==3 && s[0] == 'r' && s[1] == 's' && s[2] == 'a')
+     { /* kludge to allow "rsa" to be passed as algorithm name */
+-      sv->algo = xtrystrdup ("1.2.840.113549.1.1.1");
++      sv->algo = xtrystrdup (oidstr_rsaEncryption);
+       if (!sv->algo)
+         {
+           xfree (sv);
+@@ -1674,9 +1676,10 @@ ksba_cms_set_sig_val (ksba_cms_t cms, in
+       return gpg_error (GPG_ERR_INV_SEXP);
+     }
+ 
+-  if (n > 1 && !*s)
++  if (strcmp (sv->algo, oidstr_rsaEncryption) != 0 && n > 1 && !*s)
+     { /* We might have a leading zero due to the way we encode
+-         MPIs - this zero should not go into the OCTECT STRING.  */
++         MPIs - this zero should not go into the OCTECT STRING,
++         unless it is explicitly allowed in the signature scheme.  */
+       s++;
+       n--;
+     }
+@@ -1798,7 +1801,7 @@ ksba_cms_set_enc_val (ksba_cms_t cms, in
+   xfree (cl->enc_val.algo);
+   if (n==3 && s[0] == 'r' && s[1] == 's' && s[2] == 'a')
+     { /* kludge to allow "rsa" to be passed as algorithm name */
+-      cl->enc_val.algo = xtrystrdup ("1.2.840.113549.1.1.1");
++      cl->enc_val.algo = xtrystrdup (oidstr_rsaEncryption);
+       if (!cl->enc_val.algo)
+         return gpg_error (GPG_ERR_ENOMEM);
+     }
+@@ -1831,9 +1834,10 @@ ksba_cms_set_enc_val (ksba_cms_t cms, in
+   if (!n || *s != ':')
+     return gpg_error (GPG_ERR_INV_SEXP);
+   s++;
+-  if (n > 1 && !*s)
++  if (strcmp (cl->enc_val.algo, oidstr_rsaEncryption) != 0 && n > 1 && !*s)
+     { /* We might have a leading zero due to the way we encode
+-         MPIs - this zero should not go into the OCTECT STRING.  */
++         MPIs - this zero should not go into the OCTECT STRING,
++         unless it is explicitly allowed in the encryption scheme.  */
+       s++;
+       n--;
+     }



Home | Main Index | Thread Index | Old Index