CVS commit: pkgsrc/security/netpgpverify/files

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/netpgpverify/files
From: "Alistair G. Crooks" <agc%netbsd.org@localhost>
Date: Tue, 14 Jun 2016 18:00:59 +0000

Module Name:    pkgsrc
Committed By:   agc
Date:           Tue Jun 14 18:00:59 UTC 2016

Modified Files:
        pkgsrc/security/netpgpverify/files: Makefile.bsd Makefile.in
            libverify.c verify.h
Added Files:
        pkgsrc/security/netpgpverify/files: noversion.asc

Log Message:
Update netpgpverify (and libnetpgpverify) to 20160614

+ handle signatures created by gpg with "--no-emit-version", don't assume
there will always be a version string.

+ add a test for above

Fixes security PR/51240.

Thanks to xnox%ubuntu.com@localhost for reporting the error


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/netpgpverify/files/Makefile.bsd
cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/netpgpverify/files/Makefile.in
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/netpgpverify/files/libverify.c
cvs rdiff -u -r0 -r1.1 pkgsrc/security/netpgpverify/files/noversion.asc
cvs rdiff -u -r1.20 -r1.21 pkgsrc/security/netpgpverify/files/verify.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/netpgpverify/files/Makefile.bsd
diff -u pkgsrc/security/netpgpverify/files/Makefile.bsd:1.8 pkgsrc/security/netpgpverify/files/Makefile.bsd:1.9
--- pkgsrc/security/netpgpverify/files/Makefile.bsd:1.8 Thu Feb  5 00:21:57 2015
+++ pkgsrc/security/netpgpverify/files/Makefile.bsd     Tue Jun 14 18:00:59 2016
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.bsd,v 1.8 2015/02/05 00:21:57 agc Exp $
+# $NetBSD: Makefile.bsd,v 1.9 2016/06/14 18:00:59 agc Exp $
 
 PROG=netpgpverify
 
@@ -43,3 +43,5 @@ tst:
        rm -f 1keytest.gpg
        @echo "testing signing with a subkey"
        ./chk.sh -k joyent-pubring.gpg digest-20121220.tgz
+       @echo "testing signatures with no version"
+       ./${PROG} -k pubring.gpg noversion.asc

Index: pkgsrc/security/netpgpverify/files/Makefile.in
diff -u pkgsrc/security/netpgpverify/files/Makefile.in:1.4 pkgsrc/security/netpgpverify/files/Makefile.in:1.5
--- pkgsrc/security/netpgpverify/files/Makefile.in:1.4  Mon Aug 17 11:37:55 2015
+++ pkgsrc/security/netpgpverify/files/Makefile.in      Tue Jun 14 18:00:59 2016
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.in,v 1.4 2015/08/17 11:37:55 jperkin Exp $
+# $NetBSD: Makefile.in,v 1.5 2016/06/14 18:00:59 agc Exp $
 
 PROG=netpgpverify
 
@@ -43,6 +43,8 @@ tst:
        rm -f 1keytest.gpg
        @echo "testing signing with a subkey"
        ./chk.sh -k joyent-pubring.gpg digest-20121220.tgz
+       @echo "testing signatures with no version"
+       ./${PROG} -k pubring.gpg noversion.asc
 
 clean:
        rm -rf *.core ${OBJS} ${PROG}

Index: pkgsrc/security/netpgpverify/files/libverify.c
diff -u pkgsrc/security/netpgpverify/files/libverify.c:1.13 pkgsrc/security/netpgpverify/files/libverify.c:1.14
--- pkgsrc/security/netpgpverify/files/libverify.c:1.13 Fri Feb 19 22:41:50 2016
+++ pkgsrc/security/netpgpverify/files/libverify.c      Tue Jun 14 18:00:59 2016
@@ -2022,12 +2022,17 @@ read_ascii_armor(pgpv_cursor_t *cursor, 
        }
        litdata.u.litdata.len = litdata.s.size = (size_t)(p - datastart);
        p += strlen(SIGSTART);
-       if ((p = find_bin_string(p, mem->size, "\n\n",  2)) == NULL) {
-               snprintf(cursor->why, sizeof(cursor->why),
-                       "malformed armed signature at %zu", (size_t)(p - mem->mem));
-               return 0;
+       /* Work out whther there's a version line */
+       if (memcmp(p, "Version:", 8) == 0) {
+               if ((p = find_bin_string(p, mem->size, "\n\n",  2)) == NULL) {
+                       snprintf(cursor->why, sizeof(cursor->why),
+                               "malformed armed signature at %zu", (size_t)(p - mem->mem));
+                       return 0;
+               }
+               p += 2;
+       } else {
+               p += 1;
        }
-       p += 2;
        sigend = find_bin_string(p, mem->size, SIGEND, strlen(SIGEND));
        binsigsize = b64decode((char *)p, (size_t)(sigend - p), binsig, sizeof(binsig));
 

Index: pkgsrc/security/netpgpverify/files/verify.h
diff -u pkgsrc/security/netpgpverify/files/verify.h:1.20 pkgsrc/security/netpgpverify/files/verify.h:1.21
--- pkgsrc/security/netpgpverify/files/verify.h:1.20    Fri Jun  3 00:11:10 2016
+++ pkgsrc/security/netpgpverify/files/verify.h Tue Jun 14 18:00:59 2016
@@ -23,9 +23,9 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #ifndef NETPGP_VERIFY_H_
-#define NETPGP_VERIFY_H_       20160313
+#define NETPGP_VERIFY_H_       20160614
 
-#define NETPGPVERIFY_VERSION   "netpgpverify portable 20160313"
+#define NETPGPVERIFY_VERSION   "netpgpverify portable 20160614"
 
 #include <sys/types.h>
 

Added files:

Index: pkgsrc/security/netpgpverify/files/noversion.asc
diff -u /dev/null pkgsrc/security/netpgpverify/files/noversion.asc:1.1
--- /dev/null   Tue Jun 14 18:00:59 2016
+++ pkgsrc/security/netpgpverify/files/noversion.asc    Tue Jun 14 18:00:59 2016
@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+bar
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAEBAgAGBQJXYEJcAAoJEBto3PzAWWgjk5cH/03A4/a+ywsnzZMncQ7H7rtu
+QiIWwyiJo28Xf5z3fL5WG6VKNJdPpx0TIthcxu0O1YgF6lvqqQbnNpfNbD+1h88+
+JCcqJfyVk38vsFPxdFTIOWjbEtHs9yyjUVk5tJQrxtTaSJbGtQIMHQXXfWAyKCn4
+0Zl+E2iWb6tXxxMaAkrCOipjC9knuTJJbG6oVZpujp7jOt+2bOWY+89+FhoGJ5tv
+XiOvqIUUSW5Iua+wBOmhb/iuNFUVrO8rS/7BpMLQmxbnLxWtwwSWIcyyg6BwiIvm
+8K5NmD3WKN97tPA1HYjk76SlLj254OVLDmTZua7ljqasl5PR9W+aUFIByDgQrGE=
+=90+m
+-----END PGP SIGNATURE-----

Prev by Date: CVS commit: pkgsrc/sysutils/i3status
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/sysutils/i3status
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index