pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/libksba
Module Name: pkgsrc
Committed By: gdt
Date: Tue May 30 22:40:17 UTC 2017
Modified Files:
pkgsrc/security/libksba: Makefile distinfo
Added Files:
pkgsrc/security/libksba/patches: patch-src_cms.c
Log Message:
Add patch to resolve gpgsm S/MIME failures
S/MIME messages encrypted with gpgsm are sometimes not decodable by
other implementations. Discussion on gnupg-devel indicates that gpg
(via libksba) is incorrectly dropping leading zeros from the encrypted
session key. This commit adds a patch by Daiki Ueno from the
mailinglist that appears to improve interoperability. Upstream has
not yet applied it, but also has not said that it is wrong.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/security/libksba/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/libksba/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/libksba/patches/patch-src_cms.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/libksba/Makefile
diff -u pkgsrc/security/libksba/Makefile:1.33 pkgsrc/security/libksba/Makefile:1.34
--- pkgsrc/security/libksba/Makefile:1.33 Mon Aug 22 12:32:11 2016
+++ pkgsrc/security/libksba/Makefile Tue May 30 22:40:17 2017
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.33 2016/08/22 12:32:11 wiz Exp $
+# $NetBSD: Makefile,v 1.34 2017/05/30 22:40:17 gdt Exp $
DISTNAME= libksba-1.3.5
+PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libksba/
EXTRACT_SUFX= .tar.bz2
Index: pkgsrc/security/libksba/distinfo
diff -u pkgsrc/security/libksba/distinfo:1.21 pkgsrc/security/libksba/distinfo:1.22
--- pkgsrc/security/libksba/distinfo:1.21 Mon Aug 22 12:32:11 2016
+++ pkgsrc/security/libksba/distinfo Tue May 30 22:40:17 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2016/08/22 12:32:11 wiz Exp $
+$NetBSD: distinfo,v 1.22 2017/05/30 22:40:17 gdt Exp $
SHA1 (libksba-1.3.5.tar.bz2) = a98385734a0c3f5b713198e8d6e6e4aeb0b76fde
RMD160 (libksba-1.3.5.tar.bz2) = ee7c752196ae89ce798007b076e8eb695d6c4ea9
@@ -6,3 +6,4 @@ SHA512 (libksba-1.3.5.tar.bz2) = 60179bf
Size (libksba-1.3.5.tar.bz2) = 620649 bytes
SHA1 (patch-aa) = f2e63361afb95d5469153efaecebcb8719938d58
SHA1 (patch-src_Makefile.in) = 484f6c02bc382b8c5647ce867f30bb2c4073580f
+SHA1 (patch-src_cms.c) = e98ae5b586e99bea440ac5fdad80549a0f8fface
Added files:
Index: pkgsrc/security/libksba/patches/patch-src_cms.c
diff -u /dev/null pkgsrc/security/libksba/patches/patch-src_cms.c:1.1
--- /dev/null Tue May 30 22:40:17 2017
+++ pkgsrc/security/libksba/patches/patch-src_cms.c Tue May 30 22:40:17 2017
@@ -0,0 +1,64 @@
+$NetBSD: patch-src_cms.c,v 1.1 2017/05/30 22:40:17 gdt Exp $
+
+Avoid dropping leading zeros in encoded session key.
+Patch by Daiki Ueno, taken from discussion on gnupg-devel:
+
+https://lists.gnupg.org/pipermail/gnupg-devel/2016-February/030825.html
+
+(Upstream has been asked to apply this patch, but so far has not.)
+
+--- src/cms.c.orig 2013-03-15 19:26:38.000000000 +0000
++++ src/cms.c
+@@ -87,6 +87,8 @@ static const char oid_signingTime[9] = "
+
+ static const char oidstr_smimeCapabilities[] = "1.2.840.113549.1.9.15";
+
++static const char oidstr_rsaEncryption[] = "1.2.840.113549.1.1.1";
++
+
+
+ /* Helper for read_and_hash_cont(). */
+@@ -1621,7 +1623,7 @@ ksba_cms_set_sig_val (ksba_cms_t cms, in
+ return gpg_error (GPG_ERR_ENOMEM);
+ if (n==3 && s[0] == 'r' && s[1] == 's' && s[2] == 'a')
+ { /* kludge to allow "rsa" to be passed as algorithm name */
+- sv->algo = xtrystrdup ("1.2.840.113549.1.1.1");
++ sv->algo = xtrystrdup (oidstr_rsaEncryption);
+ if (!sv->algo)
+ {
+ xfree (sv);
+@@ -1674,9 +1676,10 @@ ksba_cms_set_sig_val (ksba_cms_t cms, in
+ return gpg_error (GPG_ERR_INV_SEXP);
+ }
+
+- if (n > 1 && !*s)
++ if (strcmp (sv->algo, oidstr_rsaEncryption) != 0 && n > 1 && !*s)
+ { /* We might have a leading zero due to the way we encode
+- MPIs - this zero should not go into the OCTECT STRING. */
++ MPIs - this zero should not go into the OCTECT STRING,
++ unless it is explicitly allowed in the signature scheme. */
+ s++;
+ n--;
+ }
+@@ -1798,7 +1801,7 @@ ksba_cms_set_enc_val (ksba_cms_t cms, in
+ xfree (cl->enc_val.algo);
+ if (n==3 && s[0] == 'r' && s[1] == 's' && s[2] == 'a')
+ { /* kludge to allow "rsa" to be passed as algorithm name */
+- cl->enc_val.algo = xtrystrdup ("1.2.840.113549.1.1.1");
++ cl->enc_val.algo = xtrystrdup (oidstr_rsaEncryption);
+ if (!cl->enc_val.algo)
+ return gpg_error (GPG_ERR_ENOMEM);
+ }
+@@ -1831,9 +1834,10 @@ ksba_cms_set_enc_val (ksba_cms_t cms, in
+ if (!n || *s != ':')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+- if (n > 1 && !*s)
++ if (strcmp (cl->enc_val.algo, oidstr_rsaEncryption) != 0 && n > 1 && !*s)
+ { /* We might have a leading zero due to the way we encode
+- MPIs - this zero should not go into the OCTECT STRING. */
++ MPIs - this zero should not go into the OCTECT STRING,
++ unless it is explicitly allowed in the encryption scheme. */
+ s++;
+ n--;
+ }
Home |
Main Index |
Thread Index |
Old Index