diff options
author | Ross Burton <ross.burton@intel.com> | 2013-04-29 14:47:22 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-04-29 18:00:00 +0100 |
commit | 4a9b9004bca6d1cb58ecc8bccf7f09b38b0e6c73 (patch) | |
tree | f3f3e7eb9c869655abe5e83584c20a8d6630df0b | |
parent | a69769e3b3e7f475e416d3a49d68dab088592851 (diff) | |
download | poky-4a9b9004bca6d1cb58ecc8bccf7f09b38b0e6c73.tar.gz |
gnupg: integrate fix for CVE-2012-6085
From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6085:
"The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x
through 2.0.19, when importing a key, allows remote attackers to corrupt the
public keyring database or cause a denial of service (application crash) via a
crafted length field of an OpenPGP packet."
Patch taken from upstream git, which is identical in both branches.
(From OE-Core rev: 44ed6605c1978325782d229d0c01329465c4c5c7)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch | 70 | ||||
-rw-r--r-- | meta/recipes-support/gnupg/gnupg_1.4.7.bb | 3 | ||||
-rw-r--r-- | meta/recipes-support/gnupg/gnupg_2.0.19.bb | 3 |
3 files changed, 74 insertions, 2 deletions
diff --git a/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch new file mode 100644 index 0000000000..2b98a3c4f2 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch | |||
@@ -0,0 +1,70 @@ | |||
1 | Fix CVE-2012-6085 by backporting a patch from upstream's git repository. | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
5 | |||
6 | |||
7 | From 498882296ffac7987c644aaf2a0aa108a2925471 Mon Sep 17 00:00:00 2001 | ||
8 | From: Werner Koch <wk@gnupg.org> | ||
9 | Date: Thu, 20 Dec 2012 09:43:41 +0100 | ||
10 | Subject: [PATCH] gpg: Import only packets which are allowed in a keyblock. | ||
11 | |||
12 | * g10/import.c (valid_keyblock_packet): New. | ||
13 | (read_block): Store only valid packets. | ||
14 | -- | ||
15 | |||
16 | A corrupted key, which for example included a mangled public key | ||
17 | encrypted packet, used to corrupt the keyring. This change skips all | ||
18 | packets which are not allowed in a keyblock. | ||
19 | |||
20 | GnuPG-bug-id: 1455 | ||
21 | |||
22 | (cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e) | ||
23 | --- | ||
24 | g10/import.c | 23 ++++++++++++++++++++++- | ||
25 | 1 files changed, 22 insertions(+), 1 deletions(-) | ||
26 | |||
27 | diff --git a/g10/import.c b/g10/import.c | ||
28 | index ba2439d..ad112d6 100644 | ||
29 | --- a/g10/import.c | ||
30 | +++ b/g10/import.c | ||
31 | @@ -347,6 +347,27 @@ import_print_stats (void *hd) | ||
32 | } | ||
33 | |||
34 | |||
35 | +/* Return true if PKTTYPE is valid in a keyblock. */ | ||
36 | +static int | ||
37 | +valid_keyblock_packet (int pkttype) | ||
38 | +{ | ||
39 | + switch (pkttype) | ||
40 | + { | ||
41 | + case PKT_PUBLIC_KEY: | ||
42 | + case PKT_PUBLIC_SUBKEY: | ||
43 | + case PKT_SECRET_KEY: | ||
44 | + case PKT_SECRET_SUBKEY: | ||
45 | + case PKT_SIGNATURE: | ||
46 | + case PKT_USER_ID: | ||
47 | + case PKT_ATTRIBUTE: | ||
48 | + case PKT_RING_TRUST: | ||
49 | + return 1; | ||
50 | + default: | ||
51 | + return 0; | ||
52 | + } | ||
53 | +} | ||
54 | + | ||
55 | + | ||
56 | /**************** | ||
57 | * Read the next keyblock from stream A. | ||
58 | * PENDING_PKT should be initialzed to NULL | ||
59 | @@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) | ||
60 | } | ||
61 | in_cert = 1; | ||
62 | default: | ||
63 | - if( in_cert ) { | ||
64 | + if (in_cert && valid_keyblock_packet (pkt->pkttype)) { | ||
65 | if( !root ) | ||
66 | root = new_kbnode( pkt ); | ||
67 | else | ||
68 | -- | ||
69 | 1.7.2.5 | ||
70 | |||
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb index 41552b2ee6..befcc313ec 100644 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb | |||
@@ -13,7 +13,8 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ | |||
13 | file://long-long-thumb.patch \ | 13 | file://long-long-thumb.patch \ |
14 | file://configure.patch \ | 14 | file://configure.patch \ |
15 | file://mips_gcc4.4.patch \ | 15 | file://mips_gcc4.4.patch \ |
16 | file://curl_typeof_fix_backport.patch" | 16 | file://curl_typeof_fix_backport.patch \ |
17 | file://cve-2012-6085.patch" | ||
17 | 18 | ||
18 | SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" | 19 | SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" |
19 | SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" | 20 | SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" |
diff --git a/meta/recipes-support/gnupg/gnupg_2.0.19.bb b/meta/recipes-support/gnupg/gnupg_2.0.19.bb index 996a8e80dc..6b0ce668f5 100644 --- a/meta/recipes-support/gnupg/gnupg_2.0.19.bb +++ b/meta/recipes-support/gnupg/gnupg_2.0.19.bb | |||
@@ -11,7 +11,8 @@ PR = "r4" | |||
11 | 11 | ||
12 | inherit autotools gettext | 12 | inherit autotools gettext |
13 | 13 | ||
14 | SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2" | 14 | SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2 \ |
15 | file://cve-2012-6085.patch" | ||
15 | 16 | ||
16 | SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016" | 17 | SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016" |
17 | SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622" | 18 | SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622" |