summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSaul Wold <sgw@linux.intel.com>2013-02-14 23:55:12 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-02-15 12:17:35 (GMT)
commitc4d16fce2e2ca8053f82c2014256814acebe8aca (patch)
treeabe254bdfe08e47b4ab0e765bf91cbb9c142d9a3
parent2cbefb8387676c453c05de909fa3cdc206bdad9f (diff)
downloadpoky-c4d16fce2e2ca8053f82c2014256814acebe8aca.tar.gz
gnupg: fix CVE-2012-6085
Code taken from Redhat [YOCTO #3813] (From OE-Core rev: 17f8e03ace51df6b94fdcb7e410acf79c7b046ce) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch63
-rw-r--r--meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch63
-rw-r--r--meta/recipes-support/gnupg/gnupg_1.4.7.bb3
-rw-r--r--meta/recipes-support/gnupg/gnupg_2.0.19.bb5
4 files changed, 131 insertions, 3 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
new file mode 100644
index 0000000..8b5d9a1
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
1commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
2Author: Werner Koch <wk@gnupg.org>
3Date: Thu Dec 20 09:43:41 2012 +0100
4
5 gpg: Import only packets which are allowed in a keyblock.
6
7 * g10/import.c (valid_keyblock_packet): New.
8 (read_block): Store only valid packets.
9 --
10
11 A corrupted key, which for example included a mangled public key
12 encrypted packet, used to corrupt the keyring. This change skips all
13 packets which are not allowed in a keyblock.
14
15 GnuPG-bug-id: 1455
16
17 (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
18
19Upstream-Status: Backport
20
21Signed-off-by: Saul Wold <sgw@linux.intel.com>
22
23diff --git a/g10/import.c b/g10/import.c
24index bfe02eb..a57b32e 100644
25--- a/g10/import.c
26+++ b/g10/import.c
27@@ -384,6 +384,27 @@ import_print_stats (void *hd)
28 }
29
30
31+/* Return true if PKTTYPE is valid in a keyblock. */
32+static int
33+valid_keyblock_packet (int pkttype)
34+{
35+ switch (pkttype)
36+ {
37+ case PKT_PUBLIC_KEY:
38+ case PKT_PUBLIC_SUBKEY:
39+ case PKT_SECRET_KEY:
40+ case PKT_SECRET_SUBKEY:
41+ case PKT_SIGNATURE:
42+ case PKT_USER_ID:
43+ case PKT_ATTRIBUTE:
44+ case PKT_RING_TRUST:
45+ return 1;
46+ default:
47+ return 0;
48+ }
49+}
50+
51+
52 /****************
53 * Read the next keyblock from stream A.
54 * PENDING_PKT should be initialzed to NULL
55@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
56 }
57 in_cert = 1;
58 default:
59- if( in_cert ) {
60+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
61 if( !root )
62 root = new_kbnode( pkt );
63 else
diff --git a/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch
new file mode 100644
index 0000000..64c3034
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
1commit 498882296ffac7987c644aaf2a0aa108a2925471
2Author: Werner Koch <wk@gnupg.org>
3Date: Thu Dec 20 09:43:41 2012 +0100
4
5 gpg: Import only packets which are allowed in a keyblock.
6
7 * g10/import.c (valid_keyblock_packet): New.
8 (read_block): Store only valid packets.
9 --
10
11 A corrupted key, which for example included a mangled public key
12 encrypted packet, used to corrupt the keyring. This change skips all
13 packets which are not allowed in a keyblock.
14
15 GnuPG-bug-id: 1455
16
17 (cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
18
19Upstream-Status: Backport
20
21Signed-off-by: Saul Wold <sgw@linux.intel.com>
22
23diff --git a/g10/import.c b/g10/import.c
24index ba2439d..ad112d6 100644
25--- a/g10/import.c
26+++ b/g10/import.c
27@@ -347,6 +347,27 @@ import_print_stats (void *hd)
28 }
29
30
31+/* Return true if PKTTYPE is valid in a keyblock. */
32+static int
33+valid_keyblock_packet (int pkttype)
34+{
35+ switch (pkttype)
36+ {
37+ case PKT_PUBLIC_KEY:
38+ case PKT_PUBLIC_SUBKEY:
39+ case PKT_SECRET_KEY:
40+ case PKT_SECRET_SUBKEY:
41+ case PKT_SIGNATURE:
42+ case PKT_USER_ID:
43+ case PKT_ATTRIBUTE:
44+ case PKT_RING_TRUST:
45+ return 1;
46+ default:
47+ return 0;
48+ }
49+}
50+
51+
52 /****************
53 * Read the next keyblock from stream A.
54 * PENDING_PKT should be initialzed to NULL
55@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
56 }
57 in_cert = 1;
58 default:
59- if( in_cert ) {
60+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
61 if( !root )
62 root = new_kbnode( pkt );
63 else
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
index 41552b2..8c2f7f6 100644
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -7,12 +7,13 @@ LICENSE = "GPLv2"
7 7
8LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" 8LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
9 9
10PR = "r6" 10PR = "r8"
11 11
12SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ 12SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
13 file://long-long-thumb.patch \ 13 file://long-long-thumb.patch \
14 file://configure.patch \ 14 file://configure.patch \
15 file://mips_gcc4.4.patch \ 15 file://mips_gcc4.4.patch \
16 file://GnuPG1-CVE-2012-6085.patch \
16 file://curl_typeof_fix_backport.patch" 17 file://curl_typeof_fix_backport.patch"
17 18
18SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" 19SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
diff --git a/meta/recipes-support/gnupg/gnupg_2.0.19.bb b/meta/recipes-support/gnupg/gnupg_2.0.19.bb
index 996a8e8..8cd793b 100644
--- a/meta/recipes-support/gnupg/gnupg_2.0.19.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.0.19.bb
@@ -7,11 +7,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \
7DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt" 7DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt"
8PTH = "pth" 8PTH = "pth"
9PTH_libc-uclibc = "npth" 9PTH_libc-uclibc = "npth"
10PR = "r4" 10PR = "r5"
11 11
12inherit autotools gettext 12inherit autotools gettext
13 13
14SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2" 14SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2 \
15 file://GnuPG2-CVE-2012-6085.patch"
15 16
16SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016" 17SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016"
17SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622" 18SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622"