summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2013-04-29 14:47:22 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-04-29 18:00:00 +0100
commit4a9b9004bca6d1cb58ecc8bccf7f09b38b0e6c73 (patch)
treef3f3e7eb9c869655abe5e83584c20a8d6630df0b
parenta69769e3b3e7f475e416d3a49d68dab088592851 (diff)
downloadpoky-4a9b9004bca6d1cb58ecc8bccf7f09b38b0e6c73.tar.gz
gnupg: integrate fix for CVE-2012-6085
From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6085: "The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet." Patch taken from upstream git, which is identical in both branches. (From OE-Core rev: 44ed6605c1978325782d229d0c01329465c4c5c7) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch70
-rw-r--r--meta/recipes-support/gnupg/gnupg_1.4.7.bb3
-rw-r--r--meta/recipes-support/gnupg/gnupg_2.0.19.bb3
3 files changed, 74 insertions, 2 deletions
diff --git a/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch
new file mode 100644
index 0000000000..2b98a3c4f2
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch
@@ -0,0 +1,70 @@
1Fix CVE-2012-6085 by backporting a patch from upstream's git repository.
2
3Upstream-Status: Backport
4Signed-off-by: Ross Burton <ross.burton@intel.com>
5
6
7From 498882296ffac7987c644aaf2a0aa108a2925471 Mon Sep 17 00:00:00 2001
8From: Werner Koch <wk@gnupg.org>
9Date: Thu, 20 Dec 2012 09:43:41 +0100
10Subject: [PATCH] gpg: Import only packets which are allowed in a keyblock.
11
12* g10/import.c (valid_keyblock_packet): New.
13(read_block): Store only valid packets.
14--
15
16A corrupted key, which for example included a mangled public key
17encrypted packet, used to corrupt the keyring. This change skips all
18packets which are not allowed in a keyblock.
19
20GnuPG-bug-id: 1455
21
22(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
23---
24 g10/import.c | 23 ++++++++++++++++++++++-
25 1 files changed, 22 insertions(+), 1 deletions(-)
26
27diff --git a/g10/import.c b/g10/import.c
28index ba2439d..ad112d6 100644
29--- a/g10/import.c
30+++ b/g10/import.c
31@@ -347,6 +347,27 @@ import_print_stats (void *hd)
32 }
33
34
35+/* Return true if PKTTYPE is valid in a keyblock. */
36+static int
37+valid_keyblock_packet (int pkttype)
38+{
39+ switch (pkttype)
40+ {
41+ case PKT_PUBLIC_KEY:
42+ case PKT_PUBLIC_SUBKEY:
43+ case PKT_SECRET_KEY:
44+ case PKT_SECRET_SUBKEY:
45+ case PKT_SIGNATURE:
46+ case PKT_USER_ID:
47+ case PKT_ATTRIBUTE:
48+ case PKT_RING_TRUST:
49+ return 1;
50+ default:
51+ return 0;
52+ }
53+}
54+
55+
56 /****************
57 * Read the next keyblock from stream A.
58 * PENDING_PKT should be initialzed to NULL
59@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
60 }
61 in_cert = 1;
62 default:
63- if( in_cert ) {
64+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
65 if( !root )
66 root = new_kbnode( pkt );
67 else
68--
691.7.2.5
70
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
index 41552b2ee6..befcc313ec 100644
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -13,7 +13,8 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
13 file://long-long-thumb.patch \ 13 file://long-long-thumb.patch \
14 file://configure.patch \ 14 file://configure.patch \
15 file://mips_gcc4.4.patch \ 15 file://mips_gcc4.4.patch \
16 file://curl_typeof_fix_backport.patch" 16 file://curl_typeof_fix_backport.patch \
17 file://cve-2012-6085.patch"
17 18
18SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" 19SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
19SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" 20SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"
diff --git a/meta/recipes-support/gnupg/gnupg_2.0.19.bb b/meta/recipes-support/gnupg/gnupg_2.0.19.bb
index 996a8e80dc..6b0ce668f5 100644
--- a/meta/recipes-support/gnupg/gnupg_2.0.19.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.0.19.bb
@@ -11,7 +11,8 @@ PR = "r4"
11 11
12inherit autotools gettext 12inherit autotools gettext
13 13
14SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2" 14SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2 \
15 file://cve-2012-6085.patch"
15 16
16SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016" 17SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016"
17SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622" 18SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622"