summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
diff options
context:
space:
mode:
authorMing Liu <ming.liu@windriver.com>2014-03-26 16:32:12 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-03-27 09:42:05 +0000
commit0abd9418b1bb15555457eafef1c8ac9670de39a0 (patch)
tree6f5092e817052bb58743efe8e89dd56a6427712e /meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
parentf6548c56cbbcbcab7ad214f51b065487c62e2311 (diff)
downloadpoky-0abd9418b1bb15555457eafef1c8ac9670de39a0.tar.gz
gnupg: CVE-2013-4351
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. (From OE-Core rev: 259aebc9dbcaeb1587aaaab849942f55fa321724) Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch')
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch44
1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
new file mode 100644
index 0000000000..b29ede4233
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -0,0 +1,44 @@
1Upstream-Status: Backport
2
3Index: gnupg-1.4.7/g10/getkey.c
4===================================================================
5--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800
6+++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800
7@@ -1454,7 +1454,11 @@
8
9 if(flags)
10 key_usage |= PUBKEY_USAGE_UNKNOWN;
11+ if (!key_usage)
12+ key_usage |= PUBKEY_USAGE_NONE;
13 }
14+ else if (p)
15+ key_usage |= PUBKEY_USAGE_NONE;
16
17 /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
18 capability that we do not handle. This serves to distinguish
19Index: gnupg-1.4.7/g10/keygen.c
20===================================================================
21--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800
22+++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800
23@@ -209,9 +209,6 @@
24 if (use & PUBKEY_USAGE_AUTH)
25 buf[0] |= 0x20;
26
27- if (!buf[0])
28- return;
29-
30 build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
31 }
32
33Index: gnupg-1.4.7/include/cipher.h
34===================================================================
35--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800
36+++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800
37@@ -52,6 +52,7 @@
38 #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
39 #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */
40 #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */
41+#define PUBKEY_USAGE_NONE 256 /* No usage given. */
42
43 #define DIGEST_ALGO_MD5 1
44 #define DIGEST_ALGO_SHA1 2