gnupg: integrate fix for CVE-2012-6085

From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6085: "The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet." Patch taken from upstream git, which is identical in both branches. (From OE-Core rev: 44ed6605c1978325782d229d0c01329465c4c5c7) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2013-04-29 14:47:22 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2013-04-29 18:00:00 +0100
commit: 4a9b9004bca6d1cb58ecc8bccf7f09b38b0e6c73 (patch)
tree: f3f3e7eb9c869655abe5e83584c20a8d6630df0b /meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch
parent: a69769e3b3e7f475e416d3a49d68dab088592851 (diff)
download: poky-4a9b9004bca6d1cb58ecc8bccf7f09b38b0e6c73.tar.gz
1 files changed, 70 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch
new file mode 100644
index 0000000000..2b98a3c4f2
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch
@@ -0,0 +1,70 @@
+Fix CVE-2012-6085 by backporting a patch from upstream's git repository.
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+From 498882296ffac7987c644aaf2a0aa108a2925471 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 20 Dec 2012 09:43:41 +0100
+Subject: [PATCH] gpg: Import only packets which are allowed in a keyblock.
+* g10/import.c (valid_keyblock_packet): New.
+(read_block): Store only valid packets.
+--
+A corrupted key, which for example included a mangled public key
+encrypted packet, used to corrupt the keyring.  This change skips all
+packets which are not allowed in a keyblock.
+GnuPG-bug-id: 1455
+(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
+---
+ g10/import.c |   23 ++++++++++++++++++++++-
+ 1 files changed, 22 insertions(+), 1 deletions(-)
+diff --git a/g10/import.c b/g10/import.c
+index ba2439d..ad112d6 100644
+--- a/g10/import.c
+++ b/g10/import.c
+@@ -347,6 +347,27 @@ import_print_stats (void *hd)
+ }
+ 
+ 
+/* Return true if PKTTYPE is valid in a keyblock.  */
+static int
+valid_keyblock_packet (int pkttype)
+{
+  switch (pkttype)
+    {
+    case PKT_PUBLIC_KEY:
+    case PKT_PUBLIC_SUBKEY:
+    case PKT_SECRET_KEY:
+    case PKT_SECRET_SUBKEY:
+    case PKT_SIGNATURE:
+    case PKT_USER_ID:
+    case PKT_ATTRIBUTE:
+    case PKT_RING_TRUST:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
+
+ /****************
+  * Read the next keyblock from stream A.
+  * PENDING_PKT should be initialzed to NULL
+@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+            }
+            in_cert = 1;
+          default:
+-           if( in_cert ) {
+           if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+                if( !root )
+                    root = new_kbnode( pkt );
+                else
+-- 
+1.7.2.5
author	Ross Burton <ross.burton@intel.com>	2013-04-29 14:47:22 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2013-04-29 18:00:00 +0100
commit	4a9b9004bca6d1cb58ecc8bccf7f09b38b0e6c73 (patch)
tree	f3f3e7eb9c869655abe5e83584c20a8d6630df0b /meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch
parent	a69769e3b3e7f475e416d3a49d68dab088592851 (diff)
download	poky-4a9b9004bca6d1cb58ecc8bccf7f09b38b0e6c73.tar.gz

diff --git a/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch new file mode 100644 index 0000000000..2b98a3c4f2 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch
@@ -0,0 +1,70 @@
	1	Fix CVE-2012-6085 by backporting a patch from upstream's git repository.
	2
	3	Upstream-Status: Backport
	4	Signed-off-by: Ross Burton <ross.burton@intel.com>
	5
	6
	7	From 498882296ffac7987c644aaf2a0aa108a2925471 Mon Sep 17 00:00:00 2001
	8	From: Werner Koch <wk@gnupg.org>
	9	Date: Thu, 20 Dec 2012 09:43:41 +0100
	10	Subject: [PATCH] gpg: Import only packets which are allowed in a keyblock.
	11
	12	* g10/import.c (valid_keyblock_packet): New.
	13	(read_block): Store only valid packets.
	14	--
	15
	16	A corrupted key, which for example included a mangled public key
	17	encrypted packet, used to corrupt the keyring. This change skips all
	18	packets which are not allowed in a keyblock.
	19
	20	GnuPG-bug-id: 1455
	21
	22	(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
	23	---
	24	g10/import.c \| 23 ++++++++++++++++++++++-
	25	1 files changed, 22 insertions(+), 1 deletions(-)
	26
	27	diff --git a/g10/import.c b/g10/import.c
	28	index ba2439d..ad112d6 100644
	29	--- a/g10/import.c
	30	+++ b/g10/import.c
	31	@@ -347,6 +347,27 @@ import_print_stats (void *hd)
	32	}
	33
	34
	35	+/* Return true if PKTTYPE is valid in a keyblock. */
	36	+static int
	37	+valid_keyblock_packet (int pkttype)
	38	+{
	39	+ switch (pkttype)
	40	+ {
	41	+ case PKT_PUBLIC_KEY:
	42	+ case PKT_PUBLIC_SUBKEY:
	43	+ case PKT_SECRET_KEY:
	44	+ case PKT_SECRET_SUBKEY:
	45	+ case PKT_SIGNATURE:
	46	+ case PKT_USER_ID:
	47	+ case PKT_ATTRIBUTE:
	48	+ case PKT_RING_TRUST:
	49	+ return 1;
	50	+ default:
	51	+ return 0;
	52	+ }
	53	+}
	54	+
	55	+
	56	/****************
	57	* Read the next keyblock from stream A.
	58	* PENDING_PKT should be initialzed to NULL
	59	@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET *pending_pkt, KBNODE ret_root )
	60	}
	61	in_cert = 1;
	62	default:
	63	- if( in_cert ) {
	64	+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
	65	if( !root )
	66	root = new_kbnode( pkt );
	67	else
	68	--
	69	1.7.2.5
	70