diff options
author | Saul Wold <sgw@linux.intel.com> | 2013-02-14 15:55:12 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-02-15 12:17:35 +0000 |
commit | c4d16fce2e2ca8053f82c2014256814acebe8aca (patch) | |
tree | abe254bdfe08e47b4ab0e765bf91cbb9c142d9a3 /meta | |
parent | 2cbefb8387676c453c05de909fa3cdc206bdad9f (diff) | |
download | poky-c4d16fce2e2ca8053f82c2014256814acebe8aca.tar.gz |
gnupg: fix CVE-2012-6085
Code taken from Redhat
[YOCTO #3813]
(From OE-Core rev: 17f8e03ace51df6b94fdcb7e410acf79c7b046ce)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
4 files changed, 131 insertions, 3 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch new file mode 100644 index 0000000000..8b5d9a1693 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | commit f0b33b6fb8e0586e9584a7a409dcc31263776a67 | ||
2 | Author: Werner Koch <wk@gnupg.org> | ||
3 | Date: Thu Dec 20 09:43:41 2012 +0100 | ||
4 | |||
5 | gpg: Import only packets which are allowed in a keyblock. | ||
6 | |||
7 | * g10/import.c (valid_keyblock_packet): New. | ||
8 | (read_block): Store only valid packets. | ||
9 | -- | ||
10 | |||
11 | A corrupted key, which for example included a mangled public key | ||
12 | encrypted packet, used to corrupt the keyring. This change skips all | ||
13 | packets which are not allowed in a keyblock. | ||
14 | |||
15 | GnuPG-bug-id: 1455 | ||
16 | |||
17 | (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) | ||
18 | |||
19 | Upstream-Status: Backport | ||
20 | |||
21 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
22 | |||
23 | diff --git a/g10/import.c b/g10/import.c | ||
24 | index bfe02eb..a57b32e 100644 | ||
25 | --- a/g10/import.c | ||
26 | +++ b/g10/import.c | ||
27 | @@ -384,6 +384,27 @@ import_print_stats (void *hd) | ||
28 | } | ||
29 | |||
30 | |||
31 | +/* Return true if PKTTYPE is valid in a keyblock. */ | ||
32 | +static int | ||
33 | +valid_keyblock_packet (int pkttype) | ||
34 | +{ | ||
35 | + switch (pkttype) | ||
36 | + { | ||
37 | + case PKT_PUBLIC_KEY: | ||
38 | + case PKT_PUBLIC_SUBKEY: | ||
39 | + case PKT_SECRET_KEY: | ||
40 | + case PKT_SECRET_SUBKEY: | ||
41 | + case PKT_SIGNATURE: | ||
42 | + case PKT_USER_ID: | ||
43 | + case PKT_ATTRIBUTE: | ||
44 | + case PKT_RING_TRUST: | ||
45 | + return 1; | ||
46 | + default: | ||
47 | + return 0; | ||
48 | + } | ||
49 | +} | ||
50 | + | ||
51 | + | ||
52 | /**************** | ||
53 | * Read the next keyblock from stream A. | ||
54 | * PENDING_PKT should be initialzed to NULL | ||
55 | @@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) | ||
56 | } | ||
57 | in_cert = 1; | ||
58 | default: | ||
59 | - if( in_cert ) { | ||
60 | + if (in_cert && valid_keyblock_packet (pkt->pkttype)) { | ||
61 | if( !root ) | ||
62 | root = new_kbnode( pkt ); | ||
63 | else | ||
diff --git a/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch new file mode 100644 index 0000000000..64c30342cc --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | commit 498882296ffac7987c644aaf2a0aa108a2925471 | ||
2 | Author: Werner Koch <wk@gnupg.org> | ||
3 | Date: Thu Dec 20 09:43:41 2012 +0100 | ||
4 | |||
5 | gpg: Import only packets which are allowed in a keyblock. | ||
6 | |||
7 | * g10/import.c (valid_keyblock_packet): New. | ||
8 | (read_block): Store only valid packets. | ||
9 | -- | ||
10 | |||
11 | A corrupted key, which for example included a mangled public key | ||
12 | encrypted packet, used to corrupt the keyring. This change skips all | ||
13 | packets which are not allowed in a keyblock. | ||
14 | |||
15 | GnuPG-bug-id: 1455 | ||
16 | |||
17 | (cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e) | ||
18 | |||
19 | Upstream-Status: Backport | ||
20 | |||
21 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
22 | |||
23 | diff --git a/g10/import.c b/g10/import.c | ||
24 | index ba2439d..ad112d6 100644 | ||
25 | --- a/g10/import.c | ||
26 | +++ b/g10/import.c | ||
27 | @@ -347,6 +347,27 @@ import_print_stats (void *hd) | ||
28 | } | ||
29 | |||
30 | |||
31 | +/* Return true if PKTTYPE is valid in a keyblock. */ | ||
32 | +static int | ||
33 | +valid_keyblock_packet (int pkttype) | ||
34 | +{ | ||
35 | + switch (pkttype) | ||
36 | + { | ||
37 | + case PKT_PUBLIC_KEY: | ||
38 | + case PKT_PUBLIC_SUBKEY: | ||
39 | + case PKT_SECRET_KEY: | ||
40 | + case PKT_SECRET_SUBKEY: | ||
41 | + case PKT_SIGNATURE: | ||
42 | + case PKT_USER_ID: | ||
43 | + case PKT_ATTRIBUTE: | ||
44 | + case PKT_RING_TRUST: | ||
45 | + return 1; | ||
46 | + default: | ||
47 | + return 0; | ||
48 | + } | ||
49 | +} | ||
50 | + | ||
51 | + | ||
52 | /**************** | ||
53 | * Read the next keyblock from stream A. | ||
54 | * PENDING_PKT should be initialzed to NULL | ||
55 | @@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) | ||
56 | } | ||
57 | in_cert = 1; | ||
58 | default: | ||
59 | - if( in_cert ) { | ||
60 | + if (in_cert && valid_keyblock_packet (pkt->pkttype)) { | ||
61 | if( !root ) | ||
62 | root = new_kbnode( pkt ); | ||
63 | else | ||
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb index 41552b2ee6..8c2f7f625f 100644 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb | |||
@@ -7,12 +7,13 @@ LICENSE = "GPLv2" | |||
7 | 7 | ||
8 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" | 8 | LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a" |
9 | 9 | ||
10 | PR = "r6" | 10 | PR = "r8" |
11 | 11 | ||
12 | SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ | 12 | SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ |
13 | file://long-long-thumb.patch \ | 13 | file://long-long-thumb.patch \ |
14 | file://configure.patch \ | 14 | file://configure.patch \ |
15 | file://mips_gcc4.4.patch \ | 15 | file://mips_gcc4.4.patch \ |
16 | file://GnuPG1-CVE-2012-6085.patch \ | ||
16 | file://curl_typeof_fix_backport.patch" | 17 | file://curl_typeof_fix_backport.patch" |
17 | 18 | ||
18 | SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" | 19 | SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" |
diff --git a/meta/recipes-support/gnupg/gnupg_2.0.19.bb b/meta/recipes-support/gnupg/gnupg_2.0.19.bb index 996a8e80dc..8cd793b431 100644 --- a/meta/recipes-support/gnupg/gnupg_2.0.19.bb +++ b/meta/recipes-support/gnupg/gnupg_2.0.19.bb | |||
@@ -7,11 +7,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \ | |||
7 | DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt" | 7 | DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt" |
8 | PTH = "pth" | 8 | PTH = "pth" |
9 | PTH_libc-uclibc = "npth" | 9 | PTH_libc-uclibc = "npth" |
10 | PR = "r4" | 10 | PR = "r5" |
11 | 11 | ||
12 | inherit autotools gettext | 12 | inherit autotools gettext |
13 | 13 | ||
14 | SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2" | 14 | SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2 \ |
15 | file://GnuPG2-CVE-2012-6085.patch" | ||
15 | 16 | ||
16 | SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016" | 17 | SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016" |
17 | SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622" | 18 | SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622" |