4 files changed, 131 insertions, 3 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
new file mode 100644
index 0000000000..8b5d9a1693
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
+commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
+Author: Werner Koch <wk@gnupg.org>
+Date:   Thu Dec 20 09:43:41 2012 +0100
+    gpg: Import only packets which are allowed in a keyblock.
+    
+    * g10/import.c (valid_keyblock_packet): New.
+    (read_block): Store only valid packets.
+    --
+    
+    A corrupted key, which for example included a mangled public key
+    encrypted packet, used to corrupt the keyring.  This change skips all
+    packets which are not allowed in a keyblock.
+    
+    GnuPG-bug-id: 1455
+    
+    (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
+Upstream-Status: Backport
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+diff --git a/g10/import.c b/g10/import.c
+index bfe02eb..a57b32e 100644
+--- a/g10/import.c
+++ b/g10/import.c
+@@ -384,6 +384,27 @@ import_print_stats (void *hd)
+ }
+ 
+ 
+/* Return true if PKTTYPE is valid in a keyblock.  */
+static int
+valid_keyblock_packet (int pkttype)
+{
+  switch (pkttype)
+    {
+    case PKT_PUBLIC_KEY:
+    case PKT_PUBLIC_SUBKEY:
+    case PKT_SECRET_KEY:
+    case PKT_SECRET_SUBKEY:
+    case PKT_SIGNATURE:
+    case PKT_USER_ID:
+    case PKT_ATTRIBUTE:
+    case PKT_RING_TRUST:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
+
+ /****************
+  * Read the next keyblock from stream A.
+  * PENDING_PKT should be initialzed to NULL
+@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+            }
+            in_cert = 1;
+          default:
+-           if( in_cert ) {
+           if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+                if( !root )
+                    root = new_kbnode( pkt );
+                else
diff --git a/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch
new file mode 100644
index 0000000000..64c30342cc
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
+commit 498882296ffac7987c644aaf2a0aa108a2925471
+Author: Werner Koch <wk@gnupg.org>
+Date:   Thu Dec 20 09:43:41 2012 +0100
+    gpg: Import only packets which are allowed in a keyblock.
+    
+    * g10/import.c (valid_keyblock_packet): New.
+    (read_block): Store only valid packets.
+    --
+    
+    A corrupted key, which for example included a mangled public key
+    encrypted packet, used to corrupt the keyring.  This change skips all
+    packets which are not allowed in a keyblock.
+    
+    GnuPG-bug-id: 1455
+    
+    (cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
+Upstream-Status: Backport
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+diff --git a/g10/import.c b/g10/import.c
+index ba2439d..ad112d6 100644
+--- a/g10/import.c
+++ b/g10/import.c
+@@ -347,6 +347,27 @@ import_print_stats (void *hd)
+ }
+ 
+ 
+/* Return true if PKTTYPE is valid in a keyblock.  */
+static int
+valid_keyblock_packet (int pkttype)
+{
+  switch (pkttype)
+    {
+    case PKT_PUBLIC_KEY:
+    case PKT_PUBLIC_SUBKEY:
+    case PKT_SECRET_KEY:
+    case PKT_SECRET_SUBKEY:
+    case PKT_SIGNATURE:
+    case PKT_USER_ID:
+    case PKT_ATTRIBUTE:
+    case PKT_RING_TRUST:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
+
+ /****************
+  * Read the next keyblock from stream A.
+  * PENDING_PKT should be initialzed to NULL
+@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+            }
+            in_cert = 1;
+          default:
+-           if( in_cert ) {
+           if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+                if( !root )
+                    root = new_kbnode( pkt );
+                else
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
index 41552b2ee6..8c2f7f625f 100644
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -7,12 +7,13 @@ LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
-PR = "r6"
+PR = "r8"
 SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
           file://long-long-thumb.patch \
           file://configure.patch \
           file://mips_gcc4.4.patch \
+           file://GnuPG1-CVE-2012-6085.patch \
           file://curl_typeof_fix_backport.patch"
 SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
diff --git a/meta/recipes-support/gnupg/gnupg_2.0.19.bb b/meta/recipes-support/gnupg/gnupg_2.0.19.bb
index 996a8e80dc..8cd793b431 100644
--- a/meta/recipes-support/gnupg/gnupg_2.0.19.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.0.19.bb
@@ -7,11 +7,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \
 DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt"
 PTH = "pth"
 PTH_libc-uclibc = "npth"
-PR = "r4"
+PR = "r5"
 inherit autotools gettext
-SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2"
+SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2 \
+           file://GnuPG2-CVE-2012-6085.patch"
 SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016"
 SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622"

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch new file mode 100644 index 0000000000..8b5d9a1693 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
		1	commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
		2	Author: Werner Koch <wk@gnupg.org>
		3	Date: Thu Dec 20 09:43:41 2012 +0100
		4
		5	gpg: Import only packets which are allowed in a keyblock.
		6
		7	* g10/import.c (valid_keyblock_packet): New.
		8	(read_block): Store only valid packets.
		9	--
		10
		11	A corrupted key, which for example included a mangled public key
		12	encrypted packet, used to corrupt the keyring. This change skips all
		13	packets which are not allowed in a keyblock.
		14
		15	GnuPG-bug-id: 1455
		16
		17	(cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
		18
		19	Upstream-Status: Backport
		20
		21	Signed-off-by: Saul Wold <sgw@linux.intel.com>
		22
		23	diff --git a/g10/import.c b/g10/import.c
		24	index bfe02eb..a57b32e 100644
		25	--- a/g10/import.c
		26	+++ b/g10/import.c
		27	@@ -384,6 +384,27 @@ import_print_stats (void *hd)
		28	}
		29
		30
		31	+/* Return true if PKTTYPE is valid in a keyblock. */
		32	+static int
		33	+valid_keyblock_packet (int pkttype)
		34	+{
		35	+ switch (pkttype)
		36	+ {
		37	+ case PKT_PUBLIC_KEY:
		38	+ case PKT_PUBLIC_SUBKEY:
		39	+ case PKT_SECRET_KEY:
		40	+ case PKT_SECRET_SUBKEY:
		41	+ case PKT_SIGNATURE:
		42	+ case PKT_USER_ID:
		43	+ case PKT_ATTRIBUTE:
		44	+ case PKT_RING_TRUST:
		45	+ return 1;
		46	+ default:
		47	+ return 0;
		48	+ }
		49	+}
		50	+
		51	+
		52	/****************
		53	* Read the next keyblock from stream A.
		54	* PENDING_PKT should be initialzed to NULL
		55	@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET *pending_pkt, KBNODE ret_root )
		56	}
		57	in_cert = 1;
		58	default:
		59	- if( in_cert ) {
		60	+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
		61	if( !root )
		62	root = new_kbnode( pkt );
		63	else


diff --git a/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch new file mode 100644 index 0000000000..64c30342cc --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
		1	commit 498882296ffac7987c644aaf2a0aa108a2925471
		2	Author: Werner Koch <wk@gnupg.org>
		3	Date: Thu Dec 20 09:43:41 2012 +0100
		4
		5	gpg: Import only packets which are allowed in a keyblock.
		6
		7	* g10/import.c (valid_keyblock_packet): New.
		8	(read_block): Store only valid packets.
		9	--
		10
		11	A corrupted key, which for example included a mangled public key
		12	encrypted packet, used to corrupt the keyring. This change skips all
		13	packets which are not allowed in a keyblock.
		14
		15	GnuPG-bug-id: 1455
		16
		17	(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
		18
		19	Upstream-Status: Backport
		20
		21	Signed-off-by: Saul Wold <sgw@linux.intel.com>
		22
		23	diff --git a/g10/import.c b/g10/import.c
		24	index ba2439d..ad112d6 100644
		25	--- a/g10/import.c
		26	+++ b/g10/import.c
		27	@@ -347,6 +347,27 @@ import_print_stats (void *hd)
		28	}
		29
		30
		31	+/* Return true if PKTTYPE is valid in a keyblock. */
		32	+static int
		33	+valid_keyblock_packet (int pkttype)
		34	+{
		35	+ switch (pkttype)
		36	+ {
		37	+ case PKT_PUBLIC_KEY:
		38	+ case PKT_PUBLIC_SUBKEY:
		39	+ case PKT_SECRET_KEY:
		40	+ case PKT_SECRET_SUBKEY:
		41	+ case PKT_SIGNATURE:
		42	+ case PKT_USER_ID:
		43	+ case PKT_ATTRIBUTE:
		44	+ case PKT_RING_TRUST:
		45	+ return 1;
		46	+ default:
		47	+ return 0;
		48	+ }
		49	+}
		50	+
		51	+
		52	/****************
		53	* Read the next keyblock from stream A.
		54	* PENDING_PKT should be initialzed to NULL
		55	@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET *pending_pkt, KBNODE ret_root )
		56	}
		57	in_cert = 1;
		58	default:
		59	- if( in_cert ) {
		60	+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
		61	if( !root )
		62	root = new_kbnode( pkt );
		63	else


diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb index 41552b2ee6..8c2f7f625f 100644 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -7,12 +7,13 @@ LICENSE = "GPLv2"
7		7
8	LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"	8	LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
9		9
10	PR = "r6"	10	PR = "r8"
11		11
12	SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \	12	SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
13	file://long-long-thumb.patch \	13	file://long-long-thumb.patch \
14	file://configure.patch \	14	file://configure.patch \
15	file://mips_gcc4.4.patch \	15	file://mips_gcc4.4.patch \
		16	file://GnuPG1-CVE-2012-6085.patch \
16	file://curl_typeof_fix_backport.patch"	17	file://curl_typeof_fix_backport.patch"
17		18
18	SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"	19	SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"


diff --git a/meta/recipes-support/gnupg/gnupg_2.0.19.bb b/meta/recipes-support/gnupg/gnupg_2.0.19.bb index 996a8e80dc..8cd793b431 100644 --- a/meta/recipes-support/gnupg/gnupg_2.0.19.bb +++ b/meta/recipes-support/gnupg/gnupg_2.0.19.bb
@@ -7,11 +7,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \
7	DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt"	7	DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt"
8	PTH = "pth"	8	PTH = "pth"
9	PTH_libc-uclibc = "npth"	9	PTH_libc-uclibc = "npth"
10	PR = "r4"	10	PR = "r5"
11		11
12	inherit autotools gettext	12	inherit autotools gettext
13		13
14	SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2"	14	SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2 \
		15	file://GnuPG2-CVE-2012-6085.patch"
15		16
16	SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016"	17	SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016"
17	SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622"	18	SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622"