1 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
new file mode 100644
index 0000000000..8b5d9a1693
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
+commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
+Author: Werner Koch <wk@gnupg.org>
+Date:   Thu Dec 20 09:43:41 2012 +0100
+    gpg: Import only packets which are allowed in a keyblock.
+    
+    * g10/import.c (valid_keyblock_packet): New.
+    (read_block): Store only valid packets.
+    --
+    
+    A corrupted key, which for example included a mangled public key
+    encrypted packet, used to corrupt the keyring.  This change skips all
+    packets which are not allowed in a keyblock.
+    
+    GnuPG-bug-id: 1455
+    
+    (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
+Upstream-Status: Backport
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+diff --git a/g10/import.c b/g10/import.c
+index bfe02eb..a57b32e 100644
+--- a/g10/import.c
+++ b/g10/import.c
+@@ -384,6 +384,27 @@ import_print_stats (void *hd)
+ }
+ 
+ 
+/* Return true if PKTTYPE is valid in a keyblock.  */
+static int
+valid_keyblock_packet (int pkttype)
+{
+  switch (pkttype)
+    {
+    case PKT_PUBLIC_KEY:
+    case PKT_PUBLIC_SUBKEY:
+    case PKT_SECRET_KEY:
+    case PKT_SECRET_SUBKEY:
+    case PKT_SIGNATURE:
+    case PKT_USER_ID:
+    case PKT_ATTRIBUTE:
+    case PKT_RING_TRUST:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
+
+ /****************
+  * Read the next keyblock from stream A.
+  * PENDING_PKT should be initialzed to NULL
+@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+            }
+            in_cert = 1;
+          default:
+-           if( in_cert ) {
+           if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+                if( !root )
+                    root = new_kbnode( pkt );
+                else

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch new file mode 100644 index 0000000000..8b5d9a1693 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -0,0 +1,63 @@
	1	commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
	2	Author: Werner Koch <wk@gnupg.org>
	3	Date: Thu Dec 20 09:43:41 2012 +0100
	4
	5	gpg: Import only packets which are allowed in a keyblock.
	6
	7	* g10/import.c (valid_keyblock_packet): New.
	8	(read_block): Store only valid packets.
	9	--
	10
	11	A corrupted key, which for example included a mangled public key
	12	encrypted packet, used to corrupt the keyring. This change skips all
	13	packets which are not allowed in a keyblock.
	14
	15	GnuPG-bug-id: 1455
	16
	17	(cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
	18
	19	Upstream-Status: Backport
	20
	21	Signed-off-by: Saul Wold <sgw@linux.intel.com>
	22
	23	diff --git a/g10/import.c b/g10/import.c
	24	index bfe02eb..a57b32e 100644
	25	--- a/g10/import.c
	26	+++ b/g10/import.c
	27	@@ -384,6 +384,27 @@ import_print_stats (void *hd)
	28	}
	29
	30
	31	+/* Return true if PKTTYPE is valid in a keyblock. */
	32	+static int
	33	+valid_keyblock_packet (int pkttype)
	34	+{
	35	+ switch (pkttype)
	36	+ {
	37	+ case PKT_PUBLIC_KEY:
	38	+ case PKT_PUBLIC_SUBKEY:
	39	+ case PKT_SECRET_KEY:
	40	+ case PKT_SECRET_SUBKEY:
	41	+ case PKT_SIGNATURE:
	42	+ case PKT_USER_ID:
	43	+ case PKT_ATTRIBUTE:
	44	+ case PKT_RING_TRUST:
	45	+ return 1;
	46	+ default:
	47	+ return 0;
	48	+ }
	49	+}
	50	+
	51	+
	52	/****************
	53	* Read the next keyblock from stream A.
	54	* PENDING_PKT should be initialzed to NULL
	55	@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET *pending_pkt, KBNODE ret_root )
	56	}
	57	in_cert = 1;
	58	default:
	59	- if( in_cert ) {
	60	+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
	61	if( !root )
	62	root = new_kbnode( pkt );
	63	else