1 files changed, 70 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch
new file mode 100644
index 0000000000..2b98a3c4f2
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch
@@ -0,0 +1,70 @@
+Fix CVE-2012-6085 by backporting a patch from upstream's git repository.
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+From 498882296ffac7987c644aaf2a0aa108a2925471 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 20 Dec 2012 09:43:41 +0100
+Subject: [PATCH] gpg: Import only packets which are allowed in a keyblock.
+* g10/import.c (valid_keyblock_packet): New.
+(read_block): Store only valid packets.
+--
+A corrupted key, which for example included a mangled public key
+encrypted packet, used to corrupt the keyring.  This change skips all
+packets which are not allowed in a keyblock.
+GnuPG-bug-id: 1455
+(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
+---
+ g10/import.c |   23 ++++++++++++++++++++++-
+ 1 files changed, 22 insertions(+), 1 deletions(-)
+diff --git a/g10/import.c b/g10/import.c
+index ba2439d..ad112d6 100644
+--- a/g10/import.c
+++ b/g10/import.c
+@@ -347,6 +347,27 @@ import_print_stats (void *hd)
+ }
+ 
+ 
+/* Return true if PKTTYPE is valid in a keyblock.  */
+static int
+valid_keyblock_packet (int pkttype)
+{
+  switch (pkttype)
+    {
+    case PKT_PUBLIC_KEY:
+    case PKT_PUBLIC_SUBKEY:
+    case PKT_SECRET_KEY:
+    case PKT_SECRET_SUBKEY:
+    case PKT_SIGNATURE:
+    case PKT_USER_ID:
+    case PKT_ATTRIBUTE:
+    case PKT_RING_TRUST:
+      return 1;
+    default:
+      return 0;
+    }
+}
+
+
+ /****************
+  * Read the next keyblock from stream A.
+  * PENDING_PKT should be initialzed to NULL
+@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+            }
+            in_cert = 1;
+          default:
+-           if( in_cert ) {
+           if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+                if( !root )
+                    root = new_kbnode( pkt );
+                else
+-- 
+1.7.2.5

diff --git a/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch new file mode 100644 index 0000000000..2b98a3c4f2 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch
@@ -0,0 +1,70 @@
	1	Fix CVE-2012-6085 by backporting a patch from upstream's git repository.
	2
	3	Upstream-Status: Backport
	4	Signed-off-by: Ross Burton <ross.burton@intel.com>
	5
	6
	7	From 498882296ffac7987c644aaf2a0aa108a2925471 Mon Sep 17 00:00:00 2001
	8	From: Werner Koch <wk@gnupg.org>
	9	Date: Thu, 20 Dec 2012 09:43:41 +0100
	10	Subject: [PATCH] gpg: Import only packets which are allowed in a keyblock.
	11
	12	* g10/import.c (valid_keyblock_packet): New.
	13	(read_block): Store only valid packets.
	14	--
	15
	16	A corrupted key, which for example included a mangled public key
	17	encrypted packet, used to corrupt the keyring. This change skips all
	18	packets which are not allowed in a keyblock.
	19
	20	GnuPG-bug-id: 1455
	21
	22	(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
	23	---
	24	g10/import.c \| 23 ++++++++++++++++++++++-
	25	1 files changed, 22 insertions(+), 1 deletions(-)
	26
	27	diff --git a/g10/import.c b/g10/import.c
	28	index ba2439d..ad112d6 100644
	29	--- a/g10/import.c
	30	+++ b/g10/import.c
	31	@@ -347,6 +347,27 @@ import_print_stats (void *hd)
	32	}
	33
	34
	35	+/* Return true if PKTTYPE is valid in a keyblock. */
	36	+static int
	37	+valid_keyblock_packet (int pkttype)
	38	+{
	39	+ switch (pkttype)
	40	+ {
	41	+ case PKT_PUBLIC_KEY:
	42	+ case PKT_PUBLIC_SUBKEY:
	43	+ case PKT_SECRET_KEY:
	44	+ case PKT_SECRET_SUBKEY:
	45	+ case PKT_SIGNATURE:
	46	+ case PKT_USER_ID:
	47	+ case PKT_ATTRIBUTE:
	48	+ case PKT_RING_TRUST:
	49	+ return 1;
	50	+ default:
	51	+ return 0;
	52	+ }
	53	+}
	54	+
	55	+
	56	/****************
	57	* Read the next keyblock from stream A.
	58	* PENDING_PKT should be initialzed to NULL
	59	@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET *pending_pkt, KBNODE ret_root )
	60	}
	61	in_cert = 1;
	62	default:
	63	- if( in_cert ) {
	64	+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
	65	if( !root )
	66	root = new_kbnode( pkt );
	67	else
	68	--
	69	1.7.2.5
	70