diff options
Diffstat (limited to 'meta/recipes-support')
-rw-r--r-- | meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch | 44 | ||||
-rw-r--r-- | meta/recipes-support/gnupg/gnupg_1.4.7.bb | 4 |
2 files changed, 47 insertions, 1 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch new file mode 100644 index 0000000000..b29ede4233 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | Upstream-Status: Backport | ||
2 | |||
3 | Index: gnupg-1.4.7/g10/getkey.c | ||
4 | =================================================================== | ||
5 | --- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800 | ||
6 | +++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800 | ||
7 | @@ -1454,7 +1454,11 @@ | ||
8 | |||
9 | if(flags) | ||
10 | key_usage |= PUBKEY_USAGE_UNKNOWN; | ||
11 | + if (!key_usage) | ||
12 | + key_usage |= PUBKEY_USAGE_NONE; | ||
13 | } | ||
14 | + else if (p) | ||
15 | + key_usage |= PUBKEY_USAGE_NONE; | ||
16 | |||
17 | /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a | ||
18 | capability that we do not handle. This serves to distinguish | ||
19 | Index: gnupg-1.4.7/g10/keygen.c | ||
20 | =================================================================== | ||
21 | --- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800 | ||
22 | +++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800 | ||
23 | @@ -209,9 +209,6 @@ | ||
24 | if (use & PUBKEY_USAGE_AUTH) | ||
25 | buf[0] |= 0x20; | ||
26 | |||
27 | - if (!buf[0]) | ||
28 | - return; | ||
29 | - | ||
30 | build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); | ||
31 | } | ||
32 | |||
33 | Index: gnupg-1.4.7/include/cipher.h | ||
34 | =================================================================== | ||
35 | --- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800 | ||
36 | +++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800 | ||
37 | @@ -52,6 +52,7 @@ | ||
38 | #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ | ||
39 | #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */ | ||
40 | #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */ | ||
41 | +#define PUBKEY_USAGE_NONE 256 /* No usage given. */ | ||
42 | |||
43 | #define DIGEST_ALGO_MD5 1 | ||
44 | #define DIGEST_ALGO_SHA1 2 | ||
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb index fcc5fba9dd..83d8fabb5d 100644 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb | |||
@@ -14,7 +14,9 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ | |||
14 | file://configure.patch \ | 14 | file://configure.patch \ |
15 | file://mips_gcc4.4.patch \ | 15 | file://mips_gcc4.4.patch \ |
16 | file://GnuPG1-CVE-2012-6085.patch \ | 16 | file://GnuPG1-CVE-2012-6085.patch \ |
17 | file://curl_typeof_fix_backport.patch" | 17 | file://curl_typeof_fix_backport.patch \ |
18 | file://CVE-2013-4351.patch \ | ||
19 | " | ||
18 | 20 | ||
19 | SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" | 21 | SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" |
20 | SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" | 22 | SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" |