2 files changed, 3 insertions, 68 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch
deleted file mode 100644
index 64c30342cc..0000000000
--- a/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-commit 498882296ffac7987c644aaf2a0aa108a2925471
-Author: Werner Koch <wk@gnupg.org>
-Date:   Thu Dec 20 09:43:41 2012 +0100
-    gpg: Import only packets which are allowed in a keyblock.
-    
-    * g10/import.c (valid_keyblock_packet): New.
-    (read_block): Store only valid packets.
-    --
-    
-    A corrupted key, which for example included a mangled public key
-    encrypted packet, used to corrupt the keyring.  This change skips all
-    packets which are not allowed in a keyblock.
-    
-    GnuPG-bug-id: 1455
-    
-    (cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
-Upstream-Status: Backport
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-diff --git a/g10/import.c b/g10/import.c
-index ba2439d..ad112d6 100644
--- a/g10/import.c
-+++ b/g10/import.c
-@@ -347,6 +347,27 @@ import_print_stats (void *hd)
- }
- 
- 
-+/* Return true if PKTTYPE is valid in a keyblock.  */
-+static int
-+valid_keyblock_packet (int pkttype)
-+{
-+  switch (pkttype)
-+    {
-+    case PKT_PUBLIC_KEY:
-+    case PKT_PUBLIC_SUBKEY:
-+    case PKT_SECRET_KEY:
-+    case PKT_SECRET_SUBKEY:
-+    case PKT_SIGNATURE:
-+    case PKT_USER_ID:
-+    case PKT_ATTRIBUTE:
-+    case PKT_RING_TRUST:
-+      return 1;
-+    default:
-+      return 0;
-+    }
-+}
-+
-+
- /****************
-  * Read the next keyblock from stream A.
-  * PENDING_PKT should be initialzed to NULL
-@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
-            }
-            in_cert = 1;
-          default:
-           if( in_cert ) {
-+           if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
-                if( !root )
-                    root = new_kbnode( pkt );
-                else
diff --git a/meta/recipes-support/gnupg/gnupg_2.0.19.bb b/meta/recipes-support/gnupg/gnupg_2.0.20.bb
index 593250aad7..87acd00552 100644
--- a/meta/recipes-support/gnupg/gnupg_2.0.19.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.0.20.bb
@@ -7,15 +7,13 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \
 DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt"
 PTH = "pth"
 PTH_libc-uclibc = "npth"
-PR = "r5"
 inherit autotools gettext
-SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2 \
+SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2"
-           file://GnuPG2-CVE-2012-6085.patch"
-SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016"
+SRC_URI[md5sum] = "9d18ee71bb0b10d40d1c8a393bdd7a89"
-SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622"
+SRC_URI[sha256sum] = "6e949b7f062cab8a3cf0910f91ecf04cabaad458c0aeeec66298651b8b04b79a"
 EXTRA_OECONF = "--disable-ldap \
                --disable-ccid-driver \

diff --git a/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch deleted file mode 100644 index 64c30342cc..0000000000 --- a/meta/recipes-support/gnupg/gnupg-2.0.19/GnuPG2-CVE-2012-6085.patch +++ /dev/null
@@ -1,63 +0,0 @@
1	commit 498882296ffac7987c644aaf2a0aa108a2925471
2	Author: Werner Koch <wk@gnupg.org>
3	Date: Thu Dec 20 09:43:41 2012 +0100
4
5	gpg: Import only packets which are allowed in a keyblock.
6
7	* g10/import.c (valid_keyblock_packet): New.
8	(read_block): Store only valid packets.
9	--
10
11	A corrupted key, which for example included a mangled public key
12	encrypted packet, used to corrupt the keyring. This change skips all
13	packets which are not allowed in a keyblock.
14
15	GnuPG-bug-id: 1455
16
17	(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
18
19	Upstream-Status: Backport
20
21	Signed-off-by: Saul Wold <sgw@linux.intel.com>
22
23	diff --git a/g10/import.c b/g10/import.c
24	index ba2439d..ad112d6 100644
25	--- a/g10/import.c
26	+++ b/g10/import.c
27	@@ -347,6 +347,27 @@ import_print_stats (void *hd)
28	}
29
30
31	+/* Return true if PKTTYPE is valid in a keyblock. */
32	+static int
33	+valid_keyblock_packet (int pkttype)
34	+{
35	+ switch (pkttype)
36	+ {
37	+ case PKT_PUBLIC_KEY:
38	+ case PKT_PUBLIC_SUBKEY:
39	+ case PKT_SECRET_KEY:
40	+ case PKT_SECRET_SUBKEY:
41	+ case PKT_SIGNATURE:
42	+ case PKT_USER_ID:
43	+ case PKT_ATTRIBUTE:
44	+ case PKT_RING_TRUST:
45	+ return 1;
46	+ default:
47	+ return 0;
48	+ }
49	+}
50	+
51	+
52	/****************
53	* Read the next keyblock from stream A.
54	* PENDING_PKT should be initialzed to NULL
55	@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET *pending_pkt, KBNODE ret_root )
56	}
57	in_cert = 1;
58	default:
59	- if( in_cert ) {
60	+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
61	if( !root )
62	root = new_kbnode( pkt );
63	else


diff --git a/meta/recipes-support/gnupg/gnupg_2.0.19.bb b/meta/recipes-support/gnupg/gnupg_2.0.20.bb index 593250aad7..87acd00552 100644 --- a/meta/recipes-support/gnupg/gnupg_2.0.19.bb +++ b/meta/recipes-support/gnupg/gnupg_2.0.20.bb
@@ -7,15 +7,13 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \
7	DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt"	7	DEPENDS = "${PTH} libassuan libksba zlib bzip2 readline libgcrypt"
8	PTH = "pth"	8	PTH = "pth"
9	PTH_libc-uclibc = "npth"	9	PTH_libc-uclibc = "npth"
10	PR = "r5"
11		10
12	inherit autotools gettext	11	inherit autotools gettext
13		12
14	SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2 \	13	SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2"
15	file://GnuPG2-CVE-2012-6085.patch"
16		14
17	SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016"	15	SRC_URI[md5sum] = "9d18ee71bb0b10d40d1c8a393bdd7a89"
18	SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622"	16	SRC_URI[sha256sum] = "6e949b7f062cab8a3cf0910f91ecf04cabaad458c0aeeec66298651b8b04b79a"
19		17
20	EXTRA_OECONF = "--disable-ldap \	18	EXTRA_OECONF = "--disable-ldap \
21	--disable-ccid-driver \	19	--disable-ccid-driver \