summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch44
-rw-r--r--meta/recipes-support/gnupg/gnupg_1.4.7.bb4
2 files changed, 47 insertions, 1 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
new file mode 100644
index 0000000000..b29ede4233
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -0,0 +1,44 @@
1Upstream-Status: Backport
2
3Index: gnupg-1.4.7/g10/getkey.c
4===================================================================
5--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800
6+++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800
7@@ -1454,7 +1454,11 @@
8
9 if(flags)
10 key_usage |= PUBKEY_USAGE_UNKNOWN;
11+ if (!key_usage)
12+ key_usage |= PUBKEY_USAGE_NONE;
13 }
14+ else if (p)
15+ key_usage |= PUBKEY_USAGE_NONE;
16
17 /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
18 capability that we do not handle. This serves to distinguish
19Index: gnupg-1.4.7/g10/keygen.c
20===================================================================
21--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800
22+++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800
23@@ -209,9 +209,6 @@
24 if (use & PUBKEY_USAGE_AUTH)
25 buf[0] |= 0x20;
26
27- if (!buf[0])
28- return;
29-
30 build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
31 }
32
33Index: gnupg-1.4.7/include/cipher.h
34===================================================================
35--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800
36+++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800
37@@ -52,6 +52,7 @@
38 #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
39 #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */
40 #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */
41+#define PUBKEY_USAGE_NONE 256 /* No usage given. */
42
43 #define DIGEST_ALGO_MD5 1
44 #define DIGEST_ALGO_SHA1 2
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
index fcc5fba9dd..83d8fabb5d 100644
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -14,7 +14,9 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
14 file://configure.patch \ 14 file://configure.patch \
15 file://mips_gcc4.4.patch \ 15 file://mips_gcc4.4.patch \
16 file://GnuPG1-CVE-2012-6085.patch \ 16 file://GnuPG1-CVE-2012-6085.patch \
17 file://curl_typeof_fix_backport.patch" 17 file://curl_typeof_fix_backport.patch \
18 file://CVE-2013-4351.patch \
19 "
18 20
19SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" 21SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
20SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" 22SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"