2 files changed, 47 insertions, 1 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
new file mode 100644
index 0000000000..b29ede4233
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -0,0 +1,44 @@
+Upstream-Status: Backport
+Index: gnupg-1.4.7/g10/getkey.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/getkey.c       2007-03-05 16:54:41.000000000 +0800
+++ gnupg-1.4.7/g10/getkey.c    2013-11-28 14:41:59.640212240 +0800
+@@ -1454,7 +1454,11 @@
+ 
+       if(flags)
+        key_usage |= PUBKEY_USAGE_UNKNOWN;
+      if (!key_usage)
+       key_usage |= PUBKEY_USAGE_NONE;
+     }
+  else if (p)
+    key_usage |= PUBKEY_USAGE_NONE;
+ 
+   /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
+      capability that we do not handle.  This serves to distinguish
+Index: gnupg-1.4.7/g10/keygen.c
+===================================================================
+--- gnupg-1.4.7.orig/g10/keygen.c       2007-02-05 00:27:40.000000000 +0800
+++ gnupg-1.4.7/g10/keygen.c    2013-11-28 14:43:05.016670092 +0800
+@@ -209,9 +209,6 @@
+     if (use & PUBKEY_USAGE_AUTH)
+         buf[0] |= 0x20;
+ 
+-    if (!buf[0]) 
+-        return;
+-
+     build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
+ }
+ 
+Index: gnupg-1.4.7/include/cipher.h
+===================================================================
+--- gnupg-1.4.7.orig/include/cipher.h   2006-04-21 20:39:49.000000000 +0800
+++ gnupg-1.4.7/include/cipher.h        2013-11-28 14:49:24.159322744 +0800
+@@ -52,6 +52,7 @@
+ #define PUBKEY_USAGE_CERT    4      /* key is also good to certify other keys*/
+ #define PUBKEY_USAGE_AUTH    8      /* key is good for authentication */
+ #define PUBKEY_USAGE_UNKNOWN 128    /* key has an unknown usage bit */
+#define PUBKEY_USAGE_NONE    256    /* No usage given. */
+ 
+ #define DIGEST_ALGO_MD5       1
+ #define DIGEST_ALGO_SHA1      2
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
index fcc5fba9dd..83d8fabb5d 100644
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -14,7 +14,9 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
           file://configure.patch \
           file://mips_gcc4.4.patch \
           file://GnuPG1-CVE-2012-6085.patch \
-           file://curl_typeof_fix_backport.patch"
+           file://curl_typeof_fix_backport.patch \
+           file://CVE-2013-4351.patch \
+          "
 SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
 SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"

diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch new file mode 100644 index 0000000000..b29ede4233 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -0,0 +1,44 @@
		1	Upstream-Status: Backport
		2
		3	Index: gnupg-1.4.7/g10/getkey.c
		4	===================================================================
		5	--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800
		6	+++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800
		7	@@ -1454,7 +1454,11 @@
		8
		9	if(flags)
		10	key_usage \|= PUBKEY_USAGE_UNKNOWN;
		11	+ if (!key_usage)
		12	+ key_usage \|= PUBKEY_USAGE_NONE;
		13	}
		14	+ else if (p)
		15	+ key_usage \|= PUBKEY_USAGE_NONE;
		16
		17	/* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
		18	capability that we do not handle. This serves to distinguish
		19	Index: gnupg-1.4.7/g10/keygen.c
		20	===================================================================
		21	--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800
		22	+++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800
		23	@@ -209,9 +209,6 @@
		24	if (use & PUBKEY_USAGE_AUTH)
		25	buf[0] \|= 0x20;
		26
		27	- if (!buf[0])
		28	- return;
		29	-
		30	build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
		31	}
		32
		33	Index: gnupg-1.4.7/include/cipher.h
		34	===================================================================
		35	--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800
		36	+++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800
		37	@@ -52,6 +52,7 @@
		38	#define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
		39	#define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */
		40	#define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */
		41	+#define PUBKEY_USAGE_NONE 256 /* No usage given. */
		42
		43	#define DIGEST_ALGO_MD5 1
		44	#define DIGEST_ALGO_SHA1 2


diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb index fcc5fba9dd..83d8fabb5d 100644 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -14,7 +14,9 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
14	file://configure.patch \	14	file://configure.patch \
15	file://mips_gcc4.4.patch \	15	file://mips_gcc4.4.patch \
16	file://GnuPG1-CVE-2012-6085.patch \	16	file://GnuPG1-CVE-2012-6085.patch \
17	file://curl_typeof_fix_backport.patch"	17	file://curl_typeof_fix_backport.patch \
		18	file://CVE-2013-4351.patch \
		19	"
18		20
19	SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"	21	SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
20	SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"	22	SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"