From 4a9b9004bca6d1cb58ecc8bccf7f09b38b0e6c73 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Mon, 29 Apr 2013 14:47:22 +0100
Subject: gnupg: integrate fix for CVE-2012-6085

From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6085:
"The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x
through 2.0.19, when importing a key, allows remote attackers to corrupt the
public keyring database or cause a denial of service (application crash) via a
crafted length field of an OpenPGP packet."

Patch taken from upstream git, which is identical in both branches.

(From OE-Core rev: 44ed6605c1978325782d229d0c01329465c4c5c7)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-support/gnupg/gnupg_1.4.7.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'meta/recipes-support/gnupg/gnupg_1.4.7.bb')

diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
index 41552b2ee6..befcc313ec 100644
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -13,7 +13,8 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
            file://long-long-thumb.patch \
            file://configure.patch \
            file://mips_gcc4.4.patch \
-           file://curl_typeof_fix_backport.patch"
+           file://curl_typeof_fix_backport.patch \
+           file://cve-2012-6085.patch"
 
 SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"
 SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d"
-- 
cgit v1.2.3-54-g00ecf