[arch-commits] Commit in gnupg/trunk (PKGBUILD valid-keyblock-packet.patch)
Gaetan Bisson
bisson at nymeria.archlinux.org
Sun Jan 27 22:06:14 UTC 2013
Date: Sunday, January 27, 2013 @ 23:06:14
Author: bisson
Revision: 176232
prevent keyring corruption when importing dodgy packets
Added:
gnupg/trunk/valid-keyblock-packet.patch
Modified:
gnupg/trunk/PKGBUILD
-----------------------------+
PKGBUILD | 5 ++-
valid-keyblock-packet.patch | 61 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 65 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-01-27 20:40:41 UTC (rev 176231)
+++ PKGBUILD 2013-01-27 22:06:14 UTC (rev 176232)
@@ -6,7 +6,7 @@
pkgname=gnupg
pkgver=2.0.19
-pkgrel=4
+pkgrel=5
pkgdesc='Complete and free implementation of the OpenPGP standard'
url='http://www.gnupg.org/'
license=('GPL')
@@ -17,9 +17,11 @@
makedepends=('curl' 'libldap' 'libusb-compat')
depends=('bzip2' 'libksba' 'libgcrypt' 'pth' 'libassuan' 'readline' 'pinentry' 'dirmngr')
source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
+ 'valid-keyblock-packet.patch'
'protect-tool-env.patch')
sha1sums=('190c09e6688f688fb0a5cf884d01e240d957ac1f'
'f6e6830610a8629b0aad69d789373bf8ca481733'
+ '474d827f1c2976bb107985047f61ac9096ae0953'
'2ec97ba55ae47ff0d63bc813b8c64cb79cef11db')
install=install
@@ -31,6 +33,7 @@
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
patch -p1 -i ../protect-tool-env.patch # FS#31900
+ patch -p1 -i ../valid-keyblock-packet.patch
./configure --prefix=/usr --libexecdir=/usr/lib/gnupg
make
}
Added: valid-keyblock-packet.patch
===================================================================
--- valid-keyblock-packet.patch (rev 0)
+++ valid-keyblock-packet.patch 2013-01-27 22:06:14 UTC (rev 176232)
@@ -0,0 +1,61 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Thu, 20 Dec 2012 08:43:41 +0000 (+0100)
+Subject: gpg: Import only packets which are allowed in a keyblock.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=498882296ffac7987c644aaf2a0aa108a2925471;hp=20c95ef258f8520283406239f7c6f4729341d463
+
+gpg: Import only packets which are allowed in a keyblock.
+
+* g10/import.c (valid_keyblock_packet): New.
+(read_block): Store only valid packets.
+--
+
+A corrupted key, which for example included a mangled public key
+encrypted packet, used to corrupt the keyring. This change skips all
+packets which are not allowed in a keyblock.
+
+GnuPG-bug-id: 1455
+
+(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
+---
+
+diff --git a/g10/import.c b/g10/import.c
+index ba2439d..ad112d6 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -347,6 +347,27 @@ import_print_stats (void *hd)
+ }
+
+
++/* Return true if PKTTYPE is valid in a keyblock. */
++static int
++valid_keyblock_packet (int pkttype)
++{
++ switch (pkttype)
++ {
++ case PKT_PUBLIC_KEY:
++ case PKT_PUBLIC_SUBKEY:
++ case PKT_SECRET_KEY:
++ case PKT_SECRET_SUBKEY:
++ case PKT_SIGNATURE:
++ case PKT_USER_ID:
++ case PKT_ATTRIBUTE:
++ case PKT_RING_TRUST:
++ return 1;
++ default:
++ return 0;
++ }
++}
++
++
+ /****************
+ * Read the next keyblock from stream A.
+ * PENDING_PKT should be initialzed to NULL
+@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root )
+ }
+ in_cert = 1;
+ default:
+- if( in_cert ) {
++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
+ if( !root )
+ root = new_kbnode( pkt );
+ else
More information about the arch-commits
mailing list