[arch-commits] Commit in gnupg/repos (14 files)

Gaetan Bisson bisson at archlinux.org
Thu Dec 11 20:09:46 UTC 2014


    Date: Thursday, December 11, 2014 @ 21:09:46
  Author: bisson
Revision: 227550

archrelease: copy trunk to testing-i686, testing-x86_64

Added:
  gnupg/repos/testing-i686/
  gnupg/repos/testing-i686/PKGBUILD
    (from rev 227549, gnupg/trunk/PKGBUILD)
  gnupg/repos/testing-i686/hash-ecdsa.patch
    (from rev 227549, gnupg/trunk/hash-ecdsa.patch)
  gnupg/repos/testing-i686/install
    (from rev 227549, gnupg/trunk/install)
  gnupg/repos/testing-i686/oid2str-overflow.patch
    (from rev 227549, gnupg/trunk/oid2str-overflow.patch)
  gnupg/repos/testing-i686/refresh-keys.patch
    (from rev 227549, gnupg/trunk/refresh-keys.patch)
  gnupg/repos/testing-i686/subpacket-off.patch
    (from rev 227549, gnupg/trunk/subpacket-off.patch)
  gnupg/repos/testing-x86_64/
  gnupg/repos/testing-x86_64/PKGBUILD
    (from rev 227549, gnupg/trunk/PKGBUILD)
  gnupg/repos/testing-x86_64/hash-ecdsa.patch
    (from rev 227549, gnupg/trunk/hash-ecdsa.patch)
  gnupg/repos/testing-x86_64/install
    (from rev 227549, gnupg/trunk/install)
  gnupg/repos/testing-x86_64/oid2str-overflow.patch
    (from rev 227549, gnupg/trunk/oid2str-overflow.patch)
  gnupg/repos/testing-x86_64/refresh-keys.patch
    (from rev 227549, gnupg/trunk/refresh-keys.patch)
  gnupg/repos/testing-x86_64/subpacket-off.patch
    (from rev 227549, gnupg/trunk/subpacket-off.patch)

---------------------------------------+
 testing-i686/PKGBUILD                 |   70 +++++++++
 testing-i686/hash-ecdsa.patch         |   48 ++++++
 testing-i686/install                  |   25 +++
 testing-i686/oid2str-overflow.patch   |   72 +++++++++
 testing-i686/refresh-keys.patch       |  238 ++++++++++++++++++++++++++++++++
 testing-i686/subpacket-off.patch      |   38 +++++
 testing-x86_64/PKGBUILD               |   70 +++++++++
 testing-x86_64/hash-ecdsa.patch       |   48 ++++++
 testing-x86_64/install                |   25 +++
 testing-x86_64/oid2str-overflow.patch |   72 +++++++++
 testing-x86_64/refresh-keys.patch     |  238 ++++++++++++++++++++++++++++++++
 testing-x86_64/subpacket-off.patch    |   38 +++++
 12 files changed, 982 insertions(+)

Copied: gnupg/repos/testing-i686/PKGBUILD (from rev 227549, gnupg/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD	                        (rev 0)
+++ testing-i686/PKGBUILD	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,70 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Tobias Powalowski <tpowa at archlinux.org>
+# Contributor: Andreas Radke <andyrtr at archlinux.org>
+# Contributor: Judd Vinet <jvinet at zeroflux.org>
+
+pkgname=gnupg
+pkgver=2.1.0
+pkgrel=7
+pkgdesc='Complete and free implementation of the OpenPGP standard'
+url='http://www.gnupg.org/'
+license=('GPL')
+arch=('i686' 'x86_64')
+optdepends=('libldap: gpg2keys_ldap'
+            'libusb-compat: scdaemon')
+makedepends=('libldap' 'libusb-compat')
+depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
+         'pinentry' 'bzip2' 'readline' 'gnutls')
+source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
+        'oid2str-overflow.patch'
+        'subpacket-off.patch'
+        'refresh-keys.patch'
+        'hash-ecdsa.patch')
+sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP'
+          '774f7fe541428f45ee145c763cf5634264e3bc69'
+          '1a86b834904c7d18d932ad1bb44d3642990d3cbd'
+          '246bea8776882f4c0293685482558f6ead1cf902'
+          'b9bd644276aa1c1a3fcaed82e65eecccfd1f36ed')
+
+install=install
+
+conflicts=('dirmngr' 'gnupg2')
+provides=('dirmngr' "gnupg2=${pkgver}")
+replaces=('dirmngr' 'gnupg2')
+
+prepare() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	patch -p1 -i ../oid2str-overflow.patch
+	patch -p1 -i ../subpacket-off.patch
+	patch -p1 -i ../refresh-keys.patch
+	patch -p1 -i ../hash-ecdsa.patch
+}
+
+build() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--sbindir=/usr/bin \
+		--libexecdir=/usr/lib/gnupg \
+		--enable-maintainer-mode \
+		--enable-symcryptrun \
+		--enable-gpgtar \
+
+	make
+}
+
+check() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make check
+}
+
+package() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make DESTDIR="${pkgdir}" install
+	ln -s gpg2 "${pkgdir}"/usr/bin/gpg
+	ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
+	ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
+	rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
+}

Copied: gnupg/repos/testing-i686/hash-ecdsa.patch (from rev 227549, gnupg/trunk/hash-ecdsa.patch)
===================================================================
--- testing-i686/hash-ecdsa.patch	                        (rev 0)
+++ testing-i686/hash-ecdsa.patch	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,48 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Wed, 19 Nov 2014 09:34:32 +0000 (+0100)
+Subject: gpg: Fix hash detection for ECDSA.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=f80c2dd78d522f12b2c7afbd5c0763a97d87d2bd;hp=cd2c6f36fe5d1d1d45546f5168aead5cbe6487e0
+
+gpg: Fix hash detection for ECDSA.
+
+* g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA.
+--
+
+This error was introduced with
+commit b7f8dec6325f1c80640f878ed3080bbc194fbc78
+while separating EdDSA from ECDSA.
+
+Found due to a related bug report from Brian Minton.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+
+diff --git a/g10/sign.c b/g10/sign.c
+index e7d4a68..2e62f04 100644
+--- a/g10/sign.c
++++ b/g10/sign.c
+@@ -899,13 +899,12 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
+ 	    for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
+ 	      {
+ 		if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_DSA
+-                    || (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_EDDSA
+-                        && !openpgp_oid_is_ed25519 (sk_rover->pk->pkey[1])))
++                    || sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
+ 		  {
+ 		    int temp_hashlen = (gcry_mpi_get_nbits
+                                         (sk_rover->pk->pkey[1]));
+ 
+-		    if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_EDDSA)
++		    if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
+ 		      temp_hashlen = ecdsa_qbits_from_Q (temp_hashlen);
+ 		    temp_hashlen = (temp_hashlen+7)/8;
+ 
+@@ -915,7 +914,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
+ 		    if (hint.digest_length<temp_hashlen)
+ 		      hint.digest_length=temp_hashlen;
+ 		  }
+-                /* FIXME: need toall gpg-agent */
++                /* FIXME: need to check gpg-agent for this. */
+ 		/* else if (sk_rover->pk->is_protected */
+                 /*          && sk_rover->pk->protect.s2k.mode == 1002) */
+ 		/*   smartcard = 1;  */

Copied: gnupg/repos/testing-i686/install (from rev 227549, gnupg/trunk/install)
===================================================================
--- testing-i686/install	                        (rev 0)
+++ testing-i686/install	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,25 @@
+info_dir=/usr/share/info
+info_files=(gnupg.info gnupg.info-1 gnupg.info-2)
+
+post_install() {
+	[ -x usr/bin/install-info ] || return 0
+	for f in ${info_files[@]}; do
+		usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+	done
+}
+
+pre_remove() {
+	[ -x usr/bin/install-info ] || return 0
+	for f in ${info_files[@]}; do
+		usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+	done
+}
+
+post_upgrade() {
+	post_install
+
+	# Fix upgrade to 2.1; see FS#42798
+	[ $(vercmp $2 2.1.0-4) = -1 ] &&
+	dirmngr </dev/null &>/dev/null ||
+	return 0
+}

Copied: gnupg/repos/testing-i686/oid2str-overflow.patch (from rev 227549, gnupg/trunk/oid2str-overflow.patch)
===================================================================
--- testing-i686/oid2str-overflow.patch	                        (rev 0)
+++ testing-i686/oid2str-overflow.patch	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,72 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Tue, 25 Nov 2014 10:58:56 +0000 (+0100)
+Subject: Fix buffer overflow in openpgp_oid_to_str.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=8445ef24fc31e1fe0291e17f90f9f06b536e34da;hp=28dafd4714a9b01d3a6f1e6e5919bf6f909987c7
+
+Fix buffer overflow in openpgp_oid_to_str.
+
+* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.
+
+* common/t-openpgp-oid.c (BADOID): New.
+(test_openpgp_oid_to_str): Add test cases.
+--
+
+The code has an obvious error by not considering invalid encoding for
+arc-2.  A first byte of 0x80 can be used to make a value of less then
+80 and we then subtract 80 from that value as required by the OID
+encoding rules.  Due to the unsigned integer this results in a pretty
+long value which won't fit anymore into the allocated buffer.
+
+The fix is obvious.  Also added a few simple test cases.  Note that we
+keep on using sprintf instead of snprintf because managing the
+remaining length of the buffer would probably be more error prone than
+assuring that the buffer is large enough.  Getting rid of sprintf
+altogether by using direct conversion along with membuf_t like code
+might be possible.
+
+Reported-by: Hanno Böck
+Signed-off-by: Werner Koch <wk at gnupg.org>
+
+Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7
+---
+
+diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c
+index 010c23f..d3d1f2a 100644
+--- a/common/openpgp-oid.c
++++ b/common/openpgp-oid.c
+@@ -236,6 +236,8 @@ openpgp_oid_to_str (gcry_mpi_t a)
+         val <<= 7;
+         val |= buf[n] & 0x7f;
+       }
++    if (val < 80)
++      goto badoid;
+     val -= 80;
+     sprintf (p, "2.%lu", val);
+     p += strlen (p);
+diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c
+index 79e5a70..5cd778d 100644
+--- a/common/t-openpgp-oid.c
++++ b/common/t-openpgp-oid.c
+@@ -32,6 +32,9 @@
+   } while(0)
+ 
+ 
++#define BADOID "1.3.6.1.4.1.11591.2.12242973"
++
++
+ static void
+ test_openpgp_oid_from_str (void)
+ {
+@@ -108,6 +111,12 @@ test_openpgp_oid_to_str (void)
+     { "1.3.132.0.35",
+       { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 }},
+ 
++    { BADOID,
++      { 9, 0x80, 0x02, 0x70, 0x50, 0x25, 0x46, 0xfd, 0x0c, 0xc0 }},
++
++    { BADOID,
++      { 1, 0x80 }},
++
+     { NULL }};
+   gcry_mpi_t a;
+   int idx;

Copied: gnupg/repos/testing-i686/refresh-keys.patch (from rev 227549, gnupg/trunk/refresh-keys.patch)
===================================================================
--- testing-i686/refresh-keys.patch	                        (rev 0)
+++ testing-i686/refresh-keys.patch	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,238 @@
+From eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk at gnupg.org>
+Date: Wed, 12 Nov 2014 12:14:32 +0100
+Subject: [PATCH] gpg: Fix regression in --refresh-keys
+
+* g10/keyserver.c (keyserver_get): Factor all code out to ...
+(keyserver_get_chunk): new.  Extimate line length.
+(keyserver_get): Split up requests into chunks.
+--
+
+Note that refreshing all keys still requires way to much memory
+because we build an in-memory list of all keys first.  It is required
+to first get a list of all keys to avoid conflicts while updating the
+key store in the process of receiving keys.  A better strategy would
+be a background process and tracking the last update in the key store.
+
+GnuPG-bug-id: 1755
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+ g10/call-dirmngr.c |    2 +-
+ g10/keyserver.c    |  107 ++++++++++++++++++++++++++++++++++++++++++----------
+ 2 files changed, 89 insertions(+), 20 deletions(-)
+
+diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
+index 5bddbbe..71f5324 100644
+--- a/g10/call-dirmngr.c
++++ b/g10/call-dirmngr.c
+@@ -429,7 +429,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen)
+    error an error code is returned and NULL stored at R_FP.
+ 
+    The pattern may only use search specification which a keyserver can
+-   use to retriev keys.  Because we know the format of the pattern we
++   use to retrieve keys.  Because we know the format of the pattern we
+    don't need to escape the patterns before sending them to the
+    server.
+ 
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 1b2e128..5bc1eba 100644
+--- a/g10/keyserver.c
++++ b/g10/keyserver.c
+@@ -1567,17 +1567,16 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
+   return err;
+ }
+ 
+-
+-
+-/* Retrieve a key from a keyserver.  The search pattern are in
+-   (DESC,NDESC).  Allowed search modes are keyid, fingerprint, and
+-   exact searches.  KEYSERVER gives an optional override keyserver. If
+-   (R_FPR,R_FPRLEN) are not NULL, the may retrun the fingerprint of
+-   one imported key.  */
++/* Helper for keyserver_get.  Here we only receive a chunk of the
++   description to be processed in one batch.  This is required due to
++   the limited number of patterns the dirmngr interface (KS_GET) can
++   grok and to limit the amount of temporary required memory.  */
+ static gpg_error_t
+-keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+-               struct keyserver_spec *keyserver,
+-               unsigned char **r_fpr, size_t *r_fprlen)
++keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++                     int *r_ndesc_used,
++                     void *stats_handle,
++                     struct keyserver_spec *keyserver,
++                     unsigned char **r_fpr, size_t *r_fprlen)
+ 
+ {
+   gpg_error_t err = 0;
+@@ -1585,12 +1584,26 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+   int idx, npat;
+   estream_t datastream;
+   char *source = NULL;
++  size_t linelen;  /* Estimated linelen for KS_GET.  */
++  size_t n;
++
++#define MAX_KS_GET_LINELEN 950  /* Somewhat lower than the real limit.  */
++
++  *r_ndesc_used = 0;
+ 
+   /* Create an array filled with a search pattern for each key.  The
+      array is delimited by a NULL entry.  */
+   pattern = xtrycalloc (ndesc+1, sizeof *pattern);
+   if (!pattern)
+     return gpg_error_from_syserror ();
++
++  /* Note that we break the loop as soon as our estimation of the to
++     be used line length reaches the limit.  But we do this only if we
++     have processed at leas one search requests so that an overlong
++     single request will be rejected only later by gpg_dirmngr_ks_get
++     but we are sure that R_NDESC_USED has been updated.  This avoids
++     a possible indefinite loop.  */
++  linelen = 9; /* "KS_GET --" */
+   for (npat=idx=0; idx < ndesc; idx++)
+     {
+       int quiet = 0;
+@@ -1598,7 +1611,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+       if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
+           || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
+         {
+-          pattern[npat] = xtrymalloc (2+2*20+1);
++          n = 1+2+2*20;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
++          pattern[npat] = xtrymalloc (n);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+           else
+@@ -1612,6 +1630,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
+         {
++          n = 1+2+16;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = xtryasprintf ("0x%08lX%08lX",
+                                         (ulong)desc[idx].u.kid[0],
+                                         (ulong)desc[idx].u.kid[1]);
+@@ -1622,6 +1645,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+         {
++          n = 1+2+8;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+@@ -1630,11 +1658,17 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
+         {
+-          /* The Dirmngr uses also classify_user_id to detect the type
++          /* The Dirmngr also uses classify_user_id to detect the type
+              of the search string.  By adding the '=' prefix we force
+              Dirmngr's KS_GET to consider this an exact search string.
+              (In gpg 1.4 and gpg 2.0 the keyserver helpers used the
+              KS_GETNAME command to indicate this.)  */
++
++          n = 1+1+strlen (desc[idx].u.name);
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+@@ -1669,6 +1703,9 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+     }
+ 
++  /* Remember now many of search items were considered.  Note that
++     this is different from NPAT.  */
++  *r_ndesc_used = idx;
+ 
+   err = gpg_dirmngr_ks_get (ctrl, pattern, &datastream, &source);
+   for (idx=0; idx < npat; idx++)
+@@ -1679,11 +1716,8 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ 
+   if (!err)
+     {
+-      void *stats_handle;
+       struct ks_retrieval_screener_arg_s screenerarg;
+ 
+-      stats_handle = import_new_stats_handle();
+-
+       /* FIXME: Check whether this comment should be moved to dirmngr.
+ 
+          Slurp up all the key data.  In the future, it might be nice
+@@ -1697,15 +1731,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+          keyservers. */
+ 
+       screenerarg.desc = desc;
+-      screenerarg.ndesc = ndesc;
++      screenerarg.ndesc = *r_ndesc_used;
+       import_keys_es_stream (ctrl, datastream, stats_handle,
+                              r_fpr, r_fprlen,
+                              (opt.keyserver_options.import_options
+                               | IMPORT_NO_SECKEY),
+                              keyserver_retrieval_screener, &screenerarg);
+-
+-      import_print_stats (stats_handle);
+-      import_release_stats_handle (stats_handle);
+     }
+   es_fclose (datastream);
+   xfree (source);
+@@ -1714,6 +1745,44 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ 
+ 
++/* Retrieve a key from a keyserver.  The search pattern are in
++   (DESC,NDESC).  Allowed search modes are keyid, fingerprint, and
++   exact searches.  KEYSERVER gives an optional override keyserver. If
++   (R_FPR,R_FPRLEN) are not NULL, they may return the fingerprint of a
++   single imported key.  */
++static gpg_error_t
++keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++               struct keyserver_spec *keyserver,
++               unsigned char **r_fpr, size_t *r_fprlen)
++{
++  gpg_error_t err;
++  void *stats_handle;
++  int ndesc_used;
++  int any_good = 0;
++
++  stats_handle = import_new_stats_handle();
++
++  for (;;)
++    {
++      err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
++                                 keyserver, r_fpr, r_fprlen);
++      if (!err)
++        any_good = 1;
++      if (err || ndesc_used >= ndesc)
++        break; /* Error or all processed.  */
++      /* Prepare for the next chunk.  */
++      desc += ndesc_used;
++      ndesc -= ndesc_used;
++    }
++
++  if (any_good)
++    import_print_stats (stats_handle);
++
++  import_release_stats_handle (stats_handle);
++  return err;
++}
++
++
+ /* Send all keys specified by KEYSPECS to the KEYSERVERS.  */
+ static gpg_error_t
+ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
+-- 
+1.7.10.4
+

Copied: gnupg/repos/testing-i686/subpacket-off.patch (from rev 227549, gnupg/trunk/subpacket-off.patch)
===================================================================
--- testing-i686/subpacket-off.patch	                        (rev 0)
+++ testing-i686/subpacket-off.patch	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,38 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Mon, 24 Nov 2014 16:28:25 +0000 (+0100)
+Subject: gpg: Fix off-by-one read in the attribute subpacket parser.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=0988764397f99db4efef1eabcdb8072d6159af76;hp=b716e6a69919b89c7887d6c7c9b97e58d18fdf95
+
+gpg: Fix off-by-one read in the attribute subpacket parser.
+
+* g10/parse-packet.c (parse_attribute_subpkts): Check that the
+attribute packet is large enough for the subpacket type.
+--
+
+Reported-by: Hanno Böck
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+
+diff --git a/g10/parse-packet.c b/g10/parse-packet.c
+index e0370aa..f75e21c 100644
+--- a/g10/parse-packet.c
++++ b/g10/parse-packet.c
+@@ -2359,8 +2359,16 @@ parse_attribute_subpkts (PKT_user_id * uid)
+       if (buflen < n)
+ 	goto too_short;
+ 
+-      attribs =
+-	xrealloc (attribs, (count + 1) * sizeof (struct user_attribute));
++      if (!n)
++        {
++          /* Too short to encode the subpacket type.  */
++          if (opt.verbose)
++            log_info ("attribute subpacket too short\n");
++          break;
++        }
++
++      attribs = xrealloc (attribs,
++                          (count + 1) * sizeof (struct user_attribute));
+       memset (&attribs[count], 0, sizeof (struct user_attribute));
+ 
+       type = *buffer;

Copied: gnupg/repos/testing-x86_64/PKGBUILD (from rev 227549, gnupg/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,70 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Tobias Powalowski <tpowa at archlinux.org>
+# Contributor: Andreas Radke <andyrtr at archlinux.org>
+# Contributor: Judd Vinet <jvinet at zeroflux.org>
+
+pkgname=gnupg
+pkgver=2.1.0
+pkgrel=7
+pkgdesc='Complete and free implementation of the OpenPGP standard'
+url='http://www.gnupg.org/'
+license=('GPL')
+arch=('i686' 'x86_64')
+optdepends=('libldap: gpg2keys_ldap'
+            'libusb-compat: scdaemon')
+makedepends=('libldap' 'libusb-compat')
+depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
+         'pinentry' 'bzip2' 'readline' 'gnutls')
+source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
+        'oid2str-overflow.patch'
+        'subpacket-off.patch'
+        'refresh-keys.patch'
+        'hash-ecdsa.patch')
+sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP'
+          '774f7fe541428f45ee145c763cf5634264e3bc69'
+          '1a86b834904c7d18d932ad1bb44d3642990d3cbd'
+          '246bea8776882f4c0293685482558f6ead1cf902'
+          'b9bd644276aa1c1a3fcaed82e65eecccfd1f36ed')
+
+install=install
+
+conflicts=('dirmngr' 'gnupg2')
+provides=('dirmngr' "gnupg2=${pkgver}")
+replaces=('dirmngr' 'gnupg2')
+
+prepare() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	patch -p1 -i ../oid2str-overflow.patch
+	patch -p1 -i ../subpacket-off.patch
+	patch -p1 -i ../refresh-keys.patch
+	patch -p1 -i ../hash-ecdsa.patch
+}
+
+build() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--sbindir=/usr/bin \
+		--libexecdir=/usr/lib/gnupg \
+		--enable-maintainer-mode \
+		--enable-symcryptrun \
+		--enable-gpgtar \
+
+	make
+}
+
+check() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make check
+}
+
+package() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make DESTDIR="${pkgdir}" install
+	ln -s gpg2 "${pkgdir}"/usr/bin/gpg
+	ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv
+	ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz
+	rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059
+}

Copied: gnupg/repos/testing-x86_64/hash-ecdsa.patch (from rev 227549, gnupg/trunk/hash-ecdsa.patch)
===================================================================
--- testing-x86_64/hash-ecdsa.patch	                        (rev 0)
+++ testing-x86_64/hash-ecdsa.patch	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,48 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Wed, 19 Nov 2014 09:34:32 +0000 (+0100)
+Subject: gpg: Fix hash detection for ECDSA.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=f80c2dd78d522f12b2c7afbd5c0763a97d87d2bd;hp=cd2c6f36fe5d1d1d45546f5168aead5cbe6487e0
+
+gpg: Fix hash detection for ECDSA.
+
+* g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA.
+--
+
+This error was introduced with
+commit b7f8dec6325f1c80640f878ed3080bbc194fbc78
+while separating EdDSA from ECDSA.
+
+Found due to a related bug report from Brian Minton.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+
+diff --git a/g10/sign.c b/g10/sign.c
+index e7d4a68..2e62f04 100644
+--- a/g10/sign.c
++++ b/g10/sign.c
+@@ -899,13 +899,12 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
+ 	    for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
+ 	      {
+ 		if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_DSA
+-                    || (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_EDDSA
+-                        && !openpgp_oid_is_ed25519 (sk_rover->pk->pkey[1])))
++                    || sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
+ 		  {
+ 		    int temp_hashlen = (gcry_mpi_get_nbits
+                                         (sk_rover->pk->pkey[1]));
+ 
+-		    if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_EDDSA)
++		    if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
+ 		      temp_hashlen = ecdsa_qbits_from_Q (temp_hashlen);
+ 		    temp_hashlen = (temp_hashlen+7)/8;
+ 
+@@ -915,7 +914,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
+ 		    if (hint.digest_length<temp_hashlen)
+ 		      hint.digest_length=temp_hashlen;
+ 		  }
+-                /* FIXME: need toall gpg-agent */
++                /* FIXME: need to check gpg-agent for this. */
+ 		/* else if (sk_rover->pk->is_protected */
+                 /*          && sk_rover->pk->protect.s2k.mode == 1002) */
+ 		/*   smartcard = 1;  */

Copied: gnupg/repos/testing-x86_64/install (from rev 227549, gnupg/trunk/install)
===================================================================
--- testing-x86_64/install	                        (rev 0)
+++ testing-x86_64/install	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,25 @@
+info_dir=/usr/share/info
+info_files=(gnupg.info gnupg.info-1 gnupg.info-2)
+
+post_install() {
+	[ -x usr/bin/install-info ] || return 0
+	for f in ${info_files[@]}; do
+		usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+	done
+}
+
+pre_remove() {
+	[ -x usr/bin/install-info ] || return 0
+	for f in ${info_files[@]}; do
+		usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null
+	done
+}
+
+post_upgrade() {
+	post_install
+
+	# Fix upgrade to 2.1; see FS#42798
+	[ $(vercmp $2 2.1.0-4) = -1 ] &&
+	dirmngr </dev/null &>/dev/null ||
+	return 0
+}

Copied: gnupg/repos/testing-x86_64/oid2str-overflow.patch (from rev 227549, gnupg/trunk/oid2str-overflow.patch)
===================================================================
--- testing-x86_64/oid2str-overflow.patch	                        (rev 0)
+++ testing-x86_64/oid2str-overflow.patch	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,72 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Tue, 25 Nov 2014 10:58:56 +0000 (+0100)
+Subject: Fix buffer overflow in openpgp_oid_to_str.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=8445ef24fc31e1fe0291e17f90f9f06b536e34da;hp=28dafd4714a9b01d3a6f1e6e5919bf6f909987c7
+
+Fix buffer overflow in openpgp_oid_to_str.
+
+* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.
+
+* common/t-openpgp-oid.c (BADOID): New.
+(test_openpgp_oid_to_str): Add test cases.
+--
+
+The code has an obvious error by not considering invalid encoding for
+arc-2.  A first byte of 0x80 can be used to make a value of less then
+80 and we then subtract 80 from that value as required by the OID
+encoding rules.  Due to the unsigned integer this results in a pretty
+long value which won't fit anymore into the allocated buffer.
+
+The fix is obvious.  Also added a few simple test cases.  Note that we
+keep on using sprintf instead of snprintf because managing the
+remaining length of the buffer would probably be more error prone than
+assuring that the buffer is large enough.  Getting rid of sprintf
+altogether by using direct conversion along with membuf_t like code
+might be possible.
+
+Reported-by: Hanno Böck
+Signed-off-by: Werner Koch <wk at gnupg.org>
+
+Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7
+---
+
+diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c
+index 010c23f..d3d1f2a 100644
+--- a/common/openpgp-oid.c
++++ b/common/openpgp-oid.c
+@@ -236,6 +236,8 @@ openpgp_oid_to_str (gcry_mpi_t a)
+         val <<= 7;
+         val |= buf[n] & 0x7f;
+       }
++    if (val < 80)
++      goto badoid;
+     val -= 80;
+     sprintf (p, "2.%lu", val);
+     p += strlen (p);
+diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c
+index 79e5a70..5cd778d 100644
+--- a/common/t-openpgp-oid.c
++++ b/common/t-openpgp-oid.c
+@@ -32,6 +32,9 @@
+   } while(0)
+ 
+ 
++#define BADOID "1.3.6.1.4.1.11591.2.12242973"
++
++
+ static void
+ test_openpgp_oid_from_str (void)
+ {
+@@ -108,6 +111,12 @@ test_openpgp_oid_to_str (void)
+     { "1.3.132.0.35",
+       { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 }},
+ 
++    { BADOID,
++      { 9, 0x80, 0x02, 0x70, 0x50, 0x25, 0x46, 0xfd, 0x0c, 0xc0 }},
++
++    { BADOID,
++      { 1, 0x80 }},
++
+     { NULL }};
+   gcry_mpi_t a;
+   int idx;

Copied: gnupg/repos/testing-x86_64/refresh-keys.patch (from rev 227549, gnupg/trunk/refresh-keys.patch)
===================================================================
--- testing-x86_64/refresh-keys.patch	                        (rev 0)
+++ testing-x86_64/refresh-keys.patch	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,238 @@
+From eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk at gnupg.org>
+Date: Wed, 12 Nov 2014 12:14:32 +0100
+Subject: [PATCH] gpg: Fix regression in --refresh-keys
+
+* g10/keyserver.c (keyserver_get): Factor all code out to ...
+(keyserver_get_chunk): new.  Extimate line length.
+(keyserver_get): Split up requests into chunks.
+--
+
+Note that refreshing all keys still requires way to much memory
+because we build an in-memory list of all keys first.  It is required
+to first get a list of all keys to avoid conflicts while updating the
+key store in the process of receiving keys.  A better strategy would
+be a background process and tracking the last update in the key store.
+
+GnuPG-bug-id: 1755
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+ g10/call-dirmngr.c |    2 +-
+ g10/keyserver.c    |  107 ++++++++++++++++++++++++++++++++++++++++++----------
+ 2 files changed, 89 insertions(+), 20 deletions(-)
+
+diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
+index 5bddbbe..71f5324 100644
+--- a/g10/call-dirmngr.c
++++ b/g10/call-dirmngr.c
+@@ -429,7 +429,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen)
+    error an error code is returned and NULL stored at R_FP.
+ 
+    The pattern may only use search specification which a keyserver can
+-   use to retriev keys.  Because we know the format of the pattern we
++   use to retrieve keys.  Because we know the format of the pattern we
+    don't need to escape the patterns before sending them to the
+    server.
+ 
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 1b2e128..5bc1eba 100644
+--- a/g10/keyserver.c
++++ b/g10/keyserver.c
+@@ -1567,17 +1567,16 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
+   return err;
+ }
+ 
+-
+-
+-/* Retrieve a key from a keyserver.  The search pattern are in
+-   (DESC,NDESC).  Allowed search modes are keyid, fingerprint, and
+-   exact searches.  KEYSERVER gives an optional override keyserver. If
+-   (R_FPR,R_FPRLEN) are not NULL, the may retrun the fingerprint of
+-   one imported key.  */
++/* Helper for keyserver_get.  Here we only receive a chunk of the
++   description to be processed in one batch.  This is required due to
++   the limited number of patterns the dirmngr interface (KS_GET) can
++   grok and to limit the amount of temporary required memory.  */
+ static gpg_error_t
+-keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+-               struct keyserver_spec *keyserver,
+-               unsigned char **r_fpr, size_t *r_fprlen)
++keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++                     int *r_ndesc_used,
++                     void *stats_handle,
++                     struct keyserver_spec *keyserver,
++                     unsigned char **r_fpr, size_t *r_fprlen)
+ 
+ {
+   gpg_error_t err = 0;
+@@ -1585,12 +1584,26 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+   int idx, npat;
+   estream_t datastream;
+   char *source = NULL;
++  size_t linelen;  /* Estimated linelen for KS_GET.  */
++  size_t n;
++
++#define MAX_KS_GET_LINELEN 950  /* Somewhat lower than the real limit.  */
++
++  *r_ndesc_used = 0;
+ 
+   /* Create an array filled with a search pattern for each key.  The
+      array is delimited by a NULL entry.  */
+   pattern = xtrycalloc (ndesc+1, sizeof *pattern);
+   if (!pattern)
+     return gpg_error_from_syserror ();
++
++  /* Note that we break the loop as soon as our estimation of the to
++     be used line length reaches the limit.  But we do this only if we
++     have processed at leas one search requests so that an overlong
++     single request will be rejected only later by gpg_dirmngr_ks_get
++     but we are sure that R_NDESC_USED has been updated.  This avoids
++     a possible indefinite loop.  */
++  linelen = 9; /* "KS_GET --" */
+   for (npat=idx=0; idx < ndesc; idx++)
+     {
+       int quiet = 0;
+@@ -1598,7 +1611,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+       if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
+           || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
+         {
+-          pattern[npat] = xtrymalloc (2+2*20+1);
++          n = 1+2+2*20;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
++          pattern[npat] = xtrymalloc (n);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+           else
+@@ -1612,6 +1630,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID)
+         {
++          n = 1+2+16;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = xtryasprintf ("0x%08lX%08lX",
+                                         (ulong)desc[idx].u.kid[0],
+                                         (ulong)desc[idx].u.kid[1]);
+@@ -1622,6 +1645,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+         {
++          n = 1+2+8;
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+@@ -1630,11 +1658,17 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+       else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT)
+         {
+-          /* The Dirmngr uses also classify_user_id to detect the type
++          /* The Dirmngr also uses classify_user_id to detect the type
+              of the search string.  By adding the '=' prefix we force
+              Dirmngr's KS_GET to consider this an exact search string.
+              (In gpg 1.4 and gpg 2.0 the keyserver helpers used the
+              KS_GETNAME command to indicate this.)  */
++
++          n = 1+1+strlen (desc[idx].u.name);
++          if (idx && linelen + n > MAX_KS_GET_LINELEN)
++            break; /* Declare end of this chunk.  */
++          linelen += n;
++
+           pattern[npat] = strconcat ("=", desc[idx].u.name, NULL);
+           if (!pattern[npat])
+             err = gpg_error_from_syserror ();
+@@ -1669,6 +1703,9 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+         }
+     }
+ 
++  /* Remember now many of search items were considered.  Note that
++     this is different from NPAT.  */
++  *r_ndesc_used = idx;
+ 
+   err = gpg_dirmngr_ks_get (ctrl, pattern, &datastream, &source);
+   for (idx=0; idx < npat; idx++)
+@@ -1679,11 +1716,8 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ 
+   if (!err)
+     {
+-      void *stats_handle;
+       struct ks_retrieval_screener_arg_s screenerarg;
+ 
+-      stats_handle = import_new_stats_handle();
+-
+       /* FIXME: Check whether this comment should be moved to dirmngr.
+ 
+          Slurp up all the key data.  In the future, it might be nice
+@@ -1697,15 +1731,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+          keyservers. */
+ 
+       screenerarg.desc = desc;
+-      screenerarg.ndesc = ndesc;
++      screenerarg.ndesc = *r_ndesc_used;
+       import_keys_es_stream (ctrl, datastream, stats_handle,
+                              r_fpr, r_fprlen,
+                              (opt.keyserver_options.import_options
+                               | IMPORT_NO_SECKEY),
+                              keyserver_retrieval_screener, &screenerarg);
+-
+-      import_print_stats (stats_handle);
+-      import_release_stats_handle (stats_handle);
+     }
+   es_fclose (datastream);
+   xfree (source);
+@@ -1714,6 +1745,44 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
+ }
+ 
+ 
++/* Retrieve a key from a keyserver.  The search pattern are in
++   (DESC,NDESC).  Allowed search modes are keyid, fingerprint, and
++   exact searches.  KEYSERVER gives an optional override keyserver. If
++   (R_FPR,R_FPRLEN) are not NULL, they may return the fingerprint of a
++   single imported key.  */
++static gpg_error_t
++keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
++               struct keyserver_spec *keyserver,
++               unsigned char **r_fpr, size_t *r_fprlen)
++{
++  gpg_error_t err;
++  void *stats_handle;
++  int ndesc_used;
++  int any_good = 0;
++
++  stats_handle = import_new_stats_handle();
++
++  for (;;)
++    {
++      err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
++                                 keyserver, r_fpr, r_fprlen);
++      if (!err)
++        any_good = 1;
++      if (err || ndesc_used >= ndesc)
++        break; /* Error or all processed.  */
++      /* Prepare for the next chunk.  */
++      desc += ndesc_used;
++      ndesc -= ndesc_used;
++    }
++
++  if (any_good)
++    import_print_stats (stats_handle);
++
++  import_release_stats_handle (stats_handle);
++  return err;
++}
++
++
+ /* Send all keys specified by KEYSPECS to the KEYSERVERS.  */
+ static gpg_error_t
+ keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
+-- 
+1.7.10.4
+

Copied: gnupg/repos/testing-x86_64/subpacket-off.patch (from rev 227549, gnupg/trunk/subpacket-off.patch)
===================================================================
--- testing-x86_64/subpacket-off.patch	                        (rev 0)
+++ testing-x86_64/subpacket-off.patch	2014-12-11 20:09:46 UTC (rev 227550)
@@ -0,0 +1,38 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Mon, 24 Nov 2014 16:28:25 +0000 (+0100)
+Subject: gpg: Fix off-by-one read in the attribute subpacket parser.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=0988764397f99db4efef1eabcdb8072d6159af76;hp=b716e6a69919b89c7887d6c7c9b97e58d18fdf95
+
+gpg: Fix off-by-one read in the attribute subpacket parser.
+
+* g10/parse-packet.c (parse_attribute_subpkts): Check that the
+attribute packet is large enough for the subpacket type.
+--
+
+Reported-by: Hanno Böck
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+
+diff --git a/g10/parse-packet.c b/g10/parse-packet.c
+index e0370aa..f75e21c 100644
+--- a/g10/parse-packet.c
++++ b/g10/parse-packet.c
+@@ -2359,8 +2359,16 @@ parse_attribute_subpkts (PKT_user_id * uid)
+       if (buflen < n)
+ 	goto too_short;
+ 
+-      attribs =
+-	xrealloc (attribs, (count + 1) * sizeof (struct user_attribute));
++      if (!n)
++        {
++          /* Too short to encode the subpacket type.  */
++          if (opt.verbose)
++            log_info ("attribute subpacket too short\n");
++          break;
++        }
++
++      attribs = xrealloc (attribs,
++                          (count + 1) * sizeof (struct user_attribute));
+       memset (&attribs[count], 0, sizeof (struct user_attribute));
+ 
+       type = *buffer;



More information about the arch-commits mailing list