summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--user/gnupg/APKBUILD12
-rw-r--r--user/gnupg/fix-i18n.patch12
-rw-r--r--user/gnupg/t5993-d556-disallow-compressed.patch171
3 files changed, 178 insertions, 17 deletions
diff --git a/user/gnupg/APKBUILD b/user/gnupg/APKBUILD
index 71d07cc79..da778b135 100644
--- a/user/gnupg/APKBUILD
+++ b/user/gnupg/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=gnupg
-pkgver=2.2.23
+pkgver=2.2.39
pkgrel=0
pkgdesc="Complete and free implementation of the OpenPGP standard"
url="https://www.gnupg.org/"
@@ -15,8 +15,10 @@ install="$pkgname.pre-install $pkgname.pre-upgrade"
subpackages="$pkgname-doc $pkgname-lang"
source="https://gnupg.org/ftp/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2
0001-Include-sys-select.h-for-FD_SETSIZE.patch
- fix-i18n.patch
- 60-scdaemon.rules"
+ t5993-d556-disallow-compressed.patch
+
+ 60-scdaemon.rules
+ "
# secfixes:
# 2.2.23-r0:
@@ -54,7 +56,7 @@ package() {
install -Dm644 "$srcdir"/60-scdaemon.rules "$pkgdir"/lib/udev/rules.d
}
-sha512sums="736b39628f7e4adc650b3f9937c81f27e9ad41e77f5345dc54262c91c1cf7004243fa7f932313bcde955e0e9b3f1afc639bac18023ae878b1d26e3c5a3cabb90 gnupg-2.2.23.tar.bz2
+sha512sums="73f881c12c82010aeaada500517ff39ab22b27ff21b1248bc2228b60a2d75385a44a53c5cfadb8f6b84ef22ad9db0105096b6620fb689560809b324019713940 gnupg-2.2.39.tar.bz2
c6cc4595081c5b025913fa3ebecf0dff87a84f3c669e3fef106e4fa040f1d4314ee52dd4c0e0002b213034fb0810221cfdd0033eae5349b6e3978f05d08bcac7 0001-Include-sys-select.h-for-FD_SETSIZE.patch
-b19a44dacf061dd02b439ab8bd820e3c721aab77168f705f5ce65661f26527b03ea88eec16d78486a633c474120589ec8736692ebff57ab9b95f52f57190ba6b fix-i18n.patch
+47c61274650cebe55ffbd42fd5346afd04c6681a09cd9f51ccb0d253780eb23fd9424afa109426da49d6ea83cd911f6bc50d1f72abd887473ab41c88c25189df t5993-d556-disallow-compressed.patch
4bfb9742279c2d1c872d63cd4bcb01f6a2a13d94618eff954d3a37451fa870a9bb29687330854ee47e8876d6e60dc81cb2569c3931beaefacda33db23c464402 60-scdaemon.rules"
diff --git a/user/gnupg/fix-i18n.patch b/user/gnupg/fix-i18n.patch
deleted file mode 100644
index 00d71dd5c..000000000
--- a/user/gnupg/fix-i18n.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- gnupg-2.1.7/common/i18n.c.orig 2015-08-31 20:40:18.752742866 +0300
-+++ gnupg-2.1.7/common/i18n.c 2015-08-31 20:40:41.806336224 +0300
-@@ -85,8 +85,8 @@
- bindtextdomain (PACKAGE_GT, gnupg_localedir ());
- textdomain (PACKAGE_GT);
- #else
--# ifdef ENABLE_NLS
- setlocale (LC_ALL, "" );
-+# ifdef ENABLE_NLS
- bindtextdomain (PACKAGE_GT, LOCALEDIR);
- textdomain (PACKAGE_GT);
- # endif
diff --git a/user/gnupg/t5993-d556-disallow-compressed.patch b/user/gnupg/t5993-d556-disallow-compressed.patch
new file mode 100644
index 000000000..e11dc6484
--- /dev/null
+++ b/user/gnupg/t5993-d556-disallow-compressed.patch
@@ -0,0 +1,171 @@
+diff --git a/g10/import.c b/g10/import.c
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -1042,22 +1042,8 @@
+ switch (pkt->pkttype)
+ {
+ case PKT_COMPRESSED:
+- if (check_compress_algo (pkt->pkt.compressed->algorithm))
+- {
+- rc = GPG_ERR_COMPR_ALGO;
+- goto ready;
+- }
+- else
+- {
+- compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx );
+- pkt->pkt.compressed->buf = NULL;
+- if (push_compress_filter2 (a, cfx,
+- pkt->pkt.compressed->algorithm, 1))
+- xfree (cfx); /* e.g. in case of compression_algo NONE. */
+- }
+- free_packet (pkt, &parsectx);
+- init_packet(pkt);
+- break;
++ rc = GPG_ERR_UNEXPECTED;
++ goto ready;
+
+ case PKT_RING_TRUST:
+ /* Skip those packets unless we are in restore mode. */
+diff --git a/g10/mainproc.c b/g10/mainproc.c
+--- a/g10/mainproc.c
++++ b/g10/mainproc.c
+@@ -152,6 +152,7 @@
+ {
+ kbnode_t node;
+
++ log_assert(!(c->sigs_only && c->signed_data.used));
+ if (c->list) /* Add another packet. */
+ add_kbnode (c->list, new_kbnode (pkt));
+ else /* Insert the first one. */
+@@ -1077,7 +1078,10 @@
+
+ /*printf("zip: compressed data packet\n");*/
+ if (c->sigs_only)
+- rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c);
++ {
++ log_assert(!c->signed_data.used);
++ rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c);
++ }
+ else if( c->encrypt_only )
+ rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c);
+ else
+@@ -1596,6 +1600,7 @@
+ c->iobuf = a;
+ init_packet(pkt);
+ init_parse_packet (&parsectx, a);
++ parsectx.sigs_only = c->sigs_only && c->signed_data.used;
+ while ((rc=parse_packet (&parsectx, pkt)) != -1)
+ {
+ any_data = 1;
+@@ -1607,6 +1612,12 @@
+ if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
+ && opt.list_packets == 0)
+ break;
++
++ if (gpg_err_code (rc) == GPG_ERR_UNEXPECTED)
++ {
++ write_status_text( STATUS_UNEXPECTED, "0" );
++ goto leave;
++ }
+ continue;
+ }
+ newpkt = -1;
+@@ -1644,7 +1655,9 @@
+ case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break;
+ case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
+ case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
+- default: newpkt = 0; break;
++ default:
++ log_assert(!c->signed_data.used);
++ newpkt = 0; break;
+ }
+ }
+ else if (c->encrypt_only)
+diff --git a/g10/packet.h b/g10/packet.h
+--- a/g10/packet.h
++++ b/g10/packet.h
+@@ -657,6 +657,7 @@
+ int free_last_pkt; /* Indicates that LAST_PKT must be freed. */
+ int skip_meta; /* Skip ring trust packets. */
+ unsigned int n_parsed_packets; /* Number of parsed packets. */
++ int sigs_only; /* Only accept detached signature packets */
+ };
+ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
+
+@@ -667,6 +668,7 @@
+ (a)->free_last_pkt = 0; \
+ (a)->skip_meta = 0; \
+ (a)->n_parsed_packets = 0; \
++ (a)->sigs_only = 0; \
+ } while (0)
+
+ #define deinit_parse_packet(a) do { \
+diff --git a/g10/parse-packet.c b/g10/parse-packet.c
+--- a/g10/parse-packet.c
++++ b/g10/parse-packet.c
+@@ -738,6 +738,20 @@
+ case PKT_ENCRYPTED_MDC:
+ case PKT_ENCRYPTED_AEAD:
+ case PKT_COMPRESSED:
++ if (ctx->sigs_only)
++ {
++ log_error (_("partial length packet of type %d in detached"
++ " signature\n"), pkttype);
++ rc = gpg_error (GPG_ERR_UNEXPECTED);
++ goto leave;
++ }
++ if (onlykeypkts)
++ {
++ log_error (_("partial length packet of type %d in keyring\n"),
++ pkttype);
++ rc = gpg_error (GPG_ERR_UNEXPECTED);
++ goto leave;
++ }
+ iobuf_set_partial_body_length_mode (inp, c & 0xff);
+ pktlen = 0; /* To indicate partial length. */
+ partial = 1;
+@@ -775,6 +789,20 @@
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
++ else if (ctx->sigs_only)
++ {
++ log_error (_("indeterminate length packet of type %d in detached"
++ " signature\n"), pkttype);
++ rc = gpg_error (GPG_ERR_UNEXPECTED);
++ goto leave;
++ }
++ else if (onlykeypkts)
++ {
++ log_error (_("indeterminate length packet of type %d in"
++ " keyring\n"), pkttype);
++ rc = gpg_error (GPG_ERR_UNEXPECTED);
++ goto leave;
++ }
+ }
+ else
+ {
+@@ -828,7 +856,21 @@
+ goto leave;
+ }
+
+- if (with_uid && pkttype == PKT_USER_ID)
++ if (ctx->sigs_only)
++ switch (pkttype)
++ {
++ case PKT_SIGNATURE:
++ case PKT_MARKER:
++ break;
++ default:
++ log_error(_("Packet type %d not allowed in detached signature\n"),
++ pkttype);
++ iobuf_skip_rest (inp, pktlen, partial);
++ *skip = 1;
++ rc = GPG_ERR_UNEXPECTED;
++ goto leave;
++ }
++ else if (with_uid && pkttype == PKT_USER_ID)
+ /* If ONLYKEYPKTS is set to 2, then we never skip user id packets,
+ even if DO_SKIP is set. */
+ ;
+