diff options
-rw-r--r-- | user/gnupg/APKBUILD | 12 | ||||
-rw-r--r-- | user/gnupg/fix-i18n.patch | 12 | ||||
-rw-r--r-- | user/gnupg/t5993-d556-disallow-compressed.patch | 171 |
3 files changed, 178 insertions, 17 deletions
diff --git a/user/gnupg/APKBUILD b/user/gnupg/APKBUILD index 71d07cc79..da778b135 100644 --- a/user/gnupg/APKBUILD +++ b/user/gnupg/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=gnupg -pkgver=2.2.23 +pkgver=2.2.39 pkgrel=0 pkgdesc="Complete and free implementation of the OpenPGP standard" url="https://www.gnupg.org/" @@ -15,8 +15,10 @@ install="$pkgname.pre-install $pkgname.pre-upgrade" subpackages="$pkgname-doc $pkgname-lang" source="https://gnupg.org/ftp/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2 0001-Include-sys-select.h-for-FD_SETSIZE.patch - fix-i18n.patch - 60-scdaemon.rules" + t5993-d556-disallow-compressed.patch + + 60-scdaemon.rules + " # secfixes: # 2.2.23-r0: @@ -54,7 +56,7 @@ package() { install -Dm644 "$srcdir"/60-scdaemon.rules "$pkgdir"/lib/udev/rules.d } -sha512sums="736b39628f7e4adc650b3f9937c81f27e9ad41e77f5345dc54262c91c1cf7004243fa7f932313bcde955e0e9b3f1afc639bac18023ae878b1d26e3c5a3cabb90 gnupg-2.2.23.tar.bz2 +sha512sums="73f881c12c82010aeaada500517ff39ab22b27ff21b1248bc2228b60a2d75385a44a53c5cfadb8f6b84ef22ad9db0105096b6620fb689560809b324019713940 gnupg-2.2.39.tar.bz2 c6cc4595081c5b025913fa3ebecf0dff87a84f3c669e3fef106e4fa040f1d4314ee52dd4c0e0002b213034fb0810221cfdd0033eae5349b6e3978f05d08bcac7 0001-Include-sys-select.h-for-FD_SETSIZE.patch -b19a44dacf061dd02b439ab8bd820e3c721aab77168f705f5ce65661f26527b03ea88eec16d78486a633c474120589ec8736692ebff57ab9b95f52f57190ba6b fix-i18n.patch +47c61274650cebe55ffbd42fd5346afd04c6681a09cd9f51ccb0d253780eb23fd9424afa109426da49d6ea83cd911f6bc50d1f72abd887473ab41c88c25189df t5993-d556-disallow-compressed.patch 4bfb9742279c2d1c872d63cd4bcb01f6a2a13d94618eff954d3a37451fa870a9bb29687330854ee47e8876d6e60dc81cb2569c3931beaefacda33db23c464402 60-scdaemon.rules" diff --git a/user/gnupg/fix-i18n.patch b/user/gnupg/fix-i18n.patch deleted file mode 100644 index 00d71dd5c..000000000 --- a/user/gnupg/fix-i18n.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- gnupg-2.1.7/common/i18n.c.orig 2015-08-31 20:40:18.752742866 +0300 -+++ gnupg-2.1.7/common/i18n.c 2015-08-31 20:40:41.806336224 +0300 -@@ -85,8 +85,8 @@ - bindtextdomain (PACKAGE_GT, gnupg_localedir ()); - textdomain (PACKAGE_GT); - #else --# ifdef ENABLE_NLS - setlocale (LC_ALL, "" ); -+# ifdef ENABLE_NLS - bindtextdomain (PACKAGE_GT, LOCALEDIR); - textdomain (PACKAGE_GT); - # endif diff --git a/user/gnupg/t5993-d556-disallow-compressed.patch b/user/gnupg/t5993-d556-disallow-compressed.patch new file mode 100644 index 000000000..e11dc6484 --- /dev/null +++ b/user/gnupg/t5993-d556-disallow-compressed.patch @@ -0,0 +1,171 @@ +diff --git a/g10/import.c b/g10/import.c +--- a/g10/import.c ++++ b/g10/import.c +@@ -1042,22 +1042,8 @@ + switch (pkt->pkttype) + { + case PKT_COMPRESSED: +- if (check_compress_algo (pkt->pkt.compressed->algorithm)) +- { +- rc = GPG_ERR_COMPR_ALGO; +- goto ready; +- } +- else +- { +- compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx ); +- pkt->pkt.compressed->buf = NULL; +- if (push_compress_filter2 (a, cfx, +- pkt->pkt.compressed->algorithm, 1)) +- xfree (cfx); /* e.g. in case of compression_algo NONE. */ +- } +- free_packet (pkt, &parsectx); +- init_packet(pkt); +- break; ++ rc = GPG_ERR_UNEXPECTED; ++ goto ready; + + case PKT_RING_TRUST: + /* Skip those packets unless we are in restore mode. */ +diff --git a/g10/mainproc.c b/g10/mainproc.c +--- a/g10/mainproc.c ++++ b/g10/mainproc.c +@@ -152,6 +152,7 @@ + { + kbnode_t node; + ++ log_assert(!(c->sigs_only && c->signed_data.used)); + if (c->list) /* Add another packet. */ + add_kbnode (c->list, new_kbnode (pkt)); + else /* Insert the first one. */ +@@ -1077,7 +1078,10 @@ + + /*printf("zip: compressed data packet\n");*/ + if (c->sigs_only) +- rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c); ++ { ++ log_assert(!c->signed_data.used); ++ rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c); ++ } + else if( c->encrypt_only ) + rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c); + else +@@ -1596,6 +1600,7 @@ + c->iobuf = a; + init_packet(pkt); + init_parse_packet (&parsectx, a); ++ parsectx.sigs_only = c->sigs_only && c->signed_data.used; + while ((rc=parse_packet (&parsectx, pkt)) != -1) + { + any_data = 1; +@@ -1607,6 +1612,12 @@ + if (gpg_err_code (rc) == GPG_ERR_INV_PACKET + && opt.list_packets == 0) + break; ++ ++ if (gpg_err_code (rc) == GPG_ERR_UNEXPECTED) ++ { ++ write_status_text( STATUS_UNEXPECTED, "0" ); ++ goto leave; ++ } + continue; + } + newpkt = -1; +@@ -1644,7 +1655,9 @@ + case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break; + case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break; + case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break; +- default: newpkt = 0; break; ++ default: ++ log_assert(!c->signed_data.used); ++ newpkt = 0; break; + } + } + else if (c->encrypt_only) +diff --git a/g10/packet.h b/g10/packet.h +--- a/g10/packet.h ++++ b/g10/packet.h +@@ -657,6 +657,7 @@ + int free_last_pkt; /* Indicates that LAST_PKT must be freed. */ + int skip_meta; /* Skip ring trust packets. */ + unsigned int n_parsed_packets; /* Number of parsed packets. */ ++ int sigs_only; /* Only accept detached signature packets */ + }; + typedef struct parse_packet_ctx_s *parse_packet_ctx_t; + +@@ -667,6 +668,7 @@ + (a)->free_last_pkt = 0; \ + (a)->skip_meta = 0; \ + (a)->n_parsed_packets = 0; \ ++ (a)->sigs_only = 0; \ + } while (0) + + #define deinit_parse_packet(a) do { \ +diff --git a/g10/parse-packet.c b/g10/parse-packet.c +--- a/g10/parse-packet.c ++++ b/g10/parse-packet.c +@@ -738,6 +738,20 @@ + case PKT_ENCRYPTED_MDC: + case PKT_ENCRYPTED_AEAD: + case PKT_COMPRESSED: ++ if (ctx->sigs_only) ++ { ++ log_error (_("partial length packet of type %d in detached" ++ " signature\n"), pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } ++ if (onlykeypkts) ++ { ++ log_error (_("partial length packet of type %d in keyring\n"), ++ pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } + iobuf_set_partial_body_length_mode (inp, c & 0xff); + pktlen = 0; /* To indicate partial length. */ + partial = 1; +@@ -775,6 +789,20 @@ + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } ++ else if (ctx->sigs_only) ++ { ++ log_error (_("indeterminate length packet of type %d in detached" ++ " signature\n"), pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } ++ else if (onlykeypkts) ++ { ++ log_error (_("indeterminate length packet of type %d in" ++ " keyring\n"), pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } + } + else + { +@@ -828,7 +856,21 @@ + goto leave; + } + +- if (with_uid && pkttype == PKT_USER_ID) ++ if (ctx->sigs_only) ++ switch (pkttype) ++ { ++ case PKT_SIGNATURE: ++ case PKT_MARKER: ++ break; ++ default: ++ log_error(_("Packet type %d not allowed in detached signature\n"), ++ pkttype); ++ iobuf_skip_rest (inp, pktlen, partial); ++ *skip = 1; ++ rc = GPG_ERR_UNEXPECTED; ++ goto leave; ++ } ++ else if (with_uid && pkttype == PKT_USER_ID) + /* If ONLYKEYPKTS is set to 2, then we never skip user id packets, + even if DO_SKIP is set. */ + ; + |