[pkgsrc/trunk]: pkgsrc/security/gnupg Add the same patch as security/gnupg2 p...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/gnupg Add the same patch as security/gnupg2 p...
From: taca <taca%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 04:16:23 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/40306efa8d27
branches:  trunk
changeset: 521931:40306efa8d27
user:      taca <taca%pkgsrc.org@localhost>
date:      Tue Nov 28 05:39:41 2006 +0000

description:
Add the same patch as security/gnupg2 package to fix a buffer overflow.

While fixing a bug reported by Hugh Warrington, a buffer overflow has
been identified in all released GnuPG versions.  The current versions
1.4.5 and 2.0.0 are affected.  A small patch is provided.
...

2006-11-27  Werner Koch  <wk%g10code.com@localhost>

        * openfile.c (ask_outfile_name): Fixed buffer overflow occurring
        if make_printable_string returns a longer string.  Fixes bug 728.

Bump PKGREVISION.

diffstat:

 security/gnupg/Makefile         |   3 ++-
 security/gnupg/distinfo         |   3 ++-
 security/gnupg/patches/patch-al |  15 +++++++++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diffs (45 lines):

diff -r 7b2e44608ff3 -r 40306efa8d27 security/gnupg/Makefile
--- a/security/gnupg/Makefile   Mon Nov 27 22:05:34 2006 +0000
+++ b/security/gnupg/Makefile   Tue Nov 28 05:39:41 2006 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.91 2006/11/03 07:45:44 joerg Exp $
+# $NetBSD: Makefile,v 1.92 2006/11/28 05:39:41 taca Exp $
 
 DISTNAME=      gnupg-1.4.5
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  ftp://ftp.gnupg.org/gcrypt/gnupg/ \
                ftp://ftp.planetmirror.com/pub/gnupg/ \
diff -r 7b2e44608ff3 -r 40306efa8d27 security/gnupg/distinfo
--- a/security/gnupg/distinfo   Mon Nov 27 22:05:34 2006 +0000
+++ b/security/gnupg/distinfo   Tue Nov 28 05:39:41 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.43 2006/08/02 10:37:34 drochner Exp $
+$NetBSD: distinfo,v 1.44 2006/11/28 05:39:41 taca Exp $
 
 SHA1 (gnupg-1.4.5.tar.bz2) = 553fefe0da5a91108dd9468e381faf9487754f9a
 RMD160 (gnupg-1.4.5.tar.bz2) = f27447b3aec1423ac10c3a5b4745ea3b13c5a5e5
@@ -9,3 +9,4 @@
 SHA1 (patch-aa) = 91d55ca22b58e8a1f3c17a2fd0ad888d4c85c6cf
 SHA1 (patch-ab) = 29a7d0b736322eb1ecf0925a2419b513f323000e
 SHA1 (patch-ak) = 89a6a7552104f4d5b97a98889da88fca68c54f31
+SHA1 (patch-al) = 504ff52178d9ffa36f14d6741e4805c212156c0e
diff -r 7b2e44608ff3 -r 40306efa8d27 security/gnupg/patches/patch-al
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/gnupg/patches/patch-al   Tue Nov 28 05:39:41 2006 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-al,v 1.1 2006/11/28 05:39:42 taca Exp $
+
+# http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
+
+--- ./g10/openfile.c.orig      2006-09-14 08:18:39.000000000 -0600
++++ ./g10/openfile.c
+@@ -145,7 +145,7 @@ ask_outfile_name( const char *name, size
+ 
+     s = _("Enter new filename");
+ 
+-    n = strlen(s) + namelen + 10;
++    n = strlen(s) + (defname?strlen (defname):0) + 10;
+     defname = name && namelen? make_printable_string( name, namelen, 0): NULL;
+     prompt = xmalloc(n);
+     if( defname )

Prev by Date: [pkgsrc/trunk]: pkgsrc/sysutils/nautilus update to 2.16.3
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Note update of security/gnupg package to 1.4.5nb1.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/sysutils/nautilus update to 2.16.3
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Note update of security/gnupg package to 1.4.5nb1.
Indexes:

Home | Main Index | Thread Index | Old Index