pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/gnupg2
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jun 30 14:48:55 UTC 2022
Modified Files:
pkgsrc/security/gnupg2: Makefile distinfo
Added Files:
pkgsrc/security/gnupg2/patches: patch-g10_cpr.c
Log Message:
gnupg2: fix possible security issue
Per
https://www.openwall.com/lists/oss-security/2022/06/30/1
using upstream patch.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 pkgsrc/security/gnupg2/Makefile
cvs rdiff -u -r1.73 -r1.74 pkgsrc/security/gnupg2/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/gnupg2/patches/patch-g10_cpr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/gnupg2/Makefile
diff -u pkgsrc/security/gnupg2/Makefile:1.133 pkgsrc/security/gnupg2/Makefile:1.134
--- pkgsrc/security/gnupg2/Makefile:1.133 Tue Apr 26 08:15:35 2022
+++ pkgsrc/security/gnupg2/Makefile Thu Jun 30 14:48:55 2022
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.133 2022/04/26 08:15:35 adam Exp $
+# $NetBSD: Makefile,v 1.134 2022/06/30 14:48:55 wiz Exp $
DISTNAME= gnupg-2.2.35
PKGNAME= ${DISTNAME:S/gnupg-/gnupg2-/}
+PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/gnupg/
MASTER_SITES+= http://mirrors.dotsrc.org/gcrypt/gnupg/
Index: pkgsrc/security/gnupg2/distinfo
diff -u pkgsrc/security/gnupg2/distinfo:1.73 pkgsrc/security/gnupg2/distinfo:1.74
--- pkgsrc/security/gnupg2/distinfo:1.73 Tue Apr 26 08:15:35 2022
+++ pkgsrc/security/gnupg2/distinfo Thu Jun 30 14:48:55 2022
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.73 2022/04/26 08:15:35 adam Exp $
+$NetBSD: distinfo,v 1.74 2022/06/30 14:48:55 wiz Exp $
BLAKE2s (gnupg-2.2.35.tar.bz2) = 74f0a044b85c30a11a59bed4e21c322c7a77c839639996fa30f5e3bee8433830
SHA512 (gnupg-2.2.35.tar.bz2) = ad9f8d10890b7fafb15a7422e2cebaf0f85ce7cf5f880f4edd8d1dec46aa73c01f9096e601f6edd665f8684d1f5892634991a400e00b3185e6b201f549004d3e
Size (gnupg-2.2.35.tar.bz2) = 7262687 bytes
SHA1 (patch-common_sysutils.c) = 569c12e21172c1521284922244b2f4f361c945d6
+SHA1 (patch-g10_cpr.c) = 0a691eb6e6463ce9f9e3e735d3b2d587195a05cc
Added files:
Index: pkgsrc/security/gnupg2/patches/patch-g10_cpr.c
diff -u /dev/null pkgsrc/security/gnupg2/patches/patch-g10_cpr.c:1.1
--- /dev/null Thu Jun 30 14:48:55 2022
+++ pkgsrc/security/gnupg2/patches/patch-g10_cpr.c Thu Jun 30 14:48:55 2022
@@ -0,0 +1,40 @@
+$NetBSD: patch-g10_cpr.c,v 1.1 2022/06/30 14:48:55 wiz Exp $
+
+g10: Fix garbled status messages in NOTATION_DATA
+
+* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
+
+Depending on the escaping and line wrapping the computed remaining
+buffer length could be wrong. Fixed by always using a break to
+terminate the escape detection loop. Might have happened for all
+status lines which may wrap.
+
+https://dev.gnupg.org/rG34c649b3601383cd11dbc76221747ec16fd68e1b
+
+--- g10/cpr.c.orig 2022-02-24 13:06:37.000000000 +0000
++++ g10/cpr.c
+@@ -328,20 +328,15 @@ write_status_text_and_buffer (int no, co
+ }
+ first = 0;
+ }
+- for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
++ for (esc=0, s=buffer, n=len; n; s++, n--)
+ {
+ if (*s == '%' || *(const byte*)s <= lower_limit
+ || *(const byte*)s == 127 )
+ esc = 1;
+ if (wrap && ++count > wrap)
+- {
+- dowrap=1;
+- break;
+- }
+- }
+- if (esc)
+- {
+- s--; n++;
++ dowrap=1;
++ if (esc || dowrap)
++ break;
+ }
+ if (s != buffer)
+ es_fwrite (buffer, s-buffer, 1, statusfp);
Home |
Main Index |
Thread Index |
Old Index