diff options
author | Ross Burton <ross.burton@intel.com> | 2013-04-29 14:47:22 +0100 |
---|---|---|
committer | Ross Burton <ross.burton@intel.com> | 2013-04-29 14:56:03 +0100 |
commit | 44ed6605c1978325782d229d0c01329465c4c5c7 (patch) | |
tree | 4b8ca55601cb689413ecbd7bb61348bab31bc41f | |
parent | 9ab2fc380fe8b6e48c6501a4630cc3c583ed2da5 (diff) | |
download | openembedded-core-44ed6605c1978325782d229d0c01329465c4c5c7.tar.gz openembedded-core-44ed6605c1978325782d229d0c01329465c4c5c7.tar.bz2 openembedded-core-44ed6605c1978325782d229d0c01329465c4c5c7.zip |
gnupg: integrate fix for CVE-2012-6085
From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6085:
"The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x
through 2.0.19, when importing a key, allows remote attackers to corrupt the
public keyring database or cause a denial of service (application crash) via a
crafted length field of an OpenPGP packet."
Patch taken from upstream git, which is identical in both branches.
Signed-off-by: Ross Burton <ross.burton@intel.com>
-rw-r--r-- | meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch | 70 | ||||
-rw-r--r-- | meta/recipes-support/gnupg/gnupg_1.4.7.bb | 3 | ||||
-rw-r--r-- | meta/recipes-support/gnupg/gnupg_2.0.19.bb | 3 |
3 files changed, 74 insertions, 2 deletions
diff --git a/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch new file mode 100644 index 0000000000..2b98a3c4f2 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/cve-2012-6085.patch @@ -0,0 +1,70 @@ +Fix CVE-2012-6085 by backporting a patch from upstream's git repository. + +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@intel.com> + + +From 498882296ffac7987c644aaf2a0aa108a2925471 Mon Sep 17 00:00:00 2001 +From: Werner Koch <wk@gnupg.org> +Date: Thu, 20 Dec 2012 09:43:41 +0100 +Subject: [PATCH] gpg: Import only packets which are allowed in a keyblock. + +* g10/import.c (valid_keyblock_packet): New. +(read_block): Store only valid packets. +-- + +A corrupted key, which for example included a mangled public key +encrypted packet, used to corrupt the keyring. This change skips all +packets which are not allowed in a keyblock. + +GnuPG-bug-id: 1455 + +(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e) +--- + g10/import.c | 23 ++++++++++++++++++++++- + 1 files changed, 22 insertions(+), 1 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index ba2439d..ad112d6 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -347,6 +347,27 @@ import_print_stats (void *hd) + } + + ++/* Return true if PKTTYPE is valid in a keyblock. */ ++static int ++valid_keyblock_packet (int pkttype) ++{ ++ switch (pkttype) ++ { ++ case PKT_PUBLIC_KEY: ++ case PKT_PUBLIC_SUBKEY: ++ case PKT_SECRET_KEY: ++ case PKT_SECRET_SUBKEY: ++ case PKT_SIGNATURE: ++ case PKT_USER_ID: ++ case PKT_ATTRIBUTE: ++ case PKT_RING_TRUST: ++ return 1; ++ default: ++ return 0; ++ } ++} ++ ++ + /**************** + * Read the next keyblock from stream A. + * PENDING_PKT should be initialzed to NULL +@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) + } + in_cert = 1; + default: +- if( in_cert ) { ++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) { + if( !root ) + root = new_kbnode( pkt ); + else +-- +1.7.2.5 + diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb index 41552b2ee6..befcc313ec 100644 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb @@ -13,7 +13,8 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ file://long-long-thumb.patch \ file://configure.patch \ file://mips_gcc4.4.patch \ - file://curl_typeof_fix_backport.patch" + file://curl_typeof_fix_backport.patch \ + file://cve-2012-6085.patch" SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" diff --git a/meta/recipes-support/gnupg/gnupg_2.0.19.bb b/meta/recipes-support/gnupg/gnupg_2.0.19.bb index 996a8e80dc..6b0ce668f5 100644 --- a/meta/recipes-support/gnupg/gnupg_2.0.19.bb +++ b/meta/recipes-support/gnupg/gnupg_2.0.19.bb @@ -11,7 +11,8 @@ PR = "r4" inherit autotools gettext -SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2" +SRC_URI = "ftp://ftp.gnupg.org/gcrypt/${BPN}/${BPN}-${PV}.tar.bz2 \ + file://cve-2012-6085.patch" SRC_URI[md5sum] = "6a8589381ca1b0c1a921e9955f42b016" SRC_URI[sha256sum] = "efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622" |