diff options
| -rw-r--r-- | meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch | 44 | ||||
| -rw-r--r-- | meta/recipes-support/gnupg/gnupg_1.4.7.bb | 4 |
2 files changed, 47 insertions, 1 deletions
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch new file mode 100644 index 0000000000..b29ede4233 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch @@ -0,0 +1,44 @@ +Upstream-Status: Backport + +Index: gnupg-1.4.7/g10/getkey.c +=================================================================== +--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800 ++++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800 +@@ -1454,7 +1454,11 @@ + + if(flags) + key_usage |= PUBKEY_USAGE_UNKNOWN; ++ if (!key_usage) ++ key_usage |= PUBKEY_USAGE_NONE; + } ++ else if (p) ++ key_usage |= PUBKEY_USAGE_NONE; + + /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a + capability that we do not handle. This serves to distinguish +Index: gnupg-1.4.7/g10/keygen.c +=================================================================== +--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800 ++++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800 +@@ -209,9 +209,6 @@ + if (use & PUBKEY_USAGE_AUTH) + buf[0] |= 0x20; + +- if (!buf[0]) +- return; +- + build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); + } + +Index: gnupg-1.4.7/include/cipher.h +=================================================================== +--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800 ++++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800 +@@ -52,6 +52,7 @@ + #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ + #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */ + #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */ ++#define PUBKEY_USAGE_NONE 256 /* No usage given. */ + + #define DIGEST_ALGO_MD5 1 + #define DIGEST_ALGO_SHA1 2 diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb index fcc5fba9dd..83d8fabb5d 100644 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb @@ -14,7 +14,9 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ file://configure.patch \ file://mips_gcc4.4.patch \ file://GnuPG1-CVE-2012-6085.patch \ - file://curl_typeof_fix_backport.patch" + file://curl_typeof_fix_backport.patch \ + file://CVE-2013-4351.patch \ + " SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" |