From 259aebc9dbcaeb1587aaaab849942f55fa321724 Mon Sep 17 00:00:00 2001 From: Ming Liu Date: Wed, 26 Mar 2014 16:32:12 +0800 Subject: gnupg: CVE-2013-4351 GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. Signed-off-by: Ming Liu Signed-off-by: Jackie Huang Signed-off-by: Richard Purdie --- .../gnupg/gnupg-1.4.7/CVE-2013-4351.patch | 44 ++++++++++++++++++++++ meta/recipes-support/gnupg/gnupg_1.4.7.bb | 4 +- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch (limited to 'meta') diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch new file mode 100644 index 0000000000..b29ede4233 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch @@ -0,0 +1,44 @@ +Upstream-Status: Backport + +Index: gnupg-1.4.7/g10/getkey.c +=================================================================== +--- gnupg-1.4.7.orig/g10/getkey.c 2007-03-05 16:54:41.000000000 +0800 ++++ gnupg-1.4.7/g10/getkey.c 2013-11-28 14:41:59.640212240 +0800 +@@ -1454,7 +1454,11 @@ + + if(flags) + key_usage |= PUBKEY_USAGE_UNKNOWN; ++ if (!key_usage) ++ key_usage |= PUBKEY_USAGE_NONE; + } ++ else if (p) ++ key_usage |= PUBKEY_USAGE_NONE; + + /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a + capability that we do not handle. This serves to distinguish +Index: gnupg-1.4.7/g10/keygen.c +=================================================================== +--- gnupg-1.4.7.orig/g10/keygen.c 2007-02-05 00:27:40.000000000 +0800 ++++ gnupg-1.4.7/g10/keygen.c 2013-11-28 14:43:05.016670092 +0800 +@@ -209,9 +209,6 @@ + if (use & PUBKEY_USAGE_AUTH) + buf[0] |= 0x20; + +- if (!buf[0]) +- return; +- + build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); + } + +Index: gnupg-1.4.7/include/cipher.h +=================================================================== +--- gnupg-1.4.7.orig/include/cipher.h 2006-04-21 20:39:49.000000000 +0800 ++++ gnupg-1.4.7/include/cipher.h 2013-11-28 14:49:24.159322744 +0800 +@@ -52,6 +52,7 @@ + #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ + #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */ + #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */ ++#define PUBKEY_USAGE_NONE 256 /* No usage given. */ + + #define DIGEST_ALGO_MD5 1 + #define DIGEST_ALGO_SHA1 2 diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb index fcc5fba9dd..83d8fabb5d 100644 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb @@ -14,7 +14,9 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ file://configure.patch \ file://mips_gcc4.4.patch \ file://GnuPG1-CVE-2012-6085.patch \ - file://curl_typeof_fix_backport.patch" + file://curl_typeof_fix_backport.patch \ + file://CVE-2013-4351.patch \ + " SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" SRC_URI[sha256sum] = "69d18b7d193f62ca27ed4febcb4c9044aa0c95305d3258fe902e2fae5fc6468d" -- cgit v1.2.3