head 1.6; access; symbols OPENPKG_E1_MP:1.4 OPENPKG_E1_MP_HEAD:1.4; locks; strict; comment @# @; 1.6 date 2007.07.06.10.52.02; author rse; state dead; branches; next 1.5; commitid LdqzHtrshAwXeHos; 1.5 date 2007.02.01.08.29.07; author rse; state Exp; branches; next 1.4; commitid ELc5wZn9vtiPqL4s; 1.4 date 2006.12.07.19.42.20; author rse; state Exp; branches; next 1.3; commitid waBpOqNgnSEnXCXr; 1.3 date 2006.11.29.08.22.28; author rse; state Exp; branches; next 1.2; commitid 49cCuNccYsM5sxWr; 1.2 date 2006.11.28.07.11.10; author rse; state Exp; branches; next 1.1; commitid Es26iHRVSrMC5pWr; 1.1 date 2006.11.15.20.52.51; author rse; state Exp; branches; next ; commitid WNdUqaV0RtZp3OUr; desc @@ 1.6 log @remove gnupg2 @ text @Index: agent/genkey.c --- agent/genkey.c.orig 2007-01-25 10:43:10 +0100 +++ agent/genkey.c 2007-02-01 09:23:19 +0100 @@@@ -87,12 +87,9 @@@@ if (utf8_charcount (pw) < minlen ) { char *desc = xtryasprintf - ( ngettext ("Warning: You have entered a passphrase that%%0A" + ( "Warning: You have entered a passphrase that%%0A" "is obviously not secure. A passphrase should%%0A" - "be at least %u character long.", - "Warning: You have entered a passphrase that%%0A" - "is obviously not secure. A passphrase should%%0A" - "be at least %u characters long.", minlen), minlen ); + "be at least %u characters long.", minlen ); if (!desc) return gpg_error_from_syserror (); Index: configure --- configure.orig 2007-01-31 15:09:31 +0100 +++ configure 2007-02-01 09:17:47 +0100 @@@@ -6916,13 +6916,13 @@@@ # Check wether it is necessary to link against libdl. # gnupg_dlopen_save_libs="$LIBS" -LIBS="" { echo "$as_me:$LINENO: checking for library containing dlopen" >&5 echo $ECHO_N "checking for library containing dlopen... $ECHO_C" >&6; } if test "${ac_cv_search_dlopen+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_func_search_save_LIBS=$LIBS + LIBS="" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF @ 1.5 log @upgrading package: gnupg2 2.0.1 -> 2.0.2 @ text @@ 1.4 log @Security Fix (CVE-2006-6235) @ text @d1 18 d20 3 a22 4 --- configure.orig 2006-11-28 17:05:22 +0100 +++ configure 2006-11-29 09:11:52 +0100 @@@@ -6915,13 +6915,13 @@@@ # d25 1 a36 255 ----------------------------------------------------------------------------- Security Fix (CVE-2006-6235) Index: g10/encr-data.c --- g10/encr-data.c (revision 4352) +++ g10/encr-data.c (working copy) @@@@ -39,16 +39,37 @@@@ static int decode_filter ( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len); -typedef struct +typedef struct decode_filter_context_s { gcry_cipher_hd_t cipher_hd; gcry_md_hd_t mdc_hash; char defer[22]; int defer_filled; int eof_seen; -} decode_filter_ctx_t; + int refcount; +} *decode_filter_ctx_t; +/* Helper to release the decode context. */ +static void +release_dfx_context (decode_filter_ctx_t dfx) +{ + if (!dfx) + return; + + assert (dfx->refcount); + if ( !--dfx->refcount ) + { + gcry_cipher_close (dfx->cipher_hd); + dfx->cipher_hd = NULL; + gcry_md_close (dfx->mdc_hash); + dfx->mdc_hash = NULL; + xfree (dfx); + } +} + + + /**************** * Decrypt the data, specified by ED with the key DEK. */ @@@@ -62,7 +83,11 @@@@ unsigned blocksize; unsigned nprefix; - memset( &dfx, 0, sizeof dfx ); + dfx = xtrycalloc (1, sizeof *dfx); + if (!dfx) + return gpg_error_from_syserror (); + dfx->refcount = 1; + if ( opt.verbose && !dek->algo_info_printed ) { const char *s = gcry_cipher_algo_name (dek->algo); @@@@ -77,20 +102,20 @@@@ goto leave; blocksize = gcry_cipher_get_algo_blklen (dek->algo); if ( !blocksize || blocksize > 16 ) - log_fatal("unsupported blocksize %u\n", blocksize ); + log_fatal ("unsupported blocksize %u\n", blocksize ); nprefix = blocksize; if ( ed->len && ed->len < (nprefix+2) ) BUG(); if ( ed->mdc_method ) { - if (gcry_md_open (&dfx.mdc_hash, ed->mdc_method, 0 )) + if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 )) BUG (); if ( DBG_HASHING ) - gcry_md_start_debug (dfx.mdc_hash, "checkmdc"); + gcry_md_start_debug (dfx->mdc_hash, "checkmdc"); } - rc = gcry_cipher_open (&dfx.cipher_hd, dek->algo, + rc = gcry_cipher_open (&dfx->cipher_hd, dek->algo, GCRY_CIPHER_MODE_CFB, (GCRY_CIPHER_SECURE | ((ed->mdc_method || dek->algo >= 100)? @@@@ -104,7 +129,7 @@@@ /* log_hexdump( "thekey", dek->key, dek->keylen );*/ - rc = gcry_cipher_setkey (dfx.cipher_hd, dek->key, dek->keylen); + rc = gcry_cipher_setkey (dfx->cipher_hd, dek->key, dek->keylen); if ( gpg_err_code (rc) == GPG_ERR_WEAK_KEY ) { log_info(_("WARNING: message was encrypted with" @@@@ -123,7 +148,7 @@@@ goto leave; } - gcry_cipher_setiv (dfx.cipher_hd, NULL, 0); + gcry_cipher_setiv (dfx->cipher_hd, NULL, 0); if ( ed->len ) { @@@@ -144,8 +169,8 @@@@ temp[i] = c; } - gcry_cipher_decrypt (dfx.cipher_hd, temp, nprefix+2, NULL, 0); - gcry_cipher_sync (dfx.cipher_hd); + gcry_cipher_decrypt (dfx->cipher_hd, temp, nprefix+2, NULL, 0); + gcry_cipher_sync (dfx->cipher_hd); p = temp; /* log_hexdump( "prefix", temp, nprefix+2 ); */ if (dek->symmetric @@@@ -155,17 +180,18 @@@@ goto leave; } - if ( dfx.mdc_hash ) - gcry_md_write (dfx.mdc_hash, temp, nprefix+2); - + if ( dfx->mdc_hash ) + gcry_md_write (dfx->mdc_hash, temp, nprefix+2); + + dfx->refcount++; if ( ed->mdc_method ) - iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx ); + iobuf_push_filter ( ed->buf, mdc_decode_filter, dfx ); else - iobuf_push_filter( ed->buf, decode_filter, &dfx ); + iobuf_push_filter ( ed->buf, decode_filter, dfx ); proc_packets ( procctx, ed->buf ); ed->buf = NULL; - if ( ed->mdc_method && dfx.eof_seen == 2 ) + if ( ed->mdc_method && dfx->eof_seen == 2 ) rc = gpg_error (GPG_ERR_INV_PACKET); else if ( ed->mdc_method ) { @@@@ -184,26 +210,28 @@@@ bytes are appended. */ int datalen = gcry_md_get_algo_dlen (ed->mdc_method); - gcry_cipher_decrypt (dfx.cipher_hd, dfx.defer, 22, NULL, 0); - gcry_md_write (dfx.mdc_hash, dfx.defer, 2); - gcry_md_final (dfx.mdc_hash); + assert (dfx->cipher_hd); + assert (dfx->mdc_hash); + gcry_cipher_decrypt (dfx->cipher_hd, dfx->defer, 22, NULL, 0); + gcry_md_write (dfx->mdc_hash, dfx->defer, 2); + gcry_md_final (dfx->mdc_hash); - if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' ) + if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' ) { log_error("mdc_packet with invalid encoding\n"); rc = gpg_error (GPG_ERR_INV_PACKET); } else if (datalen != 20 - || memcmp (gcry_md_read (dfx.mdc_hash, 0),dfx.defer+2,datalen)) + || memcmp (gcry_md_read (dfx->mdc_hash, 0), + dfx->defer+2,datalen )) rc = gpg_error (GPG_ERR_BAD_SIGNATURE); - /* log_printhex("MDC message:", dfx.defer, 22); */ - /* log_printhex("MDC calc:", gcry_md_read (dfx.mdc_hash,0), datalen); */ + /* log_printhex("MDC message:", dfx->defer, 22); */ + /* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */ } leave: - gcry_cipher_close (dfx.cipher_hd); - gcry_md_close (dfx.mdc_hash); + release_dfx_context (dfx); return rc; } @@@@ -214,7 +242,7 @@@@ mdc_decode_filter (void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) { - decode_filter_ctx_t *dfx = opaque; + decode_filter_ctx_t dfx = opaque; size_t n, size = *ret_len; int rc = 0; int c; @@@@ -226,11 +254,11 @@@@ } else if( control == IOBUFCTRL_UNDERFLOW ) { - assert(a); - assert( size > 44 ); + assert (a); + assert ( size > 44 ); /* Get at least 22 bytes and put it somewhere ahead in the buffer. */ - for(n=22; n < 44 ; n++ ) + for (n=22; n < 44 ; n++ ) { if( (c = iobuf_get(a)) == -1 ) break; @@@@ -279,8 +307,10 @@@@ if ( n ) { - gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0); - gcry_md_write (dfx->mdc_hash, buf, n); + if ( dfx->cipher_hd ) + gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0); + if ( dfx->mdc_hash ) + gcry_md_write (dfx->mdc_hash, buf, n); } else { @@@@ -289,6 +319,10 @@@@ } *ret_len = n; } + else if ( control == IOBUFCTRL_FREE ) + { + release_dfx_context (dfx); + } else if ( control == IOBUFCTRL_DESC ) { *(char**)buf = "mdc_decode_filter"; @@@@ -300,7 +334,7 @@@@ static int decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) { - decode_filter_ctx_t *fc = opaque; + decode_filter_ctx_t fc = opaque; size_t n, size = *ret_len; int rc = 0; @@@@ -311,11 +345,18 @@@@ if ( n == -1 ) n = 0; if ( n ) - gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0); + { + if (fc->cipher_hd) + gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0); + } else rc = -1; /* EOF */ *ret_len = n; } + else if ( control == IOBUFCTRL_FREE ) + { + release_dfx_context (fc); + } else if ( control == IOBUFCTRL_DESC ) { *(char**)buf = "decode_filter"; @ 1.3 log @upgrading package: gnupg2 2.0.0 -> 2.0.1 @ text @d19 255 @ 1.2 log @Security Fix @ text @d2 3 a4 3 --- configure.orig 2006-11-11 14:37:23 +0100 +++ configure 2006-11-15 20:58:27 +0100 @@@@ -5929,13 +5929,13 @@@@ d9 2 a10 2 echo "$as_me:$LINENO: checking for library containing dlopen" >&5 echo $ECHO_N "checking for library containing dlopen... $ECHO_C" >&6 a15 1 ac_cv_search_dlopen=no d18 1 a18 19 ----------------------------------------------------------------------------- Security Fix http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html Index: g10/openfile.c --- g10/openfile.c.orig 2006-07-31 16:00:19 +0200 +++ g10/openfile.c 2006-11-28 08:04:21 +0100 @@@@ -144,8 +144,8 @@@@ s = _("Enter new filename"); - n = strlen(s) + namelen + 10; defname = name && namelen? make_printable_string( name, namelen, 0): NULL; + n = strlen(s) + (defname ? strlen(defname) : 0) + 10; prompt = xmalloc(n); if( defname ) sprintf(prompt, "%s [%s]: ", s, defname ); @ 1.1 log @new package: gnupg2 2.0.0 (GNU Privacy Guard) @ text @d19 19 @