diff options
| author | Ido Rosen | 2014-12-06 15:02:54 -0500 |
|---|---|---|
| committer | Ido Rosen | 2014-12-29 04:06:50 -0500 |
| commit | f982e9aefefbbd6081ed3ae0231dea10a74874b9 (patch) | |
| tree | bdf6f59566859b570d2fe8f287caa25227560e76 | |
| parent | 3c939d04d223d47fac1e23d273b74888e5f1c216 (diff) | |
| download | aur-f982e9aefefbbd6081ed3ae0231dea10a74874b9.tar.gz | |
Upstream changes to gnupg.
| -rw-r--r-- | .SRCINFO | 47 | ||||
| -rw-r--r-- | PKGBUILD | 47 | ||||
| -rw-r--r-- | PKGBUILD.sig | bin | 543 -> 543 bytes | |||
| -rw-r--r-- | hash-ecdsa.patch | 48 | ||||
| -rw-r--r-- | install | 28 | ||||
| -rw-r--r-- | install.sig | bin | 543 -> 543 bytes | |||
| -rw-r--r-- | oid2str-overflow.patch | 72 | ||||
| -rw-r--r-- | refresh-keys.patch | 238 | ||||
| -rw-r--r-- | subpacket-off.patch | 38 |
9 files changed, 464 insertions, 54 deletions
@@ -1,46 +1,45 @@ pkgbase = gnupg-largekeys pkgdesc = Complete and free implementation of the OpenPGP standard - pkgver = 2.0.26 - pkgrel = 1 + pkgver = 2.1.0 + pkgrel = 6 url = http://www.gnupg.org/ install = install arch = i686 arch = x86_64 license = GPL - makedepends = curl makedepends = libldap makedepends = libusb-compat - depends = bzip2 - depends = libksba + depends = npth + depends = libgpg-error depends = libgcrypt - depends = pth + depends = libksba depends = libassuan - depends = readline depends = pinentry - depends = dirmngr - optdepends = curl: gpg2keys_curl + depends = bzip2 + depends = readline optdepends = libldap: gpg2keys_ldap optdepends = libusb-compat: scdaemon - provides = gnupg2=2.0.26 - provides = gnupg=2.0.26 + provides = dirmngr + provides = gnupg2=2.1.0 + provides = gnupg=2.1.0 + conflicts = dirmngr conflicts = gnupg2 conflicts = gnupg + replaces = dirmngr replaces = gnupg2 replaces = gnupg - source = ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.26.tar.bz2 - source = ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.26.tar.bz2.sig - source = gnupg2-large-keys.patch - source = gnupg2-large-keys.patch.sig - source = install - source = install.sig - source = PKGBUILD.sig - sha1sums = 3ff5b38152c919724fd09cf2f17df704272ba192 - sha1sums = SKIP - sha1sums = 5932d322a6d4ec5eeafa4ac472f19c07bf4502af - sha1sums = SKIP - sha1sums = ff80fc79329cfa631c19ae1ea6fc4a390ab851f7 - sha1sums = SKIP + source = ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2 + source = ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2.sig + source = oid2str-overflow.patch + source = subpacket-off.patch + source = refresh-keys.patch + source = hash-ecdsa.patch + sha1sums = 2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33 sha1sums = SKIP + sha1sums = 774f7fe541428f45ee145c763cf5634264e3bc69 + sha1sums = 1a86b834904c7d18d932ad1bb44d3642990d3cbd + sha1sums = 246bea8776882f4c0293685482558f6ead1cf902 + sha1sums = b9bd644276aa1c1a3fcaed82e65eecccfd1f36ed pkgname = gnupg-largekeys @@ -11,35 +11,47 @@ # pkgname=gnupg-largekeys -pkgver=2.0.26 -pkgrel=1 +pkgver=2.1.0 +pkgrel=6 pkgdesc='Complete and free implementation of the OpenPGP standard' url='http://www.gnupg.org/' license=('GPL') arch=('i686' 'x86_64') -optdepends=('curl: gpg2keys_curl' - 'libldap: gpg2keys_ldap' +optdepends=('libldap: gpg2keys_ldap' 'libusb-compat: scdaemon') -makedepends=('curl' 'libldap' 'libusb-compat') -depends=('bzip2' 'libksba' 'libgcrypt' 'pth' 'libassuan' 'readline' 'pinentry' 'dirmngr') +makedepends=('libldap' 'libusb-compat') +depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' + 'pinentry' 'bzip2' 'readline') source=("ftp://ftp.gnupg.org/gcrypt/${pkgname%%-largekeys}/${pkgname%%-largekeys}-${pkgver}.tar.bz2"{,.sig} - 'gnupg2-large-keys.patch'{,.sig} - 'install'{,.sig} - 'PKGBUILD.sig') -sha1sums=('3ff5b38152c919724fd09cf2f17df704272ba192' 'SKIP' - '5932d322a6d4ec5eeafa4ac472f19c07bf4502af' 'SKIP' - 'ff80fc79329cfa631c19ae1ea6fc4a390ab851f7' 'SKIP' - 'SKIP') + 'oid2str-overflow.patch' + 'subpacket-off.patch' + 'refresh-keys.patch' + 'hash-ecdsa.patch') + #'gnupg2-large-keys.patch'{,.sig} + #'install'{,.sig} + #'PKGBUILD.sig') +sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP' + '774f7fe541428f45ee145c763cf5634264e3bc69' + '1a86b834904c7d18d932ad1bb44d3642990d3cbd' + '246bea8776882f4c0293685482558f6ead1cf902' + 'b9bd644276aa1c1a3fcaed82e65eecccfd1f36ed') + #'5932d322a6d4ec5eeafa4ac472f19c07bf4502af' 'SKIP' + #'9409c0fab2ae8e580f4b00bd15b4a590f097a9a9' 'SKIP' + #'SKIP') install=install -conflicts=('gnupg2' 'gnupg') -provides=("gnupg2=${pkgver}" "gnupg=${pkgver}") -replaces=('gnupg2' 'gnupg') +conflicts=('dirmngr' 'gnupg2' 'gnupg') +provides=('dirmngr' "gnupg2=${pkgver}" "gnupg=${pkgver}") +replaces=('dirmngr' 'gnupg2' 'gnupg') prepare() { cd "${srcdir}/${pkgname%%-largekeys}-${pkgver}" - patch -p1 -i ../gnupg2-large-keys.patch + patch -p1 -i ../oid2str-overflow.patch + patch -p1 -i ../subpacket-off.patch + patch -p1 -i ../refresh-keys.patch + patch -p1 -i ../hash-ecdsa.patch + #patch -p1 -i ../gnupg2-large-keys.patch } build() { @@ -50,7 +62,6 @@ build() { --sbindir=/usr/bin \ --libexecdir=/usr/lib/gnupg \ --enable-maintainer-mode \ - --enable-standard-socket \ --enable-symcryptrun \ --enable-gpgtar \ diff --git a/PKGBUILD.sig b/PKGBUILD.sig Binary files differindex 89ef5022bf98..fe6e7fb79906 100644 --- a/PKGBUILD.sig +++ b/PKGBUILD.sig diff --git a/hash-ecdsa.patch b/hash-ecdsa.patch new file mode 100644 index 000000000000..c451a18b80e7 --- /dev/null +++ b/hash-ecdsa.patch @@ -0,0 +1,48 @@ +From: Werner Koch <wk@gnupg.org> +Date: Wed, 19 Nov 2014 09:34:32 +0000 (+0100) +Subject: gpg: Fix hash detection for ECDSA. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=f80c2dd78d522f12b2c7afbd5c0763a97d87d2bd;hp=cd2c6f36fe5d1d1d45546f5168aead5cbe6487e0 + +gpg: Fix hash detection for ECDSA. + +* g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA. +-- + +This error was introduced with +commit b7f8dec6325f1c80640f878ed3080bbc194fbc78 +while separating EdDSA from ECDSA. + +Found due to a related bug report from Brian Minton. + +Signed-off-by: Werner Koch <wk@gnupg.org> +--- + +diff --git a/g10/sign.c b/g10/sign.c +index e7d4a68..2e62f04 100644 +--- a/g10/sign.c ++++ b/g10/sign.c +@@ -899,13 +899,12 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, + for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) + { + if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_DSA +- || (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_EDDSA +- && !openpgp_oid_is_ed25519 (sk_rover->pk->pkey[1]))) ++ || sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA) + { + int temp_hashlen = (gcry_mpi_get_nbits + (sk_rover->pk->pkey[1])); + +- if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_EDDSA) ++ if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA) + temp_hashlen = ecdsa_qbits_from_Q (temp_hashlen); + temp_hashlen = (temp_hashlen+7)/8; + +@@ -915,7 +914,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, + if (hint.digest_length<temp_hashlen) + hint.digest_length=temp_hashlen; + } +- /* FIXME: need toall gpg-agent */ ++ /* FIXME: need to check gpg-agent for this. */ + /* else if (sk_rover->pk->is_protected */ + /* && sk_rover->pk->protect.s2k.mode == 1002) */ + /* smartcard = 1; */ @@ -2,21 +2,25 @@ info_dir=/usr/share/info info_files=(gnupg.info gnupg.info-1 gnupg.info-2) post_install() { - [ -x usr/bin/install-info ] || return 0 - for f in ${info_files[@]}; do - usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null - done + [ -x usr/bin/install-info ] || return 0 + for f in ${info_files[@]}; do + usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null + done echo -e "\e[1mNOTE: Keys larger than 16384 bits fail on unpatched gnupg versions!\e[0m" } -post_upgrade() { - post_install $1 - echo -e "\e[1mNOTE: Keys larger than 16384 bits fail on unpatched gnupg versions!\e[0m" +pre_remove() { + [ -x usr/bin/install-info ] || return 0 + for f in ${info_files[@]}; do + usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null + done } -pre_remove() { - [ -x usr/bin/install-info ] || return 0 - for f in ${info_files[@]}; do - usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null - done +post_upgrade() { + post_install + + # Fix upgrade to 2.1; see FS#42798 + [ $(vercmp $2 2.1.0-4) = -1 ] && + dirmngr </dev/null &>/dev/null || + return 0 } diff --git a/install.sig b/install.sig Binary files differindex 17ce0153ba4f..bff9c38923ee 100644 --- a/install.sig +++ b/install.sig diff --git a/oid2str-overflow.patch b/oid2str-overflow.patch new file mode 100644 index 000000000000..797a18f87ea8 --- /dev/null +++ b/oid2str-overflow.patch @@ -0,0 +1,72 @@ +From: Werner Koch <wk@gnupg.org> +Date: Tue, 25 Nov 2014 10:58:56 +0000 (+0100) +Subject: Fix buffer overflow in openpgp_oid_to_str. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=8445ef24fc31e1fe0291e17f90f9f06b536e34da;hp=28dafd4714a9b01d3a6f1e6e5919bf6f909987c7 + +Fix buffer overflow in openpgp_oid_to_str. + +* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow. + +* common/t-openpgp-oid.c (BADOID): New. +(test_openpgp_oid_to_str): Add test cases. +-- + +The code has an obvious error by not considering invalid encoding for +arc-2. A first byte of 0x80 can be used to make a value of less then +80 and we then subtract 80 from that value as required by the OID +encoding rules. Due to the unsigned integer this results in a pretty +long value which won't fit anymore into the allocated buffer. + +The fix is obvious. Also added a few simple test cases. Note that we +keep on using sprintf instead of snprintf because managing the +remaining length of the buffer would probably be more error prone than +assuring that the buffer is large enough. Getting rid of sprintf +altogether by using direct conversion along with membuf_t like code +might be possible. + +Reported-by: Hanno Böck +Signed-off-by: Werner Koch <wk@gnupg.org> + +Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7 +--- + +diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c +index 010c23f..d3d1f2a 100644 +--- a/common/openpgp-oid.c ++++ b/common/openpgp-oid.c +@@ -236,6 +236,8 @@ openpgp_oid_to_str (gcry_mpi_t a) + val <<= 7; + val |= buf[n] & 0x7f; + } ++ if (val < 80) ++ goto badoid; + val -= 80; + sprintf (p, "2.%lu", val); + p += strlen (p); +diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c +index 79e5a70..5cd778d 100644 +--- a/common/t-openpgp-oid.c ++++ b/common/t-openpgp-oid.c +@@ -32,6 +32,9 @@ + } while(0) + + ++#define BADOID "1.3.6.1.4.1.11591.2.12242973" ++ ++ + static void + test_openpgp_oid_from_str (void) + { +@@ -108,6 +111,12 @@ test_openpgp_oid_to_str (void) + { "1.3.132.0.35", + { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 }}, + ++ { BADOID, ++ { 9, 0x80, 0x02, 0x70, 0x50, 0x25, 0x46, 0xfd, 0x0c, 0xc0 }}, ++ ++ { BADOID, ++ { 1, 0x80 }}, ++ + { NULL }}; + gcry_mpi_t a; + int idx; diff --git a/refresh-keys.patch b/refresh-keys.patch new file mode 100644 index 000000000000..2b0cc8fb79ca --- /dev/null +++ b/refresh-keys.patch @@ -0,0 +1,238 @@ +From eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b Mon Sep 17 00:00:00 2001 +From: Werner Koch <wk@gnupg.org> +Date: Wed, 12 Nov 2014 12:14:32 +0100 +Subject: [PATCH] gpg: Fix regression in --refresh-keys + +* g10/keyserver.c (keyserver_get): Factor all code out to ... +(keyserver_get_chunk): new. Extimate line length. +(keyserver_get): Split up requests into chunks. +-- + +Note that refreshing all keys still requires way to much memory +because we build an in-memory list of all keys first. It is required +to first get a list of all keys to avoid conflicts while updating the +key store in the process of receiving keys. A better strategy would +be a background process and tracking the last update in the key store. + +GnuPG-bug-id: 1755 +Signed-off-by: Werner Koch <wk@gnupg.org> +--- + g10/call-dirmngr.c | 2 +- + g10/keyserver.c | 107 ++++++++++++++++++++++++++++++++++++++++++---------- + 2 files changed, 89 insertions(+), 20 deletions(-) + +diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c +index 5bddbbe..71f5324 100644 +--- a/g10/call-dirmngr.c ++++ b/g10/call-dirmngr.c +@@ -429,7 +429,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen) + error an error code is returned and NULL stored at R_FP. + + The pattern may only use search specification which a keyserver can +- use to retriev keys. Because we know the format of the pattern we ++ use to retrieve keys. Because we know the format of the pattern we + don't need to escape the patterns before sending them to the + server. + +diff --git a/g10/keyserver.c b/g10/keyserver.c +index 1b2e128..5bc1eba 100644 +--- a/g10/keyserver.c ++++ b/g10/keyserver.c +@@ -1567,17 +1567,16 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens) + return err; + } + +- +- +-/* Retrieve a key from a keyserver. The search pattern are in +- (DESC,NDESC). Allowed search modes are keyid, fingerprint, and +- exact searches. KEYSERVER gives an optional override keyserver. If +- (R_FPR,R_FPRLEN) are not NULL, the may retrun the fingerprint of +- one imported key. */ ++/* Helper for keyserver_get. Here we only receive a chunk of the ++ description to be processed in one batch. This is required due to ++ the limited number of patterns the dirmngr interface (KS_GET) can ++ grok and to limit the amount of temporary required memory. */ + static gpg_error_t +-keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, +- struct keyserver_spec *keyserver, +- unsigned char **r_fpr, size_t *r_fprlen) ++keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, ++ int *r_ndesc_used, ++ void *stats_handle, ++ struct keyserver_spec *keyserver, ++ unsigned char **r_fpr, size_t *r_fprlen) + + { + gpg_error_t err = 0; +@@ -1585,12 +1584,26 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + int idx, npat; + estream_t datastream; + char *source = NULL; ++ size_t linelen; /* Estimated linelen for KS_GET. */ ++ size_t n; ++ ++#define MAX_KS_GET_LINELEN 950 /* Somewhat lower than the real limit. */ ++ ++ *r_ndesc_used = 0; + + /* Create an array filled with a search pattern for each key. The + array is delimited by a NULL entry. */ + pattern = xtrycalloc (ndesc+1, sizeof *pattern); + if (!pattern) + return gpg_error_from_syserror (); ++ ++ /* Note that we break the loop as soon as our estimation of the to ++ be used line length reaches the limit. But we do this only if we ++ have processed at leas one search requests so that an overlong ++ single request will be rejected only later by gpg_dirmngr_ks_get ++ but we are sure that R_NDESC_USED has been updated. This avoids ++ a possible indefinite loop. */ ++ linelen = 9; /* "KS_GET --" */ + for (npat=idx=0; idx < ndesc; idx++) + { + int quiet = 0; +@@ -1598,7 +1611,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20 + || desc[idx].mode == KEYDB_SEARCH_MODE_FPR16) + { +- pattern[npat] = xtrymalloc (2+2*20+1); ++ n = 1+2+2*20; ++ if (idx && linelen + n > MAX_KS_GET_LINELEN) ++ break; /* Declare end of this chunk. */ ++ linelen += n; ++ ++ pattern[npat] = xtrymalloc (n); + if (!pattern[npat]) + err = gpg_error_from_syserror (); + else +@@ -1612,6 +1630,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + } + else if(desc[idx].mode == KEYDB_SEARCH_MODE_LONG_KID) + { ++ n = 1+2+16; ++ if (idx && linelen + n > MAX_KS_GET_LINELEN) ++ break; /* Declare end of this chunk. */ ++ linelen += n; ++ + pattern[npat] = xtryasprintf ("0x%08lX%08lX", + (ulong)desc[idx].u.kid[0], + (ulong)desc[idx].u.kid[1]); +@@ -1622,6 +1645,11 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + } + else if(desc[idx].mode == KEYDB_SEARCH_MODE_SHORT_KID) + { ++ n = 1+2+8; ++ if (idx && linelen + n > MAX_KS_GET_LINELEN) ++ break; /* Declare end of this chunk. */ ++ linelen += n; ++ + pattern[npat] = xtryasprintf ("0x%08lX", (ulong)desc[idx].u.kid[1]); + if (!pattern[npat]) + err = gpg_error_from_syserror (); +@@ -1630,11 +1658,17 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + } + else if(desc[idx].mode == KEYDB_SEARCH_MODE_EXACT) + { +- /* The Dirmngr uses also classify_user_id to detect the type ++ /* The Dirmngr also uses classify_user_id to detect the type + of the search string. By adding the '=' prefix we force + Dirmngr's KS_GET to consider this an exact search string. + (In gpg 1.4 and gpg 2.0 the keyserver helpers used the + KS_GETNAME command to indicate this.) */ ++ ++ n = 1+1+strlen (desc[idx].u.name); ++ if (idx && linelen + n > MAX_KS_GET_LINELEN) ++ break; /* Declare end of this chunk. */ ++ linelen += n; ++ + pattern[npat] = strconcat ("=", desc[idx].u.name, NULL); + if (!pattern[npat]) + err = gpg_error_from_syserror (); +@@ -1669,6 +1703,9 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + } + } + ++ /* Remember now many of search items were considered. Note that ++ this is different from NPAT. */ ++ *r_ndesc_used = idx; + + err = gpg_dirmngr_ks_get (ctrl, pattern, &datastream, &source); + for (idx=0; idx < npat; idx++) +@@ -1679,11 +1716,8 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + + if (!err) + { +- void *stats_handle; + struct ks_retrieval_screener_arg_s screenerarg; + +- stats_handle = import_new_stats_handle(); +- + /* FIXME: Check whether this comment should be moved to dirmngr. + + Slurp up all the key data. In the future, it might be nice +@@ -1697,15 +1731,12 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + keyservers. */ + + screenerarg.desc = desc; +- screenerarg.ndesc = ndesc; ++ screenerarg.ndesc = *r_ndesc_used; + import_keys_es_stream (ctrl, datastream, stats_handle, + r_fpr, r_fprlen, + (opt.keyserver_options.import_options + | IMPORT_NO_SECKEY), + keyserver_retrieval_screener, &screenerarg); +- +- import_print_stats (stats_handle); +- import_release_stats_handle (stats_handle); + } + es_fclose (datastream); + xfree (source); +@@ -1714,6 +1745,44 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, + } + + ++/* Retrieve a key from a keyserver. The search pattern are in ++ (DESC,NDESC). Allowed search modes are keyid, fingerprint, and ++ exact searches. KEYSERVER gives an optional override keyserver. If ++ (R_FPR,R_FPRLEN) are not NULL, they may return the fingerprint of a ++ single imported key. */ ++static gpg_error_t ++keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, ++ struct keyserver_spec *keyserver, ++ unsigned char **r_fpr, size_t *r_fprlen) ++{ ++ gpg_error_t err; ++ void *stats_handle; ++ int ndesc_used; ++ int any_good = 0; ++ ++ stats_handle = import_new_stats_handle(); ++ ++ for (;;) ++ { ++ err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle, ++ keyserver, r_fpr, r_fprlen); ++ if (!err) ++ any_good = 1; ++ if (err || ndesc_used >= ndesc) ++ break; /* Error or all processed. */ ++ /* Prepare for the next chunk. */ ++ desc += ndesc_used; ++ ndesc -= ndesc_used; ++ } ++ ++ if (any_good) ++ import_print_stats (stats_handle); ++ ++ import_release_stats_handle (stats_handle); ++ return err; ++} ++ ++ + /* Send all keys specified by KEYSPECS to the KEYSERVERS. */ + static gpg_error_t + keyserver_put (ctrl_t ctrl, strlist_t keyspecs, +-- +1.7.10.4 + diff --git a/subpacket-off.patch b/subpacket-off.patch new file mode 100644 index 000000000000..a9794d0c7ac3 --- /dev/null +++ b/subpacket-off.patch @@ -0,0 +1,38 @@ +From: Werner Koch <wk@gnupg.org> +Date: Mon, 24 Nov 2014 16:28:25 +0000 (+0100) +Subject: gpg: Fix off-by-one read in the attribute subpacket parser. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=0988764397f99db4efef1eabcdb8072d6159af76;hp=b716e6a69919b89c7887d6c7c9b97e58d18fdf95 + +gpg: Fix off-by-one read in the attribute subpacket parser. + +* g10/parse-packet.c (parse_attribute_subpkts): Check that the +attribute packet is large enough for the subpacket type. +-- + +Reported-by: Hanno Böck +Signed-off-by: Werner Koch <wk@gnupg.org> +--- + +diff --git a/g10/parse-packet.c b/g10/parse-packet.c +index e0370aa..f75e21c 100644 +--- a/g10/parse-packet.c ++++ b/g10/parse-packet.c +@@ -2359,8 +2359,16 @@ parse_attribute_subpkts (PKT_user_id * uid) + if (buflen < n) + goto too_short; + +- attribs = +- xrealloc (attribs, (count + 1) * sizeof (struct user_attribute)); ++ if (!n) ++ { ++ /* Too short to encode the subpacket type. */ ++ if (opt.verbose) ++ log_info ("attribute subpacket too short\n"); ++ break; ++ } ++ ++ attribs = xrealloc (attribs, ++ (count + 1) * sizeof (struct user_attribute)); + memset (&attribs[count], 0, sizeof (struct user_attribute)); + + type = *buffer; |