From d14df1ec133594d9826ae0af323dba2b5981bb6c Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Sat, 3 Feb 2007 02:50:53 +0000 Subject: [PATCH] - gnupg-2.0.2 --- .cvsignore | 4 +- gnupg-2.0.1-CVE-2006-6235.patch | 260 -------------------------------- gnupg2.spec | 19 ++- sources | 4 +- 4 files changed, 13 insertions(+), 274 deletions(-) delete mode 100644 gnupg-2.0.1-CVE-2006-6235.patch diff --git a/.cvsignore b/.cvsignore index 70a8bf2..405aac8 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,3 +1,3 @@ clog -gnupg-2.0.1.tar.bz2 -gnupg-2.0.1.tar.bz2.sig +gnupg-2.0.2.tar.bz2 +gnupg-2.0.2.tar.bz2.sig diff --git a/gnupg-2.0.1-CVE-2006-6235.patch b/gnupg-2.0.1-CVE-2006-6235.patch deleted file mode 100644 index c7a7f5c..0000000 --- a/gnupg-2.0.1-CVE-2006-6235.patch +++ /dev/null @@ -1,260 +0,0 @@ -This is a patch against GnuPG 2.0.1. Change the directory to g10/ and -apply this patch. - -2006-12-02 Werner Koch - - * encr-data.c: Allocate DFX context on the heap and not on the - stack. Changes at several places. Fixes CVE-2006-6235. - - -Index: encr-data.c -=================================================================== ---- encr-data.c (revision 4352) -+++ encr-data.c (working copy) -@@ -39,16 +39,37 @@ - static int decode_filter ( void *opaque, int control, IOBUF a, - byte *buf, size_t *ret_len); - --typedef struct -+typedef struct decode_filter_context_s - { - gcry_cipher_hd_t cipher_hd; - gcry_md_hd_t mdc_hash; - char defer[22]; - int defer_filled; - int eof_seen; --} decode_filter_ctx_t; -+ int refcount; -+} *decode_filter_ctx_t; - - -+/* Helper to release the decode context. */ -+static void -+release_dfx_context (decode_filter_ctx_t dfx) -+{ -+ if (!dfx) -+ return; -+ -+ assert (dfx->refcount); -+ if ( !--dfx->refcount ) -+ { -+ gcry_cipher_close (dfx->cipher_hd); -+ dfx->cipher_hd = NULL; -+ gcry_md_close (dfx->mdc_hash); -+ dfx->mdc_hash = NULL; -+ xfree (dfx); -+ } -+} -+ -+ -+ - /**************** - * Decrypt the data, specified by ED with the key DEK. - */ -@@ -62,7 +83,11 @@ - unsigned blocksize; - unsigned nprefix; - -- memset( &dfx, 0, sizeof dfx ); -+ dfx = xtrycalloc (1, sizeof *dfx); -+ if (!dfx) -+ return gpg_error_from_syserror (); -+ dfx->refcount = 1; -+ - if ( opt.verbose && !dek->algo_info_printed ) - { - const char *s = gcry_cipher_algo_name (dek->algo); -@@ -77,20 +102,20 @@ - goto leave; - blocksize = gcry_cipher_get_algo_blklen (dek->algo); - if ( !blocksize || blocksize > 16 ) -- log_fatal("unsupported blocksize %u\n", blocksize ); -+ log_fatal ("unsupported blocksize %u\n", blocksize ); - nprefix = blocksize; - if ( ed->len && ed->len < (nprefix+2) ) - BUG(); - - if ( ed->mdc_method ) - { -- if (gcry_md_open (&dfx.mdc_hash, ed->mdc_method, 0 )) -+ if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 )) - BUG (); - if ( DBG_HASHING ) -- gcry_md_start_debug (dfx.mdc_hash, "checkmdc"); -+ gcry_md_start_debug (dfx->mdc_hash, "checkmdc"); - } - -- rc = gcry_cipher_open (&dfx.cipher_hd, dek->algo, -+ rc = gcry_cipher_open (&dfx->cipher_hd, dek->algo, - GCRY_CIPHER_MODE_CFB, - (GCRY_CIPHER_SECURE - | ((ed->mdc_method || dek->algo >= 100)? -@@ -104,7 +129,7 @@ - - - /* log_hexdump( "thekey", dek->key, dek->keylen );*/ -- rc = gcry_cipher_setkey (dfx.cipher_hd, dek->key, dek->keylen); -+ rc = gcry_cipher_setkey (dfx->cipher_hd, dek->key, dek->keylen); - if ( gpg_err_code (rc) == GPG_ERR_WEAK_KEY ) - { - log_info(_("WARNING: message was encrypted with" -@@ -123,7 +148,7 @@ - goto leave; - } - -- gcry_cipher_setiv (dfx.cipher_hd, NULL, 0); -+ gcry_cipher_setiv (dfx->cipher_hd, NULL, 0); - - if ( ed->len ) - { -@@ -144,8 +169,8 @@ - temp[i] = c; - } - -- gcry_cipher_decrypt (dfx.cipher_hd, temp, nprefix+2, NULL, 0); -- gcry_cipher_sync (dfx.cipher_hd); -+ gcry_cipher_decrypt (dfx->cipher_hd, temp, nprefix+2, NULL, 0); -+ gcry_cipher_sync (dfx->cipher_hd); - p = temp; - /* log_hexdump( "prefix", temp, nprefix+2 ); */ - if (dek->symmetric -@@ -155,17 +180,18 @@ - goto leave; - } - -- if ( dfx.mdc_hash ) -- gcry_md_write (dfx.mdc_hash, temp, nprefix+2); -- -+ if ( dfx->mdc_hash ) -+ gcry_md_write (dfx->mdc_hash, temp, nprefix+2); -+ -+ dfx->refcount++; - if ( ed->mdc_method ) -- iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx ); -+ iobuf_push_filter ( ed->buf, mdc_decode_filter, dfx ); - else -- iobuf_push_filter( ed->buf, decode_filter, &dfx ); -+ iobuf_push_filter ( ed->buf, decode_filter, dfx ); - - proc_packets ( procctx, ed->buf ); - ed->buf = NULL; -- if ( ed->mdc_method && dfx.eof_seen == 2 ) -+ if ( ed->mdc_method && dfx->eof_seen == 2 ) - rc = gpg_error (GPG_ERR_INV_PACKET); - else if ( ed->mdc_method ) - { -@@ -184,26 +210,28 @@ - bytes are appended. */ - int datalen = gcry_md_get_algo_dlen (ed->mdc_method); - -- gcry_cipher_decrypt (dfx.cipher_hd, dfx.defer, 22, NULL, 0); -- gcry_md_write (dfx.mdc_hash, dfx.defer, 2); -- gcry_md_final (dfx.mdc_hash); -+ assert (dfx->cipher_hd); -+ assert (dfx->mdc_hash); -+ gcry_cipher_decrypt (dfx->cipher_hd, dfx->defer, 22, NULL, 0); -+ gcry_md_write (dfx->mdc_hash, dfx->defer, 2); -+ gcry_md_final (dfx->mdc_hash); - -- if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' ) -+ if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' ) - { - log_error("mdc_packet with invalid encoding\n"); - rc = gpg_error (GPG_ERR_INV_PACKET); - } - else if (datalen != 20 -- || memcmp (gcry_md_read (dfx.mdc_hash, 0),dfx.defer+2,datalen)) -+ || memcmp (gcry_md_read (dfx->mdc_hash, 0), -+ dfx->defer+2,datalen )) - rc = gpg_error (GPG_ERR_BAD_SIGNATURE); -- /* log_printhex("MDC message:", dfx.defer, 22); */ -- /* log_printhex("MDC calc:", gcry_md_read (dfx.mdc_hash,0), datalen); */ -+ /* log_printhex("MDC message:", dfx->defer, 22); */ -+ /* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */ - } - - - leave: -- gcry_cipher_close (dfx.cipher_hd); -- gcry_md_close (dfx.mdc_hash); -+ release_dfx_context (dfx); - return rc; - } - -@@ -214,7 +242,7 @@ - mdc_decode_filter (void *opaque, int control, IOBUF a, - byte *buf, size_t *ret_len) - { -- decode_filter_ctx_t *dfx = opaque; -+ decode_filter_ctx_t dfx = opaque; - size_t n, size = *ret_len; - int rc = 0; - int c; -@@ -226,11 +254,11 @@ - } - else if( control == IOBUFCTRL_UNDERFLOW ) - { -- assert(a); -- assert( size > 44 ); -+ assert (a); -+ assert ( size > 44 ); - - /* Get at least 22 bytes and put it somewhere ahead in the buffer. */ -- for(n=22; n < 44 ; n++ ) -+ for (n=22; n < 44 ; n++ ) - { - if( (c = iobuf_get(a)) == -1 ) - break; -@@ -279,8 +307,10 @@ - - if ( n ) - { -- gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0); -- gcry_md_write (dfx->mdc_hash, buf, n); -+ if ( dfx->cipher_hd ) -+ gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0); -+ if ( dfx->mdc_hash ) -+ gcry_md_write (dfx->mdc_hash, buf, n); - } - else - { -@@ -289,6 +319,10 @@ - } - *ret_len = n; - } -+ else if ( control == IOBUFCTRL_FREE ) -+ { -+ release_dfx_context (dfx); -+ } - else if ( control == IOBUFCTRL_DESC ) - { - *(char**)buf = "mdc_decode_filter"; -@@ -300,7 +334,7 @@ - static int - decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) - { -- decode_filter_ctx_t *fc = opaque; -+ decode_filter_ctx_t fc = opaque; - size_t n, size = *ret_len; - int rc = 0; - -@@ -311,11 +345,18 @@ - if ( n == -1 ) - n = 0; - if ( n ) -- gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0); -+ { -+ if (fc->cipher_hd) -+ gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0); -+ } - else - rc = -1; /* EOF */ - *ret_len = n; - } -+ else if ( control == IOBUFCTRL_FREE ) -+ { -+ release_dfx_context (fc); -+ } - else if ( control == IOBUFCTRL_DESC ) - { - *(char**)buf = "decode_filter"; diff --git a/gnupg2.spec b/gnupg2.spec index bb60f4f..e033c75 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -1,7 +1,7 @@ ## Keep an eye on http://bugzilla.redhat.com/175744, ## in case these dirs go away or change -%if "%{?fedora}" > "3" || "%{?rhel}" > "4" +%if 0%{?fedora} > 3 || 0%{?rhel} > 4 %define kde_scriptdir %{_sysconfdir}/kde %else %define kde_scriptdir %{_prefix} @@ -9,8 +9,8 @@ Summary: Utility for secure communication and data storage Name: gnupg2 -Version: 2.0.1 -Release: 2%{?dist} +Version: 2.0.2 +Release: 1%{?dist} License: GPL Group: Applications/System @@ -24,7 +24,6 @@ Source10: gpg-agent-startup.sh Source11: gpg-agent-shutdown.sh Patch1: gnupg-1.9.16-testverbose.patch -Patch2: gnupg-2.0.1-CVE-2006-6235.patch Obsoletes: newpg < 0.9.5 @@ -82,14 +81,11 @@ dependency on other modules at run and build time. %setup -q -n gnupg-%{version}%{?beta} #patch1 -p1 -b .testverbose -pushd g10 -%patch2 -p0 -b .CVE-2006-6235 -popd # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) # Note: this is just the name of the default shared lib to load in scdaemon, # it can use other implementations too (including non-pcsc ones). -%if "%{?fedora}" > "3" +%if 0%{?fedora} > 3 || 0%{?rhel} > 4 %global pcsclib %(basename $(ls -1 %{_libdir}/libpcsclite.so.? 2>/dev/null ) 2>/dev/null ) %else %define pcsclib libpcsclite.so.0 @@ -181,12 +177,15 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Feb 02 2007 Rex Dieter 2.0.2-1 +- gnupg-2.0.2 + * Wed Dec 06 2006 Rex Dieter 2.0.1-2 -- CVE-2006-6235 +- CVE-2006-6235 (#219934) * Wed Nov 29 2006 Rex Dieter 2.0.1-1 - gnupg-2.0.1 -- CVE-2006-6169 (bug #217950) +- CVE-2006-6169 (#217950) * Sat Nov 25 2006 Rex Dieter 2.0.1-0.3.rc1 - gnupg-2.0.1rc1 diff --git a/sources b/sources index 508d242..d4515ca 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -eb24e258db73f4cb53a3ce18375efa21 gnupg-2.0.1.tar.bz2 -58b1bbc2f34c0882ab1a49542a8ffd45 gnupg-2.0.1.tar.bz2.sig +a2bde7013f6fa047e617088bbdc29d7b gnupg-2.0.2.tar.bz2.sig +9f972c78135a7dea1bae66bb9f263980 gnupg-2.0.2.tar.bz2