diff options
| author |   Alon Bar-Lev <alonbl@gentoo.org> | 2013-10-07 19:19:58 +0000 |
|---|---|---|
| committer | Alon Bar-Lev <alonbl@gentoo.org> | 2013-10-07 19:19:58 +0000 |
| commit | a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0 (patch) | |
| tree | d0e244da8fff0cf6d863e911b7501da0b276554a /app-crypt/gnupg/files | |
| parent | Add pypy2_0 support for bug #474644 (diff) | |
| download | gentoo-2-a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0.tar.gz gentoo-2-a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0.tar.bz2 gentoo-2-a20eefd9b9e48ae165fbe33d11ab1a11f13d61a0.zip | |
Version bump, fix bug#487230
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key BF20DC51)
Diffstat (limited to 'app-crypt/gnupg/files')
| -rw-r--r-- | app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch b/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch deleted file mode 100644 index 13ef0b7cfcc5..000000000000 --- a/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 4bde12206c5bf199dc6e12a74af8da4558ba41bf Mon Sep 17 00:00:00 2001 -From: Werner Koch <wk@gnupg.org> -Date: Fri, 15 Mar 2013 15:46:03 +0100 -Subject: [PATCH] gpg: Distinguish between missing and cleared key flags. - -* include/cipher.h (PUBKEY_USAGE_NONE): New. -* g10/getkey.c (parse_key_usage): Set new flag. --- - -We do not want to use the default capabilities (derived from the -algorithm) if any key flags are given in a signature. Thus if key -flags are used in any way, the default key capabilities are never -used. - -This allows to create a key with key flags set to all zero so it can't -be used. This better reflects common sense. ---- - g10/getkey.c | 8 +++++++- - include/cipher.h | 7 ++++++- - 2 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/g10/getkey.c b/g10/getkey.c -index 9294273..8cc5601 100644 ---- a/g10/getkey.c -+++ b/g10/getkey.c -@@ -1276,13 +1276,19 @@ parse_key_usage (PKT_signature * sig) - - if (flags) - key_usage |= PUBKEY_USAGE_UNKNOWN; -+ -+ if (!key_usage) -+ key_usage |= PUBKEY_USAGE_NONE; - } -+ else if (p) /* Key flags of length zero. */ -+ key_usage |= PUBKEY_USAGE_NONE; - - /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a - capability that we do not handle. This serves to distinguish - between a zero key usage which we handle as the default - capabilities for that algorithm, and a usage that we do not -- handle. */ -+ handle. Likewise we use PUBKEY_USAGE_NONE to indicate that -+ key_flags have been given but they do not specify any usage. */ - - return key_usage; - } -diff --git a/include/cipher.h b/include/cipher.h -index 191e197..557ab70 100644 ---- a/include/cipher.h -+++ b/include/cipher.h -@@ -54,9 +54,14 @@ - - #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */ - #define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */ --#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys. */ -+#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys.*/ - #define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */ - #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */ -+#define PUBKEY_USAGE_NONE 256 /* No usage given. */ -+#if (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \ -+ | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256 -+# error Please choose another value for PUBKEY_USAGE_NONE -+#endif - - #define DIGEST_ALGO_MD5 /* 1 */ GCRY_MD_MD5 - #define DIGEST_ALGO_SHA1 /* 2 */ GCRY_MD_SHA1 --- -1.7.2.5 - |