[Pkg-gnupg-commit] [gnupg] 01/01: import fix for unknown subkey types to jessie

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Oct 27 21:18:34 UTC 2015 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch jessie
in repository gnupg.

commit eb0a483d83d15f4dc053065a44373aba56c7f3cb
Author: Jonathan McDowell <noodles at earth.li>
Date:   Mon Aug 17 18:36:31 2015 +0200

    import fix for unknown subkey types to jessie
---
 debian/changelog                                   |  7 ++
 ...10-fix-cmp_public_key-and-cmp_secret_keys.patch | 94 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 102 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 4488965..0972f28 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+gnupg (1.4.18-7+deb8u1) stable; urgency=medium
+
+  [ Jonathan McDowell ]
+  * Import upstream bugfix for handling unknown subkey types (Closes: #787046)
+
+ -- Daniel Kahn Gillmor <dkg at fifthhorseman.net>  Tue, 27 Oct 2015 15:39:42 -0400
+
 gnupg (1.4.18-7) unstable; urgency=medium
 
   * import a series of DoS and vulnerabilities from upstream, including
diff --git a/debian/patches/0045-g10-fix-cmp_public_key-and-cmp_secret_keys.patch b/debian/patches/0045-g10-fix-cmp_public_key-and-cmp_secret_keys.patch
new file mode 100644
index 0000000..9fac4e5
--- /dev/null
+++ b/debian/patches/0045-g10-fix-cmp_public_key-and-cmp_secret_keys.patch
@@ -0,0 +1,94 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Thu, 30 Apr 2015 17:20:08 +0900
+Subject: g10: fix cmp_public_key and cmp_secret_keys.
+
+* g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque
+data at the first entry of the array when it's unknown algo.
+* mpi/mpi-cmp.c (mpi_cmp): Backport libgcrypt 1.5.0's semantics.
+
+--
+
+(backported from 2.0 commit 43429c7869152f301157e4b24790b3801dce0f0a)
+
+GnuPG-bug-id: 1962
+---
+ g10/free-packet.c | 22 ++++++++++++++--------
+ mpi/mpi-cmp.c     | 16 ++++++++++++++++
+ 2 files changed, 30 insertions(+), 8 deletions(-)
+
+diff --git a/g10/free-packet.c b/g10/free-packet.c
+index 0f8e0e8..e772c08 100644
+--- a/g10/free-packet.c
++++ b/g10/free-packet.c
+@@ -452,11 +452,14 @@ cmp_public_keys( PKT_public_key *a, PKT_public_key *b )
+ 	return -1;
+ 
+     n = pubkey_get_npkey( b->pubkey_algo );
+-    if( !n )
+-	return -1; /* can't compare due to unknown algorithm */
+-    for(i=0; i < n; i++ ) {
+-	if( mpi_cmp( a->pkey[i], b->pkey[i] ) )
++    if( !n ) { /* unknown algorithm, rest is in opaque MPI */
++	if( mpi_cmp( a->pkey[0], b->pkey[0] ) )
+ 	    return -1;
++    } else {
++	for(i=0; i < n; i++ ) {
++	    if( mpi_cmp( a->pkey[i], b->pkey[i] ) )
++		return -1;
++	}
+     }
+ 
+     return 0;
+@@ -479,11 +482,14 @@ cmp_secret_keys( PKT_secret_key *a, PKT_secret_key *b )
+ 	return -1;
+ 
+     n = pubkey_get_npkey( b->pubkey_algo );
+-    if( !n )
+-	return -1; /* can't compare due to unknown algorithm */
+-    for(i=0; i < n; i++ ) {
+-	if( mpi_cmp( a->skey[i], b->skey[i] ) )
++    if( !n ) { /* unknown algorithm, rest is in opaque MPI */
++	if( mpi_cmp( a->skey[0], b->skey[0] ) )
+ 	    return -1;
++    } else {
++	for(i=0; i < n; i++ ) {
++	    if( mpi_cmp( a->skey[i], b->skey[i] ) )
++		return -1;
++	}
+     }
+ 
+     return 0;
+diff --git a/mpi/mpi-cmp.c b/mpi/mpi-cmp.c
+index e119fad..3c1322a 100644
+--- a/mpi/mpi-cmp.c
++++ b/mpi/mpi-cmp.c
+@@ -20,6 +20,7 @@
+ #include <config.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <string.h>
+ #include "mpi-internal.h"
+ 
+ int
+@@ -49,6 +50,21 @@ mpi_cmp( MPI u, MPI v )
+     mpi_size_t usize, vsize;
+     int cmp;
+ 
++    if (mpi_is_opaque (u) || mpi_is_opaque (v))
++      {
++	if (mpi_is_opaque (u) && !mpi_is_opaque (v))
++	  return -1;
++	if (!mpi_is_opaque (u) && mpi_is_opaque (v))
++	  return 1;
++	if (!u->nbits && !v->nbits)
++	  return 0; /* Empty buffers are identical.  */
++	if (u->nbits < v->nbits)
++	  return -1;
++	if (u->nbits > v->nbits)
++	  return 1;
++	return memcmp (u->d, v->d, u->nbits);
++      }
++
+     mpi_normalize( u );
+     mpi_normalize( v );
+     usize = u->nlimbs;
diff --git a/debian/patches/series b/debian/patches/series
index 5f450c0..5fb7468 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -37,3 +37,4 @@ sync-docs-with-upstream.patch
 0042-Protect-against-NULL-return-of-mpi_get_opaque.patch
 0043-doc-Add-warning-note-about-not-acting-as-an-oracle-t.patch
 0044-mpi-Avoid-data-dependent-timing-variations-in-mpi_po.patch
+0045-g10-fix-cmp_public_key-and-cmp_secret_keys.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg.git

More information about the Pkg-gnupg-commit mailing list