| 1 |
alonbl 13/10/04 22:24:41 |
| 2 |
|
| 3 |
Added: gnupg-2.0.21-CVE-2013-4351.patch |
| 4 |
Log: |
| 5 |
Fix CVE-2013-4351, bug#484836 |
| 6 |
|
| 7 |
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key BF20DC51) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/files/gnupg-2.0.21-CVE-2013-4351.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: gnupg-2.0.21-CVE-2013-4351.patch |
| 16 |
=================================================================== |
| 17 |
From 4bde12206c5bf199dc6e12a74af8da4558ba41bf Mon Sep 17 00:00:00 2001 |
| 18 |
From: Werner Koch <wk@×××××.org> |
| 19 |
Date: Fri, 15 Mar 2013 15:46:03 +0100 |
| 20 |
Subject: [PATCH] gpg: Distinguish between missing and cleared key flags. |
| 21 |
|
| 22 |
* include/cipher.h (PUBKEY_USAGE_NONE): New. |
| 23 |
* g10/getkey.c (parse_key_usage): Set new flag. |
| 24 |
-- |
| 25 |
|
| 26 |
We do not want to use the default capabilities (derived from the |
| 27 |
algorithm) if any key flags are given in a signature. Thus if key |
| 28 |
flags are used in any way, the default key capabilities are never |
| 29 |
used. |
| 30 |
|
| 31 |
This allows to create a key with key flags set to all zero so it can't |
| 32 |
be used. This better reflects common sense. |
| 33 |
--- |
| 34 |
g10/getkey.c | 8 +++++++- |
| 35 |
include/cipher.h | 7 ++++++- |
| 36 |
2 files changed, 13 insertions(+), 2 deletions(-) |
| 37 |
|
| 38 |
diff --git a/g10/getkey.c b/g10/getkey.c |
| 39 |
index 9294273..8cc5601 100644 |
| 40 |
--- a/g10/getkey.c |
| 41 |
+++ b/g10/getkey.c |
| 42 |
@@ -1276,13 +1276,19 @@ parse_key_usage (PKT_signature * sig) |
| 43 |
|
| 44 |
if (flags) |
| 45 |
key_usage |= PUBKEY_USAGE_UNKNOWN; |
| 46 |
+ |
| 47 |
+ if (!key_usage) |
| 48 |
+ key_usage |= PUBKEY_USAGE_NONE; |
| 49 |
} |
| 50 |
+ else if (p) /* Key flags of length zero. */ |
| 51 |
+ key_usage |= PUBKEY_USAGE_NONE; |
| 52 |
|
| 53 |
/* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a |
| 54 |
capability that we do not handle. This serves to distinguish |
| 55 |
between a zero key usage which we handle as the default |
| 56 |
capabilities for that algorithm, and a usage that we do not |
| 57 |
- handle. */ |
| 58 |
+ handle. Likewise we use PUBKEY_USAGE_NONE to indicate that |
| 59 |
+ key_flags have been given but they do not specify any usage. */ |
| 60 |
|
| 61 |
return key_usage; |
| 62 |
} |
| 63 |
diff --git a/include/cipher.h b/include/cipher.h |
| 64 |
index 191e197..557ab70 100644 |
| 65 |
--- a/include/cipher.h |
| 66 |
+++ b/include/cipher.h |
| 67 |
@@ -54,9 +54,14 @@ |
| 68 |
|
| 69 |
#define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */ |
| 70 |
#define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */ |
| 71 |
-#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys. */ |
| 72 |
+#define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys.*/ |
| 73 |
#define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */ |
| 74 |
#define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */ |
| 75 |
+#define PUBKEY_USAGE_NONE 256 /* No usage given. */ |
| 76 |
+#if (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \ |
| 77 |
+ | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256 |
| 78 |
+# error Please choose another value for PUBKEY_USAGE_NONE |
| 79 |
+#endif |
| 80 |
|
| 81 |
#define DIGEST_ALGO_MD5 /* 1 */ GCRY_MD_MD5 |
| 82 |
#define DIGEST_ALGO_SHA1 /* 2 */ GCRY_MD_SHA1 |
| 83 |
-- |
| 84 |
1.7.2.5 |
Archives