[Midnightbsd-cvs] mports: security/gnupg:
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Wed Nov 14 15:10:26 EST 2007
Log Message:
-----------
Modified Files:
--------------
mports/security/gnupg:
Makefile (r1.3 -> r1.4)
distinfo (r1.3 -> r1.4)
pkg-install (r1.1 -> r1.2)
pkg-message (r1.2 -> r1.3)
pkg-plist (r1.2 -> r1.3)
Removed Files:
-------------
mports/security/gnupg/files:
patch-CVE-2006-6235
patch-tools:Makefile.in
-------------- next part --------------
Index: pkg-message
===================================================================
RCS file: /home/cvs/mports/security/gnupg/pkg-message,v
retrieving revision 1.2
retrieving revision 1.3
diff -L security/gnupg/pkg-message -L security/gnupg/pkg-message -u -r1.2 -r1.3
--- security/gnupg/pkg-message
+++ security/gnupg/pkg-message
@@ -1,9 +1,3 @@
-
-
-
-###############################################################################
- A T T E N T I O N
-
In order to use gpg-agent, you need to install a pinentry dialog.
The following ports of pinentry dialogs are available:
@@ -13,7 +7,3 @@
security/pinentry-gtk2 (GTK 2.x based dialog)
security/pinentry-qt (QT based dialog)
-###############################################################################
-
-
-
Index: pkg-install
===================================================================
RCS file: /home/cvs/mports/security/gnupg/pkg-install,v
retrieving revision 1.1
retrieving revision 1.2
diff -L security/gnupg/pkg-install -L security/gnupg/pkg-install -u -r1.1 -r1.2
--- security/gnupg/pkg-install
+++ security/gnupg/pkg-install
@@ -1,5 +1,6 @@
#!/bin/sh
#
+# $MidnightBSD$
# $FreeBSD: ports/security/gnupg/pkg-install,v 1.1 2006/12/21 13:31:54 kuriyama Exp $
#
Index: pkg-plist
===================================================================
RCS file: /home/cvs/mports/security/gnupg/pkg-plist,v
retrieving revision 1.2
retrieving revision 1.3
diff -L security/gnupg/pkg-plist -L security/gnupg/pkg-plist -u -r1.2 -r1.3
--- security/gnupg/pkg-plist
+++ security/gnupg/pkg-plist
@@ -18,6 +18,7 @@
libexec/gpg2keys_hkp
%%LDAP%%libexec/gpg2keys_ldap
sbin/addgnupghome
+sbin/applygnupgdefaults
share/gnupg/FAQ
share/gnupg/com-certs.pem
share/gnupg/faq.html
Index: Makefile
===================================================================
RCS file: /home/cvs/mports/security/gnupg/Makefile,v
retrieving revision 1.3
retrieving revision 1.4
diff -L security/gnupg/Makefile -L security/gnupg/Makefile -u -r1.3 -r1.4
--- security/gnupg/Makefile
+++ security/gnupg/Makefile
@@ -7,8 +7,7 @@
#
PORTNAME= gnupg
-PORTVERSION= 2.0.1
-PORTREVISION= 1
+PORTVERSION= 2.0.4
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GNUPG}
MASTER_SITE_SUBDIR= gnupg
@@ -17,6 +16,7 @@
MAINTAINER= ports at MidnightBSD.org
COMMENT= The GNU Privacy Guard
+LICENSE= gpl2
BUILD_DEPENDS= libassuan>=1.0.1:${PORTSDIR}/security/libassuan
LIB_DEPENDS= gcrypt.13:${PORTSDIR}/security/libgcrypt \
@@ -24,7 +24,7 @@
ksba.17:${PORTSDIR}/security/libksba \
pth.20:${PORTSDIR}/devel/pth
-CONFLICTS= gnupg-devel-[0-9]*
+CONFLICTS= gnupg-devel-[0-9]* gnupg1-[0-9]*
USE_BZIP2= YES
USE_GMAKE= YES
@@ -38,7 +38,7 @@
MAN1= gpg2.1 gpgsm.1 gpgv2.1 gpg-agent.1 scdaemon.1 watchgnupg.1 \
gpgconf.1 gpg-preset-passphrase.1 gpg-connect-agent.1 \
gpgparsemail.1 symcryptrun.1 gpgsm-gencert.sh.1
-MAN8= addgnupghome.8
+MAN8= addgnupghome.8 applygnupgdefaults.8
INFO= gnupg
OPTIONS= LDAP "LDAP keyserver interface" off \
@@ -100,6 +100,5 @@
post-install:
PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
- @${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>
Index: distinfo
===================================================================
RCS file: /home/cvs/mports/security/gnupg/distinfo,v
retrieving revision 1.3
retrieving revision 1.4
diff -L security/gnupg/distinfo -L security/gnupg/distinfo -u -r1.3 -r1.4
--- security/gnupg/distinfo
+++ security/gnupg/distinfo
@@ -1,6 +1,6 @@
-MD5 (gnupg-2.0.1.tar.bz2) = eb24e258db73f4cb53a3ce18375efa21
-SHA256 (gnupg-2.0.1.tar.bz2) = 49949762a4e080379dcca23948442d50488f0d74e04bcba87fc49e19a899b01d
-SIZE (gnupg-2.0.1.tar.bz2) = 3923924
-MD5 (gnupg-2.0.1.tar.bz2.sig) = 58b1bbc2f34c0882ab1a49542a8ffd45
-SHA256 (gnupg-2.0.1.tar.bz2.sig) = 2e49d6cfcb9ad12bc10e7185435761622c2da12b850c6c31925da3b4c8100628
-SIZE (gnupg-2.0.1.tar.bz2.sig) = 158
+MD5 (gnupg-2.0.4.tar.bz2) = e16efce067ba132f933792a3ec7f180e
+SHA256 (gnupg-2.0.4.tar.bz2) = 3872d7280e5a12a947509c73b70c3024521c29ff4427c8fb4caa17dde2f4248c
+SIZE (gnupg-2.0.4.tar.bz2) = 3575021
+MD5 (gnupg-2.0.4.tar.bz2.sig) = 5c92699afb465541b510d989617c9aa9
+SHA256 (gnupg-2.0.4.tar.bz2.sig) = 0ceb6be2036f2699643b4c2e7e7ba165b1bfd362f3fd362e5252d7cb90b6dc9d
+SIZE (gnupg-2.0.4.tar.bz2.sig) = 158
--- security/gnupg/files/patch-CVE-2006-6235
+++ /dev/null
@@ -1,260 +0,0 @@
-This is a patch against GnuPG 2.0.1. Change the directory to g10/ and
-apply this patch.
-
-2006-12-02 Werner Koch <wk at g10code.com>
-
- * encr-data.c: Allocate DFX context on the heap and not on the
- stack. Changes at several places. Fixes CVE-2006-6235.
-
-
-Index: g10/encr-data.c
-===================================================================
---- g10/encr-data.c (revision 4352)
-+++ g10/encr-data.c (working copy)
-@@ -39,16 +39,37 @@
- static int decode_filter ( void *opaque, int control, IOBUF a,
- byte *buf, size_t *ret_len);
-
--typedef struct
-+typedef struct decode_filter_context_s
- {
- gcry_cipher_hd_t cipher_hd;
- gcry_md_hd_t mdc_hash;
- char defer[22];
- int defer_filled;
- int eof_seen;
--} decode_filter_ctx_t;
-+ int refcount;
-+} *decode_filter_ctx_t;
-
-
-+/* Helper to release the decode context. */
-+static void
-+release_dfx_context (decode_filter_ctx_t dfx)
-+{
-+ if (!dfx)
-+ return;
-+
-+ assert (dfx->refcount);
-+ if ( !--dfx->refcount )
-+ {
-+ gcry_cipher_close (dfx->cipher_hd);
-+ dfx->cipher_hd = NULL;
-+ gcry_md_close (dfx->mdc_hash);
-+ dfx->mdc_hash = NULL;
-+ xfree (dfx);
-+ }
-+}
-+
-+
-+
- /****************
- * Decrypt the data, specified by ED with the key DEK.
- */
-@@ -62,7 +83,11 @@
- unsigned blocksize;
- unsigned nprefix;
-
-- memset( &dfx, 0, sizeof dfx );
-+ dfx = xtrycalloc (1, sizeof *dfx);
-+ if (!dfx)
-+ return gpg_error_from_syserror ();
-+ dfx->refcount = 1;
-+
- if ( opt.verbose && !dek->algo_info_printed )
- {
- const char *s = gcry_cipher_algo_name (dek->algo);
-@@ -77,20 +102,20 @@
- goto leave;
- blocksize = gcry_cipher_get_algo_blklen (dek->algo);
- if ( !blocksize || blocksize > 16 )
-- log_fatal("unsupported blocksize %u\n", blocksize );
-+ log_fatal ("unsupported blocksize %u\n", blocksize );
- nprefix = blocksize;
- if ( ed->len && ed->len < (nprefix+2) )
- BUG();
-
- if ( ed->mdc_method )
- {
-- if (gcry_md_open (&dfx.mdc_hash, ed->mdc_method, 0 ))
-+ if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 ))
- BUG ();
- if ( DBG_HASHING )
-- gcry_md_start_debug (dfx.mdc_hash, "checkmdc");
-+ gcry_md_start_debug (dfx->mdc_hash, "checkmdc");
- }
-
-- rc = gcry_cipher_open (&dfx.cipher_hd, dek->algo,
-+ rc = gcry_cipher_open (&dfx->cipher_hd, dek->algo,
- GCRY_CIPHER_MODE_CFB,
- (GCRY_CIPHER_SECURE
- | ((ed->mdc_method || dek->algo >= 100)?
-@@ -104,7 +129,7 @@
-
-
- /* log_hexdump( "thekey", dek->key, dek->keylen );*/
-- rc = gcry_cipher_setkey (dfx.cipher_hd, dek->key, dek->keylen);
-+ rc = gcry_cipher_setkey (dfx->cipher_hd, dek->key, dek->keylen);
- if ( gpg_err_code (rc) == GPG_ERR_WEAK_KEY )
- {
- log_info(_("WARNING: message was encrypted with"
-@@ -123,7 +148,7 @@
- goto leave;
- }
-
-- gcry_cipher_setiv (dfx.cipher_hd, NULL, 0);
-+ gcry_cipher_setiv (dfx->cipher_hd, NULL, 0);
-
- if ( ed->len )
- {
-@@ -144,8 +169,8 @@
- temp[i] = c;
- }
-
-- gcry_cipher_decrypt (dfx.cipher_hd, temp, nprefix+2, NULL, 0);
-- gcry_cipher_sync (dfx.cipher_hd);
-+ gcry_cipher_decrypt (dfx->cipher_hd, temp, nprefix+2, NULL, 0);
-+ gcry_cipher_sync (dfx->cipher_hd);
- p = temp;
- /* log_hexdump( "prefix", temp, nprefix+2 ); */
- if (dek->symmetric
-@@ -155,17 +180,18 @@
- goto leave;
- }
-
-- if ( dfx.mdc_hash )
-- gcry_md_write (dfx.mdc_hash, temp, nprefix+2);
--
-+ if ( dfx->mdc_hash )
-+ gcry_md_write (dfx->mdc_hash, temp, nprefix+2);
-+
-+ dfx->refcount++;
- if ( ed->mdc_method )
-- iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx );
-+ iobuf_push_filter ( ed->buf, mdc_decode_filter, dfx );
- else
-- iobuf_push_filter( ed->buf, decode_filter, &dfx );
-+ iobuf_push_filter ( ed->buf, decode_filter, dfx );
-
- proc_packets ( procctx, ed->buf );
- ed->buf = NULL;
-- if ( ed->mdc_method && dfx.eof_seen == 2 )
-+ if ( ed->mdc_method && dfx->eof_seen == 2 )
- rc = gpg_error (GPG_ERR_INV_PACKET);
- else if ( ed->mdc_method )
- {
-@@ -184,26 +210,28 @@
- bytes are appended. */
- int datalen = gcry_md_get_algo_dlen (ed->mdc_method);
-
-- gcry_cipher_decrypt (dfx.cipher_hd, dfx.defer, 22, NULL, 0);
-- gcry_md_write (dfx.mdc_hash, dfx.defer, 2);
-- gcry_md_final (dfx.mdc_hash);
-+ assert (dfx->cipher_hd);
-+ assert (dfx->mdc_hash);
-+ gcry_cipher_decrypt (dfx->cipher_hd, dfx->defer, 22, NULL, 0);
-+ gcry_md_write (dfx->mdc_hash, dfx->defer, 2);
-+ gcry_md_final (dfx->mdc_hash);
-
-- if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' )
-+ if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' )
- {
- log_error("mdc_packet with invalid encoding\n");
- rc = gpg_error (GPG_ERR_INV_PACKET);
- }
- else if (datalen != 20
-- || memcmp (gcry_md_read (dfx.mdc_hash, 0),dfx.defer+2,datalen))
-+ || memcmp (gcry_md_read (dfx->mdc_hash, 0),
-+ dfx->defer+2,datalen ))
- rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
-- /* log_printhex("MDC message:", dfx.defer, 22); */
-- /* log_printhex("MDC calc:", gcry_md_read (dfx.mdc_hash,0), datalen); */
-+ /* log_printhex("MDC message:", dfx->defer, 22); */
-+ /* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */
- }
-
-
- leave:
-- gcry_cipher_close (dfx.cipher_hd);
-- gcry_md_close (dfx.mdc_hash);
-+ release_dfx_context (dfx);
- return rc;
- }
-
-@@ -214,7 +242,7 @@
- mdc_decode_filter (void *opaque, int control, IOBUF a,
- byte *buf, size_t *ret_len)
- {
-- decode_filter_ctx_t *dfx = opaque;
-+ decode_filter_ctx_t dfx = opaque;
- size_t n, size = *ret_len;
- int rc = 0;
- int c;
-@@ -226,11 +254,11 @@
- }
- else if( control == IOBUFCTRL_UNDERFLOW )
- {
-- assert(a);
-- assert( size > 44 );
-+ assert (a);
-+ assert ( size > 44 );
-
- /* Get at least 22 bytes and put it somewhere ahead in the buffer. */
-- for(n=22; n < 44 ; n++ )
-+ for (n=22; n < 44 ; n++ )
- {
- if( (c = iobuf_get(a)) == -1 )
- break;
-@@ -279,8 +307,10 @@
-
- if ( n )
- {
-- gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0);
-- gcry_md_write (dfx->mdc_hash, buf, n);
-+ if ( dfx->cipher_hd )
-+ gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0);
-+ if ( dfx->mdc_hash )
-+ gcry_md_write (dfx->mdc_hash, buf, n);
- }
- else
- {
-@@ -289,6 +319,10 @@
- }
- *ret_len = n;
- }
-+ else if ( control == IOBUFCTRL_FREE )
-+ {
-+ release_dfx_context (dfx);
-+ }
- else if ( control == IOBUFCTRL_DESC )
- {
- *(char**)buf = "mdc_decode_filter";
-@@ -300,7 +334,7 @@
- static int
- decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
- {
-- decode_filter_ctx_t *fc = opaque;
-+ decode_filter_ctx_t fc = opaque;
- size_t n, size = *ret_len;
- int rc = 0;
-
-@@ -311,11 +345,18 @@
- if ( n == -1 )
- n = 0;
- if ( n )
-- gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0);
-+ {
-+ if (fc->cipher_hd)
-+ gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0);
-+ }
- else
- rc = -1; /* EOF */
- *ret_len = n;
- }
-+ else if ( control == IOBUFCTRL_FREE )
-+ {
-+ release_dfx_context (fc);
-+ }
- else if ( control == IOBUFCTRL_DESC )
- {
- *(char**)buf = "decode_filter";
--- security/gnupg/files/patch-tools:Makefile.in
+++ /dev/null
@@ -1,11 +0,0 @@
---- tools/Makefile.in.orig Mon Dec 25 11:52:16 2006
-+++ tools/Makefile.in Mon Dec 25 11:53:00 2006
-@@ -453,7 +453,7 @@
- @BUILD_SYMCRYPTRUN_TRUE at symcryptrun = symcryptrun
- common_libs = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a
- pwquery_libs = ../common/libsimple-pwquery.a
--gpgsplit_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(ZLIBS)
-+gpgsplit_LDADD = $(common_libs) $(LIBINTL) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(ZLIBS)
- gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c
-
- # jnlib/common sucks in gpg-error, will they, nil they (some compilers
More information about the Midnightbsd-cvs
mailing list