Patch for "Multiple Messages Problem in GnuPG and GPGME"

Security: http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
svn path=/head/; revision=186682
2007-03-06 18:14:43 +00:00 · 2007-03-06 18:14:43 +00:00 · c0457e3055 · 2021-03-31 03:12:20 +00:00
commit c0457e3055
parent 3ff447d02d
2 changed files with 66 additions and 1 deletions
--- a/security/gpgme/Makefile
+++ b/security/gpgme/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	gpgme
 PORTVERSION=	1.1.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GNUPG}
 MASTER_SITE_SUBDIR=	gpgme
--- a/security/gpgme/files/patch-gpgme-1.1.3-multiple-message.patch
+++ b/security/gpgme/files/patch-gpgme-1.1.3-multiple-message.patch
@ -0,0 +1,65 @@
+Index: gpgme/verify.c
+===================================================================
+--- gpgme/verify.c	(revision 1208)
+++ gpgme/verify.c	(working copy)
+@@ -40,6 +40,7 @@
+   gpgme_signature_t current_sig;
+   int did_prepare_new_sig;
+   int only_newsig_seen;
+  int plaintext_seen;
+ } *op_data_t;
+ 
+ 
+@@ -549,8 +550,11 @@
+ }
+ 
+ 
+/* Parse an error status line and if SET_STATUS is true update the
+   result status as appropriate.  With SET_STATUS being false, only
+   check for an error.  */
+ static gpgme_error_t
+-parse_error (gpgme_signature_t sig, char *args)
+parse_error (gpgme_signature_t sig, char *args, int set_status)
+ {
+   gpgme_error_t err;
+   char *where = strchr (args, ' ');
+@@ -572,7 +576,16 @@
+ 
+   err = _gpgme_map_gnupg_error (which);
+ 
+-  if (!strcmp (where, "verify.findkey"))
+  if (!strcmp (where, "proc_pkt.plaintext")
+      && gpg_err_code (err) == GPG_ERR_BAD_DATA)
+    {
+      /* This indicates a double plaintext.  The only solid way to
+         handle this is by failing the oepration.  */
+      return gpg_error (GPG_ERR_BAD_DATA);
+    }
+  else if (!set_status)
+    ;
+  else if (!strcmp (where, "verify.findkey"))
+     sig->status = err;
+   else if (!strcmp (where, "verify.keyusage")
+ 	   && gpg_err_code (err) == GPG_ERR_WRONG_KEY_USAGE)
+@@ -670,9 +683,9 @@
+ 
+     case GPGME_STATUS_ERROR:
+       opd->only_newsig_seen = 0;
+-      /* The error status is informational, so we don't return an
+-         error code if we are not ready to process this status. */
+-      return sig ? parse_error (sig, args) : 0;
+      /* Some  error stati are informational, so we don't return an
+         error code if we are not ready to process this status.  */
+      return parse_error (sig, args, !!sig );
+ 
+     case GPGME_STATUS_EOF:
+       if (sig && !opd->did_prepare_new_sig)
+@@ -703,6 +716,8 @@
+       break;
+ 
+     case GPGME_STATUS_PLAINTEXT:
+      if (++opd->plaintext_seen > 1)
+        return gpg_error (GPG_ERR_BAD_DATA);
+       err = _gpgme_parse_plaintext (args, &opd->result.file_name);
+       if (err)
+ 	return err;