Update to 2.0.20:

Noteworthy changes in version 2.0.20 (2013-05-10)
-------------------------------------------------

 * Decryption using smartcards keys > 3072 bit does now work.

 * New meta option ignore-invalid-option to allow using the same
   option file by other GnuPG versions.

 * gpg: The hash algorithm is now printed for sig records in key listings.

 * gpg: Skip invalid keyblock packets during import to avoid a DoS.

 * gpg: Correctly handle ports from DNS SRV records.

 * keyserver: Improve use of SRV records

 * gpg-agent: Avoid tty corruption when killing pinentry.

 * scdaemon: Improve detection of card insertion and removal.

 * scdaemon: Rename option --disable-keypad to --disable-pinpad.

 * scdaemon: Better support for CCID readers.  Now, the internal CCID
   driver supports readers without the auto configuration feature.

 * scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and
   it supports variable length PIN input, and you specify
   --enable-pinpad-varlen option.

 * scdaemon: New option --enable-pinpad-varlen.

 * scdaemon: Install into libexecdir to avoid accidental execution
   from the command line.

 * Support building using w64-mingw32.

 * Assorted bug fixes.
This commit is contained in:
wiz 2013-05-29 22:53:36 +00:00
parent 1ef6a99ba8
commit c523bf69e3
4 changed files with 8 additions and 52 deletions

View file

@ -1,8 +1,7 @@
# $NetBSD: Makefile,v 1.44 2013/02/06 23:23:37 jperkin Exp $
# $NetBSD: Makefile,v 1.45 2013/05/29 22:53:36 wiz Exp $
DISTNAME= gnupg-2.0.19
DISTNAME= gnupg-2.0.20
PKGNAME= ${DISTNAME:S/gnupg/gnupg2/}
PKGREVISION= 3
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/gnupg/
EXTRACT_SUFX= .tar.bz2

View file

@ -1,4 +1,4 @@
@comment $NetBSD: PLIST.gpgsm,v 1.12 2011/05/05 08:55:23 adam Exp $
@comment $NetBSD: PLIST.gpgsm,v 1.13 2013/05/29 22:53:36 wiz Exp $
bin/gpg-connect-agent
bin/gpg2
bin/gpgconf
@ -8,7 +8,6 @@ bin/gpgsm
bin/gpgsm-gencert.sh
bin/gpgv2
bin/kbxutil
bin/scdaemon
bin/watchgnupg
info/gnupg.info
info/gnupg.info-1
@ -18,6 +17,7 @@ libexec/gpg2keys_curl
libexec/gpg2keys_finger
libexec/gpg2keys_hkp
libexec/gpg2keys_ldap
libexec/scdaemon
man/man1/gpg-agent.1
man/man1/gpg-connect-agent.1
man/man1/gpg-preset-passphrase.1

View file

@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.26 2013/01/15 11:21:50 drochner Exp $
$NetBSD: distinfo,v 1.27 2013/05/29 22:53:36 wiz Exp $
SHA1 (gnupg-2.0.19.tar.bz2) = 190c09e6688f688fb0a5cf884d01e240d957ac1f
RMD160 (gnupg-2.0.19.tar.bz2) = 026b5c5fa2b21c3586f325f48ff1420c987b88a7
Size (gnupg-2.0.19.tar.bz2) = 4187460 bytes
SHA1 (gnupg-2.0.20.tar.bz2) = 7ddfefa37ee9da89a8aaa8f9059d251b4cd02562
RMD160 (gnupg-2.0.20.tar.bz2) = 5a506b29a5c42b8b4870f76c99a41eeaf45a0911
Size (gnupg-2.0.20.tar.bz2) = 4286191 bytes
SHA1 (patch-CVE-2012-6085) = cbc5ff88eaaebcff9c7bc7983b3d363eff4fcd8b
SHA1 (patch-ai) = 4445d30150518f71f996e3b368a81523daded2e2
SHA1 (patch-aj) = bfd21504e0d55f99df543912b1cdf2c573de2f98

View file

@ -1,43 +0,0 @@
$NetBSD: patch-CVE-2012-6085,v 1.1 2013/01/15 11:21:50 drochner Exp $
upstream rev. 498882296ffac7987c644aaf2a0aa108a2925471
--- g10/import.c.orig 2012-03-27 08:00:37.000000000 +0000
+++ g10/import.c
@@ -347,6 +347,27 @@ import_print_stats (void *hd)
}
+/* Return true if PKTTYPE is valid in a keyblock. */
+static int
+valid_keyblock_packet (int pkttype)
+{
+ switch (pkttype)
+ {
+ case PKT_PUBLIC_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_SECRET_KEY:
+ case PKT_SECRET_SUBKEY:
+ case PKT_SIGNATURE:
+ case PKT_USER_ID:
+ case PKT_ATTRIBUTE:
+ case PKT_RING_TRUST:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+
/****************
* Read the next keyblock from stream A.
* PENDING_PKT should be initialzed to NULL
@@ -424,7 +445,7 @@ read_block( IOBUF a, PACKET **pending_pk
}
in_cert = 1;
default:
- if( in_cert ) {
+ if (in_cert && valid_keyblock_packet (pkt->pkttype)) {
if( !root )
root = new_kbnode( pkt );
else