diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2016-08-17 14:31:25 -0500 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2016-08-22 16:43:26 +0000 |
commit | 60f9d69e016b11c468c98ea75ba0a60c44afbbc4 (patch) | |
tree | ecb49581a9e41a37943c22cd9ef3f63451b20ee7 /import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch | |
parent | e18c61205e0234b03697129c20cc69c9b3940efc (diff) | |
download | blackbird-openbmc-60f9d69e016b11c468c98ea75ba0a60c44afbbc4.tar.gz blackbird-openbmc-60f9d69e016b11c468c98ea75ba0a60c44afbbc4.zip |
yocto-poky: Move to import-layers subdir
We are going to import additional layers, so create a subdir to
hold all of the layers that we import with git-subtree.
Change-Id: I6f732153a22be8ca663035c518837e3cc5ec0799
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch')
-rw-r--r-- | import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch new file mode 100644 index 000000000..362717636 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch @@ -0,0 +1,64 @@ +commit f0b33b6fb8e0586e9584a7a409dcc31263776a67 +Author: Werner Koch <wk@gnupg.org> +Date: Thu Dec 20 09:43:41 2012 +0100 + + gpg: Import only packets which are allowed in a keyblock. + + * g10/import.c (valid_keyblock_packet): New. + (read_block): Store only valid packets. + -- + + A corrupted key, which for example included a mangled public key + encrypted packet, used to corrupt the keyring. This change skips all + packets which are not allowed in a keyblock. + + GnuPG-bug-id: 1455 + + (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) + +Upstream-Status: Backport +CVE: CVE-2012-6085 + +Signed-off-by: Saul Wold <sgw@linux.intel.com> + +diff --git a/g10/import.c b/g10/import.c +index bfe02eb..a57b32e 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -384,6 +384,27 @@ import_print_stats (void *hd) + } + + ++/* Return true if PKTTYPE is valid in a keyblock. */ ++static int ++valid_keyblock_packet (int pkttype) ++{ ++ switch (pkttype) ++ { ++ case PKT_PUBLIC_KEY: ++ case PKT_PUBLIC_SUBKEY: ++ case PKT_SECRET_KEY: ++ case PKT_SECRET_SUBKEY: ++ case PKT_SIGNATURE: ++ case PKT_USER_ID: ++ case PKT_ATTRIBUTE: ++ case PKT_RING_TRUST: ++ return 1; ++ default: ++ return 0; ++ } ++} ++ ++ + /**************** + * Read the next keyblock from stream A. + * PENDING_PKT should be initialzed to NULL +@@ -461,7 +482,7 @@ read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ) + } + in_cert = 1; + default: +- if( in_cert ) { ++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) { + if( !root ) + root = new_kbnode( pkt ); + else |