Add a workaround patch to avoid protocol attack (but will not be

effective in the real world). References: http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000190.html (broken mailman archive) http://www.pgp.com/library/ctocorner/openpgp.html http://eprint.iacr.org/2005/033 Reported by: dougb
author: kuriyama <kuriyama@FreeBSD.org> 2005-02-12 17:29:35 +0800
committer: kuriyama <kuriyama@FreeBSD.org> 2005-02-12 17:29:35 +0800
commit: 72b8ecb2a099294b74bb595e4d42acd5cfbcb55a (patch)
tree: b1caafdc36535cec58fbf76c5b9e88167fcaac22 /security
parent: 03765098c54857d1ba235dcd7e4573b9bbdde0b4 (diff)
download: freebsd-ports-gnome-72b8ecb2a099294b74bb595e4d42acd5cfbcb55a.tar.gz
freebsd-ports-gnome-72b8ecb2a099294b74bb595e4d42acd5cfbcb55a.tar.zst
freebsd-ports-gnome-72b8ecb2a099294b74bb595e4d42acd5cfbcb55a.zip
4 files changed, 98 insertions, 2 deletions
diff --git a/security/gnupg/Makefile b/security/gnupg/Makefile
index ae9060298c5a..1d15b2da2af8 100644
--- a/security/gnupg/Makefile
+++ b/security/gnupg/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	gnupg
 PORTVERSION=	1.4.0
-PORTREVISION?=	0
+PORTREVISION?=	1
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GNUPG}
 MASTER_SITE_SUBDIR=	gnupg
diff --git a/security/gnupg/files/patch-cfb b/security/gnupg/files/patch-cfb
new file mode 100644
index 000000000000..5355e5d71569
--- /dev/null
+++ b/security/gnupg/files/patch-cfb
@@ -0,0 +1,48 @@
+Index: include/cipher.h
+===================================================================
+RCS file: /cvs/gnupg/gnupg/include/cipher.h,v
+retrieving revision 1.63
+diff -u -r1.63 cipher.h
+--- include/cipher.h	29 Nov 2004 21:14:18 -0000	1.63
++++ include/cipher.h	8 Feb 2005 04:10:29 -0000
+@@ -75,6 +75,7 @@
+     int keylen;
+     int algo_info_printed;
+     int use_mdc;
++    int symmetric;
+     byte key[32]; /* this is the largest used keylen (256 bit) */
+ } DEK;
+
+Index: g10/mainproc.c
+===================================================================
+RCS file: /cvs/gnupg/gnupg/g10/mainproc.c,v
+retrieving revision 1.161
+diff -u -r1.161 mainproc.c
+--- g10/mainproc.c	21 Oct 2004 19:18:47 -0000	1.161
++++ g10/mainproc.c	8 Feb 2005 04:10:30 -0000
+@@ -330,6 +330,8 @@
+
+ 	    if(c->dek)
+ 	      {
++		c->dek->symmetric=1;
++
+ 		/* FIXME: This doesn't work perfectly if a symmetric
+ 		   key comes before a public key in the message - if
+ 		   the user doesn't know the passphrase, then there is
+Index: g10/encr-data.c
+===================================================================
+RCS file: /cvs/gnupg/gnupg/g10/encr-data.c,v
+retrieving revision 1.30
+diff -u -r1.30 encr-data.c
+--- g10/encr-data.c	8 Oct 2004 21:54:26 -0000	1.30
++++ g10/encr-data.c	8 Feb 2005 04:10:30 -0000
+@@ -125,7 +125,7 @@
+     cipher_sync( dfx.cipher_hd );
+     p = temp;
+ /* log_hexdump( "prefix", temp, nprefix+2 ); */
+-    if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
++    if( dek->symmetric && (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) ) {
+ 	rc = G10ERR_BAD_KEY;
+ 	goto leave;
+     }
+
diff --git a/security/gnupg1/Makefile b/security/gnupg1/Makefile
index ae9060298c5a..1d15b2da2af8 100644
--- a/security/gnupg1/Makefile
+++ b/security/gnupg1/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	gnupg
 PORTVERSION=	1.4.0
-PORTREVISION?=	0
+PORTREVISION?=	1
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GNUPG}
 MASTER_SITE_SUBDIR=	gnupg
diff --git a/security/gnupg1/files/patch-cfb b/security/gnupg1/files/patch-cfb
new file mode 100644
index 000000000000..5355e5d71569
--- /dev/null
+++ b/security/gnupg1/files/patch-cfb
@@ -0,0 +1,48 @@
+Index: include/cipher.h
+===================================================================
+RCS file: /cvs/gnupg/gnupg/include/cipher.h,v
+retrieving revision 1.63
+diff -u -r1.63 cipher.h
+--- include/cipher.h	29 Nov 2004 21:14:18 -0000	1.63
++++ include/cipher.h	8 Feb 2005 04:10:29 -0000
+@@ -75,6 +75,7 @@
+     int keylen;
+     int algo_info_printed;
+     int use_mdc;
++    int symmetric;
+     byte key[32]; /* this is the largest used keylen (256 bit) */
+ } DEK;
+
+Index: g10/mainproc.c
+===================================================================
+RCS file: /cvs/gnupg/gnupg/g10/mainproc.c,v
+retrieving revision 1.161
+diff -u -r1.161 mainproc.c
+--- g10/mainproc.c	21 Oct 2004 19:18:47 -0000	1.161
++++ g10/mainproc.c	8 Feb 2005 04:10:30 -0000
+@@ -330,6 +330,8 @@
+
+ 	    if(c->dek)
+ 	      {
++		c->dek->symmetric=1;
++
+ 		/* FIXME: This doesn't work perfectly if a symmetric
+ 		   key comes before a public key in the message - if
+ 		   the user doesn't know the passphrase, then there is
+Index: g10/encr-data.c
+===================================================================
+RCS file: /cvs/gnupg/gnupg/g10/encr-data.c,v
+retrieving revision 1.30
+diff -u -r1.30 encr-data.c
+--- g10/encr-data.c	8 Oct 2004 21:54:26 -0000	1.30
++++ g10/encr-data.c	8 Feb 2005 04:10:30 -0000
+@@ -125,7 +125,7 @@
+     cipher_sync( dfx.cipher_hd );
+     p = temp;
+ /* log_hexdump( "prefix", temp, nprefix+2 ); */
+-    if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
++    if( dek->symmetric && (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) ) {
+ 	rc = G10ERR_BAD_KEY;
+ 	goto leave;
+     }
+
author	kuriyama <kuriyama@FreeBSD.org>	2005-02-12 17:29:35 +0800
committer	kuriyama <kuriyama@FreeBSD.org>	2005-02-12 17:29:35 +0800
commit	72b8ecb2a099294b74bb595e4d42acd5cfbcb55a (patch)
tree	b1caafdc36535cec58fbf76c5b9e88167fcaac22 /security
parent	03765098c54857d1ba235dcd7e4573b9bbdde0b4 (diff)
download	freebsd-ports-gnome-72b8ecb2a099294b74bb595e4d42acd5cfbcb55a.tar.gz freebsd-ports-gnome-72b8ecb2a099294b74bb595e4d42acd5cfbcb55a.tar.zst freebsd-ports-gnome-72b8ecb2a099294b74bb595e4d42acd5cfbcb55a.zip