aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkuriyama <kuriyama@FreeBSD.org>2005-02-12 17:29:35 +0800
committerkuriyama <kuriyama@FreeBSD.org>2005-02-12 17:29:35 +0800
commit72b8ecb2a099294b74bb595e4d42acd5cfbcb55a (patch)
treeb1caafdc36535cec58fbf76c5b9e88167fcaac22
parent03765098c54857d1ba235dcd7e4573b9bbdde0b4 (diff)
downloadfreebsd-ports-graphics-72b8ecb2a099294b74bb595e4d42acd5cfbcb55a.tar.gz
freebsd-ports-graphics-72b8ecb2a099294b74bb595e4d42acd5cfbcb55a.tar.zst
freebsd-ports-graphics-72b8ecb2a099294b74bb595e4d42acd5cfbcb55a.zip
Add a workaround patch to avoid protocol attack (but will not be
effective in the real world). References: http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000190.html (broken mailman archive) http://www.pgp.com/library/ctocorner/openpgp.html http://eprint.iacr.org/2005/033 Reported by: dougb
-rw-r--r--security/gnupg/Makefile2
-rw-r--r--security/gnupg/files/patch-cfb48
-rw-r--r--security/gnupg1/Makefile2
-rw-r--r--security/gnupg1/files/patch-cfb48
4 files changed, 98 insertions, 2 deletions
diff --git a/security/gnupg/Makefile b/security/gnupg/Makefile
index ae9060298c5..1d15b2da2af 100644
--- a/security/gnupg/Makefile
+++ b/security/gnupg/Makefile
@@ -7,7 +7,7 @@
PORTNAME= gnupg
PORTVERSION= 1.4.0
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GNUPG}
MASTER_SITE_SUBDIR= gnupg
diff --git a/security/gnupg/files/patch-cfb b/security/gnupg/files/patch-cfb
new file mode 100644
index 00000000000..5355e5d7156
--- /dev/null
+++ b/security/gnupg/files/patch-cfb
@@ -0,0 +1,48 @@
+Index: include/cipher.h
+===================================================================
+RCS file: /cvs/gnupg/gnupg/include/cipher.h,v
+retrieving revision 1.63
+diff -u -r1.63 cipher.h
+--- include/cipher.h 29 Nov 2004 21:14:18 -0000 1.63
++++ include/cipher.h 8 Feb 2005 04:10:29 -0000
+@@ -75,6 +75,7 @@
+ int keylen;
+ int algo_info_printed;
+ int use_mdc;
++ int symmetric;
+ byte key[32]; /* this is the largest used keylen (256 bit) */
+ } DEK;
+
+Index: g10/mainproc.c
+===================================================================
+RCS file: /cvs/gnupg/gnupg/g10/mainproc.c,v
+retrieving revision 1.161
+diff -u -r1.161 mainproc.c
+--- g10/mainproc.c 21 Oct 2004 19:18:47 -0000 1.161
++++ g10/mainproc.c 8 Feb 2005 04:10:30 -0000
+@@ -330,6 +330,8 @@
+
+ if(c->dek)
+ {
++ c->dek->symmetric=1;
++
+ /* FIXME: This doesn't work perfectly if a symmetric
+ key comes before a public key in the message - if
+ the user doesn't know the passphrase, then there is
+Index: g10/encr-data.c
+===================================================================
+RCS file: /cvs/gnupg/gnupg/g10/encr-data.c,v
+retrieving revision 1.30
+diff -u -r1.30 encr-data.c
+--- g10/encr-data.c 8 Oct 2004 21:54:26 -0000 1.30
++++ g10/encr-data.c 8 Feb 2005 04:10:30 -0000
+@@ -125,7 +125,7 @@
+ cipher_sync( dfx.cipher_hd );
+ p = temp;
+ /* log_hexdump( "prefix", temp, nprefix+2 ); */
+- if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
++ if( dek->symmetric && (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) ) {
+ rc = G10ERR_BAD_KEY;
+ goto leave;
+ }
+
diff --git a/security/gnupg1/Makefile b/security/gnupg1/Makefile
index ae9060298c5..1d15b2da2af 100644
--- a/security/gnupg1/Makefile
+++ b/security/gnupg1/Makefile
@@ -7,7 +7,7 @@
PORTNAME= gnupg
PORTVERSION= 1.4.0
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GNUPG}
MASTER_SITE_SUBDIR= gnupg
diff --git a/security/gnupg1/files/patch-cfb b/security/gnupg1/files/patch-cfb
new file mode 100644
index 00000000000..5355e5d7156
--- /dev/null
+++ b/security/gnupg1/files/patch-cfb
@@ -0,0 +1,48 @@
+Index: include/cipher.h
+===================================================================
+RCS file: /cvs/gnupg/gnupg/include/cipher.h,v
+retrieving revision 1.63
+diff -u -r1.63 cipher.h
+--- include/cipher.h 29 Nov 2004 21:14:18 -0000 1.63
++++ include/cipher.h 8 Feb 2005 04:10:29 -0000
+@@ -75,6 +75,7 @@
+ int keylen;
+ int algo_info_printed;
+ int use_mdc;
++ int symmetric;
+ byte key[32]; /* this is the largest used keylen (256 bit) */
+ } DEK;
+
+Index: g10/mainproc.c
+===================================================================
+RCS file: /cvs/gnupg/gnupg/g10/mainproc.c,v
+retrieving revision 1.161
+diff -u -r1.161 mainproc.c
+--- g10/mainproc.c 21 Oct 2004 19:18:47 -0000 1.161
++++ g10/mainproc.c 8 Feb 2005 04:10:30 -0000
+@@ -330,6 +330,8 @@
+
+ if(c->dek)
+ {
++ c->dek->symmetric=1;
++
+ /* FIXME: This doesn't work perfectly if a symmetric
+ key comes before a public key in the message - if
+ the user doesn't know the passphrase, then there is
+Index: g10/encr-data.c
+===================================================================
+RCS file: /cvs/gnupg/gnupg/g10/encr-data.c,v
+retrieving revision 1.30
+diff -u -r1.30 encr-data.c
+--- g10/encr-data.c 8 Oct 2004 21:54:26 -0000 1.30
++++ g10/encr-data.c 8 Feb 2005 04:10:30 -0000
+@@ -125,7 +125,7 @@
+ cipher_sync( dfx.cipher_hd );
+ p = temp;
+ /* log_hexdump( "prefix", temp, nprefix+2 ); */
+- if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
++ if( dek->symmetric && (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) ) {
+ rc = G10ERR_BAD_KEY;
+ goto leave;
+ }
+