Date: Fri, 23 Jul 2010 23:31:15 +0900 From: Hirohisa Yamaguchi <umq@ueo.co.jp> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/148866: security/gnupg security patch from upstream Message-ID: <861vaugtho.wl%umq@ueo.co.jp> Resent-Message-ID: <201007231440.o6NEe3Al057841@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 148866 >Category: ports >Synopsis: security/gnupg security patch from upstream >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Jul 23 14:40:02 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Hirohisa Yamaguchi >Release: FreeBSD 8.0-BETA2 amd64 >Organization: <organization of PR author (multiple lines)> >Environment: System: FreeBSD calliope.****.org 8.0-BETA2 FreeBSD 8.0-BETA2 #21: Sun Aug 16 19:47:51 JST 2009 root@calliope.****.org:/usr/obj/usr/src/sys/CALLIOPE64 amd64 >Description: gpgsm in security/gnupg has realloc bug. > An exploit is not yet known but it can't be ruled out for sure that > the problem has not already been identified by some dark forces. Announcement: http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html newer version 2.0.17 might be coming shortly. >How-To-Repeat: Importing a certificate with more than 98 Subject Alternate Names via GPGSM's import command or implicitly while verifying a signature causes GPGSM to reallocate an array with the names. The bug is that the reallocation code misses assigning the reallocated array to the old array variable and thus the old and freed array will be used. Usually this leads to a segv. >Fix: the patch follows: diff -Npru ports.org/security/gnupg/Makefile ports/security/gnupg/Makefile --- ports.org/security/gnupg/Makefile 2010-07-23 23:04:04.000000000 +0900 +++ ports/security/gnupg/Makefile 2010-07-23 23:04:32.000000000 +0900 @@ -7,6 +7,7 @@ PORTNAME= gnupg PORTVERSION= 2.0.16 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GNUPG} MASTER_SITE_SUBDIR= gnupg diff -Npru ports.org/security/gnupg/files/patch-kbx__keybox-blob.c ports/security/gnupg/files/patch-kbx__keybox-blob.c --- ports.org/security/gnupg/files/patch-kbx__keybox-blob.c 1970-01-01 09:00:00.000000000 +0900 +++ ports/security/gnupg/files/patch-kbx__keybox-blob.c 2010-07-23 22:52:09.000000000 +0900 @@ -0,0 +1,10 @@ +--- ./kbx/keybox-blob.c.orig 2009-09-22 01:53:44.000000000 +0900 ++++ ./kbx/keybox-blob.c 2010-07-23 22:51:55.000000000 +0900 +@@ -898,6 +898,7 @@ + rc = gpg_error_from_syserror (); + goto leave; + } ++ names = tmp; + } + names[blob->nuids++] = p; + if (!i && (p=x509_email_kludge (p))) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?861vaugtho.wl%umq>