+++ /dev/null
-Upstream-Status: Backport
-
-Backport patch to fix CVE-2014-3564.
-
-http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
-From 2cbd76f7911fc215845e89b50d6af5ff4a83dd77 Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Wed, 30 Jul 2014 11:04:55 +0200
-Subject: [PATCH 1/1] Fix possible realloc overflow for gpgsm and uiserver
- engines.
-
-After a realloc (realloc is also used for initial alloc) the allocated
-size if the buffer is not correctly recorded. Thus an overflow can be
-introduced by receiving data with different line lengths in a specific
-order. This is not easy exploitable because libassuan constructs the
-line. However a crash has been reported and thus it might be possible
-to constructs an exploit.
-
-CVE-id: CVE-2014-3564
-Reported-by: Tomáš Trnka
----
- src/engine-gpgsm.c | 2 +-
- src/engine-uiserver.c | 2 +-
- 3 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
-index 8ec1598..3a83757 100644
---- a/src/engine-gpgsm.c
-+++ b/src/engine-gpgsm.c
-@@ -836,7 +836,7 @@ status_handler (void *opaque, int fd)
- else
- {
- *aline = newline;
-- gpgsm->colon.attic.linesize += linelen + 1;
-+ gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
- }
- }
- if (!err)
-diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
-index 2738c36..a7184b7 100644
---- a/src/engine-uiserver.c
-+++ b/src/engine-uiserver.c
-@@ -698,7 +698,7 @@ status_handler (void *opaque, int fd)
- else
- {
- *aline = newline;
-- uiserver->colon.attic.linesize += linelen + 1;
-+ uiserver->colon.attic.linesize = *alinelen + linelen + 1;
- }
- }
- if (!err)
---
-2.1.4
Upstream-Status: Rejected [Upstream not interested in pkg-config support]
RP 2015/4/17
-Index: gpgme-1.4.3/configure.ac
-===================================================================
---- gpgme-1.4.3.orig/configure.ac
-+++ gpgme-1.4.3/configure.ac
-@@ -1058,6 +1058,7 @@ AC_CONFIG_FILES(Makefile src/Makefile
+diff --git a/configure.ac b/configure.ac
+index 298a22b..c778b61 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -622,6 +622,7 @@ AC_CONFIG_FILES(Makefile src/Makefile
src/versioninfo.rc
src/gpgme.h)
AC_CONFIG_FILES(src/gpgme-config, chmod +x src/gpgme-config)
AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpgme.asd])
AC_OUTPUT
-Index: gpgme-1.4.3/src/Makefile.am
-===================================================================
---- gpgme-1.4.3.orig/src/Makefile.am
-+++ gpgme-1.4.3/src/Makefile.am
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 58922f9..40d0dca 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
@@ -20,11 +20,13 @@
- # Note: moc_kdpipeiodevice should actually be a dependcy below.
+ # Note: moc_kdpipeiodevice should actually be a dependecy below.
EXTRA_DIST = gpgme-config.in gpgme.m4 libgpgme.vers ChangeLog-2011 \
- gpgme.h.in versioninfo.rc.in gpgme.def moc_kdpipeiodevice.cpp
+ gpgme.h.in versioninfo.rc.in gpgme.def moc_kdpipeiodevice.cpp gpgme.pc.in gpgme-pthread.pc.in
+pkgconfig_DATA = gpgme.pc gpgme-pthread.pc
nodist_include_HEADERS = gpgme.h
- if HAVE_PTHREAD
-Index: gpgme-1.4.3/src/gpgme.pc.in
-===================================================================
+ bin_PROGRAMS = gpgme-tool
+diff --git a/src/gpgme-pthread.pc.in b/src/gpgme-pthread.pc.in
+new file mode 100644
+index 0000000..980a48e
--- /dev/null
-+++ gpgme-1.4.3/src/gpgme.pc.in
-@@ -0,0 +1,15 @@
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
-+
-+# API info
-+api_version=@GPGME_CONFIG_API_VERSION@
-+host=@GPGME_CONFIG_HOST@
-+
-+Name: gpgme
-+Description: GnuPG Made Easy (GPGME) is a C language library that allows to addsupport for cryptography to a program.
-+Version: @VERSION@
-+Libs: -L${libdir} -lgpgme
-+Cflags: -I${includedir}
-+Requires: libassuan gpg-error
-\ No newline at end of file
-Index: gpgme-1.4.3/src/gpgme-pthread.pc.in
-===================================================================
---- /dev/null
-+++ gpgme-1.4.3/src/gpgme-pthread.pc.in
++++ b/src/gpgme-pthread.pc.in
@@ -0,0 +1,15 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+Libs: -L${libdir} -lgpgme-pthread -lpthread
+Cflags: -I${includedir}
+Requires: libassuan gpg-error
-Index: gpgme-1.4.3/src/gpgme.m4
-===================================================================
---- gpgme-1.4.3.orig/src/gpgme.m4
-+++ gpgme-1.4.3/src/gpgme.m4
-@@ -36,7 +36,7 @@ dnl [ACTION-IF-FOUND [, AC
- dnl Test for libgpgme and define GPGME_CFLAGS and GPGME_LIBS.
+diff --git a/src/gpgme.m4 b/src/gpgme.m4
+index 6c2be44..d8a75cb 100644
+--- a/src/gpgme.m4
++++ b/src/gpgme.m4
+@@ -79,7 +79,7 @@ dnl config script does not match the host specification the script
+ dnl is added to the gpg_config_script_warn variable.
dnl
AC_DEFUN([AM_PATH_GPGME],
-[ AC_REQUIRE([_AM_PATH_GPGME_CONFIG])dnl
tmp=ifelse([$1], ,1:0.4.2,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_gpgme_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
-@@ -45,37 +45,12 @@ AC_DEFUN([AM_PATH_GPGME],
- req_gpgme_api=0
+@@ -89,36 +89,12 @@ AC_DEFUN([AM_PATH_GPGME],
min_gpgme_version="$tmp"
fi
--
+
- AC_MSG_CHECKING(for GPGME - version >= $min_gpgme_version)
- ok=no
- if test "$GPGME_CONFIG" != "no" ; then
- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
- if test "$gpgme_version_major" -gt "$req_major"; then
- ok=yes
-- else
+- else
- if test "$gpgme_version_major" -eq "$req_major"; then
- if test "$gpgme_version_minor" -gt "$req_minor"; then
- ok=yes
- fi
- fi
- fi
-+ PKG_CHECK_MODULES(GPGME, [gpgme >= $min_gpgme_version], [ok=yes], [ok=no])
++ PKG_CHECK_MODULES(GPGME, [gpgme >= $min_gpgme_version], [ok=yes], [ok=no])
if test $ok = yes; then
# If we have a recent GPGME, we should also check that the
# API is compatible.
if test "$tmp" -gt 0 ; then
if test "$req_gpgme_api" -ne "$tmp" ; then
ok=no
-@@ -84,18 +59,10 @@ AC_DEFUN([AM_PATH_GPGME],
+@@ -127,19 +103,11 @@ AC_DEFUN([AM_PATH_GPGME],
fi
fi
if test $ok = yes; then
- GPGME_LIBS=`$GPGME_CONFIG --libs`
- AC_MSG_RESULT(yes)
ifelse([$2], , :, [$2])
+ _AM_PATH_GPGME_CONFIG_HOST_CHECK
else
- GPGME_CFLAGS=""
- GPGME_LIBS=""
])
dnl AM_PATH_GPGME_PTHREAD([MINIMUM-VERSION,
-@@ -104,7 +71,7 @@ dnl Test for libgpgme and define GPGME_P
+@@ -148,7 +116,7 @@ dnl Test for libgpgme and define GPGME_PTHREAD_CFLAGS
dnl and GPGME_PTHREAD_LIBS.
dnl
AC_DEFUN([AM_PATH_GPGME_PTHREAD],
tmp=ifelse([$1], ,1:0.4.2,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_gpgme_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
-@@ -114,38 +81,13 @@ AC_DEFUN([AM_PATH_GPGME_PTHREAD],
+@@ -158,38 +126,12 @@ AC_DEFUN([AM_PATH_GPGME_PTHREAD],
min_gpgme_version="$tmp"
fi
- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
- if test "$gpgme_version_major" -gt "$req_major"; then
- ok=yes
-- else
+- else
- if test "$gpgme_version_major" -eq "$req_major"; then
- if test "$gpgme_version_minor" -gt "$req_minor"; then
- ok=yes
- fi
- fi
- fi
-+ PKG_CHECK_MODULES(GPGME_PTHREAD, [gpgme-pthread >= $min_gpgme_version], [ok=yes], [ok=no])
-+
++ PKG_CHECK_MODULES(GPGME_PTHREAD, [gpgme-pthread >= $min_gpgme_version], [ok=yes], [ok=no])
if test $ok = yes; then
# If we have a recent GPGME, we should also check that the
# API is compatible.
if test "$tmp" -gt 0 ; then
if test "$req_gpgme_api" -ne "$tmp" ; then
ok=no
-@@ -154,18 +96,10 @@ AC_DEFUN([AM_PATH_GPGME_PTHREAD],
+@@ -198,19 +140,11 @@ AC_DEFUN([AM_PATH_GPGME_PTHREAD],
fi
fi
if test $ok = yes; then
- GPGME_PTHREAD_LIBS=`$GPGME_CONFIG --thread=pthread --libs`
- AC_MSG_RESULT(yes)
ifelse([$2], , :, [$2])
+ _AM_PATH_GPGME_CONFIG_HOST_CHECK
else
- GPGME_PTHREAD_CFLAGS=""
- GPGME_PTHREAD_LIBS=""
])
-@@ -184,36 +118,13 @@ AC_DEFUN([AM_PATH_GPGME_GLIB],
+@@ -229,36 +163,12 @@ AC_DEFUN([AM_PATH_GPGME_GLIB],
min_gpgme_version="$tmp"
fi
- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
- if test "$gpgme_version_major" -gt "$req_major"; then
- ok=yes
-- else
+- else
- if test "$gpgme_version_major" -eq "$req_major"; then
- if test "$gpgme_version_minor" -gt "$req_minor"; then
- ok=yes
- fi
- fi
+ PKG_CHECK_MODULES(GPGME_GLIB, [gpgme >= $min_gpgme_version glib-2.0], [ok=yes], [ok=no])
-+
if test $ok = yes; then
# If we have a recent GPGME, we should also check that the
# API is compatible.
if test "$tmp" -gt 0 ; then
if test "$req_gpgme_api" -ne "$tmp" ; then
ok=no
-@@ -222,17 +133,9 @@ AC_DEFUN([AM_PATH_GPGME_GLIB],
+@@ -267,17 +177,9 @@ AC_DEFUN([AM_PATH_GPGME_GLIB],
fi
fi
if test $ok = yes; then
- GPGME_GLIB_LIBS=`$GPGME_CONFIG --glib --libs`
- AC_MSG_RESULT(yes)
ifelse([$2], , :, [$2])
+ _AM_PATH_GPGME_CONFIG_HOST_CHECK
else
- GPGME_GLIB_CFLAGS=""
- GPGME_GLIB_LIBS=""
- AC_SUBST(GPGME_GLIB_CFLAGS)
- AC_SUBST(GPGME_GLIB_LIBS)
])
-
+diff --git a/src/gpgme.pc.in b/src/gpgme.pc.in
+new file mode 100644
+index 0000000..b69539f
+--- /dev/null
++++ b/src/gpgme.pc.in
+@@ -0,0 +1,15 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++# API info
++api_version=@GPGME_CONFIG_API_VERSION@
++host=@GPGME_CONFIG_HOST@
++
++Name: gpgme
++Description: GnuPG Made Easy (GPGME) is a C language library that allows to addsupport for cryptography to a program.
++Version: @VERSION@
++Libs: -L${libdir} -lgpgme
++Cflags: -I${includedir}
++Requires: libassuan gpg-error
+\ No newline at end of file
