Tue Jun 13 19:34:53 2017 UTC ()
Pullup ticket #5472 - requested by sevan
security/libksba: bugfix
Revisions pulled up:
- security/libksba/Makefile 1.34
- security/libksba/distinfo 1.22
- security/libksba/patches/patch-src_cms.c 1.1
---
Module Name: pkgsrc
Committed By: gdt
Date: Tue May 30 22:40:17 UTC 2017
Modified Files:
pkgsrc/security/libksba: Makefile distinfo
Added Files:
pkgsrc/security/libksba/patches: patch-src_cms.c
Log Message:
Add patch to resolve gpgsm S/MIME failures
S/MIME messages encrypted with gpgsm are sometimes not decodable by
other implementations. Discussion on gnupg-devel indicates that gpg
(via libksba) is incorrectly dropping leading zeros from the encrypted
session key. This commit adds a patch by Daiki Ueno from the
mailinglist that appears to improve interoperability. Upstream has
not yet applied it, but also has not said that it is wrong.
(bsiegert)
diff -r1.33 -r1.33.6.1 pkgsrc/security/libksba/Makefile
diff -r1.21 -r1.21.6.1 pkgsrc/security/libksba/distinfo
diff -r0 -r1.1.2.2 pkgsrc/security/libksba/patches/patch-src_cms.c
--- pkgsrc/security/libksba/Makefile 2016/08/22 12:32:11 1.33
+++ pkgsrc/security/libksba/Makefile 2017/06/13 19:34:53 1.33.6.1
| @@ -1,16 +1,17 @@ | | | @@ -1,16 +1,17 @@ |
| 1 | # $NetBSD: Makefile,v 1.33 2016/08/22 12:32:11 wiz Exp $ | | 1 | # $NetBSD: Makefile,v 1.33.6.1 2017/06/13 19:34:53 bsiegert Exp $ |
| 2 | | | 2 | |
| 3 | DISTNAME= libksba-1.3.5 | | 3 | DISTNAME= libksba-1.3.5 |
| | | 4 | PKGREVISION= 1 |
| 4 | CATEGORIES= security | | 5 | CATEGORIES= security |
| 5 | MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libksba/ | | 6 | MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libksba/ |
| 6 | EXTRACT_SUFX= .tar.bz2 | | 7 | EXTRACT_SUFX= .tar.bz2 |
| 7 | | | 8 | |
| 8 | MAINTAINER= pkgsrc-users@NetBSD.org | | 9 | MAINTAINER= pkgsrc-users@NetBSD.org |
| 9 | HOMEPAGE= https://www.gnupg.org/(fr)/related_software/libksba/index.html | | 10 | HOMEPAGE= https://www.gnupg.org/(fr)/related_software/libksba/index.html |
| 10 | COMMENT= X.509 library | | 11 | COMMENT= X.509 library |
| 11 | LICENSE= gnu-lgpl-v3 AND gnu-gpl-v2 | | 12 | LICENSE= gnu-lgpl-v3 AND gnu-gpl-v2 |
| 12 | | | 13 | |
| 13 | USE_LIBTOOL= yes | | 14 | USE_LIBTOOL= yes |
| 14 | GNU_CONFIGURE= yes | | 15 | GNU_CONFIGURE= yes |
| 15 | INFO_FILES= yes | | 16 | INFO_FILES= yes |
| 16 | | | 17 | |
--- pkgsrc/security/libksba/distinfo 2016/08/22 12:32:11 1.21
+++ pkgsrc/security/libksba/distinfo 2017/06/13 19:34:53 1.21.6.1
| @@ -1,8 +1,9 @@ | | | @@ -1,8 +1,9 @@ |
| 1 | $NetBSD: distinfo,v 1.21 2016/08/22 12:32:11 wiz Exp $ | | 1 | $NetBSD: distinfo,v 1.21.6.1 2017/06/13 19:34:53 bsiegert Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (libksba-1.3.5.tar.bz2) = a98385734a0c3f5b713198e8d6e6e4aeb0b76fde | | 3 | SHA1 (libksba-1.3.5.tar.bz2) = a98385734a0c3f5b713198e8d6e6e4aeb0b76fde |
| 4 | RMD160 (libksba-1.3.5.tar.bz2) = ee7c752196ae89ce798007b076e8eb695d6c4ea9 | | 4 | RMD160 (libksba-1.3.5.tar.bz2) = ee7c752196ae89ce798007b076e8eb695d6c4ea9 |
| 5 | SHA512 (libksba-1.3.5.tar.bz2) = 60179bfd109b7b4fd8d2b30a3216540f03f5a13620d9a5b63f1f95788028708a420911619f172ba57e945a6a2fcd2ef7eaafc5585a0eb2b9652cfadf47bf39a2 | | 5 | SHA512 (libksba-1.3.5.tar.bz2) = 60179bfd109b7b4fd8d2b30a3216540f03f5a13620d9a5b63f1f95788028708a420911619f172ba57e945a6a2fcd2ef7eaafc5585a0eb2b9652cfadf47bf39a2 |
| 6 | Size (libksba-1.3.5.tar.bz2) = 620649 bytes | | 6 | Size (libksba-1.3.5.tar.bz2) = 620649 bytes |
| 7 | SHA1 (patch-aa) = f2e63361afb95d5469153efaecebcb8719938d58 | | 7 | SHA1 (patch-aa) = f2e63361afb95d5469153efaecebcb8719938d58 |
| 8 | SHA1 (patch-src_Makefile.in) = 484f6c02bc382b8c5647ce867f30bb2c4073580f | | 8 | SHA1 (patch-src_Makefile.in) = 484f6c02bc382b8c5647ce867f30bb2c4073580f |
| | | 9 | SHA1 (patch-src_cms.c) = e98ae5b586e99bea440ac5fdad80549a0f8fface |
$NetBSD: patch-src_cms.c,v 1.1.2.2 2017/06/13 19:34:53 bsiegert Exp $
Avoid dropping leading zeros in encoded session key.
Patch by Daiki Ueno, taken from discussion on gnupg-devel:
https://lists.gnupg.org/pipermail/gnupg-devel/2016-February/030825.html
(Upstream has been asked to apply this patch, but so far has not.)
--- src/cms.c.orig 2013-03-15 19:26:38.000000000 +0000
+++ src/cms.c
@@ -87,6 +87,8 @@ static const char oid_signingTime[9] = "
static const char oidstr_smimeCapabilities[] = "1.2.840.113549.1.9.15";
+static const char oidstr_rsaEncryption[] = "1.2.840.113549.1.1.1";
+
�
/* Helper for read_and_hash_cont(). */
@@ -1621,7 +1623,7 @@ ksba_cms_set_sig_val (ksba_cms_t cms, in
return gpg_error (GPG_ERR_ENOMEM);
if (n==3 && s[0] == 'r' && s[1] == 's' && s[2] == 'a')
{ /* kludge to allow "rsa" to be passed as algorithm name */
- sv->algo = xtrystrdup ("1.2.840.113549.1.1.1");
+ sv->algo = xtrystrdup (oidstr_rsaEncryption);
if (!sv->algo)
{
xfree (sv);
@@ -1674,9 +1676,10 @@ ksba_cms_set_sig_val (ksba_cms_t cms, in
return gpg_error (GPG_ERR_INV_SEXP);
}
- if (n > 1 && !*s)
+ if (strcmp (sv->algo, oidstr_rsaEncryption) != 0 && n > 1 && !*s)
{ /* We might have a leading zero due to the way we encode
- MPIs - this zero should not go into the OCTECT STRING. */
+ MPIs - this zero should not go into the OCTECT STRING,
+ unless it is explicitly allowed in the signature scheme. */
s++;
n--;
}
@@ -1798,7 +1801,7 @@ ksba_cms_set_enc_val (ksba_cms_t cms, in
xfree (cl->enc_val.algo);
if (n==3 && s[0] == 'r' && s[1] == 's' && s[2] == 'a')
{ /* kludge to allow "rsa" to be passed as algorithm name */
- cl->enc_val.algo = xtrystrdup ("1.2.840.113549.1.1.1");
+ cl->enc_val.algo = xtrystrdup (oidstr_rsaEncryption);
if (!cl->enc_val.algo)
return gpg_error (GPG_ERR_ENOMEM);
}
@@ -1831,9 +1834,10 @@ ksba_cms_set_enc_val (ksba_cms_t cms, in
if (!n || *s != ':')
return gpg_error (GPG_ERR_INV_SEXP);
s++;
- if (n > 1 && !*s)
+ if (strcmp (cl->enc_val.algo, oidstr_rsaEncryption) != 0 && n > 1 && !*s)
{ /* We might have a leading zero due to the way we encode
- MPIs - this zero should not go into the OCTECT STRING. */
+ MPIs - this zero should not go into the OCTECT STRING,
+ unless it is explicitly allowed in the encryption scheme. */
s++;
n--;
}