From da79c127d306925688da58a02d4d642008acb960 Mon Sep 17 00:00:00 2001 From: Duncaen Date: Tue, 12 Feb 2019 14:28:43 +0100 Subject: [PATCH] netpgp: update and import patches from NetBSD --- srcpkgs/netpgp/patches/keyring_crash.patch | 21 ------ srcpkgs/netpgp/patches/lib_keyring_c.patch | 68 ++++++++++++++++++++ srcpkgs/netpgp/patches/lib_reader_c.patch | 26 ++++++++ srcpkgs/netpgp/patches/lib_signature_c.patch | 19 ++++++ srcpkgs/netpgp/patches/netpgp_1.patch | 25 +++++++ srcpkgs/netpgp/template | 2 +- 6 files changed, 139 insertions(+), 22 deletions(-) delete mode 100644 srcpkgs/netpgp/patches/keyring_crash.patch create mode 100644 srcpkgs/netpgp/patches/lib_keyring_c.patch create mode 100644 srcpkgs/netpgp/patches/lib_reader_c.patch create mode 100644 srcpkgs/netpgp/patches/lib_signature_c.patch create mode 100644 srcpkgs/netpgp/patches/netpgp_1.patch diff --git a/srcpkgs/netpgp/patches/keyring_crash.patch b/srcpkgs/netpgp/patches/keyring_crash.patch deleted file mode 100644 index 5e8407b1fef..00000000000 --- a/srcpkgs/netpgp/patches/keyring_crash.patch +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-src_lib_keyring.c,v 1.1 2017/02/20 01:09:11 khorben Exp $ - -Do not crash when listing keys without a keyring - ---- src/lib/keyring.c.orig 2017-02-20 01:03:25.000000000 +0000 -+++ src/lib/keyring.c -@@ -993,9 +993,12 @@ pgp_keyring_list(pgp_io_t *io, const pgp - { - pgp_key_t *key; - unsigned n; -+ unsigned keyc = (keyring != NULL) ? keyring->keyc : 0; - -- (void) fprintf(io->res, "%u key%s\n", keyring->keyc, -- (keyring->keyc == 1) ? "" : "s"); -+ (void) fprintf(io->res, "%u key%s\n", keyc, (keyc == 1) ? "" : "s"); -+ if (keyring == NULL) { -+ return 1; -+ } - for (n = 0, key = keyring->keys; n < keyring->keyc; ++n, ++key) { - if (pgp_is_key_secret(key)) { - pgp_print_keydata(io, keyring, key, "sec", diff --git a/srcpkgs/netpgp/patches/lib_keyring_c.patch b/srcpkgs/netpgp/patches/lib_keyring_c.patch new file mode 100644 index 00000000000..8500d1f253c --- /dev/null +++ b/srcpkgs/netpgp/patches/lib_keyring_c.patch @@ -0,0 +1,68 @@ +$NetBSD: patch-src_lib_keyring.c,v 1.3 2018/03/15 20:00:43 khorben Exp $ + +Do not crash when listing keys without a keyring. +Do not use random data for pass-phrases on EOF. +Do not ask for a passphrase when empty. + +--- src/lib/keyring.c.orig 2011-06-25 00:37:44.000000000 +0000 ++++ src/lib/keyring.c +@@ -226,7 +226,7 @@ typedef struct { + pgp_seckey_t *seckey; + } decrypt_t; + +-static pgp_cb_ret_t ++static pgp_cb_ret_t + decrypt_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo) + { + const pgp_contents_t *content = &pkt->u; +@@ -244,7 +244,9 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_ + break; + + case PGP_GET_PASSPHRASE: +- (void) pgp_getpassphrase(decrypt->passfp, pass, sizeof(pass)); ++ if (pgp_getpassphrase(decrypt->passfp, pass, sizeof(pass)) == 0) { ++ pass[0] = '\0'; ++ } + *content->skey_passphrase.passphrase = netpgp_strdup(pass); + pgp_forget(pass, (unsigned)sizeof(pass)); + return PGP_KEEP_MEMORY; +@@ -292,6 +294,20 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_ + return PGP_RELEASE_MEMORY; + } + ++static pgp_cb_ret_t ++decrypt_cb_empty(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo) ++{ ++ const pgp_contents_t *content = &pkt->u; ++ ++ switch (pkt->tag) { ++ case PGP_GET_PASSPHRASE: ++ *content->skey_passphrase.passphrase = netpgp_strdup(""); ++ return PGP_KEEP_MEMORY; ++ default: ++ return decrypt_cb(pkt, cbinfo); ++ } ++} ++ + /** + \ingroup Core_Keys + \brief Decrypts secret key from given keydata with given passphrase +@@ -306,8 +322,18 @@ pgp_decrypt_seckey(const pgp_key_t *key, + const int printerrors = 1; + decrypt_t decrypt; + ++ /* first try with an empty passphrase */ + (void) memset(&decrypt, 0x0, sizeof(decrypt)); + decrypt.key = key; ++ stream = pgp_new(sizeof(*stream)); ++ pgp_keydata_reader_set(stream, key); ++ pgp_set_callback(stream, decrypt_cb_empty, &decrypt); ++ stream->readinfo.accumulate = 1; ++ pgp_parse(stream, !printerrors); ++ if (decrypt.seckey != NULL) { ++ return decrypt.seckey; ++ } ++ /* ask for a passphrase */ + decrypt.passfp = passfp; + stream = pgp_new(sizeof(*stream)); + pgp_keydata_reader_set(stream, key); diff --git a/srcpkgs/netpgp/patches/lib_reader_c.patch b/srcpkgs/netpgp/patches/lib_reader_c.patch new file mode 100644 index 00000000000..8be51eeda12 --- /dev/null +++ b/srcpkgs/netpgp/patches/lib_reader_c.patch @@ -0,0 +1,26 @@ +$NetBSD: patch-src_lib_reader.c,v 1.1 2018/03/15 19:51:08 khorben Exp $ + +Do not truncate pass-phrases without a newline character. + +--- src/lib/reader.c.orig 2012-03-05 02:20:18.000000000 +0000 ++++ src/lib/reader.c +@@ -160,6 +160,7 @@ int + pgp_getpassphrase(void *in, char *phrase, size_t size) + { + char *p; ++ size_t len; + + if (in == NULL) { + while ((p = getpass("netpgp passphrase: ")) == NULL) { +@@ -169,7 +170,10 @@ pgp_getpassphrase(void *in, char *phrase + if (fgets(phrase, (int)size, in) == NULL) { + return 0; + } +- phrase[strlen(phrase) - 1] = 0x0; ++ len = strlen(phrase); ++ if (len >= 1 && phrase[len - 1] == '\n') { ++ phrase[len - 1] = '\0'; ++ } + } + return 1; + } diff --git a/srcpkgs/netpgp/patches/lib_signature_c.patch b/srcpkgs/netpgp/patches/lib_signature_c.patch new file mode 100644 index 00000000000..7fe2a78598f --- /dev/null +++ b/srcpkgs/netpgp/patches/lib_signature_c.patch @@ -0,0 +1,19 @@ +$NetBSD: patch-src_lib_signature.c,v 1.1 2018/03/15 20:21:52 khorben Exp $ + +Output signatures to the standard output for "-". + +--- src/lib/signature.c.orig 2012-03-05 02:20:18.000000000 +0000 ++++ src/lib/signature.c +@@ -903,7 +903,11 @@ open_output_file(pgp_output_t **output, + + /* setup output file */ + if (outname) { +- fd = pgp_setup_file_write(output, outname, overwrite); ++ if (strcmp(outname, "-") == 0) { ++ fd = pgp_setup_file_write(output, NULL, overwrite); ++ } else { ++ fd = pgp_setup_file_write(output, outname, overwrite); ++ } + } else { + unsigned flen = (unsigned)(strlen(inname) + 4 + 1); + char *f = NULL; diff --git a/srcpkgs/netpgp/patches/netpgp_1.patch b/srcpkgs/netpgp/patches/netpgp_1.patch new file mode 100644 index 00000000000..ed990504fc3 --- /dev/null +++ b/srcpkgs/netpgp/patches/netpgp_1.patch @@ -0,0 +1,25 @@ +$NetBSD: patch-src_netpgp_netpgp.1,v 1.1 2018/03/15 20:14:14 khorben Exp $ + +Correct option "--armor". +Also document alternate option "--detach". + +--- src/netpgp/netpgp.1.orig 2014-02-17 07:23:18.000000000 +0000 ++++ src/netpgp/netpgp.1 +@@ -203,7 +203,7 @@ library. + In addition to one of the preceding commands, a number of qualifiers + or options may be given. + .Bl -tag -width Ar +-.It Fl Fl armour , Fl armor ++.It Fl Fl armour , Fl Fl armor + This option, however it is spelled, wraps the signature as an + ASCII-encoded piece of text, for ease of use. + .It Fl Fl cipher Ar ciphername +@@ -216,7 +216,7 @@ access to the cipher used. + The default cipher algorithm is the + .Dq CAST5 + algorithm. +-.It Fl Fl detached ++.It Fl Fl detach , Fl Fl detached + When signing a file, place the resulting signature in a separate + file from the one being signed. + .It Fl Fl hash-alg Ar hash-algorithm diff --git a/srcpkgs/netpgp/template b/srcpkgs/netpgp/template index fc95cf3842b..df5acb6701d 100644 --- a/srcpkgs/netpgp/template +++ b/srcpkgs/netpgp/template @@ -1,7 +1,7 @@ # Template file for 'netpgp' pkgname=netpgp version=20140220 -revision=15 +revision=16 build_style=gnu-configure hostmakedepends="automake libtool pkg-config" makedepends="zlib-devel bzip2-devel libressl-devel"