[Frugalware-git] frugalware-1.9: gpgme-1.3.1-6arcturus1-x86_64

Wed, 20 Aug 2014 02:03:13 -0700 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=e53f865a79a861e95373cfbf28c3f8024618b399

commit e53f865a79a861e95373cfbf28c3f8024618b399
Author: kikadf <[email protected]>
Date:   Wed Aug 20 11:02:16 2014 +0200

gpgme-1.3.1-6arcturus1-x86_64

* Fix CVE-2014-3564

diff --git a/source/lib/gpgme/CVE-2014-3564.patch 
b/source/lib/gpgme/CVE-2014-3564.patch
new file mode 100644
index 0000000..5534c0b
--- /dev/null
+++ b/source/lib/gpgme/CVE-2014-3564.patch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# DP: Description: denial of service via different line lengths
+# DP: Origin: backport, 
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
+# DP: Bug-Debian: https://bugs.debian.org/756651
+# DP: Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=890123
+# DP: Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1113267
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' 
'--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' 
gpgme1.0-1.2.0~/src/engine-gpgsm.c gpgme1.0-1.2.0/src/engine-gpgsm.c
+--- gpgme1.0-1.2.0~/src/engine-gpgsm.c 2009-06-17 08:36:07.000000000 -0400
++++ gpgme1.0-1.2.0/src/engine-gpgsm.c  2014-08-01 09:45:02.165096307 -0400
+@@ -959,7 +959,7 @@
+             else
+               {
+                 *aline = newline;
+-                gpgsm->colon.attic.linesize += linelen + 1;
++                gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
+               }
+           }
+         if (!err)
diff --git a/source/lib/gpgme/FrugalBuild b/source/lib/gpgme/FrugalBuild
index 802e5b8..abd75ad 100644
--- a/source/lib/gpgme/FrugalBuild
+++ b/source/lib/gpgme/FrugalBuild
@@ -3,7 +3,7 @@

pkgname=gpgme
pkgver=1.3.1
-pkgrel=5
+pkgrel=6arcturus1
pkgdesc="A high-level crypto API for encryption"
url="http://www.gnupg.org/related_software/gpgme/";
groups=('lib')
@@ -15,4 +15,10 @@ sha1sums=('7d19a95a2239da13764dad7f97541be884ec5a37')
export CFLAGS="${CFLAGS} -D_FILE_OFFSET_BITS=64"
Finclude texinfo

+# FSA fix ***
+source=(${source[@]} CVE-2014-3564.patch)
+sha1sums=(${sha1sums[@]} 'b9a30c5ec6cb25d3923940c171a15f915daacdb6')
+# ***********
+
+
# optimization OK
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to