[email protected] (Jeremie Courreges-Anglas) writes: > If people want to give it a try. Here's the commit in upstream repo: > > > https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=c6dbfe89903d0c8191cf50ecf1abb3c8458b427a > > (this commit depends on the previous, included in the patch below)
Patch for 5.9. Index: Makefile =================================================================== RCS file: /cvs/ports/security/gnupg/Makefile,v retrieving revision 1.98 diff -u -p -r1.98 Makefile --- Makefile 6 Nov 2015 18:30:31 -0000 1.98 +++ Makefile 21 Aug 2016 15:56:20 -0000 @@ -3,7 +3,7 @@ COMMENT= GNU privacy guard - a free PGP replacement DISTNAME= gnupg-1.4.19 -REVISION= 0 +REVISION= 1 CATEGORIES= security # restrict, not compatible with gnupg-2. Index: patches/patch-cipher_random_c =================================================================== RCS file: patches/patch-cipher_random_c diff -N patches/patch-cipher_random_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-cipher_random_c 21 Aug 2016 15:55:08 -0000 @@ -0,0 +1,50 @@ +$OpenBSD$ + +CVE-2016-6313: random: Hash continuous areas in the csprng pool. + + https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=e23eec8c9a602eee0a09851a54db0f5d611f125c + https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=c6dbfe89903d0c8191cf50ecf1abb3c8458b427a + +--- cipher/random.c.orig Thu Feb 26 18:24:21 2015 ++++ cipher/random.c Sun Aug 21 16:20:26 2016 +@@ -360,23 +360,21 @@ mix_pool(byte *pool) + #if DIGESTLEN != 20 + #error must have a digest length of 20 for ripe-md-160 + #endif +- /* loop over the pool */ ++ /* pool -> pool' */ + pend = pool + POOLSIZE; + memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN ); + memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN); + rmd160_mixblock( &md, hashbuf); +- memcpy(pool, hashbuf, 20 ); ++ memcpy(pool, hashbuf, DIGESTLEN); + ++ /* Loop for the remaining iterations. */ + p = pool; + for( n=1; n < POOLBLOCKS; n++ ) { +- memcpy(hashbuf, p, DIGESTLEN ); +- +- p += DIGESTLEN; +- if( p+DIGESTLEN+BLOCKLEN < pend ) +- memcpy(hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN); ++ if( p + BLOCKLEN < pend ) ++ memcpy(hashbuf, p, BLOCKLEN); + else { +- char *pp = p+DIGESTLEN; +- for(i=DIGESTLEN; i < BLOCKLEN; i++ ) { ++ char *pp = p; ++ for(i=0; i < BLOCKLEN; i++ ) { + if( pp >= pend ) + pp = pool; + hashbuf[i] = *pp++; +@@ -384,7 +382,8 @@ mix_pool(byte *pool) + } + + rmd160_mixblock( &md, hashbuf); +- memcpy(p, hashbuf, 20 ); ++ p += DIGESTLEN; ++ memcpy(p, hashbuf, DIGESTLEN); + } + burn_stack (384); /* for the rmd160_mixblock() */ + } -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
