From owner-freebsd-ports@FreeBSD.ORG Wed Dec 13 01:44:03 2006 Return-Path: X-Original-To: ports@FreeBSD.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9CA9E16A403; Wed, 13 Dec 2006 01:44:03 +0000 (UTC) (envelope-from kuriyama@imgsrc.co.jp) Received: from black.imgsrc.co.jp (black.imgsrc.co.jp [210.226.20.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7114443CAE; Wed, 13 Dec 2006 01:42:35 +0000 (GMT) (envelope-from kuriyama@imgsrc.co.jp) Received: from localhost (magenta.imgsrc.co.jp [210.226.20.134]) by black.imgsrc.co.jp (Postfix) with ESMTP id CA8B650F23; Wed, 13 Dec 2006 10:44:00 +0900 (JST) X-Virus-Scanned: IMG SRC scanner at virus.imgsrc.co.jp (magenta) Received: from black.imgsrc.co.jp ([210.226.20.147]) by localhost (magenta.imgsrc.co.jp [210.226.20.134]) (amavisd-new, port 10024) with ESMTP id NQ8eB9HWEqnx; Wed, 13 Dec 2006 10:44:00 +0900 (JST) Received: from pink.imgsrc.co.jp (pink.imgsrc.co.jp [210.226.20.36]) by black.imgsrc.co.jp (Postfix) with ESMTP id 7DDF350ECB; Wed, 13 Dec 2006 10:44:00 +0900 (JST) Date: Wed, 13 Dec 2006 10:44:00 +0900 Message-ID: <7mu000h8nz.wl%kuriyama@imgsrc.co.jp> From: Jun Kuriyama To: Doug Barton In-Reply-To: <457F10E5.5070901@FreeBSD.org> References: <7mu003jdyg.wl%kuriyama@imgsrc.co.jp> <457DA05F.8010805@FreeBSD.org> <7mr6v6ht57.wl%kuriyama@imgsrc.co.jp> <457E5DB4.7030204@FreeBSD.org> <7mbqm9ijr9.wl%kuriyama@imgsrc.co.jp> <20061212145124.GA3446@straylight.m.ringlet.net> <457F10E5.5070901@FreeBSD.org> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/21.3 (i386--freebsd) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: multipart/mixed; boundary="Multipart_Wed_Dec_13_10:44:00_2006-1" Cc: ports@FreeBSD.org Subject: Re: HEADS UP : security/gnupg will be upgraded to 2.0.1 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2006 01:44:03 -0000 --Multipart_Wed_Dec_13_10:44:00_2006-1 Content-Type: text/plain; charset=US-ASCII At Tue, 12 Dec 2006 12:28:21 -0800, Doug Barton wrote: > >> I have no clue about last problem for now (only pkg-message or > >> UPDATING). This maybe critical for casual portupgrade users. > > > > Err... I wonder... How about repo-copying (or rather, repo-moving) > > the current security/gnupg to security/gnupg1, and creating a new > > security/gnupg meta-port with runtime dependencies on *both* gnupg1 and > > gnupg2? > > In my mind this is overkill, since the gpg2 binary provides exactly > the same functionality as the gpg binary. I don't see any reason to > install them both. > > What might make sense is for the gnupg 2.x port to install a gpg > symlink to gpg2. I've done that on my own system for convenience sake. > That will get hairy if the user tries to install gnupg 1.x though. > Both gnupg ports will need logic to handle what to do with the symlink > if the other port is installed. Seems fine. Like this? -- Jun Kuriyama // IMG SRC, Inc. // FreeBSD Project --Multipart_Wed_Dec_13_10:44:00_2006-1 Content-Type: application/octet-stream; type=patch Content-Disposition: attachment; filename="gnupg.diff" Content-Transfer-Encoding: 7bit Index: security/gnupg/Makefile =================================================================== RCS file: /home/ncvs/ports/security/gnupg/Makefile,v retrieving revision 1.92 diff -u -r1.92 Makefile --- security/gnupg/Makefile 8 Dec 2006 09:25:31 -0000 1.92 +++ security/gnupg/Makefile 13 Dec 2006 01:22:54 -0000 @@ -6,8 +6,7 @@ # PORTNAME= gnupg -PORTVERSION= 1.4.6 -PORTREVISION= 1 +PORTVERSION= 2.0.1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GNUPG} MASTER_SITE_SUBDIR= gnupg @@ -17,95 +16,76 @@ MAINTAINER= kuriyama@FreeBSD.org COMMENT= The GNU Privacy Guard +BUILD_DEPENDS= ${LOCALBASE}/lib/libassuan.a:${PORTSDIR}/security/libassuan +LIB_DEPENDS= gcrypt.13:${PORTSDIR}/security/libgcrypt \ + gpg-error:${PORTSDIR}/security/libgpg-error \ + ksba.17:${PORTSDIR}/security/libksba \ + pth.20:${PORTSDIR}/devel/pth +RUN_DEPENDS= dirmngr:${PORTSDIR}/security/dirmngr + USE_BZIP2= YES USE_GMAKE= YES GNU_CONFIGURE= YES -CONFIGURE_TARGET= --build ${MACHINE_ARCH}-portbld-freebsd${OSREL} -CONFIGURE_ARGS= --infodir=${PREFIX}/info --mandir=${PREFIX}/man -.if ${MACHINE_CPU:Mi586} -MACHINE_ARCH= i586 -.endif -CFLAGS:= ${CFLAGS:S/-pipe//g} -MAN1= gpg.1 gpgv.1 gpg.ru.1 -MAN7= gnupg.7 -INFO= gnupg1 - -PORTDOCS= * - -OPTIONS= LDAP "LDAP keyserver interface" off \ - LIBICONV "use libiconv" off \ - LIBUSB "use libusb" off \ - SUID_GPG "install GPG with suid" off \ - NLS "Native Language Support" on \ - CURL "use libcurl for the keyserver interface" on +USE_ICONV= YES +USE_LDCONFIG= YES +CONFIGURE_TARGET=# empty +CONFIGURE_ARGS+= --infodir=${PREFIX}/info --mandir=${PREFIX}/man \ + --with-libpth-prefix=${LOCALBASE}/lib/pth +MAN1= gpg2.1 gpgsm.1 gpgv2.1 gpg-agent.1 scdaemon.1 watchgnupg.1 \ + gpgconf.1 gpg-preset-passphrase.1 gpg-connect-agent.1 \ + gpgparsemail.1 symcryptrun.1 gpgsm-gencert.sh.1 +MAN8= addgnupghome.8 +INFO= gnupg + +OPTIONS= NLS "Include National Language Support" on \ + LDAP "Include LDAP keyserver support" off \ + SCDAEMON "Enable Smartcard daemon (with libusb)" off \ + CURL "Use the real curl library (worked around if no)" on .include -.if defined(WITH_LIBICONV) -USE_ICONV= yes -.else -CONFIGURE_ARGS+= --without-libiconv-prefix -.endif - -.if defined(WITH_LIBUSB) -CONFIGURE_ARGS+= --with-libusb=${LOCALBASE} -LIB_DEPENDS+= usb-0.1.8:${PORTSDIR}/devel/libusb +.if defined(WITHOUT_NLS) +CONFIGURE_ARGS+=--disable-nls +PLIST_SUB+= NLS="@comment " .else -CONFIGURE_ARGS+= --without-libusb +USE_GETTEXT= YES +PLIST_SUB+= NLS="" .endif .if defined(WITH_LDAP) -USE_OPENLDAP= yes -PLIST_SUB+= WITH_LDAP="" -CONFIGURE_ARGS+= --with-ldap=${LOCALBASE} -#CONFIGURE_ENV+= LDFLAGS="-L/usr/lib" +USE_OPENLDAP= YES +CONFIGURE_ARGS+=--with-ldap=${LOCALBASE} +PLIST_SUB+= LDAP="" .else -PLIST_SUB+= WITH_LDAP="@comment " -CONFIGURE_ARGS+= --disable-ldap +CONFIGURE_ARGS+=--disable-ldap +PLIST_SUB+= LDAP="@comment " .endif -.if !defined(WITHOUT_NLS) -USE_GETTEXT= YES -PLIST_SUB+= NLS="" +.if defined(WITH_SCDAEMON) +CONFIGURE_ARGS+=--enable-scdaemon +LIB_DEPENDS+= usb-0.1:${PORTSDIR}/devel/libusb +PLIST_SUB+= SCDAEMON="" .else -CONFIGURE_ARGS+=--disable-nls -PLIST_SUB+= NLS="@comment " +CONFIGURE_ARGS+=--disable-scdaemon +PLIST_SUB+= SCDAEMON="@comment " .endif -.if !defined(WITHOUT_CURL) +.if defined(WITHOUT_CURL) +CONFIGURE_ARGS+=--without-libcurl +.else LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl CONFIGURE_ARGS+=--with-libcurl=${LOCALBASE} -# Work around a GnuPG configure buglet -CONFIGURE_ENV+= _libcurl_config=${LOCALBASE}/bin/curl-config -.else -CONFIGURE_ARGS+=--without-libcurl .endif -post-install: -.if !defined(NOPORTDOCS) - ${MKDIR} ${DOCSDIR} -.for i in DETAILS FAQ HACKING OpenPGP - ${INSTALL_DATA} ${WRKSRC}/doc/${i} ${DOCSDIR} -.endfor -.for i in ABOUT-NLS AUTHORS BUGS COPYING INSTALL NEWS PROJECTS \ - README THANKS TODO VERSION - ${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR} -.endfor -.endif -.if defined(WITH_SUID_GPG) - ${CHMOD} u+s ${PREFIX}/bin/gpg -.endif -.if ${OSVERSION} < 500019 - @${CAT} ${PKGMESSAGE} -.else -PKGMESSAGE= /nonexistent -.endif +verify: checksum + gpg --verify ${DISTDIR}/${DISTNAME}${EXTRACT_SUFX}.sig -.if ${OSVERSION} < 500000 -CONFIGURE_ARGS+= --without-readline -.endif +pre-configure: + ${REINPLACE_CMD} -e "s@-lpthread@${PTHREAD_LIBS}@g" \ + ${WRKSRC}/acinclude.m4 ${WRKSRC}/aclocal.m4 ${WRKSRC}/configure -check: - (cd ${WRKSRC}; ${MAKE} check) +post-install: + PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL + @${CAT} ${PKGMESSAGE} .include Index: security/gnupg/distinfo =================================================================== RCS file: /home/ncvs/ports/security/gnupg/distinfo,v retrieving revision 1.39 diff -u -r1.39 distinfo --- security/gnupg/distinfo 7 Dec 2006 00:34:16 -0000 1.39 +++ security/gnupg/distinfo 9 Dec 2006 07:54:26 -0000 @@ -1,6 +1,6 @@ -MD5 (gnupg-1.4.6.tar.bz2) = ec8dc6df1bd83c1d7e1a1ea10653f9f4 -SHA256 (gnupg-1.4.6.tar.bz2) = fd5a72418e55669b88076c2a6f11c3a59bf92a2071008567e65ae12b7372008e -SIZE (gnupg-1.4.6.tar.bz2) = 3149454 -MD5 (gnupg-1.4.6.tar.bz2.sig) = 8b905292140d60fe493fab7d5b22c96d -SHA256 (gnupg-1.4.6.tar.bz2.sig) = fb9294762932b34f2fd5a4b168f4c3a248aa7403c2aed8bffa5f67274b1b052d -SIZE (gnupg-1.4.6.tar.bz2.sig) = 158 +MD5 (gnupg-2.0.1.tar.bz2) = eb24e258db73f4cb53a3ce18375efa21 +SHA256 (gnupg-2.0.1.tar.bz2) = 49949762a4e080379dcca23948442d50488f0d74e04bcba87fc49e19a899b01d +SIZE (gnupg-2.0.1.tar.bz2) = 3923924 +MD5 (gnupg-2.0.1.tar.bz2.sig) = 58b1bbc2f34c0882ab1a49542a8ffd45 +SHA256 (gnupg-2.0.1.tar.bz2.sig) = 2e49d6cfcb9ad12bc10e7185435761622c2da12b850c6c31925da3b4c8100628 +SIZE (gnupg-2.0.1.tar.bz2.sig) = 158 Index: security/gnupg/pkg-descr =================================================================== RCS file: /home/ncvs/ports/security/gnupg/pkg-descr,v retrieving revision 1.4 diff -u -r1.4 pkg-descr --- security/gnupg/pkg-descr 6 Nov 2000 08:37:20 -0000 1.4 +++ security/gnupg/pkg-descr 3 Dec 2006 11:45:20 -0000 @@ -5,5 +5,3 @@ application. WWW: http://www.gnupg.org/ - -kuriyama@FreeBSD.org Index: security/gnupg/pkg-install =================================================================== RCS file: security/gnupg/pkg-install diff -N security/gnupg/pkg-install --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ security/gnupg/pkg-install 13 Dec 2006 01:09:56 -0000 @@ -0,0 +1,14 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +if [ "$2" != "POST-INSTALL" ]; then + exit 0 +fi + +if [ -r ${PKG_PREFIX}/bin/gpg ] || [ -L ${PKG_PREFIX}/bin/gpg ]; then + # Skip. +else + ln -s gpg2 ${PKG_PREFIX}/bin/gpg +fi Index: security/gnupg/pkg-message =================================================================== RCS file: /home/ncvs/ports/security/gnupg/pkg-message,v retrieving revision 1.2 diff -u -r1.2 pkg-message --- security/gnupg/pkg-message 12 May 2003 01:46:27 -0000 1.2 +++ security/gnupg/pkg-message 3 Dec 2006 11:57:42 -0000 @@ -1,5 +1,19 @@ -************************************************************ -TIPS: - o Use rndcontrol(8) if you want more entropy. - See http://people.freebsd.org/~dougb/randomness.html for more details. -************************************************************ + + + +############################################################################### + A T T E N T I O N + +In order to use gpg-agent, you need to install a pinentry dialog. + +The following ports of pinentry dialogs are available: + +security/pinentry-curses (ncurses based dialog) +security/pinentry-gtk (GTK 1.2 based dialog) +security/pinentry-gtk2 (GTK 2.x based dialog) +security/pinentry-qt (QT based dialog) + +############################################################################### + + + Index: security/gnupg/pkg-plist =================================================================== RCS file: /home/ncvs/ports/security/gnupg/pkg-plist,v retrieving revision 1.37 diff -u -r1.37 pkg-plist --- security/gnupg/pkg-plist 17 Aug 2006 19:39:48 -0000 1.37 +++ security/gnupg/pkg-plist 13 Dec 2006 01:37:04 -0000 @@ -1,64 +1,56 @@ -bin/gpg -bin/gpg-zip -bin/gpgsplit -bin/gpgv -%%WITH_LDAP%%libexec/gnupg/gpgkeys_ldap -libexec/gnupg/gpgkeys_curl -libexec/gnupg/gpgkeys_finger -libexec/gnupg/gpgkeys_hkp -@dirrm libexec/gnupg -%%DATADIR%%/FAQ -%%DATADIR%%/faq.html -%%DATADIR%%/options.skel -%%NLS%%share/locale/be/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/ca/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/cs/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/da/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/de/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/el/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/eo/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/en@boldquot/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/en@quot/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/es/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/et/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/fi/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/fr/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/gl/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/hu/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/id/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/it/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/ja/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/nb/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/pl/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/pt/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/pt_BR/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/ro/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/ru/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/sk/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/sv/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/tr/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/zh_CN/LC_MESSAGES/gnupg.mo -%%NLS%%share/locale/zh_TW/LC_MESSAGES/gnupg.mo -@dirrm %%DATADIR%% -@dirrmtry share/locale/be/LC_MESSAGES -@dirrmtry share/locale/be -@dirrmtry share/locale/ca/LC_MESSAGES -@dirrmtry share/locale/ca -@dirrmtry share/locale/cs/LC_MESSAGES -@dirrmtry share/locale/cs -@dirrmtry share/locale/el/LC_MESSAGES -@dirrmtry share/locale/el -@dirrmtry share/locale/fi/LC_MESSAGES -@dirrmtry share/locale/fi -@dirrmtry share/locale/gl/LC_MESSAGES -@dirrmtry share/locale/gl -@dirrmtry share/locale/pl/LC_MESSAGES -@dirrmtry share/locale/pl -@dirrmtry share/locale/pt/LC_MESSAGES -@dirrmtry share/locale/pt -@dirrmtry share/locale/ro/LC_MESSAGES -@dirrmtry share/locale/ro -@dirrmtry share/locale/sk/LC_MESSAGES -@dirrmtry share/locale/sk -@dirrmtry share/locale/zh_TW/LC_MESSAGES -@dirrmtry share/locale/zh_TW +bin/gpg-agent +bin/gpg-connect-agent +bin/gpg2 +bin/gpgconf +bin/gpgkey2ssh +bin/gpgparsemail +bin/gpgsm +bin/gpgsm-gencert.sh +bin/gpgv2 +bin/kbxutil +%%SCDAEMON%%bin/scdaemon +bin/watchgnupg +%%SCDAEMON%%libexec/gnupg-pcsc-wrapper +libexec/gpg-preset-passphrase +libexec/gpg-protect-tool +libexec/gpg2keys_curl +libexec/gpg2keys_finger +libexec/gpg2keys_hkp +%%LDAP%%libexec/gpg2keys_ldap +sbin/addgnupghome +share/gnupg/FAQ +share/gnupg/com-certs.pem +share/gnupg/faq.html +share/gnupg/gpg-conf.skel +share/gnupg/qualified.txt +%%NLS%%share/locale/da/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/de/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/eo/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/es/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/et/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/fr/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/hu/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/id/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/it/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/ja/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/nb/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/pt_BR/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/ru/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/sv/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/tr/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/be/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/ca/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/cs/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/el/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/fi/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/gl/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/pl/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/pt/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/ro/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/sk/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/zh_CN/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/zh_TW/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/en@quot/LC_MESSAGES/gnupg2.mo +%%NLS%%share/locale/en@boldquot/LC_MESSAGES/gnupg2.mo +@dirrmtry share/gnupg +@unexec [ -L %D/bin/gpg ] && rm -f %D/bin/gpg || true Index: security/gnupg/files/patch-CVE-2006-6235 =================================================================== RCS file: security/gnupg/files/patch-CVE-2006-6235 diff -N security/gnupg/files/patch-CVE-2006-6235 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ security/gnupg/files/patch-CVE-2006-6235 8 Dec 2006 07:13:13 -0000 @@ -0,0 +1,260 @@ +This is a patch against GnuPG 2.0.1. Change the directory to g10/ and +apply this patch. + +2006-12-02 Werner Koch + + * encr-data.c: Allocate DFX context on the heap and not on the + stack. Changes at several places. Fixes CVE-2006-6235. + + +Index: g10/encr-data.c +=================================================================== +--- g10/encr-data.c (revision 4352) ++++ g10/encr-data.c (working copy) +@@ -39,16 +39,37 @@ + static int decode_filter ( void *opaque, int control, IOBUF a, + byte *buf, size_t *ret_len); + +-typedef struct ++typedef struct decode_filter_context_s + { + gcry_cipher_hd_t cipher_hd; + gcry_md_hd_t mdc_hash; + char defer[22]; + int defer_filled; + int eof_seen; +-} decode_filter_ctx_t; ++ int refcount; ++} *decode_filter_ctx_t; + + ++/* Helper to release the decode context. */ ++static void ++release_dfx_context (decode_filter_ctx_t dfx) ++{ ++ if (!dfx) ++ return; ++ ++ assert (dfx->refcount); ++ if ( !--dfx->refcount ) ++ { ++ gcry_cipher_close (dfx->cipher_hd); ++ dfx->cipher_hd = NULL; ++ gcry_md_close (dfx->mdc_hash); ++ dfx->mdc_hash = NULL; ++ xfree (dfx); ++ } ++} ++ ++ ++ + /**************** + * Decrypt the data, specified by ED with the key DEK. + */ +@@ -62,7 +83,11 @@ + unsigned blocksize; + unsigned nprefix; + +- memset( &dfx, 0, sizeof dfx ); ++ dfx = xtrycalloc (1, sizeof *dfx); ++ if (!dfx) ++ return gpg_error_from_syserror (); ++ dfx->refcount = 1; ++ + if ( opt.verbose && !dek->algo_info_printed ) + { + const char *s = gcry_cipher_algo_name (dek->algo); +@@ -77,20 +102,20 @@ + goto leave; + blocksize = gcry_cipher_get_algo_blklen (dek->algo); + if ( !blocksize || blocksize > 16 ) +- log_fatal("unsupported blocksize %u\n", blocksize ); ++ log_fatal ("unsupported blocksize %u\n", blocksize ); + nprefix = blocksize; + if ( ed->len && ed->len < (nprefix+2) ) + BUG(); + + if ( ed->mdc_method ) + { +- if (gcry_md_open (&dfx.mdc_hash, ed->mdc_method, 0 )) ++ if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 )) + BUG (); + if ( DBG_HASHING ) +- gcry_md_start_debug (dfx.mdc_hash, "checkmdc"); ++ gcry_md_start_debug (dfx->mdc_hash, "checkmdc"); + } + +- rc = gcry_cipher_open (&dfx.cipher_hd, dek->algo, ++ rc = gcry_cipher_open (&dfx->cipher_hd, dek->algo, + GCRY_CIPHER_MODE_CFB, + (GCRY_CIPHER_SECURE + | ((ed->mdc_method || dek->algo >= 100)? +@@ -104,7 +129,7 @@ + + + /* log_hexdump( "thekey", dek->key, dek->keylen );*/ +- rc = gcry_cipher_setkey (dfx.cipher_hd, dek->key, dek->keylen); ++ rc = gcry_cipher_setkey (dfx->cipher_hd, dek->key, dek->keylen); + if ( gpg_err_code (rc) == GPG_ERR_WEAK_KEY ) + { + log_info(_("WARNING: message was encrypted with" +@@ -123,7 +148,7 @@ + goto leave; + } + +- gcry_cipher_setiv (dfx.cipher_hd, NULL, 0); ++ gcry_cipher_setiv (dfx->cipher_hd, NULL, 0); + + if ( ed->len ) + { +@@ -144,8 +169,8 @@ + temp[i] = c; + } + +- gcry_cipher_decrypt (dfx.cipher_hd, temp, nprefix+2, NULL, 0); +- gcry_cipher_sync (dfx.cipher_hd); ++ gcry_cipher_decrypt (dfx->cipher_hd, temp, nprefix+2, NULL, 0); ++ gcry_cipher_sync (dfx->cipher_hd); + p = temp; + /* log_hexdump( "prefix", temp, nprefix+2 ); */ + if (dek->symmetric +@@ -155,17 +180,18 @@ + goto leave; + } + +- if ( dfx.mdc_hash ) +- gcry_md_write (dfx.mdc_hash, temp, nprefix+2); +- ++ if ( dfx->mdc_hash ) ++ gcry_md_write (dfx->mdc_hash, temp, nprefix+2); ++ ++ dfx->refcount++; + if ( ed->mdc_method ) +- iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx ); ++ iobuf_push_filter ( ed->buf, mdc_decode_filter, dfx ); + else +- iobuf_push_filter( ed->buf, decode_filter, &dfx ); ++ iobuf_push_filter ( ed->buf, decode_filter, dfx ); + + proc_packets ( procctx, ed->buf ); + ed->buf = NULL; +- if ( ed->mdc_method && dfx.eof_seen == 2 ) ++ if ( ed->mdc_method && dfx->eof_seen == 2 ) + rc = gpg_error (GPG_ERR_INV_PACKET); + else if ( ed->mdc_method ) + { +@@ -184,26 +210,28 @@ + bytes are appended. */ + int datalen = gcry_md_get_algo_dlen (ed->mdc_method); + +- gcry_cipher_decrypt (dfx.cipher_hd, dfx.defer, 22, NULL, 0); +- gcry_md_write (dfx.mdc_hash, dfx.defer, 2); +- gcry_md_final (dfx.mdc_hash); ++ assert (dfx->cipher_hd); ++ assert (dfx->mdc_hash); ++ gcry_cipher_decrypt (dfx->cipher_hd, dfx->defer, 22, NULL, 0); ++ gcry_md_write (dfx->mdc_hash, dfx->defer, 2); ++ gcry_md_final (dfx->mdc_hash); + +- if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' ) ++ if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' ) + { + log_error("mdc_packet with invalid encoding\n"); + rc = gpg_error (GPG_ERR_INV_PACKET); + } + else if (datalen != 20 +- || memcmp (gcry_md_read (dfx.mdc_hash, 0),dfx.defer+2,datalen)) ++ || memcmp (gcry_md_read (dfx->mdc_hash, 0), ++ dfx->defer+2,datalen )) + rc = gpg_error (GPG_ERR_BAD_SIGNATURE); +- /* log_printhex("MDC message:", dfx.defer, 22); */ +- /* log_printhex("MDC calc:", gcry_md_read (dfx.mdc_hash,0), datalen); */ ++ /* log_printhex("MDC message:", dfx->defer, 22); */ ++ /* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */ + } + + + leave: +- gcry_cipher_close (dfx.cipher_hd); +- gcry_md_close (dfx.mdc_hash); ++ release_dfx_context (dfx); + return rc; + } + +@@ -214,7 +242,7 @@ + mdc_decode_filter (void *opaque, int control, IOBUF a, + byte *buf, size_t *ret_len) + { +- decode_filter_ctx_t *dfx = opaque; ++ decode_filter_ctx_t dfx = opaque; + size_t n, size = *ret_len; + int rc = 0; + int c; +@@ -226,11 +254,11 @@ + } + else if( control == IOBUFCTRL_UNDERFLOW ) + { +- assert(a); +- assert( size > 44 ); ++ assert (a); ++ assert ( size > 44 ); + + /* Get at least 22 bytes and put it somewhere ahead in the buffer. */ +- for(n=22; n < 44 ; n++ ) ++ for (n=22; n < 44 ; n++ ) + { + if( (c = iobuf_get(a)) == -1 ) + break; +@@ -279,8 +307,10 @@ + + if ( n ) + { +- gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0); +- gcry_md_write (dfx->mdc_hash, buf, n); ++ if ( dfx->cipher_hd ) ++ gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0); ++ if ( dfx->mdc_hash ) ++ gcry_md_write (dfx->mdc_hash, buf, n); + } + else + { +@@ -289,6 +319,10 @@ + } + *ret_len = n; + } ++ else if ( control == IOBUFCTRL_FREE ) ++ { ++ release_dfx_context (dfx); ++ } + else if ( control == IOBUFCTRL_DESC ) + { + *(char**)buf = "mdc_decode_filter"; +@@ -300,7 +334,7 @@ + static int + decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) + { +- decode_filter_ctx_t *fc = opaque; ++ decode_filter_ctx_t fc = opaque; + size_t n, size = *ret_len; + int rc = 0; + +@@ -311,11 +345,18 @@ + if ( n == -1 ) + n = 0; + if ( n ) +- gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0); ++ { ++ if (fc->cipher_hd) ++ gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0); ++ } + else + rc = -1; /* EOF */ + *ret_len = n; + } ++ else if ( control == IOBUFCTRL_FREE ) ++ { ++ release_dfx_context (fc); ++ } + else if ( control == IOBUFCTRL_DESC ) + { + *(char**)buf = "decode_filter"; Index: security/gnupg/files/patch-config.links =================================================================== RCS file: /home/ncvs/ports/security/gnupg/files/patch-config.links,v retrieving revision 1.1 diff -u -r1.1 patch-config.links --- security/gnupg/files/patch-config.links 10 May 2003 07:55:33 -0000 1.1 +++ security/gnupg/files/patch-config.links 3 Dec 2006 11:57:19 -0000 @@ -1,15 +0,0 @@ ---- mpi/config.links.orig Thu Apr 24 20:15:58 2003 -+++ mpi/config.links Sat May 10 16:29:28 2003 -@@ -142,6 +142,12 @@ - echo '/* configured for sparc64-*netbsd */' >>./mpi/asm-syntax.h - path="" - ;; -+ sparc64-*-freebsd*) -+ # There are no sparc64 assembler modules that work, so -+ # just use generic C functions -+ echo '/* configured for sparc64-*freebsd* */' >>./mpi/asm-syntax.h -+ path="" -+ ;; - sparc9*-*-* | \ - sparc64*-*-* | \ - ultrasparc*-*-* ) Index: security/gnupg/files/patch-configure =================================================================== RCS file: /home/ncvs/ports/security/gnupg/files/patch-configure,v retrieving revision 1.5 diff -u -r1.5 patch-configure --- security/gnupg/files/patch-configure 8 Dec 2006 09:25:31 -0000 1.5 +++ security/gnupg/files/patch-configure 13 Dec 2006 01:39:53 -0000 @@ -1,10 +0,0 @@ ---- configure.orig Fri Dec 8 17:02:30 2006 -+++ configure Fri Dec 8 17:02:52 2006 -@@ -27251,6 +27251,7 @@ - exec_prefix=$exec_prefix - libdir=$libdir - libexecdir=$libexecdir -+datarootdir=$datarootdir - datadir=$datadir - DATADIRNAME=$DATADIRNAME - Index: security/gnupg1/Makefile =================================================================== RCS file: /home/ncvs/ports/security/gnupg1/Makefile,v retrieving revision 1.91 diff -u -r1.91 Makefile --- security/gnupg1/Makefile 9 Dec 2006 08:36:47 -0000 1.91 +++ security/gnupg1/Makefile 13 Dec 2006 01:26:02 -0000 @@ -7,6 +7,7 @@ PORTNAME= gnupg PORTVERSION= 1.4.6 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GNUPG} MASTER_SITE_SUBDIR= gnupg Index: security/gnupg1/pkg-plist =================================================================== RCS file: /home/ncvs/ports/security/gnupg1/pkg-plist,v retrieving revision 1.38 diff -u -r1.38 pkg-plist --- security/gnupg1/pkg-plist 9 Dec 2006 08:36:47 -0000 1.38 +++ security/gnupg1/pkg-plist 13 Dec 2006 01:30:31 -0000 @@ -58,3 +58,4 @@ @dirrmtry share/locale/sk @dirrmtry share/locale/zh_TW/LC_MESSAGES @dirrmtry share/locale/zh_TW +@unexec [ -r %D/bin/gpg2 ] && ln -s gpg2 %D/bin/gpg || true --Multipart_Wed_Dec_13_10:44:00_2006-1--