Date: Wed, 13 Dec 2006 10:44:00 +0900 From: Jun Kuriyama <kuriyama@imgsrc.co.jp> To: Doug Barton <dougb@FreeBSD.org> Cc: ports@FreeBSD.org Subject: Re: HEADS UP : security/gnupg will be upgraded to 2.0.1 Message-ID: <7mu000h8nz.wl%kuriyama@imgsrc.co.jp> In-Reply-To: <457F10E5.5070901@FreeBSD.org> References: <7mu003jdyg.wl%kuriyama@imgsrc.co.jp> <457DA05F.8010805@FreeBSD.org> <7mr6v6ht57.wl%kuriyama@imgsrc.co.jp> <457E5DB4.7030204@FreeBSD.org> <7mbqm9ijr9.wl%kuriyama@imgsrc.co.jp> <20061212145124.GA3446@straylight.m.ringlet.net> <457F10E5.5070901@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Multipart_Wed_Dec_13_10:44:00_2006-1
Content-Type: text/plain; charset=US-ASCII
At Tue, 12 Dec 2006 12:28:21 -0800,
Doug Barton wrote:
> >> I have no clue about last problem for now (only pkg-message or
> >> UPDATING). This maybe critical for casual portupgrade users.
> >
> > Err... I wonder... How about repo-copying (or rather, repo-moving)
> > the current security/gnupg to security/gnupg1, and creating a new
> > security/gnupg meta-port with runtime dependencies on *both* gnupg1 and
> > gnupg2?
>
> In my mind this is overkill, since the gpg2 binary provides exactly
> the same functionality as the gpg binary. I don't see any reason to
> install them both.
>
> What might make sense is for the gnupg 2.x port to install a gpg
> symlink to gpg2. I've done that on my own system for convenience sake.
> That will get hairy if the user tries to install gnupg 1.x though.
> Both gnupg ports will need logic to handle what to do with the symlink
> if the other port is installed.
Seems fine. Like this?
--
Jun Kuriyama <kuriyama@imgsrc.co.jp> // IMG SRC, Inc.
<kuriyama@FreeBSD.org> // FreeBSD Project
--Multipart_Wed_Dec_13_10:44:00_2006-1
Content-Type: application/octet-stream; type=patch
Content-Disposition: attachment; filename="gnupg.diff"
Content-Transfer-Encoding: 7bit
Index: security/gnupg/Makefile
===================================================================
RCS file: /home/ncvs/ports/security/gnupg/Makefile,v
retrieving revision 1.92
diff -u -r1.92 Makefile
--- security/gnupg/Makefile 8 Dec 2006 09:25:31 -0000 1.92
+++ security/gnupg/Makefile 13 Dec 2006 01:22:54 -0000
@@ -6,8 +6,7 @@
#
PORTNAME= gnupg
-PORTVERSION= 1.4.6
-PORTREVISION= 1
+PORTVERSION= 2.0.1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GNUPG}
MASTER_SITE_SUBDIR= gnupg
@@ -17,95 +16,76 @@
MAINTAINER= kuriyama@FreeBSD.org
COMMENT= The GNU Privacy Guard
+BUILD_DEPENDS= ${LOCALBASE}/lib/libassuan.a:${PORTSDIR}/security/libassuan
+LIB_DEPENDS= gcrypt.13:${PORTSDIR}/security/libgcrypt \
+ gpg-error:${PORTSDIR}/security/libgpg-error \
+ ksba.17:${PORTSDIR}/security/libksba \
+ pth.20:${PORTSDIR}/devel/pth
+RUN_DEPENDS= dirmngr:${PORTSDIR}/security/dirmngr
+
USE_BZIP2= YES
USE_GMAKE= YES
GNU_CONFIGURE= YES
-CONFIGURE_TARGET= --build ${MACHINE_ARCH}-portbld-freebsd${OSREL}
-CONFIGURE_ARGS= --infodir=${PREFIX}/info --mandir=${PREFIX}/man
-.if ${MACHINE_CPU:Mi586}
-MACHINE_ARCH= i586
-.endif
-CFLAGS:= ${CFLAGS:S/-pipe//g}
-MAN1= gpg.1 gpgv.1 gpg.ru.1
-MAN7= gnupg.7
-INFO= gnupg1
-
-PORTDOCS= *
-
-OPTIONS= LDAP "LDAP keyserver interface" off \
- LIBICONV "use libiconv" off \
- LIBUSB "use libusb" off \
- SUID_GPG "install GPG with suid" off \
- NLS "Native Language Support" on \
- CURL "use libcurl for the keyserver interface" on
+USE_ICONV= YES
+USE_LDCONFIG= YES
+CONFIGURE_TARGET=# empty
+CONFIGURE_ARGS+= --infodir=${PREFIX}/info --mandir=${PREFIX}/man \
+ --with-libpth-prefix=${LOCALBASE}/lib/pth
+MAN1= gpg2.1 gpgsm.1 gpgv2.1 gpg-agent.1 scdaemon.1 watchgnupg.1 \
+ gpgconf.1 gpg-preset-passphrase.1 gpg-connect-agent.1 \
+ gpgparsemail.1 symcryptrun.1 gpgsm-gencert.sh.1
+MAN8= addgnupghome.8
+INFO= gnupg
+
+OPTIONS= NLS "Include National Language Support" on \
+ LDAP "Include LDAP keyserver support" off \
+ SCDAEMON "Enable Smartcard daemon (with libusb)" off \
+ CURL "Use the real curl library (worked around if no)" on
.include <bsd.port.pre.mk>
-.if defined(WITH_LIBICONV)
-USE_ICONV= yes
-.else
-CONFIGURE_ARGS+= --without-libiconv-prefix
-.endif
-
-.if defined(WITH_LIBUSB)
-CONFIGURE_ARGS+= --with-libusb=${LOCALBASE}
-LIB_DEPENDS+= usb-0.1.8:${PORTSDIR}/devel/libusb
+.if defined(WITHOUT_NLS)
+CONFIGURE_ARGS+=--disable-nls
+PLIST_SUB+= NLS="@comment "
.else
-CONFIGURE_ARGS+= --without-libusb
+USE_GETTEXT= YES
+PLIST_SUB+= NLS=""
.endif
.if defined(WITH_LDAP)
-USE_OPENLDAP= yes
-PLIST_SUB+= WITH_LDAP=""
-CONFIGURE_ARGS+= --with-ldap=${LOCALBASE}
-#CONFIGURE_ENV+= LDFLAGS="-L/usr/lib"
+USE_OPENLDAP= YES
+CONFIGURE_ARGS+=--with-ldap=${LOCALBASE}
+PLIST_SUB+= LDAP=""
.else
-PLIST_SUB+= WITH_LDAP="@comment "
-CONFIGURE_ARGS+= --disable-ldap
+CONFIGURE_ARGS+=--disable-ldap
+PLIST_SUB+= LDAP="@comment "
.endif
-.if !defined(WITHOUT_NLS)
-USE_GETTEXT= YES
-PLIST_SUB+= NLS=""
+.if defined(WITH_SCDAEMON)
+CONFIGURE_ARGS+=--enable-scdaemon
+LIB_DEPENDS+= usb-0.1:${PORTSDIR}/devel/libusb
+PLIST_SUB+= SCDAEMON=""
.else
-CONFIGURE_ARGS+=--disable-nls
-PLIST_SUB+= NLS="@comment "
+CONFIGURE_ARGS+=--disable-scdaemon
+PLIST_SUB+= SCDAEMON="@comment "
.endif
-.if !defined(WITHOUT_CURL)
+.if defined(WITHOUT_CURL)
+CONFIGURE_ARGS+=--without-libcurl
+.else
LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl
CONFIGURE_ARGS+=--with-libcurl=${LOCALBASE}
-# Work around a GnuPG configure buglet
-CONFIGURE_ENV+= _libcurl_config=${LOCALBASE}/bin/curl-config
-.else
-CONFIGURE_ARGS+=--without-libcurl
.endif
-post-install:
-.if !defined(NOPORTDOCS)
- ${MKDIR} ${DOCSDIR}
-.for i in DETAILS FAQ HACKING OpenPGP
- ${INSTALL_DATA} ${WRKSRC}/doc/${i} ${DOCSDIR}
-.endfor
-.for i in ABOUT-NLS AUTHORS BUGS COPYING INSTALL NEWS PROJECTS \
- README THANKS TODO VERSION
- ${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR}
-.endfor
-.endif
-.if defined(WITH_SUID_GPG)
- ${CHMOD} u+s ${PREFIX}/bin/gpg
-.endif
-.if ${OSVERSION} < 500019
- @${CAT} ${PKGMESSAGE}
-.else
-PKGMESSAGE= /nonexistent
-.endif
+verify: checksum
+ gpg --verify ${DISTDIR}/${DISTNAME}${EXTRACT_SUFX}.sig
-.if ${OSVERSION} < 500000
-CONFIGURE_ARGS+= --without-readline
-.endif
+pre-configure:
+ ${REINPLACE_CMD} -e "s@-lpthread@${PTHREAD_LIBS}@g" \
+ ${WRKSRC}/acinclude.m4 ${WRKSRC}/aclocal.m4 ${WRKSRC}/configure
-check:
- (cd ${WRKSRC}; ${MAKE} check)
+post-install:
+ PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+ @${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>
Index: security/gnupg/distinfo
===================================================================
RCS file: /home/ncvs/ports/security/gnupg/distinfo,v
retrieving revision 1.39
diff -u -r1.39 distinfo
--- security/gnupg/distinfo 7 Dec 2006 00:34:16 -0000 1.39
+++ security/gnupg/distinfo 9 Dec 2006 07:54:26 -0000
@@ -1,6 +1,6 @@
-MD5 (gnupg-1.4.6.tar.bz2) = ec8dc6df1bd83c1d7e1a1ea10653f9f4
-SHA256 (gnupg-1.4.6.tar.bz2) = fd5a72418e55669b88076c2a6f11c3a59bf92a2071008567e65ae12b7372008e
-SIZE (gnupg-1.4.6.tar.bz2) = 3149454
-MD5 (gnupg-1.4.6.tar.bz2.sig) = 8b905292140d60fe493fab7d5b22c96d
-SHA256 (gnupg-1.4.6.tar.bz2.sig) = fb9294762932b34f2fd5a4b168f4c3a248aa7403c2aed8bffa5f67274b1b052d
-SIZE (gnupg-1.4.6.tar.bz2.sig) = 158
+MD5 (gnupg-2.0.1.tar.bz2) = eb24e258db73f4cb53a3ce18375efa21
+SHA256 (gnupg-2.0.1.tar.bz2) = 49949762a4e080379dcca23948442d50488f0d74e04bcba87fc49e19a899b01d
+SIZE (gnupg-2.0.1.tar.bz2) = 3923924
+MD5 (gnupg-2.0.1.tar.bz2.sig) = 58b1bbc2f34c0882ab1a49542a8ffd45
+SHA256 (gnupg-2.0.1.tar.bz2.sig) = 2e49d6cfcb9ad12bc10e7185435761622c2da12b850c6c31925da3b4c8100628
+SIZE (gnupg-2.0.1.tar.bz2.sig) = 158
Index: security/gnupg/pkg-descr
===================================================================
RCS file: /home/ncvs/ports/security/gnupg/pkg-descr,v
retrieving revision 1.4
diff -u -r1.4 pkg-descr
--- security/gnupg/pkg-descr 6 Nov 2000 08:37:20 -0000 1.4
+++ security/gnupg/pkg-descr 3 Dec 2006 11:45:20 -0000
@@ -5,5 +5,3 @@
application.
WWW: http://www.gnupg.org/
-
-kuriyama@FreeBSD.org
Index: security/gnupg/pkg-install
===================================================================
RCS file: security/gnupg/pkg-install
diff -N security/gnupg/pkg-install
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/gnupg/pkg-install 13 Dec 2006 01:09:56 -0000
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+if [ "$2" != "POST-INSTALL" ]; then
+ exit 0
+fi
+
+if [ -r ${PKG_PREFIX}/bin/gpg ] || [ -L ${PKG_PREFIX}/bin/gpg ]; then
+ # Skip.
+else
+ ln -s gpg2 ${PKG_PREFIX}/bin/gpg
+fi
Index: security/gnupg/pkg-message
===================================================================
RCS file: /home/ncvs/ports/security/gnupg/pkg-message,v
retrieving revision 1.2
diff -u -r1.2 pkg-message
--- security/gnupg/pkg-message 12 May 2003 01:46:27 -0000 1.2
+++ security/gnupg/pkg-message 3 Dec 2006 11:57:42 -0000
@@ -1,5 +1,19 @@
-************************************************************
-TIPS:
- o Use rndcontrol(8) if you want more entropy.
- See http://people.freebsd.org/~dougb/randomness.html for more details.
-************************************************************
+
+
+
+###############################################################################
+ A T T E N T I O N
+
+In order to use gpg-agent, you need to install a pinentry dialog.
+
+The following ports of pinentry dialogs are available:
+
+security/pinentry-curses (ncurses based dialog)
+security/pinentry-gtk (GTK 1.2 based dialog)
+security/pinentry-gtk2 (GTK 2.x based dialog)
+security/pinentry-qt (QT based dialog)
+
+###############################################################################
+
+
+
Index: security/gnupg/pkg-plist
===================================================================
RCS file: /home/ncvs/ports/security/gnupg/pkg-plist,v
retrieving revision 1.37
diff -u -r1.37 pkg-plist
--- security/gnupg/pkg-plist 17 Aug 2006 19:39:48 -0000 1.37
+++ security/gnupg/pkg-plist 13 Dec 2006 01:37:04 -0000
@@ -1,64 +1,56 @@
-bin/gpg
-bin/gpg-zip
-bin/gpgsplit
-bin/gpgv
-%%WITH_LDAP%%libexec/gnupg/gpgkeys_ldap
-libexec/gnupg/gpgkeys_curl
-libexec/gnupg/gpgkeys_finger
-libexec/gnupg/gpgkeys_hkp
-@dirrm libexec/gnupg
-%%DATADIR%%/FAQ
-%%DATADIR%%/faq.html
-%%DATADIR%%/options.skel
-%%NLS%%share/locale/be/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/ca/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/cs/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/da/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/de/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/el/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/eo/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/en@boldquot/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/en@quot/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/es/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/et/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/fi/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/fr/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/gl/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/hu/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/id/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/it/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/ja/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/nb/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/pl/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/pt/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/pt_BR/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/ro/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/ru/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/sk/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/sv/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/tr/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/zh_CN/LC_MESSAGES/gnupg.mo
-%%NLS%%share/locale/zh_TW/LC_MESSAGES/gnupg.mo
-@dirrm %%DATADIR%%
-@dirrmtry share/locale/be/LC_MESSAGES
-@dirrmtry share/locale/be
-@dirrmtry share/locale/ca/LC_MESSAGES
-@dirrmtry share/locale/ca
-@dirrmtry share/locale/cs/LC_MESSAGES
-@dirrmtry share/locale/cs
-@dirrmtry share/locale/el/LC_MESSAGES
-@dirrmtry share/locale/el
-@dirrmtry share/locale/fi/LC_MESSAGES
-@dirrmtry share/locale/fi
-@dirrmtry share/locale/gl/LC_MESSAGES
-@dirrmtry share/locale/gl
-@dirrmtry share/locale/pl/LC_MESSAGES
-@dirrmtry share/locale/pl
-@dirrmtry share/locale/pt/LC_MESSAGES
-@dirrmtry share/locale/pt
-@dirrmtry share/locale/ro/LC_MESSAGES
-@dirrmtry share/locale/ro
-@dirrmtry share/locale/sk/LC_MESSAGES
-@dirrmtry share/locale/sk
-@dirrmtry share/locale/zh_TW/LC_MESSAGES
-@dirrmtry share/locale/zh_TW
+bin/gpg-agent
+bin/gpg-connect-agent
+bin/gpg2
+bin/gpgconf
+bin/gpgkey2ssh
+bin/gpgparsemail
+bin/gpgsm
+bin/gpgsm-gencert.sh
+bin/gpgv2
+bin/kbxutil
+%%SCDAEMON%%bin/scdaemon
+bin/watchgnupg
+%%SCDAEMON%%libexec/gnupg-pcsc-wrapper
+libexec/gpg-preset-passphrase
+libexec/gpg-protect-tool
+libexec/gpg2keys_curl
+libexec/gpg2keys_finger
+libexec/gpg2keys_hkp
+%%LDAP%%libexec/gpg2keys_ldap
+sbin/addgnupghome
+share/gnupg/FAQ
+share/gnupg/com-certs.pem
+share/gnupg/faq.html
+share/gnupg/gpg-conf.skel
+share/gnupg/qualified.txt
+%%NLS%%share/locale/da/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/de/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/eo/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/es/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/et/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/fr/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/hu/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/id/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/it/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/ja/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/nb/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/pt_BR/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/ru/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/sv/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/tr/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/be/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/ca/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/cs/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/el/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/fi/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/gl/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/pl/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/pt/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/ro/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/sk/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/zh_CN/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/zh_TW/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/en@quot/LC_MESSAGES/gnupg2.mo
+%%NLS%%share/locale/en@boldquot/LC_MESSAGES/gnupg2.mo
+@dirrmtry share/gnupg
+@unexec [ -L %D/bin/gpg ] && rm -f %D/bin/gpg || true
Index: security/gnupg/files/patch-CVE-2006-6235
===================================================================
RCS file: security/gnupg/files/patch-CVE-2006-6235
diff -N security/gnupg/files/patch-CVE-2006-6235
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/gnupg/files/patch-CVE-2006-6235 8 Dec 2006 07:13:13 -0000
@@ -0,0 +1,260 @@
+This is a patch against GnuPG 2.0.1. Change the directory to g10/ and
+apply this patch.
+
+2006-12-02 Werner Koch <wk@g10code.com>
+
+ * encr-data.c: Allocate DFX context on the heap and not on the
+ stack. Changes at several places. Fixes CVE-2006-6235.
+
+
+Index: g10/encr-data.c
+===================================================================
+--- g10/encr-data.c (revision 4352)
++++ g10/encr-data.c (working copy)
+@@ -39,16 +39,37 @@
+ static int decode_filter ( void *opaque, int control, IOBUF a,
+ byte *buf, size_t *ret_len);
+
+-typedef struct
++typedef struct decode_filter_context_s
+ {
+ gcry_cipher_hd_t cipher_hd;
+ gcry_md_hd_t mdc_hash;
+ char defer[22];
+ int defer_filled;
+ int eof_seen;
+-} decode_filter_ctx_t;
++ int refcount;
++} *decode_filter_ctx_t;
+
+
++/* Helper to release the decode context. */
++static void
++release_dfx_context (decode_filter_ctx_t dfx)
++{
++ if (!dfx)
++ return;
++
++ assert (dfx->refcount);
++ if ( !--dfx->refcount )
++ {
++ gcry_cipher_close (dfx->cipher_hd);
++ dfx->cipher_hd = NULL;
++ gcry_md_close (dfx->mdc_hash);
++ dfx->mdc_hash = NULL;
++ xfree (dfx);
++ }
++}
++
++
++
+ /****************
+ * Decrypt the data, specified by ED with the key DEK.
+ */
+@@ -62,7 +83,11 @@
+ unsigned blocksize;
+ unsigned nprefix;
+
+- memset( &dfx, 0, sizeof dfx );
++ dfx = xtrycalloc (1, sizeof *dfx);
++ if (!dfx)
++ return gpg_error_from_syserror ();
++ dfx->refcount = 1;
++
+ if ( opt.verbose && !dek->algo_info_printed )
+ {
+ const char *s = gcry_cipher_algo_name (dek->algo);
+@@ -77,20 +102,20 @@
+ goto leave;
+ blocksize = gcry_cipher_get_algo_blklen (dek->algo);
+ if ( !blocksize || blocksize > 16 )
+- log_fatal("unsupported blocksize %u\n", blocksize );
++ log_fatal ("unsupported blocksize %u\n", blocksize );
+ nprefix = blocksize;
+ if ( ed->len && ed->len < (nprefix+2) )
+ BUG();
+
+ if ( ed->mdc_method )
+ {
+- if (gcry_md_open (&dfx.mdc_hash, ed->mdc_method, 0 ))
++ if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 ))
+ BUG ();
+ if ( DBG_HASHING )
+- gcry_md_start_debug (dfx.mdc_hash, "checkmdc");
++ gcry_md_start_debug (dfx->mdc_hash, "checkmdc");
+ }
+
+- rc = gcry_cipher_open (&dfx.cipher_hd, dek->algo,
++ rc = gcry_cipher_open (&dfx->cipher_hd, dek->algo,
+ GCRY_CIPHER_MODE_CFB,
+ (GCRY_CIPHER_SECURE
+ | ((ed->mdc_method || dek->algo >= 100)?
+@@ -104,7 +129,7 @@
+
+
+ /* log_hexdump( "thekey", dek->key, dek->keylen );*/
+- rc = gcry_cipher_setkey (dfx.cipher_hd, dek->key, dek->keylen);
++ rc = gcry_cipher_setkey (dfx->cipher_hd, dek->key, dek->keylen);
+ if ( gpg_err_code (rc) == GPG_ERR_WEAK_KEY )
+ {
+ log_info(_("WARNING: message was encrypted with"
+@@ -123,7 +148,7 @@
+ goto leave;
+ }
+
+- gcry_cipher_setiv (dfx.cipher_hd, NULL, 0);
++ gcry_cipher_setiv (dfx->cipher_hd, NULL, 0);
+
+ if ( ed->len )
+ {
+@@ -144,8 +169,8 @@
+ temp[i] = c;
+ }
+
+- gcry_cipher_decrypt (dfx.cipher_hd, temp, nprefix+2, NULL, 0);
+- gcry_cipher_sync (dfx.cipher_hd);
++ gcry_cipher_decrypt (dfx->cipher_hd, temp, nprefix+2, NULL, 0);
++ gcry_cipher_sync (dfx->cipher_hd);
+ p = temp;
+ /* log_hexdump( "prefix", temp, nprefix+2 ); */
+ if (dek->symmetric
+@@ -155,17 +180,18 @@
+ goto leave;
+ }
+
+- if ( dfx.mdc_hash )
+- gcry_md_write (dfx.mdc_hash, temp, nprefix+2);
+-
++ if ( dfx->mdc_hash )
++ gcry_md_write (dfx->mdc_hash, temp, nprefix+2);
++
++ dfx->refcount++;
+ if ( ed->mdc_method )
+- iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx );
++ iobuf_push_filter ( ed->buf, mdc_decode_filter, dfx );
+ else
+- iobuf_push_filter( ed->buf, decode_filter, &dfx );
++ iobuf_push_filter ( ed->buf, decode_filter, dfx );
+
+ proc_packets ( procctx, ed->buf );
+ ed->buf = NULL;
+- if ( ed->mdc_method && dfx.eof_seen == 2 )
++ if ( ed->mdc_method && dfx->eof_seen == 2 )
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ else if ( ed->mdc_method )
+ {
+@@ -184,26 +210,28 @@
+ bytes are appended. */
+ int datalen = gcry_md_get_algo_dlen (ed->mdc_method);
+
+- gcry_cipher_decrypt (dfx.cipher_hd, dfx.defer, 22, NULL, 0);
+- gcry_md_write (dfx.mdc_hash, dfx.defer, 2);
+- gcry_md_final (dfx.mdc_hash);
++ assert (dfx->cipher_hd);
++ assert (dfx->mdc_hash);
++ gcry_cipher_decrypt (dfx->cipher_hd, dfx->defer, 22, NULL, 0);
++ gcry_md_write (dfx->mdc_hash, dfx->defer, 2);
++ gcry_md_final (dfx->mdc_hash);
+
+- if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' )
++ if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' )
+ {
+ log_error("mdc_packet with invalid encoding\n");
+ rc = gpg_error (GPG_ERR_INV_PACKET);
+ }
+ else if (datalen != 20
+- || memcmp (gcry_md_read (dfx.mdc_hash, 0),dfx.defer+2,datalen))
++ || memcmp (gcry_md_read (dfx->mdc_hash, 0),
++ dfx->defer+2,datalen ))
+ rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
+- /* log_printhex("MDC message:", dfx.defer, 22); */
+- /* log_printhex("MDC calc:", gcry_md_read (dfx.mdc_hash,0), datalen); */
++ /* log_printhex("MDC message:", dfx->defer, 22); */
++ /* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */
+ }
+
+
+ leave:
+- gcry_cipher_close (dfx.cipher_hd);
+- gcry_md_close (dfx.mdc_hash);
++ release_dfx_context (dfx);
+ return rc;
+ }
+
+@@ -214,7 +242,7 @@
+ mdc_decode_filter (void *opaque, int control, IOBUF a,
+ byte *buf, size_t *ret_len)
+ {
+- decode_filter_ctx_t *dfx = opaque;
++ decode_filter_ctx_t dfx = opaque;
+ size_t n, size = *ret_len;
+ int rc = 0;
+ int c;
+@@ -226,11 +254,11 @@
+ }
+ else if( control == IOBUFCTRL_UNDERFLOW )
+ {
+- assert(a);
+- assert( size > 44 );
++ assert (a);
++ assert ( size > 44 );
+
+ /* Get at least 22 bytes and put it somewhere ahead in the buffer. */
+- for(n=22; n < 44 ; n++ )
++ for (n=22; n < 44 ; n++ )
+ {
+ if( (c = iobuf_get(a)) == -1 )
+ break;
+@@ -279,8 +307,10 @@
+
+ if ( n )
+ {
+- gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0);
+- gcry_md_write (dfx->mdc_hash, buf, n);
++ if ( dfx->cipher_hd )
++ gcry_cipher_decrypt (dfx->cipher_hd, buf, n, NULL, 0);
++ if ( dfx->mdc_hash )
++ gcry_md_write (dfx->mdc_hash, buf, n);
+ }
+ else
+ {
+@@ -289,6 +319,10 @@
+ }
+ *ret_len = n;
+ }
++ else if ( control == IOBUFCTRL_FREE )
++ {
++ release_dfx_context (dfx);
++ }
+ else if ( control == IOBUFCTRL_DESC )
+ {
+ *(char**)buf = "mdc_decode_filter";
+@@ -300,7 +334,7 @@
+ static int
+ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
+ {
+- decode_filter_ctx_t *fc = opaque;
++ decode_filter_ctx_t fc = opaque;
+ size_t n, size = *ret_len;
+ int rc = 0;
+
+@@ -311,11 +345,18 @@
+ if ( n == -1 )
+ n = 0;
+ if ( n )
+- gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0);
++ {
++ if (fc->cipher_hd)
++ gcry_cipher_decrypt (fc->cipher_hd, buf, n, NULL, 0);
++ }
+ else
+ rc = -1; /* EOF */
+ *ret_len = n;
+ }
++ else if ( control == IOBUFCTRL_FREE )
++ {
++ release_dfx_context (fc);
++ }
+ else if ( control == IOBUFCTRL_DESC )
+ {
+ *(char**)buf = "decode_filter";
Index: security/gnupg/files/patch-config.links
===================================================================
RCS file: /home/ncvs/ports/security/gnupg/files/patch-config.links,v
retrieving revision 1.1
diff -u -r1.1 patch-config.links
--- security/gnupg/files/patch-config.links 10 May 2003 07:55:33 -0000 1.1
+++ security/gnupg/files/patch-config.links 3 Dec 2006 11:57:19 -0000
@@ -1,15 +0,0 @@
---- mpi/config.links.orig Thu Apr 24 20:15:58 2003
-+++ mpi/config.links Sat May 10 16:29:28 2003
-@@ -142,6 +142,12 @@
- echo '/* configured for sparc64-*netbsd */' >>./mpi/asm-syntax.h
- path=""
- ;;
-+ sparc64-*-freebsd*)
-+ # There are no sparc64 assembler modules that work, so
-+ # just use generic C functions
-+ echo '/* configured for sparc64-*freebsd* */' >>./mpi/asm-syntax.h
-+ path=""
-+ ;;
- sparc9*-*-* | \
- sparc64*-*-* | \
- ultrasparc*-*-* )
Index: security/gnupg/files/patch-configure
===================================================================
RCS file: /home/ncvs/ports/security/gnupg/files/patch-configure,v
retrieving revision 1.5
diff -u -r1.5 patch-configure
--- security/gnupg/files/patch-configure 8 Dec 2006 09:25:31 -0000 1.5
+++ security/gnupg/files/patch-configure 13 Dec 2006 01:39:53 -0000
@@ -1,10 +0,0 @@
---- configure.orig Fri Dec 8 17:02:30 2006
-+++ configure Fri Dec 8 17:02:52 2006
-@@ -27251,6 +27251,7 @@
- exec_prefix=$exec_prefix
- libdir=$libdir
- libexecdir=$libexecdir
-+datarootdir=$datarootdir
- datadir=$datadir
- DATADIRNAME=$DATADIRNAME
-
Index: security/gnupg1/Makefile
===================================================================
RCS file: /home/ncvs/ports/security/gnupg1/Makefile,v
retrieving revision 1.91
diff -u -r1.91 Makefile
--- security/gnupg1/Makefile 9 Dec 2006 08:36:47 -0000 1.91
+++ security/gnupg1/Makefile 13 Dec 2006 01:26:02 -0000
@@ -7,6 +7,7 @@
PORTNAME= gnupg
PORTVERSION= 1.4.6
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GNUPG}
MASTER_SITE_SUBDIR= gnupg
Index: security/gnupg1/pkg-plist
===================================================================
RCS file: /home/ncvs/ports/security/gnupg1/pkg-plist,v
retrieving revision 1.38
diff -u -r1.38 pkg-plist
--- security/gnupg1/pkg-plist 9 Dec 2006 08:36:47 -0000 1.38
+++ security/gnupg1/pkg-plist 13 Dec 2006 01:30:31 -0000
@@ -58,3 +58,4 @@
@dirrmtry share/locale/sk
@dirrmtry share/locale/zh_TW/LC_MESSAGES
@dirrmtry share/locale/zh_TW
+@unexec [ -r %D/bin/gpg2 ] && ln -s gpg2 %D/bin/gpg || true
--Multipart_Wed_Dec_13_10:44:00_2006-1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7mu000h8nz.wl%kuriyama>