NetBSD Problem Report #44074
From www@NetBSD.org Tue Nov 9 19:04:53 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 3771963BB35
for <gnats-bugs@gnats.NetBSD.org>; Tue, 9 Nov 2010 19:04:53 +0000 (UTC)
Message-Id: <20101109190453.1899B63BAC2@www.NetBSD.org>
Date: Tue, 9 Nov 2010 19:04:53 +0000 (UTC)
From: roam@ringlet.net
Reply-To: roam@ringlet.net
To: gnats-bugs@NetBSD.org
Subject: libnetpgp: fix the autodetection of armoured messages
X-Send-Pr-Version: www-1.0
>Number: 44074
>Category: lib
>Synopsis: libnetpgp: fix the autodetection of armoured messages
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: agc
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Nov 09 19:05:00 +0000 2010
>Closed-Date: Mon Nov 29 04:26:15 +0000 2010
>Last-Modified: Mon Feb 17 06:50:00 +0000 2014
>Originator: Peter Pentchev
>Release:
>Organization:
>Environment:
>Description:
netpgp may be passed a clearsigned message, not just a detached signature, for verification.
Also, the armour starting line does not necessary end in \r\n.
>How-To-Repeat:
>Fix:
Apply the patch at:
http://devel.ringlet.net/security/netpgp/patches/11-autodetect-armour.patch
...in a perfect world, those strings would be synced with the header lines' array in reader.c, but oh well :)
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: lib-bug-people->agc
Responsible-Changed-By: agc@NetBSD.org
Responsible-Changed-When: Mon, 15 Nov 2010 08:31:44 +0000
Responsible-Changed-Why:
netpgp is my baby
State-Changed-From-To: open->feedback
State-Changed-By: agc@NetBSD.org
State-Changed-When: Mon, 15 Nov 2010 08:31:44 +0000
State-Changed-Why:
I took a different approach and used a regular expression to
match the various ASCII-encoded headers that might be read.
Hopefully, this is more scalable than testing individual
patterns. I didn't bother with the line-ending matching,
since I don't think they're relevant - the alternative to the
ASCII headers is a PGP packet, which looks way different.
I've put the state to feedback since I didn't do as much
testing as I'd have liked to, so if you tell me if this fixes
it, I'd be very grateful.
Finally, thanks for sending this PR - clearsigning has not
been a priority in netpgp up until now, and you are giving it
a great try-out. Thanks!
From: "Alistair G. Crooks" <agc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44074 CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Date: Mon, 15 Nov 2010 08:27:41 +0000
Module Name: src
Committed By: agc
Date: Mon Nov 15 08:27:40 UTC 2010
Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c
Log Message:
Use a regular expression to match the various ASCII-armoured headers we
may encounter - fixes PR 44074 from Peter Pentchev in a different way.
To generate a diff of this commit:
cvs rdiff -u -r1.83 -r1.84 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: feedback->closed
State-Changed-By: agc@NetBSD.org
State-Changed-When: Mon, 29 Nov 2010 04:26:15 +0000
State-Changed-Why:
closing this one off now, in lieu of feedback (I'm fairly sure the regexp
cured this one - it did in my tests). If, by some strange chance, this isn't
the case, we can re-open the PR.
Many thanks for this!
Best,
Alistair
From: "Alistair G. Crooks" <agc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44074 CVS commit: pkgsrc/security/netpgp
Date: Mon, 17 Feb 2014 06:45:42 +0000
Module Name: pkgsrc
Committed By: agc
Date: Mon Feb 17 06:45:42 UTC 2014
Modified Files:
pkgsrc/security/netpgp: Makefile PLIST distinfo
Log Message:
Update netpgp package from 20101107 to 20140210
Main change is that the netpgpverify binary is no longer part of this
package - instead, pkgsrc/security/netpgpverify and
pkgsrc/security/libnetpgpverify should be used.
Other changes since previous version include:
> ----------------------------
> revision 1.96
> date: 2012-02-21 22:58:54 -0800; author: agc; state: Exp; lines: +5 -15;
> Add the --trusted-keys argument to netpgpkeys(1) to print out PGP ids in a
> machine-readable manner.
> ----------------------------
> revision 1.95
> date: 2012-02-21 22:29:40 -0800; author: agc; state: Exp; lines: +1 -3;
> re-order the fields that we print out in the pgp_sprint_pubkey() function
> to be more usual.
>
> print out the name from within pgp_sprint_pubkey() rather than tagging it
> onto the end of the output from the function.
> ----------------------------
> revision 1.94
> date: 2011-08-02 00:16:56 -0700; author: agc; state: Exp; lines: +19 -8;
> branches: 1.94.2;
> plug some memory leaks in error paths
> ----------------------------
> revision 1.93
> date: 2011-08-01 22:36:45 -0700; author: agc; state: Exp; lines: +19 -13;
> when matching pubkeys, also return the first (pgp) uid for the key in the
> resultant key listing
>
> when using json to format keys returned from libnetpgp, also prepare for
> machine-readable format ("mr") as well as human ("human"), even though
> it's not yet used.
> ----------------------------
> revision 1.92
> date: 2011-06-27 20:35:28 -0700; author: agc; state: Exp; lines: +45 -24;
> get some things off the TODO list
>
> when initialising, recognise keys in a different order.
>
> 1. read the public keyring
>
> 2. if a userid has been specified, use it
>
> 3. if not, check the configuration file (~/.gnupg/gpg.conf) for a
> default user id
>
> 4, only read the secret keyring if we need to (decrypting or signing)
>
> 5. if signing, and we still don't have a userid, use the first key in
> the secret keyring
>
> 6. if encrypting, and we still have no userid, use the first in the
> public keyring
>
> ssh keys remain the same as previously.
> ----------------------------
> revision 1.91
> date: 2011-06-27 00:05:31 -0700; author: agc; state: Exp; lines: +7 -5;
> only attempt to load the secret key if we need to (for signing or for
> decrypting).
> ----------------------------
> revision 1.90
> date: 2011-06-24 17:37:44 -0700; author: agc; state: Exp; lines: +11 -7;
> change mj library to take an additional argument for a string type,
> denoting its length. this allows binary strings to be encoded using
> libmj.
>
> escape magic characters in json strings in a more efficient manner.
> the previous method was not scalable.
>
> update callers to suit
>
> bump libmj major version number
>
> add examples to the libmj(3) man page
> ----------------------------
> revision 1.89
> date: 2011-01-02 21:34:53 -0800; author: agc; state: Exp; lines: +2 -2;
> avoid a double free - from Anthony Bentley.
> ----------------------------
> revision 1.88
> date: 2011-01-01 15:00:24 -0800; author: agc; state: Exp; lines: +17 -15;
> clean up lint (on amd64)
> ----------------------------
> revision 1.87
> date: 2010-12-01 14:14:52 -0800; author: agc; state: Exp; lines: +5 -2;
> avoid nameclash - call the generated user id variable "generated userid"
> avoid nameclash - call the generated user id variable "generated userid"
>
> also keep the time of structure initialisation as an internal variable.
> ----------------------------
> revision 1.86
> date: 2010-12-01 14:01:41 -0800; author: agc; state: Exp; lines: +4 -2;
> When generating a key, set the new key's userid (last 16 bytes of
> fingerprint) as an internal netpgp variable.
>
> This can then be queried using netpgp_getvar(netpgp, "userid") to find the
> new key's id.
> ----------------------------
> revision 1.85
> date: 2010-11-28 20:20:12 -0800; author: agc; state: Exp; lines: +73 -18;
> Fix PR 44075 from Peter Pentchev, but do this by adding a
> --numtries=<attempts> option to netpgp(1) to provide the maximum
> number of attempts to retrieve the correct passphrase when signing or
> decrypting, and use it in libnetpgp(3). The default number of
> attempts is 3, and a value of "unlimited" will loop until the correct
> passphrase has been entered.
> ----------------------------
> revision 1.84
> date: 2010-11-15 00:27:40 -0800; author: agc; state: Exp; lines: +13 -4;
> Use a regular expression to match the various ASCII-armoured headers we
> may encounter - fixes PR 44074 from Peter Pentchev in a different way.
> ----------------------------
> revision 1.83
> date: 2010-11-15 00:03:39 -0800; author: agc; state: Exp; lines: +48 -3;
> Changes to help with netpgp key generation and interoperability:
>
> + use plain SHA1 for session key s2k negotiation
> + don't warn on some conditions when inflating (reading a compressed file)
> since the conditions don't hold for partial block lengths
> + prompt for a passphrase when generating a new key - used in the upcoming
> secret-sharing functionality for netpgp
> ----------------------------
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/security/netpgp/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/netpgp/PLIST
cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/netpgp/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.