NetBSD Problem Report #44074

From www@NetBSD.org  Tue Nov  9 19:04:53 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 3771963BB35
	for <gnats-bugs@gnats.NetBSD.org>; Tue,  9 Nov 2010 19:04:53 +0000 (UTC)
Message-Id: <20101109190453.1899B63BAC2@www.NetBSD.org>
Date: Tue,  9 Nov 2010 19:04:53 +0000 (UTC)
From: roam@ringlet.net
Reply-To: roam@ringlet.net
To: gnats-bugs@NetBSD.org
Subject: libnetpgp: fix the autodetection of armoured messages
X-Send-Pr-Version: www-1.0

>Number:         44074
>Category:       lib
>Synopsis:       libnetpgp: fix the autodetection of armoured messages
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    agc
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 09 19:05:00 +0000 2010
>Closed-Date:    Mon Nov 29 04:26:15 +0000 2010
>Last-Modified:  Mon Feb 17 06:50:00 +0000 2014
>Originator:     Peter Pentchev
>Release:        
>Organization:
>Environment:
>Description:
netpgp may be passed a clearsigned message, not just a detached signature, for verification.
Also, the armour starting line does not necessary end in \r\n.
>How-To-Repeat:

>Fix:
Apply the patch at:
http://devel.ringlet.net/security/netpgp/patches/11-autodetect-armour.patch

...in a perfect world, those strings would be synced with the header lines' array in reader.c, but oh well :)

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: lib-bug-people->agc
Responsible-Changed-By: agc@NetBSD.org
Responsible-Changed-When: Mon, 15 Nov 2010 08:31:44 +0000
Responsible-Changed-Why:
netpgp is my baby


State-Changed-From-To: open->feedback
State-Changed-By: agc@NetBSD.org
State-Changed-When: Mon, 15 Nov 2010 08:31:44 +0000
State-Changed-Why:
I took a different approach and used a regular expression to
match the various ASCII-encoded headers that might be read.

Hopefully, this is more scalable than testing individual
patterns. I didn't bother with the line-ending matching,
since I don't think they're relevant - the alternative to the
ASCII headers is a PGP packet, which looks way different.

I've put the state to feedback since I didn't do as much
testing as I'd have liked to, so if you tell me if this fixes
it, I'd be very grateful.

Finally, thanks for sending this PR - clearsigning has not
been a priority in netpgp up until now, and you are giving it
a great try-out. Thanks!


From: "Alistair G. Crooks" <agc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/44074 CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Date: Mon, 15 Nov 2010 08:27:41 +0000

 Module Name:	src
 Committed By:	agc
 Date:		Mon Nov 15 08:27:40 UTC 2010

 Modified Files:
 	src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c

 Log Message:
 Use a regular expression to match the various ASCII-armoured headers we
 may encounter - fixes PR 44074 from Peter Pentchev in a different way.


 To generate a diff of this commit:
 cvs rdiff -u -r1.83 -r1.84 \
     src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: feedback->closed
State-Changed-By: agc@NetBSD.org
State-Changed-When: Mon, 29 Nov 2010 04:26:15 +0000
State-Changed-Why:
closing this one off now, in lieu of feedback (I'm fairly sure the regexp
cured this one - it did in my tests). If, by some strange chance, this isn't
the case, we can re-open the PR.

Many thanks for this!

Best,
Alistair


From: "Alistair G. Crooks" <agc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/44074 CVS commit: pkgsrc/security/netpgp
Date: Mon, 17 Feb 2014 06:45:42 +0000

 Module Name:	pkgsrc
 Committed By:	agc
 Date:		Mon Feb 17 06:45:42 UTC 2014

 Modified Files:
 	pkgsrc/security/netpgp: Makefile PLIST distinfo

 Log Message:
 Update netpgp package from 20101107 to 20140210

 Main change is that the netpgpverify binary is no longer part of this
 package - instead, pkgsrc/security/netpgpverify and
 pkgsrc/security/libnetpgpverify should be used.

 Other changes since previous version include:

 > ----------------------------
 > revision 1.96
 > date: 2012-02-21 22:58:54 -0800;  author: agc;  state: Exp;  lines: +5 -15;
 > Add the --trusted-keys argument to netpgpkeys(1) to print out PGP ids in a
 > machine-readable manner.
 > ----------------------------
 > revision 1.95
 > date: 2012-02-21 22:29:40 -0800;  author: agc;  state: Exp;  lines: +1 -3;
 > re-order the fields that we print out in the pgp_sprint_pubkey() function
 > to be more usual.
 >
 > print out the name from within pgp_sprint_pubkey() rather than tagging it
 > onto the end of the output from the function.
 > ----------------------------
 > revision 1.94
 > date: 2011-08-02 00:16:56 -0700;  author: agc;  state: Exp;  lines: +19 -8;
 > branches:  1.94.2;
 > plug some memory leaks in error paths
 > ----------------------------
 > revision 1.93
 > date: 2011-08-01 22:36:45 -0700;  author: agc;  state: Exp;  lines: +19 -13;
 > when matching pubkeys, also return the first (pgp) uid for the key in the
 > resultant key listing
 >
 > when using json to format keys returned from libnetpgp, also prepare for
 > machine-readable format ("mr") as well as human ("human"), even though
 > it's not yet used.
 > ----------------------------
 > revision 1.92
 > date: 2011-06-27 20:35:28 -0700;  author: agc;  state: Exp;  lines: +45 -24;
 > get some things off the TODO list
 >
 > when initialising, recognise keys in a different order.
 >
 > 1. read the public keyring
 >
 > 2. if a userid has been specified, use it
 >
 > 3.  if not, check the configuration file (~/.gnupg/gpg.conf) for a
 > default user id
 >
 > 4, only read the secret keyring if we need to (decrypting or signing)
 >
 > 5.  if signing, and we still don't have a userid, use the first key in
 > the secret keyring
 >
 > 6.  if encrypting, and we still have no userid, use the first in the
 > public keyring
 >
 > ssh keys remain the same as previously.
 > ----------------------------
 > revision 1.91
 > date: 2011-06-27 00:05:31 -0700;  author: agc;  state: Exp;  lines: +7 -5;
 > only attempt to load the secret key if we need to (for signing or for
 > decrypting).
 > ----------------------------
 > revision 1.90
 > date: 2011-06-24 17:37:44 -0700;  author: agc;  state: Exp;  lines: +11 -7;
 > change mj library to take an additional argument for a string type,
 > denoting its length. this allows binary strings to be encoded using
 > libmj.
 >
 > escape magic characters in json strings in a more efficient manner.
 > the previous method was not scalable.
 >
 > update callers to suit
 >
 > bump libmj major version number
 >
 > add examples to the libmj(3) man page
 > ----------------------------
 > revision 1.89
 > date: 2011-01-02 21:34:53 -0800;  author: agc;  state: Exp;  lines: +2 -2;
 > avoid a double free - from Anthony Bentley.
 > ----------------------------
 > revision 1.88
 > date: 2011-01-01 15:00:24 -0800;  author: agc;  state: Exp;  lines: +17 -15;
 > clean up lint (on amd64)
 > ----------------------------
 > revision 1.87
 > date: 2010-12-01 14:14:52 -0800;  author: agc;  state: Exp;  lines: +5 -2;
 > avoid nameclash - call the generated user id variable "generated userid"
 > avoid nameclash - call the generated user id variable "generated userid"
 >
 > also keep the time of structure initialisation as an internal variable.
 > ----------------------------
 > revision 1.86
 > date: 2010-12-01 14:01:41 -0800;  author: agc;  state: Exp;  lines: +4 -2;
 > When generating a key, set the new key's userid (last 16 bytes of
 > fingerprint) as an internal netpgp variable.
 >
 > This can then be queried using netpgp_getvar(netpgp, "userid") to find the
 > new key's id.
 > ----------------------------
 > revision 1.85
 > date: 2010-11-28 20:20:12 -0800;  author: agc;  state: Exp;  lines: +73 -18;
 > Fix PR 44075 from Peter Pentchev, but do this by adding a
 > --numtries=<attempts> option to netpgp(1) to provide the maximum
 > number of attempts to retrieve the correct passphrase when signing or
 > decrypting, and use it in libnetpgp(3).  The default number of
 > attempts is 3, and a value of "unlimited" will loop until the correct
 > passphrase has been entered.
 > ----------------------------
 > revision 1.84
 > date: 2010-11-15 00:27:40 -0800;  author: agc;  state: Exp;  lines: +13 -4;
 > Use a regular expression to match the various ASCII-armoured headers we
 > may encounter - fixes PR 44074 from Peter Pentchev in a different way.
 > ----------------------------
 > revision 1.83
 > date: 2010-11-15 00:03:39 -0800;  author: agc;  state: Exp;  lines: +48 -3;
 > Changes to help with netpgp key generation and interoperability:
 >
 > + use plain SHA1 for session key s2k negotiation
 > + don't warn on some conditions when inflating (reading a compressed file)
 >   since the conditions don't hold for partial block lengths
 > + prompt for a passphrase when generating a new key - used in the upcoming
 >   secret-sharing functionality for netpgp
 > ----------------------------


 To generate a diff of this commit:
 cvs rdiff -u -r1.18 -r1.19 pkgsrc/security/netpgp/Makefile
 cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/netpgp/PLIST
 cvs rdiff -u -r1.13 -r1.14 pkgsrc/security/netpgp/distinfo

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.