OpenPKG Specs / file revision

gnupg/gnupg.patch@0ba300bdf30a

gnupg/gnupg.patch

Mon, 20 Apr 2009 19:22:00 +0200

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Mon, 20 Apr 2009 19:22:00 +0200
changeset 178
0ba300bdf30a
parent 30
3839a3a70f72
child 286
552d1939222f
permissions
-rw-r--r--

Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.

     1 Index: agent/genkey.c

     2 --- agent/genkey.c.orig	2007-11-19 16:11:31 +0100

     3 +++ agent/genkey.c	2007-12-21 09:17:46 +0100

     4 @@ -188,11 +188,9 @@

     5          return gpg_error (GPG_ERR_INV_PASSPHRASE);

     6  

     7        desc = xtryasprintf 

     8 -        ( ngettext ("Warning: You have entered an insecure passphrase.%%0A"

     9 +        (           "Warning: You have entered an insecure passphrase.%%0A"

    10                      "A passphrase should be at least %u character long.", 

    11 -                    "Warning: You have entered an insecure passphrase.%%0A"

    12 -                    "A passphrase should be at least %u characters long.", 

    13 -                    minlen), minlen );

    14 +                    minlen);

    15        if (!desc)

    16          return gpg_error_from_syserror ();

    17        err = take_this_one_anyway (ctrl, desc);

    18 Index: configure

    19 --- configure.orig	2007-12-20 09:40:04 +0100

    20 +++ configure	2007-12-21 09:08:55 +0100

    21 @@ -6909,13 +6909,13 @@

    22  # Check wether it is necessary to link against libdl.

    23  #

    24  gnupg_dlopen_save_libs="$LIBS"

    25 -LIBS=""

    26  { echo "$as_me:$LINENO: checking for library containing dlopen" >&5

    27  echo $ECHO_N "checking for library containing dlopen... $ECHO_C" >&6; }

    28  if test "${ac_cv_search_dlopen+set}" = set; then

    29    echo $ECHO_N "(cached) $ECHO_C" >&6

    30  else

    31    ac_func_search_save_LIBS=$LIBS

    32 +  LIBS=""

    33  cat >conftest.$ac_ext <<_ACEOF

    34  /* confdefs.h.  */

    35  _ACEOF

    36 Index: configure

    37 --- g10/seckey-cert.c.orig	2008-03-18 17:46:32.000000000 +0100

    38 +++ g10/seckey-cert.c	2009-02-18 21:25:25.508715635 +0100

    39 @@ -209,6 +209,11 @@

    40                  csum += checksum (buffer, ndata);

    41                  gcry_mpi_release (sk->skey[i]);

    42  

    43 +        if (sk->protect.algo==CIPHER_ALGO_IDEA) {

    44 +            buffer[0] = 0;

    45 +            buffer[1] = 0;

    46 +        }

    47 +

    48  		err = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP,

    49  				     buffer, ndata, &ndata );

    50  		xfree (buffer);

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial