diff options
Diffstat (limited to 'packaging')
10 files changed, 147 insertions, 3 deletions
diff --git a/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff b/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff new file mode 100644 index 0000000..2450bc3 --- /dev/null +++ b/packaging/freebsd/security/gnutls/files/patch-lib__opencdk__opencdk__use-GNU-dummy.diff @@ -0,0 +1,144 @@ +--- ./lib/opencdk/opencdk.h.orig 2008-06-30 16:45:51.000000000 -0400 ++++ ./lib/opencdk/opencdk.h 2008-08-21 19:23:44.000000000 -0400 +@@ -214,7 +214,11 @@ + enum cdk_s2k_type_t { + CDK_S2K_SIMPLE = 0, + CDK_S2K_SALTED = 1, +- CDK_S2K_ITERSALTED = 3 ++ CDK_S2K_ITERSALTED = 3, ++ CDK_S2K_GNU_EXT = 101 ++ /* GNU S2K extensions: refer to DETAILS from GnuPG: ++ http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG ++ */ + }; + + +--- ./lib/opencdk/read-packet.c.orig 2008-06-30 16:45:51.000000000 -0400 ++++ ./lib/opencdk/read-packet.c 2008-08-21 19:30:09.000000000 -0400 +@@ -78,10 +78,35 @@ + } + + +-static int ++/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */ ++static cdk_error_t + read_s2k (cdk_stream_t inp, cdk_s2k_t s2k) + { +- return CDK_Not_Implemented; ++ size_t nread; ++ ++ s2k->mode = cdk_stream_getc (inp); ++ s2k->hash_algo = cdk_stream_getc (inp); ++ if (s2k->mode == CDK_S2K_SIMPLE) ++ return 0; ++ else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) ++ { ++ if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) ++ return CDK_Inv_Packet; ++ if (nread != DIM (s2k->salt)) ++ return CDK_Inv_Packet; ++ ++ if (s2k->mode == CDK_S2K_ITERSALTED) ++ s2k->count = cdk_stream_getc (inp); ++ } ++ else if (s2k->mode == CDK_S2K_GNU_EXT) ++ { ++ /* GNU extensions to the S2K : read DETAILS from gnupg */ ++ return 0; ++ } ++ else ++ return CDK_Not_Implemented; ++ ++ return 0; + } + + +@@ -194,6 +219,7 @@ + static cdk_error_t + read_symkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_symkey_enc_t ske) + { ++ cdk_error_t ret; + cdk_s2k_t s2k; + size_t minlen; + size_t nread, nleft; +@@ -213,7 +239,9 @@ + return CDK_Out_Of_Core; + + ske->cipher_algo = cdk_stream_getc (inp); +- s2k->mode = cdk_stream_getc (inp); ++ ret = read_s2k(inp, s2k); ++ if (ret != 0) ++ return ret; + switch (s2k->mode) + { + case CDK_S2K_SIMPLE : minlen = 0; break; +@@ -225,18 +253,6 @@ + return CDK_Inv_Packet; + } + +- s2k->hash_algo = cdk_stream_getc (inp); +- if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) +- { +- if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) +- return CDK_Inv_Packet; +- if (nread != DIM (s2k->salt)) +- return CDK_Inv_Packet; +- +- if (s2k->mode == CDK_S2K_ITERSALTED) +- s2k->count = cdk_stream_getc (inp); +- } +- + ske->seskeylen = pktlen - 4 - minlen; + /* We check if there is an encrypted session key and if it fits into + the buffer. The maximal key length is 256-bit. */ +@@ -421,14 +437,19 @@ + rc = read_s2k (inp, sk->protect.s2k); + if (rc) + return rc; +- sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); +- if (!sk->protect.ivlen) +- return CDK_Inv_Packet; +- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); +- if (rc) +- return rc; +- if (nread != sk->protect.ivlen) +- return CDK_Inv_Packet; ++ /* refer to --export-secret-subkeys in gpg(1) */ ++ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) ++ sk->protect.ivlen = 0; ++ else { ++ sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); ++ if (!sk->protect.ivlen) ++ return CDK_Inv_Packet; ++ rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); ++ if (rc) ++ return rc; ++ if (nread != sk->protect.ivlen) ++ return CDK_Inv_Packet; ++ } + } + else + sk->protect.algo = sk->s2k_usage; +@@ -476,6 +497,22 @@ + return CDK_Out_Of_Core; + if (stream_read (inp, sk->encdata, sk->enclen, &nread)) + return CDK_Inv_Packet; ++ /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */ ++ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) { ++ unsigned char gnumode; ++ if ((sk->enclen < strlen("GNU") + 1) || ++ (0 != memcmp("GNU", sk->encdata, strlen("GNU")))) ++ return CDK_Inv_Packet; ++ gnumode = sk->encdata[strlen("GNU")]; ++ /* we only handle gnu-dummy (mode 1). ++ mode 2 should refer to external smart cards. ++ */ ++ if (gnumode != 1) ++ return CDK_Inv_Packet; ++ /* gnu-dummy should have no more data */ ++ if (sk->enclen != strlen("GNU") + 1) ++ return CDK_Inv_Packet; ++ } + nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo); + if (!nskey) + return CDK_Inv_Algo; diff --git a/packaging/freebsd/Makefile b/packaging/freebsd/security/monkeysphere/Makefile index 984bc87..984bc87 100644 --- a/packaging/freebsd/Makefile +++ b/packaging/freebsd/security/monkeysphere/Makefile diff --git a/packaging/freebsd/distinfo b/packaging/freebsd/security/monkeysphere/distinfo index 86aecd1..86aecd1 100644 --- a/packaging/freebsd/distinfo +++ b/packaging/freebsd/security/monkeysphere/distinfo diff --git a/packaging/freebsd/files/patch-etclocation b/packaging/freebsd/security/monkeysphere/files/patch-etclocation index 0100a9c..2ab3ac0 100644 --- a/packaging/freebsd/files/patch-etclocation +++ b/packaging/freebsd/security/monkeysphere/files/patch-etclocation @@ -6,8 +6,8 @@ index c001f2d..d33fd36 100644 # authorized_keys file. '%h' will be replaced by the home directory # of the user, and %u will be replaced by the username of the user. # For purely admin-controlled authorized_user_ids, you might put them --# in /etc/monkeysphere/authorized_user_ids/%u -+# in /usr/local/etc/monkeysphere/authorized_user_ids/%u +-# in /etc/monkeysphere/authorized_user_ids/%u, for instance. ++# in /usr/local/etc/monkeysphere/authorized_user_ids/%u, for instance. #AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids" # Whether to add user controlled authorized_keys file to diff --git a/packaging/freebsd/files/patch-sharelocation b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation index 99c9604..99c9604 100644 --- a/packaging/freebsd/files/patch-sharelocation +++ b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation diff --git a/packaging/freebsd/files/patch-varlocation b/packaging/freebsd/security/monkeysphere/files/patch-varlocation index c4d8dcd..c4d8dcd 100644 --- a/packaging/freebsd/files/patch-varlocation +++ b/packaging/freebsd/security/monkeysphere/files/patch-varlocation diff --git a/packaging/freebsd/pkg-deinstall b/packaging/freebsd/security/monkeysphere/pkg-deinstall index 3000878..3000878 100755 --- a/packaging/freebsd/pkg-deinstall +++ b/packaging/freebsd/security/monkeysphere/pkg-deinstall diff --git a/packaging/freebsd/pkg-descr b/packaging/freebsd/security/monkeysphere/pkg-descr index 9adc44f..9adc44f 100644 --- a/packaging/freebsd/pkg-descr +++ b/packaging/freebsd/security/monkeysphere/pkg-descr diff --git a/packaging/freebsd/pkg-install b/packaging/freebsd/security/monkeysphere/pkg-install index d7e4dbe..70d37b5 100755 --- a/packaging/freebsd/pkg-install +++ b/packaging/freebsd/security/monkeysphere/pkg-install @@ -65,7 +65,7 @@ POST-INSTALL) install -d -o monkeysphere -g monkeysphere -m 700 "$VARLIB"/gnupg-authentication ln -sf "$ETCDIR"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf - chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf + install -d "$VARLIB"/tmp "$VARLIB"/authorized_keys monkeysphere-server diagnostics ;; diff --git a/packaging/freebsd/pkg-plist b/packaging/freebsd/security/monkeysphere/pkg-plist index 04a704a..04a704a 100644 --- a/packaging/freebsd/pkg-plist +++ b/packaging/freebsd/security/monkeysphere/pkg-plist |