eebef52...
by
Guillem Jover <email address hidden>
on 2015-05-01
Release 1.15.12
a705d80...
by
Raphaël Hertzog
on 2015-02-11
debian: drop myself from Uploaders
Cherry picked from commit 10ff6c4fc598dbc 9697c825a8c8e1b f25caa2fcb.
Signed-off-by: Guillem Jover <email address hidden>
f0d0380...
by
Guillem Jover <email address hidden>
on 2015-03-19
Dpkg::Control: :Hash: Fix OpenPGP Armor Header Line parsing
Cherry picked from commit c49d104601b673c 11c981dc9b6d824 7e6da64edd.
We should only accept [\r\t ] as trailing whitespace, although RFC4880
does not clarify what whitespace really maps to, we should really match
the GnuPG implementation anyway, as that is what we use to verify the
signatures.
Fixes: CVE-2015-0840
Reported-by: Jann Horn <email address hidden>
Signed-off-by: Ben Hutchings <email address hidden>
Signed-off-by: Guillem Jover <email address hidden>
0602847...
by
Guillem Jover <email address hidden>
on 2012-12-23
Dpkg::Control: :Hash: Do not accept Armor Header Lines inside a paragraph
Cherry picked from commit afe626640a81a01 91b06e2f4ae16eb 2bd1b228c3.
Make sure that no fields are injected before a signed block.
Although the only possible attack is to add fields not present in the
signed block, as otherwise a syntax error due to duplicate field is
triggered.
Signed-off-by: Ben Hutchings <email address hidden>
Signed-off-by: Guillem Jover <email address hidden>
7c9e955...
by
Guillem Jover <email address hidden>
on 2012-12-15
Dpkg::Control: :Hash: Check for presence of OpenPGP signatures
Cherry picked from commit b08f7a8306f872b 077af4040ebeab8 853faaf0cd.
Make sure the OpenGPG armor contains a signature block, even on EOF.
This should get detected and rejected by gpgv anyway, but it's better
to check the structure of the message before doing any further parsing
on it.
Signed-off-by: Ben Hutchings <email address hidden>
Signed-off-by: Guillem Jover <email address hidden>
9e1f15a...
by
Guillem Jover <email address hidden>
on 2012-12-15
Dpkg: Fix OpenPGP armored signature parsing
Cherry picked from commit 9945c52208fa752 0bb307868d6c152 ced8238969.
Change parsing code to honour RFC4880. Handle whitespaces at EOL, and
correctly expect five trailing dashes on the Armor Header Lines.
Closes: #695919
Reported-by: Ansgar Burchardt <email address hidden>
[<email address hidden>:
- Resolve conflict in whitespace in scripts/ t/700_Dpkg_ Control. t. ]
Signed-off-by: Ben Hutchings <email address hidden>
Signed-off-by: Guillem Jover <email address hidden>
c171377...
by
Roger Leigh
on 2011-03-12
Dpkg::Control: :Hash: accept PGP signature as end of block
Cherry picked from commit 898936120e987d9 faf27002e2d0184 4edbfbb538.
Improved-by: Raphaël Hertzog <email address hidden>
Signed-off-by: Ben Hutchings <email address hidden>
Signed-off-by: Guillem Jover <email address hidden>
1d6c7d5...
by
Guillem Jover <email address hidden>
on 2015-05-01
Bump version to 1.15.12
0e17427...
by
Guillem Jover <email address hidden>
on 2014-06-05
Release 1.15.11
ceb5b2b...
by
Guillem Jover <email address hidden>
on 2014-05-21
scripts: Add test case for patch disabling hunks
Cherry picked from commit bb2fe22738675a5 a92d65aad03efcc 73efd3a368.
This does not pose any security issue, as the hunk parser is strict, and
will reject a patch if it considers that the hunk marker is not present.