ports/61762: Fixes to PGP6 for FreeBSD 5.1 and for PGP 2.x compat
Len Sassaman
rabbi at abditum.com
Fri Jan 23 03:10:22 UTC 2004
>Number: 61762
>Category: ports
>Synopsis: Fixes to PGP6 for FreeBSD 5.1 and for PGP 2.x compat
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 22 19:10:14 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Len Sassaman
>Release: FreeBSD 4.9-STABLE i386
>Organization:
Anonymizer, Inc.
>Environment:
System: FreeBSD chiron.deor.org 4.9-STABLE FreeBSD 4.9-STABLE #0: Thu Nov 20 20:18:52 PST 2003 root at chiron.deor.org:/usr/obj/usr/src/sys/RabbiBSD i386
>Description:
I've corrected the FreeBSD 5.1 compilation errors. There aren't any outstanding security issues in PGP 6.5.8 that I am aware of, other than the so-called Czech attack, which has limited practical impact. (There are a number of errors in 6.5.3 that 6.5.8 addresses, and number of errors specific to OS in the Windows version of 6.5.8, but nothing that should affect the commandline version.)
I intend to review the mktemp() usage in PGP later. It doesn't look dangerous at first glance.
>How-To-Repeat:
>Fix:
diff -ruN pgp6/Makefile pgp6-new/Makefile
--- pgp6/Makefile Wed Jan 21 23:53:53 2004
+++ pgp6-new/Makefile Thu Jan 22 17:33:18 2004
@@ -1,6 +1,6 @@
# New ports collection makefile for: pgp6
# Date created: 25 Jan 2000
-# Whom: mike at fate.com
+# Whom: Len Sassaman
#
# $FreeBSD: ports/security/pgp6/Makefile,v 1.45 2004/01/22 07:53:53 dinoex Exp $
#
@@ -30,11 +30,6 @@
LATEST_LINK= pgp6
.include <bsd.port.pre.mk>
-
-#.if ${OSVERSION} >= 500113
-#BROKEN= "Does not compile"
-#.endif
-FORBIDDEN= "documented exploits exist; patches will be supplied by maintainer"
# the distfile is actually a tar of three compressed tars and their
# signatures
diff -ruN pgp6/files/patch-ar pgp6-new/files/patch-ar
--- pgp6/files/patch-ar Wed Dec 31 16:00:00 1969
+++ pgp6-new/files/patch-ar Thu Jan 22 14:57:50 2004
@@ -0,0 +1,14 @@
+--- libs/pfl/common/lthread/pgpThreads.h.orig Mon Apr 19 10:59:53 1999
++++ libs/pfl/common/lthread/pgpThreads.h Thu Jan 22 12:34:15 2004
+@@ -138,7 +138,9 @@
+ #endif /* end HAVE_PTHREAD_ATTR_CREATE */
+
+ /* My version of Linux has sem_init in pthreads.so, but *zero* headers ?? */
+-#if HAVE_SEM_INIT && !PGP_UNIX_LINUX
++/* #if HAVE_SEM_INIT && !PGP_UNIX_LINUX
++ commented out for FreeBSD */
++#if 0
+
+ #undef HAVE_SEMGET /* prefer POSIX sem_init over semget */
+ #define HAVE_SEMGET 0
+
diff -ruN pgp6/files/patch-as pgp6-new/files/patch-as
--- pgp6/files/patch-as Wed Dec 31 16:00:00 1969
+++ pgp6-new/files/patch-as Thu Jan 22 14:58:01 2004
@@ -0,0 +1,13 @@
+--- libs/pfl/common/lthread/pgpSemaphore.c.old Tue Mar 17 21:08:17 1998
++++ libs/pfl/common/lthread/pgpSemaphore.c Thu Jan 22 13:00:16 2004
+@@ -41,7 +41,9 @@
+ #endif /* end PGP_UNIX_SOLARIS */
+
+ /* Linux has sem_init function but no headers ?? */
+-#if HAVE_SEM_INIT && !PGP_UNIX_LINUX
++/* #if HAVE_SEM_INIT && !PGP_UNIX_LINUX
++ commented out for FreeBSD */
++#if 0
+
+ PGPSemAttr_t PGPSemAttr_def = {0, 0};
+
diff -ruN pgp6/files/patch-cc pgp6-new/files/patch-cc
--- pgp6/files/patch-cc Wed Dec 31 16:00:00 1969
+++ pgp6-new/files/patch-cc Thu Jan 22 14:57:16 2004
@@ -0,0 +1,19 @@
+--- clients/pgp/cmdline/doencode.c Thu Sep 30 20:10:21 1999
++++ clients/pgp/cmdline/doencode.c Thu Jan 11 20:50:20 2001
+@@ -283,6 +283,7 @@
+ PGPBoolean batchmode = pgpenvGetInt( env, PGPENV_BATCHMODE, &pri, &err );
+ PGPBoolean verbose = pgpenvGetInt( env, PGPENV_VERBOSE, &pri, &err );
+ PGPBoolean quietmode = pgpenvGetInt( env, PGPENV_NOOUT, &pri, &err);
++ PGPBoolean force = pgpenvGetInt( env, PGPENV_FORCE, &pri, &err);
+ PGPKeySetRef tmpset;
+
+ err = PGPNewEmptyKeySet( toSet, &tmpset );
+@@ -317,7 +318,7 @@
+ if(verbose)
+ pgpShowKeyValidity( filebPtr, key );
+
+- if( validity < kPGPValidity_Marginal ) {
++ if( validity < kPGPValidity_Marginal && !force) {
+ char useridstr[ kPGPMaxUserIDSize ];
+ PGPBoolean answer;
+ err = pgpGetUserIDStringFromKey( key, useridstr );
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list