fix CVE-2020-25125

CVE-2020-25125.patch

@@ -0,0 +1,35 @@
+From aeb8272ca8aad403a4baac33b8d5673719cfd8f0 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 3 Sep 2020 15:22:00 +0200
+Subject: [PATCH] gpg: Fix AEAD preference list overflow
+
+* g10/getkey.c (fixup_uidnode): Increase size of prefs array.
+--
+
+GnuPG-bug-id: 5050
+Fixes-commit: ab7a0b07024c432233e691b5e4be7e32baf8d80f
+which introduced a feature to show the AEAD preferences of keys
+created with rfc4880bis capable software (e.g. GnuPG 2.3-beta).
+The same code in 2.3 is correct, though.
+
+Signed-off-by: Werner Koch <wk@gnupg.org>
+---
+ g10/getkey.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/getkey.c b/g10/getkey.c
+index 3d0dd0b..3f0a692 100644
+--- a/g10/getkey.c
++++ b/g10/getkey.c
+@@ -2481,7 +2481,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
+   nzip = p ? n : 0;
+   if (uid->prefs)
+     xfree (uid->prefs);
+-  n = nsym + nhash + nzip;
++  n = nsym + naead + nhash + nzip;
+   if (!n)
+     uid->prefs = NULL;
+   else
+-- 
+1.8.3.1
+

gnupg2.spec

@@ -1,6 +1,6 @@
 Name: gnupg2
 Version: 2.2.21
-Release: 2
+Release: 3
 Summary: Utility for secure communication and data storage
 
 License: GPLv3+
@@ -20,6 +20,7 @@ patch8:  gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch
 Patch9:  gnupg-2.2.20-file-is-digest.patch
 Patch10: gnupg-2.2.21-coverity.patch
 Patch11: common-Avoid-undefined-behavior-of-left-shift-operat.patch
+Patch12: CVE-2020-25125.patch
 
 BuildRequires: zlib-devel, npth-devel, gdb, texinfo
 BuildRequires: libgpg-error-devel >= 1.31
@@ -114,6 +115,9 @@ make check
 
 
 %changelog
+* Thu Sep 10 2020 zhangxingliang <zhangxingliang3@huawei.com> - 2.2.21-3
+- fix AEAD preference list overflow for CVE-2020-25125
+
 * Tue Aug 4 2020 wangchen <wangchen137@huawei.com> - 2.2.21-2
 - fix undefined shift in block_filter()