diff --git a/CVE-2020-25125.patch b/CVE-2020-25125.patch deleted file mode 100644 index 7b55642..0000000 --- a/CVE-2020-25125.patch +++ /dev/null @@ -1,35 +0,0 @@ -From aeb8272ca8aad403a4baac33b8d5673719cfd8f0 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Thu, 3 Sep 2020 15:22:00 +0200 -Subject: [PATCH] gpg: Fix AEAD preference list overflow - -* g10/getkey.c (fixup_uidnode): Increase size of prefs array. --- - -GnuPG-bug-id: 5050 -Fixes-commit: ab7a0b07024c432233e691b5e4be7e32baf8d80f -which introduced a feature to show the AEAD preferences of keys -created with rfc4880bis capable software (e.g. GnuPG 2.3-beta). -The same code in 2.3 is correct, though. - -Signed-off-by: Werner Koch ---- - g10/getkey.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/g10/getkey.c b/g10/getkey.c -index 3d0dd0b..3f0a692 100644 ---- a/g10/getkey.c -+++ b/g10/getkey.c -@@ -2481,7 +2481,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated) - nzip = p ? n : 0; - if (uid->prefs) - xfree (uid->prefs); -- n = nsym + nhash + nzip; -+ n = nsym + naead + nhash + nzip; - if (!n) - uid->prefs = NULL; - else --- -1.8.3.1 - diff --git a/gnupg-2.1.21-insttools.patch b/gnupg-2.1.21-insttools.patch deleted file mode 100644 index e076dae..0000000 --- a/gnupg-2.1.21-insttools.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff -up gnupg-2.1.21/tools/Makefile.am.insttools gnupg-2.1.21/tools/Makefile.am ---- gnupg-2.1.21/tools/Makefile.am.insttools 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.21/tools/Makefile.am 2017-07-18 12:10:59.431729640 +0200 -@@ -35,8 +35,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER - sbin_SCRIPTS = addgnupghome applygnupgdefaults - - if HAVE_USTAR --# bin_SCRIPTS += gpg-zip --noinst_SCRIPTS = gpg-zip -+bin_PROGRAMS += gpg-zip -+#noinst_SCRIPTS = gpg-zip - endif - - if BUILD_SYMCRYPTRUN -@@ -53,7 +53,7 @@ endif - - libexec_PROGRAMS = gpg-wks-client - --bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} -+bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} gpgsplit - if !HAVE_W32_SYSTEM - bin_PROGRAMS += watchgnupg gpgparsemail ${gpg_wks_server} - endif -@@ -63,7 +63,7 @@ libexec_PROGRAMS += gpg-check-pattern - endif - - if !HAVE_W32CE_SYSTEM --noinst_PROGRAMS = clean-sat make-dns-cert gpgsplit -+noinst_PROGRAMS = clean-sat make-dns-cert - endif - - if !HAVE_W32CE_SYSTEM -diff -up gnupg-2.1.21/tools/Makefile.in.insttools gnupg-2.1.21/tools/Makefile.in ---- gnupg-2.1.21/tools/Makefile.in.insttools 2017-05-15 16:15:04.000000000 +0200 -+++ gnupg-2.1.21/tools/Makefile.in 2017-07-18 12:12:17.907734745 +0200 -@@ -137,13 +137,13 @@ DIST_COMMON = $(top_srcdir)/am/cmacros.a - @GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\"" - @HAVE_W32_SYSTEM_TRUE@am__append_8 = gpg-connect-agent-w32info.o - libexec_PROGRAMS = gpg-wks-client$(EXEEXT) $(am__EXEEXT_5) --bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \ -+bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) gpgsplit$(EXEEXT) \ - $(am__EXEEXT_1) $(am__EXEEXT_3) $(am__EXEEXT_4) - @HAVE_W32_SYSTEM_FALSE@am__append_9 = watchgnupg gpgparsemail ${gpg_wks_server} - @DISABLE_REGEX_FALSE@am__append_10 = gpg-check-pattern - @HAVE_W32CE_SYSTEM_FALSE@noinst_PROGRAMS = clean-sat$(EXEEXT) \ - @HAVE_W32CE_SYSTEM_FALSE@ make-dns-cert$(EXEEXT) \ --@HAVE_W32CE_SYSTEM_FALSE@ gpgsplit$(EXEEXT) $(am__EXEEXT_6) -+@HAVE_W32CE_SYSTEM_FALSE@ $(am__EXEEXT_6) - @BUILD_GPGTAR_TRUE@@HAVE_W32CE_SYSTEM_FALSE@am__append_11 = gpgtar - @BUILD_GPGTAR_FALSE@@HAVE_W32CE_SYSTEM_FALSE@am__append_12 = gpgtar - subdir = tools -@@ -582,8 +582,8 @@ libcommontlsnpth = ../common/libcommontl - AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) - sbin_SCRIPTS = addgnupghome applygnupgdefaults - --# bin_SCRIPTS += gpg-zip --@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip -+@HAVE_USTAR_TRUE@bin_PROGRAMS += gpg-zip -+#@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip - @BUILD_SYMCRYPTRUN_FALSE@symcryptrun = - @BUILD_SYMCRYPTRUN_TRUE@symcryptrun = symcryptrun - @BUILD_WKS_TOOLS_FALSE@gpg_wks_server = diff --git a/gnupg-2.1.21-large-rsa.patch b/gnupg-2.1.21-large-rsa.patch deleted file mode 100644 index 96aad02..0000000 --- a/gnupg-2.1.21-large-rsa.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up gnupg-2.1.21/g10/keygen.c.large-rsa gnupg-2.1.21/g10/keygen.c ---- gnupg-2.1.21/g10/keygen.c.large-rsa 2017-05-15 14:13:22.000000000 +0200 -+++ gnupg-2.1.21/g10/keygen.c 2017-07-18 16:12:37.738895016 +0200 -@@ -2091,7 +2091,7 @@ get_keysize_range (int algo, unsigned in - - default: - *min = opt.compliance == CO_DE_VS ? 2048: 1024; -- *max = 4096; -+ *max = opt.flags.large_rsa == 1 ? 8192 : 4096; - def = 2048; - break; - } diff --git a/gnupg-2.2.20-file-is-digest.patch b/gnupg-2.2.20-file-is-digest.patch index 2c7a891..f97ac9b 100644 --- a/gnupg-2.2.20-file-is-digest.patch +++ b/gnupg-2.2.20-file-is-digest.patch @@ -65,15 +65,15 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c sig->version = pk->version; @@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl, - else - err = 0; } + else + err = 0; /* Actually never reached. */ - hash_sigversion_to_magic (md, sig); - gcry_md_final (md); + + if (!opt.file_is_digest) { -+ hash_sigversion_to_magic (md, sig); -+ gcry_md_final (md); ++ hash_sigversion_to_magic (md, sig); ++ gcry_md_final (md); + } if (!err) diff --git a/gnupg-2.2.21-coverity.patch b/gnupg-2.2.21-coverity.patch index 4d781a5..b4e65b6 100644 --- a/gnupg-2.2.21-coverity.patch +++ b/gnupg-2.2.21-coverity.patch @@ -173,7 +173,7 @@ diff -up gnupg-2.2.21/kbx/keybox-dump.c.coverity gnupg-2.2.21/kbx/keybox-dump.c + } if (recno >= from) { - if ((rc = _keybox_write_blob (blob, outfp))) + if ((rc = _keybox_write_blob (blob, NULL, outfp))) { + _keybox_release_blob (blob); fprintf (stderr, "error writing output: %s\n", diff --git a/gnupg-2.2.21.tar.bz2 b/gnupg-2.2.21.tar.bz2 deleted file mode 100644 index cd6f01d..0000000 Binary files a/gnupg-2.2.21.tar.bz2 and /dev/null differ diff --git a/gnupg-2.2.21.tar.bz2.sig b/gnupg-2.2.21.tar.bz2.sig deleted file mode 100644 index 96c7480..0000000 Binary files a/gnupg-2.2.21.tar.bz2.sig and /dev/null differ diff --git a/gnupg-2.2.23-insttools.patch b/gnupg-2.2.23-insttools.patch new file mode 100644 index 0000000..8c15871 --- /dev/null +++ b/gnupg-2.2.23-insttools.patch @@ -0,0 +1,28 @@ +diff -up gnupg-2.2.23/tools/Makefile.am.insttools gnupg-2.2.23/tools/Makefile.am +--- gnupg-2.2.23/tools/Makefile.am.insttools 2020-08-13 11:01:57.000000000 +0200 ++++ gnupg-2.2.23/tools/Makefile.am 2020-09-04 13:49:34.183246428 +0200 +@@ -35,8 +35,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER + sbin_SCRIPTS = addgnupghome applygnupgdefaults + + if HAVE_USTAR +-# bin_SCRIPTS += gpg-zip +-noinst_SCRIPTS = gpg-zip ++bin_PROGRAMS += gpg-zip ++#noinst_SCRIPTS = gpg-zip + endif + + if BUILD_WKS_TOOLS +diff -up gnupg-2.2.23/tools/Makefile.in.insttools gnupg-2.2.23/tools/Makefile.in +--- gnupg-2.2.23/tools/Makefile.in.insttools 2020-09-03 17:16:55.000000000 +0200 ++++ gnupg-2.2.23/tools/Makefile.in 2020-09-04 13:49:34.183246428 +0200 +@@ -618,8 +618,8 @@ libcommontlsnpth = ../common/libcommontl + AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) + sbin_SCRIPTS = addgnupghome applygnupgdefaults + +-# bin_SCRIPTS += gpg-zip +-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip ++@HAVE_USTAR_TRUE@bin_PROGRAMS += gpg-zip ++#@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip + @BUILD_WKS_TOOLS_FALSE@gpg_wks_server = + @BUILD_WKS_TOOLS_TRUE@gpg_wks_server = gpg-wks-server + common_libs = $(libcommon) diff --git a/gnupg-2.2.23-large-rsa.patch b/gnupg-2.2.23-large-rsa.patch new file mode 100644 index 0000000..47f861b --- /dev/null +++ b/gnupg-2.2.23-large-rsa.patch @@ -0,0 +1,12 @@ +diff -up gnupg-2.2.23/g10/keygen.c.large-rsa gnupg-2.2.23/g10/keygen.c +--- gnupg-2.2.23/g10/keygen.c.large-rsa 2020-09-04 13:53:42.030486671 +0200 ++++ gnupg-2.2.23/g10/keygen.c 2020-09-04 13:55:52.896669542 +0200 +@@ -2262,7 +2262,7 @@ get_keysize_range (int algo, unsigned in + + default: + *min = opt.compliance == CO_DE_VS ? 2048: 1024; +- *max = 4096; ++ *max = opt.flags.large_rsa == 1 ? 8192 : 4096; + def = 3072; + break; + } diff --git a/gnupg-2.2.27.tar.bz2 b/gnupg-2.2.27.tar.bz2 new file mode 100644 index 0000000..b289317 Binary files /dev/null and b/gnupg-2.2.27.tar.bz2 differ diff --git a/gnupg-2.2.27.tar.bz2.sig b/gnupg-2.2.27.tar.bz2.sig new file mode 100644 index 0000000..c993854 Binary files /dev/null and b/gnupg-2.2.27.tar.bz2.sig differ diff --git a/gnupg2.spec b/gnupg2.spec index cdf3643..799ca20 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -1,6 +1,6 @@ Name: gnupg2 -Version: 2.2.21 -Release: 3 +Version: 2.2.27 +Release: 1 Summary: Utility for secure communication and data storage License: GPLv3+ @@ -11,16 +11,15 @@ Source1: https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig Patch0: fix-a-memory-leak-in-g10.patch Patch1: gnupg-2.1.10-secmem.patch Patch2: gnupg-2.1.1-fips-algo.patch -Patch3: gnupg-2.1.21-insttools.patch -Patch4: gnupg-2.1.21-large-rsa.patch +Patch3: gnupg-2.2.23-insttools.patch +Patch4: gnupg-2.2.23-large-rsa.patch Patch5: gnupg-2.2.16-ocsp-keyusage.patch Patch6: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch Patch7: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch -patch8: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch +Patch8: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch Patch9: gnupg-2.2.20-file-is-digest.patch Patch10: gnupg-2.2.21-coverity.patch Patch11: common-Avoid-undefined-behavior-of-left-shift-operat.patch -Patch12: CVE-2020-25125.patch BuildRequires: zlib-devel, npth-devel, gdb, texinfo BuildRequires: libgpg-error-devel >= 1.31 @@ -115,6 +114,9 @@ make check %changelog +* Thu Jan 28 2021 yixiangzhike - 2.2.27-1 +- update to 2.2.27 + * Thu Sep 10 2020 zhangxingliang - 2.2.21-3 - fix AEAD preference list overflow for CVE-2020-25125