packages/gnupg2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 2.2.27

Browse Source
This commit is contained in:
yixiangzhike 2021-01-28 09:15:47 +08:00
parent 17f7eb3e73
commit 5daad11199
12 changed files with 53 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
CVE-2020-25125.patch
View File

@ -1,35 +0,0 @@
From aeb8272ca8aad403a4baac33b8d5673719cfd8f0 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 3 Sep 2020 15:22:00 +0200
Subject: [PATCH] gpg: Fix AEAD preference list overflow
* g10/getkey.c (fixup_uidnode): Increase size of prefs array.
--
GnuPG-bug-id: 5050
Fixes-commit: ab7a0b07024c432233e691b5e4be7e32baf8d80f
which introduced a feature to show the AEAD preferences of keys
created with rfc4880bis capable software (e.g. GnuPG 2.3-beta).
The same code in 2.3 is correct, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
---
g10/getkey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/g10/getkey.c b/g10/getkey.c
index 3d0dd0b..3f0a692 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -2481,7 +2481,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
nzip = p ? n : 0;
if (uid->prefs)
xfree (uid->prefs);
- n = nsym + nhash + nzip;
+ n = nsym + naead + nhash + nzip;
if (!n)
uid->prefs = NULL;
else
--
1.8.3.1

62
gnupg-2.1.21-insttools.patch
View File

@ -1,62 +0,0 @@
diff -up gnupg-2.1.21/tools/Makefile.am.insttools gnupg-2.1.21/tools/Makefile.am
--- gnupg-2.1.21/tools/Makefile.am.insttools 2017-04-03 17:13:56.000000000 +0200
+++ gnupg-2.1.21/tools/Makefile.am 2017-07-18 12:10:59.431729640 +0200
@@ -35,8 +35,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER
sbin_SCRIPTS = addgnupghome applygnupgdefaults
if HAVE_USTAR
-# bin_SCRIPTS += gpg-zip
-noinst_SCRIPTS = gpg-zip
+bin_PROGRAMS += gpg-zip
+#noinst_SCRIPTS = gpg-zip
endif
if BUILD_SYMCRYPTRUN
@@ -53,7 +53,7 @@ endif
libexec_PROGRAMS = gpg-wks-client
-bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun}
+bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} gpgsplit
if !HAVE_W32_SYSTEM
bin_PROGRAMS += watchgnupg gpgparsemail ${gpg_wks_server}
endif
@@ -63,7 +63,7 @@ libexec_PROGRAMS += gpg-check-pattern
endif
if !HAVE_W32CE_SYSTEM
-noinst_PROGRAMS = clean-sat make-dns-cert gpgsplit
+noinst_PROGRAMS = clean-sat make-dns-cert
endif
if !HAVE_W32CE_SYSTEM
diff -up gnupg-2.1.21/tools/Makefile.in.insttools gnupg-2.1.21/tools/Makefile.in
--- gnupg-2.1.21/tools/Makefile.in.insttools 2017-05-15 16:15:04.000000000 +0200
+++ gnupg-2.1.21/tools/Makefile.in 2017-07-18 12:12:17.907734745 +0200
@@ -137,13 +137,13 @@ DIST_COMMON = $(top_srcdir)/am/cmacros.a
@GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
@HAVE_W32_SYSTEM_TRUE@am__append_8 = gpg-connect-agent-w32info.o
libexec_PROGRAMS = gpg-wks-client$(EXEEXT) $(am__EXEEXT_5)
-bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \
+bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) gpgsplit$(EXEEXT) \
$(am__EXEEXT_1) $(am__EXEEXT_3) $(am__EXEEXT_4)
@HAVE_W32_SYSTEM_FALSE@am__append_9 = watchgnupg gpgparsemail ${gpg_wks_server}
@DISABLE_REGEX_FALSE@am__append_10 = gpg-check-pattern
@HAVE_W32CE_SYSTEM_FALSE@noinst_PROGRAMS = clean-sat$(EXEEXT) \
@HAVE_W32CE_SYSTEM_FALSE@ make-dns-cert$(EXEEXT) \
-@HAVE_W32CE_SYSTEM_FALSE@ gpgsplit$(EXEEXT) $(am__EXEEXT_6)
+@HAVE_W32CE_SYSTEM_FALSE@ $(am__EXEEXT_6)
@BUILD_GPGTAR_TRUE@@HAVE_W32CE_SYSTEM_FALSE@am__append_11 = gpgtar
@BUILD_GPGTAR_FALSE@@HAVE_W32CE_SYSTEM_FALSE@am__append_12 = gpgtar
subdir = tools
@@ -582,8 +582,8 @@ libcommontlsnpth = ../common/libcommontl
AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
sbin_SCRIPTS = addgnupghome applygnupgdefaults
-# bin_SCRIPTS += gpg-zip
-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
+@HAVE_USTAR_TRUE@bin_PROGRAMS += gpg-zip
+#@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
@BUILD_SYMCRYPTRUN_FALSE@symcryptrun =
@BUILD_SYMCRYPTRUN_TRUE@symcryptrun = symcryptrun
@BUILD_WKS_TOOLS_FALSE@gpg_wks_server =

12
gnupg-2.1.21-large-rsa.patch
View File

@ -1,12 +0,0 @@
diff -up gnupg-2.1.21/g10/keygen.c.large-rsa gnupg-2.1.21/g10/keygen.c
--- gnupg-2.1.21/g10/keygen.c.large-rsa 2017-05-15 14:13:22.000000000 +0200
+++ gnupg-2.1.21/g10/keygen.c 2017-07-18 16:12:37.738895016 +0200
@@ -2091,7 +2091,7 @@ get_keysize_range (int algo, unsigned in
default:
*min = opt.compliance == CO_DE_VS ? 2048: 1024;
- *max = 4096;
+ *max = opt.flags.large_rsa == 1 ? 8192 : 4096;
def = 2048;
break;
}

8
gnupg-2.2.20-file-is-digest.patch
View File

@ -65,15 +65,15 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
sig->version = pk->version; sig->version = pk->version;
@@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl, @@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl,
else
err = 0;
} }
else
err = 0; /* Actually never reached. */
- hash_sigversion_to_magic (md, sig); - hash_sigversion_to_magic (md, sig);
- gcry_md_final (md); - gcry_md_final (md);
+ +
+ if (!opt.file_is_digest) { + if (!opt.file_is_digest) {
+ hash_sigversion_to_magic (md, sig); + hash_sigversion_to_magic (md, sig);
+ gcry_md_final (md); + gcry_md_final (md);
+ } + }
if (!err) if (!err)

2
gnupg-2.2.21-coverity.patch
View File

@ -173,7 +173,7 @@ diff -up gnupg-2.2.21/kbx/keybox-dump.c.coverity gnupg-2.2.21/kbx/keybox-dump.c
+ } + }
if (recno >= from) if (recno >= from)
{ {
if ((rc = _keybox_write_blob (blob, outfp))) if ((rc = _keybox_write_blob (blob, NULL, outfp)))
{ {
+ _keybox_release_blob (blob); + _keybox_release_blob (blob);
fprintf (stderr, "error writing output: %s\n", fprintf (stderr, "error writing output: %s\n",

BIN
gnupg-2.2.21.tar.bz2
View File

Binary file not shown.

BIN
gnupg-2.2.21.tar.bz2.sig
View File

Binary file not shown.

28
gnupg-2.2.23-insttools.patch Normal file
View File

@ -0,0 +1,28 @@
diff -up gnupg-2.2.23/tools/Makefile.am.insttools gnupg-2.2.23/tools/Makefile.am
--- gnupg-2.2.23/tools/Makefile.am.insttools 2020-08-13 11:01:57.000000000 +0200
+++ gnupg-2.2.23/tools/Makefile.am 2020-09-04 13:49:34.183246428 +0200
@@ -35,8 +35,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER
sbin_SCRIPTS = addgnupghome applygnupgdefaults
if HAVE_USTAR
-# bin_SCRIPTS += gpg-zip
-noinst_SCRIPTS = gpg-zip
+bin_PROGRAMS += gpg-zip
+#noinst_SCRIPTS = gpg-zip
endif
if BUILD_WKS_TOOLS
diff -up gnupg-2.2.23/tools/Makefile.in.insttools gnupg-2.2.23/tools/Makefile.in
--- gnupg-2.2.23/tools/Makefile.in.insttools 2020-09-03 17:16:55.000000000 +0200
+++ gnupg-2.2.23/tools/Makefile.in 2020-09-04 13:49:34.183246428 +0200
@@ -618,8 +618,8 @@ libcommontlsnpth = ../common/libcommontl
AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
sbin_SCRIPTS = addgnupghome applygnupgdefaults
-# bin_SCRIPTS += gpg-zip
-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
+@HAVE_USTAR_TRUE@bin_PROGRAMS += gpg-zip
+#@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
@BUILD_WKS_TOOLS_FALSE@gpg_wks_server =
@BUILD_WKS_TOOLS_TRUE@gpg_wks_server = gpg-wks-server
common_libs = $(libcommon)

12
gnupg-2.2.23-large-rsa.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up gnupg-2.2.23/g10/keygen.c.large-rsa gnupg-2.2.23/g10/keygen.c
--- gnupg-2.2.23/g10/keygen.c.large-rsa 2020-09-04 13:53:42.030486671 +0200
+++ gnupg-2.2.23/g10/keygen.c 2020-09-04 13:55:52.896669542 +0200
@@ -2262,7 +2262,7 @@ get_keysize_range (int algo, unsigned in
default:
*min = opt.compliance == CO_DE_VS ? 2048: 1024;
- *max = 4096;
+ *max = opt.flags.large_rsa == 1 ? 8192 : 4096;
def = 3072;
break;
}

BIN
gnupg-2.2.27.tar.bz2 Normal file
View File

Binary file not shown.

BIN
gnupg-2.2.27.tar.bz2.sig Normal file
View File

Binary file not shown.

14
gnupg2.spec
View File

@ -1,6 +1,6 @@
Name: gnupg2 Name: gnupg2
Version: 2.2.21 Version: 2.2.27
Release: 3 Release: 1
Summary: Utility for secure communication and data storage Summary: Utility for secure communication and data storage
License: GPLv3+ License: GPLv3+
@ -11,16 +11,15 @@ Source1: https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
Patch0: fix-a-memory-leak-in-g10.patch Patch0: fix-a-memory-leak-in-g10.patch
Patch1: gnupg-2.1.10-secmem.patch Patch1: gnupg-2.1.10-secmem.patch
Patch2: gnupg-2.1.1-fips-algo.patch Patch2: gnupg-2.1.1-fips-algo.patch
Patch3: gnupg-2.1.21-insttools.patch Patch3: gnupg-2.2.23-insttools.patch
Patch4: gnupg-2.1.21-large-rsa.patch Patch4: gnupg-2.2.23-large-rsa.patch
Patch5: gnupg-2.2.16-ocsp-keyusage.patch Patch5: gnupg-2.2.16-ocsp-keyusage.patch
Patch6: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch Patch6: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
Patch7: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch Patch7: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch
patch8: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch Patch8: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch
Patch9: gnupg-2.2.20-file-is-digest.patch Patch9: gnupg-2.2.20-file-is-digest.patch
Patch10: gnupg-2.2.21-coverity.patch Patch10: gnupg-2.2.21-coverity.patch
Patch11: common-Avoid-undefined-behavior-of-left-shift-operat.patch Patch11: common-Avoid-undefined-behavior-of-left-shift-operat.patch
Patch12: CVE-2020-25125.patch
BuildRequires: zlib-devel, npth-devel, gdb, texinfo BuildRequires: zlib-devel, npth-devel, gdb, texinfo
BuildRequires: libgpg-error-devel >= 1.31 BuildRequires: libgpg-error-devel >= 1.31
@ -115,6 +114,9 @@ make check
%changelog %changelog
* Thu Jan 28 2021 yixiangzhike <zhangxingliang3@huawei.com> - 2.2.27-1
- update to 2.2.27
* Thu Sep 10 2020 zhangxingliang <zhangxingliang3@huawei.com> - 2.2.21-3 * Thu Sep 10 2020 zhangxingliang <zhangxingliang3@huawei.com> - 2.2.21-3
- fix AEAD preference list overflow for CVE-2020-25125 - fix AEAD preference list overflow for CVE-2020-25125