packages/gnupg2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!36 【Mainline】Update to 2.3.4

Browse Source 
Merge pull request !36 from yixiangzhike/master
This commit is contained in:
openeuler-ci-bot 2022-01-24 06:29:39 +00:00 committed by Gitee
commit d6f9ab9c92
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
8 changed files with 369 additions and 349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch
View File

@ -33,7 +33,7 @@ index 5d3162c..f9acf95 100644
}
-
- if (!uidnode )
- if (!uidnode)
- {
- if (!silent)
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
@ -43,16 +43,17 @@ index 5d3162c..f9acf95 100644
if (screener && screener (keyblock, screener_arg))
{
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
@@ -1907,17 +1898,10 @@ import_one_real (ctrl_t ctrl,
@@ -1907,18 +1898,10 @@ import_one_real (ctrl_t ctrl,
}
}
- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
- /* Delete invalid parts and bail out if there are no user ids left. */
- if (!delete_inv_parts (ctrl, keyblock, keyid, options))
- {
- if (!silent)
- {
- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
- if (!opt.quiet )
- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
- if (!opt.quiet)
- log_info(_("this may be caused by a missing self-signature\n"));
- }
- stats->no_user_id++;

249
gnupg-2.2.20-file-is-digest.patch
View File

@ -10,25 +10,25 @@ diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c
oGroup,
oUnGroup,
@@ -831,6 +832,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalCompressPreferences,
"personal-compress-preferences", "@"),
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
ARGPARSE_s_s (oTempDir, "temp-directory", "@"),
ARGPARSE_s_s (oExecPath, "exec-path", "@"),
ARGPARSE_s_n (oExpert, "expert", "@"),
+ ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"),
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
@@ -2419,6 +2421,7 @@ main (int argc, char **argv)
opt.keyid_format = KF_NONE;
opt.def_sig_expire = "0";
opt.def_cert_expire = "0";
+ opt.file_is_digest = 0;
gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1;
opt.emit_version = 0;
opt.weak_digests = NULL;
@@ -2997,6 +3000,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
case oForceAEAD: opt.force_aead = 1; break;
+ case oFileIsDigest: opt.file_is_digest = 1; break;
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
@ -56,136 +56,157 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
#include "../common/compliance.h"
@@ -834,6 +835,8 @@ write_signature_packets (ctrl_t ctrl,
if (duration || opt.sig_policy_url
|| opt.sig_notations || opt.sig_keyserver_url)
sig->version = 4;
+ else if (opt.file_is_digest)
if (pk->version >= 5)
sig->version = 5; /* Required for v5 keys. */
+ else if (opt.file_is_digest)
+ sig->version = 3;
else
sig->version = pk->version;
sig->version = 4; /* Required. */
@@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl,
}
else
err = 0; /* Actually never reached. */
- hash_sigversion_to_magic (md, sig);
@@ -860,14 +863,22 @@ write_signature_packets (ctrl_t ctrl,
if (gcry_md_copy (&md, hash))
BUG ();
- build_sig_subpkt_from_sig (sig, pk);
- mk_notation_policy_etc (ctrl, sig, NULL, pk);
- if (opt.flags.include_key_block && IS_SIG (sig))
- err = mk_sig_subpkt_key_block (ctrl, sig, pk);
- else
- err = 0;
- hash_sigversion_to_magic (md, sig, extrahash);
- gcry_md_final (md);
+ if (!opt.file_is_digest)
+ {
+ build_sig_subpkt_from_sig (sig, pk);
+ mk_notation_policy_etc (ctrl, sig, NULL, pk);
+ if (opt.flags.include_key_block && IS_SIG (sig))
+ err = mk_sig_subpkt_key_block (ctrl, sig, pk);
+ else
+ err = 0;
+
+ if (!opt.file_is_digest) {
+ hash_sigversion_to_magic (md, sig);
+ gcry_md_final (md);
+ }
+ hash_sigversion_to_magic (md, sig, extrahash);
+ gcry_md_final (md);
+ }
+ else if (sig->version >= 4)
+ {
+ log_bug("file-is-digest doesn't work with v4 sigs\n");
+ }
if (!err)
err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0);
@@ -924,6 +930,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
+ int sigclass = 0x00;
+ u32 timestamp = 0;
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
+ int sigclass = 0x00;
+ u32 timestamp = 0;
pt_extra_hash_data_t extrahash = NULL;
pfx = new_progress_context ();
afx = new_armor_context ();
pfx = new_progress_context ();
@@ -941,7 +949,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
fname = NULL;
fname = NULL;
if( fname && filenames->next && (!detached || encryptflag) )
- log_bug("multiple files can only be detached signed");
+ log_bug("multiple files can only be detached signed\n");
if (fname && filenames->next && (!detached || encryptflag))
- log_bug ("multiple files can only be detached signed");
+ log_bug ("multiple files can only be detached signed\n");
+
+ if (opt.file_is_digest && (multifile || !fname))
+ log_bug("file-is-digest only works with one file\n");
+ if (opt.file_is_digest && !detached)
+ log_bug("file-is-digest can only write detached signatures\n");
+ if (opt.file_is_digest && !opt.def_digest_algo)
+ log_bug("file-is-digest needs --digest-algo\n");
+ if (opt.file_is_digest && opt.textmode)
+ log_bug("file-is-digest doesn't work with --textmode\n");
+ if (opt.file_is_digest && (multifile || !fname))
+ log_bug ("file-is-digest only works with one file\n");
+ if (opt.file_is_digest && !detached)
+ log_bug ("file-is-digest can only write detached signatures\n");
+ if (opt.file_is_digest && !opt.def_digest_algo)
+ log_bug ("file-is-digest needs --digest-algo\n");
+ if (opt.file_is_digest && opt.textmode)
+ log_bug ("file-is-digest doesn't work with --textmode\n");
if(encryptflag==2
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
if (encryptflag == 2
&& (rc = setup_symkey (&efx.symkey_s2k, &efx.symkey_dek)))
@@ -962,7 +979,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
goto leave;
goto leave;
/* prepare iobufs */
- if( multifile ) /* have list of filenames */
+ if( multifile || opt.file_is_digest) /* have list of filenames */
inp = NULL; /* we do it later */
else {
inp = iobuf_open(fname);
/* Prepare iobufs. */
- if (multifile) /* have list of filenames */
+ if (multifile || opt.file_is_digest) /* have list of filenames */
inp = NULL; /* we do it later */
else
{
@@ -1100,7 +1117,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
- if( !multifile )
+ if( !multifile && !opt.file_is_digest )
iobuf_push_filter( inp, md_filter, &mfx );
- if (!multifile)
+ if (!multifile && !opt.file_is_digest)
iobuf_push_filter (inp, md_filter, &mfx);
if( detached && !encryptflag)
if (detached && !encryptflag)
@@ -1155,6 +1172,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
write_status_begin_signing (mfx.md);
write_status_begin_signing (mfx.md);
+ sigclass = opt.textmode && !outfile? 0x01 : 0x00;
+ sigclass = opt.textmode && !outfile? 0x01 : 0x00;
+
/* Setup the inner packet. */
if( detached ) {
if( multifile ) {
@@ -1195,6 +1214,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
if( opt.verbose )
log_printf ("\n");
/* Setup the inner packet. */
if (detached)
{
@@ -1195,6 +1214,49 @@ sign_file (ctrl_t ctrl, strlist_t filena
if (opt.verbose)
log_printf ("\n");
}
+ else if (opt.file_is_digest) {
+ byte *mdb, ts[5];
+ size_t mdlen;
+ const char *fp;
+ int c, d;
+ else if (opt.file_is_digest)
+ {
+ byte *mdb, ts[5];
+ size_t mdlen;
+ const char *fp;
+ int c, d;
+
+ gcry_md_final(mfx.md);
+ /* this assumes gcry_md_read returns the same buffer */
+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
+ if (strlen(fname) != mdlen * 2 + 11)
+ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen);
+ d = -1;
+ for (fp = fname ; *fp; ) {
+ c = *fp++;
+ if (c >= '0' && c <= '9')
+ c -= '0';
+ else if (c >= 'a' && c <= 'f')
+ c -= 'a' - 10;
+ else if (c >= 'A' && c <= 'F')
+ c -= 'A' - 10;
+ else
+ log_bug("filename is not hex\n");
+ if (d >= 0) {
+ *mdb++ = d << 4 | c;
+ c = -1;
+ if (--mdlen == 0) {
+ mdb = ts;
+ if (*fp++ != '@')
+ log_bug("missing time separator\n");
+ }
+ }
+ d = c;
+ }
+ sigclass = ts[0];
+ if (sigclass != 0x00 && sigclass != 0x01)
+ log_bug("bad cipher class\n");
+ timestamp = buf32_to_u32(ts + 1);
+ }
else {
/* read, so that the filter can calculate the digest */
while( iobuf_get(inp) != -1 )
+ gcry_md_final(mfx.md);
+ /* this assumes gcry_md_read returns the same buffer */
+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
+ if (strlen(fname) != mdlen * 2 + 11)
+ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen);
+ d = -1;
+ for (fp = fname ; *fp; )
+ {
+ c = *fp++;
+ if (c >= '0' && c <= '9')
+ c -= '0';
+ else if (c >= 'a' && c <= 'f')
+ c -= 'a' - 10;
+ else if (c >= 'A' && c <= 'F')
+ c -= 'A' - 10;
+ else
+ log_bug("filename is not hex\n");
+ if (d >= 0)
+ {
+ *mdb++ = d << 4 | c;
+ c = -1;
+ if (--mdlen == 0)
+ {
+ mdb = ts;
+ if (*fp++ != '@')
+ log_bug("missing time separator\n");
+ }
+ }
+ d = c;
+ }
+ sigclass = ts[0];
+ if (sigclass != 0x00 && sigclass != 0x01)
+ log_bug("bad cipher class\n");
+ timestamp = buf32_to_u32(ts + 1);
+ }
else
{
/* Read, so that the filter can calculate the digest. */
@@ -1213,8 +1271,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
/* write the signatures */
rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
- opt.textmode && !outfile? 0x01 : 0x00,
- 0, duration, detached ? 'D':'S', NULL);
+ sigclass,
+ timestamp, duration, detached ? 'D':'S', NULL);
if( rc )
goto leave;
/* Write the signatures. */
rc = write_signature_packets (ctrl, sk_list, out, mfx.md, extrahash,
- opt.textmode && !outfile? 0x01 : 0x00,
- 0, duration, detached ? 'D':'S', NULL);
+ sigclass,
+ timestamp, duration, detached ? 'D':'S', NULL);
if (rc)
goto leave;

394
gnupg-2.2.21-coverity.patch
View File

@ -1,6 +1,6 @@
diff -up gnupg-2.2.21/common/server-help.c.coverity gnupg-2.2.21/common/server-help.c
--- gnupg-2.2.21/common/server-help.c.coverity 2019-02-11 10:59:34.000000000 +0100
+++ gnupg-2.2.21/common/server-help.c 2020-07-20 17:09:57.416148768 +0200
--- gnupg-2.2.21/common/server-help.c.coverity 2019-02-11 10:59:34.000000000 +0100
+++ gnupg-2.2.21/common/server-help.c 2020-07-20 17:09:57.416148768 +0200
@@ -156,7 +156,7 @@ get_option_value (char *line, const char
*pend = 0;
*r_value = xtrystrdup (p);
@ -10,9 +10,93 @@ diff -up gnupg-2.2.21/common/server-help.c.coverity gnupg-2.2.21/common/server-h
return my_error_from_syserror ();
return 0;
}
diff -up gnupg-2.2.21/dirmngr/domaininfo.c.coverity gnupg-2.2.21/dirmngr/domaininfo.c
--- gnupg-2.2.21/dirmngr/domaininfo.c.coverity 2019-07-09 11:08:45.000000000 +0200
+++ gnupg-2.2.21/dirmngr/domaininfo.c 2020-07-20 17:09:57.418148784 +0200
From 7a707a3eff1c3fbe17a74337776871f408377cee Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 9 Apr 2021 16:13:07 +0200
Subject: [PATCH GnuPG 03/19] g10: Fix memory leaks
* g10/card-util.c (change_pin): free answer on errors
(ask_card_keyattr): free answer on error
* g10/cpr.c (do_get_from_fd): free string
* g10/gpg.c (check_permissions): free dir on weird error
* g10/import.c (append_new_uid): release knode
* g10/keyedit.c (menu_set_keyserver_url): free answer
(menu_set_keyserver_url): free user
* g10/keygen.c (print_status_key_not_created): move allocation after
sanity check
(ask_expire_interval): free answer
(card_store_key_with_backup): goto leave instaed of return
* g10/keyserver.c (parse_keyserver_uri): goto fail instead of return
* g10/revoke.c (gen_desig_revoke): release kdbhd
(gen_desig_revoke): free answer
* g10/tofu.c (ask_about_binding): free sqerr and response
* g10/trustdb.c (ask_ownertrust): free pk
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
g10/card-util.c | 14 +++++++++++---
g10/cpr.c | 6 +++++-
g10/gpg.c | 1 +
g10/import.c | 5 ++++-
g10/keyedit.c | 8 +++++++-
g10/keygen.c | 15 +++++++++++----
g10/keyserver.c | 2 +-
g10/revoke.c | 6 +++++-
g10/tofu.c | 4 ++++
g10/trustdb.c | 1 +
10 files changed, 50 insertions(+), 12 deletions(-)
diff --git a/g10/card-util.c b/g10/card-util.c
index 36f096f06..c7df8380d 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -127,7 +127,7 @@ change_pin (int unblock_v2, int allow_admin)
else
for (;;)
{
- char *answer;
+ char *answer = NULL;
tty_printf ("\n");
tty_printf ("1 - change PIN\n"
diff --git a/g10/tofu.c b/g10/tofu.c
index f49083844..83786a08d 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1687,6 +1687,8 @@ ask_about_binding (ctrl_t ctrl,
GPGSQL_ARG_END);
if (rc)
{
+ sqlite3_free (sqerr);
+ sqerr = NULL;
rc = gpg_error (GPG_ERR_GENERAL);
break;
}
--
2.30.2
From 7c8048b686a6e811d0b24febf3c5e2528e7881f1 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 16:23:31 +0200
Subject: [PATCH GnuPG 14/19] dirmgr: Avoid memory leaks
* dirmngr/domaininfo.c (insert_or_update): free di_new
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
dirmngr/domaininfo.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/dirmngr/domaininfo.c b/dirmngr/domaininfo.c
index b41aef366..87782b4b1 100644
--- a/dirmngr/domaininfo.c
+++ b/dirmngr/domaininfo.c
@@ -193,6 +193,7 @@ insert_or_update (const char *domain,
log_error ("domaininfo: error allocating helper array: %s\n",
gpg_strerror (gpg_err_code_from_syserror ()));
@ -21,220 +105,93 @@ diff -up gnupg-2.2.21/dirmngr/domaininfo.c.coverity gnupg-2.2.21/dirmngr/domaini
goto leave;
}
narray = 0;
@@ -258,6 +259,8 @@ insert_or_update (const char *domain,
* sensible strategy. */
drop_extra = domainbuckets[hash];
domainbuckets[hash] = keep;
+
+ xfree (array);
}
--
2.30.2
/* Insert */
diff -up gnupg-2.2.21/dirmngr/http.c.coverity gnupg-2.2.21/dirmngr/http.c
--- gnupg-2.2.21/dirmngr/http.c.coverity 2019-11-18 18:44:33.000000000 +0100
+++ gnupg-2.2.21/dirmngr/http.c 2020-07-20 17:09:57.419148793 +0200
@@ -3656,7 +3656,6 @@ http_prepare_redirect (http_redir_info_t
if (!newurl)
{
err = gpg_error_from_syserror ();
- http_release_parsed_uri (locuri);
return err;
}
}
@@ -3675,7 +3674,6 @@ http_prepare_redirect (http_redir_info_t
if (!newurl)
{
err = gpg_error_from_syserror ();
- http_release_parsed_uri (locuri);
return err;
}
}
diff -up gnupg-2.2.21/dirmngr/ks-engine-hkp.c.coverity gnupg-2.2.21/dirmngr/ks-engine-hkp.c
--- gnupg-2.2.21/dirmngr/ks-engine-hkp.c.coverity 2019-11-18 18:44:33.000000000 +0100
+++ gnupg-2.2.21/dirmngr/ks-engine-hkp.c 2020-07-20 17:09:57.419148793 +0200
@@ -1426,7 +1426,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t
int reselect;
unsigned int httpflags;
char *httphost = NULL;
- unsigned int http_status;
+ unsigned int http_status = 0;
unsigned int tries = SEND_REQUEST_RETRIES;
unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES;
diff -up gnupg-2.2.21/g10/card-util.c.coverity gnupg-2.2.21/g10/card-util.c
--- gnupg-2.2.21/g10/card-util.c.coverity 2020-04-15 15:17:48.000000000 +0200
+++ gnupg-2.2.21/g10/card-util.c 2020-07-20 17:09:57.419148793 +0200
@@ -667,7 +667,7 @@ card_status (ctrl_t ctrl, estream_t fp,
{
int err;
strlist_t card_list, sl;
- char *serialno0, *serialno1;
+ char *serialno0, *serialno1 = NULL;
int all_cards = 0;
int any_card = 0;
From ab3b8c53993b3305088efde756a44bac6e6492d4 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 16:34:40 +0200
Subject: [PATCH GnuPG 15/19] scd: Avoid memory leaks and uninitialized memory
@@ -712,6 +712,7 @@ card_status (ctrl_t ctrl, estream_t fp,
* scd/app-piv.c (do_decipher): goto leave, initialize outdatalen
current_card_status (ctrl, fp, NULL, 0);
xfree (serialno1);
+ serialno1 = NULL;
--
if (!all_cards)
goto leave;
diff -up gnupg-2.2.21/g10/import.c.coverity gnupg-2.2.21/g10/import.c
--- gnupg-2.2.21/g10/import.c.coverity 2020-07-20 17:09:57.416148768 +0200
+++ gnupg-2.2.21/g10/import.c 2020-07-20 17:09:57.419148793 +0200
@@ -1888,7 +1888,7 @@ import_one_real (ctrl_t ctrl,
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
scd/app-piv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
if (opt.interactive && !silent)
{
- if (is_status_enabled())
+ if (uidnode && is_status_enabled())
print_import_check (pk, uidnode->pkt->pkt.user_id);
merge_keys_and_selfsig (ctrl, keyblock);
tty_printf ("\n");
diff -up gnupg-2.2.21/g10/keygen.c.coverity gnupg-2.2.21/g10/keygen.c
--- gnupg-2.2.21/g10/keygen.c.coverity 2020-07-20 17:09:57.401148640 +0200
+++ gnupg-2.2.21/g10/keygen.c 2020-07-20 17:09:57.420148801 +0200
@@ -3075,7 +3075,7 @@ parse_key_parameter_part (ctrl_t ctrl,
char *endp;
const char *curve = NULL;
int ecdh_or_ecdsa = 0;
- unsigned int size;
+ unsigned int size = 0;
int keyuse;
int i;
const char *s;
@@ -5719,12 +5719,20 @@ gen_card_key (int keyno, int algo, int i
the self-signatures. */
err = agent_readkey (NULL, 1, keyid, &public);
diff --git a/scd/app-piv.c b/scd/app-piv.c
index 143cc047a..94257f0ee 100644
--- a/scd/app-piv.c
+++ b/scd/app-piv.c
@@ -2483,7 +2483,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
gpg_error_t err;
data_object_t dobj;
unsigned char *outdata = NULL;
- size_t outdatalen;
+ size_t outdatalen = 0;
const unsigned char *s;
size_t n;
int keyref, mechanism;
@@ -2582,7 +2582,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
/* Now verify the Application PIN. */
err = verify_chv (app, ctrl, 0x80, 0, pincb, pincb_arg);
if (err)
- return err;
+ {
+ xfree (pkt);
+ xfree (pk);
+ return err;
+ }
err = gcry_sexp_sscan (&s_key, NULL, public,
gcry_sexp_canon_len (public, 0, NULL, NULL));
xfree (public);
if (err)
- return err;
+ {
+ xfree (pkt);
+ xfree (pk);
+ return err;
+ }
+ goto leave;
if (algo == PUBKEY_ALGO_RSA)
err = key_from_sexp (pk->pkey, s_key, "public-key", "ne");
@@ -5739,6 +5747,7 @@ gen_card_key (int keyno, int algo, int i
if (err)
{
log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
+ xfree (pkt);
free_public_key (pk);
return err;
}
diff -up gnupg-2.2.21/g10/sig-check.c.coverity gnupg-2.2.21/g10/sig-check.c
--- gnupg-2.2.21/g10/sig-check.c.coverity 2020-07-03 16:17:05.000000000 +0200
+++ gnupg-2.2.21/g10/sig-check.c 2020-07-20 17:09:57.420148801 +0200
@@ -902,6 +902,7 @@ check_signature_over_key_or_uid (ctrl_t
{
/* Issued by a subkey. */
signer = subk;
+ *is_selfsig = 1;
break;
}
}
diff -up gnupg-2.2.21/g10/sign.c.coverity gnupg-2.2.21/g10/sign.c
--- gnupg-2.2.21/g10/sign.c.coverity 2020-07-20 17:09:57.399148624 +0200
+++ gnupg-2.2.21/g10/sign.c 2020-07-20 17:09:57.420148801 +0200
@@ -824,7 +824,7 @@ write_signature_packets (ctrl_t ctrl,
PKT_public_key *pk;
PKT_signature *sig;
gcry_md_hd_t md;
- gpg_error_t err;
+ gpg_error_t err = 0;
/* Build the Dynamic Authentication Template. */
err = concat_tlv_list (0, &apdudata, &apdudatalen,
--
2.30.2
pk = sk_rover->pk;
diff -up gnupg-2.2.21/kbx/keybox-dump.c.coverity gnupg-2.2.21/kbx/keybox-dump.c
--- gnupg-2.2.21/kbx/keybox-dump.c.coverity 2019-08-23 15:59:06.000000000 +0200
+++ gnupg-2.2.21/kbx/keybox-dump.c 2020-07-20 17:09:57.420148801 +0200
@@ -786,11 +786,15 @@ _keybox_dump_cut_records (const char *fi
while ( !(rc = _keybox_read_blob (&blob, fp, NULL)) )
{
if (recno > to)
- break; /* Ready. */
+ {
+ _keybox_release_blob (blob);
+ break; /* Ready. */
+ }
if (recno >= from)
{
if ((rc = _keybox_write_blob (blob, NULL, outfp)))
{
+ _keybox_release_blob (blob);
fprintf (stderr, "error writing output: %s\n",
gpg_strerror (rc));
goto leave;
diff -up gnupg-2.2.21/tools/gpg-wks-server.c.coverity gnupg-2.2.21/tools/gpg-wks-server.c
--- gnupg-2.2.21/tools/gpg-wks-server.c.coverity 2020-02-10 16:12:13.000000000 +0100
+++ gnupg-2.2.21/tools/gpg-wks-server.c 2020-07-20 17:09:57.420148801 +0200
@@ -890,15 +890,18 @@ store_key_as_pending (const char *dir, e
}
From f182bf91443618323e34261039045a6bde269be5 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 16:44:48 +0200
Subject: [PATCH GnuPG 16/19] tools: Avoid memory leaks
leave:
- if (err)
+ if (fname)
{
- es_fclose (outfp);
- gnupg_remove (fname);
- }
- else if (es_fclose (outfp))
- {
- err = gpg_error_from_syserror ();
- log_error ("error closing '%s': %s\n", fname, gpg_strerror (err));
+ if (err)
+ {
+ es_fclose (outfp);
+ gnupg_remove (fname);
+ }
+ else if (es_fclose (outfp))
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error closing '%s': %s\n", fname, gpg_strerror (err));
+ }
}
* tools/wks-util.c (wks_cmd_print_wkd_url): Free addrspec on error
(wks_cmd_print_wkd_hash): Free addrspec on error
if (!err)
diff -up gnupg-2.2.21/tools/wks-util.c.coverity gnupg-2.2.21/tools/wks-util.c
--- gnupg-2.2.21/tools/wks-util.c.coverity 2019-11-23 13:50:21.000000000 +0100
+++ gnupg-2.2.21/tools/wks-util.c 2020-07-20 17:09:57.421148810 +0200
@@ -948,7 +948,7 @@ ensure_policy_file (const char *addrspec
static gpg_error_t
install_key_from_spec_file (const char *fname)
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tools/wks-util.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/tools/wks-util.c b/tools/wks-util.c
index 516c7fe00..38dd194ff 100644
--- a/tools/wks-util.c
+++ b/tools/wks-util.c
@@ -1192,11 +1192,14 @@ gpg_error_t
wks_cmd_print_wkd_hash (const char *userid)
{
- gpg_error_t err;
+ gpg_error_t err = 0;
estream_t fp;
char *line = NULL;
size_t linelen = 0;
@@ -1195,10 +1195,8 @@ wks_cmd_print_wkd_hash (const char *user
char *addrspec, *fname;
gpg_error_t err;
- char *addrspec, *fname;
+ char *addrspec = NULL, *fname;
err = wks_fname_from_userid (userid, 1, &fname, &addrspec);
- if (err)
if (err)
- return err;
-
- es_printf ("%s %s\n", fname, addrspec);
+ if (!err)
+ es_printf ("%s %s\n", fname, addrspec);
+ {
+ xfree (addrspec);
+ return err;
+ }
xfree (fname);
xfree (addrspec);
@@ -1216,7 +1214,10 @@ wks_cmd_print_wkd_url (const char *useri
es_printf ("%s %s\n", fname, addrspec);
@@ -1211,12 +1214,15 @@ gpg_error_t
wks_cmd_print_wkd_url (const char *userid)
{
gpg_error_t err;
- char *addrspec, *fname;
+ char *addrspec = NULL, *fname;
char *domain;
err = wks_fname_from_userid (userid, 1, &fname, &addrspec);
if (err)
@ -246,3 +203,38 @@ diff -up gnupg-2.2.21/tools/wks-util.c.coverity gnupg-2.2.21/tools/wks-util.c
domain = strchr (addrspec, '@');
if (domain)
--
2.30.2
From 600fabd8268c765d45d48873e7a8610e6dae0966 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 14 Apr 2021 15:59:12 +0200
Subject: [PATCH GnuPG 17/19] scd: Use the same allocator to free memory
* scd/command.c (cmd_getinfo): Use free instead of gcry_free to match
the original allocator
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
scd/command.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scd/command.c b/scd/command.c
index cb0dd379a..9d85c5a41 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -1832,7 +1832,8 @@ cmd_getinfo (assuan_context_t ctx, char *line)
rc = assuan_send_data (ctx, p, strlen (p));
else
rc = gpg_error (GPG_ERR_NO_DATA);
- xfree (p);
+ /* allocated by scd/ccid-driver.c which is not using x*alloc/gcry_* */
+ free (p);
}
else if (!strcmp (line, "deny_admin"))
rc = opt.allow_admin? gpg_error (GPG_ERR_GENERAL) : 0;
--
2.30.2

BIN
gnupg-2.2.27.tar.bz2
View File

Binary file not shown.

BIN
gnupg-2.2.27.tar.bz2.sig
View File

Binary file not shown.

BIN
gnupg-2.3.4.tar.bz2 Normal file
View File

Binary file not shown.

BIN
gnupg-2.3.4.tar.bz2.sig Normal file
View File

Binary file not shown.

42
gnupg2.spec
View File

@ -1,6 +1,6 @@
Name: gnupg2
Version: 2.2.27
Release: 4
Version: 2.3.4
Release: 1
Summary: Utility for secure communication and data storage
License: GPLv3+
@ -8,28 +8,27 @@ URL: https://gnupg.org/
Source0: https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2
Source1: https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
Patch0: fix-a-memory-leak-in-g10.patch
Patch1: gnupg-2.1.10-secmem.patch
Patch2: gnupg-2.1.1-fips-algo.patch
Patch3: gnupg-2.2.23-insttools.patch
Patch4: gnupg-2.2.23-large-rsa.patch
Patch5: gnupg-2.2.16-ocsp-keyusage.patch
Patch6: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
Patch7: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch
Patch8: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch
Patch9: gnupg-2.2.20-file-is-digest.patch
Patch10: gnupg-2.2.21-coverity.patch
Patch11: common-Avoid-undefined-behavior-of-left-shift-operat.patch
Patch0: gnupg-2.1.10-secmem.patch
Patch1: gnupg-2.1.1-fips-algo.patch
Patch2: gnupg-2.2.23-large-rsa.patch
Patch3: gnupg-2.2.16-ocsp-keyusage.patch
Patch4: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
Patch5: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch
Patch6: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch
Patch7: gnupg-2.2.20-file-is-digest.patch
Patch8: gnupg-2.2.21-coverity.patch
BuildRequires: gcc
BuildRequires: zlib-devel, npth-devel, texinfo
BuildRequires: libgpg-error-devel >= 1.31
BuildRequires: libgcrypt-devel >= 1.7.0
BuildRequires: libgpg-error-devel >= 1.38
BuildRequires: libgcrypt-devel >= 1.9.1
BuildRequires: libksba-devel >= 1.3.0
BuildRequires: libassuan-devel >= 2.1.0
# compile dirmngr module, need gnutls
BuildRequires: gnutls-devel
Requires: libgcrypt >= 1.7.0
Requires: libgpg-error >= 1.31
Requires: libgcrypt >= 1.9.1
Requires: libgpg-error >= 1.38
Recommends: pinentry
Recommends: gnupg2-smime
@ -63,10 +62,14 @@ signing to the base GnuPG package.
sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c
%build
# add --disable-ccid-driver to solve #2005714
# disable tpm2 module
%configure \
--disable-gpgtar \
--disable-rpath \
--enable-g13 \
--disable-ccid-driver \
--disable-tpm2d \
--enable-large-secmem
%make_build
@ -115,6 +118,9 @@ make check
%changelog
* Mon Jan 10 2022 yixiangzhike <yixiangzhike007@163.com> - 2.3.4-1
- update to 2.3.4
* Mon Aug 2 2021 yixiangzhike <zhangxingliang3@huawei.com> - 2.2.27-4
- fix the insttools patch