pool/gpg2
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 593728 from Base:System

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/593728
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=125
This commit is contained in:
Dominique Leuenberger 2018-04-07 18:47:23 +00:00 committed by Git OBS Bridge
parent 968facf567
commit 519f73a4dd
3 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
gnupg-CVE-2018-9234.patch Normal file
View File

@ -0,0 +1,23 @@
From: Karol Babioch <kbabioch@suse.de>
Date: Thu Apr 5 10:32:21 CEST 2018
Upstream: merged
References: https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657
References: https://dev.gnupg.org/T3844
Subject: Fix for bnc#1088255 (CVE-2018-9234)
---
g10/getkey.c | 2 ++
1 file changed, 2 insertions(+)
Index: gnupg-2.2.5/g10/getkey.c
===================================================================
--- gnupg-2.2.5.orig/g10/getkey.c
+++ gnupg-2.2.5/g10/getkey.c
@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_pu
ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
: KEYDB_SEARCH_MODE_FPR20;
memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
+ if (pk)
+ ctx.req_usage = pk->req_usage;
rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
if (!rc && pk)
pk_from_block (pk, kb, found_key);

7
gpg2.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Apr 5 08:38:58 UTC 2018 - kbabioch@suse.com
- Added gnupg-CVE-2018-9234.patch: Enforce that key certification
can only be done with the master key, and not a signing subkey.
(bnc#1088255 CVE-2018-9234)
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Feb 25 12:14:54 UTC 2018 - astieger@suse.com Sun Feb 25 12:14:54 UTC 2018 - astieger@suse.com

2
gpg2.spec
View File

@ -34,6 +34,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch
Patch8: gnupg-set_umask_before_open_outfile.patch Patch8: gnupg-set_umask_before_open_outfile.patch
Patch9: gnupg-detect_FIPS_mode.patch Patch9: gnupg-detect_FIPS_mode.patch
Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch
Patch12: gnupg-CVE-2018-9234.patch
BuildRequires: expect BuildRequires: expect
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: libassuan-devel >= 2.5.0 BuildRequires: libassuan-devel >= 2.5.0
@ -85,6 +86,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library.
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
%build %build
date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})