Security fix

# Please enter the commit message for your changes. Lines starting

gnupg-CVE-2025-68973.patch

@@ -0,0 +1,102 @@
+From 115d138ba599328005c5321c0ef9f00355838ca9 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 23 Oct 2025 11:36:04 +0200
+Subject: [PATCH] gpg: Fix possible memory corruption in the armor parser.
+
+* g10/armor.c (armor_filter): Fix faulty double increment.
+
+* common/iobuf.c (underflow_target): Assert that the filter
+implementations behave well.
+--
+
+This fixes a bug in a code path which can only be reached with special
+crafted input data and would then error out at an upper layer due to
+corrupt input (every second byte in the buffer is unitialized
+garbage).  No fuzzing has yet hit this case and we don't have a test
+case for this code path.  However memory corruption can never be
+tolerated as it always has the protential for remode code execution.
+
+Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
+Fixes-commit: c27c7416d5148865a513e007fb6f0a34993a6073
+which fixed
+Fixes-commit: 7d0efec7cf5ae110c99511abc32587ff0c45b14f
+
+The bug was introduced on 1999-01-07 by me:
+* armor.c: Rewrote large parts.
+which I fixed on 1999-03-02 but missed to fix the other case:
+* armor.c (armor_filter): Fixed armor bypassing.
+
+Below is base64+gzipped test data which can be used with valgrind to
+show access to uninitalized memory in write(2) in the unpatched code.
+
+--8<---------------cut here---------------start------------->8---
+H4sICIDd+WgCA3h4AO3QMQ6CQBCG0djOKbY3G05gscYFSRAJt/AExp6Di0cQG0ze
+a//MV0zOq3Pt+jFN3ZTKfLvP9ZLafqifJUe8juOjeZbVtSkbRPmRgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgMCXF6dYDgAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7E14AAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ94aieId3+8EAA==
+--8<---------------cut here---------------end--------------->8---
+---
+ common/iobuf.c | 6 ++++++
+ g10/armor.c    | 4 ++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+Index: gnupg-2.5.5/common/iobuf.c
+===================================================================
+--- gnupg-2.5.5.orig/common/iobuf.c
++++ gnupg-2.5.5/common/iobuf.c
+@@ -2041,6 +2041,8 @@ underflow_target (iobuf_t a, int clear_p
+ 	rc = 0;
+       else
+       {
++	size_t tmplen;
++
+ 	/* If no buffered data and drain buffer has been setup, and drain
+ 	 * buffer is largish, read data directly to drain buffer. */
+ 	if (a->d.len == 0
+@@ -2053,8 +2055,10 @@ underflow_target (iobuf_t a, int clear_p
+ 	      log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes, to external drain)\n",
+ 			 a->no, a->subno, (ulong)len);
+ 
++	    tmplen = len;  /* Used to check for bugs in the filter.  */
+ 	    rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
+ 			    a->e_d.buf, &len);
++	    log_assert (len <= tmplen);
+ 	    a->e_d.used = len;
+ 	    len = 0;
+ 	  }
+@@ -2064,8 +2068,10 @@ underflow_target (iobuf_t a, int clear_p
+ 	      log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes)\n",
+ 			 a->no, a->subno, (ulong)len);
+ 
++	    tmplen = len;
+ 	    rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
+ 			    &a->d.buf[a->d.len], &len);
++	    log_assert (len <= tmplen);
+ 	  }
+       }
+       a->d.len += len;
+Index: gnupg-2.5.5/g10/armor.c
+===================================================================
+--- gnupg-2.5.5.orig/g10/armor.c
++++ gnupg-2.5.5/g10/armor.c
+@@ -1314,8 +1314,8 @@ armor_filter( void *opaque, int control,
+ 	n = 0;
+ 	if( afx->buffer_len ) {
+             /* Copy the data from AFX->BUFFER to BUF.  */
+-	    for(; n < size && afx->buffer_pos < afx->buffer_len; n++ )
+-		buf[n++] = afx->buffer[afx->buffer_pos++];
++            for(; n < size && afx->buffer_pos < afx->buffer_len;)
++                buf[n++] = afx->buffer[afx->buffer_pos++];
+ 	    if( afx->buffer_pos >= afx->buffer_len )
+ 		afx->buffer_len = 0;
+ 	}

gnupg-CVE-2026-24882.patch

@@ -0,0 +1,59 @@
+From 93fa34d9a346020355cd51d54102d30d4f177323 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Mon, 26 Jan 2026 11:13:44 +0100
+Subject: [PATCH 1996/2000] tpm: Fix possible buffer overflow in PKDECRYPT
+
+* tpm2d/tpm2.c (tpm2_ecc_decrypt): Bail out on too long CIPHERTEXT.
+(tpm2_rsa_decrypt): Ditto.
+--
+
+GnuPG-bug-id: 8045
+Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
+Reported-by: OpenAI Security Research
+
+diff --git a/tpm2d/tpm2.c b/tpm2d/tpm2.c
+index a4677fb98..282de5e5d 100644
+--- a/tpm2d/tpm2.c
++++ b/tpm2d/tpm2.c
+@@ -951,10 +951,20 @@ tpm2_ecc_decrypt (ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
+   size_t len;
+   int ret;
+ 
++#if defined(TPM2_MAX_ECC_KEY_BYTES) /* Intel stack */
++  if (ciphertext_len > 2*TPM2_MAX_ECC_KEY_BYTES + 1)
++    return GPG_ERR_TOO_LARGE;
++#elif defined(MAX_ECC_KEY_BYTES)    /* IBM stack */
++  if (ciphertext_len > 2*MAX_ECC_KEY_BYTES + 1)
++    return GPG_ERR_TOO_LARGE;
++#else
++# error TMP2 header are not correctly installed
++#endif
++
+   /* This isn't really a decryption per se.  The ciphertext actually
+    * contains an EC Point which we must multiply by the private key number.
+    *
+-   * The reason is to generate a diffe helman agreement on a shared
++   * The reason is to generate a diffie-hellman agreement on a shared
+    * point.  This shared point is then used to generate the per
+    * session encryption key.
+    */
+@@ -1010,6 +1020,16 @@ tpm2_rsa_decrypt (ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
+   TPM_HANDLE ah;
+   char *auth;
+ 
++#if defined(TPM2_MAX_RSA_KEY_BYTES)  /* Intel stack */
++  if (ciphertext_len > TPM2_MAX_RSA_KEY_BYTES)
++    return GPG_ERR_TOO_LARGE;
++#elif defined(MAX_RSA_KEY_BYTES)     /* IBM stack */
++  if (ciphertext_len > MAX_RSA_KEY_BYTES)
++    return GPG_ERR_TOO_LARGE;
++#else
++# error TMP2 header are not correctly installed
++#endif
++
+   inScheme.scheme = TPM_ALG_RSAES;
+   /*
+    * apparent gcrypt error: occasionally rsa ciphertext will
+-- 
+2.52.0
+

gnupg-CVE-2026-24883.patch

@@ -0,0 +1,56 @@
+From 11b7e4139e82fcd0cee72f38964444a17c812547 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Mon, 26 Jan 2026 11:56:47 +0100
+Subject: [PATCH] gpg: Fix possible NULL-deref with overlong
+ signature packets.
+
+* g10/parse-packet.c (parse_signature): Retrun an error for overlong
+subpacket area
+--
+
+GnuPG-bug-id: 8049
+Updates-commit: 36dbca3e6944d13e75e96eace634e58a7d7e201d
+Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
+Resported-by: OpenAI Security Research
+
+A way to generate too long signature packets is:
+
+  $ echo hallo | gpg -z0 -s -o x30001.sig \
+    -N foo@gnupg.org="$(awk 'BEGIN{for(i=0;i<29917;i++){printf"a"}}')"
+
+This is just one byte too long.
+
+diff --git a/g10/parse-packet.c b/g10/parse-packet.c
+index 22db04291..d7311e434 100644
+--- a/g10/parse-packet.c
++++ b/g10/parse-packet.c
+@@ -2212,6 +2212,10 @@ parse_revkeys (PKT_signature * sig)
+ }
+ 
+ 
++/* Note that the function returns -1 to indicate an EOF (which also
++ * indicates a broken packet in this case.  In most other cases
++ * GPG_ERR_INV_PACKET is returned and callers of parse_packet will
++ * usually skipt this packet then.  */
+ int
+ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
+ 		 PKT_signature * sig)
+@@ -2287,6 +2291,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
+           if (list_mode)
+             es_fprintf (listfp,
+                         ":signature packet: [hashed data too long (%u)]\n", n);
++          rc = GPG_ERR_INV_PACKET;
+ 	  goto leave;
+ 	}
+       if (n)
+@@ -2318,6 +2323,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
+             es_fprintf (listfp,
+                         ":signature packet: [unhashed data too long (%u)]\n",
+                         n);
++          rc = GPG_ERR_INV_PACKET;
+ 	  goto leave;
+ 	}
+       if (n)
+-- 
+2.52.0
+

gnupg-accepts-path-separators-literal-data.patch

@@ -0,0 +1,67 @@
+commit ad0c6c33c3d6fe7ff7cc8c2e73d02ead5788e5b3
+Author: Werner Koch <wk@gnupg.org>
+Date:   Mon Oct 27 12:43:27 2025 +0100
+
+    gpg: Do not use a default when asking for another output filename.
+    
+    * g10/options.h (COMPAT_SUGGEST_EMBEDDED_NAME): New.
+    * g10/gpg.c (compatibility_flags): New flags "suggest-embedded-name".
+    * g10/openfile.c (ask_outfile_name): Do not show a default unless the
+    compatibiliy flag is used.
+
+Index: gnupg-2.5.5/g10/gpg.c
+===================================================================
+--- gnupg-2.5.5.orig/g10/gpg.c
++++ gnupg-2.5.5/g10/gpg.c
+@@ -1057,6 +1057,7 @@ static struct compatibility_flags_s comp
+     { COMPAT_PARALLELIZED, "parallelized" },
+     { COMPAT_T7014_OLD,    "t7014-old" },
+     { COMPAT_ALLOW_NOT_DASH_ESCAPED, "allow-not-dash-escaped" },
++    { COMPAT_SUGGEST_EMBEDDED_NAME, "suggest-embedded-name" },
+     { 0, NULL }
+   };
+ 
+Index: gnupg-2.5.5/g10/openfile.c
+===================================================================
+--- gnupg-2.5.5.orig/g10/openfile.c
++++ gnupg-2.5.5/g10/openfile.c
+@@ -125,7 +125,7 @@ make_outfile_name (const char *iname)
+    NAMELEN is its actual length.
+  */
+ char *
+-ask_outfile_name( const char *name, size_t namelen )
++ask_outfile_name (const char *name, size_t namelen)
+ {
+   size_t n;
+   const char *s;
+@@ -136,8 +136,14 @@ ask_outfile_name( const char *name, size
+   if ( opt.batch )
+     return NULL;
+ 
+-  defname = name && namelen? make_printable_string (name, namelen, 0) : NULL;
+-
++  /* To avoid tricking the user into using the embedded filename we do
++   * not anymore include that name in the prompt as default.  For
++   * modern v5 signature this might make sense as they are now covered
++   * by the signature but we better leave such a decision to a GUI.  */
++  if (name && namelen && (opt.compat_flags & COMPAT_SUGGEST_EMBEDDED_NAME))
++    defname = make_printable_string (name, namelen, 0);
++  else
++    defname = NULL;
+   s = _("Enter new filename");
+   n = strlen(s) + (defname?strlen (defname):0) + 10;
+   prompt = xmalloc (n);
+Index: gnupg-2.5.5/g10/options.h
+===================================================================
+--- gnupg-2.5.5.orig/g10/options.h
++++ gnupg-2.5.5/g10/options.h
+@@ -398,6 +398,9 @@ EXTERN_UNLESS_MAIN_MODULE int memory_sta
+ #define COMPAT_PARALLELIZED   1  /* Use threaded hashing for signatures.  */
+ #define COMPAT_T7014_OLD      2  /* Use initial T7014 test data.  */
+ #define COMPAT_ALLOW_NOT_DASH_ESCAPED 32 /* Handle NotDashEscaped header.  */
++#define COMPAT_SUGGEST_EMBEDDED_NAME 16 /* Show the non-signed
++                                         * embedded filename as
++                                         * suggestion.  */
+ 
+ /* Compliance test macros.  */
+ #define GNUPG   (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS)

gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch

@@ -0,0 +1,43 @@
+From db9705ef594d5a2baf0e95e13cf6170b621dfc51 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Wed, 22 Oct 2025 11:19:55 +0200
+Subject: [PATCH] gpg: Avoid potential downgrade to SHA1 in 3rd party key
+ signatures.
+
+* g10/sig-check.c (check_signature_over_key_or_uid): Always initialize
+IS_SELFSIG because it is later used to detect SHA1 non-selfsignatures.
+--
+
+The value of is_selfsig was also used to decide whether to reject a a
+SHA_signature if it is not a self-signature.  However, a code path
+exists where is_selfsig was set to stub_is_selfsig and not initilaized
+in this case.
+
+Fixes-commit: c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4
+Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
+---
+ g10/sig-check.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/g10/sig-check.c b/g10/sig-check.c
+index e09be3d75..ff45f2e12 100644
+--- a/g10/sig-check.c
++++ b/g10/sig-check.c
+@@ -890,7 +890,7 @@ check_key_signature (ctrl_t ctrl, kbnode_t root, kbnode_t node,
+  * be found.  Returns GPG_ERR_BAD_SIGNATURE if the signature is bad.
+  * Other errors codes may be returned if something else goes wrong.
+  *
+- * IF IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a
++ * If IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a
+  * self-signature (by the key's primary key) or 0 if not.
+  *
+  * If RET_PK is not NULL, returns a copy of the public key that
+@@ -910,6 +910,8 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
+   if (!is_selfsig)
+     is_selfsig = &stub_is_selfsig;
+ 
++  *is_selfsig = 0; /* Init early to comply with function description. */
++
+   rc = openpgp_pk_test_algo (sig->pubkey_algo);
+   if (rc)
+     return rc;

gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch

@@ -0,0 +1,140 @@
+From 8abc320f2a75d6c7339323a3cff8a8489199f49f Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Wed, 22 Oct 2025 12:39:15 +0200
+Subject: [PATCH] gpg: Error out on unverified output for non-detached
+ signatures.
+
+* g10/mainproc.c (do_proc_packets): Never reset the any.data flag.
+--
+
+Fixes-commit: 3b1b6f9d98b38480ba2074158fa640b881cdb97e
+Updates-commit: 69384568f66a48eff3968bb1714aa13925580e9f
+Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
+
+When using
+
+  gpg --verify -o - msg.sig msg
+
+even with the --batch option the outout written to stdout or the file
+five to -o may not be what has been verified.  For example given a
+file "msg" with this content:
+
+--8<---------------cut here---------------start------------->8---
+It is a wise father that knows his own child.
+                -- William Shakespeare, "The Merchant of Venice"
+--8<---------------cut here---------------end--------------->8---
+
+and a manipulated "msg.sig" (named "msg-mod.sig") the output could be
+
+  $ gpg --verify -o -  --batch msg-mod.sig msg
+  The last thing one knows in constructing a work is what to put first.
+                  -- Blaise Pascal
+  gpg: Signature made Wed 22 Oct 2025 11:51:52 AM CEST
+  gpg:                using EDDSA key A7F91C6EB9395B25B4A9BAD25B9[...]
+  gpg: Good signature from "alice@example.org" [ultimate]
+
+The plaintext shown is ot what has been verified (i.e. the first
+quote) and may lead the user top wrong conclusions.
+
+But note: Using the output of the verify command for detached
+signatures is useless because with a non-manipulated signature nothing
+would haven been written.
+
+How to replicate the whole thing:
+
+1. Import this public key:
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEaPio6RYJKwYBBAHaRw8BAQdAt0yaE+e5CG9iLdEJnZqTv3QUj2/eoMuQR55/
+y4tbGr20EWFsaWNlQGV4YW1wbGUub3JniLUEExYKAF0WIQSn+RxuuTlbJbSputJb
+mJ0rJeN/3AUCaPio6RsUgAAAAAAEAA5tYW51MiwyLjUrMS4xMSwyLDICGwMFCQWj
+moAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQW5idKyXjf9x2WwD7BQrA
+0p7XnalGu83R+Kx7UvMvPnwwBb/P2CMlHlU5+TMBAICnsrHa/pFClAE3pA2io0rF
++9M55DF3gkYTkpIWf1YBuDgEaPio6RIKKwYBBAGXVQEFAQEHQHEcigLeQJiXMMui
+LDCFO9EVFQqt5wDu5fhyt8haLpVbAwEIB4iUBBgWCgA8FiEEp/kcbrk5WyW0qbrS
+W5idKyXjf9wFAmj4qOkbFIAAAAAABAAObWFudTIsMi41KzEuMTEsMiwyAhsMAAoJ
+EFuYnSsl43/czvIBANaamGqOQgF02ykNkP62wj/1iYuXn5bXHXRtmV7htjQiAQCO
+HZYHTrVSBoyYfT40zVFSFtydnlLAlFisZNuydwPPDw==
+=GjvX
+-----END PGP PUBLIC KEY BLOCK-----
+
+2. Unpack the first quote below and put it into the file "msg"
+-----BEGIN PGP ARMORED FILE-----
+Comment: Use "gpg --dearmor" for unpacking
+
+SXQgaXMgYSB3aXNlIGZhdGhlciB0aGF0IGtub3dzIGhpcyBvd24gY2hpbGQuCgkJ
+LS0gV2lsbGlhbSBTaGFrZXNwZWFyZSwgIlRoZSBNZXJjaGFudCBvZiBWZW5pY2Ui
+Cg==
+=0fUy
+-----END PGP ARMORED FILE-----
+
+3. Unpack the original signature into the file "msg.sig"
+-----BEGIN PGP ARMORED FILE-----
+
+iJEEABYKADkWIQSn+RxuuTlbJbSputJbmJ0rJeN/3AUCaPipOBsUgAAAAAAEAA5t
+YW51MiwyLjUrMS4xMSwyLDIACgkQW5idKyXjf9w6UwD/fS6X9bs36WXVN5BSANIA
+bhtHb8X4jZu4NFKk/ZSwUtIBANMdYO6F1kUMyFNZVZa4Yk12UmcClF9mXLBVlfeH
+RFkL
+=wCLE
+-----END PGP ARMORED FILE-----
+
+4. Unpack the modified signature into the file "msg-mod.sig"
+-----BEGIN PGP ARMORED FILE-----
+
+kA0DAAoWW5idKyXjf9wBy19iAGj4qrhUaGUgbGFzdCB0aGluZyBvbmUga25vd3Mg
+aW4gY29uc3RydWN0aW5nIGEgd29yayBpcyB3aGF0IHRvIHB1dCBmaXJzdC4KCQkt
+LSBCbGFpc2UgUGFzY2FsCoiRBAAWCgA5FiEEp/kcbrk5WyW0qbrSW5idKyXjf9wF
+Amj4qTgbFIAAAAAABAAObWFudTIsMi41KzEuMTEsMiwyAAoJEFuYnSsl43/cOlMA
+/30ul/W7N+ll1TeQUgDSAG4bR2/F+I2buDRSpP2UsFLSAQDTHWDuhdZFDMhTWVWW
+uGJNdlJnApRfZlywVZX3h0RZC8r/AAAAA1BHUA==
+=DafU
+-----END PGP ARMORED FILE-----
+
+Now run
+  gpg --verify -o -  msg.sig msg
+  gpg --verify -o -  msg-mod.sig msg
+
+after this pacth is applied the second command will output an error
+message "gpg: not a detached signature"
+
+The modification was to prepend a one-pass signature packet for alices
+signature and a a literal data packet with the second quote to the
+original signature and also append a marker packet or something other.
+gpgsplit is the tool of choice here.  Thus the packet composition of
+msg-mod.sig is:
+
+  :onepass_sig packet: keyid 5B989D2B25E37FDC
+          version 3, sigclass 0x00, digest 10, pubkey 22, last=1
+  :literal data packet:
+          mode b (62), created 1761127096, name="",
+          raw data: 89 bytes
+  :signature packet: algo 22, keyid 5B989D2B25E37FDC
+          version 4, created 1761126712, md5len 0, sigclass 0x00
+          [...]
+  :marker packet: PGP
+
+Kudos to the reporter for the detailed report.
+---
+ g10/mainproc.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/g10/mainproc.c b/g10/mainproc.c
+index e2703516c..8108a07b7 100644
+--- a/g10/mainproc.c
++++ b/g10/mainproc.c
+@@ -1838,10 +1838,14 @@ do_proc_packets (CTX c, iobuf_t a, int keep_dek_and_list)
+        * packet and not to reuse the current one ...  It works right
+        * when there is a compression packet between which adds just
+        * an extra layer.
++       *
++       * Note that we should not reset the any.data due to another
++       * packets.  Just set it once on seeing a plaintext.
++       *
+        * Hmmm: Rewrite this whole module here??
+        */
+       if (pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC)
+-        c->any.data = (pkt->pkttype == PKT_PLAINTEXT);
++        c->any.data |= (pkt->pkttype == PKT_PLAINTEXT);
+ 
+       if (newpkt == -1)
+         ;

gnupg-notdash-escape.patch

@@ -0,0 +1,135 @@
+commit 947ea3c411f0c14ba002612bb4ab500fba105570
+Author: Werner Koch <wk@gnupg.org>
+Date:   Mon Dec 29 18:37:08 2025 +0100
+
+    gpg: Deprecate the option --not-dash-escaped.
+    
+    * g10/options.h (COMPAT_ALLOW_NOT_DASH_ESCAPED): new.
+    * g10/gpg.c (compatibility_flags): Add "allow-not-dash-escaped".
+    (main): Print a deprecation warning.
+    * g10/armor.c (parse_header_line): Ignore the NotDashEscaped header.
+    
+    * tests/openpgp/clearsig.scm (vectors): Remove test case.
+    --
+    
+    GnuPG-bug-id: 7901
+
+Index: gnupg-2.5.5/doc/gpg.texi
+===================================================================
+--- gnupg-2.5.5.orig/doc/gpg.texi
++++ gnupg-2.5.5/doc/gpg.texi
+@@ -3551,16 +3551,6 @@ be tried.  @option{--no-throw-keyids} di
+ is essentially the same as using @option{--hidden-recipient} for all
+ recipients.
+ 
+-@item --not-dash-escaped
+-@opindex not-dash-escaped
+-This option changes the behavior of cleartext signatures
+-so that they can be used for patch files. You should not
+-send such an armored file via email because all spaces
+-and line endings are hashed too. You can not use this
+-option for data which has 5 dashes at the beginning of a
+-line, patch files don't have this. A special armor header
+-line tells GnuPG about this cleartext signature option.
+-
+ @item --escape-from-lines
+ @itemx --no-escape-from-lines
+ @opindex escape-from-lines
+@@ -4051,6 +4041,18 @@ This option is deprecated and has no mor
+ @item --aead-algo @var{name}
+ This option is deprecated and has no more effect since version 2.3.9.
+ 
++@item --not-dash-escaped
++@opindex not-dash-escaped
++This option is deprecated since version 2.5.15 and has actually been
++obsolete for many more years.  The verification code in gpg also
++ignores this special mode unless a compatibility flag has been used.
++This option was used to change the behavior of cleartext signatures so
++that they can be used for patch files. You should not send such an
++armored file via email because all spaces and line endings are hashed
++too. You can not use this option for data which has 5 dashes at the
++beginning of a line, patch files don't have this. A special armor
++header line tells GnuPG about this cleartext signature option.
++
+ 
+ @end table
+ 
+Index: gnupg-2.5.5/g10/armor.c
+===================================================================
+--- gnupg-2.5.5.orig/g10/armor.c
++++ gnupg-2.5.5/g10/armor.c
+@@ -510,7 +510,9 @@ parse_header_line( armor_filter_context_
+       {
+ 	if( (hashes=parse_hash_header( line )) )
+ 	  afx->hashes |= hashes;
+-	else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) )
++	else if ((opt.compat_flags & COMPAT_ALLOW_NOT_DASH_ESCAPED)
++                 && strlen (line) > 15
++                 && !memcmp( line, "NotDashEscaped:", 15 ) )
+ 	  afx->not_dash_escaped = 1;
+ 	else
+ 	  {
+Index: gnupg-2.5.5/g10/gpg.c
+===================================================================
+--- gnupg-2.5.5.orig/g10/gpg.c
++++ gnupg-2.5.5/g10/gpg.c
+@@ -1056,6 +1056,7 @@ static struct compatibility_flags_s comp
+   {
+     { COMPAT_PARALLELIZED, "parallelized" },
+     { COMPAT_T7014_OLD,    "t7014-old" },
++    { COMPAT_ALLOW_NOT_DASH_ESCAPED, "allow-not-dash-escaped" },
+     { 0, NULL }
+   };
+ 
+@@ -3956,6 +3957,11 @@ main (int argc, char **argv)
+       log_info ("Note: Specified keyrings are ignored due to option \"%s\"\n",
+                 "use-keyboxd");
+ 
++    if (opt.not_dash_escaped)
++      log_info (_("WARNING: \"%s\" is a deprecated option\n"),
++                "--not-dash-escaped");
++
++
+     if (comopt.no_autostart)
+       opt.autostart = 0;
+ 
+Index: gnupg-2.5.5/g10/options.h
+===================================================================
+--- gnupg-2.5.5.orig/g10/options.h
++++ gnupg-2.5.5/g10/options.h
+@@ -397,7 +397,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_sta
+ /* Compatibility flags */
+ #define COMPAT_PARALLELIZED   1  /* Use threaded hashing for signatures.  */
+ #define COMPAT_T7014_OLD      2  /* Use initial T7014 test data.  */
+-
++#define COMPAT_ALLOW_NOT_DASH_ESCAPED 32 /* Handle NotDashEscaped header.  */
+ 
+ /* Compliance test macros.  */
+ #define GNUPG   (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS)
+Index: gnupg-2.5.5/tests/openpgp/clearsig.scm
+===================================================================
+--- gnupg-2.5.5.orig/tests/openpgp/clearsig.scm
++++ gnupg-2.5.5/tests/openpgp/clearsig.scm
+@@ -78,21 +78,7 @@ there is a blank line after this
+     ;; I think this file will be constructed wrong (gpg 0.9.3) but it
+     ;; should verify okay anyway.
+     ("this is a sig test
+- " #f ())
+-
+-    ;; check our special diff mode
+-    ("--- mainproc.c	Tue Jun 27 09:28:11 2000
+-+++ mainproc.c~ Thu Jun  8 22:50:25 2000
+-@@ -1190,16 +1190,13 @@
+-		md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
+-	    }
+-	    /* ask for file and hash it */
+--	    if( c->sigs_only ) {
+-+	    if( c->sigs_only )
+-		rc = hash_datafiles( c->mfx.md, NULL,
+-				     c->signed_data, c->sigfilename,
+-			n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
+-" #t (--not-dash-escaped))))
++ " #f ())))
+ 
+ (let ((counter (make-counter)))
+   (for-each-p'

gpg2.changes

@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Wed Jan 28 15:09:39 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix 
+  * [bsc#1257396, CVE-2026-24882]
+    - gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys 
+    - Added gnupg-CVE-2026-24882.patch
+  * [bsc#1257395, CVE-2026-24883]
+    - gpg2: denial of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value
+    - Added gnupg-CVE-2026-24883.patch
+
+-------------------------------------------------------------------
+Wed Jan 28 13:52:19 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix [bsc#1256389] (gpg.fail/filename)
+  * Added gnupg-accepts-path-separators-literal-data.patch
+  * GnuPG Accepts Path Separators and Path Traversals in Literal Data
+
+-------------------------------------------------------------------
+Thu Jan  8 10:55:35 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
+
+- Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy)
+  * gpg: Fix possible memory corruption in the armor parser [T7906]
+  * Add gnupg-CVE-2025-68973.patch
+
+-------------------------------------------------------------------
+Thu Jan  8 10:42:12 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
+
+- Security fix: [bsc#1256246] (gpg.fail/sha1)
+  * gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures [T7904]
+  * Add gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch
+
+-------------------------------------------------------------------
+Thu Jan  8 10:37:15 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
+
+- Security fix: [bsc#1256244] (gpg.fail/detached)
+  * gpg: Error out on unverified output for non-detached signatures [T7903]
+  * Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch
+
+-------------------------------------------------------------------
+Thu Jan  8 07:38:45 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix: [bsc#1256390] (gpg.fail/notdash)
+  * gpg2: Cleartext Signature Forgery in the NotDashEscaped header
+    implementation in GnuPG
+  * Add patch gnupg-notdash-escape.patch
+
 -------------------------------------------------------------------
 Thu Jun 26 11:26:15 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
 

gpg2.spec

@@ -51,6 +51,21 @@ Patch13:        gnupg-nobetasuffix.patch
 Patch14:        gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch
 #PATCH-FIX-UPSTREAM gpg: Fix another regression due to the T7547 fix.
 Patch15:        gnupg-gpg-Fix-another-regression-due-to-the-T7547-fix.patch
+#PATCH-FIX-UPSTREAM: bsc#1256390 Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash)
+Patch16:        gnupg-notdash-escape.patch
+#PATCH-FIX-UPSTREAM: bsc#1256244 gpg: Error out on unverified output for non-detached signatures (gpg.fail/detached)
+Patch17:        gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch
+#PATCH-FIX-UPSTREAM: bsc#1256246 gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1)
+Patch18:        gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch
+#PATCH-FIX-UPSTREAM: bsc#1255715 CVE-2025-68973: Memory Corruption in ASCII-Armor Parsing (gpg.fail/memcpy)
+Patch19:        gnupg-CVE-2025-68973.patch
+#PATCH-FIX-UPSTREAM: bsc#1256389 GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field 
+Patch20: 	    gnupg-accepts-path-separators-literal-data.patch
+#PATCH-FIX-UPSTREAM: bsc#1257395 CVE-2026-24883:  denial  of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value
+Patch21: 	    gnupg-CVE-2026-24883.patch
+#PATCH-FIX-UPSTREAM: bsc#1257396 CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys 
+Patch22:        gnupg-CVE-2026-24882.patch
+
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 3.0.0