diff --git a/rnp-v0.18.0.tar.gz b/rnp-v0.18.0.tar.gz deleted file mode 100644 index 7ab55b2..0000000 --- a/rnp-v0.18.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a90e3ac5b185a149665147f9284c0201a78431e81924883899244522fd3f9240 -size 4376397 diff --git a/rnp-v0.18.0.tar.gz.asc b/rnp-v0.18.0.tar.gz.asc deleted file mode 100644 index e328d00..0000000 --- a/rnp-v0.18.0.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYIAB0WIQRQ2lnVuRNPotsesgz7gpq10P4BfwUCaD395wAKCRD7gpq10P4B -f6H6AQDieDYfjsUAi+JKXu7ofP73apiiICXbmjkRh7FS3bAb5QEAhO+aCelLhf3p -HZTgepEUbnZUk6MddTJveS/gWdDlNAQ= -=SAPb ------END PGP SIGNATURE----- diff --git a/rnp-v0.18.1.tar.gz b/rnp-v0.18.1.tar.gz new file mode 100644 index 0000000..2c1ea4c --- /dev/null +++ b/rnp-v0.18.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:423c8e32e1e591462f759adf8441b1c44bca96d9f5daff13b82e81a79f18ecfd +size 4377514 diff --git a/rnp-v0.18.1.tar.gz.asc b/rnp-v0.18.1.tar.gz.asc new file mode 100644 index 0000000..8394395 --- /dev/null +++ b/rnp-v0.18.1.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- + +iHUEABYIAB0WIQRQ2lnVuRNPotsesgz7gpq10P4BfwUCaSB/8QAKCRD7gpq10P4B +f5G+AQDbdJdjbrAVGU823aCzriD0OXAgV3N+vZYfVebuE/VMsQEAkfT4n5apDx4w +F1YJDSJMcJPIP9H80l8BZK5G7WhDngs= +=ko0M +-----END PGP SIGNATURE----- diff --git a/rnp.changes b/rnp.changes index c1a5061..efbbc32 100644 --- a/rnp.changes +++ b/rnp.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Sat Nov 22 09:07:35 UTC 2025 - Andreas Stieger + +- update to 0.18.1: + * CVE-2025-13470: PKESK (public-key encrypted) session keys were + generated as all-zero, allowing trivial decryption of messages + encrypted with public keys only (boo#1253957, CVE-2025-13402) + ------------------------------------------------------------------- Sun Aug 3 14:47:53 UTC 2025 - Andreas Stieger diff --git a/rnp.keyring b/rnp.keyring index a4acb2b..935d21a 100644 --- a/rnp.keyring +++ b/rnp.keyring @@ -6,11 +6,11 @@ b20+iJYEExYIAD4WIQQxr1ok2GHvy3y3mhkkkAzgrvtUFwUCYOUN0QIbAQUJbeHV gAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAkkAzgrvtUF42MAQDXfgjYWWqR PkCvVhDQEjJVETNmwSgfhG/q3pMmGSlJFQD/ZJI9KhowbzGU0/qDXDERPoR2FYB5 xx4BwotTOwketw64MwRjGxr6FgkrBgEEAdpHDwEBB0B5WpvGuJLXoMdAAIyNfOjd -Z7ittaBksxh/mfCPKcXrPoj1BBgWCAAmFiEEMa9aJNhh78t8t5oZJJAM4K77VBcF -AmMbGvoCGwIFCQPCZwAAgQkQJJAM4K77VBd2IAQZFggAHRYhBFDaWdW5E0+i2x6y -DPuCmrXQ/gF/BQJjGxr6AAoJEPuCmrXQ/gF/Zi4A/RwEZ17ZrXyn0kiY/DP6BSIt -p/6Sk9hG7KpkRqC3aaWsAQD2P6eZV6pWbhQp1C/kQYtgBbLOMUqmAg+5fMduhmaw -BDfrAP9PXS/3/h4R2UWvQ8yDv4BXztrnf61rX6re4iGpfixBZAD9FalZDJmCrdQm -toOkvaIWylfh5HgTM3lxXcO3Dz6W6QQ= -=Towq +Z7ittaBksxh/mfCPKcXrPoj1BBgWCAAmAhsCFiEEMa9aJNhh78t8t5oZJJAM4K77 +VBcFAmg90F0FCQcD6OMAgXYgBBkWCAAdFiEEUNpZ1bkTT6LbHrIM+4KatdD+AX8F +AmMbGvoACgkQ+4KatdD+AX9mLgD9HARnXtmtfKfSSJj8M/oFIi2n/pKT2EbsqmRG +oLdppawBAPY/p5lXqlZuFCnUL+RBi2AFss4xSqYCD7l8x26GZrAECRAkkAzgrvtU +F3UaAP4ibyzghsJdIpg5XHwa/4azW29Lzjnjl8KcSyeG98g6EwD/UhyV15eM8Drj +P6KdjUPYFEJFxgEEhCH5HvA8/RkbWw8= +=/0Ub -----END PGP PUBLIC KEY BLOCK----- diff --git a/rnp.spec b/rnp.spec index 5de359c..387593a 100644 --- a/rnp.spec +++ b/rnp.spec @@ -18,7 +18,7 @@ %define soname 0 Name: rnp -Version: 0.18.0 +Version: 0.18.1 Release: 0 Summary: OpenPGP implementation fully compliant with RFC 4880 License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause @@ -102,9 +102,9 @@ export CXX=g++-12 %files devel %license LICENSE* %doc CHANGELOG.md README.adoc -%{_includedir}/* +%{_includedir}/rnp %{_libdir}/cmake/rnp -%{_libdir}/*.so +%{_libdir}/librnp.so %{_libdir}/pkgconfig/*.pc %{_mandir}/man3/*.3%{?ext_man}