2025-11-27 13:17:27 +01:00
7 changed files with 28 additions and 20 deletions
--- a/rnp-v0.18.0.tar.gz
+++ b/rnp-v0.18.0.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a90e3ac5b185a149665147f9284c0201a78431e81924883899244522fd3f9240
-size 4376397
--- a/rnp-v0.18.0.tar.gz.asc
+++ b/rnp-v0.18.0.tar.gz.asc
@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iHUEABYIAB0WIQRQ2lnVuRNPotsesgz7gpq10P4BfwUCaD395wAKCRD7gpq10P4B
-f6H6AQDieDYfjsUAi+JKXu7ofP73apiiICXbmjkRh7FS3bAb5QEAhO+aCelLhf3p
-HZTgepEUbnZUk6MddTJveS/gWdDlNAQ=
-=SAPb
-----END PGP SIGNATURE-----
--- a/rnp-v0.18.1.tar.gz
+++ b/rnp-v0.18.1.tar.gz
--- a/rnp-v0.18.1.tar.gz.asc
+++ b/rnp-v0.18.1.tar.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYIAB0WIQRQ2lnVuRNPotsesgz7gpq10P4BfwUCaSB/8QAKCRD7gpq10P4B
+f5G+AQDbdJdjbrAVGU823aCzriD0OXAgV3N+vZYfVebuE/VMsQEAkfT4n5apDx4w
+F1YJDSJMcJPIP9H80l8BZK5G7WhDngs=
+=ko0M
+-----END PGP SIGNATURE-----
--- a/rnp.changes
+++ b/rnp.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Sat Nov 22 09:07:35 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 0.18.1:
+  * CVE-2025-13470: PKESK (public-key encrypted) session keys were
+    generated as all-zero, allowing trivial decryption of messages
+    encrypted with public keys only (boo#1253957, CVE-2025-13402)
+
 -------------------------------------------------------------------
 Sun Aug  3 14:47:53 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/rnp.keyring
+++ b/rnp.keyring
@@ -6,11 +6,11 @@ b20+iJYEExYIAD4WIQQxr1ok2GHvy3y3mhkkkAzgrvtUFwUCYOUN0QIbAQUJbeHV
 gAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAkkAzgrvtUF42MAQDXfgjYWWqR
 PkCvVhDQEjJVETNmwSgfhG/q3pMmGSlJFQD/ZJI9KhowbzGU0/qDXDERPoR2FYB5
 xx4BwotTOwketw64MwRjGxr6FgkrBgEEAdpHDwEBB0B5WpvGuJLXoMdAAIyNfOjd
-Z7ittaBksxh/mfCPKcXrPoj1BBgWCAAmFiEEMa9aJNhh78t8t5oZJJAM4K77VBcF
-AmMbGvoCGwIFCQPCZwAAgQkQJJAM4K77VBd2IAQZFggAHRYhBFDaWdW5E0+i2x6y
-DPuCmrXQ/gF/BQJjGxr6AAoJEPuCmrXQ/gF/Zi4A/RwEZ17ZrXyn0kiY/DP6BSIt
-p/6Sk9hG7KpkRqC3aaWsAQD2P6eZV6pWbhQp1C/kQYtgBbLOMUqmAg+5fMduhmaw
-BDfrAP9PXS/3/h4R2UWvQ8yDv4BXztrnf61rX6re4iGpfixBZAD9FalZDJmCrdQm
-toOkvaIWylfh5HgTM3lxXcO3Dz6W6QQ=
-=Towq
+Z7ittaBksxh/mfCPKcXrPoj1BBgWCAAmAhsCFiEEMa9aJNhh78t8t5oZJJAM4K77
+VBcFAmg90F0FCQcD6OMAgXYgBBkWCAAdFiEEUNpZ1bkTT6LbHrIM+4KatdD+AX8F
+AmMbGvoACgkQ+4KatdD+AX9mLgD9HARnXtmtfKfSSJj8M/oFIi2n/pKT2EbsqmRG
+oLdppawBAPY/p5lXqlZuFCnUL+RBi2AFss4xSqYCD7l8x26GZrAECRAkkAzgrvtU
+F3UaAP4ibyzghsJdIpg5XHwa/4azW29Lzjnjl8KcSyeG98g6EwD/UhyV15eM8Drj
+P6KdjUPYFEJFxgEEhCH5HvA8/RkbWw8=
+=/0Ub
 -----END PGP PUBLIC KEY BLOCK-----
--- a/rnp.spec
+++ b/rnp.spec
@@ -18,7 +18,7 @@

 %define soname 0
 Name:           rnp
-Version:        0.18.0
+Version:        0.18.1
 Release:        0
 Summary:        OpenPGP implementation fully compliant with RFC 4880
 License:        Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause
@@ -102,9 +102,9 @@ export CXX=g++-12
 %files devel
 %license LICENSE*
 %doc CHANGELOG.md README.adoc
-%{_includedir}/*
+%{_includedir}/rnp
 %{_libdir}/cmake/rnp
-%{_libdir}/*.so
+%{_libdir}/librnp.so
 %{_libdir}/pkgconfig/*.pc
 %{_mandir}/man3/*.3%{?ext_man}