From b5050335d445572f27bc667c5be47e295ddf38745ffabe517b60a9ade7e22d9b Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Wed, 25 Jun 2014 05:12:17 +0000 Subject: [PATCH] Accepting request 238555 from home:AndreasStieger:branches:Base:System GnuPG 2.0.24 [bnc#884130] [CVE-2014-4617] OBS-URL: https://build.opensuse.org/request/show/238555 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=73 --- gnupg-2.0.23.tar.bz2 | 3 --- gnupg-2.0.23.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.0.24.tar.bz2 | 3 +++ gnupg-2.0.24.tar.bz2.sig | Bin 0 -> 287 bytes gpg2.changes | 18 ++++++++++++++++++ gpg2.keyring | 2 +- gpg2.spec | 2 +- 7 files changed, 23 insertions(+), 5 deletions(-) delete mode 100644 gnupg-2.0.23.tar.bz2 delete mode 100644 gnupg-2.0.23.tar.bz2.sig create mode 100644 gnupg-2.0.24.tar.bz2 create mode 100644 gnupg-2.0.24.tar.bz2.sig diff --git a/gnupg-2.0.23.tar.bz2 b/gnupg-2.0.23.tar.bz2 deleted file mode 100644 index ac01421..0000000 --- a/gnupg-2.0.23.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cf196b8056eafb4236f000a3e12543e0022a1fec4d6edff1b91b48936c109841 -size 4297195 diff --git a/gnupg-2.0.23.tar.bz2.sig b/gnupg-2.0.23.tar.bz2.sig deleted file mode 100644 index 45a9c3c831c7d27f3d8472d8f7f6cd6b79c5aba70906be440564c86967311fd0..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-rzjXwYi2@oWkInqxh|P2m1%VQR!}~{t{dJ8OCt? z!+y&qktLo-=t*tL@z7WXFgL;CPDauqC?9PJIc$!J1s|EL3lJFjo|`RcEWDLqS>)k& z9@ER11~b(s-Hhy+?A^VYr;8x4G(>No#+(jAoZQ!NUcce-G3t-=VoeYeQp;)nrHDf3 z+G2CajO>0_WA3^dvbUN?&1#8PFR7e9KLB_CL90Fvv5SHoJZ}TYl?E)Ju8yxwfuDBS zcAT<#s86!-IkhR8y$DqoxA-i6m7>aynok>q)yxw}8xjxSnjk*aGg7>@+NLc}Se8&- lFfZkvv2UQS;FybNRhf!8A4zmF4}-x7z)^;q0>a3E+dl63hGYN$ diff --git a/gnupg-2.0.24.tar.bz2 b/gnupg-2.0.24.tar.bz2 new file mode 100644 index 0000000..f48264a --- /dev/null +++ b/gnupg-2.0.24.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d974a1d86c9470571411346368416d96200ef9510028763c1303cd66e3820232 +size 4301922 diff --git a/gnupg-2.0.24.tar.bz2.sig b/gnupg-2.0.24.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..f7f7db646706de13db62ce2e7a48f6e3ce4d4d485a31f826ab9f015b33d899a6 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-s4fFb}22@oWkInqxhD^da03rh{GbBhSP-1>o^#3 zC|-QQ+woB#oSK3LDVMNrzINGS>pk$H_??uOcXsOn_?SZVSzxN~ai zcYhn1f!l^$%ahRlLMCB#Uz3qcpW6Q>NntkO&c_(Wqn45qCA}|f&QSDhffH-&1WW56 zrCPy*+z9K+j~k6=LjD++sSEi&^js}QHokrPa_188w7di(iDuz`^AGL;ZQ6HpX!B}_ lx*4mGiJ7lAmoi%4X8#_=x1?nEWR>itIYrFqa(!W+XlC10jQRio literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index 0cc913c..ec29925 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Tue Jun 24 22:25:12 UTC 2014 - andreas.stieger@gmx.de + +- update to 2.0.24 + Contains a security fix to stop a possible DoS using garbled + compressed data packets which can be used to put gpg into an + infinite loop. [bnc#884130] [CVE-2014-4617] + * gpg: Avoid DoS due to garbled compressed data packets. +- further: + * gpg: Screen keyserver responses to avoid importing unwanted + keys from rogue servers. + * gpg: The validity of user ids is now shown by default. To + revert this add "list-options no-show-uid-validity" to gpg.conf + * gpg: Print more specific reason codes with the INV_RECP status. + * gpg: Allow loading of a cert only key to an OpenPGP card. + * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt + 1.6. + ------------------------------------------------------------------- Tue Jun 3 21:55:34 UTC 2014 - andreas.stieger@gmx.de diff --git a/gpg2.keyring b/gpg2.keyring index 1efb704..86dc5ba 100644 --- a/gpg2.keyring +++ b/gpg2.keyring @@ -7,7 +7,7 @@ - + diff --git a/gpg2.spec b/gpg2.spec index 67afee4..72023e3 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.0.23 +Version: 2.0.24 Release: 0 BuildRequires: automake >= 1.10 BuildRequires: expect