rpms/gnupg2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

upgrade to 2.2.8 fixing CVE 2018-12020

Browse Source
This commit is contained in:
Tomas Mraz 2018-06-11 10:36:24 +02:00
parent af7927fbf8
commit 7dd8e5a116
4 changed files with 26 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -70,3 +70,5 @@ gnupg-2.0.16.tar.bz2.sig
/gnupg-2.2.5.tar.bz2.sig
/gnupg-2.2.6.tar.bz2
/gnupg-2.2.6.tar.bz2.sig
/gnupg-2.2.8.tar.bz2
/gnupg-2.2.8.tar.bz2.sig

32
gnupg-2.2.0-file-is-digest.patch → gnupg-2.2.8-file-is-digest.patch
View File

@ -1,7 +1,7 @@
diff -up gnupg-2.2.0/g10/gpg.c.file-is-digest gnupg-2.2.0/g10/gpg.c
--- gnupg-2.2.0/g10/gpg.c.file-is-digest 2017-09-05 14:51:31.658702228 +0200
+++ gnupg-2.2.0/g10/gpg.c 2017-09-05 14:52:48.467413778 +0200
@@ -380,6 +380,7 @@ enum cmd_and_opt_values
diff -up gnupg-2.2.8/g10/gpg.c.file-is-digest gnupg-2.2.8/g10/gpg.c
--- gnupg-2.2.8/g10/gpg.c.file-is-digest 2018-06-11 10:15:33.755167428 +0200
+++ gnupg-2.2.8/g10/gpg.c 2018-06-11 10:17:36.352063501 +0200
@@ -376,6 +376,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
oLCmessages,
@ -9,7 +9,7 @@ diff -up gnupg-2.2.0/g10/gpg.c.file-is-digest gnupg-2.2.0/g10/gpg.c
oXauthority,
oGroup,
oUnGroup,
@@ -826,6 +827,7 @@ static ARGPARSE_OPTS opts[] = {
@@ -821,6 +822,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalCompressPreferences,
"personal-compress-preferences", "@"),
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
@ -17,7 +17,7 @@ diff -up gnupg-2.2.0/g10/gpg.c.file-is-digest gnupg-2.2.0/g10/gpg.c
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -2388,6 +2390,7 @@ main (int argc, char **argv)
@@ -2390,6 +2392,7 @@ main (int argc, char **argv)
opt.keyid_format = KF_NONE;
opt.def_sig_expire = "0";
opt.def_cert_expire = "0";
@ -25,18 +25,18 @@ diff -up gnupg-2.2.0/g10/gpg.c.file-is-digest gnupg-2.2.0/g10/gpg.c
gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1;
opt.emit_version = 0;
@@ -2954,6 +2957,7 @@ main (int argc, char **argv)
@@ -2963,6 +2966,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
+ case oFileIsDigest: opt.file_is_digest = 1; break;
case oForceMDC: opt.force_mdc = 1; break;
case oNoForceMDC: opt.force_mdc = 0; break;
diff -up gnupg-2.2.0/g10/options.h.file-is-digest gnupg-2.2.0/g10/options.h
--- gnupg-2.2.0/g10/options.h.file-is-digest 2017-08-09 15:46:17.000000000 +0200
+++ gnupg-2.2.0/g10/options.h 2017-09-05 14:51:31.661702295 +0200
@@ -213,6 +213,7 @@ struct
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
diff -up gnupg-2.2.8/g10/options.h.file-is-digest gnupg-2.2.8/g10/options.h
--- gnupg-2.2.8/g10/options.h.file-is-digest 2018-05-31 12:03:06.000000000 +0200
+++ gnupg-2.2.8/g10/options.h 2018-06-11 10:15:33.757167476 +0200
@@ -210,6 +210,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
@ -44,9 +44,9 @@ diff -up gnupg-2.2.0/g10/options.h.file-is-digest gnupg-2.2.0/g10/options.h
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
diff -up gnupg-2.2.0/g10/sign.c.file-is-digest gnupg-2.2.0/g10/sign.c
--- gnupg-2.2.0/g10/sign.c.file-is-digest 2017-07-28 19:39:06.000000000 +0200
+++ gnupg-2.2.0/g10/sign.c 2017-09-05 14:51:31.661702295 +0200
diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
--- gnupg-2.2.8/g10/sign.c.file-is-digest 2017-08-28 12:22:54.000000000 +0200
+++ gnupg-2.2.8/g10/sign.c 2018-06-11 10:15:33.757167476 +0200
@@ -40,6 +40,7 @@
#include "pkglue.h"
#include "../common/sysutils.h"

9
gnupg2.spec
View File

@ -1,6 +1,6 @@
Summary: Utility for secure communication and data storage
Name: gnupg2
Version: 2.2.6
Version: 2.2.8
Release: 1%{?dist}
License: GPLv3+
@ -13,7 +13,7 @@ Patch2: gnupg-2.1.19-exponential.patch
# needed for compatibility with system FIPS mode
Patch3: gnupg-2.1.10-secmem.patch
# non-upstreamable patch adding file-is-digest option needed for Copr
Patch4: gnupg-2.2.0-file-is-digest.patch
Patch4: gnupg-2.2.8-file-is-digest.patch
Patch5: gnupg-2.1.1-ocsp-keyusage.patch
Patch6: gnupg-2.1.1-fips-algo.patch
# allow 8192 bit RSA keys in keygen UI with large RSA
@ -29,7 +29,7 @@ BuildRequires: docbook-utils
BuildRequires: gettext
BuildRequires: libassuan-devel >= 2.1.0
BuildRequires: libgcrypt-devel >= 1.7.0
BuildRequires: libgpg-error-devel >= 1.16
BuildRequires: libgpg-error-devel >= 1.31
BuildRequires: libksba-devel >= 1.3.0
BuildRequires: openldap-devel
BuildRequires: libusb-devel
@ -211,6 +211,9 @@ fi
%changelog
* Mon Jun 11 2018 Tomáš Mráz <tmraz@redhat.com> - 2.2.8-1
- upgrade to 2.2.8 fixing CVE 2018-12020
* Wed Apr 11 2018 Tomáš Mráz <tmraz@redhat.com> - 2.2.6-1
- upgrade to 2.2.6

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (gnupg-2.2.6.tar.bz2) = ad0861c86c1886f701ae05e7cd439449cf0684a7bf461ca2b729c5e93833ee36f8438cd4d7f73a4c60e57060f3d8f4890a809b2bbc31b083f9f61d2f66ccacc4
SHA512 (gnupg-2.2.6.tar.bz2.sig) = 9da75a8c17f09a53648c366cc2bbf849e55538f77116d5c786fbf4c03c912c5fd13301111fccd29a3b92d1acfe675de0cb4d31415575e1fc7fd43b7be55d4db2
SHA512 (gnupg-2.2.8.tar.bz2) = 24271ec2663b941ed5e72e2179b48ac73d5cd838292aa9d4954952b11713f4b466f30e6af632b22c9e7c284350e300a07046d41d0ab73dcbd1639b303cd09007
SHA512 (gnupg-2.2.8.tar.bz2.sig) = 906820a3a457c02527eabe057de600efa7952f7e71d53a917901febd58c5d5ef393c1c0a79836ba9e8e03c50418056cda6e8acbb119a0f5dd592c11d41dcc43a