import UBI gnupg2-2.3.3-4.el9
This commit is contained in:
parent
e0b464e0c2
commit
d446b0027c
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
SOURCES/gnupg-2.3.3.tar.bz2
|
SOURCES/gnupg-2.3.3.tar.bz2
|
||||||
|
SOURCES/gnupg-2.3.3.tar.bz2.sig
|
||||||
|
@ -1 +1,2 @@
|
|||||||
b19a407076424704f1b00e8265254de1b3061659 SOURCES/gnupg-2.3.3.tar.bz2
|
b19a407076424704f1b00e8265254de1b3061659 SOURCES/gnupg-2.3.3.tar.bz2
|
||||||
|
38fed91a8c4b3ba09977ab06567395448b6f1242 SOURCES/gnupg-2.3.3.tar.bz2.sig
|
||||||
|
30
SOURCES/gnupg-2.3.3-aead-packet.patch
Normal file
30
SOURCES/gnupg-2.3.3-aead-packet.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
commit eadf12a52c2e230174e076a0dcae68132094cefe
|
||||||
|
Author: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Thu Feb 24 09:02:53 2022 +0100
|
||||||
|
|
||||||
|
sign: Construct valid AEAD packets.
|
||||||
|
|
||||||
|
* g10/sign.c (sign_symencrypt_file): Insert correct version and AEAD
|
||||||
|
information into symkey packet.
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
GnuPG-bug-id: 5856
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/g10/sign.c b/g10/sign.c
|
||||||
|
index bbcfabdb7..2ab76c99b 100644
|
||||||
|
--- a/g10/sign.c
|
||||||
|
+++ b/g10/sign.c
|
||||||
|
@@ -1660,8 +1660,9 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
|
||||||
|
{
|
||||||
|
PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
|
||||||
|
|
||||||
|
- enc->version = 4;
|
||||||
|
+ enc->version = cfx.dek->use_aead ? 5 : 4;
|
||||||
|
enc->cipher_algo = cfx.dek->algo;
|
||||||
|
+ enc->aead_algo = cfx.dek->use_aead;
|
||||||
|
enc->s2k = *s2k;
|
||||||
|
pkt.pkttype = PKT_SYMKEY_ENC;
|
||||||
|
pkt.pkt.symkey_enc = enc;
|
||||||
|
|
42
SOURCES/gnupg-2.3.3-ssh-fips.patch
Normal file
42
SOURCES/gnupg-2.3.3-ssh-fips.patch
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
From c4436ebfa58f219190f1244928001b4293293343 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 12 Apr 2022 16:26:58 +0200
|
||||||
|
Subject: [PATCH GnuPG] agent: Ignore MD5 Fingerprints for ssh keys
|
||||||
|
|
||||||
|
--
|
||||||
|
* agent/command-ssh.c (add_control_entry): Ignore failure of the MD5
|
||||||
|
digest
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
---
|
||||||
|
agent/command-ssh.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
|
||||||
|
index a7784e728..46821e3c8 100644
|
||||||
|
--- a/agent/command-ssh.c
|
||||||
|
+++ b/agent/command-ssh.c
|
||||||
|
@@ -1095,8 +1095,9 @@ add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec,
|
||||||
|
time_t atime = time (NULL);
|
||||||
|
|
||||||
|
err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr_md5);
|
||||||
|
+ /* ignore the errors as MD5 is not available in FIPS mode */
|
||||||
|
if (err)
|
||||||
|
- goto out;
|
||||||
|
+ fpr_md5 = NULL;
|
||||||
|
|
||||||
|
err = ssh_get_fingerprint_string (key, GCRY_MD_SHA256, &fpr_sha256);
|
||||||
|
if (err)
|
||||||
|
@@ -1113,7 +1114,8 @@ add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec,
|
||||||
|
spec->name,
|
||||||
|
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
|
||||||
|
tp->tm_hour, tp->tm_min, tp->tm_sec,
|
||||||
|
- fpr_md5, fpr_sha256, hexgrip, ttl, confirm? " confirm":"");
|
||||||
|
+ fpr_md5? fpr_md5:"", fpr_sha256, hexgrip, ttl,
|
||||||
|
+ confirm? " confirm":"");
|
||||||
|
|
||||||
|
}
|
||||||
|
out:
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
Binary file not shown.
@ -7,7 +7,7 @@
|
|||||||
Summary: Utility for secure communication and data storage
|
Summary: Utility for secure communication and data storage
|
||||||
Name: gnupg2
|
Name: gnupg2
|
||||||
Version: 2.3.3
|
Version: 2.3.3
|
||||||
Release: 2%{?dist}
|
Release: 4%{?dist}
|
||||||
|
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
|
Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
|
||||||
@ -31,6 +31,12 @@ Patch30: gnupg-2.2.21-coverity.patch
|
|||||||
Patch31: gnupg-2.3.1-revert-default-eddsa.patch
|
Patch31: gnupg-2.3.1-revert-default-eddsa.patch
|
||||||
# Revert default EdDSA key types
|
# Revert default EdDSA key types
|
||||||
Patch32: gnupg-2.3.3-CVE-2022-34903.patch
|
Patch32: gnupg-2.3.3-CVE-2022-34903.patch
|
||||||
|
# Fix AEAD packet construction
|
||||||
|
# https://dev.gnupg.org/T5856
|
||||||
|
Patch34: gnupg-2.3.3-aead-packet.patch
|
||||||
|
# Fix ssh-agent behavior in FIPS mode
|
||||||
|
# https://dev.gnupg.org/T5929
|
||||||
|
Patch35: gnupg-2.3.3-ssh-fips.patch
|
||||||
|
|
||||||
|
|
||||||
URL: https://www.gnupg.org/
|
URL: https://www.gnupg.org/
|
||||||
@ -116,6 +122,8 @@ to the base GnuPG package
|
|||||||
%patch30 -p1 -b .coverity
|
%patch30 -p1 -b .coverity
|
||||||
%patch31 -p1 -R -b .eddsa
|
%patch31 -p1 -R -b .eddsa
|
||||||
%patch32 -p1 -b .CVE-2022-34903
|
%patch32 -p1 -b .CVE-2022-34903
|
||||||
|
%patch34 -p1 -b .aead
|
||||||
|
%patch35 -p1 -b .ssh-fips
|
||||||
|
|
||||||
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
|
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
|
||||||
# Note: this is just the name of the default shared lib to load in scdaemon,
|
# Note: this is just the name of the default shared lib to load in scdaemon,
|
||||||
@ -229,6 +237,14 @@ make -k check
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 19 2023 Jakub Jelen <jjelen@redhat.com> - 2.3.3-4
|
||||||
|
- Revert marking the SHA-1 digest as weak (#2184640)
|
||||||
|
|
||||||
|
* Thu Mar 30 2023 Jakub Jelen <jjelen@redhat.com> - 2.3.3-3
|
||||||
|
- Mark SHA-1 digest as weak to follow SHA-1 disablement in RHEL9 (#2070722)
|
||||||
|
- Fix interaction with SSH by not requiring the MD5 digest (#2073567)
|
||||||
|
- Fix creation of AEAD packets (#2128058)
|
||||||
|
|
||||||
* Wed Aug 03 2022 Jakub Jelen <jjelen@redhat.com> - 2.3.3-2
|
* Wed Aug 03 2022 Jakub Jelen <jjelen@redhat.com> - 2.3.3-2
|
||||||
- Fix CVE-2022-34903 (#2108449)
|
- Fix CVE-2022-34903 (#2108449)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user