rpms/gnupg2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- initialize small amount of secmem for list of algorithms in help

Browse Source 
(#598847) (necessary in the FIPS mode of libgcrypt)
This commit is contained in:
Tomáš Mráz 2010-06-18 16:13:38 +00:00
parent c6c97ece05
commit e440af61af
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
gnupg-2.0.14-secmem.patch Normal file
View File

@ -0,0 +1,33 @@
diff -up gnupg-2.0.14/g10/gpg.c.secmem gnupg-2.0.14/g10/gpg.c
--- gnupg-2.0.14/g10/gpg.c.secmem 2009-12-21 15:00:55.000000000 +0100
+++ gnupg-2.0.14/g10/gpg.c 2010-06-18 18:03:24.000000000 +0200
@@ -789,7 +789,7 @@ make_libversion (const char *libname, co
if (maybe_setuid)
{
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
maybe_setuid = 0;
}
s = getfnc (NULL);
@@ -892,7 +892,7 @@ build_list( const char *text, char lette
char *list, *p, *line=NULL;
if (maybe_setuid)
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
for(i=0; i <= 110; i++ )
if( !chkf(i) && (s=mapf(i)) )
diff -up gnupg-2.0.14/sm/gpgsm.c.secmem gnupg-2.0.14/sm/gpgsm.c
--- gnupg-2.0.14/sm/gpgsm.c.secmem 2009-12-10 12:35:43.000000000 +0100
+++ gnupg-2.0.14/sm/gpgsm.c 2010-06-18 18:03:07.000000000 +0200
@@ -493,7 +493,7 @@ make_libversion (const char *libname, co
if (maybe_setuid)
{
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
maybe_setuid = 0;
}
s = getfnc (NULL);

8
gnupg2.spec
View File

@ -2,7 +2,7 @@
Summary: Utility for secure communication and data storage Summary: Utility for secure communication and data storage
Name: gnupg2 Name: gnupg2
Version: 2.0.14 Version: 2.0.14
Release: 2%{?dist} Release: 3%{?dist}
License: GPLv3+ License: GPLv3+
Group: Applications/System Group: Applications/System
@ -12,6 +12,7 @@ Source1: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.
#Source0: gnupg2-20090809svn.tar.bz2 #Source0: gnupg2-20090809svn.tar.bz2
Patch1: gnupg-2.0.13-insttools.patch Patch1: gnupg-2.0.13-insttools.patch
Patch2: gnupg-2.0.14-tests-s2kcount.patch Patch2: gnupg-2.0.14-tests-s2kcount.patch
Patch3: gnupg-2.0.14-secmem.patch
URL: http://www.gnupg.org/ URL: http://www.gnupg.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -72,6 +73,7 @@ to the base GnuPG package
%patch1 -p1 -b .insttools %patch1 -p1 -b .insttools
%patch2 -p1 -b .s2k %patch2 -p1 -b .s2k
%patch3 -p1 -b .secmem
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon, # Note: this is just the name of the default shared lib to load in scdaemon,
@ -184,6 +186,10 @@ rm -rf %{buildroot}
%changelog %changelog
* Fri Jun 18 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-3
- initialize small amount of secmem for list of algorithms in help (#598847)
(necessary in the FIPS mode of libgcrypt)
* Tue Feb 9 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-2 * Tue Feb 9 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-2
- disable selinux support - it is too rudimentary and restrictive (#562982) - disable selinux support - it is too rudimentary and restrictive (#562982)