rpms/gnupg2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import gnupg2-2.3.3-2.el9_0

Browse Source
This commit is contained in:
CentOS Sources 2022-09-27 10:11:29 -04:00 committed by Stepan Oksanichenko
parent 35fa87a01c
commit ec9f742138
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
SOURCES/gnupg-2.3.3-CVE-2022-34903.patch Normal file
View File

@ -0,0 +1,50 @@
From 34c649b3601383cd11dbc76221747ec16fd68e1b Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 14 Jun 2022 11:33:27 +0200
Subject: [PATCH GnuPG] g10: Fix garbled status messages in NOTATION_DATA
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
--
Depending on the escaping and line wrapping the computed remaining
buffer length could be wrong. Fixed by always using a break to
terminate the escape detection loop. Might have happened for all
status lines which may wrap.
GnuPG-bug-id: T6027
---
g10/cpr.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/g10/cpr.c b/g10/cpr.c
index 9bfdd3c34..fa8005d6f 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -372,20 +372,15 @@ write_status_text_and_buffer (int no, const char *string,
}
first = 0;
}
- for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
+ for (esc=0, s=buffer, n=len; n; s++, n--)
{
if (*s == '%' || *(const byte*)s <= lower_limit
|| *(const byte*)s == 127 )
esc = 1;
if (wrap && ++count > wrap)
- {
- dowrap=1;
- break;
- }
- }
- if (esc)
- {
- s--; n++;
+ dowrap=1;
+ if (esc || dowrap)
+ break;
}
if (s != buffer)
es_fwrite (buffer, s-buffer, 1, statusfp);
--
2.37.1

8
SPECS/gnupg2.spec
View File

@ -7,7 +7,7 @@
Summary: Utility for secure communication and data storage Summary: Utility for secure communication and data storage
Name: gnupg2 Name: gnupg2
Version: 2.3.3 Version: 2.3.3
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv3+ License: GPLv3+
Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2 Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
@ -29,6 +29,8 @@ Patch22: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.
Patch30: gnupg-2.2.21-coverity.patch Patch30: gnupg-2.2.21-coverity.patch
# Revert default EdDSA key types # Revert default EdDSA key types
Patch31: gnupg-2.3.1-revert-default-eddsa.patch Patch31: gnupg-2.3.1-revert-default-eddsa.patch
# Revert default EdDSA key types
Patch32: gnupg-2.3.3-CVE-2022-34903.patch
URL: https://www.gnupg.org/ URL: https://www.gnupg.org/
@ -113,6 +115,7 @@ to the base GnuPG package
%patch30 -p1 -b .coverity %patch30 -p1 -b .coverity
%patch31 -p1 -R -b .eddsa %patch31 -p1 -R -b .eddsa
%patch32 -p1 -b .CVE-2022-34903
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon, # Note: this is just the name of the default shared lib to load in scdaemon,
@ -226,6 +229,9 @@ make -k check
%changelog %changelog
* Wed Aug 03 2022 Jakub Jelen <jjelen@redhat.com> - 2.3.3-2
- Fix CVE-2022-34903 (#2108449)
* Fri Nov 19 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.3-1 * Fri Nov 19 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.3-1
- Rebase to 2.3.1 to address random tests failures (#1984842) - Rebase to 2.3.1 to address random tests failures (#1984842)