From 570b1f1fd5a8256870acb5581d57ccca4793253c Mon Sep 17 00:00:00 2001 From: zbyniu Date: Sat, 14 Aug 2010 22:25:19 +0000 Subject: [PATCH] - patch fixes CVE-2010-2547 ; rel 1.1 Changed files: CVE-2010-2547.patch -> 1.1 gnupg2.spec -> 1.103 --- CVE-2010-2547.patch | 10 ++++++++++ gnupg2.spec | 4 +++- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 CVE-2010-2547.patch diff --git a/CVE-2010-2547.patch b/CVE-2010-2547.patch new file mode 100644 index 0000000..11da3d5 --- /dev/null +++ b/CVE-2010-2547.patch @@ -0,0 +1,10 @@ +--- gnupg-2.0.16/kbx/keybox-blob.c~ 2009-09-21 18:53:44.000000000 +0200 ++++ gnupg-2.0.16/kbx/keybox-blob.c 2010-08-14 23:41:56.679952838 +0200 +@@ -898,6 +898,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_ + rc = gpg_error_from_syserror (); + goto leave; + } ++ names = tmp; + } + names[blob->nuids++] = p; + if (!i && (p=x509_email_kludge (p))) diff --git a/gnupg2.spec b/gnupg2.spec index 8acf9e2..d04172d 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -7,7 +7,7 @@ Summary: GNU Privacy Guard - tool for secure communication and data storage - en Summary(pl.UTF-8): GnuPG - narzędzie do bezpiecznej komunikacji i bezpiecznego przechowywania danych - wersja rozszerzona Name: gnupg2 Version: 2.0.16 -Release: 1 +Release: 1.1 License: GPL v3+ Group: Applications/File Source0: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 @@ -18,6 +18,7 @@ Patch1: %{name}-pth.patch # send it upstream after updating! Patch2: %{name}-pl.po-update.patch Patch3: %{name}-disable_tests.patch +Patch4: CVE-2010-2547.patch URL: http://www.gnupg.org/ BuildRequires: adns-devel BuildRequires: autoconf >= 2.61 @@ -195,6 +196,7 @@ Rozszerzenie GnuPG - obsługa S/MIME. %patch1 -p1 %patch2 -p1 %{!?with_tests:%patch3 -p1} +%patch4 -p1 rm -f po/stamp-po -- 2.44.0