From c91e8cbad837c452d299b675fe390042888cea3b Mon Sep 17 00:00:00 2001 From: yixiangzhike Date: Mon, 28 Dec 2020 11:11:03 +0800 Subject: [PATCH] fix CVE-2020-25125 --- backport-CVE-2020-25125.patch | 35 +++++++++++++++++++++++++++++++++++ gnupg2.spec | 8 ++++++-- 2 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 backport-CVE-2020-25125.patch diff --git a/backport-CVE-2020-25125.patch b/backport-CVE-2020-25125.patch new file mode 100644 index 0000000..7b55642 --- /dev/null +++ b/backport-CVE-2020-25125.patch @@ -0,0 +1,35 @@ +From aeb8272ca8aad403a4baac33b8d5673719cfd8f0 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Thu, 3 Sep 2020 15:22:00 +0200 +Subject: [PATCH] gpg: Fix AEAD preference list overflow + +* g10/getkey.c (fixup_uidnode): Increase size of prefs array. +-- + +GnuPG-bug-id: 5050 +Fixes-commit: ab7a0b07024c432233e691b5e4be7e32baf8d80f +which introduced a feature to show the AEAD preferences of keys +created with rfc4880bis capable software (e.g. GnuPG 2.3-beta). +The same code in 2.3 is correct, though. + +Signed-off-by: Werner Koch +--- + g10/getkey.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/g10/getkey.c b/g10/getkey.c +index 3d0dd0b..3f0a692 100644 +--- a/g10/getkey.c ++++ b/g10/getkey.c +@@ -2481,7 +2481,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated) + nzip = p ? n : 0; + if (uid->prefs) + xfree (uid->prefs); +- n = nsym + nhash + nzip; ++ n = nsym + naead + nhash + nzip; + if (!n) + uid->prefs = NULL; + else +-- +1.8.3.1 + diff --git a/gnupg2.spec b/gnupg2.spec index f983ffb..7cc302c 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -1,6 +1,6 @@ Name: gnupg2 Version: 2.2.21 -Release: 1 +Release: 2 Summary: Utility for secure communication and data storage License: GPLv3+ @@ -16,9 +16,10 @@ Patch5: gnupg-2.1.21-large-rsa.patch Patch6: gnupg-2.2.16-ocsp-keyusage.patch Patch7: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch Patch8: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch -patch9: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch +Patch9: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch Patch10: gnupg-2.2.20-file-is-digest.patch Patch11: gnupg-2.2.21-coverity.patch +Patch12: backport-CVE-2020-25125.patch BuildRequires: zlib-devel, npth-devel, gdb, texinfo BuildRequires: libgpg-error-devel >= 1.31 @@ -113,6 +114,9 @@ make check %changelog +* Mon Dec 28 2020 yixiangzhike - 2.2.21-2 +- fix CVE-2020-25125 + * Mon Aug 24 2020 yangzhuangzhuang - 2.2.21-1 - update version to 2.2.21 -- Gitee