diff --git a/backport-gpg-Fix-double-free-of-internal-data.patch b/backport-gpg-Fix-double-free-of-internal-data.patch new file mode 100644 index 0000000000000000000000000000000000000000..7406f19f334e025da066de5591acaf751642b8f6 --- /dev/null +++ b/backport-gpg-Fix-double-free-of-internal-data.patch @@ -0,0 +1,32 @@ +From 4be25979a6b3e2a79d7c9667b07db8b09fb046e9 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Thu, 13 Mar 2025 11:35:34 +0100 +Subject: [PATCH] gpg: Fix double free of internal data. + +* g10/sig-check.c (check_signature_over_key_or_uid): Do not free in +no-sig-cache mode if allocated by caller. +-- + +GnuPG-bug-id: 7547 +Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec +--- + g10/sig-check.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/g10/sig-check.c b/g10/sig-check.c +index 456c29320..ed83c23f9 100644 +--- a/g10/sig-check.c ++++ b/g10/sig-check.c +@@ -1007,7 +1007,8 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, + rc = get_pubkey_for_sig (ctrl, signer, sig, NULL); + if (rc) + { +- xfree (signer); ++ if (signer_alloced != 1) ++ xfree (signer); + signer = NULL; + signer_alloced = 0; + goto leave; +-- +2.33.0 + diff --git a/gnupg2.spec b/gnupg2.spec index 29e41787cbdae389a5187c45e1eb4e1ed09149f0..558c4dba5a7cee1340b1fb6f8da2f9052848f8c4 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -1,6 +1,6 @@ Name: gnupg2 Version: 2.4.7 -Release: 2 +Release: 3 Summary: Utility for secure communication and data storage License: CC0-1.0 AND GPL-2.0-or-later AND GPL-3.0-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later AND (BSD-3-Clause OR LGPL-3.0-or-later OR GPL-2.0-or-later) AND CC-BY-4.0 AND MIT @@ -20,6 +20,7 @@ Patch9: gnupg2-revert-rfc4880bis.patch # https://lists.gnupg.org/pipermail/gnupg-devel/2024-July/035627.html Patch10: gnupg-2.4.5-do-install-expired-ca.patch Patch13: supports-sm2-algorithm-signature-and-uses-sm3-hash-algorithm.patch +Patch14: backport-gpg-Fix-double-free-of-internal-data.patch BuildRequires: gcc BuildRequires: autoconf automake @@ -122,6 +123,9 @@ rm -f %{buildroot}%{_infodir}/dir %changelog +* Fri Mar 21 2025 yixiangzhike - 2.4.7-3 +- backport upstream patch to fix double free + * Tue Jan 21 2025 Jia Chao - 2.4.7-2 - Fix: add autoconf, automake to buildrequires.