rpms/gnupg2/F-13 gnupg-2.0.14-secmem.patch, NONE, 1.1 gnupg-2.0.16-gpgsm_realloc.patch, NONE, 1.1 gnupg2.spec, 1.100, 1.101
Rex Dieter
rdieter at fedoraproject.org
Fri Jul 23 18:38:52 UTC 2010
Author: rdieter
Update of /cvs/pkgs/rpms/gnupg2/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv20252
Modified Files:
gnupg2.spec
Added Files:
gnupg-2.0.14-secmem.patch gnupg-2.0.16-gpgsm_realloc.patch
Log Message:
* Fri Jul 23 2010 Rex Dieter <rdieter at fedoraproject.org> - 2.0.14-4
- gpgsm realloc patch
gnupg-2.0.14-secmem.patch:
g10/gpg.c | 4 ++--
sm/gpgsm.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
--- NEW FILE gnupg-2.0.14-secmem.patch ---
diff -up gnupg-2.0.14/g10/gpg.c.secmem gnupg-2.0.14/g10/gpg.c
--- gnupg-2.0.14/g10/gpg.c.secmem 2009-12-21 15:00:55.000000000 +0100
+++ gnupg-2.0.14/g10/gpg.c 2010-06-18 18:03:24.000000000 +0200
@@ -789,7 +789,7 @@ make_libversion (const char *libname, co
if (maybe_setuid)
{
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
maybe_setuid = 0;
}
s = getfnc (NULL);
@@ -892,7 +892,7 @@ build_list( const char *text, char lette
char *list, *p, *line=NULL;
if (maybe_setuid)
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
for(i=0; i <= 110; i++ )
if( !chkf(i) && (s=mapf(i)) )
diff -up gnupg-2.0.14/sm/gpgsm.c.secmem gnupg-2.0.14/sm/gpgsm.c
--- gnupg-2.0.14/sm/gpgsm.c.secmem 2009-12-10 12:35:43.000000000 +0100
+++ gnupg-2.0.14/sm/gpgsm.c 2010-06-18 18:03:07.000000000 +0200
@@ -493,7 +493,7 @@ make_libversion (const char *libname, co
if (maybe_setuid)
{
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */
maybe_setuid = 0;
}
s = getfnc (NULL);
gnupg-2.0.16-gpgsm_realloc.patch:
keybox-blob.c | 1 +
1 file changed, 1 insertion(+)
--- NEW FILE gnupg-2.0.16-gpgsm_realloc.patch ---
diff -up gnupg-2.0.16/kbx/keybox-blob.c.gpgsm_realloc gnupg-2.0.16/kbx/keybox-blob.c
--- gnupg-2.0.16/kbx/keybox-blob.c.gpgsm_realloc 2009-09-21 11:53:44.000000000 -0500
+++ gnupg-2.0.16/kbx/keybox-blob.c 2010-07-23 12:29:54.222718366 -0500
@@ -898,6 +898,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_
rc = gpg_error_from_syserror ();
goto leave;
}
+ names = tmp;
}
names[blob->nuids++] = p;
if (!i && (p=x509_email_kludge (p)))
Index: gnupg2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gnupg2/F-13/gnupg2.spec,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -p -r1.100 -r1.101
--- gnupg2.spec 9 Feb 2010 12:01:58 -0000 1.100
+++ gnupg2.spec 23 Jul 2010 18:38:52 -0000 1.101
@@ -2,7 +2,7 @@
Summary: Utility for secure communication and data storage
Name: gnupg2
Version: 2.0.14
-Release: 2%{?dist}
+Release: 4%{?dist}
License: GPLv3+
Group: Applications/System
@@ -12,18 +12,23 @@ Source1: ftp://ftp.gnupg.org/gcrypt/%{?p
#Source0: gnupg2-20090809svn.tar.bz2
Patch1: gnupg-2.0.13-insttools.patch
Patch2: gnupg-2.0.14-tests-s2kcount.patch
+Patch3: gnupg-2.0.14-secmem.patch
URL: http://www.gnupg.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+## upstream patches
+# Security Alert for GnuPG 2.0 - Realloc bug in GPGSM
+# http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html
+Patch100: gnupg-2.0.16-gpgsm_realloc.patch
+
#BuildRequires: automake libtool texinfo transfig
BuildRequires: bzip2-devel
BuildRequires: curl-devel
BuildRequires: docbook-utils
BuildRequires: gettext
BuildRequires: libassuan-static, libassuan-devel >= 1.0.4
-# libgcrypt-devel >= 1.4.0 is preferred, see http://bugzilla.redhat.com/435320
-BuildRequires: libgcrypt-devel >= 1.4
+BuildRequires: libgcrypt-devel >= 1.4
BuildRequires: libgpg-error-devel => 1.4
BuildRequires: libksba-devel >= 1.0.2
BuildRequires: openldap-devel
@@ -72,6 +77,8 @@ to the base GnuPG package
%patch1 -p1 -b .insttools
%patch2 -p1 -b .s2k
+%patch3 -p1 -b .secmem
+%patch100 -p1 -b .gpgsm_realloc
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon,
@@ -80,10 +87,6 @@ to the base GnuPG package
sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/{scdaemon,pcsc-wrapper}.c
-# fix temp broken docs
-#sed -i -e 's/^@include version.texi//' doc/gnupg.texi
-#./autogen.sh
-
%build
@@ -184,6 +187,13 @@ rm -rf %{buildroot}
%changelog
+* Fri Jul 23 2010 Rex Dieter <rdieter at fedoraproject.org> - 2.0.14-4
+- gpgsm realloc patch
+
+* Fri Jun 18 2010 Tomas Mraz <tmraz at redhat.com> - 2.0.14-3
+- initialize small amount of secmem for list of algorithms in help (#598847)
+ (necessary in the FIPS mode of libgcrypt)
+
* Tue Feb 9 2010 Tomas Mraz <tmraz at redhat.com> - 2.0.14-2
- disable selinux support - it is too rudimentary and restrictive (#562982)
More information about the scm-commits
mailing list