rpms/gnupg2/FC-4 gnupg-1.9.22-CVE-2006-6169.patch, NONE, 1.1 gnupg2.spec, 1.21, 1.22
Rex Dieter (rdieter)
fedora-extras-commits at redhat.com
Fri Dec 1 14:41:19 UTC 2006
Author: rdieter
Update of /cvs/extras/rpms/gnupg2/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13740
Modified Files:
gnupg2.spec
Added Files:
gnupg-1.9.22-CVE-2006-6169.patch
Log Message:
* Fri Dec 01 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-8
- CVE-2006-6169 (bug #217950)
- --disable-optmization on 64bit archs
gnupg-1.9.22-CVE-2006-6169.patch:
--- NEW FILE gnupg-1.9.22-CVE-2006-6169.patch ---
--- gnupg-1.9.22/g10/openfile.c.CVE-2006-6169 2006-06-20 11:33:00.000000000 -0500
+++ gnupg-1.9.22/g10/openfile.c 2006-12-01 08:36:19.000000000 -0600
@@ -145,8 +145,8 @@
s = _("Enter new filename");
- n = strlen(s) + namelen + 10;
defname = name && namelen? make_printable_string( name, namelen, 0): NULL;
+ n = strlen(s) + (defname?strlen (defname):0) + 10;
prompt = xmalloc(n);
if( defname )
sprintf(prompt, "%s [%s]: ", s, defname );
Index: gnupg2.spec
===================================================================
RCS file: /cvs/extras/rpms/gnupg2/FC-4/gnupg2.spec,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- gnupg2.spec 18 Sep 2006 13:51:29 -0000 1.21
+++ gnupg2.spec 1 Dec 2006 14:40:49 -0000 1.22
@@ -6,35 +6,24 @@
%define kde_scriptdir %{_prefix}
%endif
-# define _enable_gpg to build/include gnupg2 binary, currently disabled because:
-# * currently doesn't build
-# * has security issue (CVE-2006-3082)
-# * upstream devs say "You shall not build the gpg part. There is a reason why it is not
-# enabled by default"
-#define _enable_gpg --enable-gpg
-
Summary: Utility for secure communication and data storage
Name: gnupg2
Version: 1.9.22
-Release: 6%{?dist}
+Release: 8%{?dist}
License: GPL
Group: Applications/System
-#Source0: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-%{version}.tar.bz2
-#Source1: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-%{version}.tar.bz2.sig
-#use mirror(s), since the primary site hardly ever works anymore
-Source0: http://mirrors.rootmode.com/ftp.gnupg.org/alpha/gnupg/gnupg-%{version}.tar.bz2
-Source1: http://mirrors.rootmode.com/ftp.gnupg.org/alpha/gnupg/gnupg-%{version}.tar.bz2.sig
+Source0: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-%{version}.tar.bz2
+Source1: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-%{version}.tar.bz2.sig
URL: http://www.gnupg.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-# omit broken x86_64 build
-# ExcludeArch: x86_64
# enable auto-startup/shutdown of gpg-agent
Source10: gpg-agent-startup.sh
Source11: gpg-agent-shutdown.sh
-Patch2: gnupg-1.9.16-testverbose.patch
+Patch2: gnupg-1.9.16-testverbose.patch
+Patch100: gnupg-1.9.22-CVE-2006-6169.patch
Obsoletes: newpg < 0.9.5
@@ -85,7 +74,8 @@
%prep
%setup -q -n gnupg-%{version}
-%patch2 -p1 -b .testverbose
+%patch2 -p1 -b .testverbose
+%patch100 -p1 -b .CVE-2006-6169
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon,
@@ -104,6 +94,9 @@
%configure \
--disable-rpath \
--disable-dependency-tracking \
+%if "%{_lib}" == "lib64"
+ --disable-optimization \
+%endif
%{?_enable_gpg}
make %{?_smp_mflags}
@@ -172,6 +165,10 @@
%changelog
+* Fri Dec 01 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-8
+- CVE-2006-6169 (bug #217950)
+- --disable-optmization on 64bit archs
+
* Mon Sep 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-7
- gpg-agent-startup.sh: fix case where valid .gpg-agent-info exists
More information about the fedora-extras-commits
mailing list