Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rnp for openSUSE:Factory checked in at 2025-11-24 14:11:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rnp (Old) and /work/SRC/openSUSE:Factory/.rnp.new.14147 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rnp" Mon Nov 24 14:11:03 2025 rev:20 rq:1319259 version:0.18.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rnp/rnp.changes 2025-08-04 15:24:50.034021694 +0200 +++ /work/SRC/openSUSE:Factory/.rnp.new.14147/rnp.changes 2025-11-24 14:13:45.572805916 +0100 @@ -1,0 +2,8 @@ +Sat Nov 22 09:07:35 UTC 2025 - Andreas Stieger <[email protected]> + +- update to 0.18.1: + * CVE-2025-13470: PKESK (public-key encrypted) session keys were + generated as all-zero, allowing trivial decryption of messages + encrypted with public keys only (boo#1253957, CVE-2025-13402) + +------------------------------------------------------------------- Old: ---- rnp-v0.18.0.tar.gz rnp-v0.18.0.tar.gz.asc New: ---- rnp-v0.18.1.tar.gz rnp-v0.18.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rnp.spec ++++++ --- /var/tmp/diff_new_pack.vGhoRN/_old 2025-11-24 14:13:46.396840627 +0100 +++ /var/tmp/diff_new_pack.vGhoRN/_new 2025-11-24 14:13:46.400840796 +0100 @@ -18,7 +18,7 @@ %define soname 0 Name: rnp -Version: 0.18.0 +Version: 0.18.1 Release: 0 Summary: OpenPGP implementation fully compliant with RFC 4880 License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause @@ -102,9 +102,9 @@ %files devel %license LICENSE* %doc CHANGELOG.md README.adoc -%{_includedir}/* +%{_includedir}/rnp %{_libdir}/cmake/rnp -%{_libdir}/*.so +%{_libdir}/librnp.so %{_libdir}/pkgconfig/*.pc %{_mandir}/man3/*.3%{?ext_man} ++++++ rnp-v0.18.0.tar.gz -> rnp-v0.18.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/CHANGELOG.md new/rnp-v0.18.1/CHANGELOG.md --- old/rnp-v0.18.0/CHANGELOG.md 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/CHANGELOG.md 2025-11-21 14:21:08.000000000 +0100 @@ -1,6 +1,20 @@ ## Changelog -### 0.18.0 [2025-05-24] +### 0.18.1 [2025-11-21] + +#### Security + +* Fixed critical issue where PKESK (public-key encrypted) session keys were + generated as all-zero, allowing trivial decryption of messages encrypted with + public keys only (CVE-PENDING, + https://bugzilla.redhat.com/show_bug.cgi?id=2415863). + + +### 0.18.0 [2025-05-24] -- RETRACTED, DON'T USE + +**SECURITY WARNING:** This version contains a critical vulnerability where +public-key encrypted messages use all-zero session keys. All users must upgrade +to 0.18.1 or later immediately. #### General @@ -464,7 +478,7 @@ #### FFI -* Fixed key search by fingerprint. +* Fixed key search by fingerprint. ### 0.9.0 [2018-06-27] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/CMakeLists.txt new/rnp-v0.18.1/CMakeLists.txt --- old/rnp-v0.18.0/CMakeLists.txt 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/CMakeLists.txt 2025-11-21 14:21:08.000000000 +0100 @@ -161,7 +161,9 @@ # set a few other things at the top level to prevent incompatibilities set(CMAKE_C_STANDARD 99) -set(CMAKE_CXX_STANDARD 11) +if(NOT CMAKE_CXX_STANDARD) + set(CMAKE_CXX_STANDARD 11) +endif() set(CMAKE_CXX_STANDARD_REQUIRED ON) set(CMAKE_CXX_EXTENSIONS OFF) add_definitions(-D_GNU_SOURCE) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/cmake/packaging.cmake new/rnp-v0.18.1/cmake/packaging.cmake --- old/rnp-v0.18.0/cmake/packaging.cmake 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/cmake/packaging.cmake 2025-11-21 14:21:08.000000000 +0100 @@ -75,6 +75,6 @@ set(CPACK_FREEBSD_PACKAGE_MAINTAINER "${PACKAGING_EMAIL}") set(CPACK_FREEBSD_PACKAGE_ORIGIN "security/rnp") set(CPACK_FREEBSD_PACKAGE_CATEGORIES security) -set(CPACK_FREEBSD_PACKAGE_DEPS bzip2 json-c botan2) +set(CPACK_FREEBSD_PACKAGE_DEPS bzip2 json-c botan3) include(CPack) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/docs/installation.adoc new/rnp-v0.18.1/docs/installation.adoc --- old/rnp-v0.18.0/docs/installation.adoc 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/docs/installation.adoc 2025-11-21 14:21:08.000000000 +0100 @@ -54,7 +54,7 @@ [source,console] ---- # Clone the repository by version tag (or omit it to get the latest sources) -git clone https://github.com/rnpgp/rnp.git -b v0.18.0 +git clone https://github.com/rnpgp/rnp.git -b v0.18.1 Please ensure that you clone with submodules if you use a version higher then 0.16.2 git clone https://github.com/rnpgp/rnp.git --recurse-submodules --shallow-submodules @@ -63,8 +63,8 @@ sudo apt install g++-8 cmake libbz2-dev zlib1g-dev libjson-c-dev build-essential python-minimal # Download, build and install Botan2 -wget -qO- https://botan.randombit.net/releases/Botan-2.19.4.tar.xz | tar xvJ -cd Botan-2.19.4 +wget -qO- https://botan.randombit.net/releases/Botan-3.10.0.tar.xz | tar xvJ +cd Botan-3.10.0 ./configure.py --prefix=/usr make sudo make install @@ -91,7 +91,7 @@ [source,console] ---- # Clone the repository by version tag (or omit it to get the latest sources) -git clone https://github.com/rnpgp/rnp.git -b v0.18.0 +git clone https://github.com/rnpgp/rnp.git -b v0.18.1 Please ensure that you clone with submodules if you use a version higher then 0.16.2 git clone https://github.com/rnpgp/rnp.git --recurse-submodules --shallow-submodules diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/include/rnp/rnp.h new/rnp-v0.18.1/include/rnp/rnp.h --- old/rnp-v0.18.0/include/rnp/rnp.h 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/include/rnp/rnp.h 2025-11-21 14:21:08.000000000 +0100 @@ -2736,7 +2736,7 @@ * - "CFB" : secret key data is encrypted in CFB mode, using the password * - "CBC" : secret key data is encrypted in CBC mode, using the password * (only for G10 keys) - * - "OCB" : secert key data is encrypted in OCB mode, using the password + * - "OCB" : secret key data is encrypted in OCB mode, using the password * (only for G10 keys) * @return RNP_SUCCESS on success, or any other value on error. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/src/lib/crypto/ec_ossl.cpp new/rnp-v0.18.1/src/lib/crypto/ec_ossl.cpp --- old/rnp-v0.18.0/src/lib/crypto/ec_ossl.cpp 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/src/lib/crypto/ec_ossl.cpp 2025-11-21 14:21:08.000000000 +0100 @@ -179,7 +179,7 @@ if (!keyx) { /* as per RFC, EdDSA & 25519 keys must use 0x40 byte for encoding */ if ((keyp.size() != 33) || (keyp[0] != 0x40)) { - RNP_LOG("Invalid 25519 public key."); + RNP_LOG("Invalid 25519 public key. Size %zu, byte 0x%02x", keyp.size(), keyp[0]); return nullptr; } rnp::ossl::evp::PKey evpkey( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/src/librepgp/stream-dump.cpp new/rnp-v0.18.1/src/librepgp/stream-dump.cpp --- old/rnp-v0.18.0/src/librepgp/stream-dump.cpp 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/src/librepgp/stream-dump.cpp 2025-11-21 14:21:08.000000000 +0100 @@ -49,6 +49,10 @@ #include "key.hpp" #include "json-utils.h" #include <algorithm> +#ifndef __STDC_FORMAT_MACROS +#define __STDC_FORMAT_MACROS +#endif +#include <cinttypes> static const id_str_pair packet_tag_map[] = { {PGP_PKT_RESERVED, "Reserved"}, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/src/librepgp/stream-sig.cpp new/rnp-v0.18.1/src/librepgp/stream-sig.cpp --- old/rnp-v0.18.0/src/librepgp/stream-sig.cpp 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/src/librepgp/stream-sig.cpp 2025-11-21 14:21:08.000000000 +0100 @@ -65,7 +65,7 @@ case PGP_V3: FALLTHROUGH_STATEMENT; case PGP_V4: { - assert(key.pub_data.size() < ((size_t) 1 << 16)); + assert(key.pub_data.size() <= ((size_t) 0xffffu)); uint8_t hdr[3] = {0x99, 0x00, 0x00}; write_uint16(hdr + 1, key.pub_data.size()); hash.add(hdr, 3); @@ -73,7 +73,7 @@ break; } case PGP_V5: { - assert(key.pub_data.size() < ((size_t) 1 << 32)); + assert(key.pub_data.size() <= (size_t) 0xffffffffu); uint8_t hdr[5] = {0x9A, 0x00, 0x00, 0x00, 0x00}; write_uint32(hdr + 1, key.pub_data.size()); hash.add(&hdr, 5); @@ -82,7 +82,7 @@ } #if defined(ENABLE_CRYPTO_REFRESH) case PGP_V6: { - assert(key.pub_data.size() < ((size_t) 1 << 32)); + assert(key.pub_data.size() <= (size_t) 0xffffffffu); uint8_t hdr[5] = {0x9b, 0x00, 0x00, 0x00, 0x00}; write_uint32(hdr + 1, key.pub_data.size()); hash.add(hdr, sizeof(hdr)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/src/librepgp/stream-write.cpp new/rnp-v0.18.1/src/librepgp/stream-write.cpp --- old/rnp-v0.18.0/src/librepgp/stream-write.cpp 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/src/librepgp/stream-write.cpp 2025-11-21 14:21:08.000000000 +0100 @@ -756,12 +756,13 @@ } static bool -encrypted_build_skesk(pgp_dest_encrypted_param_t ¶m, - rnp::secure_bytes & key, - const size_t keylen) +encrypted_build_cek(pgp_dest_encrypted_param_t ¶m, + rnp::secure_bytes & key, + const size_t keylen) { auto &ctx = param.ctx; if (ctx.passwords.empty()) { + ctx.sec_ctx.rng.get(key.data(), keylen); return true; } @@ -1036,7 +1037,7 @@ /* Build SKESK and generate CEK */ rnp_result_t ret = RNP_ERROR_BAD_PARAMETERS; - if (!encrypted_build_skesk(*param, enckey, keylen)) { + if (!encrypted_build_cek(*param, enckey, keylen)) { goto finish; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/src/tests/CMakeLists.txt new/rnp-v0.18.1/src/tests/CMakeLists.txt --- old/rnp-v0.18.0/src/tests/CMakeLists.txt 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/src/tests/CMakeLists.txt 2025-11-21 14:21:08.000000000 +0100 @@ -78,8 +78,10 @@ find_package(OpenSSL 1.1.1 REQUIRED) endif() -if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "GNU" OR CMAKE_CXX_COMPILER_VERSION VERSION_GREATER "4.8.5") - set(CMAKE_CXX_STANDARD 14) +if(NOT CMAKE_CXX_STANDARD OR CMAKE_CXX_STANDARD LESS 14) + if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "GNU" OR CMAKE_CXX_COMPILER_VERSION VERSION_GREATER "4.8.5") + set(CMAKE_CXX_STANDARD 14) + endif() endif() if(CRYPTO_BACKEND_BOTAN3) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/src/tests/cli_tests.py new/rnp-v0.18.1/src/tests/cli_tests.py --- old/rnp-v0.18.0/src/tests/cli_tests.py 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/src/tests/cli_tests.py 2025-11-21 14:21:08.000000000 +0100 @@ -5000,6 +5000,37 @@ self.assertNotEqual(ret, 0) self.assertRegex(err, r'(?s)^.*failed to obtain decrypting key or password.*') + def test_encryption_cek(self): + RNPDIR2 = RNPDIR + '2' + os.mkdir(RNPDIR2, 0o700) + GPGHOME2 = GPGHOME + '2' + GPGDIR2 = GPGDIR + '2' + os.mkdir(GPGDIR2, 0o700) + # Generate default key + ret, _, _ = run_proc(RNPK, ['--homedir', RNPDIR2, '--generate', '--userid', 'test_cek', '--password', PASSWORD]) + self.assertEqual(ret, 0) + # Import key by GnuPG + ret, _, _ = run_proc(GPG, ['--batch', '--homedir', GPGHOME2, GPG_LOOPBACK, '--passphrase', PASSWORD, '--import', RNPDIR2 + '/secring.gpg']) + # Encrypt some data + src, enc = reg_workfiles('cleartext', '.txt', '.enc') + random_text(src, 2000) + pattern = re.compile(r'(?s)gpg: encrypted with.*test_cek.*session key: \'[\d]+:([0-9A-F]{64})\'.*') + keys = set() + + for _ in range(10): + ret, _, _ = run_proc(RNP, ['--homedir', RNPDIR2, '-r', 'test_cek', '-e', src, '--overwrite', '--output', enc]) + self.assertEqual(ret, 0) + ret, _, err = run_proc(GPG, ['--batch', '--homedir', GPGHOME2, '--show-session-key', GPG_LOOPBACK, '--passphrase', PASSWORD, '--output', '/dev/null', '-d', enc]) + self.assertEqual(ret, 0) + m = pattern.match(err) + self.assertTrue(m) + key = m.group(1) + self.assertNotIn(key, keys) + keys.add(key) + + shutil.rmtree(RNPDIR2, ignore_errors=True) + shutil.rmtree(GPGDIR2, ignore_errors=True) + class Compression(unittest.TestCase): @classmethod def setUpClass(cls): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/src/tests/ffi.cpp new/rnp-v0.18.1/src/tests/ffi.cpp --- old/rnp-v0.18.0/src/tests/ffi.cpp 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/src/tests/ffi.cpp 2025-11-21 14:21:08.000000000 +0100 @@ -2848,16 +2848,16 @@ static std::vector<uint8_t> shrink_len_2_to_1(const std::vector<uint8_t> &src) { - std::vector<uint8_t> dst = std::vector<uint8_t>(); - dst.reserve(src.size() - 1); - dst.insert(dst.end(), - PGP_PTAG_ALWAYS_SET | (PGP_PKT_PUBLIC_KEY << PGP_PTAG_OF_CONTENT_TAG_SHIFT) | - PGP_PTAG_OLD_LEN_1); // make sure the most significant octet of 2-octet length is actually zero - if (src[1] != 0) { + if ((src.size() < 3) || (src[1] != 0)) { throw std::invalid_argument("src"); } - dst.insert(dst.end(), src[2]); + + std::vector<uint8_t> dst; + dst.reserve(src.size() - 1); + dst.push_back(PGP_PTAG_ALWAYS_SET | (PGP_PKT_PUBLIC_KEY << PGP_PTAG_OF_CONTENT_TAG_SHIFT) | + PGP_PTAG_OLD_LEN_1); + dst.push_back(src[2]); dst.insert(dst.end(), src.begin() + 3, src.end()); return dst; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rnp-v0.18.0/version.txt new/rnp-v0.18.1/version.txt --- old/rnp-v0.18.0/version.txt 2025-06-02 14:01:34.000000000 +0200 +++ new/rnp-v0.18.1/version.txt 2025-11-21 14:21:08.000000000 +0100 @@ -1 +1 @@ -0.18.0 +0.18.1 ++++++ rnp.keyring ++++++ --- /var/tmp/diff_new_pack.vGhoRN/_old 2025-11-24 14:13:47.592891008 +0100 +++ /var/tmp/diff_new_pack.vGhoRN/_new 2025-11-24 14:13:47.604891513 +0100 @@ -6,12 +6,12 @@ gAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAkkAzgrvtUF42MAQDXfgjYWWqR PkCvVhDQEjJVETNmwSgfhG/q3pMmGSlJFQD/ZJI9KhowbzGU0/qDXDERPoR2FYB5 xx4BwotTOwketw64MwRjGxr6FgkrBgEEAdpHDwEBB0B5WpvGuJLXoMdAAIyNfOjd -Z7ittaBksxh/mfCPKcXrPoj1BBgWCAAmFiEEMa9aJNhh78t8t5oZJJAM4K77VBcF -AmMbGvoCGwIFCQPCZwAAgQkQJJAM4K77VBd2IAQZFggAHRYhBFDaWdW5E0+i2x6y -DPuCmrXQ/gF/BQJjGxr6AAoJEPuCmrXQ/gF/Zi4A/RwEZ17ZrXyn0kiY/DP6BSIt -p/6Sk9hG7KpkRqC3aaWsAQD2P6eZV6pWbhQp1C/kQYtgBbLOMUqmAg+5fMduhmaw -BDfrAP9PXS/3/h4R2UWvQ8yDv4BXztrnf61rX6re4iGpfixBZAD9FalZDJmCrdQm -toOkvaIWylfh5HgTM3lxXcO3Dz6W6QQ= -=Towq +Z7ittaBksxh/mfCPKcXrPoj1BBgWCAAmAhsCFiEEMa9aJNhh78t8t5oZJJAM4K77 +VBcFAmg90F0FCQcD6OMAgXYgBBkWCAAdFiEEUNpZ1bkTT6LbHrIM+4KatdD+AX8F +AmMbGvoACgkQ+4KatdD+AX9mLgD9HARnXtmtfKfSSJj8M/oFIi2n/pKT2EbsqmRG +oLdppawBAPY/p5lXqlZuFCnUL+RBi2AFss4xSqYCD7l8x26GZrAECRAkkAzgrvtU +F3UaAP4ibyzghsJdIpg5XHwa/4azW29Lzjnjl8KcSyeG98g6EwD/UhyV15eM8Drj +P6KdjUPYFEJFxgEEhCH5HvA8/RkbWw8= +=/0Ub -----END PGP PUBLIC KEY BLOCK-----
