Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2018-04-07 20:47:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Sat Apr 7 20:47:23 2018 rev:125 rq:593728 version:2.2.5 Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2018-02-28 19:54:38.277536341 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2018-04-07 20:47:32.599050510 +0200 @@ -1,0 +2,7 @@ +Thu Apr 5 08:38:58 UTC 2018 - [email protected] + +- Added gnupg-CVE-2018-9234.patch: Enforce that key certification + can only be done with the master key, and not a signing subkey. + (bnc#1088255 CVE-2018-9234) + +------------------------------------------------------------------- New: ---- gnupg-CVE-2018-9234.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.jHYOmD/_old 2018-04-07 20:47:33.715010121 +0200 +++ /var/tmp/diff_new_pack.jHYOmD/_new 2018-04-07 20:47:33.719009976 +0200 @@ -34,6 +34,7 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-CVE-2018-9234.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -85,6 +86,7 @@ %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) ++++++ gnupg-CVE-2018-9234.patch ++++++ From: Karol Babioch <[email protected]> Date: Thu Apr 5 10:32:21 CEST 2018 Upstream: merged References: https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657 References: https://dev.gnupg.org/T3844 Subject: Fix for bnc#1088255 (CVE-2018-9234) --- g10/getkey.c | 2 ++ 1 file changed, 2 insertions(+) Index: gnupg-2.2.5/g10/getkey.c =================================================================== --- gnupg-2.2.5.orig/g10/getkey.c +++ gnupg-2.2.5/g10/getkey.c @@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_pu ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16 : KEYDB_SEARCH_MODE_FPR20; memcpy (ctx.items[0].u.fpr, fprint, fprint_len); + if (pk) + ctx.req_usage = pk->req_usage; rc = lookup (ctrl, &ctx, 0, &kb, &found_key); if (!rc && pk) pk_from_block (pk, kb, found_key);
