Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-04-07 20:47:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and      /work/SRC/openSUSE:Factory/.gpg2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "gpg2"

Sat Apr  7 20:47:23 2018 rev:125 rq:593728 version:2.2.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes        2018-02-28 
19:54:38.277536341 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-04-07 
20:47:32.599050510 +0200
@@ -1,0 +2,7 @@
+Thu Apr  5 08:38:58 UTC 2018 - kbabi...@suse.com
+
+- Added gnupg-CVE-2018-9234.patch: Enforce that key certification
+  can only be done with the master key, and not a signing subkey.
+  (bnc#1088255 CVE-2018-9234) 
+
+-------------------------------------------------------------------

New:
----
  gnupg-CVE-2018-9234.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gpg2.spec ++++++
--- /var/tmp/diff_new_pack.jHYOmD/_old  2018-04-07 20:47:33.715010121 +0200
+++ /var/tmp/diff_new_pack.jHYOmD/_new  2018-04-07 20:47:33.719009976 +0200
@@ -34,6 +34,7 @@
 Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:        gnupg-CVE-2018-9234.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -85,6 +86,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})


++++++ gnupg-CVE-2018-9234.patch ++++++
From: Karol Babioch <kbabi...@suse.de>
Date: Thu Apr  5 10:32:21 CEST 2018
Upstream: merged
References: https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657
References: https://dev.gnupg.org/T3844
Subject: Fix for bnc#1088255 (CVE-2018-9234)
---
 g10/getkey.c |    2 ++
 1 file changed, 2 insertions(+)

Index: gnupg-2.2.5/g10/getkey.c
===================================================================
--- gnupg-2.2.5.orig/g10/getkey.c
+++ gnupg-2.2.5/g10/getkey.c
@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_pu
       ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
        : KEYDB_SEARCH_MODE_FPR20;
       memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
+      if (pk)
+        ctx.req_usage = pk->req_usage;
       rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
       if (!rc && pk)
        pk_from_block (pk, kb, found_key);


Reply via email to