packages: gnupg2/gnupg2.spec, gnupg2/CVE-2010-2547.patch (NEW) - patch fixe...

zbyniu zbyniu at pld-linux.org
Sun Aug 15 00:25:29 CEST 2010


Author: zbyniu                       Date: Sat Aug 14 22:25:28 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- patch fixes CVE-2010-2547 ; rel 1.1

---- Files affected:
packages/gnupg2:
   gnupg2.spec (1.102 -> 1.103) , CVE-2010-2547.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/gnupg2/gnupg2.spec
diff -u packages/gnupg2/gnupg2.spec:1.102 packages/gnupg2/gnupg2.spec:1.103
--- packages/gnupg2/gnupg2.spec:1.102	Tue Aug 10 09:20:29 2010
+++ packages/gnupg2/gnupg2.spec	Sun Aug 15 00:25:19 2010
@@ -8,7 +8,7 @@
 Summary(pl.UTF-8):	GnuPG - narzędzie do bezpiecznej komunikacji i bezpiecznego przechowywania danych - wersja rozszerzona
 Name:		gnupg2
 Version:	2.0.16
-Release:	1
+Release:	1.1
 License:	GPL v3+
 Group:		Applications/File
 Source0:	ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
@@ -19,6 +19,7 @@
 # send it upstream after updating!
 Patch2:		%{name}-pl.po-update.patch
 Patch3:		%{name}-disable_tests.patch
+Patch4:		CVE-2010-2547.patch
 URL:		http://www.gnupg.org/
 BuildRequires:	adns-devel
 BuildRequires:	autoconf >= 2.61
@@ -196,6 +197,7 @@
 %patch1 -p1
 %patch2 -p1
 %{!?with_tests:%patch3 -p1}
+%patch4 -p1
 
 rm -f po/stamp-po
 
@@ -333,6 +335,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.103  2010/08/14 22:25:19  zbyniu
+- patch fixes CVE-2010-2547 ; rel 1.1
+
 Revision 1.102  2010/08/10 07:20:29  qboosh
 - updated to 2.0.16
 - updated pl.po-update patch

================================================================
Index: packages/gnupg2/CVE-2010-2547.patch
diff -u /dev/null packages/gnupg2/CVE-2010-2547.patch:1.1
--- /dev/null	Sun Aug 15 00:25:29 2010
+++ packages/gnupg2/CVE-2010-2547.patch	Sun Aug 15 00:25:19 2010
@@ -0,0 +1,10 @@
+--- gnupg-2.0.16/kbx/keybox-blob.c~	2009-09-21 18:53:44.000000000 +0200
++++ gnupg-2.0.16/kbx/keybox-blob.c	2010-08-14 23:41:56.679952838 +0200
+@@ -898,6 +898,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_
+               rc = gpg_error_from_syserror ();
+               goto leave;
+             }
++	  names = tmp;
+         }
+       names[blob->nuids++] = p;
+       if (!i && (p=x509_email_kludge (p)))
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/gnupg2/gnupg2.spec?r1=1.102&r2=1.103&f=u



More information about the pld-cvs-commit mailing list