about summary refs log tree commit diff
path: root/pkgs/tools/security/gnupg
diff options
context:
space:
mode:
authorStig Palmquist <git@stig.io>2022-07-28 01:53:11 +0200
committerStig Palmquist <git@stig.io>2022-07-28 01:53:11 +0200
commitbf817382e7364435fc460e43d2fb14c6d93b1b77 (patch)
treeb843c677f815eaaa36f541b05b31ce87f12aab4a /pkgs/tools/security/gnupg
parent64ddb6ad6ba2b3462f29adcde9f32a6916fc2948 (diff)
gnupg: 2.3.6 -> 2.3.7
- Release announcement: https://dev.gnupg.org/T5947
- Removed CVE-2022-34903 patch which is included in 2.3.7
Diffstat (limited to 'pkgs/tools/security/gnupg')
-rw-r--r--pkgs/tools/security/gnupg/23.nix7
-rw-r--r--pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch45
2 files changed, 2 insertions, 50 deletions
diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/23.nix
index 13364f5498a8e..b25cf9e28c168 100644
--- a/pkgs/tools/security/gnupg/23.nix
+++ b/pkgs/tools/security/gnupg/23.nix
@@ -15,11 +15,11 @@ assert guiSupport -> pinentry != null && enableMinimal == false;
 
 stdenv.mkDerivation rec {
   pname = "gnupg";
-  version = "2.3.6";
+  version = "2.3.7";
 
   src = fetchurl {
     url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2";
-    sha256 = "sha256-Iff+L8XC8hQYSrBQl37HqOME5Yv64qsJj+xp+Pq9qcE=";
+    sha256 = "sha256-7hY6X7nsmf/BsY5l+u+NCGgAxXE9FaZyq1fTeZ2oNmk=";
   };
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];
@@ -35,9 +35,6 @@ stdenv.mkDerivation rec {
     ./allow-import-of-previously-known-keys-even-without-UI.patch
     ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
 
-    # Patch from upstream 34c649b36013, https://dev.gnupg.org/T6027
-    ./CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch
-
     # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27
     ./v3-0001-Disallow-compressed-signatures-and-certificates.patch
   ];
diff --git a/pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch b/pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch
deleted file mode 100644
index 4383475a1c83d..0000000000000
--- a/pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-commit 34c649b3601383cd11dbc76221747ec16fd68e1b
-Author: Werner Koch <wk@gnupg.org>
-Date:   2022-06-14 11:33:27 +0200
-
-    g10: Fix garbled status messages in NOTATION_DATA
-    
-    * g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
-    --
-    
-    Depending on the escaping and line wrapping the computed remaining
-    buffer length could be wrong.  Fixed by always using a break to
-    terminate the escape detection loop.  Might have happened for all
-    status lines which may wrap.
-    
-    GnuPG-bug-id: T6027
-
-diff --git a/g10/cpr.c b/g10/cpr.c
-index 9bfdd3c34..fa8005d6f 100644
---- a/g10/cpr.c
-+++ b/g10/cpr.c
-@@ -372,20 +372,15 @@ write_status_text_and_buffer (int no, const char *string,
-             }
-           first = 0;
-         }
--      for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
-+      for (esc=0, s=buffer, n=len; n; s++, n--)
-         {
-           if (*s == '%' || *(const byte*)s <= lower_limit
-               || *(const byte*)s == 127 )
-             esc = 1;
-           if (wrap && ++count > wrap)
--            {
--              dowrap=1;
--              break;
--            }
--        }
--      if (esc)
--        {
--          s--; n++;
-+            dowrap=1;
-+          if (esc || dowrap)
-+            break;
-         }
-       if (s != buffer)
-         es_fwrite (buffer, s-buffer, 1, statusfp);