diff options
author | Stig Palmquist <git@stig.io> | 2022-07-28 01:53:11 +0200 |
---|---|---|
committer | Stig Palmquist <git@stig.io> | 2022-07-28 01:53:11 +0200 |
commit | bf817382e7364435fc460e43d2fb14c6d93b1b77 (patch) | |
tree | b843c677f815eaaa36f541b05b31ce87f12aab4a /pkgs/tools/security/gnupg | |
parent | 64ddb6ad6ba2b3462f29adcde9f32a6916fc2948 (diff) |
gnupg: 2.3.6 -> 2.3.7
- Release announcement: https://dev.gnupg.org/T5947 - Removed CVE-2022-34903 patch which is included in 2.3.7
Diffstat (limited to 'pkgs/tools/security/gnupg')
-rw-r--r-- | pkgs/tools/security/gnupg/23.nix | 7 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch | 45 |
2 files changed, 2 insertions, 50 deletions
diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/23.nix index 13364f5498a8e..b25cf9e28c168 100644 --- a/pkgs/tools/security/gnupg/23.nix +++ b/pkgs/tools/security/gnupg/23.nix @@ -15,11 +15,11 @@ assert guiSupport -> pinentry != null && enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.3.6"; + version = "2.3.7"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "sha256-Iff+L8XC8hQYSrBQl37HqOME5Yv64qsJj+xp+Pq9qcE="; + sha256 = "sha256-7hY6X7nsmf/BsY5l+u+NCGgAxXE9FaZyq1fTeZ2oNmk="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -35,9 +35,6 @@ stdenv.mkDerivation rec { ./allow-import-of-previously-known-keys-even-without-UI.patch ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch - # Patch from upstream 34c649b36013, https://dev.gnupg.org/T6027 - ./CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch - # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27 ./v3-0001-Disallow-compressed-signatures-and-certificates.patch ]; diff --git a/pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch b/pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch deleted file mode 100644 index 4383475a1c83d..0000000000000 --- a/pkgs/tools/security/gnupg/CVE-2022-34903-g10-fix-garbled-status-messages-in-NOTATION_DATA.patch +++ /dev/null @@ -1,45 +0,0 @@ -commit 34c649b3601383cd11dbc76221747ec16fd68e1b -Author: Werner Koch <wk@gnupg.org> -Date: 2022-06-14 11:33:27 +0200 - - g10: Fix garbled status messages in NOTATION_DATA - - * g10/cpr.c (write_status_text_and_buffer): Fix off-by-one - -- - - Depending on the escaping and line wrapping the computed remaining - buffer length could be wrong. Fixed by always using a break to - terminate the escape detection loop. Might have happened for all - status lines which may wrap. - - GnuPG-bug-id: T6027 - -diff --git a/g10/cpr.c b/g10/cpr.c -index 9bfdd3c34..fa8005d6f 100644 ---- a/g10/cpr.c -+++ b/g10/cpr.c -@@ -372,20 +372,15 @@ write_status_text_and_buffer (int no, const char *string, - } - first = 0; - } -- for (esc=0, s=buffer, n=len; n && !esc; s++, n--) -+ for (esc=0, s=buffer, n=len; n; s++, n--) - { - if (*s == '%' || *(const byte*)s <= lower_limit - || *(const byte*)s == 127 ) - esc = 1; - if (wrap && ++count > wrap) -- { -- dowrap=1; -- break; -- } -- } -- if (esc) -- { -- s--; n++; -+ dowrap=1; -+ if (esc || dowrap) -+ break; - } - if (s != buffer) - es_fwrite (buffer, s-buffer, 1, statusfp); |