Skip to content
Snippets Groups Projects
Verified Commit 1c0a19ab authored by J0WI's avatar J0WI Committed by alice
Browse files

main/gnupg: patch CVE-2022-34903

parent 19470e4b
No related branches found
No related tags found
No related merge requests found
......@@ -3,7 +3,7 @@
pkgname=gnupg
pkgver=2.2.31
_ver=${pkgver/_beta/-beta}
pkgrel=0
pkgrel=1
pkgdesc="GNU Privacy Guard 2 - a PGP replacement tool"
url="https://www.gnupg.org/"
arch="all"
......@@ -14,6 +14,7 @@ makedepends="gnutls-dev libksba-dev libgcrypt-dev libgpg-error-dev
sqlite-dev libusb-dev"
subpackages="$pkgname-doc $pkgname-scdaemon"
source="https://gnupg.org/ftp/gcrypt/gnupg/gnupg-$_ver.tar.bz2
CVE-2022-34903.patch
0001-Include-sys-select.h-for-FD_SETSIZE.patch
fix-i18n.patch
60-scdaemon.rules
......@@ -21,6 +22,8 @@ source="https://gnupg.org/ftp/gcrypt/gnupg/gnupg-$_ver.tar.bz2
install="$pkgname-scdaemon.pre-install"
# secfixes:
# 2.2.31-r1:
# - CVE-2022-34903
# 2.2.23-r0:
# - CVE-2020-25125
# 2.2.18-r0:
......@@ -76,6 +79,7 @@ scdaemon() {
sha512sums="
2f6fa200e08d6b8993b482e5825bea6083afc8686c4e1ae80386b36ae49e1c2d73066c508edaa359a7794cb26ba7a00f81555a906fa422d1117e41415cfa2fea gnupg-2.2.31.tar.bz2
658d5ff636f9b45de7501895c299146633c30bc249f94664573ecf847779ea27be853244ceb2cc0e95c0c56253bbb6ccff509027b23f20f003aa018235211a4d CVE-2022-34903.patch
c6cc4595081c5b025913fa3ebecf0dff87a84f3c669e3fef106e4fa040f1d4314ee52dd4c0e0002b213034fb0810221cfdd0033eae5349b6e3978f05d08bcac7 0001-Include-sys-select.h-for-FD_SETSIZE.patch
b19a44dacf061dd02b439ab8bd820e3c721aab77168f705f5ce65661f26527b03ea88eec16d78486a633c474120589ec8736692ebff57ab9b95f52f57190ba6b fix-i18n.patch
4bfb9742279c2d1c872d63cd4bcb01f6a2a13d94618eff954d3a37451fa870a9bb29687330854ee47e8876d6e60dc81cb2569c3931beaefacda33db23c464402 60-scdaemon.rules
......
g10: Fix garbled status messages in NOTATION_DATA
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
--
Depending on the escaping and line wrapping the computed remaining
buffer length could be wrong. Fixed by always using a break to
terminate the escape detection loop. Might have happened for all
status lines which may wrap.
GnuPG-bug-id: T6027
diff --git a/g10/cpr.c b/g10/cpr.c
index d502e8b52..bc4b715ed 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -328,20 +328,15 @@ write_status_text_and_buffer (int no, const char *string,
}
first = 0;
}
- for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
+ for (esc=0, s=buffer, n=len; n; s++, n--)
{
if (*s == '%' || *(const byte*)s <= lower_limit
|| *(const byte*)s == 127 )
esc = 1;
if (wrap && ++count > wrap)
- {
- dowrap=1;
- break;
- }
- }
- if (esc)
- {
- s--; n++;
+ dowrap=1;
+ if (esc || dowrap)
+ break;
}
if (s != buffer)
es_fwrite (buffer, s-buffer, 1, statusfp);
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment