Browse code
gnupg: Fix CVE-2018-12020
Change-Id: I758c9f56f3364925c52b0d83c6eb127ee4f0cd22
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6629
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
ashwin-h authored on 2019/02/01 02:10:50Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,38 @@ |
| 0 |
+From 2326851c60793653069494379b16d84e4c10a0ac Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Werner Koch <wk@gnupg.org> |
|
| 2 |
+Date: Fri, 8 Jun 2018 10:45:21 +0200 |
|
| 3 |
+Subject: [PATCH] gpg: Sanitize diagnostic with the original file name. |
|
| 4 |
+ |
|
| 5 |
+* g10/mainproc.c (proc_plaintext): Sanitize verbose output. |
|
| 6 |
+-- |
|
| 7 |
+ |
|
| 8 |
+This fixes a forgotten sanitation of user supplied data in a verbose |
|
| 9 |
+mode diagnostic. The mention CVE is about using this to inject |
|
| 10 |
+status-fd lines into the stderr output. Other harm good as well be |
|
| 11 |
+done. Note that GPGME based applications are not affected because |
|
| 12 |
+GPGME does not fold status output into stderr. |
|
| 13 |
+ |
|
| 14 |
+CVE-id: CVE-2018-12020 |
|
| 15 |
+GnuPG-bug-id: 4012 |
|
| 16 |
+(cherry picked from commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b) |
|
| 17 |
+--- |
|
| 18 |
+ g10/mainproc.c | 6 +++++- |
|
| 19 |
+ 1 file changed, 5 insertions(+), 1 deletion(-) |
|
| 20 |
+ |
|
| 21 |
+diff --git a/g10/mainproc.c b/g10/mainproc.c |
|
| 22 |
+index 33a654b34..ffa7ef6d8 100644 |
|
| 23 |
+--- a/g10/mainproc.c |
|
| 24 |
+@@ -675,7 +675,11 @@ |
|
| 25 |
+ if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8)) |
|
| 26 |
+ log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
|
|
| 27 |
+ else if (opt.verbose) |
|
| 28 |
+- log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
|
|
| 29 |
++ {
|
|
| 30 |
++ char *tmp = make_printable_string (pt->name, pt->namelen, 0); |
|
| 31 |
++ log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp);
|
|
| 32 |
++ xfree (tmp); |
|
| 33 |
++ } |
|
| 34 |
+ |
|
| 35 |
+ free_md_filter_context (&c->mfx); |
|
| 36 |
+ if (gcry_md_open (&c->mfx.md, 0, 0)) |
| ... | ... |
@@ -1,11 +1,12 @@ |
| 1 | 1 |
Summary: OpenPGP standard implementation used for encrypted communication and data storage. |
| 2 | 2 |
Name: gnupg |
| 3 | 3 |
Version: 2.1.20 |
| 4 |
-Release: 1%{?dist}
|
|
| 4 |
+Release: 2%{?dist}
|
|
| 5 | 5 |
License: GPLv3+ |
| 6 | 6 |
URL: https://gnupg.org/index.html |
| 7 | 7 |
Group: Applications/Cryptography. |
| 8 | 8 |
Source0: https://gnupg.org/ftp/gcrypt/gnupg/%{name}-%{version}.tar.bz2
|
| 9 |
+Patch0: CVE-2018-12020.patch |
|
| 9 | 10 |
%define sha1 gnupg=500ddae8e4225ae2e300934090f9b9a427b8def1 |
| 10 | 11 |
Vendor: VMware, Inc. |
| 11 | 12 |
Distribution: Photon |
| ... | ... |
@@ -35,6 +36,7 @@ a command line tool with features for easy integration with other applications. |
| 35 | 35 |
|
| 36 | 36 |
%prep |
| 37 | 37 |
%setup -q -n %{name}-%{version}
|
| 38 |
+%patch0 -p1 |
|
| 38 | 39 |
|
| 39 | 40 |
%build |
| 40 | 41 |
./configure --prefix=%{_prefix} \
|
| ... | ... |
@@ -57,6 +59,8 @@ make DESTDIR=%{buildroot} install
|
| 57 | 57 |
%exclude %{_infodir}/dir
|
| 58 | 58 |
%exclude /usr/share/doc/* |
| 59 | 59 |
%changelog |
| 60 |
+* Fri Feb 01 2019 Ashwin H <ashwinh@vmware.com> 2.1.20-2 |
|
| 61 |
+- Fix CVE-2018-12020 |
|
| 60 | 62 |
* Mon Jul 31 2017 Kumar Kaushik <kaushikk@vmware.com> 2.1.20-1 |
| 61 | 63 |
- Updating version, fixing issue # 1907079 |
| 62 | 64 |
* Wed Jul 27 2016 Kumar Kaushik <kaushikk@vmware.com> 2.0.30-1 |