Hello community, here is the log from the commit of package gpg2 checked in at Fri Dec 1 10:57:56 CET 2006. -------- --- gpg2/gpg2.changes 2006-09-12 14:37:54.000000000 +0200 +++ /mounts/work_src_done/STABLE/STABLE/gpg2/gpg2.changes 2006-11-30 16:59:58.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Nov 30 16:59:25 CET 2006 - anicka@suse.cz + +- fix overflow in openfile.c (CVE-2006-6169, #224108) + +------------------------------------------------------------------- New: ---- gpg2-1.9.22-CVE-2006-6169.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.bWdVuA/_old 2006-12-01 10:57:48.000000000 +0100 +++ /var/tmp/diff_new_pack.bWdVuA/_new 2006-12-01 10:57:48.000000000 +0100 @@ -13,7 +13,7 @@ Name: gpg2 BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite URL: http://www.gnupg.org/aegypten2/ -License: GPL +License: GNU General Public License (GPL) Group: Productivity/Networking/Security PreReq: %install_info_prereq Autoreqprov: on @@ -22,7 +22,7 @@ Obsoletes: newpg Summary: GnuPG 2 Version: 1.9.22 -Release: 1 +Release: 20 %define pthversion 2.0.7 Source: gnupg-%{version}.tar.bz2 Source1: pth-%{pthversion}.tar.bz2 @@ -31,6 +31,7 @@ Patch4: gnupg-1.9.22-warnings-fix.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff Patch6: gnupg-1.9.18-tmpdir.diff +Patch7: %{name}-%{version}-CVE-2006-6169.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -52,8 +53,7 @@ %patch4 %patch5 %patch6 -#%patch7 -#%patch8 +%patch7 %build export CFLAGS="$RPM_OPT_FLAGS" @@ -113,6 +113,8 @@ /usr/share/gnupg %changelog -n gpg2 +* Thu Nov 30 2006 - anicka@suse.cz +- fix overflow in openfile.c (CVE-2006-6169, #224108) * Mon Sep 11 2006 - pnemec@suse.cz - updated gnupg to new version 1.9.22 Enhanced pkcs#12 support ++++++ gpg2-1.9.22-CVE-2006-6169.diff ++++++ --- g10/openfile.c +++ g10/openfile.c @@ -144,8 +144,8 @@ s = _("Enter new filename"); - n = strlen(s) + namelen + 10; defname = name && namelen? make_printable_string( name, namelen, 0): NULL; + n = strlen(s) + (defname?strlen (defname):0) + 10; prompt = xmalloc(n); if( defname ) sprintf(prompt, "%s [%s]: ", s, defname ); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org