diff --git a/backport-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-k.patch b/backport-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-k.patch new file mode 100644 index 0000000000000000000000000000000000000000..966fc9009b4f8cc9022f2a9e0e1c820f17ec053c --- /dev/null +++ b/backport-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-k.patch @@ -0,0 +1,46 @@ +From ddb012be7fe2ab0eb713b33c50c22ac8f194fa6c Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Wed, 22 Oct 2025 11:19:55 +0200 +Subject: [PATCH] gpg: Avoid potential downgrade to SHA1 in 3rd party key + signatures. + +* g10/sig-check.c (check_signature_over_key_or_uid): Always initialize +IS_SELFSIG because it is later used to detect SHA1 non-selfsignatures. +-- + +The value of is_selfsig was also used to decide whether to reject a a +SHA_signature if it is not a self-signature. However, a code path +exists where is_selfsig was set to stub_is_selfsig and not initilaized +in this case. + +Fixes-commit: c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4 +Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a +--- + g10/sig-check.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/g10/sig-check.c b/g10/sig-check.c +index ed83c23f9..17de90184 100644 +--- a/g10/sig-check.c ++++ b/g10/sig-check.c +@@ -890,7 +890,7 @@ check_key_signature (ctrl_t ctrl, kbnode_t root, kbnode_t node, + * be found. Returns GPG_ERR_BAD_SIGNATURE if the signature is bad. + * Other errors codes may be returned if something else goes wrong. + * +- * IF IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a ++ * If IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a + * self-signature (by the key's primary key) or 0 if not. + * + * If RET_PK is not NULL, returns a copy of the public key that +@@ -910,6 +910,8 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, + if (!is_selfsig) + is_selfsig = &stub_is_selfsig; + ++ *is_selfsig = 0; /* Init early to comply with function description. */ ++ + rc = openpgp_pk_test_algo (sig->pubkey_algo); + if (rc) + return rc; +-- +2.43.0 + diff --git a/gnupg2.spec b/gnupg2.spec index 8f5415464e963ce207735708e23852ff2dfdd1c6..a2da316aaabc8b09ed957af7d335a4621a7e8b08 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -1,6 +1,6 @@ Name: gnupg2 Version: 2.4.8 -Release: 2 +Release: 3 Summary: Utility for secure communication and data storage License: CC0-1.0 AND GPL-2.0-or-later AND GPL-3.0-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later AND (BSD-3-Clause OR LGPL-3.0-or-later OR GPL-2.0-or-later) AND CC-BY-4.0 AND MIT @@ -21,6 +21,7 @@ Patch9: gnupg2-revert-rfc4880bis.patch Patch10: gnupg-2.4.5-do-install-expired-ca.patch Patch13: supports-sm2-algorithm-signature-and-uses-sm3-hash-algorithm.patch Patch14: backport-common-Fix-read-buffer-over-read-in-uncompress_ecc_q.patch +Patch15: backport-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-k.patch BuildRequires: gcc BuildRequires: autoconf automake @@ -126,6 +127,9 @@ rm -f %{buildroot}%{_infodir}/dir %changelog +* Thu Oct 23 2025 yixiangzhike - 2.4.8-3 +- avoid potential downgrade to SHA1 in 3rd party key signatures + * Thu Aug 21 2025 yixiangzhike - 2.4.8-2 - fix read buffer over-read in uncompress_ecc_q_in_canon_sexp