diff options
| author | Matt Sicker | 2013-10-05 13:14:05 -0500 |
|---|---|---|
| committer | Jack Nagel | 2013-10-06 17:59:31 -0500 |
| commit | 2dd53c71afb3d05d0d7a15d93245e55f179d26bc (patch) | |
| tree | c63d72f0fdc638ecf9ec4b10641ffaba6fd6a48e /Library | |
| parent | b52488a00eace9ffcb02b32de6300c323a2af108 (diff) | |
| download | homebrew-2dd53c71afb3d05d0d7a15d93245e55f179d26bc.tar.bz2 | |
gnupg2: 2.0.22
What's New in 2.0.22
====================
* Fixed possible infinite recursion in the compressed packet
parser. [CVE-2013-4402]
* Improved support for some card readers.
* Prepared building with the forthcoming Libgcrypt 1.6.
* Protect against rogue keyservers sending secret keys.
Impact of the security problem
==============================
Special crafted input data may be used to cause a denial of service
against GPG (GnuPG's OpenPGP part) and some other OpenPGP
implementations. All systems using GPG to process incoming data are
affected.
Taylor R. Campbell invented a neat trick to generate OpenPGP packages
to force GPG to recursively parse certain parts of OpenPGP messages ad
infinitum. As a workaround a tight "ulimit -v" setting may be used to
mitigate the problem. Sample input data to trigger this problem has
not yet been seen in the wild. Details of the attack will eventually
be published by its inventor.
A fixed release of the GnuPG 1.4 series has also been released.
An updated vesion of gpg4win will be released next week.
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
Diffstat (limited to 'Library')
| -rw-r--r-- | Library/Formula/gnupg2.rb | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/Library/Formula/gnupg2.rb b/Library/Formula/gnupg2.rb index e02de19a3..37c7cc187 100644 --- a/Library/Formula/gnupg2.rb +++ b/Library/Formula/gnupg2.rb @@ -2,8 +2,8 @@ require 'formula' class Gnupg2 < Formula homepage 'http://www.gnupg.org/' - url 'ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.21.tar.bz2' - sha1 '5ba8cce72eb4fd1a3ac1a282d25d7c7b90d3bf26' + url 'ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.22.tar.bz2' + sha1 '9ba9ee288e9bf813e0f1e25cbe06b58d3072d8b8' option '8192', 'Build with support for private keys of up to 8192 bits' @@ -60,10 +60,10 @@ end __END__ diff --git a/common/homedir.c b/common/homedir.c -index 5adf46a..d0c5dec 100644 +index 4b03cfe..c84f26f 100644 --- a/common/homedir.c +++ b/common/homedir.c -@@ -368,7 +368,7 @@ dirmngr_socket_name (void) +@@ -472,7 +472,7 @@ dirmngr_socket_name (void) } return name; #else /*!HAVE_W32_SYSTEM*/ @@ -72,9 +72,8 @@ index 5adf46a..d0c5dec 100644 #endif /*!HAVE_W32_SYSTEM*/ } - diff --git a/configure b/configure -index 616d165..ae3126e 100755 +index e5479af..a17a54d 100755 --- a/configure +++ b/configure @@ -578,8 +578,8 @@ MFLAGS= @@ -85,15 +84,14 @@ index 616d165..ae3126e 100755 -PACKAGE_TARNAME='gnupg' +PACKAGE_NAME='gnupg2' +PACKAGE_TARNAME='gnupg2' - PACKAGE_VERSION='2.0.21' - PACKAGE_STRING='gnupg 2.0.21' + PACKAGE_VERSION='2.0.22' + PACKAGE_STRING='gnupg 2.0.22' PACKAGE_BUGREPORT='http://bugs.gnupg.org' - diff --git a/tests/openpgp/Makefile.in b/tests/openpgp/Makefile.in -index 1a617e7..1af2d4b 100644 +index c9ceb2d..7044900 100644 --- a/tests/openpgp/Makefile.in +++ b/tests/openpgp/Makefile.in -@@ -286,11 +286,11 @@ GPG_IMPORT = ../../g10/gpg2 --homedir . \ +@@ -312,11 +312,11 @@ GPG_IMPORT = ../../g10/gpg2 --homedir . \ # Programs required before we can run these tests. |