Skip to content

Instantly share code, notes, and snippets.

@drakedevel
Created July 25, 2019 18:55
Show Gist options
  • Save drakedevel/9638d679cf15182110a102b1725e3621 to your computer and use it in GitHub Desktop.
Save drakedevel/9638d679cf15182110a102b1725e3621 to your computer and use it in GitHub Desktop.
Diff between gnupg2-2.0.22-5.el7_5.src.rpm and gnupg2-2.0.22-5.amzn2.0.3.src.rpm
Only in amzn2/rpmbuild/SOURCES: gnupg-2.0-Fix-CVE-2014-4617.patch
diff -ru centos/rpmbuild/SPECS/gnupg2.spec amzn2/rpmbuild/SPECS/gnupg2.spec
--- centos/rpmbuild/SPECS/gnupg2.spec 2018-07-13 05:57:37.000000000 -0700
+++ amzn2/rpmbuild/SPECS/gnupg2.spec 2019-04-29 11:20:48.000000000 -0700
@@ -1,7 +1,10 @@
+%define _trivial .0
+%define _buildid .3
+
Summary: Utility for secure communication and data storage
Name: gnupg2
Version: 2.0.22
-Release: 5%{?dist}
+Release: 5%{?dist}%{?_trivial}%{?_buildid}
License: GPLv3+
Group: Applications/System
@@ -17,6 +20,9 @@
Patch7: gnupg-2.0.22-rsa-es.patch
Patch8: gnupg-2.0.22-cve-2018-12020.patch
+# Amazon Patches
+Patch1000: gnupg-2.0-Fix-CVE-2014-4617.patch
+
URL: http://www.gnupg.org/
#BuildRequires: automake libtool texinfo transfig
@@ -83,6 +89,9 @@
%patch7 -p1 -b .rsa-es
%patch8 -p1 -b .sanitize-filename
+# Amazon patches
+%patch1000 -p1
+
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon,
# it can use other implementations too (including non-pcsc ones).
@@ -197,6 +206,9 @@
%changelog
+* Thu Apr 24 2019 Andrew Egelhofer <egelhofe@amazon.com> - 2.0.22-5.amzn2.0.3
+- Fix CVE-2014-4617
+
* Thu Jun 21 2018 Tomáš Mráz <tmraz@redhat.com> - 2.0.22-5
- fix CVE-2018-12020 - missing sanitization of original filename
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment