Created
July 25, 2019 18:55
-
-
Save drakedevel/9638d679cf15182110a102b1725e3621 to your computer and use it in GitHub Desktop.
Diff between gnupg2-2.0.22-5.el7_5.src.rpm and gnupg2-2.0.22-5.amzn2.0.3.src.rpm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Only in amzn2/rpmbuild/SOURCES: gnupg-2.0-Fix-CVE-2014-4617.patch | |
diff -ru centos/rpmbuild/SPECS/gnupg2.spec amzn2/rpmbuild/SPECS/gnupg2.spec | |
--- centos/rpmbuild/SPECS/gnupg2.spec 2018-07-13 05:57:37.000000000 -0700 | |
+++ amzn2/rpmbuild/SPECS/gnupg2.spec 2019-04-29 11:20:48.000000000 -0700 | |
@@ -1,7 +1,10 @@ | |
+%define _trivial .0 | |
+%define _buildid .3 | |
+ | |
Summary: Utility for secure communication and data storage | |
Name: gnupg2 | |
Version: 2.0.22 | |
-Release: 5%{?dist} | |
+Release: 5%{?dist}%{?_trivial}%{?_buildid} | |
License: GPLv3+ | |
Group: Applications/System | |
@@ -17,6 +20,9 @@ | |
Patch7: gnupg-2.0.22-rsa-es.patch | |
Patch8: gnupg-2.0.22-cve-2018-12020.patch | |
+# Amazon Patches | |
+Patch1000: gnupg-2.0-Fix-CVE-2014-4617.patch | |
+ | |
URL: http://www.gnupg.org/ | |
#BuildRequires: automake libtool texinfo transfig | |
@@ -83,6 +89,9 @@ | |
%patch7 -p1 -b .rsa-es | |
%patch8 -p1 -b .sanitize-filename | |
+# Amazon patches | |
+%patch1000 -p1 | |
+ | |
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) | |
# Note: this is just the name of the default shared lib to load in scdaemon, | |
# it can use other implementations too (including non-pcsc ones). | |
@@ -197,6 +206,9 @@ | |
%changelog | |
+* Thu Apr 24 2019 Andrew Egelhofer <egelhofe@amazon.com> - 2.0.22-5.amzn2.0.3 | |
+- Fix CVE-2014-4617 | |
+ | |
* Thu Jun 21 2018 Tomáš Mráz <tmraz@redhat.com> - 2.0.22-5 | |
- fix CVE-2018-12020 - missing sanitization of original filename | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment