* [Dunfell][PATCH 1/7] glibc: Security fix CVE-2021-33574
@ 2021-08-20 5:27 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 2/7] glibc: Security fix for CVE-2021-38604 Armin Kuster
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Armin Kuster @ 2021-08-20 5:27 UTC (permalink / raw)
To: openembedded-core; +Cc: Armin Kuster
From: Armin Kuster <akuster@mvista.com>
Source: glibc.org
MR: 111508
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/glibc.git
ChangeID: 815edc154adc45d08d00995862409f13014f885f
Description:
This version of glibc does not have __pthread_attr_setaffinity_np so an adapted patch was taken from 2.28 (https://sourceware.org/bugzilla/attachment.cgi?id=13497) and https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
.../glibc/glibc/CVE-2021-33574_1.patch | 72 ++++++++++++++++++
.../glibc/glibc/CVE-2021-33574_2.patch | 73 +++++++++++++++++++
meta/recipes-core/glibc/glibc_2.31.bb | 2 +
3 files changed, 147 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch b/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch
new file mode 100644
index 0000000000..cef0ce54ed
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-33574_1.patch
@@ -0,0 +1,72 @@
+From 42d359350510506b87101cf77202fefcbfc790cb Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@linux-m68k.org>
+Date: Thu, 27 May 2021 12:49:47 +0200
+Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896)
+
+Make a deep copy of the pthread attribute object to remove a potential
+use-after-free issue.
+
+Upstream-Status: Backport
+CVE: CVE-2021-33574 patch#1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ NEWS | 4 ++++
+ sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++-----
+ 2 files changed, 14 insertions(+), 5 deletions(-)
+
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -7,6 +7,10 @@ using `glibc' in the "product" field.
+ \f
+ Version 2.31.1
+
++ CVE-2021-33574: The mq_notify function has a potential use-after-free
++ issue when using a notification type of SIGEV_THREAD and a thread
++ attribute with a non-default affinity mask.
++
+ The following bugs are resolved with this release:
+ [19519] iconv(1) with -c option hangs on illegal multi-byte sequences
+ (CVE-2016-10228)
+Index: git/sysdeps/unix/sysv/linux/mq_notify.c
+===================================================================
+--- git.orig/sysdeps/unix/sysv/linux/mq_notify.c
++++ git/sysdeps/unix/sysv/linux/mq_notify.c
+@@ -135,8 +135,11 @@ helper_thread (void *arg)
+ (void) __pthread_barrier_wait (¬ify_barrier);
+ }
+ else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
+- /* The only state we keep is the copy of the thread attributes. */
+- free (data.attr);
++ {
++ /* The only state we keep is the copy of the thread attributes. */
++ pthread_attr_destroy (data.attr);
++ free (data.attr);
++ }
+ }
+ return NULL;
+ }
+@@ -257,8 +260,7 @@ mq_notify (mqd_t mqdes, const struct sig
+ if (data.attr == NULL)
+ return -1;
+
+- memcpy (data.attr, notification->sigev_notify_attributes,
+- sizeof (pthread_attr_t));
++ __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
+ }
+
+ /* Construct the new request. */
+@@ -272,7 +274,10 @@ mq_notify (mqd_t mqdes, const struct sig
+
+ /* If it failed, free the allocated memory. */
+ if (__glibc_unlikely (retval != 0))
+- free (data.attr);
++ {
++ pthread_attr_destroy (data.attr);
++ free (data.attr);
++ }
+
+ return retval;
+ }
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch b/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch
new file mode 100644
index 0000000000..396cd7fc0e
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-33574_2.patch
@@ -0,0 +1,73 @@
+From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 1 Jun 2021 17:51:41 +0200
+Subject: [PATCH] Fix use of __pthread_attr_copy in mq_notify (bug 27896)
+
+__pthread_attr_copy can fail and does not initialize the attribute
+structure in that case.
+
+If __pthread_attr_copy is never called and there is no allocated
+attribute, pthread_attr_destroy should not be called, otherwise
+there is a null pointer dereference in rt/tst-mqueue6.
+
+Fixes commit 42d359350510506b87101cf77202fefcbfc790cb
+("Use __pthread_attr_copy in mq_notify (bug 27896)").
+
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+https://sourceware.org/bugzilla/attachment.cgi?id=13497
+
+Upstream-Status: Backport
+CVE: CVE-2021-33574 patch#2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+Index: git/sysdeps/unix/sysv/linux/mq_notify.c
+===================================================================
+--- git.orig/sysdeps/unix/sysv/linux/mq_notify.c
++++ git/sysdeps/unix/sysv/linux/mq_notify.c
+@@ -260,7 +260,34 @@ mq_notify (mqd_t mqdes, const struct sig
+ if (data.attr == NULL)
+ return -1;
+
+- __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
++ memcpy (data.attr, notification->sigev_notify_attributes,
++ sizeof (pthread_attr_t));
++
++ struct pthread_attr *source =
++ (struct pthread_attr *) (notification->sigev_notify_attributes);
++ struct pthread_attr *target = (struct pthread_attr *) (data.attr);
++ cpu_set_t *newp;
++ cpu_set_t *cpuset = source->cpuset;
++ size_t cpusetsize = source->cpusetsize;
++
++ /* alloc a new memory for cpuset to avoid use after free */
++ if (cpuset != NULL && cpusetsize > 0)
++ {
++ newp = (cpu_set_t *) malloc (cpusetsize);
++ if (newp == NULL)
++ {
++ free(data.attr);
++ return -1;
++ }
++
++ memcpy (newp, cpuset, cpusetsize);
++ target->cpuset = newp;
++ }
++ else
++ {
++ target->cpuset = NULL;
++ target->cpusetsize = 0;
++ }
+ }
+
+ /* Construct the new request. */
+@@ -273,7 +300,7 @@ mq_notify (mqd_t mqdes, const struct sig
+ int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se);
+
+ /* If it failed, free the allocated memory. */
+- if (__glibc_unlikely (retval != 0))
++ if (retval != 0 && data.attr != NULL)
+ {
+ pthread_attr_destroy (data.attr);
+ free (data.attr);
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index 8742efc36f..2e950dfeda 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -67,6 +67,8 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0028-inject-file-assembly-directives.patch \
file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
file://CVE-2020-29573.patch \
+ file://CVE-2021-33574_1.patch \
+ file://CVE-2021-33574_2.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Dunfell][PATCH 2/7] glibc: Security fix for CVE-2021-38604
2021-08-20 5:27 [Dunfell][PATCH 1/7] glibc: Security fix CVE-2021-33574 Armin Kuster
@ 2021-08-20 5:27 ` Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 3/7] gnupg: upgrade 2.2.20 -> 2.2.21 Armin Kuster
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-08-20 5:27 UTC (permalink / raw)
To: openembedded-core; +Cc: Armin Kuster
From: Armin Kuster <akuster@mvista.com>
Source: glibc.org
MR: 112635
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
ChangeID: 53b105da48e604f6763bb04b7114f41bfb620d2f
Description:
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
.../glibc/glibc/CVE-2021-38604.patch | 41 +++++++++++++++++++
meta/recipes-core/glibc/glibc_2.31.bb | 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-38604.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-38604.patch b/meta/recipes-core/glibc/glibc/CVE-2021-38604.patch
new file mode 100644
index 0000000000..36fd4a61b2
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-38604.patch
@@ -0,0 +1,41 @@
+From b805aebd42364fe696e417808a700fdb9800c9e8 Mon Sep 17 00:00:00 2001
+From: Nikita Popov <npv1310@gmail.com>
+Date: Mon, 9 Aug 2021 20:17:34 +0530
+Subject: [PATCH] librt: fix NULL pointer dereference (bug 28213)
+
+Helper thread frees copied attribute on NOTIFY_REMOVED message
+received from the OS kernel. Unfortunately, it fails to check whether
+copied attribute actually exists (data.attr != NULL). This worked
+earlier because free() checks passed pointer before actually
+attempting to release corresponding memory. But
+__pthread_attr_destroy assumes pointer is not NULL.
+
+So passing NULL pointer to __pthread_attr_destroy will result in
+segmentation fault. This scenario is possible if
+notification->sigev_notify_attributes == NULL (which means default
+thread attributes should be used).
+
+Signed-off-by: Nikita Popov <npv1310@gmail.com>
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+Upstream-Status: Backport
+CVE: CVE-2021-38604
+Signed-off-by: Armin Kuser <akuster@mvista.com>
+
+---
+ sysdeps/unix/sysv/linux/mq_notify.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: git/sysdeps/unix/sysv/linux/mq_notify.c
+===================================================================
+--- git.orig/sysdeps/unix/sysv/linux/mq_notify.c
++++ git/sysdeps/unix/sysv/linux/mq_notify.c
+@@ -134,7 +134,7 @@ helper_thread (void *arg)
+ to wait until it is done with it. */
+ (void) __pthread_barrier_wait (¬ify_barrier);
+ }
+- else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
++ else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED && data.attr != NULL)
+ {
+ /* The only state we keep is the copy of the thread attributes. */
+ pthread_attr_destroy (data.attr);
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index 2e950dfeda..3a3586f1b9 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -69,6 +69,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://CVE-2020-29573.patch \
file://CVE-2021-33574_1.patch \
file://CVE-2021-33574_2.patch \
+ file://CVE-2021-38604.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Dunfell][PATCH 3/7] gnupg: upgrade 2.2.20 -> 2.2.21
2021-08-20 5:27 [Dunfell][PATCH 1/7] glibc: Security fix CVE-2021-33574 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 2/7] glibc: Security fix for CVE-2021-38604 Armin Kuster
@ 2021-08-20 5:27 ` Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 4/7] gnupg: update 2.2.21 -> 2.2.22 Armin Kuster
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-08-20 5:27 UTC (permalink / raw)
To: openembedded-core; +Cc: Richard Purdie, Armin Kuster
From: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 1aeb32228d92568e90f313a2a027c6790937eb8a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 50e1649a320f2e631da9e6393efb8459fd979e88)
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
...-a-custom-value-for-the-location-of-.patch | 6 +++---
.../gnupg/gnupg/relocate.patch | 20 +++++++++----------
.../{gnupg_2.2.20.bb => gnupg_2.2.21.bb} | 3 +--
3 files changed, 14 insertions(+), 15 deletions(-)
rename meta/recipes-support/gnupg/{gnupg_2.2.20.bb => gnupg_2.2.21.bb} (95%)
diff --git a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index 2c204e0245..0e78f5679e 100644
--- a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From e7ad11cf54475e455fdb84d118e4782961698567 Mon Sep 17 00:00:00 2001
+From 0e51c62706a8c54e90a2d98c5250ecc894c65182 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 22 Jan 2018 18:00:21 +0200
Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 919ab31..cd58fdb 100644
+index f3c9863..a57f559 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1855,7 +1855,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+@@ -1856,7 +1856,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
diff --git a/meta/recipes-support/gnupg/gnupg/relocate.patch b/meta/recipes-support/gnupg/gnupg/relocate.patch
index e5a82aa76d..25732a8277 100644
--- a/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From 59c077f32e81190955910cae02599c7a3edfa7fb Mon Sep 17 00:00:00 2001
+From 6e3b1d89758c3ee7072aeefa305ce5fe76f2e439 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 19 Sep 2018 14:44:40 +0100
Subject: [PATCH] Allow the environment to override where gnupg looks for its
@@ -12,10 +12,10 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/common/homedir.c b/common/homedir.c
-index e9e75d0..19140aa 100644
+index 4b6e46e..58989b4 100644
--- a/common/homedir.c
+++ b/common/homedir.c
-@@ -760,7 +760,7 @@ gnupg_socketdir (void)
+@@ -763,7 +763,7 @@ gnupg_socketdir (void)
if (!name)
{
unsigned int dummy;
@@ -24,7 +24,7 @@ index e9e75d0..19140aa 100644
}
return name;
-@@ -786,7 +786,7 @@ gnupg_sysconfdir (void)
+@@ -789,7 +789,7 @@ gnupg_sysconfdir (void)
}
return name;
#else /*!HAVE_W32_SYSTEM*/
@@ -33,7 +33,7 @@ index e9e75d0..19140aa 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -815,7 +815,7 @@ gnupg_bindir (void)
+@@ -818,7 +818,7 @@ gnupg_bindir (void)
else
return rdir;
#else /*!HAVE_W32_SYSTEM*/
@@ -42,7 +42,7 @@ index e9e75d0..19140aa 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -828,7 +828,7 @@ gnupg_libexecdir (void)
+@@ -831,7 +831,7 @@ gnupg_libexecdir (void)
#ifdef HAVE_W32_SYSTEM
return gnupg_bindir ();
#else /*!HAVE_W32_SYSTEM*/
@@ -51,7 +51,7 @@ index e9e75d0..19140aa 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -842,7 +842,7 @@ gnupg_libdir (void)
+@@ -845,7 +845,7 @@ gnupg_libdir (void)
name = xstrconcat (w32_rootdir (), DIRSEP_S "lib" DIRSEP_S "gnupg", NULL);
return name;
#else /*!HAVE_W32_SYSTEM*/
@@ -60,7 +60,7 @@ index e9e75d0..19140aa 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -856,7 +856,7 @@ gnupg_datadir (void)
+@@ -859,7 +859,7 @@ gnupg_datadir (void)
name = xstrconcat (w32_rootdir (), DIRSEP_S "share" DIRSEP_S "gnupg", NULL);
return name;
#else /*!HAVE_W32_SYSTEM*/
@@ -69,7 +69,7 @@ index e9e75d0..19140aa 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -872,7 +872,7 @@ gnupg_localedir (void)
+@@ -875,7 +875,7 @@ gnupg_localedir (void)
NULL);
return name;
#else /*!HAVE_W32_SYSTEM*/
@@ -78,7 +78,7 @@ index e9e75d0..19140aa 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -940,7 +940,7 @@ gnupg_cachedir (void)
+@@ -943,7 +943,7 @@ gnupg_cachedir (void)
}
return dir;
#else /*!HAVE_W32_SYSTEM*/
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.20.bb b/meta/recipes-support/gnupg/gnupg_2.2.21.bb
similarity index 95%
rename from meta/recipes-support/gnupg/gnupg_2.2.20.bb
rename to meta/recipes-support/gnupg/gnupg_2.2.21.bb
index 6629fc8556..f0aca9ef3e 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.20.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.21.bb
@@ -25,8 +25,7 @@ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-
file://relocate.patch"
SRC_URI_append_class-nativesdk = " file://relocate.patch"
-SRC_URI[md5sum] = "4ff88920cf52b35db0dedaee87bdbbb1"
-SRC_URI[sha256sum] = "04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30"
+SRC_URI[sha256sum] = "61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Dunfell][PATCH 4/7] gnupg: update 2.2.21 -> 2.2.22
2021-08-20 5:27 [Dunfell][PATCH 1/7] glibc: Security fix CVE-2021-33574 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 2/7] glibc: Security fix for CVE-2021-38604 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 3/7] gnupg: upgrade 2.2.20 -> 2.2.21 Armin Kuster
@ 2021-08-20 5:27 ` Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 5/7] gnupg: uprev 2.2.22 -> 2.2.23 Armin Kuster
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-08-20 5:27 UTC (permalink / raw)
To: openembedded-core; +Cc: Alexander Kanavin, Richard Purdie, Armin Kuster
From: Alexander Kanavin <alex.kanavin@gmail.com>
(From OE-Core rev: ad9f9fd5609c2014454c73045bc603c9883977e3)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 33eade06ebb327be80eef278835053759ffe23fa)
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
...use-a-custom-value-for-the-location-of-.patch | 6 +++---
.../gnupg/0003-dirmngr-uses-libgpg-error.patch | 16 +++++++---------
meta/recipes-support/gnupg/gnupg/relocate.patch | 2 +-
.../gnupg/{gnupg_2.2.21.bb => gnupg_2.2.22.bb} | 2 +-
4 files changed, 12 insertions(+), 14 deletions(-)
rename meta/recipes-support/gnupg/{gnupg_2.2.21.bb => gnupg_2.2.22.bb} (97%)
diff --git a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index 0e78f5679e..c641a19616 100644
--- a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From 0e51c62706a8c54e90a2d98c5250ecc894c65182 Mon Sep 17 00:00:00 2001
+From 56343af532389c31eab32c096c9a989c53c78ce0 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 22 Jan 2018 18:00:21 +0200
Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index f3c9863..a57f559 100644
+index 1d05d39..eaaf33c 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1856,7 +1856,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+@@ -1858,7 +1858,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
diff --git a/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch b/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
index 3e798efd06..607a09f188 100644
--- a/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
+++ b/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
@@ -1,7 +1,7 @@
-From 9c3858ffda6246bf9e1e6aeeb920532a56b19408 Mon Sep 17 00:00:00 2001
+From 9a901dbb1c48685f2db6d7b55916c9484e871f16 Mon Sep 17 00:00:00 2001
From: Saul Wold <sgw@linux.intel.com>
Date: Wed, 16 Aug 2017 11:18:01 +0800
-Subject: [PATCH 3/4] dirmngr uses libgpg error
+Subject: [PATCH] dirmngr uses libgpg error
Upstream-Status: Pending
Signed-off-by: Saul Wold <sgw@linux.intel.com>
@@ -9,24 +9,22 @@ Signed-off-by: Saul Wold <sgw@linux.intel.com>
Rebase to 2.1.23
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
---
dirmngr/Makefile.am | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
-index b404165..d3f916e 100644
+index 208a813..292c036 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
-@@ -82,7 +82,8 @@ endif
+@@ -90,7 +90,8 @@ endif
dirmngr_LDADD = $(libcommonpth) \
$(DNSLIBS) $(LIBASSUAN_LIBS) \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
-- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
-+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) \
+- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS)
++ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \
+ $(GPG_ERROR_LIBS)
if USE_LDAP
dirmngr_LDADD += $(ldaplibs)
endif
---
-1.8.3.1
-
diff --git a/meta/recipes-support/gnupg/gnupg/relocate.patch b/meta/recipes-support/gnupg/gnupg/relocate.patch
index 25732a8277..aa8d1e3cc2 100644
--- a/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From 6e3b1d89758c3ee7072aeefa305ce5fe76f2e439 Mon Sep 17 00:00:00 2001
+From 4005b3342db06749453835720b5a5c2392a90810 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 19 Sep 2018 14:44:40 +0100
Subject: [PATCH] Allow the environment to override where gnupg looks for its
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.21.bb b/meta/recipes-support/gnupg/gnupg_2.2.22.bb
similarity index 97%
rename from meta/recipes-support/gnupg/gnupg_2.2.21.bb
rename to meta/recipes-support/gnupg/gnupg_2.2.22.bb
index f0aca9ef3e..887ab0e1f2 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.21.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.22.bb
@@ -25,7 +25,7 @@ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-
file://relocate.patch"
SRC_URI_append_class-nativesdk = " file://relocate.patch"
-SRC_URI[sha256sum] = "61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec"
+SRC_URI[sha256sum] = "7c1370565e1910b9d8c4e0fb57b9de34aa062ec7bb91abad5803d791f38d855b"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Dunfell][PATCH 5/7] gnupg: uprev 2.2.22 -> 2.2.23
2021-08-20 5:27 [Dunfell][PATCH 1/7] glibc: Security fix CVE-2021-33574 Armin Kuster
` (2 preceding siblings ...)
2021-08-20 5:27 ` [Dunfell][PATCH 4/7] gnupg: update 2.2.21 -> 2.2.22 Armin Kuster
@ 2021-08-20 5:27 ` Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 6/7] gnupg: update 2.2.23 -> 2.2.26 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 7/7] gnupg: upgrade 2.2.26 -> 2.2.27 Armin Kuster
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-08-20 5:27 UTC (permalink / raw)
To: openembedded-core; +Cc: Saul Wold, Saul Wold, Richard Purdie, Armin Kuster
From: Saul Wold <Saul.Wold@windriver.com>
Source: poky.org
MR: 105607
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-support/gnupg?h=hardknott&id=0c06506d42f9e1f43a54a178cda47cfea3f12f81
ChangeID: 4341d0331368d6cd51d635d2c70555b3dce61792
Description:
This addresses CVE-2020-25125 and provides some other minor
updates and translations.
Updated commits for reference:
e234d04c3 Werner Koch Release 2.2.23
aeb8272ca Werner Koch gpg: Fix AEAD preference list overflow
038314665 Werner Koch po: auto update
1a4b0fd79 Yuri Chornoivan po: Update Ukrainian translation
93d10403a Jakub Bogusz po: Update Polish translation
a8a8105bc Werner Koch po: Add key-check.c to the list of translatable sources.
cad9955ac Petr Pisar po: Update Czech translation.
896c528ba Werner Koch gpg: Fix segv importing certain keys.
0a9665187 NIIBE Yutaka scd: Fix a regression for OpenPGP card.
bcae9cd4e Nagy Ferenc László po: Minor update to the Hungarian translation.
d2fe2ffd7 Werner Koch sm: Fix a bug in the rfc2253 parser
f799b3ddb Werner Koch Post release updates
(From OE-Core rev: 965683336816eba7cb0548e59faf224f74b306b1)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0c06506d42f9e1f43a54a178cda47cfea3f12f81)
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
meta/recipes-support/gnupg/{gnupg_2.2.22.bb => gnupg_2.2.23.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/gnupg/{gnupg_2.2.22.bb => gnupg_2.2.23.bb} (97%)
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.22.bb b/meta/recipes-support/gnupg/gnupg_2.2.23.bb
similarity index 97%
rename from meta/recipes-support/gnupg/gnupg_2.2.22.bb
rename to meta/recipes-support/gnupg/gnupg_2.2.23.bb
index 887ab0e1f2..fc157c7906 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.22.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.23.bb
@@ -25,7 +25,7 @@ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-
file://relocate.patch"
SRC_URI_append_class-nativesdk = " file://relocate.patch"
-SRC_URI[sha256sum] = "7c1370565e1910b9d8c4e0fb57b9de34aa062ec7bb91abad5803d791f38d855b"
+SRC_URI[sha256sum] = "10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Dunfell][PATCH 6/7] gnupg: update 2.2.23 -> 2.2.26
2021-08-20 5:27 [Dunfell][PATCH 1/7] glibc: Security fix CVE-2021-33574 Armin Kuster
` (3 preceding siblings ...)
2021-08-20 5:27 ` [Dunfell][PATCH 5/7] gnupg: uprev 2.2.22 -> 2.2.23 Armin Kuster
@ 2021-08-20 5:27 ` Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 7/7] gnupg: upgrade 2.2.26 -> 2.2.27 Armin Kuster
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-08-20 5:27 UTC (permalink / raw)
To: openembedded-core; +Cc: Alexander Kanavin, Richard Purdie, Armin Kuster
From: Alexander Kanavin <alex.kanavin@gmail.com>
(From OE-Core rev: eb7ad793d8c2e924adccc62e7680bb1cac640e89)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit df0bb1cb96389d534b53faf677a0f6ee30dd672d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
...e-a-custom-value-for-the-location-of-.patch | 6 +++---
.../gnupg/0003-dirmngr-uses-libgpg-error.patch | 18 ++++++++----------
.../recipes-support/gnupg/gnupg/relocate.patch | 2 +-
.../gnupg/{gnupg_2.2.23.bb => gnupg_2.2.26.bb} | 2 +-
4 files changed, 13 insertions(+), 15 deletions(-)
rename meta/recipes-support/gnupg/{gnupg_2.2.23.bb => gnupg_2.2.26.bb} (97%)
diff --git a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index c641a19616..a0af2d48dc 100644
--- a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From 56343af532389c31eab32c096c9a989c53c78ce0 Mon Sep 17 00:00:00 2001
+From abc5c396aaddaef2e6811362e3e0cc0da28c2b34 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 22 Jan 2018 18:00:21 +0200
Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 1d05d39..eaaf33c 100644
+index 64cb8c6..3fe9027 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1858,7 +1858,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+@@ -1824,7 +1824,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
diff --git a/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch b/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
index 607a09f188..a13b4d5fb5 100644
--- a/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
+++ b/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
@@ -1,4 +1,4 @@
-From 9a901dbb1c48685f2db6d7b55916c9484e871f16 Mon Sep 17 00:00:00 2001
+From 6c75656b68cb6e38b039ae532bd39437cd6daec5 Mon Sep 17 00:00:00 2001
From: Saul Wold <sgw@linux.intel.com>
Date: Wed, 16 Aug 2017 11:18:01 +0800
Subject: [PATCH] dirmngr uses libgpg error
@@ -11,20 +11,18 @@ Rebase to 2.1.23
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
- dirmngr/Makefile.am | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
+ dirmngr/Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
-index 208a813..292c036 100644
+index 00d3c42..450d873 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
-@@ -90,7 +90,8 @@ endif
- dirmngr_LDADD = $(libcommonpth) \
+@@ -101,6 +101,7 @@ dirmngr_LDADD = $(libcommonpth) \
$(DNSLIBS) $(LIBASSUAN_LIBS) \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
-- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS)
-+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \
-+ $(GPG_ERROR_LIBS)
+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) \
++ $(GPG_ERROR_LIBS) \
+ $(dirmngr_robj)
if USE_LDAP
dirmngr_LDADD += $(ldaplibs)
- endif
diff --git a/meta/recipes-support/gnupg/gnupg/relocate.patch b/meta/recipes-support/gnupg/gnupg/relocate.patch
index aa8d1e3cc2..7f7812cd46 100644
--- a/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From 4005b3342db06749453835720b5a5c2392a90810 Mon Sep 17 00:00:00 2001
+From bd66af2ac7bb6d9294ac8055a55462ba7c4f9c9b Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 19 Sep 2018 14:44:40 +0100
Subject: [PATCH] Allow the environment to override where gnupg looks for its
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.23.bb b/meta/recipes-support/gnupg/gnupg_2.2.26.bb
similarity index 97%
rename from meta/recipes-support/gnupg/gnupg_2.2.23.bb
rename to meta/recipes-support/gnupg/gnupg_2.2.26.bb
index fc157c7906..e2b03a520f 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.23.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.26.bb
@@ -25,7 +25,7 @@ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-
file://relocate.patch"
SRC_URI_append_class-nativesdk = " file://relocate.patch"
-SRC_URI[sha256sum] = "10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c"
+SRC_URI[sha256sum] = "517569e6c9fad22175df16be5900f94c991c41e53612db63c14493e814cfff6d"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Dunfell][PATCH 7/7] gnupg: upgrade 2.2.26 -> 2.2.27
2021-08-20 5:27 [Dunfell][PATCH 1/7] glibc: Security fix CVE-2021-33574 Armin Kuster
` (4 preceding siblings ...)
2021-08-20 5:27 ` [Dunfell][PATCH 6/7] gnupg: update 2.2.23 -> 2.2.26 Armin Kuster
@ 2021-08-20 5:27 ` Armin Kuster
5 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-08-20 5:27 UTC (permalink / raw)
To: openembedded-core; +Cc: Wang Mingyu, Richard Purdie, Armin Kuster
From: Wang Mingyu <wangmy@cn.fujitsu.com>
(From OE-Core rev: 90798e892fd3e0d2ef77a7ba64a33ea9f8ef317b)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 33a997a80a56fba4138780fadda231ae4fd751ea)
[gnupg 2.2 is an LTS release so this series are all bug fixes.
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000452.html]
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
meta/recipes-support/gnupg/{gnupg_2.2.26.bb => gnupg_2.2.27.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/gnupg/{gnupg_2.2.26.bb => gnupg_2.2.27.bb} (97%)
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.26.bb b/meta/recipes-support/gnupg/gnupg_2.2.27.bb
similarity index 97%
rename from meta/recipes-support/gnupg/gnupg_2.2.26.bb
rename to meta/recipes-support/gnupg/gnupg_2.2.27.bb
index e2b03a520f..1181c8341b 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.26.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.27.bb
@@ -25,7 +25,7 @@ SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-
file://relocate.patch"
SRC_URI_append_class-nativesdk = " file://relocate.patch"
-SRC_URI[sha256sum] = "517569e6c9fad22175df16be5900f94c991c41e53612db63c14493e814cfff6d"
+SRC_URI[sha256sum] = "34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-08-20 5:27 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-20 5:27 [Dunfell][PATCH 1/7] glibc: Security fix CVE-2021-33574 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 2/7] glibc: Security fix for CVE-2021-38604 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 3/7] gnupg: upgrade 2.2.20 -> 2.2.21 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 4/7] gnupg: update 2.2.21 -> 2.2.22 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 5/7] gnupg: uprev 2.2.22 -> 2.2.23 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 6/7] gnupg: update 2.2.23 -> 2.2.26 Armin Kuster
2021-08-20 5:27 ` [Dunfell][PATCH 7/7] gnupg: upgrade 2.2.26 -> 2.2.27 Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.