* [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6
@ 2018-04-17 9:37 Baruch Siach
2018-04-17 9:37 ` [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 Baruch Siach
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Baruch Siach @ 2018-04-17 9:37 UTC (permalink / raw)
To: buildroot
Add upstream patch fixing gpgme_op_verify regression with gnupg2 2.2.6.
https://lists.gnupg.org/pipermail/gnupg-users/2018-April/060230.html
Cc: Philipp Claves <claves@budelmann-elektronik.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
...1-core-Tweak-STATUS_FAILURE-handling.patch | 51 +++++++++++++++++++
1 file changed, 51 insertions(+)
create mode 100644 package/libgpgme/0001-core-Tweak-STATUS_FAILURE-handling.patch
diff --git a/package/libgpgme/0001-core-Tweak-STATUS_FAILURE-handling.patch b/package/libgpgme/0001-core-Tweak-STATUS_FAILURE-handling.patch
new file mode 100644
index 000000000000..ae0e9c549872
--- /dev/null
+++ b/package/libgpgme/0001-core-Tweak-STATUS_FAILURE-handling.patch
@@ -0,0 +1,51 @@
+From b99502274ae5efdf6df0d967900ec3d1e64373d7 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 12 Apr 2018 20:36:30 +0200
+Subject: [PATCH] core: Tweak STATUS_FAILURE handling.
+
+* src/op-support.c (_gpgme_parse_failure): Ignore failures with
+location "gpg-exit".
+* tests/gpg/t-verify.c (main): Adjust for the now working checking of
+the second key.
+
+Signed-off-by: Werner Koch <wk@gnupg.org>
+[baruch: drop test]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit b99502274ae
+
+ src/op-support.c | 10 +++++++++-
+ tests/gpg/t-verify.c | 8 +++++---
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/op-support.c b/src/op-support.c
+index 43cb1c760e0d..e55875f904d0 100644
+--- a/src/op-support.c
++++ b/src/op-support.c
+@@ -400,7 +400,13 @@ _gpgme_parse_plaintext (char *args, char **filenamep)
+
+
+ /* Parse a FAILURE status line and return the error code. ARGS is
+- modified to contain the location part. */
++ * modified to contain the location part. Note that for now we ignore
++ * failure codes with a location of gpg-exit; they are too trouble
++ * some. Instead we should eventually record that error in the
++ * context and provide a function to return a fuller error
++ * description; this could then also show the location of the error
++ * (e.g. "option- parser") to make it easier for the user to detect
++ * the actual error. */
+ gpgme_error_t
+ _gpgme_parse_failure (char *args)
+ {
+@@ -418,6 +424,8 @@ _gpgme_parse_failure (char *args)
+ *where = '\0';
+
+ where = args;
++ if (!strcmp (where, "gpg-exit"))
++ return 0;
+
+ return atoi (which);
+ }
+--
+2.17.0
+
--
2.17.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6
2018-04-17 9:37 [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Baruch Siach
@ 2018-04-17 9:37 ` Baruch Siach
2018-05-01 7:28 ` Peter Korsgaard
2018-04-17 9:37 ` [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29 Baruch Siach
` (2 subsequent siblings)
3 siblings, 1 reply; 7+ messages in thread
From: Baruch Siach @ 2018-04-17 9:37 UTC (permalink / raw)
To: buildroot
Fixes CVE-2018-9234: Unenforced configuration allows for apparently
valid certifications actually signed by signing subkeys.
Remove --disable-doc from configure options. We pass this options to all
autotools packages.
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/gnupg2/gnupg2.hash | 8 ++++----
package/gnupg2/gnupg2.mk | 4 ++--
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
index 9cc8e4c9138c..155295244e6c 100644
--- a/package/gnupg2/gnupg2.hash
+++ b/package/gnupg2/gnupg2.hash
@@ -1,6 +1,6 @@
-# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q1/000420.html
-sha1 9dec110397e460b3950943e18f5873a4f277f216 gnupg-2.2.5.tar.bz2
+# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000421.html
+sha1 295298debcc2c12f02a2f2fdf04aecb6d6aae396 gnupg-2.2.6.tar.bz2
# Calculated based on the hash above and signature
-# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.5.tar.bz2.sig
-sha256 3fa189a32d4fb62147874eb1389047c267d9ba088f57ab521cb0df46f08aef57 gnupg-2.2.5.tar.bz2
+# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.6.tar.bz2.sig
+sha256 e64d8c5fa2d05938a5080cb784a98ac21be0812f2a26f844b18f0d6a0e711984 gnupg-2.2.6.tar.bz2
sha256 bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357 COPYING
diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
index ba5370902f1e..4d84bfbb9ea8 100644
--- a/package/gnupg2/gnupg2.mk
+++ b/package/gnupg2/gnupg2.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GNUPG2_VERSION = 2.2.5
+GNUPG2_VERSION = 2.2.6
GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG2_LICENSE = GPL-3.0+
@@ -13,7 +13,7 @@ GNUPG2_DEPENDENCIES = zlib libgpg-error libgcrypt libassuan libksba libnpth \
$(if $(BR2_PACKAGE_LIBICONV),libiconv) host-pkgconf
GNUPG2_CONF_OPTS = \
- --disable-rpath --disable-regex --disable-doc \
+ --disable-rpath --disable-regex \
--with-libgpg-error-prefix=$(STAGING_DIR)/usr \
--with-libgcrypt-prefix=$(STAGING_DIR)/usr \
--with-libassuan-prefix=$(STAGING_DIR)/usr \
--
2.17.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29
2018-04-17 9:37 [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Baruch Siach
2018-04-17 9:37 ` [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 Baruch Siach
@ 2018-04-17 9:37 ` Baruch Siach
2018-05-01 7:28 ` Peter Korsgaard
2018-04-25 20:57 ` [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Thomas Petazzoni
2018-05-01 7:28 ` Peter Korsgaard
3 siblings, 1 reply; 7+ messages in thread
From: Baruch Siach @ 2018-04-17 9:37 UTC (permalink / raw)
To: buildroot
Drop upstream patch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
...ion-on-arm64-due-to-invalid-use-of-v.patch | 59 -------------------
package/libgpg-error/libgpg-error.hash | 4 +-
package/libgpg-error/libgpg-error.mk | 2 +-
3 files changed, 3 insertions(+), 62 deletions(-)
delete mode 100644 package/libgpg-error/0001-core-Fix-regression-on-arm64-due-to-invalid-use-of-v.patch
diff --git a/package/libgpg-error/0001-core-Fix-regression-on-arm64-due-to-invalid-use-of-v.patch b/package/libgpg-error/0001-core-Fix-regression-on-arm64-due-to-invalid-use-of-v.patch
deleted file mode 100644
index a37337a0902d..000000000000
--- a/package/libgpg-error/0001-core-Fix-regression-on-arm64-due-to-invalid-use-of-v.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 791177de023574223eddf7288eb7c5a0721ac623 Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Sun, 18 Mar 2018 17:39:43 +0100
-Subject: [PATCH] core: Fix regression on arm64 due to invalid use of va_list.
-
-* src/logging.c (_gpgrt_log_printhex): Provide a dummy arg instead of
-NULL.
---
-
-Fix
-Suggested-by: Jakub Wilk <jwilk@jwilk.net>
-
-Signed-off-by: Werner Koch <wk@gnupg.org>
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Upstream status: commit 791177de023
-
- src/logging.c | 18 ++++++++++++++----
- 1 file changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/src/logging.c b/src/logging.c
-index 1a4f6203d16d..d01f974e4545 100644
---- a/src/logging.c
-+++ b/src/logging.c
-@@ -1090,9 +1090,10 @@ _gpgrt_log_flush (void)
-
-
- /* Print a hexdump of (BUFFER,LENGTH). With FMT passed as NULL print
-- * just the raw dump, with FMT being an empty string, print a trailing
-- * linefeed, otherwise print an entire debug line with the expanded
-- * FMT followed by a possible wrapped hexdump and a final LF. */
-+ * just the raw dump (in this case ARG_PTR is not used), with FMT
-+ * being an empty string, print a trailing linefeed, otherwise print
-+ * an entire debug line with the expanded FMT followed by a possible
-+ * wrapped hexdump and a final LF. */
- void
- _gpgrt_logv_printhex (const void *buffer, size_t length,
- const char *fmt, va_list arg_ptr)
-@@ -1150,7 +1151,16 @@ _gpgrt_log_printhex (const void *buffer, size_t length,
- va_end (arg_ptr);
- }
- else
-- _gpgrt_logv_printhex (buffer, length, NULL, NULL);
-+ {
-+ /* va_list is not necessary a pointer and thus we can't use NULL
-+ * because that would conflict with platforms using a straight
-+ * struct for it (e.g. arm64). We use a dummy variable instead;
-+ * the static is a simple way zero it out so to not get
-+ * complains about uninitialized use. */
-+ static va_list dummy_argptr;
-+
-+ _gpgrt_logv_printhex (buffer, length, NULL, dummy_argptr);
-+ }
- }
-
-
---
-2.16.2
-
diff --git a/package/libgpg-error/libgpg-error.hash b/package/libgpg-error/libgpg-error.hash
index fd08aa54d898..0e6304de6677 100644
--- a/package/libgpg-error/libgpg-error.hash
+++ b/package/libgpg-error/libgpg-error.hash
@@ -1,6 +1,6 @@
# Locally calculated after checking pgp signature
-# https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.28.tar.bz2.sig
-sha256 3edb957744905412f30de3e25da18682cbe509541e18cd3b8f9df695a075da49 libgpg-error-1.28.tar.bz2
+# https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.29.tar.bz2.sig
+sha256 ece926fa5719d17a7ad8da618712cfa2f8a796ab2f2af9d544c5bb093383b1ea libgpg-error-1.29.tar.bz2
# Locally calculated
sha256 231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c COPYING
sha256 a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861 COPYING.LIB
diff --git a/package/libgpg-error/libgpg-error.mk b/package/libgpg-error/libgpg-error.mk
index f70420355603..862cb44eefed 100644
--- a/package/libgpg-error/libgpg-error.mk
+++ b/package/libgpg-error/libgpg-error.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBGPG_ERROR_VERSION = 1.28
+LIBGPG_ERROR_VERSION = 1.29
LIBGPG_ERROR_SITE = https://www.gnupg.org/ftp/gcrypt/libgpg-error
LIBGPG_ERROR_SOURCE = libgpg-error-$(LIBGPG_ERROR_VERSION).tar.bz2
LIBGPG_ERROR_LICENSE = GPL-2.0+, LGPL-2.1+
--
2.17.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6
2018-04-17 9:37 [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Baruch Siach
2018-04-17 9:37 ` [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 Baruch Siach
2018-04-17 9:37 ` [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29 Baruch Siach
@ 2018-04-25 20:57 ` Thomas Petazzoni
2018-05-01 7:28 ` Peter Korsgaard
3 siblings, 0 replies; 7+ messages in thread
From: Thomas Petazzoni @ 2018-04-25 20:57 UTC (permalink / raw)
To: buildroot
Hello,
On Tue, 17 Apr 2018 12:37:11 +0300, Baruch Siach wrote:
> Add upstream patch fixing gpgme_op_verify regression with gnupg2 2.2.6.
>
> https://lists.gnupg.org/pipermail/gnupg-users/2018-April/060230.html
>
> Cc: Philipp Claves <claves@budelmann-elektronik.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> ...1-core-Tweak-STATUS_FAILURE-handling.patch | 51 +++++++++++++++++++
> 1 file changed, 51 insertions(+)
> create mode 100644 package/libgpgme/0001-core-Tweak-STATUS_FAILURE-handling.patch
Series applied. Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6
2018-04-17 9:37 [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Baruch Siach
` (2 preceding siblings ...)
2018-04-25 20:57 ` [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Thomas Petazzoni
@ 2018-05-01 7:28 ` Peter Korsgaard
3 siblings, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2018-05-01 7:28 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Add upstream patch fixing gpgme_op_verify regression with gnupg2 2.2.6.
> https://lists.gnupg.org/pipermail/gnupg-users/2018-April/060230.html
> Cc: Philipp Claves <claves@budelmann-elektronik.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29
2018-04-17 9:37 ` [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29 Baruch Siach
@ 2018-05-01 7:28 ` Peter Korsgaard
0 siblings, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2018-05-01 7:28 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Drop upstream patch.
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6
2018-04-17 9:37 ` [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 Baruch Siach
@ 2018-05-01 7:28 ` Peter Korsgaard
0 siblings, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2018-05-01 7:28 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Fixes CVE-2018-9234: Unenforced configuration allows for apparently
> valid certifications actually signed by signing subkeys.
> Remove --disable-doc from configure options. We pass this options to all
> autotools packages.
> Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-05-01 7:28 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-17 9:37 [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Baruch Siach
2018-04-17 9:37 ` [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 Baruch Siach
2018-05-01 7:28 ` Peter Korsgaard
2018-04-17 9:37 ` [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29 Baruch Siach
2018-05-01 7:28 ` Peter Korsgaard
2018-04-25 20:57 ` [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Thomas Petazzoni
2018-05-01 7:28 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.