gnupg: CVE-2018-9234

* CVE-2018-9234 GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. Affects gnupg <= 2.2.5 CVE: CVE-2018-9234 Ref: https://access.redhat.com/security/cve/cve-2018-9234 (From OE-Core rev: af920831ed1ef607db195372f135cc56e9f53b41) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Sinan Kaya <okaya@kernel.org> 2018-09-24 16:08:07 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-10-10 13:26:25 +0100
commit: c8a29e6c8190bdd7f10e96f8e1b351586dee0368 (patch)
tree: b9003cc0af13e8b7eec39273f58d9ccd0e9f6513 /meta/recipes-support
parent: 5315ebeded2af486cf95c83ec988287202a3ae2a (diff)
download: poky-c8a29e6c8190bdd7f10e96f8e1b351586dee0368.tar.gz
2 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch b/meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch
new file mode 100644
index 0000000000..d4ba1d8635
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch
@@ -0,0 +1,28 @@
+From ce055269c80f6e7c1393c0deec7bc5f0d37895ea Mon Sep 17 00:00:00 2001
+From: Sinan Kaya <okaya@kernel.org>
+Date: Sun, 23 Sep 2018 04:05:47 +0000
+Subject: [PATCH] g10: Fix filtering by PK->REQ_USAGE
+Upstream-Status: Backport [https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657]
+CVE: CVE-2018-9234
+Signed-off-by: Sinan Kaya <okaya@kernel.org>
+---
+ g10/getkey.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/g10/getkey.c b/g10/getkey.c
+index e31e023..ca2500c 100644
+--- a/g10/getkey.c
+++ b/g10/getkey.c
+@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
+       ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
+        : KEYDB_SEARCH_MODE_FPR20;
+       memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
+      if (pk)
+        ctx.req_usage = pk->req_usage;
+       rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
+       if (!rc && pk)
+        pk_from_block (pk, kb, found_key);
+-- 
+2.19.0
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/meta/recipes-support/gnupg/gnupg_2.2.4.bb
index d6bfaff377..d777fcb122 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.4.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.4.bb
@@ -15,6 +15,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
           file://0003-dirmngr-uses-libgpg-error.patch \
           file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
           file://CVE-2018-12020.patch \
+           file://CVE-2018-9234.patch \
          "
 SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"
author	Sinan Kaya <okaya@kernel.org>	2018-09-24 16:08:07 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-10-10 13:26:25 +0100
commit	c8a29e6c8190bdd7f10e96f8e1b351586dee0368 (patch)
tree	b9003cc0af13e8b7eec39273f58d9ccd0e9f6513 /meta/recipes-support
parent	5315ebeded2af486cf95c83ec988287202a3ae2a (diff)
download	poky-c8a29e6c8190bdd7f10e96f8e1b351586dee0368.tar.gz

diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch b/meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch new file mode 100644 index 0000000000..d4ba1d8635 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch
@@ -0,0 +1,28 @@
		1	From ce055269c80f6e7c1393c0deec7bc5f0d37895ea Mon Sep 17 00:00:00 2001
		2	From: Sinan Kaya <okaya@kernel.org>
		3	Date: Sun, 23 Sep 2018 04:05:47 +0000
		4	Subject: [PATCH] g10: Fix filtering by PK->REQ_USAGE
		5
		6	Upstream-Status: Backport [https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657]
		7	CVE: CVE-2018-9234
		8	Signed-off-by: Sinan Kaya <okaya@kernel.org>
		9	---
		10	g10/getkey.c \| 2 ++
		11	1 file changed, 2 insertions(+)
		12
		13	diff --git a/g10/getkey.c b/g10/getkey.c
		14	index e31e023..ca2500c 100644
		15	--- a/g10/getkey.c
		16	+++ b/g10/getkey.c
		17	@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key pk, kbnode_t r_keyblock,
		18	ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
		19	: KEYDB_SEARCH_MODE_FPR20;
		20	memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
		21	+ if (pk)
		22	+ ctx.req_usage = pk->req_usage;
		23	rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
		24	if (!rc && pk)
		25	pk_from_block (pk, kb, found_key);
		26	--
		27	2.19.0
		28


diff --git a/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/meta/recipes-support/gnupg/gnupg_2.2.4.bb index d6bfaff377..d777fcb122 100644 --- a/meta/recipes-support/gnupg/gnupg_2.2.4.bb +++ b/meta/recipes-support/gnupg/gnupg_2.2.4.bb
@@ -15,6 +15,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
15	file://0003-dirmngr-uses-libgpg-error.patch \	15	file://0003-dirmngr-uses-libgpg-error.patch \
16	file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \	16	file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
17	file://CVE-2018-12020.patch \	17	file://CVE-2018-12020.patch \
		18	file://CVE-2018-9234.patch \
18	"	19	"
19	SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"	20	SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"
20		21