diff options
author | Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | 2018-08-22 17:11:45 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-08-29 15:23:51 +0100 |
commit | 8fcd5a31b9563de0f208826cfb3aaf1da886b286 (patch) | |
tree | 1bfccb3df4edf86c844435cc3353b1bc5ebc2aca /meta | |
parent | 52fc5763c6cfc06fe7ca533814815c07a6e213f6 (diff) | |
download | poky-8fcd5a31b9563de0f208826cfb3aaf1da886b286.tar.gz |
gnupg: CVE-2018-12020
gpg: Sanitize diagnostic with the original file name.
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
(From OE-Core rev: f1c0da2bcb0587ac25176db11365d4a2a15b3d30)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch | 47 | ||||
-rw-r--r-- | meta/recipes-support/gnupg/gnupg_2.2.4.bb | 1 |
2 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch b/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch new file mode 100644 index 0000000000..14698dba72 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch | |||
@@ -0,0 +1,47 @@ | |||
1 | From 13f135c7a252cc46cff96e75968d92b6dc8dce1b Mon Sep 17 00:00:00 2001 | ||
2 | From: Werner Koch <wk@gnupg.org> | ||
3 | Date: Fri, 8 Jun 2018 10:45:21 +0200 | ||
4 | Subject: [PATCH] gpg: Sanitize diagnostic with the original file name. | ||
5 | |||
6 | * g10/mainproc.c (proc_plaintext): Sanitize verbose output. | ||
7 | -- | ||
8 | |||
9 | This fixes a forgotten sanitation of user supplied data in a verbose | ||
10 | mode diagnostic. The mention CVE is about using this to inject | ||
11 | status-fd lines into the stderr output. Other harm good as well be | ||
12 | done. Note that GPGME based applications are not affected because | ||
13 | GPGME does not fold status output into stderr. | ||
14 | |||
15 | CVE-id: CVE-2018-12020 | ||
16 | GnuPG-bug-id: 4012 | ||
17 | |||
18 | Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=13f135c7a252cc46cff96e75968d92b6dc8dce1b] | ||
19 | |||
20 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
21 | --- | ||
22 | g10/mainproc.c | 9 ++++++++- | ||
23 | 1 file changed, 8 insertions(+), 1 deletion(-) | ||
24 | |||
25 | diff --git a/g10/mainproc.c b/g10/mainproc.c | ||
26 | index d2ceec2fd..a9da08f74 100644 | ||
27 | --- a/g10/mainproc.c | ||
28 | +++ b/g10/mainproc.c | ||
29 | @@ -851,7 +851,14 @@ proc_plaintext( CTX c, PACKET *pkt ) | ||
30 | if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8)) | ||
31 | log_info (_("Note: sender requested \"for-your-eyes-only\"\n")); | ||
32 | else if (opt.verbose) | ||
33 | - log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name); | ||
34 | + { | ||
35 | + /* We don't use print_utf8_buffer because that would require a | ||
36 | + * string change which we don't want in 2.2. It is also not | ||
37 | + * clear whether the filename is always utf-8 encoded. */ | ||
38 | + char *tmp = make_printable_string (pt->name, pt->namelen, 0); | ||
39 | + log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp); | ||
40 | + xfree (tmp); | ||
41 | + } | ||
42 | |||
43 | free_md_filter_context (&c->mfx); | ||
44 | if (gcry_md_open (&c->mfx.md, 0, 0)) | ||
45 | -- | ||
46 | 2.13.3 | ||
47 | |||
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/meta/recipes-support/gnupg/gnupg_2.2.4.bb index d3f1a8f4c4..d6bfaff377 100644 --- a/meta/recipes-support/gnupg/gnupg_2.2.4.bb +++ b/meta/recipes-support/gnupg/gnupg_2.2.4.bb | |||
@@ -14,6 +14,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ | |||
14 | file://0002-use-pkgconfig-instead-of-npth-config.patch \ | 14 | file://0002-use-pkgconfig-instead-of-npth-config.patch \ |
15 | file://0003-dirmngr-uses-libgpg-error.patch \ | 15 | file://0003-dirmngr-uses-libgpg-error.patch \ |
16 | file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ | 16 | file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ |
17 | file://CVE-2018-12020.patch \ | ||
17 | " | 18 | " |
18 | SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch" | 19 | SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch" |
19 | 20 | ||