summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorJagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>2018-08-22 17:11:45 +0530
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-29 15:23:51 +0100
commit8fcd5a31b9563de0f208826cfb3aaf1da886b286 (patch)
tree1bfccb3df4edf86c844435cc3353b1bc5ebc2aca /meta
parent52fc5763c6cfc06fe7ca533814815c07a6e213f6 (diff)
downloadpoky-8fcd5a31b9563de0f208826cfb3aaf1da886b286.tar.gz
gnupg: CVE-2018-12020
gpg: Sanitize diagnostic with the original file name. * g10/mainproc.c (proc_plaintext): Sanitize verbose output. (From OE-Core rev: f1c0da2bcb0587ac25176db11365d4a2a15b3d30) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch47
-rw-r--r--meta/recipes-support/gnupg/gnupg_2.2.4.bb1
2 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch b/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch
new file mode 100644
index 0000000000..14698dba72
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch
@@ -0,0 +1,47 @@
1From 13f135c7a252cc46cff96e75968d92b6dc8dce1b Mon Sep 17 00:00:00 2001
2From: Werner Koch <wk@gnupg.org>
3Date: Fri, 8 Jun 2018 10:45:21 +0200
4Subject: [PATCH] gpg: Sanitize diagnostic with the original file name.
5
6* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
7--
8
9This fixes a forgotten sanitation of user supplied data in a verbose
10mode diagnostic. The mention CVE is about using this to inject
11status-fd lines into the stderr output. Other harm good as well be
12done. Note that GPGME based applications are not affected because
13GPGME does not fold status output into stderr.
14
15CVE-id: CVE-2018-12020
16GnuPG-bug-id: 4012
17
18Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=13f135c7a252cc46cff96e75968d92b6dc8dce1b]
19
20Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
21---
22 g10/mainproc.c | 9 ++++++++-
23 1 file changed, 8 insertions(+), 1 deletion(-)
24
25diff --git a/g10/mainproc.c b/g10/mainproc.c
26index d2ceec2fd..a9da08f74 100644
27--- a/g10/mainproc.c
28+++ b/g10/mainproc.c
29@@ -851,7 +851,14 @@ proc_plaintext( CTX c, PACKET *pkt )
30 if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
31 log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
32 else if (opt.verbose)
33- log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
34+ {
35+ /* We don't use print_utf8_buffer because that would require a
36+ * string change which we don't want in 2.2. It is also not
37+ * clear whether the filename is always utf-8 encoded. */
38+ char *tmp = make_printable_string (pt->name, pt->namelen, 0);
39+ log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp);
40+ xfree (tmp);
41+ }
42
43 free_md_filter_context (&c->mfx);
44 if (gcry_md_open (&c->mfx.md, 0, 0))
45--
462.13.3
47
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/meta/recipes-support/gnupg/gnupg_2.2.4.bb
index d3f1a8f4c4..d6bfaff377 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.4.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.4.bb
@@ -14,6 +14,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
14 file://0002-use-pkgconfig-instead-of-npth-config.patch \ 14 file://0002-use-pkgconfig-instead-of-npth-config.patch \
15 file://0003-dirmngr-uses-libgpg-error.patch \ 15 file://0003-dirmngr-uses-libgpg-error.patch \
16 file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ 16 file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
17 file://CVE-2018-12020.patch \
17 " 18 "
18SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch" 19SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"
19 20