2 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch b/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch
new file mode 100644
index 0000000000..14698dba72
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch
@@ -0,0 +1,47 @@
+From 13f135c7a252cc46cff96e75968d92b6dc8dce1b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Fri, 8 Jun 2018 10:45:21 +0200
+Subject: [PATCH] gpg: Sanitize diagnostic with the original file name.
+* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
+--
+This fixes a forgotten sanitation of user supplied data in a verbose
+mode diagnostic.  The mention CVE is about using this to inject
+status-fd lines into the stderr output.  Other harm good as well be
+done.  Note that GPGME based applications are not affected because
+GPGME does not fold status output into stderr.
+CVE-id: CVE-2018-12020
+GnuPG-bug-id: 4012
+Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=13f135c7a252cc46cff96e75968d92b6dc8dce1b]
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ g10/mainproc.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+diff --git a/g10/mainproc.c b/g10/mainproc.c
+index d2ceec2fd..a9da08f74 100644
+--- a/g10/mainproc.c
+++ b/g10/mainproc.c
+@@ -851,7 +851,14 @@ proc_plaintext( CTX c, PACKET *pkt )
+   if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
+     log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
+   else if (opt.verbose)
+-    log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
+    {
+      /* We don't use print_utf8_buffer because that would require a
+       * string change which we don't want in 2.2.  It is also not
+       * clear whether the filename is always utf-8 encoded.  */
+      char *tmp = make_printable_string (pt->name, pt->namelen, 0);
+      log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp);
+      xfree (tmp);
+    }
+ 
+   free_md_filter_context (&c->mfx);
+   if (gcry_md_open (&c->mfx.md, 0, 0))
+-- 
+2.13.3
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/meta/recipes-support/gnupg/gnupg_2.2.4.bb
index d3f1a8f4c4..d6bfaff377 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.4.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.4.bb
@@ -14,6 +14,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
           file://0002-use-pkgconfig-instead-of-npth-config.patch \
           file://0003-dirmngr-uses-libgpg-error.patch \
           file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
+           file://CVE-2018-12020.patch \
          "
 SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"

diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch b/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch new file mode 100644 index 0000000000..14698dba72 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch
@@ -0,0 +1,47 @@
		1	From 13f135c7a252cc46cff96e75968d92b6dc8dce1b Mon Sep 17 00:00:00 2001
		2	From: Werner Koch <wk@gnupg.org>
		3	Date: Fri, 8 Jun 2018 10:45:21 +0200
		4	Subject: [PATCH] gpg: Sanitize diagnostic with the original file name.
		5
		6	* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
		7	--
		8
		9	This fixes a forgotten sanitation of user supplied data in a verbose
		10	mode diagnostic. The mention CVE is about using this to inject
		11	status-fd lines into the stderr output. Other harm good as well be
		12	done. Note that GPGME based applications are not affected because
		13	GPGME does not fold status output into stderr.
		14
		15	CVE-id: CVE-2018-12020
		16	GnuPG-bug-id: 4012
		17
		18	Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=13f135c7a252cc46cff96e75968d92b6dc8dce1b]
		19
		20	Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
		21	---
		22	g10/mainproc.c \| 9 ++++++++-
		23	1 file changed, 8 insertions(+), 1 deletion(-)
		24
		25	diff --git a/g10/mainproc.c b/g10/mainproc.c
		26	index d2ceec2fd..a9da08f74 100644
		27	--- a/g10/mainproc.c
		28	+++ b/g10/mainproc.c
		29	@@ -851,7 +851,14 @@ proc_plaintext( CTX c, PACKET *pkt )
		30	if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
		31	log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
		32	else if (opt.verbose)
		33	- log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
		34	+ {
		35	+ /* We don't use print_utf8_buffer because that would require a
		36	+ * string change which we don't want in 2.2. It is also not
		37	+ * clear whether the filename is always utf-8 encoded. */
		38	+ char *tmp = make_printable_string (pt->name, pt->namelen, 0);
		39	+ log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp);
		40	+ xfree (tmp);
		41	+ }
		42
		43	free_md_filter_context (&c->mfx);
		44	if (gcry_md_open (&c->mfx.md, 0, 0))
		45	--
		46	2.13.3
		47


diff --git a/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/meta/recipes-support/gnupg/gnupg_2.2.4.bb index d3f1a8f4c4..d6bfaff377 100644 --- a/meta/recipes-support/gnupg/gnupg_2.2.4.bb +++ b/meta/recipes-support/gnupg/gnupg_2.2.4.bb
@@ -14,6 +14,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
14	file://0002-use-pkgconfig-instead-of-npth-config.patch \	14	file://0002-use-pkgconfig-instead-of-npth-config.patch \
15	file://0003-dirmngr-uses-libgpg-error.patch \	15	file://0003-dirmngr-uses-libgpg-error.patch \
16	file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \	16	file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
		17	file://CVE-2018-12020.patch \
17	"	18	"
18	SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"	19	SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"
19		20