diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-17 04:11:34 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-09 02:21:44 +0300 |
commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /poky/meta/recipes-support/gnupg | |
parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
download | openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.xz |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-support/gnupg')
-rw-r--r-- | poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch | 10 | ||||
-rw-r--r-- | poky/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch | 47 | ||||
-rw-r--r-- | poky/meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch | 28 | ||||
-rw-r--r-- | poky/meta/recipes-support/gnupg/gnupg_2.2.9.bb (renamed from poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb) | 6 |
4 files changed, 6 insertions, 85 deletions
diff --git a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch index 3e3a64df2..5f1dd30f8 100644 --- a/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch +++ b/poky/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch @@ -1,4 +1,4 @@ -From 0b97148c3aad0993a9aeb088596fa63a2fec5328 Mon Sep 17 00:00:00 2001 +From 7eb7efb9ce89c66e14c194773c4dcf6478a6ca4d Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 22 Jan 2018 18:00:21 +0200 Subject: [PATCH] configure.ac: use a custom value for the location of @@ -8,15 +8,16 @@ This should avoid clashes with the host gpg-agent observed on autobuilders. Upstream-Status: Inappropriate [oe-core specific, and only for -native] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 382ef1d..0570d7c 100644 +index 59a2e60..12d390b 100644 --- a/configure.ac +++ b/configure.ac -@@ -1818,7 +1818,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", +@@ -1841,7 +1841,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf", AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool]) @@ -25,6 +26,3 @@ index 382ef1d..0570d7c 100644 [The name of the agent socket]) AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.extra", [The name of the agent socket for remote access]) --- -2.15.1 - diff --git a/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch b/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch deleted file mode 100644 index 14698dba7..000000000 --- a/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-12020.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 13f135c7a252cc46cff96e75968d92b6dc8dce1b Mon Sep 17 00:00:00 2001 -From: Werner Koch <wk@gnupg.org> -Date: Fri, 8 Jun 2018 10:45:21 +0200 -Subject: [PATCH] gpg: Sanitize diagnostic with the original file name. - -* g10/mainproc.c (proc_plaintext): Sanitize verbose output. --- - -This fixes a forgotten sanitation of user supplied data in a verbose -mode diagnostic. The mention CVE is about using this to inject -status-fd lines into the stderr output. Other harm good as well be -done. Note that GPGME based applications are not affected because -GPGME does not fold status output into stderr. - -CVE-id: CVE-2018-12020 -GnuPG-bug-id: 4012 - -Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=13f135c7a252cc46cff96e75968d92b6dc8dce1b] - -Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> ---- - g10/mainproc.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/g10/mainproc.c b/g10/mainproc.c -index d2ceec2fd..a9da08f74 100644 ---- a/g10/mainproc.c -+++ b/g10/mainproc.c -@@ -851,7 +851,14 @@ proc_plaintext( CTX c, PACKET *pkt ) - if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8)) - log_info (_("Note: sender requested \"for-your-eyes-only\"\n")); - else if (opt.verbose) -- log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name); -+ { -+ /* We don't use print_utf8_buffer because that would require a -+ * string change which we don't want in 2.2. It is also not -+ * clear whether the filename is always utf-8 encoded. */ -+ char *tmp = make_printable_string (pt->name, pt->namelen, 0); -+ log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp); -+ xfree (tmp); -+ } - - free_md_filter_context (&c->mfx); - if (gcry_md_open (&c->mfx.md, 0, 0)) --- -2.13.3 - diff --git a/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch b/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch deleted file mode 100644 index d4ba1d863..000000000 --- a/poky/meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ce055269c80f6e7c1393c0deec7bc5f0d37895ea Mon Sep 17 00:00:00 2001 -From: Sinan Kaya <okaya@kernel.org> -Date: Sun, 23 Sep 2018 04:05:47 +0000 -Subject: [PATCH] g10: Fix filtering by PK->REQ_USAGE - -Upstream-Status: Backport [https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657] -CVE: CVE-2018-9234 -Signed-off-by: Sinan Kaya <okaya@kernel.org> ---- - g10/getkey.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/g10/getkey.c b/g10/getkey.c -index e31e023..ca2500c 100644 ---- a/g10/getkey.c -+++ b/g10/getkey.c -@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock, - ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16 - : KEYDB_SEARCH_MODE_FPR20; - memcpy (ctx.items[0].u.fpr, fprint, fprint_len); -+ if (pk) -+ ctx.req_usage = pk->req_usage; - rc = lookup (ctrl, &ctx, 0, &kb, &found_key); - if (!rc && pk) - pk_from_block (pk, kb, found_key); --- -2.19.0 - diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.9.bb index 5a3688acf..b7d23b8d3 100644 --- a/poky/meta/recipes-support/gnupg/gnupg_2.2.4.bb +++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.9.bb @@ -14,15 +14,13 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0002-use-pkgconfig-instead-of-npth-config.patch \ file://0003-dirmngr-uses-libgpg-error.patch \ file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ - file://CVE-2018-12020.patch \ - file://CVE-2018-9234.patch \ " SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ file://relocate.patch" -SRC_URI[md5sum] = "709e5af5bba84d251c520222e720972f" -SRC_URI[sha256sum] = "401a3e64780fdfa6d7670de0880aa5c9d589b3db7a7098979d7606cec546f2ec" +SRC_URI[md5sum] = "52c895a81f514a65e08923736c38654a" +SRC_URI[sha256sum] = "6278eaabffa1ebc9fa2ceb3dc53eea9a1505ab02a668a86dd6fec06951af2164" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ |