All of lore.kernel.org
 help / color / mirror / Atom feed
* [wrynose][PATCH 0/2] gnupg update and fix outstanding CVE
@ 2026-06-30 13:03 Roland Kovacs
  2026-06-30 13:03 ` [wrynose][PATCH 1/2] gnupg: Upgrade 2.5.17 -> 2.5.20 Roland Kovacs
  2026-06-30 13:03 ` [wrynose][PATCH 2/2] gnupg: fix CVE-2026-57062 Roland Kovacs
  0 siblings, 2 replies; 6+ messages in thread
From: Roland Kovacs @ 2026-06-30 13:03 UTC (permalink / raw)
  To: openembedded-core

In order to squash multiple smaller bugs, bump from version 2.5.17->2.5.20,
however that does not resolve CVE-2026-57062, so it is backported from gnupg
master.

Roland Kovacs (2):
  gnupg: Upgrade 2.5.17 -> 2.5.20
  gnupg: fix CVE-2026-57062

 .../gnupg/gnupg/CVE-2026-57062.patch          | 43 +++++++++++++++++++
 .../{gnupg_2.5.17.bb => gnupg_2.5.20.bb}      |  4 +-
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch
 rename meta/recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} (94%)

-- 
2.34.1



^ permalink raw reply	[flat|nested] 6+ messages in thread

* [wrynose][PATCH 1/2] gnupg: Upgrade 2.5.17 -> 2.5.20
  2026-06-30 13:03 [wrynose][PATCH 0/2] gnupg update and fix outstanding CVE Roland Kovacs
@ 2026-06-30 13:03 ` Roland Kovacs
  2026-06-30 13:19   ` [OE-core] " Yoann Congal
  2026-06-30 13:03 ` [wrynose][PATCH 2/2] gnupg: fix CVE-2026-57062 Roland Kovacs
  1 sibling, 1 reply; 6+ messages in thread
From: Roland Kovacs @ 2026-06-30 13:03 UTC (permalink / raw)
  To: openembedded-core

Bug fixes included in this release:
   - gpg: Fix wrong assertion failure which could very rarely occur
     during key signature checking.  [rG693f5642f6]
   - gpg: Consider certify-only keys for revocation signature check.
     [T8196]
   - gpgsm: Fix possible double free in the CMS parser.  [T8240]
   - gpgsm: Fix possible too early removal of ephemeral keys.  [T8236]
   - gpgsm: Avoid emitting a final FAILURE status line if --status-fd
     is not used.  [rG69c27fe377]
   - gpgsm: Fix a regression in 2.5.19 for password encrypted GCM
     data.  [rG60a823c97b]
   - agent: Fix not using cache for pinentry loopback.  [rGd4b608a31f]
   - agent: Fix command PUT_SECRET by saving input line.  [rG1875bc185e]
   - keyboxd: Mark keys searched but not imported via LDAP correctly
     as ephemeral.  [T8048]
   - scdaemon: Avoid buffer overflow with SC-HSM cards providing RSA
     keys > 2k.  [T8244]
   - dirmngr: Fix uninitialized use of the dns_any union in
     dns_rr_cmp.  [T8251]
 Release-info: https://dev.gnupg.org/T7997

Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
---
 .../recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 rename meta/recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} (95%)

diff --git a/meta/recipes-support/gnupg/gnupg_2.5.17.bb b/meta/recipes-support/gnupg/gnupg_2.5.20.bb
similarity index 95%
rename from meta/recipes-support/gnupg/gnupg_2.5.17.bb
rename to meta/recipes-support/gnupg/gnupg_2.5.20.bb
index fd6588769c..a1a50e2384 100644
--- a/meta/recipes-support/gnupg/gnupg_2.5.17.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.5.20.bb
@@ -16,6 +16,7 @@ inherit autotools gettext texinfo pkgconfig upstream-version-is-even
 require drop-unknown-suffix.inc
 
 UPSTREAM_CHECK_URI = "https://gnupg.org/ftp/gcrypt/gnupg/"
+SRCREV = "343d0cb8910441aa44c56ce8673a78e137040c87"
 SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://0002-use-pkgconfig-instead-of-npth-config.patch \
            file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
@@ -24,7 +25,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-
                                 file://relocate.patch"
 SRC_URI:append:class-nativesdk = " file://relocate.patch"
 
-SRC_URI[sha256sum] = "2c1fbe20e2958fd8fb53cf37d7c38e84a900edc0d561a1c4af4bc3a10888685d"
+SRC_URI[sha256sum] = "6461266e99c308419a379abe6c356d54c214136c4589bd65951091138989ffc6"
 
 EXTRA_OECONF = "--disable-ldap \
 		--disable-ccid-driver \
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [wrynose][PATCH 2/2] gnupg: fix CVE-2026-57062
  2026-06-30 13:03 [wrynose][PATCH 0/2] gnupg update and fix outstanding CVE Roland Kovacs
  2026-06-30 13:03 ` [wrynose][PATCH 1/2] gnupg: Upgrade 2.5.17 -> 2.5.20 Roland Kovacs
@ 2026-06-30 13:03 ` Roland Kovacs
  1 sibling, 0 replies; 6+ messages in thread
From: Roland Kovacs @ 2026-06-30 13:03 UTC (permalink / raw)
  To: openembedded-core

CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20
mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be
12 bytes but 4 bytes is accepted.

Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
---
 .../gnupg/gnupg/CVE-2026-57062.patch          | 43 +++++++++++++++++++
 meta/recipes-support/gnupg/gnupg_2.5.20.bb    |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch

diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch b/meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch
new file mode 100644
index 0000000000..f298b6e9a8
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch
@@ -0,0 +1,43 @@
+From d586f50ee849c8cbeaea47b50c64446c1becbf9b Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 18 Jun 2026 10:51:34 +0200
+Subject: [PATCH] gpgsm: Require a minimum tag length for GCM decryption.
+
+* sm/decrypt.c (gpgsm_decrypt): Require a minimum authtaglen.
+--
+
+Reported-by: Thai Duong <thai@calif.io>
+This is similar to OpenSSL's
+CVE-id: CVE-2026-34182
+
+CVE: CVE-2026-57062
+Upstream-Status: Backport [https://github.com/gpg/gnupg/commit/4c7e68cf3d335328821bdbb70db309a60d0e4fd4]
+
+Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
+---
+ sm/decrypt.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/sm/decrypt.c b/sm/decrypt.c
+index 20fb96060..92a33c6e6 100644
+--- a/sm/decrypt.c
++++ b/sm/decrypt.c
+@@ -1447,7 +1447,14 @@ gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, estream_t out_fp)
+                 }
+               if (DBG_CRYPTO)
+                 log_printhex (authtag, authtaglen, "Authtag ...:");
+-              rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen);
++              if (authtaglen < 12)
++                {
++                  log_info ("authentication tag is too short (%zu octets)\n",
++                            authtaglen);
++                  rc = gpg_error (GPG_ERR_CHECKSUM);
++                }
++              else
++                rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen);
+               xfree (authtag);
+               if (rc)
+                 log_error ("data is not authentic: %s\n", gpg_strerror (rc));
+-- 
+2.34.1
+
diff --git a/meta/recipes-support/gnupg/gnupg_2.5.20.bb b/meta/recipes-support/gnupg/gnupg_2.5.20.bb
index a1a50e2384..e373265c48 100644
--- a/meta/recipes-support/gnupg/gnupg_2.5.20.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.5.20.bb
@@ -20,6 +20,7 @@ SRCREV = "343d0cb8910441aa44c56ce8673a78e137040c87"
 SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://0002-use-pkgconfig-instead-of-npth-config.patch \
            file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
+           file://CVE-2026-57062.patch \
            "
 SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
                                 file://relocate.patch"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [OE-core] [wrynose][PATCH 1/2] gnupg: Upgrade 2.5.17 -> 2.5.20
  2026-06-30 13:03 ` [wrynose][PATCH 1/2] gnupg: Upgrade 2.5.17 -> 2.5.20 Roland Kovacs
@ 2026-06-30 13:19   ` Yoann Congal
  2026-07-01  6:51     ` Roland Kovács
  0 siblings, 1 reply; 6+ messages in thread
From: Yoann Congal @ 2026-06-30 13:19 UTC (permalink / raw)
  To: roland.kovacs, openembedded-core

On Tue Jun 30, 2026 at 3:03 PM CEST, Roland Kovács via lists.openembedded.org wrote:
> Bug fixes included in this release:
>    - gpg: Fix wrong assertion failure which could very rarely occur
>      during key signature checking.  [rG693f5642f6]
>    - gpg: Consider certify-only keys for revocation signature check.
>      [T8196]
>    - gpgsm: Fix possible double free in the CMS parser.  [T8240]
>    - gpgsm: Fix possible too early removal of ephemeral keys.  [T8236]
>    - gpgsm: Avoid emitting a final FAILURE status line if --status-fd
>      is not used.  [rG69c27fe377]
>    - gpgsm: Fix a regression in 2.5.19 for password encrypted GCM
>      data.  [rG60a823c97b]
>    - agent: Fix not using cache for pinentry loopback.  [rGd4b608a31f]
>    - agent: Fix command PUT_SECRET by saving input line.  [rG1875bc185e]
>    - keyboxd: Mark keys searched but not imported via LDAP correctly
>      as ephemeral.  [T8048]
>    - scdaemon: Avoid buffer overflow with SC-HSM cards providing RSA
>      keys > 2k.  [T8244]
>    - dirmngr: Fix uninitialized use of the dns_any union in
>      dns_rr_cmp.  [T8251]
>  Release-info: https://dev.gnupg.org/T7997
>
> Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>

Sorry but that URL also contains:
| New and extended features:
|  gpgsm: Implement GCM encryption. Note that decryption works since
|         version 2.3.2. [T3979]
|  gpgsm: New option --attribute and server command SETATTR to include
|         arbitrary signed or unsigned attributes into a signature.
|         Enabled only with libksba 1.7.0 or later. [T4537]
|  gpgsm: Introduce system attribute _signingCertificateV2. [rG0335a9cb04]
... which are new features, and thus, that upgrade is not acceptable for
stable branches.

> ---
>  .../recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>  rename meta/recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} (95%)
>
> diff --git a/meta/recipes-support/gnupg/gnupg_2.5.17.bb b/meta/recipes-support/gnupg/gnupg_2.5.20.bb
> similarity index 95%
> rename from meta/recipes-support/gnupg/gnupg_2.5.17.bb
> rename to meta/recipes-support/gnupg/gnupg_2.5.20.bb
> index fd6588769c..a1a50e2384 100644
> --- a/meta/recipes-support/gnupg/gnupg_2.5.17.bb
> +++ b/meta/recipes-support/gnupg/gnupg_2.5.20.bb
> @@ -16,6 +16,7 @@ inherit autotools gettext texinfo pkgconfig upstream-version-is-even
>  require drop-unknown-suffix.inc
>  
>  UPSTREAM_CHECK_URI = "https://gnupg.org/ftp/gcrypt/gnupg/"
> +SRCREV = "343d0cb8910441aa44c56ce8673a78e137040c87"
>  SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
>             file://0002-use-pkgconfig-instead-of-npth-config.patch \
>             file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
> @@ -24,7 +25,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-
>                                  file://relocate.patch"
>  SRC_URI:append:class-nativesdk = " file://relocate.patch"
>  
> -SRC_URI[sha256sum] = "2c1fbe20e2958fd8fb53cf37d7c38e84a900edc0d561a1c4af4bc3a10888685d"
> +SRC_URI[sha256sum] = "6461266e99c308419a379abe6c356d54c214136c4589bd65951091138989ffc6"
>  
>  EXTRA_OECONF = "--disable-ldap \
>  		--disable-ccid-driver \


-- 
Yoann Congal
Smile ECS



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [OE-core] [wrynose][PATCH 1/2] gnupg: Upgrade 2.5.17 -> 2.5.20
  2026-06-30 13:19   ` [OE-core] " Yoann Congal
@ 2026-07-01  6:51     ` Roland Kovács
  2026-07-01  7:48       ` Yoann Congal
  0 siblings, 1 reply; 6+ messages in thread
From: Roland Kovács @ 2026-07-01  6:51 UTC (permalink / raw)
  To: openembedded-core@lists.openembedded.org, yoann.congal@smile.fr

On Tue, 2026-06-30 at 15:19 +0200, Yoann Congal wrote:
> On Tue Jun 30, 2026 at 3:03 PM CEST, Roland Kovács via lists.openembedded.org wrote:
> > Bug fixes included in this release:
> >    - gpg: Fix wrong assertion failure which could very rarely occur
> >      during key signature checking.  [rG693f5642f6]
> >    - gpg: Consider certify-only keys for revocation signature check.
> >      [T8196]
> >    - gpgsm: Fix possible double free in the CMS parser.  [T8240]
> >    - gpgsm: Fix possible too early removal of ephemeral keys.  [T8236]
> >    - gpgsm: Avoid emitting a final FAILURE status line if --status-fd
> >      is not used.  [rG69c27fe377]
> >    - gpgsm: Fix a regression in 2.5.19 for password encrypted GCM
> >      data.  [rG60a823c97b]
> >    - agent: Fix not using cache for pinentry loopback.  [rGd4b608a31f]
> >    - agent: Fix command PUT_SECRET by saving input line.  [rG1875bc185e]
> >    - keyboxd: Mark keys searched but not imported via LDAP correctly
> >      as ephemeral.  [T8048]
> >    - scdaemon: Avoid buffer overflow with SC-HSM cards providing RSA
> >      keys > 2k.  [T8244]
> >    - dirmngr: Fix uninitialized use of the dns_any union in
> >      dns_rr_cmp.  [T8251]
> >  Release-info: https://dev.gnupg.org/T7997
> > 
> > Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
> 
> Sorry but that URL also contains:
> > New and extended features:
> >  gpgsm: Implement GCM encryption. Note that decryption works since
> >         version 2.3.2. [T3979]
> >  gpgsm: New option --attribute and server command SETATTR to include
> >         arbitrary signed or unsigned attributes into a signature.
> >         Enabled only with libksba 1.7.0 or later. [T4537]
> >  gpgsm: Introduce system attribute _signingCertificateV2. [rG0335a9cb04]
> ... which are new features, and thus, that upgrade is not acceptable for
> stable branches.
> 
Understood. Just for clarification, only bug fix release is accepted for stable branch, even if
there's no backwards incompatible change?

I'll remove the recipe update and only keep the CVE fix in V2.

> > ---
> >  .../recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >  rename meta/recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} (95%)
> > 
> > diff --git a/meta/recipes-support/gnupg/gnupg_2.5.17.bb b/meta/recipes-
> > support/gnupg/gnupg_2.5.20.bb
> > similarity index 95%
> > rename from meta/recipes-support/gnupg/gnupg_2.5.17.bb
> > rename to meta/recipes-support/gnupg/gnupg_2.5.20.bb
> > index fd6588769c..a1a50e2384 100644
> > --- a/meta/recipes-support/gnupg/gnupg_2.5.17.bb
> > +++ b/meta/recipes-support/gnupg/gnupg_2.5.20.bb
> > @@ -16,6 +16,7 @@ inherit autotools gettext texinfo pkgconfig upstream-version-is-even
> >  require drop-unknown-suffix.inc
> >  
> >  UPSTREAM_CHECK_URI = "https://gnupg.org/ftp/gcrypt/gnupg/"
> > +SRCREV = "343d0cb8910441aa44c56ce8673a78e137040c87"
> >  SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
> >             file://0002-use-pkgconfig-instead-of-npth-config.patch \
> >             file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
> > @@ -24,7 +25,7 @@ SRC_URI:append:class-native = "
> > file://0001-configure.ac-use-a-custom-value-for-
> >                                  file://relocate.patch"
> >  SRC_URI:append:class-nativesdk = " file://relocate.patch"
> >  
> > -SRC_URI[sha256sum] = "2c1fbe20e2958fd8fb53cf37d7c38e84a900edc0d561a1c4af4bc3a10888685d"
> > +SRC_URI[sha256sum] = "6461266e99c308419a379abe6c356d54c214136c4589bd65951091138989ffc6"
> >  
> >  EXTRA_OECONF = "--disable-ldap \
> >  		--disable-ccid-driver \
> 

Cheers,
	Roland

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [OE-core] [wrynose][PATCH 1/2] gnupg: Upgrade 2.5.17 -> 2.5.20
  2026-07-01  6:51     ` Roland Kovács
@ 2026-07-01  7:48       ` Yoann Congal
  0 siblings, 0 replies; 6+ messages in thread
From: Yoann Congal @ 2026-07-01  7:48 UTC (permalink / raw)
  To: Roland Kovács; +Cc: Patches and discussions about the oe-core layer

[-- Attachment #1: Type: text/plain, Size: 4147 bytes --]

Le mer. 1 juil. 2026, 08:51, Roland Kovács <roland.kovacs@est.tech> a
écrit :

> On Tue, 2026-06-30 at 15:19 +0200, Yoann Congal wrote:
> > On Tue Jun 30, 2026 at 3:03 PM CEST, Roland Kovács via
> lists.openembedded.org wrote:
> > > Bug fixes included in this release:
> > >    - gpg: Fix wrong assertion failure which could very rarely occur
> > >      during key signature checking.  [rG693f5642f6]
> > >    - gpg: Consider certify-only keys for revocation signature check.
> > >      [T8196]
> > >    - gpgsm: Fix possible double free in the CMS parser.  [T8240]
> > >    - gpgsm: Fix possible too early removal of ephemeral keys.  [T8236]
> > >    - gpgsm: Avoid emitting a final FAILURE status line if --status-fd
> > >      is not used.  [rG69c27fe377]
> > >    - gpgsm: Fix a regression in 2.5.19 for password encrypted GCM
> > >      data.  [rG60a823c97b]
> > >    - agent: Fix not using cache for pinentry loopback.  [rGd4b608a31f]
> > >    - agent: Fix command PUT_SECRET by saving input line.
> [rG1875bc185e]
> > >    - keyboxd: Mark keys searched but not imported via LDAP correctly
> > >      as ephemeral.  [T8048]
> > >    - scdaemon: Avoid buffer overflow with SC-HSM cards providing RSA
> > >      keys > 2k.  [T8244]
> > >    - dirmngr: Fix uninitialized use of the dns_any union in
> > >      dns_rr_cmp.  [T8251]
> > >  Release-info: https://dev.gnupg.org/T7997
> > >
> > > Signed-off-by: Roland Kovacs <roland.kovacs@est.tech>
> >
> > Sorry but that URL also contains:
> > > New and extended features:
> > >  gpgsm: Implement GCM encryption. Note that decryption works since
> > >         version 2.3.2. [T3979]
> > >  gpgsm: New option --attribute and server command SETATTR to include
> > >         arbitrary signed or unsigned attributes into a signature.
> > >         Enabled only with libksba 1.7.0 or later. [T4537]
> > >  gpgsm: Introduce system attribute _signingCertificateV2.
> [rG0335a9cb04]
> > ... which are new features, and thus, that upgrade is not acceptable for
> > stable branches.
> >
> Understood. Just for clarification, only bug fix release is accepted for
> stable branch, even if
> there's no backwards incompatible change?
>

Yes, that's right. No new features, no enhancement, only bug/security fixes.


> I'll remove the recipe update and only keep the CVE fix in V2.
>

Sounds good, thanks!

>



> > > ---
> > >  .../recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} | 3
> ++-
> > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > >  rename meta/recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb}
> (95%)
> > >
> > > diff --git a/meta/recipes-support/gnupg/gnupg_2.5.17.bb
> b/meta/recipes-
> > > support/gnupg/gnupg_2.5.20.bb
> > > similarity index 95%
> > > rename from meta/recipes-support/gnupg/gnupg_2.5.17.bb
> > > rename to meta/recipes-support/gnupg/gnupg_2.5.20.bb
> > > index fd6588769c..a1a50e2384 100644
> > > --- a/meta/recipes-support/gnupg/gnupg_2.5.17.bb
> > > +++ b/meta/recipes-support/gnupg/gnupg_2.5.20.bb
> > > @@ -16,6 +16,7 @@ inherit autotools gettext texinfo pkgconfig
> upstream-version-is-even
> > >  require drop-unknown-suffix.inc
> > >
> > >  UPSTREAM_CHECK_URI = "https://gnupg.org/ftp/gcrypt/gnupg/"
> > > +SRCREV = "343d0cb8910441aa44c56ce8673a78e137040c87"
> > >  SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
> > >             file://0002-use-pkgconfig-instead-of-npth-config.patch \
> > >             file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
> > > @@ -24,7 +25,7 @@ SRC_URI:append:class-native = "
> > > file://0001-configure.ac-use-a-custom-value-for-
> > >                                  file://relocate.patch"
> > >  SRC_URI:append:class-nativesdk = " file://relocate.patch"
> > >
> > > -SRC_URI[sha256sum] =
> "2c1fbe20e2958fd8fb53cf37d7c38e84a900edc0d561a1c4af4bc3a10888685d"
> > > +SRC_URI[sha256sum] =
> "6461266e99c308419a379abe6c356d54c214136c4589bd65951091138989ffc6"
> > >
> > >  EXTRA_OECONF = "--disable-ldap \
> > >             --disable-ccid-driver \
> >
>
> Cheers,
>         Roland
>

[-- Attachment #2: Type: text/html, Size: 7084 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2026-07-01  7:48 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-30 13:03 [wrynose][PATCH 0/2] gnupg update and fix outstanding CVE Roland Kovacs
2026-06-30 13:03 ` [wrynose][PATCH 1/2] gnupg: Upgrade 2.5.17 -> 2.5.20 Roland Kovacs
2026-06-30 13:19   ` [OE-core] " Yoann Congal
2026-07-01  6:51     ` Roland Kovács
2026-07-01  7:48       ` Yoann Congal
2026-06-30 13:03 ` [wrynose][PATCH 2/2] gnupg: fix CVE-2026-57062 Roland Kovacs

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.