* [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6
@ 2018-04-17 9:37 Baruch Siach
2018-04-17 9:37 ` [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 Baruch Siach
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Baruch Siach @ 2018-04-17 9:37 UTC (permalink / raw)
To: buildroot
Add upstream patch fixing gpgme_op_verify regression with gnupg2 2.2.6.
https://lists.gnupg.org/pipermail/gnupg-users/2018-April/060230.html
Cc: Philipp Claves <claves@budelmann-elektronik.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
...1-core-Tweak-STATUS_FAILURE-handling.patch | 51 +++++++++++++++++++
1 file changed, 51 insertions(+)
create mode 100644 package/libgpgme/0001-core-Tweak-STATUS_FAILURE-handling.patch
diff --git a/package/libgpgme/0001-core-Tweak-STATUS_FAILURE-handling.patch b/package/libgpgme/0001-core-Tweak-STATUS_FAILURE-handling.patch
new file mode 100644
index 000000000000..ae0e9c549872
--- /dev/null
+++ b/package/libgpgme/0001-core-Tweak-STATUS_FAILURE-handling.patch
@@ -0,0 +1,51 @@
+From b99502274ae5efdf6df0d967900ec3d1e64373d7 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 12 Apr 2018 20:36:30 +0200
+Subject: [PATCH] core: Tweak STATUS_FAILURE handling.
+
+* src/op-support.c (_gpgme_parse_failure): Ignore failures with
+location "gpg-exit".
+* tests/gpg/t-verify.c (main): Adjust for the now working checking of
+the second key.
+
+Signed-off-by: Werner Koch <wk@gnupg.org>
+[baruch: drop test]
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Upstream status: commit b99502274ae
+
+ src/op-support.c | 10 +++++++++-
+ tests/gpg/t-verify.c | 8 +++++---
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/op-support.c b/src/op-support.c
+index 43cb1c760e0d..e55875f904d0 100644
+--- a/src/op-support.c
++++ b/src/op-support.c
+@@ -400,7 +400,13 @@ _gpgme_parse_plaintext (char *args, char **filenamep)
+
+
+ /* Parse a FAILURE status line and return the error code. ARGS is
+- modified to contain the location part. */
++ * modified to contain the location part. Note that for now we ignore
++ * failure codes with a location of gpg-exit; they are too trouble
++ * some. Instead we should eventually record that error in the
++ * context and provide a function to return a fuller error
++ * description; this could then also show the location of the error
++ * (e.g. "option- parser") to make it easier for the user to detect
++ * the actual error. */
+ gpgme_error_t
+ _gpgme_parse_failure (char *args)
+ {
+@@ -418,6 +424,8 @@ _gpgme_parse_failure (char *args)
+ *where = '\0';
+
+ where = args;
++ if (!strcmp (where, "gpg-exit"))
++ return 0;
+
+ return atoi (which);
+ }
+--
+2.17.0
+
--
2.17.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 2018-04-17 9:37 [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Baruch Siach @ 2018-04-17 9:37 ` Baruch Siach 2018-05-01 7:28 ` Peter Korsgaard 2018-04-17 9:37 ` [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29 Baruch Siach ` (2 subsequent siblings) 3 siblings, 1 reply; 7+ messages in thread From: Baruch Siach @ 2018-04-17 9:37 UTC (permalink / raw) To: buildroot Fixes CVE-2018-9234: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys. Remove --disable-doc from configure options. We pass this options to all autotools packages. Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> --- package/gnupg2/gnupg2.hash | 8 ++++---- package/gnupg2/gnupg2.mk | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash index 9cc8e4c9138c..155295244e6c 100644 --- a/package/gnupg2/gnupg2.hash +++ b/package/gnupg2/gnupg2.hash @@ -1,6 +1,6 @@ -# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q1/000420.html -sha1 9dec110397e460b3950943e18f5873a4f277f216 gnupg-2.2.5.tar.bz2 +# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000421.html +sha1 295298debcc2c12f02a2f2fdf04aecb6d6aae396 gnupg-2.2.6.tar.bz2 # Calculated based on the hash above and signature -# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.5.tar.bz2.sig -sha256 3fa189a32d4fb62147874eb1389047c267d9ba088f57ab521cb0df46f08aef57 gnupg-2.2.5.tar.bz2 +# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.6.tar.bz2.sig +sha256 e64d8c5fa2d05938a5080cb784a98ac21be0812f2a26f844b18f0d6a0e711984 gnupg-2.2.6.tar.bz2 sha256 bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357 COPYING diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk index ba5370902f1e..4d84bfbb9ea8 100644 --- a/package/gnupg2/gnupg2.mk +++ b/package/gnupg2/gnupg2.mk @@ -4,7 +4,7 @@ # ################################################################################ -GNUPG2_VERSION = 2.2.5 +GNUPG2_VERSION = 2.2.6 GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2 GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg GNUPG2_LICENSE = GPL-3.0+ @@ -13,7 +13,7 @@ GNUPG2_DEPENDENCIES = zlib libgpg-error libgcrypt libassuan libksba libnpth \ $(if $(BR2_PACKAGE_LIBICONV),libiconv) host-pkgconf GNUPG2_CONF_OPTS = \ - --disable-rpath --disable-regex --disable-doc \ + --disable-rpath --disable-regex \ --with-libgpg-error-prefix=$(STAGING_DIR)/usr \ --with-libgcrypt-prefix=$(STAGING_DIR)/usr \ --with-libassuan-prefix=$(STAGING_DIR)/usr \ -- 2.17.0 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 2018-04-17 9:37 ` [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 Baruch Siach @ 2018-05-01 7:28 ` Peter Korsgaard 0 siblings, 0 replies; 7+ messages in thread From: Peter Korsgaard @ 2018-05-01 7:28 UTC (permalink / raw) To: buildroot >>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes: > Fixes CVE-2018-9234: Unenforced configuration allows for apparently > valid certifications actually signed by signing subkeys. > Remove --disable-doc from configure options. We pass this options to all > autotools packages. > Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com> > Signed-off-by: Baruch Siach <baruch@tkos.co.il> Committed to 2018.02.x, thanks. -- Bye, Peter Korsgaard ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29 2018-04-17 9:37 [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Baruch Siach 2018-04-17 9:37 ` [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 Baruch Siach @ 2018-04-17 9:37 ` Baruch Siach 2018-05-01 7:28 ` Peter Korsgaard 2018-04-25 20:57 ` [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Thomas Petazzoni 2018-05-01 7:28 ` Peter Korsgaard 3 siblings, 1 reply; 7+ messages in thread From: Baruch Siach @ 2018-04-17 9:37 UTC (permalink / raw) To: buildroot Drop upstream patch. Signed-off-by: Baruch Siach <baruch@tkos.co.il> --- ...ion-on-arm64-due-to-invalid-use-of-v.patch | 59 ------------------- package/libgpg-error/libgpg-error.hash | 4 +- package/libgpg-error/libgpg-error.mk | 2 +- 3 files changed, 3 insertions(+), 62 deletions(-) delete mode 100644 package/libgpg-error/0001-core-Fix-regression-on-arm64-due-to-invalid-use-of-v.patch diff --git a/package/libgpg-error/0001-core-Fix-regression-on-arm64-due-to-invalid-use-of-v.patch b/package/libgpg-error/0001-core-Fix-regression-on-arm64-due-to-invalid-use-of-v.patch deleted file mode 100644 index a37337a0902d..000000000000 --- a/package/libgpg-error/0001-core-Fix-regression-on-arm64-due-to-invalid-use-of-v.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 791177de023574223eddf7288eb7c5a0721ac623 Mon Sep 17 00:00:00 2001 -From: Werner Koch <wk@gnupg.org> -Date: Sun, 18 Mar 2018 17:39:43 +0100 -Subject: [PATCH] core: Fix regression on arm64 due to invalid use of va_list. - -* src/logging.c (_gpgrt_log_printhex): Provide a dummy arg instead of -NULL. --- - -Fix -Suggested-by: Jakub Wilk <jwilk@jwilk.net> - -Signed-off-by: Werner Koch <wk@gnupg.org> -Signed-off-by: Baruch Siach <baruch@tkos.co.il> ---- -Upstream status: commit 791177de023 - - src/logging.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/src/logging.c b/src/logging.c -index 1a4f6203d16d..d01f974e4545 100644 ---- a/src/logging.c -+++ b/src/logging.c -@@ -1090,9 +1090,10 @@ _gpgrt_log_flush (void) - - - /* Print a hexdump of (BUFFER,LENGTH). With FMT passed as NULL print -- * just the raw dump, with FMT being an empty string, print a trailing -- * linefeed, otherwise print an entire debug line with the expanded -- * FMT followed by a possible wrapped hexdump and a final LF. */ -+ * just the raw dump (in this case ARG_PTR is not used), with FMT -+ * being an empty string, print a trailing linefeed, otherwise print -+ * an entire debug line with the expanded FMT followed by a possible -+ * wrapped hexdump and a final LF. */ - void - _gpgrt_logv_printhex (const void *buffer, size_t length, - const char *fmt, va_list arg_ptr) -@@ -1150,7 +1151,16 @@ _gpgrt_log_printhex (const void *buffer, size_t length, - va_end (arg_ptr); - } - else -- _gpgrt_logv_printhex (buffer, length, NULL, NULL); -+ { -+ /* va_list is not necessary a pointer and thus we can't use NULL -+ * because that would conflict with platforms using a straight -+ * struct for it (e.g. arm64). We use a dummy variable instead; -+ * the static is a simple way zero it out so to not get -+ * complains about uninitialized use. */ -+ static va_list dummy_argptr; -+ -+ _gpgrt_logv_printhex (buffer, length, NULL, dummy_argptr); -+ } - } - - --- -2.16.2 - diff --git a/package/libgpg-error/libgpg-error.hash b/package/libgpg-error/libgpg-error.hash index fd08aa54d898..0e6304de6677 100644 --- a/package/libgpg-error/libgpg-error.hash +++ b/package/libgpg-error/libgpg-error.hash @@ -1,6 +1,6 @@ # Locally calculated after checking pgp signature -# https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.28.tar.bz2.sig -sha256 3edb957744905412f30de3e25da18682cbe509541e18cd3b8f9df695a075da49 libgpg-error-1.28.tar.bz2 +# https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.29.tar.bz2.sig +sha256 ece926fa5719d17a7ad8da618712cfa2f8a796ab2f2af9d544c5bb093383b1ea libgpg-error-1.29.tar.bz2 # Locally calculated sha256 231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c COPYING sha256 a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861 COPYING.LIB diff --git a/package/libgpg-error/libgpg-error.mk b/package/libgpg-error/libgpg-error.mk index f70420355603..862cb44eefed 100644 --- a/package/libgpg-error/libgpg-error.mk +++ b/package/libgpg-error/libgpg-error.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBGPG_ERROR_VERSION = 1.28 +LIBGPG_ERROR_VERSION = 1.29 LIBGPG_ERROR_SITE = https://www.gnupg.org/ftp/gcrypt/libgpg-error LIBGPG_ERROR_SOURCE = libgpg-error-$(LIBGPG_ERROR_VERSION).tar.bz2 LIBGPG_ERROR_LICENSE = GPL-2.0+, LGPL-2.1+ -- 2.17.0 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29 2018-04-17 9:37 ` [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29 Baruch Siach @ 2018-05-01 7:28 ` Peter Korsgaard 0 siblings, 0 replies; 7+ messages in thread From: Peter Korsgaard @ 2018-05-01 7:28 UTC (permalink / raw) To: buildroot >>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes: > Drop upstream patch. > Signed-off-by: Baruch Siach <baruch@tkos.co.il> Committed to 2018.02.x, thanks. -- Bye, Peter Korsgaard ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 2018-04-17 9:37 [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Baruch Siach 2018-04-17 9:37 ` [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 Baruch Siach 2018-04-17 9:37 ` [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29 Baruch Siach @ 2018-04-25 20:57 ` Thomas Petazzoni 2018-05-01 7:28 ` Peter Korsgaard 3 siblings, 0 replies; 7+ messages in thread From: Thomas Petazzoni @ 2018-04-25 20:57 UTC (permalink / raw) To: buildroot Hello, On Tue, 17 Apr 2018 12:37:11 +0300, Baruch Siach wrote: > Add upstream patch fixing gpgme_op_verify regression with gnupg2 2.2.6. > > https://lists.gnupg.org/pipermail/gnupg-users/2018-April/060230.html > > Cc: Philipp Claves <claves@budelmann-elektronik.com> > Signed-off-by: Baruch Siach <baruch@tkos.co.il> > --- > ...1-core-Tweak-STATUS_FAILURE-handling.patch | 51 +++++++++++++++++++ > 1 file changed, 51 insertions(+) > create mode 100644 package/libgpgme/0001-core-Tweak-STATUS_FAILURE-handling.patch Series applied. Thanks! Thomas -- Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons) Embedded Linux and Kernel engineering https://bootlin.com ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 2018-04-17 9:37 [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Baruch Siach ` (2 preceding siblings ...) 2018-04-25 20:57 ` [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Thomas Petazzoni @ 2018-05-01 7:28 ` Peter Korsgaard 3 siblings, 0 replies; 7+ messages in thread From: Peter Korsgaard @ 2018-05-01 7:28 UTC (permalink / raw) To: buildroot >>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes: > Add upstream patch fixing gpgme_op_verify regression with gnupg2 2.2.6. > https://lists.gnupg.org/pipermail/gnupg-users/2018-April/060230.html > Cc: Philipp Claves <claves@budelmann-elektronik.com> > Signed-off-by: Baruch Siach <baruch@tkos.co.il> Committed to 2018.02.x, thanks. -- Bye, Peter Korsgaard ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-05-01 7:28 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-04-17 9:37 [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Baruch Siach 2018-04-17 9:37 ` [Buildroot] [PATCH 2/3] gnupg2: security bump to version 2.2.6 Baruch Siach 2018-05-01 7:28 ` Peter Korsgaard 2018-04-17 9:37 ` [Buildroot] [PATCH 3/3] libgpg-error: bump to version 1.29 Baruch Siach 2018-05-01 7:28 ` Peter Korsgaard 2018-04-25 20:57 ` [Buildroot] [PATCH 1/3] libgpgme: fix run-time compatibility with gnupg2 2.2.6 Thomas Petazzoni 2018-05-01 7:28 ` Peter Korsgaard
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox