[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core][dunfell 1/7] gnupg: CVE-2022-34903 possible signature forgery via injection into the statu
From: "Steve Sakoman" <steve () sakoman ! com>
Date: 2022-07-29 15:24:05
Message-ID: 2bf155d59e33972bbb1780e34753199b5a9192a0.1659108121.git.steve () sakoman ! com
[Download RAW message or body]
Content-Transfer-Encoding: 8bit
From: Hitendra Prajapati <hprajapati@mvista.com>
Source: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git
MR: 119424
Type: Security Fix
Disposition: Backport from \
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b
ChangeID: 97de66d6aa74e12cb1bf82fe85ee62e2530fccf6
Description:
CVE-2022-34903 gnupg: possible signature forgery via injection into the status line.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../gnupg/gnupg/CVE-2022-34903.patch | 44 +++++++++++++++++++
meta/recipes-support/gnupg/gnupg_2.2.27.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2022-34903.patch
diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2022-34903.patch \
b/meta/recipes-support/gnupg/gnupg/CVE-2022-34903.patch new file mode 100644
index 0000000000..5992949d35
--- /dev/null
+++ b/meta/recipes-support/gnupg/gnupg/CVE-2022-34903.patch
@@ -0,0 +1,44 @@
+From 2f05fc96b1332caf97176841b1152da3f0aa16a8 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 22 Jul 2022 17:52:36 +0530
+Subject: [PATCH] CVE-2022-34903
+
+Upstream-Status: Backport \
[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b]
+CVE: CVE-2022-34903
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ g10/cpr.c | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+
+diff --git a/g10/cpr.c b/g10/cpr.c
+index d502e8b..bc4b715 100644
+--- a/g10/cpr.c
++++ b/g10/cpr.c
+@@ -328,20 +328,15 @@ write_status_text_and_buffer (int no, const char *string,
+ }
+ first = 0;
+ }
+- for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
++ for (esc=0, s=buffer, n=len; n; s++, n--)
+ {
+ if (*s == '%' || *(const byte*)s <= lower_limit
+ || *(const byte*)s == 127 )
+ esc = 1;
+ if (wrap && ++count > wrap)
+- {
+- dowrap=1;
+- break;
+- }
+- }
+- if (esc)
+- {
+- s--; n++;
++ dowrap=1;
++ if (esc || dowrap)
++ break;
+ }
+ if (s != buffer)
+ es_fwrite (buffer, s-buffer, 1, statusfp);
+--
+2.25.1
+
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.27.bb \
b/meta/recipes-support/gnupg/gnupg_2.2.27.bb index 18bb855769..bd09b02017 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.27.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.27.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0003-dirmngr-uses-libgpg-error.patch \
file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
+ file://CVE-2022-34903.patch \
"
SRC_URI_append_class-native = " \
file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ \
file://relocate.patch"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#168666): https://lists.openembedded.org/g/openembedded-core/message/168666
Mute This Topic: https://lists.openembedded.org/mt/92693151/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic