mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 01:19:52 +00:00
Code Issues Projects Releases Wiki Activity

gnupg: CVE-2018-9234

Browse Source 
* CVE-2018-9234
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key
certification requires an offline master Certify key, which results
in apparently valid certifications that occurred only with access to
a signing subkey.

Affects gnupg <= 2.2.5

CVE: CVE-2018-9234
Ref: https://access.redhat.com/security/cve/cve-2018-9234
(From OE-Core rev: af920831ed1ef607db195372f135cc56e9f53b41)

Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Sinan Kaya
2018-09-24 16:08:07 +00:00
committed by Richard Purdie
parent 5315ebeded
commit c8a29e6c81
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch
+28
View File
@@ -0,0 +1,28 @@
From ce055269c80f6e7c1393c0deec7bc5f0d37895ea Mon Sep 17 00:00:00 2001
From: Sinan Kaya <okaya@kernel.org>
Date: Sun, 23 Sep 2018 04:05:47 +0000
Subject: [PATCH] g10: Fix filtering by PK->REQ_USAGE
Upstream-Status: Backport [https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657]
CVE: CVE-2018-9234
Signed-off-by: Sinan Kaya <okaya@kernel.org>
---
g10/getkey.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/g10/getkey.c b/g10/getkey.c
index e31e023..ca2500c 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
: KEYDB_SEARCH_MODE_FPR20;
memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
+ if (pk)
+ ctx.req_usage = pk->req_usage;
rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
if (!rc && pk)
pk_from_block (pk, kb, found_key);
--
2.19.0
meta/recipes-support/gnupg/gnupg_2.2.4.bb
+1
View File
@@ -15,6 +15,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0003-dirmngr-uses-libgpg-error.patch \ file://0003-dirmngr-uses-libgpg-error.patch \
file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \ file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
file://CVE-2018-12020.patch \ file://CVE-2018-12020.patch \
file://CVE-2018-9234.patch \
" "
SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch" SRC_URI_append_class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"