@@ -1,4 +1,4 @@
-From e3adc816d2d56dd929016073937ba24e01e03cb8 Mon Sep 17 00:00:00 2001
+From f72e8441932e94b72eced585b70e679062822bff Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Thu, 20 Dec 2018 17:37:48 -0800
Subject: [PATCH] Woverride-init is not needed with gcc 9
@@ -17,7 +17,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dirmngr/dns.h b/dirmngr/dns.h
-index 024d6dcc8..c6e141e16 100644
+index 1f647e1..334acb6 100644
--- a/dirmngr/dns.h
+++ b/dirmngr/dns.h
@@ -139,7 +139,7 @@ DNS_PUBLIC int *dns_debug_p(void);
@@ -29,6 +29,3 @@ index 024d6dcc8..c6e141e16 100644
#define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push")
#define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"")
#define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop")
-2.17.1
-
@@ -1,4 +1,4 @@
-From 6b581c43bd01f815db78a410fd3814fc5994171e Mon Sep 17 00:00:00 2001
+From e1ca1300720386aecf845aa9095e142a47c21e18 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 22 Jan 2018 18:00:21 +0200
Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -8,13 +8,12 @@ This should avoid clashes with the host gpg-agent observed on autobuilders.
Upstream-Status: Inappropriate [oe-core specific, and only for -native]
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
-
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 26d7f7b..e953c2e 100644
+index 94bc805..503979e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1921,7 +1921,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
@@ -1,4 +1,4 @@
-From d9048788d906774b1475c3bb1b17e22455c2add4 Mon Sep 17 00:00:00 2001
+From ea7295ea8b42a7d378c33679d07e100b7d487dfb Mon Sep 17 00:00:00 2001
From: Saul Wold <sgw@linux.intel.com>
Date: Wed, 16 Aug 2017 11:16:30 +0800
Subject: [PATCH] use pkgconfig instead of npth config
@@ -9,7 +9,6 @@ Signed-off-by: Saul Wold <sgw@linux.intel.com>
Rebase to 2.1.23
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-
---
m4/npth.m4 | 53 ++++++++---------------------------------------------
1 file changed, 8 insertions(+), 45 deletions(-)
@@ -1,4 +1,4 @@
-From 6a7f9b71d936847dcaeeac7d1b69d8299be4dd85 Mon Sep 17 00:00:00 2001
+From f273088de04ffdc38563a81bad7e97a143aee438 Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Wed, 16 Aug 2017 11:23:22 +0800
Subject: [PATCH] autogen.sh: fix find-version for beta checking
@@ -13,7 +13,6 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Rebase to 2.1.23
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-
---
autogen.sh | 1 -
1 file changed, 1 deletion(-)
deleted file mode 100644
@@ -1,108 +0,0 @@
-From 4ecc5122f20e10c17172ed72f4fa46c784b5fb48 Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Thu, 23 Oct 2025 11:36:04 +0200
-Subject: [PATCH] gpg: Fix possible memory corruption in the armor parser.
-
-* g10/armor.c (armor_filter): Fix faulty double increment.
-
-* common/iobuf.c (underflow_target): Assert that the filter
-implementations behave well.
---
-
-This fixes a bug in a code path which can only be reached with special
-crafted input data and would then error out at an upper layer due to
-corrupt input (every second byte in the buffer is unitialized
-garbage). No fuzzing has yet hit this case and we don't have a test
-case for this code path. However memory corruption can never be
-tolerated as it always has the protential for remode code execution.
-
-Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
-Fixes-commit: c27c7416d5148865a513e007fb6f0a34993a6073
-which fixed
-Fixes-commit: 7d0efec7cf5ae110c99511abc32587ff0c45b14f
-Backported-from-master: 115d138ba599328005c5321c0ef9f00355838ca9
-
-The bug was introduced on 1999-01-07 by me:
-* armor.c: Rewrote large parts.
-which I fixed on 1999-03-02 but missed to fix the other case:
-* armor.c (armor_filter): Fixed armor bypassing.
-
-Below is base64+gzipped test data which can be used with valgrind to
-show access to uninitalized memory in write(2) in the unpatched code.
-
---8<---------------cut here---------------start------------->8---
-H4sICIDd+WgCA3h4AO3QMQ6CQBCG0djOKbY3G05gscYFSRAJt/AExp6Di0cQG0ze
-a//MV0zOq3Pt+jFN3ZTKfLvP9ZLafqifJUe8juOjeZbVtSkbRPmRgICAgICAgICA
-gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
-gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
-gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
-gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
-gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
-gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
-gICAgICAgICAgICAgICAgICAgICAgICAgMCXF6dYDgAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7E14AAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ94aieId3+8EAA==
---8<---------------cut here---------------end--------------->8---
-
-CVE: CVE-2025-68973
-Upstream-Status: Backport [https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- common/iobuf.c | 8 +++++++-
- g10/armor.c | 4 ++--
- 2 files changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/common/iobuf.c b/common/iobuf.c
-index 748e6935d..2497713c1 100644
---- a/common/iobuf.c
-+++ b/common/iobuf.c
-@@ -2043,6 +2043,8 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
- rc = 0;
- else
- {
-+ size_t tmplen;
-+
- /* If no buffered data and drain buffer has been setup, and drain
- * buffer is largish, read data directly to drain buffer. */
- if (a->d.len == 0
-@@ -2055,8 +2057,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
- log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes, to external drain)\n",
- a->no, a->subno, (ulong)len);
-
-- rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
-+ tmplen = len; /* Used to check for bugs in the filter. */
-+ rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
- a->e_d.buf, &len);
-+ log_assert (len <= tmplen);
- a->e_d.used = len;
- len = 0;
- }
-@@ -2066,8 +2070,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target)
- log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes)\n",
- a->no, a->subno, (ulong)len);
-
-+ tmplen = len; /* Used to check for bugs in the filter. */
- rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
- &a->d.buf[a->d.len], &len);
-+ log_assert (len <= tmplen);
- }
- }
- a->d.len += len;
-diff --git a/g10/armor.c b/g10/armor.c
-index 81af15339..f8cfa86db 100644
---- a/g10/armor.c
-+++ b/g10/armor.c
-@@ -1302,8 +1302,8 @@ armor_filter( void *opaque, int control,
- n = 0;
- if( afx->buffer_len ) {
- /* Copy the data from AFX->BUFFER to BUF. */
-- for(; n < size && afx->buffer_pos < afx->buffer_len; n++ )
-- buf[n++] = afx->buffer[afx->buffer_pos++];
-+ for(; n < size && afx->buffer_pos < afx->buffer_len;)
-+ buf[n++] = afx->buffer[afx->buffer_pos++];
- if( afx->buffer_pos >= afx->buffer_len )
- afx->buffer_len = 0;
- }
@@ -1,4 +1,4 @@
-From c50d0a95fcf8f96c272fadd4ba85f3eeac39fcaf Mon Sep 17 00:00:00 2001
+From 030938bf3cc6265c9b0141aa1bf6da22a0bdb499 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 19 Sep 2018 14:44:40 +0100
Subject: [PATCH] Allow the environment to override where gnupg looks for its
@@ -8,16 +8,15 @@ Upstream-Status: Inappropriate [OE-specific]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
-
---
common/homedir.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/common/homedir.c b/common/homedir.c
-index 6f99f3e..f22aa9e 100644
+index 9fcb90b..fe91dcb 100644
--- a/common/homedir.c
+++ b/common/homedir.c
-@@ -1284,7 +1284,7 @@ gnupg_socketdir (void)
+@@ -1294,7 +1294,7 @@ gnupg_socketdir (void)
if (!name)
{
unsigned int dummy;
@@ -26,7 +25,7 @@ index 6f99f3e..f22aa9e 100644
gpgrt_annotate_leaked_object (name);
}
-@@ -1316,7 +1316,7 @@ gnupg_sysconfdir (void)
+@@ -1326,7 +1326,7 @@ gnupg_sysconfdir (void)
if (dir)
return dir;
else
@@ -35,7 +34,7 @@ index 6f99f3e..f22aa9e 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -1352,7 +1352,7 @@ gnupg_bindir (void)
+@@ -1362,7 +1362,7 @@ gnupg_bindir (void)
return name;
}
else
@@ -44,7 +43,7 @@ index 6f99f3e..f22aa9e 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -1379,7 +1379,7 @@ gnupg_libexecdir (void)
+@@ -1389,7 +1389,7 @@ gnupg_libexecdir (void)
return name;
}
else
@@ -53,7 +52,7 @@ index 6f99f3e..f22aa9e 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -1409,7 +1409,7 @@ gnupg_libdir (void)
+@@ -1419,7 +1419,7 @@ gnupg_libdir (void)
return name;
}
else
@@ -62,7 +61,7 @@ index 6f99f3e..f22aa9e 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -1440,7 +1440,7 @@ gnupg_datadir (void)
+@@ -1450,7 +1450,7 @@ gnupg_datadir (void)
return name;
}
else
@@ -71,7 +70,7 @@ index 6f99f3e..f22aa9e 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -1472,7 +1472,7 @@ gnupg_localedir (void)
+@@ -1482,7 +1482,7 @@ gnupg_localedir (void)
return name;
}
else
similarity index 96%
rename from meta/recipes-support/gnupg/gnupg_2.4.8.bb
rename to meta/recipes-support/gnupg/gnupg_2.4.9.bb
@@ -18,13 +18,13 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0002-use-pkgconfig-instead-of-npth-config.patch \
file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
- file://CVE-2025-68973.patch \
+ file://relocate.patch \
"
SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \
file://relocate.patch"
SRC_URI:append:class-nativesdk = " file://relocate.patch"
-SRC_URI[sha256sum] = "b58c80d79b04d3243ff49c1c3fc6b5f83138eb3784689563bcdd060595318616"
+SRC_URI[sha256sum] = "dd17ab2e9a04fd79d39d853f599cbc852062ddb9ab52a4ddeb4176fd8b302964"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \