From patchwork Tue Jun 30 13:03:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roland Kovacs X-Patchwork-Id: 91409 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0E55C44500 for ; Tue, 30 Jun 2026 13:04:12 +0000 (UTC) Received: from MRWPR03CU001.outbound.protection.outlook.com (MRWPR03CU001.outbound.protection.outlook.com [40.107.130.16]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.20927.1782824643216728830 for ; Tue, 30 Jun 2026 06:04:04 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=I8YaaXxg; spf=pass (domain: est.tech, ip: 40.107.130.16, mailfrom: roland.kovacs@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dJYUpK3YJa4Y2yy6MofRWoJv/KhE71aIlfgCtataWqbqWaSpm5iz9Yn3cL0MH8RhNAx/xQhSHp6IVnalTyqjCWGRB7BX2uhv7FLNayT+Ez4dZJoAZeNs4OxKKGAjrvHZjx29US3PaXWBdzauFatqFJnYiw52u6RpvdlYNAEL9HRpTyARJgnlKO8Vu2Bk19OJK7LmQKrVaxuGRZn6tIqBgQSVStcWb/9LzIow11/p7xpbhXIM9Ndz5FrrAVtNWRSgAr4pQLOUtYG9xlb+tg1VlE6/d4grCtPuS1gOsFaBFRrP6RCeRaExWohKxisFZxymLg4U1FCuyUscPpygVNBFDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3jOGiWaTEvGVa/PCE1u+DThjSlRuGTqt55uOb/vyNqQ=; b=vdEhagCciMOHLtHpjoD2PdA3wLVVrhW/Y7gdAT99hlzRWOdJxDBpJdZ5xdQIl3c2e3Chaw47f0jvwvaUMW/SC1wEp59bnWU1RCjXk4tpqD0zU3TfzjiapmTUCu17Jn4ZL8r0BeCZ8JVZqF4tW/PgjywGT5uqX2AnMdqHg4KkQYt72qxslEE7uvItdIpXN16FN77gnqvt9ySSvED6bi8HFs5uJDnbjtoQrHMOe9iqzFrmfjdzg9CoR//8wNgjhBx4SnoYmjaYBZ8SlIl51yn9bSirJ6gFtBsz+NryMOq1TIlP1obs1s5ee+IRuc74LwrFmjKuk8k7rbg4XCOvRHjALg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3jOGiWaTEvGVa/PCE1u+DThjSlRuGTqt55uOb/vyNqQ=; b=I8YaaXxgNPLIJUEpq5T0FL0zrAYgw3/T6GYfKpKZzHyOyMGzixjTRhzz3gMOISEg0256J+QLTv+5DdJ1OSn3F2pQ8+1bYvkaSrPDy8l6ZnbhL9Fz7sgEAvxidsozCXrsPhir3wuycLK8zRpLqoMb7u61jg8OCghqA+Z68FtapPtjnNwj5b8yf5Kg1gx0vCvjoyJepspsCHTSV/iWZUaM+QZU1RuJpBNr5LIWyo6CH4ppKamUt+As5L0y4hCNAjoMQXg1XRZCI1nk0hH05pNRzZIqjU1ehbdukYLxYb3DFFe8SxBhdmkVL0nPg6xhZHrmEPlTy1L5kCeWsVzjZWli7g== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AM7P189MB0725.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::20) by PAWP189MB2777.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:46a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.19; Tue, 30 Jun 2026 13:04:01 +0000 Received: from AM7P189MB0725.EURP189.PROD.OUTLOOK.COM ([fe80::ab4f:3151:4330:625d]) by AM7P189MB0725.EURP189.PROD.OUTLOOK.COM ([fe80::ab4f:3151:4330:625d%5]) with mapi id 15.21.0181.008; Tue, 30 Jun 2026 13:04:00 +0000 From: Roland Kovacs To: openembedded-core@lists.openembedded.org Subject: [wrynose][PATCH 1/2] gnupg: Upgrade 2.5.17 -> 2.5.20 Date: Tue, 30 Jun 2026 15:03:57 +0200 Message-ID: <20260630130358.71091-2-roland.kovacs@est.tech> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630130358.71091-1-roland.kovacs@est.tech> References: <20260630130358.71091-1-roland.kovacs@est.tech> X-ClientProxiedBy: LO4P123CA0412.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:189::21) To AM7P189MB0725.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7P189MB0725:EE_|PAWP189MB2777:EE_ X-MS-Office365-Filtering-Correlation-Id: ed6f701b-91cf-4f2f-cac2-08ded6a80dbd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|23010399003|376014|22082099003|18002099003|11063799006|56012099006|6133799003|3023799007; X-Microsoft-Antispam-Message-Info: p+1f0sAMzc/oybRFshn0AaqOdzXT34KhIbza74iYuQLsIHjVlWvq+Rsu4uhZMPrVamTUlNMDPpaldA/hsKM3rKzfAEBnGrOVvQyRLrkRdVz7VdNN1pHEEQdXR0+rjKQYGBC11tanuvEI8tpNZajbiGwmAghT+ELVlxlddMGNJxeEKncGYiSRQrlQM57GsdzV9aU/BYDqxf6yPKxi7Gxo7rXNgcvwApsnkC2MPqJhVCrI6T3Wlj/ltg+44jHWGS2H+i9BGVyq/4Tiyaue1KvlroQmK/gPja8lZMbnlELab6xyZnZ6vcOfdZF60Cq796O8YIovdF5F+tezygQfWPxxsZDdYdxFKr/EYE++nEb5x21tU5cWASysOHWa39KF9oNQRB1pl23yTj5puILDwia4sicWo+xoTV8Ni/tcdCPCW17Gd/mA5ypcZ5Urdh6OwIKuIep3I/Nk+r4DzFo1aiwkR9HHYpZH0IDBZ8s7wWZAOOI2qRTDXbLSeoZg2qtDML0+/M3ur7AXDq5Jpq4WXubGfIQXGpCUgzhLO5WmQMQrH2CvphxtNwV3DHIF445JsQdhfh23L/UruPHPytFof/6ybFwQWpbhXBj1Nld0iaLlYGCJ/Nj6Vz26IeHSeJ509/4s X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7P189MB0725.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(23010399003)(376014)(22082099003)(18002099003)(11063799006)(56012099006)(6133799003)(3023799007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: OPUrV9B+GxTCeoYxVTXO7yYMbYjZ1u0RV59t0Tzl1N29G5PdGibUh77TSnuuoMq5C3QSrms4pF29VXyPlzvJxZNB49bcX4urtMI7RazEC1m5P0OgVUNkKKOqFCqV3Yxi25j+f3tfQu8AE+J6LVJrO0Ed4MpEMOYAUnFIGokEfhAuS1MjsibrEJajDIbGxgIMzosMr+xjBwh9XurxPk/JEf0O6fVE4RC5RdIUbPFo5wOHg0k0VBRR/1zsYEuFreRBnqh9cCTSwp33jWGCsFGefVWrGHjNqaX8rw1Mddu53itCUdF0+9cUlCZUv+pKk38Pj+5g6DjnqtXI6eksAvFuYHowgjsmhCmdmrO46mOib3BcnHJuRQOfBnDaBJ/tfyUITugDGgJ5uW1466/LqFQSDCFGfkf0HK4u2Xo1PNc+JXKAdg9sTSvRfkrXccpUuRYpYIq0cll3fMG3AQ9y49R0ZNVw1iy75obRpk3teIVWb5638ZTRcZDuTUDW8Ak/sjmv/aaDP56A91oOZGDVij/O55VAxE480FpY73LWIXC8XLXNsQqCtvHPojjKnt6iE57BHDcVS8IYvBreEXyx2Ykq1QqUXvFcltzYTshqhADvHv/QSji5GSZVn66dRo3S7ufxiE5yvDlpl2aM11a+17CFO3ueiRHDMtJb/XS2AyRaycHz06sDzFqFHf8xZdTZC5/UzCvv760mQkm2qsilIhms+upQSBCR0pM187gCrYNCAhKERldaty1vuMPmOW2Ww6NV5b0falI2kH4oLJGah8AAndhSVqBeFzVuGIf5ax9uqP6nB+PklxzXLIykpusiu9iWdw+GJZOeNZFHpuuNYyXQt3pWn9kMeX0qeN7llhGFx6nqSIeyxnEYAKpfXa55TAw/pr1wrg8pRivKW+3S0RqFOFoN82bdgL/Qd4WAoFGUiINeoG1WQQG73MqIBOvVefVF4y61G9v04M+TegIz1WnHp2Lg1xw65scyXqd3fr71g+2WJUFsHquRH3hyk33OoqIF/cgtC94Uxv4dNlxQ4UjfH76r6P8YXhqieKS2HbICoLUZMljUKcSyLuX0CcZ82zx8donsoQqDlSnAJdACyRi9a9+xxDZgL1+BrqZXlghsXU8RDTjumUt2aXfLBV7mBoNTJWBm10tGP8VC/J8gKh9QK8Io8iUk0SbD4BpAk0l9fk/qTcFpWeQBG+Xoc2SBTJFGx5oG5Ca1dY6FeGGur+3XB51DApveEE/ey8H+a+BseztBdhoMi9z6mLC9WSLoR3yzhlZVUgCylsHeUPN4r5xgGgaDWO5hIElc7nBpv8LzBNAWy1jVD59dOhkaFgNkfEzGlhH6wuab3ZSfzqDR5BTuAhJkzyTIoD1BFVBOIff3OEP//tJ+AiIlB53cXHG29nrQDZ0xh7C/LXyYibHILm9MOXCtZtaZgcazFprYDmhynV/Jixxbe/q0XaG7JKvUEaSA1Mt6p4mi2VTuuPW3lqaXFzKly0e/7mHszCX984qoZ0hy8powjnnwJuRFwcrSBNkB4lCEvNddr0NdLPsbp3l+ym5P+drIXTdPbZ+ck9rTEuOmM+7MDXNX9TPLV/cqVpu4EFoo7Mo0+viVNLatgCL67g7LAcWvDYijbtK0emK1KmUrnlirT7OgCyrsS6QtaArFxD6PG5bQgpt2fl1YPJ9nBuMQCtbdC8o2e0nsLePgCQKu5pDQMAsnFuofeoVCn1SWF9p55i2rEX+0D/UBaRkwUQ== X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: ed6f701b-91cf-4f2f-cac2-08ded6a80dbd X-MS-Exchange-CrossTenant-AuthSource: AM7P189MB0725.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2026 13:04:00.7379 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4hrz3UaGEx0WdJZqyCsgcEKgnCHJZzeyLF3H+rWk150khXWxcar1iBTV1V9y8/ZwllWHp19Ux5yKRzbU4FHFPg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWP189MB2777 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 13:04:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239892 Bug fixes included in this release: - gpg: Fix wrong assertion failure which could very rarely occur during key signature checking. [rG693f5642f6] - gpg: Consider certify-only keys for revocation signature check. [T8196] - gpgsm: Fix possible double free in the CMS parser. [T8240] - gpgsm: Fix possible too early removal of ephemeral keys. [T8236] - gpgsm: Avoid emitting a final FAILURE status line if --status-fd is not used. [rG69c27fe377] - gpgsm: Fix a regression in 2.5.19 for password encrypted GCM data. [rG60a823c97b] - agent: Fix not using cache for pinentry loopback. [rGd4b608a31f] - agent: Fix command PUT_SECRET by saving input line. [rG1875bc185e] - keyboxd: Mark keys searched but not imported via LDAP correctly as ephemeral. [T8048] - scdaemon: Avoid buffer overflow with SC-HSM cards providing RSA keys > 2k. [T8244] - dirmngr: Fix uninitialized use of the dns_any union in dns_rr_cmp. [T8251] Release-info: https://dev.gnupg.org/T7997 Signed-off-by: Roland Kovacs --- .../recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) rename meta/recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} (95%) diff --git a/meta/recipes-support/gnupg/gnupg_2.5.17.bb b/meta/recipes-support/gnupg/gnupg_2.5.20.bb similarity index 95% rename from meta/recipes-support/gnupg/gnupg_2.5.17.bb rename to meta/recipes-support/gnupg/gnupg_2.5.20.bb index fd6588769c..a1a50e2384 100644 --- a/meta/recipes-support/gnupg/gnupg_2.5.17.bb +++ b/meta/recipes-support/gnupg/gnupg_2.5.20.bb @@ -16,6 +16,7 @@ inherit autotools gettext texinfo pkgconfig upstream-version-is-even require drop-unknown-suffix.inc UPSTREAM_CHECK_URI = "https://gnupg.org/ftp/gcrypt/gnupg/" +SRCREV = "343d0cb8910441aa44c56ce8673a78e137040c87" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0002-use-pkgconfig-instead-of-npth-config.patch \ file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ @@ -24,7 +25,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for- file://relocate.patch" SRC_URI:append:class-nativesdk = " file://relocate.patch" -SRC_URI[sha256sum] = "2c1fbe20e2958fd8fb53cf37d7c38e84a900edc0d561a1c4af4bc3a10888685d" +SRC_URI[sha256sum] = "6461266e99c308419a379abe6c356d54c214136c4589bd65951091138989ffc6" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ From patchwork Tue Jun 30 13:03:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roland Kovacs X-Patchwork-Id: 91408 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7275C43327 for ; Tue, 30 Jun 2026 13:04:12 +0000 (UTC) Received: from MRWPR03CU001.outbound.protection.outlook.com (MRWPR03CU001.outbound.protection.outlook.com [40.107.130.16]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.20927.1782824643216728830 for ; Tue, 30 Jun 2026 06:04:05 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=mCWFGKtq; spf=pass (domain: est.tech, ip: 40.107.130.16, mailfrom: roland.kovacs@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=IWFf3Tthya9Ic4xCxdviiKAOTuxyzgiRdbEuUNgfJzKk/fT+VQJhkPMjm/xDxV11UmKcSJ04iSQfgWQNpoDx7NgBeosJ+Ey5+5vrskpLcz8cqN30ovwzqrOY17tgrNR7iQdw1tlsWEMQC7yjGi1NMYmCCZYCrAD6nTP+fuEa8bGsqQWT44hlM4TlbY8ckFmYE+JiTJFor2GR5YOHSsPogkNVAIT4RiU1/UdiJc1mIWIQrdH2PEAdTwMKoiDXcbPxd9OHGAVDjTtLDziRHoJ0hs89PuAPngZiG9B9SPcP0rTLoJNLE/FdOeMIYZuzTx4k6U9/yGYyxO1w2xOgXr+mLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O45B27bf0nzfkMQDPrlTipsoPzQ3bZ4zF9xmts+L7mA=; b=DOWctaqME+RlkOehvedZUWovIZrVV2Wf0I2o2bPkIK8wedZ3TvTx+IQzicSo9P9Gpty4KdFVNV3Hj30NeP30ySQgFa3xeRWx3B40aY2UkZ6lRDkGgECqsqvuUG/K+EV7IaUDoo3R3dbGVWRxXHplFOq4XiEg82DuqiTTXSDPbma+ol72zNauI402pp8NBEskg3Qpnd0RX15BA4PLS6MhYjY7NVESjYugSINEeDN5vNd5yTJsgPsUPeCZWnSYfaZCszU6VJ5mKkdjCB4eVBigqiiKSWMlwhGBryselczjhr/U8gs8Vnkz04WmaoAFNbbdGB3JEvNEwqOBRpgmTkMAeQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O45B27bf0nzfkMQDPrlTipsoPzQ3bZ4zF9xmts+L7mA=; b=mCWFGKtqehpA4PF9rZuZAoxIoe/tIrOg3cV20SaHyAm+2K3Zzdybl/KWP596qDztLkSyZqBvpHKLSWzH4ncOQ7puhWbquew5Ok0vX8vF/jAoZmAZ+VWqFsj1j+evTO/UO20ijUIeAitC1grwtMoJLq58vt6Uh+fIjvHcSvrhMIyxUW1gqiqMdLyQtNEqd9C7b6B1RXpxhGCzH3jJ3iogyOgCp+oB9fXFvRPza1rf9OlD/wOIop4fIMYPt7FytcA9hf7izBNNBEtLpqTUh72DpYA3WOqqgNg57pR2aQ2s4i/YBuj3XU/aA5jZmDH+31oiZlak+6ZvxJ5G3E4uH233Qg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AM7P189MB0725.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::20) by PAWP189MB2777.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:46a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.19; Tue, 30 Jun 2026 13:04:02 +0000 Received: from AM7P189MB0725.EURP189.PROD.OUTLOOK.COM ([fe80::ab4f:3151:4330:625d]) by AM7P189MB0725.EURP189.PROD.OUTLOOK.COM ([fe80::ab4f:3151:4330:625d%5]) with mapi id 15.21.0181.008; Tue, 30 Jun 2026 13:04:02 +0000 From: Roland Kovacs To: openembedded-core@lists.openembedded.org Subject: [wrynose][PATCH 2/2] gnupg: fix CVE-2026-57062 Date: Tue, 30 Jun 2026 15:03:58 +0200 Message-ID: <20260630130358.71091-3-roland.kovacs@est.tech> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630130358.71091-1-roland.kovacs@est.tech> References: <20260630130358.71091-1-roland.kovacs@est.tech> X-ClientProxiedBy: LO4P123CA0204.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1a5::11) To AM7P189MB0725.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7P189MB0725:EE_|PAWP189MB2777:EE_ X-MS-Office365-Filtering-Correlation-Id: bcbb98e7-23c1-4f4a-6f36-08ded6a80e9a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|23010399003|376014|22082099003|18002099003|11063799006|56012099006|3023799007; X-Microsoft-Antispam-Message-Info: c9tZ8gpgY4YqW/7q8O+JM8TUUrIgygVKSbZJX6y63Fx18w+5Hqn/l+NGi8aV6XYtISnWMmSzCd8AM1yrNFVHIx1ZXlwejMpXTD2Z8wEaac7YI+BgfEBVS1jqQePqKHEpyL9/py5vkhdOie67LhSs1/aTQuqJa2VOO7wC1VgasAJKVd3hN798f2BK8Z0sXgxAW+EocrgodaV83X7dx4dhY6gwgxOqkmH4uLvx1yP3qZIwy9+wZqGMgT8clDZZcYtGkhmdWFi6pHndWdZBpY9nuLO7HHMIm1owQE8BoxnVLP2UaBQzvvcltf8dxWtnjGYeMztf2PTDQZdzHvOrWkkeETqXYFKQ+nad8+/Rzszb+eUMiP2bW+OLu8QdZbie0fVcW3yGjGFTTpb41tnN74+bOQoEBsH8v7v8K0bi6Vhv4+7mv+p3JpoHSIzs79GaNuiWNu0an0nRk1JmTyIQFRti4wua08xjWR8mvLTR5YYCpXed2pb+Y/K0VsvWcpK7rCvo3Ma7lUXMHPk2ak6zp3G094IdrdUdAamoCghiIIAWppjmm412W+OWYiMxJKfD4kALbiMLJOgaGRcWDsSDRcScknk1Onedp6zaNQNTWfow4rfQMQmJzs7kFws7nDilJyOPLDWSfn0R8rzeKdeFDWt7mRvCfpsSK2UxSC+RZcobQ1E= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7P189MB0725.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(23010399003)(376014)(22082099003)(18002099003)(11063799006)(56012099006)(3023799007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: MI/5CsrjPymPGAMrcZCNX+Gnpjf+NJTjXtCJPZK4tLPdbuZJyNqMFPdFSW4Ri8X+xjmV1U4fxSg4fV8y9zibZv0kwbkuZSXqaQiBExxeLyqlYValGpDliiAB7K0V8UAhTRq4FQm75OrLejr/rT5FaUg3pwAjK+hurIOr6M+DV9dPPxzGTK3jDkCti/RlpuNOREKmkbpkK4heQeUSGrmGtbmZ6OdpSTtj3aRbpZ1Z089/xshGIMkmqsGPfuSuH/qmqf3CcSuc+EcIu7+ri8FouMdhhYlgAWLz6GqmPylZuUZytT8w7jhKRMaOZGe1euLXi1cULaP2SlAx0a+xaAoaVrn67Y4QtTNxz+35iMOfgIiaFOjrzvwAvIDlo09XfKpNLoclY1/3yKbKuhSBVTXZ7F+keBCNDPJzWeiPwpI4BChf03FOYhiDJJM2GWsqaJlgNCrKKCTOf1jOn/CNs6rRdPF2JXn+Pn8eofZWBHAVfmk7IhGWMN20HSEnmkXbzcWPvHM7ioF2PZfQJtpySC72FjcBsIMffiv2JX4GsKOSoUVxeckHoVpWNcmhyj9d9vonDmhqjcw38TqbpvANs3diP/h3Y8FfJOyb1TrWlQassqmAIcPYMvfSM9ji/wXPNh1E8ExcTZWGAdCWmGV2UrxllCaYYo09BGFX5dHl/1onMwOcs8gJmTVojN1+PkPPN19QwpBzvAZmQER9z0zBqpVuTiT63JiXCNtIbqJyM7w2c3sjmKKhDEnNXtEz7Pc6iriA5S0j/ou8eVPVNiPCYEeUhz80hgfFP+X9UDl2j88dr1Q2iFtJ649JOkpZjKaxwXpjyWHebq4pJqbyimkrqEaKzrI9J6rW27fayW18lNEYrKBsFCq0pSyQDxvzrSYaRllQVA7bRaSaD2+oNAbqk5g3hUEdXVsU3MCUyw7/wCppvMDIe9TyUvPUHXeuddBx4RypMv4JtM+O9OIJrFHSPtLsN/WImvvblug/8497DlglEzF+r/Kk5PCd5xloFT8+PH2UEIiCA0WP23LSqc509kB4nUqvjPLKvFyzgMN3TMaes8Rq3uZnkLTdkjycAot8ub3Ae+GlO9goVz24rFlPifM4NXYiWG1Ooo1DDDX9EzrSSteNMeVGZVeAqJkjXdtqVX+28duR+E/uuwT4SE3tMIJZ0bVXEutxuJzUwC2XXMkzcOIkuutRZZ7y50EvW1Gl6sReTsRewaGhNd1Z3Nlqhs73iV0ZChF/kL2yHLZmqnYwhY2FuwFUG9NG4FYrU+qYuVEcOUqCv98CfIpDwywiJFuqP0ayTBlXa2u4E9vuNh+SG+A0ywIXic4UiizSG7lyr3JeOXno1OL5ZqcjRxA8lSJ2kPhuVAF5QYIi3oZVj5J0Qjr7ptXhu1DgiGVIvvCn6GDzIMFp9SzqNgF0vRSGF3Bg64wXAwz3FQQiq0HQL0vmmOftM3g3a8NO/1ZCe5VkLJh7LFxLXGTdfOg3rS1P+smBU85b3Kb/ERG8toohg3wRqG/vetLlNhUUsXusVuo4m0qDutLl311aIhkS9JSr3RV59BzOw+9BrwQFl6XA7DqtQ+eWAEiOeKBeIh9QgzvmtwUR1q2dtS5kHWRVVi8a/Ob7gTfBho5f8izlTFpxbwMBnWgkYKApHKBxFZ92UBxm4P8qMJkhEwVvjHlEtu1gj1q/qkLzvhoYfEqivgLkYvaH/aTAhbAgV5iEjWkHYIxjC2AG3b81ZCy3xGdxGvoC1eW6Vg== X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: bcbb98e7-23c1-4f4a-6f36-08ded6a80e9a X-MS-Exchange-CrossTenant-AuthSource: AM7P189MB0725.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2026 13:04:02.2064 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JPZvaKqQ1Y9EV5XtlLyqiNCyTz4YlrRVpIlhQHPxTc1mFpdGwchzBX1GjHVdRyhE+9b4ZbxeHNLqmiP/+4cU/g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWP189MB2777 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 13:04:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239893 CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. Signed-off-by: Roland Kovacs --- .../gnupg/gnupg/CVE-2026-57062.patch | 43 +++++++++++++++++++ meta/recipes-support/gnupg/gnupg_2.5.20.bb | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch b/meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch new file mode 100644 index 0000000000..f298b6e9a8 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch @@ -0,0 +1,43 @@ +From d586f50ee849c8cbeaea47b50c64446c1becbf9b Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Thu, 18 Jun 2026 10:51:34 +0200 +Subject: [PATCH] gpgsm: Require a minimum tag length for GCM decryption. + +* sm/decrypt.c (gpgsm_decrypt): Require a minimum authtaglen. +-- + +Reported-by: Thai Duong +This is similar to OpenSSL's +CVE-id: CVE-2026-34182 + +CVE: CVE-2026-57062 +Upstream-Status: Backport [https://github.com/gpg/gnupg/commit/4c7e68cf3d335328821bdbb70db309a60d0e4fd4] + +Signed-off-by: Roland Kovacs +--- + sm/decrypt.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/sm/decrypt.c b/sm/decrypt.c +index 20fb96060..92a33c6e6 100644 +--- a/sm/decrypt.c ++++ b/sm/decrypt.c +@@ -1447,7 +1447,14 @@ gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, estream_t out_fp) + } + if (DBG_CRYPTO) + log_printhex (authtag, authtaglen, "Authtag ...:"); +- rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen); ++ if (authtaglen < 12) ++ { ++ log_info ("authentication tag is too short (%zu octets)\n", ++ authtaglen); ++ rc = gpg_error (GPG_ERR_CHECKSUM); ++ } ++ else ++ rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen); + xfree (authtag); + if (rc) + log_error ("data is not authentic: %s\n", gpg_strerror (rc)); +-- +2.34.1 + diff --git a/meta/recipes-support/gnupg/gnupg_2.5.20.bb b/meta/recipes-support/gnupg/gnupg_2.5.20.bb index a1a50e2384..e373265c48 100644 --- a/meta/recipes-support/gnupg/gnupg_2.5.20.bb +++ b/meta/recipes-support/gnupg/gnupg_2.5.20.bb @@ -20,6 +20,7 @@ SRCREV = "343d0cb8910441aa44c56ce8673a78e137040c87" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0002-use-pkgconfig-instead-of-npth-config.patch \ file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ + file://CVE-2026-57062.patch \ " SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ file://relocate.patch"