From patchwork Wed Jul 1 08:26:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roland Kovacs X-Patchwork-Id: 91478 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25F60C43602 for ; Wed, 1 Jul 2026 08:26:53 +0000 (UTC) Received: from AM0PR02CU008.outbound.protection.outlook.com (AM0PR02CU008.outbound.protection.outlook.com [52.101.72.69]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.40299.1782894408228268543 for ; Wed, 01 Jul 2026 01:26:49 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=MxX7p41j; spf=pass (domain: est.tech, ip: 52.101.72.69, mailfrom: roland.kovacs@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mTwrBRyZZy7MwsNjDK9c9ZyH+RXK7z+q5ikJYyXrLD4Rwnj7QVuTgcYbxIst5aTIIV8T2yaFo/8nWuwc2uIMGS/l9NsjINcyZzLyNBsWtVj7HDaKwOSdQ7DbVFYkALulE7r53p/SEUH+UyRdGbPUdvilQ5CE4F004rc2iXwK2pBubsMpTZ40x+KJf2hgRDD3pOmxacs2lpn76yAC/+wLivpc0gdLxBgcZVI0Sxu3Su23Y2VtP0G438pKSB876RW2uK2JgfTlzfaOApLs+Xoi2oVaIR4ooBACjhdg2nHdG4hFfQFnxeWHznKMk7CLLxSHXruEAuFu9dySm/LsEgSITQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wUG+ESmZoMLzUtqQTbE1qVma4fRqIxc3QYGfotMMYLY=; b=PXs000TaiwurH1eTCV2GPxrvCg9hsR86+QJ1iymtUC7Q4VHnZ8Xb715qL9gSU7Q+XFi17JJgEVXMhCxwfCzdru+EUIGzOjRTx21VGV7h+qdciGJoBVh1dTrVdpkFmq4dDSwA5TfwDy1OeiY73hlKe5gG/Yw0GwTGmqNXYUFV0SysHiNmyw3wVBac/cmXlaFz0bdt8kX+irvcMWKbiuBfSsIMc02AP7hL4Zhxfregge6U4MgS6MZBhgOJeQm/pe6KTrIEhgiCpjcj0QN4ksZBqGLhYpOCmlblcISSPecVvIS4zJn8KYFV2v9gRxumW9eoHn/wJ3YXPCxELr2x2hk7vg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wUG+ESmZoMLzUtqQTbE1qVma4fRqIxc3QYGfotMMYLY=; b=MxX7p41jpsFUM8BXM6wzmINefBbQxeBzeomKxyjxUw2jBYOVoOGfKnpuht8dlaI43oUrw1uoit+Lj6n8o6mfsnEbbDJJWEQrgljYg6H74+Om4wxbgTSrklkhBxp0Mx85vMDwrfz9ObUKqi580SR9uJu8y85pVKTqErlgdSg+T0+jzf25yNY121IYaYNhKjjzEh/YBgnt7/Nove9zfR/N8YSQtUsaJPlyYDnSjqTayOx9GGBFrkRQvuaI0/iciYtwbguwzHKakHa3mjagmmxBwMb/hPReF1tU0cCmdMQuklM1B3rm3+dINpfAYM6Bi6tJ8PAhAZkro04myxR08qBVLA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AM7P189MB0725.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::20) by PRAP189MB1873.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:278::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.181.8; Wed, 1 Jul 2026 08:26:43 +0000 Received: from AM7P189MB0725.EURP189.PROD.OUTLOOK.COM ([fe80::ab4f:3151:4330:625d]) by AM7P189MB0725.EURP189.PROD.OUTLOOK.COM ([fe80::ab4f:3151:4330:625d%5]) with mapi id 15.21.0181.008; Wed, 1 Jul 2026 08:26:43 +0000 From: Roland Kovacs To: openembedded-core@lists.openembedded.org Subject: [master][PATCH v2 1/2] gnupg: Upgrade 2.5.17 -> 2.5.20 Date: Wed, 1 Jul 2026 10:26:38 +0200 Message-ID: <20260701082639.69648-2-roland.kovacs@est.tech> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260701082639.69648-1-roland.kovacs@est.tech> References: <20260701082639.69648-1-roland.kovacs@est.tech> X-ClientProxiedBy: DUZPR01CA0129.eurprd01.prod.exchangelabs.com (2603:10a6:10:4bc::12) To AM7P189MB0725.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7P189MB0725:EE_|PRAP189MB1873:EE_ X-MS-Office365-Filtering-Correlation-Id: 4432814f-5406-4dad-85f7-08ded74a7b56 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|23010399003|376014|56012099006|11063799006|18002099003|22082099003|6133799003; X-Microsoft-Antispam-Message-Info: IRRcuk14v0ZwyKtkREDh2cQL250cY/a4sNGVpU+pjf6jv2qjuJB3Vbxvc2Rkuyk9wwMNubU49sWSxjWFSX4fA2J5Rwg+giTpAtC7aI7uqeDcPuDt7uYeSqysq0hyaGQtLzASVretGytTPXNEEBRNlyWhIFXnH9oAkq01ZYIlH4bEGjU/5w6CqAXulprBwNS+I08ZjLdRr41wjIZwdUXqF2nCa1yVbCFmV/NisIY5oX9G66/DlQlpgZO5bsTWyrKdWnPkq+SqNtz5GiYLjmQeARaCHvzxiYU/ed+i8pqYBzo2KQtd4DGplGAyXSmHEpKJuSurGzzulrudbVk+xEH1ehToeRjoERySeijDGNV/5haxbezhIB0wdV+O2JTzoxNmSq9OQwBb9gvVYsUZn2KnYxZHduVo4eCM/foGiNauWry62d7UNkF0Dy4z9vk63q4v/+soe4fc+c8/RD3n8MFvtnL/wxlcTDhk98Oy6su5Nw522GHyopeuUo9AiM9kith58Oku46FEzeD3xwK42sH6DAKpTB3Nksu6ygi1f8fHSLIuMKVHFjGu+1AvHSDWclT5WxnI8m+BYn1aqJuTy7I+eSkDOhfKOhiAPOQ3Q8H1/T2XlPmeANpJaeG5Mc8Fvsxz X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7P189MB0725.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(23010399003)(376014)(56012099006)(11063799006)(18002099003)(22082099003)(6133799003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: dJE0WE/DU9bIzSy4+UEH5ydnZjeGpgzIpTR1aRAoJdP3PQgbN2OTTp7B0A+ajg3jGyx2TXfcBXWN9M6pvt7F418SxqWa59ayV4C4TnubfKonD7JTagHl3/qs1YQN0QkondOHtI0VD0RwjwHSj9YqS/ZR0IY5L1LQMP5Y+FirLTtz2NHUdXWGVsgAZLx2gxPukRz6cqWXfFgI6vF3gBPmhtdllElAIAvQA7o61J7isp4kIXoQWR2SFj25ImVQQWkpG4KzMHW3RsYjTJmbhH8apo3WyuI49/0lFdfAzQV5iY0WSy6fvxrU05D94ZPa77nphaim4B4NVEpu49+XjMSxQSht1o7B+7RqyihBv+qR6R9y0Th23wWzznT7+z3PBTl618Ic3C/t2a/CQDMk6Wxy0LjfyNnHE+ORxf34fSO+WGHQgBVDY3ARDM2pesq2FgZlJJh00fYnOGUz1X76+VhunnnHjOeIVE9TA+V8jSyINW1qMhUq00KTc6MZ1JS19dYrwIftk1WCcW2KEpCgcFYqrx3HoKy8+ZbgZuzsC/wtbbEbUc7WmWRn8fPheV1GJiu61Y9O9RXZEKQowVwiI3t3lxqxv/3dPeVEELG76kvoyuX1cIT8SwD/iKDhbcH05mYuruevcEUGuOru7lunrSG57BMc1s/U6N7ih8JgcViec4dOkXVEZiads0TNQhZFehugTzh7WdwwG5J1ayJXAbqMSNglMYsAf5WKIKZDA17qa34uMBsDOY8JMQiTcYq2dZ9RKPwBZbrYOc6VsFVSIDwDTqfhcWkzg7ufHUrg++MG42qOKPfR+HeCgp9XOBzVUXku/RjS+EYoRUksInwla/ju7ooLV9k1BQ8WdfpeAyUHt2flDxlJdz13ggqNFO6jyQ/rBt1tV0BbmcNon0FFT60MYqmpZpF8Y3v6AK9axuI/LrKMBpjpqbUBU/7mCXHZbnT5rgebu3jpVgg/R93IqiyRGrBQagexAJOaLF2NIWC/5NXd7/UNCWSILAbgya0q35lpR5kLqqauFmQGtSSAWS+shlxNXXkp7kz9Etsgx7bpFmAwEGQE+n3T2kELvFwJLzq5quooMT5EcRyXUQPeSvsPpXlPdI71GJ3Bw2b5iAbbbKkvynpVpVFmFL0hfJOrfYDbEQo3QygjXTg43NvX9NXTFnxNaOkF04fJKJ2mhPjwYiEpSNH+gCrrMYoR00r3KrX07sIoPQZD1JJtqHQ4aWkym2T7Tnbi9TNM0ifUY+mEmOlbFQm0ZVyJXvJgDpToZD66knb4MacpPXaYj4S1kjSei178bAElq0H1Ck52bENXB31d3NMJixVRhFFV8xz38ceaGmkacu8AEMhE9xfcpIYJQGXRp9jtomCN3wPqx/m+uCQcl2fbaa4Emwy9RulpqBCMmGrz6hfwb/pbhhy0Evws4IrUHcIPMen0DxPMBjTLQ5tQjQDz6IPlSsnZFHmXIeBgLJjjxznnNNx4FnjxE0+rpYqhqVH1Zt+Mkl/mWrFep9CXcE0D3G+6N9ZSL5NozanV/jM7//CNI5bzLVmRuqjARj6jmIc2M88dkq594wMN/L1WbqZ8dJyTv9UryQL0CBGYOjT0S5DVR47K3NVOey4TxtY3BCOWEtXyYJnzez0NnISvXYOxBMvLC+yGVWtxhGlOZMJNvX9q8o3NA9fiuz7FAsAvzHCE6reCRfbVD911Sm8NmznFvGhfjFiQsozBDTS59X06Bf2JHldm4dnVOqd+3w== X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 4432814f-5406-4dad-85f7-08ded74a7b56 X-MS-Exchange-CrossTenant-AuthSource: AM7P189MB0725.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2026 08:26:43.1452 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: j69cxX2dm11QJvkvP7Qm3F2syNZRmWuoFMBnTic10cJ/tLqeDRVFR3BWqIFG81lCCK/U1vEX8QjHXC0qe9eVAQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PRAP189MB1873 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 01 Jul 2026 08:26:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239956 Bug fixes included in this release: - gpg: Fix wrong assertion failure which could very rarely occur during key signature checking. [rG693f5642f6] - gpg: Consider certify-only keys for revocation signature check. [T8196] - gpgsm: Fix possible double free in the CMS parser. [T8240] - gpgsm: Fix possible too early removal of ephemeral keys. [T8236] - gpgsm: Avoid emitting a final FAILURE status line if --status-fd is not used. [rG69c27fe377] - gpgsm: Fix a regression in 2.5.19 for password encrypted GCM data. [rG60a823c97b] - agent: Fix not using cache for pinentry loopback. [rGd4b608a31f] - agent: Fix command PUT_SECRET by saving input line. [rG1875bc185e] - keyboxd: Mark keys searched but not imported via LDAP correctly as ephemeral. [T8048] - scdaemon: Avoid buffer overflow with SC-HSM cards providing RSA keys > 2k. [T8244] - dirmngr: Fix uninitialized use of the dns_any union in dns_rr_cmp. [T8251] Release-info: https://dev.gnupg.org/T7997 Signed-off-by: Roland Kovacs --- meta/recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-support/gnupg/{gnupg_2.5.17.bb => gnupg_2.5.20.bb} (97%) diff --git a/meta/recipes-support/gnupg/gnupg_2.5.17.bb b/meta/recipes-support/gnupg/gnupg_2.5.20.bb similarity index 97% rename from meta/recipes-support/gnupg/gnupg_2.5.17.bb rename to meta/recipes-support/gnupg/gnupg_2.5.20.bb index fd6588769c..68e1316668 100644 --- a/meta/recipes-support/gnupg/gnupg_2.5.17.bb +++ b/meta/recipes-support/gnupg/gnupg_2.5.20.bb @@ -24,7 +24,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for- file://relocate.patch" SRC_URI:append:class-nativesdk = " file://relocate.patch" -SRC_URI[sha256sum] = "2c1fbe20e2958fd8fb53cf37d7c38e84a900edc0d561a1c4af4bc3a10888685d" +SRC_URI[sha256sum] = "6461266e99c308419a379abe6c356d54c214136c4589bd65951091138989ffc6" EXTRA_OECONF = "--disable-ldap \ --disable-ccid-driver \ From patchwork Wed Jul 1 08:26:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roland Kovacs X-Patchwork-Id: 91479 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C308C43458 for ; Wed, 1 Jul 2026 08:26:55 +0000 (UTC) Received: from AM0PR02CU008.outbound.protection.outlook.com (AM0PR02CU008.outbound.protection.outlook.com [52.101.72.69]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.40299.1782894408228268543 for ; Wed, 01 Jul 2026 01:26:50 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=fGCsFajd; spf=pass (domain: est.tech, ip: 52.101.72.69, mailfrom: roland.kovacs@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WmzFdMtaSwBZkk/gRaPCRQU8Qxev34CwjK699GgslwVbGEkGDBtLyaJt1dVcaRmtQUlmMEjBuIMxl5yMf3Jk7leA7140KrUl3l2QcSLHUmDaSoCwphEuHdvPBR2pjIJvYpn1EHsLYVN9qG3bqsQQzTRQzVBJaV33Q2Upi9iLYvIxlFc9PlMzQU5f+Gv/BhqCC+VEVeIvSdbhrPXZ2RTrLkxitPhYyb9CfD+V/WcZJfhKPNE0NFUyyCNlOFrASTFUIpKqKkZgqDbxaDtHARkdeF634rqADO2Y1+0pfDtDwnsNmuqSLO2tbkEV1iJLTN0XPdX+PboPCg8byCHXfmZlIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ypJMBSw6At3sX4wJt3kEtc2dr7vtEe5n1xB1hjh6aHk=; b=UlH4VHQn2IvBuuLJ7ngUXKhXq+3ge3mNQR8NQSp/DqJ+sobEWfwBe2VrmMulDT0xLeR2V33x9yMAstBba5RMr8Ne2DP/Sj76QitL/WrBXyIZfONtcLFvPehwrzXCy+pFdtJ1u5EUAava6bbbVfiO77ed9Jj6DIO99vJsKuO5cFbbiRQgoAN3eyEfp3/C0fnbb5p+CX68KpMHCruwZm5kSJ/cO/fubzCi7GVUJlE4o2cUXllnOzBJ27Cq0Carf7MVFhcJ7P4uW1AXmVItR2arkXLZBrQpvUHpiW2aa+2JtZK54LM98rFXCwR0ch0Mgp3SEyjciR3w1aqG/bq7HyhDqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ypJMBSw6At3sX4wJt3kEtc2dr7vtEe5n1xB1hjh6aHk=; b=fGCsFajdHyH0TEnCc+eprG8XJ3OaxrKKTTHCUucM0oWDl80xnPLVPyCDzQ189llZKamA+T65L2plPQ7LunM7GJUBi/m1yorEWNvbwfRN6AXQa8N/DRJsiZJNpLGey5IvuoJ5QtMFArUUzDt4Kic4htL+pwlp0mKhwfF7FKhKpSJDtz77xzTtpjTPqj8F4aBetDAlsXRhuJd7VtP4QawDtwkmQ0MPgRJgaqflLvobkIBDYdd3QJea63xKKH5ifc4XICitnFsnXnXM7dLLOWK8xaoVwRUuCm4ga2VyrqDuTYz/Yptwk4oCaP4UDAmvcVLAIkcoDA3LRxO2Q2zuurgbDQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AM7P189MB0725.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::20) by PRAP189MB1873.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:278::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.181.8; Wed, 1 Jul 2026 08:26:45 +0000 Received: from AM7P189MB0725.EURP189.PROD.OUTLOOK.COM ([fe80::ab4f:3151:4330:625d]) by AM7P189MB0725.EURP189.PROD.OUTLOOK.COM ([fe80::ab4f:3151:4330:625d%5]) with mapi id 15.21.0181.008; Wed, 1 Jul 2026 08:26:44 +0000 From: Roland Kovacs To: openembedded-core@lists.openembedded.org Subject: [master][PATCH v2 2/2] gnupg: fix CVE-2026-57062 Date: Wed, 1 Jul 2026 10:26:39 +0200 Message-ID: <20260701082639.69648-3-roland.kovacs@est.tech> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260701082639.69648-1-roland.kovacs@est.tech> References: <20260701082639.69648-1-roland.kovacs@est.tech> X-ClientProxiedBy: DU7P250CA0024.EURP250.PROD.OUTLOOK.COM (2603:10a6:10:54f::17) To AM7P189MB0725.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:111::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM7P189MB0725:EE_|PRAP189MB1873:EE_ X-MS-Office365-Filtering-Correlation-Id: 6a87df68-a3ee-4bd9-7c72-08ded74a7c5e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|23010399003|376014|56012099006|3023799007|11063799006|18002099003|22082099003; X-Microsoft-Antispam-Message-Info: cZZfzLxHTGSt4JUQPCkQHRF7xLw1+CqZY7x5YDNzWC18Iz6N8EtTQgqAM/Ac86zIlzqQPRM5HaYcIWn68R+Kki61foqe3Dw2asqlzwXmdU583s3c6RSs0d173vv52a5zP16MjZJ1SN5eH9Q4U79j2L534evs+zNETlo0U41L8LGuYTvEA332Ala2+mIw0bL2C+wIlL709JDWxQ5YkDf5huj1sMNVRnhH6wjNKPy0n6OJ2ufhQDHVVmzm/zqslyKnseY+3C6Q2i+nEg/wQ2zjuQo9iVjYlvFIQQ04W3c07RDBAylYFZ3JbSF1X1psAqn9ZLlgYtdx4ZbR78wuA3B0KB5xQ3z4o5J/Uf5URNZ4YRo6MXYYEHUt/N10TSbpvcMECeV5V7U3lpyfkKAuA2nGnP5XWuVVYgwXM3YSmL6vcRD+6mMGbVuJrZEf0yrpctMFZso5BSR0DUMYng+maE7UDqx8P7u/SDz0kXsHCPxtRbXmI5aWnVDGTKpk/2XKDza//T1dml5sICADnpKPvvsLJqRnKqgAKXqVlqGVeDr6RJmcCgj2STsm3xXyzPSHqvPkDOjTZUBqnKph9v9zrH/3Q1TnMblCe+ofgYcujmw+oW20OXMH5d/G/RonWwOrHSSlPft8LlWA08aSFNlfs0NQ0fuTfcI4Sly1hD1/mdcxtt8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7P189MB0725.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(23010399003)(376014)(56012099006)(3023799007)(11063799006)(18002099003)(22082099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 9lp2DivM2SLS2uNtapBcEpEIElkEnXx8UGuRxcrSdLAj4dNLeVWOsD65NNYGUf7lfG5PEoh+pm+8ECI+dO+gljEvzXxRdsoorbTWLXkOmmtJcCFgLTp6iRqrDJGwOhSAgtR9kNPP/4HA7vIftLpkYTlpgNGHRXlbeDa37DW2k2rsmAOivHr6z9IqGxasmsa82rMe93d53rcL/6QROG266CW3YACCoy1rys5WEYKY0yJ65OEt0AwmnVBTiKctyrV5Jil3ym5jn8wcZrQ66GvGh+k9enW6Qml+ez0k/wAT9FAo0ewLhoVPIGJMNKNCKar664Tf2ZEIsEGk7pgBiOSDhr4/bVY1OyFJdkVPVwrJVwZ5bdJzYiRxBHF/Yt72tsCq8NmzAniMJ58mvlF+O53saav82gI0RskN/rZJQlEdlMqzNH7rVXbwHMAT/3/JLmUyqLNwLm8N9K3zbUZHwQgyoPjrdTAGdRXVRxdSc4A6nkqBz1T0cOklGfYoJ6CpIeTdjhcULqRcP2Wl6iTlAy24HPE+GhZP3msP/4mPeQHIynzPh4iQxtMz5200501B+PFn830eUBFe86/W4uMX0nBIohpwlfwJYABNMcWTz1Yx+/WeB+PygIO0yoJ6Xg2BWakswIgvTXZOdEQ8JP8VmHQhH8MaLyjaw/5cQuMcVIUfgSpBIS/BcnQRPbKPkGb3v1e5dfQcpanZIaPrvddXLtT2kYuDeBLgcYS6iUxrOkbQZexrq9hDopLGy+RnD1mvR5M4zR73epQZzwOZFgBQP8U7G862s64GOR/dUQwAiLTGB+cj4CfPZFsKckerMAAKW+cKqkU15ZySzv8A01VfzN/bA5xvUz+dOrEZUQr6VguZO+HNjOgKWPH3dBp1ZbuCc6dhm42Iu93zyRK2uvoFp1EZcgBFTXc3pe9W6r+xQ49Z0ehiYo0vdaqiPvAhscHC0tAs0OX5KwC3SCeik+fCDB0F3UTBL6LoqdrIr+yHCp0FQY+kYYuYMifK/mq7c3OSa8lS/C0vw8Loy1Ykq08lJZlGBwpZ9SmVB1ZGRmxJhbfugt+TBLcprISzDcn9vek5QKtQtyOjAyrF+WFQ5nSuUhU170aPwlQXy1P3X4F6+WCGy8FjxwQMAwR4PKN36twnke6/C423VnC8YQhJcYDxsrcLZQpOMSXkgz1B1kMWfZr7XoDD5/cTathO3u50OChD8A1+ucSwEi/QY1j57bJPqLGkZIIFY21y5LXQDqE1WFJIBPajoLxcAAhPsvREESRmZcTn8Z/xZJoy5w5be9dk01jUKMZbE+DRNjQddK4CWwsRm/o2xPKkGyVIUjSTlmGLAIOgfd0vJp5br79MS0b132Xg3CSooCGjPTn962Q0PTezLI0MiXV9Ku80O8EkewoqiwSXHltJZtjDGJZvBpCE/DM7PztyjupwRJdpewyj0To86TxI6aNCSIEPp0oka/ioXj5xpiBpTS6kaADH5iAqorq+ikKmJd2gxGKz1IfAviE4+72ovRuMA2dmZ64h1pbhpEqDXJyZSGeiC41rZ1+IboqSuCxRNkJW44Jdpav6sSrLXsqmAk8ZyQkK5NS04KPvLfrF3Jzknx4TCiyGMM8RRsBXZ6msqviAmRyAnV04TvUcBLfCw0HqST+CLSMIHEY86kxqrZ1O+TVEQkHZdftPBZIbPig8D8UPztio1VxoOGKuI16uuGR0lq9xycHIDLJkCvLtflmWa+5y0ljFFfl8+I3+6Q== X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 6a87df68-a3ee-4bd9-7c72-08ded74a7c5e X-MS-Exchange-CrossTenant-AuthSource: AM7P189MB0725.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2026 08:26:44.8858 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9rnPpIDQq3bYTlH1AsM3ryFeHydoZavNFHpYcG+7zTnw4X7KlzXtHppAXZUxHapHof39zOU9ibJRDE1OUxf61w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PRAP189MB1873 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 01 Jul 2026 08:26:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239957 CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. Signed-off-by: Roland Kovacs --- .../gnupg/gnupg/CVE-2026-57062.patch | 43 +++++++++++++++++++ meta/recipes-support/gnupg/gnupg_2.5.20.bb | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch b/meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch new file mode 100644 index 0000000000..f298b6e9a8 --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/CVE-2026-57062.patch @@ -0,0 +1,43 @@ +From d586f50ee849c8cbeaea47b50c64446c1becbf9b Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Thu, 18 Jun 2026 10:51:34 +0200 +Subject: [PATCH] gpgsm: Require a minimum tag length for GCM decryption. + +* sm/decrypt.c (gpgsm_decrypt): Require a minimum authtaglen. +-- + +Reported-by: Thai Duong +This is similar to OpenSSL's +CVE-id: CVE-2026-34182 + +CVE: CVE-2026-57062 +Upstream-Status: Backport [https://github.com/gpg/gnupg/commit/4c7e68cf3d335328821bdbb70db309a60d0e4fd4] + +Signed-off-by: Roland Kovacs +--- + sm/decrypt.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/sm/decrypt.c b/sm/decrypt.c +index 20fb96060..92a33c6e6 100644 +--- a/sm/decrypt.c ++++ b/sm/decrypt.c +@@ -1447,7 +1447,14 @@ gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, estream_t out_fp) + } + if (DBG_CRYPTO) + log_printhex (authtag, authtaglen, "Authtag ...:"); +- rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen); ++ if (authtaglen < 12) ++ { ++ log_info ("authentication tag is too short (%zu octets)\n", ++ authtaglen); ++ rc = gpg_error (GPG_ERR_CHECKSUM); ++ } ++ else ++ rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen); + xfree (authtag); + if (rc) + log_error ("data is not authentic: %s\n", gpg_strerror (rc)); +-- +2.34.1 + diff --git a/meta/recipes-support/gnupg/gnupg_2.5.20.bb b/meta/recipes-support/gnupg/gnupg_2.5.20.bb index 68e1316668..4146b12824 100644 --- a/meta/recipes-support/gnupg/gnupg_2.5.20.bb +++ b/meta/recipes-support/gnupg/gnupg_2.5.20.bb @@ -19,6 +19,7 @@ UPSTREAM_CHECK_URI = "https://gnupg.org/ftp/gcrypt/gnupg/" SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://0002-use-pkgconfig-instead-of-npth-config.patch \ file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \ + file://CVE-2026-57062.patch \ " SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ file://relocate.patch"