summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
AgeCommit message (Collapse)Author
2021-12-10libgcrypt: solve CVE-2021-33560 and CVE-2021-40528Marta Rybczynska
This change fixes patches for two issues reported in a research paper [1]: a side channel attack (*) and a cross-configuration attack (**). In this commit we add a fix for (*) that wasn't marked as a CVE initially upstream. A fix of (**) previosly available in OE backports is in fact fixing CVE-2021-40528, not CVE-2021-33560 as marked in the commit message. We commit the accual fix for CVE-2021-33560 and rename the existing fix with the correct CVE-2021-40528. For details of the mismatch and the timeline see [2] (fix of the documentation) and [3] (the related ticket upstream). [1] https://eprint.iacr.org/2021/923.pdf [2] https://dev.gnupg.org/rCb118681ebc4c9ea4b9da79b0f9541405a64f4c13 [3] https://dev.gnupg.org/T5328#149606 Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
2021-09-24libgcrypt: Security fix CVE-2021-33560Armin Kuster
Source: https://sources.debian.org/patches/libgcrypt20/1.8.4-5+deb10u1 MR: 111591 Type: Security Fix Disposition: Backport from https://sources.debian.org/data/main/libg/libgcrypt20/1.8.4-5%2Bdeb10u1/debian/patches/31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch ChangeID: d066a9baacc0d967dd80ac54c684cde031ac686e Description: Affects before 1.8.8 and 1.9.x before 1.9.3 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
2021-03-11recipes-support: Add missing HOMEPAGE and DESCRIPTION for recipesMeh Mbeh Ida Delphine
Fixes: [YOCTO #13471] Signed-off-by: Ida Delphine <idadelm@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 6db24928d62aeb093a0e6da6619713eaca57a96f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
2021-02-11libgcrypt: Whitelisted CVEssaloni
Whitelisted below CVEs: 1. CVE-2018-12433 Link: https://security-tracker.debian.org/tracker/CVE-2018-12433 Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433 CVE-2018-12433 is marked disputed and ignored by NVD as it does not impact crypt libraries for any distros and hence, can be safely marked whitelisted. 2. CVE-2018-12438 Link: https://security-tracker.debian.org/tracker/CVE-2018-12438 Link: https://ubuntu.com/security/CVE-2018-12438 CVE-2018-12438 was reported for affecting openjdk crypt libraries but there are no details available on which openjdk versions are affected and does not directly affect libgcrypt or any specific yocto distributions, hence, can be whitelisted. Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2943efe3f56d394308f9364b439c25f6a7613288) Signed-off-by: Steve Sakoman <steve@sakoman.com>
2020-02-08libgcrypt: Fix determinism issueRichard Purdie
The build was injection git information from the wrong git tree, stop this to allow reproducible builds. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-11-04libgcrypt: upgrade 1.8.4 -> 1.8.5Trevor Gamblin
Upgrade libgcrypt. Upstream repo now has a pkg-config feature. The new patch for compatibility with oe-core is a replacement for a patch that added pkg-config as a feature when upstream did not have it. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-06-08 04:00:46 +0000