Changelog:
==========
https://lists.gnu.org/archive/html/info-gnu/2024-06/msg00004.html
License-Update:
-Add 3-clause BSD license for poly1305-amd64-avx512.S.
-cipher/Makefile.am: Add 'poly1305-amd64-avx512.S'.
-cipher/poly1305-amd64-avx512.S: New.
-cipher/poly1305-internal.h (POLY1305_USE_AVX512): New.
-Add 'cipher/keccak-amd64-avx512.S'.
-Update license docs for FSF new address and update gcrypt.texi.
Apart from upgrade also refreshed the patches like
0001-libgcrypt-fix-m4-file-for-oe-core.patch
0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
no-bench-slope.patch
In 0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
reverted back the change in cipher/Makefile.am related to o_flag_munging
(From OE-Core rev: aa50e6bc8dcb3f5870e1fa285ec5ab997a7a59cf)
Signed-off-by: simit.ghane <simit.ghane@lge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Characters like '-O2' or '-Ofast' will be replaced by '-O1' and '-O0'
respectively when compiling cipher and random in the filesystem
paths as well if they happen to contain '-O2' or '-Ofast
If we are cross compiling libgcrypt and sysroot contains such
characters, we would
get compile errors because the sysroot path has been modified.
Fix this by adding blank spaces and tabs before the original matching
pattern in the sed command.
It is difficult to control -O1 for cipher and -O0 for random
at the same time in OE environment along with patch file.
So, keeping same change as it is.
(From OE-Core rev: ecd26bbba36ad715c2a0f20475ebc977ea94746c)
Signed-off-by: simit.ghane <simit.ghane@lge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE_STATUS was set for those components, but meanwhile databases are updated
with corrected information, so setting the CVE_STATUS is not needed anymore.
(From OE-Core rev: 5ec6057cfa66ceeb33bec013e320f8e3fa7d7ecf)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Fix public key computation for other EdDSA curves.
- Remove out of core handler diagnostic in FIPS mode.
- Check that the digest size is not zero in gcry_pk_sign_md and
gcry_pk_verify_md.
- Make store an s-exp with \0 is considered to be binary.
- Various constant-time improvements.
- Use getrandom call only when supported by the platform.
- Change the default for --with-libtool-modification to never.
(From OE-Core rev: e21583896116cf37bf6b95aea466854e4fd5e54b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of installing pieces of the build system, we can install the
test driver (which can also be used to list the files needed) and run
the tests directly.
(From OE-Core rev: 5e07e6c376cf46d2788dcef53e9feba890c0236d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch was added in 2017 to fix an ICE in GCC. GCC no longer ICEs,
so the patch isn't needed anymore. Of note is that the random failures
in ptest are in the test being patched, so maybe this is causing subtle
breakage.
(From OE-Core rev: a6cd529ea05e7407a6ef9c6203471bb35e3cc8f9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libgcrypt.pc has been built and installed by libgcrypt since 1.9.0[1],
so the manual install can be removed.
[1] 97194b422bc89a6137f4e218d4cdee118c63e96e
(From OE-Core rev: 117e3c7f56246da39971d5eacc3d780eb9d25c25)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The recent ptest addition was causing reproducibility tests to fail.
Remove the problematic files as they clearly aren't needed on target
to run the ptests. Hack the Makefile so that it doesn't try to rerun
configure and similar.
Also add a missing dependency on make.
(From OE-Core rev: 6936e44d10bbad1fae46406943db490791739f87)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes a fix for CVE-2021-40528.
(From OE-Core rev: 24664297abd3844902fa40c21e4e975d89f40383)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: added terms for cipher/cipher-gcm-ppc.c, still under GPL
(From OE-Core rev: d28c1f67c447f99313890e68083da61adcc66f74)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop backports.
Add a patch that inserts missing spaces in Makefiles.
Drop determinism.patch: upstream has moved the git
stuff to an external script, which has a guard that
checkes for presence of .git/ in source tree.
License-Update: additional source file listed
(From OE-Core rev: ad2eae801c7809db3f4830f19efdad78d1a62d59)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The build was injection git information from the wrong git tree, stop this
to allow reproducible builds.
(From OE-Core rev: 506b36b6d86b3454fcc3cb85f6229cbe8d14f5b5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade libgcrypt. Upstream repo now has a pkg-config
feature. The new patch for compatibility with oe-core
is a replacement for a patch that added pkg-config as
a feature when upstream did not have it.
(From OE-Core rev: 53b73a39ae4a4c8db19fb18ef1881033f6b9ff51)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The LICENSES file contains references to source files with other
licenses than GPL/LGPL that stipulate that they shall be mentioned in
any documentation accompanying a product including this library.
License-Update: Add missing LICENSES file
(From OE-Core rev: 67bc0b3babd922c800a03c1370d6d33a75f273c1)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch is backported from the upstream git repository to fix building
libgcrypt on armv6 platforms such as raspberrypi.
(From OE-Core rev: c47ed9aa7a34ef62b3ffaea6ebd5cc9e7c052899)
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libtool tries to guess the --tag value based on CC/CXX environment
variables and the compile commandline generated by makefiles. This
heuristics however fails when we construct CC variables in OE
and add security flags to it, especially -fPIE -pie which are added
by external compilers e.g. clang particularly. It fails because
libtool removed PIE flags from compiler cmdline intelligently
if it figures out that its building a library, which means that
the CC variable passed from cmdline does not match with the compiler
cmdline constructed by libtool and we end up with errors like
| arm-bec-linux-musleabi-libtool: compile: unable to infer tagged configuration
| arm-bec-linux-musleabi-libtool: error: specify a tag with '--tag'
This works with internal gcc toolchain because we configure gcc for
PIE when hardening is selected and dont pass -fPIE -pie options explicitly
but this is not an option for clang, and some external gcc toolchains
using older gcc
This patch adds the --tag option to help libtool set correct tags
in packages where it cant get it right via its heuristics
(From OE-Core rev: 0505075ae8d339ba097aebb82b4d0ae62f87c0a9)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
https version seems more reliable and in an informal test fetching
all gnupg recipes now takes <20% of the time it used to.
Define GNUPG_MIRROR in bitbake.conf so future tweaks to this are
easier. Replace some slower mirrors with the official ftp site
and another from gnupg.org mirror list.
Set UPSTREAM_CHECK_URI in all recipes that need it to
"https://gnupg.org/download/index.html" as the directory listings
are not up-to-date.
(From OE-Core rev: dfc9178e2f2b6873ca497d981e308e00d15280b5)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
