mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-06 15:29:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2b5de2c77e13e623a7e20ec8a1aeb75e0984a01
poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
Marta Rybczynska ec21b227cd libgcrypt: solve CVE-2021-33560 and CVE-2021-40528 
This change fixes patches for two issues reported in a research
paper [1]: a side channel attack (*) and a cross-configuration
attack (**).

In this commit we add a fix for (*) that wasn't marked as a CVE
initially upstream. A fix of (**) previosly available in OE
backports is in fact fixing CVE-2021-40528, not CVE-2021-33560
as marked in the commit message.

We commit the accual fix for CVE-2021-33560 and rename the
existing fix with the correct CVE-2021-40528.

For details of the mismatch and the timeline see [2] (fix of the
documentation) and [3] (the related ticket upstream).

[1] https://eprint.iacr.org/2021/923.pdf
[2] https://dev.gnupg.org/rCb118681ebc4c9ea4b9da79b0f9541405a64f4c13
[3] https://dev.gnupg.org/T5328#149606

(From OE-Core rev: 0ce5c68933b52d2cfe9eea967d24d57ac82250c3)

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-12-14 22:49:22 +00:00

67 lines
2.6 KiB
BlitzBasic
Raw Blame History

SUMMARY = "General purpose cryptographic library based on the code from GnuPG"
DESCRIPTION = "A cryptography library developed as a separated module of GnuPG. \
It can also be used independently of GnuPG, but depends on its error-reporting \
library Libgpg-error."
HOMEPAGE = "http://directory.fsf.org/project/libgcrypt/"
BUGTRACKER = "https://bugs.g10code.com/gnupg/index"
SECTION = "libs"
# helper program gcryptrnd and getrandom are under GPL, rest LGPL
LICENSE = "GPLv2+ & LGPLv2.1+ & GPLv3+"
LICENSE_${PN} = "LGPLv2.1+"
LICENSE_${PN}-dev = "GPLv2+ & LGPLv2.1+"
LICENSE_dumpsexp-dev = "GPLv3+"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff \
file://LICENSES;md5=840e3bcb754e5046ffeda7619034cbd8"
DEPENDS = "libgpg-error"
UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
file://0001-libgcrypt-fix-m4-file-for-oe-core.patch \
file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \
file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
file://0001-Prefetch-GCM-look-up-tables.patch \
file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \
file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \
file://determinism.patch \
file://CVE-2021-33560.patch \
file://CVE-2021-40528.patch \
"
SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743"
SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3"
# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro.
CVE_CHECK_WHITELIST += "CVE-2018-12433 CVE-2018-12438"
BINCONFIG = "${bindir}/libgcrypt-config"
inherit autotools texinfo binconfig-disabled pkgconfig
EXTRA_OECONF = "--disable-asm"
EXTRA_OEMAKE_class-target = "LIBTOOLFLAGS='--tag=CC'"
PACKAGECONFIG ??= "capabilities"
PACKAGECONFIG[capabilities] = "--with-capabilities,--without-capabilities,libcap"
do_configure_prepend () {
# Else this could be used in preference to the one in aclocal-copy
rm -f ${S}/m4/gpg-error.m4
}
# libgcrypt.pc is added locally and thus installed here
do_install_append() {
install -d ${D}/${libdir}/pkgconfig
install -m 0644 ${B}/src/libgcrypt.pc ${D}/${libdir}/pkgconfig/
}
PACKAGES =+ "dumpsexp-dev"
FILES_${PN}-dev += "${bindir}/hmac256"
FILES_dumpsexp-dev += "${bindir}/dumpsexp"
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink