MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
3ca9f90dff
poky/meta/recipes-support/libgcrypt/libgcrypt.inc
Ross Burton 3ca9f90dff libgcrypt: fix CVE-2017-9526 
In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from
side-channel observation during the signing process) can easily recover the
long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this
session key in secure memory, to ensure that constant-time point operations are
used in the MPI library.

(From OE-Core rev: fb28c54347fcf4957b9b8ee7dee423d859eb7820)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-07-19 15:13:47 +01:00

50 lines
1.6 KiB
PHP
Raw Blame History

SUMMARY = "General purpose cryptographic library based on the code from GnuPG"
HOMEPAGE = "http://directory.fsf.org/project/libgcrypt/"
BUGTRACKER = "https://bugs.g10code.com/gnupg/index"
SECTION = "libs"
# helper program gcryptrnd and getrandom are under GPL, rest LGPL
LICENSE = "GPLv2+ & LGPLv2.1+ & GPLv3+"
LICENSE_${PN} = "LGPLv2.1+"
LICENSE_${PN}-dev = "GPLv2+ & LGPLv2.1+"
LICENSE_dumpsexp-dev = "GPLv3+"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff"
DEPENDS = "libgpg-error libcap"
SRC_URI = "ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-${PV}.tar.gz \
file://add-pkgconfig-support.patch \
file://libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
file://fix-ICE-failure-on-mips-with-option-O-and-g.patch \
file://0001-ecc-Store-EdDSA-session-key-in-secure-memory.patch \
file://CVE-2017-7526.patch \
"
BINCONFIG = "${bindir}/libgcrypt-config"
inherit autotools texinfo binconfig-disabled pkgconfig
EXTRA_OECONF = "--disable-asm --with-capabilities"
do_configure_prepend () {
# Else this could be used in preference to the one in aclocal-copy
rm -f ${S}/m4/gpg-error.m4
}
# libgcrypt.pc is added locally and thus installed here
do_install_append() {
install -d ${D}/${libdir}/pkgconfig
install -m 0644 ${B}/src/libgcrypt.pc ${D}/${libdir}/pkgconfig/
}
PACKAGES =+ "dumpsexp-dev"
FILES_${PN}-dev += "${bindir}/hmac256"
FILES_dumpsexp-dev += "${bindir}/dumpsexp"
ARM_INSTRUCTION_SET = "arm"
BBCLASSEXTEND = "native"
Reference in New Issue View Git Blame Copy Permalink