- Drop second and third patches (alredy in version)
- Add mitigation against an ECDSA timing attack. [T4626,CVE-2019-13627]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libgrypt provides a config file `libgcrypt-config`. After the version
bump to 1.8.4 upstream added a pkg-config file as well [1].
Using the pkg-config file is preferred over using the package provided
config file. For example, the Meson build system requires that for every
special config file an entry is added to the `[binary]` section in the
cross-compilation.conf file, otherwise it will use the config file found
in `PATH`. This is bad when cross-compiling as `PATH` will include
pathes to the host and therefore Meson will wrongly use the host config
file.
To simplify using libgcrypt for packages using the meson infrastructure
lets add the pkg-config file.
Note, that the additional upstream patch 0003 fixes a typo in the pkg-config
file.
[1] 97194b422b
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The `ac_cv_sys_symbol_underscore` reconfigure patch was added to
Buildroot back in 2007 [1], but was not reported to upstream back then.
Meanwhile, the issue has been fixed upstream [2] after the version bump to
version 1.8.4.
In order to add another upstream patch, which will add a pkg-config file
for libgrypt and therefore requires autoreconfiguration as well, replace the
current patch with the upstream patch.
[1] https://git.buildroot.net/buildroot/commit/package/libgcrypt?id=f1bcdf518fa7868b7819b0248f4b8da02a954dde
[2] 0f4545b441
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop patch 0001. We patch the configure script directly in patch 0002,
and we don't autoreconf. So this patch has no effect (never had).
Rename patch 0002. The next version bump should drop this patch as well.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2017-0379: Mitigate a local side-channel attack on Curve25519
dubbed "May the Fourth be With You".
As we are close to release, don't update to the latest 1.8.1 version,
but to a maintenance release from the 1.7 branch.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>From the NEWS file:
- Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed "Sliding right into disaster". For details see
<https://eprint.iacr.org/2017/627>. [CVE-2017-7526]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
No announcement was made for this version, so the hash was calculated locally.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2016-6316: Bug in the mixing functions of Libgcrypt's random number
generator. An attacker who obtains 4640 bits from the RNG can trivially
predict the next 160 bits of output.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch is based on a patch sent by Vicente Olivert Riera and commented by
Arnout Vandecappelle [1].
- Bump version to 1.23
- Add a hook to fix cross-compilation
- Fix license and license files
- Remove patch applied upstream
- Add a BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS variable
- Propagate the dependencies using that variable:
* package/cppcms
* package/crda
* package/gnupg2
- package/gcr
- package/midori
* package/kodi
* package/libaacs
* package/libassuan
* package/libgcrypt
* package/libgpgme
* package/libksba
* package/libmicrohttpd
- package/janus-gateway
- package/kodi
- package/ola
- package/systemd
* package/libssh
* package/libssh2
- package/php-ssh2
* package/netatalk
* package/network-manager
* package/ntfs-3g
* package/opkg
* package/php-gnupg
* package/rng-tools
* package/strongswan
* package/vpnc
[1] http://patchwork.ozlabs.org/patch/416427/
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[Thomas:
- rebase on master
- changing systemd no longer needed, as it no longer selects
libgcrypt.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Maxime:
- rebase on master
- bump to new version
- propagate dependencies to missing packages]
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
[Thomas:
- fix hash file.
- change the way to handle the various arch so that it works properly
for uClibc.
- add nios2 arch support.
- Maxime Hadjinlian learned some basic Emacs-fu to do the final fixups
of this commit.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop the --disable-optimization option, which makes the libgcrypt configure
remove buildroot's optimization setting passed in from CFLAGS.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit doesn't touch infra packages.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also work around a build failure for ARM thumb mode which was also
present in the previous versions.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Use the <pkg>_CONFIG_SCRIPTS mechanism in all packages for which it
does all what the package was doing. A few packages, like libxslt, are
for now left out, since they need some additional fixup (for example a
fixup of includedir).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
[Peter: use a single sed invocation]
Signed-off-by: Stefan Fröberg <stefan.froberg@petroprogram.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The testsuite uses fork() hence fails on !MMU targets.
We don't use/install these so just get rid of them.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.
[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
libgcrypt depends on libgpg-error, but it needs to know where the
gpg-error-config utility is.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also autotools.in conversion and change source location from
gd.tuwien.ac.at to ftp.gnupg.org
[Peter: add missing libgpg-error makefile dependency]
Signed-off-by: Lionel Landwerlin <llandwerlin@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
We have been passing -q to ./configure when using 'make -s' for
packages using Makefile.autotools.in for some time. Do the same
for packages using autotools, but not using the
Makefile.autotools.in infrastructure, taking care to not do it
for packages with hand written configure scripts.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.
Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
