From: Fabrice Fontaine Date: Sun, 22 Sep 2019 19:15:53 +0000 (+0200) Subject: package/libgcrypt: security bump to version 1.8.5 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=26daf383f1366d2543a110dfcb5f452f20bc9aac;p=buildroot.git package/libgcrypt: security bump to version 1.8.5 - Drop second and third patches (alredy in version) - Add mitigation against an ECDSA timing attack. [T4626,CVE-2019-13627] Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- diff --git a/package/libgcrypt/0002-build-Provide-libgcrypt.pc-generated-by-configure.patch b/package/libgcrypt/0002-build-Provide-libgcrypt.pc-generated-by-configure.patch deleted file mode 100644 index 181f2467c4..0000000000 --- a/package/libgcrypt/0002-build-Provide-libgcrypt.pc-generated-by-configure.patch +++ /dev/null @@ -1,93 +0,0 @@ -From c006d8b897229e22f80cd6105fd64d0630f68867 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Wed, 24 Oct 2018 14:57:53 +0900 -Subject: [PATCH] build: Provide libgcrypt.pc, generated by configure. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -* configure.ac: Generate src/libgcrypt.pc. -* src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New. -(EXTRA_DIST): Add libgcrypt.pc.in. -* src/libgcrypt-config.in: Use @PACKAGE_VERSION@. -* src/libgcrypt.pc.in: New. - -Fetched from: 97194b422bc89a6137f4e218d4cdee118c63e96e - -Signed-off-by: NIIBE Yutaka -Signed-off-by: Jörg Krause ---- - configure.ac | 1 + - src/Makefile.am | 5 ++++- - src/libgcrypt-config.in | 2 +- - src/libgcrypt.pc.in | 17 +++++++++++++++++ - 4 files changed, 23 insertions(+), 2 deletions(-) - create mode 100644 src/libgcrypt.pc.in - -diff --git a/configure.ac b/configure.ac -index ce11162d..4e788714 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2613,6 +2613,7 @@ doc/Makefile - src/Makefile - src/gcrypt.h - src/libgcrypt-config -+src/libgcrypt.pc - src/versioninfo.rc - tests/Makefile - ]) -diff --git a/src/Makefile.am b/src/Makefile.am -index 3cc4a552..82d6e8a0 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -20,8 +20,11 @@ - - ## Process this file with automake to produce Makefile.in - -+pkgconfigdir = $(libdir)/pkgconfig -+pkgconfig_DATA = libgcrypt.pc -+ - EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \ -- gcrypt.h.in libgcrypt.def -+ gcrypt.h.in libgcrypt.def libgcrypt.pc.in - - bin_SCRIPTS = libgcrypt-config - m4datadir = $(datadir)/aclocal -diff --git a/src/libgcrypt-config.in b/src/libgcrypt-config.in -index c052638c..f7a13afe 100644 ---- a/src/libgcrypt-config.in -+++ b/src/libgcrypt-config.in -@@ -14,7 +14,7 @@ - # General. - prefix="@prefix@" - exec_prefix="@exec_prefix@" --version="@VERSION@" -+version="@PACKAGE_VERSION@" - includedir="@includedir@" - libdir="@libdir@" - gpg_error_libs="@GPG_ERROR_LIBS@" -diff --git a/src/libgcrypt.pc.in b/src/libgcrypt.pc.in -new file mode 100644 -index 00000000..5472da53 ---- /dev/null -+++ b/src/libgcrypt.pc.in -@@ -0,0 +1,17 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+includedir=@includedir@ -+libdir=@libdir@ -+host=@LIBGCRYPT_CONFIG_HOST@ -+api_version=@LIBGCRYPT_CONFIG_API_VERSION@ -+symmetric_ciphers="@LIBGCRYPT_CIPHERS@" -+asymmetric_ciphers="@LIBGCRYPT_PUBKEY_CIPHERS@" -+digests="@LIBGCRYPT_DIGESTS@" -+ -+Name: libgcrypt -+Description: General purpose cryptographic library -+Requires: gpg-error -+Version: @PACKAGE_VERSION@ -+Cflags: @LIBGCRYPT_CONFIG_CFLAGS@ -+Libs: @LIBGCRYPT_CONFIG_LIB@ -+URL: https://www.gnupg.org/software/libgcrypt/index.html --- -2.22.0 diff --git a/package/libgcrypt/0002-configure.ac-add-an-option-to-disable-tests.patch b/package/libgcrypt/0002-configure.ac-add-an-option-to-disable-tests.patch new file mode 100644 index 0000000000..21ff20a473 --- /dev/null +++ b/package/libgcrypt/0002-configure.ac-add-an-option-to-disable-tests.patch @@ -0,0 +1,66 @@ +From 7fe1b8a53cc8c865c2a10dcd8f6cb4e51ccc6300 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Mon, 29 Jul 2019 12:19:10 +0200 +Subject: [PATCH] configure.ac: add an option to disable tests + +Add an option to allow the user to disable tests, this can be useful for +example when the toolchain does not provide thread. Indeed, in this +case, libgcrypt fails to build t-lock: + +t-lock.c: In function 'run_test': +t-lock.c:359:3: error: unknown type name 'pthread_t' + pthread_t rthread; + +Fixes: + - http://autobuild.buildroot.org/results/50a8ba572e3fafd3c6a39bd54bcfcaf78b5ad325 + +Signed-off-by: Fabrice Fontaine +--- + Makefile.am | 7 ++++++- + configure.ac | 10 ++++++++++ + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 7fa4fa4d..f0bd90e4 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -39,9 +39,14 @@ else + doc = + endif + ++if BUILD_TESTS ++tests = tests ++else ++tests = ++endif + + DIST_SUBDIRS = m4 compat mpi cipher random src doc tests +-SUBDIRS = compat mpi cipher random src $(doc) tests ++SUBDIRS = compat mpi cipher random src $(doc) $(tests) + + EXTRA_DIST = autogen.sh autogen.rc README.GIT LICENSES \ + ChangeLog-2011 build-aux/ChangeLog-2011 doc/ChangeLog-2011 \ +diff --git a/configure.ac b/configure.ac +index e8c8cd39..1a6b61e5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2710,6 +2710,16 @@ AC_ARG_ENABLE([doc], AC_HELP_STRING([--disable-doc], + AM_CONDITIONAL([BUILD_DOC], [test "x$build_doc" != xno]) + + ++# ++# Option to disable building of tests ++# ++build_tests=yes ++AC_ARG_ENABLE([tests], AC_HELP_STRING([--disable-tests], ++ [do not build tests]), ++ build_tests=$enableval, build_tests=yes) ++AM_CONDITIONAL([BUILD_TESTS], [test "x$build_tests" != xno]) ++ ++ + # + # Provide information about the build. + # +-- +2.20.1 + diff --git a/package/libgcrypt/0003-build-Fix-libgcrypt.pc.patch b/package/libgcrypt/0003-build-Fix-libgcrypt.pc.patch deleted file mode 100644 index 566ca3d22d..0000000000 --- a/package/libgcrypt/0003-build-Fix-libgcrypt.pc.patch +++ /dev/null @@ -1,31 +0,0 @@ -From de0245ddfca3cea31311eae9f7f3e8c0da072252 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Wed, 24 Oct 2018 15:34:57 +0900 -Subject: [PATCH] build: Fix libgcrypt.pc. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -* src/libgcrypt.pc.in: Fix typo. - -Fetched from: 0e071372fc0e6fed4a449955ed0789803ba5e709 - -Signed-off-by: NIIBE Yutaka -Signed-off-by: Jörg Krause ---- - src/libgcrypt.pc.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libgcrypt.pc.in b/src/libgcrypt.pc.in -index 5472da53..ec68fa2d 100644 ---- a/src/libgcrypt.pc.in -+++ b/src/libgcrypt.pc.in -@@ -13,5 +13,5 @@ Description: General purpose cryptographic library - Requires: gpg-error - Version: @PACKAGE_VERSION@ - Cflags: @LIBGCRYPT_CONFIG_CFLAGS@ --Libs: @LIBGCRYPT_CONFIG_LIB@ -+Libs: @LIBGCRYPT_CONFIG_LIBS@ - URL: https://www.gnupg.org/software/libgcrypt/index.html --- -2.22.0 diff --git a/package/libgcrypt/0004-configure.ac-add-an-option-to-disable-tests.patch b/package/libgcrypt/0004-configure.ac-add-an-option-to-disable-tests.patch deleted file mode 100644 index 21ff20a473..0000000000 --- a/package/libgcrypt/0004-configure.ac-add-an-option-to-disable-tests.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 7fe1b8a53cc8c865c2a10dcd8f6cb4e51ccc6300 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Mon, 29 Jul 2019 12:19:10 +0200 -Subject: [PATCH] configure.ac: add an option to disable tests - -Add an option to allow the user to disable tests, this can be useful for -example when the toolchain does not provide thread. Indeed, in this -case, libgcrypt fails to build t-lock: - -t-lock.c: In function 'run_test': -t-lock.c:359:3: error: unknown type name 'pthread_t' - pthread_t rthread; - -Fixes: - - http://autobuild.buildroot.org/results/50a8ba572e3fafd3c6a39bd54bcfcaf78b5ad325 - -Signed-off-by: Fabrice Fontaine ---- - Makefile.am | 7 ++++++- - configure.ac | 10 ++++++++++ - 2 files changed, 16 insertions(+), 1 deletion(-) - -diff --git a/Makefile.am b/Makefile.am -index 7fa4fa4d..f0bd90e4 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -39,9 +39,14 @@ else - doc = - endif - -+if BUILD_TESTS -+tests = tests -+else -+tests = -+endif - - DIST_SUBDIRS = m4 compat mpi cipher random src doc tests --SUBDIRS = compat mpi cipher random src $(doc) tests -+SUBDIRS = compat mpi cipher random src $(doc) $(tests) - - EXTRA_DIST = autogen.sh autogen.rc README.GIT LICENSES \ - ChangeLog-2011 build-aux/ChangeLog-2011 doc/ChangeLog-2011 \ -diff --git a/configure.ac b/configure.ac -index e8c8cd39..1a6b61e5 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2710,6 +2710,16 @@ AC_ARG_ENABLE([doc], AC_HELP_STRING([--disable-doc], - AM_CONDITIONAL([BUILD_DOC], [test "x$build_doc" != xno]) - - -+# -+# Option to disable building of tests -+# -+build_tests=yes -+AC_ARG_ENABLE([tests], AC_HELP_STRING([--disable-tests], -+ [do not build tests]), -+ build_tests=$enableval, build_tests=yes) -+AM_CONDITIONAL([BUILD_TESTS], [test "x$build_tests" != xno]) -+ -+ - # - # Provide information about the build. - # --- -2.20.1 - diff --git a/package/libgcrypt/libgcrypt.hash b/package/libgcrypt/libgcrypt.hash index 000f26dd2d..580bdf331f 100644 --- a/package/libgcrypt/libgcrypt.hash +++ b/package/libgcrypt/libgcrypt.hash @@ -1,7 +1,7 @@ -# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q4/000431.html -sha1 4a8ef9db6922f3a31992aca5640b4198a69b58fc libgcrypt-1.8.4.tar.bz2 +# From https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000440.html +sha1 2d8781e92f88706707a1e76fb628b499ad538a30 libgcrypt-1.8.5.tar.bz2 # Locally calculated after checking signature -# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.4.tar.bz2.sig +# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.5.tar.bz2.sig # using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 -sha256 f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227 libgcrypt-1.8.4.tar.bz2 +sha256 3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3 libgcrypt-1.8.5.tar.bz2 sha256 ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532 COPYING.LIB diff --git a/package/libgcrypt/libgcrypt.mk b/package/libgcrypt/libgcrypt.mk index 8414e6b96e..d21513bd39 100644 --- a/package/libgcrypt/libgcrypt.mk +++ b/package/libgcrypt/libgcrypt.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBGCRYPT_VERSION = 1.8.4 +LIBGCRYPT_VERSION = 1.8.5 LIBGCRYPT_SOURCE = libgcrypt-$(LIBGCRYPT_VERSION).tar.bz2 LIBGCRYPT_LICENSE = LGPL-2.1+ LIBGCRYPT_LICENSE_FILES = COPYING.LIB @@ -14,7 +14,7 @@ LIBGCRYPT_DEPENDENCIES = libgpg-error LIBGCRYPT_CONFIG_SCRIPTS = libgcrypt-config # Patching acinclude.m4 in 0001 -# Patching configure.ac and Makefile.am in 0002 / 0004 +# Patching configure.ac and Makefile.am in 0002 LIBGCRYPT_AUTORECONF = YES LIBGCRYPT_CONF_OPTS = \ --disable-tests \