From 26daf383f1366d2543a110dfcb5f452f20bc9aac Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 22 Sep 2019 21:15:53 +0200 Subject: [PATCH] package/libgcrypt: security bump to version 1.8.5 - Drop second and third patches (alredy in version) - Add mitigation against an ECDSA timing attack. [T4626,CVE-2019-13627] Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- ...-libgcrypt.pc-generated-by-configure.patch | 93 ------------------- ...e.ac-add-an-option-to-disable-tests.patch} | 0 .../0003-build-Fix-libgcrypt.pc.patch | 31 ------- package/libgcrypt/libgcrypt.hash | 8 +- package/libgcrypt/libgcrypt.mk | 4 +- 5 files changed, 6 insertions(+), 130 deletions(-) delete mode 100644 package/libgcrypt/0002-build-Provide-libgcrypt.pc-generated-by-configure.patch rename package/libgcrypt/{0004-configure.ac-add-an-option-to-disable-tests.patch => 0002-configure.ac-add-an-option-to-disable-tests.patch} (100%) delete mode 100644 package/libgcrypt/0003-build-Fix-libgcrypt.pc.patch diff --git a/package/libgcrypt/0002-build-Provide-libgcrypt.pc-generated-by-configure.patch b/package/libgcrypt/0002-build-Provide-libgcrypt.pc-generated-by-configure.patch deleted file mode 100644 index 181f2467c4..0000000000 --- a/package/libgcrypt/0002-build-Provide-libgcrypt.pc-generated-by-configure.patch +++ /dev/null @@ -1,93 +0,0 @@ -From c006d8b897229e22f80cd6105fd64d0630f68867 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Wed, 24 Oct 2018 14:57:53 +0900 -Subject: [PATCH] build: Provide libgcrypt.pc, generated by configure. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -* configure.ac: Generate src/libgcrypt.pc. -* src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New. -(EXTRA_DIST): Add libgcrypt.pc.in. -* src/libgcrypt-config.in: Use @PACKAGE_VERSION@. -* src/libgcrypt.pc.in: New. - -Fetched from: 97194b422bc89a6137f4e218d4cdee118c63e96e - -Signed-off-by: NIIBE Yutaka -Signed-off-by: Jörg Krause ---- - configure.ac | 1 + - src/Makefile.am | 5 ++++- - src/libgcrypt-config.in | 2 +- - src/libgcrypt.pc.in | 17 +++++++++++++++++ - 4 files changed, 23 insertions(+), 2 deletions(-) - create mode 100644 src/libgcrypt.pc.in - -diff --git a/configure.ac b/configure.ac -index ce11162d..4e788714 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2613,6 +2613,7 @@ doc/Makefile - src/Makefile - src/gcrypt.h - src/libgcrypt-config -+src/libgcrypt.pc - src/versioninfo.rc - tests/Makefile - ]) -diff --git a/src/Makefile.am b/src/Makefile.am -index 3cc4a552..82d6e8a0 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -20,8 +20,11 @@ - - ## Process this file with automake to produce Makefile.in - -+pkgconfigdir = $(libdir)/pkgconfig -+pkgconfig_DATA = libgcrypt.pc -+ - EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \ -- gcrypt.h.in libgcrypt.def -+ gcrypt.h.in libgcrypt.def libgcrypt.pc.in - - bin_SCRIPTS = libgcrypt-config - m4datadir = $(datadir)/aclocal -diff --git a/src/libgcrypt-config.in b/src/libgcrypt-config.in -index c052638c..f7a13afe 100644 ---- a/src/libgcrypt-config.in -+++ b/src/libgcrypt-config.in -@@ -14,7 +14,7 @@ - # General. - prefix="@prefix@" - exec_prefix="@exec_prefix@" --version="@VERSION@" -+version="@PACKAGE_VERSION@" - includedir="@includedir@" - libdir="@libdir@" - gpg_error_libs="@GPG_ERROR_LIBS@" -diff --git a/src/libgcrypt.pc.in b/src/libgcrypt.pc.in -new file mode 100644 -index 00000000..5472da53 ---- /dev/null -+++ b/src/libgcrypt.pc.in -@@ -0,0 +1,17 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+includedir=@includedir@ -+libdir=@libdir@ -+host=@LIBGCRYPT_CONFIG_HOST@ -+api_version=@LIBGCRYPT_CONFIG_API_VERSION@ -+symmetric_ciphers="@LIBGCRYPT_CIPHERS@" -+asymmetric_ciphers="@LIBGCRYPT_PUBKEY_CIPHERS@" -+digests="@LIBGCRYPT_DIGESTS@" -+ -+Name: libgcrypt -+Description: General purpose cryptographic library -+Requires: gpg-error -+Version: @PACKAGE_VERSION@ -+Cflags: @LIBGCRYPT_CONFIG_CFLAGS@ -+Libs: @LIBGCRYPT_CONFIG_LIB@ -+URL: https://www.gnupg.org/software/libgcrypt/index.html --- -2.22.0 diff --git a/package/libgcrypt/0004-configure.ac-add-an-option-to-disable-tests.patch b/package/libgcrypt/0002-configure.ac-add-an-option-to-disable-tests.patch similarity index 100% rename from package/libgcrypt/0004-configure.ac-add-an-option-to-disable-tests.patch rename to package/libgcrypt/0002-configure.ac-add-an-option-to-disable-tests.patch diff --git a/package/libgcrypt/0003-build-Fix-libgcrypt.pc.patch b/package/libgcrypt/0003-build-Fix-libgcrypt.pc.patch deleted file mode 100644 index 566ca3d22d..0000000000 --- a/package/libgcrypt/0003-build-Fix-libgcrypt.pc.patch +++ /dev/null @@ -1,31 +0,0 @@ -From de0245ddfca3cea31311eae9f7f3e8c0da072252 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Wed, 24 Oct 2018 15:34:57 +0900 -Subject: [PATCH] build: Fix libgcrypt.pc. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -* src/libgcrypt.pc.in: Fix typo. - -Fetched from: 0e071372fc0e6fed4a449955ed0789803ba5e709 - -Signed-off-by: NIIBE Yutaka -Signed-off-by: Jörg Krause ---- - src/libgcrypt.pc.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libgcrypt.pc.in b/src/libgcrypt.pc.in -index 5472da53..ec68fa2d 100644 ---- a/src/libgcrypt.pc.in -+++ b/src/libgcrypt.pc.in -@@ -13,5 +13,5 @@ Description: General purpose cryptographic library - Requires: gpg-error - Version: @PACKAGE_VERSION@ - Cflags: @LIBGCRYPT_CONFIG_CFLAGS@ --Libs: @LIBGCRYPT_CONFIG_LIB@ -+Libs: @LIBGCRYPT_CONFIG_LIBS@ - URL: https://www.gnupg.org/software/libgcrypt/index.html --- -2.22.0 diff --git a/package/libgcrypt/libgcrypt.hash b/package/libgcrypt/libgcrypt.hash index 000f26dd2d..580bdf331f 100644 --- a/package/libgcrypt/libgcrypt.hash +++ b/package/libgcrypt/libgcrypt.hash @@ -1,7 +1,7 @@ -# From https://lists.gnupg.org/pipermail/gnupg-announce/2018q4/000431.html -sha1 4a8ef9db6922f3a31992aca5640b4198a69b58fc libgcrypt-1.8.4.tar.bz2 +# From https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000440.html +sha1 2d8781e92f88706707a1e76fb628b499ad538a30 libgcrypt-1.8.5.tar.bz2 # Locally calculated after checking signature -# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.4.tar.bz2.sig +# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.5.tar.bz2.sig # using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 -sha256 f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227 libgcrypt-1.8.4.tar.bz2 +sha256 3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3 libgcrypt-1.8.5.tar.bz2 sha256 ca0061fc1381a3ab242310e4b3f56389f28e3d460eb2fd822ed7a21c6f030532 COPYING.LIB diff --git a/package/libgcrypt/libgcrypt.mk b/package/libgcrypt/libgcrypt.mk index 8414e6b96e..d21513bd39 100644 --- a/package/libgcrypt/libgcrypt.mk +++ b/package/libgcrypt/libgcrypt.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBGCRYPT_VERSION = 1.8.4 +LIBGCRYPT_VERSION = 1.8.5 LIBGCRYPT_SOURCE = libgcrypt-$(LIBGCRYPT_VERSION).tar.bz2 LIBGCRYPT_LICENSE = LGPL-2.1+ LIBGCRYPT_LICENSE_FILES = COPYING.LIB @@ -14,7 +14,7 @@ LIBGCRYPT_DEPENDENCIES = libgpg-error LIBGCRYPT_CONFIG_SCRIPTS = libgcrypt-config # Patching acinclude.m4 in 0001 -# Patching configure.ac and Makefile.am in 0002 / 0004 +# Patching configure.ac and Makefile.am in 0002 LIBGCRYPT_AUTORECONF = YES LIBGCRYPT_CONF_OPTS = \ --disable-tests \ -- 2.30.2