| Age | Commit message (Collapse) | Author |
|---|
|
Fixes CVE-2016-6313: An attacker who obtains 580 bytes from the standard RNG
can trivially predict the next 20 bytes of output.
Add cryptographically secure sha256 hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes:
http://autobuild.buildroot.net/results/d25425cff055a14b9285cefb0775bc138eb2f914/
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Similar to our RSA option. Enabling this adds ~17K to the gpg binary (ARMv7):
ls -lah output/target/usr/bin/gpg{.orig,}
-rwxr-xr-x 1 peko peko 532K Jul 2 17:29 output/target/usr/bin/gpg
-rwxr-xr-x 1 peko peko 515K Jul 2 17:29 output/target/usr/bin/gpg.orig
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes:
CVE-2014-3591 - Use ciphertext blinding for Elgamal decryption
CVE-2015-0837 - Fixed data-dependent timing variations in modular
exponentiation.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
The target-finalize target in the main Makefile removes
$(TARGET_DIR)/usr/share/man entirely, so there's no point in having
some package specific logic to remove man pages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Reviewed-by: Markos Chandras <Markos.Chandras@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Fixes CVE-2014-4617 (The do_uncompress function in g10/compress.c
allows context-dependent attackers to cause a denial of service
(infinite loop) via malformed compressed packets, as demonstrated by an
a3 01 5b ff byte sequence.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Fixes CVE-2014-4617: The do_uncompress function in g10/compress.c in
GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent
attackers to cause a denial of service (infinite loop) via malformed
compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
If iconv is built before gnupg, this package will link against it; if it is
built after this package, it will not be linked against it. To make the
build reproducible, make sure that iconv is always built before this
package.
Signed-off-by: Bernd Kuhls <berndkuhls@hotmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
And drop patch now upstream.
Security fix (CVE-2013-4576), see:
http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes CVE-2013-4402.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
gnupg is compiled with --enable-minimal flag. This produces a binary that only
supports ElGamal and DSA public key algorithms.
RSA has been the default for `gpg --gen-key` since 2009, so it makes sense to
be able to build a gnupg binary that supports it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
Fixes CVE-2013-4242.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Fixes CVE-2012-6085.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Fixes:
http://autobuild.buildroot.org/results/49d5891dcecf2cce8de9f2bdb16a76ff86579f45/build-end.log
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Fixes http://autobuild.buildroot.net/results/45a0856bafa9f2f7e86e2c063528c2b5b04c08d6
gnupg's configure script defaults to prepending an underscore ('_') to
the assembly level functions, which isn't correct for Linux and causes
linker errors for the archs where it has asm optimizations.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
