aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnupg/gnupg-1.4.7
AgeCommit message (Collapse)Author
2016-01-11Add "CVE:" tag to current patches in OE-coreMariano Lopez
The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2014-10-18gnupg: CVE-2013-4242Kai Kang
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Patch from commit e2202ff2b704623efc6277fb5256e4e15bac5676 in git://git.gnupg.org/libgcrypt.git Signed-off-by: Yong Zhang <yong.zhang@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com>
2014-03-26gnupg: CVE-2013-4576Yong Zhang
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE. Signed-off-by: Yong Zhang <yong.zhang@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-26gnupg: CVE-2013-4351Ming Liu
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-02-15gnupg: fix CVE-2012-6085Saul Wold
Code taken from Redhat [YOCTO #3813] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-02-28gnupg: Add missing patch for curl_typeof_fixSaul Wold
Seems the wrong commit was grabbed and missed this patch Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-02-26gnupg: Update checksum, fix configure and compliation issuesSaul Wold
This recipe was added, but did not have the correct checksum information for the LIC_FILES_CHKSUM or the SRC_URI. Also disable Documetnation for now due to older autotools issue. [YOCTO #1966] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-02-07gnupg-1.4.7: Update Patch InfoSaul Wold
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-02-02gnupg: Add gplv2 version 1.4.7Saul Wold
Signed-off-by: Saul Wold <sgw@linux.intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-26 14:03:06 +0000