aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnupg
AgeCommit message (Collapse)Author
2015-02-23gnupg: CVE-2013-4576Yong Zhang
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE. Signed-off-by: Yong Zhang <yong.zhang@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 46b80c80b0e008820b34f4360054e1697df2650d) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2015-02-23gnupg: CVE-2013-4351Ming Liu
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 259aebc9dbcaeb1587aaaab849942f55fa321724) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
2013-08-22gnupg: Update to 2.0.21Saul Wold
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-05-24gnupg: Update to 2.0.20Saul Wold
Removed obsolete patch Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-03-25gnupg: Add symlink for gpgvPaul Barker
Gnupg 2.0.19 installs 'gpgv2' but apt-get and possibly other utilities expect to find this as 'gpgv'. A symlink is created in the same way as the link for 'gpg'. Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-03-16gnupg: fix PN -> BPN in do_install for multilibsJackie Huang
Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-02-15gnupg: fix CVE-2012-6085Saul Wold
Code taken from Redhat [YOCTO #3813] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-07-10gnupg: ensure deterministic build by disabling libcurlSaul Wold
gnupg has it's own fake curl, since we use gnupg with zypper, there does not seem to be a strong reason to add curl to the depends list. Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-06-11gnupg-2.0.19: Depend on npth for uclibcKhem Raj
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-06-08gnupg: disable CCID driverTom Zanussi
The CCID driver driver is apparently unnecessary, so disable it. Also remove the associated libusb dependency, since that won't be needed either. According to Scott Garman <scott.a.garman@intel.com>: I'd just note that the CCID smartcard reader is a specific piece of hardware that is unlikely to be used in a majority of our use cases. Signed-off-by: Tom Zanussi <tom.zanussi@intel.com> Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-06-08gnupg: add libusb to DEPENDSTom Zanussi
gnupg apparently depends on libusb: | error: Failed dependencies: | libusb-0.1-4 >= 0.1.3 is needed by gnupg-2.0.18-r1.core2 So add libusb to gnupg DEPENDS. Signed-off-by: Tom Zanussi <tom.zanussi@intel.com> Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-05-17gnupg: Update to upstream version 2.0.19Laurentiu Palcu
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
2012-03-08bzip2: split into binary and library packagesAndreas Oberritter
* Create libbz2 (and -dev, -staticdev), which can be installed without the bzip2 executables. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-02-28gnupg: Fix for multilibZhai Edwin
Signed-off-by: Zhai Edwin <edwin.zhai@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-02-28gnupg: Add missing patch for curl_typeof_fixSaul Wold
Seems the wrong commit was grabbed and missed this patch Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-02-26gnupg: Update checksum, fix configure and compliation issuesSaul Wold
This recipe was added, but did not have the correct checksum information for the LIC_FILES_CHKSUM or the SRC_URI. Also disable Documetnation for now due to older autotools issue. [YOCTO #1966] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-02-10gnupg: Add missing DEPENDS on libgcryptKhem Raj
Found during single recipe rebuilds Signed-off-by: Khem Raj <raj.khem@gmail.com>
2012-02-07gnupg-1.4.7: Update Patch InfoSaul Wold
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-02-03gnupg: add 2.0.18 (initial recipe)Steve Sakoman
GnuPG 2.0 is the new modularized version of GnuPG supporting OpenPGP and S/MIME Signed-off-by: Steve Sakoman <steve@sakoman.com> Acked-by: Paul Menzel <paulepanter@users.sourceforge.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-02-02gnupg: Add gplv2 version 1.4.7Saul Wold
Signed-off-by: Saul Wold <sgw@linux.intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-13 19:05:01 +0000