diff options
Diffstat (limited to 'meta-oe/recipes-crypto')
13 files changed, 297 insertions, 76 deletions
diff --git a/meta-oe/recipes-crypto/botan/botan_2.14.0.bb b/meta-oe/recipes-crypto/botan/botan_3.2.0.bb index 42e89f639c..5eff2d383e 100644 --- a/meta-oe/recipes-crypto/botan/botan_2.14.0.bb +++ b/meta-oe/recipes-crypto/botan/botan_3.2.0.bb @@ -1,21 +1,20 @@ SUMMARY = "Crypto and TLS for C++11" HOMEPAGE = "https://botan.randombit.net" LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://license.txt;md5=a02e03c8fa2c5e7b9b3fcc1b9811fd3b" +LIC_FILES_CHKSUM = "file://license.txt;md5=f5254d3abe90ec5bb82c5694ff751546" SECTION = "libs" SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz" -SRC_URI[md5sum] = "ebc68c08b99bbc4b4fc9bdbfad398b02" -SRC_URI[sha256sum] = "0c10f12b424a40ee19bde00292098e201d7498535c062d8d5b586d07861a54b5" +SRC_URI[sha256sum] = "049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3" S = "${WORKDIR}/Botan-${PV}" inherit python3native siteinfo lib_package CPU ?= "${TARGET_ARCH}" -CPU_x86 = "x86_32" -CPU_armv7a = "armv7" -CPU_armv7ve = "armv7" +CPU:x86 = "x86_32" +CPU:armv7a = "armv7" +CPU:armv7ve = "armv7" do_configure() { python3 ${S}/configure.py \ @@ -41,11 +40,13 @@ do_compile() { } do_install() { oe_runmake install - sed -i -e "s|${D}||g" ${D}${libdir}/pkgconfig/botan-2.pc + sed -i -e "s|${D}||g" ${D}${libdir}/pkgconfig/botan-3.pc } PACKAGES += "${PN}-python3" -FILES_${PN}-python3 = "${libdir}/python3" +FILES:${PN}-python3 = "${libdir}/python3" -RDEPENDS_${PN}-python3 += "python3" +RDEPENDS:${PN}-python3 += "python3" + +COMPATIBLE_HOST:riscv32 = "null" diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.3.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.7.2.bb index 93eba93a95..504c718b96 100644 --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.3.3.bb +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.7.2.bb @@ -13,16 +13,14 @@ DEPENDS = " \ json-c \ libdevmapper \ popt \ - util-linux \ + util-linux-libuuid \ " -RDEPENDS_${PN} = " \ - libdevmapper \ -" +DEPENDS:append:libc-musl = " argp-standalone" +LDFLAGS:append:libc-musl = " -largp" SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz" -SRC_URI[md5sum] = "6c0ce8be21a7687b89354c77757d0c5b" -SRC_URI[sha256sum] = "3bca4ffe39e2f94cef50f6ea65acb873a6dbce5db34fc6bcefe38b6d095e82df" +SRC_URI[sha256sum] = "219ebf74e8eddf96624a0376477e5a6f8f350a67aaf36e7dadb114d94b3afef4" inherit autotools gettext pkgconfig @@ -32,7 +30,7 @@ PACKAGECONFIG ??= " \ keyring \ cryptsetup \ veritysetup \ - cryptsetup-reencrypt \ + luks2-reencryption \ integritysetup \ ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \ kernel_crypto \ @@ -40,8 +38,9 @@ PACKAGECONFIG ??= " \ blkid \ luks-adjust-xts-keysize \ openssl \ + ssh-token \ " -PACKAGECONFIG_append_class-target = " \ +PACKAGECONFIG:append:class-target = " \ udev \ " @@ -51,10 +50,10 @@ PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality" PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc" PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup" PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup" -PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt" +PACKAGECONFIG[luks2-reencryption] = "--enable-luks2-reencryption,--disable-luks2-reencryption" PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup" PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" -PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev" +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules" PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto" # gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't # recognized. @@ -70,14 +69,7 @@ PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss" PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" - -RRECOMMENDS_${PN} = "kernel-module-aes-generic \ - kernel-module-dm-crypt \ - kernel-module-md5 \ - kernel-module-cbc \ - kernel-module-sha256-generic \ - kernel-module-xts \ -" +PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh" EXTRA_OECONF = "--enable-static" # Building without largefile is not supported by upstream @@ -86,7 +78,40 @@ EXTRA_OECONF += "--enable-largefile" EXTRA_OECONF += "--disable-static-cryptsetup" # There's no recipe for libargon2 yet EXTRA_OECONF += "--disable-libargon2" +# Disable documentation, there is no asciidoctor-native available in OE +EXTRA_OECONF += "--disable-asciidoc" +# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms) +LUKS2_PBKDF ?= "argon2i" +LUKS2_MEMORYKB ?= "1048576" +LUKS2_PARALLEL_THREADS ?= "4" +LUKS2_ITERTIME ?= "2000" + +EXTRA_OECONF += "--with-luks2-pbkdf=${LUKS2_PBKDF} \ + --with-luks2-memory-kb=${LUKS2_MEMORYKB} \ + --with-luks2-parallel-threads=${LUKS2_PARALLEL_THREADS} \ + --with-luks2-iter-time=${LUKS2_ITERTIME}" + +do_install:append() { + # The /usr/lib/cryptsetup directory is always created, even when ssh-token + # is disabled. In that case it is empty and causes a packaging error. Since + # there is no reason to distribute the empty directory, the easiest solution + # is to remove it if it is empty. + rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN} +} -FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" +FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" + +RDEPENDS:${PN} = " \ + libdevmapper \ +" + +RRECOMMENDS:${PN}:class-target = " \ + kernel-module-aes-generic \ + kernel-module-dm-crypt \ + kernel-module-md5 \ + kernel-module-cbc \ + kernel-module-sha256-generic \ + kernel-module-xts \ +" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb b/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb new file mode 100644 index 0000000000..1c2c6e21e0 --- /dev/null +++ b/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb @@ -0,0 +1,31 @@ +SUMMARY = "Userspace utilities for fs-verity" +DESCRIPTION = "fs-verity is a Linux kernel feature that does transparent \ +on-demand integrity/authenticity verification of the contents of read-only \ +files, using a hidden Merkle tree (hash tree) associated with the file. The \ +mechanism is similar to dm-verity, but implemented at the file level rather \ +than at the block device level." +HOMEPAGE = "https://www.kernel.org/doc/html/latest/filesystems/fsverity.html" +SECTION = "console" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=bc974d217b525ea216a336adb73e1220" + +SRCREV = "20e87c13075a8e5660a8d69fd6c93d4f7c5f01a5" +SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git;branch=master" + +S = "${WORKDIR}/git" + +DEPENDS = "openssl" + +EXTRA_OEMAKE:append = " PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1" +# We want to statically link the binary to libfsverity on native Windows +EXTRA_OEMAKE:remove:mingw32:class-nativesdk = "USE_SHARED_LIB=1" +EXTRA_OEMAKE:remove:mingw32:class-native = "USE_SHARED_LIB=1" + +do_install() { + oe_runmake install DESTDIR=${D} +} + +PACKAGES =+ "libfsverity" +FILES:libfsverity = "${libdir}/libfsverity*${SOLIBS}" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.0.bb b/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.0.bb deleted file mode 100644 index b478e4c580..0000000000 --- a/meta-oe/recipes-crypto/libkcapi/libkcapi_1.2.0.bb +++ /dev/null @@ -1,28 +0,0 @@ -SUMMARY = "Linux Kernel Crypto API User Space Interface Library" -HOMEPAGE = "http://www.chronox.de/libkcapi.html" -LICENSE = "BSD | GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=c78be93ed8d1637f2a3f4a83ff9d5f54" - -DEPENDS = "libtool" - -S = "${WORKDIR}/git" -SRCREV = "8397f0f7c45264a3b9aff5a1f9119df25eeb4c60" -SRC_URI = "git://github.com/smuellerDD/libkcapi.git" - -inherit autotools - -PACKAGECONFIG ??= "" -PACKAGECONFIG[testapp] = "--enable-kcapi-test,,,bash" -PACKAGECONFIG[apps] = "--enable-kcapi-speed --enable-kcapi-hasher --enable-kcapi-rngapp --enable-kcapi-encapp --enable-kcapi-dgstapp,,," - -do_install_append() { - # bindir contains testapp and apps. However it is always created, even - # when no binaries are installed (empty bin_PROGRAMS in Makefile.am), - rmdir --ignore-fail-on-non-empty ${D}${bindir} - - # Remove the generated binary checksum files - rm -f ${D}${bindir}/.*.hmac - rm -f ${D}${libdir}/.*.hmac -} - -CPPFLAGS_append_libc-musl_toolchain-clang = " -Wno-error=sign-compare" diff --git a/meta-oe/recipes-crypto/libkcapi/libkcapi_1.5.0.bb b/meta-oe/recipes-crypto/libkcapi/libkcapi_1.5.0.bb new file mode 100644 index 0000000000..a34614dd9d --- /dev/null +++ b/meta-oe/recipes-crypto/libkcapi/libkcapi_1.5.0.bb @@ -0,0 +1,32 @@ +SUMMARY = "Linux Kernel Crypto API User Space Interface Library" +HOMEPAGE = "https://www.chronox.de/libkcapi/index.html" +LICENSE = "BSD-3-Clause | GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=3d8a091d797491204567185a6efce70f" + +S = "${WORKDIR}/git" +SRCREV = "fc937358e71253a6efaa3ba74885364976b040ea" +SRC_URI = "git://github.com/smuellerDD/libkcapi.git;branch=master;protocol=https \ + " + +inherit autotools + +PACKAGECONFIG ??= "" +PACKAGECONFIG[testapp] = "--enable-kcapi-test,,,bash" +PACKAGECONFIG[apps] = "--enable-kcapi-speed --enable-kcapi-hasher --enable-kcapi-rngapp --enable-kcapi-encapp --enable-kcapi-dgstapp,,," +PACKAGECONFIG[hasher_only] = "--enable-kcapi-hasher --disable-lib-kdf --disable-lib-sym --disable-lib-aead --disable-lib-rng,,," + +do_install:append() { + # bindir contains testapp and apps. However it is always created, even + # when no binaries are installed (empty bin_PROGRAMS in Makefile.am), + rmdir --ignore-fail-on-non-empty ${D}${bindir} + + # Remove the generated binary checksum files + rm -f ${D}${bindir}/.*.hmac + rm -f ${D}${libdir}/.*.hmac +} + +CPPFLAGS:append:libc-musl:toolchain-clang = " -Wno-error=sign-compare" +CPPFLAGS:remove:libc-musl:toolchain-clang = "-Wno-error=sign-conversion" +CPPFLAGS:append:libc-musl = " -Wno-error=sign-conversion" + +BBCLASSEXTEND = "native" diff --git a/meta-oe/recipes-crypto/libmcrypt/libmcrypt_2.5.8.bb b/meta-oe/recipes-crypto/libmcrypt/libmcrypt_2.5.8.bb index 46e694be4a..cfa056d71d 100644 --- a/meta-oe/recipes-crypto/libmcrypt/libmcrypt_2.5.8.bb +++ b/meta-oe/recipes-crypto/libmcrypt/libmcrypt_2.5.8.bb @@ -1,6 +1,6 @@ SUMMARY = "Replacement for the old crypt() package and crypt(1) command, with extensions" HOMEPAGE = "http://mcrypt.sourceforge.net/" -LICENSE = "LGPLv2.1" +LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff" DEPENDS = "libtool" @@ -12,6 +12,21 @@ SRC_URI[sha256sum] = "e4eb6c074bbab168ac47b947c195ff8cef9d51a211cdd18ca9c9ef34d2 UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mcrypt/files/Libmcrypt/" UPSTREAM_CHECK_REGEX = "Libmcrypt/(?P<pver>\d+(\.\d+)+)/" -inherit autotools-brokensep gettext binconfig +inherit autotools-brokensep gettext binconfig multilib_script + +CFLAGS += "-Wno-error=implicit-int" + +do_configure() { + install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S} + install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S} + aclocal + libtoolize --automake --copy --force + autoconf + autoheader + automake -a + oe_runconf +} CLEANBROKEN = "1" + +MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/libmcrypt-config" diff --git a/meta-oe/recipes-crypto/libsodium/libsodium/0001-fix-aarch64-Move-target-pragma-after-arm_neon.h-incl.patch b/meta-oe/recipes-crypto/libsodium/libsodium/0001-fix-aarch64-Move-target-pragma-after-arm_neon.h-incl.patch new file mode 100644 index 0000000000..7a6fae7997 --- /dev/null +++ b/meta-oe/recipes-crypto/libsodium/libsodium/0001-fix-aarch64-Move-target-pragma-after-arm_neon.h-incl.patch @@ -0,0 +1,49 @@ +From d3253310f7c0fc0f1aad6864e3b57958ea1bb9c5 Mon Sep 17 00:00:00 2001 +From: tux3 <barrdetwix@gmail.com> +Date: Mon, 16 Oct 2023 16:42:04 +0200 +Subject: [PATCH] fix(aarch64): Move target #pragma after arm_neon.h include + +Fix per https://github.com/android/ndk/issues/1945 + +If the pragma is done before the header include, +in NDK 26 the attribute may apply to the functions in arm_neon.h + +Upstream-Status: Backport [https://github.com/jedisct1/libsodium/pull/1321] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + .../aes256gcm/armcrypto/aead_aes256gcm_armcrypto.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/libsodium/crypto_aead/aes256gcm/armcrypto/aead_aes256gcm_armcrypto.c b/src/libsodium/crypto_aead/aes256gcm/armcrypto/aead_aes256gcm_armcrypto.c +index 0a5a128..aa76f5c 100644 +--- a/src/libsodium/crypto_aead/aes256gcm/armcrypto/aead_aes256gcm_armcrypto.c ++++ b/src/libsodium/crypto_aead/aes256gcm/armcrypto/aead_aes256gcm_armcrypto.c +@@ -19,12 +19,6 @@ + #define __vectorcall + #endif + +-#ifdef __clang__ +-#pragma clang attribute push(__attribute__((target("neon,crypto,aes"))), apply_to = function) +-#elif defined(__GNUC__) +-#pragma GCC target("+simd+crypto") +-#endif +- + #ifndef __ARM_FEATURE_CRYPTO + #define __ARM_FEATURE_CRYPTO 1 + #endif +@@ -34,6 +28,12 @@ + + #include <arm_neon.h> + ++#ifdef __clang__ ++#pragma clang attribute push(__attribute__((target("neon,crypto,aes"))), apply_to = function) ++#elif defined(__GNUC__) ++#pragma GCC target("+simd+crypto") ++#endif ++ + #define ABYTES crypto_aead_aes256gcm_ABYTES + #define NPUBBYTES crypto_aead_aes256gcm_NPUBBYTES + #define KEYBYTES crypto_aead_aes256gcm_KEYBYTES +-- +2.42.1 + diff --git a/meta-oe/recipes-crypto/libsodium/libsodium_1.0.18.bb b/meta-oe/recipes-crypto/libsodium/libsodium_1.0.18.bb deleted file mode 100644 index 53b3ddc26f..0000000000 --- a/meta-oe/recipes-crypto/libsodium/libsodium_1.0.18.bb +++ /dev/null @@ -1,13 +0,0 @@ -SUMMARY = "The Sodium crypto library" -HOMEPAGE = "http://libsodium.org/" -BUGTRACKER = "https://github.com/jedisct1/libsodium/issues" -LICENSE = "ISC" -LIC_FILES_CHKSUM = "file://LICENSE;md5=47203c753972e855179dfffe15188bee" - -SRC_URI = "https://download.libsodium.org/libsodium/releases/${BPN}-${PV}.tar.gz" -SRC_URI[md5sum] = "3ca9ebc13b6b4735acae0a6a4c4f9a95" -SRC_URI[sha256sum] = "6f504490b342a4f8a4c4a02fc9b866cbef8622d5df4e5452b46be121e46636c1" - -inherit autotools - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-crypto/libsodium/libsodium_1.0.19.bb b/meta-oe/recipes-crypto/libsodium/libsodium_1.0.19.bb new file mode 100644 index 0000000000..2e678f3f0f --- /dev/null +++ b/meta-oe/recipes-crypto/libsodium/libsodium_1.0.19.bb @@ -0,0 +1,14 @@ +SUMMARY = "The Sodium crypto library" +HOMEPAGE = "http://libsodium.org/" +BUGTRACKER = "https://github.com/jedisct1/libsodium/issues" +LICENSE = "ISC" +LIC_FILES_CHKSUM = "file://LICENSE;md5=49ce3b426e6a002e23a1387248e6dbe9" + +SRC_URI = "https://download.libsodium.org/libsodium/releases/${BPN}-${PV}.tar.gz \ + file://0001-fix-aarch64-Move-target-pragma-after-arm_neon.h-incl.patch" +SRC_URI[sha256sum] = "018d79fe0a045cca07331d37bd0cb57b2e838c51bc48fd837a1472e50068bbea" + +inherit autotools + +S = "${WORKDIR}/libsodium-stable" +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch new file mode 100644 index 0000000000..8b7348a11f --- /dev/null +++ b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt/CVE-2019-17362.patch @@ -0,0 +1,25 @@ +From 25c26a3b7a9ad8192ccc923e15cf62bf0108ef94 Mon Sep 17 00:00:00 2001 +From: werew <werew@ret2libc.com> +Date: Thu, 3 Oct 2019 19:57:10 +0200 +Subject: [PATCH] Fixes #507 + +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- +Upstream-Status: Backport [https://github.com/libtom/libtomcrypt/commit/64d1153e5a515740ab56f39c46baf4cf6991a9d3] + + src/pk/asn1/der/utf8/der_decode_utf8_string.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/pk/asn1/der/utf8/der_decode_utf8_string.c +index 94555b99f..d3ed82bea 100644 +--- a/src/pk/asn1/der/utf8/der_decode_utf8_string.c ++++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c +@@ -65,7 +65,7 @@ int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, + /* count number of bytes */ + for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF); + +- if (z > 4 || (x + (z - 1) > inlen)) { ++ if (z == 1 || z > 4 || (x + (z - 1) > inlen)) { + return CRYPT_INVALID_PACKET; + } + diff --git a/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb new file mode 100644 index 0000000000..5479007d92 --- /dev/null +++ b/meta-oe/recipes-crypto/libtomcrypt/libtomcrypt_1.18.2.bb @@ -0,0 +1,41 @@ +SUMMARY = "LibTomCrypt is a public domain open source cryptographic toolkit" +HOMEPAGE = "https://www.libtom.net/LibTomCrypt" +SECTION = "libs" +# Unlicense isn't very accurate for this revision, it was WTFPL in 0.18.0-rc1: +# https://github.com/libtom/libtomcrypt/commit/77e31fb6a980212e90b9a50f116dc5a7bd91e527 +# then updated to dual license PD and WTFPL also in 0.18.0-rc1: +# https://github.com/libtom/libtomcrypt/commit/412b2ee1fccc3a0df58f93f372c90d6d0f93bfc9 +# and then updated again to Unlicense after the 0.18.2 tag (it's only in develop branch): +# https://github.com/libtom/libtomcrypt/commit/3630bee6fc0f73dd9c7923fd43f8ae15a2c0fb70 +# but keep using Unlicense to avoid triggering people with WTFPL license: +# https://groups.google.com/g/libtom/c/17Z7xkECULM +# and this comment can be removed next time libtomcrypt is updated +LICENSE = "Unlicense" +LIC_FILES_CHKSUM = "file://LICENSE;md5=71baacc459522324ef3e2b9e052e8180" + +DEPENDS = "libtool-cross" + +SRC_URI = "git://github.com/libtom/libtomcrypt.git;protocol=https;branch=master \ + file://CVE-2019-17362.patch \ +" + +SRCREV = "7e7eb695d581782f04b24dc444cbfde86af59853" + +S = "${WORKDIR}/git" + +inherit pkgconfig + +PACKAGECONFIG ??= "ltm" +PACKAGECONFIG[ltm] = ",,libtommath" + +CFLAGS += "${@bb.utils.contains('PACKAGECONFIG', 'ltm', '-DUSE_LTM -DLTM_DESC', '', d)}" + +EXTRA_OEMAKE = "'PREFIX=${prefix}' 'DESTDIR=${D}' 'LIBPATH=${libdir}' 'CFLAGS=${CFLAGS}'" + +do_compile() { + oe_runmake -f makefile.shared +} + +do_install() { + oe_runmake -f makefile.shared install +} diff --git a/meta-oe/recipes-crypto/monocypher/monocypher_4.0.2.bb b/meta-oe/recipes-crypto/monocypher/monocypher_4.0.2.bb new file mode 100644 index 0000000000..813c6ec4c8 --- /dev/null +++ b/meta-oe/recipes-crypto/monocypher/monocypher_4.0.2.bb @@ -0,0 +1,28 @@ +SUMMARY = "Monocypher is an easy-to-use crypto library" +DESCRIPTION = "Monocypher is an easy to use, easy to deploy, \ +auditable crypto library written in portable C. It approaches the size of TweetNaCl and the speed of libsodium." +HOMEPAGE = "https://monocypher.org/" +SECTION = "libs" +LICENSE = "BSD-2-Clause | CC0-1.0" +LIC_FILES_CHKSUM = "file://LICENCE.md;md5=ff30a1c41dfd9e6fa559a9e45ee98302" + +SRC_URI = "https://monocypher.org/download/${BPN}-${PV}.tar.gz" +SRC_URI[sha512sum] = "bf275d4c53ff94af6cdc723a4e002e9f080f4d1436c86c76bb37870b34807f1d7b32331d8ff8a1aeb369e946f3769021e03e63efac25b82efc5abf54dc084714" + +MIRRORS = "https://.*/.* https://github.com/LoupVaillant/Monocypher/releases/download/${PV}/${BPN}-${PV}.tar.gz " + +S = "${WORKDIR}/${BPN}-${PV}" + +CFLAGS += "-pedantic -Wall -Wextra -O3" +EXTRA_OEMAKE = "'PREFIX=${prefix}' 'DESTDIR=${D}' 'CFLAGS=${CFLAGS}' 'LIBDIR=${libdir}'" + +do_compile() { + oe_runmake library +} + +do_install() { + oe_runmake install-lib + oe_runmake install-pc +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.26.bb b/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.30.0.bb index 9b6e7ccbe2..d3922cf79e 100644 --- a/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.26.bb +++ b/meta-oe/recipes-crypto/pkcs11-helper/pkcs11-helper_1.30.0.bb @@ -6,20 +6,21 @@ certificates, or selecting a certificate directly by serialized id, handling \ card removal and card insert events, handling card ie-insert to a different \ slot, supporting session expiration and much more all using a simple API." -HOMEPAGE = "http://www.opensc-project.org/pkcs11-helper/" +HOMEPAGE = "https://github.com/OpenSC/pkcs11-helper" SECTION = "Development/Libraries" -LICENSE = "GPLv2 & BSD" +LICENSE = "GPL-2.0-only & BSD-3-Clause" LIC_FILES_CHKSUM = " \ file://COPYING;md5=30f10d22cfb1ba98ccd714a41ad3311a \ file://COPYING.GPL;md5=8a71d0475d08eee76d8b6d0c6dbec543 \ file://COPYING.BSD;md5=66b7a37c3c10483c1fd86007726104d7 \ " -SRC_URI = "git://github.com/OpenSC/${BPN}.git" +SRC_URI = "git://github.com/OpenSC/${BPN}.git;branch=master;protocol=https" S = "${WORKDIR}/git" -# v1.26 -SRCREV = "c7a0cfa08ddc75d963a835d3588170af0e5f1115" +# master +SRCREV = "8bed16034f629a0361fa8ff89deed2b43dc45d8b" +PV .= "+1.30.0+git" UPSTREAM_CHECK_GITTAGREGEX = "pkcs11-helper-(?P<pver>\d+(\.\d+)+)" |