Age | Commit message (Collapse) | Author |
|
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions
with certain patterns that introduce a side channel, which allows physically
proximate attackers to extract RSA keys via a chosen-ciphertext attack and
acoustic cryptanalysis during decryption. NOTE: applications are not typically
expected to protect themselves from acoustic side-channel attacks, since this
is arguably the responsibility of the physical device. Accordingly, issues of
this type would not normally receive a CVE identifier. However, for this
issue, the developer has specified a security policy in which GnuPG should
offer side-channel resistance, and developer-specified security-policy
violations are within the scope of CVE.
Signed-off-by: Yong Zhang <yong.zhang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 46b80c80b0e008820b34f4360054e1697df2650d)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits
cleared (no usage permitted) as if it has all bits set (all usage permitted),
which might allow remote attackers to bypass intended cryptographic protection
mechanisms by leveraging the subkey.
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 259aebc9dbcaeb1587aaaab849942f55fa321724)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Removed obsolete patch
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Gnupg 2.0.19 installs 'gpgv2' but apt-get and possibly other utilities expect
to find this as 'gpgv'. A symlink is created in the same way as the link for
'gpg'.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Code taken from Redhat
[YOCTO #3813]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
gnupg has it's own fake curl, since we use gnupg with zypper, there does not
seem to be a strong reason to add curl to the depends list.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The CCID driver driver is apparently unnecessary, so disable it.
Also remove the associated libusb dependency, since that won't be
needed either.
According to Scott Garman <scott.a.garman@intel.com>:
I'd just note that the CCID smartcard reader is a specific piece of
hardware that is unlikely to be used in a majority of our use cases.
Signed-off-by: Tom Zanussi <tom.zanussi@intel.com>
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
gnupg apparently depends on libusb:
| error: Failed dependencies:
| libusb-0.1-4 >= 0.1.3 is needed by gnupg-2.0.18-r1.core2
So add libusb to gnupg DEPENDS.
Signed-off-by: Tom Zanussi <tom.zanussi@intel.com>
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
|
|
* Create libbz2 (and -dev, -staticdev), which can be
installed without the bzip2 executables.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zhai Edwin <edwin.zhai@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Seems the wrong commit was grabbed and missed this patch
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This recipe was added, but did not have the correct
checksum information for the LIC_FILES_CHKSUM or the
SRC_URI. Also disable Documetnation for now due to
older autotools issue.
[YOCTO #1966]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Found during single recipe rebuilds
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
GnuPG 2.0 is the new modularized version of GnuPG supporting OpenPGP and S/MIME
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Acked-by: Paul Menzel <paulepanter@users.sourceforge.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|