diff options
author | Marta Rybczynska <rybczynska@gmail.com> | 2021-12-06 08:15:43 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-12-14 22:49:22 +0000 |
commit | ec21b227cdd2508717f7c9d50b7fd6046a7fc1b0 (patch) | |
tree | f4ed15c199abd666e0a6118128bdd38dc540c208 /meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb | |
parent | 947e5ff11c56e1a8d0d7e7c4b6bad6ce913fd22b (diff) | |
download | poky-ec21b227cdd2508717f7c9d50b7fd6046a7fc1b0.tar.gz |
libgcrypt: solve CVE-2021-33560 and CVE-2021-40528
This change fixes patches for two issues reported in a research
paper [1]: a side channel attack (*) and a cross-configuration
attack (**).
In this commit we add a fix for (*) that wasn't marked as a CVE
initially upstream. A fix of (**) previosly available in OE
backports is in fact fixing CVE-2021-40528, not CVE-2021-33560
as marked in the commit message.
We commit the accual fix for CVE-2021-33560 and rename the
existing fix with the correct CVE-2021-40528.
For details of the mismatch and the timeline see [2] (fix of the
documentation) and [3] (the related ticket upstream).
[1] https://eprint.iacr.org/2021/923.pdf
[2] https://dev.gnupg.org/rCb118681ebc4c9ea4b9da79b0f9541405a64f4c13
[3] https://dev.gnupg.org/T5328#149606
(From OE-Core rev: 0ce5c68933b52d2cfe9eea967d24d57ac82250c3)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb')
-rw-r--r-- | meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb index 174b087b24..8045bab9ed 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb | |||
@@ -29,6 +29,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ | |||
29 | file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \ | 29 | file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \ |
30 | file://determinism.patch \ | 30 | file://determinism.patch \ |
31 | file://CVE-2021-33560.patch \ | 31 | file://CVE-2021-33560.patch \ |
32 | file://CVE-2021-40528.patch \ | ||
32 | " | 33 | " |
33 | SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743" | 34 | SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743" |
34 | SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3" | 35 | SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3" |