Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=stable%2Fkirkstone-nut 2021-01-14T19:58:50+00:00 2021-01-14T19:58:50+00:00 Leon Anavi leon.anavi@konsulko.com 2021-01-13T14:26:24+00:00 urn:sha1:d640807d46993eb7f11390cb3e0ba9157285ca81 Following the upgrade of python3-cryptography, upgrade to release 3.3.1: - BACKWARDS INCOMPATIBLE: The :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` and :class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM` now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> 2020-11-04T19:08:45+00:00 Leon Anavi leon.anavi@konsulko.com 2020-10-26T11:52:47+00:00 urn:sha1:2506cf2d476d105ebeee823f3ef816b429f97050 Upgrade to release 3.2: - SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. CVE-2020-25659 - Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL will need to upgrade. - Added basic support for PKCS7 signing (including SMIME) via :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>