buildroot/package/libgcrypt, branch 2017.08

libgcrypt: security bump to version 1.7.9

2017-08-30T20:08:21+00:00

Fixes CVE-2017-0379: Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With You". As we are close to release, don't update to the latest 1.8.1 version, but to a maintenance release from the 1.7 branch. Signed-off-by: Baruch Siach Signed-off-by: Thomas Petazzoni

libgcrypt: security bump to version 1.7.8

2017-07-01T08:09:54+00:00

>From the NEWS file: - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see . [CVE-2017-7526] Signed-off-by: Baruch Siach Signed-off-by: Thomas Petazzoni

libgcrypt: security bump to version 1.7.7

2017-06-06T15:18:32+00:00

Fix possible timing attack on EdDSA session key. https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000406.html Add upstream provided SHA1 hash. Switch to https download for better corporate firewall compatibility. Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard

boot, package: use SPDX short identifier for LGPLv2.1/LGPLv2.1+

2017-04-01T13:18:10+00:00

We want to use SPDX identifier for license string as much as possible. SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g' Signed-off-by: Rahul Bedarkar Signed-off-by: Thomas Petazzoni

package/libgcrypt: bump to version 1.7.6

2017-01-27T12:10:06+00:00

No announcement was made for this version, so the hash was calculated locally. Signed-off-by: Jörg Krause Signed-off-by: Peter Korsgaard

libgcrypt: bump to version 1.7.5

2016-12-30T20:12:36+00:00

Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

libgcrypt: security bump to version to version 1.7.3

2016-08-18T07:18:24+00:00

Fixes CVE-2016-6316: Bug in the mixing functions of Libgcrypt's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard

libgcrypt: disable assembly for coldfire

2016-08-05T07:16:45+00:00

Fixes: http://autobuild.buildroot.org/results/374/374158bb0a0e6a16af5d0b909cd05ec52812aaa3/ Signed-off-by: Waldemar Brodkorb Signed-off-by: Peter Korsgaard

libgcrypt: bump version to 1.7.2

2016-07-15T12:29:35+00:00

Signed-off-by: Vicente Olivert Riera Signed-off-by: Thomas Petazzoni

package/libgpg-error: bump to version 1.23

2016-07-04T20:22:27+00:00

This patch is based on a patch sent by Vicente Olivert Riera and commented by Arnout Vandecappelle [1]. - Bump version to 1.23 - Add a hook to fix cross-compilation - Fix license and license files - Remove patch applied upstream - Add a BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS variable - Propagate the dependencies using that variable: * package/cppcms * package/crda * package/gnupg2 - package/gcr - package/midori * package/kodi * package/libaacs * package/libassuan * package/libgcrypt * package/libgpgme * package/libksba * package/libmicrohttpd - package/janus-gateway - package/kodi - package/ola - package/systemd * package/libssh * package/libssh2 - package/php-ssh2 * package/netatalk * package/network-manager * package/ntfs-3g * package/opkg * package/php-gnupg * package/rng-tools * package/strongswan * package/vpnc [1] http://patchwork.ozlabs.org/patch/416427/ Cc: Arnout Vandecappelle Cc: Vicente Olivert Riera Signed-off-by: Jörg Krause [Thomas: - rebase on master - changing systemd no longer needed, as it no longer selects libgcrypt.] Signed-off-by: Thomas Petazzoni [Maxime: - rebase on master - bump to new version - propagate dependencies to missing packages] Signed-off-by: Maxime Hadjinlian Reviewed-by: Romain Naour [Thomas: - fix hash file. - change the way to handle the various arch so that it works properly for uClibc. - add nios2 arch support. - Maxime Hadjinlian learned some basic Emacs-fu to do the final fixups of this commit.] Signed-off-by: Thomas Petazzoni