diff options
Diffstat (limited to 'external/poky/meta/recipes-support/libgcrypt')
6 files changed, 231 insertions, 137 deletions
diff --git a/external/poky/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch b/external/poky/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch new file mode 100644 index 00000000..4df96f00 --- /dev/null +++ b/external/poky/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch @@ -0,0 +1,90 @@ +From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001 +From: Jussi Kivilinna <jussi.kivilinna@iki.fi> +Date: Sat, 27 Apr 2019 19:33:28 +0300 +Subject: [PATCH 1/3] Prefetch GCM look-up tables + +* cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables) +(prefetch_tables): New. +(ghash_internal): Call prefetch_tables. +-- + +Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + cipher/cipher-gcm.c | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c +index c19f09f..11f119a 100644 +--- a/cipher/cipher-gcm.c ++++ b/cipher/cipher-gcm.c +@@ -118,6 +118,34 @@ static const u16 gcmR[256] = { + 0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe, + }; + ++static inline ++void prefetch_table(const void *tab, size_t len) ++{ ++ const volatile byte *vtab = tab; ++ size_t i; ++ ++ for (i = 0; i < len; i += 8 * 32) ++ { ++ (void)vtab[i + 0 * 32]; ++ (void)vtab[i + 1 * 32]; ++ (void)vtab[i + 2 * 32]; ++ (void)vtab[i + 3 * 32]; ++ (void)vtab[i + 4 * 32]; ++ (void)vtab[i + 5 * 32]; ++ (void)vtab[i + 6 * 32]; ++ (void)vtab[i + 7 * 32]; ++ } ++ ++ (void)vtab[len - 1]; ++} ++ ++static inline void ++do_prefetch_tables (const void *gcmM, size_t gcmM_size) ++{ ++ prefetch_table(gcmM, gcmM_size); ++ prefetch_table(gcmR, sizeof(gcmR)); ++} ++ + #ifdef GCM_TABLES_USE_U64 + static void + bshift (u64 * b0, u64 * b1) +@@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM) + #define fillM(c) \ + do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table) + #define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table) ++#define prefetch_tables(c) \ ++ do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table)) + + #else + +@@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf) + + #define fillM(c) do { } while (0) + #define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, result, buf) ++#define prefetch_tables(c) do {} while (0) + + #endif /* !GCM_USE_TABLES */ + +@@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const byte *buf, + const unsigned int blocksize = GCRY_GCM_BLOCK_LEN; + unsigned int burn = 0; + ++ prefetch_tables (c); ++ + while (nblocks) + { + burn = GHASH (c, result, buf); +-- +2.7.4 + diff --git a/external/poky/meta/recipes-support/libgcrypt/files/0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch b/external/poky/meta/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch index d41c3de3..cd8a5993 100644 --- a/external/poky/meta/recipes-support/libgcrypt/files/0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch +++ b/external/poky/meta/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch @@ -1,41 +1,26 @@ -From 72b9e9040d58c15f0302bd8abda28179f04e1c5f Mon Sep 17 00:00:00 2001 -From: Richard Purdie <richard.purdie@linuxfoundation.org> -Date: Wed, 16 Aug 2017 10:43:18 +0800 -Subject: [PATCH 1/4] Add and use pkg-config for libgcrypt instead of -config - scripts. +From bee26d7c4ea0b4a397c289b819b89e78bc325ba0 Mon Sep 17 00:00:00 2001 +From: Trevor Gamblin <trevor.gamblin@windriver.com> +Date: Tue, 29 Oct 2019 14:08:32 -0400 +Subject: [PATCH] libgcrypt: fix m4 file for oe-core -Upstream-Status: Denied [upstream have indicated they don't want a -pkg-config dependency] +Modify libgcrypt pkgconfig specifically for oe-core. Changes +are based on a previous patch from RP, using wiggle to +incorporate the parts that aren't in the upstream pkgconfig +settings. -RP 2014/5/22 +Upstream-Status: Inappropriate [oe-specific] -Rebase to 1.8.0 +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- - configure.ac | 1 + - src/libgcrypt.m4 | 71 +++-------------------------------------------------- - src/libgcrypt.pc.in | 33 +++++++++++++++++++++++++ - 3 files changed, 38 insertions(+), 67 deletions(-) - create mode 100644 src/libgcrypt.pc.in + src/libgcrypt.m4 | 90 +++--------------------------------------------- + 1 file changed, 4 insertions(+), 86 deletions(-) -diff --git a/configure.ac b/configure.ac -index bbe8104..3d2de73 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2607,6 +2607,7 @@ random/Makefile - doc/Makefile - src/Makefile - src/gcrypt.h -+src/libgcrypt.pc - src/libgcrypt-config - src/versioninfo.rc - tests/Makefile diff --git a/src/libgcrypt.m4 b/src/libgcrypt.m4 -index c67cfec..4ea5f2c 100644 +index 37dfbea2..3d2e90a8 100644 --- a/src/libgcrypt.m4 +++ b/src/libgcrypt.m4 -@@ -29,30 +29,6 @@ dnl is added to the gpg_config_script_warn variable. +@@ -29,41 +29,6 @@ dnl is added to the gpg_config_script_warn variable. dnl AC_DEFUN([AM_PATH_LIBGCRYPT], [ AC_REQUIRE([AC_CANONICAL_HOST]) @@ -46,8 +31,20 @@ index c67cfec..4ea5f2c 100644 - if test x"${LIBGCRYPT_CONFIG}" = x ; then - if test x"${libgcrypt_config_prefix}" != x ; then - LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config" -- else -- case "${SYSROOT}" in +- fi +- fi +- +- use_gpgrt_config="" +- if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then +- if $GPGRT_CONFIG libgcrypt --exists; then +- LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt" +- AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config]) +- use_gpgrt_config=yes +- fi +- fi +- if test -z "$use_gpgrt_config"; then +- if test x"${LIBGCRYPT_CONFIG}" = x ; then +- case "${SYSROOT}" in - /*) - if test -x "${SYSROOT}/bin/libgcrypt-config" ; then - LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config" @@ -58,15 +55,14 @@ index c67cfec..4ea5f2c 100644 - *) - AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.]) - ;; -- esac -- fi +- esac +- fi +- AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) - fi -- -- AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) + tmp=ifelse([$1], ,1:1.2.0,$1) if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then - req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` -@@ -62,48 +38,13 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], +@@ -74,56 +39,13 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], min_libgcrypt_version="$tmp" fi @@ -79,7 +75,11 @@ index c67cfec..4ea5f2c 100644 - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` - req_micro=`echo $min_libgcrypt_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` -- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` +- if test -z "$use_gpgrt_config"; then +- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` +- else +- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion` +- fi - major=`echo $libgcrypt_config_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` - minor=`echo $libgcrypt_config_version | \ @@ -113,24 +113,29 @@ index c67cfec..4ea5f2c 100644 # If we have a recent libgcrypt, we should also check that the # API is compatible if test "$req_libgcrypt_api" -gt 0 ; then -- tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` +- if test -z "$use_gpgrt_config"; then +- tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` +- else +- tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0` +- fi + tmp=`$PKG_CONFIG --variable=api_version libgcrypt` if test "$tmp" -gt 0 ; then AC_MSG_CHECKING([LIBGCRYPT API version]) if test "$req_libgcrypt_api" -eq "$tmp" ; then -@@ -116,10 +57,8 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], +@@ -136,11 +58,9 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], fi fi if test $ok = yes; then - LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` - LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` ifelse([$2], , :, [$2]) -- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` -+ libgcrypt_config_host=`$PKG_CONFIG --variable=host libgcrypt` - if test x"$libgcrypt_config_host" != xnone ; then - if test x"$libgcrypt_config_host" != x"$host" ; then - AC_MSG_WARN([[ -@@ -134,8 +73,6 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], + if test -z "$use_gpgrt_config"; then +- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` ++ libgcrypt_config_host=`$PKG_CONFIG --variable=host libgcrypt` + else + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none` + fi +@@ -158,8 +78,6 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], fi fi else @@ -139,45 +144,6 @@ index c67cfec..4ea5f2c 100644 ifelse([$3], , :, [$3]) fi AC_SUBST(LIBGCRYPT_CFLAGS) -diff --git a/src/libgcrypt.pc.in b/src/libgcrypt.pc.in -new file mode 100644 -index 0000000..2fc8f53 ---- /dev/null -+++ b/src/libgcrypt.pc.in -@@ -0,0 +1,33 @@ -+# Process this file with autoconf to produce a pkg-config metadata file. -+# Copyright (C) 2002, 2003, 2004, 2005, 2006 Free Software Foundation -+# Author: Simon Josefsson -+# -+# This file is free software; as a special exception the author gives -+# unlimited permission to copy and/or distribute it, with or without -+# modifications, as long as this notice is preserved. -+# -+# This file is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the -+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. -+ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+libdir=@libdir@ -+includedir=@includedir@ -+ -+# API info -+api_version=@LIBGCRYPT_CONFIG_API_VERSION@ -+host=@LIBGCRYPT_CONFIG_HOST@ -+ -+# Misc information. -+symmetric_ciphers=@LIBGCRYPT_CIPHERS@ -+asymmetric_ciphers=@LIBGCRYPT_PUBKEY_CIPHERS@ -+digests=@LIBGCRYPT_DIGESTS@ -+ -+Name: libgcrypt -+Description: GNU crypto library -+URL: http://www.gnupg.org -+Version: @VERSION@ -+Libs: -L${libdir} -lgcrypt -+Libs.private: -L${libdir} -lgpg-error -+Cflags: -I${includedir} -- -1.8.3.1 +2.17.1 diff --git a/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch b/external/poky/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch index 0cb503ed..c82c5b5c 100644 --- a/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p2.patch +++ b/external/poky/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch @@ -1,13 +1,8 @@ -From a5c359cc68a4def9bf39f63070837d89711b4e17 Mon Sep 17 00:00:00 2001 +From 119348dd9aa52ab229afb5e2d3342d2b76fe81bf Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna <jussi.kivilinna@iki.fi> Date: Fri, 31 May 2019 17:18:09 +0300 -Subject: [PATCH] AES: move look-up tables to .data section and unshare between processes -Reply-To: shuagr@microsoft.com - -CVE: CVE-2019-12904_p2 -Upstream-status: Backport -Signed-off-by: Shubham Agrawal<shuagr@microsoft.com> -Upstream-commit: https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762 +Subject: [PATCH 2/3] AES: move look-up tables to .data section and unshare between + processes * cipher/rijndael-internal.h (ATTR_ALIGNED_64): New. * cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure. @@ -26,6 +21,13 @@ to unshare look-up table pages between processes. GnuPG-bug-id: 4541 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> --- cipher/rijndael-internal.h | 4 +- cipher/rijndael-tables.h | 155 +++++++++++++++++++++++++-------------------- diff --git a/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch b/external/poky/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch index cda52119..b580b7b1 100644 --- a/external/poky/meta/recipes-support/libgcrypt/files/CVE-2019-12904_p1.patch +++ b/external/poky/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch @@ -1,13 +1,8 @@ -From 263ad8ae08f287e32656d4e3e0116479f3d9ad9d Mon Sep 17 00:00:00 2001 +From a4c561aab1014c3630bc88faf6f5246fee16b020 Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna <jussi.kivilinna@iki.fi> Date: Fri, 31 May 2019 17:27:25 +0300 -Subject: [PATCH] GCM: move look-up table to .data section and unshare between processes -Reply-To: shuagr@microsoft.com - -CVE: CVE-2019-12904_p1 -Upstream-Status: Backport -Signed-off-by: Shubham Agrawal<shuagr@microsoft.com> -Upstream-commit : https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020 +Subject: [PATCH 3/3] GCM: move look-up table to .data section and unshare + between processes * cipher/cipher-gcm.c (ATTR_ALIGNED_64): New. (gcmR): Move to 'gcm_table' structure. @@ -18,14 +13,22 @@ after. (do_prefetch_tables): Modify pre- and post-table counters to unshare look-up table pages between processes. -- + GnuPG-bug-id: 4541 Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> + +Upstream-Status: Backport +[https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020] + +CVE: CVE-2019-12904 + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> --- - cipher/cipher-gcm.c | 129 ++++++++++++++++++++++++++++++++++++++-------------- - 1 file changed, 95 insertions(+), 34 deletions(-) + cipher/cipher-gcm.c | 106 ++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 70 insertions(+), 36 deletions(-) diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c -index 6169d14..97a8015 100644 +index 11f119a..194e2ec 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -30,6 +30,14 @@ @@ -43,7 +46,7 @@ index 6169d14..97a8015 100644 #ifdef GCM_USE_INTEL_PCLMUL extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c); -@@ -63,40 +71,93 @@ ghash_armv8_ce_pmull (gcry_cipher_hd_t c, byte *result, const byte *buf, +@@ -83,40 +91,54 @@ ghash_armv7_neon (gcry_cipher_hd_t c, byte *result, const byte *buf, #ifdef GCM_USE_TABLES @@ -129,34 +132,33 @@ index 6169d14..97a8015 100644 + }; + +#define gcmR gcm_table.R -+static inline -+void prefetch_table(const void *tab, size_t len) -+{ -+ const volatile byte *vtab = tab; -+ size_t i; -+ + + static inline + void prefetch_table(const void *tab, size_t len) +@@ -124,7 +146,7 @@ void prefetch_table(const void *tab, size_t len) + const volatile byte *vtab = tab; + size_t i; + +- for (i = 0; i < len; i += 8 * 32) + for (i = 0; len - i >= 8 * 32; i += 8 * 32) -+ { -+ (void)vtab[i + 0 * 32]; -+ (void)vtab[i + 1 * 32]; -+ (void)vtab[i + 2 * 32]; -+ (void)vtab[i + 3 * 32]; -+ (void)vtab[i + 4 * 32]; -+ (void)vtab[i + 5 * 32]; -+ (void)vtab[i + 6 * 32]; -+ (void)vtab[i + 7 * 32]; -+ } + { + (void)vtab[i + 0 * 32]; + (void)vtab[i + 1 * 32]; +@@ -135,6 +157,10 @@ void prefetch_table(const void *tab, size_t len) + (void)vtab[i + 6 * 32]; + (void)vtab[i + 7 * 32]; + } + for (; i < len; i += 32) + { + (void)vtab[i]; + } -+ -+ (void)vtab[len - 1]; -+} -+ -+static inline void -+do_prefetch_tables (const void *gcmM, size_t gcmM_size) -+{ + + (void)vtab[len - 1]; + } +@@ -142,8 +168,16 @@ void prefetch_table(const void *tab, size_t len) + static inline void + do_prefetch_tables (const void *gcmM, size_t gcmM_size) + { + /* Modify counters to trigger copy-on-write and unsharing if physical pages + * of look-up table are shared between processes. Modifying counters also + * causes checksums for pages to change and hint same-page merging algorithm @@ -165,12 +167,12 @@ index 6169d14..97a8015 100644 + gcm_table.counter_tail++; + + /* Prefetch look-up tables to cache. */ -+ prefetch_table(gcmM, gcmM_size); + prefetch_table(gcmM, gcmM_size); +- prefetch_table(gcmR, sizeof(gcmR)); + prefetch_table(&gcm_table, sizeof(gcm_table)); -+} + } #ifdef GCM_TABLES_USE_U64 - static void -- 2.7.4 diff --git a/external/poky/meta/recipes-support/libgcrypt/files/determinism.patch b/external/poky/meta/recipes-support/libgcrypt/files/determinism.patch new file mode 100644 index 00000000..ad0b8c79 --- /dev/null +++ b/external/poky/meta/recipes-support/libgcrypt/files/determinism.patch @@ -0,0 +1,32 @@ +gnutls detects our outer git trees and injects that revision into its objects. +That isn't deterministic so stop it. Also ensure we're not marked as a development +build as its git detection is faulty. + +RP 2020/2/6 + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> + + +Index: libgcrypt-1.8.5/configure.ac +=================================================================== +--- libgcrypt-1.8.5.orig/configure.ac ++++ libgcrypt-1.8.5/configure.ac +@@ -45,7 +45,7 @@ m4_define([mym4_revision_dec], + m4_define([mym4_betastring], + m4_esyscmd_s([git describe --match 'libgcrypt-[0-9].*[0-9]' --long|\ + awk -F- '$3!=0{print"-beta"$3}'])) +-m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes])) ++m4_define([mym4_isgit],[no]) + m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) + + AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org]) +@@ -2575,7 +2575,7 @@ AM_CONDITIONAL([BUILD_DOC], [test "x$bui + # + # Provide information about the build. + # +-BUILD_REVISION="mym4_revision" ++BUILD_REVISION="None" + AC_SUBST(BUILD_REVISION) + AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", + [GIT commit id revision used to build this package]) diff --git a/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb b/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb index 13d03788..4e0eb0a1 100644 --- a/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb +++ b/external/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb @@ -17,15 +17,17 @@ DEPENDS = "libgpg-error" UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html" SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ - file://0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch \ + file://0001-libgcrypt-fix-m4-file-for-oe-core.patch \ file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \ file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \ file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \ - file://CVE-2019-12904_p1.patch \ - file://CVE-2019-12904_p2.patch \ + file://0001-Prefetch-GCM-look-up-tables.patch \ + file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \ + file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \ + file://determinism.patch \ " -SRC_URI[md5sum] = "fbfdaebbbc6d7e5fbbf6ffdb3e139573" -SRC_URI[sha256sum] = "f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227" +SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743" +SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3" BINCONFIG = "${bindir}/libgcrypt-config" |