godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-05 14:09:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
37,259 Commits 28 Branches 277 Tags
0044e612ec4452dfb56857287da170da872b1ff7
Commit Graph

11 Commits

Author SHA1 Message Date
Baruch Siach
cd4514109a libgcrypt: security bump to version 1.7.9 
Fixes CVE-2017-0379: Mitigate a local side-channel attack on Curve25519
dubbed "May the Fourth be With You".

As we are close to release, don't update to the latest 1.8.1 version,
but to a maintenance release from the 1.7 branch.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-08-30 22:08:21 +02:00
Baruch Siach
10ce9c6f8d libgcrypt: security bump to version 1.7.8 
>From the NEWS file:

- Mitigate a flush+reload side-channel attack on RSA secret keys
  dubbed "Sliding right into disaster".  For details see
  <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-07-01 10:09:54 +02:00
Baruch Siach
869c8dfd7b libgcrypt: security bump to version 1.7.7 
Fix possible timing attack on EdDSA session key.

https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000406.html

Add upstream provided SHA1 hash.

Switch to https download for better corporate firewall compatibility.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-06-06 17:18:32 +02:00
Jörg Krause
75dd0d439c package/libgcrypt: bump to version 1.7.6 
No announcement was made for this version, so the hash was calculated locally.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-27 13:10:06 +01:00
Gustavo Zacarias
fd469943b9 libgcrypt: bump to version 1.7.5 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-12-30 21:12:36 +01:00
Baruch Siach
55c74d6b97 libgcrypt: security bump to version to version 1.7.3 
Fixes CVE-2016-6316: Bug in the mixing functions of Libgcrypt's random number
generator. An attacker who obtains 4640 bits from the RNG can trivially
predict the next 160 bits of output.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-08-18 09:18:24 +02:00
Vicente Olivert Riera
a766300737 libgcrypt: bump version to 1.7.2 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-07-15 14:29:35 +02:00
Gustavo Zacarias
f05056b03e libgcrypt: security bump to version 1.6.5 
Fixes:
CVE-2015-7511 - Mitigate side-channel attack on ECDH with Weierstrass
curves.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-02-11 23:09:12 +01:00
Vicente Olivert Riera
7e5ddfbf85 libgcrypt: bump version to 1.6.4 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-09-11 19:49:04 +02:00
Gustavo Zacarias
b3db3aba6e libgcrypt: security bump to version 1.6.3 
Fixes:
CVE-2014-3591 - Use ciphertext blinding for Elgamal decryption
CVE-2015-0837 - Fixed data-dependent timing variations in modular
exponentiation.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-02-28 13:03:54 +01:00
Gustavo Zacarias
766435b722 libgcrypt: add hash file 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2014-10-07 12:31:05 +02:00