Please see
https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265
for what changes are needed, and sed commands that can be used to make them en masse.
I've verified that bitbake -c patch world works with these, but did not run a world
build; the majority of recipes shouldn't need further fixups, but if there are
some that still fall out, they can be fixed in followups.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Copyright year updated to 2024.
Changelog:
==========
* CVE-2024-34702: Fix a DoS caused by excessive name constraints.
* CVE-2024-39312: Fix a name constraint processing error, where if
permitted and excluded rules both applied to a certificate, only the
permitted rules would be checked.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
============
- Add Ed448 signatures and X448 key exchange
- X.509 certificate verification now can optionally ignore the expiration date of root certificates.
- Support for "hybrid" EC point encoding is now deprecated.
- Support for creating EC_Group objects with parameters larger than 521 bits is now deprecated
- Add new build options to disable deprecated features, and to enable experimental features.
- Fix a bug affecting use of SIV and CCM ciphers in the FFI interface.
- Add new FFI interface botan_cipher_requires_entire_message
- Internal refactorings of the mp layer to support a new elliptic curve library.
- Use a new method for constant time division in Kyber to avoid a possible side channel where the compiler inserts use of a variable time division.
- Refactor test RNG usage to improve reproducibility.
- Add std::span interfaces to BigInt
- Refactorings and improvements to low level load/store utility functions.
- Fix the amalgamation build on ARM64
- Add Mac ARM based CI build
- Fix a thread serialization bug that caused sporadic test failures.
- Update GH Actions to v4
- Add examples of password based encryption and HTTPS+ASIO client.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Version 2.19.3, 2022-11-16
CVE-2022-43705: A malicious OCSP responder could forge OCSP responses due to a
failure to validate that an embedded certificate was issued by the end-entity
issuing certificate authority.
Signed-off-by: Chen Pei <cp0613@linux.alibaba.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: year updated to 2022.
Changelog:
=========
Fix a compilation problem affecting macOS XCode (GH #2880)
Fix a build problem preventing amalgamation builds in 2.19.0 (GH #2879)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Version 2.18.2, 2021-10-25
Avoid using short exponents when encrypting in ElGamal,
as some PGP implementations generate keys with parameters
that are weak when short exponents are used (GH #2794)
Fix a low risk OAEP decryption side channel (GH #2797)
Work around a miscompilation of SHA-3 caused by a bug in Clang 12
and XCode 13. (GH #2826)
Remove support in OpenSSL provider for algorithms which are disabled
by default in OpenSSL 3.0 (GH #2823, #2814)
Add CI based on GitHub actions to replace Travis CI (GH #2632)
Fix the online OCSP test, as the certificate involved had expired.
(GH #2799)
Fix some test failures induced by the expiration of the trust root
"DST Root CA X3" (GH #2820)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
botan is a common crypto library used by various infrastructures e.g.
qtcreator chromium etc. Its beneficial to build it once for the system
and let apps use it if possible
Signed-off-by: Khem Raj <raj.khem@gmail.com>
