Skip to content
Snippets Groups Projects
Select Git revision
  • kirkstone default protected
  • remove-kernel.img-from-grub-recipes
  • remove-kernel.img
  • config-fused-grub
  • grub-merge
  • 2grub-merge
  • git-merge2
  • hawkbit-new-image
  • feature/pi-bundle-publishing
  • dunfell
  • releases/v1.0.0
  • v2.0.0-alpha2
  • v2.0.0-alpha
  • v1.0.0-rc2
  • v1.0.0-rc
  • v1.0.0-beta
  • v1.0.0-alpha
  • v0.1.0
  • v0.1.0-rc1
19 results
Compare
Forked from Eclipse Projects / Oniro Core / Oniro
867 commits behind the upstream repository.
user avatar
libgcrypt: solve CVE-2021-33560 and CVE-2021-40528
Marta Rybczynska authored 
This change fixes patches for two issues reported in a research
paper [1]: a side channel attack (*) and a cross-configuration
attack (**).

In this commit we add a fix for (*) that wasn't marked as a CVE
initially in the upstream. A fix of (**) available in Yocto
backport is in fact fixing CVE-2021-40528, not CVE-2021-33560
as marked in the commit message.

We commit the accual fix for CVE-2021-33560 and whitelist
CVE-2021-40528 until we rename the patch upstream.

For details of the mismatch and the timeline see [2] (fix of the
documentation) and [3] (the related ticket upstream).

[1] https://eprint.iacr.org/2021/923.pdf
[2] https://dev.gnupg.org/rCb118681ebc4c9ea4b9da79b0f9541405a64f4c13
[3] https://dev.gnupg.org/T5328#149606



Signed-off-by: default avatarMarta Rybczynska <marta.rybczynska@huawei.com>
3c8832f8
History
user avatar 3c8832f8
History
Name Last commit Last update
.oniro-ci
LICENSES
assets
docs
flavours
manifests
meta-oniro-core
meta-oniro-staging
.gitignore
.gitlab-ci.yml
CONTRIBUTING.md
LICENSE
README.md
SECURITY.md
default.xml
README.md

Oniro Project

Welcome to the Oniro Project bootstrap git repository! You are welcome to take a tour and play with Oniro's initial code contribution in its final steps toward becoming the project's official code base. And, if you feel like joining, we would love to welcome you among the list of Oniro's initiating supporters. These are exciting times! There couldn't be a better moment for joining Oniro!

Learn more about the Oniro Project.

Read the documentation.

*Oniro is a trademark of Eclipse Foundation.

About

The oniro repository is a collection of bitbake layers that implement the build system support in Oniro Project. Check the README.md file in each of the included layers for layer-specific additional information.

The build system documentation is available in the docs subdirectory.

Contributing

See the CONTRIBUTING.md file.

License

See the LICENSES subdirectory.

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent