From 082c108e6e409d89a8a4d7b8008c06914db0b6b3 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Mon, 6 Apr 2026 14:03:13 +0200 Subject: [PATCH] leancrypto: upgrade 1.7.0 -> 1.7.1 Contains fix for CVE-2026-34610 (which is however tracked without a version by NVD, so it is marked as patched explicitly) Changelog: - Offer a means to select the AES-C constant time / S-Box implementation via lc_init API - use the AES-C constant time implementation by default - it is about 3 times slower than the AES-C S-Box implementation, but more secure. As the leancrypto library is about secure by default, the CT implementation is just right. Furthermore, if a caller wants to have the faster AES-C S-Box, he can call lc_init(LC_INIT_AES_SBOX) at the beginning. - X.509: fix security issue (CVE-2026-34610) Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- .../leancrypto/{leancrypto_1.7.0.bb => leancrypto_1.7.1.bb} | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) rename meta-oe/recipes-crypto/leancrypto/{leancrypto_1.7.0.bb => leancrypto_1.7.1.bb} (95%) diff --git a/meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.0.bb b/meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.1.bb similarity index 95% rename from meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.0.bb rename to meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.1.bb index 7c9187ab94..9e7883ad3c 100644 --- a/meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.0.bb +++ b/meta-oe/recipes-crypto/leancrypto/leancrypto_1.7.1.bb @@ -14,11 +14,12 @@ SECTION = "libs" SRC_URI = "git://github.com/smuellerDD/leancrypto.git;branch=master;protocol=https;tag=v${PV} \ file://leancrypto-tests.sh \ " -# SRCREV tagged v1.7.0 -SRCREV = "e60fba94e8cabf1661a1da488b78b84a4fba56e9" +SRCREV = "e7fa8c87a46c5787174c18fac385aa08eecdedd1" inherit pkgconfig meson +CVE_STATUS[CVE-2026-34610] = "fixed-version: fixed since v1.7.1" + EXTRA_OEMESON = "-Dstrip=false" TARGET_LDFLAGS:append = " ${DEBUG_PREFIX_MAP}"