Overview

File libgcrypt-CVE-2024-2236_02.patch of Package libgcrypt.39917

From 504be48fe5f8948b444764fa183085836a6d8a08 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Tue, 5 Jul 2022 15:15:20 +0200
Subject: [PATCH 02/11] ci: Add a build with a minimal configuration

---
 .gitlab-ci.yml | 14 ++++++++++++++
 README.md      | 15 +++++++++++++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2c4b80d3..416308ab 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -128,6 +128,20 @@ fedora/gcc/test:
     host: --host=x86_64-redhat-linux-gnu
     build: --build=x86_64-redhat-linux-gnu
 
+fedora/gcc/minimal-test:
+  extends: fedora/gcc/test
+  variables:
+    configure_flags: >-
+      --enable-ciphers="aes salsa20 chacha20"
+      --enable-pubkey-ciphers="ecc"
+      --enable-digests="sha256 sha512 sha3 blake2"
+      --enable-kdfs="pkdf2 scrypt"
+      --enable-random="getentropy"
+      --enable-static
+      --disable-shared
+      --enable-maintainer-mode
+      --disable-asm
+
 fedora/clang:
   extends: fedora/gcc
   image: "$IMAGES_URI/libgcrypt-fedora-clang"
diff --git a/README.md b/README.md
index 140c3a06..c68d5249 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,18 @@ The test stage consists of
 
 The test stage is run on the same platforms as the build stage.
 
+Additionally, one test stage, `fedora/gcc/minimal-test` builds a version of libgcrypt with a reduced
+feature set by using the following `./configure` flags:
+
+ - `--enable-ciphers="aes salsa20 chacha20"`
+ - `--enable-pubkey-ciphers="ecc"`
+ - `--enable-digests="sha256 sha512 sha3 blake2"`
+ - `--enable-kdfs="pkdf2 scrypt"`
+ - `--enable-random="getentropy"`
+ - `--enable-static`
+ - `--disable-shared`
+ - `--disable-asm`
+
 ### Analysis Stage
 
 The analysis stage consists of
@@ -61,8 +73,7 @@ The analysis stage consists of
 All these steps are run on the latest Fedora release and run the same steps as the test stage.
 
 The AddressSanitizer build uses `-fsanitize-address-use-after-return=always` and
-`-fsanitize-address-use-after-scope`. A leak suppression file is available in
-[tests/lsan\_suppressions.txt][suppressions]. It is currently maintained in this fork.
+`-fsanitize-address-use-after-scope`.
 
 The coverage build produces an HTML coverage report that is uploaded to GitLab pages and available
 at <https://redhat-crypto.gitlab.io/libgcrypt/libgcrypt-mirror/>.
-- 
2.49.0
openSUSE Build Service is sponsored by
Places