ubuntu/+source/libgcrypt20:debian/stretch

Last commit made on 2018-07-14
Get this branch:
git clone -b debian/stretch https://git.launchpad.net/ubuntu/+source/libgcrypt20
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/stretch
Repository:
lp:ubuntu/+source/libgcrypt20

Recent commits

6d22d61... by Salvatore Bonaccorso on 2018-06-15

Import patches-unapplied version 1.7.6-2+deb9u3 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: dd6f1ee6d297efd567a623400fe940bbd4cfa449

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * ecc: Add blinding for ECDSA (CVE-2018-0495)

dd6f1ee... by Salvatore Bonaccorso on 2017-08-27

Import patches-unapplied version 1.7.6-2+deb9u2 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 8b4b0df0903a1611b3d9fa601c8faa523bfb9713

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * ecc: Add input validation for X25519 [CVE-2017-0379]
    Mitigate a local side-channel attack on Curve25519 dubbed "May the
    Fourth be With You". (Closes: #873383)

8b4b0df... by Andreas Metzler <email address hidden> on 2017-07-01

Import patches-unapplied version 1.7.6-2+deb9u1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5bec3b6042b1516d06647cb9e7049ada4d3b3b21

New changelog entries:
  * 31_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a
    flush+reload side-channel attack on RSA secret keys dubbed "Sliding right
    into disaster". For details see <https://eprint.iacr.org/2017/627>.
    [CVE-2017-7526]

5bec3b6... by Andreas Metzler <email address hidden> on 2017-06-03

Import patches-unapplied version 1.7.6-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7df3c037d955e0643721c045d909222f6d7474ba

New changelog entries:
  * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped.
  * Pull two fixes from gcrypt 1.7.7 bugfix release:
    + 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch
      Fix possible timing attack on EdDSA session key.
    + 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch
      Fix long standing bug in secure memory implementation which could lead
      to a segv on free.

7df3c03... by Andreas Metzler <email address hidden> on 2017-01-26

Import patches-unapplied version 1.7.6-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0850ad3d9ffede6ba1eda58102a859275bb18fe7

New changelog entries:
  * New upstream version, includes
    30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch.

0850ad3... by Andreas Metzler <email address hidden> on 2017-01-14

Import patches-unapplied version 1.7.5-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6183438aac014fbb7da755190d3af930d0baa90b

New changelog entries:
  * 30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch from
    upstream GIT master: Fix SSE3 assembly on Nehalem.

6183438... by Andreas Metzler <email address hidden> on 2016-12-17

Import patches-unapplied version 1.7.5-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 07c37de22c6afe919b43955890fa87d6fde9378d

New changelog entries:
  * Upload to unstable.

07c37de... by Andreas Metzler <email address hidden> on 2016-12-15

Import patches-unapplied version 1.7.5-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 07460c0a7288733af68d824f962a44f912ff3c66

New changelog entries:
  * New upstream version.

07460c0... by Andreas Metzler <email address hidden> on 2016-10-09

Import patches-unapplied version 1.7.3-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 19fb5b6541a384005720589e33e5636fe3c4f31d

New changelog entries:
  [ Helmut Grohne / Andreas Metzler ]
  * Turn libgcrypt11-dev into an Arch:any package. Closes: #840205

19fb5b6... by Andreas Metzler <email address hidden> on 2016-08-18

Import patches-unapplied version 1.7.3-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: efd83578712d009dd6bc916f32e9599219440773

New changelog entries:
  * New upstream version.
    Fix critical security bug in the RNG [CVE-2016-6313]. An
    attacker who obtains 580 bytes from the standard RNG can
    trivially predict the next 20 bytes of output.