ubuntu/+source/libgcrypt20:ubuntu/zesty-security

Last commit made on 2017-09-14
Get this branch:
git clone -b ubuntu/zesty-security https://git.launchpad.net/ubuntu/+source/libgcrypt20
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/zesty-security
Repository:
lp:ubuntu/+source/libgcrypt20

Recent commits

1fd1dbb... by Marc Deslauriers on 2017-09-14

Import patches-unapplied version 1.7.6-1ubuntu0.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 76f681c213b4efebf9107a3124869299235d72b7

New changelog entries:
  * SECURITY UPDATE: Curve25519 side-channel attack
    - debian/patches/CVE-2017-0379.patch: add input validation for X25519
      to cipher/ecc.c, mpi/ec.c, src/mpi.h.
    - CVE-2017-0379

76f681c... by Marc Deslauriers on 2017-07-03

Import patches-unapplied version 1.7.6-1ubuntu0.1 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 7df3c037d955e0643721c045d909222f6d7474ba

New changelog entries:
  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-2.patch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-3.patch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c.
    - debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c.
    - CVE-2017-7526
  * SECURITY UPDATE: EdDSA key recovery via side-channel attack
    - debian/patches/CVE-2017-9526-1.patch: store EdDSA session key in
      secure memory in cipher/ecc-eddsa.c.
    - debian/patches/CVE-2017-9526-2.patch: fix SEGV and stat calculation
      src/secmem.c.
    - CVE-2017-9526

7df3c03... by Andreas Metzler <email address hidden> on 2017-01-26

Import patches-unapplied version 1.7.6-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0850ad3d9ffede6ba1eda58102a859275bb18fe7

New changelog entries:
  * New upstream version, includes
    30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch.

0850ad3... by Andreas Metzler <email address hidden> on 2017-01-14

Import patches-unapplied version 1.7.5-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6183438aac014fbb7da755190d3af930d0baa90b

New changelog entries:
  * 30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch from
    upstream GIT master: Fix SSE3 assembly on Nehalem.

6183438... by Andreas Metzler <email address hidden> on 2016-12-17

Import patches-unapplied version 1.7.5-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 07c37de22c6afe919b43955890fa87d6fde9378d

New changelog entries:
  * Upload to unstable.

07c37de... by Andreas Metzler <email address hidden> on 2016-12-15

Import patches-unapplied version 1.7.5-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 07460c0a7288733af68d824f962a44f912ff3c66

New changelog entries:
  * New upstream version.

07460c0... by Andreas Metzler <email address hidden> on 2016-10-09

Import patches-unapplied version 1.7.3-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 19fb5b6541a384005720589e33e5636fe3c4f31d

New changelog entries:
  [ Helmut Grohne / Andreas Metzler ]
  * Turn libgcrypt11-dev into an Arch:any package. Closes: #840205

19fb5b6... by Andreas Metzler <email address hidden> on 2016-08-18

Import patches-unapplied version 1.7.3-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: efd83578712d009dd6bc916f32e9599219440773

New changelog entries:
  * New upstream version.
    Fix critical security bug in the RNG [CVE-2016-6313]. An
    attacker who obtains 580 bytes from the standard RNG can
    trivially predict the next 20 bytes of output.

efd8357... by Andreas Metzler <email address hidden> on 2016-07-17

Import patches-unapplied version 1.7.2-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c8818c92855bb49356b38e23ad36203fce76165d

New changelog entries:
  * Upload to unstable.

c8818c9... by Andreas Metzler <email address hidden> on 2016-07-15

Import patches-unapplied version 1.7.2-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 4bfa384e616dea280650f46bd75c2ed66957c375

New changelog entries:
  * New upstream bugfix release.