Change log for libgcrypt20 package in Debian
1 → 75 of 100 results | First • Previous • Next • Last |
libgcrypt20 (1.10.3-3) unstable; urgency=medium * 30_m4-Include-_AM_PATH_GPGRT_CONFIG-definition.patch from upstream GIT master: Update libgcrypt.m4 to let AM_PATH_LIBGCRYPT continue to work without preceding AM_PATH_GPG_ERROR() when libgcrypt-config is removed. -- Andreas Metzler <email address hidden> Tue, 14 May 2024 18:11:46 +0200
Available diffs
Deleted in experimental-release (Reason: None provided.) |
Deleted in experimental-release (Reason: None provided.) |
Published in sid-release |
libgcrypt20 (1.10.3-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler <email address hidden> Fri, 01 Dec 2023 11:47:14 +0100
Available diffs
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.10.3-1) experimental; urgency=medium * New upstream release. + Update symbol file. -- Andreas Metzler <email address hidden> Thu, 30 Nov 2023 14:29:24 +0100
libgcrypt20 (1.10.2-3) unstable; urgency=medium [ Simon Josefsson ] * Update Homepage: URL. [ Andreas Metzler ] * Drop --insert-timestamp linker option on mingw*, binutils 2.41 should use SOURCE_DATE_EPOCH automatically and the Debian package has dropped the patch to add the --insert-timestamp option. Closes: #1052219 -- Andreas Metzler <email address hidden> Tue, 19 Sep 2023 13:48:32 +0200
libgcrypt20 (1.10.2-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler <email address hidden> Sun, 11 Jun 2023 11:21:04 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.10.2-1) experimental; urgency=medium [ Helmut Grohne ] * Support the noudeb build profile. Closes: #1024943 [ Andreas Metzler ] * New upstream release. + Drop superfluous patches. -- Andreas Metzler <email address hidden> Sun, 09 Apr 2023 13:38:50 +0200
libgcrypt20 (1.10.1-3) unstable; urgency=medium * 32-build-Prefer-gpgrt-config-when-available.patch from LIBGCRYPT-1.10-BRANCH updates libgcrypt.m4 to prefer gpgrt-config over libgcrypt-config even when --with-libgcrypt-prefix is set. + 35-keccak-Use-size_t-to-avoid-integer-overflow.patch: Fix wrong result for SHA3 functions > 4GB invoked in one-shot. + 37-doc-Update-document-for-pkg-config-and-libgcrypt.m4.patch: Suggest pkg-config instead of libgcrypt-config. -- Andreas Metzler <email address hidden> Sat, 19 Nov 2022 17:59:10 +0100
libgcrypt20 (1.10.1-2) unstable; urgency=low * Upload to unstable. * Update from upstream LIBGCRYPT-1.10-BRANCH, renaming the patch in the previous upload and adding another fix (31_0003-hwf-ppc-fix-missing-HWF_PPC_ARCH_3_10-in-HW-feature.patch). -- Andreas Metzler <email address hidden> Sun, 03 Apr 2022 18:32:32 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.10.1-1) experimental; urgency=low * New upstream version. + Drop cherrypicked patches. + Add post-release fix 31_0001-kdf-argon2-Fix-for-the-case-output-64.patch -- Andreas Metzler <email address hidden> Wed, 30 Mar 2022 18:44:02 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.10.0-2) experimental; urgency=low [ Debian Janitor ] * Remove constraints unnecessary since buster: + Build-Depends: Drop versioned constraint on libgpg-error-dev. + Build-Depends-Indep: Drop versioned constraint on texinfo. [ Andreas Metzler ] * Upgrade to head of LIBGCRYPT-1.10-BRANCH. + 30_0001-Post-release-updates.patch + 30_0002-jitterentropy-Include-fcntl.h-and-limits.h.patch + 30_0003-kdf-Use-u64.patch + 30_0004-Register-DCO-for-Clemens-Lang.patch + 30_0005-fips-Fix-memory-leaks-in-FIPS-mode.patch + 30_0006-hmac-Fix-memory-leak.patch + 30_0007-build-Fix-m4-gpg-error.m4.patch + 30_0008-Silence-compiler-warnings-for-possible-alignment-pro.patch + 30_0009-fips-Use-ELF-header-to-find-hmac-file-offset.patch + 30_0010-fips-Fix-previous-commit.patch + 30_0011-fips-Integrity-check-improvement-with-only-loadable-.patch + 30_0012-fips-More-portable-integrity-check.patch + 30_0013-fips-Fix-gen-note-integrity.sh-script-not-to-use-cmp.patch + 30_0014-fips-Clarify-what-to-be-hashed-for-the-integrity-che.patch * Point vcs-* to experimental branch. [ Johannes Schauer Marin Rodrigues ] * debian/libgcrypt20.postinst: only run clean-up-unmanaged-libraries on upgrades and not on new installations. Closes: #1007754 -- Andreas Metzler <email address hidden> Sun, 20 Mar 2022 07:27:23 +0100
Superseded in experimental-release |
libgcrypt20 (1.10.0-1) experimental; urgency=low * Run wrap-and-sort -ast. * New upstream version. + Drop 30_01-poly1305-fix-building-with-arm-linux-gnueabihf-gcc-1.patch. + Add new symbols to symbol file, bump versioned dependency info of all symbols to 1.10.0. (Many enums extended, most notably gcry_ctl_cmds, i.e. the arguments for gcry_control()). -- Andreas Metzler <email address hidden> Sun, 06 Feb 2022 15:48:15 +0100
libgcrypt20 (1.9.4-5) unstable; urgency=medium * Pull 30_01-poly1305-fix-building-with-arm-linux-gnueabihf-gcc-1.patch from upstream GIT master branch, fixing FTBFS on armhf. Closes: #1001675 -- Andreas Metzler <email address hidden> Tue, 14 Dec 2021 17:56:04 +0100
libgcrypt20 (1.9.4-4) unstable; urgency=low * Import clean-up-unmanaged-libraries from the debian glib salsa repository. * Work around unreproducible (possibly fixed) dpkg bug 949395 and use clean-up-unmanaged-libraries to remove leftover libgcrypt versions in /lib. (Thanks, Simon McVittie!) Closes: #984884 * Fix references for CVE-2021-40528 and CVE-2021-33560 in previous changelogs. * Add lintian override for false positive debian-rules-sets-dpkg-architecture-variable. -- Andreas Metzler <email address hidden> Sun, 28 Nov 2021 13:33:35 +0100
libgcrypt20 (1.9.4-3) unstable; urgency=medium * Fix libgcrypt-config wrapper to use 'command -v' instead of 'which'. (Thanks, Emmanuel Bouthenot) Closes: #993244 -- Andreas Metzler <email address hidden> Sat, 11 Sep 2021 13:43:26 +0200
libgcrypt20 (1.9.4-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler <email address hidden> Sat, 04 Sep 2021 07:29:03 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.9.4-1) experimental; urgency=medium * New upstream release. (Also includes fix for Elgamal encryption for other implementations. CVE-2021-33560) -- Andreas Metzler <email address hidden> Sun, 29 Aug 2021 19:17:04 +0200
Published in buster-release |
libgcrypt20 (1.8.4-5+deb10u1) buster; urgency=medium * 31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch from upstream LIBGCRYPT-1.8-BRANCH: Fix weak ElGamal encryption with keys *not* generated by GnuPG/libgcrypt. CVE-2021-33560 -- Andreas Metzler <email address hidden> Sat, 29 May 2021 13:32:02 +0200
Published in bullseye-release |
Superseded in experimental-release |
Superseded in sid-release |
libgcrypt20 (1.8.7-6) unstable; urgency=medium * Update from LIBGCRYPT-1.8-BRANCH: + 30_10-cipher-Fix-ElGamal-encryption-for-other-implementati.patch -- Andreas Metzler <email address hidden> Thu, 27 May 2021 18:07:38 +0200
libgcrypt20 (1.8.7-5) unstable; urgency=medium * Pull fix ECC decyryption regression (caused by 30_08-ecc-Check-the-input-length-for-the-point.patch) from LIBGCRYPT-1.8-BRANCH. Closes: #987956 -- Andreas Metzler <email address hidden> Thu, 06 May 2021 18:06:14 +0200
libgcrypt20 (1.8.7-4) unstable; urgency=medium * Update from LIBGCRYPT-1.8-BRANCH: + 30_07-Fix-previous-commit.patch + 30_08-ecc-Check-the-input-length-for-the-point.patch -- Andreas Metzler <email address hidden> Sun, 02 May 2021 13:58:47 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.9.3-1) experimental; urgency=medium * New upstream release. -- Andreas Metzler <email address hidden> Wed, 21 Apr 2021 18:22:56 +0200
Superseded in experimental-release |
libgcrypt20 (1.9.2-1) experimental; urgency=low * New upstream release. -- Andreas Metzler <email address hidden> Thu, 18 Feb 2021 18:00:38 +0100
libgcrypt20 (1.8.7-3) unstable; urgency=medium * Update from LIBGCRYPT-1.8-BRANCH: + 30_01-Post-release-updates.patch + 30_02-tests-Put-a-work-around-to-tests-random-for-macOS.patch + 30_03-ecc-Add-checking-key-for-ECDSA.patch + 30_04-Fix-ubsan-warnings-for-i386-build.patch + 30_05-Add-handling-for-Og-with-O-flag-munging.patch + 30_06-Make-sure-the-grcy_get_config-string-is-always-null-.patch -- Andreas Metzler <email address hidden> Sun, 14 Feb 2021 15:27:13 +0100
Superseded in experimental-release |
libgcrypt20 (1.9.2~beta16-1) experimental; urgency=low * Simplify ./configure for Windows build, do not disable optimization and assembly, set timestamp=$(SOURCE_DATE_EPOCH) instead of disabling the timestamp. * New upstream release. + Drop 30_Revert-Define-HW-feature-flags-per-architecture.patch. -- Andreas Metzler <email address hidden> Sat, 13 Feb 2021 08:08:19 +0100
Superseded in experimental-release |
libgcrypt20 (1.9.1-1) experimental; urgency=low * Add Bug-Database and Bug-Submit to upstream/metadata. * New upstream version. + Fixes heap buffer overflow introduced in 1.9.0. https://dev.gnupg.org/T5275. CVE-2021-3345 Closes: #981336 * 30_Revert-Define-HW-feature-flags-per-architecture.patch Fix w* build error. -- Andreas Metzler <email address hidden> Sat, 30 Jan 2021 13:51:54 +0100
Superseded in experimental-release |
libgcrypt20 (1.9.0-1) experimental; urgency=low * New upstream version. + Drop 13_lessdeps_libgcrypt-pkgconfig.diff + Update 25_norevisionfromgit.diff. + List new symbols, bump all version requirements in libgcrypt20.symbols. (New args for gcry_control, new algorithms.) + Update copyright file. + Update algorithm list in package descriptions. -- Andreas Metzler <email address hidden> Sun, 24 Jan 2021 08:39:32 +0100
libgcrypt20 (1.8.7-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler <email address hidden> Wed, 28 Oct 2020 08:00:01 +0100
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.8.7-1) experimental; urgency=low [ Debian Janitor ] * Apply multi-arch hints. + libgcrypt-mingw-w64-dev, libgcrypt20-doc: Add Multi-Arch: foreign. [ Andreas Metzler ] * Update debian/upstream/signing-key.asc from https://gnupg.org/signature_key.html. * New upstream bugfix release. * Use dh v13 compat level. -- Andreas Metzler <email address hidden> Mon, 26 Oct 2020 10:19:55 +0100
libgcrypt20 (1.8.6-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler <email address hidden> Tue, 14 Jul 2020 07:09:01 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.8.6-1) experimental; urgency=low [ Debian Janitor ] * Set upstream metadata fields: Repository. [ Andreas Metzler ] * New upstream version. + Drop 40_*.patch * Install to library to /usr/lib instead of /lib in udeb, too. -- Andreas Metzler <email address hidden> Sat, 11 Jul 2020 13:08:25 +0200
libgcrypt20 (1.8.5-5) unstable; urgency=low * Upload to unstable. * Drop libgcrypt20-dev's Conflicts with ancient (pre-jessie) libgcrypt11-dev. -- Andreas Metzler <email address hidden> Sun, 23 Feb 2020 13:39:58 +0100
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.8.5-4) experimental; urgency=low * Move library from /lib to /usr/lib instead of splitting runtime/development over both locations. This includes moving the pkgconfig file. Closes: #951039 * Use DH 12 compat level. + Drop superfluous dh_missing override. + In debian/rules export DPKG_GENSYMBOLS_CHECK_LEVEL=4 instead of overriding override_dh_makeshlibs. * Update from upstream LIBGCRYPT-1.8-BRANCH: + 40_01-ecc-Add-a-keygrip-testcase-for-cv25519.patch + 40_02-ecc-Fix-wrong-handling-of-shorten-PK-bytes.patch + 40_03-Fix-declaration-of-internal-function-_gcry_mpi_get_u.patch + 40_04-random-Fix-include-of-config.h.patch + 40_05-Set-vZZ.16b-register-to-zero-before-use-in-armv8-gcm.patch + 40_06-Fix-wrong-code-execution-in-Poly1305-ARM-NEON-implem.patch * Add usr/lib/*/libgcrypt.la to debian/not-installed. -- Andreas Metzler <email address hidden> Sun, 16 Feb 2020 11:39:04 +0100
libgcrypt20 (1.8.5-3) unstable; urgency=medium * Switch b-d from texlive-generic-recommended to texlive-plain-generic. Closes: #941536 -- Andreas Metzler <email address hidden> Wed, 02 Oct 2019 19:37:25 +0200
libgcrypt20 (1.8.5-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler <email address hidden> Sat, 31 Aug 2019 19:08:39 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.8.5-1) experimental; urgency=medium * Drop --add-udeb=libgcrypt20-udeb to work around debhelper bug #935577. * New upstream version. + Fixes ECDSA timing attack. CVE-2019-13627 Closes: #938938 + Drop 30_doc-Fix-library-initialization-examples.patch + Ship newly available pkgconfig file in libgcrypt20-dev, moving gpg-error from Requires to Requires.private in new 13_lessdeps_libgcrypt-pkgconfig.diff. -- Andreas Metzler <email address hidden> Fri, 30 Aug 2019 18:44:49 +0200
libgcrypt20 (1.8.4-5) unstable; urgency=medium * 30_doc-Fix-library-initialization-examples.patch from upstream LIBGCRYPT-1.8-BRANCH: Stop suggesting gcry_check_version (GCRYPT_VERSION) in documentation. Add some touch magic to still allow building without makeinfo. See #914009 * [lintian] Minimize upstream/signing-key.asc. * Use dh v11 compatibility level. -- Andreas Metzler <email address hidden> Sun, 20 Jan 2019 14:47:23 +0100
libgcrypt20 (1.8.4-4) unstable; urgency=medium * Run "wrap-and-sort --max-line-length=72 --short-indent" and add back autodeleted comments. * Drop libgcrypt11-dev transition package. Closes: #878654 -- Andreas Metzler <email address hidden> Sun, 02 Dec 2018 13:43:39 +0100
libgcrypt20 (1.8.4-3) unstable; urgency=medium * Fix arch-indep build error by running dh_auto_install for both -arch and -indep builds. -- Andreas Metzler <email address hidden> Sun, 28 Oct 2018 07:22:27 +0100
libgcrypt20 (1.8.4-2) unstable; urgency=medium * Upload to unstable. * Use dh_missing. * Ship info files from installed tree (debian/tmp/) instead of from doc/. -- Andreas Metzler <email address hidden> Sat, 27 Oct 2018 18:33:22 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.8.4-1) experimental; urgency=medium * New upstream bugfix release. + Drop 40-*.patch. -- Andreas Metzler <email address hidden> Sat, 27 Oct 2018 07:45:13 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.8.3-2) experimental; urgency=low * Update from LIBGCRYPT-1.8-BRANCH: + 40-01-Post-release-updates.patch + 40-02-random-Fix-hang-of-_gcry_rndjent_get_version.patch + 40-03-sexp-Fix-uninitialized-use-of-a-var-in-the-error-cas.patch + 40-04-ecc-Fix-potential-unintended-freeing-of-an-internal-.patch + 40-06-ecc-Fix-possible-memory-leakage-in-parameter-check-o.patch + 40-07-ecc-Fix-memory-leak-in-the-error-case-of-ecc_encrypt.patch + 40-08-Fix-memory-leak-in-secmem-in-out-of-core-conditions.patch + 40-09-doc-Update-yat2m.c-from-upstream-libgpg-error.patch + 40-10-build-Add-release-make-target.patch -- Andreas Metzler <email address hidden> Fri, 26 Oct 2018 17:29:25 +0200
libgcrypt20 (1.7.6-2+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * ecc: Add blinding for ECDSA (CVE-2018-0495) -- Salvatore Bonaccorso <email address hidden> Fri, 15 Jun 2018 11:58:05 +0200
libgcrypt20 (1.8.3-1) unstable; urgency=high * [lintian] Fix spelling-error-in-patch-description in 15_multiarchpath_in_-L.diff. * New upstream version. + Use blinding for ECDSA signing to mitigate a novel side-channel attack. CVE-2018-0495 * [lintian] Delete trailing empty lines in changelog. -- Andreas Metzler <email address hidden> Wed, 13 Jun 2018 19:15:54 +0200
libgcrypt20 (1.8.2-2) unstable; urgency=medium * Upload to unstable. * Partially sync priorities with override file. (libgcrypt20 optional from standard.) * Point Vcs* to salsa. -- Andreas Metzler <email address hidden> Wed, 28 Mar 2018 18:43:21 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.8.2-1) experimental; urgency=medium * New upstream version. + Drop 30_Fix-secmem-test-for-machine-with-larger-page.patch and 31_tests-Add-HAVE_MMAP-check-for-MinGW.patch. * Use dh v10 mode. Bump b-d, drop explicit b-d on automake and dh_autoreconf, remove --parallel --with autoreconf options from dh invocation. * Clean up, delete some libgcrypt20-dbg leftovers. * Use https for upstream URL. -- Andreas Metzler <email address hidden> Sat, 16 Dec 2017 13:36:49 +0100
libgcrypt20 (1.8.1-4) unstable; urgency=low * Upload to unstable. -- Andreas Metzler <email address hidden> Wed, 15 Nov 2017 18:52:21 +0100
Available diffs
- diff from 1.7.9-1 to 1.8.1-4 (204.7 KiB)
- diff from 1.7.9-2 to 1.8.1-4 (201.8 KiB)
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.8.1-3) experimental; urgency=medium * Replace 30_fedora_t-secmem-PPC64.diff with 30_Fix-secmem-test-for-machine-with-larger-page.patch and 31_tests-Add-HAVE_MMAP-check-for-MinGW.patch from upstream GIT LIBGCRYPT-1.8-BRANCH. * Set Rules-Requires-Root: no. -- Andreas Metzler <email address hidden> Tue, 14 Nov 2017 19:10:39 +0100
Superseded in experimental-release |
libgcrypt20 (1.8.1-2) experimental; urgency=medium * Sync priorities with override file (libgcrypt11-dev/libgcrypt-mingw-w64-dev: extra -> optional). Bump Standards-Version to 4.1.1. * Point watchfile to https URL. * Use DEB_VERSION_UPSTREAM_REVISION instead of DEB_VERSION to generate fake version number. * Sync debian/copyright with upstream's LICENSES file, adding the OCB license 1. Closes: #879984 * [lintian] Drop trailing whitespace in control and changelog. * [lintian] Fix typo in copyright file. -- Andreas Metzler <email address hidden> Sat, 04 Nov 2017 19:06:49 +0100
libgcrypt20 (1.7.9-2) unstable; urgency=medium * Sync debian/copyright with upstream's LICENSES file, adding the OCB license 1. Closes: #879984 * [lintian] Drop trailing whitespace in control and changelog. * [lintian] Sync priorities with override file (extra -> optional). * [lintian] Fix typo in copyright file. -- Andreas Metzler <email address hidden> Sat, 04 Nov 2017 16:37:16 +0100
Available diffs
- diff from 1.7.9-1 to 1.7.9-2 (3.8 KiB)
libgcrypt20 (1.7.6-2+deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * ecc: Add input validation for X25519 [CVE-2017-0379] Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With You". (Closes: #873383) -- Salvatore Bonaccorso <email address hidden> Sun, 27 Aug 2017 11:58:04 +0200
libgcrypt20 (1.7.9-1) unstable; urgency=high * New upstream version, mitigates a local side-channel attack on Curve25519 dubbed "May the Fourth be With You". [CVE-2017-0379] Closes: #873383 + Drop 30_mpi-Fix-mpi_set_secure.patch -- Andreas Metzler <email address hidden> Sun, 27 Aug 2017 11:56:17 +0200
Available diffs
Superseded in experimental-release |
libgcrypt20 (1.8.1-1) experimental; urgency=medium * New upstream version. + Mitigates a local side-channel attack on Curve25519 dubbed "May the Fourth be With You". [CVE-2017-0379] Closes: #873383 + Add the OID SHA384WithECDSA from RFC-7427 to SHA-384. Closes: 873297 * Use @ARCHIVE_EXT@ in watchfile instead of hardcoding bz2. -- Andreas Metzler <email address hidden> Sun, 27 Aug 2017 13:13:01 +0200
Superseded in experimental-release |
libgcrypt20 (1.8.0-2) experimental; urgency=low * 30_fedora_t-secmem-PPC64.diff from Fedora package: Fix t_secmen on powerpc which uses a pagesize > 16K. * Use /usr/share/dpkg/pkg-info.mk instead of invoking dpkg-parsechangelog. -- Andreas Metzler <email address hidden> Sat, 19 Aug 2017 16:06:03 +0200
Published in jessie-release |
libgcrypt20 (1.6.3-2+deb8u4) jessie-security; urgency=high * 22_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see <https://eprint.iacr.org/2017/627>. [CVE-2017-7526] -- Andreas Metzler <email address hidden> Sat, 01 Jul 2017 11:53:07 +0200
libgcrypt20 (1.7.6-2+deb9u1) stretch-security; urgency=high * 31_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see <https://eprint.iacr.org/2017/627>. [CVE-2017-7526] -- Andreas Metzler <email address hidden> Sat, 01 Jul 2017 11:01:58 +0200
Superseded in experimental-release |
libgcrypt20 (1.8.0-1) experimental; urgency=low * New upstream version. + Drop 30_mpi-Fix-mpi_set_secure.patch. + Update copyright file. + Update symbol file. + Bump libgpg-error-dev b-d requirement to >= 1.25. + Update algorithm list in package description. -- Andreas Metzler <email address hidden> Wed, 19 Jul 2017 19:47:46 +0200
libgcrypt20 (1.7.8-2) unstable; urgency=medium * 30_mpi-Fix-mpi_set_secure.patch from upstream LIBGCRYPT-1-7-BRANCH: Fix memory allocation in mpi_set_secure. Closes: #866964 * Drop override_dh_strip from debian/rules. -- Andreas Metzler <email address hidden> Thu, 06 Jul 2017 18:16:23 +0200
Available diffs
- diff from 1.7.8-1 to 1.7.8-2 (1.4 KiB)
libgcrypt20 (1.7.8-1) unstable; urgency=high * Fix 25_norevisionfromgit.diff to let ./configure generate a version-string without -beta suffix. LP: #1700157 * New upstream version. + Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see <https://eprint.iacr.org/2017/627>. [CVE-2017-7526] -- Andreas Metzler <email address hidden> Thu, 29 Jun 2017 18:27:03 +0200
Available diffs
- diff from 1.7.7-2 to 1.7.8-1 (113.4 KiB)
libgcrypt20 (1.7.7-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler <email address hidden> Sun, 18 Jun 2017 11:28:58 +0200
Available diffs
- diff from 1.7.6-2 to 1.7.7-2 (117.9 KiB)
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.7.7-1) experimental; urgency=medium * New upstream version. + Drop 30_gcry177*.patch -- Andreas Metzler <email address hidden> Sun, 04 Jun 2017 15:34:56 +0200
libgcrypt20 (1.7.6-2) unstable; urgency=high * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped. * Pull two fixes from gcrypt 1.7.7 bugfix release: + 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch Fix possible timing attack on EdDSA session key. + 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch Fix long standing bug in secure memory implementation which could lead to a segv on free. -- Andreas Metzler <email address hidden> Sat, 03 Jun 2017 10:58:36 +0200
Available diffs
- diff from 1.7.6-1 to 1.7.6-2 (10.8 KiB)
Superseded in buster-release |
Deleted in experimental-release (Reason: None provided.) |
Superseded in stretch-release |
Superseded in sid-release |
libgcrypt20 (1.7.6-1) unstable; urgency=medium * New upstream version, includes 30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch. -- Andreas Metzler <email address hidden> Thu, 26 Jan 2017 11:58:32 +0100
Available diffs
- diff from 1.7.5-3 to 1.7.6-1 (85.6 KiB)
libgcrypt20 (1.7.5-3) unstable; urgency=medium * 30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch from upstream GIT master: Fix SSE3 assembly on Nehalem. -- Andreas Metzler <email address hidden> Sat, 14 Jan 2017 11:06:04 +0100
Available diffs
- diff from 1.7.5-2 to 1.7.5-3 (1.2 KiB)
libgcrypt20 (1.7.5-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler <email address hidden> Sat, 17 Dec 2016 08:38:47 +0100
Available diffs
- diff from 1.7.3-2 to 1.7.5-2 (56.0 KiB)
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.7.5-1) experimental; urgency=medium * New upstream version. -- Andreas Metzler <email address hidden> Thu, 15 Dec 2016 19:32:33 +0100
libgcrypt20 (1.7.3-2) unstable; urgency=medium [ Helmut Grohne / Andreas Metzler ] * Turn libgcrypt11-dev into an Arch:any package. Closes: #840205 -- Andreas Metzler <email address hidden> Sun, 09 Oct 2016 18:00:59 +0200
Available diffs
Superseded in jessie-release |
libgcrypt20 (1.6.3-2+deb8u2) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * random: Improve the diagram showing the random mixing * random: Hash continuous areas in the csprng pool (CVE-2016-6313) -- Salvatore Bonaccorso <email address hidden> Wed, 17 Aug 2016 21:58:23 +0200
libgcrypt20 (1.7.3-1) unstable; urgency=high * New upstream version. Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who obtains 580 bytes from the standard RNG can trivially predict the next 20 bytes of output. -- Andreas Metzler <email address hidden> Thu, 18 Aug 2016 07:47:10 +0200
libgcrypt20 (1.7.2-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler <email address hidden> Sun, 17 Jul 2016 15:32:09 +0200
Available diffs
- diff from 1.7.1-2 to 1.7.2-2 (19.1 KiB)
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.7.2-1) experimental; urgency=medium * New upstream bugfix release. -- Andreas Metzler <email address hidden> Fri, 15 Jul 2016 19:21:29 +0200
libgcrypt20 (1.7.1-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler <email address hidden> Sat, 18 Jun 2016 07:24:03 +0200
Available diffs
- diff from 1.7.0-2 to 1.7.1-2 (16.3 KiB)
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.7.1-1) experimental; urgency=medium * Fix package descriptions. The algorithm-list was incomplete for some packages. Closes: #821368 (Thanks, Katsuhiko Nishimra) * New upstream bugfix release, update copyright info. -- Andreas Metzler <email address hidden> Thu, 16 Jun 2016 19:12:08 +0200
libgcrypt20 (1.7.0-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler <email address hidden> Sun, 17 Apr 2016 13:16:30 +0200
Available diffs
- diff from 1.6.5-2 to 1.7.0-2 (828.3 KiB)
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.7.0-1) experimental; urgency=medium * New upstream release. * Update debian/copyright from AUTHORS. * Update algorithm list in package description. -- Andreas Metzler <email address hidden> Fri, 15 Apr 2016 19:31:29 +0200
Deleted in experimental-release (Reason: None provided.) |
libgcrypt20 (1.6.5+git20160413+8472b-1) experimental; urgency=medium * New upstream snapshot. * Use hardening=+bindnow instead of hardening=+all, we are mainly shipping libraries, including static ones. -- Andreas Metzler <email address hidden> Wed, 13 Apr 2016 18:54:07 +0200
1 → 75 of 100 results | First • Previous • Next • Last |