Change log : libgcrypt20 package : Debian

1.10.3-3

Published in sid-release on 2024-05-14

libgcrypt20 (1.10.3-3) unstable; urgency=medium

  * 30_m4-Include-_AM_PATH_GPGRT_CONFIG-definition.patch from upstream GIT
    master: Update libgcrypt.m4 to let AM_PATH_LIBGCRYPT continue to work
    without preceding AM_PATH_GPG_ERROR() when libgcrypt-config is removed.

 -- Andreas Metzler <email address hidden>  Tue, 14 May 2024 18:11:46 +0200

Available diffs

diff from 1.10.3-2build1 (in Ubuntu) to 1.10.3-3 (4.7 KiB)

1.10.3-2

Deleted in experimental-release (Reason: None provided.)

Published in sid-release on 2023-12-01

libgcrypt20 (1.10.3-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Fri, 01 Dec 2023 11:47:14 +0100

Available diffs

diff from 1.10.2-3ubuntu1 (in Ubuntu) to 1.10.3-2 (114.8 KiB)

1.10.3-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.10.3-1) experimental; urgency=medium

  * New upstream release.
    + Update symbol file.

 -- Andreas Metzler <email address hidden>  Thu, 30 Nov 2023 14:29:24 +0100

1.10.2-3

Superseded in sid-release on 2023-12-17

libgcrypt20 (1.10.2-3) unstable; urgency=medium

  [ Simon Josefsson ]
  * Update Homepage: URL.

  [ Andreas Metzler ]
  * Drop --insert-timestamp linker option on mingw*, binutils 2.41 should use
    SOURCE_DATE_EPOCH automatically and the Debian package has dropped the
    patch to add the --insert-timestamp option. Closes: #1052219

 -- Andreas Metzler <email address hidden>  Tue, 19 Sep 2023 13:48:32 +0200

1.10.2-2

Superseded in sid-release on 2023-10-07

libgcrypt20 (1.10.2-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sun, 11 Jun 2023 11:21:04 +0200

1.10.2-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.10.2-1) experimental; urgency=medium

  [ Helmut Grohne ]
  * Support the noudeb build profile. Closes: #1024943

  [ Andreas Metzler ]
  * New upstream release.
    + Drop superfluous patches.

 -- Andreas Metzler <email address hidden>  Sun, 09 Apr 2023 13:38:50 +0200

1.10.1-3

Published in bookworm-release on 2023-06-01

Published in sid-release on 2022-11-19

libgcrypt20 (1.10.1-3) unstable; urgency=medium

  * 32-build-Prefer-gpgrt-config-when-available.patch from
    LIBGCRYPT-1.10-BRANCH updates libgcrypt.m4 to prefer gpgrt-config over
    libgcrypt-config even when --with-libgcrypt-prefix is set.
  + 35-keccak-Use-size_t-to-avoid-integer-overflow.patch: Fix wrong result for
    SHA3 functions > 4GB invoked in one-shot.
  + 37-doc-Update-document-for-pkg-config-and-libgcrypt.m4.patch: Suggest
    pkg-config instead of libgcrypt-config.

 -- Andreas Metzler <email address hidden>  Sat, 19 Nov 2022 17:59:10 +0100

1.10.1-2

Superseded in sid-release on 2023-02-19

libgcrypt20 (1.10.1-2) unstable; urgency=low

  * Upload to unstable.
  * Update from upstream LIBGCRYPT-1.10-BRANCH, renaming the patch in the
    previous upload and adding another fix
    (31_0003-hwf-ppc-fix-missing-HWF_PPC_ARCH_3_10-in-HW-feature.patch).

 -- Andreas Metzler <email address hidden>  Sun, 03 Apr 2022 18:32:32 +0200

1.10.1-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.10.1-1) experimental; urgency=low

  * New upstream version.
    + Drop cherrypicked patches.
    + Add post-release fix 31_0001-kdf-argon2-Fix-for-the-case-output-64.patch

 -- Andreas Metzler <email address hidden>  Wed, 30 Mar 2022 18:44:02 +0200

1.10.0-2

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.10.0-2) experimental; urgency=low

  [ Debian Janitor ]
  * Remove constraints unnecessary since buster:
    + Build-Depends: Drop versioned constraint on libgpg-error-dev.
    + Build-Depends-Indep: Drop versioned constraint on texinfo.

  [ Andreas Metzler ]
  * Upgrade to head of LIBGCRYPT-1.10-BRANCH.
    + 30_0001-Post-release-updates.patch
    + 30_0002-jitterentropy-Include-fcntl.h-and-limits.h.patch
    + 30_0003-kdf-Use-u64.patch
    + 30_0004-Register-DCO-for-Clemens-Lang.patch
    + 30_0005-fips-Fix-memory-leaks-in-FIPS-mode.patch
    + 30_0006-hmac-Fix-memory-leak.patch
    + 30_0007-build-Fix-m4-gpg-error.m4.patch
    + 30_0008-Silence-compiler-warnings-for-possible-alignment-pro.patch
    + 30_0009-fips-Use-ELF-header-to-find-hmac-file-offset.patch
    + 30_0010-fips-Fix-previous-commit.patch
    + 30_0011-fips-Integrity-check-improvement-with-only-loadable-.patch
    + 30_0012-fips-More-portable-integrity-check.patch
    + 30_0013-fips-Fix-gen-note-integrity.sh-script-not-to-use-cmp.patch
    + 30_0014-fips-Clarify-what-to-be-hashed-for-the-integrity-che.patch
  * Point vcs-* to experimental branch.

  [ Johannes Schauer Marin Rodrigues ]
  * debian/libgcrypt20.postinst: only run clean-up-unmanaged-libraries on
    upgrades and not on new installations. Closes: #1007754

 -- Andreas Metzler <email address hidden>  Sun, 20 Mar 2022 07:27:23 +0100

1.10.0-1

Superseded in experimental-release on 2022-03-20

libgcrypt20 (1.10.0-1) experimental; urgency=low

  * Run wrap-and-sort -ast.
  * New upstream version.
    + Drop 30_01-poly1305-fix-building-with-arm-linux-gnueabihf-gcc-1.patch.
    + Add new symbols to symbol file, bump versioned dependency info of all
      symbols to 1.10.0. (Many enums extended, most notably gcry_ctl_cmds, i.e.
      the arguments for gcry_control()).

 -- Andreas Metzler <email address hidden>  Sun, 06 Feb 2022 15:48:15 +0100

1.9.4-5

Superseded in sid-release on 2022-04-15

libgcrypt20 (1.9.4-5) unstable; urgency=medium

  * Pull 30_01-poly1305-fix-building-with-arm-linux-gnueabihf-gcc-1.patch from
    upstream GIT master branch, fixing FTBFS on armhf. Closes: #1001675

 -- Andreas Metzler <email address hidden>  Tue, 14 Dec 2021 17:56:04 +0100

1.9.4-4

Superseded in sid-release on 2021-12-14

libgcrypt20 (1.9.4-4) unstable; urgency=low

  * Import clean-up-unmanaged-libraries from the debian glib salsa repository.
  * Work around unreproducible (possibly fixed) dpkg bug 949395 and use
    clean-up-unmanaged-libraries to remove leftover libgcrypt versions in
    /lib. (Thanks, Simon McVittie!) Closes: #984884
  * Fix references for CVE-2021-40528 and CVE-2021-33560 in previous
    changelogs.
  * Add lintian override for false positive
    debian-rules-sets-dpkg-architecture-variable.

 -- Andreas Metzler <email address hidden>  Sun, 28 Nov 2021 13:33:35 +0100

1.9.4-3

Superseded in sid-release on 2021-12-15

libgcrypt20 (1.9.4-3) unstable; urgency=medium

  * Fix libgcrypt-config wrapper to use 'command -v' instead of 'which'.
    (Thanks, Emmanuel Bouthenot)
    Closes: #993244

 -- Andreas Metzler <email address hidden>  Sat, 11 Sep 2021 13:43:26 +0200

1.9.4-2

Superseded in sid-release on 2021-09-11

libgcrypt20 (1.9.4-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 04 Sep 2021 07:29:03 +0200

1.9.4-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.9.4-1) experimental; urgency=medium

  * New upstream release. (Also includes fix for Elgamal encryption for
    other implementations. CVE-2021-33560)

 -- Andreas Metzler <email address hidden>  Sun, 29 Aug 2021 19:17:04 +0200

1.8.4-5+deb10u1

Published in buster-release on 2021-06-19

libgcrypt20 (1.8.4-5+deb10u1) buster; urgency=medium

  * 31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch from
    upstream LIBGCRYPT-1.8-BRANCH: Fix weak ElGamal encryption with keys *not*
    generated by GnuPG/libgcrypt. CVE-2021-33560

 -- Andreas Metzler <email address hidden>  Sat, 29 May 2021 13:32:02 +0200

1.8.7-6

Published in bullseye-release on 2021-07-22

Superseded in experimental-release on 2021-08-28

Superseded in sid-release on 2022-10-11

libgcrypt20 (1.8.7-6) unstable; urgency=medium

  * Update from LIBGCRYPT-1.8-BRANCH:
    + 30_10-cipher-Fix-ElGamal-encryption-for-other-implementati.patch

 -- Andreas Metzler <email address hidden>  Thu, 27 May 2021 18:07:38 +0200

1.8.7-5

Superseded in sid-release on 2021-05-28

libgcrypt20 (1.8.7-5) unstable; urgency=medium

  * Pull fix ECC decyryption regression (caused by
    30_08-ecc-Check-the-input-length-for-the-point.patch) from
    LIBGCRYPT-1.8-BRANCH. Closes: #987956

 -- Andreas Metzler <email address hidden>  Thu, 06 May 2021 18:06:14 +0200

1.8.7-4

Superseded in sid-release on 2021-05-06

libgcrypt20 (1.8.7-4) unstable; urgency=medium

  * Update from LIBGCRYPT-1.8-BRANCH:
    + 30_07-Fix-previous-commit.patch
    + 30_08-ecc-Check-the-input-length-for-the-point.patch

 -- Andreas Metzler <email address hidden>  Sun, 02 May 2021 13:58:47 +0200

1.9.3-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.9.3-1) experimental; urgency=medium

  * New upstream release.

 -- Andreas Metzler <email address hidden>  Wed, 21 Apr 2021 18:22:56 +0200

1.9.2-1

Superseded in experimental-release on 2021-04-26

libgcrypt20 (1.9.2-1) experimental; urgency=low

  * New upstream release.

 -- Andreas Metzler <email address hidden>  Thu, 18 Feb 2021 18:00:38 +0100

1.8.7-3

Superseded in bullseye-release on 2021-08-07

Superseded in sid-release on 2021-08-01

libgcrypt20 (1.8.7-3) unstable; urgency=medium

  * Update from LIBGCRYPT-1.8-BRANCH:
    + 30_01-Post-release-updates.patch
    + 30_02-tests-Put-a-work-around-to-tests-random-for-macOS.patch
    + 30_03-ecc-Add-checking-key-for-ECDSA.patch
    + 30_04-Fix-ubsan-warnings-for-i386-build.patch
    + 30_05-Add-handling-for-Og-with-O-flag-munging.patch
    + 30_06-Make-sure-the-grcy_get_config-string-is-always-null-.patch

 -- Andreas Metzler <email address hidden>  Sun, 14 Feb 2021 15:27:13 +0100

1.9.2~beta16-1

Superseded in experimental-release on 2021-02-18

libgcrypt20 (1.9.2~beta16-1) experimental; urgency=low

  * Simplify ./configure for Windows build, do not disable optimization and
    assembly, set timestamp=$(SOURCE_DATE_EPOCH) instead of disabling the
    timestamp.
  * New upstream release.
    + Drop 30_Revert-Define-HW-feature-flags-per-architecture.patch.

 -- Andreas Metzler <email address hidden>  Sat, 13 Feb 2021 08:08:19 +0100

1.9.1-1

Superseded in experimental-release on 2021-02-13

libgcrypt20 (1.9.1-1) experimental; urgency=low

  * Add Bug-Database and Bug-Submit to upstream/metadata.
  * New upstream version.
    + Fixes heap buffer overflow introduced in 1.9.0.
      https://dev.gnupg.org/T5275. CVE-2021-3345 Closes: #981336
  * 30_Revert-Define-HW-feature-flags-per-architecture.patch Fix w* build
    error.

 -- Andreas Metzler <email address hidden>  Sat, 30 Jan 2021 13:51:54 +0100

1.9.0-1

Superseded in experimental-release on 2021-01-30

libgcrypt20 (1.9.0-1) experimental; urgency=low

  * New upstream version.
   + Drop 13_lessdeps_libgcrypt-pkgconfig.diff
   + Update 25_norevisionfromgit.diff.
   + List new symbols, bump all version requirements in libgcrypt20.symbols.
     (New args for gcry_control, new algorithms.)
   + Update copyright file.
   + Update algorithm list in package descriptions.

 -- Andreas Metzler <email address hidden>  Sun, 24 Jan 2021 08:39:32 +0100

1.8.7-2

Superseded in sid-release on 2021-04-16

libgcrypt20 (1.8.7-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Wed, 28 Oct 2020 08:00:01 +0100

1.8.7-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.8.7-1) experimental; urgency=low

  [ Debian Janitor ]
  * Apply multi-arch hints.
    + libgcrypt-mingw-w64-dev, libgcrypt20-doc: Add Multi-Arch: foreign.

  [ Andreas Metzler ]
  * Update debian/upstream/signing-key.asc from
    https://gnupg.org/signature_key.html.
  * New upstream bugfix release.
  * Use dh v13 compat level.

 -- Andreas Metzler <email address hidden>  Mon, 26 Oct 2020 10:19:55 +0100

1.8.6-2

Superseded in sid-release on 2020-11-11

libgcrypt20 (1.8.6-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Tue, 14 Jul 2020 07:09:01 +0200

1.8.6-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.8.6-1) experimental; urgency=low

  [ Debian Janitor ]
  * Set upstream metadata fields: Repository.

  [ Andreas Metzler ]
  * New upstream version.
    + Drop 40_*.patch
  * Install to library to /usr/lib instead of /lib in udeb, too.

 -- Andreas Metzler <email address hidden>  Sat, 11 Jul 2020 13:08:25 +0200

1.8.5-5

Superseded in sid-release on 2020-12-03

libgcrypt20 (1.8.5-5) unstable; urgency=low

  * Upload to unstable.
  * Drop libgcrypt20-dev's Conflicts with ancient (pre-jessie)
    libgcrypt11-dev.

 -- Andreas Metzler <email address hidden>  Sun, 23 Feb 2020 13:39:58 +0100

1.8.5-4

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.8.5-4) experimental; urgency=low

  * Move library from /lib to /usr/lib instead of splitting
    runtime/development over both locations. This includes moving the
    pkgconfig file. Closes: #951039
  * Use DH 12 compat level.
    + Drop superfluous dh_missing override.
    + In debian/rules export DPKG_GENSYMBOLS_CHECK_LEVEL=4 instead of
      overriding override_dh_makeshlibs.
  * Update from upstream LIBGCRYPT-1.8-BRANCH:
    + 40_01-ecc-Add-a-keygrip-testcase-for-cv25519.patch
    + 40_02-ecc-Fix-wrong-handling-of-shorten-PK-bytes.patch
    + 40_03-Fix-declaration-of-internal-function-_gcry_mpi_get_u.patch
    + 40_04-random-Fix-include-of-config.h.patch
    + 40_05-Set-vZZ.16b-register-to-zero-before-use-in-armv8-gcm.patch
    + 40_06-Fix-wrong-code-execution-in-Poly1305-ARM-NEON-implem.patch
  * Add usr/lib/*/libgcrypt.la to debian/not-installed.

 -- Andreas Metzler <email address hidden>  Sun, 16 Feb 2020 11:39:04 +0100

1.8.5-3

Superseded in sid-release on 2020-03-14

libgcrypt20 (1.8.5-3) unstable; urgency=medium

  * Switch b-d from texlive-generic-recommended to texlive-plain-generic.
    Closes: #941536

 -- Andreas Metzler <email address hidden>  Wed, 02 Oct 2019 19:37:25 +0200

1.8.5-2

Superseded in sid-release on 2020-01-27

libgcrypt20 (1.8.5-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 31 Aug 2019 19:08:39 +0200

1.8.5-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.8.5-1) experimental; urgency=medium

  * Drop --add-udeb=libgcrypt20-udeb to work around debhelper bug #935577.
  * New upstream version.
    + Fixes ECDSA timing attack. CVE-2019-13627 Closes: #938938
    + Drop 30_doc-Fix-library-initialization-examples.patch
    + Ship newly available pkgconfig file in libgcrypt20-dev, moving gpg-error
      from Requires to Requires.private in new
      13_lessdeps_libgcrypt-pkgconfig.diff.

 -- Andreas Metzler <email address hidden>  Fri, 30 Aug 2019 18:44:49 +0200

1.8.4-5

Published in buster-release on 2019-02-06

Superseded in sid-release on 2021-06-19

libgcrypt20 (1.8.4-5) unstable; urgency=medium

  * 30_doc-Fix-library-initialization-examples.patch from upstream
    LIBGCRYPT-1.8-BRANCH: Stop suggesting gcry_check_version (GCRYPT_VERSION)
    in documentation. Add some touch magic to still allow building without
    makeinfo. See #914009
  * [lintian] Minimize upstream/signing-key.asc.
  * Use dh v11 compatibility level.

 -- Andreas Metzler <email address hidden>  Sun, 20 Jan 2019 14:47:23 +0100

1.8.4-4

Superseded in buster-release on 2019-09-07

Superseded in sid-release on 2019-06-04

libgcrypt20 (1.8.4-4) unstable; urgency=medium

  * Run "wrap-and-sort --max-line-length=72 --short-indent" and add back
    autodeleted comments.
  * Drop libgcrypt11-dev transition package. Closes: #878654

 -- Andreas Metzler <email address hidden>  Sun, 02 Dec 2018 13:43:39 +0100

1.8.4-3

Superseded in buster-release on 2019-02-26

Superseded in sid-release on 2019-02-08

libgcrypt20 (1.8.4-3) unstable; urgency=medium

  * Fix arch-indep build error by running dh_auto_install for both -arch and
    -indep builds.

 -- Andreas Metzler <email address hidden>  Sun, 28 Oct 2018 07:22:27 +0100

1.8.4-2

Superseded in sid-release on 2018-10-29

libgcrypt20 (1.8.4-2) unstable; urgency=medium

  * Upload to unstable.
  * Use dh_missing.
  * Ship info files from installed tree (debian/tmp/) instead of from doc/.

 -- Andreas Metzler <email address hidden>  Sat, 27 Oct 2018 18:33:22 +0200

1.8.4-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.8.4-1) experimental; urgency=medium

  * New upstream bugfix release.
    + Drop 40-*.patch.

 -- Andreas Metzler <email address hidden>  Sat, 27 Oct 2018 07:45:13 +0200

1.8.3-2

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.8.3-2) experimental; urgency=low

  * Update from LIBGCRYPT-1.8-BRANCH:
    + 40-01-Post-release-updates.patch
    + 40-02-random-Fix-hang-of-_gcry_rndjent_get_version.patch
    + 40-03-sexp-Fix-uninitialized-use-of-a-var-in-the-error-cas.patch
    + 40-04-ecc-Fix-potential-unintended-freeing-of-an-internal-.patch
    + 40-06-ecc-Fix-possible-memory-leakage-in-parameter-check-o.patch
    + 40-07-ecc-Fix-memory-leak-in-the-error-case-of-ecc_encrypt.patch
    + 40-08-Fix-memory-leak-in-secmem-in-out-of-core-conditions.patch
    + 40-09-doc-Update-yat2m.c-from-upstream-libgpg-error.patch
    + 40-10-build-Add-release-make-target.patch

 -- Andreas Metzler <email address hidden>  Fri, 26 Oct 2018 17:29:25 +0200

1.7.6-2+deb9u3

Superseded in buster-release on 2019-03-11

Superseded in sid-release on 2019-03-05

Published in stretch-release on 2018-07-14

libgcrypt20 (1.7.6-2+deb9u3) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * ecc: Add blinding for ECDSA (CVE-2018-0495)

 -- Salvatore Bonaccorso <email address hidden>  Fri, 15 Jun 2018 11:58:05 +0200

1.8.3-1

Superseded in buster-release on 2018-11-28

Superseded in sid-release on 2018-11-27

libgcrypt20 (1.8.3-1) unstable; urgency=high

  * [lintian] Fix spelling-error-in-patch-description in
    15_multiarchpath_in_-L.diff.
  * New upstream version.
    + Use blinding for ECDSA signing to mitigate a novel side-channel
      attack.  CVE-2018-0495
  * [lintian] Delete trailing empty lines in changelog.

 -- Andreas Metzler <email address hidden>  Wed, 13 Jun 2018 19:15:54 +0200

1.8.2-2

Superseded in buster-release on 2018-12-07

Superseded in sid-release on 2018-12-06

libgcrypt20 (1.8.2-2) unstable; urgency=medium

  * Upload to unstable.
  * Partially sync priorities with override file. (libgcrypt20 optional from
    standard.)
  * Point Vcs* to salsa.

 -- Andreas Metzler <email address hidden>  Wed, 28 Mar 2018 18:43:21 +0200

1.8.2-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.8.2-1) experimental; urgency=medium

  * New upstream version.
    + Drop 30_Fix-secmem-test-for-machine-with-larger-page.patch and
      31_tests-Add-HAVE_MMAP-check-for-MinGW.patch.
  * Use dh v10 mode. Bump b-d, drop explicit b-d on automake and
    dh_autoreconf, remove --parallel --with autoreconf options from dh
    invocation.
  * Clean up, delete some libgcrypt20-dbg leftovers.
  * Use https for upstream URL.

 -- Andreas Metzler <email address hidden>  Sat, 16 Dec 2017 13:36:49 +0100

1.8.1-4

Superseded in buster-release on 2018-06-11

Superseded in sid-release on 2019-06-04

libgcrypt20 (1.8.1-4) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Wed, 15 Nov 2017 18:52:21 +0100

Available diffs

diff from 1.7.9-1 to 1.8.1-4 (204.7 KiB)
diff from 1.7.9-2 to 1.8.1-4 (201.8 KiB)

1.8.1-3

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.8.1-3) experimental; urgency=medium

  * Replace 30_fedora_t-secmem-PPC64.diff with
    30_Fix-secmem-test-for-machine-with-larger-page.patch and
    31_tests-Add-HAVE_MMAP-check-for-MinGW.patch from upstream GIT
    LIBGCRYPT-1.8-BRANCH.
  * Set Rules-Requires-Root: no.

 -- Andreas Metzler <email address hidden>  Tue, 14 Nov 2017 19:10:39 +0100

1.8.1-2

Superseded in experimental-release on 2017-11-15

libgcrypt20 (1.8.1-2) experimental; urgency=medium

  * Sync priorities with override file
    (libgcrypt11-dev/libgcrypt-mingw-w64-dev: extra -> optional). Bump
    Standards-Version to 4.1.1.
  * Point watchfile to https URL.
  * Use DEB_VERSION_UPSTREAM_REVISION instead of DEB_VERSION to generate fake
    version number.
  * Sync debian/copyright with upstream's LICENSES file, adding the OCB
    license 1. Closes: #879984
  * [lintian] Drop trailing whitespace in control and changelog.
  * [lintian] Fix typo in copyright file.

 -- Andreas Metzler <email address hidden>  Sat, 04 Nov 2017 19:06:49 +0100

1.7.9-2

Superseded in buster-release on 2018-02-23

Superseded in sid-release on 2018-04-16

libgcrypt20 (1.7.9-2) unstable; urgency=medium

  * Sync debian/copyright with upstream's LICENSES file, adding the OCB
    license 1. Closes: #879984
  * [lintian] Drop trailing whitespace in control and changelog.
  * [lintian] Sync priorities with override file (extra -> optional).
  * [lintian] Fix typo in copyright file.

 -- Andreas Metzler <email address hidden>  Sat, 04 Nov 2017 16:37:16 +0100

Available diffs

diff from 1.7.9-1 to 1.7.9-2 (3.8 KiB)

1.7.6-2+deb9u2

Superseded in buster-release on 2018-07-19

Superseded in sid-release on 2018-07-14

Superseded in stretch-release on 2018-07-14

libgcrypt20 (1.7.6-2+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * ecc: Add input validation for X25519 [CVE-2017-0379]
    Mitigate a local side-channel attack on Curve25519 dubbed "May the
    Fourth be With You". (Closes: #873383)

 -- Salvatore Bonaccorso <email address hidden>  Sun, 27 Aug 2017 11:58:04 +0200

1.7.9-1

Superseded in buster-release on 2017-12-05

Superseded in sid-release on 2017-12-05

libgcrypt20 (1.7.9-1) unstable; urgency=high

  * New upstream version, mitigates a local side-channel attack on Curve25519
    dubbed "May the Fourth be With You".  [CVE-2017-0379] Closes: #873383
    + Drop 30_mpi-Fix-mpi_set_secure.patch

 -- Andreas Metzler <email address hidden>  Sun, 27 Aug 2017 11:56:17 +0200

Available diffs

diff from 1.7.8-2ubuntu1 (in Ubuntu) to 1.7.9-1 (7.1 KiB)

1.8.1-1

Superseded in experimental-release on 2017-11-09

libgcrypt20 (1.8.1-1) experimental; urgency=medium

  * New upstream version.
    + Mitigates a local side-channel attack on Curve25519 dubbed "May the
      Fourth be With You".  [CVE-2017-0379] Closes: #873383
    + Add the OID SHA384WithECDSA from RFC-7427 to SHA-384. Closes: 873297
  * Use @ARCHIVE_EXT@ in watchfile instead of hardcoding bz2.

 -- Andreas Metzler <email address hidden>  Sun, 27 Aug 2017 13:13:01 +0200

1.8.0-2

Superseded in experimental-release on 2017-09-05

libgcrypt20 (1.8.0-2) experimental; urgency=low

  * 30_fedora_t-secmem-PPC64.diff from Fedora package: Fix t_secmen on
    powerpc which uses a pagesize > 16K.
  * Use /usr/share/dpkg/pkg-info.mk instead of invoking dpkg-parsechangelog.

 -- Andreas Metzler <email address hidden>  Sat, 19 Aug 2017 16:06:03 +0200

1.6.3-2+deb8u4

Published in jessie-release on 2017-07-22

libgcrypt20 (1.6.3-2+deb8u4) jessie-security; urgency=high

  * 22_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a
    flush+reload side-channel attack on RSA secret keys dubbed "Sliding right
    into  disaster". For details see <https://eprint.iacr.org/2017/627>.
    [CVE-2017-7526]

 -- Andreas Metzler <email address hidden>  Sat, 01 Jul 2017 11:53:07 +0200

1.7.6-2+deb9u1

Published in stretch-release on 2017-07-22

Superseded in buster-release on 2017-10-12

Superseded in sid-release on 2017-10-07

libgcrypt20 (1.7.6-2+deb9u1) stretch-security; urgency=high

  * 31_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a
    flush+reload side-channel attack on RSA secret keys dubbed "Sliding right
    into disaster". For details see <https://eprint.iacr.org/2017/627>.
    [CVE-2017-7526]

 -- Andreas Metzler <email address hidden>  Sat, 01 Jul 2017 11:01:58 +0200

1.8.0-1

Superseded in experimental-release on 2017-08-20

libgcrypt20 (1.8.0-1) experimental; urgency=low

  * New upstream version.
    + Drop 30_mpi-Fix-mpi_set_secure.patch.
    + Update copyright file.
    + Update symbol file.
    + Bump libgpg-error-dev b-d requirement to >= 1.25.
    + Update algorithm list in package description.

 -- Andreas Metzler <email address hidden>  Wed, 19 Jul 2017 19:47:46 +0200

1.7.8-2

Superseded in sid-release on 2017-12-04

Superseded in buster-release on 2017-12-05

Superseded in sid-release on 2017-08-28

libgcrypt20 (1.7.8-2) unstable; urgency=medium

  * 30_mpi-Fix-mpi_set_secure.patch from upstream LIBGCRYPT-1-7-BRANCH: Fix
    memory allocation in mpi_set_secure. Closes: #866964
  * Drop override_dh_strip from debian/rules.

 -- Andreas Metzler <email address hidden>  Thu, 06 Jul 2017 18:16:23 +0200

Available diffs

diff from 1.7.8-1 to 1.7.8-2 (1.4 KiB)

1.7.8-1

Superseded in sid-release on 2017-07-07

libgcrypt20 (1.7.8-1) unstable; urgency=high

  * Fix 25_norevisionfromgit.diff to let ./configure generate a version-string
    without -beta suffix. LP: #1700157
  * New upstream version.
    + Mitigate a flush+reload side-channel attack on RSA secret keys dubbed
      "Sliding right into disaster".  For details see
      <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

 -- Andreas Metzler <email address hidden>  Thu, 29 Jun 2017 18:27:03 +0200

Available diffs

diff from 1.7.7-2 to 1.7.8-1 (113.4 KiB)

1.7.7-2

Superseded in buster-release on 2017-10-05

Superseded in sid-release on 2017-09-25

libgcrypt20 (1.7.7-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sun, 18 Jun 2017 11:28:58 +0200

Available diffs

diff from 1.7.6-2 to 1.7.7-2 (117.9 KiB)

1.7.7-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.7.7-1) experimental; urgency=medium

  * New upstream version.
    + Drop 30_gcry177*.patch

 -- Andreas Metzler <email address hidden>  Sun, 04 Jun 2017 15:34:56 +0200

1.7.6-2

Superseded in buster-release on 2018-12-07

Superseded in stretch-release on 2017-07-22

Superseded in sid-release on 2018-04-01

libgcrypt20 (1.7.6-2) unstable; urgency=high

  * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped.
  * Pull two fixes from gcrypt 1.7.7 bugfix release:
    + 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch
      Fix possible timing attack on EdDSA session key.
    + 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch
      Fix long standing bug in secure memory implementation which could lead
      to a segv on free.

 -- Andreas Metzler <email address hidden>  Sat, 03 Jun 2017 10:58:36 +0200

Available diffs

diff from 1.7.6-1 to 1.7.6-2 (10.8 KiB)

1.7.6-1

Superseded in buster-release on 2017-07-20

Deleted in experimental-release (Reason: None provided.)

Superseded in stretch-release on 2019-09-07

Superseded in sid-release on 2017-06-28

libgcrypt20 (1.7.6-1) unstable; urgency=medium

  * New upstream version, includes
    30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch.

 -- Andreas Metzler <email address hidden>  Thu, 26 Jan 2017 11:58:32 +0100

Available diffs

diff from 1.7.5-3 to 1.7.6-1 (85.6 KiB)

1.7.5-3

Superseded in sid-release on 2017-06-13

Superseded in stretch-release on 2017-05-25

Superseded in sid-release on 2017-01-27

libgcrypt20 (1.7.5-3) unstable; urgency=medium

  * 30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch from
    upstream GIT master: Fix SSE3 assembly on Nehalem.

 -- Andreas Metzler <email address hidden>  Sat, 14 Jan 2017 11:06:04 +0100

Available diffs

diff from 1.7.5-2 to 1.7.5-3 (1.2 KiB)

1.7.5-2

Superseded in stretch-release on 2017-06-14

Superseded in sid-release on 2017-03-21

libgcrypt20 (1.7.5-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 17 Dec 2016 08:38:47 +0100

Available diffs

diff from 1.7.3-2 to 1.7.5-2 (56.0 KiB)

1.7.5-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.7.5-1) experimental; urgency=medium

  * New upstream version.

 -- Andreas Metzler <email address hidden>  Thu, 15 Dec 2016 19:32:33 +0100

1.7.3-2

Superseded in stretch-release on 2017-01-25

Superseded in sid-release on 2017-04-08

libgcrypt20 (1.7.3-2) unstable; urgency=medium

  [ Helmut Grohne / Andreas Metzler ]
  * Turn libgcrypt11-dev into an Arch:any package. Closes: #840205

 -- Andreas Metzler <email address hidden>  Sun, 09 Oct 2016 18:00:59 +0200

Available diffs

diff from 1.7.2-2ubuntu1 (in Ubuntu) to 1.7.3-2 (27.9 KiB)

1.6.3-2+deb8u2

Superseded in jessie-release on 2017-07-22

libgcrypt20 (1.6.3-2+deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * random: Improve the diagram showing the random mixing
  * random: Hash continuous areas in the csprng pool (CVE-2016-6313)

 -- Salvatore Bonaccorso <email address hidden>  Wed, 17 Aug 2016 21:58:23 +0200

1.7.3-1

Superseded in stretch-release on 2016-10-15

Superseded in sid-release on 2016-10-21

libgcrypt20 (1.7.3-1) unstable; urgency=high

  * New upstream version.
    Fix critical security bug in the RNG [CVE-2016-6313].  An
    attacker who obtains 580 bytes from the standard RNG can
    trivially predict the next 20 bytes of output.

 -- Andreas Metzler <email address hidden>  Thu, 18 Aug 2016 07:47:10 +0200

1.7.2-2

Superseded in stretch-release on 2016-08-20

Superseded in sid-release on 2016-08-19

libgcrypt20 (1.7.2-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sun, 17 Jul 2016 15:32:09 +0200

Available diffs

diff from 1.7.1-2 to 1.7.2-2 (19.1 KiB)

1.7.2-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.7.2-1) experimental; urgency=medium

  * New upstream bugfix release.

 -- Andreas Metzler <email address hidden>  Fri, 15 Jul 2016 19:21:29 +0200

1.7.1-2

Superseded in stretch-release on 2016-11-01

Superseded in sid-release on 2016-10-31

libgcrypt20 (1.7.1-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 18 Jun 2016 07:24:03 +0200

Available diffs

diff from 1.7.0-2 to 1.7.1-2 (16.3 KiB)

1.7.1-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.7.1-1) experimental; urgency=medium

  * Fix package descriptions. The algorithm-list was incomplete for some
    packages. Closes: #821368 (Thanks, Katsuhiko Nishimra)
  * New upstream bugfix release, update copyright info.

 -- Andreas Metzler <email address hidden>  Thu, 16 Jun 2016 19:12:08 +0200

1.7.0-2

Superseded in stretch-release on 2017-01-18

Superseded in stretch-release on 2016-06-30

Superseded in sid-release on 2016-12-30

libgcrypt20 (1.7.0-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sun, 17 Apr 2016 13:16:30 +0200

Available diffs

diff from 1.6.5-2 to 1.7.0-2 (828.3 KiB)

1.7.0-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.7.0-1) experimental; urgency=medium

  * New upstream release.
  * Update debian/copyright from AUTHORS.
  * Update algorithm list in package description.

 -- Andreas Metzler <email address hidden>  Fri, 15 Apr 2016 19:31:29 +0200

1.6.5+git20160413+8472b-1

Deleted in experimental-release (Reason: None provided.)

libgcrypt20 (1.6.5+git20160413+8472b-1) experimental; urgency=medium

  * New upstream snapshot.
  * Use hardening=+bindnow instead of hardening=+all, we are mainly shipping
    libraries, including static ones.

 -- Andreas Metzler <email address hidden>  Wed, 13 Apr 2016 18:54:07 +0200

Debian
libgcrypt20 package

Change log for libgcrypt20 package in Debian

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Debianlibgcrypt20 package

Change log for libgcrypt20 package in Debian

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Available diffs

Debian
libgcrypt20 package