-
libgcrypt20 (1.8.4-5ubuntu2.1) eoan-security; urgency=medium
* SECURITY UPDATE: ECDSA timing attack
- debian/patches/CVE-2019-13627-1.patch: add mitigation against timing
attack in cipher/ecc-ecdsa.c, mpi/ec.c.
- debian/patches/CVE-2019-13627-2.patch: fix use of nonce, use larger
one in cipher/dsa-common.c, cipher/dsa.c, cipher/ecc-ecdsa.c,
cipher/ecc-gost.c, cipher/pubkey-internal.h.
- CVE-2019-13627
-- Marc Deslauriers <email address hidden> Thu, 28 Nov 2019 13:50:59 -0500
-
libgcrypt20 (1.8.4-5ubuntu2) eoan; urgency=medium
* Build-depend on texlive-plain-generic instead of obsolete texlive-
generic-recommended.
-- Steve Langasek <email address hidden> Tue, 01 Oct 2019 14:13:42 -0700
-
libgcrypt20 (1.8.4-5ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Disable the library reading /proc/sys/crypto/fips_enabled file
and going into FIPS mode. libgcrypt is not a FIPS certified library.
(LP 1748310)
* Fix spelling-error-in-patch-description "Decription" -> "Description"
libgcrypt20 (1.8.4-5) unstable; urgency=medium
* 30_doc-Fix-library-initialization-examples.patch from upstream
LIBGCRYPT-1.8-BRANCH: Stop suggesting gcry_check_version (GCRYPT_VERSION)
in documentation. Add some touch magic to still allow building without
makeinfo. See #914009
* [lintian] Minimize upstream/signing-key.asc.
* Use dh v11 compatibility level.
libgcrypt20 (1.8.4-4) unstable; urgency=medium
* Run "wrap-and-sort --max-line-length=72 --short-indent" and add back
autodeleted comments.
* Drop libgcrypt11-dev transition package. Closes: #878654
-- Julian Andres Klode <email address hidden> Tue, 23 Apr 2019 11:41:31 +0200
-
libgcrypt20 (1.8.4-3ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- Disable the library reading /proc/sys/crypto/fips_enabled file
and going into FIPS mode. libgcrypt is not a FIPS certified library.
(LP 1748310)
libgcrypt20 (1.8.4-3) unstable; urgency=medium
* Fix arch-indep build error by running dh_auto_install for both -arch and
-indep builds.
libgcrypt20 (1.8.4-2) unstable; urgency=medium
* Upload to unstable.
* Use dh_missing.
* Ship info files from installed tree (debian/tmp/) instead of from doc/.
libgcrypt20 (1.8.4-1) experimental; urgency=medium
* New upstream bugfix release.
+ Drop 40-*.patch.
libgcrypt20 (1.8.3-2) experimental; urgency=low
* Update from LIBGCRYPT-1.8-BRANCH:
+ 40-01-Post-release-updates.patch
+ 40-02-random-Fix-hang-of-_gcry_rndjent_get_version.patch
+ 40-03-sexp-Fix-uninitialized-use-of-a-var-in-the-error-cas.patch
+ 40-04-ecc-Fix-potential-unintended-freeing-of-an-internal-.patch
+ 40-06-ecc-Fix-possible-memory-leakage-in-parameter-check-o.patch
+ 40-07-ecc-Fix-memory-leak-in-the-error-case-of-ecc_encrypt.patch
+ 40-08-Fix-memory-leak-in-secmem-in-out-of-core-conditions.patch
+ 40-09-doc-Update-yat2m.c-from-upstream-libgpg-error.patch
+ 40-10-build-Add-release-make-target.patch
-- Julian Andres Klode <email address hidden> Mon, 12 Nov 2018 11:24:05 +0100
