-
libgcrypt20 (1.8.5-5ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
- debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
exponent blinding too in cipher/elgamal.c.
- CVE-2021-33560
* SECURITY UPDATE: incorrect support of smaller K
- debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
implementations in cipher/elgamal.c.
- CVE-2021-40528
-- Marc Deslauriers <email address hidden> Tue, 14 Sep 2021 14:36:24 -0400
-
libgcrypt20 (1.8.5-5ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Disable the library reading /proc/sys/crypto/fips_enabled file
and going into FIPS mode. libgcrypt is not a FIPS certified library.
(LP 1748310)
libgcrypt20 (1.8.5-5) unstable; urgency=low
* Upload to unstable.
* Drop libgcrypt20-dev's Conflicts with ancient (pre-jessie)
libgcrypt11-dev.
libgcrypt20 (1.8.5-4) experimental; urgency=low
* Move library from /lib to /usr/lib instead of splitting
runtime/development over both locations. This includes moving the
pkgconfig file. Closes: #951039
* Use DH 12 compat level.
+ Drop superfluous dh_missing override.
+ In debian/rules export DPKG_GENSYMBOLS_CHECK_LEVEL=4 instead of
overriding override_dh_makeshlibs.
* Update from upstream LIBGCRYPT-1.8-BRANCH:
+ 40_01-ecc-Add-a-keygrip-testcase-for-cv25519.patch
+ 40_02-ecc-Fix-wrong-handling-of-shorten-PK-bytes.patch
+ 40_03-Fix-declaration-of-internal-function-_gcry_mpi_get_u.patch
+ 40_04-random-Fix-include-of-config.h.patch
+ 40_05-Set-vZZ.16b-register-to-zero-before-use-in-armv8-gcm.patch
+ 40_06-Fix-wrong-code-execution-in-Poly1305-ARM-NEON-implem.patch
* Add usr/lib/*/libgcrypt.la to debian/not-installed.
-- Steve Langasek <email address hidden> Sun, 23 Feb 2020 12:38:22 -0800
-
libgcrypt20 (1.8.5-3ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Disable the library reading /proc/sys/crypto/fips_enabled file
and going into FIPS mode. libgcrypt is not a FIPS certified library.
(LP 1748310)
* Dropped changes, included in Debian:
- Build-depend on texlive-plain-generic instead of obsolete texlive-
generic-recommended.
libgcrypt20 (1.8.5-3) unstable; urgency=medium
* Switch b-d from texlive-generic-recommended to texlive-plain-generic.
Closes: #941536
libgcrypt20 (1.8.5-2) unstable; urgency=medium
* Upload to unstable.
libgcrypt20 (1.8.5-1) experimental; urgency=medium
* Drop --add-udeb=libgcrypt20-udeb to work around debhelper bug #935577.
* New upstream version.
+ Fixes ECDSA timing attack. CVE-2019-13627 Closes: #938938
+ Drop 30_doc-Fix-library-initialization-examples.patch
+ Ship newly available pkgconfig file in libgcrypt20-dev, moving gpg-error
from Requires to Requires.private in new
13_lessdeps_libgcrypt-pkgconfig.diff.
-- Steve Langasek <email address hidden> Fri, 18 Oct 2019 14:25:34 -0700
-
libgcrypt20 (1.8.4-5ubuntu2) eoan; urgency=medium
* Build-depend on texlive-plain-generic instead of obsolete texlive-
generic-recommended.
-- Steve Langasek <email address hidden> Tue, 01 Oct 2019 14:13:42 -0700
