-
libgcrypt11 (1.5.3-2ubuntu4.6) trusty-security; urgency=medium
* SECURITY UPDATE: memory-cache side-channel attack on ECDSA signatures
- debian/patches/CVE-2018-0495.patch: add blinding for ECDSA in
cipher/ecc.
- CVE-2018-0495
-- Marc Deslauriers <email address hidden> Mon, 18 Jun 2018 09:40:59 -0400
-
libgcrypt11 (1.5.3-2ubuntu4.5) trusty-security; urgency=medium
* SECURITY UPDATE: full RSA key recovery via side-channel attack
- debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-2.patch: use same computation for square
and multiply in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-3.patch: add exponent blinding in
cipher/rsa.c.
- debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c.
- debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c.
- CVE-2017-7526
-- Marc Deslauriers <email address hidden> Mon, 03 Jul 2017 08:21:32 -0400
-
libgcrypt11 (1.5.3-2ubuntu4.4) trusty-security; urgency=medium
* SECURITY UPDATE: random number generator prediction
- debian/patches/CVE-2016-6313-1.patch: improve the diagram showing the
random mixing in random/random-csprng.c.
- debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
csprng pool in random/random-csprng.c.
- CVE-2016-6313
-- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:39:25 -0400
-
libgcrypt11 (1.5.3-2ubuntu4.3) trusty-security; urgency=medium
* SECURITY UPDATE: side-channel attack on ECDH
- debian/patches/CVE-2015-7511.patch: perform input validation in
cipher/ecc.c, src/mpi.h, use constant-time multiplication in
mpi/ec.c.
- CVE-2015-7511
-- Marc Deslauriers <email address hidden> Wed, 10 Feb 2016 11:03:08 -0500
-
libgcrypt11 (1.5.3-2ubuntu4.2) trusty-security; urgency=medium
* SECURITY UPDATE: sidechannel attack on Elgamal
- debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
cipher/elgamal.c.
- CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
- debian/patches/CVE-2015-0837.patch: avoid timing variations in
mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
- CVE-2015-0837
-- Marc Deslauriers <email address hidden> Thu, 26 Mar 2015 08:18:00 -0400
-
libgcrypt11 (1.5.3-2ubuntu4.1) trusty-security; urgency=medium
* SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
- debian/patches/add_gcry_divide_by_zero.patch: replace deliberate
division by zero with new _gcry_divide_by_zero().
- debian/patches/CVE-2014-5270.patch: use sliding window method for
exponentiation algorithm in mpi/mpi-pow.c.
- CVE-2014-5270
-- Marc Deslauriers <email address hidden> Tue, 19 Aug 2014 08:59:30 -0400
-
libgcrypt11 (1.5.3-2ubuntu4) trusty; urgency=medium
* Move texinfo to Build-Depends.
-- Matthias Klose <email address hidden> Tue, 17 Dec 2013 13:12:52 +0100
-
libgcrypt11 (1.5.3-2ubuntu3) trusty; urgency=medium
* Fix build failure with texinfo 5.1.
-- Matthias Klose <email address hidden> Sun, 08 Dec 2013 02:37:55 +0100
-
libgcrypt11 (1.5.3-2ubuntu2) trusty; urgency=low
* Build using dh-autoreonf.
-- Matthias Klose <email address hidden> Wed, 04 Dec 2013 20:49:51 +0100
-
libgcrypt11 (1.5.3-2ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- no-global-init-thread-callbacks.diff: Do not call global_init when
setting thread callbacks
libgcrypt11 (1.5.3-2) unstable; urgency=low
* Convert to dh and move building of ps and html docs to
override_dh_auto_build-indep. Enable parallel building.
libgcrypt11 (1.5.3-1) unstable; urgency=high
* New upstream bugfix release. (CVE-2013-4242)
libgcrypt11 (1.5.2-3) unstable; urgency=low
* Install libgcrypt.a and libgcrypt.so to /usr.
* [15_multiarchpath_in_-L.diff] Do not print -L/lib/i386-linux-gnu on
"libgcrypt-config --libs".
* Use debhelper v9 mode. This allows us to mark libgcrypt11-dbg Multi-Arch:
same.
libgcrypt11 (1.5.2-2) unstable; urgency=low
* Upload to unstable.
* Fix vcs-field-not-canonical lintian error by refering to anonscm instead
of svn.debian.org.
* Update info in debian/copyright from upstream's README, fixing typo 'teh'.
* Delete some outdated and unused code in debian/rules.
libgcrypt11 (1.5.2-1) experimental; urgency=low
* New upstream version.
+ IDEA support added.
* Move list of supported algorithms to a separate paragraph in description
to decrease work-load of translators. Closes: #640261
* Move TeX-packages from b-d to Build-Depends-Indep. (Thanks, P. J.
McDermott) Closes: #682597
libgcrypt11 (1.5.1-1) experimental; urgency=low
* Point watchfile to stable release.
* New upstream version.
* Drop superfluous patches:
29_Fix-a-problem-with-select-and-high-fds.patch
30_Avoid-dereferencing-pointer-right-after-the-end.patch
31_Fix-segv-with-AES-NI-on-some-platforms.patch
32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
* Bump version gcry_control@GCRYPT_1.2 in debian/libgcrypt11.symbols from
1.4.5 to 1.5.1 since its argument enum has a new member.
libgcrypt11 (1.5.0-5) unstable; urgency=low
* While we are at it also pick
29_Fix-a-problem-with-select-and-high-fds.patch
LP: #1084279
libgcrypt11 (1.5.0-4) unstable; urgency=low
* Pull patches from upstream LIBGCRYPT-1-5-BRANCH:
30_Avoid-dereferencing-pointer-right-after-the-end.patch
31_Fix-segv-with-AES-NI-on-some-platforms.patch
<https://bugs.g10code.com/gnupg/issue1452> LP: #1105758
32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
Closes: #699034
-- Seth Arnold <email address hidden> Wed, 27 Nov 2013 10:36:27 -0800
-
libgcrypt11 (1.5.0-3ubuntu3) saucy; urgency=low
* SECURITY UPDATE: The path of execution in an exponentiation function may
depend upon secret key data, allowing a local attacker to determine the
contents of the secret key through a side-channel attack.
- debian/patches/CVE-2013-4242.diff: always perform the mpi_mul for
exponents in secure memory. Based on upstream patch.
- CVE-2013-4242
-- Seth Arnold <email address hidden> Tue, 13 Aug 2013 08:56:30 -0400
