All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] libgcrypt: security bump to version 1.7.8
@ 2017-06-30 15:04 Baruch Siach
  2017-07-01  8:10 ` Thomas Petazzoni
  2017-07-02 15:04 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Baruch Siach @ 2017-06-30 15:04 UTC (permalink / raw)
  To: buildroot

From the NEWS file:

- Mitigate a flush+reload side-channel attack on RSA secret keys
  dubbed "Sliding right into disaster".  For details see
  <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 package/libgcrypt/libgcrypt.hash | 9 +++++----
 package/libgcrypt/libgcrypt.mk   | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package/libgcrypt/libgcrypt.hash b/package/libgcrypt/libgcrypt.hash
index 5a833d59e629..8ac9f0a92bbc 100644
--- a/package/libgcrypt/libgcrypt.hash
+++ b/package/libgcrypt/libgcrypt.hash
@@ -1,4 +1,5 @@
-# From https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000406.html
-sha1  ea4ae1a4dba51f15095319419d7b42a0bf160384  libgcrypt-1.7.7.tar.bz2
-# Locally calculated
-sha256  b9b85eba0793ea3e6e66b896eb031fa05e1a4517277cc9ab10816b359254cd9a  libgcrypt-1.7.7.tar.bz2
+# From https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
+sha1  65a4a495aa858483e66868199eaa8238572ca6cd  libgcrypt-1.7.8.tar.bz2
+# Locally calculated after checking signature
+# https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.8.tar.bz2.sig
+sha256  948276ea47e6ba0244f36a17b51dcdd52cfd1e664b0a1ac3bc82134fb6cec199  libgcrypt-1.7.8.tar.bz2
diff --git a/package/libgcrypt/libgcrypt.mk b/package/libgcrypt/libgcrypt.mk
index 4374032206d8..bc194addb384 100644
--- a/package/libgcrypt/libgcrypt.mk
+++ b/package/libgcrypt/libgcrypt.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBGCRYPT_VERSION = 1.7.7
+LIBGCRYPT_VERSION = 1.7.8
 LIBGCRYPT_SOURCE = libgcrypt-$(LIBGCRYPT_VERSION).tar.bz2
 LIBGCRYPT_LICENSE = LGPL-2.1+
 LIBGCRYPT_LICENSE_FILES = COPYING.LIB
-- 
2.11.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] libgcrypt: security bump to version 1.7.8
  2017-06-30 15:04 [Buildroot] [PATCH] libgcrypt: security bump to version 1.7.8 Baruch Siach
@ 2017-07-01  8:10 ` Thomas Petazzoni
  2017-07-02 15:04 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2017-07-01  8:10 UTC (permalink / raw)
  To: buildroot

Hello,

On Fri, 30 Jun 2017 18:04:54 +0300, Baruch Siach wrote:
> From the NEWS file:
> 
> - Mitigate a flush+reload side-channel attack on RSA secret keys
>   dubbed "Sliding right into disaster".  For details see
>   <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]
> 
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
>  package/libgcrypt/libgcrypt.hash | 9 +++++----
>  package/libgcrypt/libgcrypt.mk   | 2 +-
>  2 files changed, 6 insertions(+), 5 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] libgcrypt: security bump to version 1.7.8
  2017-06-30 15:04 [Buildroot] [PATCH] libgcrypt: security bump to version 1.7.8 Baruch Siach
  2017-07-01  8:10 ` Thomas Petazzoni
@ 2017-07-02 15:04 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-07-02 15:04 UTC (permalink / raw)
  To: buildroot

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:

 > From the NEWS file:
 > - Mitigate a flush+reload side-channel attack on RSA secret keys
 >   dubbed "Sliding right into disaster".  For details see
 >   <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

 > Signed-off-by: Baruch Siach <baruch@tkos.co.il>

Committed to 2017.02.x and 2017.05.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-07-02 15:04 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-30 15:04 [Buildroot] [PATCH] libgcrypt: security bump to version 1.7.8 Baruch Siach
2017-07-01  8:10 ` Thomas Petazzoni
2017-07-02 15:04 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.