Bug 220382 - security/libgcrypt: update to 1.7.8 (fix CVE-2017-7526)
Summary: security/libgcrypt: update to 1.7.8 (fix CVE-2017-7526)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Carlos J. Puga Medina
URL:
Keywords: patch, patch-ready
Depends on:
Blocks:
 
Reported: 2017-06-30 12:23 UTC by Carlos J. Puga Medina
Modified: 2017-07-06 10:23 UTC (History)
6 users (show)

See Also:
cpm: merge-quarterly+
cpm: exp-run?

Attachments
patch-libgcrypt-1.7.8 (1.23 KB, patch)
2017-06-30 12:23 UTC, Carlos J. Puga Medina 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-06-30 12:23:00 UTC 
Created attachment 183938 [details]
patch-libgcrypt-1.7.8

- Update libgcrypt to 1.7.8
- Bump library version in pkg-plist

Noteworthy changes in version 1.7.8

 * Bug fixes:

   - Mitigate a flush+reload side-channel attack on RSA secret keys
     dubbed "Sliding right into disaster".  For details see
     <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]


Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html
Comment 1 Antoine Brodin freebsd_committer freebsd_triage 2017-07-04 09:30:53 UTC 
Exp-run looks fine.
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-07-04 17:39:12 UTC 
A commit references this bug:

Author: cpm
Date: Tue Jul  4 17:38:31 UTC 2017
New revision: 445028
URL: https://svnweb.freebsd.org/changeset/ports/445028

Log:
  security/libgcrypt: update to 1.7.8

  - Update libgcrypt to 1.7.8
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.8

   * Bug fixes:

     - Mitigate a flush+reload side-channel attack on RSA secret keys
       dubbed "Sliding right into disaster".  For details see
       <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

  Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
  Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html

  PR:		220382
  MFH:		2017Q3
  Exp-run by:	antoine
  Security:	https://www.vuxml.org/freebsd/ed3bf433-5d92-11e7-aa14-e8e0b747a45a.html

Changes:
  head/security/libgcrypt/Makefile
  head/security/libgcrypt/distinfo
  head/security/libgcrypt/pkg-plist
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-07-06 10:22:28 UTC 
A commit references this bug:

Author: cpm
Date: Thu Jul  6 10:22:05 UTC 2017
New revision: 445135
URL: https://svnweb.freebsd.org/changeset/ports/445135

Log:
  MFH: r445028

  security/libgcrypt: update to 1.7.8

  - Update libgcrypt to 1.7.8
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.8

   * Bug fixes:

     - Mitigate a flush+reload side-channel attack on RSA secret keys
       dubbed "Sliding right into disaster".  For details see
       <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

  Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
  Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html

  PR:		220382
  Exp-run by:	antoine
  Security:	https://www.vuxml.org/freebsd/ed3bf433-5d92-11e7-aa14-e8e0b747a45a.html

  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/security/libgcrypt/Makefile
  branches/2017Q3/security/libgcrypt/distinfo
  branches/2017Q3/security/libgcrypt/pkg-plist
Comment 4 Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-07-06 10:23:29 UTC 
Committed, thanks!