Bug 220382 - security/libgcrypt: update to 1.7.8 (fix CVE-2017-7526)
Summary: security/libgcrypt: update to 1.7.8 (fix CVE-2017-7526)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Carlos J. Puga Medina
URL:
Keywords: patch, patch-ready
Depends on:
Blocks:
 
Reported: 2017-06-30 12:23 UTC by Carlos J. Puga Medina
Modified: 2017-07-06 10:23 UTC (History)
6 users (show)

See Also:
cpm: merge-quarterly+
cpm: exp-run?


Attachments
patch-libgcrypt-1.7.8 (1.23 KB, patch)
2017-06-30 12:23 UTC, Carlos J. Puga Medina
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-06-30 12:23:00 UTC
Created attachment 183938 [details]
patch-libgcrypt-1.7.8

- Update libgcrypt to 1.7.8
- Bump library version in pkg-plist

Noteworthy changes in version 1.7.8

 * Bug fixes:

   - Mitigate a flush+reload side-channel attack on RSA secret keys
     dubbed "Sliding right into disaster".  For details see
     <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]


Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html
Comment 1 Antoine Brodin freebsd_committer freebsd_triage 2017-07-04 09:30:53 UTC
Exp-run looks fine.
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-07-04 17:39:12 UTC
A commit references this bug:

Author: cpm
Date: Tue Jul  4 17:38:31 UTC 2017
New revision: 445028
URL: https://svnweb.freebsd.org/changeset/ports/445028

Log:
  security/libgcrypt: update to 1.7.8

  - Update libgcrypt to 1.7.8
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.8

   * Bug fixes:

     - Mitigate a flush+reload side-channel attack on RSA secret keys
       dubbed "Sliding right into disaster".  For details see
       <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

  Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
  Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html

  PR:		220382
  MFH:		2017Q3
  Exp-run by:	antoine
  Security:	https://www.vuxml.org/freebsd/ed3bf433-5d92-11e7-aa14-e8e0b747a45a.html

Changes:
  head/security/libgcrypt/Makefile
  head/security/libgcrypt/distinfo
  head/security/libgcrypt/pkg-plist
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-07-06 10:22:28 UTC
A commit references this bug:

Author: cpm
Date: Thu Jul  6 10:22:05 UTC 2017
New revision: 445135
URL: https://svnweb.freebsd.org/changeset/ports/445135

Log:
  MFH: r445028

  security/libgcrypt: update to 1.7.8

  - Update libgcrypt to 1.7.8
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.8

   * Bug fixes:

     - Mitigate a flush+reload side-channel attack on RSA secret keys
       dubbed "Sliding right into disaster".  For details see
       <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

  Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
  Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html

  PR:		220382
  Exp-run by:	antoine
  Security:	https://www.vuxml.org/freebsd/ed3bf433-5d92-11e7-aa14-e8e0b747a45a.html

  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/security/libgcrypt/Makefile
  branches/2017Q3/security/libgcrypt/distinfo
  branches/2017Q3/security/libgcrypt/pkg-plist
Comment 4 Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-07-06 10:23:29 UTC
Committed, thanks!