Bug 220382

Summary: security/libgcrypt: update to 1.7.8 (fix CVE-2017-7526)
Product: Ports & Packages Reporter: Carlos J. Puga Medina <cpm>
Component: Individual Port(s)Assignee: Carlos J. Puga Medina <cpm>
Status: Closed FIXED    
Severity: Affects Many People CC: admins, amontalban, farrokhi, lwhsu, portmgr, sa.inbox
Priority: --- Keywords: patch, patch-ready
Version: LatestFlags: cpm: merge-quarterly+
cpm: exp-run?
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch-libgcrypt-1.7.8 none

Description Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-06-30 12:23:00 UTC 
Created attachment 183938 [details]
patch-libgcrypt-1.7.8

- Update libgcrypt to 1.7.8
- Bump library version in pkg-plist

Noteworthy changes in version 1.7.8

 * Bug fixes:

   - Mitigate a flush+reload side-channel attack on RSA secret keys
     dubbed "Sliding right into disaster".  For details see
     <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]


Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html
Comment 1 Antoine Brodin freebsd_committer freebsd_triage 2017-07-04 09:30:53 UTC 
Exp-run looks fine.
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-07-04 17:39:12 UTC 
A commit references this bug:

Author: cpm
Date: Tue Jul  4 17:38:31 UTC 2017
New revision: 445028
URL: https://svnweb.freebsd.org/changeset/ports/445028

Log:
  security/libgcrypt: update to 1.7.8

  - Update libgcrypt to 1.7.8
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.8

   * Bug fixes:

     - Mitigate a flush+reload side-channel attack on RSA secret keys
       dubbed "Sliding right into disaster".  For details see
       <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

  Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
  Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html

  PR:		220382
  MFH:		2017Q3
  Exp-run by:	antoine
  Security:	https://www.vuxml.org/freebsd/ed3bf433-5d92-11e7-aa14-e8e0b747a45a.html

Changes:
  head/security/libgcrypt/Makefile
  head/security/libgcrypt/distinfo
  head/security/libgcrypt/pkg-plist
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-07-06 10:22:28 UTC 
A commit references this bug:

Author: cpm
Date: Thu Jul  6 10:22:05 UTC 2017
New revision: 445135
URL: https://svnweb.freebsd.org/changeset/ports/445135

Log:
  MFH: r445028

  security/libgcrypt: update to 1.7.8

  - Update libgcrypt to 1.7.8
  - Bump library version in pkg-plist

  Noteworthy changes in version 1.7.8

   * Bug fixes:

     - Mitigate a flush+reload side-channel attack on RSA secret keys
       dubbed "Sliding right into disaster".  For details see
       <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

  Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
  Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html

  PR:		220382
  Exp-run by:	antoine
  Security:	https://www.vuxml.org/freebsd/ed3bf433-5d92-11e7-aa14-e8e0b747a45a.html

  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/security/libgcrypt/Makefile
  branches/2017Q3/security/libgcrypt/distinfo
  branches/2017Q3/security/libgcrypt/pkg-plist
Comment 4 Carlos J. Puga Medina freebsd_committer freebsd_triage 2017-07-06 10:23:29 UTC 
Committed, thanks!