libgcrypt20 (1.6.5-2ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: memory-cache side-channel attack on ECDSA signatures - debian/patches/CVE-2018-0495.patch: add blinding for ECDSA in cipher/ecc-ecdsa.c. - CVE-2018-0495 -- Marc Deslauriers Mon, 18 Jun 2018 09:30:10 -0400 libgcrypt20 (1.6.5-2ubuntu0.4) xenial; urgency=medium * Disable the library reading /proc/sys/crypto/fips_enabled file and going into FIPS mode. This fixes a hang on boot when using a FIPS-enabled kernel with encrypted installations (LP: #1748310) - debian/patches/disable_fips_enabled_read.patch -- Vineetha Pai Fri, 16 Feb 2018 13:31:19 -0500 libgcrypt20 (1.6.5-2ubuntu0.3) xenial-security; urgency=medium * SECURITY UPDATE: full RSA key recovery via side-channel attack - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c. - debian/patches/CVE-2017-7526-2.patch: use same computation for square and multiply in mpi/mpi-pow.c. - debian/patches/CVE-2017-7526-3.patch: add exponent blinding in cipher/rsa.c. - debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c. - debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c. - CVE-2017-7526 * SECURITY UPDATE: EdDSA key recovery via side-channel attack - debian/patches/CVE-2017-9526-1.patch: store EdDSA session key in secure memory in cipher/ecc-eddsa.c. - debian/patches/CVE-2017-9526-2.patch: fix SEGV and stat calculation src/secmem.c. - CVE-2017-9526 -- Marc Deslauriers Mon, 03 Jul 2017 08:16:37 -0400 libgcrypt20 (1.6.5-2ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: random number generator prediction - debian/patches/CVE-2016-6313-1.patch: improve the diagram showing the random mixing in random/random-csprng.c. - debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the csprng pool in random/random-csprng.c. - CVE-2016-6313 * debian/rules: disable unaligned memory access on arm to fix FTBFS. -- Marc Deslauriers Thu, 18 Aug 2016 13:15:16 -0400 libgcrypt20 (1.6.5-2) unstable; urgency=medium * serial-tests was added in automake 1.12, add versioned b-d. * Upload to unstable. -- Andreas Metzler Wed, 10 Feb 2016 12:01:58 +0100 libgcrypt20 (1.6.5-1) experimental; urgency=medium * New upstream bugfix release. + Mitigate side-channel attack on ECDH with Weierstrass curves [CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for details. -- Andreas Metzler Tue, 09 Feb 2016 19:52:06 +0100 libgcrypt20 (1.6.4-5) unstable; urgency=medium * Move Vcs-* from git/http to https. * Add 30_support_source_date_epoch.diff: Support setting BUILD_TIMESTAMP using SOURCE_DATE_EPOCH through the SOURCE_DATE_EPOCH environment variable. (Thanks, Jérémy Bobbio!). Use/b-d on dh-autoreconf instead of autotools-dev. Closes: #812428 -- Andreas Metzler Sun, 24 Jan 2016 16:00:41 +0100 libgcrypt20 (1.6.4-4) unstable; urgency=medium * Delete build-aux/texinfo.tex and let texinfo use the system copy instead to prevent breakage in pdf generation in UTF-8 locale. Closes: #803081 * Migrate from libgcrypt20-dbg to ddebs. dh_strip's --ddeb-migration option was added to debhelper/unstable with version 9.20150628, bump build-dependency accordingly. -- Andreas Metzler Fri, 25 Dec 2015 14:06:18 +0100 libgcrypt20 (1.6.4-3) unstable; urgency=medium * Upload to unstable. * Ship pdf instead of postscript docs. -- Andreas Metzler Sun, 18 Oct 2015 13:37:58 +0200 libgcrypt20 (1.6.4-2) experimental; urgency=medium * Pull 20_fedora_libgcrypt-1.6.3-aliasing.patch from Fedora to fix testsuite error with gcc5 on ppc64. -- Andreas Metzler Sat, 03 Oct 2015 18:06:52 +0200 # For older changelog entries, run 'apt-get changelog libgcrypt20'