diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2018-06-19 11:10:01 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-06-19 13:28:14 +0200 |
| commit | a8d906fd888391043f72226d80ddaf247ef4ad9f (patch) | |
| tree | e20d844cb6cb4b949da155317212f7d901e37ef3 /main/libgcrypt | |
| parent | ac61833f9bb704faad406e1778d3f7985214db39 (diff) | |
| download | aports-a8d906fd888391043f72226d80ddaf247ef4ad9f.tar.bz2 aports-a8d906fd888391043f72226d80ddaf247ef4ad9f.tar.xz | |
main/libgcrypt: security upgrade to 1.8.3
fixes #9004
Diffstat (limited to 'main/libgcrypt')
| -rw-r--r-- | main/libgcrypt/APKBUILD | 13 | ||||
| -rw-r--r-- | main/libgcrypt/random-Fix-hang-of-_gcry_rndjent_get_version.patch | 45 |
2 files changed, 55 insertions, 3 deletions
diff --git a/main/libgcrypt/APKBUILD b/main/libgcrypt/APKBUILD index 38ac95e2eb..9cc6bc1115 100644 --- a/main/libgcrypt/APKBUILD +++ b/main/libgcrypt/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libgcrypt -pkgver=1.8.1 +pkgver=1.8.3 pkgrel=0 pkgdesc="general purpose crypto library based on the code used in GnuPG" url="http://www.gnupg.org" @@ -10,8 +10,14 @@ depends="" depends_dev="libgpg-error-dev" makedepends="$depends_dev texinfo" subpackages="$pkgname-dev $pkgname-doc" -source="ftp://ftp.gnupg.org/gcrypt/libgcrypt/$pkgname-$pkgver.tar.bz2" +source="https://www.gnupg.org/ftp/gcrypt/libgcrypt/$pkgname-$pkgver.tar.bz2 + random-Fix-hang-of-_gcry_rndjent_get_version.patch" builddir="$srcdir"/$pkgname-$pkgver +options="!checkroot" + +# secfixes: +# 1.8.3-r0: +# - CVE-2018-0495 build () { cd "$builddir" @@ -53,4 +59,5 @@ package() { rm -f ${pkgdir}/usr/share/info/dir } -sha512sums="27c9d2fd9cba5afca71d421c9299d6942463975fae0bd10d4ff42cda2d7ea213e6b73c071a40fcf23ff52a93394cc7505ab332f8a4a3321826460e471eda5b4e libgcrypt-1.8.1.tar.bz2" +sha512sums="8c873204303f173dd3f49817a81035c1d504b2fc885965c9bc074a6e3fb108ceb6dca366d85e840a40712a6890fc325018ea9b8c1b7b8804c51c44b296cb96a0 libgcrypt-1.8.3.tar.bz2 +a717d40702c8ffdd40a7bffc563bf7aecf01640514a2d07c7eb5e40d742473ba297779fc0fea64576b254214011711a010de0cf306f88c5617fd06214a9fd30e random-Fix-hang-of-_gcry_rndjent_get_version.patch" diff --git a/main/libgcrypt/random-Fix-hang-of-_gcry_rndjent_get_version.patch b/main/libgcrypt/random-Fix-hang-of-_gcry_rndjent_get_version.patch new file mode 100644 index 0000000000..cb2a1c340d --- /dev/null +++ b/main/libgcrypt/random-Fix-hang-of-_gcry_rndjent_get_version.patch @@ -0,0 +1,45 @@ +From 355f5b7f69075c010fe33aa5b10ac60c08fae0c7 Mon Sep 17 00:00:00 2001 +From: Will Dietz <w@wdtz.org> +Date: Sun, 17 Jun 2018 18:53:58 -0500 +Subject: [PATCH] random: Fix hang of _gcry_rndjent_get_version. + +* random/rndjent.c (_gcry_rndjent_get_version): Move locking. + +-- + +While the protection for jent_rng_collector is needed, +_gcry_rndjent_poll is also acquiring the lock for the variable. +Thus, it hangs. + +This change is sub-optimal, the lock is once released after the call +of _gcry_rndjent_poll. It might be good to modify the API of +_gcry_rndjent_poll to explicitly allow this use case of forcing +initialization keeping the lock. + +Comments and change log entry by gniibe. + +GnuPG-bug-id: 4034 +Fixes-commit: 0de2a22fcf6607d0aecb550feefa414cee3731b2 +--- + random/rndjent.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/random/rndjent.c b/random/rndjent.c +index 0c5a820..3740ddd 100644 +--- a/random/rndjent.c ++++ b/random/rndjent.c +@@ -334,9 +334,10 @@ _gcry_rndjent_get_version (int *r_active) + { + if (r_active) + { +- lock_rng (); + /* Make sure the RNG is initialized. */ + _gcry_rndjent_poll (NULL, 0, 0); ++ ++ lock_rng (); + /* To ease debugging we store 2 for a clock_gettime based + * implementation and 1 for a rdtsc based code. */ + *r_active = jent_rng_collector? is_rng_available () : 0; +-- +2.8.0.rc3 + |