From unknown Sun Jun 22 07:58:26 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28256] [PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes CVE-2017-0379]. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 27 Aug 2017 21:29:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 28256 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 28256@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.150386933315327 (code B ref -1); Sun, 27 Aug 2017 21:29:02 +0000 Received: (at submit) by debbugs.gnu.org; 27 Aug 2017 21:28:53 +0000 Received: from localhost ([127.0.0.1]:58361 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dm56z-0003z9-Gq for submit@debbugs.gnu.org; Sun, 27 Aug 2017 17:28:53 -0400 Received: from eggs.gnu.org ([208.118.235.92]:33405) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dm56x-0003ys-Hg for submit@debbugs.gnu.org; Sun, 27 Aug 2017 17:28:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dm56r-0002ZK-DB for submit@debbugs.gnu.org; Sun, 27 Aug 2017 17:28:46 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:41931) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dm56r-0002Yz-Am for submit@debbugs.gnu.org; Sun, 27 Aug 2017 17:28:45 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52528) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dm56q-0000Jl-A8 for guix-patches@gnu.org; Sun, 27 Aug 2017 17:28:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dm56l-0002Ti-6j for guix-patches@gnu.org; Sun, 27 Aug 2017 17:28:44 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:48777) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dm56k-0002SE-UV for guix-patches@gnu.org; Sun, 27 Aug 2017 17:28:39 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 4EBA8209C0; Sun, 27 Aug 2017 17:28:37 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Sun, 27 Aug 2017 17:28:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=5Pg6TteoaVEmYohQdtavawO6DOC sheyUVpjGczjkJGI=; b=tqnLGqY6uF9QyDpwUGhSakSr7+qYXUQcREpBzoVNYQ0 LAQuVwGdXAoG1yWhaMOWfl0GaL1bqWZZVEKZAE0OYxFSUZgG81BhDFhJqQVSKkln 1kD+CIxD3zXEw9XHEtFCnnwu4MYh9JYPOJDtAzCr9fbfNFrWYrt0v2vs9toEIfow = DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=5Pg6Tt eoaVEmYohQdtavawO6DOCsheyUVpjGczjkJGI=; b=NE2ayxOjSVrZSld7dDt6/j ho53LsFQnqEWPubYPuLFrIFn8y2+VaeslNHF5TyNNg5yyVZdS/zPuMh54Rjj6uCK Oxc9i45dodO05xPoT7iMT9jp6PqKfBEkaPgtpKPdHjnjVABbBYP7ZJF8VM4CW57Z j5NGRyk84Bloc8T3xzdFpHYCUlHPdjDfZDuINSJPKPXeVL1xaCjrDUeYuhSZDkT7 5VK+xFTcngVb/qReqWPDkzXm8Y84tD3PRn2wufsJNAqzKTx0jVIpR3t97MBdRSKy HxTTbf/xKkgmaV1aEkXXWbpuZ6lVXF9l3vYYvilpvctDHCOtm9+wnsfSLalJQVxw == X-ME-Sender: X-Sasl-enc: yLmp/+6f6MgNn29TfAfmEn1TpXHQZGXKP62Gxp3w1L5E 1503869317 Received: from jasmine.lan (c-73-233-160-251.hsd1.pa.comcast.net [73.233.160.251]) by mail.messagingengine.com (Postfix) with ESMTPA id 085607E77A for ; Sun, 27 Aug 2017 17:28:37 -0400 (EDT) From: Leo Famulari Date: Sun, 27 Aug 2017 17:28:17 -0400 Message-Id: <08184f81026503f876088aee5574217582655338.1503869297.git.leo@famulari.name> X-Mailer: git-send-email 2.14.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) * gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field. (libgcrypt-1.7.9): New variable. --- gnu/packages/gnupg.scm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index fd850c046..a039e530f 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -82,6 +82,7 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package (name "libgcrypt") + (replacement libgcrypt-1.7.9) (version "1.7.8") (source (origin (method url-fetch) @@ -115,6 +116,19 @@ generation.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgcrypt"))))) +;; Fixes CVE-2017-0379 +(define libgcrypt-1.7.9 + (package + (inherit libgcrypt) + (version "1.7.9") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" + version ".tar.bz2")) + (sha256 + (base32 + "0frpm4zxqr905ihp37wn8sfz1hir6390z0d2gmjc69hi7iqbpsdz")))))) + (define-public libassuan (package (name "libassuan") -- 2.14.1 From unknown Sun Jun 22 07:58:26 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28256] [PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes CVE-2017-0379]. Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 28 Aug 2017 19:36:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28256 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Leo Famulari , 28256@debbugs.gnu.org Received: via spool by 28256-submit@debbugs.gnu.org id=B28256.1503948930372 (code B ref 28256); Mon, 28 Aug 2017 19:36:05 +0000 Received: (at 28256) by debbugs.gnu.org; 28 Aug 2017 19:35:30 +0000 Received: from localhost ([127.0.0.1]:59702 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dmPom-00005l-Bu for submit@debbugs.gnu.org; Mon, 28 Aug 2017 15:35:29 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:33765) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dmPoi-00005b-Qj for 28256@debbugs.gnu.org; Mon, 28 Aug 2017 15:35:26 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 3438821238; Mon, 28 Aug 2017 15:35:24 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Mon, 28 Aug 2017 15:35:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=exN73qo4ElVPD5KOm0TeJnGDAQEBnuS18tCMIq96r lE=; b=VNAwK7JkW8wAUy5kjhd0ROL9JW0n0kJjHBIsxNV/uZS0yIyS1tEOwokOp cxcJMOOwuHSqkHaqafUdeqI2h3E35L//cIWZ0I+ODMg2LEXjshgD9fzllLoH/coe M5EXs124eX/JU5M6IMU2U47MoQv57E6ciZcdLaBy8gmUznJTISE3MRxP9XON4W1B AX7lxqflOIdWAS1kBD7+BjGyfW1ooKjuGvgvW2A/JWwYe1saANczzP2XgfOvYrxN cGlgKChvWRUgH1cN9EswKBIzHwlxapt/AMUmx8VmrxMPfIiN2HQ60QQvOjGBRc/a Jh+y5cDtgt1nvMxvk1YHbSzTCsWxw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=exN73qo4ElVPD5KOm0 TeJnGDAQEBnuS18tCMIq96rlE=; b=d0CSQ5On2Quupuk0dLsjBFJVJcXKk2KEWN kxYHuNdYrbxqaNliBJHQ6QLDpeKgruErUHUVpbYguft9sisno4BICfxDrGhsNWLk H7d7/k+wRHyfZNRNO62KaGJfxOp3K/r1wTuMOAzVGIIFu4ObSWua6rI2beUfaq1M OcbZfQa5x3A0j+lzYtgzH1od3RBQYV7z6emrpZryG5c03D11B2kWUsME08mK4Zmj CGfhIK7RYeaTZdDt6klL8CpIjTO9prHrtg4giiYWBjeNXv5yQ0EUAJI8gDdWgXSD OAb1kcB4dvVP6PORJE8wRI18av51jLTVIX9bH/mdqMq+3hhbq8fA== X-ME-Sender: X-Sasl-enc: BBIDw9rRNopc0skdyGwbUT9aqaapQeY4wDS+8KVbQT/q 1503948923 Received: from localhost (unknown [188.113.81.93]) by mail.messagingengine.com (Postfix) with ESMTPA id AC6242492B; Mon, 28 Aug 2017 15:35:23 -0400 (EDT) From: Marius Bakke In-Reply-To: <08184f81026503f876088aee5574217582655338.1503869297.git.leo@famulari.name> References: <08184f81026503f876088aee5574217582655338.1503869297.git.leo@famulari.name> User-Agent: Notmuch/0.25 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) Date: Mon, 28 Aug 2017 21:35:22 +0200 Message-ID: <87inh7zds5.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain Leo Famulari writes: > * gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field. > (libgcrypt-1.7.9): New variable. LGTM. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlmkcHoACgkQoqBt8qM6 VPo6kwgAsaT75YFiGXKH91pCOj1vLAHBaqcplA4/yT3IwuCSygz9QEI7+tLfrfDz T87vy1wHke7XFTftnwDItOCrPp+4u0vTUL8Xq+mzVASPiWEeD9sogRoM+RiiDoQP jVF00zDAJ8NDoUozBbhcUrCUilfLH2CqlpXemNe8JVQSSzVv9eMO2YIwzXiekI2i 8v/t+XaoUxjeODmjNhwFNSxR5KsrBdhcbxQKbfmg/tz2T/N/hUz0UMkg5Cj3lGwb p6A8wZUu3ob4+6bNCSvuiNKDHi5cO+ATzPa3JCHt6G0rWfd057xiZGFvUHvxYKd+ YTWjWVJlrtoGhaJaHEwQ0jHmdwDfDQ== =zgAB -----END PGP SIGNATURE----- --=-=-=--