From unknown Tue Jun 17 20:42:13 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#28256 <28256@debbugs.gnu.org> To: bug#28256 <28256@debbugs.gnu.org> Subject: Status: [PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes CVE-2017-0379]. Reply-To: bug#28256 <28256@debbugs.gnu.org> Date: Wed, 18 Jun 2025 03:42:13 +0000 retitle 28256 [PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes C= VE-2017-0379]. reassign 28256 guix-patches submitter 28256 Leo Famulari severity 28256 normal tag 28256 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sun Aug 27 17:28:53 2017 Received: (at submit) by debbugs.gnu.org; 27 Aug 2017 21:28:53 +0000 Received: from localhost ([127.0.0.1]:58361 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dm56z-0003z9-Gq for submit@debbugs.gnu.org; Sun, 27 Aug 2017 17:28:53 -0400 Received: from eggs.gnu.org ([208.118.235.92]:33405) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dm56x-0003ys-Hg for submit@debbugs.gnu.org; Sun, 27 Aug 2017 17:28:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dm56r-0002ZK-DB for submit@debbugs.gnu.org; Sun, 27 Aug 2017 17:28:46 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:41931) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dm56r-0002Yz-Am for submit@debbugs.gnu.org; Sun, 27 Aug 2017 17:28:45 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52528) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dm56q-0000Jl-A8 for guix-patches@gnu.org; Sun, 27 Aug 2017 17:28:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dm56l-0002Ti-6j for guix-patches@gnu.org; Sun, 27 Aug 2017 17:28:44 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:48777) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dm56k-0002SE-UV for guix-patches@gnu.org; Sun, 27 Aug 2017 17:28:39 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 4EBA8209C0; Sun, 27 Aug 2017 17:28:37 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Sun, 27 Aug 2017 17:28:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=5Pg6TteoaVEmYohQdtavawO6DOC sheyUVpjGczjkJGI=; b=tqnLGqY6uF9QyDpwUGhSakSr7+qYXUQcREpBzoVNYQ0 LAQuVwGdXAoG1yWhaMOWfl0GaL1bqWZZVEKZAE0OYxFSUZgG81BhDFhJqQVSKkln 1kD+CIxD3zXEw9XHEtFCnnwu4MYh9JYPOJDtAzCr9fbfNFrWYrt0v2vs9toEIfow = DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=5Pg6Tt eoaVEmYohQdtavawO6DOCsheyUVpjGczjkJGI=; b=NE2ayxOjSVrZSld7dDt6/j ho53LsFQnqEWPubYPuLFrIFn8y2+VaeslNHF5TyNNg5yyVZdS/zPuMh54Rjj6uCK Oxc9i45dodO05xPoT7iMT9jp6PqKfBEkaPgtpKPdHjnjVABbBYP7ZJF8VM4CW57Z j5NGRyk84Bloc8T3xzdFpHYCUlHPdjDfZDuINSJPKPXeVL1xaCjrDUeYuhSZDkT7 5VK+xFTcngVb/qReqWPDkzXm8Y84tD3PRn2wufsJNAqzKTx0jVIpR3t97MBdRSKy HxTTbf/xKkgmaV1aEkXXWbpuZ6lVXF9l3vYYvilpvctDHCOtm9+wnsfSLalJQVxw == X-ME-Sender: X-Sasl-enc: yLmp/+6f6MgNn29TfAfmEn1TpXHQZGXKP62Gxp3w1L5E 1503869317 Received: from jasmine.lan (c-73-233-160-251.hsd1.pa.comcast.net [73.233.160.251]) by mail.messagingengine.com (Postfix) with ESMTPA id 085607E77A for ; Sun, 27 Aug 2017 17:28:37 -0400 (EDT) From: Leo Famulari To: guix-patches@gnu.org Subject: [PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes CVE-2017-0379]. Date: Sun, 27 Aug 2017 17:28:17 -0400 Message-Id: <08184f81026503f876088aee5574217582655338.1503869297.git.leo@famulari.name> X-Mailer: git-send-email 2.14.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) * gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field. (libgcrypt-1.7.9): New variable. --- gnu/packages/gnupg.scm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index fd850c046..a039e530f 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -82,6 +82,7 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package (name "libgcrypt") + (replacement libgcrypt-1.7.9) (version "1.7.8") (source (origin (method url-fetch) @@ -115,6 +116,19 @@ generation.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgcrypt"))))) +;; Fixes CVE-2017-0379 +(define libgcrypt-1.7.9 + (package + (inherit libgcrypt) + (version "1.7.9") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" + version ".tar.bz2")) + (sha256 + (base32 + "0frpm4zxqr905ihp37wn8sfz1hir6390z0d2gmjc69hi7iqbpsdz")))))) + (define-public libassuan (package (name "libassuan") -- 2.14.1 From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 28 15:35:29 2017 Received: (at 28256) by debbugs.gnu.org; 28 Aug 2017 19:35:30 +0000 Received: from localhost ([127.0.0.1]:59702 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dmPom-00005l-Bu for submit@debbugs.gnu.org; Mon, 28 Aug 2017 15:35:29 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:33765) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dmPoi-00005b-Qj for 28256@debbugs.gnu.org; Mon, 28 Aug 2017 15:35:26 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 3438821238; Mon, 28 Aug 2017 15:35:24 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Mon, 28 Aug 2017 15:35:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=exN73qo4ElVPD5KOm0TeJnGDAQEBnuS18tCMIq96r lE=; b=VNAwK7JkW8wAUy5kjhd0ROL9JW0n0kJjHBIsxNV/uZS0yIyS1tEOwokOp cxcJMOOwuHSqkHaqafUdeqI2h3E35L//cIWZ0I+ODMg2LEXjshgD9fzllLoH/coe M5EXs124eX/JU5M6IMU2U47MoQv57E6ciZcdLaBy8gmUznJTISE3MRxP9XON4W1B AX7lxqflOIdWAS1kBD7+BjGyfW1ooKjuGvgvW2A/JWwYe1saANczzP2XgfOvYrxN cGlgKChvWRUgH1cN9EswKBIzHwlxapt/AMUmx8VmrxMPfIiN2HQ60QQvOjGBRc/a Jh+y5cDtgt1nvMxvk1YHbSzTCsWxw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=exN73qo4ElVPD5KOm0 TeJnGDAQEBnuS18tCMIq96rlE=; b=d0CSQ5On2Quupuk0dLsjBFJVJcXKk2KEWN kxYHuNdYrbxqaNliBJHQ6QLDpeKgruErUHUVpbYguft9sisno4BICfxDrGhsNWLk H7d7/k+wRHyfZNRNO62KaGJfxOp3K/r1wTuMOAzVGIIFu4ObSWua6rI2beUfaq1M OcbZfQa5x3A0j+lzYtgzH1od3RBQYV7z6emrpZryG5c03D11B2kWUsME08mK4Zmj CGfhIK7RYeaTZdDt6klL8CpIjTO9prHrtg4giiYWBjeNXv5yQ0EUAJI8gDdWgXSD OAb1kcB4dvVP6PORJE8wRI18av51jLTVIX9bH/mdqMq+3hhbq8fA== X-ME-Sender: X-Sasl-enc: BBIDw9rRNopc0skdyGwbUT9aqaapQeY4wDS+8KVbQT/q 1503948923 Received: from localhost (unknown [188.113.81.93]) by mail.messagingengine.com (Postfix) with ESMTPA id AC6242492B; Mon, 28 Aug 2017 15:35:23 -0400 (EDT) From: Marius Bakke To: Leo Famulari , 28256@debbugs.gnu.org Subject: Re: [bug#28256] [PATCH] gnu: libgcrypt: Replace with libgcrypt 1.7.9 [fixes CVE-2017-0379]. In-Reply-To: <08184f81026503f876088aee5574217582655338.1503869297.git.leo@famulari.name> References: <08184f81026503f876088aee5574217582655338.1503869297.git.leo@famulari.name> User-Agent: Notmuch/0.25 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) Date: Mon, 28 Aug 2017 21:35:22 +0200 Message-ID: <87inh7zds5.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 28256 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain Leo Famulari writes: > * gnu/packages/gnupg.scm (libgcrypt)[replacement]: New field. > (libgcrypt-1.7.9): New variable. LGTM. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlmkcHoACgkQoqBt8qM6 VPo6kwgAsaT75YFiGXKH91pCOj1vLAHBaqcplA4/yT3IwuCSygz9QEI7+tLfrfDz T87vy1wHke7XFTftnwDItOCrPp+4u0vTUL8Xq+mzVASPiWEeD9sogRoM+RiiDoQP jVF00zDAJ8NDoUozBbhcUrCUilfLH2CqlpXemNe8JVQSSzVv9eMO2YIwzXiekI2i 8v/t+XaoUxjeODmjNhwFNSxR5KsrBdhcbxQKbfmg/tz2T/N/hUz0UMkg5Cj3lGwb p6A8wZUu3ob4+6bNCSvuiNKDHi5cO+ATzPa3JCHt6G0rWfd057xiZGFvUHvxYKd+ YTWjWVJlrtoGhaJaHEwQ0jHmdwDfDQ== =zgAB -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 06 12:07:17 2017 Received: (at request) by debbugs.gnu.org; 6 Sep 2017 16:07:17 +0000 Received: from localhost ([127.0.0.1]:53237 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dpcrE-0003WB-FW for submit@debbugs.gnu.org; Wed, 06 Sep 2017 12:07:16 -0400 Received: from flashner.co.il ([178.62.234.194]:58884) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dpcr6-0003VL-Lq for request@debbugs.gnu.org; Wed, 06 Sep 2017 12:07:14 -0400 Received: from localhost (46-117-130-79.bb.netvision.net.il [46.117.130.79]) by flashner.co.il (Postfix) with ESMTPSA id A9C46401BC for ; Wed, 6 Sep 2017 16:06:49 +0000 (UTC) Date: Wed, 6 Sep 2017 19:06:47 +0300 From: Efraim Flashner To: request@debbugs.gnu.org Subject: closing tickets Message-ID: <20170906160647.GG2239@macbook42.flashner.co.il> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2oox5VnwalALFvA7" Content-Disposition: inline User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: request X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --2oox5VnwalALFvA7 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable close 28366 close 28367 close 28368 close 28369 close 28370 close 28371 close 28256 --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --2oox5VnwalALFvA7 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlmwHRYACgkQQarn3Mo9 g1H9EA//c9pGvu+yvTc3d23s0vdqAE3LpJ5pHDRkrwc5Wi7p2/4lRB5p4csTUr8o W6RcrFaNsAfFThrwODviIrwuZeUJXbPMraWCpYvWBXgzfKNIqQquqBA7OfFNnVCr f5AkQW3wulhdvXKjCgWDFmR9VrIjFflAvLmL5mNadQzTDn1YeTDhMmHDt1quFTsr Q+XBg09lqB7CcisJhEkoVyAneBaTtNIKt0K2CLetPm2HBpael8O2hucKtkEFC3ou VZo74b9cFSlsOXtvCdKTmKRYctOdJSEXNzX6KU3nOaFJZIX32C++1MOvGqER/R5Y 2x5yHVf2gwGlRtjaIl0Db0QCynkzVMGvgDFEKVDA0jsKRn/20g+7QP07LQvSlT7k jQE8lmXcmuC6iXevCcZC+k1XrnfsDAMnZka2whWierI42CRO5XljpxtPFilUwc7b L68ZPZKnI4A22XBqzG7Fe9rFiXo3KB9ibpH85UdWe3gn3Uh+yqbhLNP+2Jut5rEM ODHYtpieLz1t90yxvs9bJM8XUKDyy/9c6BEOtm/SSG+uT8+dmduagVrFfl1yPyKG Z7Mk+36Lqt2YP8rCymIogIkG/0eT7bTBupE+MaNTJWBFgzsAMc94d6JMhfymtaud X9Nar264xLLnGEVwNkokJmAy0uNIBK62lWlotKHa933tLrWNnZM= =1Bgl -----END PGP SIGNATURE----- --2oox5VnwalALFvA7-- From unknown Tue Jun 17 20:42:13 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 05 Oct 2017 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator