HomeFreeBSD

security/libgcrypt: Update to 1.8.3 (bugfix)

Description

security/libgcrypt: Update to 1.8.3 (bugfix)

  • Improve comment in Makefile
  • Provide more elaborate port description and update WWW in pkg-descr

Noteworthy changes in version 1.8.3

  • Use blinding for ECDSA signing to mitigate a novel side-channel attack. [#4011,CVE-2018-0495]
  • Fix incorrect counter overflow handling for GCM when using an IV size other than 96 bit. [#3764]
  • Fix incorrect output of AES-keywrap mode for in-place encryption on some platforms.
  • Fix the gcry_mpi_ec_curve_point point validation function.
  • Fix rare assertion failure in gcry_prime_check.

    Release info at https://dev.gnupg.org/T4016.

For further details, see https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html

MFH: 2018Q2
Security: http://vuxml.freebsd.org/freebsd/9b5162de-6f39-11e8-818e-e8e0b747a45a.html

Details

Committed
cpmJun 13 2018, 6:59 PM
Parents
rP472336: Document libgcrypt side-channel attack vulnerability
Branches
Unknown
Tags
Unknown