Hello all,
New security release of libgcrypt:
> Hello!
>
> The GNU project is pleased to announce the availability of Libgcrypt
> version 1.6.5. This is a security fix release to mitigate a new side
> channel attack.
>
> Noteworthy changes in version 1.6.5
> ===================================
>
> * Mitigate side-channel attack on ECDH with Weierstrass curves
> [CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
> details.
>
> * Fix build problem on Solaris.
Here's a patch. It seems to build fine.
>From f45b192c0e648fea95a98d681d8ecdff3dc15bdb Mon Sep 17 00:00:00 2001
From: Christopher Allan Webber <cweb...@dustycloud.org>
Date: Tue, 9 Feb 2016 11:49:06 -0800
Subject: [PATCH] gnu: libgcrypt: Update to 1.6.5.
* gnu/packages/gnupg.scm (libgcrypt): Update to 1.6.5.
---
gnu/packages/gnupg.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index a35e8fc..608c437 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -70,14 +70,14 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
- (version "1.6.4")
+ (version "1.6.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
- "09k06gs27gxfha07sa9rpf4xh6mvphj9sky7n09ymx75w9zjrg69"))))
+ "0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))
--
2.6.3
