Ubuntu
libgcrypt20 package

Please merge libgcrypt20 1.10.1-2 (main) from Debian unstable (main)

Bug #1974277 reported by Frank Heimes
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libgcrypt20 (Ubuntu)
Fix Released
Wishlist
Unassigned
Ubuntu ubuntu-22.10-feature-freeze

Bug Description

Please merge libgcrypt20 1.10.1-2 from Debian unstable main
to libgcrypt20-1.10.1-2ubuntu1 Ubuntu kinetic main.

One Ubuntu specific change is still needed: d/p/disable_fips_enabled_read.patch (LP: #1748310)
According to dep3 header 'not-needed' to forward it upstream.
The old patches:
d/p/0001-Always-include-config.h-in-cipher-assembly-codes.patch
and
d/p/0001-poly1305-fix-building-with-arm-linux-gnueabihf-gcc-1.patch
could be removed, since they are now incl. in upstream and with that also in the new version.
Two new patches came in with the verson from 'unstable':
d/p/31_0002-kdf-argon2-Fix-for-the-case-output-64.patch
and
d/p/31_0003-hwf-ppc-fix-missing-HWF_PPC_ARCH_3_10-in-HW-feature.patch
and were carried over / kept for libgcrypt20-1.10.1-2ubuntu1.
In addition a minor refresh of d/p/12_lessdeps_libgcrypt-config.diff to resolve offsets.

Further open bugs were screened.

PPA-based test builds for all major architectures are done here:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1974277

The build (logs) also include test runs:
Search for: "check-TESTS"
until: "tests passed"
especially:
====================
All 33 tests passed
(1 test was not run)
====================

See original description

CVE References

Frank Heimes (fheimes)
description: updated
Revision history for this message
Frank Heimes (fheimes) wrote :

debdiff of old Ubuntu package against new Ubuntu package

Revision history for this message
Frank Heimes (fheimes) wrote :

debdiff of old Debian package against new Ubuntu package

Changed in libgcrypt20 (Ubuntu):
status: In Progress → Confirmed
assignee: Frank Heimes (fheimes) → nobody
Revision history for this message
Frank Heimes (fheimes) wrote :

debdiff of new Debian package and new Ubuntu package

Revision history for this message
Julian Andres Klode (juliank) wrote :

Sponsored.

Changed in libgcrypt20 (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package libgcrypt20 - 1.10.1-2ubuntu1

---------------
libgcrypt20 (1.10.1-2ubuntu1) kinetic; urgency=low

  * Merge from Debian unstable. (LP: #1974277) Remaining changes:
    - d/p/disable_fips_enabled_read.patch
      Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode.
      libgcrypt is not a FIPS certified library.
  * Removed d/p/0001-Always-include-config.h-in-cipher-assembly-codes.patch
    since it's already included in the new version.
  * Removed d/p/0001-poly1305-fix-building-with-arm-linux-gnueabihf-gcc-1.patch
    since it's already included in the new version.
  * Refreshed d/p/12_lessdeps_libgcrypt-config.diff
    and d/p/disable_fips_enabled_read.patch due to offsets.

libgcrypt20 (1.10.1-2) unstable; urgency=low

  * Upload to unstable.
  * Update from upstream LIBGCRYPT-1.10-BRANCH, renaming the patch in the
    previous upload and adding another fix
    (31_0003-hwf-ppc-fix-missing-HWF_PPC_ARCH_3_10-in-HW-feature.patch).

libgcrypt20 (1.10.1-1) experimental; urgency=low

  * New upstream version.
    + Drop cherrypicked patches.
    + Add post-release fix 31_0001-kdf-argon2-Fix-for-the-case-output-64.patch

libgcrypt20 (1.10.0-2) experimental; urgency=low

  [ Debian Janitor ]
  * Remove constraints unnecessary since buster:
    + Build-Depends: Drop versioned constraint on libgpg-error-dev.
    + Build-Depends-Indep: Drop versioned constraint on texinfo.

  [ Andreas Metzler ]
  * Upgrade to head of LIBGCRYPT-1.10-BRANCH.
    + 30_0001-Post-release-updates.patch
    + 30_0002-jitterentropy-Include-fcntl.h-and-limits.h.patch
    + 30_0003-kdf-Use-u64.patch
    + 30_0004-Register-DCO-for-Clemens-Lang.patch
    + 30_0005-fips-Fix-memory-leaks-in-FIPS-mode.patch
    + 30_0006-hmac-Fix-memory-leak.patch
    + 30_0007-build-Fix-m4-gpg-error.m4.patch
    + 30_0008-Silence-compiler-warnings-for-possible-alignment-pro.patch
    + 30_0009-fips-Use-ELF-header-to-find-hmac-file-offset.patch
    + 30_0010-fips-Fix-previous-commit.patch
    + 30_0011-fips-Integrity-check-improvement-with-only-loadable-.patch
    + 30_0012-fips-More-portable-integrity-check.patch
    + 30_0013-fips-Fix-gen-note-integrity.sh-script-not-to-use-cmp.patch
    + 30_0014-fips-Clarify-what-to-be-hashed-for-the-integrity-che.patch
  * Point vcs-* to experimental branch.

  [ Johannes Schauer Marin Rodrigues ]
  * debian/libgcrypt20.postinst: only run clean-up-unmanaged-libraries on
    upgrades and not on new installations. Closes: #1007754

libgcrypt20 (1.10.0-1) experimental; urgency=low

  * Run wrap-and-sort -ast.
  * New upstream version.
    + Drop 30_01-poly1305-fix-building-with-arm-linux-gnueabihf-gcc-1.patch.
    + Add new symbols to symbol file, bump versioned dependency info of all
      symbols to 1.10.0. (Many enums extended, most notably gcry_ctl_cmds, i.e.
      the arguments for gcry_control()).

libgcrypt20 (1.9.4-5) unstable; urgency=medium

  * Pull 30_01-poly1305-fix-building-with-arm-linux-gnueabihf-gcc-1.patch from
    upstream GIT master branch, fixing FTBFS on armhf. Closes: #1001675

libgcrypt20 (1.9.4-4) unstable; urgency=low

  * Import clean-up-unmanaged-libraries ...

Read more...

Changed in libgcrypt20 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.