diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2018-06-19 11:10:01 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-06-19 11:13:33 +0000 |
commit | 25760a2a94cd003c6ae42b72c4701f96d4264027 (patch) | |
tree | d0299da8cd24b246d3baf53b2dc779ca4470e601 | |
parent | 0f0d36a1d0940a200f7c5cae3622aaad9d1c02a8 (diff) | |
download | alpine_aports-25760a2a94cd003c6ae42b72c4701f96d4264027.tar.bz2 alpine_aports-25760a2a94cd003c6ae42b72c4701f96d4264027.tar.xz alpine_aports-25760a2a94cd003c6ae42b72c4701f96d4264027.zip |
main/libgcrypt: security upgrade to 1.8.3
fixes #9003
-rw-r--r-- | main/libgcrypt/APKBUILD | 13 | ||||
-rw-r--r-- | main/libgcrypt/random-Fix-hang-of-_gcry_rndjent_get_version.patch | 45 |
2 files changed, 55 insertions, 3 deletions
diff --git a/main/libgcrypt/APKBUILD b/main/libgcrypt/APKBUILD index 8eee2ae379..9cc6bc1115 100644 --- a/main/libgcrypt/APKBUILD +++ b/main/libgcrypt/APKBUILD | |||
@@ -1,6 +1,6 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=libgcrypt | 2 | pkgname=libgcrypt |
3 | pkgver=1.8.2 | 3 | pkgver=1.8.3 |
4 | pkgrel=0 | 4 | pkgrel=0 |
5 | pkgdesc="general purpose crypto library based on the code used in GnuPG" | 5 | pkgdesc="general purpose crypto library based on the code used in GnuPG" |
6 | url="http://www.gnupg.org" | 6 | url="http://www.gnupg.org" |
@@ -10,8 +10,14 @@ depends="" | |||
10 | depends_dev="libgpg-error-dev" | 10 | depends_dev="libgpg-error-dev" |
11 | makedepends="$depends_dev texinfo" | 11 | makedepends="$depends_dev texinfo" |
12 | subpackages="$pkgname-dev $pkgname-doc" | 12 | subpackages="$pkgname-dev $pkgname-doc" |
13 | source="https://www.gnupg.org/ftp/gcrypt/libgcrypt/$pkgname-$pkgver.tar.bz2" | 13 | source="https://www.gnupg.org/ftp/gcrypt/libgcrypt/$pkgname-$pkgver.tar.bz2 |
14 | random-Fix-hang-of-_gcry_rndjent_get_version.patch" | ||
14 | builddir="$srcdir"/$pkgname-$pkgver | 15 | builddir="$srcdir"/$pkgname-$pkgver |
16 | options="!checkroot" | ||
17 | |||
18 | # secfixes: | ||
19 | # 1.8.3-r0: | ||
20 | # - CVE-2018-0495 | ||
15 | 21 | ||
16 | build () { | 22 | build () { |
17 | cd "$builddir" | 23 | cd "$builddir" |
@@ -53,4 +59,5 @@ package() { | |||
53 | rm -f ${pkgdir}/usr/share/info/dir | 59 | rm -f ${pkgdir}/usr/share/info/dir |
54 | } | 60 | } |
55 | 61 | ||
56 | sha512sums="1e8c414f95bf6b50e778102ca7c1b3b1f30d8320826d9fff747a0a098ef85499cdc3e6de736853b9cd4e5dadda35c7c0a291e13643dcac5eaef44f2ddc7a6c09 libgcrypt-1.8.2.tar.bz2" | 62 | sha512sums="8c873204303f173dd3f49817a81035c1d504b2fc885965c9bc074a6e3fb108ceb6dca366d85e840a40712a6890fc325018ea9b8c1b7b8804c51c44b296cb96a0 libgcrypt-1.8.3.tar.bz2 |
63 | a717d40702c8ffdd40a7bffc563bf7aecf01640514a2d07c7eb5e40d742473ba297779fc0fea64576b254214011711a010de0cf306f88c5617fd06214a9fd30e random-Fix-hang-of-_gcry_rndjent_get_version.patch" | ||
diff --git a/main/libgcrypt/random-Fix-hang-of-_gcry_rndjent_get_version.patch b/main/libgcrypt/random-Fix-hang-of-_gcry_rndjent_get_version.patch new file mode 100644 index 0000000000..cb2a1c340d --- /dev/null +++ b/main/libgcrypt/random-Fix-hang-of-_gcry_rndjent_get_version.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | From 355f5b7f69075c010fe33aa5b10ac60c08fae0c7 Mon Sep 17 00:00:00 2001 | ||
2 | From: Will Dietz <w@wdtz.org> | ||
3 | Date: Sun, 17 Jun 2018 18:53:58 -0500 | ||
4 | Subject: [PATCH] random: Fix hang of _gcry_rndjent_get_version. | ||
5 | |||
6 | * random/rndjent.c (_gcry_rndjent_get_version): Move locking. | ||
7 | |||
8 | -- | ||
9 | |||
10 | While the protection for jent_rng_collector is needed, | ||
11 | _gcry_rndjent_poll is also acquiring the lock for the variable. | ||
12 | Thus, it hangs. | ||
13 | |||
14 | This change is sub-optimal, the lock is once released after the call | ||
15 | of _gcry_rndjent_poll. It might be good to modify the API of | ||
16 | _gcry_rndjent_poll to explicitly allow this use case of forcing | ||
17 | initialization keeping the lock. | ||
18 | |||
19 | Comments and change log entry by gniibe. | ||
20 | |||
21 | GnuPG-bug-id: 4034 | ||
22 | Fixes-commit: 0de2a22fcf6607d0aecb550feefa414cee3731b2 | ||
23 | --- | ||
24 | random/rndjent.c | 3 ++- | ||
25 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
26 | |||
27 | diff --git a/random/rndjent.c b/random/rndjent.c | ||
28 | index 0c5a820..3740ddd 100644 | ||
29 | --- a/random/rndjent.c | ||
30 | +++ b/random/rndjent.c | ||
31 | @@ -334,9 +334,10 @@ _gcry_rndjent_get_version (int *r_active) | ||
32 | { | ||
33 | if (r_active) | ||
34 | { | ||
35 | - lock_rng (); | ||
36 | /* Make sure the RNG is initialized. */ | ||
37 | _gcry_rndjent_poll (NULL, 0, 0); | ||
38 | + | ||
39 | + lock_rng (); | ||
40 | /* To ease debugging we store 2 for a clock_gettime based | ||
41 | * implementation and 1 for a rdtsc based code. */ | ||
42 | *r_active = jent_rng_collector? is_rng_available () : 0; | ||
43 | -- | ||
44 | 2.8.0.rc3 | ||
45 | |||