Commit 25760a2a authored by Natanael Copa's avatar Natanael Copa

main/libgcrypt: security upgrade to 1.8.3

fixes #9003
parent 0f0d36a1
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libgcrypt
pkgver=1.8.2
pkgver=1.8.3
pkgrel=0
pkgdesc="general purpose crypto library based on the code used in GnuPG"
url="http://www.gnupg.org"
......@@ -10,8 +10,14 @@ depends=""
depends_dev="libgpg-error-dev"
makedepends="$depends_dev texinfo"
subpackages="$pkgname-dev $pkgname-doc"
source="https://www.gnupg.org/ftp/gcrypt/libgcrypt/$pkgname-$pkgver.tar.bz2"
source="https://www.gnupg.org/ftp/gcrypt/libgcrypt/$pkgname-$pkgver.tar.bz2
random-Fix-hang-of-_gcry_rndjent_get_version.patch"
builddir="$srcdir"/$pkgname-$pkgver
options="!checkroot"
# secfixes:
# 1.8.3-r0:
# - CVE-2018-0495
build () {
cd "$builddir"
......@@ -53,4 +59,5 @@ package() {
rm -f ${pkgdir}/usr/share/info/dir
}
sha512sums="1e8c414f95bf6b50e778102ca7c1b3b1f30d8320826d9fff747a0a098ef85499cdc3e6de736853b9cd4e5dadda35c7c0a291e13643dcac5eaef44f2ddc7a6c09 libgcrypt-1.8.2.tar.bz2"
sha512sums="8c873204303f173dd3f49817a81035c1d504b2fc885965c9bc074a6e3fb108ceb6dca366d85e840a40712a6890fc325018ea9b8c1b7b8804c51c44b296cb96a0 libgcrypt-1.8.3.tar.bz2
a717d40702c8ffdd40a7bffc563bf7aecf01640514a2d07c7eb5e40d742473ba297779fc0fea64576b254214011711a010de0cf306f88c5617fd06214a9fd30e random-Fix-hang-of-_gcry_rndjent_get_version.patch"
From 355f5b7f69075c010fe33aa5b10ac60c08fae0c7 Mon Sep 17 00:00:00 2001
From: Will Dietz <w@wdtz.org>
Date: Sun, 17 Jun 2018 18:53:58 -0500
Subject: [PATCH] random: Fix hang of _gcry_rndjent_get_version.
* random/rndjent.c (_gcry_rndjent_get_version): Move locking.
--
While the protection for jent_rng_collector is needed,
_gcry_rndjent_poll is also acquiring the lock for the variable.
Thus, it hangs.
This change is sub-optimal, the lock is once released after the call
of _gcry_rndjent_poll. It might be good to modify the API of
_gcry_rndjent_poll to explicitly allow this use case of forcing
initialization keeping the lock.
Comments and change log entry by gniibe.
GnuPG-bug-id: 4034
Fixes-commit: 0de2a22fcf6607d0aecb550feefa414cee3731b2
---
random/rndjent.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/random/rndjent.c b/random/rndjent.c
index 0c5a820..3740ddd 100644
--- a/random/rndjent.c
+++ b/random/rndjent.c
@@ -334,9 +334,10 @@ _gcry_rndjent_get_version (int *r_active)
{
if (r_active)
{
- lock_rng ();
/* Make sure the RNG is initialized. */
_gcry_rndjent_poll (NULL, 0, 0);
+
+ lock_rng ();
/* To ease debugging we store 2 for a clock_gettime based
* implementation and 1 for a rdtsc based code. */
*r_active = jent_rng_collector? is_rng_available () : 0;
--
2.8.0.rc3
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment