New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libgcrypt: 1.8.2 -> 1.8.3 #42044
libgcrypt: 1.8.2 -> 1.8.3 #42044
Conversation
From the changelog: - Use blinding for ECDSA signing to mitigate a novel side-channel attack. [NixOS#4011,CVE-2018-0495] - Fix incorrect counter overflow handling for GCM when using an IV size other than 96 bit. [NixOS#3764] - Fix incorrect output of AES-keywrap mode for in-place encryption on some platforms. - Fix the gcry_mpi_ec_curve_point point validation function. - Fix rare assertion failure in gcry_prime_check. Release info at <https://dev.gnupg.org/T4016>.
@GrahamcOfBorg build libgcrypt |
Success on x86_64-linux (full log) Attempted: libgcrypt Partial log (click to expand)
|
Failure on x86_64-darwin (full log) Attempted: libgcrypt Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: libgcrypt Partial log (click to expand)
|
Failure on x86_64-darwin (full log) Attempted: libgcrypt Partial log (click to expand)
|
@GrahamcOfBorg build libgcrypt Trying to get an successful darwin build. @NixOS/darwin-maintainers Could you try if this upgrade works on your machines? I'd like to have this pushed out sooner then later to fix an side-channel attack on private ECDSA keys. |
Success on x86_64-linux (full log) Attempted: libgcrypt Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: libgcrypt Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: libgcrypt Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: libgcrypt Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: libgcrypt Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: libgcrypt Partial log (click to expand)
|
Failure on x86_64-darwin (full log) Attempted: libgcrypt Partial log (click to expand)
|
Failure on x86_64-darwin (full log) Attempted: libgcrypt Partial log (click to expand)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The tests seem to get hang for some reason. 😕
Merged in a0b2ce5. |
With this many rebuilds, it would've been better to send to staging |
Oh I see, @yegortimoshenko already did that. @andir just take my comment for future reference for you then 😄 |
|
Motivation for this change
From the changelog:
Use blinding for ECDSA signing to mitigate a novel side-channel
attack. [CVE-2018-0495]
Fix incorrect counter overflow handling for GCM when using an IV
size other than 96 bit.
Fix incorrect output of AES-keywrap mode for in-place encryption
on some platforms.
Fix the gcry_mpi_ec_curve_point point validation function.
Fix rare assertion failure in gcry_prime_check.
Release info at https://dev.gnupg.org/T4016.
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)