Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[18.03] libgcrypt: 1.8.2 -> 1.8.3 #42046

Closed
wants to merge 1 commit into from
Closed

[18.03] libgcrypt: 1.8.2 -> 1.8.3 #42046

wants to merge 1 commit into from

Conversation

andir
Copy link
Member

@andir andir commented Jun 14, 2018

Motivation for this change

From the changelog:

  • Use blinding for ECDSA signing to mitigate a novel side-channel
    attack. [CVE-2018-0495]

  • Fix incorrect counter overflow handling for GCM when using an IV
    size other than 96 bit.

  • Fix incorrect output of AES-keywrap mode for in-place encryption
    on some platforms.

  • Fix the gcry_mpi_ec_curve_point point validation function.

  • Fix rare assertion failure in gcry_prime_check.

Release info at https://dev.gnupg.org/T4016.

(cherry picked from commit 2f24d32)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@andir
libgcrypt: 1.8.2 -> 1.8.3
0fcde03 
From the changelog:

   - Use blinding for ECDSA signing to mitigate a novel side-channel
     attack.  [NixOS#4011,CVE-2018-0495]

   - Fix incorrect counter overflow handling for GCM when using an IV
     size other than 96 bit.  [NixOS#3764]

   - Fix incorrect output of AES-keywrap mode for in-place encryption
     on some platforms.

   - Fix the gcry_mpi_ec_curve_point point validation function.

   - Fix rare assertion failure in gcry_prime_check.

   Release info at <https://dev.gnupg.org/T4016>.

(cherry picked from commit 2f24d32)
@andir andir changed the title libgcrypt: 1.8.2 -> 1.8.3 [18.03] libgcrypt: 1.8.2 -> 1.8.3 Jun 14, 2018
@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: libgcrypt

Partial log (click to expand)

gzipping man pages under /nix/store/2qyxmkf38ff36bl928xaybqm8krr4685-libgcrypt-1.8.3-dev/share/man/
strip is /nix/store/b0zlxla7dmy1iwc3g459rjznx59797xy-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/2qyxmkf38ff36bl928xaybqm8krr4685-libgcrypt-1.8.3-dev/bin
patching script interpreter paths in /nix/store/2qyxmkf38ff36bl928xaybqm8krr4685-libgcrypt-1.8.3-dev
/nix/store/2qyxmkf38ff36bl928xaybqm8krr4685-libgcrypt-1.8.3-dev/bin/libgcrypt-config: interpreter directive changed from "/bin/sh" to "/nix/store/zqh3l3lyw32q1ayb15bnvg9f24j5v2p0-bash-4.4-p12/bin/sh"
checking for references to /build in /nix/store/2qyxmkf38ff36bl928xaybqm8krr4685-libgcrypt-1.8.3-dev...
shrinking RPATHs of ELF executables and libraries in /nix/store/7gcsyrppzasmx651g2dq4d7axjrw37wb-libgcrypt-1.8.3-info
strip is /nix/store/b0zlxla7dmy1iwc3g459rjznx59797xy-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/7gcsyrppzasmx651g2dq4d7axjrw37wb-libgcrypt-1.8.3-info
checking for references to /build in /nix/store/7gcsyrppzasmx651g2dq4d7axjrw37wb-libgcrypt-1.8.3-info...

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: libgcrypt

Partial log (click to expand)

strip is /nix/store/ppn001bfygzlqx4h50n9zgxc3kqv2d6k-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/6skdis09nz5038shnkiwf6rs0vb5flbm-libgcrypt-1.8.3-dev/bin
patching script interpreter paths in /nix/store/6skdis09nz5038shnkiwf6rs0vb5flbm-libgcrypt-1.8.3-dev
/nix/store/6skdis09nz5038shnkiwf6rs0vb5flbm-libgcrypt-1.8.3-dev/bin/libgcrypt-config: interpreter directive changed from "/bin/sh" to "/nix/store/1gk1g42x90yp3avlz3grxv917ppvqf5s-bash-4.4-p12/bin/sh"
checking for references to /build in /nix/store/6skdis09nz5038shnkiwf6rs0vb5flbm-libgcrypt-1.8.3-dev...
shrinking RPATHs of ELF executables and libraries in /nix/store/hd9jihqdy5m7g5w0bl7yywpgs4jqqw6d-libgcrypt-1.8.3-info
strip is /nix/store/ppn001bfygzlqx4h50n9zgxc3kqv2d6k-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/hd9jihqdy5m7g5w0bl7yywpgs4jqqw6d-libgcrypt-1.8.3-info
checking for references to /build in /nix/store/hd9jihqdy5m7g5w0bl7yywpgs4jqqw6d-libgcrypt-1.8.3-info...
/nix/store/llkqragsii47x4c9mc1mgbsiwc3d0qxs-libgcrypt-1.8.3

@GrahamcOfBorg
Copy link

Failure on x86_64-darwin (full log)

Attempted: libgcrypt

Partial log (click to expand)

make[2]: Entering directory '/private/tmp/nix-build-libgcrypt-1.8.3.drv-0/libgcrypt-1.8.3/doc'
make[2]: Nothing to be done for 'check-am'.
make[2]: Leaving directory '/private/tmp/nix-build-libgcrypt-1.8.3.drv-0/libgcrypt-1.8.3/doc'
make[1]: Leaving directory '/private/tmp/nix-build-libgcrypt-1.8.3.drv-0/libgcrypt-1.8.3/doc'
Making check in tests
make[1]: Entering directory '/private/tmp/nix-build-libgcrypt-1.8.3.drv-0/libgcrypt-1.8.3/tests'
make  check-TESTS
make[2]: Entering directory '/private/tmp/nix-build-libgcrypt-1.8.3.drv-0/libgcrypt-1.8.3/tests'
building of '/nix/store/xlkf003n9bnx7vvsmla585dlkl901kap-libgcrypt-1.8.3.drv' timed out after 1800 seconds
error: build of '/nix/store/xlkf003n9bnx7vvsmla585dlkl901kap-libgcrypt-1.8.3.drv' failed

@lukateras lukateras closed this Jun 15, 2018
@lukateras
Copy link
Member

Merged in f3c913d, sorry!

@andir andir deleted the 18.02/libgcrypt branch June 15, 2018 07:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
10.rebuild-darwin: 101-500 10.rebuild-linux: 501+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@andir @GrahamcOfBorg @lukateras