Re: Wheezy update of libgcrypt11?
Hi Chris, GnuPG maintainers, GnuTLS maintainers and LTS team
I have now prepared an updated libgcrypt11 package.
I have simply taken the two patches from libgcrypt20 and applied them
to libgcrypt11. They applied cleanly with just a little "fuzz".
The debdiff is available here:
And the prepared packages are available here:
I have not tried to reproduce the problem reported as I'm not an
expert in cryptography mathematics. And especially not random
generators. If anyone knows of a tool to reproduce the random
generation problem I'm eager to know.
Regarding regression testing I have installed the built package and
tried a few tools that depend on libgcrypt11. However I'm not sure I
trigger this function in some way. If anyone know of a good way to do
regression testing of libgcrypt11 I'm eager to know that too.
As this is such a critical function (as Chris clearly pointed out) I'd
like as many as possible to have a look at what I have done.
If I do not hear any objections in four days I'll upload the
correction. That is on Monday next week.
Thanks in advance and best regards
On Thu, Aug 18, 2016 at 11:26 AM, Chris Lamb <firstname.lastname@example.org> wrote:
> [Adding Ola Lundqvist <email@example.com> to CC]
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of libgcrypt11:
> Ola, I notice that you have claimed this package in data/dla-needed.txt.
> As this is an especially sensitive package, it would seem prudent to
> get as many eyes on your debdiffs prior to upload, either from the GnuPG
> maintainers and/or on the debian-lts list.
> : :' : Chris Lamb
> `. `'` firstname.lastname@example.org / chris-lamb.co.uk
--- Inguza Technology AB --- MSc in Information Technology ----
/ email@example.com Folkebogatan 26 \
| firstname.lastname@example.org 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /