File _patchinfo of Package patchinfo.167
<patchinfo incident="167">
<packager>jluce2</packager>
<issue tracker="bnc" id="810759"></issue>
<issue tracker="bnc" id="831359"></issue>
<category>security</category>
<rating>moderate</rating>
<summary>libgcrypt: update to 1.5.3</summary>
<description>libgcrypt was updated to 1.5.3 [bnc#831359] to fix a
security issue, bugs and get some new features:
Security issue fixed:
* Mitigate the Yarom/Falkner flush+reload side-channel
attack on RSA secret keys. See
<http://eprint.iacr.org/2013/448>.
- contains changes from 1.5.2
* The upstream sources now contain the IDEA algorithm,
dropping: idea.c.gz libgcrypt-1.5.0-idea.patch
libgcrypt-1.5.0-idea_codecleanup.patch
* Made the Padlock code work again (regression since
1.5.0).
* Fixed alignment problems for Serpent.
* Fixed two bugs in ECC computations.
- add GPL3.0+ to License tag because of dumpsexp
(bnc#810759)
- contains changes from 1.5.1
* Allow empty passphrase with PBKDF2.
* Do not abort on an invalid algorithm number in
gcry_cipher_get_algo_keylen and
gcry_cipher_get_algo_blklen.
* Fixed some Valgrind warnings.
* Fixed a problem with select and high fd numbers.
* Improved the build system
* Various minor bug fixes.
* Interface changes relative to the 1.5.0 release:
GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW.
GCRYPT_VERSION_NUMBER NEW.</description>
</patchinfo>