Skip to content
Permalink
83e0d7979c
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
Announcement [1]:

> [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]
>
> Hello!
>
> The GnuPG Project is pleased to announce the availability of new
> Libgcrypt and GnuPG versions to *fix a critical security problem*.
>
> Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of
> Technology found a bug in the mixing functions of Libgcrypt's random
> number generator: An attacker who obtains 4640 bits from the RNG can
> trivially predict the next 160 bits of output.  This bug exists since
> 1998 in all GnuPG and Libgcrypt versions.
>
>
> Impact
> ======
> All Libgcrypt and GnuPG versions released before 2016-08-17 are affected
> on all platforms.
>
> A first analysis on the impact of this bug in GnuPG shows that existing
> RSA keys are not weakened.  For DSA and Elgamal keys it is also unlikely
> that the private key can be predicted from other public information.
> This needs more research and I would suggest _not to_ overhasty revoke
> keys.
>
>
> Solution
> ========
> If you are using a vendor supplied version of GnuPG or Libgcrypt:
>
>  * Wait for an update from your vendor.
>
> If you are using a GnuPG-2 version (2.0.x or 2.1.x):
>
>  * Update Libgcrypt.  We have released these fixed versions of
>    Libgcrypt: 1.7.3, 1.6.6, and 1.5.6.  See below for download
>    information.
>
> If you are using GnuPG-1 version (1.4.x):
>
>  * Update as soon as possible to GnuPG 1.4.21.  See below for download
>    information.

Tested on *keineahnung*.

```
$ gpg --version
gpg (GnuPG) 1.4.21
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
```

[1] https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
1 contributor

Users who have contributed to this file

executable file 85 lines (65 sloc) 2.54 KB
#!/usr/bin/env beesh
# BEE_VERSION gnupg-1.4.21-0
## this file was created by bee init and should be executed to build a
## bee-package. (Additional hints are located at the end of this file.)
###############################################################################
## The source URL(s) define the location of the sources that will be
## downloaded. Version variables may be used to simplify reuse of this bee-file.
SRCURL[0]="https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-${PKGVERSION}.tar.bz2"
###############################################################################
## Add URLs/pathes to patch files to the PATCHURL array.
## The sources will be patched in the order of the array.
# PATCHURL+=()
###############################################################################
## Add filename patterns to the EXCLUDE array of files that should not
## be added to you package but may be present in the image directory.
# EXCLUDE+=()
###############################################################################
## Uncomment the next statement, if the software may not be able to be built
## outside the source directory and needs to be built inside the source
## directory.
# build_in_sourcedir
###############################################################################
## bee cannot detect buildtypes specified in subdirectories.
## Sometimes packages "hide" the real sources in a subdirectory named
## 'src' or 'cmake' or ..
## use 'sourcesubdir_append' to specify this directory if known.
# sourcesubdir_append src
###############################################################################
## Change the default (auto-detected) steps to
## extract, patch, configure/setup, build and install the software.
## Make sure the mee_install function does install everything to the
## image directory "${D}"
#mee_extract() {
# bee_extract "${@}"
#}
#mee_patch() {
# bee_patch "${@}"
#}
#mee_configure() {
# bee_configure
#}
#mee_build() {
# bee_build
#}
#mee_install() {
# bee_install
#}
## by default this may be 'make install DESTDIR="${D}"'
###############################################################################
##
## Additional hints:
##
## The name of this bee-file should follow the following naming convention:
## pkgname-pkgversion-pkgrevision.bee
##
## You may remove all comments as long as SRCURL[0] is set.
##
## Everything in this file will be executed in a bash environment.
##
## Build the package by executing
## './pkg-version-N.bee' or
## 'beesh ./pkg-version-N.bee'
##
## see http://beezinga.org/
##