[{"id":1760449,"web_url":"http://patchwork.ozlabs.org/comment/1760449/","msgid":"<20170830220752.118abfee@windsurf.lan>","list_archive_url":null,"date":"2017-08-30T20:07:52","subject":"Re: [Buildroot] [PATCH] gnupg: security bump to version 1.4.22","submitter":{"id":2230,"url":"http://patchwork.ozlabs.org/api/people/2230/","name":"Thomas Petazzoni","email":"thomas.petazzoni@free-electrons.com"},"content":"Hello,\n\nOn Wed, 30 Aug 2017 15:01:04 +0300, Baruch Siach wrote:\n> Mitigate a flush+reload side-channel attack on RSA secret keys\n> dubbed \"Sliding right into disaster\".  For details see\n> <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]\n> \n> Switch to https site for better firewall compatibility and security.\n> \n> Signed-off-by: Baruch Siach <baruch@tkos.co.il>\n> ---\n>  package/gnupg/gnupg.hash | 7 +++----\n>  package/gnupg/gnupg.mk   | 4 ++--\n>  2 files changed, 5 insertions(+), 6 deletions(-)\n\nApplied to master, thanks.\n\nThomas","headers":{"Return-Path":"<buildroot-bounces@busybox.net>","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.136; helo=silver.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=<UNKNOWN>)","Received":["from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xjGmG0Mk4z9sN7\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 31 Aug 2017 06:08:46 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby silver.osuosl.org (Postfix) with ESMTP id 4A3492F6F1;\n\tWed, 30 Aug 2017 20:08:44 +0000 (UTC)","from silver.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id YmvRYJqKhPnp; Wed, 30 Aug 2017 20:08:43 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby silver.osuosl.org (Postfix) with ESMTP id AFFB32F597;\n\tWed, 30 Aug 2017 20:08:43 +0000 (UTC)","from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\tby ash.osuosl.org (Postfix) with ESMTP id A368C1C2708\n\tfor <buildroot@lists.busybox.net>;\n\tWed, 30 Aug 2017 20:08:42 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 9C98F8799A\n\tfor <buildroot@lists.busybox.net>;\n\tWed, 30 Aug 2017 20:08:42 +0000 (UTC)","from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id Rr1Nsu7giKqb for <buildroot@lists.busybox.net>;\n\tWed, 30 Aug 2017 20:08:41 +0000 (UTC)","from mail.free-electrons.com (mail.free-electrons.com [62.4.15.54])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 7D993871F7\n\tfor <buildroot@busybox.net>; Wed, 30 Aug 2017 20:08:41 +0000 (UTC)","by mail.free-electrons.com (Postfix, from userid 110)\n\tid 5E3FB209F8; Wed, 30 Aug 2017 22:08:39 +0200 (CEST)","from windsurf.lan (LFbn-1-15133-129.w86-206.abo.wanadoo.fr\n\t[86.206.239.129])\n\tby mail.free-electrons.com (Postfix) with ESMTPSA id D39B621FBF;\n\tWed, 30 Aug 2017 22:07:51 +0200 (CEST)"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","Date":"Wed, 30 Aug 2017 22:07:52 +0200","From":"Thomas Petazzoni <thomas.petazzoni@free-electrons.com>","To":"Baruch Siach <baruch@tkos.co.il>","Message-ID":"<20170830220752.118abfee@windsurf.lan>","In-Reply-To":"<10033e7b173d98374eac45d28e1fb97f68e82118.1504094464.git.baruch@tkos.co.il>","References":"<10033e7b173d98374eac45d28e1fb97f68e82118.1504094464.git.baruch@tkos.co.il>","Organization":"Free Electrons","X-Mailer":"Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-redhat-linux-gnu)","MIME-Version":"1.0","Cc":"buildroot@busybox.net","Subject":"Re: [Buildroot] [PATCH] gnupg: security bump to version 1.4.22","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.busybox.net>","List-Unsubscribe":"<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>","List-Archive":"<http://lists.busybox.net/pipermail/buildroot/>","List-Post":"<mailto:buildroot@busybox.net>","List-Help":"<mailto:buildroot-request@busybox.net?subject=help>","List-Subscribe":"<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" <buildroot-bounces@busybox.net>"}},{"id":1764024,"web_url":"http://patchwork.ozlabs.org/comment/1764024/","msgid":"<87bmmof4r9.fsf@dell.be.48ers.dk>","list_archive_url":null,"date":"2017-09-06T11:25:30","subject":"Re: [Buildroot] [PATCH] gnupg: security bump to version 1.4.22","submitter":{"id":42365,"url":"http://patchwork.ozlabs.org/api/people/42365/","name":"Peter Korsgaard","email":"peter@korsgaard.com"},"content":">>>>> \"Baruch\" == Baruch Siach <baruch@tkos.co.il> writes:\n\n > Mitigate a flush+reload side-channel attack on RSA secret keys\n > dubbed \"Sliding right into disaster\".  For details see\n > <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]\n\n > Switch to https site for better firewall compatibility and security.\n\n > Signed-off-by: Baruch Siach <baruch@tkos.co.il>\n\nCommitted to 2017.02.x, thanks.","headers":{"Return-Path":"<buildroot-bounces@busybox.net>","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.137; helo=fraxinus.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"AcDvgB0u\"; dkim-atps=neutral"],"Received":["from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xnLqX4kCgz9s9Y\n\tfor <incoming@patchwork.ozlabs.org>;\n\tWed,  6 Sep 2017 21:25:44 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 19141876B9;\n\tWed,  6 Sep 2017 11:25:40 +0000 (UTC)","from fraxinus.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id 9QYvRjP66s9k; Wed,  6 Sep 2017 11:25:38 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby fraxinus.osuosl.org (Postfix) with ESMTP id 3A4478739A;\n\tWed,  6 Sep 2017 11:25:38 +0000 (UTC)","from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\tby ash.osuosl.org (Postfix) with ESMTP id 635151CE899\n\tfor <buildroot@lists.busybox.net>;\n\tWed,  6 Sep 2017 11:25:36 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 5D6DF8140B\n\tfor <buildroot@lists.busybox.net>;\n\tWed,  6 Sep 2017 11:25:36 +0000 (UTC)","from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id zmUeYKp3B965 for <buildroot@lists.busybox.net>;\n\tWed,  6 Sep 2017 11:25:35 +0000 (UTC)","from mail-wm0-f42.google.com (mail-wm0-f42.google.com\n\t[74.125.82.42])\n\tby whitealder.osuosl.org (Postfix) with ESMTPS id 406EF8169C\n\tfor <buildroot@busybox.net>; Wed,  6 Sep 2017 11:25:35 +0000 (UTC)","by mail-wm0-f42.google.com with SMTP id u26so29866139wma.0\n\tfor <buildroot@busybox.net>; Wed, 06 Sep 2017 04:25:35 -0700 (PDT)","from dell.be.48ers.dk ([91.183.172.93])\n\tby smtp.gmail.com with ESMTPSA id\n\t6sm1918124wrg.66.2017.09.06.04.25.31\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tWed, 06 Sep 2017 04:25:31 -0700 (PDT)","from peko by dell.be.48ers.dk with local (Exim 4.88)\n\t(envelope-from <peter@korsgaard.com>)\n\tid 1dpYSY-0006pO-Ng; Wed, 06 Sep 2017 13:25:30 +0200"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:from:to:cc:subject:references:date:in-reply-to:message-id\n\t:user-agent:mime-version;\n\tbh=K9X9f3uVapzJEbITBXSCd/ffjhhzqRC2To6LS+/N+fc=;\n\tb=AcDvgB0uNsq+ONoQ5CBb+9T3B8rkb7ocONdDidcjDvCGZl3h2ivUwEJM+vJak+FB07\n\t35Il+Yve5kubsg3QcUZBHh42kA5eChlA70Byz/5BsvGBuzgMca4rerIJpzombiPjyoLb\n\tRAsxTkaeDnCq2stein2EHnoFN/H+K8jdTe6zo6QrcyI1ZniQVv6q8CTEuBA5/3Au3zcv\n\tHnIv+Pc+47FIwMM4vRGSwwYtzCU92IFHBgICAUXWd7P8N2CQ8XAuOkLk0qe0UnJ8yj0c\n\tQGwT5K7nTMc28XSggQ1JRorkBCCs/OKdnAmcoRXWUssnZKK2q7ZgCfpH5n0RcxZPxnyz\n\t/m8g==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:from:to:cc:subject:references:date\n\t:in-reply-to:message-id:user-agent:mime-version;\n\tbh=K9X9f3uVapzJEbITBXSCd/ffjhhzqRC2To6LS+/N+fc=;\n\tb=bd/3vcoVshk9xUa+vIpgMEQyfj3zVnlGIXrSbAAcqcNL2wTrEvN/CdbZWo9hv0xI9V\n\tdwPdhtqjLb8DeABWNQiYJCLY+FBcbtO0BhsYPGo3xF4XXNg2ZWKwY8sFcfc/FWHJKa3p\n\tryYwUEmWe6kLmo5DZ3SR1mJagCpE5IZ0P4IwdDUAsr0NWfxF6N/eXgF8ezfv9cBsJ4UN\n\t0acjObInAG/6ZcfmGBn6GqHa+3tL16OEPuxez9+b8BTvyWhj+McfHrvro+rlJcsvrB/p\n\tUG5YmjpatDY/H46n1fomuXGKNCGzq66A1T7tP5fTUPGsBU7lQprCZC/YoYSvx5uz2Yjk\n\tnWvQ==","X-Gm-Message-State":"AHPjjUhWMz1L80Rq42+ST+Ioukz6ioLQjYjlIaR4fiCuJcEJ/Y+gTyLV\n\tNef7nAMB+M2hSSX9BUo=","X-Google-Smtp-Source":"ADKCNb7XRHtglJ8CbNlVssUVIc0J0gaZoTKnxL7m8uz4Y75yaNMI0OtW55LHddGsM08cZZOgMx4Qdg==","X-Received":"by 10.28.168.68 with SMTP id r65mr1451523wme.127.1504697133596; \n\tWed, 06 Sep 2017 04:25:33 -0700 (PDT)","From":"Peter Korsgaard <peter@korsgaard.com>","To":"Baruch Siach <baruch@tkos.co.il>","References":"<10033e7b173d98374eac45d28e1fb97f68e82118.1504094464.git.baruch@tkos.co.il>","Date":"Wed, 06 Sep 2017 13:25:30 +0200","In-Reply-To":"<10033e7b173d98374eac45d28e1fb97f68e82118.1504094464.git.baruch@tkos.co.il>\n\t(Baruch Siach's message of \"Wed, 30 Aug 2017 15:01:04 +0300\")","Message-ID":"<87bmmof4r9.fsf@dell.be.48ers.dk>","User-Agent":"Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)","MIME-Version":"1.0","Cc":"buildroot@busybox.net","Subject":"Re: [Buildroot] [PATCH] gnupg: security bump to version 1.4.22","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.busybox.net>","List-Unsubscribe":"<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>","List-Archive":"<http://lists.busybox.net/pipermail/buildroot/>","List-Post":"<mailto:buildroot@busybox.net>","List-Help":"<mailto:buildroot-request@busybox.net?subject=help>","List-Subscribe":"<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" <buildroot-bounces@busybox.net>"}}]