Hello!
I am pleased to announce the availability of Libgcrypt version 1.5.3.
This is a *security fix* release for the stable branch.
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
Noteworthy changes in version 1.5.3:
* Mitigate the Yarom/Falkner flush+reload side-channel attack on
RSA secret keys. See <http://eprint.iacr.org/2013/448>.
[. Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes
the above problem. The fix for GnuPG < 2.0 can be found in the just
released GnuPG 1.4.14. ]
Source code is hosted at the GnuPG FTP server and its mirrors as
listed at http://www.gnupg.org/download/mirrors.html . On the primary
server the source file and its digital signatures is:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.bz2 (1.5M)
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.bz2.sig
This file is bzip2 compressed. A gzip compressed version is also
available:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.gz (1.8M)
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.gz.sig
Alternativley you may upgrade version 1.5.2 using this patch file:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2-1.5.3.diff.bz2 (4k)
The SHA-1 checksums are:
2c6553cc17f2a1616d512d6870fe95edf6b0e26e libgcrypt-1.5.3.tar.bz2
184405c91d1ab4877caefb1a6458767e5f0b639e libgcrypt-1.5.3.tar.gz
b711fe3ddf534bb6f11823542036eb4a32e0c914 libgcrypt-1.5.2-1.5.3.diff.bz2
For help on developing with Libgcrypt you should read the included
manual and optional ask on the gcrypt-devel mailing list [1]. A
listing with commercial support offers for Libgcrypt and related
software is available at the GnuPG web site [2].
The driving force behind the development of Libgcrypt is my company
g10 Code. Maintenance and improvement of Libgcrypt and related
software takes up most of our resources. To allow us to continue our
work on free software, we ask to either purchase a support contract,
engage us for custom enhancements, or to donate money:
http://g10code.com/gnupg-donation.html
Many thanks to all who contributed to Libgcrypt development, be it bug
fixes, code, documentation, testing or helping users.
Happy hacking,
Werner
[1] See http://www.gnupg.org/documentation/mailing-lists.html .
[2] See http://www.gnupg.org/service.html
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
I am pleased to announce the availability of Libgcrypt version 1.5.3.
This is a *security fix* release for the stable branch.
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
Noteworthy changes in version 1.5.3:
* Mitigate the Yarom/Falkner flush+reload side-channel attack on
RSA secret keys. See <http://eprint.iacr.org/2013/448>.
[. Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes
the above problem. The fix for GnuPG < 2.0 can be found in the just
released GnuPG 1.4.14. ]
Source code is hosted at the GnuPG FTP server and its mirrors as
listed at http://www.gnupg.org/download/mirrors.html . On the primary
server the source file and its digital signatures is:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.bz2 (1.5M)
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.bz2.sig
This file is bzip2 compressed. A gzip compressed version is also
available:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.gz (1.8M)
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.gz.sig
Alternativley you may upgrade version 1.5.2 using this patch file:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2-1.5.3.diff.bz2 (4k)
The SHA-1 checksums are:
2c6553cc17f2a1616d512d6870fe95edf6b0e26e libgcrypt-1.5.3.tar.bz2
184405c91d1ab4877caefb1a6458767e5f0b639e libgcrypt-1.5.3.tar.gz
b711fe3ddf534bb6f11823542036eb4a32e0c914 libgcrypt-1.5.2-1.5.3.diff.bz2
For help on developing with Libgcrypt you should read the included
manual and optional ask on the gcrypt-devel mailing list [1]. A
listing with commercial support offers for Libgcrypt and related
software is available at the GnuPG web site [2].
The driving force behind the development of Libgcrypt is my company
g10 Code. Maintenance and improvement of Libgcrypt and related
software takes up most of our resources. To allow us to continue our
work on free software, we ask to either purchase a support contract,
engage us for custom enhancements, or to donate money:
http://g10code.com/gnupg-donation.html
Many thanks to all who contributed to Libgcrypt development, be it bug
fixes, code, documentation, testing or helping users.
Happy hacking,
Werner
[1] See http://www.gnupg.org/documentation/mailing-lists.html .
[2] See http://www.gnupg.org/service.html
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.