commit bbc19c9988a8b5afede2abb2c2ac4b497eec79fb Author: Danny Rawlins <contact@romster.me> Date: Sat Sep 25 10:44:41 2021 +1000 [notify] crypto++: 8.5.0 -> 8.6.0 security update CVE-2021-40530 plaintext recovery attack on OpenPGP ciphertexts encrypted with ElGamal. Only certain combinations of sender and receiver software are exposed. We found that GPG (via Libgcrypt) and Crypto++ are affected when acting as sender, while Go is not. https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity... diff --git a/crypto++/.footprint b/crypto++/.footprint index d45d138a3..386d1b0a4 100644 --- a/crypto++/.footprint +++ b/crypto++/.footprint @@ -96,6 +96,7 @@ drwxr-xr-x root/root usr/include/cryptopp/ -rw-r--r-- root/root usr/include/cryptopp/kalyna.h -rw-r--r-- root/root usr/include/cryptopp/keccak.h -rw-r--r-- root/root usr/include/cryptopp/lea.h +-rw-r--r-- root/root usr/include/cryptopp/lsh.h -rw-r--r-- root/root usr/include/cryptopp/lubyrack.h -rw-r--r-- root/root usr/include/cryptopp/luc.h -rw-r--r-- root/root usr/include/cryptopp/mars.h @@ -193,8 +194,8 @@ drwxr-xr-x root/root usr/include/cryptopp/ -rw-r--r-- root/root usr/include/cryptopp/zinflate.h -rw-r--r-- root/root usr/include/cryptopp/zlib.h drwxr-xr-x root/root usr/lib/ -lrwxrwxrwx root/root usr/lib/libcryptopp.so -> libcryptopp.so.8.5.0 -lrwxrwxrwx root/root usr/lib/libcryptopp.so.8 -> libcryptopp.so.8.5.0 --rwxr-xr-x root/root usr/lib/libcryptopp.so.8.5.0 +lrwxrwxrwx root/root usr/lib/libcryptopp.so -> libcryptopp.so.8.6.0 +lrwxrwxrwx root/root usr/lib/libcryptopp.so.8 -> libcryptopp.so.8.6.0 +-rwxr-xr-x root/root usr/lib/libcryptopp.so.8.6.0 drwxr-xr-x root/root usr/lib/pkgconfig/ -rw-r--r-- root/root usr/lib/pkgconfig/libcryptopp.pc diff --git a/crypto++/.signature b/crypto++/.signature index a7f9148b3..5f5484119 100644 --- a/crypto++/.signature +++ b/crypto++/.signature @@ -1,5 +1,5 @@ untrusted comment: verify with /etc/ports/contrib.pub -RWSagIOpLGJF37dKKtHkQmEXqz2npoRq0wKJsjaber4qjUFFKr+QQz/xJ2mVYhtocCVTKtnw3N4HX2e5/o1R2zmPMZi2pnJ5KQE= -SHA256 (Pkgfile) = bb4ba5f181fdf59914a4309b015bce27bdb29edd31dfbc9ca0edcf9a391263d5 -SHA256 (.footprint) = 10db39e078e4f89a01ccc4e9aec652eb88dc7273fe792e61d362491c913aa3c6 -SHA256 (cryptopp850.zip) = 95fc50d59488ebf61a735cce2b2ec2c2561fc682077c7b496273d65a1ed93d9e +RWSagIOpLGJF3zt91CFRdDDBwKuFMTJkU5ly2GEBhMYyLQdNGkr6P2rjA7O0WoyGWv9SzGtMbUbbykTGltYQslVT+r+giYhxUQI= +SHA256 (Pkgfile) = bb1345fb0769f0006f614abb65739e562a4400e1eef8cb90ad3c3662ac88a5fb +SHA256 (.footprint) = bb802f25fc40dde765471d18343ca1406de088fb804937929353c98b0d395ccc +SHA256 (cryptopp860.zip) = 20aa413957d9c8ae353ee2f7747bd7ac392f933c60a53e3fd1e41cadbc48d193 diff --git a/crypto++/Pkgfile b/crypto++/Pkgfile index 9275c2369..721001eca 100644 --- a/crypto++/Pkgfile +++ b/crypto++/Pkgfile @@ -3,7 +3,7 @@ # Maintainer: Danny Rawlins, crux at romster dot me name=crypto++ -version=8.5.0 +version=8.6.0 release=1 source=(https://www.cryptopp.com/${name//++/pp}${version//./}.zip)